c) setsockopt$MRT6_DEL_MFC(r1, 0x29, 0xcd, &(0x7f0000000040)={{0xa, 0x4e24, 0x4, @mcast1, 0xad2d}, {0xa, 0x4e23, 0xfffffc00, @empty, 0x5}, 0xffffffffffffffff, {[0xa98, 0x3ff, 0x7fffffff, 0x7fff, 0x7e, 0xd11, 0x1, 0x5]}}, 0x5c) (async) 00:21:10 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x2) ioctl$UI_END_FF_ERASE(r0, 0x400c55cb, &(0x7f0000000040)={0x2, 0x3, 0x401}) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x2) (async) ioctl$UI_END_FF_ERASE(r0, 0x400c55cb, &(0x7f0000000040)={0x2, 0x3, 0x401}) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) 00:21:10 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) r2 = socket(0x27, 0x1, 0x37) syz_genetlink_get_family_id$fou(&(0x7f00000009c0), r2) (async) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000940)={{0x0, 0xfff, 0x7, 0x3}, 'syz1\x00', 0xb}) 00:21:10 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 43) 00:21:10 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x4) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:10 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x4) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3085.105893] input: syz0 as /devices/virtual/input/input32295 [ 3085.143290] input: syz0 as /devices/virtual/input/input32297 [ 3085.147877] input: /dev/nvme-fabrics as /devices/virtual/input/input32296 [ 3085.150454] FAULT_INJECTION: forcing a failure. [ 3085.150454] name failslab, interval 1, probability 0, space 0, times 0 [ 3085.167834] CPU: 1 PID: 15525 Comm: syz-executor.5 Not tainted 4.14.285-syzkaller #0 [ 3085.175710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3085.185051] Call Trace: [ 3085.187737] dump_stack+0x1b2/0x281 [ 3085.191393] should_fail.cold+0x10a/0x149 [ 3085.195533] should_failslab+0xd6/0x130 [ 3085.199494] kmem_cache_alloc_node_trace+0x25a/0x400 [ 3085.204584] __kmalloc_node_track_caller+0x38/0x70 [ 3085.209498] __alloc_skb+0x96/0x510 [ 3085.213120] kobject_uevent_env+0x882/0xf30 [ 3085.217438] device_add+0xa47/0x15c0 [ 3085.221146] ? device_is_dependent+0x2a0/0x2a0 [ 3085.225846] ? __kmalloc+0x3a4/0x400 [ 3085.229552] ? input_register_device+0x419/0xa90 [ 3085.234305] input_register_device+0x59e/0xa90 [ 3085.238895] ? __lock_acquire+0x5fc/0x3f20 [ 3085.243130] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3085.248312] ? uinput_write+0xfb0/0xfb0 [ 3085.252277] ? get_pid_task+0xb8/0x130 [ 3085.256163] ? proc_fail_nth_write+0x7b/0x180 [ 3085.260647] ? trace_hardirqs_on+0x10/0x10 [ 3085.264868] ? fsnotify+0x974/0x11b0 [ 3085.268651] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3085.273786] ? __handle_mm_fault+0x80f/0x4620 [ 3085.278271] ? SyS_write+0x1b7/0x210 [ 3085.281970] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3085.287402] do_vfs_ioctl+0x75a/0xff0 [ 3085.291269] ? lock_acquire+0x170/0x3f0 [ 3085.295257] ? ioctl_preallocate+0x1a0/0x1a0 [ 3085.299685] ? __fget+0x265/0x3e0 [ 3085.303121] ? do_vfs_ioctl+0xff0/0xff0 [ 3085.307077] ? security_file_ioctl+0x83/0xb0 [ 3085.311473] SyS_ioctl+0x7f/0xb0 [ 3085.314831] ? do_vfs_ioctl+0xff0/0xff0 [ 3085.318819] do_syscall_64+0x1d5/0x640 [ 3085.322702] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3085.327877] RIP: 0033:0x7f8cc83bf109 [ 3085.331576] RSP: 002b:00007f8cc6d34168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3085.339272] RAX: ffffffffffffffda RBX: 00007f8cc84d1f60 RCX: 00007f8cc83bf109 [ 3085.346540] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 00:21:10 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x2) (async) ioctl$UI_END_FF_ERASE(r0, 0x400c55cb, &(0x7f0000000040)={0x2, 0x3, 0x401}) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:10 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 44) [ 3085.353803] RBP: 00007f8cc6d341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3085.361062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3085.368337] R13: 00007ffdcd02878f R14: 00007f8cc6d34300 R15: 0000000000022000 [ 3085.377201] input: syz0 as /devices/virtual/input/input32298 [ 3085.381841] input: syz0 as /devices/virtual/input/input32300 [ 3085.389502] input: syz0 as /devices/virtual/input/input32301 [ 3085.396706] input: syz0 as /devices/virtual/input/input32299 00:21:10 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x0) ioctl$NBD_SET_SIZE(r1, 0xab02, 0xfffffffffffffff9) ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0xc) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) (async) ioctl$UI_SET_LEDBIT(r2, 0x40045569, 0x3) 00:21:10 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x4) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:10 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f0000000940)={0xffff0cdd, 0x0, {0x56, 0x26, 0x43b, {0x9, 0xfff7}, {0x3}, @const={0x40, {0x9, 0x7, 0x8, 0x3}}}, {0x52, 0x8, 0x988, {0xe79, 0x3ff}, {0x2, 0x8000}, @cond=[{0x9c, 0x5, 0x5c4, 0x0, 0x1, 0xfff7}, {0x5, 0x8, 0x0, 0xa812, 0x200, 0xd1e}]}}) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000009c0), 0x802, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0xb) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 00:21:10 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x7e) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$MRT6_DEL_MFC(r1, 0x29, 0xcd, &(0x7f0000000040)={{0xa, 0x4e24, 0x4, @mcast1, 0xad2d}, {0xa, 0x4e23, 0xfffffc00, @empty, 0x5}, 0xffffffffffffffff, {[0xa98, 0x3ff, 0x7fffffff, 0x7fff, 0x7e, 0xd11, 0x1, 0x5]}}, 0x5c) [ 3085.464577] input: /dev/nvme-fabrics as /devices/virtual/input/input32304 [ 3085.483661] input: syz0 as /devices/virtual/input/input32306 [ 3085.493894] input: syz0 as /devices/virtual/input/input32307 [ 3085.495038] FAULT_INJECTION: forcing a failure. [ 3085.495038] name failslab, interval 1, probability 0, space 0, times 0 [ 3085.514186] CPU: 0 PID: 15587 Comm: syz-executor.5 Not tainted 4.14.285-syzkaller #0 [ 3085.522085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3085.531555] Call Trace: [ 3085.534126] dump_stack+0x1b2/0x281 [ 3085.537736] should_fail.cold+0x10a/0x149 [ 3085.541875] should_failslab+0xd6/0x130 [ 3085.545834] kmem_cache_alloc_node+0x263/0x410 [ 3085.550413] __alloc_skb+0x5c/0x510 [ 3085.554029] kobject_uevent_env+0x882/0xf30 [ 3085.558336] device_add+0xa47/0x15c0 [ 3085.562040] ? device_is_dependent+0x2a0/0x2a0 [ 3085.566606] ? __kmalloc+0x3a4/0x400 [ 3085.570311] ? input_register_device+0x419/0xa90 [ 3085.575059] input_register_device+0x59e/0xa90 [ 3085.579625] ? __lock_acquire+0x5fc/0x3f20 [ 3085.583971] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3085.589159] ? uinput_write+0xfb0/0xfb0 [ 3085.593130] ? get_pid_task+0xb8/0x130 [ 3085.597001] ? proc_fail_nth_write+0x7b/0x180 [ 3085.601481] ? trace_hardirqs_on+0x10/0x10 [ 3085.605705] ? fsnotify+0x974/0x11b0 [ 3085.609436] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3085.614360] ? __handle_mm_fault+0x80f/0x4620 [ 3085.618852] ? SyS_write+0x1b7/0x210 [ 3085.622554] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3085.627990] do_vfs_ioctl+0x75a/0xff0 [ 3085.631781] ? lock_acquire+0x170/0x3f0 [ 3085.635750] ? ioctl_preallocate+0x1a0/0x1a0 [ 3085.640145] ? __fget+0x265/0x3e0 [ 3085.643590] ? do_vfs_ioctl+0xff0/0xff0 [ 3085.647548] ? security_file_ioctl+0x83/0xb0 [ 3085.651941] SyS_ioctl+0x7f/0xb0 [ 3085.655306] ? do_vfs_ioctl+0xff0/0xff0 [ 3085.659271] do_syscall_64+0x1d5/0x640 [ 3085.663144] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3085.668315] RIP: 0033:0x7f8cc83bf109 [ 3085.672352] RSP: 002b:00007f8cc6d34168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3085.680040] RAX: ffffffffffffffda RBX: 00007f8cc84d1f60 RCX: 00007f8cc83bf109 [ 3085.687376] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3085.694624] RBP: 00007f8cc6d341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3085.701969] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 00:21:10 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x15a7], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x26f) 00:21:10 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x7e) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x37) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_SET_ABSBIT(r3, 0x40045567, 0x7) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) ioctl$UI_SET_SWBIT(r1, 0x4004556d, 0x6) ioctl$UI_GET_VERSION(r4, 0x8004552d, &(0x7f00000000c0)) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x6) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:10 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x2) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$MRT6_DONE(r1, 0x29, 0xc9, 0x0, 0x0) r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000000c0), 0x182, 0x0) r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000180), 0x14001, 0x0) ioctl$UI_SET_SWBIT(r3, 0x4004556d, 0xc) setsockopt$MRT6_DEL_MFC(r2, 0x29, 0xcd, &(0x7f0000000100)={{0xa, 0x4e22, 0x2, @empty, 0xfffffffb}, {0xa, 0x4e22, 0x800, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x1}, 0x1, {[0x1, 0x8001, 0x4, 0x10001, 0x9, 0x401, 0x80, 0xfffffff7]}}, 0x5c) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe]}, 0x45c) r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) inotify_add_watch(r4, &(0x7f0000000080)='./file0\x00', 0xe0000003) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:10 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 45) [ 3085.709238] R13: 00007ffdcd02878f R14: 00007f8cc6d34300 R15: 0000000000022000 [ 3085.719577] input: syz0 as /devices/virtual/input/input32309 [ 3085.725758] input: syz0 as /devices/virtual/input/input32308 [ 3085.732560] input: syz0 as /devices/virtual/input/input32310 00:21:10 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f0000000940)={0xffff0cdd, 0x0, {0x56, 0x26, 0x43b, {0x9, 0xfff7}, {0x3}, @const={0x40, {0x9, 0x7, 0x8, 0x3}}}, {0x52, 0x8, 0x988, {0xe79, 0x3ff}, {0x2, 0x8000}, @cond=[{0x9c, 0x5, 0x5c4, 0x0, 0x1, 0xfff7}, {0x5, 0x8, 0x0, 0xa812, 0x200, 0xd1e}]}}) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000009c0), 0x802, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0xb) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 00:21:10 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xffffffff]}, 0x45c) ioctl$sock_inet_sctp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000040)) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_DEV_CREATE(r1, 0x5501) 00:21:11 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x15a7], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x26f) 00:21:11 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x7e) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x37) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_SET_ABSBIT(r3, 0x40045567, 0x7) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) ioctl$UI_SET_SWBIT(r1, 0x4004556d, 0x6) ioctl$UI_GET_VERSION(r4, 0x8004552d, &(0x7f00000000c0)) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x6) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x7e) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x37) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async) ioctl$UI_SET_ABSBIT(r3, 0x40045567, 0x7) (async) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) (async) ioctl$UI_SET_SWBIT(r1, 0x4004556d, 0x6) (async) ioctl$UI_GET_VERSION(r4, 0x8004552d, &(0x7f00000000c0)) (async) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x6) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) 00:21:11 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x15a7], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x26f) [ 3085.828129] FAULT_INJECTION: forcing a failure. [ 3085.828129] name failslab, interval 1, probability 0, space 0, times 0 [ 3085.854707] CPU: 0 PID: 15637 Comm: syz-executor.5 Not tainted 4.14.285-syzkaller #0 [ 3085.862611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3085.862616] Call Trace: [ 3085.862633] dump_stack+0x1b2/0x281 [ 3085.862649] should_fail.cold+0x10a/0x149 [ 3085.862664] should_failslab+0xd6/0x130 [ 3085.862676] kmem_cache_alloc_node+0x263/0x410 [ 3085.862689] __alloc_skb+0x5c/0x510 [ 3085.862704] kobject_uevent_env+0x882/0xf30 [ 3085.899049] device_add+0xa47/0x15c0 [ 3085.902748] ? device_is_dependent+0x2a0/0x2a0 [ 3085.907400] ? __kmalloc+0x3a4/0x400 [ 3085.911179] ? input_register_device+0x419/0xa90 [ 3085.915927] input_register_device+0x59e/0xa90 [ 3085.920500] ? __lock_acquire+0x5fc/0x3f20 [ 3085.924723] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3085.929904] ? uinput_write+0xfb0/0xfb0 [ 3085.933859] ? get_pid_task+0xb8/0x130 [ 3085.937730] ? proc_fail_nth_write+0x7b/0x180 [ 3085.942203] ? trace_hardirqs_on+0x10/0x10 [ 3085.946419] ? fsnotify+0x974/0x11b0 [ 3085.950123] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3085.955046] ? __handle_mm_fault+0x80f/0x4620 [ 3085.959534] ? SyS_write+0x1b7/0x210 [ 3085.963232] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3085.968741] do_vfs_ioctl+0x75a/0xff0 [ 3085.972531] ? lock_acquire+0x170/0x3f0 [ 3085.976500] ? ioctl_preallocate+0x1a0/0x1a0 [ 3085.980918] ? __fget+0x265/0x3e0 [ 3085.984360] ? do_vfs_ioctl+0xff0/0xff0 [ 3085.988325] ? security_file_ioctl+0x83/0xb0 [ 3085.992717] SyS_ioctl+0x7f/0xb0 [ 3085.996067] ? do_vfs_ioctl+0xff0/0xff0 [ 3086.000030] do_syscall_64+0x1d5/0x640 [ 3086.003990] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3086.009161] RIP: 0033:0x7f8cc83bf109 [ 3086.012850] RSP: 002b:00007f8cc6d34168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3086.020537] RAX: ffffffffffffffda RBX: 00007f8cc84d1f60 RCX: 00007f8cc83bf109 00:21:11 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x7e) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x37) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_SET_ABSBIT(r3, 0x40045567, 0x7) (async) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) (async) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) (async) ioctl$UI_SET_SWBIT(r1, 0x4004556d, 0x6) ioctl$UI_GET_VERSION(r4, 0x8004552d, &(0x7f00000000c0)) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x6) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3086.027792] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3086.035065] RBP: 00007f8cc6d341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3086.042313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3086.049561] R13: 00007ffdcd02878f R14: 00007f8cc6d34300 R15: 0000000000022000 [ 3086.058244] input: syz0 as /devices/virtual/input/input32318 [ 3086.065475] input: syz0 as /devices/virtual/input/input32319 00:21:11 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x15a7], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x26f) 00:21:11 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f0000000940)={0xffff0cdd, 0x0, {0x56, 0x26, 0x43b, {0x9, 0xfff7}, {0x3}, @const={0x40, {0x9, 0x7, 0x8, 0x3}}}, {0x52, 0x8, 0x988, {0xe79, 0x3ff}, {0x2, 0x8000}, @cond=[{0x9c, 0x5, 0x5c4, 0x0, 0x1, 0xfff7}, {0x5, 0x8, 0x0, 0xa812, 0x200, 0xd1e}]}}) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000009c0), 0x802, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0xb) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f0000000940)={0xffff0cdd, 0x0, {0x56, 0x26, 0x43b, {0x9, 0xfff7}, {0x3}, @const={0x40, {0x9, 0x7, 0x8, 0x3}}}, {0x52, 0x8, 0x988, {0xe79, 0x3ff}, {0x2, 0x8000}, @cond=[{0x9c, 0x5, 0x5c4, 0x0, 0x1, 0xfff7}, {0x5, 0x8, 0x0, 0xa812, 0x200, 0xd1e}]}}) (async) openat$uinput(0xffffffffffffff9c, &(0x7f00000009c0), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0xb) (async) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) (async) 00:21:11 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 46) 00:21:11 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x2) (async) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$MRT6_DONE(r1, 0x29, 0xc9, 0x0, 0x0) (async) r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000000c0), 0x182, 0x0) (async) r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000180), 0x14001, 0x0) ioctl$UI_SET_SWBIT(r3, 0x4004556d, 0xc) (async, rerun: 64) setsockopt$MRT6_DEL_MFC(r2, 0x29, 0xcd, &(0x7f0000000100)={{0xa, 0x4e22, 0x2, @empty, 0xfffffffb}, {0xa, 0x4e22, 0x800, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x1}, 0x1, {[0x1, 0x8001, 0x4, 0x10001, 0x9, 0x401, 0x80, 0xfffffff7]}}, 0x5c) (async, rerun: 64) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe]}, 0x45c) r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) inotify_add_watch(r4, &(0x7f0000000080)='./file0\x00', 0xe0000003) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3086.074584] input: syz0 as /devices/virtual/input/input32320 [ 3086.081548] input: syz0 as /devices/virtual/input/input32323 00:21:11 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xffffffff]}, 0x45c) ioctl$sock_inet_sctp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000040)) (async, rerun: 32) ioctl$UI_DEV_CREATE(r0, 0x5501) (rerun: 32) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_DEV_CREATE(r1, 0x5501) 00:21:11 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000040)={{0x3d87, 0x200, 0x9, 0x1}, 'syz0\x00', 0x20}) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:11 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f0000000940)={0xffff0cdd, 0x0, {0x56, 0x26, 0x43b, {0x9, 0xfff7}, {0x3}, @const={0x40, {0x9, 0x7, 0x8, 0x3}}}, {0x52, 0x8, 0x988, {0xe79, 0x3ff}, {0x2, 0x8000}, @cond=[{0x9c, 0x5, 0x5c4, 0x0, 0x1, 0xfff7}, {0x5, 0x8, 0x0, 0xa812, 0x200, 0xd1e}]}}) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000009c0), 0x802, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0xb) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) [ 3086.146238] input: syz0 as /devices/virtual/input/input32335 [ 3086.156225] FAULT_INJECTION: forcing a failure. [ 3086.156225] name failslab, interval 1, probability 0, space 0, times 0 [ 3086.189324] CPU: 0 PID: 15689 Comm: syz-executor.5 Not tainted 4.14.285-syzkaller #0 [ 3086.197279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3086.206644] Call Trace: [ 3086.209376] dump_stack+0x1b2/0x281 [ 3086.212991] should_fail.cold+0x10a/0x149 [ 3086.217217] should_failslab+0xd6/0x130 [ 3086.217232] kmem_cache_alloc_node_trace+0x25a/0x400 [ 3086.217247] __kmalloc_node_track_caller+0x38/0x70 [ 3086.217259] __alloc_skb+0x96/0x510 [ 3086.217272] kobject_uevent_env+0x882/0xf30 [ 3086.239324] device_add+0xa47/0x15c0 [ 3086.243029] ? device_is_dependent+0x2a0/0x2a0 [ 3086.247593] ? __kmalloc+0x3a4/0x400 [ 3086.251313] ? input_register_device+0x419/0xa90 [ 3086.256069] input_register_device+0x59e/0xa90 [ 3086.260643] ? __lock_acquire+0x5fc/0x3f20 [ 3086.264868] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3086.270092] ? uinput_write+0xfb0/0xfb0 [ 3086.274159] ? get_pid_task+0xb8/0x130 [ 3086.278040] ? proc_fail_nth_write+0x7b/0x180 [ 3086.282540] ? trace_hardirqs_on+0x10/0x10 [ 3086.286776] ? fsnotify+0x974/0x11b0 [ 3086.290497] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3086.295410] ? __handle_mm_fault+0x80f/0x4620 [ 3086.299901] ? SyS_write+0x1b7/0x210 [ 3086.303615] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3086.309048] do_vfs_ioctl+0x75a/0xff0 [ 3086.312940] ? lock_acquire+0x170/0x3f0 [ 3086.316897] ? ioctl_preallocate+0x1a0/0x1a0 [ 3086.321290] ? __fget+0x265/0x3e0 [ 3086.324730] ? do_vfs_ioctl+0xff0/0xff0 [ 3086.328699] ? security_file_ioctl+0x83/0xb0 [ 3086.333096] SyS_ioctl+0x7f/0xb0 [ 3086.336443] ? do_vfs_ioctl+0xff0/0xff0 [ 3086.340408] do_syscall_64+0x1d5/0x640 [ 3086.344288] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3086.349458] RIP: 0033:0x7f8cc83bf109 [ 3086.353150] RSP: 002b:00007f8cc6d34168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3086.360838] RAX: ffffffffffffffda RBX: 00007f8cc84d1f60 RCX: 00007f8cc83bf109 [ 3086.368194] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3086.375565] RBP: 00007f8cc6d341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3086.382832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 00:21:11 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 47) 00:21:11 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_SET_PHYS(r1, 0x4008556c, &(0x7f0000000940)='syz0\x00') 00:21:11 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000040)={{0x3d87, 0x200, 0x9, 0x1}, 'syz0\x00', 0x20}) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3086.390102] R13: 00007ffdcd02878f R14: 00007f8cc6d34300 R15: 0000000000022000 [ 3086.403274] input: syz0 as /devices/virtual/input/input32336 [ 3086.403596] input: syz0 as /devices/virtual/input/input32337 [ 3086.410065] input: syz0 as /devices/virtual/input/input32339 [ 3086.425001] input: syz0 as /devices/virtual/input/input32341 [ 3086.431293] input: syz0 as /devices/virtual/input/input32342 00:21:11 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x2) (async) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$MRT6_DONE(r1, 0x29, 0xc9, 0x0, 0x0) r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000000c0), 0x182, 0x0) (async) r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000180), 0x14001, 0x0) ioctl$UI_SET_SWBIT(r3, 0x4004556d, 0xc) (async) setsockopt$MRT6_DEL_MFC(r2, 0x29, 0xcd, &(0x7f0000000100)={{0xa, 0x4e22, 0x2, @empty, 0xfffffffb}, {0xa, 0x4e22, 0x800, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x1}, 0x1, {[0x1, 0x8001, 0x4, 0x10001, 0x9, 0x401, 0x80, 0xfffffff7]}}, 0x5c) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe]}, 0x45c) (async) r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) inotify_add_watch(r4, &(0x7f0000000080)='./file0\x00', 0xe0000003) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:11 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xffffffff]}, 0x45c) ioctl$sock_inet_sctp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000040)) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_DEV_CREATE(r1, 0x5501) 00:21:11 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$sock_bt_hidp_HIDPGETCONNINFO(0xffffffffffffffff, 0x800448d3, &(0x7f0000000100)={@none, 0x8, 0x0, 0x3, 0x9, 0x9, "7d1fb4cd09c0b85a90ce847b6afdb60c51c923be8c1608f497e68de5f4f55c0aba125e900c3657cccb68f7c78f51839481e4762c24505db2a3acc50d7278f002458f7380d343834d03060c6ebc61e80868fff07c000f7fb58091019545e079acf94c4b574a8b7ced5720908a0bff24682b0d7d57f932b51c72a6804b2dbf4e42"}) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000080)=@nat={'nat\x00', 0x19, 0x4, 0xdb0, [0x20000940, 0x0, 0x0, 0x20000970, 0x200009a0], 0x0, &(0x7f0000000040), &(0x7f00000024c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff020000000500000000000000001767656e657665300000000000000000006272696467653000000000000000000067656e6576653000000000000000000076657468315f766972745f776966690053b510d1db4dffffffffff00ffffffffffff000000ffff0036090000360900006e0900007265616c6d000000000000000000000000000000000000000000000000000000100000000000000000000000080000000000000000000000616d6f6e670000000000000000000000000000000000000000000000000000006808000000000000000000000000000002000000030000000004000001000000010000000300000006000000c19600002000000006000000020000000400000000000000090000000000000000040000000400000200000001000000ff01000001000000090000000300000000000000ff01000001000000010000000600000034eb00000000010000100000000001005207000080000000060000000000000005000000ffffff7f001b00000700000007000000ffff00000000000001000000ff0300000500000008000000008000000200000001000000ff0f0000000000000400000001000000ffffffff050000000500000004000000ff0f00000200000006000000ff030000282c0000030000000001000008000000070000008000000002000000090000000101000004000000010000807f0000000004000005000000000100000800000006000000f2090000000000000200000053000000841b0000060000000200000019000000fbffffff850000003c000000010000000300000008000000030000002c0400000900000009000000ffffffff05000000faffffff00000000d30000000100000081e6f80420000000ffffffff03000000ff0f0000090000000900000007000000000000000500000001000000070000002bcf000003000000010100004b0000000001000000000000fcf43a7000080000008000000300000000040000000000008b000000ff00000007000000ff0f000060000000700400000600000080ffffff2000000048faffff03000000040000000300000000010000814d0000060000000000000009000000ff7f00000010000008000000000000000400000004000000460e0000070000000600000080000000010000002000000008000000ff7f0000140f0000090000000500000001010000f7ffffff0080000001000000ff01000000fcffff060000000100000000100000090000000700000008000000090000000180ffff000100000000ffff7f000000040000002000000007000000f8ffffff0100008000000000010000000600000009000000067a0000050000000800000000000000ff010000d20d00001b0000000600000003000000ffffffff020000008000000001000100000100000600000003000000060000000400000000000000010000009365220d0e9c23dcd5cd0f000001000000030000000500000077000000050000000004000007000000b15a000000000000ef000000210900000800000000100000170c0000290400000180000002000000ff000000ae000000cec60000000800001f00000001010000020000000100000000800000810000000000070001010000ff7fffff0900000007000000340000000400000001000000000000000700000001000000090000000200000001000000090000000800000001000080020000000677000040000000000000000900000001000000d8020000070000006401010189090000010000000700000008000000e00d000080ed21000600000070000000080000000200000005000000010000001f00000083000000040000000200000006000000ff0f0000ffffff7f136d00000600000004320000ffffff7f460e000009000000400200000800000004010000e3c02f0402000000090000000200000000010000430900000002000006000000bf00000002000000c8c90000ff38b429734f0000ffffffff5439000005000000040000000180000002000000000000000100000003000000000000800400000006000000ff0700000100000002000000010001000300000081000000030000000100000000100000000000001300000005000000ff000000030000000200000001000100010000000300000001000000018000007dfcffff003e0000ff7f000009000000090000000100000064eb0000010000000001000009000000c6000000ff0f000003000000090000004000000000020000010400006b000000010001000100008005000000010000802f00000008000000010000008100000001000000040000000000008000fcffff00902f0f430100004efead2a07000000110a000000020000030000005cd300000800000007000000ea8e0000020000000600000000040000030000000000000003000000a80000003e4000000900000046010000410000000700000001000100e4a6000097000000690400000800000000800000001000000400000020000000060000003f0000000100008000800000940d000006000000030000000100008000000000040000000600000002000000010000000400000002000000030000000600000001000000ffffffff010000000100000001000000fdffffff050000000000000088dcffff30080000200900007ab8000002000000ff0000000000000005000000010000000900000001000100080000004e000000800000000500000092ae000007000000ff010000ffff000003000000fcffffff09000000ff7f00001d26000000000000ffff0000900600002f00000005000000ffffffff01800000010000000300000000000000080000008100000006000000050000000500000000000000dd00000008000000000001000100000016c4081f87010000ff7f00000400000020000000ffff0000070000002000000009000000030000000100010001040000c000000000fcffff0800000006000000913a0000ff010000090000000900000080000000040000003b0e0000b895000009000000090000002000000000000000050000003f00000009000000ff7f00000000008000080000010000000000000000100000000000000100000004000000ffffff7f31f9fffffbffffff01000000090000001c000000030000008dce0000ffffffff9a0e0000db300726feffffff0300000005000000020000003ff500007f00000107000000f0000000e00000010000000008000000ac1414aa3f00000005000000ac1414398000000059000000ac14140b000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000ffffffffffff0000feffffff000000000300000022000000809b76657468305f6d61637674617000000070696d72656730000000000000000000766972745f7769666930000000000000687372300000000000000000000000000180c2000003ffff0000ffffbbbbbbbbbbbbffff00ffff006e0000001e01000056010000736e61740000000000000000000000000000000000000000000000000000000010000000000000000000000000000000feffffff000000004e464c4f4700000000000000000000000000000000000000000000000000000050000000000000008000000000081f0001000000701b25cb2ac2c2654a86d8e3d11378fa83a5f6842a628ae0d20f8380c0a6ea4ece1247fcaf76e398c1379738cb91cc05f88863b69e78bf30350d28fc2f313540000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000030000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000fcffffff020000000c0000000400000088a270696d726567000000000000000000006772657461703000000000000000000076657468305f746f5f626f6e6400000076657468315f6d6163767461700000000180c200000eff0000ffff00ffffffffffffffff00ff00006e000000d60000001e0100006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff000000004155444954000000000000000000000000000000000000000000000000000000080000000000000002000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a31000000000000000000000000c10100000000000006000000000000000500000008000000dada73797a5f74756e000000000000000000626f6e645f736c6176655f310000000070696d7265670000000000000000000067726574617030000000000000000000ffffffffffff00ff000000ffaaaaaaaaaa17000000ffffff6e000000de0000000e0100006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000000000ffffffff000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000000000feffffff00000000415544495400000000000000000000000000000000000000000000000000000008000000000000000000000000000000d695264aeda6dcf17bb5807d75dfc3316fbcf2ff38eb0ec0c1bb41bb56fe26032ab5e12a7c7eef612017be86738997cb74677f67689ba20c961d1000c1d1c4a5876d63d85321bb363586081fc9d35af766768bd657d0e9b38acb43febb77c61f5001252e3295478783d99bf15486de1ab356b6780999797cae54f5858f6ed774d956f5b1fd88fc84d89c3f9e0a433f5c1c8bf16bddcb7e235cb105"]}, 0xecc) ioctl$UI_DEV_DESTROY(r0, 0x5502) ioctl$UI_SET_PROPBIT(r0, 0x4004556e, 0x11) 00:21:11 executing program 1: ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x2) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) [ 3086.509820] input: syz0 as /devices/virtual/input/input32346 [ 3086.523046] FAULT_INJECTION: forcing a failure. [ 3086.523046] name failslab, interval 1, probability 0, space 0, times 0 [ 3086.557837] CPU: 0 PID: 15750 Comm: syz-executor.5 Not tainted 4.14.285-syzkaller #0 [ 3086.565737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3086.575086] Call Trace: [ 3086.577662] dump_stack+0x1b2/0x281 [ 3086.581285] should_fail.cold+0x10a/0x149 [ 3086.585419] should_failslab+0xd6/0x130 [ 3086.589414] kmem_cache_alloc_node+0x263/0x410 [ 3086.593988] __alloc_skb+0x5c/0x510 [ 3086.597603] kobject_uevent_env+0x882/0xf30 [ 3086.601914] device_add+0xa47/0x15c0 [ 3086.605608] ? device_is_dependent+0x2a0/0x2a0 [ 3086.610177] ? __kmalloc+0x3a4/0x400 [ 3086.613999] ? input_register_device+0x419/0xa90 [ 3086.618742] input_register_device+0x59e/0xa90 [ 3086.623322] ? __lock_acquire+0x5fc/0x3f20 [ 3086.627546] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3086.632730] ? uinput_write+0xfb0/0xfb0 [ 3086.636685] ? get_pid_task+0xb8/0x130 [ 3086.640549] ? proc_fail_nth_write+0x7b/0x180 [ 3086.645022] ? trace_hardirqs_on+0x10/0x10 [ 3086.649245] ? fsnotify+0x974/0x11b0 [ 3086.652947] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3086.657869] ? __handle_mm_fault+0x80f/0x4620 [ 3086.662352] ? SyS_write+0x1b7/0x210 [ 3086.666069] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3086.671538] do_vfs_ioctl+0x75a/0xff0 [ 3086.675324] ? lock_acquire+0x170/0x3f0 [ 3086.679298] ? ioctl_preallocate+0x1a0/0x1a0 [ 3086.683698] ? __fget+0x265/0x3e0 [ 3086.688007] ? do_vfs_ioctl+0xff0/0xff0 [ 3086.691976] ? security_file_ioctl+0x83/0xb0 [ 3086.696384] SyS_ioctl+0x7f/0xb0 [ 3086.699842] ? do_vfs_ioctl+0xff0/0xff0 [ 3086.703809] do_syscall_64+0x1d5/0x640 [ 3086.707690] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3086.712871] RIP: 0033:0x7f8cc83bf109 [ 3086.716579] RSP: 002b:00007f8cc6d34168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3086.724284] RAX: ffffffffffffffda RBX: 00007f8cc84d1f60 RCX: 00007f8cc83bf109 [ 3086.731539] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3086.738798] RBP: 00007f8cc6d341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3086.746048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 00:21:11 executing program 1: ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x2) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x2) (async) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) (async) 00:21:11 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 48) 00:21:11 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) recvfrom$inet(r0, &(0x7f0000000040)=""/239, 0xef, 0x41, &(0x7f0000000140)={0x2, 0x4e20, @remote}, 0x10) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x1) write$uinput_user_dev(r1, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r1, 0x5501) 00:21:12 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000040)={{0x3d87, 0x200, 0x9, 0x1}, 'syz0\x00', 0x20}) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:12 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_SET_PHYS(r1, 0x4008556c, &(0x7f0000000940)='syz0\x00') openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) (async) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_SET_PHYS(r1, 0x4008556c, &(0x7f0000000940)='syz0\x00') (async) [ 3086.753318] R13: 00007ffdcd02878f R14: 00007f8cc6d34300 R15: 0000000000022000 [ 3086.761796] input: syz0 as /devices/virtual/input/input32347 [ 3086.768434] input: syz0 as /devices/virtual/input/input32345 [ 3086.775361] input: syz0 as /devices/virtual/input/input32350 [ 3086.775636] input: syz0 as /devices/virtual/input/input32352 00:21:12 executing program 1: ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x2) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) 00:21:12 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$sock_bt_hidp_HIDPGETCONNINFO(0xffffffffffffffff, 0x800448d3, &(0x7f0000000100)={@none, 0x8, 0x0, 0x3, 0x9, 0x9, "7d1fb4cd09c0b85a90ce847b6afdb60c51c923be8c1608f497e68de5f4f55c0aba125e900c3657cccb68f7c78f51839481e4762c24505db2a3acc50d7278f002458f7380d343834d03060c6ebc61e80868fff07c000f7fb58091019545e079acf94c4b574a8b7ced5720908a0bff24682b0d7d57f932b51c72a6804b2dbf4e42"}) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000080)=@nat={'nat\x00', 0x19, 0x4, 0xdb0, [0x20000940, 0x0, 0x0, 0x20000970, 0x200009a0], 0x0, &(0x7f0000000040), &(0x7f00000024c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff020000000500000000000000001767656e657665300000000000000000006272696467653000000000000000000067656e6576653000000000000000000076657468315f766972745f776966690053b510d1db4dffffffffff00ffffffffffff000000ffff0036090000360900006e0900007265616c6d000000000000000000000000000000000000000000000000000000100000000000000000000000080000000000000000000000616d6f6e670000000000000000000000000000000000000000000000000000006808000000000000000000000000000002000000030000000004000001000000010000000300000006000000c19600002000000006000000020000000400000000000000090000000000000000040000000400000200000001000000ff01000001000000090000000300000000000000ff01000001000000010000000600000034eb00000000010000100000000001005207000080000000060000000000000005000000ffffff7f001b00000700000007000000ffff00000000000001000000ff0300000500000008000000008000000200000001000000ff0f0000000000000400000001000000ffffffff050000000500000004000000ff0f00000200000006000000ff030000282c0000030000000001000008000000070000008000000002000000090000000101000004000000010000807f0000000004000005000000000100000800000006000000f2090000000000000200000053000000841b0000060000000200000019000000fbffffff850000003c000000010000000300000008000000030000002c0400000900000009000000ffffffff05000000faffffff00000000d30000000100000081e6f80420000000ffffffff03000000ff0f0000090000000900000007000000000000000500000001000000070000002bcf000003000000010100004b0000000001000000000000fcf43a7000080000008000000300000000040000000000008b000000ff00000007000000ff0f000060000000700400000600000080ffffff2000000048faffff03000000040000000300000000010000814d0000060000000000000009000000ff7f00000010000008000000000000000400000004000000460e0000070000000600000080000000010000002000000008000000ff7f0000140f0000090000000500000001010000f7ffffff0080000001000000ff01000000fcffff060000000100000000100000090000000700000008000000090000000180ffff000100000000ffff7f000000040000002000000007000000f8ffffff0100008000000000010000000600000009000000067a0000050000000800000000000000ff010000d20d00001b0000000600000003000000ffffffff020000008000000001000100000100000600000003000000060000000400000000000000010000009365220d0e9c23dcd5cd0f000001000000030000000500000077000000050000000004000007000000b15a000000000000ef000000210900000800000000100000170c0000290400000180000002000000ff000000ae000000cec60000000800001f00000001010000020000000100000000800000810000000000070001010000ff7fffff0900000007000000340000000400000001000000000000000700000001000000090000000200000001000000090000000800000001000080020000000677000040000000000000000900000001000000d8020000070000006401010189090000010000000700000008000000e00d000080ed21000600000070000000080000000200000005000000010000001f00000083000000040000000200000006000000ff0f0000ffffff7f136d00000600000004320000ffffff7f460e000009000000400200000800000004010000e3c02f0402000000090000000200000000010000430900000002000006000000bf00000002000000c8c90000ff38b429734f0000ffffffff5439000005000000040000000180000002000000000000000100000003000000000000800400000006000000ff0700000100000002000000010001000300000081000000030000000100000000100000000000001300000005000000ff000000030000000200000001000100010000000300000001000000018000007dfcffff003e0000ff7f000009000000090000000100000064eb0000010000000001000009000000c6000000ff0f000003000000090000004000000000020000010400006b000000010001000100008005000000010000802f00000008000000010000008100000001000000040000000000008000fcffff00902f0f430100004efead2a07000000110a000000020000030000005cd300000800000007000000ea8e0000020000000600000000040000030000000000000003000000a80000003e4000000900000046010000410000000700000001000100e4a6000097000000690400000800000000800000001000000400000020000000060000003f0000000100008000800000940d000006000000030000000100008000000000040000000600000002000000010000000400000002000000030000000600000001000000ffffffff010000000100000001000000fdffffff050000000000000088dcffff30080000200900007ab8000002000000ff0000000000000005000000010000000900000001000100080000004e000000800000000500000092ae000007000000ff010000ffff000003000000fcffffff09000000ff7f00001d26000000000000ffff0000900600002f00000005000000ffffffff01800000010000000300000000000000080000008100000006000000050000000500000000000000dd00000008000000000001000100000016c4081f87010000ff7f00000400000020000000ffff0000070000002000000009000000030000000100010001040000c000000000fcffff0800000006000000913a0000ff010000090000000900000080000000040000003b0e0000b895000009000000090000002000000000000000050000003f00000009000000ff7f00000000008000080000010000000000000000100000000000000100000004000000ffffff7f31f9fffffbffffff01000000090000001c000000030000008dce0000ffffffff9a0e0000db300726feffffff0300000005000000020000003ff500007f00000107000000f0000000e00000010000000008000000ac1414aa3f00000005000000ac1414398000000059000000ac14140b000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000ffffffffffff0000feffffff000000000300000022000000809b76657468305f6d61637674617000000070696d72656730000000000000000000766972745f7769666930000000000000687372300000000000000000000000000180c2000003ffff0000ffffbbbbbbbbbbbbffff00ffff006e0000001e01000056010000736e61740000000000000000000000000000000000000000000000000000000010000000000000000000000000000000feffffff000000004e464c4f4700000000000000000000000000000000000000000000000000000050000000000000008000000000081f0001000000701b25cb2ac2c2654a86d8e3d11378fa83a5f6842a628ae0d20f8380c0a6ea4ece1247fcaf76e398c1379738cb91cc05f88863b69e78bf30350d28fc2f313540000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000030000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000fcffffff020000000c0000000400000088a270696d726567000000000000000000006772657461703000000000000000000076657468305f746f5f626f6e6400000076657468315f6d6163767461700000000180c200000eff0000ffff00ffffffffffffffff00ff00006e000000d60000001e0100006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff000000004155444954000000000000000000000000000000000000000000000000000000080000000000000002000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a31000000000000000000000000c10100000000000006000000000000000500000008000000dada73797a5f74756e000000000000000000626f6e645f736c6176655f310000000070696d7265670000000000000000000067726574617030000000000000000000ffffffffffff00ff000000ffaaaaaaaaaa17000000ffffff6e000000de0000000e0100006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000000000ffffffff000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000000000feffffff00000000415544495400000000000000000000000000000000000000000000000000000008000000000000000000000000000000d695264aeda6dcf17bb5807d75dfc3316fbcf2ff38eb0ec0c1bb41bb56fe26032ab5e12a7c7eef612017be86738997cb74677f67689ba20c961d1000c1d1c4a5876d63d85321bb363586081fc9d35af766768bd657d0e9b38acb43febb77c61f5001252e3295478783d99bf15486de1ab356b6780999797cae54f5858f6ed774d956f5b1fd88fc84d89c3f9e0a433f5c1c8bf16bddcb7e235cb105"]}, 0xecc) ioctl$UI_DEV_DESTROY(r0, 0x5502) ioctl$UI_SET_PROPBIT(r0, 0x4004556e, 0x11) [ 3086.868828] input: syz0 as /devices/virtual/input/input32356 [ 3086.885482] FAULT_INJECTION: forcing a failure. [ 3086.885482] name failslab, interval 1, probability 0, space 0, times 0 [ 3086.899826] CPU: 0 PID: 15807 Comm: syz-executor.5 Not tainted 4.14.285-syzkaller #0 [ 3086.907719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3086.917082] Call Trace: [ 3086.919659] dump_stack+0x1b2/0x281 [ 3086.923269] should_fail.cold+0x10a/0x149 [ 3086.927406] should_failslab+0xd6/0x130 [ 3086.931372] kmem_cache_alloc_node+0x263/0x410 [ 3086.935968] __alloc_skb+0x5c/0x510 [ 3086.939586] kobject_uevent_env+0x882/0xf30 [ 3086.943899] device_add+0xa47/0x15c0 [ 3086.947593] ? device_is_dependent+0x2a0/0x2a0 [ 3086.952157] ? __kmalloc+0x3a4/0x400 [ 3086.955859] ? input_register_device+0x419/0xa90 [ 3086.960601] input_register_device+0x59e/0xa90 [ 3086.965188] ? __lock_acquire+0x5fc/0x3f20 [ 3086.969412] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3086.974578] ? uinput_write+0xfb0/0xfb0 [ 3086.978529] ? get_pid_task+0xb8/0x130 [ 3086.982396] ? proc_fail_nth_write+0x7b/0x180 [ 3086.986884] ? trace_hardirqs_on+0x10/0x10 [ 3086.991115] ? fsnotify+0x974/0x11b0 [ 3086.994843] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3086.999754] ? __handle_mm_fault+0x80f/0x4620 [ 3087.004233] ? SyS_write+0x1b7/0x210 [ 3087.007928] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3087.013362] do_vfs_ioctl+0x75a/0xff0 [ 3087.017144] ? lock_acquire+0x170/0x3f0 [ 3087.021093] ? ioctl_preallocate+0x1a0/0x1a0 [ 3087.025499] ? __fget+0x265/0x3e0 [ 3087.028931] ? do_vfs_ioctl+0xff0/0xff0 [ 3087.032905] ? security_file_ioctl+0x83/0xb0 [ 3087.037291] SyS_ioctl+0x7f/0xb0 [ 3087.040633] ? do_vfs_ioctl+0xff0/0xff0 [ 3087.044586] do_syscall_64+0x1d5/0x640 [ 3087.048453] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3087.053619] RIP: 0033:0x7f8cc83bf109 [ 3087.057307] RSP: 002b:00007f8cc6d34168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 00:21:12 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x2) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff3a], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_END_FF_ERASE(r1, 0x400c55cb, &(0x7f0000000040)={0x9, 0x0, 0xea22}) [ 3087.064992] RAX: ffffffffffffffda RBX: 00007f8cc84d1f60 RCX: 00007f8cc83bf109 [ 3087.072331] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3087.079580] RBP: 00007f8cc6d341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3087.086834] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3087.094088] R13: 00007ffdcd02878f R14: 00007f8cc6d34300 R15: 0000000000022000 [ 3087.106526] input: syz0 as /devices/virtual/input/input32357 [ 3087.112741] input: syz0 as /devices/virtual/input/input32360 00:21:12 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$sock_bt_hidp_HIDPGETCONNINFO(0xffffffffffffffff, 0x800448d3, &(0x7f0000000100)={@none, 0x8, 0x0, 0x3, 0x9, 0x9, "7d1fb4cd09c0b85a90ce847b6afdb60c51c923be8c1608f497e68de5f4f55c0aba125e900c3657cccb68f7c78f51839481e4762c24505db2a3acc50d7278f002458f7380d343834d03060c6ebc61e80868fff07c000f7fb58091019545e079acf94c4b574a8b7ced5720908a0bff24682b0d7d57f932b51c72a6804b2dbf4e42"}) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000080)=@nat={'nat\x00', 0x19, 0x4, 0xdb0, [0x20000940, 0x0, 0x0, 0x20000970, 0x200009a0], 0x0, &(0x7f0000000040), &(0x7f00000024c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff020000000500000000000000001767656e657665300000000000000000006272696467653000000000000000000067656e6576653000000000000000000076657468315f766972745f776966690053b510d1db4dffffffffff00ffffffffffff000000ffff0036090000360900006e0900007265616c6d000000000000000000000000000000000000000000000000000000100000000000000000000000080000000000000000000000616d6f6e670000000000000000000000000000000000000000000000000000006808000000000000000000000000000002000000030000000004000001000000010000000300000006000000c19600002000000006000000020000000400000000000000090000000000000000040000000400000200000001000000ff01000001000000090000000300000000000000ff01000001000000010000000600000034eb00000000010000100000000001005207000080000000060000000000000005000000ffffff7f001b00000700000007000000ffff00000000000001000000ff0300000500000008000000008000000200000001000000ff0f0000000000000400000001000000ffffffff050000000500000004000000ff0f00000200000006000000ff030000282c0000030000000001000008000000070000008000000002000000090000000101000004000000010000807f0000000004000005000000000100000800000006000000f2090000000000000200000053000000841b0000060000000200000019000000fbffffff850000003c000000010000000300000008000000030000002c0400000900000009000000ffffffff05000000faffffff00000000d30000000100000081e6f80420000000ffffffff03000000ff0f0000090000000900000007000000000000000500000001000000070000002bcf000003000000010100004b0000000001000000000000fcf43a7000080000008000000300000000040000000000008b000000ff00000007000000ff0f000060000000700400000600000080ffffff2000000048faffff03000000040000000300000000010000814d0000060000000000000009000000ff7f00000010000008000000000000000400000004000000460e0000070000000600000080000000010000002000000008000000ff7f0000140f0000090000000500000001010000f7ffffff0080000001000000ff01000000fcffff060000000100000000100000090000000700000008000000090000000180ffff000100000000ffff7f000000040000002000000007000000f8ffffff0100008000000000010000000600000009000000067a0000050000000800000000000000ff010000d20d00001b0000000600000003000000ffffffff020000008000000001000100000100000600000003000000060000000400000000000000010000009365220d0e9c23dcd5cd0f000001000000030000000500000077000000050000000004000007000000b15a000000000000ef000000210900000800000000100000170c0000290400000180000002000000ff000000ae000000cec60000000800001f00000001010000020000000100000000800000810000000000070001010000ff7fffff0900000007000000340000000400000001000000000000000700000001000000090000000200000001000000090000000800000001000080020000000677000040000000000000000900000001000000d8020000070000006401010189090000010000000700000008000000e00d000080ed21000600000070000000080000000200000005000000010000001f00000083000000040000000200000006000000ff0f0000ffffff7f136d00000600000004320000ffffff7f460e000009000000400200000800000004010000e3c02f0402000000090000000200000000010000430900000002000006000000bf00000002000000c8c90000ff38b429734f0000ffffffff5439000005000000040000000180000002000000000000000100000003000000000000800400000006000000ff0700000100000002000000010001000300000081000000030000000100000000100000000000001300000005000000ff000000030000000200000001000100010000000300000001000000018000007dfcffff003e0000ff7f000009000000090000000100000064eb0000010000000001000009000000c6000000ff0f000003000000090000004000000000020000010400006b000000010001000100008005000000010000802f00000008000000010000008100000001000000040000000000008000fcffff00902f0f430100004efead2a07000000110a000000020000030000005cd300000800000007000000ea8e0000020000000600000000040000030000000000000003000000a80000003e4000000900000046010000410000000700000001000100e4a6000097000000690400000800000000800000001000000400000020000000060000003f0000000100008000800000940d000006000000030000000100008000000000040000000600000002000000010000000400000002000000030000000600000001000000ffffffff010000000100000001000000fdffffff050000000000000088dcffff30080000200900007ab8000002000000ff0000000000000005000000010000000900000001000100080000004e000000800000000500000092ae000007000000ff010000ffff000003000000fcffffff09000000ff7f00001d26000000000000ffff0000900600002f00000005000000ffffffff01800000010000000300000000000000080000008100000006000000050000000500000000000000dd00000008000000000001000100000016c4081f87010000ff7f00000400000020000000ffff0000070000002000000009000000030000000100010001040000c000000000fcffff0800000006000000913a0000ff010000090000000900000080000000040000003b0e0000b895000009000000090000002000000000000000050000003f00000009000000ff7f00000000008000080000010000000000000000100000000000000100000004000000ffffff7f31f9fffffbffffff01000000090000001c000000030000008dce0000ffffffff9a0e0000db300726feffffff0300000005000000020000003ff500007f00000107000000f0000000e00000010000000008000000ac1414aa3f00000005000000ac1414398000000059000000ac14140b000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000ffffffffffff0000feffffff000000000300000022000000809b76657468305f6d61637674617000000070696d72656730000000000000000000766972745f7769666930000000000000687372300000000000000000000000000180c2000003ffff0000ffffbbbbbbbbbbbbffff00ffff006e0000001e01000056010000736e61740000000000000000000000000000000000000000000000000000000010000000000000000000000000000000feffffff000000004e464c4f4700000000000000000000000000000000000000000000000000000050000000000000008000000000081f0001000000701b25cb2ac2c2654a86d8e3d11378fa83a5f6842a628ae0d20f8380c0a6ea4ece1247fcaf76e398c1379738cb91cc05f88863b69e78bf30350d28fc2f313540000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000030000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000fcffffff020000000c0000000400000088a270696d726567000000000000000000006772657461703000000000000000000076657468305f746f5f626f6e6400000076657468315f6d6163767461700000000180c200000eff0000ffff00ffffffffffffffff00ff00006e000000d60000001e0100006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff000000004155444954000000000000000000000000000000000000000000000000000000080000000000000002000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a31000000000000000000000000c10100000000000006000000000000000500000008000000dada73797a5f74756e000000000000000000626f6e645f736c6176655f310000000070696d7265670000000000000000000067726574617030000000000000000000ffffffffffff00ff000000ffaaaaaaaaaa17000000ffffff6e000000de0000000e0100006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000000000ffffffff000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000000000feffffff00000000415544495400000000000000000000000000000000000000000000000000000008000000000000000000000000000000d695264aeda6dcf17bb5807d75dfc3316fbcf2ff38eb0ec0c1bb41bb56fe26032ab5e12a7c7eef612017be86738997cb74677f67689ba20c961d1000c1d1c4a5876d63d85321bb363586081fc9d35af766768bd657d0e9b38acb43febb77c61f5001252e3295478783d99bf15486de1ab356b6780999797cae54f5858f6ed774d956f5b1fd88fc84d89c3f9e0a433f5c1c8bf16bddcb7e235cb105"]}, 0xecc) ioctl$UI_DEV_DESTROY(r0, 0x5502) ioctl$UI_SET_PROPBIT(r0, 0x4004556e, 0x11) 00:21:12 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) recvfrom$inet(r0, &(0x7f0000000040)=""/239, 0xef, 0x41, &(0x7f0000000140)={0x2, 0x4e20, @remote}, 0x10) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x1) (async) write$uinput_user_dev(r1, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r1, 0x5501) 00:21:12 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f0000000040)={0x1, 0x1, 0x7}) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x2) [ 3087.122291] input: syz0 as /devices/virtual/input/input32361 [ 3087.141235] input: syz0 as /devices/virtual/input/input32359 00:21:12 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 49) 00:21:12 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) (async) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async, rerun: 32) ioctl$UI_SET_PHYS(r1, 0x4008556c, &(0x7f0000000940)='syz0\x00') (rerun: 32) 00:21:12 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xe6e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) [ 3087.175768] input: syz0 as /devices/virtual/input/input32363 [ 3087.197709] input: syz0 as /devices/virtual/input/input32366 00:21:12 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_DEV_DESTROY(r1, 0x5502) [ 3087.246153] input: syz0 as /devices/virtual/input/input32368 [ 3087.247373] input: syz0 as /devices/virtual/input/input32369 [ 3087.257615] FAULT_INJECTION: forcing a failure. [ 3087.257615] name failslab, interval 1, probability 0, space 0, times 0 [ 3087.270113] CPU: 0 PID: 15862 Comm: syz-executor.5 Not tainted 4.14.285-syzkaller #0 [ 3087.278215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3087.287582] Call Trace: [ 3087.290182] dump_stack+0x1b2/0x281 [ 3087.293817] should_fail.cold+0x10a/0x149 [ 3087.297973] should_failslab+0xd6/0x130 [ 3087.301956] kmem_cache_alloc_node_trace+0x25a/0x400 [ 3087.307052] __kmalloc_node_track_caller+0x38/0x70 [ 3087.312050] __alloc_skb+0x96/0x510 [ 3087.315692] kobject_uevent_env+0x882/0xf30 [ 3087.320007] device_add+0xa47/0x15c0 [ 3087.323724] ? device_is_dependent+0x2a0/0x2a0 [ 3087.328288] ? __kmalloc+0x3a4/0x400 [ 3087.331982] ? input_register_device+0x419/0xa90 [ 3087.336735] input_register_device+0x59e/0xa90 [ 3087.341305] ? __lock_acquire+0x5fc/0x3f20 [ 3087.345609] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3087.350789] ? uinput_write+0xfb0/0xfb0 [ 3087.354764] ? get_pid_task+0xb8/0x130 [ 3087.358640] ? proc_fail_nth_write+0x7b/0x180 [ 3087.363209] ? trace_hardirqs_on+0x10/0x10 [ 3087.367550] ? fsnotify+0x974/0x11b0 [ 3087.371253] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3087.376260] ? __handle_mm_fault+0x80f/0x4620 [ 3087.380744] ? SyS_write+0x1b7/0x210 [ 3087.384454] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3087.389907] do_vfs_ioctl+0x75a/0xff0 [ 3087.393780] ? lock_acquire+0x170/0x3f0 [ 3087.397745] ? ioctl_preallocate+0x1a0/0x1a0 [ 3087.402151] ? __fget+0x265/0x3e0 [ 3087.405613] ? do_vfs_ioctl+0xff0/0xff0 [ 3087.409585] ? security_file_ioctl+0x83/0xb0 [ 3087.413975] SyS_ioctl+0x7f/0xb0 [ 3087.417324] ? do_vfs_ioctl+0xff0/0xff0 [ 3087.421281] do_syscall_64+0x1d5/0x640 [ 3087.425155] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3087.430336] RIP: 0033:0x7f8cc83bf109 [ 3087.434054] RSP: 002b:00007f8cc6d34168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3087.441742] RAX: ffffffffffffffda RBX: 00007f8cc84d1f60 RCX: 00007f8cc83bf109 [ 3087.449099] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3087.456359] RBP: 00007f8cc6d341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3087.463627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3087.470886] R13: 00007ffdcd02878f R14: 00007f8cc6d34300 R15: 0000000000022000 [ 3087.478657] input: syz0 as /devices/virtual/input/input32371 [ 3087.485347] input: syz0 as /devices/virtual/input/input32374 [ 3087.491651] input: syz0 as /devices/virtual/input/input32375 00:21:12 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$sock_bt_hidp_HIDPGETCONNINFO(0xffffffffffffffff, 0x800448d3, &(0x7f0000000100)={@none, 0x8, 0x0, 0x3, 0x9, 0x9, "7d1fb4cd09c0b85a90ce847b6afdb60c51c923be8c1608f497e68de5f4f55c0aba125e900c3657cccb68f7c78f51839481e4762c24505db2a3acc50d7278f002458f7380d343834d03060c6ebc61e80868fff07c000f7fb58091019545e079acf94c4b574a8b7ced5720908a0bff24682b0d7d57f932b51c72a6804b2dbf4e42"}) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000080)=@nat={'nat\x00', 0x19, 0x4, 0xdb0, [0x20000940, 0x0, 0x0, 0x20000970, 0x200009a0], 0x0, &(0x7f0000000040), &(0x7f00000024c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff020000000500000000000000001767656e657665300000000000000000006272696467653000000000000000000067656e6576653000000000000000000076657468315f766972745f776966690053b510d1db4dffffffffff00ffffffffffff000000ffff0036090000360900006e0900007265616c6d000000000000000000000000000000000000000000000000000000100000000000000000000000080000000000000000000000616d6f6e670000000000000000000000000000000000000000000000000000006808000000000000000000000000000002000000030000000004000001000000010000000300000006000000c19600002000000006000000020000000400000000000000090000000000000000040000000400000200000001000000ff01000001000000090000000300000000000000ff01000001000000010000000600000034eb00000000010000100000000001005207000080000000060000000000000005000000ffffff7f001b00000700000007000000ffff00000000000001000000ff0300000500000008000000008000000200000001000000ff0f0000000000000400000001000000ffffffff050000000500000004000000ff0f00000200000006000000ff030000282c0000030000000001000008000000070000008000000002000000090000000101000004000000010000807f0000000004000005000000000100000800000006000000f2090000000000000200000053000000841b0000060000000200000019000000fbffffff850000003c000000010000000300000008000000030000002c0400000900000009000000ffffffff05000000faffffff00000000d30000000100000081e6f80420000000ffffffff03000000ff0f0000090000000900000007000000000000000500000001000000070000002bcf000003000000010100004b0000000001000000000000fcf43a7000080000008000000300000000040000000000008b000000ff00000007000000ff0f000060000000700400000600000080ffffff2000000048faffff03000000040000000300000000010000814d0000060000000000000009000000ff7f00000010000008000000000000000400000004000000460e0000070000000600000080000000010000002000000008000000ff7f0000140f0000090000000500000001010000f7ffffff0080000001000000ff01000000fcffff060000000100000000100000090000000700000008000000090000000180ffff000100000000ffff7f000000040000002000000007000000f8ffffff0100008000000000010000000600000009000000067a0000050000000800000000000000ff010000d20d00001b0000000600000003000000ffffffff020000008000000001000100000100000600000003000000060000000400000000000000010000009365220d0e9c23dcd5cd0f000001000000030000000500000077000000050000000004000007000000b15a000000000000ef000000210900000800000000100000170c0000290400000180000002000000ff000000ae000000cec60000000800001f00000001010000020000000100000000800000810000000000070001010000ff7fffff0900000007000000340000000400000001000000000000000700000001000000090000000200000001000000090000000800000001000080020000000677000040000000000000000900000001000000d8020000070000006401010189090000010000000700000008000000e00d000080ed21000600000070000000080000000200000005000000010000001f00000083000000040000000200000006000000ff0f0000ffffff7f136d00000600000004320000ffffff7f460e000009000000400200000800000004010000e3c02f0402000000090000000200000000010000430900000002000006000000bf00000002000000c8c90000ff38b429734f0000ffffffff5439000005000000040000000180000002000000000000000100000003000000000000800400000006000000ff0700000100000002000000010001000300000081000000030000000100000000100000000000001300000005000000ff000000030000000200000001000100010000000300000001000000018000007dfcffff003e0000ff7f000009000000090000000100000064eb0000010000000001000009000000c6000000ff0f000003000000090000004000000000020000010400006b000000010001000100008005000000010000802f00000008000000010000008100000001000000040000000000008000fcffff00902f0f430100004efead2a07000000110a000000020000030000005cd300000800000007000000ea8e0000020000000600000000040000030000000000000003000000a80000003e4000000900000046010000410000000700000001000100e4a6000097000000690400000800000000800000001000000400000020000000060000003f0000000100008000800000940d000006000000030000000100008000000000040000000600000002000000010000000400000002000000030000000600000001000000ffffffff010000000100000001000000fdffffff050000000000000088dcffff30080000200900007ab8000002000000ff0000000000000005000000010000000900000001000100080000004e000000800000000500000092ae000007000000ff010000ffff000003000000fcffffff09000000ff7f00001d26000000000000ffff0000900600002f00000005000000ffffffff01800000010000000300000000000000080000008100000006000000050000000500000000000000dd00000008000000000001000100000016c4081f87010000ff7f00000400000020000000ffff0000070000002000000009000000030000000100010001040000c000000000fcffff0800000006000000913a0000ff010000090000000900000080000000040000003b0e0000b895000009000000090000002000000000000000050000003f00000009000000ff7f00000000008000080000010000000000000000100000000000000100000004000000ffffff7f31f9fffffbffffff01000000090000001c000000030000008dce0000ffffffff9a0e0000db300726feffffff0300000005000000020000003ff500007f00000107000000f0000000e00000010000000008000000ac1414aa3f00000005000000ac1414398000000059000000ac14140b000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000ffffffffffff0000feffffff000000000300000022000000809b76657468305f6d61637674617000000070696d72656730000000000000000000766972745f7769666930000000000000687372300000000000000000000000000180c2000003ffff0000ffffbbbbbbbbbbbbffff00ffff006e0000001e01000056010000736e61740000000000000000000000000000000000000000000000000000000010000000000000000000000000000000feffffff000000004e464c4f4700000000000000000000000000000000000000000000000000000050000000000000008000000000081f0001000000701b25cb2ac2c2654a86d8e3d11378fa83a5f6842a628ae0d20f8380c0a6ea4ece1247fcaf76e398c1379738cb91cc05f88863b69e78bf30350d28fc2f313540000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000030000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000fcffffff020000000c0000000400000088a270696d726567000000000000000000006772657461703000000000000000000076657468305f746f5f626f6e6400000076657468315f6d6163767461700000000180c200000eff0000ffff00ffffffffffffffff00ff00006e000000d60000001e0100006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff000000004155444954000000000000000000000000000000000000000000000000000000080000000000000002000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a31000000000000000000000000c10100000000000006000000000000000500000008000000dada73797a5f74756e000000000000000000626f6e645f736c6176655f310000000070696d7265670000000000000000000067726574617030000000000000000000ffffffffffff00ff000000ffaaaaaaaaaa17000000ffffff6e000000de0000000e0100006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000000000ffffffff000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000000000feffffff00000000415544495400000000000000000000000000000000000000000000000000000008000000000000000000000000000000d695264aeda6dcf17bb5807d75dfc3316fbcf2ff38eb0ec0c1bb41bb56fe26032ab5e12a7c7eef612017be86738997cb74677f67689ba20c961d1000c1d1c4a5876d63d85321bb363586081fc9d35af766768bd657d0e9b38acb43febb77c61f5001252e3295478783d99bf15486de1ab356b6780999797cae54f5858f6ed774d956f5b1fd88fc84d89c3f9e0a433f5c1c8bf16bddcb7e235cb105"]}, 0xecc) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:12 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) recvfrom$inet(r0, &(0x7f0000000040)=""/239, 0xef, 0x41, &(0x7f0000000140)={0x2, 0x4e20, @remote}, 0x10) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x1) write$uinput_user_dev(r1, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r1, 0x5501) 00:21:12 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x7e) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:12 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_DEV_DESTROY(r1, 0x5502) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_DEV_DESTROY(r1, 0x5502) (async) 00:21:12 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 50) 00:21:12 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f0000000040)={0x1, 0x1, 0x7}) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x2) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f0000000040)={0x1, 0x1, 0x7}) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x2) (async) [ 3087.565847] input: syz0 as /devices/virtual/input/input32378 [ 3087.581935] input: syz0 as /devices/virtual/input/input32379 00:21:12 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$sock_bt_hidp_HIDPGETCONNINFO(0xffffffffffffffff, 0x800448d3, &(0x7f0000000100)={@none, 0x8, 0x0, 0x3, 0x9, 0x9, "7d1fb4cd09c0b85a90ce847b6afdb60c51c923be8c1608f497e68de5f4f55c0aba125e900c3657cccb68f7c78f51839481e4762c24505db2a3acc50d7278f002458f7380d343834d03060c6ebc61e80868fff07c000f7fb58091019545e079acf94c4b574a8b7ced5720908a0bff24682b0d7d57f932b51c72a6804b2dbf4e42"}) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:12 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x7e) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3087.606307] input: syz0 as /devices/virtual/input/input32380 [ 3087.623172] FAULT_INJECTION: forcing a failure. [ 3087.623172] name failslab, interval 1, probability 0, space 0, times 0 [ 3087.648664] CPU: 0 PID: 15917 Comm: syz-executor.5 Not tainted 4.14.285-syzkaller #0 [ 3087.656568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3087.665937] Call Trace: [ 3087.668517] dump_stack+0x1b2/0x281 [ 3087.672223] should_fail.cold+0x10a/0x149 [ 3087.676364] should_failslab+0xd6/0x130 [ 3087.680349] kmem_cache_alloc_node+0x263/0x410 [ 3087.684941] __alloc_skb+0x5c/0x510 [ 3087.688565] kobject_uevent_env+0x882/0xf30 [ 3087.692907] device_add+0xa47/0x15c0 [ 3087.696610] ? device_is_dependent+0x2a0/0x2a0 [ 3087.701182] ? __kmalloc+0x3a4/0x400 [ 3087.704876] ? input_register_device+0x419/0xa90 [ 3087.709634] input_register_device+0x59e/0xa90 [ 3087.714210] ? __lock_acquire+0x5fc/0x3f20 [ 3087.718437] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3087.723629] ? uinput_write+0xfb0/0xfb0 [ 3087.727667] ? get_pid_task+0xb8/0x130 [ 3087.731559] ? proc_fail_nth_write+0x7b/0x180 [ 3087.736045] ? trace_hardirqs_on+0x10/0x10 [ 3087.740279] ? fsnotify+0x974/0x11b0 [ 3087.744115] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3087.749040] ? __handle_mm_fault+0x80f/0x4620 [ 3087.753523] ? SyS_write+0x1b7/0x210 [ 3087.757224] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3087.762659] do_vfs_ioctl+0x75a/0xff0 [ 3087.766455] ? lock_acquire+0x170/0x3f0 [ 3087.770413] ? ioctl_preallocate+0x1a0/0x1a0 [ 3087.774806] ? __fget+0x265/0x3e0 [ 3087.778246] ? do_vfs_ioctl+0xff0/0xff0 [ 3087.782230] ? security_file_ioctl+0x83/0xb0 [ 3087.786707] SyS_ioctl+0x7f/0xb0 [ 3087.790520] ? do_vfs_ioctl+0xff0/0xff0 [ 3087.794480] do_syscall_64+0x1d5/0x640 [ 3087.798354] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3087.803532] RIP: 0033:0x7f8cc83bf109 [ 3087.807357] RSP: 002b:00007f8cc6d34168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3087.815060] RAX: ffffffffffffffda RBX: 00007f8cc84d1f60 RCX: 00007f8cc83bf109 [ 3087.822318] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3087.829570] RBP: 00007f8cc6d341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3087.836829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3087.844259] R13: 00007ffdcd02878f R14: 00007f8cc6d34300 R15: 0000000000022000 00:21:13 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_DEV_DESTROY(r1, 0x5502) 00:21:13 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f0000000040)={0x1, 0x1, 0x7}) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) (async, rerun: 64) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x2) (rerun: 64) 00:21:13 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:13 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(r0, 0xc06855c8, &(0x7f0000000080)={0x10, 0xfffffff7, {0x53, 0x2, 0x200, {0x1, 0x7ff}, {0x20, 0x1}, @const={0xff50, {0x8, 0x0, 0x76a3, 0xcc9d}}}, {0x57, 0x7, 0x3, {0x4ec, 0x1}, {0xfffe, 0x1}, @period={0x5b, 0x0, 0x0, 0x1, 0x40, {0x1000, 0x287, 0x9, 0x2}, 0x5, &(0x7f0000000040)=[0x1ff, 0xfff9, 0x5, 0x101, 0x402e]}}}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x50, 0x0, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @mcast2}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e22}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @local}, @FOU_ATTR_IFINDEX={0x8}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @multicast1}]}, 0x50}, 0x1, 0x0, 0x0, 0x8080}, 0x0) 00:21:13 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 51) [ 3087.852498] input: syz0 as /devices/virtual/input/input32381 [ 3087.858855] input: syz0 as /devices/virtual/input/input32382 [ 3087.865079] input: syz0 as /devices/virtual/input/input32383 [ 3087.872008] input: syz0 as /devices/virtual/input/input32384 [ 3087.878409] input: syz0 as /devices/virtual/input/input32385 00:21:13 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x7e) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:13 executing program 2: r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000f80)={'dummy0\x00', 0x0}) r3 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000000)={r2, @multicast2, @multicast1}, 0xc) bpf$MAP_CREATE(0x0, &(0x7f0000000940)=@base={0x14, 0x8001, 0x7, 0x8, 0x8, r0, 0x5, '\x00', r2, 0xffffffffffffffff, 0x2, 0x3, 0x1}, 0x48) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r4, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r4, 0x5501) write$uinput_user_dev(r4, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) [ 3087.954823] input: syz0 as /devices/virtual/input/input32387 [ 3087.975927] input: syz0 as /devices/virtual/input/input32388 [ 3087.987617] input: syz0 as /devices/virtual/input/input32390 [ 3087.988954] FAULT_INJECTION: forcing a failure. [ 3087.988954] name failslab, interval 1, probability 0, space 0, times 0 00:21:13 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_BEGIN_FF_UPLOAD(r0, 0xc06855c8, &(0x7f0000000040)={0x3, 0x4e, {0x51, 0x7, 0x1, {0x1, 0x5}, {0x2, 0xfff}, @rumble={0x9}}, {0x52, 0x100, 0x1672, {0x200, 0xfff}, {0x6, 0x5}, @cond=[{0x1f, 0x1, 0xc6d, 0x2, 0x8, 0x9}, {0x6, 0x400, 0x8, 0x848, 0x6, 0x1000}]}}) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:13 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:13 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(r0, 0xc06855c8, &(0x7f0000000080)={0x10, 0xfffffff7, {0x53, 0x2, 0x200, {0x1, 0x7ff}, {0x20, 0x1}, @const={0xff50, {0x8, 0x0, 0x76a3, 0xcc9d}}}, {0x57, 0x7, 0x3, {0x4ec, 0x1}, {0xfffe, 0x1}, @period={0x5b, 0x0, 0x0, 0x1, 0x40, {0x1000, 0x287, 0x9, 0x2}, 0x5, &(0x7f0000000040)=[0x1ff, 0xfff9, 0x5, 0x101, 0x402e]}}}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x50, 0x0, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @mcast2}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e22}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @local}, @FOU_ATTR_IFINDEX={0x8}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @multicast1}]}, 0x50}, 0x1, 0x0, 0x0, 0x8080}, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_BEGIN_FF_UPLOAD(r0, 0xc06855c8, &(0x7f0000000080)={0x10, 0xfffffff7, {0x53, 0x2, 0x200, {0x1, 0x7ff}, {0x20, 0x1}, @const={0xff50, {0x8, 0x0, 0x76a3, 0xcc9d}}}, {0x57, 0x7, 0x3, {0x4ec, 0x1}, {0xfffe, 0x1}, @period={0x5b, 0x0, 0x0, 0x1, 0x40, {0x1000, 0x287, 0x9, 0x2}, 0x5, &(0x7f0000000040)=[0x1ff, 0xfff9, 0x5, 0x101, 0x402e]}}}) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x50, 0x0, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @mcast2}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e22}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @local}, @FOU_ATTR_IFINDEX={0x8}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @multicast1}]}, 0x50}, 0x1, 0x0, 0x0, 0x8080}, 0x0) (async) [ 3088.010219] input: syz0 as /devices/virtual/input/input32393 [ 3088.012334] input: syz0 as /devices/virtual/input/input32392 [ 3088.049375] input: syz0 as /devices/virtual/input/input32394 [ 3088.080493] CPU: 0 PID: 15982 Comm: syz-executor.5 Not tainted 4.14.285-syzkaller #0 [ 3088.088401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3088.091657] input: syz0 as /devices/virtual/input/input32395 [ 3088.097748] Call Trace: [ 3088.097767] dump_stack+0x1b2/0x281 [ 3088.097782] should_fail.cold+0x10a/0x149 [ 3088.097794] should_failslab+0xd6/0x130 [ 3088.097807] kmem_cache_alloc_trace+0x29a/0x3d0 [ 3088.122524] ? kobj_ns_drop+0x80/0x80 [ 3088.126340] call_usermodehelper_setup+0x73/0x2e0 [ 3088.131186] kobject_uevent_env+0xc21/0xf30 [ 3088.133602] input: syz0 as /devices/virtual/input/input32397 [ 3088.135515] device_add+0xa47/0x15c0 [ 3088.135528] ? device_is_dependent+0x2a0/0x2a0 [ 3088.135540] ? __kmalloc+0x3a4/0x400 [ 3088.153304] ? input_register_device+0x419/0xa90 [ 3088.158065] input_register_device+0x59e/0xa90 [ 3088.162648] ? __lock_acquire+0x5fc/0x3f20 [ 3088.166896] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3088.172088] ? uinput_write+0xfb0/0xfb0 [ 3088.176063] ? get_pid_task+0xb8/0x130 [ 3088.179948] ? proc_fail_nth_write+0x7b/0x180 [ 3088.184446] ? trace_hardirqs_on+0x10/0x10 [ 3088.188685] ? fsnotify+0x974/0x11b0 [ 3088.192396] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3088.197321] ? __handle_mm_fault+0x80f/0x4620 [ 3088.201816] ? SyS_write+0x1b7/0x210 [ 3088.205534] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3088.210988] do_vfs_ioctl+0x75a/0xff0 [ 3088.214792] ? lock_acquire+0x170/0x3f0 [ 3088.218943] ? ioctl_preallocate+0x1a0/0x1a0 [ 3088.223358] ? __fget+0x265/0x3e0 [ 3088.226810] ? do_vfs_ioctl+0xff0/0xff0 [ 3088.230783] ? security_file_ioctl+0x83/0xb0 [ 3088.235190] SyS_ioctl+0x7f/0xb0 [ 3088.238555] ? do_vfs_ioctl+0xff0/0xff0 [ 3088.242536] do_syscall_64+0x1d5/0x640 [ 3088.246428] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3088.251618] RIP: 0033:0x7f8cc83bf109 [ 3088.255325] RSP: 002b:00007f8cc6d34168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3088.263129] RAX: ffffffffffffffda RBX: 00007f8cc84d1f60 RCX: 00007f8cc83bf109 [ 3088.270487] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 00:21:13 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:13 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3088.278712] RBP: 00007f8cc6d341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3088.285978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3088.293250] R13: 00007ffdcd02878f R14: 00007f8cc6d34300 R15: 0000000000022000 00:21:13 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async, rerun: 32) ioctl$UI_BEGIN_FF_UPLOAD(r0, 0xc06855c8, &(0x7f0000000040)={0x3, 0x4e, {0x51, 0x7, 0x1, {0x1, 0x5}, {0x2, 0xfff}, @rumble={0x9}}, {0x52, 0x100, 0x1672, {0x200, 0xfff}, {0x6, 0x5}, @cond=[{0x1f, 0x1, 0xc6d, 0x2, 0x8, 0x9}, {0x6, 0x400, 0x8, 0x848, 0x6, 0x1000}]}}) (async, rerun: 32) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:13 executing program 2: r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) (async) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000f80)={'dummy0\x00', 0x0}) (async) r3 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000000)={r2, @multicast2, @multicast1}, 0xc) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000940)=@base={0x14, 0x8001, 0x7, 0x8, 0x8, r0, 0x5, '\x00', r2, 0xffffffffffffffff, 0x2, 0x3, 0x1}, 0x48) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r4, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_DEV_CREATE(r4, 0x5501) (async) write$uinput_user_dev(r4, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 00:21:13 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(r0, 0xc06855c8, &(0x7f0000000080)={0x10, 0xfffffff7, {0x53, 0x2, 0x200, {0x1, 0x7ff}, {0x20, 0x1}, @const={0xff50, {0x8, 0x0, 0x76a3, 0xcc9d}}}, {0x57, 0x7, 0x3, {0x4ec, 0x1}, {0xfffe, 0x1}, @period={0x5b, 0x0, 0x0, 0x1, 0x40, {0x1000, 0x287, 0x9, 0x2}, 0x5, &(0x7f0000000040)=[0x1ff, 0xfff9, 0x5, 0x101, 0x402e]}}}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x50, 0x0, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @mcast2}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e22}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @local}, @FOU_ATTR_IFINDEX={0x8}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @multicast1}]}, 0x50}, 0x1, 0x0, 0x0, 0x8080}, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_BEGIN_FF_UPLOAD(r0, 0xc06855c8, &(0x7f0000000080)={0x10, 0xfffffff7, {0x53, 0x2, 0x200, {0x1, 0x7ff}, {0x20, 0x1}, @const={0xff50, {0x8, 0x0, 0x76a3, 0xcc9d}}}, {0x57, 0x7, 0x3, {0x4ec, 0x1}, {0xfffe, 0x1}, @period={0x5b, 0x0, 0x0, 0x1, 0x40, {0x1000, 0x287, 0x9, 0x2}, 0x5, &(0x7f0000000040)=[0x1ff, 0xfff9, 0x5, 0x101, 0x402e]}}}) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x50, 0x0, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @mcast2}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e22}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @local}, @FOU_ATTR_IFINDEX={0x8}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @multicast1}]}, 0x50}, 0x1, 0x0, 0x0, 0x8080}, 0x0) (async) [ 3088.338345] input: syz0 as /devices/virtual/input/input32398 [ 3088.348702] input: syz0 as /devices/virtual/input/input32391 00:21:13 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:13 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 52) 00:21:13 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 3088.407172] input: syz0 as /devices/virtual/input/input32400 [ 3088.426245] input: syz0 as /devices/virtual/input/input32401 00:21:13 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:13 executing program 2: r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000f80)={'dummy0\x00', 0x0}) r3 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000000)={r2, @multicast2, @multicast1}, 0xc) bpf$MAP_CREATE(0x0, &(0x7f0000000940)=@base={0x14, 0x8001, 0x7, 0x8, 0x8, r0, 0x5, '\x00', r2, 0xffffffffffffffff, 0x2, 0x3, 0x1}, 0x48) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r4, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r4, 0x5501) write$uinput_user_dev(r4, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) (async) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x0) (async) socket$inet_udp(0x2, 0x2, 0x0) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000f80)={'dummy0\x00'}) (async) socket$inet_sctp(0x2, 0x1, 0x84) (async) setsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000000)={r2, @multicast2, @multicast1}, 0xc) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000940)=@base={0x14, 0x8001, 0x7, 0x8, 0x8, r0, 0x5, '\x00', r2, 0xffffffffffffffff, 0x2, 0x3, 0x1}, 0x48) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) write$uinput_user_dev(r4, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_DEV_CREATE(r4, 0x5501) (async) write$uinput_user_dev(r4, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) (async) 00:21:13 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_BEGIN_FF_UPLOAD(r0, 0xc06855c8, &(0x7f0000000040)={0x3, 0x4e, {0x51, 0x7, 0x1, {0x1, 0x5}, {0x2, 0xfff}, @rumble={0x9}}, {0x52, 0x100, 0x1672, {0x200, 0xfff}, {0x6, 0x5}, @cond=[{0x1f, 0x1, 0xc6d, 0x2, 0x8, 0x9}, {0x6, 0x400, 0x8, 0x848, 0x6, 0x1000}]}}) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3088.449868] input: syz0 as /devices/virtual/input/input32403 [ 3088.470149] FAULT_INJECTION: forcing a failure. [ 3088.470149] name failslab, interval 1, probability 0, space 0, times 0 00:21:13 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:13 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3088.495875] input: syz0 as /devices/virtual/input/input32406 [ 3088.518950] CPU: 0 PID: 16071 Comm: syz-executor.5 Not tainted 4.14.285-syzkaller #0 [ 3088.526855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3088.536206] Call Trace: [ 3088.538793] dump_stack+0x1b2/0x281 [ 3088.542424] should_fail.cold+0x10a/0x149 [ 3088.546581] should_failslab+0xd6/0x130 [ 3088.550564] kmem_cache_alloc_trace+0x29a/0x3d0 [ 3088.555236] ? kobj_ns_drop+0x80/0x80 [ 3088.559039] call_usermodehelper_setup+0x73/0x2e0 [ 3088.563970] kobject_uevent_env+0xc21/0xf30 [ 3088.563989] device_add+0xa47/0x15c0 [ 3088.564002] ? device_is_dependent+0x2a0/0x2a0 [ 3088.564016] ? __kmalloc+0x3a4/0x400 [ 3088.580289] ? input_register_device+0x419/0xa90 [ 3088.585046] input_register_device+0x59e/0xa90 [ 3088.589629] ? __lock_acquire+0x5fc/0x3f20 [ 3088.593886] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3088.593898] ? uinput_write+0xfb0/0xfb0 [ 3088.593911] ? get_pid_task+0xb8/0x130 [ 3088.606961] ? proc_fail_nth_write+0x7b/0x180 [ 3088.611459] ? trace_hardirqs_on+0x10/0x10 [ 3088.615697] ? fsnotify+0x974/0x11b0 [ 3088.619412] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3088.624339] ? __handle_mm_fault+0x80f/0x4620 [ 3088.628832] ? SyS_write+0x1b7/0x210 [ 3088.632549] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3088.638003] do_vfs_ioctl+0x75a/0xff0 [ 3088.641799] ? lock_acquire+0x170/0x3f0 [ 3088.641810] ? ioctl_preallocate+0x1a0/0x1a0 00:21:13 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:13 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:13 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 3088.641823] ? __fget+0x265/0x3e0 [ 3088.641835] ? do_vfs_ioctl+0xff0/0xff0 [ 3088.641846] ? security_file_ioctl+0x83/0xb0 [ 3088.641856] SyS_ioctl+0x7f/0xb0 [ 3088.665354] ? do_vfs_ioctl+0xff0/0xff0 [ 3088.669349] do_syscall_64+0x1d5/0x640 [ 3088.673250] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3088.678431] RIP: 0033:0x7f8cc83bf109 [ 3088.682136] RSP: 002b:00007f8cc6d34168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3088.689841] RAX: ffffffffffffffda RBX: 00007f8cc84d1f60 RCX: 00007f8cc83bf109 00:21:13 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_SET_PROPBIT(0xffffffffffffffff, 0x4004556e, 0x7) 00:21:13 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:13 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 53) 00:21:13 executing program 0: r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x0) r1 = socket$inet(0x2, 0xa, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000080)={r1}) r2 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$EBT_SO_SET_COUNTERS(r2, 0x0, 0x81, &(0x7f0000000140)={'nat\x00', 0x0, 0x0, 0x0, [0x6, 0x5, 0x800, 0x3, 0x1, 0x800000000000000], 0x4, &(0x7f00000000c0)=[{}, {}, {}, {}, {}, {}, {}], 0x0, [{}, {}, {}, {}]}, 0xb8) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r3, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r3, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r3, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r3, 0x5501) ioctl$UI_END_FF_ERASE(r3, 0x400c55cb, &(0x7f0000000040)={0x4, 0x1, 0x9}) [ 3088.691452] input: syz0 as /devices/virtual/input/input32412 [ 3088.697108] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3088.697114] RBP: 00007f8cc6d341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3088.697119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3088.697124] R13: 00007ffdcd02878f R14: 00007f8cc6d34300 R15: 0000000000022000 [ 3088.707374] input: syz0 as /devices/virtual/input/input32404 00:21:14 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r1 = getegid() getgroups(0x8, &(0x7f0000000940)=[0x0, 0xee00, 0xee01, 0xee01, 0xffffffffffffffff, 0xee01, 0xee00, 0xee00]) getgroups(0x9, &(0x7f0000000980)=[0xee01, 0xee00, 0xee00, 0xee01, 0xee00, 0x0, 0xffffffffffffffff, 0x0, 0xee01]) getgroups(0x7, &(0x7f00000009c0)=[0xee00, 0xffffffffffffffff, 0x0, r1, r2, r3, 0xffffffffffffffff]) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe]}, 0x45c) 00:21:14 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 3088.789982] input: syz0 as /devices/virtual/input/input32413 [ 3088.813123] input: syz0 as /devices/virtual/input/input32414 00:21:14 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:14 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_SET_PROPBIT(0xffffffffffffffff, 0x4004556e, 0x7) [ 3088.847401] FAULT_INJECTION: forcing a failure. [ 3088.847401] name failslab, interval 1, probability 0, space 0, times 0 [ 3088.853125] input: syz0 as /devices/virtual/input/input32416 [ 3088.886182] input: syz0 as /devices/virtual/input/input32417 [ 3088.904349] CPU: 0 PID: 16145 Comm: syz-executor.5 Not tainted 4.14.285-syzkaller #0 [ 3088.912255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3088.921606] Call Trace: [ 3088.924202] dump_stack+0x1b2/0x281 [ 3088.927836] should_fail.cold+0x10a/0x149 [ 3088.931987] should_failslab+0xd6/0x130 [ 3088.937875] __kmalloc+0x2c1/0x400 [ 3088.941414] ? kobject_get_path+0xb5/0x230 [ 3088.945656] kobject_get_path+0xb5/0x230 [ 3088.949720] input_register_device+0x9bb/0xa90 [ 3088.954313] ? __lock_acquire+0x5fc/0x3f20 [ 3088.958557] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3088.963750] ? uinput_write+0xfb0/0xfb0 [ 3088.967734] ? get_pid_task+0xb8/0x130 [ 3088.971624] ? proc_fail_nth_write+0x7b/0x180 [ 3088.976119] ? trace_hardirqs_on+0x10/0x10 [ 3088.980357] ? fsnotify+0x974/0x11b0 [ 3088.984069] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3088.988994] ? __handle_mm_fault+0x80f/0x4620 [ 3088.993492] ? SyS_write+0x1b7/0x210 [ 3088.997217] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3089.002672] do_vfs_ioctl+0x75a/0xff0 [ 3089.006477] ? lock_acquire+0x170/0x3f0 [ 3089.010453] ? ioctl_preallocate+0x1a0/0x1a0 [ 3089.014866] ? __fget+0x265/0x3e0 [ 3089.018326] ? do_vfs_ioctl+0xff0/0xff0 [ 3089.022392] ? security_file_ioctl+0x83/0xb0 [ 3089.026809] SyS_ioctl+0x7f/0xb0 [ 3089.030176] ? do_vfs_ioctl+0xff0/0xff0 [ 3089.034156] do_syscall_64+0x1d5/0x640 [ 3089.038049] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3089.043237] RIP: 0033:0x7f8cc83bf109 [ 3089.046940] RSP: 002b:00007f8cc6d34168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 00:21:14 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:14 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:14 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r1 = getegid() getgroups(0x8, &(0x7f0000000940)=[0x0, 0xee00, 0xee01, 0xee01, 0xffffffffffffffff, 0xee01, 0xee00, 0xee00]) getgroups(0x9, &(0x7f0000000980)=[0xee01, 0xee00, 0xee00, 0xee01, 0xee00, 0x0, 0xffffffffffffffff, 0x0, 0xee01]) getgroups(0x7, &(0x7f00000009c0)=[0xee00, 0xffffffffffffffff, 0x0, r1, r2, r3, 0xffffffffffffffff]) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe]}, 0x45c) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) getegid() (async) getgroups(0x8, &(0x7f0000000940)=[0x0, 0xee00, 0xee01, 0xee01, 0xffffffffffffffff, 0xee01, 0xee00, 0xee00]) (async) getgroups(0x9, &(0x7f0000000980)=[0xee01, 0xee00, 0xee00, 0xee01, 0xee00, 0x0, 0xffffffffffffffff, 0x0, 0xee01]) (async) getgroups(0x7, &(0x7f00000009c0)=[0xee00, 0xffffffffffffffff, 0x0, r1, r2, r3, 0xffffffffffffffff]) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe]}, 0x45c) (async) [ 3089.054648] RAX: ffffffffffffffda RBX: 00007f8cc84d1f60 RCX: 00007f8cc83bf109 [ 3089.062007] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3089.069277] RBP: 00007f8cc6d341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3089.076628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3089.083912] R13: 00007ffdcd02878f R14: 00007f8cc6d34300 R15: 0000000000022000 00:21:14 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_SET_PROPBIT(0xffffffffffffffff, 0x4004556e, 0x7) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_SET_PROPBIT(0xffffffffffffffff, 0x4004556e, 0x7) (async) 00:21:14 executing program 0: r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x0) r1 = socket$inet(0x2, 0xa, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000080)={r1}) r2 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$EBT_SO_SET_COUNTERS(r2, 0x0, 0x81, &(0x7f0000000140)={'nat\x00', 0x0, 0x0, 0x0, [0x6, 0x5, 0x800, 0x3, 0x1, 0x800000000000000], 0x4, &(0x7f00000000c0)=[{}, {}, {}, {}, {}, {}, {}], 0x0, [{}, {}, {}, {}]}, 0xb8) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r3, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r3, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r3, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r3, 0x5501) ioctl$UI_END_FF_ERASE(r3, 0x400c55cb, &(0x7f0000000040)={0x4, 0x1, 0x9}) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) (async) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x0) (async) socket$inet(0x2, 0xa, 0x0) (async) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, 0x0, 0x0) (async) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000080)={r1}) (async) socket$l2tp(0x2, 0x2, 0x73) (async) setsockopt$EBT_SO_SET_COUNTERS(r2, 0x0, 0x81, &(0x7f0000000140)={'nat\x00', 0x0, 0x0, 0x0, [0x6, 0x5, 0x800, 0x3, 0x1, 0x800000000000000], 0x4, &(0x7f00000000c0)=[{}, {}, {}, {}, {}, {}, {}], 0x0, [{}, {}, {}, {}]}, 0xb8) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) write$uinput_user_dev(r3, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_SET_FFBIT(r3, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r3, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r3, 0x5501) (async) ioctl$UI_END_FF_ERASE(r3, 0x400c55cb, &(0x7f0000000040)={0x4, 0x1, 0x9}) (async) 00:21:14 executing program 1: ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x5) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) [ 3089.144548] input: syz0 as /devices/virtual/input/input32420 [ 3089.174123] input: syz0 as /devices/virtual/input/input32421 [ 3089.184299] input: syz0 as /devices/virtual/input/input32422 00:21:14 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 54) 00:21:14 executing program 4: ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x1) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) 00:21:14 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_PHYS(r0, 0x4008556c, &(0x7f0000000080)='syz1\x00') ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_BEGIN_FF_ERASE(r1, 0xc00c55ca, &(0x7f0000000040)={0xf, 0x14, 0x6}) 00:21:14 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) r1 = getegid() (async) getgroups(0x8, &(0x7f0000000940)=[0x0, 0xee00, 0xee01, 0xee01, 0xffffffffffffffff, 0xee01, 0xee00, 0xee00]) (async) getgroups(0x9, &(0x7f0000000980)=[0xee01, 0xee00, 0xee00, 0xee01, 0xee00, 0x0, 0xffffffffffffffff, 0x0, 0xee01]) getgroups(0x7, &(0x7f00000009c0)=[0xee00, 0xffffffffffffffff, 0x0, r1, r2, r3, 0xffffffffffffffff]) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe]}, 0x45c) 00:21:14 executing program 1: ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x5) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) [ 3089.203918] input: syz0 as /devices/virtual/input/input32423 [ 3089.205140] input: syz0 as /devices/virtual/input/input32424 [ 3089.237430] input: syz0 as N/A 00:21:14 executing program 0: r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x0) r1 = socket$inet(0x2, 0xa, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000080)={r1}) r2 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$EBT_SO_SET_COUNTERS(r2, 0x0, 0x81, &(0x7f0000000140)={'nat\x00', 0x0, 0x0, 0x0, [0x6, 0x5, 0x800, 0x3, 0x1, 0x800000000000000], 0x4, &(0x7f00000000c0)=[{}, {}, {}, {}, {}, {}, {}], 0x0, [{}, {}, {}, {}]}, 0xb8) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r3, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r3, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r3, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r3, 0x5501) ioctl$UI_END_FF_ERASE(r3, 0x400c55cb, &(0x7f0000000040)={0x4, 0x1, 0x9}) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) (async) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x0) (async) socket$inet(0x2, 0xa, 0x0) (async) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, 0x0, 0x0) (async) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000080)={r1}) (async) socket$l2tp(0x2, 0x2, 0x73) (async) setsockopt$EBT_SO_SET_COUNTERS(r2, 0x0, 0x81, &(0x7f0000000140)={'nat\x00', 0x0, 0x0, 0x0, [0x6, 0x5, 0x800, 0x3, 0x1, 0x800000000000000], 0x4, &(0x7f00000000c0)=[{}, {}, {}, {}, {}, {}, {}], 0x0, [{}, {}, {}, {}]}, 0xb8) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) write$uinput_user_dev(r3, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_SET_FFBIT(r3, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r3, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r3, 0x5501) (async) ioctl$UI_END_FF_ERASE(r3, 0x400c55cb, &(0x7f0000000040)={0x4, 0x1, 0x9}) (async) 00:21:14 executing program 1: ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x5) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) 00:21:14 executing program 4: ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x1) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) [ 3089.321757] input: syz0 as /devices/virtual/input/input32425 [ 3089.324778] input: syz0 as /devices/virtual/input/input32426 [ 3089.335502] FAULT_INJECTION: forcing a failure. [ 3089.335502] name failslab, interval 1, probability 0, space 0, times 0 [ 3089.348818] input: syz0 as /devices/virtual/input/input32428 [ 3089.357003] input: syz0 as /devices/virtual/input/input32427 [ 3089.383036] CPU: 1 PID: 16244 Comm: syz-executor.5 Not tainted 4.14.285-syzkaller #0 [ 3089.390949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3089.400391] Call Trace: [ 3089.402977] dump_stack+0x1b2/0x281 [ 3089.406613] should_fail.cold+0x10a/0x149 [ 3089.410770] should_failslab+0xd6/0x130 [ 3089.414841] __kmalloc_track_caller+0x2bc/0x400 [ 3089.419780] ? kvasprintf_const+0x55/0x180 [ 3089.424025] kvasprintf+0xa8/0x100 [ 3089.427704] ? bust_spinlocks+0xc0/0xc0 [ 3089.431687] kvasprintf_const+0x55/0x180 [ 3089.435759] kobject_set_name_vargs+0x56/0x150 [ 3089.440526] dev_set_name+0xa4/0xc0 [ 3089.444169] ? device_initialize+0x430/0x430 [ 3089.448589] ? __lockdep_init_map+0x100/0x560 [ 3089.453086] ? __lockdep_init_map+0x100/0x560 [ 3089.457605] evdev_connect+0x17b/0x480 [ 3089.461498] input_attach_handler+0x146/0x1a0 [ 3089.466002] input_register_device.cold+0xc2/0x2c3 [ 3089.470937] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3089.476131] ? uinput_write+0xfb0/0xfb0 [ 3089.480113] ? trace_hardirqs_on+0x10/0x10 [ 3089.484454] ? __switch_to_xtra+0x93/0x12f0 [ 3089.488863] ? finish_task_switch+0x178/0x610 [ 3089.493377] ? lock_downgrade+0x740/0x740 [ 3089.497573] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3089.503024] do_vfs_ioctl+0x75a/0xff0 [ 3089.506826] ? lock_acquire+0x170/0x3f0 [ 3089.510801] ? ioctl_preallocate+0x1a0/0x1a0 [ 3089.515301] ? __fget+0x265/0x3e0 [ 3089.518760] ? do_vfs_ioctl+0xff0/0xff0 [ 3089.522740] ? security_file_ioctl+0x83/0xb0 [ 3089.527148] SyS_ioctl+0x7f/0xb0 [ 3089.530618] ? do_vfs_ioctl+0xff0/0xff0 [ 3089.534601] do_syscall_64+0x1d5/0x640 [ 3089.538492] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3089.543679] RIP: 0033:0x7f8cc83bf109 [ 3089.547387] RSP: 002b:00007f8cc6d34168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3089.555093] RAX: ffffffffffffffda RBX: 00007f8cc84d1f60 RCX: 00007f8cc83bf109 [ 3089.562364] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3089.569634] RBP: 00007f8cc6d341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3089.576903] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 00:21:14 executing program 4: ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x1) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) 00:21:14 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:14 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000040), 0x129040, 0x0) ioctl$BLKRAGET(r1, 0x1263, &(0x7f0000000080)) [ 3089.584177] R13: 00007ffdcd02878f R14: 00007f8cc6d34300 R15: 0000000000022000 00:21:14 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:14 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 55) 00:21:14 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) ioctl$UI_SET_PHYS(r0, 0x4008556c, &(0x7f0000000940)='syz1\x00') r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r1, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r1, 0x5501) write$uinput_user_dev(r1, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c) [ 3089.641638] input: syz0 as /devices/virtual/input/input32429 [ 3089.649260] input: failed to attach handler evdev to device input32425, error: -22 00:21:14 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_PHYS(r0, 0x4008556c, &(0x7f0000000080)='syz1\x00') ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_BEGIN_FF_ERASE(r1, 0xc00c55ca, &(0x7f0000000040)={0xf, 0x14, 0x6}) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_PHYS(r0, 0x4008556c, &(0x7f0000000080)='syz1\x00') (async) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_BEGIN_FF_ERASE(r1, 0xc00c55ca, &(0x7f0000000040)={0xf, 0x14, 0x6}) (async) 00:21:14 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:14 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async, rerun: 64) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (rerun: 64) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000040), 0x129040, 0x0) ioctl$BLKRAGET(r1, 0x1263, &(0x7f0000000080)) 00:21:14 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:14 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3089.747506] FAULT_INJECTION: forcing a failure. [ 3089.747506] name failslab, interval 1, probability 0, space 0, times 0 [ 3089.773484] CPU: 0 PID: 16309 Comm: syz-executor.5 Not tainted 4.14.285-syzkaller #0 [ 3089.781394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3089.790871] Call Trace: [ 3089.793476] dump_stack+0x1b2/0x281 [ 3089.797114] should_fail.cold+0x10a/0x149 [ 3089.801266] should_failslab+0xd6/0x130 [ 3089.805265] kmem_cache_alloc_node_trace+0x25a/0x400 [ 3089.805281] __kmalloc_node_track_caller+0x38/0x70 [ 3089.805294] __alloc_skb+0x96/0x510 [ 3089.805308] kobject_uevent_env+0x882/0xf30 [ 3089.805328] device_add+0xa47/0x15c0 [ 3089.827161] ? device_is_dependent+0x2a0/0x2a0 [ 3089.831754] ? __kmalloc+0x3a4/0x400 [ 3089.835625] ? input_register_device+0x419/0xa90 [ 3089.840390] input_register_device+0x59e/0xa90 [ 3089.844973] ? __lock_acquire+0x5fc/0x3f20 [ 3089.844990] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3089.845001] ? uinput_write+0xfb0/0xfb0 [ 3089.845010] ? get_pid_task+0xb8/0x130 [ 3089.845019] ? proc_fail_nth_write+0x7b/0x180 [ 3089.845030] ? trace_hardirqs_on+0x10/0x10 [ 3089.866754] ? fsnotify+0x974/0x11b0 [ 3089.866766] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3089.866775] ? __handle_mm_fault+0x80f/0x4620 [ 3089.866786] ? SyS_write+0x1b7/0x210 [ 3089.866799] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3089.866810] do_vfs_ioctl+0x75a/0xff0 00:21:14 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:14 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:15 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:15 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:15 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3089.897260] ? lock_acquire+0x170/0x3f0 [ 3089.897273] ? ioctl_preallocate+0x1a0/0x1a0 [ 3089.897287] ? __fget+0x265/0x3e0 [ 3089.897297] ? do_vfs_ioctl+0xff0/0xff0 [ 3089.897310] ? security_file_ioctl+0x83/0xb0 [ 3089.917487] SyS_ioctl+0x7f/0xb0 [ 3089.920856] ? do_vfs_ioctl+0xff0/0xff0 [ 3089.924817] do_syscall_64+0x1d5/0x640 [ 3089.928688] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3089.933864] RIP: 0033:0x7f8cc83bf109 [ 3089.937569] RSP: 002b:00007f8cc6d34168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3089.945264] RAX: ffffffffffffffda RBX: 00007f8cc84d1f60 RCX: 00007f8cc83bf109 [ 3089.952520] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3089.959772] RBP: 00007f8cc6d341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3089.967025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3089.974406] R13: 00007ffdcd02878f R14: 00007f8cc6d34300 R15: 0000000000022000 [ 3089.985031] input: syz0 as /devices/virtual/input/input32431 [ 3089.985151] input: syz0 as /devices/virtual/input/input32433 00:21:15 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 56) 00:21:15 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:15 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async, rerun: 64) ioctl$UI_SET_PHYS(r0, 0x4008556c, &(0x7f0000000080)='syz1\x00') (rerun: 64) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_BEGIN_FF_ERASE(r1, 0xc00c55ca, &(0x7f0000000040)={0xf, 0x14, 0x6}) 00:21:15 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:15 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) (async) ioctl$UI_SET_PHYS(r0, 0x4008556c, &(0x7f0000000940)='syz1\x00') (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r1, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_DEV_CREATE(r1, 0x5501) write$uinput_user_dev(r1, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c) 00:21:15 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000040), 0x129040, 0x0) ioctl$BLKRAGET(r1, 0x1263, &(0x7f0000000080)) [ 3089.997380] input: syz0 as /devices/virtual/input/input32434 [ 3089.999602] input: syz0 as /devices/virtual/input/input32435 [ 3090.070521] FAULT_INJECTION: forcing a failure. [ 3090.070521] name failslab, interval 1, probability 0, space 0, times 0 [ 3090.087764] input: syz0 as /devices/virtual/input/input32442 [ 3090.100482] input: syz0 as /devices/virtual/input/input32445 [ 3090.108801] CPU: 1 PID: 16366 Comm: syz-executor.5 Not tainted 4.14.285-syzkaller #0 [ 3090.116697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3090.126051] Call Trace: [ 3090.128643] dump_stack+0x1b2/0x281 [ 3090.132286] should_fail.cold+0x10a/0x149 [ 3090.136440] should_failslab+0xd6/0x130 [ 3090.140416] __kmalloc+0x2c1/0x400 [ 3090.143956] ? kobject_get_path+0xb5/0x230 [ 3090.148204] kobject_get_path+0xb5/0x230 [ 3090.152272] input_register_device+0x9bb/0xa90 [ 3090.156855] ? __lock_acquire+0x5fc/0x3f20 [ 3090.161096] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3090.166296] ? uinput_write+0xfb0/0xfb0 00:21:15 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 3090.170273] ? get_pid_task+0xb8/0x130 [ 3090.174205] ? proc_fail_nth_write+0x7b/0x180 [ 3090.178703] ? trace_hardirqs_on+0x10/0x10 [ 3090.182951] ? fsnotify+0x974/0x11b0 [ 3090.186666] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3090.191595] ? __handle_mm_fault+0x80f/0x4620 [ 3090.196097] ? SyS_write+0x1b7/0x210 [ 3090.199817] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3090.205271] do_vfs_ioctl+0x75a/0xff0 [ 3090.209071] ? lock_acquire+0x170/0x3f0 [ 3090.213068] ? ioctl_preallocate+0x1a0/0x1a0 [ 3090.217483] ? __fget+0x265/0x3e0 [ 3090.220939] ? do_vfs_ioctl+0xff0/0xff0 [ 3090.224917] ? security_file_ioctl+0x83/0xb0 [ 3090.229422] SyS_ioctl+0x7f/0xb0 [ 3090.232795] ? do_vfs_ioctl+0xff0/0xff0 [ 3090.236863] do_syscall_64+0x1d5/0x640 [ 3090.240768] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3090.245961] RIP: 0033:0x7f8cc83bf109 [ 3090.249670] RSP: 002b:00007f8cc6d34168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3090.257382] RAX: ffffffffffffffda RBX: 00007f8cc84d1f60 RCX: 00007f8cc83bf109 00:21:15 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 3090.264651] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3090.271920] RBP: 00007f8cc6d341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3090.279191] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3090.286460] R13: 00007ffdcd02878f R14: 00007f8cc6d34300 R15: 0000000000022000 [ 3090.308854] input: syz0 as N/A 00:21:15 executing program 3: openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r0 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="65786560202f0200000075697e70757400"], 0x11) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x1) write$uinput_user_dev(r1, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000140), 0x2001, 0x0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000180)={0x0}) ioctl$DRM_IOCTL_GEM_FLINK(r3, 0xc008640a, &(0x7f00000001c0)={r4}) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) ioctl$UI_GET_SYSNAME(r2, 0x8040552c, &(0x7f0000000080)) openat$uinput(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) 00:21:15 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) ioctl$UI_SET_PHYS(r0, 0x4008556c, &(0x7f0000000940)='syz1\x00') (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r1, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_DEV_CREATE(r1, 0x5501) write$uinput_user_dev(r1, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c) 00:21:15 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:15 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_SET_PROPBIT(r0, 0x4004556e, 0xc) 00:21:15 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 57) [ 3090.321527] input: syz0 as /devices/virtual/input/input32447 00:21:15 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:15 executing program 3: openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r0 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="65786560202f0200000075697e70757400"], 0x11) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x1) write$uinput_user_dev(r1, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000140), 0x2001, 0x0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000180)={0x0}) ioctl$DRM_IOCTL_GEM_FLINK(r3, 0xc008640a, &(0x7f00000001c0)={r4}) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) ioctl$UI_GET_SYSNAME(r2, 0x8040552c, &(0x7f0000000080)) openat$uinput(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async) openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) write$apparmor_exec(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="65786560202f0200000075697e70757400"], 0x11) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x1) (async) write$uinput_user_dev(r1, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000140), 0x2001, 0x0) (async) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000180)) (async) ioctl$DRM_IOCTL_GEM_FLINK(r3, 0xc008640a, &(0x7f00000001c0)={r4}) (async) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) (async) ioctl$UI_GET_SYSNAME(r2, 0x8040552c, &(0x7f0000000080)) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) (async) [ 3090.397592] input: syz0 as /devices/virtual/input/input32449 [ 3090.404880] input: syz0 as /devices/virtual/input/input32450 [ 3090.421766] input: syz0 as /devices/virtual/input/input32452 00:21:15 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:15 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_SET_PROPBIT(r0, 0x4004556e, 0xc) [ 3090.452341] input: syz0 as /devices/virtual/input/input32455 [ 3090.458253] FAULT_INJECTION: forcing a failure. [ 3090.458253] name failslab, interval 1, probability 0, space 0, times 0 [ 3090.463705] input: syz0 as /devices/virtual/input/input32456 [ 3090.496749] input: syz0 as /devices/virtual/input/input32459 [ 3090.503159] input: syz0 as /devices/virtual/input/input32457 [ 3090.515396] CPU: 1 PID: 16424 Comm: syz-executor.5 Not tainted 4.14.285-syzkaller #0 [ 3090.523307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3090.532748] Call Trace: [ 3090.535339] dump_stack+0x1b2/0x281 [ 3090.538995] should_fail.cold+0x10a/0x149 [ 3090.543154] should_failslab+0xd6/0x130 [ 3090.547138] __kmalloc_track_caller+0x2bc/0x400 [ 3090.553375] ? kstrdup_const+0x35/0x60 [ 3090.557268] ? uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3090.562637] kstrdup+0x36/0x70 [ 3090.565835] kstrdup_const+0x35/0x60 [ 3090.569654] __kernfs_new_node+0x2e/0x470 [ 3090.573818] kernfs_create_dir_ns+0x8c/0x200 [ 3090.578235] sysfs_create_dir_ns+0xb7/0x1d0 [ 3090.582562] kobject_add_internal+0x28b/0x930 [ 3090.587069] kobject_add+0x11f/0x180 [ 3090.590785] ? kset_create_and_add+0x190/0x190 [ 3090.595367] ? device_add+0xd72/0x15c0 [ 3090.599256] ? __lockdep_init_map+0x100/0x560 [ 3090.603855] ? root_device_release+0x20/0x20 [ 3090.606334] input: syz0 as /devices/virtual/input/input32461 [ 3090.608268] device_add+0x33f/0x15c0 [ 3090.608280] ? kobj_map+0x2ff/0x3d0 [ 3090.608290] ? device_is_dependent+0x2a0/0x2a0 [ 3090.625981] cdev_device_add+0x14a/0x230 [ 3090.630071] ? cdev_init+0x6b/0xb0 [ 3090.633619] evdev_connect+0x388/0x480 [ 3090.637604] input_attach_handler+0x146/0x1a0 [ 3090.642108] input_register_device.cold+0xc2/0x2c3 [ 3090.647051] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3090.652252] ? uinput_write+0xfb0/0xfb0 [ 3090.656233] ? get_pid_task+0xb8/0x130 [ 3090.660127] ? proc_fail_nth_write+0x7b/0x180 [ 3090.664630] ? trace_hardirqs_on+0x10/0x10 [ 3090.668883] ? fsnotify+0x974/0x11b0 [ 3090.672599] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3090.677536] ? __handle_mm_fault+0x80f/0x4620 [ 3090.682042] ? SyS_write+0x1b7/0x210 [ 3090.685766] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3090.691221] do_vfs_ioctl+0x75a/0xff0 [ 3090.695024] ? lock_acquire+0x170/0x3f0 [ 3090.699000] ? ioctl_preallocate+0x1a0/0x1a0 [ 3090.703418] ? __fget+0x265/0x3e0 [ 3090.706883] ? do_vfs_ioctl+0xff0/0xff0 [ 3090.711040] ? security_file_ioctl+0x83/0xb0 [ 3090.715979] SyS_ioctl+0x7f/0xb0 [ 3090.719352] ? do_vfs_ioctl+0xff0/0xff0 [ 3090.723332] do_syscall_64+0x1d5/0x640 [ 3090.727236] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3090.732512] RIP: 0033:0x7f8cc83bf109 [ 3090.736339] RSP: 002b:00007f8cc6d34168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 00:21:15 executing program 3: openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async, rerun: 64) r0 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (rerun: 64) write$apparmor_exec(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="65786560202f0200000075697e70757400"], 0x11) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x1) write$uinput_user_dev(r1, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c) (async) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async, rerun: 32) r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000140), 0x2001, 0x0) (async, rerun: 32) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000180)={0x0}) ioctl$DRM_IOCTL_GEM_FLINK(r3, 0xc008640a, &(0x7f00000001c0)={r4}) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) ioctl$UI_GET_SYSNAME(r2, 0x8040552c, &(0x7f0000000080)) openat$uinput(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) [ 3090.744485] RAX: ffffffffffffffda RBX: 00007f8cc84d1f60 RCX: 00007f8cc83bf109 [ 3090.752014] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3090.759295] RBP: 00007f8cc6d341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3090.766571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3090.773929] R13: 00007ffdcd02878f R14: 00007f8cc6d34300 R15: 0000000000022000 00:21:16 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 3090.824930] kobject_add_internal failed for event4 (error: -12 parent: input32455) [ 3090.833105] input: failed to attach handler evdev to device input32455, error: -12 00:21:16 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_SET_PROPBIT(r0, 0x4004556e, 0xc) 00:21:16 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:16 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 00:21:16 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:16 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 58) [ 3090.913878] input: syz0 as /devices/virtual/input/input32464 [ 3090.945234] input: syz0 as /devices/virtual/input/input32465 [ 3090.953316] input: syz0 as /devices/virtual/input/input32467 00:21:16 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:16 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_SET_PHYS(0xffffffffffffffff, 0x4008556c, &(0x7f0000000040)='syz1\x00') ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0xb) [ 3090.962230] input: syz0 as /devices/virtual/input/input32466 [ 3090.977178] input: syz0 as /devices/virtual/input/input32469 [ 3090.984048] FAULT_INJECTION: forcing a failure. [ 3090.984048] name failslab, interval 1, probability 0, space 0, times 0 [ 3091.006801] input: syz0 as /devices/virtual/input/input32470 [ 3091.012826] CPU: 1 PID: 16490 Comm: syz-executor.5 Not tainted 4.14.285-syzkaller #0 [ 3091.020716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3091.030064] Call Trace: [ 3091.032649] dump_stack+0x1b2/0x281 [ 3091.036283] should_fail.cold+0x10a/0x149 [ 3091.040478] should_failslab+0xd6/0x130 [ 3091.044467] kmem_cache_alloc+0x28e/0x3c0 [ 3091.048620] __kernfs_new_node+0x6f/0x470 [ 3091.052771] kernfs_create_dir_ns+0x8c/0x200 [ 3091.057182] sysfs_create_dir_ns+0xb7/0x1d0 [ 3091.061681] kobject_add_internal+0x28b/0x930 [ 3091.066178] kobject_add+0x11f/0x180 [ 3091.069892] ? kset_create_and_add+0x190/0x190 [ 3091.074475] ? device_add+0xd72/0x15c0 [ 3091.078361] ? __lockdep_init_map+0x100/0x560 [ 3091.082857] ? root_device_release+0x20/0x20 [ 3091.087304] device_add+0x33f/0x15c0 [ 3091.091022] ? kobj_map+0x2ff/0x3d0 [ 3091.094655] ? device_is_dependent+0x2a0/0x2a0 [ 3091.099241] cdev_device_add+0x14a/0x230 [ 3091.103298] ? cdev_init+0x6b/0xb0 [ 3091.106838] evdev_connect+0x388/0x480 [ 3091.110725] input_attach_handler+0x146/0x1a0 [ 3091.115240] input_register_device.cold+0xc2/0x2c3 [ 3091.120171] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3091.125360] ? uinput_write+0xfb0/0xfb0 [ 3091.129329] ? get_pid_task+0xb8/0x130 [ 3091.133218] ? proc_fail_nth_write+0x7b/0x180 [ 3091.137716] ? trace_hardirqs_on+0x10/0x10 [ 3091.141954] ? fsnotify+0x974/0x11b0 [ 3091.145661] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3091.150595] ? __handle_mm_fault+0x80f/0x4620 [ 3091.155088] ? SyS_write+0x1b7/0x210 [ 3091.158805] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3091.164258] do_vfs_ioctl+0x75a/0xff0 [ 3091.168054] ? lock_acquire+0x170/0x3f0 [ 3091.172024] ? ioctl_preallocate+0x1a0/0x1a0 [ 3091.176433] ? __fget+0x265/0x3e0 [ 3091.179895] ? do_vfs_ioctl+0xff0/0xff0 [ 3091.183866] ? security_file_ioctl+0x83/0xb0 [ 3091.188276] SyS_ioctl+0x7f/0xb0 [ 3091.191637] ? do_vfs_ioctl+0xff0/0xff0 [ 3091.195609] do_syscall_64+0x1d5/0x640 [ 3091.199503] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3091.204689] RIP: 0033:0x7f8cc83bf109 00:21:16 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_SET_PHYS(0xffffffffffffffff, 0x4008556c, &(0x7f0000000040)='syz1\x00') (async) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0xb) [ 3091.208390] RSP: 002b:00007f8cc6d34168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3091.216105] RAX: ffffffffffffffda RBX: 00007f8cc84d1f60 RCX: 00007f8cc83bf109 [ 3091.223371] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3091.230648] RBP: 00007f8cc6d341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3091.237998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3091.245267] R13: 00007ffdcd02878f R14: 00007f8cc6d34300 R15: 0000000000022000 00:21:16 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 59) 00:21:16 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:16 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) 00:21:16 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) [ 3091.299469] kobject_add_internal failed for event5 (error: -12 parent: input32466) [ 3091.312332] input: failed to attach handler evdev to device input32466, error: -12 [ 3091.331130] input: syz0 as /devices/virtual/input/input32472 00:21:16 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:16 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async, rerun: 32) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async, rerun: 32) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_SET_PHYS(0xffffffffffffffff, 0x4008556c, &(0x7f0000000040)='syz1\x00') ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0xb) 00:21:16 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) [ 3091.410652] input: syz0 as /devices/virtual/input/input32473 [ 3091.423103] input: syz0 as /devices/virtual/input/input32474 [ 3091.434645] input: syz0 as /devices/virtual/input/input32476 [ 3091.435786] input: syz0 as /devices/virtual/input/input32475 [ 3091.451863] input: syz0 as /devices/virtual/input/input32477 00:21:16 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe]}, 0x45c) (async, rerun: 32) ioctl$UI_DEV_CREATE(r0, 0x5501) (async, rerun: 32) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) [ 3091.471442] input: syz0 as /devices/virtual/input/input32478 [ 3091.477692] input: syz0 as /devices/virtual/input/input32479 [ 3091.482532] FAULT_INJECTION: forcing a failure. [ 3091.482532] name failslab, interval 1, probability 0, space 0, times 0 [ 3091.510043] CPU: 1 PID: 16544 Comm: syz-executor.5 Not tainted 4.14.285-syzkaller #0 [ 3091.517939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3091.527292] Call Trace: [ 3091.529884] dump_stack+0x1b2/0x281 [ 3091.533520] should_fail.cold+0x10a/0x149 [ 3091.537677] should_failslab+0xd6/0x130 [ 3091.541654] kmem_cache_alloc+0x28e/0x3c0 [ 3091.545803] __kernfs_new_node+0x6f/0x470 [ 3091.549958] kernfs_create_dir_ns+0x8c/0x200 [ 3091.554379] sysfs_create_dir_ns+0xb7/0x1d0 [ 3091.558701] kobject_add_internal+0x28b/0x930 [ 3091.563204] kobject_add+0x11f/0x180 [ 3091.566925] ? kset_create_and_add+0x190/0x190 [ 3091.571509] ? device_add+0xd72/0x15c0 [ 3091.575394] ? __lockdep_init_map+0x100/0x560 [ 3091.579886] ? root_device_release+0x20/0x20 [ 3091.584392] device_add+0x33f/0x15c0 [ 3091.588113] ? kobj_map+0x2ff/0x3d0 [ 3091.591738] ? device_is_dependent+0x2a0/0x2a0 [ 3091.596323] cdev_device_add+0x14a/0x230 [ 3091.600386] ? cdev_init+0x6b/0xb0 [ 3091.603930] evdev_connect+0x388/0x480 [ 3091.605435] input: syz0 as /devices/virtual/input/input32480 [ 3091.607838] input_attach_handler+0x146/0x1a0 [ 3091.607854] input_register_device.cold+0xc2/0x2c3 [ 3091.607869] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3091.628217] ? uinput_write+0xfb0/0xfb0 [ 3091.632201] ? get_pid_task+0xb8/0x130 [ 3091.636086] ? proc_fail_nth_write+0x7b/0x180 [ 3091.640582] ? trace_hardirqs_on+0x10/0x10 [ 3091.644820] ? fsnotify+0x974/0x11b0 [ 3091.648542] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3091.653470] ? __handle_mm_fault+0x80f/0x4620 [ 3091.657985] ? SyS_write+0x1b7/0x210 [ 3091.661712] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3091.667162] do_vfs_ioctl+0x75a/0xff0 [ 3091.670962] ? lock_acquire+0x170/0x3f0 [ 3091.674936] ? ioctl_preallocate+0x1a0/0x1a0 [ 3091.679348] ? __fget+0x265/0x3e0 [ 3091.682802] ? do_vfs_ioctl+0xff0/0xff0 [ 3091.687148] ? security_file_ioctl+0x83/0xb0 [ 3091.691558] SyS_ioctl+0x7f/0xb0 [ 3091.694922] ? do_vfs_ioctl+0xff0/0xff0 [ 3091.698910] do_syscall_64+0x1d5/0x640 [ 3091.702808] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3091.707992] RIP: 0033:0x7f8cc83bf109 [ 3091.711696] RSP: 002b:00007f8cc6d34168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3091.719403] RAX: ffffffffffffffda RBX: 00007f8cc84d1f60 RCX: 00007f8cc83bf109 [ 3091.726674] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3091.733945] RBP: 00007f8cc6d341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3091.741213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3091.748919] R13: 00007ffdcd02878f R14: 00007f8cc6d34300 R15: 0000000000022000 [ 3091.763962] kobject_add_internal failed for event4 (error: -12 parent: input32475) [ 3091.790047] input: failed to attach handler evdev to device input32475, error: -12 00:21:17 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x407, 0x0) write$uinput_user_dev(r1, &(0x7f0000000940)={'syz1\x00', {0x401, 0x6, 0xf000, 0x800}, 0x7, [0x8, 0x2, 0x7, 0x2, 0xfffffffa, 0x16, 0x9, 0x398a, 0x8, 0x80, 0x2, 0x9, 0xaa3f, 0x6, 0x98f4, 0x81, 0x3, 0x6, 0x6d4f, 0x3, 0x9, 0x0, 0x5, 0xff, 0xffffffff, 0xffffffe0, 0xffff543f, 0x1, 0x0, 0x7, 0x4, 0x1, 0x80000001, 0x1f, 0x7f, 0x0, 0x101, 0x800, 0x6, 0x8, 0x6, 0x4, 0x7fffffff, 0x40, 0x6, 0x20, 0x88, 0x0, 0x400, 0x5, 0x0, 0x72bf, 0x2, 0x7ff, 0x9, 0x0, 0x67, 0x2, 0xff, 0x10000, 0x2, 0x8, 0x2, 0x8], [0x7, 0x400, 0xfffff6a8, 0xd31cdc1, 0x15fe, 0x0, 0xa, 0x8, 0x7, 0xea, 0x5c8c5bfd, 0x4, 0x3, 0x6, 0x3, 0x5, 0x100, 0xd028, 0x1, 0x3ff, 0x9, 0x1ff, 0x6, 0x200, 0xfffffffd, 0x0, 0x7f, 0x81, 0x4, 0xe1, 0x8001, 0x1, 0x9, 0x9, 0xb09, 0x6, 0x0, 0x6, 0x470, 0xfffffffd, 0x1ff, 0x5ca, 0x6, 0x80, 0x7, 0x47, 0xffff8001, 0x1, 0x0, 0x7fffffff, 0x3, 0x3, 0x3, 0x5, 0xffffffff, 0x0, 0x20, 0x0, 0x5, 0x3, 0x4, 0x6, 0x401, 0xfffffff9], [0x3, 0x2, 0x6, 0xc6a, 0x4, 0x7, 0x0, 0x8, 0x7fffffff, 0xeb, 0x7, 0x3, 0x6, 0x4, 0x12, 0x0, 0x6, 0x3, 0xffffffff, 0x5, 0x7, 0x3ff, 0x8, 0x1, 0x5, 0x11, 0xfffffffc, 0x1, 0x7, 0xcd21, 0x5, 0x80, 0x7, 0x6, 0x9fde, 0x2b, 0x0, 0x5, 0x8, 0x8000, 0x404, 0x1, 0x9, 0x0, 0x1ff, 0x101, 0x6, 0x81, 0x8, 0x2, 0x2, 0x2, 0x0, 0x6, 0xfffffff9, 0x3, 0x80000001, 0x0, 0xda57, 0x8, 0x1, 0x1, 0xfff, 0x8], [0x9, 0x3e, 0x80, 0x80000000, 0x400, 0x683d2a9e, 0x1, 0x5, 0x9, 0x6, 0x59, 0x7, 0xff, 0x40, 0xfffffa82, 0x9, 0x54b5, 0x1, 0x0, 0x6, 0xffff, 0x80, 0x8000, 0x800, 0x1, 0x758, 0x401, 0x8, 0x7f, 0x1000, 0x8, 0x4, 0x7, 0x0, 0xfffffffe, 0x5, 0x8001, 0x9, 0x80000001, 0x7, 0x80000000, 0x5edb, 0x3, 0x9, 0x80000001, 0x7, 0x3, 0x19dc, 0x1, 0x0, 0x8001, 0x1, 0x3ff, 0x4, 0xfc4, 0x1, 0x2, 0x9, 0xffff, 0x3ff, 0x10000, 0x10001, 0x200, 0x6]}, 0x45c) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x7) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:17 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:17 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 60) 00:21:17 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, 0x45c) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x6) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x0) ioctl$BLKSECTGET(r1, 0x1267, &(0x7f0000000040)) 00:21:17 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:17 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x49]}, 0x45c) 00:21:17 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x49]}, 0x45c) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x49]}, 0x45c) (async) 00:21:17 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3091.956121] input: syz0 as /devices/virtual/input/input32481 [ 3091.962227] input: syz0 as /devices/virtual/input/input32483 [ 3091.972213] input: syz0 as /devices/virtual/input/input32484 [ 3091.987411] input: syz0 as /devices/virtual/input/input32486 00:21:17 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, 0x45c) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x6) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x0) ioctl$BLKSECTGET(r1, 0x1267, &(0x7f0000000040)) 00:21:17 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:17 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:17 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x407, 0x0) write$uinput_user_dev(r1, &(0x7f0000000940)={'syz1\x00', {0x401, 0x6, 0xf000, 0x800}, 0x7, [0x8, 0x2, 0x7, 0x2, 0xfffffffa, 0x16, 0x9, 0x398a, 0x8, 0x80, 0x2, 0x9, 0xaa3f, 0x6, 0x98f4, 0x81, 0x3, 0x6, 0x6d4f, 0x3, 0x9, 0x0, 0x5, 0xff, 0xffffffff, 0xffffffe0, 0xffff543f, 0x1, 0x0, 0x7, 0x4, 0x1, 0x80000001, 0x1f, 0x7f, 0x0, 0x101, 0x800, 0x6, 0x8, 0x6, 0x4, 0x7fffffff, 0x40, 0x6, 0x20, 0x88, 0x0, 0x400, 0x5, 0x0, 0x72bf, 0x2, 0x7ff, 0x9, 0x0, 0x67, 0x2, 0xff, 0x10000, 0x2, 0x8, 0x2, 0x8], [0x7, 0x400, 0xfffff6a8, 0xd31cdc1, 0x15fe, 0x0, 0xa, 0x8, 0x7, 0xea, 0x5c8c5bfd, 0x4, 0x3, 0x6, 0x3, 0x5, 0x100, 0xd028, 0x1, 0x3ff, 0x9, 0x1ff, 0x6, 0x200, 0xfffffffd, 0x0, 0x7f, 0x81, 0x4, 0xe1, 0x8001, 0x1, 0x9, 0x9, 0xb09, 0x6, 0x0, 0x6, 0x470, 0xfffffffd, 0x1ff, 0x5ca, 0x6, 0x80, 0x7, 0x47, 0xffff8001, 0x1, 0x0, 0x7fffffff, 0x3, 0x3, 0x3, 0x5, 0xffffffff, 0x0, 0x20, 0x0, 0x5, 0x3, 0x4, 0x6, 0x401, 0xfffffff9], [0x3, 0x2, 0x6, 0xc6a, 0x4, 0x7, 0x0, 0x8, 0x7fffffff, 0xeb, 0x7, 0x3, 0x6, 0x4, 0x12, 0x0, 0x6, 0x3, 0xffffffff, 0x5, 0x7, 0x3ff, 0x8, 0x1, 0x5, 0x11, 0xfffffffc, 0x1, 0x7, 0xcd21, 0x5, 0x80, 0x7, 0x6, 0x9fde, 0x2b, 0x0, 0x5, 0x8, 0x8000, 0x404, 0x1, 0x9, 0x0, 0x1ff, 0x101, 0x6, 0x81, 0x8, 0x2, 0x2, 0x2, 0x0, 0x6, 0xfffffff9, 0x3, 0x80000001, 0x0, 0xda57, 0x8, 0x1, 0x1, 0xfff, 0x8], [0x9, 0x3e, 0x80, 0x80000000, 0x400, 0x683d2a9e, 0x1, 0x5, 0x9, 0x6, 0x59, 0x7, 0xff, 0x40, 0xfffffa82, 0x9, 0x54b5, 0x1, 0x0, 0x6, 0xffff, 0x80, 0x8000, 0x800, 0x1, 0x758, 0x401, 0x8, 0x7f, 0x1000, 0x8, 0x4, 0x7, 0x0, 0xfffffffe, 0x5, 0x8001, 0x9, 0x80000001, 0x7, 0x80000000, 0x5edb, 0x3, 0x9, 0x80000001, 0x7, 0x3, 0x19dc, 0x1, 0x0, 0x8001, 0x1, 0x3ff, 0x4, 0xfc4, 0x1, 0x2, 0x9, 0xffff, 0x3ff, 0x10000, 0x10001, 0x200, 0x6]}, 0x45c) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x7) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3092.008227] input: syz0 as /devices/virtual/input/input32488 [ 3092.015511] input: syz0 as /devices/virtual/input/input32489 [ 3092.074495] FAULT_INJECTION: forcing a failure. [ 3092.074495] name failslab, interval 1, probability 0, space 0, times 0 [ 3092.086584] input: syz0 as /devices/virtual/input/input32491 [ 3092.096076] input: syz0 as /devices/virtual/input/input32493 [ 3092.108882] CPU: 1 PID: 16619 Comm: syz-executor.5 Not tainted 4.14.285-syzkaller #0 [ 3092.116772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3092.126123] Call Trace: [ 3092.128707] dump_stack+0x1b2/0x281 [ 3092.132337] should_fail.cold+0x10a/0x149 [ 3092.136491] should_failslab+0xd6/0x130 [ 3092.140467] kmem_cache_alloc+0x28e/0x3c0 [ 3092.144623] __kernfs_new_node+0x6f/0x470 [ 3092.148770] kernfs_create_dir_ns+0x8c/0x200 [ 3092.153187] sysfs_create_dir_ns+0xb7/0x1d0 [ 3092.157512] kobject_add_internal+0x28b/0x930 [ 3092.162013] kobject_add+0x11f/0x180 [ 3092.165728] ? kset_create_and_add+0x190/0x190 [ 3092.170323] ? device_add+0xd72/0x15c0 [ 3092.174210] ? __lockdep_init_map+0x100/0x560 [ 3092.178709] ? root_device_release+0x20/0x20 [ 3092.183122] device_add+0x33f/0x15c0 [ 3092.186835] ? kobj_map+0x2ff/0x3d0 [ 3092.190470] ? device_is_dependent+0x2a0/0x2a0 [ 3092.195064] cdev_device_add+0x14a/0x230 [ 3092.199124] ? cdev_init+0x6b/0xb0 [ 3092.202669] evdev_connect+0x388/0x480 [ 3092.206557] input_attach_handler+0x146/0x1a0 [ 3092.211057] input_register_device.cold+0xc2/0x2c3 [ 3092.215996] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3092.221185] ? uinput_write+0xfb0/0xfb0 [ 3092.225160] ? get_pid_task+0xb8/0x130 [ 3092.229044] ? proc_fail_nth_write+0x7b/0x180 [ 3092.233547] ? trace_hardirqs_on+0x10/0x10 [ 3092.237793] ? fsnotify+0x974/0x11b0 [ 3092.241505] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3092.246431] ? __handle_mm_fault+0x80f/0x4620 [ 3092.250921] ? SyS_write+0x1b7/0x210 [ 3092.254640] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3092.260089] do_vfs_ioctl+0x75a/0xff0 [ 3092.263890] ? lock_acquire+0x170/0x3f0 [ 3092.267863] ? ioctl_preallocate+0x1a0/0x1a0 [ 3092.272269] ? __fget+0x265/0x3e0 [ 3092.275734] ? do_vfs_ioctl+0xff0/0xff0 [ 3092.279705] ? security_file_ioctl+0x83/0xb0 [ 3092.284206] SyS_ioctl+0x7f/0xb0 [ 3092.287573] ? do_vfs_ioctl+0xff0/0xff0 [ 3092.291555] do_syscall_64+0x1d5/0x640 [ 3092.295447] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3092.300635] RIP: 0033:0x7f8cc83bf109 [ 3092.304340] RSP: 002b:00007f8cc6d34168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3092.312047] RAX: ffffffffffffffda RBX: 00007f8cc84d1f60 RCX: 00007f8cc83bf109 00:21:17 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x407, 0x0) write$uinput_user_dev(r1, &(0x7f0000000940)={'syz1\x00', {0x401, 0x6, 0xf000, 0x800}, 0x7, [0x8, 0x2, 0x7, 0x2, 0xfffffffa, 0x16, 0x9, 0x398a, 0x8, 0x80, 0x2, 0x9, 0xaa3f, 0x6, 0x98f4, 0x81, 0x3, 0x6, 0x6d4f, 0x3, 0x9, 0x0, 0x5, 0xff, 0xffffffff, 0xffffffe0, 0xffff543f, 0x1, 0x0, 0x7, 0x4, 0x1, 0x80000001, 0x1f, 0x7f, 0x0, 0x101, 0x800, 0x6, 0x8, 0x6, 0x4, 0x7fffffff, 0x40, 0x6, 0x20, 0x88, 0x0, 0x400, 0x5, 0x0, 0x72bf, 0x2, 0x7ff, 0x9, 0x0, 0x67, 0x2, 0xff, 0x10000, 0x2, 0x8, 0x2, 0x8], [0x7, 0x400, 0xfffff6a8, 0xd31cdc1, 0x15fe, 0x0, 0xa, 0x8, 0x7, 0xea, 0x5c8c5bfd, 0x4, 0x3, 0x6, 0x3, 0x5, 0x100, 0xd028, 0x1, 0x3ff, 0x9, 0x1ff, 0x6, 0x200, 0xfffffffd, 0x0, 0x7f, 0x81, 0x4, 0xe1, 0x8001, 0x1, 0x9, 0x9, 0xb09, 0x6, 0x0, 0x6, 0x470, 0xfffffffd, 0x1ff, 0x5ca, 0x6, 0x80, 0x7, 0x47, 0xffff8001, 0x1, 0x0, 0x7fffffff, 0x3, 0x3, 0x3, 0x5, 0xffffffff, 0x0, 0x20, 0x0, 0x5, 0x3, 0x4, 0x6, 0x401, 0xfffffff9], [0x3, 0x2, 0x6, 0xc6a, 0x4, 0x7, 0x0, 0x8, 0x7fffffff, 0xeb, 0x7, 0x3, 0x6, 0x4, 0x12, 0x0, 0x6, 0x3, 0xffffffff, 0x5, 0x7, 0x3ff, 0x8, 0x1, 0x5, 0x11, 0xfffffffc, 0x1, 0x7, 0xcd21, 0x5, 0x80, 0x7, 0x6, 0x9fde, 0x2b, 0x0, 0x5, 0x8, 0x8000, 0x404, 0x1, 0x9, 0x0, 0x1ff, 0x101, 0x6, 0x81, 0x8, 0x2, 0x2, 0x2, 0x0, 0x6, 0xfffffff9, 0x3, 0x80000001, 0x0, 0xda57, 0x8, 0x1, 0x1, 0xfff, 0x8], [0x9, 0x3e, 0x80, 0x80000000, 0x400, 0x683d2a9e, 0x1, 0x5, 0x9, 0x6, 0x59, 0x7, 0xff, 0x40, 0xfffffa82, 0x9, 0x54b5, 0x1, 0x0, 0x6, 0xffff, 0x80, 0x8000, 0x800, 0x1, 0x758, 0x401, 0x8, 0x7f, 0x1000, 0x8, 0x4, 0x7, 0x0, 0xfffffffe, 0x5, 0x8001, 0x9, 0x80000001, 0x7, 0x80000000, 0x5edb, 0x3, 0x9, 0x80000001, 0x7, 0x3, 0x19dc, 0x1, 0x0, 0x8001, 0x1, 0x3ff, 0x4, 0xfc4, 0x1, 0x2, 0x9, 0xffff, 0x3ff, 0x10000, 0x10001, 0x200, 0x6]}, 0x45c) (async, rerun: 64) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async, rerun: 64) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x7) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:17 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x49]}, 0x45c) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x49]}, 0x45c) (async) [ 3092.319319] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3092.326588] RBP: 00007f8cc6d341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3092.333860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3092.341138] R13: 00007ffdcd02878f R14: 00007f8cc6d34300 R15: 0000000000022000 [ 3092.371928] input: syz0 as /devices/virtual/input/input32497 [ 3092.378187] kobject_add_internal failed for event4 (error: -12 parent: input32489) [ 3092.387547] input: failed to attach handler evdev to device input32489, error: -12 00:21:17 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 61) 00:21:17 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, 0x0, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:17 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, 0x45c) (async) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x6) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x0) (async) ioctl$BLKSECTGET(r1, 0x1267, &(0x7f0000000040)) 00:21:17 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:17 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = socket(0x28, 0xa, 0x3bb32a35) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) ioctl$UI_GET_VERSION(r2, 0x8004552d, &(0x7f0000000a80)) ioctl$sock_kcm_SIOCKCMUNATTACH(r1, 0x89e1, &(0x7f0000000a40)) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x232) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x9]}, 0x45c) ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f00000009c0)={0xb, 0x2, {0x52, 0x4, 0x4, {0x5, 0x8}, {0x2, 0x7}, @period={0x5a, 0x3f, 0x2, 0xffff, 0x8, {0xd, 0x8, 0x1, 0x6}, 0x8, &(0x7f0000000980)=[0xcaa, 0xff14, 0xe200, 0x0, 0x4, 0x0, 0x8, 0x1000]}}, {0x52, 0x58, 0x0, {0x7, 0x7}, {0x1, 0x20}, @rumble={0x8000}}}) ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f0000000940)={0xe, 0x6, 0x187e}) 00:21:17 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x2ad) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) ioctl$UI_SET_MSCBIT(r2, 0x40045568, 0x19) 00:21:17 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, 0x0, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3092.448017] input: syz0 as /devices/virtual/input/input32498 00:21:17 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 3092.499213] input: syz0 as /devices/virtual/input/input32501 [ 3092.517584] input: syz0 as /devices/virtual/input/input32502 [ 3092.535100] input: syz0 as /devices/virtual/input/input32503 [ 3092.545644] FAULT_INJECTION: forcing a failure. [ 3092.545644] name failslab, interval 1, probability 0, space 0, times 0 [ 3092.561413] input: syz0 as /devices/virtual/input/input32504 [ 3092.564582] CPU: 1 PID: 16699 Comm: syz-executor.5 Not tainted 4.14.285-syzkaller #0 [ 3092.575180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3092.584540] Call Trace: [ 3092.587132] dump_stack+0x1b2/0x281 [ 3092.590778] should_fail.cold+0x10a/0x149 [ 3092.594930] should_failslab+0xd6/0x130 [ 3092.598905] __kmalloc_track_caller+0x2bc/0x400 [ 3092.603573] ? kstrdup_const+0x35/0x60 [ 3092.607462] ? uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3092.612829] kstrdup+0x36/0x70 [ 3092.616034] kstrdup_const+0x35/0x60 [ 3092.619756] __kernfs_new_node+0x2e/0x470 [ 3092.623913] kernfs_create_dir_ns+0x8c/0x200 [ 3092.628322] sysfs_create_dir_ns+0xb7/0x1d0 [ 3092.632641] kobject_add_internal+0x28b/0x930 [ 3092.637138] kobject_add+0x11f/0x180 [ 3092.640851] ? kset_create_and_add+0x190/0x190 [ 3092.645432] ? device_add+0xd72/0x15c0 [ 3092.649338] ? __lockdep_init_map+0x100/0x560 [ 3092.653826] ? root_device_release+0x20/0x20 [ 3092.658233] device_add+0x33f/0x15c0 [ 3092.661984] ? kobj_map+0x2ff/0x3d0 [ 3092.665613] ? device_is_dependent+0x2a0/0x2a0 [ 3092.670197] cdev_device_add+0x14a/0x230 [ 3092.674271] ? cdev_init+0x6b/0xb0 [ 3092.677807] evdev_connect+0x388/0x480 [ 3092.681697] input_attach_handler+0x146/0x1a0 [ 3092.686191] input_register_device.cold+0xc2/0x2c3 [ 3092.686209] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3092.686221] ? uinput_write+0xfb0/0xfb0 00:21:17 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, 0x0, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3092.686231] ? get_pid_task+0xb8/0x130 [ 3092.686244] ? proc_fail_nth_write+0x7b/0x180 [ 3092.708754] ? trace_hardirqs_on+0x10/0x10 [ 3092.712995] ? fsnotify+0x974/0x11b0 [ 3092.716708] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3092.721643] ? __handle_mm_fault+0x80f/0x4620 [ 3092.726143] ? SyS_write+0x1b7/0x210 [ 3092.729862] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3092.735345] do_vfs_ioctl+0x75a/0xff0 [ 3092.739146] ? lock_acquire+0x170/0x3f0 [ 3092.743128] ? ioctl_preallocate+0x1a0/0x1a0 [ 3092.747539] ? __fget+0x265/0x3e0 [ 3092.750997] ? do_vfs_ioctl+0xff0/0xff0 [ 3092.755057] ? security_file_ioctl+0x83/0xb0 [ 3092.759463] SyS_ioctl+0x7f/0xb0 [ 3092.762827] ? do_vfs_ioctl+0xff0/0xff0 [ 3092.766910] do_syscall_64+0x1d5/0x640 [ 3092.770796] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3092.775992] RIP: 0033:0x7f8cc83bf109 [ 3092.779698] RSP: 002b:00007f8cc6d34168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3092.787411] RAX: ffffffffffffffda RBX: 00007f8cc84d1f60 RCX: 00007f8cc83bf109 00:21:18 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:18 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 3092.794679] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3092.802045] RBP: 00007f8cc6d341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3092.809315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3092.816848] R13: 00007ffdcd02878f R14: 00007f8cc6d34300 R15: 0000000000022000 00:21:18 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, 0x0, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:18 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 62) 00:21:18 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_END_FF_UPLOAD(r1, 0x406855c9, &(0x7f0000000080)={0x9, 0x5, {0x53, 0x4, 0x2, {0x7ff, 0x2}, {0x3}, @rumble={0x8000, 0x8000}}, {0x57, 0x80, 0x1, {0x7, 0x5}, {0x0, 0x3}, @rumble={0x0, 0x4}}}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) ioctl$UI_SET_PROPBIT(r2, 0x4004556e, 0x9) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_GET_SYSNAME(r1, 0x8040552c, &(0x7f0000000180)) ioctl$UI_DEV_DESTROY(r0, 0x5502) r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000100), 0x210000, 0x0) ioctl$UI_END_FF_ERASE(r3, 0x400c55cb, &(0x7f0000000140)={0xa, 0x70, 0x9}) 00:21:18 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = socket(0x28, 0xa, 0x3bb32a35) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) ioctl$UI_GET_VERSION(r2, 0x8004552d, &(0x7f0000000a80)) ioctl$sock_kcm_SIOCKCMUNATTACH(r1, 0x89e1, &(0x7f0000000a40)) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x232) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x9]}, 0x45c) ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f00000009c0)={0xb, 0x2, {0x52, 0x4, 0x4, {0x5, 0x8}, {0x2, 0x7}, @period={0x5a, 0x3f, 0x2, 0xffff, 0x8, {0xd, 0x8, 0x1, 0x6}, 0x8, &(0x7f0000000980)=[0xcaa, 0xff14, 0xe200, 0x0, 0x4, 0x0, 0x8, 0x1000]}}, {0x52, 0x58, 0x0, {0x7, 0x7}, {0x1, 0x20}, @rumble={0x8000}}}) ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f0000000940)={0xe, 0x6, 0x187e}) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) socket(0x28, 0xa, 0x3bb32a35) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) (async) ioctl$UI_GET_VERSION(r2, 0x8004552d, &(0x7f0000000a80)) (async) ioctl$sock_kcm_SIOCKCMUNATTACH(r1, 0x89e1, &(0x7f0000000a40)) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x232) (async) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x9]}, 0x45c) (async) ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f00000009c0)={0xb, 0x2, {0x52, 0x4, 0x4, {0x5, 0x8}, {0x2, 0x7}, @period={0x5a, 0x3f, 0x2, 0xffff, 0x8, {0xd, 0x8, 0x1, 0x6}, 0x8, &(0x7f0000000980)=[0xcaa, 0xff14, 0xe200, 0x0, 0x4, 0x0, 0x8, 0x1000]}}, {0x52, 0x58, 0x0, {0x7, 0x7}, {0x1, 0x20}, @rumble={0x8000}}}) (async) ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f0000000940)={0xe, 0x6, 0x187e}) (async) 00:21:18 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x2ad) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) ioctl$UI_SET_MSCBIT(r2, 0x40045568, 0x19) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x2ad) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) (async) ioctl$UI_SET_MSCBIT(r2, 0x40045568, 0x19) (async) [ 3092.849611] kobject_add_internal failed for event4 (error: -12 parent: input32501) [ 3092.867041] input: failed to attach handler evdev to device input32501, error: -12 [ 3092.874957] input: syz0 as /devices/virtual/input/input32512 00:21:18 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, 0x0, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:18 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) [ 3092.951177] input: syz0 as /devices/virtual/input/input32514 [ 3092.963320] input: syz0 as /devices/virtual/input/input32515 [ 3092.976977] input: syz0 as /devices/virtual/input/input32517 [ 3092.984100] FAULT_INJECTION: forcing a failure. [ 3092.984100] name failslab, interval 1, probability 0, space 0, times 0 [ 3092.986362] input: syz0 as /devices/virtual/input/input32519 [ 3093.001666] CPU: 1 PID: 16753 Comm: syz-executor.5 Not tainted 4.14.285-syzkaller #0 [ 3093.009760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3093.019116] Call Trace: [ 3093.021704] dump_stack+0x1b2/0x281 [ 3093.025334] should_fail.cold+0x10a/0x149 [ 3093.029484] should_failslab+0xd6/0x130 [ 3093.033470] kmem_cache_alloc+0x28e/0x3c0 [ 3093.037620] __kernfs_new_node+0x6f/0x470 [ 3093.041771] kernfs_new_node+0x7b/0xe0 [ 3093.045657] kernfs_create_link+0x27/0x160 [ 3093.049884] sysfs_do_create_link_sd+0x90/0x120 [ 3093.054549] sysfs_create_link+0x5f/0xc0 [ 3093.058605] device_add+0x4e4/0x15c0 [ 3093.062329] ? device_is_dependent+0x2a0/0x2a0 [ 3093.066913] cdev_device_add+0x14a/0x230 [ 3093.071235] ? cdev_init+0x6b/0xb0 [ 3093.074781] evdev_connect+0x388/0x480 [ 3093.078671] input_attach_handler+0x146/0x1a0 [ 3093.083175] input_register_device.cold+0xc2/0x2c3 [ 3093.088110] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3093.093301] ? uinput_write+0xfb0/0xfb0 [ 3093.097271] ? get_pid_task+0xb8/0x130 [ 3093.101156] ? proc_fail_nth_write+0x7b/0x180 [ 3093.105649] ? trace_hardirqs_on+0x10/0x10 [ 3093.109923] ? fsnotify+0x974/0x11b0 [ 3093.113629] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3093.113639] ? __handle_mm_fault+0x80f/0x4620 [ 3093.113653] ? SyS_write+0x1b7/0x210 [ 3093.126747] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3093.132198] do_vfs_ioctl+0x75a/0xff0 [ 3093.135993] ? lock_acquire+0x170/0x3f0 [ 3093.139967] ? ioctl_preallocate+0x1a0/0x1a0 [ 3093.144373] ? __fget+0x265/0x3e0 [ 3093.147827] ? do_vfs_ioctl+0xff0/0xff0 [ 3093.151798] ? security_file_ioctl+0x83/0xb0 [ 3093.156636] SyS_ioctl+0x7f/0xb0 [ 3093.159997] ? do_vfs_ioctl+0xff0/0xff0 [ 3093.163971] do_syscall_64+0x1d5/0x640 [ 3093.167863] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3093.173045] RIP: 0033:0x7f8cc83bf109 [ 3093.176745] RSP: 002b:00007f8cc6d34168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3093.184444] RAX: ffffffffffffffda RBX: 00007f8cc84d1f60 RCX: 00007f8cc83bf109 [ 3093.191707] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 00:21:18 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) 00:21:18 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, 0x0, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:18 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x2ad) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) (async) ioctl$UI_SET_MSCBIT(r2, 0x40045568, 0x19) [ 3093.198971] RBP: 00007f8cc6d341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3093.206322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3093.213588] R13: 00007ffdcd02878f R14: 00007f8cc6d34300 R15: 0000000000022000 00:21:18 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) 00:21:18 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:18 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) r1 = socket(0x28, 0xa, 0x3bb32a35) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) ioctl$UI_GET_VERSION(r2, 0x8004552d, &(0x7f0000000a80)) ioctl$sock_kcm_SIOCKCMUNATTACH(r1, 0x89e1, &(0x7f0000000a40)) (async, rerun: 32) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x232) (async, rerun: 32) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x9]}, 0x45c) ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f00000009c0)={0xb, 0x2, {0x52, 0x4, 0x4, {0x5, 0x8}, {0x2, 0x7}, @period={0x5a, 0x3f, 0x2, 0xffff, 0x8, {0xd, 0x8, 0x1, 0x6}, 0x8, &(0x7f0000000980)=[0xcaa, 0xff14, 0xe200, 0x0, 0x4, 0x0, 0x8, 0x1000]}}, {0x52, 0x58, 0x0, {0x7, 0x7}, {0x1, 0x20}, @rumble={0x8000}}}) (async) ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f0000000940)={0xe, 0x6, 0x187e}) 00:21:18 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 63) 00:21:18 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_END_FF_UPLOAD(r1, 0x406855c9, &(0x7f0000000080)={0x9, 0x5, {0x53, 0x4, 0x2, {0x7ff, 0x2}, {0x3}, @rumble={0x8000, 0x8000}}, {0x57, 0x80, 0x1, {0x7, 0x5}, {0x0, 0x3}, @rumble={0x0, 0x4}}}) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) ioctl$UI_SET_PROPBIT(r2, 0x4004556e, 0x9) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_GET_SYSNAME(r1, 0x8040552c, &(0x7f0000000180)) ioctl$UI_DEV_DESTROY(r0, 0x5502) r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000100), 0x210000, 0x0) ioctl$UI_END_FF_ERASE(r3, 0x400c55cb, &(0x7f0000000140)={0xa, 0x70, 0x9}) [ 3093.254101] input: failed to attach handler evdev to device input32515, error: -12 00:21:18 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:18 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:18 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_END_FF_UPLOAD(r1, 0x406855c9, &(0x7f0000000080)={0x9, 0x5, {0x53, 0x4, 0x2, {0x7ff, 0x2}, {0x3}, @rumble={0x8000, 0x8000}}, {0x57, 0x80, 0x1, {0x7, 0x5}, {0x0, 0x3}, @rumble={0x0, 0x4}}}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) ioctl$UI_SET_PROPBIT(r2, 0x4004556e, 0x9) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_GET_SYSNAME(r1, 0x8040552c, &(0x7f0000000180)) ioctl$UI_DEV_DESTROY(r0, 0x5502) r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000100), 0x210000, 0x0) ioctl$UI_END_FF_ERASE(r3, 0x400c55cb, &(0x7f0000000140)={0xa, 0x70, 0x9}) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) (async) ioctl$UI_END_FF_UPLOAD(r1, 0x406855c9, &(0x7f0000000080)={0x9, 0x5, {0x53, 0x4, 0x2, {0x7ff, 0x2}, {0x3}, @rumble={0x8000, 0x8000}}, {0x57, 0x80, 0x1, {0x7, 0x5}, {0x0, 0x3}, @rumble={0x0, 0x4}}}) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) (async) ioctl$UI_SET_PROPBIT(r2, 0x4004556e, 0x9) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_GET_SYSNAME(r1, 0x8040552c, &(0x7f0000000180)) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) (async) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000100), 0x210000, 0x0) (async) ioctl$UI_END_FF_ERASE(r3, 0x400c55cb, &(0x7f0000000140)={0xa, 0x70, 0x9}) (async) [ 3093.345627] input: syz0 as /devices/virtual/input/input32531 [ 3093.350293] input: syz0 as /devices/virtual/input/input32528 [ 3093.369636] input: syz0 as /devices/virtual/input/input32537 [ 3093.385328] input: syz0 as /devices/virtual/input/input32538 00:21:18 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000940), 0x2, 0x0) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x53) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) [ 3093.392933] FAULT_INJECTION: forcing a failure. [ 3093.392933] name failslab, interval 1, probability 0, space 0, times 0 [ 3093.405347] input: syz0 as /devices/virtual/input/input32541 [ 3093.423901] input: syz0 as /devices/virtual/input/input32545 [ 3093.430049] CPU: 0 PID: 16826 Comm: syz-executor.5 Not tainted 4.14.285-syzkaller #0 00:21:18 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:18 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) [ 3093.437950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3093.447300] Call Trace: [ 3093.449889] dump_stack+0x1b2/0x281 [ 3093.453519] should_fail.cold+0x10a/0x149 [ 3093.457673] should_failslab+0xd6/0x130 [ 3093.461652] kmem_cache_alloc+0x28e/0x3c0 [ 3093.465807] __kernfs_new_node+0x6f/0x470 [ 3093.469964] kernfs_new_node+0x7b/0xe0 [ 3093.473853] kernfs_create_link+0x27/0x160 [ 3093.478090] sysfs_do_create_link_sd+0x90/0x120 [ 3093.478854] input: syz0 as /devices/virtual/input/input32547 [ 3093.482756] sysfs_create_link+0x5f/0xc0 [ 3093.482776] device_add+0x4e4/0x15c0 [ 3093.482788] ? device_is_dependent+0x2a0/0x2a0 [ 3093.482801] cdev_device_add+0x14a/0x230 [ 3093.482808] ? cdev_init+0x6b/0xb0 [ 3093.482820] evdev_connect+0x388/0x480 [ 3093.512362] input_attach_handler+0x146/0x1a0 [ 3093.516862] input_register_device.cold+0xc2/0x2c3 [ 3093.521810] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3093.527012] ? uinput_write+0xfb0/0xfb0 [ 3093.530992] ? get_pid_task+0xb8/0x130 [ 3093.534880] ? proc_fail_nth_write+0x7b/0x180 [ 3093.539376] ? trace_hardirqs_on+0x10/0x10 [ 3093.543618] ? fsnotify+0x974/0x11b0 [ 3093.547335] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3093.552265] ? __handle_mm_fault+0x80f/0x4620 [ 3093.556769] ? SyS_write+0x1b7/0x210 [ 3093.560487] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3093.565994] do_vfs_ioctl+0x75a/0xff0 [ 3093.569795] ? lock_acquire+0x170/0x3f0 [ 3093.573802] ? ioctl_preallocate+0x1a0/0x1a0 [ 3093.578217] ? __fget+0x265/0x3e0 [ 3093.581675] ? do_vfs_ioctl+0xff0/0xff0 [ 3093.585655] ? security_file_ioctl+0x83/0xb0 [ 3093.590066] SyS_ioctl+0x7f/0xb0 [ 3093.593435] ? do_vfs_ioctl+0xff0/0xff0 [ 3093.597409] do_syscall_64+0x1d5/0x640 [ 3093.601304] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3093.606489] RIP: 0033:0x7f8cc83bf109 [ 3093.610195] RSP: 002b:00007f8cc6d34168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3093.617900] RAX: ffffffffffffffda RBX: 00007f8cc84d1f60 RCX: 00007f8cc83bf109 [ 3093.625168] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3093.632440] RBP: 00007f8cc6d341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3093.639709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3093.646978] R13: 00007ffdcd02878f R14: 00007f8cc6d34300 R15: 0000000000022000 [ 3093.679375] input: failed to attach handler evdev to device input32537, error: -12 00:21:18 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x35) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:18 executing program 3: openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f0000000080)) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:18 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000940), 0x2, 0x0) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x53) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 00:21:18 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) 00:21:18 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 64) 00:21:18 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3093.799348] input: syz0 as /devices/virtual/input/input32550 [ 3093.817899] input: syz0 as /devices/virtual/input/input32551 [ 3093.823316] input: syz0 as /devices/virtual/input/input32553 [ 3093.831658] input: syz0 as /devices/virtual/input/input32554 [ 3093.831888] input: syz0 as /devices/virtual/input/input32552 [ 3093.849630] input: syz0 as /devices/virtual/input/input32556 [ 3093.855857] FAULT_INJECTION: forcing a failure. [ 3093.855857] name failslab, interval 1, probability 0, space 0, times 0 [ 3093.867666] CPU: 1 PID: 16905 Comm: syz-executor.5 Not tainted 4.14.285-syzkaller #0 [ 3093.875559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3093.884908] Call Trace: [ 3093.887496] dump_stack+0x1b2/0x281 [ 3093.891129] should_fail.cold+0x10a/0x149 [ 3093.895280] should_failslab+0xd6/0x130 [ 3093.899262] kmem_cache_alloc+0x28e/0x3c0 [ 3093.903415] __kernfs_new_node+0x6f/0x470 [ 3093.907567] kernfs_new_node+0x7b/0xe0 [ 3093.911458] kernfs_create_link+0x27/0x160 [ 3093.915702] sysfs_do_create_link_sd+0x90/0x120 [ 3093.920372] sysfs_create_link+0x5f/0xc0 [ 3093.924428] device_add+0x749/0x15c0 [ 3093.928141] ? device_is_dependent+0x2a0/0x2a0 [ 3093.932729] cdev_device_add+0x14a/0x230 [ 3093.936783] ? cdev_init+0x6b/0xb0 [ 3093.940322] evdev_connect+0x388/0x480 [ 3093.944203] input_attach_handler+0x146/0x1a0 [ 3093.948704] input_register_device.cold+0xc2/0x2c3 [ 3093.953753] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3093.958959] ? uinput_write+0xfb0/0xfb0 [ 3093.962931] ? get_pid_task+0xb8/0x130 [ 3093.966819] ? proc_fail_nth_write+0x7b/0x180 [ 3093.971338] ? trace_hardirqs_on+0x10/0x10 [ 3093.975581] ? fsnotify+0x974/0x11b0 [ 3093.979296] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3093.984220] ? __handle_mm_fault+0x80f/0x4620 [ 3093.988713] ? SyS_write+0x1b7/0x210 [ 3093.992431] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3093.997887] do_vfs_ioctl+0x75a/0xff0 [ 3094.001689] ? lock_acquire+0x170/0x3f0 [ 3094.005661] ? ioctl_preallocate+0x1a0/0x1a0 [ 3094.010075] ? __fget+0x265/0x3e0 [ 3094.013528] ? do_vfs_ioctl+0xff0/0xff0 [ 3094.017503] ? security_file_ioctl+0x83/0xb0 [ 3094.021910] SyS_ioctl+0x7f/0xb0 [ 3094.025274] ? do_vfs_ioctl+0xff0/0xff0 [ 3094.029252] do_syscall_64+0x1d5/0x640 [ 3094.033142] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3094.038322] RIP: 0033:0x7f8cc83bf109 [ 3094.042022] RSP: 002b:00007f8cc6d34168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3094.049730] RAX: ffffffffffffffda RBX: 00007f8cc84d1f60 RCX: 00007f8cc83bf109 [ 3094.056994] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3094.064259] RBP: 00007f8cc6d341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3094.071525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3094.078790] R13: 00007ffdcd02878f R14: 00007f8cc6d34300 R15: 0000000000022000 00:21:19 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000940), 0x2, 0x0) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x53) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) 00:21:19 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x35) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x35) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) 00:21:19 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) [ 3094.096232] input: failed to attach handler evdev to device input32554, error: -12 00:21:19 executing program 3: openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f0000000080)) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:19 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_SET_PROPBIT(r0, 0x4004556e, 0xc) 00:21:19 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 65) 00:21:19 executing program 3: openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f0000000080)) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3094.208207] input: syz0 as /devices/virtual/input/input32557 [ 3094.220195] input: syz0 as /devices/virtual/input/input32561 [ 3094.221790] input: syz0 as /devices/virtual/input/input32562 [ 3094.226625] input: syz0 as /devices/virtual/input/input32559 [ 3094.242663] input: syz0 as /devices/virtual/input/input32563 00:21:19 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:19 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x35) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3094.263662] input: syz0 as /devices/virtual/input/input32564 [ 3094.278624] FAULT_INJECTION: forcing a failure. [ 3094.278624] name failslab, interval 1, probability 0, space 0, times 0 [ 3094.306110] CPU: 1 PID: 16954 Comm: syz-executor.5 Not tainted 4.14.285-syzkaller #0 [ 3094.314015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3094.323365] Call Trace: [ 3094.325951] dump_stack+0x1b2/0x281 [ 3094.329583] should_fail.cold+0x10a/0x149 [ 3094.333738] should_failslab+0xd6/0x130 [ 3094.337711] kmem_cache_alloc+0x28e/0x3c0 [ 3094.341860] __kernfs_new_node+0x6f/0x470 [ 3094.346010] kernfs_create_dir_ns+0x8c/0x200 [ 3094.350416] internal_create_group+0xe9/0x710 [ 3094.355183] ? kernfs_put+0x13/0x30 [ 3094.358815] dpm_sysfs_add+0x21/0x1c0 [ 3094.362643] device_add+0x977/0x15c0 [ 3094.366359] ? device_is_dependent+0x2a0/0x2a0 [ 3094.370940] cdev_device_add+0x14a/0x230 [ 3094.374996] ? cdev_init+0x6b/0xb0 [ 3094.378536] evdev_connect+0x388/0x480 [ 3094.382151] input: syz0 as /devices/virtual/input/input32567 [ 3094.382420] input_attach_handler+0x146/0x1a0 [ 3094.392781] input_register_device.cold+0xc2/0x2c3 [ 3094.397715] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3094.402909] ? uinput_write+0xfb0/0xfb0 [ 3094.406884] ? get_pid_task+0xb8/0x130 [ 3094.410766] ? proc_fail_nth_write+0x7b/0x180 [ 3094.415263] ? trace_hardirqs_on+0x10/0x10 [ 3094.419500] ? fsnotify+0x974/0x11b0 [ 3094.423209] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3094.428140] ? __handle_mm_fault+0x80f/0x4620 [ 3094.432636] ? SyS_write+0x1b7/0x210 [ 3094.436358] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3094.441812] do_vfs_ioctl+0x75a/0xff0 [ 3094.445627] ? lock_acquire+0x170/0x3f0 [ 3094.449608] ? ioctl_preallocate+0x1a0/0x1a0 [ 3094.454025] ? __fget+0x265/0x3e0 [ 3094.457477] ? do_vfs_ioctl+0xff0/0xff0 [ 3094.461453] ? security_file_ioctl+0x83/0xb0 [ 3094.463694] input: syz0 as /devices/virtual/input/input32568 [ 3094.465858] SyS_ioctl+0x7f/0xb0 [ 3094.474986] ? do_vfs_ioctl+0xff0/0xff0 [ 3094.478957] do_syscall_64+0x1d5/0x640 [ 3094.482854] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3094.488049] RIP: 0033:0x7f8cc83bf109 [ 3094.491748] RSP: 002b:00007f8cc6d34168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3094.499449] RAX: ffffffffffffffda RBX: 00007f8cc84d1f60 RCX: 00007f8cc83bf109 [ 3094.506715] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 00:21:19 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(r0, 0xc06855c8, &(0x7f0000000080)={0x10, 0xfffffff7, {0x53, 0x2, 0x200, {0x1, 0x7ff}, {0x20, 0x1}, @const={0xff50, {0x8, 0x0, 0x76a3, 0xcc9d}}}, {0x57, 0x7, 0x3, {0x4ec, 0x1}, {0xfffe, 0x1}, @period={0x5b, 0x0, 0x0, 0x1, 0x40, {0x1000, 0x287, 0x9, 0x2}, 0x5, &(0x7f0000000040)=[0x1ff, 0xfff9, 0x5, 0x101, 0x402e]}}}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x50, 0x0, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @mcast2}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e22}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @local}, @FOU_ATTR_IFINDEX={0x8}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @multicast1}]}, 0x50}, 0x1, 0x0, 0x0, 0x8080}, 0x0) [ 3094.513985] RBP: 00007f8cc6d341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3094.521248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3094.528516] R13: 00007ffdcd02878f R14: 00007f8cc6d34300 R15: 0000000000022000 [ 3094.539185] input: syz0 as /devices/virtual/input/input32565 [ 3094.546429] input: failed to attach handler evdev to device input32564, error: -12 00:21:19 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x45c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0xd) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) ioctl$UI_SET_SWBIT(r2, 0x4004556d, 0x3) ioctl$UI_BEGIN_FF_ERASE(r2, 0xc00c55ca, &(0x7f0000000100)={0x10, 0x1, 0x970d}) ioctl$UI_BEGIN_FF_UPLOAD(r2, 0xc06855c8, &(0x7f0000000140)={0x10, 0xffffffff, {0x51, 0xff, 0x8, {0x7, 0x3}, {0x7, 0x2}, @cond=[{0xd8, 0x0, 0x0, 0x3, 0x2a, 0xfffc}, {0x8, 0x7, 0x8000, 0x0, 0x8}]}, {0x52, 0x1000, 0x1, {0x6d, 0x4}, {0x6, 0x9}, @rumble={0x7f, 0x5fc5}}}) openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r3, 0x4004556a, 0x0) ioctl$UI_BEGIN_FF_ERASE(r3, 0xc00c55ca, &(0x7f0000000040)={0x1, 0x5, 0xe4}) 00:21:19 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 66) 00:21:19 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x3f], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) getpeername$netrom(0xffffffffffffffff, &(0x7f0000000080)={{0x3, @rose}, [@null, @remote, @bcast, @rose, @default, @remote, @netrom, @default]}, &(0x7f0000000140)=0x48) ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f0000000040)) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:19 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:19 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @multicast1, @private}, &(0x7f0000000080)=0xc) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000140)={'syztnl2\x00', &(0x7f00000000c0)={'syztnl1\x00', r1, 0x2f, 0xff, 0x7, 0x3f, 0x5, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, @mcast2, 0x40, 0x10, 0xc1, 0x3a4}}) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3094.650822] input: syz0 as /devices/virtual/input/input32569 [ 3094.681064] input: syz0 as /devices/virtual/input/input32570 [ 3094.707950] FAULT_INJECTION: forcing a failure. [ 3094.707950] name failslab, interval 1, probability 0, space 0, times 0 [ 3094.711802] input: syz0 as /devices/virtual/input/input32573 [ 3094.723784] input: syz0 as /devices/virtual/input/input32574 [ 3094.732255] CPU: 1 PID: 17004 Comm: syz-executor.5 Not tainted 4.14.285-syzkaller #0 [ 3094.733199] input: syz0 as /devices/virtual/input/input32571 [ 3094.740154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3094.740159] Call Trace: [ 3094.740173] dump_stack+0x1b2/0x281 [ 3094.740187] should_fail.cold+0x10a/0x149 [ 3094.740200] should_failslab+0xd6/0x130 [ 3094.770567] kmem_cache_alloc+0x28e/0x3c0 [ 3094.774725] __kernfs_new_node+0x6f/0x470 [ 3094.778883] kernfs_new_node+0x7b/0xe0 [ 3094.782775] __kernfs_create_file+0x3d/0x320 [ 3094.787192] sysfs_add_file_mode_ns+0x1e1/0x450 [ 3094.791869] sysfs_merge_group+0xdc/0x200 [ 3094.796022] dpm_sysfs_add+0x122/0x1c0 [ 3094.799908] device_add+0x977/0x15c0 [ 3094.803631] ? device_is_dependent+0x2a0/0x2a0 [ 3094.808237] cdev_device_add+0x14a/0x230 [ 3094.812301] ? cdev_init+0x6b/0xb0 [ 3094.815842] evdev_connect+0x388/0x480 [ 3094.819822] input_attach_handler+0x146/0x1a0 [ 3094.824353] input_register_device.cold+0xc2/0x2c3 [ 3094.829293] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3094.834491] ? uinput_write+0xfb0/0xfb0 [ 3094.838468] ? get_pid_task+0xb8/0x130 [ 3094.842356] ? proc_fail_nth_write+0x7b/0x180 [ 3094.846852] ? trace_hardirqs_on+0x10/0x10 [ 3094.851098] ? fsnotify+0x974/0x11b0 [ 3094.854817] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3094.859747] ? __handle_mm_fault+0x80f/0x4620 [ 3094.864245] ? SyS_write+0x1b7/0x210 [ 3094.867981] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3094.873459] do_vfs_ioctl+0x75a/0xff0 [ 3094.877261] ? lock_acquire+0x170/0x3f0 [ 3094.881239] ? ioctl_preallocate+0x1a0/0x1a0 [ 3094.885651] ? __fget+0x265/0x3e0 [ 3094.889104] ? do_vfs_ioctl+0xff0/0xff0 [ 3094.893078] ? security_file_ioctl+0x83/0xb0 [ 3094.897496] SyS_ioctl+0x7f/0xb0 [ 3094.900868] ? do_vfs_ioctl+0xff0/0xff0 [ 3094.904859] do_syscall_64+0x1d5/0x640 00:21:20 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @multicast1, @private}, &(0x7f0000000080)=0xc) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000140)={'syztnl2\x00', &(0x7f00000000c0)={'syztnl1\x00', r1, 0x2f, 0xff, 0x7, 0x3f, 0x5, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, @mcast2, 0x40, 0x10, 0xc1, 0x3a4}}) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3094.908754] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3094.914052] RIP: 0033:0x7f8cc83bf109 [ 3094.917758] RSP: 002b:00007f8cc6d34168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3094.925466] RAX: ffffffffffffffda RBX: 00007f8cc84d1f60 RCX: 00007f8cc83bf109 [ 3094.932738] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3094.940007] RBP: 00007f8cc6d341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3094.947287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3094.954557] R13: 00007ffdcd02878f R14: 00007f8cc6d34300 R15: 0000000000022000 00:21:20 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x2) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0xfffffffd, 0x1], [], [], [0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3094.985242] input: failed to attach handler evdev to device input32569, error: -12 [ 3094.993640] input: syz0 as /devices/virtual/input/input32575 00:21:20 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 67) 00:21:20 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x3f], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) getpeername$netrom(0xffffffffffffffff, &(0x7f0000000080)={{0x3, @rose}, [@null, @remote, @bcast, @rose, @default, @remote, @netrom, @default]}, &(0x7f0000000140)=0x48) (async) ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f0000000040)) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:20 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x45c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0xd) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) ioctl$UI_SET_SWBIT(r2, 0x4004556d, 0x3) ioctl$UI_BEGIN_FF_ERASE(r2, 0xc00c55ca, &(0x7f0000000100)={0x10, 0x1, 0x970d}) ioctl$UI_BEGIN_FF_UPLOAD(r2, 0xc06855c8, &(0x7f0000000140)={0x10, 0xffffffff, {0x51, 0xff, 0x8, {0x7, 0x3}, {0x7, 0x2}, @cond=[{0xd8, 0x0, 0x0, 0x3, 0x2a, 0xfffc}, {0x8, 0x7, 0x8000, 0x0, 0x8}]}, {0x52, 0x1000, 0x1, {0x6d, 0x4}, {0x6, 0x9}, @rumble={0x7f, 0x5fc5}}}) openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r3, 0x4004556a, 0x0) ioctl$UI_BEGIN_FF_ERASE(r3, 0xc00c55ca, &(0x7f0000000040)={0x1, 0x5, 0xe4}) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x45c) (async) openat$uinput(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) (async) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0xd) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) (async) ioctl$UI_SET_SWBIT(r2, 0x4004556d, 0x3) (async) ioctl$UI_BEGIN_FF_ERASE(r2, 0xc00c55ca, &(0x7f0000000100)={0x10, 0x1, 0x970d}) (async) ioctl$UI_BEGIN_FF_UPLOAD(r2, 0xc06855c8, &(0x7f0000000140)={0x10, 0xffffffff, {0x51, 0xff, 0x8, {0x7, 0x3}, {0x7, 0x2}, @cond=[{0xd8, 0x0, 0x0, 0x3, 0x2a, 0xfffc}, {0x8, 0x7, 0x8000, 0x0, 0x8}]}, {0x52, 0x1000, 0x1, {0x6d, 0x4}, {0x6, 0x9}, @rumble={0x7f, 0x5fc5}}}) (async) openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r3, 0x4004556a, 0x0) (async) ioctl$UI_BEGIN_FF_ERASE(r3, 0xc00c55ca, &(0x7f0000000040)={0x1, 0x5, 0xe4}) (async) 00:21:20 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [0x0, 0x0, 0x0, 0xffffffff], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:20 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x2) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_BEGIN_FF_ERASE(r1, 0xc00c55ca, &(0x7f00000000c0)={0x3, 0x2, 0x9b}) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_END_FF_ERASE(r2, 0x400c55cb, &(0x7f0000000080)={0xb, 0x80, 0x8}) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3095.101266] input: syz0 as /devices/virtual/input/input32578 [ 3095.107504] input: syz0 as /devices/virtual/input/input32580 [ 3095.118869] input: syz0 as /devices/virtual/input/input32579 [ 3095.141672] input: syz0 as /devices/virtual/input/input32582 [ 3095.144584] FAULT_INJECTION: forcing a failure. [ 3095.144584] name failslab, interval 1, probability 0, space 0, times 0 [ 3095.163229] input: syz0 as /devices/virtual/input/input32581 [ 3095.172104] CPU: 0 PID: 17049 Comm: syz-executor.5 Not tainted 4.14.285-syzkaller #0 [ 3095.180004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3095.183844] input: syz0 as /devices/virtual/input/input32584 [ 3095.189349] Call Trace: [ 3095.189366] dump_stack+0x1b2/0x281 [ 3095.189382] should_fail.cold+0x10a/0x149 [ 3095.189396] should_failslab+0xd6/0x130 [ 3095.189408] kmem_cache_alloc+0x28e/0x3c0 [ 3095.189421] __kernfs_new_node+0x6f/0x470 [ 3095.217761] kernfs_new_node+0x7b/0xe0 [ 3095.221655] __kernfs_create_file+0x3d/0x320 [ 3095.226162] sysfs_add_file_mode_ns+0x1e1/0x450 [ 3095.230861] sysfs_merge_group+0xdc/0x200 [ 3095.235015] dpm_sysfs_add+0x122/0x1c0 [ 3095.238903] device_add+0x977/0x15c0 [ 3095.242621] ? device_is_dependent+0x2a0/0x2a0 [ 3095.247204] cdev_device_add+0x14a/0x230 [ 3095.251259] ? cdev_init+0x6b/0xb0 [ 3095.254798] evdev_connect+0x388/0x480 [ 3095.258687] input_attach_handler+0x146/0x1a0 [ 3095.263184] input_register_device.cold+0xc2/0x2c3 [ 3095.268122] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3095.273318] ? uinput_write+0xfb0/0xfb0 [ 3095.277285] ? get_pid_task+0xb8/0x130 [ 3095.281169] ? proc_fail_nth_write+0x7b/0x180 [ 3095.285659] ? trace_hardirqs_on+0x10/0x10 [ 3095.289893] ? fsnotify+0x974/0x11b0 [ 3095.293604] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3095.298529] ? __handle_mm_fault+0x80f/0x4620 [ 3095.303024] ? SyS_write+0x1b7/0x210 [ 3095.306743] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3095.312190] do_vfs_ioctl+0x75a/0xff0 [ 3095.316078] ? lock_acquire+0x170/0x3f0 [ 3095.320059] ? ioctl_preallocate+0x1a0/0x1a0 [ 3095.324463] ? __fget+0x265/0x3e0 [ 3095.327918] ? do_vfs_ioctl+0xff0/0xff0 [ 3095.331889] ? security_file_ioctl+0x83/0xb0 [ 3095.336300] SyS_ioctl+0x7f/0xb0 [ 3095.339745] ? do_vfs_ioctl+0xff0/0xff0 [ 3095.343715] do_syscall_64+0x1d5/0x640 [ 3095.347690] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3095.352960] RIP: 0033:0x7f8cc83bf109 [ 3095.356659] RSP: 002b:00007f8cc6d34168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3095.364362] RAX: ffffffffffffffda RBX: 00007f8cc84d1f60 RCX: 00007f8cc83bf109 [ 3095.371800] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3095.379239] RBP: 00007f8cc6d341d0 R08: 0000000000000000 R09: 0000000000000000 00:21:20 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x3f], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) getpeername$netrom(0xffffffffffffffff, &(0x7f0000000080)={{0x3, @rose}, [@null, @remote, @bcast, @rose, @default, @remote, @netrom, @default]}, &(0x7f0000000140)=0x48) ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f0000000040)) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x3f], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) (async) getpeername$netrom(0xffffffffffffffff, &(0x7f0000000080)={{0x3, @rose}, [@null, @remote, @bcast, @rose, @default, @remote, @netrom, @default]}, &(0x7f0000000140)=0x48) (async) ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f0000000040)) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) 00:21:20 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x45c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0xd) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) ioctl$UI_SET_SWBIT(r2, 0x4004556d, 0x3) ioctl$UI_BEGIN_FF_ERASE(r2, 0xc00c55ca, &(0x7f0000000100)={0x10, 0x1, 0x970d}) ioctl$UI_BEGIN_FF_UPLOAD(r2, 0xc06855c8, &(0x7f0000000140)={0x10, 0xffffffff, {0x51, 0xff, 0x8, {0x7, 0x3}, {0x7, 0x2}, @cond=[{0xd8, 0x0, 0x0, 0x3, 0x2a, 0xfffc}, {0x8, 0x7, 0x8000, 0x0, 0x8}]}, {0x52, 0x1000, 0x1, {0x6d, 0x4}, {0x6, 0x9}, @rumble={0x7f, 0x5fc5}}}) openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r3, 0x4004556a, 0x0) ioctl$UI_BEGIN_FF_ERASE(r3, 0xc00c55ca, &(0x7f0000000040)={0x1, 0x5, 0xe4}) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x45c) (async) openat$uinput(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) (async) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0xd) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) (async) ioctl$UI_SET_SWBIT(r2, 0x4004556d, 0x3) (async) ioctl$UI_BEGIN_FF_ERASE(r2, 0xc00c55ca, &(0x7f0000000100)={0x10, 0x1, 0x970d}) (async) ioctl$UI_BEGIN_FF_UPLOAD(r2, 0xc06855c8, &(0x7f0000000140)={0x10, 0xffffffff, {0x51, 0xff, 0x8, {0x7, 0x3}, {0x7, 0x2}, @cond=[{0xd8, 0x0, 0x0, 0x3, 0x2a, 0xfffc}, {0x8, 0x7, 0x8000, 0x0, 0x8}]}, {0x52, 0x1000, 0x1, {0x6d, 0x4}, {0x6, 0x9}, @rumble={0x7f, 0x5fc5}}}) (async) openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r3, 0x4004556a, 0x0) (async) ioctl$UI_BEGIN_FF_ERASE(r3, 0xc00c55ca, &(0x7f0000000040)={0x1, 0x5, 0xe4}) (async) [ 3095.386507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3095.393789] R13: 00007ffdcd02878f R14: 00007f8cc6d34300 R15: 0000000000022000 [ 3095.430116] input: syz0 as /devices/virtual/input/input32589 00:21:20 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00042dbd7000fbdbdf250100000005001200010000000c001000050000000000000008000a0001000000264d3f16f3e09a2d080009000400000008001800ac1e0101060001000500000050cf66cfd72fe27cfe95493d792e3c14664c97c48300c31fb86995888ba3ee8225c3df8e67d53ca8a7ba2b6371fef3a51e4adeead0f8343db2f0d5d103e7"], 0x48}, 0x1, 0x0, 0x0, 0x4812}, 0x20000000) openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x2) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000280)={{0x996, 0x81, 0x20, 0x4}, 'syz1\x00', 0x5}) [ 3095.446172] input: failed to attach handler evdev to device input32580, error: -12 00:21:20 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 68) 00:21:20 executing program 2: keyctl$set_reqkey_keyring(0xe, 0x1) keyctl$set_reqkey_keyring(0xe, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) socketpair(0x5, 0x2, 0x5, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:20 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000100), 0x10000, 0x0) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x0) ioctl$BLKROTATIONAL(r1, 0x127e, &(0x7f00000000c0)) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0xf4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff7dc, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0) ioctl$UI_BEGIN_FF_ERASE(r2, 0xc00c55ca, &(0x7f0000000080)={0xe, 0x8, 0x1}) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r3, 0x4004556a, 0x0) ioctl$UI_DEV_DESTROY(r3, 0x5502) ioctl$UI_SET_KEYBIT(r2, 0x40045565, 0x80) [ 3095.565594] input: syz0 as /devices/virtual/input/input32590 [ 3095.582751] input: syz0 as /devices/virtual/input/input32592 00:21:20 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {0x400}, 0x48, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x8) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_bt_hidp_HIDPCONNDEL(r1, 0x400448c9, &(0x7f0000000080)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x8}) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:20 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8abe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:20 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x61) 00:21:20 executing program 2: r0 = socket$inet(0x2, 0x3, 0x5) getsockopt$inet_int(r0, 0x0, 0x16, 0x0, &(0x7f0000000000)) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000940)={0x0, 'veth1_to_bond\x00', 0x4}, 0x18) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r1, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001]}, 0x45c) ioctl$UI_DEV_CREATE(r1, 0x5501) write$uinput_user_dev(r1, &(0x7f0000000040)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20]}, 0x45c) [ 3095.607301] input: syz0 as /devices/virtual/input/input32595 [ 3095.626080] input: syz0 as /devices/virtual/input/input32596 [ 3095.638668] input: syz0 as /devices/virtual/input/input32598 [ 3095.672227] FAULT_INJECTION: forcing a failure. [ 3095.672227] name failslab, interval 1, probability 0, space 0, times 0 [ 3095.677765] input: syz0 as /devices/virtual/input/input32600 [ 3095.699278] CPU: 1 PID: 17114 Comm: syz-executor.5 Not tainted 4.14.285-syzkaller #0 [ 3095.702876] input: syz0 as /devices/virtual/input/input32602 [ 3095.707171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3095.707176] Call Trace: [ 3095.707192] dump_stack+0x1b2/0x281 [ 3095.707206] should_fail.cold+0x10a/0x149 [ 3095.707218] should_failslab+0xd6/0x130 [ 3095.732735] input: syz0 as /devices/virtual/input/input32603 [ 3095.732929] kmem_cache_alloc+0x28e/0x3c0 [ 3095.739457] input: syz0 as /devices/virtual/input/input32604 [ 3095.742698] __kernfs_new_node+0x6f/0x470 [ 3095.742711] kernfs_new_node+0x7b/0xe0 [ 3095.742721] __kernfs_create_file+0x3d/0x320 [ 3095.742732] sysfs_add_file_mode_ns+0x1e1/0x450 [ 3095.742745] sysfs_merge_group+0xdc/0x200 [ 3095.742759] dpm_sysfs_add+0x122/0x1c0 [ 3095.742769] device_add+0x977/0x15c0 [ 3095.742780] ? device_is_dependent+0x2a0/0x2a0 [ 3095.742793] cdev_device_add+0x14a/0x230 [ 3095.742800] ? cdev_init+0x6b/0xb0 [ 3095.742810] evdev_connect+0x388/0x480 [ 3095.742820] input_attach_handler+0x146/0x1a0 [ 3095.742832] input_register_device.cold+0xc2/0x2c3 [ 3095.742848] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3095.812445] ? uinput_write+0xfb0/0xfb0 [ 3095.816420] ? get_pid_task+0xb8/0x130 [ 3095.820311] ? proc_fail_nth_write+0x7b/0x180 [ 3095.824803] ? trace_hardirqs_on+0x10/0x10 [ 3095.829126] ? fsnotify+0x974/0x11b0 [ 3095.832838] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3095.837765] ? __handle_mm_fault+0x80f/0x4620 [ 3095.842260] ? SyS_write+0x1b7/0x210 [ 3095.845976] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3095.851435] do_vfs_ioctl+0x75a/0xff0 [ 3095.855239] ? lock_acquire+0x170/0x3f0 [ 3095.859213] ? ioctl_preallocate+0x1a0/0x1a0 [ 3095.863623] ? __fget+0x265/0x3e0 [ 3095.867076] ? do_vfs_ioctl+0xff0/0xff0 [ 3095.871052] ? security_file_ioctl+0x83/0xb0 [ 3095.875462] SyS_ioctl+0x7f/0xb0 [ 3095.878824] ? do_vfs_ioctl+0xff0/0xff0 [ 3095.882796] do_syscall_64+0x1d5/0x640 [ 3095.886689] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3095.891896] RIP: 0033:0x7f8cc83bf109 [ 3095.895595] RSP: 002b:00007f8cc6d34168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3095.903299] RAX: ffffffffffffffda RBX: 00007f8cc84d1f60 RCX: 00007f8cc83bf109 [ 3095.910560] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3095.917829] RBP: 00007f8cc6d341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3095.925177] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3095.932631] R13: 00007ffdcd02878f R14: 00007f8cc6d34300 R15: 0000000000022000 [ 3095.955383] input: failed to attach handler evdev to device input32595, error: -12 00:21:21 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000100), 0x10000, 0x0) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x0) ioctl$BLKROTATIONAL(r1, 0x127e, &(0x7f00000000c0)) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0xf4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff7dc, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0) ioctl$UI_BEGIN_FF_ERASE(r2, 0xc00c55ca, &(0x7f0000000080)={0xe, 0x8, 0x1}) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r3, 0x4004556a, 0x0) ioctl$UI_DEV_DESTROY(r3, 0x5502) ioctl$UI_SET_KEYBIT(r2, 0x40045565, 0x80) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000100), 0x10000, 0x0) (async) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x0) (async) ioctl$BLKROTATIONAL(r1, 0x127e, &(0x7f00000000c0)) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0xf4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff7dc, 0x2]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0) (async) ioctl$UI_BEGIN_FF_ERASE(r2, 0xc00c55ca, &(0x7f0000000080)={0xe, 0x8, 0x1}) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r3, 0x4004556a, 0x0) (async) ioctl$UI_DEV_DESTROY(r3, 0x5502) (async) ioctl$UI_SET_KEYBIT(r2, 0x40045565, 0x80) (async) 00:21:21 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 69) 00:21:21 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8abe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:21 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000740), 0xffffffffffffffff) r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r2, 0x40045568, 0x0) sendmsg$FOU_CMD_ADD(r2, &(0x7f0000000840)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x20220}, 0xc, &(0x7f0000000800)={&(0x7f0000000780)={0x44, r1, 0x800, 0x70bd2b, 0x25dfdbfe, {}, [@FOU_ATTR_AF={0x5, 0x2, 0x2}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @empty}, @FOU_ATTR_PEER_V6={0x14, 0x9, @private2}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_PEER_V4={0x8, 0x8, @private=0xa010100}]}, 0x44}, 0x1, 0x0, 0x0, 0x44040}, 0x10) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000f80)={'dummy0\x00', 0x0}) r5 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_pktinfo(r5, 0x0, 0x8, &(0x7f0000000000)={r4, @multicast2, @multicast1}, 0xc) sendmsg$FOU_CMD_ADD(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, r1, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@FOU_ATTR_IFINDEX={0x8, 0xb, r4}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e23}]}, 0x24}}, 0x4000000) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:21 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000740), 0xffffffffffffffff) r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r2, 0x40045568, 0x0) sendmsg$FOU_CMD_ADD(r2, &(0x7f0000000840)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x20220}, 0xc, &(0x7f0000000800)={&(0x7f0000000780)={0x44, r1, 0x800, 0x70bd2b, 0x25dfdbfe, {}, [@FOU_ATTR_AF={0x5, 0x2, 0x2}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @empty}, @FOU_ATTR_PEER_V6={0x14, 0x9, @private2}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_PEER_V4={0x8, 0x8, @private=0xa010100}]}, 0x44}, 0x1, 0x0, 0x0, 0x44040}, 0x10) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000f80)={'dummy0\x00', 0x0}) r5 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_pktinfo(r5, 0x0, 0x8, &(0x7f0000000000)={r4, @multicast2, @multicast1}, 0xc) sendmsg$FOU_CMD_ADD(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, r1, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@FOU_ATTR_IFINDEX={0x8, 0xb, r4}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e23}]}, 0x24}}, 0x4000000) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:21 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) (fail_nth: 1) [ 3096.060067] input: syz0 as /devices/virtual/input/input32606 [ 3096.087353] input: syz0 as /devices/virtual/input/input32608 [ 3096.087919] input: syz0 as /devices/virtual/input/input32607 [ 3096.106636] FAULT_INJECTION: forcing a failure. [ 3096.106636] name failslab, interval 1, probability 0, space 0, times 0 [ 3096.116257] input: syz0 as /devices/virtual/input/input32610 [ 3096.122025] input: syz0 as /devices/virtual/input/input32609 [ 3096.134545] input: syz0 as /devices/virtual/input/input32611 [ 3096.136888] CPU: 1 PID: 17186 Comm: syz-executor.5 Not tainted 4.14.285-syzkaller #0 [ 3096.148222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3096.157566] Call Trace: [ 3096.160149] dump_stack+0x1b2/0x281 [ 3096.163778] should_fail.cold+0x10a/0x149 [ 3096.167931] should_failslab+0xd6/0x130 [ 3096.171912] kmem_cache_alloc+0x28e/0x3c0 [ 3096.176060] __kernfs_new_node+0x6f/0x470 [ 3096.180206] kernfs_new_node+0x7b/0xe0 [ 3096.184091] __kernfs_create_file+0x3d/0x320 [ 3096.188500] sysfs_add_file_mode_ns+0x1e1/0x450 [ 3096.193168] sysfs_merge_group+0xdc/0x200 [ 3096.197320] dpm_sysfs_add+0x122/0x1c0 [ 3096.201202] device_add+0x977/0x15c0 [ 3096.204953] ? device_is_dependent+0x2a0/0x2a0 [ 3096.209540] cdev_device_add+0x14a/0x230 [ 3096.213593] ? cdev_init+0x6b/0xb0 [ 3096.217131] evdev_connect+0x388/0x480 [ 3096.221021] input_attach_handler+0x146/0x1a0 [ 3096.225517] input_register_device.cold+0xc2/0x2c3 [ 3096.230449] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3096.235716] ? uinput_write+0xfb0/0xfb0 [ 3096.239692] ? get_pid_task+0xb8/0x130 [ 3096.243576] ? proc_fail_nth_write+0x7b/0x180 [ 3096.248078] ? trace_hardirqs_on+0x10/0x10 [ 3096.252312] ? fsnotify+0x974/0x11b0 [ 3096.256027] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3096.260959] ? __handle_mm_fault+0x80f/0x4620 [ 3096.265453] ? SyS_write+0x1b7/0x210 [ 3096.269175] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3096.274620] do_vfs_ioctl+0x75a/0xff0 [ 3096.278421] ? lock_acquire+0x170/0x3f0 [ 3096.282393] ? ioctl_preallocate+0x1a0/0x1a0 [ 3096.286803] ? __fget+0x265/0x3e0 [ 3096.290257] ? do_vfs_ioctl+0xff0/0xff0 [ 3096.294230] ? security_file_ioctl+0x83/0xb0 [ 3096.298638] SyS_ioctl+0x7f/0xb0 [ 3096.302001] ? do_vfs_ioctl+0xff0/0xff0 [ 3096.305974] do_syscall_64+0x1d5/0x640 [ 3096.309862] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3096.315050] RIP: 0033:0x7f8cc83bf109 [ 3096.318753] RSP: 002b:00007f8cc6d34168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3096.326458] RAX: ffffffffffffffda RBX: 00007f8cc84d1f60 RCX: 00007f8cc83bf109 [ 3096.333810] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3096.341077] RBP: 00007f8cc6d341d0 R08: 0000000000000000 R09: 0000000000000000 [ 3096.348343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 00:21:21 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async, rerun: 64) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000100), 0x10000, 0x0) (rerun: 64) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x0) ioctl$BLKROTATIONAL(r1, 0x127e, &(0x7f00000000c0)) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0xf4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff7dc, 0x2]}, 0x45c) (async, rerun: 64) ioctl$UI_DEV_CREATE(r0, 0x5501) (async, rerun: 64) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0) ioctl$UI_BEGIN_FF_ERASE(r2, 0xc00c55ca, &(0x7f0000000080)={0xe, 0x8, 0x1}) (async) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r3, 0x4004556a, 0x0) (async) ioctl$UI_DEV_DESTROY(r3, 0x5502) (async, rerun: 64) ioctl$UI_SET_KEYBIT(r2, 0x40045565, 0x80) (rerun: 64) [ 3096.355611] R13: 00007ffdcd02878f R14: 00007f8cc6d34300 R15: 0000000000022000 00:21:21 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8abe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async, rerun: 32) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async, rerun: 32) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3096.391732] input: failed to attach handler evdev to device input32608, error: -12 00:21:21 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 70) 00:21:21 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 1) [ 3096.451607] input: syz0 as /devices/virtual/input/input32614 [ 3096.472771] FAULT_INJECTION: forcing a failure. [ 3096.472771] name failslab, interval 1, probability 0, space 0, times 0 [ 3096.495431] CPU: 0 PID: 17224 Comm: syz-executor.1 Not tainted 4.14.285-syzkaller #0 [ 3096.503328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3096.506707] FAULT_INJECTION: forcing a failure. [ 3096.506707] name failslab, interval 1, probability 0, space 0, times 0 [ 3096.512674] Call Trace: [ 3096.512692] dump_stack+0x1b2/0x281 [ 3096.512707] should_fail.cold+0x10a/0x149 [ 3096.512721] should_failslab+0xd6/0x130 [ 3096.512735] __kmalloc_track_caller+0x2bc/0x400 [ 3096.512742] ? kasprintf+0xa2/0xc0 [ 3096.512752] kvasprintf+0xa8/0x100 [ 3096.512767] ? bust_spinlocks+0xc0/0xc0 [ 3096.554089] ? __lock_acquire+0x5fc/0x3f20 [ 3096.558318] kasprintf+0xa2/0xc0 [ 3096.561670] ? kvasprintf_const+0x180/0x180 [ 3096.566070] ? trace_hardirqs_on+0x10/0x10 [ 3096.570294] ? debug_check_no_obj_freed+0x2c0/0x680 [ 3096.575296] ? input_dev_resume+0x40/0x40 [ 3096.579431] device_get_devnode+0x154/0x2c0 [ 3096.583758] devtmpfs_delete_node+0x87/0x160 [ 3096.588151] ? devtmpfs_create_node+0x230/0x230 [ 3096.592824] ? lock_downgrade+0x740/0x740 [ 3096.596958] ? _raw_spin_unlock+0x29/0x40 [ 3096.601093] ? klist_dec_and_del+0x2a/0x460 [ 3096.605394] ? kobject_put+0x54/0x550 [ 3096.609176] ? __device_link_free_srcu+0xa0/0xa0 [ 3096.614015] ? klist_children_put+0x3b/0x50 [ 3096.618324] ? klist_put+0xaa/0x140 [ 3096.621939] device_del+0x77a/0xa80 [ 3096.625549] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 3096.630983] ? __device_links_no_driver+0x1b0/0x1b0 [ 3096.635993] cdev_device_del+0x19/0xf0 [ 3096.639864] evdev_disconnect+0x3d/0xa0 [ 3096.643821] __input_unregister_device+0x1ea/0x450 [ 3096.648737] input_unregister_device+0x9c/0xe0 [ 3096.653302] uinput_destroy_device+0x1c6/0x220 [ 3096.657872] uinput_ioctl_handler.isra.0+0x11b/0x1790 [ 3096.663054] ? uinput_write+0xfb0/0xfb0 [ 3096.667008] ? get_pid_task+0xb8/0x130 [ 3096.670878] ? proc_fail_nth_write+0x7b/0x180 [ 3096.675357] ? trace_hardirqs_on+0x10/0x10 [ 3096.679582] ? fsnotify+0x974/0x11b0 [ 3096.683289] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3096.688202] ? __handle_mm_fault+0x80f/0x4620 [ 3096.692676] ? SyS_write+0x1b7/0x210 [ 3096.696372] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3096.701805] do_vfs_ioctl+0x75a/0xff0 [ 3096.705599] ? lock_acquire+0x170/0x3f0 [ 3096.709558] ? ioctl_preallocate+0x1a0/0x1a0 [ 3096.713950] ? __fget+0x265/0x3e0 [ 3096.717385] ? do_vfs_ioctl+0xff0/0xff0 [ 3096.721347] ? security_file_ioctl+0x83/0xb0 [ 3096.725740] SyS_ioctl+0x7f/0xb0 [ 3096.729086] ? do_vfs_ioctl+0xff0/0xff0 [ 3096.733039] do_syscall_64+0x1d5/0x640 [ 3096.736914] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3096.742084] RIP: 0033:0x7f2b070b4109 [ 3096.745778] RSP: 002b:00007f2b05a08168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3096.753477] RAX: ffffffffffffffda RBX: 00007f2b071c7030 RCX: 00007f2b070b4109 [ 3096.760730] RDX: 0000000000000000 RSI: 0000000000005502 RDI: 0000000000000003 [ 3096.767992] RBP: 00007f2b05a081d0 R08: 0000000000000000 R09: 0000000000000000 [ 3096.775261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3096.782539] R13: 00007ffc61666aef R14: 00007f2b05a08300 R15: 0000000000022000 [ 3096.789821] CPU: 1 PID: 17249 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3096.795092] input: syz0 as /devices/virtual/input/input32680 [ 3096.797694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3096.797698] Call Trace: [ 3096.797713] dump_stack+0x1b2/0x281 [ 3096.797726] should_fail.cold+0x10a/0x149 [ 3096.823158] should_failslab+0xd6/0x130 [ 3096.827308] __kmalloc+0x2c1/0x400 [ 3096.830844] ? input_register_device+0x419/0xa90 [ 3096.835600] input_register_device+0x419/0xa90 [ 3096.840183] ? __lock_acquire+0x5fc/0x3f20 [ 3096.844421] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3096.849609] ? uinput_write+0xfb0/0xfb0 [ 3096.853581] ? get_pid_task+0xb8/0x130 [ 3096.857469] ? proc_fail_nth_write+0x7b/0x180 [ 3096.861961] ? trace_hardirqs_on+0x10/0x10 [ 3096.866200] ? fsnotify+0x974/0x11b0 [ 3096.869918] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3096.874846] ? __handle_mm_fault+0x80f/0x4620 [ 3096.879354] ? SyS_write+0x1b7/0x210 [ 3096.883068] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3096.888776] do_vfs_ioctl+0x75a/0xff0 [ 3096.892578] ? lock_acquire+0x170/0x3f0 [ 3096.896559] ? ioctl_preallocate+0x1a0/0x1a0 [ 3096.900968] ? __fget+0x265/0x3e0 [ 3096.904423] ? do_vfs_ioctl+0xff0/0xff0 [ 3096.908394] ? security_file_ioctl+0x83/0xb0 [ 3096.912805] SyS_ioctl+0x7f/0xb0 [ 3096.916252] ? do_vfs_ioctl+0xff0/0xff0 [ 3096.920226] do_syscall_64+0x1d5/0x640 [ 3096.924121] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3096.929301] RIP: 0033:0x7f980133e109 [ 3096.933008] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3096.940716] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3096.947982] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3096.955246] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3096.962512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3096.969777] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 00:21:22 executing program 5: setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f0000000240)={'filter\x00', 0x0, 0x0, 0x0, [0xf51c, 0x1, 0x0, 0x9, 0xed, 0xb52], 0x9, &(0x7f00000001c0)=[{}, {}, {}, {}, {}], 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}]}, 0x108) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_GET_SYSNAME(r0, 0x8040552c, &(0x7f0000000180)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, 0x45c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0x1, 0x58, &(0x7f0000000040)={0x0, 0x0}}, 0x10) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x802, 0x0) ioctl$UI_SET_SWBIT(r2, 0x4004556d, 0x3) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={r1, 0x8}, 0xc) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:22 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 2) [ 3097.089675] FAULT_INJECTION: forcing a failure. [ 3097.089675] name failslab, interval 1, probability 0, space 0, times 0 [ 3097.105618] CPU: 1 PID: 17259 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3097.113514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3097.122862] Call Trace: [ 3097.125448] dump_stack+0x1b2/0x281 [ 3097.129086] should_fail.cold+0x10a/0x149 [ 3097.133235] should_failslab+0xd6/0x130 [ 3097.137213] kmem_cache_alloc_trace+0x29a/0x3d0 [ 3097.141883] device_add+0xd72/0x15c0 [ 3097.145600] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 3097.151046] ? device_is_dependent+0x2a0/0x2a0 [ 3097.155632] ? __kmalloc+0x3a4/0x400 [ 3097.159340] ? input_register_device+0x419/0xa90 [ 3097.164093] input_register_device+0x59e/0xa90 [ 3097.168674] ? __lock_acquire+0x5fc/0x3f20 [ 3097.172907] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3097.178099] ? uinput_write+0xfb0/0xfb0 [ 3097.182071] ? get_pid_task+0xb8/0x130 [ 3097.185953] ? proc_fail_nth_write+0x7b/0x180 [ 3097.190449] ? trace_hardirqs_on+0x10/0x10 [ 3097.194684] ? fsnotify+0x974/0x11b0 [ 3097.198394] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3097.203323] ? __handle_mm_fault+0x80f/0x4620 [ 3097.207815] ? SyS_write+0x1b7/0x210 [ 3097.211528] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3097.216989] do_vfs_ioctl+0x75a/0xff0 [ 3097.220788] ? lock_acquire+0x170/0x3f0 [ 3097.224758] ? ioctl_preallocate+0x1a0/0x1a0 [ 3097.229164] ? __fget+0x265/0x3e0 [ 3097.232617] ? do_vfs_ioctl+0xff0/0xff0 [ 3097.236590] ? security_file_ioctl+0x83/0xb0 [ 3097.241000] SyS_ioctl+0x7f/0xb0 [ 3097.244368] ? do_vfs_ioctl+0xff0/0xff0 [ 3097.248343] do_syscall_64+0x1d5/0x640 [ 3097.252228] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3097.257410] RIP: 0033:0x7f980133e109 [ 3097.261113] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3097.268814] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3097.276076] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3097.283351] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 00:21:22 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000f80)={'dummy0\x00', 0x0}) r3 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000000)={r2, @multicast2, @multicast1}, 0xc) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {0xffff}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x6, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0xfffffffd, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe86f], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0xfffffffe, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001], [0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x45c) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), 0xffffffffffffffff) r6 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000f80)={'dummy0\x00', 0x0}) r8 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r8, 0x4004556a, 0x0) ioctl$UI_SET_SNDBIT(r8, 0x4004556a, 0x3) r9 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_pktinfo(r9, 0x0, 0x8, &(0x7f0000000000)={r7, @multicast2, @multicast1}, 0xc) sendmsg$WG_CMD_SET_DEVICE(r4, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="24000400", @ANYRES16=r5, @ANYBLOB="000225bd7000fbdbdf2501000000ffb0080007000200000008000100", @ANYRES32=r7, @ANYBLOB], 0x24}}, 0x24048814) ioctl$UI_DEV_CREATE(r0, 0x5501) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, 0x0, 0x0) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2f, &(0x7f0000000180)={0x1000, {{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x30}}}, {{0x2, 0x4e20, @remote}}}, 0x108) 00:21:22 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) ioctl$UI_SET_ABSBIT(r1, 0x40045567, 0x6) [ 3097.290613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3097.297877] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3097.321238] input: syz0 as /devices/virtual/input/input32682 00:21:22 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 3) 00:21:22 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_DEV_CREATE(r1, 0x5501) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 3097.386575] input: syz0 as /devices/virtual/input/input32686 [ 3097.395826] input: syz0 as /devices/virtual/input/input32685 00:21:22 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 1) 00:21:22 executing program 5: setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f0000000240)={'filter\x00', 0x0, 0x0, 0x0, [0xf51c, 0x1, 0x0, 0x9, 0xed, 0xb52], 0x9, &(0x7f00000001c0)=[{}, {}, {}, {}, {}], 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}]}, 0x108) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_GET_SYSNAME(r0, 0x8040552c, &(0x7f0000000180)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, 0x45c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0x1, 0x58, &(0x7f0000000040)={0x0, 0x0}}, 0x10) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x802, 0x0) ioctl$UI_SET_SWBIT(r2, 0x4004556d, 0x3) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={r1, 0x8}, 0xc) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f0000000240)={'filter\x00', 0x0, 0x0, 0x0, [0xf51c, 0x1, 0x0, 0x9, 0xed, 0xb52], 0x9, &(0x7f00000001c0)=[{}, {}, {}, {}, {}], 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}]}, 0x108) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_GET_SYSNAME(r0, 0x8040552c, &(0x7f0000000180)) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, 0x45c) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0x1, 0x58, &(0x7f0000000040)}, 0x10) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x802, 0x0) (async) ioctl$UI_SET_SWBIT(r2, 0x4004556d, 0x3) (async) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={r1, 0x8}, 0xc) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) 00:21:22 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000f80)={'dummy0\x00', 0x0}) (async) r3 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000000)={r2, @multicast2, @multicast1}, 0xc) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {0xffff}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x6, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0xfffffffd, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe86f], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0xfffffffe, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001], [0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x45c) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), 0xffffffffffffffff) (async) r6 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000f80)={'dummy0\x00', 0x0}) r8 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r8, 0x4004556a, 0x0) (async) ioctl$UI_SET_SNDBIT(r8, 0x4004556a, 0x3) (async) r9 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_pktinfo(r9, 0x0, 0x8, &(0x7f0000000000)={r7, @multicast2, @multicast1}, 0xc) sendmsg$WG_CMD_SET_DEVICE(r4, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="24000400", @ANYRES16=r5, @ANYBLOB="000225bd7000fbdbdf2501000000ffb0080007000200000008000100", @ANYRES32=r7, @ANYBLOB], 0x24}}, 0x24048814) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, 0x0, 0x0) (async) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2f, &(0x7f0000000180)={0x1000, {{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x30}}}, {{0x2, 0x4e20, @remote}}}, 0x108) 00:21:22 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) ioctl$UI_SET_ABSBIT(r1, 0x40045567, 0x6) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) (async) ioctl$UI_SET_ABSBIT(r1, 0x40045567, 0x6) (async) [ 3097.506696] FAULT_INJECTION: forcing a failure. [ 3097.506696] name failslab, interval 1, probability 0, space 0, times 0 [ 3097.524173] input: syz0 as /devices/virtual/input/input32690 [ 3097.532116] input: syz0 as /devices/virtual/input/input32692 [ 3097.540365] input: syz0 as /devices/virtual/input/input32694 [ 3097.555052] input: syz0 as /devices/virtual/input/input32693 [ 3097.567187] CPU: 0 PID: 17290 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3097.575066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3097.584403] Call Trace: [ 3097.586975] dump_stack+0x1b2/0x281 [ 3097.590586] should_fail.cold+0x10a/0x149 [ 3097.594721] should_failslab+0xd6/0x130 [ 3097.598678] __kmalloc_track_caller+0x2bc/0x400 [ 3097.603337] ? kstrdup_const+0x35/0x60 [ 3097.607207] kstrdup+0x36/0x70 [ 3097.610378] kstrdup_const+0x35/0x60 [ 3097.614092] __kernfs_new_node+0x2e/0x470 [ 3097.618234] kernfs_create_dir_ns+0x8c/0x200 [ 3097.622634] sysfs_create_dir_ns+0xb7/0x1d0 [ 3097.626941] kobject_add_internal+0x28b/0x930 [ 3097.631420] kobject_add+0x11f/0x180 [ 3097.635114] ? kset_create_and_add+0x190/0x190 [ 3097.639680] device_add+0x33f/0x15c0 [ 3097.643380] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 3097.648815] ? device_is_dependent+0x2a0/0x2a0 [ 3097.653381] ? __kmalloc+0x3a4/0x400 [ 3097.657077] ? input_register_device+0x419/0xa90 [ 3097.661827] input_register_device+0x59e/0xa90 [ 3097.666402] ? __lock_acquire+0x5fc/0x3f20 [ 3097.670621] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3097.675792] ? uinput_write+0xfb0/0xfb0 [ 3097.679752] ? get_pid_task+0xb8/0x130 [ 3097.683651] ? proc_fail_nth_write+0x7b/0x180 [ 3097.688133] ? trace_hardirqs_on+0x10/0x10 [ 3097.692349] ? fsnotify+0x974/0x11b0 [ 3097.696045] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3097.701060] ? __handle_mm_fault+0x80f/0x4620 [ 3097.705548] ? SyS_write+0x1b7/0x210 [ 3097.709248] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3097.714684] do_vfs_ioctl+0x75a/0xff0 [ 3097.718466] ? lock_acquire+0x170/0x3f0 [ 3097.722524] ? ioctl_preallocate+0x1a0/0x1a0 [ 3097.726926] ? __fget+0x265/0x3e0 [ 3097.730370] ? do_vfs_ioctl+0xff0/0xff0 [ 3097.734333] ? security_file_ioctl+0x83/0xb0 [ 3097.738720] SyS_ioctl+0x7f/0xb0 [ 3097.742073] ? do_vfs_ioctl+0xff0/0xff0 [ 3097.746039] do_syscall_64+0x1d5/0x640 [ 3097.750002] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3097.755176] RIP: 0033:0x7f980133e109 [ 3097.758867] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3097.766550] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3097.773806] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3097.781063] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3097.788314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3097.795573] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 00:21:23 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_DEV_CREATE(r1, 0x5501) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:23 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) ioctl$UI_SET_ABSBIT(r1, 0x40045567, 0x6) [ 3097.805049] kobject_add_internal failed for input32688 (error: -12 parent: input) [ 3097.814637] FAULT_INJECTION: forcing a failure. [ 3097.814637] name failslab, interval 1, probability 0, space 0, times 0 [ 3097.832548] CPU: 0 PID: 17294 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3097.840442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3097.849796] Call Trace: [ 3097.852382] dump_stack+0x1b2/0x281 [ 3097.856014] should_fail.cold+0x10a/0x149 [ 3097.860164] should_failslab+0xd6/0x130 [ 3097.864137] kmem_cache_alloc+0x28e/0x3c0 [ 3097.868369] ? bdev_i_callback+0x20/0x20 [ 3097.872427] ? blkdev_get_block+0x70/0x70 [ 3097.876576] bdev_alloc_inode+0x18/0x40 [ 3097.880546] ? bdev_i_callback+0x20/0x20 [ 3097.884602] alloc_inode+0x5d/0x170 [ 3097.888228] iget5_locked+0x169/0x450 [ 3097.892019] ? bdev_test+0x80/0x80 [ 3097.895552] bdget+0x83/0x4c0 [ 3097.898657] ? blkdev_writepage+0x30/0x30 [ 3097.902797] invalidate_partition+0x56/0xb0 [ 3097.907217] del_gendisk+0x35b/0x820 [ 3097.910911] ? disk_events_poll_msecs_store+0x150/0x150 [ 3097.916688] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3097.921156] ? blk_cleanup_queue+0x43c/0x620 [ 3097.925543] loop_control_ioctl+0x347/0x3f0 [ 3097.929842] ? loop_lookup+0x190/0x190 [ 3097.933703] ? SyS_write+0x1b7/0x210 [ 3097.940432] ? loop_lookup+0x190/0x190 [ 3097.944296] do_vfs_ioctl+0x75a/0xff0 [ 3097.948070] ? lock_acquire+0x170/0x3f0 [ 3097.952020] ? ioctl_preallocate+0x1a0/0x1a0 [ 3097.956407] ? __fget+0x265/0x3e0 [ 3097.959837] ? do_vfs_ioctl+0xff0/0xff0 [ 3097.963794] ? security_file_ioctl+0x83/0xb0 [ 3097.968271] SyS_ioctl+0x7f/0xb0 [ 3097.971612] ? do_vfs_ioctl+0xff0/0xff0 [ 3097.975567] do_syscall_64+0x1d5/0x640 [ 3097.979450] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3097.984613] RIP: 0033:0x7fc500a72109 [ 3097.988301] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3097.995986] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 00:21:23 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 4) 00:21:23 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000f80)={'dummy0\x00', 0x0}) r3 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000000)={r2, @multicast2, @multicast1}, 0xc) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {0xffff}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x6, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0xfffffffd, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe86f], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0xfffffffe, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001], [0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x45c) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), 0xffffffffffffffff) (async) r6 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000f80)={'dummy0\x00', 0x0}) (async) r8 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r8, 0x4004556a, 0x0) (async) ioctl$UI_SET_SNDBIT(r8, 0x4004556a, 0x3) r9 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_pktinfo(r9, 0x0, 0x8, &(0x7f0000000000)={r7, @multicast2, @multicast1}, 0xc) (async) sendmsg$WG_CMD_SET_DEVICE(r4, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="24000400", @ANYRES16=r5, @ANYBLOB="000225bd7000fbdbdf2501000000ffb0080007000200000008000100", @ANYRES32=r7, @ANYBLOB], 0x24}}, 0x24048814) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, 0x0, 0x0) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2f, &(0x7f0000000180)={0x1000, {{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x30}}}, {{0x2, 0x4e20, @remote}}}, 0x108) 00:21:23 executing program 5: setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f0000000240)={'filter\x00', 0x0, 0x0, 0x0, [0xf51c, 0x1, 0x0, 0x9, 0xed, 0xb52], 0x9, &(0x7f00000001c0)=[{}, {}, {}, {}, {}], 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}]}, 0x108) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_GET_SYSNAME(r0, 0x8040552c, &(0x7f0000000180)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, 0x45c) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0x1, 0x58, &(0x7f0000000040)={0x0, 0x0}}, 0x10) (async) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x802, 0x0) ioctl$UI_SET_SWBIT(r2, 0x4004556d, 0x3) (async) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={r1, 0x8}, 0xc) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3098.003230] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 3098.010474] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 [ 3098.017730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3098.024982] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 00:21:23 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 2) [ 3098.102617] FAULT_INJECTION: forcing a failure. [ 3098.102617] name failslab, interval 1, probability 0, space 0, times 0 [ 3098.115877] input: syz0 as /devices/virtual/input/input32701 [ 3098.118267] input: syz0 as /devices/virtual/input/input32700 [ 3098.122489] input: syz0 as /devices/virtual/input/input32698 [ 3098.133411] CPU: 0 PID: 17352 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3098.141299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3098.150648] Call Trace: [ 3098.153227] dump_stack+0x1b2/0x281 [ 3098.156841] should_fail.cold+0x10a/0x149 [ 3098.160971] should_failslab+0xd6/0x130 [ 3098.164924] kmem_cache_alloc+0x28e/0x3c0 [ 3098.169063] __kernfs_new_node+0x6f/0x470 [ 3098.173203] kernfs_create_dir_ns+0x8c/0x200 [ 3098.177591] sysfs_create_dir_ns+0xb7/0x1d0 [ 3098.181890] kobject_add_internal+0x28b/0x930 [ 3098.186379] kobject_add+0x11f/0x180 [ 3098.190076] ? kset_create_and_add+0x190/0x190 [ 3098.194641] device_add+0x33f/0x15c0 [ 3098.198342] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 3098.203789] ? device_is_dependent+0x2a0/0x2a0 [ 3098.208357] ? __kmalloc+0x3a4/0x400 [ 3098.212048] ? input_register_device+0x419/0xa90 [ 3098.216782] input_register_device+0x59e/0xa90 [ 3098.221428] ? __lock_acquire+0x5fc/0x3f20 [ 3098.225649] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3098.230837] ? uinput_write+0xfb0/0xfb0 [ 3098.234789] ? get_pid_task+0xb8/0x130 [ 3098.238663] ? proc_fail_nth_write+0x7b/0x180 [ 3098.243164] ? trace_hardirqs_on+0x10/0x10 [ 3098.247383] ? fsnotify+0x974/0x11b0 [ 3098.251077] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3098.255981] ? __handle_mm_fault+0x80f/0x4620 [ 3098.260455] ? SyS_write+0x1b7/0x210 [ 3098.264234] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3098.269661] do_vfs_ioctl+0x75a/0xff0 [ 3098.273439] ? lock_acquire+0x170/0x3f0 [ 3098.277397] ? ioctl_preallocate+0x1a0/0x1a0 [ 3098.281789] ? __fget+0x265/0x3e0 [ 3098.285222] ? do_vfs_ioctl+0xff0/0xff0 [ 3098.289174] ? security_file_ioctl+0x83/0xb0 [ 3098.293558] SyS_ioctl+0x7f/0xb0 [ 3098.296899] ? do_vfs_ioctl+0xff0/0xff0 [ 3098.300859] do_syscall_64+0x1d5/0x640 [ 3098.304730] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3098.309894] RIP: 0033:0x7f980133e109 [ 3098.313580] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3098.321262] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3098.328509] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3098.335777] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3098.343028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 00:21:23 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_DEV_CREATE(r1, 0x5501) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_DEV_CREATE(r1, 0x5501) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) (async) 00:21:23 executing program 5: ioctl$SIOCNRDECOBS(0xffffffffffffffff, 0x89e2) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f00000000c0)={0x8, 0x0, {0x57, 0x4, 0x800, {0x3f, 0x13c}, {0xff, 0xffff}, @period={0x5d, 0x8001, 0x7f, 0x9, 0x7, {0x7, 0x0, 0x4, 0x8}, 0x9, &(0x7f0000000080)=[0x4, 0x400, 0xb02d, 0x3, 0x7ed6, 0xffff, 0x4, 0x800, 0x8000]}}, {0x57, 0x6d, 0x5, {0x1788, 0x25}, {0x8001, 0x4}, @rumble={0x1, 0x400}}}) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x1) 00:21:23 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], [0x0, 0x0, 0x8], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:23 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0xe) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r2, 0x40045568, 0x0) setsockopt$MRT6_TABLE(r2, 0x29, 0xcf, &(0x7f0000000080)=0xffffffff, 0x4) 00:21:23 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 5) [ 3098.350272] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3098.361402] kobject_add_internal failed for input32703 (error: -12 parent: input) [ 3098.393288] FAULT_INJECTION: forcing a failure. [ 3098.393288] name failslab, interval 1, probability 0, space 0, times 0 [ 3098.397002] input: syz0 as /devices/virtual/input/input32707 [ 3098.421186] CPU: 1 PID: 17366 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3098.429088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3098.438439] Call Trace: [ 3098.441026] dump_stack+0x1b2/0x281 [ 3098.443840] input: syz0 as /devices/virtual/input/input32708 00:21:23 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], [0x0, 0x0, 0x8], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], [0x0, 0x0, 0x8], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) [ 3098.444650] should_fail.cold+0x10a/0x149 [ 3098.454583] should_failslab+0xd6/0x130 [ 3098.454597] __kmalloc+0x2c1/0x400 [ 3098.454606] ? kobject_get_path+0xb5/0x230 [ 3098.454618] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 3098.471773] kobject_get_path+0xb5/0x230 [ 3098.475817] kobject_uevent_env+0x230/0xf30 [ 3098.480129] ? wait_for_completion_io+0x10/0x10 [ 3098.484795] ? is_acpi_device_node+0x5b/0x70 [ 3098.489181] device_del+0x642/0xa80 [ 3098.492796] ? __device_links_no_driver+0x1b0/0x1b0 [ 3098.497791] device_unregister+0x22/0xc0 [ 3098.501845] bdi_unregister+0x42f/0x610 [ 3098.505947] ? wb_blkcg_offline+0x180/0x180 [ 3098.510263] del_gendisk+0x453/0x820 [ 3098.513960] ? disk_events_poll_msecs_store+0x150/0x150 [ 3098.519414] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3098.523909] ? blk_cleanup_queue+0x43c/0x620 [ 3098.528302] loop_control_ioctl+0x347/0x3f0 [ 3098.532617] ? loop_lookup+0x190/0x190 [ 3098.536492] ? SyS_write+0x1b7/0x210 [ 3098.540192] ? loop_lookup+0x190/0x190 [ 3098.544065] do_vfs_ioctl+0x75a/0xff0 [ 3098.547852] ? lock_acquire+0x170/0x3f0 [ 3098.551833] ? ioctl_preallocate+0x1a0/0x1a0 [ 3098.556243] ? __fget+0x265/0x3e0 [ 3098.559682] ? do_vfs_ioctl+0xff0/0xff0 [ 3098.563646] ? security_file_ioctl+0x83/0xb0 [ 3098.568045] SyS_ioctl+0x7f/0xb0 [ 3098.571394] ? do_vfs_ioctl+0xff0/0xff0 [ 3098.575352] do_syscall_64+0x1d5/0x640 [ 3098.579222] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3098.584403] RIP: 0033:0x7fc500a72109 [ 3098.588097] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3098.595779] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 00:21:23 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], [0x0, 0x0, 0x8], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3098.603036] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 3098.610295] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 [ 3098.617550] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3098.624795] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 00:21:23 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 3) [ 3098.664057] input: syz0 as /devices/virtual/input/input32709 [ 3098.697735] FAULT_INJECTION: forcing a failure. [ 3098.697735] name failslab, interval 1, probability 0, space 0, times 0 00:21:23 executing program 5: ioctl$SIOCNRDECOBS(0xffffffffffffffff, 0x89e2) (async) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f00000000c0)={0x8, 0x0, {0x57, 0x4, 0x800, {0x3f, 0x13c}, {0xff, 0xffff}, @period={0x5d, 0x8001, 0x7f, 0x9, 0x7, {0x7, 0x0, 0x4, 0x8}, 0x9, &(0x7f0000000080)=[0x4, 0x400, 0xb02d, 0x3, 0x7ed6, 0xffff, 0x4, 0x800, 0x8000]}}, {0x57, 0x6d, 0x5, {0x1788, 0x25}, {0x8001, 0x4}, @rumble={0x1, 0x400}}}) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x1) [ 3098.724696] input: syz0 as /devices/virtual/input/input32714 [ 3098.738993] input: syz0 as /devices/virtual/input/input32715 [ 3098.752977] input: syz0 as /devices/virtual/input/input32716 [ 3098.767358] CPU: 1 PID: 17402 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3098.775251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3098.775256] Call Trace: [ 3098.775271] dump_stack+0x1b2/0x281 [ 3098.775287] should_fail.cold+0x10a/0x149 [ 3098.775303] should_failslab+0xd6/0x130 [ 3098.798920] kmem_cache_alloc+0x28e/0x3c0 [ 3098.803073] __kernfs_new_node+0x6f/0x470 [ 3098.807231] kernfs_new_node+0x7b/0xe0 [ 3098.811123] __kernfs_create_file+0x3d/0x320 [ 3098.815533] sysfs_add_file_mode_ns+0x1e1/0x450 [ 3098.820291] device_create_file+0xc8/0x100 [ 3098.824611] ? acpi_platform_notify_remove+0x1f0/0x1f0 [ 3098.829882] device_add+0x37a/0x15c0 [ 3098.833594] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 3098.839045] ? device_is_dependent+0x2a0/0x2a0 [ 3098.843624] ? __kmalloc+0x3a4/0x400 [ 3098.847334] ? input_register_device+0x419/0xa90 [ 3098.852091] input_register_device+0x59e/0xa90 [ 3098.856673] ? __lock_acquire+0x5fc/0x3f20 [ 3098.860910] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3098.866107] ? uinput_write+0xfb0/0xfb0 [ 3098.870084] ? get_pid_task+0xb8/0x130 00:21:24 executing program 5: ioctl$SIOCNRDECOBS(0xffffffffffffffff, 0x89e2) (async) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f00000000c0)={0x8, 0x0, {0x57, 0x4, 0x800, {0x3f, 0x13c}, {0xff, 0xffff}, @period={0x5d, 0x8001, 0x7f, 0x9, 0x7, {0x7, 0x0, 0x4, 0x8}, 0x9, &(0x7f0000000080)=[0x4, 0x400, 0xb02d, 0x3, 0x7ed6, 0xffff, 0x4, 0x800, 0x8000]}}, {0x57, 0x6d, 0x5, {0x1788, 0x25}, {0x8001, 0x4}, @rumble={0x1, 0x400}}}) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x1) [ 3098.873973] ? proc_fail_nth_write+0x7b/0x180 [ 3098.878467] ? trace_hardirqs_on+0x10/0x10 [ 3098.882710] ? fsnotify+0x974/0x11b0 [ 3098.886426] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3098.891353] ? __handle_mm_fault+0x80f/0x4620 [ 3098.895845] ? SyS_write+0x1b7/0x210 [ 3098.899563] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3098.905272] do_vfs_ioctl+0x75a/0xff0 [ 3098.909070] ? lock_acquire+0x170/0x3f0 [ 3098.913046] ? ioctl_preallocate+0x1a0/0x1a0 [ 3098.917457] ? __fget+0x265/0x3e0 [ 3098.920907] ? do_vfs_ioctl+0xff0/0xff0 [ 3098.924877] ? security_file_ioctl+0x83/0xb0 [ 3098.929287] SyS_ioctl+0x7f/0xb0 [ 3098.932708] ? do_vfs_ioctl+0xff0/0xff0 [ 3098.936725] do_syscall_64+0x1d5/0x640 [ 3098.940615] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3098.945799] RIP: 0033:0x7f980133e109 [ 3098.949504] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3098.957212] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3098.964500] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 00:21:24 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdfc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:24 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0xe) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r2, 0x40045568, 0x0) setsockopt$MRT6_TABLE(r2, 0x29, 0xcf, &(0x7f0000000080)=0xffffffff, 0x4) [ 3098.971766] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3098.979032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3098.986298] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3099.011839] FAULT_INJECTION: forcing a failure. [ 3099.011839] name failslab, interval 1, probability 0, space 0, times 0 [ 3099.043989] CPU: 1 PID: 17415 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3099.051888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3099.061238] Call Trace: [ 3099.063826] dump_stack+0x1b2/0x281 [ 3099.067461] should_fail.cold+0x10a/0x149 [ 3099.071617] should_failslab+0xd6/0x130 [ 3099.075595] kmem_cache_alloc_node+0x263/0x410 [ 3099.080188] __alloc_skb+0x5c/0x510 [ 3099.083819] kobject_uevent_env+0x882/0xf30 [ 3099.088151] ? is_acpi_device_node+0x5b/0x70 [ 3099.092562] device_del+0x642/0xa80 [ 3099.096197] ? __device_links_no_driver+0x1b0/0x1b0 [ 3099.101214] device_unregister+0x22/0xc0 [ 3099.105271] bdi_unregister+0x42f/0x610 [ 3099.109244] ? wb_blkcg_offline+0x180/0x180 [ 3099.113568] del_gendisk+0x453/0x820 [ 3099.117282] ? disk_events_poll_msecs_store+0x150/0x150 [ 3099.122648] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3099.127141] ? blk_cleanup_queue+0x43c/0x620 [ 3099.131554] loop_control_ioctl+0x347/0x3f0 [ 3099.135875] ? loop_lookup+0x190/0x190 [ 3099.139768] ? SyS_write+0x1b7/0x210 00:21:24 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:24 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 6) [ 3099.143487] ? loop_lookup+0x190/0x190 [ 3099.147369] do_vfs_ioctl+0x75a/0xff0 [ 3099.151167] ? lock_acquire+0x170/0x3f0 [ 3099.155144] ? ioctl_preallocate+0x1a0/0x1a0 [ 3099.159561] ? __fget+0x265/0x3e0 [ 3099.163014] ? do_vfs_ioctl+0xff0/0xff0 [ 3099.166994] ? security_file_ioctl+0x83/0xb0 [ 3099.171397] SyS_ioctl+0x7f/0xb0 [ 3099.174758] ? do_vfs_ioctl+0xff0/0xff0 [ 3099.178739] do_syscall_64+0x1d5/0x640 [ 3099.182630] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3099.187813] RIP: 0033:0x7fc500a72109 [ 3099.191518] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3099.199409] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 [ 3099.206679] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 3099.213959] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 [ 3099.221225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3099.228492] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 00:21:24 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 4) 00:21:24 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdfc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3099.256064] input: syz0 as /devices/virtual/input/input32719 [ 3099.332046] FAULT_INJECTION: forcing a failure. [ 3099.332046] name failslab, interval 1, probability 0, space 0, times 0 [ 3099.343403] CPU: 1 PID: 17460 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3099.351283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3099.360803] Call Trace: [ 3099.363389] dump_stack+0x1b2/0x281 [ 3099.367020] should_fail.cold+0x10a/0x149 [ 3099.371172] should_failslab+0xd6/0x130 [ 3099.375147] kmem_cache_alloc+0x40/0x3c0 [ 3099.379208] radix_tree_node_alloc.constprop.0+0x1b0/0x2f0 [ 3099.384835] idr_get_free_cmn+0x595/0x8d0 [ 3099.388984] ? trace_hardirqs_on+0x10/0x10 [ 3099.393248] idr_alloc_cmn+0xe8/0x1e0 [ 3099.397050] ? __fprop_inc_percpu_max+0x1d0/0x1d0 [ 3099.401886] ? fs_reclaim_release+0xd0/0x110 [ 3099.406297] ? fs_reclaim_release+0xd0/0x110 [ 3099.410687] idr_alloc_cyclic+0xc2/0x1d0 [ 3099.414724] ? idr_alloc_cmn+0x1e0/0x1e0 [ 3099.418764] ? __radix_tree_preload+0x1c3/0x250 [ 3099.423414] __kernfs_new_node+0xaf/0x470 [ 3099.427538] kernfs_create_dir_ns+0x8c/0x200 [ 3099.431939] sysfs_create_dir_ns+0xb7/0x1d0 [ 3099.436237] kobject_add_internal+0x28b/0x930 [ 3099.440711] kobject_add+0x11f/0x180 [ 3099.444401] ? kset_create_and_add+0x190/0x190 [ 3099.448974] device_add+0x33f/0x15c0 [ 3099.452669] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 3099.458109] ? device_is_dependent+0x2a0/0x2a0 [ 3099.462672] ? __kmalloc+0x3a4/0x400 [ 3099.466372] ? input_register_device+0x419/0xa90 [ 3099.471104] input_register_device+0x59e/0xa90 [ 3099.475662] ? __lock_acquire+0x5fc/0x3f20 [ 3099.479905] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3099.485070] ? uinput_write+0xfb0/0xfb0 [ 3099.489017] ? get_pid_task+0xb8/0x130 [ 3099.492878] ? proc_fail_nth_write+0x7b/0x180 [ 3099.497351] ? trace_hardirqs_on+0x10/0x10 [ 3099.501563] ? fsnotify+0x974/0x11b0 [ 3099.505263] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3099.510186] ? SyS_write+0x1b7/0x210 [ 3099.513884] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3099.519311] do_vfs_ioctl+0x75a/0xff0 [ 3099.523093] ? lock_acquire+0x170/0x3f0 [ 3099.527056] ? ioctl_preallocate+0x1a0/0x1a0 [ 3099.531442] ? __fget+0x265/0x3e0 [ 3099.534878] ? do_vfs_ioctl+0xff0/0xff0 [ 3099.538917] ? security_file_ioctl+0x83/0xb0 [ 3099.543300] SyS_ioctl+0x7f/0xb0 [ 3099.546639] ? do_vfs_ioctl+0xff0/0xff0 [ 3099.550642] do_syscall_64+0x1d5/0x640 [ 3099.554530] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3099.559807] RIP: 0033:0x7f980133e109 [ 3099.563506] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3099.571197] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3099.578453] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3099.585707] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3099.592967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3099.600219] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 00:21:24 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x282001, 0x0) ioctl$UI_SET_LEDBIT(r1, 0x40045569, 0xc) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0) ioctl$UI_END_FF_ERASE(r2, 0x400c55cb, &(0x7f00000000c0)={0xa, 0x5, 0x800}) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:24 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0xe) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async, rerun: 32) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async, rerun: 32) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r2, 0x40045568, 0x0) (async) setsockopt$MRT6_TABLE(r2, 0x29, 0xcf, &(0x7f0000000080)=0xffffffff, 0x4) [ 3099.625855] input: syz0 as /devices/virtual/input/input32720 00:21:24 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async, rerun: 64) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (rerun: 64) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:24 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async, rerun: 64) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x282001, 0x0) (rerun: 64) ioctl$UI_SET_LEDBIT(r1, 0x40045569, 0xc) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0) ioctl$UI_END_FF_ERASE(r2, 0x400c55cb, &(0x7f00000000c0)={0xa, 0x5, 0x800}) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3099.691604] input: syz0 as /devices/virtual/input/input32726 [ 3099.711036] input: syz0 as /devices/virtual/input/input32721 [ 3099.719513] FAULT_INJECTION: forcing a failure. [ 3099.719513] name failslab, interval 1, probability 0, space 0, times 0 [ 3099.735018] CPU: 1 PID: 17463 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3099.742916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3099.752268] Call Trace: [ 3099.754856] dump_stack+0x1b2/0x281 [ 3099.758488] should_fail.cold+0x10a/0x149 [ 3099.762638] should_failslab+0xd6/0x130 [ 3099.766618] kmem_cache_alloc_node_trace+0x25a/0x400 [ 3099.771736] __kmalloc_node_track_caller+0x38/0x70 [ 3099.776679] __alloc_skb+0x96/0x510 [ 3099.780312] kobject_uevent_env+0x882/0xf30 [ 3099.784638] ? is_acpi_device_node+0x5b/0x70 [ 3099.789054] device_del+0x642/0xa80 [ 3099.792684] ? __device_links_no_driver+0x1b0/0x1b0 [ 3099.797710] device_unregister+0x22/0xc0 [ 3099.801769] bdi_unregister+0x42f/0x610 [ 3099.805744] ? wb_blkcg_offline+0x180/0x180 [ 3099.810072] del_gendisk+0x453/0x820 [ 3099.813784] ? disk_events_poll_msecs_store+0x150/0x150 [ 3099.819151] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3099.823647] ? blk_cleanup_queue+0x43c/0x620 [ 3099.828055] loop_control_ioctl+0x347/0x3f0 [ 3099.832374] ? loop_lookup+0x190/0x190 [ 3099.836259] ? SyS_write+0x1b7/0x210 [ 3099.839970] ? loop_lookup+0x190/0x190 [ 3099.843855] do_vfs_ioctl+0x75a/0xff0 [ 3099.847653] ? lock_acquire+0x170/0x3f0 [ 3099.851629] ? ioctl_preallocate+0x1a0/0x1a0 [ 3099.856048] ? __fget+0x265/0x3e0 [ 3099.859507] ? do_vfs_ioctl+0xff0/0xff0 [ 3099.863484] ? security_file_ioctl+0x83/0xb0 [ 3099.867897] SyS_ioctl+0x7f/0xb0 [ 3099.871293] ? do_vfs_ioctl+0xff0/0xff0 [ 3099.875266] do_syscall_64+0x1d5/0x640 [ 3099.879159] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3099.884342] RIP: 0033:0x7fc500a72109 00:21:25 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 7) [ 3099.888043] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3099.895751] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 [ 3099.903015] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 3099.910286] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 [ 3099.917562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3099.925002] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 00:21:25 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 5) 00:21:25 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x282001, 0x0) ioctl$UI_SET_LEDBIT(r1, 0x40045569, 0xc) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0) ioctl$UI_END_FF_ERASE(r2, 0x400c55cb, &(0x7f00000000c0)={0xa, 0x5, 0x800}) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3100.038404] input: syz0 as /devices/virtual/input/input32729 [ 3100.044747] FAULT_INJECTION: forcing a failure. [ 3100.044747] name failslab, interval 1, probability 0, space 0, times 0 [ 3100.056555] input: syz0 as /devices/virtual/input/input32723 [ 3100.077646] input: syz0 as /devices/virtual/input/input32733 [ 3100.085222] CPU: 1 PID: 17494 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3100.093114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3100.102468] Call Trace: [ 3100.105060] dump_stack+0x1b2/0x281 [ 3100.108690] should_fail.cold+0x10a/0x149 [ 3100.112840] should_failslab+0xd6/0x130 [ 3100.118207] __kmalloc_track_caller+0x2bc/0x400 [ 3100.122873] ? kstrdup_const+0x35/0x60 [ 3100.126767] kstrdup+0x36/0x70 [ 3100.130219] kstrdup_const+0x35/0x60 [ 3100.133933] __kernfs_new_node+0x2e/0x470 [ 3100.138087] kernfs_new_node+0x7b/0xe0 [ 3100.141974] kernfs_create_link+0x27/0x160 [ 3100.146319] sysfs_do_create_link_sd+0x90/0x120 [ 3100.150984] sysfs_create_link+0x5f/0xc0 [ 3100.155040] device_add+0x749/0x15c0 [ 3100.158753] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 3100.164198] ? device_is_dependent+0x2a0/0x2a0 [ 3100.168792] ? __kmalloc+0x3a4/0x400 [ 3100.172501] ? input_register_device+0x419/0xa90 [ 3100.177261] input_register_device+0x59e/0xa90 [ 3100.181841] ? __lock_acquire+0x5fc/0x3f20 [ 3100.186074] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3100.191265] ? uinput_write+0xfb0/0xfb0 [ 3100.195235] ? get_pid_task+0xb8/0x130 [ 3100.199129] ? proc_fail_nth_write+0x7b/0x180 [ 3100.203623] ? trace_hardirqs_on+0x10/0x10 [ 3100.207868] ? fsnotify+0x974/0x11b0 [ 3100.211749] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3100.216682] ? __handle_mm_fault+0x80f/0x4620 [ 3100.221177] ? SyS_write+0x1b7/0x210 [ 3100.224892] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3100.230341] do_vfs_ioctl+0x75a/0xff0 [ 3100.234147] ? lock_acquire+0x170/0x3f0 [ 3100.238123] ? ioctl_preallocate+0x1a0/0x1a0 [ 3100.242537] ? __fget+0x265/0x3e0 [ 3100.245988] ? do_vfs_ioctl+0xff0/0xff0 [ 3100.249959] ? security_file_ioctl+0x83/0xb0 [ 3100.254364] SyS_ioctl+0x7f/0xb0 [ 3100.257910] ? do_vfs_ioctl+0xff0/0xff0 [ 3100.261880] do_syscall_64+0x1d5/0x640 [ 3100.265772] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3100.270957] RIP: 0033:0x7f980133e109 [ 3100.274665] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3100.282371] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 00:21:25 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:25 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdfc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3100.289636] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3100.296902] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3100.304171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3100.311454] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 00:21:25 executing program 0: r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x0) accept$netrom(r0, &(0x7f0000000040)={{0x3, @netrom}, [@null, @bcast, @remote, @default, @netrom, @netrom, @default, @bcast]}, &(0x7f00000000c0)=0x48) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r2 = socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_sctp_SIOCINQ(r2, 0x541b, &(0x7f0000000100)) write$uinput_user_dev(r1, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r1, 0x5501) [ 3100.345831] FAULT_INJECTION: forcing a failure. [ 3100.345831] name failslab, interval 1, probability 0, space 0, times 0 [ 3100.364262] CPU: 1 PID: 17502 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3100.372165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3100.381548] Call Trace: [ 3100.384137] dump_stack+0x1b2/0x281 [ 3100.387855] should_fail.cold+0x10a/0x149 [ 3100.392010] should_failslab+0xd6/0x130 [ 3100.395992] kmem_cache_alloc_node_trace+0x25a/0x400 [ 3100.401105] __kmalloc_node_track_caller+0x38/0x70 [ 3100.406047] __alloc_skb+0x96/0x510 [ 3100.409677] kobject_uevent_env+0x882/0xf30 [ 3100.414007] ? is_acpi_device_node+0x5b/0x70 [ 3100.418420] device_del+0x642/0xa80 [ 3100.422050] ? __device_links_no_driver+0x1b0/0x1b0 [ 3100.427071] device_unregister+0x22/0xc0 [ 3100.431137] bdi_unregister+0x42f/0x610 [ 3100.435114] ? wb_blkcg_offline+0x180/0x180 [ 3100.439441] del_gendisk+0x453/0x820 [ 3100.443162] ? disk_events_poll_msecs_store+0x150/0x150 [ 3100.448535] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3100.453029] ? blk_cleanup_queue+0x43c/0x620 [ 3100.457447] loop_control_ioctl+0x347/0x3f0 [ 3100.461766] ? loop_lookup+0x190/0x190 [ 3100.465738] ? SyS_write+0x1b7/0x210 [ 3100.469455] ? loop_lookup+0x190/0x190 [ 3100.473343] do_vfs_ioctl+0x75a/0xff0 [ 3100.477148] ? lock_acquire+0x170/0x3f0 [ 3100.481124] ? ioctl_preallocate+0x1a0/0x1a0 [ 3100.485539] ? __fget+0x265/0x3e0 [ 3100.488991] ? do_vfs_ioctl+0xff0/0xff0 [ 3100.492968] ? security_file_ioctl+0x83/0xb0 [ 3100.497379] SyS_ioctl+0x7f/0xb0 [ 3100.500743] ? do_vfs_ioctl+0xff0/0xff0 [ 3100.504719] do_syscall_64+0x1d5/0x640 [ 3100.508621] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3100.513806] RIP: 0033:0x7fc500a72109 [ 3100.517512] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3100.525225] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 [ 3100.532495] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 3100.539763] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 00:21:25 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_END_FF_ERASE(r1, 0x400c55cb, &(0x7f0000000380)={0xc, 0x2, 0x2}) ioctl$UI_END_FF_ERASE(r0, 0x400c55cb, &(0x7f0000000040)={0x9, 0xfffff801, 0x1}) r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000280), 0x22400, 0x0) r3 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000340), 0x101100, 0x0) ioctl$UI_SET_SNDBIT(r3, 0x4004556a, 0x1) ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f00000002c0)={{0x1, 0xfffb, 0x81, 0x52e8}, 'syz1\x00', 0x38}) r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000a40), 0x608000, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0x0, &(0x7f00000003c0), &(0x7f0000000400)='syzkaller\x00', 0x6, 0x5d, &(0x7f0000000440)=""/93, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000980)={0x6, 0x1}, 0x8, 0x10, &(0x7f00000009c0)={0x0, 0x9, 0xfffffeff, 0x80000000}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000a80)=[0xffffffffffffffff, 0xffffffffffffffff, r3, r4, r2, r3, r3]}, 0x80) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, 0x45c) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r5, 0x4004556a, 0x0) ioctl$UI_END_FF_UPLOAD(r5, 0x406855c9, &(0x7f00000000c0)={0x1, 0x0, {0x51, 0x4, 0x6, {0x200, 0x100}, {0x5, 0x4ed2}, @cond=[{0xf, 0xe2d2, 0xc8d, 0x6, 0x6b, 0xfff}, {0x3, 0xff, 0x9, 0x3, 0x7, 0x4}]}, {0x57, 0xfffc, 0x0, {0xfff, 0x6}, {0x400, 0x400}, @period={0x58, 0x2040, 0x7, 0x200, 0x40, {0x8001, 0x80, 0x6fef, 0x9}, 0x1, &(0x7f0000000080)=[0x0]}}}) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x33) ioctl$UI_DEV_CREATE(r0, 0x5501) modify_ldt$write2(0x11, &(0x7f0000000140)={0x7ff, 0x20000000, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x10) sendmsg$GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="2400a22f22159bd8230000", @ANYRES16=0x0, @ANYBLOB="00012dbd7000fcdbdf250200000008000900040000000800090001000000"], 0x24}, 0x1, 0x0, 0x0, 0x20004000}, 0x20040040) [ 3100.547050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3100.554315] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 00:21:25 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 8) [ 3100.615956] input: syz0 as /devices/virtual/input/input32735 00:21:25 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_END_FF_ERASE(r1, 0x400c55cb, &(0x7f0000000380)={0xc, 0x2, 0x2}) (async) ioctl$UI_END_FF_ERASE(r0, 0x400c55cb, &(0x7f0000000040)={0x9, 0xfffff801, 0x1}) r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000280), 0x22400, 0x0) r3 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000340), 0x101100, 0x0) ioctl$UI_SET_SNDBIT(r3, 0x4004556a, 0x1) ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f00000002c0)={{0x1, 0xfffb, 0x81, 0x52e8}, 'syz1\x00', 0x38}) (async) r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000a40), 0x608000, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0x0, &(0x7f00000003c0), &(0x7f0000000400)='syzkaller\x00', 0x6, 0x5d, &(0x7f0000000440)=""/93, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000980)={0x6, 0x1}, 0x8, 0x10, &(0x7f00000009c0)={0x0, 0x9, 0xfffffeff, 0x80000000}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000a80)=[0xffffffffffffffff, 0xffffffffffffffff, r3, r4, r2, r3, r3]}, 0x80) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, 0x45c) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r5, 0x4004556a, 0x0) (async) ioctl$UI_END_FF_UPLOAD(r5, 0x406855c9, &(0x7f00000000c0)={0x1, 0x0, {0x51, 0x4, 0x6, {0x200, 0x100}, {0x5, 0x4ed2}, @cond=[{0xf, 0xe2d2, 0xc8d, 0x6, 0x6b, 0xfff}, {0x3, 0xff, 0x9, 0x3, 0x7, 0x4}]}, {0x57, 0xfffc, 0x0, {0xfff, 0x6}, {0x400, 0x400}, @period={0x58, 0x2040, 0x7, 0x200, 0x40, {0x8001, 0x80, 0x6fef, 0x9}, 0x1, &(0x7f0000000080)=[0x0]}}}) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x33) ioctl$UI_DEV_CREATE(r0, 0x5501) modify_ldt$write2(0x11, &(0x7f0000000140)={0x7ff, 0x20000000, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x10) (async) sendmsg$GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="2400a22f22159bd8230000", @ANYRES16=0x0, @ANYBLOB="00012dbd7000fcdbdf250200000008000900040000000800090001000000"], 0x24}, 0x1, 0x0, 0x0, 0x20004000}, 0x20040040) 00:21:25 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 6) 00:21:25 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_DEV_DESTROY(r1, 0x5502) ioctl$UI_SET_LEDBIT(r1, 0x40045569, 0xa) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 3100.715175] input: syz0 as /devices/virtual/input/input32739 [ 3100.734789] input: syz0 as /devices/virtual/input/input32737 [ 3100.737495] FAULT_INJECTION: forcing a failure. [ 3100.737495] name failslab, interval 1, probability 0, space 0, times 0 00:21:25 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_SET_PROPBIT(r0, 0x4004556e, 0x1) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_BEGIN_FF_ERASE(r1, 0xc00c55ca, &(0x7f0000000080)={0x0, 0xf3, 0x3ff}) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffd]}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:26 executing program 0: r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x0) (async) accept$netrom(r0, &(0x7f0000000040)={{0x3, @netrom}, [@null, @bcast, @remote, @default, @netrom, @netrom, @default, @bcast]}, &(0x7f00000000c0)=0x48) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) r2 = socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_sctp_SIOCINQ(r2, 0x541b, &(0x7f0000000100)) (async) write$uinput_user_dev(r1, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r1, 0x5501) 00:21:26 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_END_FF_ERASE(r1, 0x400c55cb, &(0x7f0000000380)={0xc, 0x2, 0x2}) ioctl$UI_END_FF_ERASE(r0, 0x400c55cb, &(0x7f0000000040)={0x9, 0xfffff801, 0x1}) r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000280), 0x22400, 0x0) r3 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000340), 0x101100, 0x0) ioctl$UI_SET_SNDBIT(r3, 0x4004556a, 0x1) ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f00000002c0)={{0x1, 0xfffb, 0x81, 0x52e8}, 'syz1\x00', 0x38}) (async) r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000a40), 0x608000, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0x0, &(0x7f00000003c0), &(0x7f0000000400)='syzkaller\x00', 0x6, 0x5d, &(0x7f0000000440)=""/93, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000980)={0x6, 0x1}, 0x8, 0x10, &(0x7f00000009c0)={0x0, 0x9, 0xfffffeff, 0x80000000}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000a80)=[0xffffffffffffffff, 0xffffffffffffffff, r3, r4, r2, r3, r3]}, 0x80) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, 0x45c) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r5, 0x4004556a, 0x0) (async, rerun: 32) ioctl$UI_END_FF_UPLOAD(r5, 0x406855c9, &(0x7f00000000c0)={0x1, 0x0, {0x51, 0x4, 0x6, {0x200, 0x100}, {0x5, 0x4ed2}, @cond=[{0xf, 0xe2d2, 0xc8d, 0x6, 0x6b, 0xfff}, {0x3, 0xff, 0x9, 0x3, 0x7, 0x4}]}, {0x57, 0xfffc, 0x0, {0xfff, 0x6}, {0x400, 0x400}, @period={0x58, 0x2040, 0x7, 0x200, 0x40, {0x8001, 0x80, 0x6fef, 0x9}, 0x1, &(0x7f0000000080)=[0x0]}}}) (async, rerun: 32) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x33) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) modify_ldt$write2(0x11, &(0x7f0000000140)={0x7ff, 0x20000000, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x10) sendmsg$GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="2400a22f22159bd8230000", @ANYRES16=0x0, @ANYBLOB="00012dbd7000fcdbdf250200000008000900040000000800090001000000"], 0x24}, 0x1, 0x0, 0x0, 0x20004000}, 0x20040040) [ 3100.852322] CPU: 0 PID: 17546 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3100.860223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3100.866942] input: syz0 as /devices/virtual/input/input32746 [ 3100.869572] Call Trace: [ 3100.869595] dump_stack+0x1b2/0x281 [ 3100.869610] should_fail.cold+0x10a/0x149 [ 3100.869622] should_failslab+0xd6/0x130 [ 3100.869636] kmem_cache_alloc+0x28e/0x3c0 [ 3100.882808] input: syz0 as /devices/virtual/input/input32747 00:21:26 executing program 3: getsockopt$ARPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x61, &(0x7f00000000c0)={'filter\x00', 0x5e, "963ac2178f709f70110d9ec94ce4f7d2fc4a617d55e148842075e63f614f3652fd0c36c3c9556fdf6b5c5c9e874463ad334c9e6c05d2c1564f36c72bab71433278d57254e2d881f1bd80192b38182a53b74f7a966fa75611c399a5da6f70"}, &(0x7f0000000180)=0x82) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000040)={{0x1, 0xf79, 0x3, 0x8000}, 'syz0\x00', 0x2a}) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3100.885734] __kernfs_new_node+0x6f/0x470 [ 3100.885749] kernfs_new_node+0x7b/0xe0 [ 3100.885760] kernfs_create_link+0x27/0x160 [ 3100.885773] sysfs_do_create_link_sd+0x90/0x120 [ 3100.916972] sysfs_create_link+0x5f/0xc0 [ 3100.921035] device_add+0x749/0x15c0 [ 3100.922533] input: syz0 as /devices/virtual/input/input32752 [ 3100.924748] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 3100.924761] ? device_is_dependent+0x2a0/0x2a0 [ 3100.924778] ? __kmalloc+0x3a4/0x400 [ 3100.924790] ? input_register_device+0x419/0xa90 [ 3100.949108] input_register_device+0x59e/0xa90 [ 3100.953682] ? __lock_acquire+0x5fc/0x3f20 [ 3100.957904] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3100.963085] ? uinput_write+0xfb0/0xfb0 [ 3100.967041] ? get_pid_task+0xb8/0x130 [ 3100.970923] ? proc_fail_nth_write+0x7b/0x180 [ 3100.975396] ? trace_hardirqs_on+0x10/0x10 [ 3100.979612] ? fsnotify+0x974/0x11b0 [ 3100.983335] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3100.988268] ? __handle_mm_fault+0x80f/0x4620 [ 3100.992757] ? SyS_write+0x1b7/0x210 [ 3100.996457] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3101.001886] do_vfs_ioctl+0x75a/0xff0 [ 3101.005668] ? lock_acquire+0x170/0x3f0 [ 3101.009625] ? ioctl_preallocate+0x1a0/0x1a0 [ 3101.014015] ? __fget+0x265/0x3e0 [ 3101.017458] ? do_vfs_ioctl+0xff0/0xff0 [ 3101.021426] ? security_file_ioctl+0x83/0xb0 [ 3101.025823] SyS_ioctl+0x7f/0xb0 [ 3101.029172] ? do_vfs_ioctl+0xff0/0xff0 [ 3101.033138] do_syscall_64+0x1d5/0x640 [ 3101.037108] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3101.042301] RIP: 0033:0x7f980133e109 00:21:26 executing program 0: r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x0) accept$netrom(r0, &(0x7f0000000040)={{0x3, @netrom}, [@null, @bcast, @remote, @default, @netrom, @netrom, @default, @bcast]}, &(0x7f00000000c0)=0x48) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r2 = socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_sctp_SIOCINQ(r2, 0x541b, &(0x7f0000000100)) write$uinput_user_dev(r1, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r1, 0x5501) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) (async) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x0) (async) accept$netrom(r0, &(0x7f0000000040)={{0x3, @netrom}, [@null, @bcast, @remote, @default, @netrom, @netrom, @default, @bcast]}, &(0x7f00000000c0)=0x48) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) socket$inet_sctp(0x2, 0x1, 0x84) (async) ioctl$sock_inet_sctp_SIOCINQ(r2, 0x541b, &(0x7f0000000100)) (async) write$uinput_user_dev(r1, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r1, 0x5501) (async) 00:21:26 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async, rerun: 64) ioctl$UI_SET_PROPBIT(r0, 0x4004556e, 0x1) (rerun: 64) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_BEGIN_FF_ERASE(r1, 0xc00c55ca, &(0x7f0000000080)={0x0, 0xf3, 0x3ff}) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffd]}, 0x45c) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3101.046003] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3101.053716] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3101.060979] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3101.068229] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3101.075505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3101.082762] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 00:21:26 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async, rerun: 64) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) (rerun: 64) ioctl$UI_DEV_DESTROY(r1, 0x5502) ioctl$UI_SET_LEDBIT(r1, 0x40045569, 0xa) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 3101.138724] FAULT_INJECTION: forcing a failure. [ 3101.138724] name failslab, interval 1, probability 0, space 0, times 0 [ 3101.182575] CPU: 1 PID: 17558 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3101.190472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3101.199822] Call Trace: [ 3101.202412] dump_stack+0x1b2/0x281 [ 3101.206044] should_fail.cold+0x10a/0x149 [ 3101.210200] should_failslab+0xd6/0x130 [ 3101.214231] kmem_cache_alloc_node_trace+0x25a/0x400 [ 3101.219340] __kmalloc_node_track_caller+0x38/0x70 [ 3101.224528] __alloc_skb+0x96/0x510 [ 3101.228160] kobject_uevent_env+0x882/0xf30 [ 3101.232490] device_del+0x642/0xa80 [ 3101.236127] ? __device_links_no_driver+0x1b0/0x1b0 [ 3101.241145] device_unregister+0x22/0xc0 [ 3101.245206] bdi_unregister+0x42f/0x610 [ 3101.249191] ? wb_blkcg_offline+0x180/0x180 [ 3101.253520] del_gendisk+0x453/0x820 [ 3101.257241] ? disk_events_poll_msecs_store+0x150/0x150 [ 3101.262607] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3101.267102] ? blk_cleanup_queue+0x43c/0x620 [ 3101.271510] loop_control_ioctl+0x347/0x3f0 [ 3101.275830] ? loop_lookup+0x190/0x190 [ 3101.279711] ? SyS_write+0x1b7/0x210 [ 3101.283434] ? loop_lookup+0x190/0x190 [ 3101.287320] do_vfs_ioctl+0x75a/0xff0 [ 3101.291119] ? lock_acquire+0x170/0x3f0 [ 3101.295092] ? ioctl_preallocate+0x1a0/0x1a0 [ 3101.299500] ? __fget+0x265/0x3e0 [ 3101.302950] ? do_vfs_ioctl+0xff0/0xff0 [ 3101.306925] ? security_file_ioctl+0x83/0xb0 [ 3101.311329] SyS_ioctl+0x7f/0xb0 [ 3101.314689] ? do_vfs_ioctl+0xff0/0xff0 [ 3101.318660] do_syscall_64+0x1d5/0x640 [ 3101.322549] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3101.327736] RIP: 0033:0x7fc500a72109 [ 3101.331442] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3101.339149] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 [ 3101.346415] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 3101.353681] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 [ 3101.360944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3101.368236] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 00:21:26 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 9) 00:21:26 executing program 3: getsockopt$ARPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x61, &(0x7f00000000c0)={'filter\x00', 0x5e, "963ac2178f709f70110d9ec94ce4f7d2fc4a617d55e148842075e63f614f3652fd0c36c3c9556fdf6b5c5c9e874463ad334c9e6c05d2c1564f36c72bab71433278d57254e2d881f1bd80192b38182a53b74f7a966fa75611c399a5da6f70"}, &(0x7f0000000180)=0x82) (async) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000040)={{0x1, 0xf79, 0x3, 0x8000}, 'syz0\x00', 0x2a}) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:26 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 7) 00:21:26 executing program 3: getsockopt$ARPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x61, &(0x7f00000000c0)={'filter\x00', 0x5e, "963ac2178f709f70110d9ec94ce4f7d2fc4a617d55e148842075e63f614f3652fd0c36c3c9556fdf6b5c5c9e874463ad334c9e6c05d2c1564f36c72bab71433278d57254e2d881f1bd80192b38182a53b74f7a966fa75611c399a5da6f70"}, &(0x7f0000000180)=0x82) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000040)={{0x1, 0xf79, 0x3, 0x8000}, 'syz0\x00', 0x2a}) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:26 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) ioctl$UI_SET_PROPBIT(r0, 0x4004556e, 0x1) (async) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_BEGIN_FF_ERASE(r1, 0xc00c55ca, &(0x7f0000000080)={0x0, 0xf3, 0x3ff}) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffd]}, 0x45c) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3101.488267] FAULT_INJECTION: forcing a failure. [ 3101.488267] name failslab, interval 1, probability 0, space 0, times 0 [ 3101.501632] input: syz0 as /devices/virtual/input/input32753 [ 3101.512284] input: syz0 as /devices/virtual/input/input32756 [ 3101.516136] input: syz0 as /devices/virtual/input/input32755 [ 3101.557517] CPU: 1 PID: 17605 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3101.565423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3101.574778] Call Trace: [ 3101.577375] dump_stack+0x1b2/0x281 [ 3101.581018] should_fail.cold+0x10a/0x149 [ 3101.585179] should_failslab+0xd6/0x130 [ 3101.589154] kmem_cache_alloc+0x28e/0x3c0 [ 3101.593305] __kernfs_new_node+0x6f/0x470 [ 3101.597457] kernfs_new_node+0x7b/0xe0 [ 3101.601345] __kernfs_create_file+0x3d/0x320 [ 3101.605754] sysfs_add_file_mode_ns+0x1e1/0x450 [ 3101.605768] internal_create_group+0x22b/0x710 [ 3101.605782] sysfs_create_groups+0x92/0x130 [ 3101.619313] device_add+0x833/0x15c0 [ 3101.623028] ? device_is_dependent+0x2a0/0x2a0 [ 3101.627607] ? __kmalloc+0x3a4/0x400 [ 3101.631318] ? input_register_device+0x419/0xa90 [ 3101.636075] input_register_device+0x59e/0xa90 [ 3101.640661] ? __lock_acquire+0x5fc/0x3f20 [ 3101.644897] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3101.647966] input: syz0 as /devices/virtual/input/input32761 [ 3101.650084] ? uinput_write+0xfb0/0xfb0 [ 3101.650097] ? get_pid_task+0xb8/0x130 [ 3101.650108] ? proc_fail_nth_write+0x7b/0x180 [ 3101.650120] ? trace_hardirqs_on+0x10/0x10 [ 3101.650134] ? fsnotify+0x974/0x11b0 [ 3101.650142] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3101.650150] ? __handle_mm_fault+0x80f/0x4620 [ 3101.650159] ? SyS_write+0x1b7/0x210 [ 3101.650171] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3101.650181] do_vfs_ioctl+0x75a/0xff0 [ 3101.650191] ? lock_acquire+0x170/0x3f0 [ 3101.650201] ? ioctl_preallocate+0x1a0/0x1a0 [ 3101.650213] ? __fget+0x265/0x3e0 [ 3101.650223] ? do_vfs_ioctl+0xff0/0xff0 [ 3101.714615] ? security_file_ioctl+0x83/0xb0 [ 3101.719025] SyS_ioctl+0x7f/0xb0 [ 3101.722388] ? do_vfs_ioctl+0xff0/0xff0 [ 3101.726453] do_syscall_64+0x1d5/0x640 [ 3101.730346] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3101.735706] RIP: 0033:0x7f980133e109 [ 3101.739417] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3101.747125] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 00:21:26 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_DEV_DESTROY(r1, 0x5502) ioctl$UI_SET_LEDBIT(r1, 0x40045569, 0xa) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 3101.754405] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3101.761669] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3101.768939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3101.776219] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 00:21:27 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 10) 00:21:27 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x101200) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r1, 0xc01064bd, &(0x7f0000000100)={&(0x7f0000000080)="02ad546078ca36fcf47ec6eb1b8660000a368536b2bb08d038ea1fcfa8a6dbb58660e186a3aa40c59c490cdf40f378d0dab219c7db545dc9c548c5712ca5ae785953d03aa5ce2e", 0x47}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:27 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) write$uinput_user_dev(r1, &(0x7f0000000040)={'syz0\x00', {0x2, 0x6, 0x100, 0x1}, 0xa, [0x7, 0x0, 0x1ff, 0x8, 0xc604, 0x80, 0x8000, 0x1f, 0x7, 0x3664, 0x0, 0x2, 0x5, 0x1, 0x1, 0x4, 0x9, 0x1, 0xc94, 0xa6c5, 0x0, 0x10000, 0x5, 0x0, 0x3, 0x2, 0x1, 0x0, 0x1f, 0x20, 0xfff, 0xf3, 0x9, 0x81, 0x3, 0x200, 0x2, 0x4, 0x5, 0x101, 0x8, 0x90000, 0x2, 0x7, 0x1, 0x9, 0x7fff, 0x6, 0x74d743f1, 0x9, 0x80000001, 0xb0, 0x80000001, 0x5, 0xfff, 0x6c, 0x80000001, 0x6, 0x7, 0x8, 0x3cd5c1b, 0x7, 0x40, 0x4], [0x35e580b4, 0x80000000, 0x200, 0x20, 0x5, 0x6, 0x3, 0x80000000, 0x672, 0x800, 0x30000000, 0x7fff, 0x0, 0x8001, 0x6, 0x5, 0x3, 0x1, 0x80, 0x5, 0x1000, 0xffff, 0x7ff, 0x1, 0x64, 0x8, 0x80000000, 0x8, 0x1, 0x2, 0x87, 0x8001, 0x1, 0x5ae, 0x7, 0x2, 0x1, 0x7, 0x8001, 0x9a8e, 0x200, 0x40, 0xff, 0x3180, 0x9, 0x20, 0x2, 0x4, 0x5, 0xfffff243, 0x0, 0x1, 0x1, 0x8, 0x5, 0x6, 0x9, 0xa59, 0x2, 0x6, 0x1, 0xffffff4b, 0x5, 0x4], [0x4f4, 0x3, 0x2, 0x1, 0x7fffffff, 0x0, 0x3, 0x3f, 0x3d, 0x8, 0x3dc00000, 0x200, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x0, 0x6, 0x3, 0x200, 0x1, 0x6, 0x9, 0x6, 0x5, 0x7, 0x7f, 0xf, 0x7, 0x400, 0x3, 0xfffffff8, 0x9, 0xfff, 0x3, 0x9, 0x9, 0x7, 0x608cf31c, 0x1000, 0x7, 0x10000, 0xa477, 0x1, 0x401, 0x80000000, 0xffffffff, 0x19a, 0x4, 0x100, 0x1, 0x1000, 0x3, 0x1, 0x9, 0xc71, 0x1, 0x4, 0xffffffff, 0x6, 0xb5, 0x0, 0x2], [0x3, 0x1062, 0x1, 0x7, 0x14c80, 0x1, 0x3, 0xe4, 0x80, 0x3, 0xff, 0x9, 0x81, 0x8000000, 0x60d, 0x20, 0x2, 0x1c53, 0x8001, 0x2a, 0x3, 0x12, 0x3, 0x101, 0x7, 0x9, 0x6c, 0x7, 0x1, 0x2, 0x3516, 0x8000, 0xfffffffa, 0x38, 0x4, 0x4, 0x1d80000, 0x8, 0x92, 0x7fffffff, 0x5, 0xfffffffc, 0xffffa53b, 0xfffffff0, 0x4, 0x1, 0x8, 0x20, 0x5, 0x200, 0x3, 0x6, 0x200, 0xe88, 0x3, 0x8, 0x5, 0x1000, 0x3, 0x5903aee8, 0x3, 0xfffffffe, 0x7f, 0x7ff]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:27 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [], [0x0, 0x1000000]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2200, 0x0) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x1d7) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3101.801247] input: syz0 as /devices/virtual/input/input32763 [ 3101.852533] FAULT_INJECTION: forcing a failure. [ 3101.852533] name failslab, interval 1, probability 0, space 0, times 0 [ 3101.877742] CPU: 1 PID: 17645 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3101.885726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3101.895077] Call Trace: [ 3101.897666] dump_stack+0x1b2/0x281 [ 3101.901300] should_fail.cold+0x10a/0x149 [ 3101.905451] should_failslab+0xd6/0x130 [ 3101.909432] kmem_cache_alloc_node+0x263/0x410 [ 3101.914016] __alloc_skb+0x5c/0x510 [ 3101.917646] kobject_uevent_env+0x882/0xf30 [ 3101.921971] device_del+0x642/0xa80 [ 3101.925598] ? __device_links_no_driver+0x1b0/0x1b0 [ 3101.930612] device_unregister+0x22/0xc0 [ 3101.934673] bdi_unregister+0x42f/0x610 [ 3101.938646] ? wb_blkcg_offline+0x180/0x180 [ 3101.942970] del_gendisk+0x453/0x820 [ 3101.946699] ? disk_events_poll_msecs_store+0x150/0x150 [ 3101.952059] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3101.956547] ? blk_cleanup_queue+0x43c/0x620 [ 3101.960952] loop_control_ioctl+0x347/0x3f0 [ 3101.965270] ? loop_lookup+0x190/0x190 [ 3101.969150] ? SyS_write+0x1b7/0x210 [ 3101.972869] ? loop_lookup+0x190/0x190 [ 3101.976755] do_vfs_ioctl+0x75a/0xff0 [ 3101.980550] ? lock_acquire+0x170/0x3f0 [ 3101.984526] ? ioctl_preallocate+0x1a0/0x1a0 [ 3101.988931] ? __fget+0x265/0x3e0 [ 3101.992388] ? do_vfs_ioctl+0xff0/0xff0 [ 3101.996367] ? security_file_ioctl+0x83/0xb0 [ 3102.000777] SyS_ioctl+0x7f/0xb0 [ 3102.004149] ? do_vfs_ioctl+0xff0/0xff0 [ 3102.008118] do_syscall_64+0x1d5/0x640 [ 3102.012008] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3102.017277] RIP: 0033:0x7fc500a72109 [ 3102.020975] RSP: 002b:00007fc4ff3c6168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3102.028676] RAX: ffffffffffffffda RBX: 00007fc500b85030 RCX: 00007fc500a72109 [ 3102.035937] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 3102.043206] RBP: 00007fc4ff3c61d0 R08: 0000000000000000 R09: 0000000000000000 00:21:27 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 8) [ 3102.050470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3102.057742] R13: 00007ffc09c7c8af R14: 00007fc4ff3c6300 R15: 0000000000022000 [ 3102.089680] input: syz0 as /devices/virtual/input/input32764 00:21:27 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x101200) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r1, 0xc01064bd, &(0x7f0000000100)={&(0x7f0000000080)="02ad546078ca36fcf47ec6eb1b8660000a368536b2bb08d038ea1fcfa8a6dbb58660e186a3aa40c59c490cdf40f378d0dab219c7db545dc9c548c5712ca5ae785953d03aa5ce2e", 0x47}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x101200) (async) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r1, 0xc01064bd, &(0x7f0000000100)={&(0x7f0000000080)="02ad546078ca36fcf47ec6eb1b8660000a368536b2bb08d038ea1fcfa8a6dbb58660e186a3aa40c59c490cdf40f378d0dab219c7db545dc9c548c5712ca5ae785953d03aa5ce2e", 0x47}) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) [ 3102.163903] FAULT_INJECTION: forcing a failure. [ 3102.163903] name failslab, interval 1, probability 0, space 0, times 0 [ 3102.181703] input: syz0 as /devices/virtual/input/input32766 [ 3102.185708] input: syz0 as /devices/virtual/input/input32771 [ 3102.215319] CPU: 1 PID: 17673 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3102.216219] input: syz0 as /devices/virtual/input/input32774 [ 3102.223219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3102.223224] Call Trace: [ 3102.223241] dump_stack+0x1b2/0x281 [ 3102.223256] should_fail.cold+0x10a/0x149 [ 3102.223270] should_failslab+0xd6/0x130 [ 3102.223282] kmem_cache_alloc+0x28e/0x3c0 [ 3102.223296] __kernfs_new_node+0x6f/0x470 [ 3102.223308] kernfs_new_node+0x7b/0xe0 [ 3102.223318] kernfs_create_link+0x27/0x160 [ 3102.223329] sysfs_do_create_link_sd+0x90/0x120 [ 3102.223341] sysfs_create_link+0x5f/0xc0 [ 3102.223351] device_add+0x461/0x15c0 [ 3102.223364] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 3102.223374] ? device_is_dependent+0x2a0/0x2a0 [ 3102.223383] ? __kmalloc+0x3a4/0x400 [ 3102.223392] ? input_register_device+0x419/0xa90 [ 3102.223404] input_register_device+0x59e/0xa90 [ 3102.223414] ? __lock_acquire+0x5fc/0x3f20 [ 3102.223428] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3102.223438] ? uinput_write+0xfb0/0xfb0 [ 3102.223448] ? get_pid_task+0xb8/0x130 [ 3102.322297] ? proc_fail_nth_write+0x7b/0x180 [ 3102.326791] ? trace_hardirqs_on+0x10/0x10 [ 3102.331033] ? fsnotify+0x974/0x11b0 [ 3102.334749] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3102.339681] ? __handle_mm_fault+0x80f/0x4620 [ 3102.344354] ? SyS_write+0x1b7/0x210 [ 3102.348069] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3102.353522] do_vfs_ioctl+0x75a/0xff0 [ 3102.357321] ? lock_acquire+0x170/0x3f0 [ 3102.361294] ? ioctl_preallocate+0x1a0/0x1a0 [ 3102.365702] ? __fget+0x265/0x3e0 [ 3102.369165] ? do_vfs_ioctl+0xff0/0xff0 [ 3102.373137] ? security_file_ioctl+0x83/0xb0 [ 3102.377563] SyS_ioctl+0x7f/0xb0 [ 3102.380926] ? do_vfs_ioctl+0xff0/0xff0 [ 3102.384903] do_syscall_64+0x1d5/0x640 [ 3102.388793] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3102.393981] RIP: 0033:0x7f980133e109 [ 3102.397681] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3102.405389] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 00:21:27 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x101200) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r1, 0xc01064bd, &(0x7f0000000100)={&(0x7f0000000080)="02ad546078ca36fcf47ec6eb1b8660000a368536b2bb08d038ea1fcfa8a6dbb58660e186a3aa40c59c490cdf40f378d0dab219c7db545dc9c548c5712ca5ae785953d03aa5ce2e", 0x47}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x101200) (async) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r1, 0xc01064bd, &(0x7f0000000100)={&(0x7f0000000080)="02ad546078ca36fcf47ec6eb1b8660000a368536b2bb08d038ea1fcfa8a6dbb58660e186a3aa40c59c490cdf40f378d0dab219c7db545dc9c548c5712ca5ae785953d03aa5ce2e", 0x47}) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) 00:21:27 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$BLKALIGNOFF(0xffffffffffffffff, 0x127a, &(0x7f0000000040)) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 3102.412658] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3102.419922] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3102.427186] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3102.434452] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3102.458382] FAULT_INJECTION: forcing a failure. 00:21:27 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async, rerun: 64) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async, rerun: 64) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) write$uinput_user_dev(r1, &(0x7f0000000040)={'syz0\x00', {0x2, 0x6, 0x100, 0x1}, 0xa, [0x7, 0x0, 0x1ff, 0x8, 0xc604, 0x80, 0x8000, 0x1f, 0x7, 0x3664, 0x0, 0x2, 0x5, 0x1, 0x1, 0x4, 0x9, 0x1, 0xc94, 0xa6c5, 0x0, 0x10000, 0x5, 0x0, 0x3, 0x2, 0x1, 0x0, 0x1f, 0x20, 0xfff, 0xf3, 0x9, 0x81, 0x3, 0x200, 0x2, 0x4, 0x5, 0x101, 0x8, 0x90000, 0x2, 0x7, 0x1, 0x9, 0x7fff, 0x6, 0x74d743f1, 0x9, 0x80000001, 0xb0, 0x80000001, 0x5, 0xfff, 0x6c, 0x80000001, 0x6, 0x7, 0x8, 0x3cd5c1b, 0x7, 0x40, 0x4], [0x35e580b4, 0x80000000, 0x200, 0x20, 0x5, 0x6, 0x3, 0x80000000, 0x672, 0x800, 0x30000000, 0x7fff, 0x0, 0x8001, 0x6, 0x5, 0x3, 0x1, 0x80, 0x5, 0x1000, 0xffff, 0x7ff, 0x1, 0x64, 0x8, 0x80000000, 0x8, 0x1, 0x2, 0x87, 0x8001, 0x1, 0x5ae, 0x7, 0x2, 0x1, 0x7, 0x8001, 0x9a8e, 0x200, 0x40, 0xff, 0x3180, 0x9, 0x20, 0x2, 0x4, 0x5, 0xfffff243, 0x0, 0x1, 0x1, 0x8, 0x5, 0x6, 0x9, 0xa59, 0x2, 0x6, 0x1, 0xffffff4b, 0x5, 0x4], [0x4f4, 0x3, 0x2, 0x1, 0x7fffffff, 0x0, 0x3, 0x3f, 0x3d, 0x8, 0x3dc00000, 0x200, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x0, 0x6, 0x3, 0x200, 0x1, 0x6, 0x9, 0x6, 0x5, 0x7, 0x7f, 0xf, 0x7, 0x400, 0x3, 0xfffffff8, 0x9, 0xfff, 0x3, 0x9, 0x9, 0x7, 0x608cf31c, 0x1000, 0x7, 0x10000, 0xa477, 0x1, 0x401, 0x80000000, 0xffffffff, 0x19a, 0x4, 0x100, 0x1, 0x1000, 0x3, 0x1, 0x9, 0xc71, 0x1, 0x4, 0xffffffff, 0x6, 0xb5, 0x0, 0x2], [0x3, 0x1062, 0x1, 0x7, 0x14c80, 0x1, 0x3, 0xe4, 0x80, 0x3, 0xff, 0x9, 0x81, 0x8000000, 0x60d, 0x20, 0x2, 0x1c53, 0x8001, 0x2a, 0x3, 0x12, 0x3, 0x101, 0x7, 0x9, 0x6c, 0x7, 0x1, 0x2, 0x3516, 0x8000, 0xfffffffa, 0x38, 0x4, 0x4, 0x1d80000, 0x8, 0x92, 0x7fffffff, 0x5, 0xfffffffc, 0xffffa53b, 0xfffffff0, 0x4, 0x1, 0x8, 0x20, 0x5, 0x200, 0x3, 0x6, 0x200, 0xe88, 0x3, 0x8, 0x5, 0x1000, 0x3, 0x5903aee8, 0x3, 0xfffffffe, 0x7f, 0x7ff]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3102.458382] name failslab, interval 1, probability 0, space 0, times 0 [ 3102.483860] CPU: 1 PID: 17676 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3102.491755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3102.501110] Call Trace: [ 3102.503696] dump_stack+0x1b2/0x281 [ 3102.507328] should_fail.cold+0x10a/0x149 [ 3102.511479] should_failslab+0xd6/0x130 [ 3102.515459] kmem_cache_alloc_node+0x263/0x410 [ 3102.520045] __alloc_skb+0x5c/0x510 [ 3102.523670] kobject_uevent_env+0x882/0xf30 [ 3102.527996] device_del+0x642/0xa80 [ 3102.531625] ? __device_links_no_driver+0x1b0/0x1b0 [ 3102.536640] device_unregister+0x22/0xc0 [ 3102.540696] bdi_unregister+0x42f/0x610 [ 3102.544669] ? wb_blkcg_offline+0x180/0x180 [ 3102.548996] del_gendisk+0x453/0x820 [ 3102.552707] ? disk_events_poll_msecs_store+0x150/0x150 [ 3102.558071] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3102.562563] ? blk_cleanup_queue+0x43c/0x620 [ 3102.566967] loop_control_ioctl+0x347/0x3f0 [ 3102.571306] ? loop_lookup+0x190/0x190 [ 3102.575192] ? SyS_write+0x1b7/0x210 [ 3102.578908] ? loop_lookup+0x190/0x190 [ 3102.582797] do_vfs_ioctl+0x75a/0xff0 [ 3102.586596] ? lock_acquire+0x170/0x3f0 [ 3102.590569] ? ioctl_preallocate+0x1a0/0x1a0 [ 3102.594979] ? __fget+0x265/0x3e0 [ 3102.598435] ? do_vfs_ioctl+0xff0/0xff0 [ 3102.602406] ? security_file_ioctl+0x83/0xb0 [ 3102.606817] SyS_ioctl+0x7f/0xb0 [ 3102.610178] ? do_vfs_ioctl+0xff0/0xff0 [ 3102.614144] do_syscall_64+0x1d5/0x640 [ 3102.618033] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3102.623216] RIP: 0033:0x7fc500a72109 [ 3102.627438] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3102.635142] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 [ 3102.642407] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 3102.649760] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 [ 3102.657033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 00:21:27 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, 0x45c) ioctl$UI_DEV_DESTROY(r0, 0x5502) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:27 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [], [0x0, 0x1000000]}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2200, 0x0) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x1d7) (async, rerun: 32) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) (async, rerun: 32) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3102.664298] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 00:21:27 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 9) 00:21:27 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 11) 00:21:28 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) write$uinput_user_dev(r1, &(0x7f0000000040)={'syz0\x00', {0x2, 0x6, 0x100, 0x1}, 0xa, [0x7, 0x0, 0x1ff, 0x8, 0xc604, 0x80, 0x8000, 0x1f, 0x7, 0x3664, 0x0, 0x2, 0x5, 0x1, 0x1, 0x4, 0x9, 0x1, 0xc94, 0xa6c5, 0x0, 0x10000, 0x5, 0x0, 0x3, 0x2, 0x1, 0x0, 0x1f, 0x20, 0xfff, 0xf3, 0x9, 0x81, 0x3, 0x200, 0x2, 0x4, 0x5, 0x101, 0x8, 0x90000, 0x2, 0x7, 0x1, 0x9, 0x7fff, 0x6, 0x74d743f1, 0x9, 0x80000001, 0xb0, 0x80000001, 0x5, 0xfff, 0x6c, 0x80000001, 0x6, 0x7, 0x8, 0x3cd5c1b, 0x7, 0x40, 0x4], [0x35e580b4, 0x80000000, 0x200, 0x20, 0x5, 0x6, 0x3, 0x80000000, 0x672, 0x800, 0x30000000, 0x7fff, 0x0, 0x8001, 0x6, 0x5, 0x3, 0x1, 0x80, 0x5, 0x1000, 0xffff, 0x7ff, 0x1, 0x64, 0x8, 0x80000000, 0x8, 0x1, 0x2, 0x87, 0x8001, 0x1, 0x5ae, 0x7, 0x2, 0x1, 0x7, 0x8001, 0x9a8e, 0x200, 0x40, 0xff, 0x3180, 0x9, 0x20, 0x2, 0x4, 0x5, 0xfffff243, 0x0, 0x1, 0x1, 0x8, 0x5, 0x6, 0x9, 0xa59, 0x2, 0x6, 0x1, 0xffffff4b, 0x5, 0x4], [0x4f4, 0x3, 0x2, 0x1, 0x7fffffff, 0x0, 0x3, 0x3f, 0x3d, 0x8, 0x3dc00000, 0x200, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x0, 0x6, 0x3, 0x200, 0x1, 0x6, 0x9, 0x6, 0x5, 0x7, 0x7f, 0xf, 0x7, 0x400, 0x3, 0xfffffff8, 0x9, 0xfff, 0x3, 0x9, 0x9, 0x7, 0x608cf31c, 0x1000, 0x7, 0x10000, 0xa477, 0x1, 0x401, 0x80000000, 0xffffffff, 0x19a, 0x4, 0x100, 0x1, 0x1000, 0x3, 0x1, 0x9, 0xc71, 0x1, 0x4, 0xffffffff, 0x6, 0xb5, 0x0, 0x2], [0x3, 0x1062, 0x1, 0x7, 0x14c80, 0x1, 0x3, 0xe4, 0x80, 0x3, 0xff, 0x9, 0x81, 0x8000000, 0x60d, 0x20, 0x2, 0x1c53, 0x8001, 0x2a, 0x3, 0x12, 0x3, 0x101, 0x7, 0x9, 0x6c, 0x7, 0x1, 0x2, 0x3516, 0x8000, 0xfffffffa, 0x38, 0x4, 0x4, 0x1d80000, 0x8, 0x92, 0x7fffffff, 0x5, 0xfffffffc, 0xffffa53b, 0xfffffff0, 0x4, 0x1, 0x8, 0x20, 0x5, 0x200, 0x3, 0x6, 0x200, 0xe88, 0x3, 0x8, 0x5, 0x1000, 0x3, 0x5903aee8, 0x3, 0xfffffffe, 0x7f, 0x7ff]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3102.811556] input: syz0 as /devices/virtual/input/input32777 [ 3102.820790] FAULT_INJECTION: forcing a failure. [ 3102.820790] name failslab, interval 1, probability 0, space 0, times 0 [ 3102.852990] CPU: 1 PID: 17728 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3102.860895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3102.862499] input: syz0 as /devices/virtual/input/input32783 [ 3102.870245] Call Trace: [ 3102.870265] dump_stack+0x1b2/0x281 [ 3102.870279] should_fail.cold+0x10a/0x149 [ 3102.870290] should_failslab+0xd6/0x130 [ 3102.870301] kmem_cache_alloc+0x28e/0x3c0 [ 3102.870313] __kernfs_new_node+0x6f/0x470 [ 3102.870324] kernfs_new_node+0x7b/0xe0 [ 3102.870347] __kernfs_create_file+0x3d/0x320 [ 3102.907016] sysfs_add_file_mode_ns+0x1e1/0x450 [ 3102.911700] internal_create_group+0x22b/0x710 [ 3102.916294] sysfs_create_groups+0x92/0x130 [ 3102.920711] device_add+0x833/0x15c0 [ 3102.924429] ? device_is_dependent+0x2a0/0x2a0 [ 3102.929011] ? __kmalloc+0x3a4/0x400 [ 3102.932723] ? input_register_device+0x419/0xa90 [ 3102.937478] input_register_device+0x59e/0xa90 [ 3102.942144] ? __lock_acquire+0x5fc/0x3f20 [ 3102.942158] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3102.942169] ? uinput_write+0xfb0/0xfb0 [ 3102.942177] ? get_pid_task+0xb8/0x130 [ 3102.942187] ? proc_fail_nth_write+0x7b/0x180 [ 3102.942197] ? trace_hardirqs_on+0x10/0x10 [ 3102.942211] ? fsnotify+0x974/0x11b0 [ 3102.942218] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3102.942229] ? __handle_mm_fault+0x80f/0x4620 [ 3102.981228] ? SyS_write+0x1b7/0x210 [ 3102.985037] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3102.990489] do_vfs_ioctl+0x75a/0xff0 [ 3102.994286] ? lock_acquire+0x170/0x3f0 [ 3102.998255] ? ioctl_preallocate+0x1a0/0x1a0 00:21:28 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [], [0x0, 0x1000000]}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2200, 0x0) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x1d7) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:28 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x62) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000100), 0x90100, 0x0) ioctl$UI_SET_FFBIT(r2, 0x4004556b, 0x12) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {0x0, 0x0, 0x0, 0x100}, 0x1c, [0x0, 0x0, 0x0, 0xa013, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3d942bc9, 0x0, 0x0, 0x1], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c93], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f0000000080)={{0x9, 0x9b3d, 0x94e5, 0x3}, 'syz0\x00', 0x1b}) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x802, 0x0) ioctl$UI_SET_KEYBIT(r4, 0x40045565, 0x283) [ 3103.002672] ? __fget+0x265/0x3e0 [ 3103.006128] ? do_vfs_ioctl+0xff0/0xff0 [ 3103.010103] ? security_file_ioctl+0x83/0xb0 [ 3103.014510] SyS_ioctl+0x7f/0xb0 [ 3103.017869] ? do_vfs_ioctl+0xff0/0xff0 [ 3103.021843] do_syscall_64+0x1d5/0x640 [ 3103.025735] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3103.030920] RIP: 0033:0x7f980133e109 [ 3103.034627] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3103.042339] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 00:21:28 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, 0x45c) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:28 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$BLKALIGNOFF(0xffffffffffffffff, 0x127a, &(0x7f0000000040)) (async, rerun: 64) ioctl$UI_DEV_CREATE(r0, 0x5501) (rerun: 64) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 3103.049602] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3103.056864] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3103.064128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3103.071390] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 00:21:28 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 12) 00:21:28 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, 0x45c) ioctl$UI_DEV_DESTROY(r0, 0x5502) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, 0x45c) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) [ 3103.095249] FAULT_INJECTION: forcing a failure. [ 3103.095249] name failslab, interval 1, probability 0, space 0, times 0 [ 3103.136958] CPU: 1 PID: 17719 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3103.144859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3103.154208] Call Trace: [ 3103.156792] dump_stack+0x1b2/0x281 [ 3103.160421] should_fail.cold+0x10a/0x149 [ 3103.164569] should_failslab+0xd6/0x130 [ 3103.168549] kmem_cache_alloc_node_trace+0x25a/0x400 [ 3103.173650] __kmalloc_node_track_caller+0x38/0x70 [ 3103.178576] __alloc_skb+0x96/0x510 [ 3103.182208] kobject_uevent_env+0x882/0xf30 [ 3103.186536] ? is_acpi_device_node+0x5b/0x70 [ 3103.191238] device_del+0x642/0xa80 [ 3103.194868] ? __device_links_no_driver+0x1b0/0x1b0 [ 3103.199888] device_unregister+0x22/0xc0 [ 3103.203964] bdi_unregister+0x42f/0x610 [ 3103.207941] ? wb_blkcg_offline+0x180/0x180 [ 3103.212397] del_gendisk+0x453/0x820 [ 3103.216114] ? disk_events_poll_msecs_store+0x150/0x150 [ 3103.221681] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3103.226272] ? blk_cleanup_queue+0x43c/0x620 [ 3103.230684] loop_control_ioctl+0x347/0x3f0 [ 3103.235003] ? loop_lookup+0x190/0x190 [ 3103.238896] ? SyS_write+0x1b7/0x210 [ 3103.242612] ? loop_lookup+0x190/0x190 [ 3103.246586] do_vfs_ioctl+0x75a/0xff0 [ 3103.250385] ? lock_acquire+0x170/0x3f0 [ 3103.254444] ? ioctl_preallocate+0x1a0/0x1a0 [ 3103.258940] ? __fget+0x265/0x3e0 [ 3103.262393] ? do_vfs_ioctl+0xff0/0xff0 [ 3103.266376] ? security_file_ioctl+0x83/0xb0 [ 3103.270794] SyS_ioctl+0x7f/0xb0 [ 3103.274247] ? do_vfs_ioctl+0xff0/0xff0 [ 3103.278217] do_syscall_64+0x1d5/0x640 [ 3103.282106] entry_SYSCALL_64_after_hwframe+0x46/0xbb 00:21:28 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$sock_inet_sctp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000040)) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000080)={{0x7fff, 0x400, 0x200, 0x5}, 'syz1\x00', 0x1f}) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3103.287297] RIP: 0033:0x7fc500a72109 [ 3103.291005] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3103.298712] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 [ 3103.305979] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 3103.313243] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 [ 3103.320511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3103.327778] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 00:21:28 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 10) [ 3103.426100] FAULT_INJECTION: forcing a failure. [ 3103.426100] name failslab, interval 1, probability 0, space 0, times 0 [ 3103.457038] input: syz0 as /devices/virtual/input/input32791 [ 3103.457549] input: syz0 as /devices/virtual/input/input32792 00:21:28 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$sock_inet_sctp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000040)) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000080)={{0x7fff, 0x400, 0x200, 0x5}, 'syz1\x00', 0x1f}) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) ioctl$sock_inet_sctp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000040)) (async) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000080)={{0x7fff, 0x400, 0x200, 0x5}, 'syz1\x00', 0x1f}) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) 00:21:28 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x62) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000100), 0x90100, 0x0) ioctl$UI_SET_FFBIT(r2, 0x4004556b, 0x12) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {0x0, 0x0, 0x0, 0x100}, 0x1c, [0x0, 0x0, 0x0, 0xa013, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3d942bc9, 0x0, 0x0, 0x1], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c93], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f0000000080)={{0x9, 0x9b3d, 0x94e5, 0x3}, 'syz0\x00', 0x1b}) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async, rerun: 64) ioctl$UI_DEV_CREATE(r0, 0x5501) (async, rerun: 64) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x802, 0x0) ioctl$UI_SET_KEYBIT(r4, 0x40045565, 0x283) [ 3103.491560] input: syz0 as /devices/virtual/input/input32795 [ 3103.513216] input: syz0 as /devices/virtual/input/input32797 [ 3103.543770] CPU: 0 PID: 17766 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3103.551677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3103.561199] Call Trace: [ 3103.563787] dump_stack+0x1b2/0x281 [ 3103.567443] should_fail.cold+0x10a/0x149 [ 3103.571593] should_failslab+0xd6/0x130 [ 3103.572062] input: syz0 as /devices/virtual/input/input32800 [ 3103.575656] kmem_cache_alloc+0x28e/0x3c0 [ 3103.575671] __kernfs_new_node+0x6f/0x470 [ 3103.575684] kernfs_new_node+0x7b/0xe0 [ 3103.575696] kernfs_create_link+0x27/0x160 [ 3103.597858] sysfs_do_create_link_sd+0x90/0x120 [ 3103.602531] sysfs_create_link+0x5f/0xc0 [ 3103.606687] device_add+0x749/0x15c0 [ 3103.610403] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 3103.615853] ? device_is_dependent+0x2a0/0x2a0 [ 3103.620437] ? __kmalloc+0x3a4/0x400 [ 3103.624151] ? input_register_device+0x419/0xa90 [ 3103.628913] input_register_device+0x59e/0xa90 [ 3103.633759] ? __lock_acquire+0x5fc/0x3f20 [ 3103.638001] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3103.643201] ? uinput_write+0xfb0/0xfb0 [ 3103.647172] ? get_pid_task+0xb8/0x130 [ 3103.651063] ? proc_fail_nth_write+0x7b/0x180 [ 3103.655559] ? trace_hardirqs_on+0x10/0x10 [ 3103.659795] ? fsnotify+0x974/0x11b0 [ 3103.663512] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3103.668437] ? __handle_mm_fault+0x80f/0x4620 [ 3103.672930] ? SyS_write+0x1b7/0x210 [ 3103.676647] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3103.682092] do_vfs_ioctl+0x75a/0xff0 [ 3103.685892] ? lock_acquire+0x170/0x3f0 [ 3103.689863] ? ioctl_preallocate+0x1a0/0x1a0 [ 3103.694267] ? __fget+0x265/0x3e0 [ 3103.697730] ? do_vfs_ioctl+0xff0/0xff0 [ 3103.701704] ? security_file_ioctl+0x83/0xb0 [ 3103.706112] SyS_ioctl+0x7f/0xb0 [ 3103.709476] ? do_vfs_ioctl+0xff0/0xff0 [ 3103.713449] do_syscall_64+0x1d5/0x640 [ 3103.717337] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3103.722523] RIP: 0033:0x7f980133e109 [ 3103.726229] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3103.733936] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 00:21:28 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) ioctl$UI_DEV_CREATE(r2, 0x5501) ioctl$UI_BEGIN_FF_UPLOAD(r1, 0xc06855c8, &(0x7f0000000080)={0xf, 0x1000, {0x56, 0x9, 0x8, {0x4, 0x8}, {0x20, 0x1ff}, @cond=[{0x2, 0x5d, 0x1ff, 0x8, 0x401, 0xfff}, {0x3, 0x2, 0xa2, 0x7, 0x6, 0x71b9}]}, {0x56, 0x1, 0x6, {0x81, 0x3f}, {0x20, 0x9d5}, @ramp={0x2, 0x80, {0x1e3b, 0x2, 0x3, 0x1}}}}) ioctl$UI_SET_SWBIT(r2, 0x4004556d, 0xf) 00:21:28 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$BLKALIGNOFF(0xffffffffffffffff, 0x127a, &(0x7f0000000040)) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$BLKALIGNOFF(0xffffffffffffffff, 0x127a, &(0x7f0000000040)) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) (async) 00:21:28 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 13) 00:21:28 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$sock_inet_sctp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000040)) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000080)={{0x7fff, 0x400, 0x200, 0x5}, 'syz1\x00', 0x1f}) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3103.741227] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3103.748491] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3103.755757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3103.763022] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3103.826992] FAULT_INJECTION: forcing a failure. [ 3103.826992] name failslab, interval 1, probability 0, space 0, times 0 [ 3103.865795] CPU: 0 PID: 17772 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3103.873700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3103.883047] Call Trace: [ 3103.885634] dump_stack+0x1b2/0x281 [ 3103.889268] should_fail.cold+0x10a/0x149 [ 3103.893424] should_failslab+0xd6/0x130 [ 3103.897401] kmem_cache_alloc_node_trace+0x25a/0x400 [ 3103.902506] __kmalloc_node_track_caller+0x38/0x70 [ 3103.907438] __alloc_skb+0x96/0x510 [ 3103.911067] kobject_uevent_env+0x882/0xf30 [ 3103.915392] device_del+0x642/0xa80 [ 3103.919026] ? __device_links_no_driver+0x1b0/0x1b0 [ 3103.924048] device_unregister+0x22/0xc0 [ 3103.928110] bdi_unregister+0x42f/0x610 [ 3103.932090] ? wb_blkcg_offline+0x180/0x180 [ 3103.936423] del_gendisk+0x453/0x820 [ 3103.940138] ? disk_events_poll_msecs_store+0x150/0x150 [ 3103.945504] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3103.949994] ? blk_cleanup_queue+0x43c/0x620 [ 3103.954399] loop_control_ioctl+0x347/0x3f0 [ 3103.958710] ? loop_lookup+0x190/0x190 [ 3103.962591] ? SyS_write+0x1b7/0x210 [ 3103.966303] ? loop_lookup+0x190/0x190 [ 3103.970188] do_vfs_ioctl+0x75a/0xff0 [ 3103.973983] ? lock_acquire+0x170/0x3f0 [ 3103.977953] ? ioctl_preallocate+0x1a0/0x1a0 [ 3103.982363] ? __fget+0x265/0x3e0 [ 3103.985816] ? do_vfs_ioctl+0xff0/0xff0 [ 3103.989790] ? security_file_ioctl+0x83/0xb0 [ 3103.994218] SyS_ioctl+0x7f/0xb0 [ 3103.997579] ? do_vfs_ioctl+0xff0/0xff0 [ 3104.001549] do_syscall_64+0x1d5/0x640 [ 3104.005872] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3104.011056] RIP: 0033:0x7fc500a72109 [ 3104.014757] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3104.022462] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 [ 3104.029727] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 3104.036995] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 [ 3104.044259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3104.051523] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 00:21:29 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 11) 00:21:29 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x1ff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3104.141146] FAULT_INJECTION: forcing a failure. [ 3104.141146] name failslab, interval 1, probability 0, space 0, times 0 [ 3104.153545] input: syz0 as /devices/virtual/input/input32803 [ 3104.157695] input: syz0 as /devices/virtual/input/input32807 [ 3104.163176] input: syz0 as /devices/virtual/input/input32805 [ 3104.175528] CPU: 0 PID: 17816 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3104.183415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3104.192756] Call Trace: [ 3104.192772] dump_stack+0x1b2/0x281 [ 3104.192787] should_fail.cold+0x10a/0x149 [ 3104.192800] should_failslab+0xd6/0x130 [ 3104.192810] kmem_cache_alloc+0x28e/0x3c0 [ 3104.192825] __kernfs_new_node+0x6f/0x470 [ 3104.199006] kernfs_new_node+0x7b/0xe0 [ 3104.207095] __kernfs_create_file+0x3d/0x320 [ 3104.207108] sysfs_add_file_mode_ns+0x1e1/0x450 [ 3104.207134] internal_create_group+0x22b/0x710 [ 3104.219350] sysfs_create_groups+0x92/0x130 [ 3104.219363] device_add+0x833/0x15c0 [ 3104.219374] ? device_is_dependent+0x2a0/0x2a0 [ 3104.237277] ? __kmalloc+0x3a4/0x400 [ 3104.237288] ? input_register_device+0x419/0xa90 [ 3104.237298] input_register_device+0x59e/0xa90 [ 3104.237310] ? __lock_acquire+0x5fc/0x3f20 [ 3104.245569] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3104.245581] ? uinput_write+0xfb0/0xfb0 [ 3104.245590] ? get_pid_task+0xb8/0x130 [ 3104.245602] ? proc_fail_nth_write+0x7b/0x180 [ 3104.254031] ? trace_hardirqs_on+0x10/0x10 [ 3104.254045] ? fsnotify+0x974/0x11b0 [ 3104.254054] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3104.254063] ? __handle_mm_fault+0x80f/0x4620 [ 3104.254073] ? SyS_write+0x1b7/0x210 [ 3104.254084] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3104.254094] do_vfs_ioctl+0x75a/0xff0 [ 3104.262862] ? lock_acquire+0x170/0x3f0 [ 3104.262872] ? ioctl_preallocate+0x1a0/0x1a0 [ 3104.262885] ? __fget+0x265/0x3e0 [ 3104.262897] ? do_vfs_ioctl+0xff0/0xff0 [ 3104.262907] ? security_file_ioctl+0x83/0xb0 [ 3104.262917] SyS_ioctl+0x7f/0xb0 [ 3104.272048] ? do_vfs_ioctl+0xff0/0xff0 [ 3104.272062] do_syscall_64+0x1d5/0x640 [ 3104.272078] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3104.272086] RIP: 0033:0x7f980133e109 [ 3104.272091] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3104.280432] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3104.280437] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3104.280443] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3104.280448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 00:21:29 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) (async) ioctl$UI_DEV_CREATE(r2, 0x5501) (async) ioctl$UI_BEGIN_FF_UPLOAD(r1, 0xc06855c8, &(0x7f0000000080)={0xf, 0x1000, {0x56, 0x9, 0x8, {0x4, 0x8}, {0x20, 0x1ff}, @cond=[{0x2, 0x5d, 0x1ff, 0x8, 0x401, 0xfff}, {0x3, 0x2, 0xa2, 0x7, 0x6, 0x71b9}]}, {0x56, 0x1, 0x6, {0x81, 0x3f}, {0x20, 0x9d5}, @ramp={0x2, 0x80, {0x1e3b, 0x2, 0x3, 0x1}}}}) (async) ioctl$UI_SET_SWBIT(r2, 0x4004556d, 0xf) [ 3104.280454] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3104.304523] input: syz0 as /devices/virtual/input/input32809 [ 3104.423966] FAULT_INJECTION: forcing a failure. [ 3104.423966] name failslab, interval 1, probability 0, space 0, times 0 [ 3104.447252] CPU: 0 PID: 17840 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3104.455143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3104.464595] Call Trace: [ 3104.467184] dump_stack+0x1b2/0x281 [ 3104.470855] should_fail.cold+0x10a/0x149 [ 3104.475005] should_failslab+0xd6/0x130 [ 3104.478981] kmem_cache_alloc_node_trace+0x25a/0x400 [ 3104.484098] __kmalloc_node_track_caller+0x38/0x70 [ 3104.489030] __alloc_skb+0x96/0x510 [ 3104.492658] kobject_uevent_env+0x882/0xf30 [ 3104.496986] device_del+0x642/0xa80 [ 3104.500617] ? __device_links_no_driver+0x1b0/0x1b0 [ 3104.505643] device_unregister+0x22/0xc0 [ 3104.509705] bdi_unregister+0x42f/0x610 [ 3104.513688] ? wb_blkcg_offline+0x180/0x180 [ 3104.518003] del_gendisk+0x453/0x820 [ 3104.518016] ? disk_events_poll_msecs_store+0x150/0x150 [ 3104.518027] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3104.531544] ? blk_cleanup_queue+0x43c/0x620 [ 3104.535955] loop_control_ioctl+0x347/0x3f0 [ 3104.540304] ? loop_lookup+0x190/0x190 [ 3104.544187] ? SyS_write+0x1b7/0x210 [ 3104.547894] ? loop_lookup+0x190/0x190 [ 3104.547906] do_vfs_ioctl+0x75a/0xff0 [ 3104.555657] ? lock_acquire+0x170/0x3f0 [ 3104.559625] ? ioctl_preallocate+0x1a0/0x1a0 [ 3104.564032] ? __fget+0x265/0x3e0 [ 3104.567498] ? do_vfs_ioctl+0xff0/0xff0 [ 3104.571471] ? security_file_ioctl+0x83/0xb0 [ 3104.575875] SyS_ioctl+0x7f/0xb0 [ 3104.575886] ? do_vfs_ioctl+0xff0/0xff0 [ 3104.583210] do_syscall_64+0x1d5/0x640 [ 3104.587105] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3104.587116] RIP: 0033:0x7fc500a72109 00:21:29 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x141000, 0x0) ioctl$DRM_IOCTL_GEM_CLOSE(r1, 0x40086409, &(0x7f0000000080)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:29 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 14) 00:21:29 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 12) [ 3104.595981] RSP: 002b:00007fc4ff3a5168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3104.603684] RAX: ffffffffffffffda RBX: 00007fc500b85100 RCX: 00007fc500a72109 [ 3104.610943] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000005 [ 3104.618194] RBP: 00007fc4ff3a51d0 R08: 0000000000000000 R09: 0000000000000000 [ 3104.618200] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3104.618205] R13: 00007ffc09c7c8af R14: 00007fc4ff3a5300 R15: 0000000000022000 00:21:29 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x1ff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3104.765117] input: syz0 as /devices/virtual/input/input32811 [ 3104.782307] input: syz0 as /devices/virtual/input/input32814 [ 3104.795220] FAULT_INJECTION: forcing a failure. [ 3104.795220] name failslab, interval 1, probability 0, space 0, times 0 [ 3104.827417] CPU: 0 PID: 17872 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3104.835314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3104.844691] Call Trace: [ 3104.847282] dump_stack+0x1b2/0x281 [ 3104.850911] should_fail.cold+0x10a/0x149 [ 3104.850926] should_failslab+0xd6/0x130 [ 3104.850939] kmem_cache_alloc+0x28e/0x3c0 [ 3104.850952] __kernfs_new_node+0x6f/0x470 [ 3104.850963] kernfs_create_dir_ns+0x8c/0x200 [ 3104.871713] internal_create_group+0xe9/0x710 [ 3104.876217] sysfs_create_groups+0x92/0x130 [ 3104.880534] device_add+0x833/0x15c0 [ 3104.880548] ? device_is_dependent+0x2a0/0x2a0 [ 3104.880560] ? __kmalloc+0x3a4/0x400 [ 3104.880568] ? input_register_device+0x419/0xa90 [ 3104.880578] input_register_device+0x59e/0xa90 [ 3104.880588] ? __lock_acquire+0x5fc/0x3f20 [ 3104.880602] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3104.901869] ? uinput_write+0xfb0/0xfb0 [ 3104.901880] ? get_pid_task+0xb8/0x130 [ 3104.901892] ? proc_fail_nth_write+0x7b/0x180 [ 3104.901903] ? trace_hardirqs_on+0x10/0x10 [ 3104.901916] ? fsnotify+0x974/0x11b0 [ 3104.901927] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3104.919568] ? __handle_mm_fault+0x80f/0x4620 [ 3104.919580] ? SyS_write+0x1b7/0x210 [ 3104.919596] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3104.919605] do_vfs_ioctl+0x75a/0xff0 [ 3104.919616] ? lock_acquire+0x170/0x3f0 [ 3104.919627] ? ioctl_preallocate+0x1a0/0x1a0 [ 3104.936964] ? __fget+0x265/0x3e0 [ 3104.936978] ? do_vfs_ioctl+0xff0/0xff0 [ 3104.936990] ? security_file_ioctl+0x83/0xb0 [ 3104.937000] SyS_ioctl+0x7f/0xb0 [ 3104.966188] ? do_vfs_ioctl+0xff0/0xff0 [ 3104.966203] do_syscall_64+0x1d5/0x640 [ 3104.966219] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3104.966228] RIP: 0033:0x7f980133e109 [ 3104.994612] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3105.002314] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3105.010097] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3105.017363] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 00:21:30 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x62) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000100), 0x90100, 0x0) ioctl$UI_SET_FFBIT(r2, 0x4004556b, 0x12) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {0x0, 0x0, 0x0, 0x100}, 0x1c, [0x0, 0x0, 0x0, 0xa013, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3d942bc9, 0x0, 0x0, 0x1], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c93], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c) (async) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f0000000080)={{0x9, 0x9b3d, 0x94e5, 0x3}, 'syz0\x00', 0x1b}) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x802, 0x0) ioctl$UI_SET_KEYBIT(r4, 0x40045565, 0x283) 00:21:30 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async, rerun: 64) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x1ff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81]}, 0x45c) (async, rerun: 64) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:30 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) ioctl$UI_DEV_CREATE(r2, 0x5501) ioctl$UI_BEGIN_FF_UPLOAD(r1, 0xc06855c8, &(0x7f0000000080)={0xf, 0x1000, {0x56, 0x9, 0x8, {0x4, 0x8}, {0x20, 0x1ff}, @cond=[{0x2, 0x5d, 0x1ff, 0x8, 0x401, 0xfff}, {0x3, 0x2, 0xa2, 0x7, 0x6, 0x71b9}]}, {0x56, 0x1, 0x6, {0x81, 0x3f}, {0x20, 0x9d5}, @ramp={0x2, 0x80, {0x1e3b, 0x2, 0x3, 0x1}}}}) ioctl$UI_SET_SWBIT(r2, 0x4004556d, 0xf) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) (async) ioctl$UI_DEV_CREATE(r2, 0x5501) (async) ioctl$UI_BEGIN_FF_UPLOAD(r1, 0xc06855c8, &(0x7f0000000080)={0xf, 0x1000, {0x56, 0x9, 0x8, {0x4, 0x8}, {0x20, 0x1ff}, @cond=[{0x2, 0x5d, 0x1ff, 0x8, 0x401, 0xfff}, {0x3, 0x2, 0xa2, 0x7, 0x6, 0x71b9}]}, {0x56, 0x1, 0x6, {0x81, 0x3f}, {0x20, 0x9d5}, @ramp={0x2, 0x80, {0x1e3b, 0x2, 0x3, 0x1}}}}) (async) ioctl$UI_SET_SWBIT(r2, 0x4004556d, 0xf) (async) 00:21:30 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 15) 00:21:30 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x141000, 0x0) ioctl$DRM_IOCTL_GEM_CLOSE(r1, 0x40086409, &(0x7f0000000080)) (async, rerun: 64) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async, rerun: 64) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 3105.024631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3105.031899] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3105.093281] FAULT_INJECTION: forcing a failure. [ 3105.093281] name failslab, interval 1, probability 0, space 0, times 0 [ 3105.107950] CPU: 0 PID: 17868 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3105.115846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3105.125202] Call Trace: [ 3105.127879] dump_stack+0x1b2/0x281 [ 3105.131512] should_fail.cold+0x10a/0x149 [ 3105.135665] should_failslab+0xd6/0x130 [ 3105.139731] kmem_cache_alloc_node+0x263/0x410 [ 3105.144319] __alloc_skb+0x5c/0x510 [ 3105.147947] kobject_uevent_env+0x882/0xf30 [ 3105.152279] device_del+0x642/0xa80 [ 3105.155908] ? __device_links_no_driver+0x1b0/0x1b0 [ 3105.160938] device_unregister+0x22/0xc0 [ 3105.165011] bdi_unregister+0x42f/0x610 [ 3105.168984] ? wb_blkcg_offline+0x180/0x180 [ 3105.173311] del_gendisk+0x453/0x820 [ 3105.177023] ? disk_events_poll_msecs_store+0x150/0x150 [ 3105.182392] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3105.186886] ? blk_cleanup_queue+0x43c/0x620 [ 3105.191295] loop_control_ioctl+0x347/0x3f0 [ 3105.195628] ? loop_lookup+0x190/0x190 [ 3105.199512] ? SyS_write+0x1b7/0x210 [ 3105.203238] ? loop_lookup+0x190/0x190 [ 3105.207125] do_vfs_ioctl+0x75a/0xff0 [ 3105.210928] ? lock_acquire+0x170/0x3f0 [ 3105.214901] ? ioctl_preallocate+0x1a0/0x1a0 [ 3105.219318] ? __fget+0x265/0x3e0 [ 3105.222801] ? do_vfs_ioctl+0xff0/0xff0 [ 3105.226778] ? security_file_ioctl+0x83/0xb0 [ 3105.231187] SyS_ioctl+0x7f/0xb0 [ 3105.234553] ? do_vfs_ioctl+0xff0/0xff0 [ 3105.238525] do_syscall_64+0x1d5/0x640 [ 3105.242425] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3105.247609] RIP: 0033:0x7fc500a72109 [ 3105.251312] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3105.259018] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 [ 3105.266291] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 3105.273558] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 [ 3105.280821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3105.288088] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 00:21:30 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) recvfrom$l2tp(0xffffffffffffffff, &(0x7f0000000040)=""/9, 0x9, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) 00:21:30 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 13) [ 3105.386300] FAULT_INJECTION: forcing a failure. [ 3105.386300] name failslab, interval 1, probability 0, space 0, times 0 [ 3105.398703] input: syz0 as /devices/virtual/input/input32819 [ 3105.404156] input: syz0 as /devices/virtual/input/input32821 [ 3105.405683] input: syz0 as /devices/virtual/input/input32822 [ 3105.418211] input: syz0 as /devices/virtual/input/input32826 00:21:30 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100]}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3105.434748] CPU: 0 PID: 17902 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3105.442646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3105.451989] Call Trace: [ 3105.452003] dump_stack+0x1b2/0x281 [ 3105.452031] should_fail.cold+0x10a/0x149 [ 3105.452043] should_failslab+0xd6/0x130 [ 3105.452055] kmem_cache_alloc+0x28e/0x3c0 [ 3105.470439] __kernfs_new_node+0x6f/0x470 [ 3105.474616] kernfs_create_dir_ns+0x8c/0x200 [ 3105.479003] internal_create_group+0xe9/0x710 [ 3105.483479] sysfs_create_groups+0x92/0x130 [ 3105.487867] device_add+0x833/0x15c0 [ 3105.491573] ? device_is_dependent+0x2a0/0x2a0 [ 3105.496135] ? __kmalloc+0x3a4/0x400 [ 3105.499825] ? input_register_device+0x419/0xa90 [ 3105.504916] input_register_device+0x59e/0xa90 [ 3105.509484] ? __lock_acquire+0x5fc/0x3f20 [ 3105.513719] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3105.518892] ? uinput_write+0xfb0/0xfb0 [ 3105.522849] ? get_pid_task+0xb8/0x130 [ 3105.526722] ? proc_fail_nth_write+0x7b/0x180 [ 3105.531201] ? trace_hardirqs_on+0x10/0x10 [ 3105.535423] ? fsnotify+0x974/0x11b0 [ 3105.539122] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3105.544031] ? __handle_mm_fault+0x80f/0x4620 [ 3105.548504] ? SyS_write+0x1b7/0x210 [ 3105.552202] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3105.557629] do_vfs_ioctl+0x75a/0xff0 [ 3105.561422] ? lock_acquire+0x170/0x3f0 [ 3105.565402] ? ioctl_preallocate+0x1a0/0x1a0 [ 3105.569855] ? __fget+0x265/0x3e0 [ 3105.573298] ? do_vfs_ioctl+0xff0/0xff0 [ 3105.577253] ? security_file_ioctl+0x83/0xb0 [ 3105.581638] SyS_ioctl+0x7f/0xb0 [ 3105.584996] ? do_vfs_ioctl+0xff0/0xff0 [ 3105.588951] do_syscall_64+0x1d5/0x640 [ 3105.592826] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3105.597995] RIP: 0033:0x7f980133e109 [ 3105.601807] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3105.609493] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3105.616748] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3105.624007] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 00:21:30 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x141000, 0x0) ioctl$DRM_IOCTL_GEM_CLOSE(r1, 0x40086409, &(0x7f0000000080)) (async, rerun: 64) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async, rerun: 64) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async, rerun: 32) ioctl$UI_DEV_DESTROY(r0, 0x5502) (rerun: 32) 00:21:30 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) recvfrom$l2tp(0xffffffffffffffff, &(0x7f0000000040)=""/9, 0x9, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) [ 3105.631253] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3105.638498] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3105.653485] FAULT_INJECTION: forcing a failure. [ 3105.653485] name failslab, interval 1, probability 0, space 0, times 0 [ 3105.676019] CPU: 0 PID: 17913 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3105.684013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3105.693357] Call Trace: [ 3105.695924] dump_stack+0x1b2/0x281 [ 3105.699532] should_fail.cold+0x10a/0x149 [ 3105.703705] should_failslab+0xd6/0x130 [ 3105.707677] kmem_cache_alloc_node_trace+0x25a/0x400 [ 3105.712812] __kmalloc_node_track_caller+0x38/0x70 [ 3105.717724] __alloc_skb+0x96/0x510 [ 3105.721334] kobject_uevent_env+0x882/0xf30 [ 3105.725647] device_del+0x642/0xa80 [ 3105.729257] ? __device_links_no_driver+0x1b0/0x1b0 [ 3105.734256] device_unregister+0x22/0xc0 [ 3105.738299] bdi_unregister+0x42f/0x610 [ 3105.742262] ? wb_blkcg_offline+0x180/0x180 [ 3105.746594] del_gendisk+0x453/0x820 [ 3105.750308] ? disk_events_poll_msecs_store+0x150/0x150 [ 3105.755658] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3105.760146] ? blk_cleanup_queue+0x43c/0x620 [ 3105.764538] loop_control_ioctl+0x347/0x3f0 [ 3105.768851] ? loop_lookup+0x190/0x190 [ 3105.772726] ? SyS_write+0x1b7/0x210 [ 3105.776424] ? loop_lookup+0x190/0x190 [ 3105.780302] do_vfs_ioctl+0x75a/0xff0 [ 3105.784099] ? lock_acquire+0x170/0x3f0 [ 3105.788067] ? ioctl_preallocate+0x1a0/0x1a0 [ 3105.792471] ? __fget+0x265/0x3e0 [ 3105.795910] ? do_vfs_ioctl+0xff0/0xff0 [ 3105.799870] ? security_file_ioctl+0x83/0xb0 [ 3105.804262] SyS_ioctl+0x7f/0xb0 [ 3105.807608] ? do_vfs_ioctl+0xff0/0xff0 [ 3105.811582] do_syscall_64+0x1d5/0x640 [ 3105.815454] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3105.820624] RIP: 0033:0x7fc500a72109 [ 3105.824316] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3105.832128] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 [ 3105.839381] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 3105.846851] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 [ 3105.854102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3105.861353] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 00:21:31 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 16) 00:21:31 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 14) 00:21:31 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0xfffffffd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000]}, 0x45c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x1a) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3105.886085] input: syz0 as /devices/virtual/input/input32829 00:21:31 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100]}, 0x45c) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:31 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000040)={0x0, 0x9, 0x10}, 0xc) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 3105.916209] input: syz0 as /devices/virtual/input/input32828 00:21:31 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0xfffffffd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000]}, 0x45c) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x1a) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:31 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async, rerun: 32) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async, rerun: 32) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) recvfrom$l2tp(0xffffffffffffffff, &(0x7f0000000040)=""/9, 0x9, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) 00:21:31 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100]}, 0x45c) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3105.956672] input: syz0 as /devices/virtual/input/input32830 [ 3105.958087] FAULT_INJECTION: forcing a failure. [ 3105.958087] name failslab, interval 1, probability 0, space 0, times 0 [ 3106.007042] CPU: 1 PID: 17956 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3106.014957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3106.024314] Call Trace: [ 3106.024330] dump_stack+0x1b2/0x281 [ 3106.024345] should_fail.cold+0x10a/0x149 [ 3106.024356] should_failslab+0xd6/0x130 [ 3106.024367] kmem_cache_alloc+0x28e/0x3c0 [ 3106.024380] __kernfs_new_node+0x6f/0x470 [ 3106.024392] kernfs_new_node+0x7b/0xe0 [ 3106.024402] __kernfs_create_file+0x3d/0x320 [ 3106.024413] sysfs_add_file_mode_ns+0x1e1/0x450 [ 3106.024425] ? kernfs_create_dir_ns+0x171/0x200 [ 3106.038690] internal_create_group+0x22b/0x710 [ 3106.038707] sysfs_create_groups+0x92/0x130 [ 3106.038717] device_add+0x833/0x15c0 [ 3106.038729] ? device_is_dependent+0x2a0/0x2a0 [ 3106.054366] input: syz0 as /devices/virtual/input/input32836 [ 3106.055248] ? __kmalloc+0x3a4/0x400 [ 3106.091185] ? input_register_device+0x419/0xa90 [ 3106.095928] input_register_device+0x59e/0xa90 [ 3106.100496] ? __lock_acquire+0x5fc/0x3f20 [ 3106.104717] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3106.109895] ? uinput_write+0xfb0/0xfb0 [ 3106.113857] ? get_pid_task+0xb8/0x130 [ 3106.117719] ? proc_fail_nth_write+0x7b/0x180 [ 3106.122241] ? trace_hardirqs_on+0x10/0x10 [ 3106.126806] ? fsnotify+0x974/0x11b0 [ 3106.130502] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3106.135414] ? __handle_mm_fault+0x80f/0x4620 [ 3106.139896] ? SyS_write+0x1b7/0x210 [ 3106.143599] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3106.149041] do_vfs_ioctl+0x75a/0xff0 [ 3106.152820] ? lock_acquire+0x170/0x3f0 [ 3106.156772] ? ioctl_preallocate+0x1a0/0x1a0 [ 3106.161168] ? __fget+0x265/0x3e0 [ 3106.164619] ? do_vfs_ioctl+0xff0/0xff0 [ 3106.168590] ? security_file_ioctl+0x83/0xb0 [ 3106.172975] SyS_ioctl+0x7f/0xb0 [ 3106.176318] ? do_vfs_ioctl+0xff0/0xff0 [ 3106.180366] do_syscall_64+0x1d5/0x640 [ 3106.184246] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3106.189421] RIP: 0033:0x7f980133e109 [ 3106.193119] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3106.200810] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 00:21:31 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_END_FF_UPLOAD(r1, 0x406855c9, &(0x7f00000000c0)={0x0, 0x9, {0x54, 0x80, 0x7, {0x7ff, 0x72}, {0x4, 0x8}, @ramp={0xffff, 0x1ff, {0x1, 0x9817, 0x8, 0x5}}}, {0x54, 0x7ff, 0x0, {0x1, 0x53}, {0x7ff, 0x4}, @period={0x5d, 0x4, 0x8, 0x1, 0x5e5c, {0x5, 0x3b26, 0xb595, 0xc9b}, 0x3, &(0x7f0000000080)=[0xfff, 0x6, 0x26]}}}) syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:31 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000040)={0x0, 0x9, 0x10}, 0xc) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 3106.208065] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3106.215316] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3106.222565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3106.229818] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3106.253233] FAULT_INJECTION: forcing a failure. 00:21:31 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 17) [ 3106.253233] name failslab, interval 1, probability 0, space 0, times 0 [ 3106.268387] CPU: 0 PID: 17960 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3106.276275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3106.285610] Call Trace: [ 3106.288178] dump_stack+0x1b2/0x281 [ 3106.291785] should_fail.cold+0x10a/0x149 [ 3106.295923] should_failslab+0xd6/0x130 [ 3106.299888] kmem_cache_alloc_node_trace+0x25a/0x400 [ 3106.304973] __kmalloc_node_track_caller+0x38/0x70 [ 3106.309885] __alloc_skb+0x96/0x510 [ 3106.313507] kobject_uevent_env+0x882/0xf30 [ 3106.317823] device_del+0x642/0xa80 [ 3106.321431] ? __device_links_no_driver+0x1b0/0x1b0 [ 3106.326436] device_unregister+0x22/0xc0 [ 3106.330567] bdi_unregister+0x42f/0x610 [ 3106.334533] ? wb_blkcg_offline+0x180/0x180 [ 3106.338837] del_gendisk+0x453/0x820 [ 3106.342656] ? disk_events_poll_msecs_store+0x150/0x150 [ 3106.348002] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3106.352477] ? blk_cleanup_queue+0x43c/0x620 [ 3106.356875] loop_control_ioctl+0x347/0x3f0 [ 3106.361177] ? loop_lookup+0x190/0x190 [ 3106.365153] ? SyS_write+0x1b7/0x210 [ 3106.368846] ? loop_lookup+0x190/0x190 [ 3106.372709] do_vfs_ioctl+0x75a/0xff0 [ 3106.376489] ? lock_acquire+0x170/0x3f0 [ 3106.380440] ? ioctl_preallocate+0x1a0/0x1a0 [ 3106.384826] ? __fget+0x265/0x3e0 [ 3106.388256] ? do_vfs_ioctl+0xff0/0xff0 [ 3106.392208] ? security_file_ioctl+0x83/0xb0 [ 3106.396593] SyS_ioctl+0x7f/0xb0 [ 3106.399942] ? do_vfs_ioctl+0xff0/0xff0 [ 3106.404337] do_syscall_64+0x1d5/0x640 [ 3106.408219] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3106.413472] RIP: 0033:0x7fc500a72109 [ 3106.417158] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3106.424931] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 [ 3106.432176] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 3106.439428] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 [ 3106.446683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 00:21:31 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 15) [ 3106.453933] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 [ 3106.467172] input: syz0 as /devices/virtual/input/input32838 [ 3106.535851] input: syz0 as /devices/virtual/input/input32839 [ 3106.541960] input: syz0 as /devices/virtual/input/input32841 00:21:31 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async, rerun: 64) ioctl$UI_END_FF_UPLOAD(r1, 0x406855c9, &(0x7f00000000c0)={0x0, 0x9, {0x54, 0x80, 0x7, {0x7ff, 0x72}, {0x4, 0x8}, @ramp={0xffff, 0x1ff, {0x1, 0x9817, 0x8, 0x5}}}, {0x54, 0x7ff, 0x0, {0x1, 0x53}, {0x7ff, 0x4}, @period={0x5d, 0x4, 0x8, 0x1, 0x5e5c, {0x5, 0x3b26, 0xb595, 0xc9b}, 0x3, &(0x7f0000000080)=[0xfff, 0x6, 0x26]}}}) (rerun: 64) syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3106.576501] FAULT_INJECTION: forcing a failure. [ 3106.576501] name failslab, interval 1, probability 0, space 0, times 0 00:21:31 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000040)={0x0, 0x9, 0x10}, 0xc) (async, rerun: 64) ioctl$UI_DEV_CREATE(r0, 0x5501) (rerun: 64) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:31 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_END_FF_UPLOAD(r1, 0x406855c9, &(0x7f00000000c0)={0x0, 0x9, {0x54, 0x80, 0x7, {0x7ff, 0x72}, {0x4, 0x8}, @ramp={0xffff, 0x1ff, {0x1, 0x9817, 0x8, 0x5}}}, {0x54, 0x7ff, 0x0, {0x1, 0x53}, {0x7ff, 0x4}, @period={0x5d, 0x4, 0x8, 0x1, 0x5e5c, {0x5, 0x3b26, 0xb595, 0xc9b}, 0x3, &(0x7f0000000080)=[0xfff, 0x6, 0x26]}}}) syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_END_FF_UPLOAD(r1, 0x406855c9, &(0x7f00000000c0)={0x0, 0x9, {0x54, 0x80, 0x7, {0x7ff, 0x72}, {0x4, 0x8}, @ramp={0xffff, 0x1ff, {0x1, 0x9817, 0x8, 0x5}}}, {0x54, 0x7ff, 0x0, {0x1, 0x53}, {0x7ff, 0x4}, @period={0x5d, 0x4, 0x8, 0x1, 0x5e5c, {0x5, 0x3b26, 0xb595, 0xc9b}, 0x3, &(0x7f0000000080)=[0xfff, 0x6, 0x26]}}}) (async) syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) [ 3106.634558] CPU: 0 PID: 18015 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3106.642460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3106.651809] Call Trace: [ 3106.654398] dump_stack+0x1b2/0x281 [ 3106.658033] should_fail.cold+0x10a/0x149 [ 3106.662184] should_failslab+0xd6/0x130 [ 3106.666160] kmem_cache_alloc+0x28e/0x3c0 [ 3106.670311] __kernfs_new_node+0x6f/0x470 [ 3106.674462] kernfs_new_node+0x7b/0xe0 [ 3106.678350] __kernfs_create_file+0x3d/0x320 [ 3106.682768] sysfs_add_file_mode_ns+0x1e1/0x450 [ 3106.687617] ? kernfs_create_dir_ns+0x171/0x200 [ 3106.692286] internal_create_group+0x22b/0x710 [ 3106.696879] sysfs_create_groups+0x92/0x130 [ 3106.701208] device_add+0x833/0x15c0 [ 3106.704930] ? device_is_dependent+0x2a0/0x2a0 [ 3106.709515] ? __kmalloc+0x3a4/0x400 [ 3106.713235] ? input_register_device+0x419/0xa90 [ 3106.717995] input_register_device+0x59e/0xa90 [ 3106.722580] ? __lock_acquire+0x5fc/0x3f20 [ 3106.726825] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3106.732020] ? uinput_write+0xfb0/0xfb0 [ 3106.735999] ? get_pid_task+0xb8/0x130 [ 3106.739900] ? proc_fail_nth_write+0x7b/0x180 [ 3106.744404] ? trace_hardirqs_on+0x10/0x10 [ 3106.748646] ? fsnotify+0x974/0x11b0 [ 3106.752364] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3106.757305] ? __handle_mm_fault+0x80f/0x4620 [ 3106.761994] ? SyS_write+0x1b7/0x210 [ 3106.765714] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3106.771427] do_vfs_ioctl+0x75a/0xff0 [ 3106.775232] ? lock_acquire+0x170/0x3f0 [ 3106.779204] ? ioctl_preallocate+0x1a0/0x1a0 [ 3106.783624] ? __fget+0x265/0x3e0 [ 3106.787083] ? do_vfs_ioctl+0xff0/0xff0 [ 3106.791059] ? security_file_ioctl+0x83/0xb0 [ 3106.795470] SyS_ioctl+0x7f/0xb0 [ 3106.798837] ? do_vfs_ioctl+0xff0/0xff0 [ 3106.802820] do_syscall_64+0x1d5/0x640 [ 3106.806724] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3106.811908] RIP: 0033:0x7f980133e109 [ 3106.815609] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3106.823314] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 00:21:32 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000]}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_SET_PROPBIT(0xffffffffffffffff, 0x4004556e, 0xa) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x490800, 0x0) ioctl$UI_DEV_DESTROY(r1, 0x5502) 00:21:32 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0xfffffffd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000]}, 0x45c) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x1a) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3106.830586] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3106.837860] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3106.845124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3106.852387] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3106.886974] FAULT_INJECTION: forcing a failure. [ 3106.886974] name failslab, interval 1, probability 0, space 0, times 0 [ 3106.914840] CPU: 0 PID: 18017 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3106.922740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3106.932268] Call Trace: [ 3106.934875] dump_stack+0x1b2/0x281 [ 3106.938509] should_fail.cold+0x10a/0x149 [ 3106.942666] should_failslab+0xd6/0x130 [ 3106.946644] kmem_cache_alloc_node+0x263/0x410 [ 3106.951240] __alloc_skb+0x5c/0x510 [ 3106.954877] kobject_uevent_env+0x882/0xf30 [ 3106.959205] device_del+0x642/0xa80 [ 3106.962838] ? __device_links_no_driver+0x1b0/0x1b0 [ 3106.967863] device_unregister+0x22/0xc0 [ 3106.971925] bdi_unregister+0x42f/0x610 [ 3106.975899] ? wb_blkcg_offline+0x180/0x180 [ 3106.980225] del_gendisk+0x453/0x820 [ 3106.983938] ? disk_events_poll_msecs_store+0x150/0x150 [ 3106.989300] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3106.993800] ? blk_cleanup_queue+0x43c/0x620 [ 3106.998222] loop_control_ioctl+0x347/0x3f0 [ 3107.002545] ? loop_lookup+0x190/0x190 [ 3107.006432] ? SyS_write+0x1b7/0x210 [ 3107.010146] ? loop_lookup+0x190/0x190 [ 3107.014032] do_vfs_ioctl+0x75a/0xff0 [ 3107.017830] ? lock_acquire+0x170/0x3f0 [ 3107.021889] ? ioctl_preallocate+0x1a0/0x1a0 [ 3107.026299] ? __fget+0x265/0x3e0 [ 3107.029755] ? do_vfs_ioctl+0xff0/0xff0 [ 3107.034078] ? security_file_ioctl+0x83/0xb0 [ 3107.038491] SyS_ioctl+0x7f/0xb0 [ 3107.041857] ? do_vfs_ioctl+0xff0/0xff0 [ 3107.045835] do_syscall_64+0x1d5/0x640 [ 3107.049724] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3107.054912] RIP: 0033:0x7fc500a72109 [ 3107.058620] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3107.066326] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 [ 3107.073591] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 3107.080893] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 [ 3107.088163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3107.095437] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 00:21:32 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 18) 00:21:32 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 16) [ 3107.131920] input: syz0 as /devices/virtual/input/input32846 00:21:32 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_BEGIN_FF_UPLOAD(r0, 0xc06855c8, &(0x7f0000000080)={0x0, 0x9, {0x55, 0x3, 0xb5db, {0x76, 0x1}, {0x1, 0x400}, @period={0x5b, 0x7fff, 0x8000, 0x7fff, 0x3, {0x3, 0xc3e, 0x3409, 0x795f}, 0x7, &(0x7f0000000040)=[0xca, 0x6, 0x6c, 0x5, 0xfff8, 0x256, 0xdf]}}, {0x51, 0xe1, 0x47, {0x0, 0x5}, {0x101, 0x2}, @cond=[{0x20, 0x7, 0x81, 0x6, 0x6, 0x800}, {0x1, 0x4, 0x9, 0x1ff, 0x1f, 0x8000}]}}) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000100)={{0x1, 0xfffe, 0x6, 0x1}, 'syz0\x00', 0x17}) write$uinput_user_dev(r0, &(0x7f0000000940)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x45f, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb459]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) ioctl$UI_GET_VERSION(r2, 0x8004552d, &(0x7f0000000180)) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x1c9) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000001c0), 0x802, 0x0) ioctl$UI_BEGIN_FF_ERASE(r3, 0xc00c55ca, &(0x7f0000000200)={0x5, 0x4, 0x100}) ioctl$UI_SET_FFBIT(r2, 0x4004556b, 0x6c) 00:21:32 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000]}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_SET_PROPBIT(0xffffffffffffffff, 0x4004556e, 0xa) (async) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x490800, 0x0) ioctl$UI_DEV_DESTROY(r1, 0x5502) [ 3107.226915] input: syz0 as /devices/virtual/input/input32847 [ 3107.233365] FAULT_INJECTION: forcing a failure. [ 3107.233365] name failslab, interval 1, probability 0, space 0, times 0 [ 3107.249044] input: syz0 as /devices/virtual/input/input32850 [ 3107.257031] input: syz0 as /devices/virtual/input/input32853 [ 3107.265961] input: syz0 as /devices/virtual/input/input32851 [ 3107.282737] CPU: 0 PID: 18062 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3107.290656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3107.300261] Call Trace: [ 3107.302843] dump_stack+0x1b2/0x281 [ 3107.306472] should_fail.cold+0x10a/0x149 [ 3107.310612] should_failslab+0xd6/0x130 [ 3107.314614] kmem_cache_alloc+0x28e/0x3c0 [ 3107.318740] __kernfs_new_node+0x6f/0x470 [ 3107.322868] kernfs_new_node+0x7b/0xe0 [ 3107.326738] __kernfs_create_file+0x3d/0x320 [ 3107.331125] sysfs_add_file_mode_ns+0x1e1/0x450 [ 3107.335878] ? kernfs_create_dir_ns+0x171/0x200 [ 3107.340542] internal_create_group+0x22b/0x710 [ 3107.345193] sysfs_create_groups+0x92/0x130 [ 3107.349492] device_add+0x833/0x15c0 [ 3107.353193] ? device_is_dependent+0x2a0/0x2a0 [ 3107.357762] ? __kmalloc+0x3a4/0x400 [ 3107.361462] ? input_register_device+0x419/0xa90 [ 3107.366197] input_register_device+0x59e/0xa90 [ 3107.370756] ? __lock_acquire+0x5fc/0x3f20 [ 3107.374968] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3107.380149] ? uinput_write+0xfb0/0xfb0 [ 3107.384101] ? get_pid_task+0xb8/0x130 [ 3107.387966] ? proc_fail_nth_write+0x7b/0x180 [ 3107.392457] ? trace_hardirqs_on+0x10/0x10 [ 3107.396685] ? fsnotify+0x974/0x11b0 [ 3107.400392] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3107.405299] ? __handle_mm_fault+0x80f/0x4620 [ 3107.409772] ? SyS_write+0x1b7/0x210 [ 3107.413468] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3107.418895] do_vfs_ioctl+0x75a/0xff0 [ 3107.422677] ? lock_acquire+0x170/0x3f0 [ 3107.426733] ? ioctl_preallocate+0x1a0/0x1a0 [ 3107.431121] ? __fget+0x265/0x3e0 [ 3107.434552] ? do_vfs_ioctl+0xff0/0xff0 [ 3107.438502] ? security_file_ioctl+0x83/0xb0 [ 3107.442886] SyS_ioctl+0x7f/0xb0 [ 3107.446228] ? do_vfs_ioctl+0xff0/0xff0 [ 3107.450183] do_syscall_64+0x1d5/0x640 [ 3107.454053] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3107.459218] RIP: 0033:0x7f980133e109 [ 3107.462990] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3107.470671] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 00:21:32 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [], [0x0, 0x200]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:32 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 19) [ 3107.477917] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3107.485165] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3107.492423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3107.499679] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 00:21:32 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_BEGIN_FF_UPLOAD(r0, 0xc06855c8, &(0x7f0000000080)={0x0, 0x9, {0x55, 0x3, 0xb5db, {0x76, 0x1}, {0x1, 0x400}, @period={0x5b, 0x7fff, 0x8000, 0x7fff, 0x3, {0x3, 0xc3e, 0x3409, 0x795f}, 0x7, &(0x7f0000000040)=[0xca, 0x6, 0x6c, 0x5, 0xfff8, 0x256, 0xdf]}}, {0x51, 0xe1, 0x47, {0x0, 0x5}, {0x101, 0x2}, @cond=[{0x20, 0x7, 0x81, 0x6, 0x6, 0x800}, {0x1, 0x4, 0x9, 0x1ff, 0x1f, 0x8000}]}}) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000100)={{0x1, 0xfffe, 0x6, 0x1}, 'syz0\x00', 0x17}) write$uinput_user_dev(r0, &(0x7f0000000940)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x45f, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb459]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) ioctl$UI_GET_VERSION(r2, 0x8004552d, &(0x7f0000000180)) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x1c9) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000001c0), 0x802, 0x0) ioctl$UI_BEGIN_FF_ERASE(r3, 0xc00c55ca, &(0x7f0000000200)={0x5, 0x4, 0x100}) ioctl$UI_SET_FFBIT(r2, 0x4004556b, 0x6c) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) ioctl$UI_BEGIN_FF_UPLOAD(r0, 0xc06855c8, &(0x7f0000000080)={0x0, 0x9, {0x55, 0x3, 0xb5db, {0x76, 0x1}, {0x1, 0x400}, @period={0x5b, 0x7fff, 0x8000, 0x7fff, 0x3, {0x3, 0xc3e, 0x3409, 0x795f}, 0x7, &(0x7f0000000040)=[0xca, 0x6, 0x6c, 0x5, 0xfff8, 0x256, 0xdf]}}, {0x51, 0xe1, 0x47, {0x0, 0x5}, {0x101, 0x2}, @cond=[{0x20, 0x7, 0x81, 0x6, 0x6, 0x800}, {0x1, 0x4, 0x9, 0x1ff, 0x1f, 0x8000}]}}) (async) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000100)={{0x1, 0xfffe, 0x6, 0x1}, 'syz0\x00', 0x17}) (async) write$uinput_user_dev(r0, &(0x7f0000000940)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x45f, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb459]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) (async) ioctl$UI_GET_VERSION(r2, 0x8004552d, &(0x7f0000000180)) (async) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) (async) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x1c9) (async) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) (async) openat$uinput(0xffffffffffffff9c, &(0x7f00000001c0), 0x802, 0x0) (async) ioctl$UI_BEGIN_FF_ERASE(r3, 0xc00c55ca, &(0x7f0000000200)={0x5, 0x4, 0x100}) (async) ioctl$UI_SET_FFBIT(r2, 0x4004556b, 0x6c) (async) 00:21:32 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_SET_PROPBIT(r0, 0x4004556e, 0x10) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x0) [ 3107.525617] FAULT_INJECTION: forcing a failure. [ 3107.525617] name failslab, interval 1, probability 0, space 0, times 0 [ 3107.544562] CPU: 0 PID: 18059 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3107.552464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3107.561811] Call Trace: [ 3107.564379] dump_stack+0x1b2/0x281 [ 3107.567986] should_fail.cold+0x10a/0x149 [ 3107.572110] should_failslab+0xd6/0x130 [ 3107.576112] kmem_cache_alloc_node+0x263/0x410 [ 3107.580675] __alloc_skb+0x5c/0x510 [ 3107.584282] kobject_uevent_env+0x882/0xf30 [ 3107.588585] device_del+0x642/0xa80 [ 3107.592189] ? __device_links_no_driver+0x1b0/0x1b0 [ 3107.597181] device_unregister+0x22/0xc0 [ 3107.601221] bdi_unregister+0x42f/0x610 [ 3107.605260] ? wb_blkcg_offline+0x180/0x180 [ 3107.609575] del_gendisk+0x453/0x820 [ 3107.613267] ? disk_events_poll_msecs_store+0x150/0x150 [ 3107.618694] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3107.623165] ? blk_cleanup_queue+0x43c/0x620 [ 3107.627550] loop_control_ioctl+0x347/0x3f0 [ 3107.631870] ? loop_lookup+0x190/0x190 [ 3107.635743] ? SyS_write+0x1b7/0x210 [ 3107.639432] ? loop_lookup+0x190/0x190 [ 3107.643323] do_vfs_ioctl+0x75a/0xff0 [ 3107.647113] ? lock_acquire+0x170/0x3f0 [ 3107.651064] ? ioctl_preallocate+0x1a0/0x1a0 [ 3107.655451] ? __fget+0x265/0x3e0 [ 3107.658892] ? do_vfs_ioctl+0xff0/0xff0 [ 3107.662866] ? security_file_ioctl+0x83/0xb0 [ 3107.667267] SyS_ioctl+0x7f/0xb0 [ 3107.670612] ? do_vfs_ioctl+0xff0/0xff0 [ 3107.674804] do_syscall_64+0x1d5/0x640 [ 3107.678737] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3107.683908] RIP: 0033:0x7fc500a72109 [ 3107.687657] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3107.695342] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 [ 3107.702703] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 3107.709956] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 [ 3107.717220] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 00:21:32 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 17) [ 3107.724469] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 [ 3107.740182] input: syz0 as /devices/virtual/input/input32857 00:21:33 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) ioctl$UI_BEGIN_FF_UPLOAD(r0, 0xc06855c8, &(0x7f0000000080)={0x0, 0x9, {0x55, 0x3, 0xb5db, {0x76, 0x1}, {0x1, 0x400}, @period={0x5b, 0x7fff, 0x8000, 0x7fff, 0x3, {0x3, 0xc3e, 0x3409, 0x795f}, 0x7, &(0x7f0000000040)=[0xca, 0x6, 0x6c, 0x5, 0xfff8, 0x256, 0xdf]}}, {0x51, 0xe1, 0x47, {0x0, 0x5}, {0x101, 0x2}, @cond=[{0x20, 0x7, 0x81, 0x6, 0x6, 0x800}, {0x1, 0x4, 0x9, 0x1ff, 0x1f, 0x8000}]}}) (async) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000100)={{0x1, 0xfffe, 0x6, 0x1}, 'syz0\x00', 0x17}) (async) write$uinput_user_dev(r0, &(0x7f0000000940)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x45f, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb459]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) ioctl$UI_GET_VERSION(r2, 0x8004552d, &(0x7f0000000180)) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x1c9) (async) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) (async) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000001c0), 0x802, 0x0) ioctl$UI_BEGIN_FF_ERASE(r3, 0xc00c55ca, &(0x7f0000000200)={0x5, 0x4, 0x100}) (async) ioctl$UI_SET_FFBIT(r2, 0x4004556b, 0x6c) [ 3107.786927] FAULT_INJECTION: forcing a failure. [ 3107.786927] name failslab, interval 1, probability 0, space 0, times 0 [ 3107.793071] input: syz0 as /devices/virtual/input/input32862 [ 3107.805291] input: syz0 as /devices/virtual/input/input32863 00:21:33 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [], [0x0, 0x200]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [], [0x0, 0x200]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) (async) [ 3107.855388] FAULT_INJECTION: forcing a failure. [ 3107.855388] name failslab, interval 1, probability 0, space 0, times 0 [ 3107.879067] input: syz0 as /devices/virtual/input/input32865 [ 3107.886410] CPU: 1 PID: 18116 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3107.894298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3107.903649] Call Trace: [ 3107.906229] dump_stack+0x1b2/0x281 [ 3107.909881] should_fail.cold+0x10a/0x149 [ 3107.914015] should_failslab+0xd6/0x130 [ 3107.917976] kmem_cache_alloc+0x28e/0x3c0 [ 3107.922291] __kernfs_new_node+0x6f/0x470 [ 3107.926436] kernfs_create_dir_ns+0x8c/0x200 [ 3107.930846] internal_create_group+0xe9/0x710 [ 3107.935345] sysfs_create_groups+0x92/0x130 [ 3107.939662] device_add+0x833/0x15c0 [ 3107.943371] ? device_is_dependent+0x2a0/0x2a0 [ 3107.947952] ? __kmalloc+0x3a4/0x400 [ 3107.951667] ? input_register_device+0x419/0xa90 [ 3107.956423] input_register_device+0x59e/0xa90 [ 3107.960999] ? __lock_acquire+0x5fc/0x3f20 [ 3107.965233] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3107.970420] ? uinput_write+0xfb0/0xfb0 [ 3107.974389] ? get_pid_task+0xb8/0x130 [ 3107.978273] ? proc_fail_nth_write+0x7b/0x180 [ 3107.982790] ? trace_hardirqs_on+0x10/0x10 [ 3107.987028] ? fsnotify+0x974/0x11b0 [ 3107.990739] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3107.995665] ? __handle_mm_fault+0x80f/0x4620 [ 3108.000162] ? SyS_write+0x1b7/0x210 00:21:33 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_SET_PROPBIT(r0, 0x4004556e, 0x10) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_SET_PROPBIT(r0, 0x4004556e, 0x10) (async) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x0) (async) [ 3108.003886] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3108.009424] do_vfs_ioctl+0x75a/0xff0 [ 3108.013226] ? lock_acquire+0x170/0x3f0 [ 3108.017204] ? ioctl_preallocate+0x1a0/0x1a0 [ 3108.021612] ? __fget+0x265/0x3e0 [ 3108.025098] ? do_vfs_ioctl+0xff0/0xff0 [ 3108.029070] ? security_file_ioctl+0x83/0xb0 [ 3108.033473] SyS_ioctl+0x7f/0xb0 [ 3108.036837] ? do_vfs_ioctl+0xff0/0xff0 [ 3108.040811] do_syscall_64+0x1d5/0x640 [ 3108.044702] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3108.049895] RIP: 0033:0x7f980133e109 [ 3108.053598] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3108.061290] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3108.068550] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3108.075848] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3108.083110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3108.090377] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 00:21:33 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000f80)={'dummy0\x00', 0x0}) r4 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f0000000000)={r3, @multicast2, @multicast1}, 0xc) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r5, 0x4004556a, 0x0) ioctl$UI_SET_SWBIT(r5, 0x4004556d, 0xd) sendmsg$FOU_CMD_DEL(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000ffdbdf2502000000060001004e2000000400050008000b00", @ANYRES32=r3, @ANYBLOB="050003df5d0810eb7e9fbcde0b05839000110000000500040000000000140009002001000000000000faff0000000000021b91febfb81028d4f2b0779034400d0a47b2637fb9daa5264d1bf2eef63446305ea31817f36d8efd97bc5e9069"], 0x4c}, 0x1, 0x0, 0x0, 0x4040811}, 0x8000) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x4], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3108.102231] CPU: 0 PID: 18121 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3108.110124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3108.119474] Call Trace: [ 3108.122060] dump_stack+0x1b2/0x281 [ 3108.125695] should_fail.cold+0x10a/0x149 [ 3108.129845] should_failslab+0xd6/0x130 [ 3108.133818] kmem_cache_alloc_trace+0x29a/0x3d0 [ 3108.138494] ? kobj_ns_drop+0x80/0x80 [ 3108.142291] call_usermodehelper_setup+0x73/0x2e0 [ 3108.145732] input: syz0 as /devices/virtual/input/input32869 [ 3108.147130] kobject_uevent_env+0xc21/0xf30 [ 3108.147154] device_del+0x642/0xa80 [ 3108.160860] ? __device_links_no_driver+0x1b0/0x1b0 [ 3108.165963] device_unregister+0x22/0xc0 [ 3108.170026] bdi_unregister+0x42f/0x610 [ 3108.173999] ? wb_blkcg_offline+0x180/0x180 [ 3108.178322] del_gendisk+0x453/0x820 [ 3108.182032] ? disk_events_poll_msecs_store+0x150/0x150 [ 3108.187393] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3108.191883] ? blk_cleanup_queue+0x43c/0x620 [ 3108.196290] loop_control_ioctl+0x347/0x3f0 [ 3108.200610] ? loop_lookup+0x190/0x190 [ 3108.204493] ? SyS_write+0x1b7/0x210 [ 3108.208205] ? loop_lookup+0x190/0x190 [ 3108.212091] do_vfs_ioctl+0x75a/0xff0 [ 3108.215891] ? lock_acquire+0x170/0x3f0 [ 3108.219860] ? ioctl_preallocate+0x1a0/0x1a0 [ 3108.224269] ? __fget+0x265/0x3e0 [ 3108.227721] ? do_vfs_ioctl+0xff0/0xff0 [ 3108.231699] ? security_file_ioctl+0x83/0xb0 [ 3108.236107] SyS_ioctl+0x7f/0xb0 [ 3108.239467] ? do_vfs_ioctl+0xff0/0xff0 [ 3108.243539] do_syscall_64+0x1d5/0x640 [ 3108.247428] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3108.252701] RIP: 0033:0x7fc500a72109 [ 3108.256403] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3108.264110] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 [ 3108.271373] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 3108.278692] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 [ 3108.285958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3108.293226] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 00:21:33 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 18) 00:21:33 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000]}, 0x45c) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_SET_PROPBIT(0xffffffffffffffff, 0x4004556e, 0xa) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x490800, 0x0) ioctl$UI_DEV_DESTROY(r1, 0x5502) 00:21:33 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 20) 00:21:33 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000f80)={'dummy0\x00', 0x0}) r4 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f0000000000)={r3, @multicast2, @multicast1}, 0xc) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r5, 0x4004556a, 0x0) ioctl$UI_SET_SWBIT(r5, 0x4004556d, 0xd) sendmsg$FOU_CMD_DEL(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000ffdbdf2502000000060001004e2000000400050008000b00", @ANYRES32=r3, @ANYBLOB="050003df5d0810eb7e9fbcde0b05839000110000000500040000000000140009002001000000000000faff0000000000021b91febfb81028d4f2b0779034400d0a47b2637fb9daa5264d1bf2eef63446305ea31817f36d8efd97bc5e9069"], 0x4c}, 0x1, 0x0, 0x0, 0x4040811}, 0x8000) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x4], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) (async) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x0) (async) socket$inet_udp(0x2, 0x2, 0x0) (async) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000f80)={'dummy0\x00'}) (async) socket$inet_sctp(0x2, 0x1, 0x84) (async) setsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f0000000000)={r3, @multicast2, @multicast1}, 0xc) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r5, 0x4004556a, 0x0) (async) ioctl$UI_SET_SWBIT(r5, 0x4004556d, 0xd) (async) sendmsg$FOU_CMD_DEL(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000ffdbdf2502000000060001004e2000000400050008000b00", @ANYRES32=r3, @ANYBLOB="050003df5d0810eb7e9fbcde0b05839000110000000500040000000000140009002001000000000000faff0000000000021b91febfb81028d4f2b0779034400d0a47b2637fb9daa5264d1bf2eef63446305ea31817f36d8efd97bc5e9069"], 0x4c}, 0x1, 0x0, 0x0, 0x4040811}, 0x8000) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x4], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) [ 3108.328711] input: syz0 as /devices/virtual/input/input32871 [ 3108.406767] FAULT_INJECTION: forcing a failure. [ 3108.406767] name failslab, interval 1, probability 0, space 0, times 0 00:21:33 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [], [0x0, 0x200]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 3108.450799] input: syz0 as /devices/virtual/input/input32876 [ 3108.461924] input: syz0 as /devices/virtual/input/input32877 [ 3108.473017] input: syz0 as /devices/virtual/input/input32878 [ 3108.475483] CPU: 0 PID: 18174 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3108.486790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3108.496138] Call Trace: [ 3108.498737] dump_stack+0x1b2/0x281 [ 3108.502366] should_fail.cold+0x10a/0x149 [ 3108.506519] should_failslab+0xd6/0x130 [ 3108.510491] kmem_cache_alloc+0x28e/0x3c0 [ 3108.514669] __kernfs_new_node+0x6f/0x470 [ 3108.518825] kernfs_create_dir_ns+0x8c/0x200 [ 3108.523231] internal_create_group+0xe9/0x710 [ 3108.527730] sysfs_create_groups+0x92/0x130 [ 3108.532052] device_add+0x833/0x15c0 [ 3108.535767] ? device_is_dependent+0x2a0/0x2a0 [ 3108.540346] ? __kmalloc+0x3a4/0x400 [ 3108.544059] ? input_register_device+0x419/0xa90 [ 3108.548815] input_register_device+0x59e/0xa90 [ 3108.553394] ? __lock_acquire+0x5fc/0x3f20 [ 3108.557627] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3108.562817] ? uinput_write+0xfb0/0xfb0 [ 3108.566785] ? get_pid_task+0xb8/0x130 [ 3108.570678] ? proc_fail_nth_write+0x7b/0x180 [ 3108.575173] ? trace_hardirqs_on+0x10/0x10 [ 3108.579412] ? fsnotify+0x974/0x11b0 [ 3108.583122] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3108.588063] ? __handle_mm_fault+0x80f/0x4620 [ 3108.592557] ? SyS_write+0x1b7/0x210 [ 3108.596272] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3108.601720] do_vfs_ioctl+0x75a/0xff0 [ 3108.605517] ? lock_acquire+0x170/0x3f0 [ 3108.609491] ? ioctl_preallocate+0x1a0/0x1a0 [ 3108.613901] ? __fget+0x265/0x3e0 [ 3108.617355] ? do_vfs_ioctl+0xff0/0xff0 [ 3108.621337] ? security_file_ioctl+0x83/0xb0 [ 3108.625745] SyS_ioctl+0x7f/0xb0 [ 3108.629104] ? do_vfs_ioctl+0xff0/0xff0 [ 3108.633074] do_syscall_64+0x1d5/0x640 [ 3108.636973] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3108.642159] RIP: 0033:0x7f980133e109 00:21:33 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 21) [ 3108.645862] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3108.653579] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3108.665878] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3108.673142] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3108.680412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3108.687688] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 00:21:33 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_GET_SYSNAME(r0, 0x8040552c, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f0000000080)) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:33 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000f80)={'dummy0\x00', 0x0}) (async) r4 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f0000000000)={r3, @multicast2, @multicast1}, 0xc) (async, rerun: 64) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (rerun: 64) ioctl$UI_SET_SNDBIT(r5, 0x4004556a, 0x0) ioctl$UI_SET_SWBIT(r5, 0x4004556d, 0xd) (async) sendmsg$FOU_CMD_DEL(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000ffdbdf2502000000060001004e2000000400050008000b00", @ANYRES32=r3, @ANYBLOB="050003df5d0810eb7e9fbcde0b05839000110000000500040000000000140009002001000000000000faff0000000000021b91febfb81028d4f2b0779034400d0a47b2637fb9daa5264d1bf2eef63446305ea31817f36d8efd97bc5e9069"], 0x4c}, 0x1, 0x0, 0x0, 0x4040811}, 0x8000) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x4], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3108.722996] FAULT_INJECTION: forcing a failure. [ 3108.722996] name failslab, interval 1, probability 0, space 0, times 0 00:21:33 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_SET_PROPBIT(r0, 0x4004556e, 0x10) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_SET_PROPBIT(r0, 0x4004556e, 0x10) (async) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x0) (async) [ 3108.767399] CPU: 1 PID: 18176 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3108.775331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3108.785039] Call Trace: [ 3108.787630] dump_stack+0x1b2/0x281 [ 3108.791289] should_fail.cold+0x10a/0x149 [ 3108.795444] should_failslab+0xd6/0x130 [ 3108.799427] kmem_cache_alloc_trace+0x29a/0x3d0 [ 3108.804104] ? dev_uevent_filter+0xd0/0xd0 [ 3108.804900] input: syz0 as /devices/virtual/input/input32881 [ 3108.808336] kobject_uevent_env+0x20c/0xf30 [ 3108.808351] ? wait_for_completion_io+0x10/0x10 [ 3108.808362] ? is_acpi_device_node+0x5b/0x70 [ 3108.808372] device_del+0x642/0xa80 [ 3108.821565] input: syz0 as /devices/virtual/input/input32880 [ 3108.823126] ? __device_links_no_driver+0x1b0/0x1b0 [ 3108.823141] ? pm_runtime_set_memalloc_noio+0xdc/0x140 [ 3108.823154] del_gendisk+0x65c/0x820 [ 3108.850908] ? disk_events_poll_msecs_store+0x150/0x150 [ 3108.856278] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3108.860772] ? blk_cleanup_queue+0x43c/0x620 [ 3108.865184] loop_control_ioctl+0x347/0x3f0 [ 3108.869506] ? loop_lookup+0x190/0x190 [ 3108.873391] ? SyS_write+0x1b7/0x210 [ 3108.877109] ? loop_lookup+0x190/0x190 [ 3108.881001] do_vfs_ioctl+0x75a/0xff0 [ 3108.884808] ? lock_acquire+0x170/0x3f0 [ 3108.888785] ? ioctl_preallocate+0x1a0/0x1a0 [ 3108.893204] ? __fget+0x265/0x3e0 [ 3108.896704] ? do_vfs_ioctl+0xff0/0xff0 [ 3108.900686] ? security_file_ioctl+0x83/0xb0 [ 3108.905093] SyS_ioctl+0x7f/0xb0 [ 3108.908474] ? do_vfs_ioctl+0xff0/0xff0 [ 3108.912452] do_syscall_64+0x1d5/0x640 [ 3108.916345] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3108.921534] RIP: 0033:0x7fc500a72109 [ 3108.925239] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3108.932950] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 [ 3108.940233] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 3108.947520] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 [ 3108.954790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 00:21:34 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, 0x45c) [ 3108.962065] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 00:21:34 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 19) 00:21:34 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_DEV_CREATE(r1, 0x5501) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000000c0), 0x2040, 0x0) ioctl$UI_SET_PROPBIT(r2, 0x4004556e, 0x9) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000040)={{0x39, 0x3, 0x1ff, 0x2}, 'syz1\x00', 0x51}) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0xb) ioctl$BLKDISCARD(r2, 0x1277, &(0x7f0000000100)) 00:21:34 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, 0x45c) 00:21:34 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 3109.051703] input: syz0 as /devices/virtual/input/input32885 [ 3109.052406] input: syz0 as /devices/virtual/input/input32884 [ 3109.071591] FAULT_INJECTION: forcing a failure. [ 3109.071591] name failslab, interval 1, probability 0, space 0, times 0 00:21:34 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, 0x45c) 00:21:34 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) write$uinput_user_dev(r1, &(0x7f0000000040)={'syz1\x00', {0x40, 0xfff, 0x3ff, 0x2}, 0x4c, [0x7, 0x6, 0x7fff, 0x2, 0x7, 0x6, 0xfffffc00, 0x7, 0x4, 0x40, 0xe4e6, 0x8, 0x6, 0x8, 0x0, 0x1, 0xffffffff, 0x5, 0xfffffff7, 0xfffffff9, 0x80000000, 0xaa, 0x80, 0x8001, 0x7fff, 0x7, 0x73e80117, 0x3ff, 0x1, 0x8, 0x5, 0x5, 0x0, 0x4, 0x8001, 0x0, 0x8, 0x8001, 0x4, 0x7, 0x5, 0x5, 0x386a3618, 0xb5, 0x5, 0x8, 0x0, 0x600000, 0x7fff, 0x6, 0x0, 0xeb, 0x8, 0x81, 0x4, 0x3, 0x1, 0xe4, 0x62, 0x800, 0x3, 0x413, 0x1, 0x400], [0xffffff80, 0x7, 0x3, 0x2, 0xffff, 0x7fe3, 0x1725, 0x2, 0xffffffff, 0x4, 0xd6, 0x5, 0x5, 0x5, 0x3f, 0xbca9, 0xf64, 0x8, 0x9, 0x80000001, 0xffffffff, 0x1, 0xd3a7, 0xcf, 0x4, 0xffffff01, 0x2, 0x4, 0x7fffffff, 0x32, 0xeb7, 0x1000, 0xfffffff8, 0x7, 0x0, 0x9, 0x0, 0x3, 0x4, 0x401, 0x7ff, 0xffffffff, 0x1, 0x174a0, 0xecdb, 0x9, 0xfffffbff, 0x1, 0x934, 0x100, 0x602, 0x10000, 0x80, 0x6, 0xfff, 0x9, 0x9, 0x1, 0xff00, 0x7, 0x5, 0x800, 0x8e1, 0x5], [0x4c63, 0x101, 0x3d27c6c, 0x6, 0x200, 0x5, 0x7ff, 0x6, 0x4, 0x200, 0xe47, 0x8000, 0x6, 0x725, 0x200, 0x0, 0x7ff, 0xfb82, 0xfffffff9, 0x9, 0x4, 0xa10d, 0x6, 0x5, 0x3, 0x9, 0x100, 0x1, 0x99, 0x10001, 0x8, 0x3, 0x4, 0x81, 0xffffffff, 0xfffff465, 0x101, 0x70, 0xff, 0x401, 0x593, 0x5, 0x601, 0x4, 0x57c8, 0xfffffffb, 0x0, 0x1, 0xf0, 0x80000000, 0x5e0a, 0x5, 0x4, 0x8, 0x6, 0x4, 0x2, 0x77, 0x2, 0x7, 0x81, 0xfffffffb, 0x200, 0x6], [0xb3, 0x6, 0xffff8001, 0x9, 0xffffffff, 0x1, 0xf29, 0x0, 0xe0, 0xfff, 0x3, 0x162, 0xffff, 0x5, 0x8001, 0x4, 0x1, 0x9, 0x7, 0x400, 0x0, 0x800, 0x3f, 0x3, 0x7, 0x2, 0x81, 0xffff8000, 0x1, 0x8001, 0x4, 0x6, 0x10001, 0x6, 0x5, 0x0, 0xffff, 0x5, 0x3, 0x3, 0x10000, 0xffffffe1, 0x7, 0xffffffff, 0x0, 0x100, 0x6a42, 0x40, 0x6, 0x1, 0x400, 0x7f, 0xfffffff8, 0x6, 0x0, 0xd39, 0x6, 0x81, 0x4, 0xf4d, 0x4, 0x7, 0x4, 0xfffeffff]}, 0x45c) getsockopt$kcm_KCM_RECV_DISABLE(0xffffffffffffffff, 0x119, 0x1, &(0x7f0000000940), 0x4) [ 3109.097641] CPU: 0 PID: 18246 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3109.097987] input: syz0 as /devices/virtual/input/input32889 [ 3109.105566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3109.105571] Call Trace: [ 3109.105590] dump_stack+0x1b2/0x281 [ 3109.105604] should_fail.cold+0x10a/0x149 [ 3109.105617] should_failslab+0xd6/0x130 [ 3109.105629] kmem_cache_alloc+0x28e/0x3c0 [ 3109.105644] __kernfs_new_node+0x6f/0x470 [ 3109.105656] kernfs_new_node+0x7b/0xe0 [ 3109.105667] __kernfs_create_file+0x3d/0x320 [ 3109.155974] sysfs_add_file_mode_ns+0x1e1/0x450 [ 3109.158892] input: syz0 as /devices/virtual/input/input32893 [ 3109.160649] ? kernfs_create_dir_ns+0x171/0x200 [ 3109.160659] internal_create_group+0x22b/0x710 [ 3109.160674] sysfs_create_groups+0x92/0x130 [ 3109.160686] device_add+0x833/0x15c0 [ 3109.160700] ? device_is_dependent+0x2a0/0x2a0 [ 3109.188305] ? __kmalloc+0x3a4/0x400 [ 3109.192003] ? input_register_device+0x419/0xa90 [ 3109.196752] input_register_device+0x59e/0xa90 [ 3109.201332] ? __lock_acquire+0x5fc/0x3f20 [ 3109.205553] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3109.210739] ? uinput_write+0xfb0/0xfb0 [ 3109.214722] ? get_pid_task+0xb8/0x130 [ 3109.218594] ? proc_fail_nth_write+0x7b/0x180 [ 3109.223075] ? trace_hardirqs_on+0x10/0x10 [ 3109.227304] ? fsnotify+0x974/0x11b0 [ 3109.230999] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3109.235932] ? __handle_mm_fault+0x80f/0x4620 [ 3109.240412] ? SyS_write+0x1b7/0x210 [ 3109.244113] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3109.249543] do_vfs_ioctl+0x75a/0xff0 [ 3109.253356] ? lock_acquire+0x170/0x3f0 [ 3109.257398] ? ioctl_preallocate+0x1a0/0x1a0 [ 3109.261785] ? __fget+0x265/0x3e0 [ 3109.265218] ? do_vfs_ioctl+0xff0/0xff0 [ 3109.269172] ? security_file_ioctl+0x83/0xb0 [ 3109.273564] SyS_ioctl+0x7f/0xb0 [ 3109.276910] ? do_vfs_ioctl+0xff0/0xff0 [ 3109.280871] do_syscall_64+0x1d5/0x640 [ 3109.284751] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3109.289925] RIP: 0033:0x7f980133e109 [ 3109.293612] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 00:21:34 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 22) 00:21:34 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_DEV_CREATE(r1, 0x5501) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000000c0), 0x2040, 0x0) ioctl$UI_SET_PROPBIT(r2, 0x4004556e, 0x9) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000040)={{0x39, 0x3, 0x1ff, 0x2}, 'syz1\x00', 0x51}) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0xb) ioctl$BLKDISCARD(r2, 0x1277, &(0x7f0000000100)) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_DEV_CREATE(r1, 0x5501) (async) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000000c0), 0x2040, 0x0) (async) ioctl$UI_SET_PROPBIT(r2, 0x4004556e, 0x9) (async) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000040)={{0x39, 0x3, 0x1ff, 0x2}, 'syz1\x00', 0x51}) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0xb) (async) ioctl$BLKDISCARD(r2, 0x1277, &(0x7f0000000100)) (async) 00:21:34 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_GET_SYSNAME(r0, 0x8040552c, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f0000000080)) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_GET_SYSNAME(r0, 0x8040552c, &(0x7f0000000040)) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f0000000080)) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) [ 3109.301324] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3109.308575] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3109.315929] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3109.323175] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3109.330445] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 00:21:34 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async, rerun: 64) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (rerun: 64) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) write$uinput_user_dev(r1, &(0x7f0000000040)={'syz1\x00', {0x40, 0xfff, 0x3ff, 0x2}, 0x4c, [0x7, 0x6, 0x7fff, 0x2, 0x7, 0x6, 0xfffffc00, 0x7, 0x4, 0x40, 0xe4e6, 0x8, 0x6, 0x8, 0x0, 0x1, 0xffffffff, 0x5, 0xfffffff7, 0xfffffff9, 0x80000000, 0xaa, 0x80, 0x8001, 0x7fff, 0x7, 0x73e80117, 0x3ff, 0x1, 0x8, 0x5, 0x5, 0x0, 0x4, 0x8001, 0x0, 0x8, 0x8001, 0x4, 0x7, 0x5, 0x5, 0x386a3618, 0xb5, 0x5, 0x8, 0x0, 0x600000, 0x7fff, 0x6, 0x0, 0xeb, 0x8, 0x81, 0x4, 0x3, 0x1, 0xe4, 0x62, 0x800, 0x3, 0x413, 0x1, 0x400], [0xffffff80, 0x7, 0x3, 0x2, 0xffff, 0x7fe3, 0x1725, 0x2, 0xffffffff, 0x4, 0xd6, 0x5, 0x5, 0x5, 0x3f, 0xbca9, 0xf64, 0x8, 0x9, 0x80000001, 0xffffffff, 0x1, 0xd3a7, 0xcf, 0x4, 0xffffff01, 0x2, 0x4, 0x7fffffff, 0x32, 0xeb7, 0x1000, 0xfffffff8, 0x7, 0x0, 0x9, 0x0, 0x3, 0x4, 0x401, 0x7ff, 0xffffffff, 0x1, 0x174a0, 0xecdb, 0x9, 0xfffffbff, 0x1, 0x934, 0x100, 0x602, 0x10000, 0x80, 0x6, 0xfff, 0x9, 0x9, 0x1, 0xff00, 0x7, 0x5, 0x800, 0x8e1, 0x5], [0x4c63, 0x101, 0x3d27c6c, 0x6, 0x200, 0x5, 0x7ff, 0x6, 0x4, 0x200, 0xe47, 0x8000, 0x6, 0x725, 0x200, 0x0, 0x7ff, 0xfb82, 0xfffffff9, 0x9, 0x4, 0xa10d, 0x6, 0x5, 0x3, 0x9, 0x100, 0x1, 0x99, 0x10001, 0x8, 0x3, 0x4, 0x81, 0xffffffff, 0xfffff465, 0x101, 0x70, 0xff, 0x401, 0x593, 0x5, 0x601, 0x4, 0x57c8, 0xfffffffb, 0x0, 0x1, 0xf0, 0x80000000, 0x5e0a, 0x5, 0x4, 0x8, 0x6, 0x4, 0x2, 0x77, 0x2, 0x7, 0x81, 0xfffffffb, 0x200, 0x6], [0xb3, 0x6, 0xffff8001, 0x9, 0xffffffff, 0x1, 0xf29, 0x0, 0xe0, 0xfff, 0x3, 0x162, 0xffff, 0x5, 0x8001, 0x4, 0x1, 0x9, 0x7, 0x400, 0x0, 0x800, 0x3f, 0x3, 0x7, 0x2, 0x81, 0xffff8000, 0x1, 0x8001, 0x4, 0x6, 0x10001, 0x6, 0x5, 0x0, 0xffff, 0x5, 0x3, 0x3, 0x10000, 0xffffffe1, 0x7, 0xffffffff, 0x0, 0x100, 0x6a42, 0x40, 0x6, 0x1, 0x400, 0x7f, 0xfffffff8, 0x6, 0x0, 0xd39, 0x6, 0x81, 0x4, 0xf4d, 0x4, 0x7, 0x4, 0xfffeffff]}, 0x45c) (async) getsockopt$kcm_KCM_RECV_DISABLE(0xffffffffffffffff, 0x119, 0x1, &(0x7f0000000940), 0x4) [ 3109.367493] FAULT_INJECTION: forcing a failure. [ 3109.367493] name failslab, interval 1, probability 0, space 0, times 0 [ 3109.382528] CPU: 1 PID: 18249 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3109.390424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3109.399771] Call Trace: [ 3109.399787] dump_stack+0x1b2/0x281 [ 3109.399802] should_fail.cold+0x10a/0x149 [ 3109.399813] should_failslab+0xd6/0x130 [ 3109.399824] __kmalloc+0x2c1/0x400 [ 3109.399833] ? kobject_get_path+0xb5/0x230 [ 3109.399842] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 3109.399853] kobject_get_path+0xb5/0x230 [ 3109.399866] kobject_uevent_env+0x230/0xf30 [ 3109.399878] ? wait_for_completion_io+0x10/0x10 [ 3109.399890] ? is_acpi_device_node+0x5b/0x70 [ 3109.406083] device_del+0x642/0xa80 [ 3109.406098] ? __device_links_no_driver+0x1b0/0x1b0 [ 3109.406109] ? pm_runtime_set_memalloc_noio+0xdc/0x140 [ 3109.406119] del_gendisk+0x65c/0x820 [ 3109.414230] ? disk_events_poll_msecs_store+0x150/0x150 [ 3109.414243] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3109.414251] ? blk_cleanup_queue+0x43c/0x620 [ 3109.414263] loop_control_ioctl+0x347/0x3f0 [ 3109.422031] ? loop_lookup+0x190/0x190 [ 3109.422041] ? SyS_write+0x1b7/0x210 [ 3109.422053] ? loop_lookup+0x190/0x190 [ 3109.422062] do_vfs_ioctl+0x75a/0xff0 [ 3109.422071] ? lock_acquire+0x170/0x3f0 [ 3109.422081] ? ioctl_preallocate+0x1a0/0x1a0 [ 3109.422093] ? __fget+0x265/0x3e0 [ 3109.422104] ? do_vfs_ioctl+0xff0/0xff0 [ 3109.422115] ? security_file_ioctl+0x83/0xb0 [ 3109.422124] SyS_ioctl+0x7f/0xb0 [ 3109.422131] ? do_vfs_ioctl+0xff0/0xff0 [ 3109.422142] do_syscall_64+0x1d5/0x640 [ 3109.431706] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3109.440766] RIP: 0033:0x7fc500a72109 [ 3109.440772] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3109.440783] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 [ 3109.440788] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 3109.440793] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 00:21:34 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 20) [ 3109.440797] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3109.440802] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 [ 3109.469421] input: syz0 as /devices/virtual/input/input32897 [ 3109.620130] input: syz0 as /devices/virtual/input/input32898 [ 3109.627017] FAULT_INJECTION: forcing a failure. [ 3109.627017] name failslab, interval 1, probability 0, space 0, times 0 [ 3109.643430] input: syz0 as /devices/virtual/input/input32901 [ 3109.643820] input: syz1 as /devices/virtual/input/input32899 [ 3109.655565] CPU: 1 PID: 18299 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3109.663448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3109.663452] Call Trace: [ 3109.663469] dump_stack+0x1b2/0x281 [ 3109.663484] should_fail.cold+0x10a/0x149 [ 3109.663496] should_failslab+0xd6/0x130 [ 3109.663510] kmem_cache_alloc+0x28e/0x3c0 [ 3109.663524] __kernfs_new_node+0x6f/0x470 [ 3109.663538] kernfs_new_node+0x7b/0xe0 [ 3109.663548] __kernfs_create_file+0x3d/0x320 [ 3109.663558] sysfs_add_file_mode_ns+0x1e1/0x450 [ 3109.663567] ? kernfs_create_dir_ns+0x171/0x200 [ 3109.663578] internal_create_group+0x22b/0x710 [ 3109.663591] sysfs_create_groups+0x92/0x130 [ 3109.663602] device_add+0x833/0x15c0 [ 3109.725941] ? device_is_dependent+0x2a0/0x2a0 [ 3109.731398] ? __kmalloc+0x3a4/0x400 [ 3109.735209] ? input_register_device+0x419/0xa90 [ 3109.739973] input_register_device+0x59e/0xa90 [ 3109.744563] ? __lock_acquire+0x5fc/0x3f20 [ 3109.748818] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3109.754034] ? uinput_write+0xfb0/0xfb0 [ 3109.758005] ? get_pid_task+0xb8/0x130 [ 3109.761894] ? proc_fail_nth_write+0x7b/0x180 [ 3109.766392] ? trace_hardirqs_on+0x10/0x10 [ 3109.770805] ? fsnotify+0x974/0x11b0 [ 3109.774522] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3109.779447] ? __handle_mm_fault+0x80f/0x4620 [ 3109.779459] ? SyS_write+0x1b7/0x210 [ 3109.779475] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3109.779486] do_vfs_ioctl+0x75a/0xff0 [ 3109.779497] ? lock_acquire+0x170/0x3f0 [ 3109.779505] ? ioctl_preallocate+0x1a0/0x1a0 [ 3109.779516] ? __fget+0x265/0x3e0 [ 3109.779527] ? do_vfs_ioctl+0xff0/0xff0 [ 3109.779538] ? security_file_ioctl+0x83/0xb0 [ 3109.779548] SyS_ioctl+0x7f/0xb0 00:21:35 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 23) 00:21:35 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_GET_SYSNAME(r0, 0x8040552c, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f0000000080)) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_GET_SYSNAME(r0, 0x8040552c, &(0x7f0000000040)) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f0000000080)) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) [ 3109.779555] ? do_vfs_ioctl+0xff0/0xff0 [ 3109.779566] do_syscall_64+0x1d5/0x640 [ 3109.779581] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3109.817106] RIP: 0033:0x7f980133e109 [ 3109.817111] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3109.817123] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3109.817128] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3109.817134] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 00:21:35 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_DEV_CREATE(r1, 0x5501) (async, rerun: 64) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (rerun: 64) r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000000c0), 0x2040, 0x0) ioctl$UI_SET_PROPBIT(r2, 0x4004556e, 0x9) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000040)={{0x39, 0x3, 0x1ff, 0x2}, 'syz1\x00', 0x51}) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0xb) (async) ioctl$BLKDISCARD(r2, 0x1277, &(0x7f0000000100)) 00:21:35 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) (async) [ 3109.817140] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3109.817146] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3109.894058] input: syz0 as /devices/virtual/input/input32895 [ 3109.917643] FAULT_INJECTION: forcing a failure. [ 3109.917643] name failslab, interval 1, probability 0, space 0, times 0 [ 3109.938077] CPU: 1 PID: 18316 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3109.946068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3109.955415] Call Trace: [ 3109.955431] dump_stack+0x1b2/0x281 [ 3109.955447] should_fail.cold+0x10a/0x149 [ 3109.962498] should_failslab+0xd6/0x130 [ 3109.962510] __kmalloc+0x2c1/0x400 [ 3109.962519] ? kobject_get_path+0xb5/0x230 [ 3109.962529] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 3109.962540] kobject_get_path+0xb5/0x230 [ 3109.962553] kobject_uevent_env+0x230/0xf30 [ 3109.962565] ? wait_for_completion_io+0x10/0x10 [ 3109.962575] ? is_acpi_device_node+0x5b/0x70 [ 3109.962586] device_del+0x642/0xa80 [ 3109.962596] ? __device_links_no_driver+0x1b0/0x1b0 [ 3109.962608] ? pm_runtime_set_memalloc_noio+0xdc/0x140 [ 3109.962619] del_gendisk+0x65c/0x820 [ 3109.974232] ? disk_events_poll_msecs_store+0x150/0x150 [ 3109.974246] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3109.983889] ? blk_cleanup_queue+0x43c/0x620 [ 3109.983900] loop_control_ioctl+0x347/0x3f0 [ 3109.983909] ? loop_lookup+0x190/0x190 [ 3109.983918] ? SyS_write+0x1b7/0x210 [ 3109.983929] ? loop_lookup+0x190/0x190 [ 3109.983939] do_vfs_ioctl+0x75a/0xff0 [ 3109.983949] ? lock_acquire+0x170/0x3f0 [ 3109.983958] ? ioctl_preallocate+0x1a0/0x1a0 [ 3109.983969] ? __fget+0x265/0x3e0 [ 3109.983979] ? do_vfs_ioctl+0xff0/0xff0 [ 3109.996990] ? security_file_ioctl+0x83/0xb0 [ 3109.997004] SyS_ioctl+0x7f/0xb0 [ 3109.997013] ? do_vfs_ioctl+0xff0/0xff0 [ 3110.033813] do_syscall_64+0x1d5/0x640 [ 3110.033831] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3110.057317] RIP: 0033:0x7fc500a72109 [ 3110.057324] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3110.057337] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 [ 3110.108555] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 00:21:35 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 21) [ 3110.108561] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 [ 3110.108567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3110.108572] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 [ 3110.158529] FAULT_INJECTION: forcing a failure. [ 3110.158529] name failslab, interval 1, probability 0, space 0, times 0 [ 3110.171487] input: syz0 as /devices/virtual/input/input32903 [ 3110.178688] input: syz0 as /devices/virtual/input/input32904 [ 3110.195741] input: syz0 as /devices/virtual/input/input32905 [ 3110.204987] CPU: 0 PID: 18346 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3110.212884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3110.222273] Call Trace: [ 3110.224862] dump_stack+0x1b2/0x281 [ 3110.228495] should_fail.cold+0x10a/0x149 [ 3110.232792] should_failslab+0xd6/0x130 [ 3110.236883] kmem_cache_alloc+0x28e/0x3c0 [ 3110.241036] __kernfs_new_node+0x6f/0x470 [ 3110.245251] kernfs_new_node+0x7b/0xe0 [ 3110.249121] __kernfs_create_file+0x3d/0x320 [ 3110.253592] sysfs_add_file_mode_ns+0x1e1/0x450 [ 3110.258243] ? kernfs_create_dir_ns+0x171/0x200 [ 3110.262895] internal_create_group+0x22b/0x710 [ 3110.267462] sysfs_create_groups+0x92/0x130 00:21:35 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 3110.271774] device_add+0x833/0x15c0 [ 3110.275484] ? device_is_dependent+0x2a0/0x2a0 [ 3110.280089] ? __kmalloc+0x3a4/0x400 [ 3110.283842] ? input_register_device+0x419/0xa90 [ 3110.288704] input_register_device+0x59e/0xa90 [ 3110.293278] ? __lock_acquire+0x5fc/0x3f20 [ 3110.297499] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3110.302767] ? uinput_write+0xfb0/0xfb0 [ 3110.306722] ? get_pid_task+0xb8/0x130 [ 3110.310590] ? proc_fail_nth_write+0x7b/0x180 [ 3110.315067] ? trace_hardirqs_on+0x10/0x10 [ 3110.319296] ? fsnotify+0x974/0x11b0 [ 3110.322994] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3110.327908] ? __handle_mm_fault+0x80f/0x4620 [ 3110.332383] ? SyS_write+0x1b7/0x210 [ 3110.336083] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3110.341515] do_vfs_ioctl+0x75a/0xff0 [ 3110.345299] ? lock_acquire+0x170/0x3f0 [ 3110.349260] ? ioctl_preallocate+0x1a0/0x1a0 [ 3110.353663] ? __fget+0x265/0x3e0 [ 3110.357229] ? do_vfs_ioctl+0xff0/0xff0 [ 3110.361186] ? security_file_ioctl+0x83/0xb0 [ 3110.365643] SyS_ioctl+0x7f/0xb0 [ 3110.368992] ? do_vfs_ioctl+0xff0/0xff0 [ 3110.373034] do_syscall_64+0x1d5/0x640 [ 3110.377429] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3110.382599] RIP: 0033:0x7f980133e109 [ 3110.386288] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3110.393995] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3110.401244] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3110.408522] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3110.415887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 00:21:35 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0xc) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100]}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:35 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) write$uinput_user_dev(r1, &(0x7f0000000040)={'syz1\x00', {0x40, 0xfff, 0x3ff, 0x2}, 0x4c, [0x7, 0x6, 0x7fff, 0x2, 0x7, 0x6, 0xfffffc00, 0x7, 0x4, 0x40, 0xe4e6, 0x8, 0x6, 0x8, 0x0, 0x1, 0xffffffff, 0x5, 0xfffffff7, 0xfffffff9, 0x80000000, 0xaa, 0x80, 0x8001, 0x7fff, 0x7, 0x73e80117, 0x3ff, 0x1, 0x8, 0x5, 0x5, 0x0, 0x4, 0x8001, 0x0, 0x8, 0x8001, 0x4, 0x7, 0x5, 0x5, 0x386a3618, 0xb5, 0x5, 0x8, 0x0, 0x600000, 0x7fff, 0x6, 0x0, 0xeb, 0x8, 0x81, 0x4, 0x3, 0x1, 0xe4, 0x62, 0x800, 0x3, 0x413, 0x1, 0x400], [0xffffff80, 0x7, 0x3, 0x2, 0xffff, 0x7fe3, 0x1725, 0x2, 0xffffffff, 0x4, 0xd6, 0x5, 0x5, 0x5, 0x3f, 0xbca9, 0xf64, 0x8, 0x9, 0x80000001, 0xffffffff, 0x1, 0xd3a7, 0xcf, 0x4, 0xffffff01, 0x2, 0x4, 0x7fffffff, 0x32, 0xeb7, 0x1000, 0xfffffff8, 0x7, 0x0, 0x9, 0x0, 0x3, 0x4, 0x401, 0x7ff, 0xffffffff, 0x1, 0x174a0, 0xecdb, 0x9, 0xfffffbff, 0x1, 0x934, 0x100, 0x602, 0x10000, 0x80, 0x6, 0xfff, 0x9, 0x9, 0x1, 0xff00, 0x7, 0x5, 0x800, 0x8e1, 0x5], [0x4c63, 0x101, 0x3d27c6c, 0x6, 0x200, 0x5, 0x7ff, 0x6, 0x4, 0x200, 0xe47, 0x8000, 0x6, 0x725, 0x200, 0x0, 0x7ff, 0xfb82, 0xfffffff9, 0x9, 0x4, 0xa10d, 0x6, 0x5, 0x3, 0x9, 0x100, 0x1, 0x99, 0x10001, 0x8, 0x3, 0x4, 0x81, 0xffffffff, 0xfffff465, 0x101, 0x70, 0xff, 0x401, 0x593, 0x5, 0x601, 0x4, 0x57c8, 0xfffffffb, 0x0, 0x1, 0xf0, 0x80000000, 0x5e0a, 0x5, 0x4, 0x8, 0x6, 0x4, 0x2, 0x77, 0x2, 0x7, 0x81, 0xfffffffb, 0x200, 0x6], [0xb3, 0x6, 0xffff8001, 0x9, 0xffffffff, 0x1, 0xf29, 0x0, 0xe0, 0xfff, 0x3, 0x162, 0xffff, 0x5, 0x8001, 0x4, 0x1, 0x9, 0x7, 0x400, 0x0, 0x800, 0x3f, 0x3, 0x7, 0x2, 0x81, 0xffff8000, 0x1, 0x8001, 0x4, 0x6, 0x10001, 0x6, 0x5, 0x0, 0xffff, 0x5, 0x3, 0x3, 0x10000, 0xffffffe1, 0x7, 0xffffffff, 0x0, 0x100, 0x6a42, 0x40, 0x6, 0x1, 0x400, 0x7f, 0xfffffff8, 0x6, 0x0, 0xd39, 0x6, 0x81, 0x4, 0xf4d, 0x4, 0x7, 0x4, 0xfffeffff]}, 0x45c) getsockopt$kcm_KCM_RECV_DISABLE(0xffffffffffffffff, 0x119, 0x1, &(0x7f0000000940), 0x4) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) write$uinput_user_dev(r1, &(0x7f0000000040)={'syz1\x00', {0x40, 0xfff, 0x3ff, 0x2}, 0x4c, [0x7, 0x6, 0x7fff, 0x2, 0x7, 0x6, 0xfffffc00, 0x7, 0x4, 0x40, 0xe4e6, 0x8, 0x6, 0x8, 0x0, 0x1, 0xffffffff, 0x5, 0xfffffff7, 0xfffffff9, 0x80000000, 0xaa, 0x80, 0x8001, 0x7fff, 0x7, 0x73e80117, 0x3ff, 0x1, 0x8, 0x5, 0x5, 0x0, 0x4, 0x8001, 0x0, 0x8, 0x8001, 0x4, 0x7, 0x5, 0x5, 0x386a3618, 0xb5, 0x5, 0x8, 0x0, 0x600000, 0x7fff, 0x6, 0x0, 0xeb, 0x8, 0x81, 0x4, 0x3, 0x1, 0xe4, 0x62, 0x800, 0x3, 0x413, 0x1, 0x400], [0xffffff80, 0x7, 0x3, 0x2, 0xffff, 0x7fe3, 0x1725, 0x2, 0xffffffff, 0x4, 0xd6, 0x5, 0x5, 0x5, 0x3f, 0xbca9, 0xf64, 0x8, 0x9, 0x80000001, 0xffffffff, 0x1, 0xd3a7, 0xcf, 0x4, 0xffffff01, 0x2, 0x4, 0x7fffffff, 0x32, 0xeb7, 0x1000, 0xfffffff8, 0x7, 0x0, 0x9, 0x0, 0x3, 0x4, 0x401, 0x7ff, 0xffffffff, 0x1, 0x174a0, 0xecdb, 0x9, 0xfffffbff, 0x1, 0x934, 0x100, 0x602, 0x10000, 0x80, 0x6, 0xfff, 0x9, 0x9, 0x1, 0xff00, 0x7, 0x5, 0x800, 0x8e1, 0x5], [0x4c63, 0x101, 0x3d27c6c, 0x6, 0x200, 0x5, 0x7ff, 0x6, 0x4, 0x200, 0xe47, 0x8000, 0x6, 0x725, 0x200, 0x0, 0x7ff, 0xfb82, 0xfffffff9, 0x9, 0x4, 0xa10d, 0x6, 0x5, 0x3, 0x9, 0x100, 0x1, 0x99, 0x10001, 0x8, 0x3, 0x4, 0x81, 0xffffffff, 0xfffff465, 0x101, 0x70, 0xff, 0x401, 0x593, 0x5, 0x601, 0x4, 0x57c8, 0xfffffffb, 0x0, 0x1, 0xf0, 0x80000000, 0x5e0a, 0x5, 0x4, 0x8, 0x6, 0x4, 0x2, 0x77, 0x2, 0x7, 0x81, 0xfffffffb, 0x200, 0x6], [0xb3, 0x6, 0xffff8001, 0x9, 0xffffffff, 0x1, 0xf29, 0x0, 0xe0, 0xfff, 0x3, 0x162, 0xffff, 0x5, 0x8001, 0x4, 0x1, 0x9, 0x7, 0x400, 0x0, 0x800, 0x3f, 0x3, 0x7, 0x2, 0x81, 0xffff8000, 0x1, 0x8001, 0x4, 0x6, 0x10001, 0x6, 0x5, 0x0, 0xffff, 0x5, 0x3, 0x3, 0x10000, 0xffffffe1, 0x7, 0xffffffff, 0x0, 0x100, 0x6a42, 0x40, 0x6, 0x1, 0x400, 0x7f, 0xfffffff8, 0x6, 0x0, 0xd39, 0x6, 0x81, 0x4, 0xf4d, 0x4, 0x7, 0x4, 0xfffeffff]}, 0x45c) (async) getsockopt$kcm_KCM_RECV_DISABLE(0xffffffffffffffff, 0x119, 0x1, &(0x7f0000000940), 0x4) (async) 00:21:35 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3110.423138] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3110.457775] FAULT_INJECTION: forcing a failure. [ 3110.457775] name failslab, interval 1, probability 0, space 0, times 0 00:21:35 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 24) [ 3110.464135] input: syz0 as /devices/virtual/input/input32910 [ 3110.486140] input: syz0 as /devices/virtual/input/input32912 [ 3110.487825] CPU: 1 PID: 18354 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3110.499841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3110.509189] Call Trace: [ 3110.511762] dump_stack+0x1b2/0x281 [ 3110.515479] should_fail.cold+0x10a/0x149 [ 3110.519609] should_failslab+0xd6/0x130 [ 3110.523583] __kmalloc+0x2c1/0x400 [ 3110.527104] ? kobject_get_path+0xb5/0x230 [ 3110.531321] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 3110.536752] kobject_get_path+0xb5/0x230 [ 3110.540813] kobject_uevent_env+0x230/0xf30 [ 3110.545125] ? wait_for_completion_io+0x10/0x10 [ 3110.549780] ? is_acpi_device_node+0x5b/0x70 [ 3110.554168] device_del+0x642/0xa80 [ 3110.557793] ? __device_links_no_driver+0x1b0/0x1b0 [ 3110.562795] ? pm_runtime_set_memalloc_noio+0xdc/0x140 [ 3110.568057] del_gendisk+0x65c/0x820 [ 3110.571751] ? disk_events_poll_msecs_store+0x150/0x150 [ 3110.577095] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3110.581571] ? blk_cleanup_queue+0x43c/0x620 [ 3110.585962] loop_control_ioctl+0x347/0x3f0 [ 3110.590309] ? loop_lookup+0x190/0x190 [ 3110.594206] ? SyS_write+0x1b7/0x210 [ 3110.597912] ? loop_lookup+0x190/0x190 [ 3110.601781] do_vfs_ioctl+0x75a/0xff0 [ 3110.605567] ? lock_acquire+0x170/0x3f0 [ 3110.609528] ? ioctl_preallocate+0x1a0/0x1a0 [ 3110.613937] ? __fget+0x265/0x3e0 [ 3110.617368] ? do_vfs_ioctl+0xff0/0xff0 [ 3110.621322] ? security_file_ioctl+0x83/0xb0 [ 3110.625711] SyS_ioctl+0x7f/0xb0 [ 3110.629054] ? do_vfs_ioctl+0xff0/0xff0 [ 3110.633031] do_syscall_64+0x1d5/0x640 [ 3110.636901] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3110.642076] RIP: 0033:0x7fc500a72109 [ 3110.645772] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3110.653457] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 [ 3110.660708] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 00:21:35 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) 00:21:35 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 22) [ 3110.667963] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 [ 3110.675211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3110.682459] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 [ 3110.745790] input: syz0 as /devices/virtual/input/input32913 [ 3110.768093] input: syz0 as /devices/virtual/input/input32914 [ 3110.785318] FAULT_INJECTION: forcing a failure. 00:21:35 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200], [0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff4f], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, 0x45c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x15) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:36 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0xc) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100]}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0xc) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100]}, 0x45c) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) [ 3110.785318] name failslab, interval 1, probability 0, space 0, times 0 [ 3110.790118] input: syz0 as /devices/virtual/input/input32915 [ 3110.835569] CPU: 0 PID: 18413 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3110.843486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3110.852840] Call Trace: [ 3110.855434] dump_stack+0x1b2/0x281 [ 3110.859071] should_fail.cold+0x10a/0x149 [ 3110.863237] should_failslab+0xd6/0x130 [ 3110.867318] kmem_cache_alloc+0x28e/0x3c0 [ 3110.871474] __kernfs_new_node+0x6f/0x470 [ 3110.875628] kernfs_new_node+0x7b/0xe0 [ 3110.879517] __kernfs_create_file+0x3d/0x320 [ 3110.883939] sysfs_add_file_mode_ns+0x1e1/0x450 [ 3110.888609] ? kernfs_create_dir_ns+0x171/0x200 [ 3110.893281] internal_create_group+0x22b/0x710 [ 3110.897872] sysfs_create_groups+0x92/0x130 [ 3110.902200] device_add+0x833/0x15c0 [ 3110.905924] ? device_is_dependent+0x2a0/0x2a0 [ 3110.910514] ? __kmalloc+0x3a4/0x400 [ 3110.914251] ? input_register_device+0x419/0xa90 [ 3110.919014] input_register_device+0x59e/0xa90 [ 3110.923610] ? __lock_acquire+0x5fc/0x3f20 [ 3110.928072] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3110.933273] ? uinput_write+0xfb0/0xfb0 [ 3110.937249] ? get_pid_task+0xb8/0x130 [ 3110.941139] ? proc_fail_nth_write+0x7b/0x180 [ 3110.945635] ? trace_hardirqs_on+0x10/0x10 [ 3110.951178] ? fsnotify+0x974/0x11b0 [ 3110.954913] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3110.959850] ? __handle_mm_fault+0x80f/0x4620 [ 3110.964345] ? SyS_write+0x1b7/0x210 [ 3110.968062] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3110.973514] do_vfs_ioctl+0x75a/0xff0 [ 3110.977316] ? lock_acquire+0x170/0x3f0 [ 3110.981290] ? ioctl_preallocate+0x1a0/0x1a0 [ 3110.985703] ? __fget+0x265/0x3e0 [ 3110.989161] ? do_vfs_ioctl+0xff0/0xff0 [ 3110.993137] ? security_file_ioctl+0x83/0xb0 [ 3110.997553] SyS_ioctl+0x7f/0xb0 [ 3111.000924] ? do_vfs_ioctl+0xff0/0xff0 [ 3111.004990] do_syscall_64+0x1d5/0x640 [ 3111.008880] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3111.014068] RIP: 0033:0x7f980133e109 [ 3111.017793] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3111.025500] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3111.032767] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3111.040035] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 00:21:36 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 25) 00:21:36 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async, rerun: 64) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (rerun: 64) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:36 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x35) [ 3111.047327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3111.054595] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3111.081028] input: syz0 as /devices/virtual/input/input32918 [ 3111.101658] FAULT_INJECTION: forcing a failure. [ 3111.101658] name failslab, interval 1, probability 0, space 0, times 0 [ 3111.116208] CPU: 0 PID: 18417 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3111.124104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3111.133456] Call Trace: [ 3111.136045] dump_stack+0x1b2/0x281 [ 3111.139701] should_fail.cold+0x10a/0x149 [ 3111.143856] should_failslab+0xd6/0x130 [ 3111.147836] kmem_cache_alloc_node+0x263/0x410 [ 3111.152421] __alloc_skb+0x5c/0x510 [ 3111.156048] kobject_uevent_env+0x882/0xf30 [ 3111.160380] device_del+0x642/0xa80 [ 3111.164023] ? __device_links_no_driver+0x1b0/0x1b0 [ 3111.169040] ? pm_runtime_set_memalloc_noio+0xdc/0x140 [ 3111.174324] del_gendisk+0x65c/0x820 [ 3111.178040] ? disk_events_poll_msecs_store+0x150/0x150 [ 3111.183410] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3111.187905] ? blk_cleanup_queue+0x43c/0x620 [ 3111.192315] loop_control_ioctl+0x347/0x3f0 [ 3111.196638] ? loop_lookup+0x190/0x190 [ 3111.200524] ? SyS_write+0x1b7/0x210 [ 3111.204238] ? loop_lookup+0x190/0x190 [ 3111.208124] do_vfs_ioctl+0x75a/0xff0 [ 3111.211923] ? lock_acquire+0x170/0x3f0 [ 3111.215906] ? ioctl_preallocate+0x1a0/0x1a0 [ 3111.220316] ? __fget+0x265/0x3e0 [ 3111.223774] ? do_vfs_ioctl+0xff0/0xff0 [ 3111.227746] ? security_file_ioctl+0x83/0xb0 [ 3111.232189] SyS_ioctl+0x7f/0xb0 [ 3111.235553] ? do_vfs_ioctl+0xff0/0xff0 [ 3111.239529] do_syscall_64+0x1d5/0x640 [ 3111.243455] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3111.248646] RIP: 0033:0x7fc500a72109 [ 3111.252351] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3111.260062] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 [ 3111.267332] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 3111.274602] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 [ 3111.281870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3111.289142] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 00:21:36 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 23) 00:21:36 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200], [0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff4f], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, 0x45c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x15) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200], [0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff4f], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, 0x45c) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x15) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) 00:21:36 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3111.333444] input: syz0 as /devices/virtual/input/input32920 [ 3111.342981] input: syz0 as /devices/virtual/input/input32921 00:21:36 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0xc) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100]}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0xc) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100]}, 0x45c) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) [ 3111.385852] input: syz0 as /devices/virtual/input/input32923 [ 3111.395800] input: syz0 as /devices/virtual/input/input32925 [ 3111.406580] FAULT_INJECTION: forcing a failure. [ 3111.406580] name failslab, interval 1, probability 0, space 0, times 0 [ 3111.412851] input: syz0 as /devices/virtual/input/input32927 00:21:36 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async, rerun: 32) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async, rerun: 32) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x35) [ 3111.436708] FAULT_INJECTION: forcing a failure. [ 3111.436708] name failslab, interval 1, probability 0, space 0, times 0 [ 3111.440939] CPU: 1 PID: 18474 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3111.455787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3111.465128] Call Trace: [ 3111.467704] dump_stack+0x1b2/0x281 [ 3111.471331] should_fail.cold+0x10a/0x149 [ 3111.475469] should_failslab+0xd6/0x130 [ 3111.479427] kmem_cache_alloc+0x28e/0x3c0 [ 3111.483564] __kernfs_new_node+0x6f/0x470 [ 3111.487695] kernfs_new_node+0x7b/0xe0 [ 3111.491574] __kernfs_create_file+0x3d/0x320 [ 3111.495977] sysfs_add_file_mode_ns+0x1e1/0x450 [ 3111.500632] ? kernfs_create_dir_ns+0x171/0x200 [ 3111.505287] internal_create_group+0x22b/0x710 [ 3111.509862] sysfs_create_groups+0x92/0x130 [ 3111.514207] device_add+0x833/0x15c0 [ 3111.517906] ? device_is_dependent+0x2a0/0x2a0 [ 3111.522490] ? __kmalloc+0x3a4/0x400 [ 3111.526205] ? input_register_device+0x419/0xa90 [ 3111.531155] input_register_device+0x59e/0xa90 [ 3111.535736] ? __lock_acquire+0x5fc/0x3f20 [ 3111.539966] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3111.545165] ? uinput_write+0xfb0/0xfb0 [ 3111.549130] ? get_pid_task+0xb8/0x130 [ 3111.553042] ? proc_fail_nth_write+0x7b/0x180 [ 3111.557529] ? trace_hardirqs_on+0x10/0x10 [ 3111.561754] ? fsnotify+0x974/0x11b0 [ 3111.565456] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3111.570374] ? __handle_mm_fault+0x80f/0x4620 [ 3111.574857] ? SyS_write+0x1b7/0x210 [ 3111.578556] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3111.583991] do_vfs_ioctl+0x75a/0xff0 [ 3111.587777] ? lock_acquire+0x170/0x3f0 [ 3111.591743] ? ioctl_preallocate+0x1a0/0x1a0 [ 3111.596142] ? __fget+0x265/0x3e0 [ 3111.599586] ? do_vfs_ioctl+0xff0/0xff0 [ 3111.603554] ? security_file_ioctl+0x83/0xb0 [ 3111.608044] SyS_ioctl+0x7f/0xb0 [ 3111.611397] ? do_vfs_ioctl+0xff0/0xff0 [ 3111.615359] do_syscall_64+0x1d5/0x640 [ 3111.619234] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3111.624409] RIP: 0033:0x7f980133e109 [ 3111.628109] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3111.635810] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3111.643075] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3111.650329] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3111.657767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3111.665018] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3111.674127] CPU: 0 PID: 18462 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3111.682053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3111.691397] Call Trace: [ 3111.693971] dump_stack+0x1b2/0x281 [ 3111.697582] should_fail.cold+0x10a/0x149 [ 3111.701718] should_failslab+0xd6/0x130 [ 3111.705681] kmem_cache_alloc_node_trace+0x25a/0x400 [ 3111.710770] __kmalloc_node_track_caller+0x38/0x70 [ 3111.715772] __alloc_skb+0x96/0x510 [ 3111.719405] kobject_uevent_env+0x882/0xf30 [ 3111.723803] device_del+0x642/0xa80 [ 3111.727412] ? __device_links_no_driver+0x1b0/0x1b0 [ 3111.732414] ? pm_runtime_set_memalloc_noio+0xdc/0x140 [ 3111.737680] del_gendisk+0x65c/0x820 [ 3111.741395] ? disk_events_poll_msecs_store+0x150/0x150 [ 3111.746873] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3111.751348] ? blk_cleanup_queue+0x43c/0x620 [ 3111.755743] loop_control_ioctl+0x347/0x3f0 [ 3111.760055] ? loop_lookup+0x190/0x190 [ 3111.763918] ? SyS_write+0x1b7/0x210 [ 3111.767612] ? loop_lookup+0x190/0x190 [ 3111.771577] do_vfs_ioctl+0x75a/0xff0 [ 3111.775359] ? lock_acquire+0x170/0x3f0 [ 3111.779314] ? ioctl_preallocate+0x1a0/0x1a0 [ 3111.783723] ? __fget+0x265/0x3e0 [ 3111.787163] ? do_vfs_ioctl+0xff0/0xff0 [ 3111.791122] ? security_file_ioctl+0x83/0xb0 [ 3111.795597] SyS_ioctl+0x7f/0xb0 [ 3111.798941] ? do_vfs_ioctl+0xff0/0xff0 [ 3111.803027] do_syscall_64+0x1d5/0x640 [ 3111.806916] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3111.812136] RIP: 0033:0x7fc500a72109 [ 3111.815825] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3111.823525] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 [ 3111.830796] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 00:21:37 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200], [0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff4f], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, 0x45c) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x15) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3111.838083] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 [ 3111.845356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3111.852706] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 00:21:37 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 26) 00:21:37 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:37 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 24) [ 3111.898293] input: syz0 as /devices/virtual/input/input32930 [ 3111.928046] input: syz0 as /devices/virtual/input/input32932 [ 3111.934838] FAULT_INJECTION: forcing a failure. [ 3111.934838] name failslab, interval 1, probability 0, space 0, times 0 [ 3111.935681] input: syz0 as /devices/virtual/input/input32931 00:21:37 executing program 3: mount$9p_fd(0x0, &(0x7f0000000200)='.\x00', &(0x7f00000001c0), 0x0, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(r1, 0xc06855c8, &(0x7f00000000c0)={0x0, 0x91, {0x52, 0x20, 0x1, {0x4}, {0x36, 0x1}, @period={0x58, 0x6, 0xd53, 0x426, 0x7f, {0x7, 0x401, 0x8, 0x8381}, 0x6, &(0x7f0000000080)=[0x0, 0x7, 0x3, 0x2, 0x40, 0x0]}}, {0x52, 0xb3, 0x7ff, {0x1ff, 0xe}, {0x9, 0x9}, @ramp={0x800, 0x4, {0x401, 0x3, 0x400, 0x21e7}}}}) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:37 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3111.969289] input: syz0 as /devices/virtual/input/input32936 [ 3111.989537] CPU: 0 PID: 18512 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3111.997443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3112.006817] Call Trace: [ 3112.009402] dump_stack+0x1b2/0x281 [ 3112.013055] should_fail.cold+0x10a/0x149 [ 3112.017413] should_failslab+0xd6/0x130 [ 3112.021395] kmem_cache_alloc+0x28e/0x3c0 [ 3112.025544] __kernfs_new_node+0x6f/0x470 [ 3112.029701] kernfs_new_node+0x7b/0xe0 [ 3112.032281] input: syz0 as /devices/virtual/input/input32937 [ 3112.033588] __kernfs_create_file+0x3d/0x320 [ 3112.033601] sysfs_add_file_mode_ns+0x1e1/0x450 [ 3112.033613] ? kernfs_create_dir_ns+0x171/0x200 [ 3112.053136] internal_create_group+0x22b/0x710 [ 3112.057726] sysfs_create_groups+0x92/0x130 [ 3112.062052] device_add+0x833/0x15c0 [ 3112.065765] ? device_is_dependent+0x2a0/0x2a0 [ 3112.070345] ? __kmalloc+0x3a4/0x400 [ 3112.074059] ? input_register_device+0x419/0xa90 [ 3112.078816] input_register_device+0x59e/0xa90 [ 3112.083398] ? __lock_acquire+0x5fc/0x3f20 [ 3112.087637] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3112.092825] ? uinput_write+0xfb0/0xfb0 [ 3112.096794] ? get_pid_task+0xb8/0x130 [ 3112.100678] ? proc_fail_nth_write+0x7b/0x180 [ 3112.105322] ? trace_hardirqs_on+0x10/0x10 [ 3112.109559] ? fsnotify+0x974/0x11b0 [ 3112.113271] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3112.118197] ? __handle_mm_fault+0x80f/0x4620 [ 3112.122699] ? SyS_write+0x1b7/0x210 [ 3112.126425] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3112.131878] do_vfs_ioctl+0x75a/0xff0 [ 3112.135681] ? lock_acquire+0x170/0x3f0 [ 3112.139671] ? ioctl_preallocate+0x1a0/0x1a0 [ 3112.144091] ? __fget+0x265/0x3e0 [ 3112.147642] ? do_vfs_ioctl+0xff0/0xff0 [ 3112.151708] ? security_file_ioctl+0x83/0xb0 [ 3112.156118] SyS_ioctl+0x7f/0xb0 [ 3112.159492] ? do_vfs_ioctl+0xff0/0xff0 [ 3112.163468] do_syscall_64+0x1d5/0x640 00:21:37 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0xa) [ 3112.167369] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3112.172556] RIP: 0033:0x7f980133e109 [ 3112.176259] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3112.183966] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3112.191238] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3112.198597] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3112.205864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3112.213147] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 00:21:37 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x35) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x35) (async) [ 3112.243763] FAULT_INJECTION: forcing a failure. [ 3112.243763] name failslab, interval 1, probability 0, space 0, times 0 [ 3112.260208] CPU: 0 PID: 18514 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3112.268099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3112.277447] Call Trace: [ 3112.280034] dump_stack+0x1b2/0x281 [ 3112.283662] should_fail.cold+0x10a/0x149 [ 3112.287821] should_failslab+0xd6/0x130 [ 3112.291819] kmem_cache_alloc_node+0x263/0x410 [ 3112.296406] __alloc_skb+0x5c/0x510 [ 3112.300040] kobject_uevent_env+0x882/0xf30 [ 3112.304370] device_del+0x642/0xa80 [ 3112.308000] ? __device_links_no_driver+0x1b0/0x1b0 [ 3112.313017] ? pm_runtime_set_memalloc_noio+0xdc/0x140 [ 3112.318299] del_gendisk+0x65c/0x820 [ 3112.322016] ? disk_events_poll_msecs_store+0x150/0x150 [ 3112.327379] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3112.331875] ? blk_cleanup_queue+0x43c/0x620 [ 3112.336290] loop_control_ioctl+0x347/0x3f0 [ 3112.340609] ? loop_lookup+0x190/0x190 [ 3112.344500] ? SyS_write+0x1b7/0x210 [ 3112.348219] ? loop_lookup+0x190/0x190 [ 3112.352118] do_vfs_ioctl+0x75a/0xff0 [ 3112.355920] ? lock_acquire+0x170/0x3f0 [ 3112.359891] ? ioctl_preallocate+0x1a0/0x1a0 [ 3112.364306] ? __fget+0x265/0x3e0 [ 3112.367764] ? do_vfs_ioctl+0xff0/0xff0 [ 3112.371740] ? security_file_ioctl+0x83/0xb0 [ 3112.376148] SyS_ioctl+0x7f/0xb0 [ 3112.379513] ? do_vfs_ioctl+0xff0/0xff0 [ 3112.383486] do_syscall_64+0x1d5/0x640 [ 3112.387376] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3112.392559] RIP: 0033:0x7fc500a72109 [ 3112.396258] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3112.403962] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 [ 3112.411228] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 3112.418494] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 [ 3112.425764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3112.433034] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 00:21:37 executing program 3: mount$9p_fd(0x0, &(0x7f0000000200)='.\x00', &(0x7f00000001c0), 0x0, 0x0) (async) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(r1, 0xc06855c8, &(0x7f00000000c0)={0x0, 0x91, {0x52, 0x20, 0x1, {0x4}, {0x36, 0x1}, @period={0x58, 0x6, 0xd53, 0x426, 0x7f, {0x7, 0x401, 0x8, 0x8381}, 0x6, &(0x7f0000000080)=[0x0, 0x7, 0x3, 0x2, 0x40, 0x0]}}, {0x52, 0xb3, 0x7ff, {0x1ff, 0xe}, {0x9, 0x9}, @ramp={0x800, 0x4, {0x401, 0x3, 0x400, 0x21e7}}}}) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:37 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 25) 00:21:37 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0xa) 00:21:37 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x379d], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_END_FF_ERASE(r1, 0x400c55cb, &(0x7f0000000040)={0xf, 0x6, 0x5e}) 00:21:37 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 27) 00:21:37 executing program 3: mount$9p_fd(0x0, &(0x7f0000000200)='.\x00', &(0x7f00000001c0), 0x0, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(r1, 0xc06855c8, &(0x7f00000000c0)={0x0, 0x91, {0x52, 0x20, 0x1, {0x4}, {0x36, 0x1}, @period={0x58, 0x6, 0xd53, 0x426, 0x7f, {0x7, 0x401, 0x8, 0x8381}, 0x6, &(0x7f0000000080)=[0x0, 0x7, 0x3, 0x2, 0x40, 0x0]}}, {0x52, 0xb3, 0x7ff, {0x1ff, 0xe}, {0x9, 0x9}, @ramp={0x800, 0x4, {0x401, 0x3, 0x400, 0x21e7}}}}) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3112.482877] input: syz0 as /devices/virtual/input/input32940 [ 3112.490076] input: syz0 as /devices/virtual/input/input32939 [ 3112.516980] input: syz0 as /devices/virtual/input/input32942 [ 3112.543731] input: syz0 as /devices/virtual/input/input32944 [ 3112.553961] input: syz0 as /devices/virtual/input/input32947 [ 3112.554591] input: syz0 as /devices/virtual/input/input32945 [ 3112.570483] FAULT_INJECTION: forcing a failure. [ 3112.570483] name failslab, interval 1, probability 0, space 0, times 0 [ 3112.581894] CPU: 0 PID: 18563 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3112.589774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3112.599135] Call Trace: [ 3112.601718] dump_stack+0x1b2/0x281 [ 3112.605333] should_fail.cold+0x10a/0x149 [ 3112.609463] should_failslab+0xd6/0x130 [ 3112.613427] kmem_cache_alloc_node_trace+0x25a/0x400 [ 3112.618543] __kmalloc_node_track_caller+0x38/0x70 [ 3112.623476] __alloc_skb+0x96/0x510 [ 3112.627092] kobject_uevent_env+0x882/0xf30 [ 3112.631408] device_del+0x642/0xa80 [ 3112.635017] ? __device_links_no_driver+0x1b0/0x1b0 [ 3112.640014] ? pm_runtime_set_memalloc_noio+0xdc/0x140 [ 3112.645273] del_gendisk+0x65c/0x820 [ 3112.648977] ? disk_events_poll_msecs_store+0x150/0x150 [ 3112.654326] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3112.658797] ? blk_cleanup_queue+0x43c/0x620 [ 3112.663184] loop_control_ioctl+0x347/0x3f0 [ 3112.667485] ? loop_lookup+0x190/0x190 [ 3112.671351] ? SyS_write+0x1b7/0x210 [ 3112.675042] ? loop_lookup+0x190/0x190 [ 3112.678910] do_vfs_ioctl+0x75a/0xff0 [ 3112.682710] ? lock_acquire+0x170/0x3f0 [ 3112.686695] ? ioctl_preallocate+0x1a0/0x1a0 [ 3112.691087] ? __fget+0x265/0x3e0 [ 3112.694521] ? do_vfs_ioctl+0xff0/0xff0 [ 3112.698496] ? security_file_ioctl+0x83/0xb0 [ 3112.702902] SyS_ioctl+0x7f/0xb0 [ 3112.706266] ? do_vfs_ioctl+0xff0/0xff0 [ 3112.710233] do_syscall_64+0x1d5/0x640 [ 3112.714121] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3112.719388] RIP: 0033:0x7fc500a72109 [ 3112.723084] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3112.730799] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 00:21:37 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 3112.738053] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 3112.745329] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 [ 3112.752581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3112.759835] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 00:21:37 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 26) 00:21:38 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) ioctl$BLKBSZSET(r1, 0x40081271, &(0x7f0000000080)=0x2) [ 3112.844353] FAULT_INJECTION: forcing a failure. [ 3112.844353] name failslab, interval 1, probability 0, space 0, times 0 [ 3112.857084] CPU: 1 PID: 18609 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3112.864972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3112.874420] Call Trace: [ 3112.877010] dump_stack+0x1b2/0x281 [ 3112.880647] should_fail.cold+0x10a/0x149 [ 3112.884887] should_failslab+0xd6/0x130 [ 3112.888867] kmem_cache_alloc+0x28e/0x3c0 [ 3112.893021] __kernfs_new_node+0x6f/0x470 [ 3112.897174] kernfs_new_node+0x7b/0xe0 [ 3112.901074] __kernfs_create_file+0x3d/0x320 [ 3112.905498] sysfs_add_file_mode_ns+0x1e1/0x450 [ 3112.910176] ? kernfs_create_dir_ns+0x171/0x200 [ 3112.914855] internal_create_group+0x22b/0x710 [ 3112.917567] input: syz0 as /devices/virtual/input/input32949 [ 3112.919441] sysfs_create_groups+0x92/0x130 [ 3112.919453] device_add+0x833/0x15c0 [ 3112.919463] ? device_is_dependent+0x2a0/0x2a0 [ 3112.919473] ? __kmalloc+0x3a4/0x400 [ 3112.919482] ? input_register_device+0x419/0xa90 [ 3112.919492] input_register_device+0x59e/0xa90 [ 3112.919502] ? __lock_acquire+0x5fc/0x3f20 [ 3112.919515] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3112.935576] input: syz0 as /devices/virtual/input/input32951 [ 3112.937869] ? uinput_write+0xfb0/0xfb0 [ 3112.937881] ? get_pid_task+0xb8/0x130 [ 3112.937892] ? proc_fail_nth_write+0x7b/0x180 [ 3112.937904] ? trace_hardirqs_on+0x10/0x10 [ 3112.986348] ? fsnotify+0x974/0x11b0 [ 3112.990069] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3112.995005] ? __handle_mm_fault+0x80f/0x4620 [ 3112.999505] ? SyS_write+0x1b7/0x210 [ 3113.003225] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3113.008775] do_vfs_ioctl+0x75a/0xff0 [ 3113.012578] ? lock_acquire+0x170/0x3f0 [ 3113.016553] ? ioctl_preallocate+0x1a0/0x1a0 [ 3113.020964] ? __fget+0x265/0x3e0 [ 3113.024447] ? do_vfs_ioctl+0xff0/0xff0 [ 3113.028430] ? security_file_ioctl+0x83/0xb0 [ 3113.032849] SyS_ioctl+0x7f/0xb0 [ 3113.036215] ? do_vfs_ioctl+0xff0/0xff0 [ 3113.040200] do_syscall_64+0x1d5/0x640 [ 3113.044098] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3113.049293] RIP: 0033:0x7f980133e109 [ 3113.053009] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3113.060719] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3113.067988] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3113.075253] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3113.082520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 00:21:38 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x379d], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async, rerun: 64) ioctl$UI_DEV_CREATE(r0, 0x5501) (rerun: 64) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_END_FF_ERASE(r1, 0x400c55cb, &(0x7f0000000040)={0xf, 0x6, 0x5e}) 00:21:38 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0xa) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0xa) (async) 00:21:38 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c) (async, rerun: 64) ioctl$UI_DEV_CREATE(r0, 0x5501) (async, rerun: 64) r1 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) ioctl$BLKBSZSET(r1, 0x40081271, &(0x7f0000000080)=0x2) [ 3113.089791] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 00:21:38 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 3113.131280] input: syz0 as /devices/virtual/input/input32952 [ 3113.147154] FAULT_INJECTION: forcing a failure. [ 3113.147154] name failslab, interval 1, probability 0, space 0, times 0 [ 3113.182473] CPU: 1 PID: 18613 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3113.190393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3113.199746] Call Trace: [ 3113.202337] dump_stack+0x1b2/0x281 [ 3113.205969] should_fail.cold+0x10a/0x149 [ 3113.210125] should_failslab+0xd6/0x130 [ 3113.214109] kmem_cache_alloc_node_trace+0x25a/0x400 [ 3113.219214] __kmalloc_node_track_caller+0x38/0x70 [ 3113.224146] __alloc_skb+0x96/0x510 [ 3113.227786] kobject_uevent_env+0x882/0xf30 [ 3113.232122] device_del+0x642/0xa80 [ 3113.235756] ? __device_links_no_driver+0x1b0/0x1b0 [ 3113.240778] ? pm_runtime_set_memalloc_noio+0xdc/0x140 [ 3113.246150] del_gendisk+0x65c/0x820 [ 3113.249869] ? disk_events_poll_msecs_store+0x150/0x150 [ 3113.255232] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3113.259727] ? blk_cleanup_queue+0x43c/0x620 [ 3113.264139] loop_control_ioctl+0x347/0x3f0 [ 3113.268458] ? loop_lookup+0x190/0x190 [ 3113.272342] ? SyS_write+0x1b7/0x210 [ 3113.276056] ? loop_lookup+0x190/0x190 [ 3113.279941] do_vfs_ioctl+0x75a/0xff0 [ 3113.283739] ? lock_acquire+0x170/0x3f0 [ 3113.287708] ? ioctl_preallocate+0x1a0/0x1a0 [ 3113.292115] ? __fget+0x265/0x3e0 [ 3113.295566] ? do_vfs_ioctl+0xff0/0xff0 [ 3113.299548] ? security_file_ioctl+0x83/0xb0 [ 3113.303953] SyS_ioctl+0x7f/0xb0 [ 3113.307313] ? do_vfs_ioctl+0xff0/0xff0 [ 3113.311286] do_syscall_64+0x1d5/0x640 [ 3113.315177] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3113.320359] RIP: 0033:0x7fc500a72109 [ 3113.324065] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 00:21:38 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async, rerun: 64) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c) (async, rerun: 64) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) r1 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) ioctl$BLKBSZSET(r1, 0x40081271, &(0x7f0000000080)=0x2) [ 3113.331770] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 [ 3113.339040] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 3113.346307] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 [ 3113.353574] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3113.360841] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 00:21:38 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 28) 00:21:38 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 27) 00:21:38 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 3113.458523] FAULT_INJECTION: forcing a failure. [ 3113.458523] name failslab, interval 1, probability 0, space 0, times 0 [ 3113.478040] input: syz0 as /devices/virtual/input/input32957 [ 3113.485600] input: syz0 as /devices/virtual/input/input32956 [ 3113.514327] CPU: 0 PID: 18647 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3113.519475] input: syz0 as /devices/virtual/input/input32960 [ 3113.522224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3113.522229] Call Trace: [ 3113.522245] dump_stack+0x1b2/0x281 [ 3113.522259] should_fail.cold+0x10a/0x149 [ 3113.543594] should_failslab+0xd6/0x130 [ 3113.543608] kmem_cache_alloc+0x28e/0x3c0 [ 3113.543621] __kernfs_new_node+0x6f/0x470 [ 3113.551704] kernfs_new_node+0x7b/0xe0 00:21:38 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x2) r2 = socket$inet(0x2, 0xa, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r2, 0x0, 0x48c, 0x0, 0x0) accept$inet(r2, &(0x7f0000000080)={0x2, 0x0, @broadcast}, &(0x7f00000000c0)=0x10) [ 3113.551715] __kernfs_create_file+0x3d/0x320 [ 3113.551726] sysfs_add_file_mode_ns+0x1e1/0x450 [ 3113.551735] ? kernfs_create_dir_ns+0x171/0x200 [ 3113.551747] internal_create_group+0x22b/0x710 [ 3113.551762] sysfs_create_groups+0x92/0x130 [ 3113.551774] device_add+0x833/0x15c0 [ 3113.568304] ? device_is_dependent+0x2a0/0x2a0 [ 3113.568315] ? __kmalloc+0x3a4/0x400 [ 3113.568325] ? input_register_device+0x419/0xa90 [ 3113.568336] input_register_device+0x59e/0xa90 [ 3113.582219] ? __lock_acquire+0x5fc/0x3f20 00:21:38 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x0) ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000040)) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:38 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) write$uinput_user_dev(r1, &(0x7f0000000940)={'syz0\x00', {0x1f, 0x4, 0xff85, 0x5}, 0x11, [0xffffadbe, 0x2, 0x8000, 0x4, 0x15d, 0x2, 0x5, 0x1, 0x6, 0x4, 0x2, 0x789f, 0x1, 0x19, 0x101, 0xd600000, 0x8b, 0x6, 0x6, 0x7, 0x3, 0x39d, 0x80000000, 0xffffffee, 0x3, 0x6a2f, 0x1000, 0x3b, 0xff, 0x7, 0x4, 0x80000001, 0x4ef, 0x8000, 0x3, 0x1, 0xc85, 0x5, 0x0, 0x88, 0x8000, 0x1, 0x8001, 0x6, 0x2, 0x100, 0x5, 0xcb5, 0x0, 0x6, 0x20, 0x8, 0x9, 0x2, 0x91fe, 0x4, 0xa904, 0x4, 0x785, 0x64, 0x1, 0x7, 0x4, 0x1], [0xffffffff, 0x40, 0x1, 0x4080000, 0x1, 0x61, 0x0, 0x7, 0x0, 0x9, 0x3, 0x6cb, 0xc3, 0x7, 0x3, 0x31e, 0x4, 0x2, 0x1f, 0x6, 0x4, 0x2, 0x5, 0x6, 0x9, 0x0, 0xff, 0xf, 0x81, 0x7f, 0x5, 0x24, 0x1f, 0xffffffe1, 0x6, 0xfffffff8, 0x2, 0x1f, 0x2, 0x401, 0x5, 0x0, 0x8001, 0x2, 0x80, 0x7fffffff, 0x4da970d7, 0x9ab1, 0x15b, 0x4, 0x7, 0x9, 0x2, 0x5, 0x5, 0x7, 0x0, 0x3, 0x6, 0x8, 0x5, 0x10001, 0x200, 0x1], [0x800, 0x1, 0xe8a, 0x7f, 0x460, 0x81, 0x1, 0x8001, 0x400, 0xff, 0x3, 0x101, 0xa132, 0x5, 0x200, 0x100, 0x6, 0x6, 0x1, 0x10000, 0x1, 0x5636, 0x9, 0x80, 0x9, 0x0, 0x383, 0x1, 0x67, 0xffff, 0x3, 0x101, 0x80, 0x5, 0x5, 0x3, 0x95000000, 0x50f, 0x7fff, 0x10, 0x101, 0x1, 0x32, 0x401, 0x3, 0x28, 0x7, 0x1, 0x9, 0x4, 0x20, 0x9, 0x9, 0x7f, 0x5, 0x2, 0x8000, 0x72, 0x0, 0x952, 0x9, 0x3, 0x2, 0x1000], [0x10000, 0x2, 0x4, 0x3, 0x65, 0x40, 0x401, 0x10001, 0x5, 0x81, 0x57d2, 0x9, 0x158, 0x4c, 0x9a9c, 0x8, 0x6, 0x2374, 0x8, 0x5, 0x0, 0x401, 0xd76, 0x7fffffff, 0x100, 0x1f, 0xff, 0x8, 0x4, 0x9, 0x6, 0x200, 0x40, 0x8, 0xfffff800, 0x400, 0x6, 0xff, 0x39, 0x8d454a3, 0x4, 0x9235, 0x5735f3c8, 0x7fff, 0x8, 0xffff, 0x80000001, 0x1, 0x8, 0x7, 0x0, 0x3f, 0x20, 0x7, 0x9, 0x3, 0x5, 0x8, 0x1, 0xb48, 0x8, 0x9, 0x6, 0x8]}, 0x45c) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000080)={{0x3c2, 0x9, 0xff, 0x7}, 'syz1\x00', 0x24}) write$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000040)={'vlan1', 0x32, 0x31}, 0x8) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:38 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 29) [ 3113.582234] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3113.582245] ? uinput_write+0xfb0/0xfb0 [ 3113.582255] ? get_pid_task+0xb8/0x130 [ 3113.582264] ? proc_fail_nth_write+0x7b/0x180 [ 3113.582273] ? trace_hardirqs_on+0x10/0x10 [ 3113.582288] ? fsnotify+0x974/0x11b0 [ 3113.582297] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3113.582306] ? __handle_mm_fault+0x80f/0x4620 [ 3113.582315] ? SyS_write+0x1b7/0x210 [ 3113.582327] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3113.593989] input: syz0 as /devices/virtual/input/input32962 [ 3113.594911] do_vfs_ioctl+0x75a/0xff0 [ 3113.594924] ? lock_acquire+0x170/0x3f0 [ 3113.594934] ? ioctl_preallocate+0x1a0/0x1a0 [ 3113.594951] ? __fget+0x265/0x3e0 [ 3113.603450] ? do_vfs_ioctl+0xff0/0xff0 [ 3113.603463] ? security_file_ioctl+0x83/0xb0 [ 3113.603474] SyS_ioctl+0x7f/0xb0 [ 3113.603484] ? do_vfs_ioctl+0xff0/0xff0 [ 3113.603496] do_syscall_64+0x1d5/0x640 [ 3113.603511] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3113.612334] RIP: 0033:0x7f980133e109 [ 3113.612340] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3113.612350] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3113.612355] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3113.612359] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3113.612364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3113.612369] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3113.644951] FAULT_INJECTION: forcing a failure. [ 3113.644951] name failslab, interval 1, probability 0, space 0, times 0 [ 3113.671045] CPU: 0 PID: 18663 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3113.678783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3113.678787] Call Trace: [ 3113.678802] dump_stack+0x1b2/0x281 [ 3113.678817] should_fail.cold+0x10a/0x149 [ 3113.678831] should_failslab+0xd6/0x130 [ 3113.678843] kmem_cache_alloc_node+0x263/0x410 [ 3113.678856] __alloc_skb+0x5c/0x510 [ 3113.687214] kobject_uevent_env+0x882/0xf30 [ 3113.687234] device_del+0x642/0xa80 [ 3113.687245] ? __device_links_no_driver+0x1b0/0x1b0 [ 3113.694560] ? pm_runtime_set_memalloc_noio+0xdc/0x140 [ 3113.694574] del_gendisk+0x65c/0x820 [ 3113.694588] ? disk_events_poll_msecs_store+0x150/0x150 [ 3113.703742] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3113.703751] ? blk_cleanup_queue+0x43c/0x620 [ 3113.703763] loop_control_ioctl+0x347/0x3f0 [ 3113.703772] ? loop_lookup+0x190/0x190 [ 3113.703781] ? SyS_write+0x1b7/0x210 [ 3113.703794] ? loop_lookup+0x190/0x190 [ 3113.703804] do_vfs_ioctl+0x75a/0xff0 [ 3113.703817] ? lock_acquire+0x170/0x3f0 [ 3113.715203] ? ioctl_preallocate+0x1a0/0x1a0 [ 3113.715217] ? __fget+0x265/0x3e0 [ 3113.715227] ? do_vfs_ioctl+0xff0/0xff0 [ 3113.715240] ? security_file_ioctl+0x83/0xb0 [ 3113.729813] SyS_ioctl+0x7f/0xb0 [ 3113.729824] ? do_vfs_ioctl+0xff0/0xff0 [ 3113.729837] do_syscall_64+0x1d5/0x640 [ 3113.729853] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3113.729860] RIP: 0033:0x7fc500a72109 [ 3113.729865] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3113.729875] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 [ 3113.729880] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 3113.729884] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 [ 3113.729889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3113.729893] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 [ 3113.844091] input: syz0 as /devices/virtual/input/input32964 [ 3113.898161] input: syz0 as /devices/virtual/input/input32965 [ 3113.970498] FAULT_INJECTION: forcing a failure. [ 3113.970498] name failslab, interval 1, probability 0, space 0, times 0 [ 3113.985355] CPU: 1 PID: 18703 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3113.993259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3114.002617] Call Trace: [ 3114.005293] dump_stack+0x1b2/0x281 [ 3114.008927] should_fail.cold+0x10a/0x149 [ 3114.013084] should_failslab+0xd6/0x130 [ 3114.017061] kmem_cache_alloc+0x28e/0x3c0 [ 3114.021219] __kernfs_new_node+0x6f/0x470 [ 3114.025380] kernfs_new_node+0x7b/0xe0 [ 3114.029274] __kernfs_create_file+0x3d/0x320 [ 3114.033688] sysfs_add_file_mode_ns+0x1e1/0x450 [ 3114.038371] ? kernfs_create_dir_ns+0x171/0x200 [ 3114.043042] internal_create_group+0x22b/0x710 [ 3114.047721] sysfs_create_groups+0x92/0x130 [ 3114.052051] device_add+0x833/0x15c0 [ 3114.055775] ? device_is_dependent+0x2a0/0x2a0 [ 3114.060359] ? __kmalloc+0x3a4/0x400 [ 3114.064071] ? input_register_device+0x419/0xa90 [ 3114.068832] input_register_device+0x59e/0xa90 [ 3114.073421] ? __lock_acquire+0x5fc/0x3f20 [ 3114.077665] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3114.082887] ? uinput_write+0xfb0/0xfb0 [ 3114.086868] ? get_pid_task+0xb8/0x130 [ 3114.090761] ? proc_fail_nth_write+0x7b/0x180 [ 3114.095260] ? trace_hardirqs_on+0x10/0x10 [ 3114.099503] ? fsnotify+0x974/0x11b0 [ 3114.103221] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3114.108148] ? __handle_mm_fault+0x80f/0x4620 [ 3114.112640] ? SyS_write+0x1b7/0x210 [ 3114.116361] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3114.121813] do_vfs_ioctl+0x75a/0xff0 [ 3114.125621] ? lock_acquire+0x170/0x3f0 [ 3114.129605] ? ioctl_preallocate+0x1a0/0x1a0 [ 3114.134016] ? __fget+0x265/0x3e0 [ 3114.137475] ? do_vfs_ioctl+0xff0/0xff0 [ 3114.141452] ? security_file_ioctl+0x83/0xb0 [ 3114.145902] SyS_ioctl+0x7f/0xb0 [ 3114.149270] ? do_vfs_ioctl+0xff0/0xff0 [ 3114.153250] do_syscall_64+0x1d5/0x640 [ 3114.157149] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3114.162341] RIP: 0033:0x7f980133e109 [ 3114.166139] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3114.173940] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3114.181242] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3114.188512] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3114.195788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3114.203062] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 00:21:39 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x379d], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async, rerun: 64) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async, rerun: 64) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_END_FF_ERASE(r1, 0x400c55cb, &(0x7f0000000040)={0xf, 0x6, 0x5e}) 00:21:39 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x2) r2 = socket$inet(0x2, 0xa, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r2, 0x0, 0x48c, 0x0, 0x0) accept$inet(r2, &(0x7f0000000080)={0x2, 0x0, @broadcast}, &(0x7f00000000c0)=0x10) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x2) (async) socket$inet(0x2, 0xa, 0x0) (async) setsockopt$IP_VS_SO_SET_STOPDAEMON(r2, 0x0, 0x48c, 0x0, 0x0) (async) accept$inet(r2, &(0x7f0000000080)={0x2, 0x0, @broadcast}, &(0x7f00000000c0)=0x10) (async) 00:21:39 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 28) 00:21:39 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) write$uinput_user_dev(r1, &(0x7f0000000940)={'syz0\x00', {0x1f, 0x4, 0xff85, 0x5}, 0x11, [0xffffadbe, 0x2, 0x8000, 0x4, 0x15d, 0x2, 0x5, 0x1, 0x6, 0x4, 0x2, 0x789f, 0x1, 0x19, 0x101, 0xd600000, 0x8b, 0x6, 0x6, 0x7, 0x3, 0x39d, 0x80000000, 0xffffffee, 0x3, 0x6a2f, 0x1000, 0x3b, 0xff, 0x7, 0x4, 0x80000001, 0x4ef, 0x8000, 0x3, 0x1, 0xc85, 0x5, 0x0, 0x88, 0x8000, 0x1, 0x8001, 0x6, 0x2, 0x100, 0x5, 0xcb5, 0x0, 0x6, 0x20, 0x8, 0x9, 0x2, 0x91fe, 0x4, 0xa904, 0x4, 0x785, 0x64, 0x1, 0x7, 0x4, 0x1], [0xffffffff, 0x40, 0x1, 0x4080000, 0x1, 0x61, 0x0, 0x7, 0x0, 0x9, 0x3, 0x6cb, 0xc3, 0x7, 0x3, 0x31e, 0x4, 0x2, 0x1f, 0x6, 0x4, 0x2, 0x5, 0x6, 0x9, 0x0, 0xff, 0xf, 0x81, 0x7f, 0x5, 0x24, 0x1f, 0xffffffe1, 0x6, 0xfffffff8, 0x2, 0x1f, 0x2, 0x401, 0x5, 0x0, 0x8001, 0x2, 0x80, 0x7fffffff, 0x4da970d7, 0x9ab1, 0x15b, 0x4, 0x7, 0x9, 0x2, 0x5, 0x5, 0x7, 0x0, 0x3, 0x6, 0x8, 0x5, 0x10001, 0x200, 0x1], [0x800, 0x1, 0xe8a, 0x7f, 0x460, 0x81, 0x1, 0x8001, 0x400, 0xff, 0x3, 0x101, 0xa132, 0x5, 0x200, 0x100, 0x6, 0x6, 0x1, 0x10000, 0x1, 0x5636, 0x9, 0x80, 0x9, 0x0, 0x383, 0x1, 0x67, 0xffff, 0x3, 0x101, 0x80, 0x5, 0x5, 0x3, 0x95000000, 0x50f, 0x7fff, 0x10, 0x101, 0x1, 0x32, 0x401, 0x3, 0x28, 0x7, 0x1, 0x9, 0x4, 0x20, 0x9, 0x9, 0x7f, 0x5, 0x2, 0x8000, 0x72, 0x0, 0x952, 0x9, 0x3, 0x2, 0x1000], [0x10000, 0x2, 0x4, 0x3, 0x65, 0x40, 0x401, 0x10001, 0x5, 0x81, 0x57d2, 0x9, 0x158, 0x4c, 0x9a9c, 0x8, 0x6, 0x2374, 0x8, 0x5, 0x0, 0x401, 0xd76, 0x7fffffff, 0x100, 0x1f, 0xff, 0x8, 0x4, 0x9, 0x6, 0x200, 0x40, 0x8, 0xfffff800, 0x400, 0x6, 0xff, 0x39, 0x8d454a3, 0x4, 0x9235, 0x5735f3c8, 0x7fff, 0x8, 0xffff, 0x80000001, 0x1, 0x8, 0x7, 0x0, 0x3f, 0x20, 0x7, 0x9, 0x3, 0x5, 0x8, 0x1, 0xb48, 0x8, 0x9, 0x6, 0x8]}, 0x45c) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000080)={{0x3c2, 0x9, 0xff, 0x7}, 'syz1\x00', 0x24}) write$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000040)={'vlan1', 0x32, 0x31}, 0x8) ioctl$UI_DEV_DESTROY(r0, 0x5502) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) write$uinput_user_dev(r1, &(0x7f0000000940)={'syz0\x00', {0x1f, 0x4, 0xff85, 0x5}, 0x11, [0xffffadbe, 0x2, 0x8000, 0x4, 0x15d, 0x2, 0x5, 0x1, 0x6, 0x4, 0x2, 0x789f, 0x1, 0x19, 0x101, 0xd600000, 0x8b, 0x6, 0x6, 0x7, 0x3, 0x39d, 0x80000000, 0xffffffee, 0x3, 0x6a2f, 0x1000, 0x3b, 0xff, 0x7, 0x4, 0x80000001, 0x4ef, 0x8000, 0x3, 0x1, 0xc85, 0x5, 0x0, 0x88, 0x8000, 0x1, 0x8001, 0x6, 0x2, 0x100, 0x5, 0xcb5, 0x0, 0x6, 0x20, 0x8, 0x9, 0x2, 0x91fe, 0x4, 0xa904, 0x4, 0x785, 0x64, 0x1, 0x7, 0x4, 0x1], [0xffffffff, 0x40, 0x1, 0x4080000, 0x1, 0x61, 0x0, 0x7, 0x0, 0x9, 0x3, 0x6cb, 0xc3, 0x7, 0x3, 0x31e, 0x4, 0x2, 0x1f, 0x6, 0x4, 0x2, 0x5, 0x6, 0x9, 0x0, 0xff, 0xf, 0x81, 0x7f, 0x5, 0x24, 0x1f, 0xffffffe1, 0x6, 0xfffffff8, 0x2, 0x1f, 0x2, 0x401, 0x5, 0x0, 0x8001, 0x2, 0x80, 0x7fffffff, 0x4da970d7, 0x9ab1, 0x15b, 0x4, 0x7, 0x9, 0x2, 0x5, 0x5, 0x7, 0x0, 0x3, 0x6, 0x8, 0x5, 0x10001, 0x200, 0x1], [0x800, 0x1, 0xe8a, 0x7f, 0x460, 0x81, 0x1, 0x8001, 0x400, 0xff, 0x3, 0x101, 0xa132, 0x5, 0x200, 0x100, 0x6, 0x6, 0x1, 0x10000, 0x1, 0x5636, 0x9, 0x80, 0x9, 0x0, 0x383, 0x1, 0x67, 0xffff, 0x3, 0x101, 0x80, 0x5, 0x5, 0x3, 0x95000000, 0x50f, 0x7fff, 0x10, 0x101, 0x1, 0x32, 0x401, 0x3, 0x28, 0x7, 0x1, 0x9, 0x4, 0x20, 0x9, 0x9, 0x7f, 0x5, 0x2, 0x8000, 0x72, 0x0, 0x952, 0x9, 0x3, 0x2, 0x1000], [0x10000, 0x2, 0x4, 0x3, 0x65, 0x40, 0x401, 0x10001, 0x5, 0x81, 0x57d2, 0x9, 0x158, 0x4c, 0x9a9c, 0x8, 0x6, 0x2374, 0x8, 0x5, 0x0, 0x401, 0xd76, 0x7fffffff, 0x100, 0x1f, 0xff, 0x8, 0x4, 0x9, 0x6, 0x200, 0x40, 0x8, 0xfffff800, 0x400, 0x6, 0xff, 0x39, 0x8d454a3, 0x4, 0x9235, 0x5735f3c8, 0x7fff, 0x8, 0xffff, 0x80000001, 0x1, 0x8, 0x7, 0x0, 0x3f, 0x20, 0x7, 0x9, 0x3, 0x5, 0x8, 0x1, 0xb48, 0x8, 0x9, 0x6, 0x8]}, 0x45c) (async) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000080)={{0x3c2, 0x9, 0xff, 0x7}, 'syz1\x00', 0x24}) (async) write$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000040)={'vlan1', 0x32, 0x31}, 0x8) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) (async) 00:21:39 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x0) ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000040)) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) (async) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x0) (async) ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000040)) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) 00:21:39 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 30) [ 3114.317161] input: syz0 as /devices/virtual/input/input32968 [ 3114.332183] input: syz0 as /devices/virtual/input/input32969 [ 3114.342937] input: syz0 as /devices/virtual/input/input32970 00:21:39 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) write$uinput_user_dev(r1, &(0x7f0000000940)={'syz0\x00', {0x1f, 0x4, 0xff85, 0x5}, 0x11, [0xffffadbe, 0x2, 0x8000, 0x4, 0x15d, 0x2, 0x5, 0x1, 0x6, 0x4, 0x2, 0x789f, 0x1, 0x19, 0x101, 0xd600000, 0x8b, 0x6, 0x6, 0x7, 0x3, 0x39d, 0x80000000, 0xffffffee, 0x3, 0x6a2f, 0x1000, 0x3b, 0xff, 0x7, 0x4, 0x80000001, 0x4ef, 0x8000, 0x3, 0x1, 0xc85, 0x5, 0x0, 0x88, 0x8000, 0x1, 0x8001, 0x6, 0x2, 0x100, 0x5, 0xcb5, 0x0, 0x6, 0x20, 0x8, 0x9, 0x2, 0x91fe, 0x4, 0xa904, 0x4, 0x785, 0x64, 0x1, 0x7, 0x4, 0x1], [0xffffffff, 0x40, 0x1, 0x4080000, 0x1, 0x61, 0x0, 0x7, 0x0, 0x9, 0x3, 0x6cb, 0xc3, 0x7, 0x3, 0x31e, 0x4, 0x2, 0x1f, 0x6, 0x4, 0x2, 0x5, 0x6, 0x9, 0x0, 0xff, 0xf, 0x81, 0x7f, 0x5, 0x24, 0x1f, 0xffffffe1, 0x6, 0xfffffff8, 0x2, 0x1f, 0x2, 0x401, 0x5, 0x0, 0x8001, 0x2, 0x80, 0x7fffffff, 0x4da970d7, 0x9ab1, 0x15b, 0x4, 0x7, 0x9, 0x2, 0x5, 0x5, 0x7, 0x0, 0x3, 0x6, 0x8, 0x5, 0x10001, 0x200, 0x1], [0x800, 0x1, 0xe8a, 0x7f, 0x460, 0x81, 0x1, 0x8001, 0x400, 0xff, 0x3, 0x101, 0xa132, 0x5, 0x200, 0x100, 0x6, 0x6, 0x1, 0x10000, 0x1, 0x5636, 0x9, 0x80, 0x9, 0x0, 0x383, 0x1, 0x67, 0xffff, 0x3, 0x101, 0x80, 0x5, 0x5, 0x3, 0x95000000, 0x50f, 0x7fff, 0x10, 0x101, 0x1, 0x32, 0x401, 0x3, 0x28, 0x7, 0x1, 0x9, 0x4, 0x20, 0x9, 0x9, 0x7f, 0x5, 0x2, 0x8000, 0x72, 0x0, 0x952, 0x9, 0x3, 0x2, 0x1000], [0x10000, 0x2, 0x4, 0x3, 0x65, 0x40, 0x401, 0x10001, 0x5, 0x81, 0x57d2, 0x9, 0x158, 0x4c, 0x9a9c, 0x8, 0x6, 0x2374, 0x8, 0x5, 0x0, 0x401, 0xd76, 0x7fffffff, 0x100, 0x1f, 0xff, 0x8, 0x4, 0x9, 0x6, 0x200, 0x40, 0x8, 0xfffff800, 0x400, 0x6, 0xff, 0x39, 0x8d454a3, 0x4, 0x9235, 0x5735f3c8, 0x7fff, 0x8, 0xffff, 0x80000001, 0x1, 0x8, 0x7, 0x0, 0x3f, 0x20, 0x7, 0x9, 0x3, 0x5, 0x8, 0x1, 0xb48, 0x8, 0x9, 0x6, 0x8]}, 0x45c) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000080)={{0x3c2, 0x9, 0xff, 0x7}, 'syz1\x00', 0x24}) write$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000040)={'vlan1', 0x32, 0x31}, 0x8) ioctl$UI_DEV_DESTROY(r0, 0x5502) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) write$uinput_user_dev(r1, &(0x7f0000000940)={'syz0\x00', {0x1f, 0x4, 0xff85, 0x5}, 0x11, [0xffffadbe, 0x2, 0x8000, 0x4, 0x15d, 0x2, 0x5, 0x1, 0x6, 0x4, 0x2, 0x789f, 0x1, 0x19, 0x101, 0xd600000, 0x8b, 0x6, 0x6, 0x7, 0x3, 0x39d, 0x80000000, 0xffffffee, 0x3, 0x6a2f, 0x1000, 0x3b, 0xff, 0x7, 0x4, 0x80000001, 0x4ef, 0x8000, 0x3, 0x1, 0xc85, 0x5, 0x0, 0x88, 0x8000, 0x1, 0x8001, 0x6, 0x2, 0x100, 0x5, 0xcb5, 0x0, 0x6, 0x20, 0x8, 0x9, 0x2, 0x91fe, 0x4, 0xa904, 0x4, 0x785, 0x64, 0x1, 0x7, 0x4, 0x1], [0xffffffff, 0x40, 0x1, 0x4080000, 0x1, 0x61, 0x0, 0x7, 0x0, 0x9, 0x3, 0x6cb, 0xc3, 0x7, 0x3, 0x31e, 0x4, 0x2, 0x1f, 0x6, 0x4, 0x2, 0x5, 0x6, 0x9, 0x0, 0xff, 0xf, 0x81, 0x7f, 0x5, 0x24, 0x1f, 0xffffffe1, 0x6, 0xfffffff8, 0x2, 0x1f, 0x2, 0x401, 0x5, 0x0, 0x8001, 0x2, 0x80, 0x7fffffff, 0x4da970d7, 0x9ab1, 0x15b, 0x4, 0x7, 0x9, 0x2, 0x5, 0x5, 0x7, 0x0, 0x3, 0x6, 0x8, 0x5, 0x10001, 0x200, 0x1], [0x800, 0x1, 0xe8a, 0x7f, 0x460, 0x81, 0x1, 0x8001, 0x400, 0xff, 0x3, 0x101, 0xa132, 0x5, 0x200, 0x100, 0x6, 0x6, 0x1, 0x10000, 0x1, 0x5636, 0x9, 0x80, 0x9, 0x0, 0x383, 0x1, 0x67, 0xffff, 0x3, 0x101, 0x80, 0x5, 0x5, 0x3, 0x95000000, 0x50f, 0x7fff, 0x10, 0x101, 0x1, 0x32, 0x401, 0x3, 0x28, 0x7, 0x1, 0x9, 0x4, 0x20, 0x9, 0x9, 0x7f, 0x5, 0x2, 0x8000, 0x72, 0x0, 0x952, 0x9, 0x3, 0x2, 0x1000], [0x10000, 0x2, 0x4, 0x3, 0x65, 0x40, 0x401, 0x10001, 0x5, 0x81, 0x57d2, 0x9, 0x158, 0x4c, 0x9a9c, 0x8, 0x6, 0x2374, 0x8, 0x5, 0x0, 0x401, 0xd76, 0x7fffffff, 0x100, 0x1f, 0xff, 0x8, 0x4, 0x9, 0x6, 0x200, 0x40, 0x8, 0xfffff800, 0x400, 0x6, 0xff, 0x39, 0x8d454a3, 0x4, 0x9235, 0x5735f3c8, 0x7fff, 0x8, 0xffff, 0x80000001, 0x1, 0x8, 0x7, 0x0, 0x3f, 0x20, 0x7, 0x9, 0x3, 0x5, 0x8, 0x1, 0xb48, 0x8, 0x9, 0x6, 0x8]}, 0x45c) (async) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000080)={{0x3c2, 0x9, 0xff, 0x7}, 'syz1\x00', 0x24}) (async) write$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000040)={'vlan1', 0x32, 0x31}, 0x8) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) (async) 00:21:39 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x0) (async) ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000040)) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:39 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x2) (async) r2 = socket$inet(0x2, 0xa, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r2, 0x0, 0x48c, 0x0, 0x0) (async) accept$inet(r2, &(0x7f0000000080)={0x2, 0x0, @broadcast}, &(0x7f00000000c0)=0x10) 00:21:39 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3114.388994] input: syz0 as /devices/virtual/input/input32974 [ 3114.403091] input: syz0 as /devices/virtual/input/input32975 [ 3114.418120] FAULT_INJECTION: forcing a failure. [ 3114.418120] name failslab, interval 1, probability 0, space 0, times 0 00:21:39 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [], [0xfffffffd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 3114.500684] input: syz0 as /devices/virtual/input/input32980 [ 3114.515825] CPU: 1 PID: 18764 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3114.522207] input: syz0 as /devices/virtual/input/input32981 [ 3114.523729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3114.538851] Call Trace: [ 3114.541448] dump_stack+0x1b2/0x281 [ 3114.545084] should_fail.cold+0x10a/0x149 [ 3114.549239] should_failslab+0xd6/0x130 [ 3114.553217] kmem_cache_alloc+0x28e/0x3c0 [ 3114.557370] __kernfs_new_node+0x6f/0x470 [ 3114.561522] kernfs_new_node+0x7b/0xe0 [ 3114.565416] __kernfs_create_file+0x3d/0x320 [ 3114.569829] sysfs_add_file_mode_ns+0x1e1/0x450 [ 3114.574508] sysfs_merge_group+0xdc/0x200 [ 3114.578660] dpm_sysfs_add+0x122/0x1c0 [ 3114.582565] device_add+0x977/0x15c0 [ 3114.586283] ? device_is_dependent+0x2a0/0x2a0 [ 3114.590867] ? __kmalloc+0x3a4/0x400 [ 3114.594580] ? input_register_device+0x419/0xa90 [ 3114.599353] input_register_device+0x59e/0xa90 [ 3114.603937] ? __lock_acquire+0x5fc/0x3f20 [ 3114.608209] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3114.613404] ? uinput_write+0xfb0/0xfb0 [ 3114.617381] ? get_pid_task+0xb8/0x130 [ 3114.621271] ? proc_fail_nth_write+0x7b/0x180 [ 3114.625808] ? trace_hardirqs_on+0x10/0x10 [ 3114.630052] ? fsnotify+0x974/0x11b0 [ 3114.633765] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3114.638693] ? __handle_mm_fault+0x80f/0x4620 [ 3114.643188] ? SyS_write+0x1b7/0x210 [ 3114.646965] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3114.652434] do_vfs_ioctl+0x75a/0xff0 [ 3114.656240] ? lock_acquire+0x170/0x3f0 [ 3114.660214] ? ioctl_preallocate+0x1a0/0x1a0 [ 3114.664635] ? __fget+0x265/0x3e0 [ 3114.668093] ? do_vfs_ioctl+0xff0/0xff0 [ 3114.669997] input: syz0 as /devices/virtual/input/input32982 [ 3114.672074] ? security_file_ioctl+0x83/0xb0 [ 3114.682250] SyS_ioctl+0x7f/0xb0 [ 3114.685617] ? do_vfs_ioctl+0xff0/0xff0 [ 3114.689623] do_syscall_64+0x1d5/0x640 [ 3114.693520] entry_SYSCALL_64_after_hwframe+0x46/0xbb 00:21:39 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x5) write$uinput_user_dev(r1, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r1, 0x5501) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {0x0, 0x0, 0xffff}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff]}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3114.698711] RIP: 0033:0x7f980133e109 [ 3114.702417] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3114.710143] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3114.717505] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3114.724773] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3114.732166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3114.739443] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 00:21:39 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 31) [ 3114.760815] FAULT_INJECTION: forcing a failure. [ 3114.760815] name failslab, interval 1, probability 0, space 0, times 0 [ 3114.783861] CPU: 0 PID: 18765 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3114.791766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3114.801122] Call Trace: [ 3114.803720] dump_stack+0x1b2/0x281 [ 3114.807352] should_fail.cold+0x10a/0x149 [ 3114.811502] should_failslab+0xd6/0x130 [ 3114.815482] kmem_cache_alloc_node+0x263/0x410 [ 3114.820070] __alloc_skb+0x5c/0x510 [ 3114.823703] kobject_uevent_env+0x882/0xf30 [ 3114.828468] device_del+0x642/0xa80 [ 3114.832099] ? __device_links_no_driver+0x1b0/0x1b0 [ 3114.837121] ? pm_runtime_set_memalloc_noio+0xdc/0x140 [ 3114.842397] del_gendisk+0x65c/0x820 [ 3114.846122] ? disk_events_poll_msecs_store+0x150/0x150 [ 3114.851488] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3114.855984] ? blk_cleanup_queue+0x43c/0x620 [ 3114.860394] loop_control_ioctl+0x347/0x3f0 [ 3114.864718] ? loop_lookup+0x190/0x190 [ 3114.868606] ? SyS_write+0x1b7/0x210 [ 3114.872349] ? loop_lookup+0x190/0x190 [ 3114.876239] do_vfs_ioctl+0x75a/0xff0 [ 3114.880038] ? lock_acquire+0x170/0x3f0 [ 3114.884013] ? ioctl_preallocate+0x1a0/0x1a0 [ 3114.888427] ? __fget+0x265/0x3e0 [ 3114.891880] ? do_vfs_ioctl+0xff0/0xff0 [ 3114.895854] ? security_file_ioctl+0x83/0xb0 [ 3114.900265] SyS_ioctl+0x7f/0xb0 [ 3114.903630] ? do_vfs_ioctl+0xff0/0xff0 [ 3114.907607] do_syscall_64+0x1d5/0x640 [ 3114.911508] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3114.916697] RIP: 0033:0x7fc500a72109 [ 3114.920402] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3114.928720] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 [ 3114.935990] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 3114.943256] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 [ 3114.950524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3114.957794] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 00:21:40 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async, rerun: 32) ioctl$UI_DEV_CREATE(r0, 0x5501) (rerun: 32) 00:21:40 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 29) 00:21:40 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'team_slave_0\x00', 0x4}, 0x18) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) ioctl$UI_SET_PHYS(r2, 0x4008556c, &(0x7f0000000040)='syz1\x00') ioctl$UI_SET_ABSBIT(r1, 0x40045567, 0x1) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x1) write$uinput_user_dev(r1, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r1, 0x5501) [ 3115.063988] FAULT_INJECTION: forcing a failure. [ 3115.063988] name failslab, interval 1, probability 0, space 0, times 0 [ 3115.076721] input: syz0 as /devices/virtual/input/input32984 [ 3115.093279] input: syz0 as /devices/virtual/input/input32987 [ 3115.113532] input: syz0 as /devices/virtual/input/input32985 [ 3115.133112] CPU: 0 PID: 18814 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3115.141027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3115.150384] Call Trace: [ 3115.152977] dump_stack+0x1b2/0x281 [ 3115.156615] should_fail.cold+0x10a/0x149 [ 3115.160838] should_failslab+0xd6/0x130 [ 3115.164825] kmem_cache_alloc+0x28e/0x3c0 [ 3115.168985] __kernfs_new_node+0x6f/0x470 [ 3115.173135] kernfs_create_dir_ns+0x8c/0x200 [ 3115.177545] internal_create_group+0xe9/0x710 [ 3115.182050] dpm_sysfs_add+0x21/0x1c0 [ 3115.185857] device_add+0x977/0x15c0 [ 3115.189574] ? device_is_dependent+0x2a0/0x2a0 [ 3115.194155] ? __kmalloc+0x3a4/0x400 [ 3115.197873] ? input_register_device+0x419/0xa90 [ 3115.202635] input_register_device+0x59e/0xa90 [ 3115.207224] ? __lock_acquire+0x5fc/0x3f20 [ 3115.211489] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3115.216681] ? uinput_write+0xfb0/0xfb0 [ 3115.220673] ? get_pid_task+0xb8/0x130 [ 3115.224579] ? proc_fail_nth_write+0x7b/0x180 [ 3115.229082] ? trace_hardirqs_on+0x10/0x10 [ 3115.233322] ? fsnotify+0x974/0x11b0 [ 3115.237041] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3115.241991] ? __handle_mm_fault+0x80f/0x4620 [ 3115.246491] ? SyS_write+0x1b7/0x210 [ 3115.250217] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3115.255686] do_vfs_ioctl+0x75a/0xff0 [ 3115.259488] ? lock_acquire+0x170/0x3f0 [ 3115.263469] ? ioctl_preallocate+0x1a0/0x1a0 [ 3115.267884] ? __fget+0x265/0x3e0 [ 3115.271340] ? do_vfs_ioctl+0xff0/0xff0 [ 3115.275316] ? security_file_ioctl+0x83/0xb0 [ 3115.279732] SyS_ioctl+0x7f/0xb0 [ 3115.283097] ? do_vfs_ioctl+0xff0/0xff0 [ 3115.287074] do_syscall_64+0x1d5/0x640 [ 3115.290971] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3115.296157] RIP: 0033:0x7f980133e109 [ 3115.299860] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3115.307563] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 00:21:40 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [], [0xfffffffd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 3115.314827] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3115.322095] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3115.329365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3115.336634] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3115.349185] input: syz0 as /devices/virtual/input/input32986 [ 3115.356415] input: syz0 as /devices/virtual/input/input32990 00:21:40 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) 00:21:40 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 32) 00:21:40 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [], [0xfffffffd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [], [0xfffffffd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) (async) 00:21:40 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'team_slave_0\x00', 0x4}, 0x18) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) (async) ioctl$UI_SET_PHYS(r2, 0x4008556c, &(0x7f0000000040)='syz1\x00') (async) ioctl$UI_SET_ABSBIT(r1, 0x40045567, 0x1) (async) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x1) write$uinput_user_dev(r1, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r1, 0x5501) 00:21:40 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x5) (async, rerun: 32) write$uinput_user_dev(r1, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (rerun: 32) ioctl$UI_DEV_CREATE(r1, 0x5501) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {0x0, 0x0, 0xffff}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff]}, 0x45c) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3115.402524] input: syz0 as /devices/virtual/input/input32993 [ 3115.430610] FAULT_INJECTION: forcing a failure. [ 3115.430610] name failslab, interval 1, probability 0, space 0, times 0 [ 3115.431479] FAULT_INJECTION: forcing a failure. [ 3115.431479] name failslab, interval 1, probability 0, space 0, times 0 [ 3115.456031] CPU: 0 PID: 18848 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3115.463935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3115.463940] Call Trace: [ 3115.463957] dump_stack+0x1b2/0x281 [ 3115.463972] should_fail.cold+0x10a/0x149 [ 3115.463986] should_failslab+0xd6/0x130 [ 3115.463999] kmem_cache_alloc+0x28e/0x3c0 [ 3115.464012] __kernfs_new_node+0x6f/0x470 [ 3115.464026] kernfs_new_node+0x7b/0xe0 [ 3115.499776] __kernfs_create_file+0x3d/0x320 [ 3115.504265] sysfs_add_file_mode_ns+0x1e1/0x450 [ 3115.508923] sysfs_merge_group+0xdc/0x200 [ 3115.513064] dpm_sysfs_add+0x122/0x1c0 [ 3115.517550] device_add+0x977/0x15c0 [ 3115.521247] ? device_is_dependent+0x2a0/0x2a0 [ 3115.525814] ? __kmalloc+0x3a4/0x400 [ 3115.529601] ? input_register_device+0x419/0xa90 [ 3115.534353] input_register_device+0x59e/0xa90 [ 3115.538926] ? __lock_acquire+0x5fc/0x3f20 [ 3115.543155] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3115.548328] ? uinput_write+0xfb0/0xfb0 [ 3115.552289] ? get_pid_task+0xb8/0x130 [ 3115.556166] ? proc_fail_nth_write+0x7b/0x180 [ 3115.560655] ? trace_hardirqs_on+0x10/0x10 [ 3115.564892] ? fsnotify+0x974/0x11b0 [ 3115.568596] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3115.573509] ? __handle_mm_fault+0x80f/0x4620 [ 3115.577988] ? SyS_write+0x1b7/0x210 [ 3115.581694] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3115.587128] do_vfs_ioctl+0x75a/0xff0 [ 3115.590915] ? lock_acquire+0x170/0x3f0 [ 3115.594883] ? ioctl_preallocate+0x1a0/0x1a0 [ 3115.599276] ? __fget+0x265/0x3e0 [ 3115.602711] ? do_vfs_ioctl+0xff0/0xff0 [ 3115.606692] ? security_file_ioctl+0x83/0xb0 [ 3115.611092] SyS_ioctl+0x7f/0xb0 [ 3115.614442] ? do_vfs_ioctl+0xff0/0xff0 [ 3115.618402] do_syscall_64+0x1d5/0x640 [ 3115.622280] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3115.627473] RIP: 0033:0x7f980133e109 [ 3115.631193] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3115.638893] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3115.646158] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3115.653418] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3115.660688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3115.667953] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3115.675223] CPU: 1 PID: 18828 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3115.683117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3115.692469] Call Trace: [ 3115.695061] dump_stack+0x1b2/0x281 [ 3115.698694] should_fail.cold+0x10a/0x149 [ 3115.702849] should_failslab+0xd6/0x130 [ 3115.706817] kmem_cache_alloc_node_trace+0x25a/0x400 [ 3115.711904] __kmalloc_node_track_caller+0x38/0x70 [ 3115.716828] __alloc_skb+0x96/0x510 [ 3115.720441] kobject_uevent_env+0x882/0xf30 [ 3115.724750] device_del+0x642/0xa80 [ 3115.728378] ? __device_links_no_driver+0x1b0/0x1b0 [ 3115.733628] ? pm_runtime_set_memalloc_noio+0xdc/0x140 [ 3115.738891] del_gendisk+0x65c/0x820 [ 3115.742588] ? disk_events_poll_msecs_store+0x150/0x150 [ 3115.747946] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3115.752505] ? blk_cleanup_queue+0x43c/0x620 [ 3115.756911] loop_control_ioctl+0x347/0x3f0 [ 3115.761226] ? loop_lookup+0x190/0x190 [ 3115.765108] ? SyS_write+0x1b7/0x210 [ 3115.768826] ? loop_lookup+0x190/0x190 [ 3115.772695] do_vfs_ioctl+0x75a/0xff0 [ 3115.776471] ? lock_acquire+0x170/0x3f0 [ 3115.780433] ? ioctl_preallocate+0x1a0/0x1a0 [ 3115.784958] ? __fget+0x265/0x3e0 [ 3115.788408] ? do_vfs_ioctl+0xff0/0xff0 [ 3115.792370] ? security_file_ioctl+0x83/0xb0 [ 3115.796762] SyS_ioctl+0x7f/0xb0 [ 3115.800116] ? do_vfs_ioctl+0xff0/0xff0 [ 3115.804164] do_syscall_64+0x1d5/0x640 [ 3115.808033] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3115.813204] RIP: 0033:0x7fc500a72109 [ 3115.816906] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3115.824706] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 [ 3115.831977] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 3115.839228] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 [ 3115.846481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 00:21:41 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7e], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:41 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 33) [ 3115.853745] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 [ 3115.862770] input: syz0 as /devices/virtual/input/input32996 00:21:41 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'team_slave_0\x00', 0x4}, 0x18) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) (async) ioctl$UI_SET_PHYS(r2, 0x4008556c, &(0x7f0000000040)='syz1\x00') (async) ioctl$UI_SET_ABSBIT(r1, 0x40045567, 0x1) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x1) (async) write$uinput_user_dev(r1, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r1, 0x5501) 00:21:41 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 30) [ 3115.921661] input: syz0 as /devices/virtual/input/input32997 [ 3115.955750] input: syz0 as /devices/virtual/input/input32998 00:21:41 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x58) [ 3115.967408] input: syz0 as /devices/virtual/input/input33000 [ 3115.981995] FAULT_INJECTION: forcing a failure. [ 3115.981995] name failslab, interval 1, probability 0, space 0, times 0 00:21:41 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7e], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3116.014879] CPU: 0 PID: 18895 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3116.022785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3116.024009] input: syz0 as /devices/virtual/input/input33005 [ 3116.032132] Call Trace: [ 3116.032150] dump_stack+0x1b2/0x281 [ 3116.032165] should_fail.cold+0x10a/0x149 [ 3116.032178] should_failslab+0xd6/0x130 [ 3116.032189] kmem_cache_alloc+0x28e/0x3c0 [ 3116.032202] __kernfs_new_node+0x6f/0x470 [ 3116.032213] kernfs_new_node+0x7b/0xe0 [ 3116.032224] __kernfs_create_file+0x3d/0x320 [ 3116.068831] sysfs_add_file_mode_ns+0x1e1/0x450 [ 3116.073505] sysfs_merge_group+0xdc/0x200 [ 3116.077657] dpm_sysfs_add+0x122/0x1c0 [ 3116.081559] device_add+0x977/0x15c0 [ 3116.085279] ? device_is_dependent+0x2a0/0x2a0 [ 3116.089862] ? __kmalloc+0x3a4/0x400 [ 3116.093575] ? input_register_device+0x419/0xa90 [ 3116.098332] input_register_device+0x59e/0xa90 [ 3116.102911] ? __lock_acquire+0x5fc/0x3f20 [ 3116.107144] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3116.112335] ? uinput_write+0xfb0/0xfb0 [ 3116.116483] ? get_pid_task+0xb8/0x130 [ 3116.120370] ? proc_fail_nth_write+0x7b/0x180 [ 3116.124861] ? trace_hardirqs_on+0x10/0x10 [ 3116.129101] ? fsnotify+0x974/0x11b0 [ 3116.132813] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3116.137736] ? __handle_mm_fault+0x80f/0x4620 [ 3116.142227] ? SyS_write+0x1b7/0x210 [ 3116.145945] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3116.151396] do_vfs_ioctl+0x75a/0xff0 [ 3116.155198] ? lock_acquire+0x170/0x3f0 [ 3116.159170] ? ioctl_preallocate+0x1a0/0x1a0 [ 3116.163579] ? __fget+0x265/0x3e0 [ 3116.167034] ? do_vfs_ioctl+0xff0/0xff0 [ 3116.171009] ? security_file_ioctl+0x83/0xb0 [ 3116.175418] SyS_ioctl+0x7f/0xb0 [ 3116.178785] ? do_vfs_ioctl+0xff0/0xff0 [ 3116.182761] do_syscall_64+0x1d5/0x640 [ 3116.186659] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3116.191846] RIP: 0033:0x7f980133e109 [ 3116.195558] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3116.203262] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 00:21:41 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x5) write$uinput_user_dev(r1, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r1, 0x5501) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {0x0, 0x0, 0xffff}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff]}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x5) (async) write$uinput_user_dev(r1, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r1, 0x5501) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {0x0, 0x0, 0xffff}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff]}, 0x45c) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) [ 3116.210534] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3116.217804] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3116.225072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3116.232341] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3116.247908] input: syz0 as /devices/virtual/input/input33006 00:21:41 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x1004, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff]}, 0x45c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000280), 0x800, 0x406000) ioctl$DRM_IOCTL_GEM_OPEN(r2, 0xc010640b, &(0x7f00000002c0)) ioctl$UI_SET_PHYS(r1, 0x4008556c, &(0x7f0000000240)='syz1\x00') ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f0000000040)={0x6, 0x4, {0x52, 0xff01, 0xff, {0x1, 0x60}, {0x8a6, 0x80}, @rumble={0x2, 0x400}}, {0x53, 0x2, 0x9, {0x9}, {0x7}, @cond=[{0xa21e, 0x20, 0x1, 0x8001, 0x9, 0x1}, {0x7, 0x509, 0x81, 0x3, 0x4, 0x3}]}}) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$UI_GET_SYSNAME(r3, 0x8040552c, &(0x7f0000000100)) r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000140), 0x4000, 0x0) ioctl$UI_END_FF_UPLOAD(r4, 0x406855c9, &(0x7f0000000180)={0xc, 0x5, {0x55, 0x2, 0x4, {0x3, 0xb51}, {0x2, 0x1}, @const={0x100, {0x6, 0x3, 0x0, 0x2}}}, {0x57, 0x20, 0x7, {0x6, 0x4}, {0x7, 0x40}, @ramp={0x8, 0x5, {0x4, 0x4, 0x5, 0x200}}}}) [ 3116.268930] FAULT_INJECTION: forcing a failure. [ 3116.268930] name failslab, interval 1, probability 0, space 0, times 0 [ 3116.290668] CPU: 0 PID: 18911 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3116.298563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3116.307913] Call Trace: [ 3116.310503] dump_stack+0x1b2/0x281 [ 3116.314133] should_fail.cold+0x10a/0x149 [ 3116.318285] should_failslab+0xd6/0x130 [ 3116.322263] kmem_cache_alloc_node+0x263/0x410 [ 3116.326850] __alloc_skb+0x5c/0x510 [ 3116.330478] kobject_uevent_env+0x882/0xf30 [ 3116.334816] device_del+0x642/0xa80 [ 3116.338444] ? __device_links_no_driver+0x1b0/0x1b0 [ 3116.343462] ? pm_runtime_set_memalloc_noio+0xdc/0x140 [ 3116.348739] del_gendisk+0x65c/0x820 [ 3116.352454] ? disk_events_poll_msecs_store+0x150/0x150 [ 3116.357822] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3116.362313] ? blk_cleanup_queue+0x43c/0x620 [ 3116.366724] loop_control_ioctl+0x347/0x3f0 [ 3116.371044] ? loop_lookup+0x190/0x190 [ 3116.374937] ? SyS_write+0x1b7/0x210 [ 3116.378659] ? loop_lookup+0x190/0x190 [ 3116.382543] do_vfs_ioctl+0x75a/0xff0 [ 3116.386340] ? lock_acquire+0x170/0x3f0 [ 3116.390323] ? ioctl_preallocate+0x1a0/0x1a0 [ 3116.394735] ? __fget+0x265/0x3e0 [ 3116.398193] ? do_vfs_ioctl+0xff0/0xff0 [ 3116.402169] ? security_file_ioctl+0x83/0xb0 [ 3116.406577] SyS_ioctl+0x7f/0xb0 [ 3116.409936] ? do_vfs_ioctl+0xff0/0xff0 [ 3116.413909] do_syscall_64+0x1d5/0x640 [ 3116.417799] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3116.423677] RIP: 0033:0x7fc500a72109 [ 3116.427381] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3116.435088] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 [ 3116.442350] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 3116.449615] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 [ 3116.456881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3116.464235] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 00:21:41 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 31) 00:21:41 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x58) 00:21:41 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 34) 00:21:41 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7e], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3116.512807] input: syz0 as /devices/virtual/input/input33010 [ 3116.531244] input: syz0 as /devices/virtual/input/input33009 [ 3116.545435] input: syz0 as /devices/virtual/input/input33011 00:21:41 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x1004, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff]}, 0x45c) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) (async) r2 = syz_open_dev$dri(&(0x7f0000000280), 0x800, 0x406000) ioctl$DRM_IOCTL_GEM_OPEN(r2, 0xc010640b, &(0x7f00000002c0)) ioctl$UI_SET_PHYS(r1, 0x4008556c, &(0x7f0000000240)='syz1\x00') (async) ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f0000000040)={0x6, 0x4, {0x52, 0xff01, 0xff, {0x1, 0x60}, {0x8a6, 0x80}, @rumble={0x2, 0x400}}, {0x53, 0x2, 0x9, {0x9}, {0x7}, @cond=[{0xa21e, 0x20, 0x1, 0x8001, 0x9, 0x1}, {0x7, 0x509, 0x81, 0x3, 0x4, 0x3}]}}) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) (async) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$UI_GET_SYSNAME(r3, 0x8040552c, &(0x7f0000000100)) (async) r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000140), 0x4000, 0x0) ioctl$UI_END_FF_UPLOAD(r4, 0x406855c9, &(0x7f0000000180)={0xc, 0x5, {0x55, 0x2, 0x4, {0x3, 0xb51}, {0x2, 0x1}, @const={0x100, {0x6, 0x3, 0x0, 0x2}}}, {0x57, 0x20, 0x7, {0x6, 0x4}, {0x7, 0x40}, @ramp={0x8, 0x5, {0x4, 0x4, 0x5, 0x200}}}}) 00:21:41 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async, rerun: 32) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800]}, 0x45c) (rerun: 32) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x58) [ 3116.587608] input: syz0 as /devices/virtual/input/input33015 [ 3116.605259] FAULT_INJECTION: forcing a failure. [ 3116.605259] name failslab, interval 1, probability 0, space 0, times 0 [ 3116.616614] CPU: 1 PID: 18940 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3116.624496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3116.633838] Call Trace: [ 3116.636408] dump_stack+0x1b2/0x281 [ 3116.640025] should_fail.cold+0x10a/0x149 [ 3116.644161] should_failslab+0xd6/0x130 [ 3116.648549] kmem_cache_alloc_node_trace+0x25a/0x400 [ 3116.653632] __kmalloc_node_track_caller+0x38/0x70 [ 3116.658558] __alloc_skb+0x96/0x510 [ 3116.662173] kobject_uevent_env+0x882/0xf30 [ 3116.666481] device_del+0x642/0xa80 [ 3116.670087] ? __device_links_no_driver+0x1b0/0x1b0 [ 3116.675082] ? pm_runtime_set_memalloc_noio+0xdc/0x140 [ 3116.680354] del_gendisk+0x65c/0x820 [ 3116.684110] ? disk_events_poll_msecs_store+0x150/0x150 [ 3116.689896] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3116.694375] ? blk_cleanup_queue+0x43c/0x620 [ 3116.698771] loop_control_ioctl+0x347/0x3f0 [ 3116.703083] ? loop_lookup+0x190/0x190 [ 3116.706957] ? SyS_write+0x1b7/0x210 [ 3116.710775] ? loop_lookup+0x190/0x190 [ 3116.714653] do_vfs_ioctl+0x75a/0xff0 [ 3116.718442] ? lock_acquire+0x170/0x3f0 [ 3116.722406] ? ioctl_preallocate+0x1a0/0x1a0 [ 3116.726795] ? __fget+0x265/0x3e0 [ 3116.730227] ? do_vfs_ioctl+0xff0/0xff0 [ 3116.734190] ? security_file_ioctl+0x83/0xb0 [ 3116.738582] SyS_ioctl+0x7f/0xb0 [ 3116.741939] ? do_vfs_ioctl+0xff0/0xff0 [ 3116.745905] do_syscall_64+0x1d5/0x640 [ 3116.749782] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3116.754948] RIP: 0033:0x7fc500a72109 [ 3116.758647] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3116.766342] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 [ 3116.773587] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 3116.780838] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 00:21:42 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {0x0, 0x0, 0x4}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) r1 = socket$inet_sctp(0x2, 0x1, 0x84) accept$inet(r1, &(0x7f0000000040)={0x2, 0x0, @loopback}, &(0x7f0000000080)=0x10) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:42 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 32) [ 3116.788085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3116.795332] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 [ 3116.805846] input: syz0 as /devices/virtual/input/input33018 00:21:42 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:42 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x1004, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff]}, 0x45c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000280), 0x800, 0x406000) ioctl$DRM_IOCTL_GEM_OPEN(r2, 0xc010640b, &(0x7f00000002c0)) ioctl$UI_SET_PHYS(r1, 0x4008556c, &(0x7f0000000240)='syz1\x00') ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f0000000040)={0x6, 0x4, {0x52, 0xff01, 0xff, {0x1, 0x60}, {0x8a6, 0x80}, @rumble={0x2, 0x400}}, {0x53, 0x2, 0x9, {0x9}, {0x7}, @cond=[{0xa21e, 0x20, 0x1, 0x8001, 0x9, 0x1}, {0x7, 0x509, 0x81, 0x3, 0x4, 0x3}]}}) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$UI_GET_SYSNAME(r3, 0x8040552c, &(0x7f0000000100)) r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000140), 0x4000, 0x0) ioctl$UI_END_FF_UPLOAD(r4, 0x406855c9, &(0x7f0000000180)={0xc, 0x5, {0x55, 0x2, 0x4, {0x3, 0xb51}, {0x2, 0x1}, @const={0x100, {0x6, 0x3, 0x0, 0x2}}}, {0x57, 0x20, 0x7, {0x6, 0x4}, {0x7, 0x40}, @ramp={0x8, 0x5, {0x4, 0x4, 0x5, 0x200}}}}) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x1004, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff]}, 0x45c) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) (async) syz_open_dev$dri(&(0x7f0000000280), 0x800, 0x406000) (async) ioctl$DRM_IOCTL_GEM_OPEN(r2, 0xc010640b, &(0x7f00000002c0)) (async) ioctl$UI_SET_PHYS(r1, 0x4008556c, &(0x7f0000000240)='syz1\x00') (async) ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f0000000040)={0x6, 0x4, {0x52, 0xff01, 0xff, {0x1, 0x60}, {0x8a6, 0x80}, @rumble={0x2, 0x400}}, {0x53, 0x2, 0x9, {0x9}, {0x7}, @cond=[{0xa21e, 0x20, 0x1, 0x8001, 0x9, 0x1}, {0x7, 0x509, 0x81, 0x3, 0x4, 0x3}]}}) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) (async) openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) ioctl$UI_GET_SYSNAME(r3, 0x8040552c, &(0x7f0000000100)) (async) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000140), 0x4000, 0x0) (async) ioctl$UI_END_FF_UPLOAD(r4, 0x406855c9, &(0x7f0000000180)={0xc, 0x5, {0x55, 0x2, 0x4, {0x3, 0xb51}, {0x2, 0x1}, @const={0x100, {0x6, 0x3, 0x0, 0x2}}}, {0x57, 0x20, 0x7, {0x6, 0x4}, {0x7, 0x40}, @ramp={0x8, 0x5, {0x4, 0x4, 0x5, 0x200}}}}) (async) 00:21:42 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {0x0, 0x0, 0x4}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) r1 = socket$inet_sctp(0x2, 0x1, 0x84) accept$inet(r1, &(0x7f0000000040)={0x2, 0x0, @loopback}, &(0x7f0000000080)=0x10) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:42 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x3ff]}, 0x45c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x3) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3116.905195] input: syz0 as /devices/virtual/input/input33020 [ 3116.912818] input: syz0 as /devices/virtual/input/input33021 [ 3116.937228] FAULT_INJECTION: forcing a failure. [ 3116.937228] name failslab, interval 1, probability 0, space 0, times 0 [ 3116.948010] input: syz0 as /devices/virtual/input/input33027 [ 3116.983613] FAULT_INJECTION: forcing a failure. [ 3116.983613] name failslab, interval 1, probability 0, space 0, times 0 [ 3116.997965] CPU: 1 PID: 19000 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3117.005865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3117.015207] Call Trace: [ 3117.017786] dump_stack+0x1b2/0x281 [ 3117.021400] should_fail.cold+0x10a/0x149 [ 3117.025537] should_failslab+0xd6/0x130 [ 3117.029498] kmem_cache_alloc+0x28e/0x3c0 [ 3117.033636] __kernfs_new_node+0x6f/0x470 [ 3117.037882] kernfs_new_node+0x7b/0xe0 [ 3117.041754] __kernfs_create_file+0x3d/0x320 [ 3117.046158] sysfs_add_file_mode_ns+0x1e1/0x450 [ 3117.050814] sysfs_merge_group+0xdc/0x200 [ 3117.054947] dpm_sysfs_add+0x122/0x1c0 [ 3117.058819] device_add+0x977/0x15c0 [ 3117.062544] ? device_is_dependent+0x2a0/0x2a0 [ 3117.067108] ? __kmalloc+0x3a4/0x400 [ 3117.070803] ? input_register_device+0x419/0xa90 [ 3117.075544] input_register_device+0x59e/0xa90 [ 3117.080116] ? __lock_acquire+0x5fc/0x3f20 [ 3117.084360] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3117.089539] ? uinput_write+0xfb0/0xfb0 [ 3117.093504] ? get_pid_task+0xb8/0x130 [ 3117.097376] ? proc_fail_nth_write+0x7b/0x180 [ 3117.101857] ? trace_hardirqs_on+0x10/0x10 [ 3117.106073] ? fsnotify+0x974/0x11b0 [ 3117.109769] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3117.114691] ? __handle_mm_fault+0x80f/0x4620 [ 3117.119190] ? SyS_write+0x1b7/0x210 [ 3117.122890] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3117.128336] do_vfs_ioctl+0x75a/0xff0 [ 3117.132125] ? lock_acquire+0x170/0x3f0 [ 3117.136082] ? ioctl_preallocate+0x1a0/0x1a0 [ 3117.140472] ? __fget+0x265/0x3e0 [ 3117.143921] ? do_vfs_ioctl+0xff0/0xff0 [ 3117.147897] ? security_file_ioctl+0x83/0xb0 [ 3117.152286] SyS_ioctl+0x7f/0xb0 [ 3117.155639] ? do_vfs_ioctl+0xff0/0xff0 [ 3117.159606] do_syscall_64+0x1d5/0x640 [ 3117.163483] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3117.168657] RIP: 0033:0x7f980133e109 [ 3117.172352] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3117.180049] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3117.187407] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3117.194656] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3117.201909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3117.209256] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3117.216557] CPU: 0 PID: 18994 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3117.224450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3117.233808] Call Trace: [ 3117.236396] dump_stack+0x1b2/0x281 [ 3117.240039] should_fail.cold+0x10a/0x149 [ 3117.244195] should_failslab+0xd6/0x130 [ 3117.248176] kmem_cache_alloc_node+0x263/0x410 [ 3117.252764] __alloc_skb+0x5c/0x510 [ 3117.256487] kobject_uevent_env+0x882/0xf30 [ 3117.260817] device_del+0x642/0xa80 [ 3117.264446] ? __device_links_no_driver+0x1b0/0x1b0 [ 3117.269550] ? pm_runtime_set_memalloc_noio+0xdc/0x140 [ 3117.274830] del_gendisk+0x65c/0x820 [ 3117.278547] ? disk_events_poll_msecs_store+0x150/0x150 [ 3117.283915] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3117.288414] ? blk_cleanup_queue+0x43c/0x620 [ 3117.292826] loop_control_ioctl+0x347/0x3f0 [ 3117.297152] ? loop_lookup+0x190/0x190 [ 3117.301037] ? SyS_write+0x1b7/0x210 [ 3117.304755] ? loop_lookup+0x190/0x190 [ 3117.308637] do_vfs_ioctl+0x75a/0xff0 [ 3117.312433] ? lock_acquire+0x170/0x3f0 [ 3117.316404] ? ioctl_preallocate+0x1a0/0x1a0 [ 3117.320825] ? __fget+0x265/0x3e0 [ 3117.324281] ? do_vfs_ioctl+0xff0/0xff0 [ 3117.328253] ? security_file_ioctl+0x83/0xb0 [ 3117.332660] SyS_ioctl+0x7f/0xb0 [ 3117.336023] ? do_vfs_ioctl+0xff0/0xff0 [ 3117.339998] do_syscall_64+0x1d5/0x640 [ 3117.343898] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3117.349082] RIP: 0033:0x7fc500a72109 [ 3117.352788] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3117.360492] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 [ 3117.367761] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 3117.375029] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 00:21:42 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 33) 00:21:42 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3117.382298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3117.389576] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 00:21:42 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 35) 00:21:42 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x3ff]}, 0x45c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x3) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x3ff]}, 0x45c) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x3) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) 00:21:42 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {0x0, 0x0, 0x4}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) r1 = socket$inet_sctp(0x2, 0x1, 0x84) accept$inet(r1, &(0x7f0000000040)={0x2, 0x0, @loopback}, &(0x7f0000000080)=0x10) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3117.443742] input: syz0 as /devices/virtual/input/input33029 [ 3117.464398] input: syz0 as /devices/virtual/input/input33028 00:21:42 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x2) ioctl$BLKROTATIONAL(r1, 0x127e, &(0x7f0000000040)) [ 3117.515306] FAULT_INJECTION: forcing a failure. [ 3117.515306] name failslab, interval 1, probability 0, space 0, times 0 [ 3117.536998] input: syz0 as /devices/virtual/input/input33036 [ 3117.543685] input: syz0 as /devices/virtual/input/input33037 [ 3117.554788] FAULT_INJECTION: forcing a failure. [ 3117.554788] name failslab, interval 1, probability 0, space 0, times 0 [ 3117.556226] CPU: 0 PID: 19041 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3117.573862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3117.583548] Call Trace: [ 3117.586120] dump_stack+0x1b2/0x281 [ 3117.589750] should_fail.cold+0x10a/0x149 [ 3117.593893] should_failslab+0xd6/0x130 [ 3117.597852] kmem_cache_alloc+0x28e/0x3c0 [ 3117.601991] __kernfs_new_node+0x6f/0x470 [ 3117.606126] kernfs_new_node+0x7b/0xe0 [ 3117.610127] __kernfs_create_file+0x3d/0x320 [ 3117.614536] sysfs_add_file_mode_ns+0x1e1/0x450 [ 3117.619193] sysfs_merge_group+0xdc/0x200 [ 3117.623339] dpm_sysfs_add+0x122/0x1c0 [ 3117.627226] device_add+0x977/0x15c0 [ 3117.630938] ? device_is_dependent+0x2a0/0x2a0 [ 3117.635510] ? __kmalloc+0x3a4/0x400 [ 3117.639217] ? input_register_device+0x419/0xa90 [ 3117.643987] input_register_device+0x59e/0xa90 [ 3117.648565] ? __lock_acquire+0x5fc/0x3f20 [ 3117.652794] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3117.657981] ? uinput_write+0xfb0/0xfb0 [ 3117.661942] ? get_pid_task+0xb8/0x130 [ 3117.665813] ? proc_fail_nth_write+0x7b/0x180 [ 3117.670295] ? trace_hardirqs_on+0x10/0x10 [ 3117.674529] ? fsnotify+0x974/0x11b0 [ 3117.678241] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3117.683158] ? __handle_mm_fault+0x80f/0x4620 [ 3117.687641] ? SyS_write+0x1b7/0x210 [ 3117.691340] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3117.696771] do_vfs_ioctl+0x75a/0xff0 [ 3117.700567] ? lock_acquire+0x170/0x3f0 [ 3117.704524] ? ioctl_preallocate+0x1a0/0x1a0 [ 3117.708912] ? __fget+0x265/0x3e0 [ 3117.712347] ? do_vfs_ioctl+0xff0/0xff0 [ 3117.716304] ? security_file_ioctl+0x83/0xb0 [ 3117.720693] SyS_ioctl+0x7f/0xb0 [ 3117.724125] ? do_vfs_ioctl+0xff0/0xff0 [ 3117.728081] do_syscall_64+0x1d5/0x640 [ 3117.731969] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3117.737148] RIP: 0033:0x7f980133e109 [ 3117.740863] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3117.748560] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3117.755812] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3117.763068] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3117.770318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3117.777570] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3117.784839] CPU: 1 PID: 19033 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 [ 3117.792714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3117.802059] Call Trace: [ 3117.804649] dump_stack+0x1b2/0x281 [ 3117.808275] should_fail.cold+0x10a/0x149 [ 3117.812424] should_failslab+0xd6/0x130 [ 3117.816392] kmem_cache_alloc_node_trace+0x25a/0x400 [ 3117.821479] __kmalloc_node_track_caller+0x38/0x70 [ 3117.826385] __alloc_skb+0x96/0x510 [ 3117.829993] kobject_uevent_env+0x882/0xf30 [ 3117.834383] device_del+0x642/0xa80 [ 3117.837987] ? __device_links_no_driver+0x1b0/0x1b0 [ 3117.842996] ? pm_runtime_set_memalloc_noio+0xdc/0x140 [ 3117.848283] del_gendisk+0x65c/0x820 [ 3117.851985] ? disk_events_poll_msecs_store+0x150/0x150 [ 3117.857370] ? _raw_spin_unlock_irq+0x5a/0x80 [ 3117.861854] ? blk_cleanup_queue+0x43c/0x620 [ 3117.866266] loop_control_ioctl+0x347/0x3f0 [ 3117.870564] ? loop_lookup+0x190/0x190 [ 3117.874428] ? SyS_write+0x1b7/0x210 [ 3117.878134] ? loop_lookup+0x190/0x190 [ 3117.881998] do_vfs_ioctl+0x75a/0xff0 [ 3117.885779] ? lock_acquire+0x170/0x3f0 [ 3117.889749] ? ioctl_preallocate+0x1a0/0x1a0 [ 3117.894139] ? __fget+0x265/0x3e0 [ 3117.897603] ? do_vfs_ioctl+0xff0/0xff0 [ 3117.901649] ? security_file_ioctl+0x83/0xb0 [ 3117.906032] SyS_ioctl+0x7f/0xb0 [ 3117.909380] ? do_vfs_ioctl+0xff0/0xff0 [ 3117.913338] do_syscall_64+0x1d5/0x640 [ 3117.917206] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3117.922374] RIP: 0033:0x7fc500a72109 [ 3117.926069] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3117.933787] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 [ 3117.941046] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 3117.948297] RBP: 00007fc4ff3e71d0 R08: 0000000000000000 R09: 0000000000000000 [ 3117.955548] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 00:21:43 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f0000000040)={0xc, 0x101, 0x578}) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:43 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (fail_nth: 34) 00:21:43 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:43 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 36) [ 3117.962797] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 [ 3117.982412] input: syz0 as /devices/virtual/input/input33038 00:21:43 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x3ff]}, 0x45c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x3) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x3ff]}, 0x45c) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x3) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) [ 3118.068196] input: syz0 as /devices/virtual/input/input33040 [ 3118.074016] input: syz0 as /devices/virtual/input/input33041 [ 3118.075583] FAULT_INJECTION: forcing a failure. [ 3118.075583] name failslab, interval 1, probability 0, space 0, times 0 [ 3118.084388] input: syz0 as /devices/virtual/input/input33043 [ 3118.099462] CPU: 0 PID: 19101 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3118.107351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3118.116701] Call Trace: [ 3118.119291] dump_stack+0x1b2/0x281 [ 3118.123037] should_fail.cold+0x10a/0x149 [ 3118.127187] should_failslab+0xd6/0x130 [ 3118.131161] __kmalloc+0x2c1/0x400 [ 3118.134696] ? kobject_get_path+0xb5/0x230 [ 3118.138928] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 3118.144472] kobject_get_path+0xb5/0x230 [ 3118.148536] kobject_uevent_env+0x230/0xf30 [ 3118.152860] ? wait_for_completion_io+0x10/0x10 [ 3118.157535] device_add+0xa47/0x15c0 [ 3118.161249] ? device_is_dependent+0x2a0/0x2a0 [ 3118.165831] ? __kmalloc+0x3a4/0x400 [ 3118.169542] ? input_register_device+0x419/0xa90 [ 3118.174298] input_register_device+0x59e/0xa90 [ 3118.178879] ? __lock_acquire+0x5fc/0x3f20 [ 3118.183116] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3118.188307] ? uinput_write+0xfb0/0xfb0 [ 3118.192280] ? get_pid_task+0xb8/0x130 [ 3118.196166] ? proc_fail_nth_write+0x7b/0x180 [ 3118.200675] ? trace_hardirqs_on+0x10/0x10 [ 3118.205002] ? fsnotify+0x974/0x11b0 [ 3118.208712] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3118.213636] ? __handle_mm_fault+0x80f/0x4620 [ 3118.218130] ? SyS_write+0x1b7/0x210 [ 3118.221845] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3118.227298] do_vfs_ioctl+0x75a/0xff0 [ 3118.231097] ? lock_acquire+0x170/0x3f0 [ 3118.235069] ? ioctl_preallocate+0x1a0/0x1a0 [ 3118.239473] ? __fget+0x265/0x3e0 [ 3118.242923] ? do_vfs_ioctl+0xff0/0xff0 [ 3118.246898] ? security_file_ioctl+0x83/0xb0 [ 3118.251305] SyS_ioctl+0x7f/0xb0 [ 3118.254666] ? do_vfs_ioctl+0xff0/0xff0 [ 3118.258638] do_syscall_64+0x1d5/0x640 [ 3118.262529] entry_SYSCALL_64_after_hwframe+0x46/0xbb 00:21:43 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x7) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x5, 0x23, 0x9, 0x400, 0x1, 0xe7, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x1, 0xe}, 0x48) [ 3118.267714] RIP: 0033:0x7f980133e109 [ 3118.271419] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3118.279132] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3118.286418] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3118.293689] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3118.300951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3118.308214] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 00:21:43 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f0000000040)={0xc, 0x101, 0x578}) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f0000000040)={0xc, 0x101, 0x578}) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) 00:21:43 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (async, rerun: 32) ioctl$UI_DEV_DESTROY(r0, 0x5502) (async, rerun: 32) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x0) (async) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x2) ioctl$BLKROTATIONAL(r1, 0x127e, &(0x7f0000000040)) 00:21:43 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$UI_SET_PROPBIT(r0, 0x4004556e, 0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) 00:21:43 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:43 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x7) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x5, 0x23, 0x9, 0x400, 0x1, 0xe7, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x1, 0xe}, 0x48) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x7) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x5, 0x23, 0x9, 0x400, 0x1, 0xe7, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x1, 0xe}, 0x48) (async) [ 3118.366111] input: syz0 as /devices/virtual/input/input33047 [ 3118.391645] input: syz0 as /devices/virtual/input/input33048 00:21:43 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f0000000040)={0xc, 0x101, 0x578}) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f0000000040)={0xc, 0x101, 0x578}) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) [ 3118.422031] input: syz0 as /devices/virtual/input/input33049 00:21:43 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x2) ioctl$BLKROTATIONAL(r1, 0x127e, &(0x7f0000000040)) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) (async) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) (async) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x0) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x2) (async) ioctl$BLKROTATIONAL(r1, 0x127e, &(0x7f0000000040)) (async) 00:21:43 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) (async) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) (async) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) (async) ioctl$UI_SET_PROPBIT(r0, 0x4004556e, 0x10) (async) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) (async) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) (async) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) 00:21:43 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) [ 3118.484887] input: syz0 as /devices/virtual/input/input33084 [ 3118.493929] input: syz0 as /devices/virtual/input/input33085 [ 3118.505951] input: syz0 as /devices/virtual/input/input33086 [ 3118.516466] input: syz0 as /devices/virtual/input/input33042 00:21:43 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 37) 00:21:43 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:43 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x7) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x5, 0x23, 0x9, 0x400, 0x1, 0xe7, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x1, 0xe}, 0x48) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x7) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x5, 0x23, 0x9, 0x400, 0x1, 0xe7, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x1, 0xe}, 0x48) (async) [ 3118.559648] input: syz0 as /devices/virtual/input/input33088 00:21:43 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x400000, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0xc) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) getegid() 00:21:43 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$UI_SET_PROPBIT(r0, 0x4004556e, 0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) (async) ioctl$UI_SET_PROPBIT(r0, 0x4004556e, 0x10) (async) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) (async) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) (async) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (async) 00:21:43 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x400000, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0xc) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) getegid() openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c) (async) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x400000, 0x0) (async) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0xc) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) getegid() (async) [ 3118.652569] input: syz0 as /devices/virtual/input/input33089 [ 3118.664149] FAULT_INJECTION: forcing a failure. [ 3118.664149] name failslab, interval 1, probability 0, space 0, times 0 [ 3118.668029] input: syz0 as /devices/virtual/input/input33092 [ 3118.685846] input: syz0 as /devices/virtual/input/input33093 00:21:43 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) [ 3118.753277] CPU: 0 PID: 19219 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3118.761293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3118.770645] Call Trace: [ 3118.773236] dump_stack+0x1b2/0x281 [ 3118.776896] should_fail.cold+0x10a/0x149 [ 3118.781049] should_failslab+0xd6/0x130 [ 3118.785035] __kmalloc+0x2c1/0x400 [ 3118.788596] ? kobject_get_path+0xb5/0x230 [ 3118.792836] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 3118.798293] kobject_get_path+0xb5/0x230 [ 3118.802369] kobject_uevent_env+0x230/0xf30 [ 3118.806697] ? wait_for_completion_io+0x10/0x10 [ 3118.811398] device_add+0xa47/0x15c0 [ 3118.815111] ? device_is_dependent+0x2a0/0x2a0 [ 3118.819696] ? __kmalloc+0x3a4/0x400 [ 3118.823406] ? input_register_device+0x419/0xa90 [ 3118.828161] input_register_device+0x59e/0xa90 [ 3118.832739] ? __lock_acquire+0x5fc/0x3f20 [ 3118.836975] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3118.842165] ? uinput_write+0xfb0/0xfb0 [ 3118.846142] ? get_pid_task+0xb8/0x130 [ 3118.850030] ? proc_fail_nth_write+0x7b/0x180 [ 3118.854533] ? trace_hardirqs_on+0x10/0x10 [ 3118.858767] ? fsnotify+0x974/0x11b0 [ 3118.862475] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3118.867399] ? __handle_mm_fault+0x80f/0x4620 [ 3118.871890] ? SyS_write+0x1b7/0x210 [ 3118.875607] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3118.881052] do_vfs_ioctl+0x75a/0xff0 [ 3118.884937] ? lock_acquire+0x170/0x3f0 [ 3118.888908] ? ioctl_preallocate+0x1a0/0x1a0 [ 3118.893314] ? __fget+0x265/0x3e0 [ 3118.896768] ? do_vfs_ioctl+0xff0/0xff0 [ 3118.900754] ? security_file_ioctl+0x83/0xb0 [ 3118.905507] SyS_ioctl+0x7f/0xb0 [ 3118.908866] ? do_vfs_ioctl+0xff0/0xff0 [ 3118.912853] do_syscall_64+0x1d5/0x640 [ 3118.916742] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3118.921923] RIP: 0033:0x7f980133e109 [ 3118.925625] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3118.933328] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3118.940589] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 00:21:44 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe25c], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:44 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:44 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c) (async) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x400000, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0xc) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) getegid() 00:21:44 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 38) 00:21:44 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(r1, 0x5501) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3118.947851] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3118.955126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3118.962388] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3118.992632] input: syz0 as /devices/virtual/input/input33091 00:21:44 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe25c], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:44 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000000c0), 0x200080, 0x0) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x6) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100), 0x10000, 0x0) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) r4 = getuid() mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x1005032, &(0x7f0000000180)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@privport}, {@msize}, {@nodevmap}, {@access_uid={'access', 0x3d, r4}}, {@aname={'aname', 0x3d, '*{'}}], [{@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}, {@smackfsdef={'smackfsdef', 0x3d, '/dev/loop-control\x00'}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}}) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x0) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0) [ 3119.026778] input: syz0 as /devices/virtual/input/input33096 00:21:44 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {0x0, 0x3ff}, 0x2d, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0x9], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, 0x45c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_SET_PHYS(r1, 0x4008556c, &(0x7f0000000340)='syz1\x00') sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000040)="02cb32e9507881dc1210fb56f05fc416bcc61999a2c6d15d98d32bb0b8eefb3434cc59fe2d774c8c8677860c3fc24acc89d170db2dbd8d1076906663893142fabcfdb47b827562eb73238eed43bb94b0e6436d468c63b985801f1a22ed65f6756142f353fddff64aba3274740f19933ba7491593bb5bbffd5c3548515bed4173858e072097cb19746d0db46178b9126546b3433289a4f1f03dc29548d785e182a685854a9ee6f24358b28278c46a66858ad322409e0b56cdb5ab9320d87690c75a6f9d9876dd2f6f9f9e49356dfee3b8574bf1a45dfe5dc80dd8c6a3a585d342bb40c3ecb9fcd1d9", 0xe8}, {&(0x7f0000000140)="39ec6a83624af969d010880cfeeed2d1d4c52f0e355230a46b62e16f1f5605bf0a450394f067a7edecc3a07380eba3", 0x2f}], 0x2, &(0x7f00000001c0)=[{0xb8, 0x119, 0x2, "5205171afe4bb535f5c98d87e28cad945b9a86e9fcbf22a975db4055e6efa413548a782ba32b987911da756a5b41bd8f293680417bfff736f8ed929b6982bf9ab85631025bb07abf0d92ba012efd473922265f97c43965c68dd7bbce3cf148bdf55b1d4f217d4428c26a0b41e8d2916baca469dc48fe87a23fdcb9335682c2071b15342fb0046baab56123a43db27d4e4f106bdbdfe326d4cdd223f71cc1b6262ffebf"}, {0x88, 0x1, 0x240000, "0211d1e18ca0f2543a470e44bec40fe408e34cd5d8126d6b3a31352d6e51f4e1399c71df630c151bac796b5faae45dac65138b5b9c69820b5fda7a85638a25a3b17b01293c0d8a06e64e208cd7cbac60676e97e4a45f45346d422e6d0dc2733e0cde96248578abf41d4d8a6c16787300d202c5"}], 0x140}, 0x8850) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) ioctl$UI_END_FF_UPLOAD(r2, 0x406855c9, &(0x7f0000000440)={0xe, 0x612, {0x52, 0x7, 0x6, {0x20, 0x4}, {0xff, 0x100}, @period={0x5d, 0x6, 0x2, 0xb9, 0x40, {0x1, 0x7, 0x1f, 0xc9c}, 0x2, &(0x7f0000000400)=[0x521, 0x0]}}, {0x56, 0x2, 0x3af4, {0x7ff, 0x1000}, {0x40, 0x81}, @ramp={0x6, 0x4, {0x0, 0x7fff, 0x8000, 0x7}}}}) ioctl$UI_END_FF_UPLOAD(r1, 0x406855c9, &(0x7f0000000380)={0x10, 0x9, {0x56, 0x2, 0x1, {0x6, 0x89}, {0x7, 0x9}, @ramp={0xb8, 0xc000, {0x7, 0x5, 0x81, 0x6}}}, {0x52, 0x8c, 0x6, {0x1, 0x20}, {0x4, 0x9}, @const={0x2, {0x3, 0x9, 0x6, 0x1}}}}) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:44 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 3119.111818] input: syz0 as /devices/virtual/input/input33098 [ 3119.124743] FAULT_INJECTION: forcing a failure. [ 3119.124743] name failslab, interval 1, probability 0, space 0, times 0 [ 3119.142945] CPU: 1 PID: 19295 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3119.150829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3119.160173] Call Trace: [ 3119.162762] dump_stack+0x1b2/0x281 [ 3119.166370] should_fail.cold+0x10a/0x149 [ 3119.170499] should_failslab+0xd6/0x130 [ 3119.174453] kmem_cache_alloc_node+0x263/0x410 [ 3119.179030] __alloc_skb+0x5c/0x510 [ 3119.182660] kobject_uevent_env+0x882/0xf30 [ 3119.186968] device_add+0xa47/0x15c0 [ 3119.190670] ? device_is_dependent+0x2a0/0x2a0 [ 3119.195238] ? __kmalloc+0x3a4/0x400 [ 3119.199026] ? input_register_device+0x419/0xa90 [ 3119.203858] input_register_device+0x59e/0xa90 [ 3119.208468] ? __lock_acquire+0x5fc/0x3f20 [ 3119.212689] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3119.217860] ? uinput_write+0xfb0/0xfb0 [ 3119.221820] ? get_pid_task+0xb8/0x130 [ 3119.225693] ? proc_fail_nth_write+0x7b/0x180 [ 3119.230182] ? trace_hardirqs_on+0x10/0x10 [ 3119.234411] ? fsnotify+0x974/0x11b0 [ 3119.238103] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3119.243012] ? __handle_mm_fault+0x80f/0x4620 [ 3119.247494] ? SyS_write+0x1b7/0x210 [ 3119.251201] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3119.256644] do_vfs_ioctl+0x75a/0xff0 [ 3119.260444] ? lock_acquire+0x170/0x3f0 [ 3119.264414] ? ioctl_preallocate+0x1a0/0x1a0 [ 3119.268806] ? __fget+0x265/0x3e0 [ 3119.272240] ? do_vfs_ioctl+0xff0/0xff0 [ 3119.276202] ? security_file_ioctl+0x83/0xb0 [ 3119.280599] SyS_ioctl+0x7f/0xb0 [ 3119.283963] ? do_vfs_ioctl+0xff0/0xff0 [ 3119.287928] do_syscall_64+0x1d5/0x640 [ 3119.291806] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3119.296987] RIP: 0033:0x7f980133e109 [ 3119.300859] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3119.308559] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3119.315808] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3119.323147] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3119.330406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3119.337659] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3119.347075] input: syz0 as /devices/virtual/input/input33102 [ 3119.348913] input: syz0 as /devices/virtual/input/input33099 00:21:44 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe25c], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:44 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {0x0, 0x3ff}, 0x2d, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0x9], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, 0x45c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_SET_PHYS(r1, 0x4008556c, &(0x7f0000000340)='syz1\x00') sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000040)="02cb32e9507881dc1210fb56f05fc416bcc61999a2c6d15d98d32bb0b8eefb3434cc59fe2d774c8c8677860c3fc24acc89d170db2dbd8d1076906663893142fabcfdb47b827562eb73238eed43bb94b0e6436d468c63b985801f1a22ed65f6756142f353fddff64aba3274740f19933ba7491593bb5bbffd5c3548515bed4173858e072097cb19746d0db46178b9126546b3433289a4f1f03dc29548d785e182a685854a9ee6f24358b28278c46a66858ad322409e0b56cdb5ab9320d87690c75a6f9d9876dd2f6f9f9e49356dfee3b8574bf1a45dfe5dc80dd8c6a3a585d342bb40c3ecb9fcd1d9", 0xe8}, {&(0x7f0000000140)="39ec6a83624af969d010880cfeeed2d1d4c52f0e355230a46b62e16f1f5605bf0a450394f067a7edecc3a07380eba3", 0x2f}], 0x2, &(0x7f00000001c0)=[{0xb8, 0x119, 0x2, "5205171afe4bb535f5c98d87e28cad945b9a86e9fcbf22a975db4055e6efa413548a782ba32b987911da756a5b41bd8f293680417bfff736f8ed929b6982bf9ab85631025bb07abf0d92ba012efd473922265f97c43965c68dd7bbce3cf148bdf55b1d4f217d4428c26a0b41e8d2916baca469dc48fe87a23fdcb9335682c2071b15342fb0046baab56123a43db27d4e4f106bdbdfe326d4cdd223f71cc1b6262ffebf"}, {0x88, 0x1, 0x240000, "0211d1e18ca0f2543a470e44bec40fe408e34cd5d8126d6b3a31352d6e51f4e1399c71df630c151bac796b5faae45dac65138b5b9c69820b5fda7a85638a25a3b17b01293c0d8a06e64e208cd7cbac60676e97e4a45f45346d422e6d0dc2733e0cde96248578abf41d4d8a6c16787300d202c5"}], 0x140}, 0x8850) (async) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) (async) ioctl$UI_END_FF_UPLOAD(r2, 0x406855c9, &(0x7f0000000440)={0xe, 0x612, {0x52, 0x7, 0x6, {0x20, 0x4}, {0xff, 0x100}, @period={0x5d, 0x6, 0x2, 0xb9, 0x40, {0x1, 0x7, 0x1f, 0xc9c}, 0x2, &(0x7f0000000400)=[0x521, 0x0]}}, {0x56, 0x2, 0x3af4, {0x7ff, 0x1000}, {0x40, 0x81}, @ramp={0x6, 0x4, {0x0, 0x7fff, 0x8000, 0x7}}}}) (async) ioctl$UI_END_FF_UPLOAD(r1, 0x406855c9, &(0x7f0000000380)={0x10, 0x9, {0x56, 0x2, 0x1, {0x6, 0x89}, {0x7, 0x9}, @ramp={0xb8, 0xc000, {0x7, 0x5, 0x81, 0x6}}}, {0x52, 0x8c, 0x6, {0x1, 0x20}, {0x4, 0x9}, @const={0x2, {0x3, 0x9, 0x6, 0x1}}}}) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async, rerun: 32) ioctl$UI_DEV_CREATE(r0, 0x5501) (rerun: 32) [ 3119.354631] input: syz0 as /devices/virtual/input/input33104 00:21:44 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 39) 00:21:44 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000000c0), 0x200080, 0x0) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x6) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100), 0x10000, 0x0) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) r4 = getuid() mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x1005032, &(0x7f0000000180)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@privport}, {@msize}, {@nodevmap}, {@access_uid={'access', 0x3d, r4}}, {@aname={'aname', 0x3d, '*{'}}], [{@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}, {@smackfsdef={'smackfsdef', 0x3d, '/dev/loop-control\x00'}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}}) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x0) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) (async) openat$cachefiles(0xffffffffffffff9c, &(0x7f00000000c0), 0x200080, 0x0) (async) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x6) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100), 0x10000, 0x0) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (async) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) (async) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) (async) getuid() (async) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x1005032, &(0x7f0000000180)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@privport}, {@msize}, {@nodevmap}, {@access_uid={'access', 0x3d, r4}}, {@aname={'aname', 0x3d, '*{'}}], [{@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}, {@smackfsdef={'smackfsdef', 0x3d, '/dev/loop-control\x00'}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}}) (async) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) (async) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x0) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0) (async) [ 3119.416648] input: syz0 as /devices/virtual/input/input33108 00:21:44 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(r1, 0x5501) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) (async) ioctl$UI_DEV_CREATE(r1, 0x5501) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) [ 3119.460121] input: syz0 as /devices/virtual/input/input33109 00:21:44 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000000c0), 0x200080, 0x0) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x6) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100), 0x10000, 0x0) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) r4 = getuid() mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x1005032, &(0x7f0000000180)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@privport}, {@msize}, {@nodevmap}, {@access_uid={'access', 0x3d, r4}}, {@aname={'aname', 0x3d, '*{'}}], [{@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}, {@smackfsdef={'smackfsdef', 0x3d, '/dev/loop-control\x00'}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}}) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x0) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0) [ 3119.507419] input: syz0 as /devices/virtual/input/input33110 [ 3119.527417] FAULT_INJECTION: forcing a failure. [ 3119.527417] name failslab, interval 1, probability 0, space 0, times 0 [ 3119.553081] CPU: 1 PID: 19343 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3119.561081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3119.570434] Call Trace: [ 3119.573029] dump_stack+0x1b2/0x281 [ 3119.576667] should_fail.cold+0x10a/0x149 [ 3119.580815] should_failslab+0xd6/0x130 [ 3119.584788] kmem_cache_alloc_node+0x263/0x410 [ 3119.589370] __alloc_skb+0x5c/0x510 [ 3119.593003] kobject_uevent_env+0x882/0xf30 [ 3119.597335] device_add+0xa47/0x15c0 [ 3119.601056] ? device_is_dependent+0x2a0/0x2a0 00:21:44 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) getgroups(0x3, &(0x7f0000000040)=[0xee00, 0xee00, 0x0]) r3 = getegid() getgroups(0x4, &(0x7f0000000080)=[0xffffffffffffffff, 0xee01, 0xee00, 0xee01]) getgroups(0xa, &(0x7f00000000c0)=[0xffffffffffffffff, r2, 0x0, 0xee00, r3, 0xee01, 0xee00, r4, 0x0, 0xee01]) getgroups(0x4, &(0x7f0000000100)=[r3, r7, r4, 0xee00]) getgroups(0x1, &(0x7f0000000140)=[r9]) setgroups(0x8, &(0x7f0000000180)=[r8, r10, r1, r5, r4, r11, r2, r6]) [ 3119.605634] ? __kmalloc+0x3a4/0x400 [ 3119.609342] ? input_register_device+0x419/0xa90 [ 3119.614092] input_register_device+0x59e/0xa90 [ 3119.618670] ? __lock_acquire+0x5fc/0x3f20 [ 3119.622904] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3119.628093] ? uinput_write+0xfb0/0xfb0 [ 3119.632096] ? get_pid_task+0xb8/0x130 [ 3119.636001] ? proc_fail_nth_write+0x7b/0x180 [ 3119.640495] ? trace_hardirqs_on+0x10/0x10 [ 3119.644755] ? fsnotify+0x974/0x11b0 [ 3119.648464] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3119.653388] ? __handle_mm_fault+0x80f/0x4620 [ 3119.657880] ? SyS_write+0x1b7/0x210 [ 3119.661596] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3119.667046] do_vfs_ioctl+0x75a/0xff0 [ 3119.670827] ? lock_acquire+0x170/0x3f0 [ 3119.674779] ? ioctl_preallocate+0x1a0/0x1a0 [ 3119.679176] ? __fget+0x265/0x3e0 [ 3119.682621] ? do_vfs_ioctl+0xff0/0xff0 [ 3119.686576] ? security_file_ioctl+0x83/0xb0 [ 3119.690961] SyS_ioctl+0x7f/0xb0 [ 3119.694306] ? do_vfs_ioctl+0xff0/0xff0 [ 3119.698288] do_syscall_64+0x1d5/0x640 [ 3119.702188] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3119.707361] RIP: 0033:0x7f980133e109 [ 3119.711056] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3119.718749] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3119.726011] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3119.733266] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3119.740524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3119.747782] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 00:21:45 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000000c0), 0x200080, 0x0) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x6) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100), 0x10000, 0x0) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (async) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) (async) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) (async) r4 = getuid() mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x1005032, &(0x7f0000000180)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@privport}, {@msize}, {@nodevmap}, {@access_uid={'access', 0x3d, r4}}, {@aname={'aname', 0x3d, '*{'}}], [{@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}, {@smackfsdef={'smackfsdef', 0x3d, '/dev/loop-control\x00'}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}}) (async) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) (async) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x0) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0) 00:21:45 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {0x0, 0x3ff}, 0x2d, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0x9], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, 0x45c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_SET_PHYS(r1, 0x4008556c, &(0x7f0000000340)='syz1\x00') sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000040)="02cb32e9507881dc1210fb56f05fc416bcc61999a2c6d15d98d32bb0b8eefb3434cc59fe2d774c8c8677860c3fc24acc89d170db2dbd8d1076906663893142fabcfdb47b827562eb73238eed43bb94b0e6436d468c63b985801f1a22ed65f6756142f353fddff64aba3274740f19933ba7491593bb5bbffd5c3548515bed4173858e072097cb19746d0db46178b9126546b3433289a4f1f03dc29548d785e182a685854a9ee6f24358b28278c46a66858ad322409e0b56cdb5ab9320d87690c75a6f9d9876dd2f6f9f9e49356dfee3b8574bf1a45dfe5dc80dd8c6a3a585d342bb40c3ecb9fcd1d9", 0xe8}, {&(0x7f0000000140)="39ec6a83624af969d010880cfeeed2d1d4c52f0e355230a46b62e16f1f5605bf0a450394f067a7edecc3a07380eba3", 0x2f}], 0x2, &(0x7f00000001c0)=[{0xb8, 0x119, 0x2, "5205171afe4bb535f5c98d87e28cad945b9a86e9fcbf22a975db4055e6efa413548a782ba32b987911da756a5b41bd8f293680417bfff736f8ed929b6982bf9ab85631025bb07abf0d92ba012efd473922265f97c43965c68dd7bbce3cf148bdf55b1d4f217d4428c26a0b41e8d2916baca469dc48fe87a23fdcb9335682c2071b15342fb0046baab56123a43db27d4e4f106bdbdfe326d4cdd223f71cc1b6262ffebf"}, {0x88, 0x1, 0x240000, "0211d1e18ca0f2543a470e44bec40fe408e34cd5d8126d6b3a31352d6e51f4e1399c71df630c151bac796b5faae45dac65138b5b9c69820b5fda7a85638a25a3b17b01293c0d8a06e64e208cd7cbac60676e97e4a45f45346d422e6d0dc2733e0cde96248578abf41d4d8a6c16787300d202c5"}], 0x140}, 0x8850) (async) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) ioctl$UI_END_FF_UPLOAD(r2, 0x406855c9, &(0x7f0000000440)={0xe, 0x612, {0x52, 0x7, 0x6, {0x20, 0x4}, {0xff, 0x100}, @period={0x5d, 0x6, 0x2, 0xb9, 0x40, {0x1, 0x7, 0x1f, 0xc9c}, 0x2, &(0x7f0000000400)=[0x521, 0x0]}}, {0x56, 0x2, 0x3af4, {0x7ff, 0x1000}, {0x40, 0x81}, @ramp={0x6, 0x4, {0x0, 0x7fff, 0x8000, 0x7}}}}) ioctl$UI_END_FF_UPLOAD(r1, 0x406855c9, &(0x7f0000000380)={0x10, 0x9, {0x56, 0x2, 0x1, {0x6, 0x89}, {0x7, 0x9}, @ramp={0xb8, 0xc000, {0x7, 0x5, 0x81, 0x6}}}, {0x52, 0x8c, 0x6, {0x1, 0x20}, {0x4, 0x9}, @const={0x2, {0x3, 0x9, 0x6, 0x1}}}}) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3119.764241] input: syz0 as /devices/virtual/input/input33114 [ 3119.772472] input: syz0 as /devices/virtual/input/input33115 [ 3119.778956] input: syz0 as /devices/virtual/input/input33118 00:21:45 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 40) 00:21:45 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(r1, 0x5501) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:45 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) getgroups(0x3, &(0x7f0000000040)=[0xee00, 0xee00, 0x0]) r3 = getegid() getgroups(0x4, &(0x7f0000000080)=[0xffffffffffffffff, 0xee01, 0xee00, 0xee01]) getgroups(0xa, &(0x7f00000000c0)=[0xffffffffffffffff, r2, 0x0, 0xee00, r3, 0xee01, 0xee00, r4, 0x0, 0xee01]) getgroups(0x4, &(0x7f0000000100)=[r3, r7, r4, 0xee00]) getgroups(0x1, &(0x7f0000000140)=[r9]) setgroups(0x8, &(0x7f0000000180)=[r8, r10, r1, r5, r4, r11, r2, r6]) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) (async) getgroups(0x3, &(0x7f0000000040)=[0xee00, 0xee00, 0x0]) (async) getegid() (async) getgroups(0x4, &(0x7f0000000080)=[0xffffffffffffffff, 0xee01, 0xee00, 0xee01]) (async) getgroups(0xa, &(0x7f00000000c0)=[0xffffffffffffffff, r2, 0x0, 0xee00, r3, 0xee01, 0xee00, r4, 0x0, 0xee01]) (async) getgroups(0x4, &(0x7f0000000100)=[r3, r7, r4, 0xee00]) (async) getgroups(0x1, &(0x7f0000000140)=[r9]) (async) setgroups(0x8, &(0x7f0000000180)=[r8, r10, r1, r5, r4, r11, r2, r6]) (async) 00:21:45 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3119.885758] FAULT_INJECTION: forcing a failure. [ 3119.885758] name failslab, interval 1, probability 0, space 0, times 0 [ 3119.936227] CPU: 0 PID: 19410 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3119.944136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3119.953486] Call Trace: [ 3119.956081] dump_stack+0x1b2/0x281 [ 3119.959720] should_fail.cold+0x10a/0x149 [ 3119.963875] should_failslab+0xd6/0x130 [ 3119.967851] kmem_cache_alloc_node_trace+0x25a/0x400 [ 3119.972962] __kmalloc_node_track_caller+0x38/0x70 [ 3119.977893] __alloc_skb+0x96/0x510 [ 3119.981533] kobject_uevent_env+0x882/0xf30 [ 3119.985862] device_add+0xa47/0x15c0 [ 3119.989578] ? device_is_dependent+0x2a0/0x2a0 [ 3119.994159] ? __kmalloc+0x3a4/0x400 [ 3119.997879] ? input_register_device+0x419/0xa90 [ 3120.002636] input_register_device+0x59e/0xa90 [ 3120.007218] ? __lock_acquire+0x5fc/0x3f20 [ 3120.011457] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3120.016733] ? uinput_write+0xfb0/0xfb0 [ 3120.020702] ? get_pid_task+0xb8/0x130 [ 3120.024591] ? proc_fail_nth_write+0x7b/0x180 [ 3120.029086] ? trace_hardirqs_on+0x10/0x10 [ 3120.033325] ? fsnotify+0x974/0x11b0 [ 3120.037036] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3120.041959] ? __handle_mm_fault+0x80f/0x4620 [ 3120.046449] ? SyS_write+0x1b7/0x210 [ 3120.050165] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3120.055610] do_vfs_ioctl+0x75a/0xff0 [ 3120.059409] ? lock_acquire+0x170/0x3f0 [ 3120.063378] ? ioctl_preallocate+0x1a0/0x1a0 [ 3120.067784] ? __fget+0x265/0x3e0 [ 3120.071234] ? do_vfs_ioctl+0xff0/0xff0 [ 3120.075379] ? security_file_ioctl+0x83/0xb0 [ 3120.079789] SyS_ioctl+0x7f/0xb0 [ 3120.083151] ? do_vfs_ioctl+0xff0/0xff0 [ 3120.087125] do_syscall_64+0x1d5/0x640 [ 3120.091013] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3120.096196] RIP: 0033:0x7f980133e109 [ 3120.099898] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3120.107604] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3120.114866] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3120.122129] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3120.129398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 00:21:45 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3120.136662] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3120.242769] input: syz0 as /devices/virtual/input/input33122 [ 3120.253803] input: syz0 as /devices/virtual/input/input33121 [ 3120.254079] input: syz0 as /devices/virtual/input/input33123 [ 3120.275307] input: syz0 as /devices/virtual/input/input33120 00:21:45 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_GET_SYSNAME(r1, 0x8040552c, &(0x7f0000000080)) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000f80)={'dummy0\x00', 0x0}) r4 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f0000000000)={r3, @multicast2, @multicast1}, 0xc) sendmsg$WG_CMD_GET_DEVICE(r1, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f0000000940)={0xa8c, 0x0, 0x300, 0x70bd25, 0x25dfdbfe, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r3}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @a}, @WGDEVICE_A_IFINDEX={0x8}, @WGDEVICE_A_PEERS={0xa30, 0x8, 0x0, 0x1, [{0x224, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "61b03b19c99268799a83b5cbec94c50d7f9567250d6628957f5753ccf945e6f6"}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ALLOWEDIPS={0x19c, 0x9, 0x0, 0x1, [{0x4c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x30}}, {0x5}}]}, {0x40, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}]}, {0x10c, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00'}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x34}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @loopback}}, {0x5, 0x3, 0x3}}]}]}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "9588933de80150af6bde0ba1ed617e0de07822ccfca4fb16b3a553d47f3c756e"}]}, {0x470, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x46c, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x2}}]}, {0x88, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010101}, {0x5, 0x3, 0x2}}]}, {0xd0, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010101}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010101}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010100}, {0x5, 0x3, 0x3}}]}, {0x64, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x1f}}, {0x5, 0x3, 0x2}}]}, {0xb8, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x3}}]}, {0x58, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x2}}]}, {0x10c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010101}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @broadcast}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00'}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x1}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x35}}, {0x5}}]}, {0x4c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x1f}}, {0x5, 0x3, 0x1}}]}]}]}, {0xc, 0x0, 0x0, 0x1, [@WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x1000}]}, {0x38c, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e24, @multicast1}}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x8}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0xffffff80, @private1={0xfc, 0x1, '\x00', 0x1}, 0x2}}, @WGPEER_A_ALLOWEDIPS={0x34c, 0x9, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x1}}]}, {0xd0, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010100}, {0x5, 0x3, 0x1}}]}, {0x10c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}]}, {0xb8, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010101}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0xd}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}}, {0x5, 0x3, 0x3}}]}, {0x70, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x1}}]}]}]}]}]}, 0xa8c}, 0x1, 0x0, 0x0, 0x40860}, 0x84) 00:21:45 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x2c1, 0x0) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000080)={{0x1, 0x2, 0x7, 0xfbf2}, 'syz0\x00', 0x47}) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) ioctl$UI_END_FF_ERASE(r2, 0x400c55cb, &(0x7f00000001c0)={0x1, 0x8000, 0x400}) ioctl$UI_SET_LEDBIT(0xffffffffffffffff, 0x40045569, 0x1) r3 = socket$inet(0x2, 0xa, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r3, 0x0, 0x48c, 0x0, 0x0) getsockopt$EBT_SO_GET_INFO(r3, 0x0, 0x80, &(0x7f0000000100)={'nat\x00', 0x0, 0x0, 0x0, [0x3, 0x8, 0xfffffffffffffffd, 0x1, 0x80, 0x9bd]}, &(0x7f0000000180)=0x78) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:45 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) (async) getgroups(0x3, &(0x7f0000000040)=[0xee00, 0xee00, 0x0]) (async) r3 = getegid() (async) getgroups(0x4, &(0x7f0000000080)=[0xffffffffffffffff, 0xee01, 0xee00, 0xee01]) getgroups(0xa, &(0x7f00000000c0)=[0xffffffffffffffff, r2, 0x0, 0xee00, r3, 0xee01, 0xee00, r4, 0x0, 0xee01]) getgroups(0x4, &(0x7f0000000100)=[r3, r7, r4, 0xee00]) (async) getgroups(0x1, &(0x7f0000000140)=[r9]) setgroups(0x8, &(0x7f0000000180)=[r8, r10, r1, r5, r4, r11, r2, r6]) 00:21:45 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) socketpair(0x21, 0x80000, 0x8, &(0x7f0000000040)={0xffffffffffffffff}) r4 = syz_genetlink_get_family_id$gtp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$GTP_CMD_GETPDP(r3, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)={0x50, r4, 0x800, 0x70bd26, 0x25dfdbff, {}, [@GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x25}}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x1e}}, @GTPA_O_TEI={0x8, 0x9, 0x3}, @GTPA_VERSION={0x8}, @GTPA_LINK={0x8}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_LINK={0x8}]}, 0x50}, 0x1, 0x0, 0x0, 0x811}, 0x4048040) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0) [ 3120.302989] input: syz0 as /devices/virtual/input/input33127 00:21:45 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 41) 00:21:45 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:45 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x2c1, 0x0) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000080)={{0x1, 0x2, 0x7, 0xfbf2}, 'syz0\x00', 0x47}) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) ioctl$UI_END_FF_ERASE(r2, 0x400c55cb, &(0x7f00000001c0)={0x1, 0x8000, 0x400}) ioctl$UI_SET_LEDBIT(0xffffffffffffffff, 0x40045569, 0x1) r3 = socket$inet(0x2, 0xa, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r3, 0x0, 0x48c, 0x0, 0x0) getsockopt$EBT_SO_GET_INFO(r3, 0x0, 0x80, &(0x7f0000000100)={'nat\x00', 0x0, 0x0, 0x0, [0x3, 0x8, 0xfffffffffffffffd, 0x1, 0x80, 0x9bd]}, &(0x7f0000000180)=0x78) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x2c1, 0x0) (async) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000080)={{0x1, 0x2, 0x7, 0xfbf2}, 'syz0\x00', 0x47}) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) (async) ioctl$UI_END_FF_ERASE(r2, 0x400c55cb, &(0x7f00000001c0)={0x1, 0x8000, 0x400}) (async) ioctl$UI_SET_LEDBIT(0xffffffffffffffff, 0x40045569, 0x1) (async) socket$inet(0x2, 0xa, 0x0) (async) setsockopt$IP_VS_SO_SET_STOPDAEMON(r3, 0x0, 0x48c, 0x0, 0x0) (async) getsockopt$EBT_SO_GET_INFO(r3, 0x0, 0x80, &(0x7f0000000100)={'nat\x00', 0x0, 0x0, 0x0, [0x3, 0x8, 0xfffffffffffffffd, 0x1, 0x80, 0x9bd]}, &(0x7f0000000180)=0x78) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) [ 3120.403973] input: syz0 as /devices/virtual/input/input33128 [ 3120.434382] input: syz0 as /devices/virtual/input/input33130 00:21:45 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) (async, rerun: 64) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) (rerun: 64) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) (async) socketpair(0x21, 0x80000, 0x8, &(0x7f0000000040)={0xffffffffffffffff}) r4 = syz_genetlink_get_family_id$gtp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$GTP_CMD_GETPDP(r3, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)={0x50, r4, 0x800, 0x70bd26, 0x25dfdbff, {}, [@GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x25}}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x1e}}, @GTPA_O_TEI={0x8, 0x9, 0x3}, @GTPA_VERSION={0x8}, @GTPA_LINK={0x8}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_LINK={0x8}]}, 0x50}, 0x1, 0x0, 0x0, 0x811}, 0x4048040) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) (async) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, 0x45c) (async) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) (async) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0) 00:21:45 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000080)={{0x40, 0xa1, 0x7, 0x1}, 'syz0\x00', 0x4a}) ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f0000000140)={0x9, 0x49, {0x55, 0x0, 0x0, {0x9, 0x1}, {0x5, 0x2}, @ramp={0x7fff, 0x3, {0x8465, 0x3, 0x9, 0x20}}}, {0x51, 0x7ff, 0x7, {0x3, 0x8001}, {0xffe1, 0x7fff}, @period={0x7, 0x0, 0x96, 0x90, 0x9c, {0x9, 0x81, 0x80, 0x81}, 0x7, &(0x7f0000000100)=[0x342, 0xdc87, 0x6, 0x40, 0x1ff, 0x4, 0x1]}}}) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 3120.463614] input: syz0 as /devices/virtual/input/input33132 [ 3120.484795] FAULT_INJECTION: forcing a failure. [ 3120.484795] name failslab, interval 1, probability 0, space 0, times 0 [ 3120.542639] CPU: 0 PID: 19490 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3120.550591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3120.559942] Call Trace: [ 3120.562532] dump_stack+0x1b2/0x281 [ 3120.566164] should_fail.cold+0x10a/0x149 [ 3120.570317] should_failslab+0xd6/0x130 [ 3120.574289] kmem_cache_alloc_node_trace+0x25a/0x400 [ 3120.579376] __kmalloc_node_track_caller+0x38/0x70 [ 3120.584340] __alloc_skb+0x96/0x510 [ 3120.587952] kobject_uevent_env+0x882/0xf30 [ 3120.592264] device_add+0xa47/0x15c0 [ 3120.596000] ? device_is_dependent+0x2a0/0x2a0 [ 3120.600567] ? __kmalloc+0x3a4/0x400 [ 3120.604264] ? input_register_device+0x419/0xa90 [ 3120.609001] input_register_device+0x59e/0xa90 [ 3120.613573] ? __lock_acquire+0x5fc/0x3f20 [ 3120.617934] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3120.623120] ? uinput_write+0xfb0/0xfb0 [ 3120.627082] ? get_pid_task+0xb8/0x130 [ 3120.630962] ? proc_fail_nth_write+0x7b/0x180 [ 3120.635439] ? trace_hardirqs_on+0x10/0x10 [ 3120.639720] ? fsnotify+0x974/0x11b0 [ 3120.643506] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3120.648434] ? __handle_mm_fault+0x80f/0x4620 [ 3120.652936] ? SyS_write+0x1b7/0x210 [ 3120.656640] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3120.662076] do_vfs_ioctl+0x75a/0xff0 [ 3120.665868] ? lock_acquire+0x170/0x3f0 [ 3120.669828] ? ioctl_preallocate+0x1a0/0x1a0 [ 3120.674218] ? __fget+0x265/0x3e0 [ 3120.677656] ? do_vfs_ioctl+0xff0/0xff0 [ 3120.681619] ? security_file_ioctl+0x83/0xb0 [ 3120.686008] SyS_ioctl+0x7f/0xb0 [ 3120.689360] ? do_vfs_ioctl+0xff0/0xff0 [ 3120.693322] do_syscall_64+0x1d5/0x640 [ 3120.697209] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3120.702376] RIP: 0033:0x7f980133e109 [ 3120.706066] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3120.713841] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3120.721177] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3120.728431] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3120.735683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 00:21:45 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async, rerun: 64) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (rerun: 64) ioctl$UI_GET_SYSNAME(r1, 0x8040552c, &(0x7f0000000080)) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async, rerun: 32) r2 = socket$inet_udp(0x2, 0x2, 0x0) (rerun: 32) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000f80)={'dummy0\x00', 0x0}) (async) r4 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f0000000000)={r3, @multicast2, @multicast1}, 0xc) sendmsg$WG_CMD_GET_DEVICE(r1, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f0000000940)={0xa8c, 0x0, 0x300, 0x70bd25, 0x25dfdbfe, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r3}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @a}, @WGDEVICE_A_IFINDEX={0x8}, @WGDEVICE_A_PEERS={0xa30, 0x8, 0x0, 0x1, [{0x224, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "61b03b19c99268799a83b5cbec94c50d7f9567250d6628957f5753ccf945e6f6"}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ALLOWEDIPS={0x19c, 0x9, 0x0, 0x1, [{0x4c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x30}}, {0x5}}]}, {0x40, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}]}, {0x10c, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00'}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x34}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @loopback}}, {0x5, 0x3, 0x3}}]}]}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "9588933de80150af6bde0ba1ed617e0de07822ccfca4fb16b3a553d47f3c756e"}]}, {0x470, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x46c, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x2}}]}, {0x88, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010101}, {0x5, 0x3, 0x2}}]}, {0xd0, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010101}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010101}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010100}, {0x5, 0x3, 0x3}}]}, {0x64, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x1f}}, {0x5, 0x3, 0x2}}]}, {0xb8, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x3}}]}, {0x58, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x2}}]}, {0x10c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010101}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @broadcast}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00'}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x1}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x35}}, {0x5}}]}, {0x4c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x1f}}, {0x5, 0x3, 0x1}}]}]}]}, {0xc, 0x0, 0x0, 0x1, [@WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x1000}]}, {0x38c, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e24, @multicast1}}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x8}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0xffffff80, @private1={0xfc, 0x1, '\x00', 0x1}, 0x2}}, @WGPEER_A_ALLOWEDIPS={0x34c, 0x9, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x1}}]}, {0xd0, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010100}, {0x5, 0x3, 0x1}}]}, {0x10c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}]}, {0xb8, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010101}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0xd}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}}, {0x5, 0x3, 0x3}}]}, {0x70, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x1}}]}]}]}]}]}, 0xa8c}, 0x1, 0x0, 0x0, 0x40860}, 0x84) [ 3120.742942] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3120.753699] input: syz0 as /devices/virtual/input/input33134 [ 3120.768379] input: syz0 as /devices/virtual/input/input33135 [ 3120.769489] input: syz0 as /devices/virtual/input/input33133 [ 3120.775454] input: syz0 as /devices/virtual/input/input33137 00:21:46 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) (async) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) (async) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) (async) socketpair(0x21, 0x80000, 0x8, &(0x7f0000000040)={0xffffffffffffffff}) (async) r4 = syz_genetlink_get_family_id$gtp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$GTP_CMD_GETPDP(r3, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)={0x50, r4, 0x800, 0x70bd26, 0x25dfdbff, {}, [@GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x25}}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x1e}}, @GTPA_O_TEI={0x8, 0x9, 0x3}, @GTPA_VERSION={0x8}, @GTPA_LINK={0x8}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_LINK={0x8}]}, 0x50}, 0x1, 0x0, 0x0, 0x811}, 0x4048040) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) (async) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, 0x45c) (async) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) (async) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0) 00:21:46 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x2c1, 0x0) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000080)={{0x1, 0x2, 0x7, 0xfbf2}, 'syz0\x00', 0x47}) (async) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) (async) ioctl$UI_END_FF_ERASE(r2, 0x400c55cb, &(0x7f00000001c0)={0x1, 0x8000, 0x400}) (async) ioctl$UI_SET_LEDBIT(0xffffffffffffffff, 0x40045569, 0x1) r3 = socket$inet(0x2, 0xa, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r3, 0x0, 0x48c, 0x0, 0x0) getsockopt$EBT_SO_GET_INFO(r3, 0x0, 0x80, &(0x7f0000000100)={'nat\x00', 0x0, 0x0, 0x0, [0x3, 0x8, 0xfffffffffffffffd, 0x1, 0x80, 0x9bd]}, &(0x7f0000000180)=0x78) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:46 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:46 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async, rerun: 32) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) (rerun: 32) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000080)={{0x40, 0xa1, 0x7, 0x1}, 'syz0\x00', 0x4a}) ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f0000000140)={0x9, 0x49, {0x55, 0x0, 0x0, {0x9, 0x1}, {0x5, 0x2}, @ramp={0x7fff, 0x3, {0x8465, 0x3, 0x9, 0x20}}}, {0x51, 0x7ff, 0x7, {0x3, 0x8001}, {0xffe1, 0x7fff}, @period={0x7, 0x0, 0x96, 0x90, 0x9c, {0x9, 0x81, 0x80, 0x81}, 0x7, &(0x7f0000000100)=[0x342, 0xdc87, 0x6, 0x40, 0x1ff, 0x4, 0x1]}}}) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:46 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 42) [ 3120.963356] input: syz0 as /devices/virtual/input/input33140 [ 3120.967401] FAULT_INJECTION: forcing a failure. [ 3120.967401] name failslab, interval 1, probability 0, space 0, times 0 [ 3120.970445] input: syz0 as /devices/virtual/input/input33144 [ 3120.999088] CPU: 1 PID: 19559 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3121.006994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3121.016348] Call Trace: [ 3121.018943] dump_stack+0x1b2/0x281 [ 3121.022673] should_fail.cold+0x10a/0x149 [ 3121.026828] should_failslab+0xd6/0x130 [ 3121.030805] kmem_cache_alloc_node_trace+0x25a/0x400 [ 3121.035910] __kmalloc_node_track_caller+0x38/0x70 [ 3121.040844] __alloc_skb+0x96/0x510 [ 3121.044472] kobject_uevent_env+0x882/0xf30 [ 3121.048798] device_add+0xa47/0x15c0 [ 3121.052515] ? device_is_dependent+0x2a0/0x2a0 [ 3121.057093] ? __kmalloc+0x3a4/0x400 [ 3121.060805] ? input_register_device+0x419/0xa90 [ 3121.065559] input_register_device+0x59e/0xa90 [ 3121.070138] ? __lock_acquire+0x5fc/0x3f20 [ 3121.074374] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3121.079568] ? uinput_write+0xfb0/0xfb0 [ 3121.083550] ? get_pid_task+0xb8/0x130 [ 3121.087460] ? proc_fail_nth_write+0x7b/0x180 [ 3121.091954] ? trace_hardirqs_on+0x10/0x10 [ 3121.096188] ? fsnotify+0x974/0x11b0 [ 3121.099899] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3121.104822] ? __handle_mm_fault+0x80f/0x4620 [ 3121.109314] ? SyS_write+0x1b7/0x210 [ 3121.113029] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3121.118486] do_vfs_ioctl+0x75a/0xff0 [ 3121.122288] ? lock_acquire+0x170/0x3f0 [ 3121.126259] ? ioctl_preallocate+0x1a0/0x1a0 [ 3121.130664] ? __fget+0x265/0x3e0 [ 3121.134118] ? do_vfs_ioctl+0xff0/0xff0 [ 3121.138088] ? security_file_ioctl+0x83/0xb0 [ 3121.142493] SyS_ioctl+0x7f/0xb0 [ 3121.145859] ? do_vfs_ioctl+0xff0/0xff0 [ 3121.149829] do_syscall_64+0x1d5/0x640 [ 3121.153719] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3121.158988] RIP: 0033:0x7f980133e109 [ 3121.162689] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3121.170389] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3121.177648] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3121.184919] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3121.192181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3121.199453] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 00:21:46 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3121.219551] input: syz0 as /devices/virtual/input/input33145 [ 3121.220172] input: syz0 as /devices/virtual/input/input33141 [ 3121.235963] input: syz0 as /devices/virtual/input/input33146 00:21:46 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000080)={{0x40, 0xa1, 0x7, 0x1}, 'syz0\x00', 0x4a}) ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f0000000140)={0x9, 0x49, {0x55, 0x0, 0x0, {0x9, 0x1}, {0x5, 0x2}, @ramp={0x7fff, 0x3, {0x8465, 0x3, 0x9, 0x20}}}, {0x51, 0x7ff, 0x7, {0x3, 0x8001}, {0xffe1, 0x7fff}, @period={0x7, 0x0, 0x96, 0x90, 0x9c, {0x9, 0x81, 0x80, 0x81}, 0x7, &(0x7f0000000100)=[0x342, 0xdc87, 0x6, 0x40, 0x1ff, 0x4, 0x1]}}}) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:46 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x204000, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$UI_DEV_DESTROY(r3, 0x5502) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) r5 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000000c0), 0x3a5202, 0x0) ioctl$UI_SET_KEYBIT(r5, 0x40045565, 0x1b6) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) 00:21:46 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz1\x00', {0xfff7, 0xff, 0x1ff, 0x3}, 0x54, [0x2, 0x3, 0x1, 0x100, 0x1, 0x9, 0x10000, 0xc58, 0x5, 0x7, 0x0, 0x3, 0x80000000, 0x0, 0x8, 0x4, 0x1de6, 0xfffffffc, 0xbf56, 0x4, 0x8, 0x4800000, 0x7, 0x1, 0xfbb0, 0x1000, 0x8, 0xfffffffd, 0x5, 0x7f, 0xffff, 0x65f, 0x8, 0x81, 0xffff, 0x6, 0x5, 0x0, 0x81, 0x401, 0x8, 0x7f, 0xec36, 0xfbb, 0x434, 0x6, 0x0, 0x59c817bb, 0x9, 0x7, 0x9, 0xffffffc1, 0x6, 0x4, 0x7, 0x1, 0x3ff, 0xda, 0x1000, 0xa47e, 0x9, 0x5, 0xffff9e00, 0xffff0000], [0x400, 0x3, 0x3, 0x2, 0x397, 0x37b8, 0x4, 0x9, 0xfffffff8, 0xa2f, 0x7, 0x4, 0x100, 0x7, 0x6, 0x27, 0x94, 0x8, 0x8, 0x7ff, 0x9, 0xe0, 0x7, 0xb9, 0x4, 0x9, 0xffffffbe, 0x5, 0x958, 0x1, 0x1ff, 0xffffff00, 0x2, 0x9, 0x3f, 0x81, 0x3, 0x2, 0x3ff, 0x6, 0x1, 0x0, 0x8, 0x1, 0x2, 0x9, 0x8, 0x4, 0x80000000, 0x80000001, 0x3, 0x1, 0x10000, 0xffffffe5, 0x843f, 0x100, 0x9b6, 0x0, 0x0, 0x81, 0x7, 0x8, 0x200, 0x7574f08d], [0x0, 0x4, 0x0, 0x80, 0x5a8, 0x8, 0x2, 0x90, 0x3f, 0x0, 0x800, 0x9, 0x3, 0xfffffff7, 0x4, 0x2, 0x6c534b59, 0x1, 0x6, 0x5, 0x4, 0xfff, 0x1000000, 0x76b, 0x9, 0x80000001, 0x80000, 0x7fffffff, 0x8, 0x7fff, 0x200, 0xffffffff, 0x9, 0x7, 0x3, 0x1f, 0x5, 0x6, 0x7ff, 0x3, 0x2, 0x9, 0x9, 0x3, 0x1f, 0x401, 0x4, 0xc93, 0x401, 0xffffffff, 0xb598, 0x2, 0x9, 0x2, 0xfffffff8, 0x0, 0xff, 0x9, 0xffffffff, 0x2, 0x1f6, 0xb216, 0x7, 0x2], [0xfff, 0x3f, 0xb66, 0xfffff000, 0x8, 0x7ff, 0x100, 0x3, 0xffffffff, 0x0, 0xffff, 0x80000001, 0xffffffff, 0x6, 0xffff, 0x0, 0x3f, 0x3, 0xef, 0xff, 0xe10, 0x9, 0x9, 0x7, 0x1ff, 0x6, 0x7f, 0x100, 0x3, 0x0, 0x4, 0x3d6c, 0x9, 0x8, 0x51b, 0x2, 0xfffffffa, 0x3db, 0x4191, 0xffffffff, 0x9947, 0x0, 0x3f, 0xbed0, 0x9c44, 0x5ca, 0x784c, 0x20, 0x10001, 0x200, 0x59, 0x3, 0xf1, 0x10001, 0x8, 0x3, 0xffffffff, 0x5ee5, 0x9, 0xb856, 0x4, 0x8000, 0x3, 0x7]}, 0x45c) 00:21:46 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 43) 00:21:46 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async, rerun: 64) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (rerun: 64) ioctl$UI_GET_SYSNAME(r1, 0x8040552c, &(0x7f0000000080)) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000f80)={'dummy0\x00', 0x0}) (async) r4 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f0000000000)={r3, @multicast2, @multicast1}, 0xc) (async) sendmsg$WG_CMD_GET_DEVICE(r1, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f0000000940)={0xa8c, 0x0, 0x300, 0x70bd25, 0x25dfdbfe, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r3}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @a}, @WGDEVICE_A_IFINDEX={0x8}, @WGDEVICE_A_PEERS={0xa30, 0x8, 0x0, 0x1, [{0x224, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "61b03b19c99268799a83b5cbec94c50d7f9567250d6628957f5753ccf945e6f6"}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ALLOWEDIPS={0x19c, 0x9, 0x0, 0x1, [{0x4c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x30}}, {0x5}}]}, {0x40, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}]}, {0x10c, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00'}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x34}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @loopback}}, {0x5, 0x3, 0x3}}]}]}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "9588933de80150af6bde0ba1ed617e0de07822ccfca4fb16b3a553d47f3c756e"}]}, {0x470, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x46c, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x2}}]}, {0x88, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010101}, {0x5, 0x3, 0x2}}]}, {0xd0, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010101}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010101}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010100}, {0x5, 0x3, 0x3}}]}, {0x64, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x1f}}, {0x5, 0x3, 0x2}}]}, {0xb8, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x3}}]}, {0x58, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x2}}]}, {0x10c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010101}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @broadcast}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00'}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x1}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x35}}, {0x5}}]}, {0x4c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x1f}}, {0x5, 0x3, 0x1}}]}]}]}, {0xc, 0x0, 0x0, 0x1, [@WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x1000}]}, {0x38c, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e24, @multicast1}}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x8}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0xffffff80, @private1={0xfc, 0x1, '\x00', 0x1}, 0x2}}, @WGPEER_A_ALLOWEDIPS={0x34c, 0x9, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x1}}]}, {0xd0, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010100}, {0x5, 0x3, 0x1}}]}, {0x10c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}]}, {0xb8, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010101}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0xd}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}}, {0x5, 0x3, 0x3}}]}, {0x70, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x1}}]}]}]}]}]}, 0xa8c}, 0x1, 0x0, 0x0, 0x40860}, 0x84) [ 3121.343125] input: syz0 as /devices/virtual/input/input33148 00:21:46 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3121.396014] FAULT_INJECTION: forcing a failure. [ 3121.396014] name failslab, interval 1, probability 0, space 0, times 0 [ 3121.418767] CPU: 0 PID: 19607 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3121.426682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3121.436034] Call Trace: [ 3121.438604] dump_stack+0x1b2/0x281 [ 3121.442225] should_fail.cold+0x10a/0x149 [ 3121.446353] should_failslab+0xd6/0x130 [ 3121.450319] kmem_cache_alloc_node+0x263/0x410 [ 3121.454908] __alloc_skb+0x5c/0x510 [ 3121.458518] kobject_uevent_env+0x882/0xf30 [ 3121.462931] device_add+0xa47/0x15c0 [ 3121.466624] ? device_is_dependent+0x2a0/0x2a0 [ 3121.471188] ? __kmalloc+0x3a4/0x400 [ 3121.474893] ? input_register_device+0x419/0xa90 [ 3121.479628] input_register_device+0x59e/0xa90 [ 3121.484198] ? __lock_acquire+0x5fc/0x3f20 [ 3121.488411] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3121.493587] ? uinput_write+0xfb0/0xfb0 [ 3121.497558] ? get_pid_task+0xb8/0x130 [ 3121.501433] ? proc_fail_nth_write+0x7b/0x180 [ 3121.505905] ? trace_hardirqs_on+0x10/0x10 [ 3121.510120] ? fsnotify+0x974/0x11b0 [ 3121.513896] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3121.518811] ? __handle_mm_fault+0x80f/0x4620 [ 3121.523286] ? SyS_write+0x1b7/0x210 [ 3121.526995] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3121.532460] do_vfs_ioctl+0x75a/0xff0 [ 3121.536253] ? lock_acquire+0x170/0x3f0 [ 3121.540209] ? ioctl_preallocate+0x1a0/0x1a0 [ 3121.544625] ? __fget+0x265/0x3e0 [ 3121.548065] ? do_vfs_ioctl+0xff0/0xff0 [ 3121.552019] ? security_file_ioctl+0x83/0xb0 [ 3121.556412] SyS_ioctl+0x7f/0xb0 [ 3121.559753] ? do_vfs_ioctl+0xff0/0xff0 [ 3121.563702] do_syscall_64+0x1d5/0x640 [ 3121.567584] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3121.572755] RIP: 0033:0x7f980133e109 [ 3121.576442] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3121.584129] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3121.591389] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3121.598633] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3121.605995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3121.613246] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3121.633115] input: syz0 as /devices/virtual/input/input33152 [ 3121.640270] input: syz0 as /devices/virtual/input/input33153 00:21:46 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:46 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz1\x00', {0xfff7, 0xff, 0x1ff, 0x3}, 0x54, [0x2, 0x3, 0x1, 0x100, 0x1, 0x9, 0x10000, 0xc58, 0x5, 0x7, 0x0, 0x3, 0x80000000, 0x0, 0x8, 0x4, 0x1de6, 0xfffffffc, 0xbf56, 0x4, 0x8, 0x4800000, 0x7, 0x1, 0xfbb0, 0x1000, 0x8, 0xfffffffd, 0x5, 0x7f, 0xffff, 0x65f, 0x8, 0x81, 0xffff, 0x6, 0x5, 0x0, 0x81, 0x401, 0x8, 0x7f, 0xec36, 0xfbb, 0x434, 0x6, 0x0, 0x59c817bb, 0x9, 0x7, 0x9, 0xffffffc1, 0x6, 0x4, 0x7, 0x1, 0x3ff, 0xda, 0x1000, 0xa47e, 0x9, 0x5, 0xffff9e00, 0xffff0000], [0x400, 0x3, 0x3, 0x2, 0x397, 0x37b8, 0x4, 0x9, 0xfffffff8, 0xa2f, 0x7, 0x4, 0x100, 0x7, 0x6, 0x27, 0x94, 0x8, 0x8, 0x7ff, 0x9, 0xe0, 0x7, 0xb9, 0x4, 0x9, 0xffffffbe, 0x5, 0x958, 0x1, 0x1ff, 0xffffff00, 0x2, 0x9, 0x3f, 0x81, 0x3, 0x2, 0x3ff, 0x6, 0x1, 0x0, 0x8, 0x1, 0x2, 0x9, 0x8, 0x4, 0x80000000, 0x80000001, 0x3, 0x1, 0x10000, 0xffffffe5, 0x843f, 0x100, 0x9b6, 0x0, 0x0, 0x81, 0x7, 0x8, 0x200, 0x7574f08d], [0x0, 0x4, 0x0, 0x80, 0x5a8, 0x8, 0x2, 0x90, 0x3f, 0x0, 0x800, 0x9, 0x3, 0xfffffff7, 0x4, 0x2, 0x6c534b59, 0x1, 0x6, 0x5, 0x4, 0xfff, 0x1000000, 0x76b, 0x9, 0x80000001, 0x80000, 0x7fffffff, 0x8, 0x7fff, 0x200, 0xffffffff, 0x9, 0x7, 0x3, 0x1f, 0x5, 0x6, 0x7ff, 0x3, 0x2, 0x9, 0x9, 0x3, 0x1f, 0x401, 0x4, 0xc93, 0x401, 0xffffffff, 0xb598, 0x2, 0x9, 0x2, 0xfffffff8, 0x0, 0xff, 0x9, 0xffffffff, 0x2, 0x1f6, 0xb216, 0x7, 0x2], [0xfff, 0x3f, 0xb66, 0xfffff000, 0x8, 0x7ff, 0x100, 0x3, 0xffffffff, 0x0, 0xffff, 0x80000001, 0xffffffff, 0x6, 0xffff, 0x0, 0x3f, 0x3, 0xef, 0xff, 0xe10, 0x9, 0x9, 0x7, 0x1ff, 0x6, 0x7f, 0x100, 0x3, 0x0, 0x4, 0x3d6c, 0x9, 0x8, 0x51b, 0x2, 0xfffffffa, 0x3db, 0x4191, 0xffffffff, 0x9947, 0x0, 0x3f, 0xbed0, 0x9c44, 0x5ca, 0x784c, 0x20, 0x10001, 0x200, 0x59, 0x3, 0xf1, 0x10001, 0x8, 0x3, 0xffffffff, 0x5ee5, 0x9, 0xb856, 0x4, 0x8000, 0x3, 0x7]}, 0x45c) [ 3121.640593] input: syz0 as /devices/virtual/input/input33155 [ 3121.657080] input: syz0 as /devices/virtual/input/input33151 [ 3121.658361] input: syz0 as /devices/virtual/input/input33154 00:21:46 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f00000000c0)={0xf, 0x40, 0x1}) ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f0000000040)) ioctl$BLKRAGET(0xffffffffffffffff, 0x1263, &(0x7f0000000080)) 00:21:46 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x204000, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$UI_DEV_DESTROY(r3, 0x5502) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) r5 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000000c0), 0x3a5202, 0x0) ioctl$UI_SET_KEYBIT(r5, 0x40045565, 0x1b6) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x204000, 0x0) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) (async) openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) (async) ioctl$UI_DEV_DESTROY(r3, 0x5502) (async) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) (async) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) (async) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) (async) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) (async) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000000c0), 0x3a5202, 0x0) (async) ioctl$UI_SET_KEYBIT(r5, 0x40045565, 0x1b6) (async) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) (async) 00:21:46 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_BEGIN_FF_ERASE(r1, 0xc00c55ca, &(0x7f0000000040)={0x5, 0x20, 0xfffffff9}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_SET_PHYS(r1, 0x4008556c, &(0x7f00000000c0)='syz0\x00') write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:46 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 44) [ 3121.815985] input: syz0 as /devices/virtual/input/input33157 [ 3121.847759] input: syz1 as /devices/virtual/input/input33158 [ 3121.859866] FAULT_INJECTION: forcing a failure. [ 3121.859866] name failslab, interval 1, probability 0, space 0, times 0 [ 3121.860183] input: syz0 as /devices/virtual/input/input33160 [ 3121.892145] CPU: 0 PID: 19655 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3121.900041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3121.909385] Call Trace: [ 3121.911980] dump_stack+0x1b2/0x281 [ 3121.915610] should_fail.cold+0x10a/0x149 [ 3121.919761] should_failslab+0xd6/0x130 [ 3121.923738] kmem_cache_alloc_node_trace+0x25a/0x400 [ 3121.928856] __kmalloc_node_track_caller+0x38/0x70 [ 3121.933786] __alloc_skb+0x96/0x510 [ 3121.937413] kobject_uevent_env+0x882/0xf30 [ 3121.941741] device_add+0xa47/0x15c0 [ 3121.945456] ? device_is_dependent+0x2a0/0x2a0 [ 3121.950033] ? __kmalloc+0x3a4/0x400 [ 3121.953742] ? input_register_device+0x419/0xa90 [ 3121.958494] input_register_device+0x59e/0xa90 [ 3121.963162] ? __lock_acquire+0x5fc/0x3f20 [ 3121.967401] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3121.972589] ? uinput_write+0xfb0/0xfb0 [ 3121.976555] ? get_pid_task+0xb8/0x130 [ 3121.980437] ? proc_fail_nth_write+0x7b/0x180 [ 3121.984931] ? trace_hardirqs_on+0x10/0x10 [ 3121.989181] ? fsnotify+0x974/0x11b0 [ 3121.992897] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3121.997822] ? __handle_mm_fault+0x80f/0x4620 [ 3122.002311] ? SyS_write+0x1b7/0x210 [ 3122.006032] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3122.011479] do_vfs_ioctl+0x75a/0xff0 [ 3122.015284] ? lock_acquire+0x170/0x3f0 [ 3122.019261] ? ioctl_preallocate+0x1a0/0x1a0 [ 3122.023670] ? __fget+0x265/0x3e0 [ 3122.027122] ? do_vfs_ioctl+0xff0/0xff0 [ 3122.031099] ? security_file_ioctl+0x83/0xb0 [ 3122.035509] SyS_ioctl+0x7f/0xb0 [ 3122.038871] ? do_vfs_ioctl+0xff0/0xff0 [ 3122.042842] do_syscall_64+0x1d5/0x640 [ 3122.046736] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3122.052003] RIP: 0033:0x7f980133e109 [ 3122.055707] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3122.063410] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3122.070673] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3122.077937] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3122.085203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3122.092467] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 00:21:47 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:47 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz1\x00', {0xfff7, 0xff, 0x1ff, 0x3}, 0x54, [0x2, 0x3, 0x1, 0x100, 0x1, 0x9, 0x10000, 0xc58, 0x5, 0x7, 0x0, 0x3, 0x80000000, 0x0, 0x8, 0x4, 0x1de6, 0xfffffffc, 0xbf56, 0x4, 0x8, 0x4800000, 0x7, 0x1, 0xfbb0, 0x1000, 0x8, 0xfffffffd, 0x5, 0x7f, 0xffff, 0x65f, 0x8, 0x81, 0xffff, 0x6, 0x5, 0x0, 0x81, 0x401, 0x8, 0x7f, 0xec36, 0xfbb, 0x434, 0x6, 0x0, 0x59c817bb, 0x9, 0x7, 0x9, 0xffffffc1, 0x6, 0x4, 0x7, 0x1, 0x3ff, 0xda, 0x1000, 0xa47e, 0x9, 0x5, 0xffff9e00, 0xffff0000], [0x400, 0x3, 0x3, 0x2, 0x397, 0x37b8, 0x4, 0x9, 0xfffffff8, 0xa2f, 0x7, 0x4, 0x100, 0x7, 0x6, 0x27, 0x94, 0x8, 0x8, 0x7ff, 0x9, 0xe0, 0x7, 0xb9, 0x4, 0x9, 0xffffffbe, 0x5, 0x958, 0x1, 0x1ff, 0xffffff00, 0x2, 0x9, 0x3f, 0x81, 0x3, 0x2, 0x3ff, 0x6, 0x1, 0x0, 0x8, 0x1, 0x2, 0x9, 0x8, 0x4, 0x80000000, 0x80000001, 0x3, 0x1, 0x10000, 0xffffffe5, 0x843f, 0x100, 0x9b6, 0x0, 0x0, 0x81, 0x7, 0x8, 0x200, 0x7574f08d], [0x0, 0x4, 0x0, 0x80, 0x5a8, 0x8, 0x2, 0x90, 0x3f, 0x0, 0x800, 0x9, 0x3, 0xfffffff7, 0x4, 0x2, 0x6c534b59, 0x1, 0x6, 0x5, 0x4, 0xfff, 0x1000000, 0x76b, 0x9, 0x80000001, 0x80000, 0x7fffffff, 0x8, 0x7fff, 0x200, 0xffffffff, 0x9, 0x7, 0x3, 0x1f, 0x5, 0x6, 0x7ff, 0x3, 0x2, 0x9, 0x9, 0x3, 0x1f, 0x401, 0x4, 0xc93, 0x401, 0xffffffff, 0xb598, 0x2, 0x9, 0x2, 0xfffffff8, 0x0, 0xff, 0x9, 0xffffffff, 0x2, 0x1f6, 0xb216, 0x7, 0x2], [0xfff, 0x3f, 0xb66, 0xfffff000, 0x8, 0x7ff, 0x100, 0x3, 0xffffffff, 0x0, 0xffff, 0x80000001, 0xffffffff, 0x6, 0xffff, 0x0, 0x3f, 0x3, 0xef, 0xff, 0xe10, 0x9, 0x9, 0x7, 0x1ff, 0x6, 0x7f, 0x100, 0x3, 0x0, 0x4, 0x3d6c, 0x9, 0x8, 0x51b, 0x2, 0xfffffffa, 0x3db, 0x4191, 0xffffffff, 0x9947, 0x0, 0x3f, 0xbed0, 0x9c44, 0x5ca, 0x784c, 0x20, 0x10001, 0x200, 0x59, 0x3, 0xf1, 0x10001, 0x8, 0x3, 0xffffffff, 0x5ee5, 0x9, 0xb856, 0x4, 0x8000, 0x3, 0x7]}, 0x45c) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) write$uinput_user_dev(r0, &(0x7f0000000040)={'syz1\x00', {0xfff7, 0xff, 0x1ff, 0x3}, 0x54, [0x2, 0x3, 0x1, 0x100, 0x1, 0x9, 0x10000, 0xc58, 0x5, 0x7, 0x0, 0x3, 0x80000000, 0x0, 0x8, 0x4, 0x1de6, 0xfffffffc, 0xbf56, 0x4, 0x8, 0x4800000, 0x7, 0x1, 0xfbb0, 0x1000, 0x8, 0xfffffffd, 0x5, 0x7f, 0xffff, 0x65f, 0x8, 0x81, 0xffff, 0x6, 0x5, 0x0, 0x81, 0x401, 0x8, 0x7f, 0xec36, 0xfbb, 0x434, 0x6, 0x0, 0x59c817bb, 0x9, 0x7, 0x9, 0xffffffc1, 0x6, 0x4, 0x7, 0x1, 0x3ff, 0xda, 0x1000, 0xa47e, 0x9, 0x5, 0xffff9e00, 0xffff0000], [0x400, 0x3, 0x3, 0x2, 0x397, 0x37b8, 0x4, 0x9, 0xfffffff8, 0xa2f, 0x7, 0x4, 0x100, 0x7, 0x6, 0x27, 0x94, 0x8, 0x8, 0x7ff, 0x9, 0xe0, 0x7, 0xb9, 0x4, 0x9, 0xffffffbe, 0x5, 0x958, 0x1, 0x1ff, 0xffffff00, 0x2, 0x9, 0x3f, 0x81, 0x3, 0x2, 0x3ff, 0x6, 0x1, 0x0, 0x8, 0x1, 0x2, 0x9, 0x8, 0x4, 0x80000000, 0x80000001, 0x3, 0x1, 0x10000, 0xffffffe5, 0x843f, 0x100, 0x9b6, 0x0, 0x0, 0x81, 0x7, 0x8, 0x200, 0x7574f08d], [0x0, 0x4, 0x0, 0x80, 0x5a8, 0x8, 0x2, 0x90, 0x3f, 0x0, 0x800, 0x9, 0x3, 0xfffffff7, 0x4, 0x2, 0x6c534b59, 0x1, 0x6, 0x5, 0x4, 0xfff, 0x1000000, 0x76b, 0x9, 0x80000001, 0x80000, 0x7fffffff, 0x8, 0x7fff, 0x200, 0xffffffff, 0x9, 0x7, 0x3, 0x1f, 0x5, 0x6, 0x7ff, 0x3, 0x2, 0x9, 0x9, 0x3, 0x1f, 0x401, 0x4, 0xc93, 0x401, 0xffffffff, 0xb598, 0x2, 0x9, 0x2, 0xfffffff8, 0x0, 0xff, 0x9, 0xffffffff, 0x2, 0x1f6, 0xb216, 0x7, 0x2], [0xfff, 0x3f, 0xb66, 0xfffff000, 0x8, 0x7ff, 0x100, 0x3, 0xffffffff, 0x0, 0xffff, 0x80000001, 0xffffffff, 0x6, 0xffff, 0x0, 0x3f, 0x3, 0xef, 0xff, 0xe10, 0x9, 0x9, 0x7, 0x1ff, 0x6, 0x7f, 0x100, 0x3, 0x0, 0x4, 0x3d6c, 0x9, 0x8, 0x51b, 0x2, 0xfffffffa, 0x3db, 0x4191, 0xffffffff, 0x9947, 0x0, 0x3f, 0xbed0, 0x9c44, 0x5ca, 0x784c, 0x20, 0x10001, 0x200, 0x59, 0x3, 0xf1, 0x10001, 0x8, 0x3, 0xffffffff, 0x5ee5, 0x9, 0xb856, 0x4, 0x8000, 0x3, 0x7]}, 0x45c) (async) [ 3122.120436] input: syz0 as /devices/virtual/input/input33164 00:21:47 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async, rerun: 32) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (rerun: 32) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_BEGIN_FF_ERASE(r1, 0xc00c55ca, &(0x7f0000000040)={0x5, 0x20, 0xfffffff9}) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_SET_PHYS(r1, 0x4008556c, &(0x7f00000000c0)='syz0\x00') (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c) (async, rerun: 32) ioctl$UI_DEV_CREATE(r0, 0x5501) (rerun: 32) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:47 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f00000000c0)={0xf, 0x40, 0x1}) ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f0000000040)) (async) ioctl$BLKRAGET(0xffffffffffffffff, 0x1263, &(0x7f0000000080)) [ 3122.176430] input: syz0 as /devices/virtual/input/input33161 00:21:47 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) (async) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x204000, 0x0) (async) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) (async) ioctl$UI_DEV_DESTROY(r3, 0x5502) (async) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) (async) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) (async) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) r5 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000000c0), 0x3a5202, 0x0) ioctl$UI_SET_KEYBIT(r5, 0x40045565, 0x1b6) (async) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) 00:21:47 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 45) [ 3122.261846] input: syz0 as /devices/virtual/input/input33166 [ 3122.266463] input: syz0 as /devices/virtual/input/input33165 00:21:47 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3122.303818] input: syz0 as /devices/virtual/input/input33169 [ 3122.311773] input: syz0 as /devices/virtual/input/input33167 [ 3122.361579] FAULT_INJECTION: forcing a failure. [ 3122.361579] name failslab, interval 1, probability 0, space 0, times 0 [ 3122.388829] CPU: 0 PID: 19722 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3122.396740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3122.406092] Call Trace: [ 3122.408677] dump_stack+0x1b2/0x281 [ 3122.412303] should_fail.cold+0x10a/0x149 [ 3122.412318] should_failslab+0xd6/0x130 [ 3122.412333] kmem_cache_alloc_node_trace+0x25a/0x400 [ 3122.412345] __kmalloc_node_track_caller+0x38/0x70 [ 3122.412357] __alloc_skb+0x96/0x510 [ 3122.434063] kobject_uevent_env+0x882/0xf30 [ 3122.438391] device_add+0xa47/0x15c0 [ 3122.442107] ? device_is_dependent+0x2a0/0x2a0 [ 3122.446691] ? __kmalloc+0x3a4/0x400 [ 3122.450399] ? input_register_device+0x419/0xa90 [ 3122.455157] input_register_device+0x59e/0xa90 [ 3122.459744] ? __lock_acquire+0x5fc/0x3f20 [ 3122.463979] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3122.463992] ? uinput_write+0xfb0/0xfb0 [ 3122.464002] ? get_pid_task+0xb8/0x130 [ 3122.464013] ? proc_fail_nth_write+0x7b/0x180 [ 3122.464022] ? trace_hardirqs_on+0x10/0x10 [ 3122.464035] ? fsnotify+0x974/0x11b0 [ 3122.489426] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3122.494348] ? __handle_mm_fault+0x80f/0x4620 [ 3122.498841] ? SyS_write+0x1b7/0x210 [ 3122.502563] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3122.508012] do_vfs_ioctl+0x75a/0xff0 [ 3122.511812] ? lock_acquire+0x170/0x3f0 [ 3122.515792] ? ioctl_preallocate+0x1a0/0x1a0 [ 3122.520200] ? __fget+0x265/0x3e0 [ 3122.523649] ? do_vfs_ioctl+0xff0/0xff0 [ 3122.523663] ? security_file_ioctl+0x83/0xb0 [ 3122.523674] SyS_ioctl+0x7f/0xb0 [ 3122.523682] ? do_vfs_ioctl+0xff0/0xff0 [ 3122.523694] do_syscall_64+0x1d5/0x640 [ 3122.523708] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3122.548399] RIP: 0033:0x7f980133e109 [ 3122.552100] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 00:21:47 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:47 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:47 executing program 3: write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) 00:21:47 executing program 3: write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) 00:21:47 executing program 5: r0 = socket(0x10, 0x80000, 0x287) sendmsg$FOU_CMD_DEL(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x4c, 0x0, 0x100, 0x70bd29, 0x25dfdbfc, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x2}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @loopback}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @empty}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_IPPROTO={0x5, 0x3, 0x2c}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @initdev={0xac, 0x1e, 0x1, 0x0}}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @remote}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4840}, 0x20040000) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x1) write$uinput_user_dev(r1, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r1, 0x5501) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) [ 3122.559802] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3122.567182] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3122.574721] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3122.582006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3122.589450] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 00:21:47 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_BEGIN_FF_ERASE(r1, 0xc00c55ca, &(0x7f0000000040)={0x5, 0x20, 0xfffffff9}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_SET_PHYS(r1, 0x4008556c, &(0x7f00000000c0)='syz0\x00') write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_BEGIN_FF_ERASE(r1, 0xc00c55ca, &(0x7f0000000040)={0x5, 0x20, 0xfffffff9}) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) ioctl$UI_SET_PHYS(r1, 0x4008556c, &(0x7f00000000c0)='syz0\x00') (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) (async) 00:21:47 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f00000000c0)={0xf, 0x40, 0x1}) (async) ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f0000000040)) ioctl$BLKRAGET(0xffffffffffffffff, 0x1263, &(0x7f0000000080)) 00:21:47 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 46) 00:21:47 executing program 3: write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) 00:21:47 executing program 5: r0 = socket(0x10, 0x80000, 0x287) sendmsg$FOU_CMD_DEL(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x4c, 0x0, 0x100, 0x70bd29, 0x25dfdbfc, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x2}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @loopback}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @empty}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_IPPROTO={0x5, 0x3, 0x2c}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @initdev={0xac, 0x1e, 0x1, 0x0}}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @remote}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4840}, 0x20040000) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x1) (async) write$uinput_user_dev(r1, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) (async) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x123) (async) ioctl$UI_DEV_CREATE(r1, 0x5501) (async) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) [ 3122.625084] input: syz0 as /devices/virtual/input/input33171 [ 3122.655984] input: syz0 as /devices/virtual/input/input33176 00:21:47 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x2582, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$BLKFRASET(0xffffffffffffffff, 0x1264, &(0x7f0000000080)=0x7fff) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) r2 = socket$inet(0x2, 0xa, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r2, 0x0, 0x48c, 0x0, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000100)=@filter={'filter\x00', 0xe, 0x6, 0x1184, [0x0, 0x20000940, 0x20000c94, 0x20000daa], 0x0, &(0x7f00000000c0), &(0x7f0000000940)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff020000001100000028000000890600000000000000000000000000000000767863616e310000000000000000000076657468305f766972745f776966690069703667726574617030000000000000ca9a0075351cff00ffffff00aaaaaaaaaaaa0000ff000000e60000005e0100008e01000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000aafe80000000000000000000000000001effffff000000000000000000ff000000ffffff00ffffffff000000ff00000000d26220054e204e204e204e20000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000bc42594dba01fa5b885219012540a358c0b16c3f4e546a3ceca99835c52a000000000000000000000000000000000000000000000000000000000000000000000800000000000000ffffffff00000000434f4e4e5345434d41524b00000000000000000000000000000000000000000008000000000000000200000000000000050000000c000000600476657468315f766c616e0000000000007665746831000000000000000000000076657468315f766c616e0000000000007465616d5f736c6176655f30000000009815f767018600000000ffffffffffffffffff000000ff00ee00000066010000960100006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000090000000000000000000000000000000100000000000000737461746973746963000000000000000000000000000000000000000000000018000000000000000000010008000000ff0f00007831000001000000000000004e464c4f47000000000000000000000000000000000000000000000000000000500000000000000000001c07800009000000000086aec0d64bda34dfc63c8328cd2a6680e29e3c63d3357a3cf387f9f279c09f461cacee3e5f720d50d9a2e8019072b242a35e627b54c8eef95ae438d6fbf0ec7a00000000434f4e4e5345434d41524b0000000000000000000000000000000000000000000800000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000feffffff01000000050000000800000000f876657468305f766972745f77696669006772657461703000000000000000000076657468305f746f5f7465616d000000626f6e64300000000000000000000000aaaaaaaaaabb000000fffeff000000000000ffff00ff00ff6e0000006e000000e60000004e464c4f470000000000000000000000000000000000000000000000000000005000000000000000000200000500000801000000abb4d0764f0b129397ae4ed9632b562cbd3c51b04941204e5b1598b037aa84df3be1377c944f70b3d268fb4622a2f1e27f367fc041a4aaaf97738349427d5bb90000000000000000000000000000000000000000000000000000000000000000000000000000000003000000ffffffff01000000030000002a00000080f36d61637365633000000000000000000073797a6b616c6c6572310000000000006261746164765f736c6176655f30000077673100000000000000000000000000aaaaaaaaaa3000000000ffff000000000000ff00000000fff6000000f60000003e01000068656c70657200000000000000000000000000000000000000000000000000002800000000000000000000006674702d32303030300000000000000000000000000000000000000000000000000000006d616300000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000004552524f5200000000000000000000000000000000000000000000000000000020000000000000003b466fb321b7aa91805bae541acf8a0f2a12e521ec1ff9191ab2a8917fc1000000000000000000000000000000000000000000000000000000000000000000000000000004000000fcffffff020000001100000074000000001976657468315f766972745f776966690076657468315f746f5f7465616d0000007866726d300000000000000000000000767863616e3100000000000000000000aaaaaaaaaabbff000000ff000180c20000000000ffffff001e0900006e090000be090000706b74747970650000000000000000000000000000000000000000000000000008000000000000000201000000000000616d6f6e670000000000000000000000000000000000000000000000000000005808000000000000000000000000000003000000441c502b010000000200000000000000070000000400000001000000020000000400000007000000070000000004000014000000000200000100000003000000000000c0f7ffffff010000000500000003000000020000000900000002000000010000006900000081000000810000000004000008000000ffffff7f07000000f10000000000000006000000000000803f0000000100000001000000fcffffff010400002000000001000000050000004f9566583d0d0000090000000100000007000000ff0100000000000002000000fcffffff0400000002000000cf0000000080000002000000ebffffff0100000001000000d9000000060000001a783040060000000600000001000080060000000000000001000000090000000500000084e2ffff727f0100baa3d661ac020000000000000100000004000000070000000500000000000000a739000080000000070000002b060000f6000000c600000002000000060000000100000008000000960000000800000006000000ff00000007000000200000000200000001010000497b000000000000050000000100000002000000040000000001000007000000000800001d000000040000006f00000006000000030000000100008009000000010000000400000009000000010000000010000006000000ffffff7f5b17000006000000060000000800000002000000ff7f00000600000001050000020000000600000009030000010000000600000093050000ff0100005c750000060000000000000000000080030000008906000004000000f8ffffff03000000000000c0080000000300000007000000e6000000804c0000f9ffffff000001000000000002000000a90d000004000000f9ffffff07000000000000800700000001000000010000800800000008000000000000008e4e0000050000000004000008000000000000000000000006000000080000000700000000040000000001000000000000000000020000000900000003000000070000008606000008000000810000003f00000000100000050000004c9300000800000005000000030000000400000007000000340000000100000003000000000c00004000000000010000810000000800000067a60000000100001b8d2b4502000000a61d00000700000008000000080000000010000004000000130000000000010005000000090000000200000005000000ffff000000000000b9450000010100000400000001010000ff0300000400000001000000f10d000001040000faffffff1f000000010400000000000007000000090000000180000009000000470000000180000022000000fdffffff0100000040000000d4990000ff0f0000080000000900000000000080540500005e51000006000000000060000000000002000000030000000300000002000000000000000300000000000000ac1414bb01010000050000000a010101070000000100fffffdffffff7f0000000180000001040000000000009401000005000000000000001f00000000000100008000000900000001000000b903000005000000000000000800000002000000000000001f000000040000000400000003400000c90000005b60000005000000040000000101000001000000070000000b9e00000400000004000000010000800900000008000000ff01000008000000ff010000000000000000000005000000010000000000000079000000ab000000010001004000000001040000f36300000180ffff7f000000080000000002000000000000020000000180000004000000080000007ba80000000001002000000012b64735f7ffffff80000000ff000000c2000000ff0000000100000000000000080000009f000000030000000200000009000000080000000700000008000000050000000010000000000000f90b00000100010009000000000000000200000003000000030000000800000000000000040000000100000005000000000200007e0000000000000001800000000001000200000085b00000000000185c4600001a030000007f0000ffffffff05000000faffffff00000000a00300000800000004000000000800000080000068f1000001000100040000000900000001000000010000005e0500000008000009000000000001000400000006000000090000000900000000000000200000000100000000000000000400000300000052a4000004000000f9070000fcffffff050000000100000003000000000200000000008000080000010000000000000003000000ffffffff0600000055280000060000000600000008000000fc0f0000474c000008000000010001000000000000000000060000000000001b03000000010400000500000000000000000400000600000008000000ffffffff8d06000001800000070000000900000003000000040000000101000001f8ffff8d0000000200000007000000ffffff7f0800000009000000ff0100003f0000001f0000000400000007000000f7ffffff040000001f2800003c249e72020000000400000019b600000200000001000000ff0700000600000002000000070000000700000004000000010000003400000006000000000000000100000035f40000c60000000100010005000000d0630000000200000700000007000000ffffff7f0200000006000000000000000600000000800000020000000000000000080000feffffff03000000010000000200000000000000030000000700000000010000ff7f00000000000006000000018000000900000008000000ff000000090000000900000001000000000800003e1f00000600000006000000000000000400000001000000ff0f000000010000ff0f0000ff0100000100000001000080020000000300000007000000ac1414aa0300000009000000640101026c6f670000000000000000000000000000000000000000000000000000000000280000000000000009d6e958b7cd0d4097a0091588597922bbb4559209c55d756dd2b3dca556db000a0000000000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000500000073797a30000000000000000000000000000000000000000000000000ffff000000000000110000000600000000056772657461703000000000000000000076657468315f766972745f776966690073797a6b616c6c6572310000000000006272696467655f736c6176655f300000aaaaaaaaaabb0000ffff00ffffffffffffff0000ff00ff00be00000046010000be01000068656c7065720000000000000000000000000000000000000000000000000000280000000000000001000000512e3933310000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000000073797a30000000000000000000000000000000000000000000000000faffffffffffffff6d61726b000000000000000000000000000000000000000000000000000000001000000000000000f0ffffff00000000fdffffff000000004e464c4f470000000000000000000000000000000000000000000000000000005000000000000000050000006f00060002000000102a78beb70373c48865a88f2095b76036a066aee738b74b8c720fb765e04d97ca6f9694b38dc447cb72d531e5fa342babe50bc376029b1e6536993a4e967d3400000000"]}, 0x11fc) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], [0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0x3) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) ptrace$cont(0x7, 0x0, 0x1, 0x1) 00:21:47 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3122.741550] input: syz0 as /devices/virtual/input/input33177 [ 3122.749422] input: syz0 as /devices/virtual/input/input33179 [ 3122.759990] input: syz0 as /devices/virtual/input/input33180 [ 3122.771556] FAULT_INJECTION: forcing a failure. [ 3122.771556] name failslab, interval 1, probability 0, space 0, times 0 [ 3122.803756] CPU: 0 PID: 19794 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3122.811650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3122.820998] Call Trace: [ 3122.823586] dump_stack+0x1b2/0x281 [ 3122.827221] should_fail.cold+0x10a/0x149 [ 3122.831375] should_failslab+0xd6/0x130 [ 3122.835351] kmem_cache_alloc_node+0x263/0x410 [ 3122.840024] __alloc_skb+0x5c/0x510 [ 3122.843652] kobject_uevent_env+0x882/0xf30 [ 3122.847980] device_add+0xa47/0x15c0 [ 3122.851693] ? device_is_dependent+0x2a0/0x2a0 [ 3122.856270] ? __kmalloc+0x3a4/0x400 [ 3122.859982] ? input_register_device+0x419/0xa90 [ 3122.864743] input_register_device+0x59e/0xa90 [ 3122.869328] ? __lock_acquire+0x5fc/0x3f20 [ 3122.873565] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3122.878756] ? uinput_write+0xfb0/0xfb0 [ 3122.882728] ? get_pid_task+0xb8/0x130 [ 3122.886614] ? proc_fail_nth_write+0x7b/0x180 [ 3122.891109] ? trace_hardirqs_on+0x10/0x10 [ 3122.895434] ? fsnotify+0x974/0x11b0 [ 3122.899144] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3122.904072] ? __handle_mm_fault+0x80f/0x4620 [ 3122.908565] ? SyS_write+0x1b7/0x210 [ 3122.912279] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3122.917727] do_vfs_ioctl+0x75a/0xff0 [ 3122.921621] ? lock_acquire+0x170/0x3f0 [ 3122.925599] ? ioctl_preallocate+0x1a0/0x1a0 [ 3122.930011] ? __fget+0x265/0x3e0 [ 3122.933467] ? do_vfs_ioctl+0xff0/0xff0 [ 3122.937444] ? security_file_ioctl+0x83/0xb0 [ 3122.941868] SyS_ioctl+0x7f/0xb0 [ 3122.945236] ? do_vfs_ioctl+0xff0/0xff0 [ 3122.949227] do_syscall_64+0x1d5/0x640 [ 3122.953139] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3122.958357] RIP: 0033:0x7f980133e109 [ 3122.962061] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3122.969868] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3122.977242] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3122.984508] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3122.991779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 00:21:47 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3122.999053] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 00:21:48 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0) ioctl$UI_SET_LEDBIT(r1, 0x40045569, 0xc) 00:21:48 executing program 5: r0 = socket(0x10, 0x80000, 0x287) sendmsg$FOU_CMD_DEL(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x4c, 0x0, 0x100, 0x70bd29, 0x25dfdbfc, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x2}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @loopback}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @empty}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_IPPROTO={0x5, 0x3, 0x2c}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @initdev={0xac, 0x1e, 0x1, 0x0}}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @remote}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4840}, 0x20040000) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x1) (async) write$uinput_user_dev(r1, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) (async) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x123) (async) ioctl$UI_DEV_CREATE(r1, 0x5501) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) 00:21:48 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) (async) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x2582, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$BLKFRASET(0xffffffffffffffff, 0x1264, &(0x7f0000000080)=0x7fff) (async) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) (async) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) (async) r2 = socket$inet(0x2, 0xa, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r2, 0x0, 0x48c, 0x0, 0x0) (async) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000100)=@filter={'filter\x00', 0xe, 0x6, 0x1184, [0x0, 0x20000940, 0x20000c94, 0x20000daa], 0x0, &(0x7f00000000c0), &(0x7f0000000940)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff020000001100000028000000890600000000000000000000000000000000767863616e310000000000000000000076657468305f766972745f776966690069703667726574617030000000000000ca9a0075351cff00ffffff00aaaaaaaaaaaa0000ff000000e60000005e0100008e01000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000aafe80000000000000000000000000001effffff000000000000000000ff000000ffffff00ffffffff000000ff00000000d26220054e204e204e204e20000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000bc42594dba01fa5b885219012540a358c0b16c3f4e546a3ceca99835c52a000000000000000000000000000000000000000000000000000000000000000000000800000000000000ffffffff00000000434f4e4e5345434d41524b00000000000000000000000000000000000000000008000000000000000200000000000000050000000c000000600476657468315f766c616e0000000000007665746831000000000000000000000076657468315f766c616e0000000000007465616d5f736c6176655f30000000009815f767018600000000ffffffffffffffffff000000ff00ee00000066010000960100006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000090000000000000000000000000000000100000000000000737461746973746963000000000000000000000000000000000000000000000018000000000000000000010008000000ff0f00007831000001000000000000004e464c4f47000000000000000000000000000000000000000000000000000000500000000000000000001c07800009000000000086aec0d64bda34dfc63c8328cd2a6680e29e3c63d3357a3cf387f9f279c09f461cacee3e5f720d50d9a2e8019072b242a35e627b54c8eef95ae438d6fbf0ec7a00000000434f4e4e5345434d41524b0000000000000000000000000000000000000000000800000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000feffffff01000000050000000800000000f876657468305f766972745f77696669006772657461703000000000000000000076657468305f746f5f7465616d000000626f6e64300000000000000000000000aaaaaaaaaabb000000fffeff000000000000ffff00ff00ff6e0000006e000000e60000004e464c4f470000000000000000000000000000000000000000000000000000005000000000000000000200000500000801000000abb4d0764f0b129397ae4ed9632b562cbd3c51b04941204e5b1598b037aa84df3be1377c944f70b3d268fb4622a2f1e27f367fc041a4aaaf97738349427d5bb90000000000000000000000000000000000000000000000000000000000000000000000000000000003000000ffffffff01000000030000002a00000080f36d61637365633000000000000000000073797a6b616c6c6572310000000000006261746164765f736c6176655f30000077673100000000000000000000000000aaaaaaaaaa3000000000ffff000000000000ff00000000fff6000000f60000003e01000068656c70657200000000000000000000000000000000000000000000000000002800000000000000000000006674702d32303030300000000000000000000000000000000000000000000000000000006d616300000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000004552524f5200000000000000000000000000000000000000000000000000000020000000000000003b466fb321b7aa91805bae541acf8a0f2a12e521ec1ff9191ab2a8917fc1000000000000000000000000000000000000000000000000000000000000000000000000000004000000fcffffff020000001100000074000000001976657468315f766972745f776966690076657468315f746f5f7465616d0000007866726d300000000000000000000000767863616e3100000000000000000000aaaaaaaaaabbff000000ff000180c20000000000ffffff001e0900006e090000be090000706b74747970650000000000000000000000000000000000000000000000000008000000000000000201000000000000616d6f6e670000000000000000000000000000000000000000000000000000005808000000000000000000000000000003000000441c502b010000000200000000000000070000000400000001000000020000000400000007000000070000000004000014000000000200000100000003000000000000c0f7ffffff010000000500000003000000020000000900000002000000010000006900000081000000810000000004000008000000ffffff7f07000000f10000000000000006000000000000803f0000000100000001000000fcffffff010400002000000001000000050000004f9566583d0d0000090000000100000007000000ff0100000000000002000000fcffffff0400000002000000cf0000000080000002000000ebffffff0100000001000000d9000000060000001a783040060000000600000001000080060000000000000001000000090000000500000084e2ffff727f0100baa3d661ac020000000000000100000004000000070000000500000000000000a739000080000000070000002b060000f6000000c600000002000000060000000100000008000000960000000800000006000000ff00000007000000200000000200000001010000497b000000000000050000000100000002000000040000000001000007000000000800001d000000040000006f00000006000000030000000100008009000000010000000400000009000000010000000010000006000000ffffff7f5b17000006000000060000000800000002000000ff7f00000600000001050000020000000600000009030000010000000600000093050000ff0100005c750000060000000000000000000080030000008906000004000000f8ffffff03000000000000c0080000000300000007000000e6000000804c0000f9ffffff000001000000000002000000a90d000004000000f9ffffff07000000000000800700000001000000010000800800000008000000000000008e4e0000050000000004000008000000000000000000000006000000080000000700000000040000000001000000000000000000020000000900000003000000070000008606000008000000810000003f00000000100000050000004c9300000800000005000000030000000400000007000000340000000100000003000000000c00004000000000010000810000000800000067a60000000100001b8d2b4502000000a61d00000700000008000000080000000010000004000000130000000000010005000000090000000200000005000000ffff000000000000b9450000010100000400000001010000ff0300000400000001000000f10d000001040000faffffff1f000000010400000000000007000000090000000180000009000000470000000180000022000000fdffffff0100000040000000d4990000ff0f0000080000000900000000000080540500005e51000006000000000060000000000002000000030000000300000002000000000000000300000000000000ac1414bb01010000050000000a010101070000000100fffffdffffff7f0000000180000001040000000000009401000005000000000000001f00000000000100008000000900000001000000b903000005000000000000000800000002000000000000001f000000040000000400000003400000c90000005b60000005000000040000000101000001000000070000000b9e00000400000004000000010000800900000008000000ff01000008000000ff010000000000000000000005000000010000000000000079000000ab000000010001004000000001040000f36300000180ffff7f000000080000000002000000000000020000000180000004000000080000007ba80000000001002000000012b64735f7ffffff80000000ff000000c2000000ff0000000100000000000000080000009f000000030000000200000009000000080000000700000008000000050000000010000000000000f90b00000100010009000000000000000200000003000000030000000800000000000000040000000100000005000000000200007e0000000000000001800000000001000200000085b00000000000185c4600001a030000007f0000ffffffff05000000faffffff00000000a00300000800000004000000000800000080000068f1000001000100040000000900000001000000010000005e0500000008000009000000000001000400000006000000090000000900000000000000200000000100000000000000000400000300000052a4000004000000f9070000fcffffff050000000100000003000000000200000000008000080000010000000000000003000000ffffffff0600000055280000060000000600000008000000fc0f0000474c000008000000010001000000000000000000060000000000001b03000000010400000500000000000000000400000600000008000000ffffffff8d06000001800000070000000900000003000000040000000101000001f8ffff8d0000000200000007000000ffffff7f0800000009000000ff0100003f0000001f0000000400000007000000f7ffffff040000001f2800003c249e72020000000400000019b600000200000001000000ff0700000600000002000000070000000700000004000000010000003400000006000000000000000100000035f40000c60000000100010005000000d0630000000200000700000007000000ffffff7f0200000006000000000000000600000000800000020000000000000000080000feffffff03000000010000000200000000000000030000000700000000010000ff7f00000000000006000000018000000900000008000000ff000000090000000900000001000000000800003e1f00000600000006000000000000000400000001000000ff0f000000010000ff0f0000ff0100000100000001000080020000000300000007000000ac1414aa0300000009000000640101026c6f670000000000000000000000000000000000000000000000000000000000280000000000000009d6e958b7cd0d4097a0091588597922bbb4559209c55d756dd2b3dca556db000a0000000000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000500000073797a30000000000000000000000000000000000000000000000000ffff000000000000110000000600000000056772657461703000000000000000000076657468315f766972745f776966690073797a6b616c6c6572310000000000006272696467655f736c6176655f300000aaaaaaaaaabb0000ffff00ffffffffffffff0000ff00ff00be00000046010000be01000068656c7065720000000000000000000000000000000000000000000000000000280000000000000001000000512e3933310000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000000073797a30000000000000000000000000000000000000000000000000faffffffffffffff6d61726b000000000000000000000000000000000000000000000000000000001000000000000000f0ffffff00000000fdffffff000000004e464c4f470000000000000000000000000000000000000000000000000000005000000000000000050000006f00060002000000102a78beb70373c48865a88f2095b76036a066aee738b74b8c720fb765e04d97ca6f9694b38dc447cb72d531e5fa342babe50bc376029b1e6536993a4e967d3400000000"]}, 0x11fc) (async) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], [0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) (async) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) (async) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0x3) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (async) ptrace$cont(0x7, 0x0, 0x1, 0x1) 00:21:48 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(r1, 0xc06855c8, &(0x7f0000000040)={0xd, 0x7, {0x53, 0x7, 0x1, {0x6, 0x80}, {0x1000, 0x15}, @const={0x1000, {0x5, 0x7fff, 0x40, 0x1}}}, {0x56, 0x3ff, 0xe0, {0x40, 0x7}, {0x9, 0x20}, @cond=[{0x6, 0x5b6, 0x8, 0x1000, 0x0, 0x7f}, {0x8, 0x2, 0x0, 0x9, 0x1, 0x7}]}}) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3123.067789] input: syz0 as /devices/virtual/input/input33182 00:21:48 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 47) 00:21:48 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3123.175831] input: syz0 as /devices/virtual/input/input33184 [ 3123.188922] input: syz0 as /devices/virtual/input/input33183 [ 3123.224398] FAULT_INJECTION: forcing a failure. [ 3123.224398] name failslab, interval 1, probability 0, space 0, times 0 [ 3123.239421] CPU: 0 PID: 19849 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3123.247316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3123.256669] Call Trace: [ 3123.259265] dump_stack+0x1b2/0x281 [ 3123.262897] should_fail.cold+0x10a/0x149 [ 3123.267048] should_failslab+0xd6/0x130 [ 3123.271028] kmem_cache_alloc_node+0x263/0x410 [ 3123.275616] __alloc_skb+0x5c/0x510 [ 3123.279246] kobject_uevent_env+0x882/0xf30 [ 3123.283577] device_add+0xa47/0x15c0 [ 3123.287294] ? device_is_dependent+0x2a0/0x2a0 [ 3123.291879] ? __kmalloc+0x3a4/0x400 [ 3123.295595] ? input_register_device+0x419/0xa90 [ 3123.300354] input_register_device+0x59e/0xa90 [ 3123.304935] ? __lock_acquire+0x5fc/0x3f20 [ 3123.309169] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3123.314373] ? uinput_write+0xfb0/0xfb0 [ 3123.318344] ? get_pid_task+0xb8/0x130 [ 3123.322232] ? proc_fail_nth_write+0x7b/0x180 [ 3123.326728] ? trace_hardirqs_on+0x10/0x10 [ 3123.330969] ? fsnotify+0x974/0x11b0 [ 3123.334686] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3123.339612] ? __handle_mm_fault+0x80f/0x4620 [ 3123.344109] ? SyS_write+0x1b7/0x210 [ 3123.347823] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3123.353272] do_vfs_ioctl+0x75a/0xff0 [ 3123.357073] ? lock_acquire+0x170/0x3f0 [ 3123.361046] ? ioctl_preallocate+0x1a0/0x1a0 [ 3123.365454] ? __fget+0x265/0x3e0 [ 3123.368907] ? do_vfs_ioctl+0xff0/0xff0 [ 3123.372887] ? security_file_ioctl+0x83/0xb0 [ 3123.377294] SyS_ioctl+0x7f/0xb0 [ 3123.380664] ? do_vfs_ioctl+0xff0/0xff0 [ 3123.384640] do_syscall_64+0x1d5/0x640 [ 3123.388534] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3123.393719] RIP: 0033:0x7f980133e109 [ 3123.397427] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3123.405132] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3123.412403] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 00:21:48 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x2582, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$BLKFRASET(0xffffffffffffffff, 0x1264, &(0x7f0000000080)=0x7fff) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) r2 = socket$inet(0x2, 0xa, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r2, 0x0, 0x48c, 0x0, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000100)=@filter={'filter\x00', 0xe, 0x6, 0x1184, [0x0, 0x20000940, 0x20000c94, 0x20000daa], 0x0, &(0x7f00000000c0), &(0x7f0000000940)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff020000001100000028000000890600000000000000000000000000000000767863616e310000000000000000000076657468305f766972745f776966690069703667726574617030000000000000ca9a0075351cff00ffffff00aaaaaaaaaaaa0000ff000000e60000005e0100008e01000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000aafe80000000000000000000000000001effffff000000000000000000ff000000ffffff00ffffffff000000ff00000000d26220054e204e204e204e20000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000bc42594dba01fa5b885219012540a358c0b16c3f4e546a3ceca99835c52a000000000000000000000000000000000000000000000000000000000000000000000800000000000000ffffffff00000000434f4e4e5345434d41524b00000000000000000000000000000000000000000008000000000000000200000000000000050000000c000000600476657468315f766c616e0000000000007665746831000000000000000000000076657468315f766c616e0000000000007465616d5f736c6176655f30000000009815f767018600000000ffffffffffffffffff000000ff00ee00000066010000960100006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000090000000000000000000000000000000100000000000000737461746973746963000000000000000000000000000000000000000000000018000000000000000000010008000000ff0f00007831000001000000000000004e464c4f47000000000000000000000000000000000000000000000000000000500000000000000000001c07800009000000000086aec0d64bda34dfc63c8328cd2a6680e29e3c63d3357a3cf387f9f279c09f461cacee3e5f720d50d9a2e8019072b242a35e627b54c8eef95ae438d6fbf0ec7a00000000434f4e4e5345434d41524b0000000000000000000000000000000000000000000800000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000feffffff01000000050000000800000000f876657468305f766972745f77696669006772657461703000000000000000000076657468305f746f5f7465616d000000626f6e64300000000000000000000000aaaaaaaaaabb000000fffeff000000000000ffff00ff00ff6e0000006e000000e60000004e464c4f470000000000000000000000000000000000000000000000000000005000000000000000000200000500000801000000abb4d0764f0b129397ae4ed9632b562cbd3c51b04941204e5b1598b037aa84df3be1377c944f70b3d268fb4622a2f1e27f367fc041a4aaaf97738349427d5bb90000000000000000000000000000000000000000000000000000000000000000000000000000000003000000ffffffff01000000030000002a00000080f36d61637365633000000000000000000073797a6b616c6c6572310000000000006261746164765f736c6176655f30000077673100000000000000000000000000aaaaaaaaaa3000000000ffff000000000000ff00000000fff6000000f60000003e01000068656c70657200000000000000000000000000000000000000000000000000002800000000000000000000006674702d32303030300000000000000000000000000000000000000000000000000000006d616300000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000004552524f5200000000000000000000000000000000000000000000000000000020000000000000003b466fb321b7aa91805bae541acf8a0f2a12e521ec1ff9191ab2a8917fc1000000000000000000000000000000000000000000000000000000000000000000000000000004000000fcffffff020000001100000074000000001976657468315f766972745f776966690076657468315f746f5f7465616d0000007866726d300000000000000000000000767863616e3100000000000000000000aaaaaaaaaabbff000000ff000180c20000000000ffffff001e0900006e090000be090000706b74747970650000000000000000000000000000000000000000000000000008000000000000000201000000000000616d6f6e670000000000000000000000000000000000000000000000000000005808000000000000000000000000000003000000441c502b010000000200000000000000070000000400000001000000020000000400000007000000070000000004000014000000000200000100000003000000000000c0f7ffffff010000000500000003000000020000000900000002000000010000006900000081000000810000000004000008000000ffffff7f07000000f10000000000000006000000000000803f0000000100000001000000fcffffff010400002000000001000000050000004f9566583d0d0000090000000100000007000000ff0100000000000002000000fcffffff0400000002000000cf0000000080000002000000ebffffff0100000001000000d9000000060000001a783040060000000600000001000080060000000000000001000000090000000500000084e2ffff727f0100baa3d661ac020000000000000100000004000000070000000500000000000000a739000080000000070000002b060000f6000000c600000002000000060000000100000008000000960000000800000006000000ff00000007000000200000000200000001010000497b000000000000050000000100000002000000040000000001000007000000000800001d000000040000006f00000006000000030000000100008009000000010000000400000009000000010000000010000006000000ffffff7f5b17000006000000060000000800000002000000ff7f00000600000001050000020000000600000009030000010000000600000093050000ff0100005c750000060000000000000000000080030000008906000004000000f8ffffff03000000000000c0080000000300000007000000e6000000804c0000f9ffffff000001000000000002000000a90d000004000000f9ffffff07000000000000800700000001000000010000800800000008000000000000008e4e0000050000000004000008000000000000000000000006000000080000000700000000040000000001000000000000000000020000000900000003000000070000008606000008000000810000003f00000000100000050000004c9300000800000005000000030000000400000007000000340000000100000003000000000c00004000000000010000810000000800000067a60000000100001b8d2b4502000000a61d00000700000008000000080000000010000004000000130000000000010005000000090000000200000005000000ffff000000000000b9450000010100000400000001010000ff0300000400000001000000f10d000001040000faffffff1f000000010400000000000007000000090000000180000009000000470000000180000022000000fdffffff0100000040000000d4990000ff0f0000080000000900000000000080540500005e51000006000000000060000000000002000000030000000300000002000000000000000300000000000000ac1414bb01010000050000000a010101070000000100fffffdffffff7f0000000180000001040000000000009401000005000000000000001f00000000000100008000000900000001000000b903000005000000000000000800000002000000000000001f000000040000000400000003400000c90000005b60000005000000040000000101000001000000070000000b9e00000400000004000000010000800900000008000000ff01000008000000ff010000000000000000000005000000010000000000000079000000ab000000010001004000000001040000f36300000180ffff7f000000080000000002000000000000020000000180000004000000080000007ba80000000001002000000012b64735f7ffffff80000000ff000000c2000000ff0000000100000000000000080000009f000000030000000200000009000000080000000700000008000000050000000010000000000000f90b00000100010009000000000000000200000003000000030000000800000000000000040000000100000005000000000200007e0000000000000001800000000001000200000085b00000000000185c4600001a030000007f0000ffffffff05000000faffffff00000000a00300000800000004000000000800000080000068f1000001000100040000000900000001000000010000005e0500000008000009000000000001000400000006000000090000000900000000000000200000000100000000000000000400000300000052a4000004000000f9070000fcffffff050000000100000003000000000200000000008000080000010000000000000003000000ffffffff0600000055280000060000000600000008000000fc0f0000474c000008000000010001000000000000000000060000000000001b03000000010400000500000000000000000400000600000008000000ffffffff8d06000001800000070000000900000003000000040000000101000001f8ffff8d0000000200000007000000ffffff7f0800000009000000ff0100003f0000001f0000000400000007000000f7ffffff040000001f2800003c249e72020000000400000019b600000200000001000000ff0700000600000002000000070000000700000004000000010000003400000006000000000000000100000035f40000c60000000100010005000000d0630000000200000700000007000000ffffff7f0200000006000000000000000600000000800000020000000000000000080000feffffff03000000010000000200000000000000030000000700000000010000ff7f00000000000006000000018000000900000008000000ff000000090000000900000001000000000800003e1f00000600000006000000000000000400000001000000ff0f000000010000ff0f0000ff0100000100000001000080020000000300000007000000ac1414aa0300000009000000640101026c6f670000000000000000000000000000000000000000000000000000000000280000000000000009d6e958b7cd0d4097a0091588597922bbb4559209c55d756dd2b3dca556db000a0000000000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000500000073797a30000000000000000000000000000000000000000000000000ffff000000000000110000000600000000056772657461703000000000000000000076657468315f766972745f776966690073797a6b616c6c6572310000000000006272696467655f736c6176655f300000aaaaaaaaaabb0000ffff00ffffffffffffff0000ff00ff00be00000046010000be01000068656c7065720000000000000000000000000000000000000000000000000000280000000000000001000000512e3933310000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000000073797a30000000000000000000000000000000000000000000000000faffffffffffffff6d61726b000000000000000000000000000000000000000000000000000000001000000000000000f0ffffff00000000fdffffff000000004e464c4f470000000000000000000000000000000000000000000000000000005000000000000000050000006f00060002000000102a78beb70373c48865a88f2095b76036a066aee738b74b8c720fb765e04d97ca6f9694b38dc447cb72d531e5fa342babe50bc376029b1e6536993a4e967d3400000000"]}, 0x11fc) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], [0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0x3) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) ptrace$cont(0x7, 0x0, 0x1, 0x1) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x2582, 0x0) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$BLKFRASET(0xffffffffffffffff, 0x1264, &(0x7f0000000080)=0x7fff) (async) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) (async) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) (async) socket$inet(0x2, 0xa, 0x0) (async) setsockopt$IP_VS_SO_SET_STOPDAEMON(r2, 0x0, 0x48c, 0x0, 0x0) (async) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000100)=@filter={'filter\x00', 0xe, 0x6, 0x1184, [0x0, 0x20000940, 0x20000c94, 0x20000daa], 0x0, &(0x7f00000000c0), &(0x7f0000000940)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff020000001100000028000000890600000000000000000000000000000000767863616e310000000000000000000076657468305f766972745f776966690069703667726574617030000000000000ca9a0075351cff00ffffff00aaaaaaaaaaaa0000ff000000e60000005e0100008e01000069703600000000000000000000000000000000000000000000000000000000005000000000000000fe8000000000000000000000000000aafe80000000000000000000000000001effffff000000000000000000ff000000ffffff00ffffffff000000ff00000000d26220054e204e204e204e20000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000bc42594dba01fa5b885219012540a358c0b16c3f4e546a3ceca99835c52a000000000000000000000000000000000000000000000000000000000000000000000800000000000000ffffffff00000000434f4e4e5345434d41524b00000000000000000000000000000000000000000008000000000000000200000000000000050000000c000000600476657468315f766c616e0000000000007665746831000000000000000000000076657468315f766c616e0000000000007465616d5f736c6176655f30000000009815f767018600000000ffffffffffffffffff000000ff00ee00000066010000960100006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000090000000000000000000000000000000100000000000000737461746973746963000000000000000000000000000000000000000000000018000000000000000000010008000000ff0f00007831000001000000000000004e464c4f47000000000000000000000000000000000000000000000000000000500000000000000000001c07800009000000000086aec0d64bda34dfc63c8328cd2a6680e29e3c63d3357a3cf387f9f279c09f461cacee3e5f720d50d9a2e8019072b242a35e627b54c8eef95ae438d6fbf0ec7a00000000434f4e4e5345434d41524b0000000000000000000000000000000000000000000800000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000feffffff01000000050000000800000000f876657468305f766972745f77696669006772657461703000000000000000000076657468305f746f5f7465616d000000626f6e64300000000000000000000000aaaaaaaaaabb000000fffeff000000000000ffff00ff00ff6e0000006e000000e60000004e464c4f470000000000000000000000000000000000000000000000000000005000000000000000000200000500000801000000abb4d0764f0b129397ae4ed9632b562cbd3c51b04941204e5b1598b037aa84df3be1377c944f70b3d268fb4622a2f1e27f367fc041a4aaaf97738349427d5bb90000000000000000000000000000000000000000000000000000000000000000000000000000000003000000ffffffff01000000030000002a00000080f36d61637365633000000000000000000073797a6b616c6c6572310000000000006261746164765f736c6176655f30000077673100000000000000000000000000aaaaaaaaaa3000000000ffff000000000000ff00000000fff6000000f60000003e01000068656c70657200000000000000000000000000000000000000000000000000002800000000000000000000006674702d32303030300000000000000000000000000000000000000000000000000000006d616300000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000004552524f5200000000000000000000000000000000000000000000000000000020000000000000003b466fb321b7aa91805bae541acf8a0f2a12e521ec1ff9191ab2a8917fc1000000000000000000000000000000000000000000000000000000000000000000000000000004000000fcffffff020000001100000074000000001976657468315f766972745f776966690076657468315f746f5f7465616d0000007866726d300000000000000000000000767863616e3100000000000000000000aaaaaaaaaabbff000000ff000180c20000000000ffffff001e0900006e090000be090000706b74747970650000000000000000000000000000000000000000000000000008000000000000000201000000000000616d6f6e670000000000000000000000000000000000000000000000000000005808000000000000000000000000000003000000441c502b010000000200000000000000070000000400000001000000020000000400000007000000070000000004000014000000000200000100000003000000000000c0f7ffffff010000000500000003000000020000000900000002000000010000006900000081000000810000000004000008000000ffffff7f07000000f10000000000000006000000000000803f0000000100000001000000fcffffff010400002000000001000000050000004f9566583d0d0000090000000100000007000000ff0100000000000002000000fcffffff0400000002000000cf0000000080000002000000ebffffff0100000001000000d9000000060000001a783040060000000600000001000080060000000000000001000000090000000500000084e2ffff727f0100baa3d661ac020000000000000100000004000000070000000500000000000000a739000080000000070000002b060000f6000000c600000002000000060000000100000008000000960000000800000006000000ff00000007000000200000000200000001010000497b000000000000050000000100000002000000040000000001000007000000000800001d000000040000006f00000006000000030000000100008009000000010000000400000009000000010000000010000006000000ffffff7f5b17000006000000060000000800000002000000ff7f00000600000001050000020000000600000009030000010000000600000093050000ff0100005c750000060000000000000000000080030000008906000004000000f8ffffff03000000000000c0080000000300000007000000e6000000804c0000f9ffffff000001000000000002000000a90d000004000000f9ffffff07000000000000800700000001000000010000800800000008000000000000008e4e0000050000000004000008000000000000000000000006000000080000000700000000040000000001000000000000000000020000000900000003000000070000008606000008000000810000003f00000000100000050000004c9300000800000005000000030000000400000007000000340000000100000003000000000c00004000000000010000810000000800000067a60000000100001b8d2b4502000000a61d00000700000008000000080000000010000004000000130000000000010005000000090000000200000005000000ffff000000000000b9450000010100000400000001010000ff0300000400000001000000f10d000001040000faffffff1f000000010400000000000007000000090000000180000009000000470000000180000022000000fdffffff0100000040000000d4990000ff0f0000080000000900000000000080540500005e51000006000000000060000000000002000000030000000300000002000000000000000300000000000000ac1414bb01010000050000000a010101070000000100fffffdffffff7f0000000180000001040000000000009401000005000000000000001f00000000000100008000000900000001000000b903000005000000000000000800000002000000000000001f000000040000000400000003400000c90000005b60000005000000040000000101000001000000070000000b9e00000400000004000000010000800900000008000000ff01000008000000ff010000000000000000000005000000010000000000000079000000ab000000010001004000000001040000f36300000180ffff7f000000080000000002000000000000020000000180000004000000080000007ba80000000001002000000012b64735f7ffffff80000000ff000000c2000000ff0000000100000000000000080000009f000000030000000200000009000000080000000700000008000000050000000010000000000000f90b00000100010009000000000000000200000003000000030000000800000000000000040000000100000005000000000200007e0000000000000001800000000001000200000085b00000000000185c4600001a030000007f0000ffffffff05000000faffffff00000000a00300000800000004000000000800000080000068f1000001000100040000000900000001000000010000005e0500000008000009000000000001000400000006000000090000000900000000000000200000000100000000000000000400000300000052a4000004000000f9070000fcffffff050000000100000003000000000200000000008000080000010000000000000003000000ffffffff0600000055280000060000000600000008000000fc0f0000474c000008000000010001000000000000000000060000000000001b03000000010400000500000000000000000400000600000008000000ffffffff8d06000001800000070000000900000003000000040000000101000001f8ffff8d0000000200000007000000ffffff7f0800000009000000ff0100003f0000001f0000000400000007000000f7ffffff040000001f2800003c249e72020000000400000019b600000200000001000000ff0700000600000002000000070000000700000004000000010000003400000006000000000000000100000035f40000c60000000100010005000000d0630000000200000700000007000000ffffff7f0200000006000000000000000600000000800000020000000000000000080000feffffff03000000010000000200000000000000030000000700000000010000ff7f00000000000006000000018000000900000008000000ff000000090000000900000001000000000800003e1f00000600000006000000000000000400000001000000ff0f000000010000ff0f0000ff0100000100000001000080020000000300000007000000ac1414aa0300000009000000640101026c6f670000000000000000000000000000000000000000000000000000000000280000000000000009d6e958b7cd0d4097a0091588597922bbb4559209c55d756dd2b3dca556db000a0000000000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000500000073797a30000000000000000000000000000000000000000000000000ffff000000000000110000000600000000056772657461703000000000000000000076657468315f766972745f776966690073797a6b616c6c6572310000000000006272696467655f736c6176655f300000aaaaaaaaaabb0000ffff00ffffffffffffff0000ff00ff00be00000046010000be01000068656c7065720000000000000000000000000000000000000000000000000000280000000000000001000000512e3933310000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000000073797a30000000000000000000000000000000000000000000000000faffffffffffffff6d61726b000000000000000000000000000000000000000000000000000000001000000000000000f0ffffff00000000fdffffff000000004e464c4f470000000000000000000000000000000000000000000000000000005000000000000000050000006f00060002000000102a78beb70373c48865a88f2095b76036a066aee738b74b8c720fb765e04d97ca6f9694b38dc447cb72d531e5fa342babe50bc376029b1e6536993a4e967d3400000000"]}, 0x11fc) (async) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], [0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) (async) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0x3) (async) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (async) ptrace$cont(0x7, 0x0, 0x1, 0x1) (async) 00:21:48 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:48 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_SET_MSCBIT(0xffffffffffffffff, 0x40045568, 0x2) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:48 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0) ioctl$UI_SET_LEDBIT(r1, 0x40045569, 0xc) [ 3123.419672] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3123.426943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3123.434212] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3123.450960] input: syz0 as /devices/virtual/input/input33187 [ 3123.464048] input: syz0 as /devices/virtual/input/input33186 00:21:48 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(r1, 0xc06855c8, &(0x7f0000000040)={0xd, 0x7, {0x53, 0x7, 0x1, {0x6, 0x80}, {0x1000, 0x15}, @const={0x1000, {0x5, 0x7fff, 0x40, 0x1}}}, {0x56, 0x3ff, 0xe0, {0x40, 0x7}, {0x9, 0x20}, @cond=[{0x6, 0x5b6, 0x8, 0x1000, 0x0, 0x7f}, {0x8, 0x2, 0x0, 0x9, 0x1, 0x7}]}}) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:48 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:48 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 48) 00:21:48 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_SET_MSCBIT(0xffffffffffffffff, 0x40045568, 0x2) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3123.527314] input: syz0 as /devices/virtual/input/input33191 00:21:48 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) setsockopt$MRT6_DEL_MFC(0xffffffffffffffff, 0x29, 0xcd, &(0x7f0000000040)={{0xa, 0x4e23, 0x0, @remote, 0x9}, {0xa, 0x4e21, 0x2, @private2, 0x40}, 0x1, {[0x1, 0x80, 0x2, 0x7, 0xfffffffd, 0x65b3, 0x1000, 0x6c]}}, 0x5c) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, 0x45c) prctl$PR_GET_IO_FLUSHER(0x3a) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) 00:21:48 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_BEGIN_FF_UPLOAD(r1, 0xc06855c8, &(0x7f0000000040)={0xd, 0x7, {0x53, 0x7, 0x1, {0x6, 0x80}, {0x1000, 0x15}, @const={0x1000, {0x5, 0x7fff, 0x40, 0x1}}}, {0x56, 0x3ff, 0xe0, {0x40, 0x7}, {0x9, 0x20}, @cond=[{0x6, 0x5b6, 0x8, 0x1000, 0x0, 0x7f}, {0x8, 0x2, 0x0, 0x9, 0x1, 0x7}]}}) (async, rerun: 64) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async, rerun: 64) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3123.585389] input: syz0 as /devices/virtual/input/input33192 [ 3123.608816] input: syz0 as /devices/virtual/input/input33194 [ 3123.624707] FAULT_INJECTION: forcing a failure. [ 3123.624707] name failslab, interval 1, probability 0, space 0, times 0 [ 3123.626986] input: syz0 as /devices/virtual/input/input33196 [ 3123.654982] CPU: 0 PID: 19899 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3123.662875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3123.672219] Call Trace: [ 3123.674824] dump_stack+0x1b2/0x281 [ 3123.678433] should_fail.cold+0x10a/0x149 [ 3123.682571] should_failslab+0xd6/0x130 [ 3123.686527] kmem_cache_alloc_node_trace+0x25a/0x400 [ 3123.691614] __kmalloc_node_track_caller+0x38/0x70 [ 3123.696528] __alloc_skb+0x96/0x510 [ 3123.700230] kobject_uevent_env+0x882/0xf30 [ 3123.704538] device_add+0xa47/0x15c0 [ 3123.708245] ? device_is_dependent+0x2a0/0x2a0 [ 3123.712823] ? __kmalloc+0x3a4/0x400 [ 3123.716524] ? input_register_device+0x419/0xa90 [ 3123.721283] input_register_device+0x59e/0xa90 [ 3123.725857] ? __lock_acquire+0x5fc/0x3f20 [ 3123.730225] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3123.735497] ? uinput_write+0xfb0/0xfb0 [ 3123.739454] ? get_pid_task+0xb8/0x130 [ 3123.743327] ? proc_fail_nth_write+0x7b/0x180 [ 3123.747812] ? trace_hardirqs_on+0x10/0x10 [ 3123.752079] ? fsnotify+0x974/0x11b0 [ 3123.755884] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3123.760798] ? __handle_mm_fault+0x80f/0x4620 [ 3123.765277] ? SyS_write+0x1b7/0x210 [ 3123.768996] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3123.774426] do_vfs_ioctl+0x75a/0xff0 [ 3123.778210] ? lock_acquire+0x170/0x3f0 [ 3123.782166] ? ioctl_preallocate+0x1a0/0x1a0 [ 3123.786926] ? __fget+0x265/0x3e0 [ 3123.790360] ? do_vfs_ioctl+0xff0/0xff0 [ 3123.794320] ? security_file_ioctl+0x83/0xb0 [ 3123.798707] SyS_ioctl+0x7f/0xb0 [ 3123.802050] ? do_vfs_ioctl+0xff0/0xff0 [ 3123.806026] do_syscall_64+0x1d5/0x640 [ 3123.809895] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3123.816221] RIP: 0033:0x7f980133e109 [ 3123.819925] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3123.829187] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 00:21:49 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3123.836535] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3123.843786] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3123.851157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3123.858410] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3123.870861] input: syz0 as /devices/virtual/input/input33195 00:21:49 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0) ioctl$UI_SET_LEDBIT(r1, 0x40045569, 0xc) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) (async) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0) (async) ioctl$UI_SET_LEDBIT(r1, 0x40045569, 0xc) (async) 00:21:49 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0xe) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:49 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_SET_MSCBIT(0xffffffffffffffff, 0x40045568, 0x2) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_SET_MSCBIT(0xffffffffffffffff, 0x40045568, 0x2) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) 00:21:49 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 49) 00:21:49 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3123.885465] input: syz0 as /devices/virtual/input/input33198 00:21:49 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:49 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) (async) setsockopt$MRT6_DEL_MFC(0xffffffffffffffff, 0x29, 0xcd, &(0x7f0000000040)={{0xa, 0x4e23, 0x0, @remote, 0x9}, {0xa, 0x4e21, 0x2, @private2, 0x40}, 0x1, {[0x1, 0x80, 0x2, 0x7, 0xfffffffd, 0x65b3, 0x1000, 0x6c]}}, 0x5c) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) (async) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) (async) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) (async) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, 0x45c) (async) prctl$PR_GET_IO_FLUSHER(0x3a) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) (async) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) [ 3123.983539] input: syz0 as /devices/virtual/input/input33203 [ 3124.000180] FAULT_INJECTION: forcing a failure. [ 3124.000180] name failslab, interval 1, probability 0, space 0, times 0 [ 3124.012588] CPU: 1 PID: 19959 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 00:21:49 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:49 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3124.020576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3124.034465] Call Trace: [ 3124.037062] dump_stack+0x1b2/0x281 [ 3124.040696] should_fail.cold+0x10a/0x149 [ 3124.044843] should_failslab+0xd6/0x130 [ 3124.048823] kmem_cache_alloc_node+0x263/0x410 [ 3124.053416] __alloc_skb+0x5c/0x510 [ 3124.057059] kobject_uevent_env+0x882/0xf30 [ 3124.061385] device_add+0xa47/0x15c0 [ 3124.065098] ? device_is_dependent+0x2a0/0x2a0 [ 3124.065109] ? __kmalloc+0x3a4/0x400 [ 3124.065118] ? input_register_device+0x419/0xa90 [ 3124.065130] input_register_device+0x59e/0xa90 00:21:49 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:49 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3124.065141] ? __lock_acquire+0x5fc/0x3f20 [ 3124.065155] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3124.092120] ? uinput_write+0xfb0/0xfb0 [ 3124.096089] ? get_pid_task+0xb8/0x130 [ 3124.099974] ? proc_fail_nth_write+0x7b/0x180 [ 3124.104475] ? trace_hardirqs_on+0x10/0x10 [ 3124.108718] ? fsnotify+0x974/0x11b0 [ 3124.112420] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3124.117344] ? __handle_mm_fault+0x80f/0x4620 [ 3124.121849] ? SyS_write+0x1b7/0x210 [ 3124.125568] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 00:21:49 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3124.131024] do_vfs_ioctl+0x75a/0xff0 [ 3124.134822] ? lock_acquire+0x170/0x3f0 [ 3124.138799] ? ioctl_preallocate+0x1a0/0x1a0 [ 3124.143206] ? __fget+0x265/0x3e0 [ 3124.143219] ? do_vfs_ioctl+0xff0/0xff0 [ 3124.143232] ? security_file_ioctl+0x83/0xb0 [ 3124.143243] SyS_ioctl+0x7f/0xb0 [ 3124.143252] ? do_vfs_ioctl+0xff0/0xff0 [ 3124.143263] do_syscall_64+0x1d5/0x640 [ 3124.143277] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3124.171417] RIP: 0033:0x7f980133e109 [ 3124.175130] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3124.182859] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3124.182866] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3124.182872] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3124.182878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3124.182884] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3124.185393] input: syz0 as /devices/virtual/input/input33204 00:21:49 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_SNDBIT(0xffffffffffffffff, 0x4004556a, 0x2) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x186) ioctl$UI_DEV_DESTROY(r0, 0x5502) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) ioctl$UI_END_FF_ERASE(r2, 0x400c55cb, &(0x7f0000000040)={0xa, 0x9, 0xfffffff7}) 00:21:49 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async, rerun: 64) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async, rerun: 64) ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0xe) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:49 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:49 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 50) 00:21:49 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000040)={{0x5, 0x7, 0x1000}, 'syz1\x00', 0x4d}) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:49 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3124.217124] input: syz0 as /devices/virtual/input/input33207 [ 3124.236470] input: syz0 as /devices/virtual/input/input33205 00:21:49 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) setsockopt$MRT6_DEL_MFC(0xffffffffffffffff, 0x29, 0xcd, &(0x7f0000000040)={{0xa, 0x4e23, 0x0, @remote, 0x9}, {0xa, 0x4e21, 0x2, @private2, 0x40}, 0x1, {[0x1, 0x80, 0x2, 0x7, 0xfffffffd, 0x65b3, 0x1000, 0x6c]}}, 0x5c) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, 0x45c) prctl$PR_GET_IO_FLUSHER(0x3a) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) (async) setsockopt$MRT6_DEL_MFC(0xffffffffffffffff, 0x29, 0xcd, &(0x7f0000000040)={{0xa, 0x4e23, 0x0, @remote, 0x9}, {0xa, 0x4e21, 0x2, @private2, 0x40}, 0x1, {[0x1, 0x80, 0x2, 0x7, 0xfffffffd, 0x65b3, 0x1000, 0x6c]}}, 0x5c) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) (async) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) (async) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) (async) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, 0x45c) (async) prctl$PR_GET_IO_FLUSHER(0x3a) (async) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (async) [ 3124.323870] input: syz0 as /devices/virtual/input/input33217 [ 3124.337653] input: syz0 as /devices/virtual/input/input33219 [ 3124.338057] FAULT_INJECTION: forcing a failure. [ 3124.338057] name failslab, interval 1, probability 0, space 0, times 0 [ 3124.358625] CPU: 0 PID: 20015 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3124.366535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3124.375879] Call Trace: [ 3124.378455] dump_stack+0x1b2/0x281 [ 3124.382070] should_fail.cold+0x10a/0x149 [ 3124.386206] should_failslab+0xd6/0x130 [ 3124.390168] kmem_cache_alloc_node_trace+0x25a/0x400 [ 3124.395276] __kmalloc_node_track_caller+0x38/0x70 [ 3124.400203] __alloc_skb+0x96/0x510 [ 3124.403827] kobject_uevent_env+0x882/0xf30 [ 3124.408136] device_add+0xa47/0x15c0 [ 3124.411840] ? device_is_dependent+0x2a0/0x2a0 [ 3124.416408] ? __kmalloc+0x3a4/0x400 [ 3124.420103] ? input_register_device+0x419/0xa90 [ 3124.424841] input_register_device+0x59e/0xa90 [ 3124.429409] ? __lock_acquire+0x5fc/0x3f20 [ 3124.433644] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3124.438816] ? uinput_write+0xfb0/0xfb0 [ 3124.442772] ? get_pid_task+0xb8/0x130 [ 3124.446646] ? proc_fail_nth_write+0x7b/0x180 [ 3124.451127] ? trace_hardirqs_on+0x10/0x10 [ 3124.455347] ? fsnotify+0x974/0x11b0 [ 3124.459124] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3124.464041] ? __handle_mm_fault+0x80f/0x4620 [ 3124.468519] ? SyS_write+0x1b7/0x210 [ 3124.472221] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3124.477662] do_vfs_ioctl+0x75a/0xff0 [ 3124.481463] ? lock_acquire+0x170/0x3f0 [ 3124.485416] ? ioctl_preallocate+0x1a0/0x1a0 [ 3124.489826] ? __fget+0x265/0x3e0 [ 3124.493379] ? do_vfs_ioctl+0xff0/0xff0 [ 3124.497425] ? security_file_ioctl+0x83/0xb0 [ 3124.501821] SyS_ioctl+0x7f/0xb0 [ 3124.505168] ? do_vfs_ioctl+0xff0/0xff0 [ 3124.509126] do_syscall_64+0x1d5/0x640 [ 3124.513002] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3124.518220] RIP: 0033:0x7f980133e109 00:21:49 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:49 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000040)={{0x5, 0x7, 0x1000}, 'syz1\x00', 0x4d}) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async, rerun: 64) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async, rerun: 64) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3124.521940] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3124.529638] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3124.536903] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3124.544163] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3124.551422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3124.558677] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 00:21:49 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0xe) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3124.597683] input: syz0 as /devices/virtual/input/input33218 00:21:49 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async, rerun: 64) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async, rerun: 64) ioctl$UI_SET_SNDBIT(0xffffffffffffffff, 0x4004556a, 0x2) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x186) (async, rerun: 64) ioctl$UI_DEV_DESTROY(r0, 0x5502) (async, rerun: 64) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) (async) ioctl$UI_END_FF_ERASE(r2, 0x400c55cb, &(0x7f0000000040)={0xa, 0x9, 0xfffffff7}) 00:21:49 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 51) 00:21:49 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r3, 0x40045568, 0x0) r4 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x4002, 0x0) ioctl$SYNC_IOC_MERGE(r3, 0xc0303e03, &(0x7f0000000080)={"f1bff5bd7f58898cb8668e1a0fc2ac3dfc2291ce8abd9a5d96c538bb83dd0b5c", r4}) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0) 00:21:50 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_SNDBIT(0xffffffffffffffff, 0x4004556a, 0x2) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x186) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) (async) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) (async) ioctl$UI_END_FF_ERASE(r2, 0x400c55cb, &(0x7f0000000040)={0xa, 0x9, 0xfffffff7}) 00:21:50 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x501001, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3124.823454] input: syz0 as /devices/virtual/input/input33247 [ 3124.849368] input: syz0 as /devices/virtual/input/input33292 00:21:50 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) (async, rerun: 32) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) (async, rerun: 32) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) (rerun: 32) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) (async) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r3, 0x40045568, 0x0) (async) r4 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x4002, 0x0) ioctl$SYNC_IOC_MERGE(r3, 0xc0303e03, &(0x7f0000000080)={"f1bff5bd7f58898cb8668e1a0fc2ac3dfc2291ce8abd9a5d96c538bb83dd0b5c", r4}) (async) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0) 00:21:50 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000040)={{0x5, 0x7, 0x1000}, 'syz1\x00', 0x4d}) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000040)={{0x5, 0x7, 0x1000}, 'syz1\x00', 0x4d}) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) 00:21:50 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3124.897240] input: syz0 as /devices/virtual/input/input33294 [ 3124.905705] FAULT_INJECTION: forcing a failure. [ 3124.905705] name failslab, interval 1, probability 0, space 0, times 0 [ 3124.928956] input: syz0 as /devices/virtual/input/input33296 [ 3124.951847] input: syz0 as /devices/virtual/input/input33295 [ 3124.956753] CPU: 0 PID: 20083 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3124.965658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3124.975008] Call Trace: [ 3124.977602] dump_stack+0x1b2/0x281 [ 3124.981232] should_fail.cold+0x10a/0x149 [ 3124.985385] should_failslab+0xd6/0x130 [ 3124.989378] kmem_cache_alloc_trace+0x29a/0x3d0 [ 3124.994049] ? kobj_ns_drop+0x80/0x80 [ 3124.996554] input: syz0 as /devices/virtual/input/input33297 [ 3124.998630] call_usermodehelper_setup+0x73/0x2e0 [ 3124.998646] kobject_uevent_env+0xc21/0xf30 [ 3124.998664] device_add+0xa47/0x15c0 [ 3124.998675] ? device_is_dependent+0x2a0/0x2a0 [ 3124.998684] ? __kmalloc+0x3a4/0x400 [ 3124.998696] ? input_register_device+0x419/0xa90 [ 3125.004611] input: syz0 as /devices/virtual/input/input33298 [ 3125.009494] input_register_device+0x59e/0xa90 [ 3125.009507] ? __lock_acquire+0x5fc/0x3f20 [ 3125.009520] uinput_ioctl_handler.isra.0+0x84c/0x1790 00:21:50 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'batadv0\x00', 0x4}, 0x18) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3125.009530] ? uinput_write+0xfb0/0xfb0 [ 3125.009539] ? get_pid_task+0xb8/0x130 [ 3125.009549] ? proc_fail_nth_write+0x7b/0x180 [ 3125.009557] ? trace_hardirqs_on+0x10/0x10 [ 3125.009571] ? fsnotify+0x974/0x11b0 [ 3125.071272] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3125.076201] ? __handle_mm_fault+0x80f/0x4620 [ 3125.080696] ? SyS_write+0x1b7/0x210 [ 3125.084417] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3125.089878] do_vfs_ioctl+0x75a/0xff0 [ 3125.093683] ? lock_acquire+0x170/0x3f0 [ 3125.097658] ? ioctl_preallocate+0x1a0/0x1a0 [ 3125.102069] ? __fget+0x265/0x3e0 [ 3125.105524] ? do_vfs_ioctl+0xff0/0xff0 [ 3125.109501] ? security_file_ioctl+0x83/0xb0 [ 3125.113909] SyS_ioctl+0x7f/0xb0 [ 3125.117272] ? do_vfs_ioctl+0xff0/0xff0 [ 3125.121247] do_syscall_64+0x1d5/0x640 [ 3125.125143] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3125.130329] RIP: 0033:0x7f980133e109 [ 3125.134033] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3125.141753] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 00:21:50 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x501001, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x501001, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) 00:21:50 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3125.149018] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3125.156288] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3125.156845] input: syz0 as /devices/virtual/input/input33300 [ 3125.163982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3125.163988] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3125.172372] input: syz0 as /devices/virtual/input/input33293 00:21:50 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 52) 00:21:50 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {0x0, 0xffff}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100]}, 0x45c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x408080) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_SET_PROPBIT(r1, 0x4004556e, 0xa) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x20400, 0x0) ioctl$UI_GET_VERSION(r2, 0x8004552d, &(0x7f0000000080)) [ 3125.266011] input: syz0 as /devices/virtual/input/input33302 [ 3125.268592] input: syz0 as /devices/virtual/input/input33303 [ 3125.282751] FAULT_INJECTION: forcing a failure. [ 3125.282751] name failslab, interval 1, probability 0, space 0, times 0 [ 3125.290677] input: syz0 as /devices/virtual/input/input33305 [ 3125.297249] CPU: 0 PID: 20153 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3125.307665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3125.317019] Call Trace: [ 3125.319610] dump_stack+0x1b2/0x281 [ 3125.323242] should_fail.cold+0x10a/0x149 [ 3125.327373] should_failslab+0xd6/0x130 [ 3125.331327] kmem_cache_alloc_trace+0x29a/0x3d0 [ 3125.336014] ? kobj_ns_drop+0x80/0x80 [ 3125.339796] call_usermodehelper_setup+0x73/0x2e0 [ 3125.344623] kobject_uevent_env+0xc21/0xf30 [ 3125.348932] device_add+0xa47/0x15c0 [ 3125.352643] ? device_is_dependent+0x2a0/0x2a0 [ 3125.357218] ? __kmalloc+0x3a4/0x400 [ 3125.360925] ? input_register_device+0x419/0xa90 [ 3125.365659] input_register_device+0x59e/0xa90 [ 3125.370220] ? __lock_acquire+0x5fc/0x3f20 [ 3125.374448] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3125.379702] ? uinput_write+0xfb0/0xfb0 [ 3125.383654] ? get_pid_task+0xb8/0x130 [ 3125.387538] ? proc_fail_nth_write+0x7b/0x180 [ 3125.392026] ? trace_hardirqs_on+0x10/0x10 [ 3125.396249] ? fsnotify+0x974/0x11b0 [ 3125.399941] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3125.404848] ? __handle_mm_fault+0x80f/0x4620 [ 3125.409346] ? SyS_write+0x1b7/0x210 [ 3125.413071] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3125.418502] do_vfs_ioctl+0x75a/0xff0 [ 3125.422286] ? lock_acquire+0x170/0x3f0 [ 3125.426252] ? ioctl_preallocate+0x1a0/0x1a0 [ 3125.430642] ? __fget+0x265/0x3e0 [ 3125.434078] ? do_vfs_ioctl+0xff0/0xff0 [ 3125.438032] ? security_file_ioctl+0x83/0xb0 [ 3125.442436] SyS_ioctl+0x7f/0xb0 [ 3125.445780] ? do_vfs_ioctl+0xff0/0xff0 [ 3125.449733] do_syscall_64+0x1d5/0x640 [ 3125.453604] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3125.458770] RIP: 0033:0x7f980133e109 00:21:50 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x501001, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x501001, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) 00:21:50 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'batadv0\x00', 0x4}, 0x18) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:50 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3125.462457] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3125.470141] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3125.477419] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3125.484668] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3125.491921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3125.499188] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3125.508500] input: syz0 as /devices/virtual/input/input33304 00:21:50 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {0x0, 0xffff}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100]}, 0x45c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x408080) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_SET_PROPBIT(r1, 0x4004556e, 0xa) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x20400, 0x0) ioctl$UI_GET_VERSION(r2, 0x8004552d, &(0x7f0000000080)) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {0x0, 0xffff}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100]}, 0x45c) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x408080) (async) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_SET_PROPBIT(r1, 0x4004556e, 0xa) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) (async) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x20400, 0x0) (async) ioctl$UI_GET_VERSION(r2, 0x8004552d, &(0x7f0000000080)) (async) 00:21:50 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r3, 0x40045568, 0x0) r4 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x4002, 0x0) ioctl$SYNC_IOC_MERGE(r3, 0xc0303e03, &(0x7f0000000080)={"f1bff5bd7f58898cb8668e1a0fc2ac3dfc2291ce8abd9a5d96c538bb83dd0b5c", r4}) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) (async) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) (async) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) (async) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) (async) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) (async) ioctl$UI_SET_MSCBIT(r3, 0x40045568, 0x0) (async) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x4002, 0x0) (async) ioctl$SYNC_IOC_MERGE(r3, 0xc0303e03, &(0x7f0000000080)={"f1bff5bd7f58898cb8668e1a0fc2ac3dfc2291ce8abd9a5d96c538bb83dd0b5c", r4}) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0) (async) 00:21:50 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 53) [ 3125.566082] input: syz0 as /devices/virtual/input/input33308 00:21:50 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async, rerun: 32) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'batadv0\x00', 0x4}, 0x18) (async, rerun: 32) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:50 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:50 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0xf) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x7) [ 3125.606648] input: syz0 as /devices/virtual/input/input33309 [ 3125.614296] input: syz0 as /devices/virtual/input/input33312 [ 3125.630340] input: syz0 as /devices/virtual/input/input33314 00:21:50 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {0x0, 0xffff}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100]}, 0x45c) (async, rerun: 32) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (rerun: 32) syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x408080) (async) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_SET_PROPBIT(r1, 0x4004556e, 0xa) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x20400, 0x0) ioctl$UI_GET_VERSION(r2, 0x8004552d, &(0x7f0000000080)) [ 3125.662175] FAULT_INJECTION: forcing a failure. [ 3125.662175] name failslab, interval 1, probability 0, space 0, times 0 [ 3125.676053] input: syz0 as /devices/virtual/input/input33316 [ 3125.687294] CPU: 1 PID: 20202 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3125.695188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3125.695578] input: syz0 as /devices/virtual/input/input33318 [ 3125.704537] Call Trace: [ 3125.704556] dump_stack+0x1b2/0x281 [ 3125.704568] should_fail.cold+0x10a/0x149 [ 3125.704580] should_failslab+0xd6/0x130 [ 3125.704591] kmem_cache_alloc_trace+0x29a/0x3d0 [ 3125.704605] evdev_connect+0x6e/0x480 [ 3125.704615] input_attach_handler+0x146/0x1a0 [ 3125.704628] input_register_device.cold+0xc2/0x2c3 [ 3125.704643] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3125.704651] ? uinput_write+0xfb0/0xfb0 [ 3125.704660] ? get_pid_task+0xb8/0x130 [ 3125.704669] ? proc_fail_nth_write+0x7b/0x180 [ 3125.704680] ? trace_hardirqs_on+0x10/0x10 [ 3125.704696] ? fsnotify+0x974/0x11b0 [ 3125.768142] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3125.773065] ? __handle_mm_fault+0x80f/0x4620 [ 3125.777633] ? SyS_write+0x1b7/0x210 [ 3125.781341] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3125.786773] do_vfs_ioctl+0x75a/0xff0 [ 3125.790560] ? lock_acquire+0x170/0x3f0 [ 3125.794524] ? ioctl_preallocate+0x1a0/0x1a0 [ 3125.798932] ? __fget+0x265/0x3e0 [ 3125.802472] ? do_vfs_ioctl+0xff0/0xff0 [ 3125.806446] ? security_file_ioctl+0x83/0xb0 [ 3125.810943] SyS_ioctl+0x7f/0xb0 [ 3125.814300] ? do_vfs_ioctl+0xff0/0xff0 [ 3125.818266] do_syscall_64+0x1d5/0x640 [ 3125.822147] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3125.827318] RIP: 0033:0x7f980133e109 [ 3125.831018] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3125.838720] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3125.845994] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3125.853278] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 00:21:51 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_END_FF_ERASE(r0, 0x400c55cb, &(0x7f0000000080)={0xe, 0x100, 0x7b31}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6e], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x9b]}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x119801, 0x0) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x63) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:51 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x2) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf8], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0xf190], [0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20]}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) [ 3125.860558] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3125.867831] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3125.887089] input: failed to attach handler evdev to device input33314, error: -12 00:21:51 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:51 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 54) 00:21:51 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0xf) ioctl$UI_DEV_CREATE(r0, 0x5501) (async, rerun: 32) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x7) (rerun: 32) [ 3125.976930] input: syz0 as /devices/virtual/input/input33319 [ 3126.000259] input: syz0 as /devices/virtual/input/input33320 [ 3126.019858] input: syz0 as /devices/virtual/input/input33323 00:21:51 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_END_FF_ERASE(r0, 0x400c55cb, &(0x7f0000000080)={0xe, 0x100, 0x7b31}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6e], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x9b]}, 0x45c) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x119801, 0x0) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x63) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:51 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$apparmor_exec(0xffffffffffffffff, &(0x7f0000000080)={'stack ', 'syz0\x00'}, 0xb) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:51 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) 00:21:51 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x2) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf8], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0xf190], [0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20]}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) (async) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x2) (async) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) (async) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) (async) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf8], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0xf190], [0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20]}, 0x45c) (async) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (async) [ 3126.046572] input: syz0 as /devices/virtual/input/input33324 [ 3126.060389] input: syz0 as /devices/virtual/input/input33325 [ 3126.067164] FAULT_INJECTION: forcing a failure. [ 3126.067164] name failslab, interval 1, probability 0, space 0, times 0 00:21:51 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) [ 3126.123080] CPU: 1 PID: 20278 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3126.125900] input: syz0 as /devices/virtual/input/input33326 [ 3126.130998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3126.131003] Call Trace: [ 3126.131022] dump_stack+0x1b2/0x281 [ 3126.131037] should_fail.cold+0x10a/0x149 [ 3126.131049] should_failslab+0xd6/0x130 [ 3126.131060] __kmalloc_track_caller+0x2bc/0x400 [ 3126.131070] ? kvasprintf_const+0x55/0x180 [ 3126.131080] kvasprintf+0xa8/0x100 00:21:51 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) [ 3126.131089] ? bust_spinlocks+0xc0/0xc0 [ 3126.131104] kvasprintf_const+0x55/0x180 [ 3126.131115] kobject_set_name_vargs+0x56/0x150 [ 3126.131127] dev_set_name+0xa4/0xc0 [ 3126.131136] ? device_initialize+0x430/0x430 [ 3126.131147] ? __lockdep_init_map+0x100/0x560 [ 3126.131156] ? __lockdep_init_map+0x100/0x560 [ 3126.131171] evdev_connect+0x17b/0x480 [ 3126.131182] input_attach_handler+0x146/0x1a0 [ 3126.131196] input_register_device.cold+0xc2/0x2c3 [ 3126.131212] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3126.131222] ? uinput_write+0xfb0/0xfb0 [ 3126.131233] ? get_pid_task+0xb8/0x130 [ 3126.141758] input: syz0 as /devices/virtual/input/input33327 [ 3126.146461] ? proc_fail_nth_write+0x7b/0x180 [ 3126.146475] ? trace_hardirqs_on+0x10/0x10 [ 3126.146491] ? fsnotify+0x974/0x11b0 [ 3126.146499] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3126.146507] ? __handle_mm_fault+0x80f/0x4620 [ 3126.146518] ? SyS_write+0x1b7/0x210 [ 3126.260380] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3126.265812] do_vfs_ioctl+0x75a/0xff0 [ 3126.269604] ? lock_acquire+0x170/0x3f0 [ 3126.273565] ? ioctl_preallocate+0x1a0/0x1a0 [ 3126.277963] ? __fget+0x265/0x3e0 [ 3126.281402] ? do_vfs_ioctl+0xff0/0xff0 [ 3126.285360] ? security_file_ioctl+0x83/0xb0 [ 3126.289755] SyS_ioctl+0x7f/0xb0 [ 3126.293110] ? do_vfs_ioctl+0xff0/0xff0 [ 3126.297064] do_syscall_64+0x1d5/0x640 [ 3126.300938] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3126.306111] RIP: 0033:0x7f980133e109 [ 3126.309807] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 00:21:51 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x2) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf8], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0xf190], [0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20]}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) 00:21:51 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0xf) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x7) 00:21:51 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_END_FF_ERASE(r0, 0x400c55cb, &(0x7f0000000080)={0xe, 0x100, 0x7b31}) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6e], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x9b]}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async, rerun: 32) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x119801, 0x0) (rerun: 32) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x63) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3126.317504] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3126.324753] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3126.332026] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3126.339371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3126.346627] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3126.358586] input: failed to attach handler evdev to device input33324, error: -22 00:21:51 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$apparmor_exec(0xffffffffffffffff, &(0x7f0000000080)={'stack ', 'syz0\x00'}, 0xb) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async, rerun: 64) ioctl$UI_DEV_DESTROY(r0, 0x5502) (rerun: 64) 00:21:51 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 55) 00:21:51 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) (async) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) (async) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) (async) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x2) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) (async) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) (async) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf8], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0xf190], [0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20]}, 0x45c) (async, rerun: 64) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) (async, rerun: 64) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) 00:21:51 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x4) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000000c0)={{0x0, 0x3, 0xff, 0x9}, 'syz1\x00', 0x50}) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_GET_VERSION(r1, 0x8004552d, &(0x7f0000000040)) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) ioctl$UI_GET_SYSNAME(r2, 0x8040552c, &(0x7f0000000080)) 00:21:51 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) write$uinput_user_dev(r1, &(0x7f0000000040)={'syz1\x00', {0x3f8, 0x3cfc, 0x4, 0x9}, 0x16, [0x6cf7, 0xfffffffa, 0xffffff18, 0x7fff, 0x68, 0xfffffff9, 0x2, 0x9, 0x101, 0x101, 0x6e42, 0xa2, 0x7, 0x8001, 0x51c, 0x8000, 0x7fffffff, 0xd1ad, 0x9, 0x3ff, 0x3, 0x40, 0x5, 0x3f, 0x52c, 0x8, 0x586, 0x3, 0x20000000, 0x6, 0x2, 0x80, 0x400, 0x2, 0x2, 0x6f, 0x6, 0x9, 0x9, 0x9, 0x0, 0x20, 0x80000001, 0x80, 0x2, 0x0, 0x80000000, 0x100, 0x2, 0x0, 0x81, 0x1, 0x15cc0000, 0x7, 0x200, 0x1, 0x8000, 0x3, 0x4, 0x2, 0x3, 0x1, 0x7, 0xffffff00], [0xfff, 0x5, 0x3, 0x80000001, 0x3f, 0xffffffff, 0x8, 0x200, 0x7f, 0x0, 0x5, 0x9, 0x7, 0x2, 0x0, 0x3, 0x59fc3c6c, 0xffffffff, 0x7, 0x3, 0x200, 0xb8, 0x6, 0xffffffff, 0xfffffff7, 0xa68, 0x2, 0x6, 0x80000000, 0x1f, 0x2, 0x400, 0x1ff, 0x6, 0x55, 0xba0, 0x1, 0x3, 0xff, 0x955, 0x2, 0x76d, 0x0, 0xfff, 0x1, 0x0, 0x200, 0x7c0, 0x4, 0x0, 0x1, 0x113b, 0x2, 0x1ff, 0x8, 0xffffff7f, 0x3f800000, 0x10000, 0x8, 0x1, 0xc0000, 0xff, 0xb9b, 0x4], [0x0, 0xf0f6, 0x0, 0x1, 0x0, 0x2520, 0x5, 0x7ff, 0x4, 0x1, 0xffff, 0xfb, 0x3, 0x100, 0x9, 0x210, 0x100, 0x8, 0x2, 0x7ff, 0x80000000, 0x4, 0x4, 0xfffffffc, 0xfffffffb, 0x3f, 0x1, 0x0, 0x8, 0x0, 0xffffffcb, 0x9, 0xd4ed, 0x31, 0x4000, 0x9, 0x7f, 0x6, 0x2, 0xffffffff, 0x401, 0xfffffffe, 0xfffffffe, 0x6, 0x7ff, 0x0, 0xc4, 0x9, 0x2, 0x5, 0x80, 0x40000000, 0x3, 0x7, 0x6, 0x6, 0x4, 0x5, 0x8b, 0x7, 0x6, 0x8001, 0x4, 0x4], [0x3, 0x1, 0x20, 0x9, 0x3f, 0x0, 0x3ff, 0x10000, 0x4, 0x200, 0x4, 0x4, 0x4fa, 0x9, 0x5, 0x80, 0xbc, 0x645a, 0x9, 0xc67f, 0xa87a, 0x7ff, 0x2cea, 0x5, 0x7, 0xfffffffd, 0x5, 0xac9, 0x6, 0xfff, 0x7fff, 0xed4f, 0x1f, 0x8, 0x2, 0x2, 0x100, 0x81, 0x7fffffff, 0x1000, 0x3ff, 0x4, 0x9, 0xf3, 0x7, 0x9, 0x2308, 0xffff, 0x200, 0x4, 0x1, 0x15d, 0x0, 0x9, 0x628, 0x0, 0xcb2, 0x7ff, 0x1000, 0x0, 0x8, 0x9, 0x5, 0x6]}, 0x45c) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x1]}, 0x45c) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x7) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:51 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x2) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf8], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0xf190], [0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20]}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) [ 3126.454508] input: syz0 as /devices/virtual/input/input33333 [ 3126.460883] input: syz0 as /devices/virtual/input/input33334 [ 3126.480901] input: syz0 as /devices/virtual/input/input33335 00:21:51 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz1\x00', {0x0, 0x0, 0x4000}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f]}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) 00:21:51 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$apparmor_exec(0xffffffffffffffff, &(0x7f0000000080)={'stack ', 'syz0\x00'}, 0xb) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 3126.530384] input: syz0 as /devices/virtual/input/input33402 [ 3126.562484] input: syz1 as /devices/virtual/input/input33403 [ 3126.564258] FAULT_INJECTION: forcing a failure. [ 3126.564258] name failslab, interval 1, probability 0, space 0, times 0 [ 3126.572185] input: syz0 as /devices/virtual/input/input33405 [ 3126.616170] input: syz0 as /devices/virtual/input/input33409 [ 3126.617882] CPU: 0 PID: 20376 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3126.629854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3126.639190] Call Trace: [ 3126.641758] dump_stack+0x1b2/0x281 [ 3126.645365] should_fail.cold+0x10a/0x149 [ 3126.649495] should_failslab+0xd6/0x130 [ 3126.653450] __kmalloc_track_caller+0x2bc/0x400 [ 3126.658096] ? kvasprintf_const+0x55/0x180 [ 3126.662306] kvasprintf+0xa8/0x100 [ 3126.665824] ? bust_spinlocks+0xc0/0xc0 [ 3126.669793] kvasprintf_const+0x55/0x180 [ 3126.673886] kobject_set_name_vargs+0x56/0x150 [ 3126.678449] dev_set_name+0xa4/0xc0 [ 3126.682052] ? device_initialize+0x430/0x430 [ 3126.686438] ? __lockdep_init_map+0x100/0x560 [ 3126.690909] ? __lockdep_init_map+0x100/0x560 [ 3126.695387] evdev_connect+0x17b/0x480 [ 3126.699275] input_attach_handler+0x146/0x1a0 [ 3126.703852] input_register_device.cold+0xc2/0x2c3 [ 3126.708765] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3126.714024] ? uinput_write+0xfb0/0xfb0 [ 3126.717980] ? get_pid_task+0xb8/0x130 [ 3126.721846] ? proc_fail_nth_write+0x7b/0x180 [ 3126.726317] ? trace_hardirqs_on+0x10/0x10 [ 3126.730544] ? fsnotify+0x974/0x11b0 [ 3126.734242] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3126.739147] ? __handle_mm_fault+0x80f/0x4620 [ 3126.743619] ? SyS_write+0x1b7/0x210 [ 3126.747320] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3126.752749] do_vfs_ioctl+0x75a/0xff0 [ 3126.756526] ? lock_acquire+0x170/0x3f0 [ 3126.760487] ? ioctl_preallocate+0x1a0/0x1a0 [ 3126.764973] ? __fget+0x265/0x3e0 [ 3126.768411] ? do_vfs_ioctl+0xff0/0xff0 [ 3126.772369] ? security_file_ioctl+0x83/0xb0 [ 3126.777113] SyS_ioctl+0x7f/0xb0 [ 3126.780467] ? do_vfs_ioctl+0xff0/0xff0 [ 3126.784423] do_syscall_64+0x1d5/0x640 [ 3126.788295] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3126.793548] RIP: 0033:0x7f980133e109 [ 3126.797233] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3126.804914] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3126.812181] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3126.819423] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3126.826756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3126.834001] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 00:21:52 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x4) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000000c0)={{0x0, 0x3, 0xff, 0x9}, 'syz1\x00', 0x50}) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_GET_VERSION(r1, 0x8004552d, &(0x7f0000000040)) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) ioctl$UI_GET_SYSNAME(r2, 0x8040552c, &(0x7f0000000080)) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x4) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000000c0)={{0x0, 0x3, 0xff, 0x9}, 'syz1\x00', 0x50}) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_GET_VERSION(r1, 0x8004552d, &(0x7f0000000040)) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) (async) ioctl$UI_GET_SYSNAME(r2, 0x8040552c, &(0x7f0000000080)) (async) 00:21:52 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz1\x00', {0x0, 0x0, 0x4000}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f]}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) (async) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) (async) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) (async) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz1\x00', {0x0, 0x0, 0x4000}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f]}, 0x45c) (async) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (async) 00:21:52 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) sendmsg$L2TP_CMD_TUNNEL_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x74, 0x0, 0x100, 0x70bd29, 0x25dfdbfb, {}, [@L2TP_ATTR_OFFSET={0x6, 0x3, 0x1}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @loopback}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x4}, @L2TP_ATTR_MTU={0x6, 0x1c, 0xfff}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @remote}, @L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x75}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x4}, @L2TP_ATTR_VLAN_ID={0x6, 0xe, 0x4}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @mcast1}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000800}, 0x4000000) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_BEGIN_FF_UPLOAD(r0, 0xc06855c8, &(0x7f0000000040)={0x1, 0x2, {0x53, 0x101, 0x5, {0x1, 0x40}, {0x85d, 0x9}, @rumble={0x4, 0x5}}, {0x56, 0x9, 0x7fff, {0x81}, {0x5, 0x6}, @rumble={0xff80, 0x7}}}) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:52 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 56) [ 3126.872815] input: failed to attach handler evdev to device input33402, error: -22 00:21:52 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) write$uinput_user_dev(r1, &(0x7f0000000040)={'syz1\x00', {0x3f8, 0x3cfc, 0x4, 0x9}, 0x16, [0x6cf7, 0xfffffffa, 0xffffff18, 0x7fff, 0x68, 0xfffffff9, 0x2, 0x9, 0x101, 0x101, 0x6e42, 0xa2, 0x7, 0x8001, 0x51c, 0x8000, 0x7fffffff, 0xd1ad, 0x9, 0x3ff, 0x3, 0x40, 0x5, 0x3f, 0x52c, 0x8, 0x586, 0x3, 0x20000000, 0x6, 0x2, 0x80, 0x400, 0x2, 0x2, 0x6f, 0x6, 0x9, 0x9, 0x9, 0x0, 0x20, 0x80000001, 0x80, 0x2, 0x0, 0x80000000, 0x100, 0x2, 0x0, 0x81, 0x1, 0x15cc0000, 0x7, 0x200, 0x1, 0x8000, 0x3, 0x4, 0x2, 0x3, 0x1, 0x7, 0xffffff00], [0xfff, 0x5, 0x3, 0x80000001, 0x3f, 0xffffffff, 0x8, 0x200, 0x7f, 0x0, 0x5, 0x9, 0x7, 0x2, 0x0, 0x3, 0x59fc3c6c, 0xffffffff, 0x7, 0x3, 0x200, 0xb8, 0x6, 0xffffffff, 0xfffffff7, 0xa68, 0x2, 0x6, 0x80000000, 0x1f, 0x2, 0x400, 0x1ff, 0x6, 0x55, 0xba0, 0x1, 0x3, 0xff, 0x955, 0x2, 0x76d, 0x0, 0xfff, 0x1, 0x0, 0x200, 0x7c0, 0x4, 0x0, 0x1, 0x113b, 0x2, 0x1ff, 0x8, 0xffffff7f, 0x3f800000, 0x10000, 0x8, 0x1, 0xc0000, 0xff, 0xb9b, 0x4], [0x0, 0xf0f6, 0x0, 0x1, 0x0, 0x2520, 0x5, 0x7ff, 0x4, 0x1, 0xffff, 0xfb, 0x3, 0x100, 0x9, 0x210, 0x100, 0x8, 0x2, 0x7ff, 0x80000000, 0x4, 0x4, 0xfffffffc, 0xfffffffb, 0x3f, 0x1, 0x0, 0x8, 0x0, 0xffffffcb, 0x9, 0xd4ed, 0x31, 0x4000, 0x9, 0x7f, 0x6, 0x2, 0xffffffff, 0x401, 0xfffffffe, 0xfffffffe, 0x6, 0x7ff, 0x0, 0xc4, 0x9, 0x2, 0x5, 0x80, 0x40000000, 0x3, 0x7, 0x6, 0x6, 0x4, 0x5, 0x8b, 0x7, 0x6, 0x8001, 0x4, 0x4], [0x3, 0x1, 0x20, 0x9, 0x3f, 0x0, 0x3ff, 0x10000, 0x4, 0x200, 0x4, 0x4, 0x4fa, 0x9, 0x5, 0x80, 0xbc, 0x645a, 0x9, 0xc67f, 0xa87a, 0x7ff, 0x2cea, 0x5, 0x7, 0xfffffffd, 0x5, 0xac9, 0x6, 0xfff, 0x7fff, 0xed4f, 0x1f, 0x8, 0x2, 0x2, 0x100, 0x81, 0x7fffffff, 0x1000, 0x3ff, 0x4, 0x9, 0xf3, 0x7, 0x9, 0x2308, 0xffff, 0x200, 0x4, 0x1, 0x15d, 0x0, 0x9, 0x628, 0x0, 0xcb2, 0x7ff, 0x1000, 0x0, 0x8, 0x9, 0x5, 0x6]}, 0x45c) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x1]}, 0x45c) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x7) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:52 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz1\x00', {0x0, 0x0, 0x4000}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f]}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) [ 3126.961126] input: syz0 as /devices/virtual/input/input33413 [ 3126.962530] input: syz0 as /devices/virtual/input/input33414 [ 3126.975789] input: syz1 as /devices/virtual/input/input33415 [ 3126.986540] input: syz0 as /devices/virtual/input/input33417 [ 3126.990113] FAULT_INJECTION: forcing a failure. [ 3126.990113] name failslab, interval 1, probability 0, space 0, times 0 [ 3127.004699] CPU: 1 PID: 20434 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3127.012583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3127.021941] Call Trace: [ 3127.024511] dump_stack+0x1b2/0x281 [ 3127.028130] should_fail.cold+0x10a/0x149 [ 3127.032267] should_failslab+0xd6/0x130 [ 3127.036346] __kmalloc+0x2c1/0x400 [ 3127.040058] ? kobj_map+0x7c/0x3d0 [ 3127.043589] kobj_map+0x7c/0x3d0 [ 3127.046938] ? mount_fs+0x2a0/0x2a0 [ 3127.050546] ? cdev_init+0xb0/0xb0 [ 3127.054073] cdev_device_add+0x107/0x230 [ 3127.058128] ? cdev_init+0x6b/0xb0 [ 3127.061748] evdev_connect+0x388/0x480 [ 3127.065623] input_attach_handler+0x146/0x1a0 [ 3127.070134] input_register_device.cold+0xc2/0x2c3 [ 3127.075048] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3127.080217] ? uinput_write+0xfb0/0xfb0 [ 3127.084170] ? get_pid_task+0xb8/0x130 [ 3127.088055] ? proc_fail_nth_write+0x7b/0x180 [ 3127.092535] ? trace_hardirqs_on+0x10/0x10 [ 3127.096754] ? fsnotify+0x974/0x11b0 [ 3127.100451] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3127.105365] ? __handle_mm_fault+0x80f/0x4620 [ 3127.109848] ? SyS_write+0x1b7/0x210 [ 3127.113552] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3127.118983] do_vfs_ioctl+0x75a/0xff0 [ 3127.122760] ? lock_acquire+0x170/0x3f0 [ 3127.126710] ? ioctl_preallocate+0x1a0/0x1a0 [ 3127.131098] ? __fget+0x265/0x3e0 [ 3127.134528] ? do_vfs_ioctl+0xff0/0xff0 [ 3127.138502] ? security_file_ioctl+0x83/0xb0 [ 3127.142908] SyS_ioctl+0x7f/0xb0 [ 3127.146259] ? do_vfs_ioctl+0xff0/0xff0 [ 3127.150212] do_syscall_64+0x1d5/0x640 [ 3127.154083] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3127.159249] RIP: 0033:0x7f980133e109 [ 3127.162935] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3127.170640] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3127.177901] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3127.185153] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3127.192424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3127.199683] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 00:21:52 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x4) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async, rerun: 64) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000000c0)={{0x0, 0x3, 0xff, 0x9}, 'syz1\x00', 0x50}) (async, rerun: 64) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_GET_VERSION(r1, 0x8004552d, &(0x7f0000000040)) (async, rerun: 32) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (rerun: 32) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) (async) ioctl$UI_GET_SYSNAME(r2, 0x8040552c, &(0x7f0000000080)) 00:21:52 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 57) 00:21:52 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) sendmsg$L2TP_CMD_TUNNEL_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x74, 0x0, 0x100, 0x70bd29, 0x25dfdbfb, {}, [@L2TP_ATTR_OFFSET={0x6, 0x3, 0x1}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @loopback}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x4}, @L2TP_ATTR_MTU={0x6, 0x1c, 0xfff}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @remote}, @L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x75}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x4}, @L2TP_ATTR_VLAN_ID={0x6, 0xe, 0x4}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @mcast1}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000800}, 0x4000000) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) ioctl$UI_BEGIN_FF_UPLOAD(r0, 0xc06855c8, &(0x7f0000000040)={0x1, 0x2, {0x53, 0x101, 0x5, {0x1, 0x40}, {0x85d, 0x9}, @rumble={0x4, 0x5}}, {0x56, 0x9, 0x7fff, {0x81}, {0x5, 0x6}, @rumble={0xff80, 0x7}}}) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 3127.209392] input: failed to attach handler evdev to device input33414, error: -12 00:21:52 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz1\x00', {0x0, 0x0, 0x4000}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f]}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) (async) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) (async) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) (async) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz1\x00', {0x0, 0x0, 0x4000}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f]}, 0x45c) (async) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (async) 00:21:52 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async, rerun: 32) write$uinput_user_dev(r1, &(0x7f0000000040)={'syz1\x00', {0x3f8, 0x3cfc, 0x4, 0x9}, 0x16, [0x6cf7, 0xfffffffa, 0xffffff18, 0x7fff, 0x68, 0xfffffff9, 0x2, 0x9, 0x101, 0x101, 0x6e42, 0xa2, 0x7, 0x8001, 0x51c, 0x8000, 0x7fffffff, 0xd1ad, 0x9, 0x3ff, 0x3, 0x40, 0x5, 0x3f, 0x52c, 0x8, 0x586, 0x3, 0x20000000, 0x6, 0x2, 0x80, 0x400, 0x2, 0x2, 0x6f, 0x6, 0x9, 0x9, 0x9, 0x0, 0x20, 0x80000001, 0x80, 0x2, 0x0, 0x80000000, 0x100, 0x2, 0x0, 0x81, 0x1, 0x15cc0000, 0x7, 0x200, 0x1, 0x8000, 0x3, 0x4, 0x2, 0x3, 0x1, 0x7, 0xffffff00], [0xfff, 0x5, 0x3, 0x80000001, 0x3f, 0xffffffff, 0x8, 0x200, 0x7f, 0x0, 0x5, 0x9, 0x7, 0x2, 0x0, 0x3, 0x59fc3c6c, 0xffffffff, 0x7, 0x3, 0x200, 0xb8, 0x6, 0xffffffff, 0xfffffff7, 0xa68, 0x2, 0x6, 0x80000000, 0x1f, 0x2, 0x400, 0x1ff, 0x6, 0x55, 0xba0, 0x1, 0x3, 0xff, 0x955, 0x2, 0x76d, 0x0, 0xfff, 0x1, 0x0, 0x200, 0x7c0, 0x4, 0x0, 0x1, 0x113b, 0x2, 0x1ff, 0x8, 0xffffff7f, 0x3f800000, 0x10000, 0x8, 0x1, 0xc0000, 0xff, 0xb9b, 0x4], [0x0, 0xf0f6, 0x0, 0x1, 0x0, 0x2520, 0x5, 0x7ff, 0x4, 0x1, 0xffff, 0xfb, 0x3, 0x100, 0x9, 0x210, 0x100, 0x8, 0x2, 0x7ff, 0x80000000, 0x4, 0x4, 0xfffffffc, 0xfffffffb, 0x3f, 0x1, 0x0, 0x8, 0x0, 0xffffffcb, 0x9, 0xd4ed, 0x31, 0x4000, 0x9, 0x7f, 0x6, 0x2, 0xffffffff, 0x401, 0xfffffffe, 0xfffffffe, 0x6, 0x7ff, 0x0, 0xc4, 0x9, 0x2, 0x5, 0x80, 0x40000000, 0x3, 0x7, 0x6, 0x6, 0x4, 0x5, 0x8b, 0x7, 0x6, 0x8001, 0x4, 0x4], [0x3, 0x1, 0x20, 0x9, 0x3f, 0x0, 0x3ff, 0x10000, 0x4, 0x200, 0x4, 0x4, 0x4fa, 0x9, 0x5, 0x80, 0xbc, 0x645a, 0x9, 0xc67f, 0xa87a, 0x7ff, 0x2cea, 0x5, 0x7, 0xfffffffd, 0x5, 0xac9, 0x6, 0xfff, 0x7fff, 0xed4f, 0x1f, 0x8, 0x2, 0x2, 0x100, 0x81, 0x7fffffff, 0x1000, 0x3ff, 0x4, 0x9, 0xf3, 0x7, 0x9, 0x2308, 0xffff, 0x200, 0x4, 0x1, 0x15d, 0x0, 0x9, 0x628, 0x0, 0xcb2, 0x7ff, 0x1000, 0x0, 0x8, 0x9, 0x5, 0x6]}, 0x45c) (async, rerun: 32) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x1]}, 0x45c) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x7) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3127.248421] input: syz0 as /devices/virtual/input/input33421 [ 3127.266112] FAULT_INJECTION: forcing a failure. [ 3127.266112] name failslab, interval 1, probability 0, space 0, times 0 [ 3127.278943] CPU: 1 PID: 20487 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3127.286888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3127.296223] Call Trace: [ 3127.298802] dump_stack+0x1b2/0x281 [ 3127.302423] should_fail.cold+0x10a/0x149 [ 3127.306548] should_failslab+0xd6/0x130 [ 3127.310508] kmem_cache_alloc_trace+0x29a/0x3d0 [ 3127.315156] device_add+0xd72/0x15c0 [ 3127.318858] ? kobj_map+0x2ff/0x3d0 [ 3127.322476] ? device_is_dependent+0x2a0/0x2a0 [ 3127.327125] cdev_device_add+0x14a/0x230 [ 3127.331165] ? cdev_init+0x6b/0xb0 [ 3127.334688] evdev_connect+0x388/0x480 [ 3127.338650] input_attach_handler+0x146/0x1a0 [ 3127.343132] input_register_device.cold+0xc2/0x2c3 [ 3127.348051] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3127.353227] ? uinput_write+0xfb0/0xfb0 [ 3127.357182] ? get_pid_task+0xb8/0x130 [ 3127.361047] ? proc_fail_nth_write+0x7b/0x180 [ 3127.365529] ? trace_hardirqs_on+0x10/0x10 [ 3127.369744] ? fsnotify+0x974/0x11b0 [ 3127.373434] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3127.378343] ? __handle_mm_fault+0x80f/0x4620 [ 3127.382855] ? SyS_write+0x1b7/0x210 [ 3127.386557] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3127.392002] do_vfs_ioctl+0x75a/0xff0 [ 3127.395789] ? lock_acquire+0x170/0x3f0 [ 3127.399759] ? ioctl_preallocate+0x1a0/0x1a0 [ 3127.404161] ? __fget+0x265/0x3e0 [ 3127.407605] ? do_vfs_ioctl+0xff0/0xff0 [ 3127.411585] ? security_file_ioctl+0x83/0xb0 [ 3127.416422] SyS_ioctl+0x7f/0xb0 [ 3127.419784] ? do_vfs_ioctl+0xff0/0xff0 [ 3127.423749] do_syscall_64+0x1d5/0x640 [ 3127.427636] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3127.432995] RIP: 0033:0x7f980133e109 [ 3127.436689] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 00:21:52 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz1\x00', {0x0, 0x0, 0x4000}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f]}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) [ 3127.444478] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3127.451899] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3127.459156] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3127.466421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3127.473740] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3127.488503] input: failed to attach handler evdev to device input33421, error: -12 00:21:52 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 58) [ 3127.542882] input: syz0 as /devices/virtual/input/input33423 [ 3127.554704] input: syz0 as /devices/virtual/input/input33424 [ 3127.582560] input: syz0 as /devices/virtual/input/input33427 00:21:52 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) sendmsg$L2TP_CMD_TUNNEL_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x74, 0x0, 0x100, 0x70bd29, 0x25dfdbfb, {}, [@L2TP_ATTR_OFFSET={0x6, 0x3, 0x1}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @loopback}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x4}, @L2TP_ATTR_MTU={0x6, 0x1c, 0xfff}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @remote}, @L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x75}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x4}, @L2TP_ATTR_VLAN_ID={0x6, 0xe, 0x4}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @mcast1}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000800}, 0x4000000) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_BEGIN_FF_UPLOAD(r0, 0xc06855c8, &(0x7f0000000040)={0x1, 0x2, {0x53, 0x101, 0x5, {0x1, 0x40}, {0x85d, 0x9}, @rumble={0x4, 0x5}}, {0x56, 0x9, 0x7fff, {0x81}, {0x5, 0x6}, @rumble={0xff80, 0x7}}}) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:52 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x91d7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x410, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_SET_PHYS(r1, 0x4008556c, &(0x7f0000000040)='syz0\x00') r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080), 0x200001, 0x0) ioctl$UI_END_FF_UPLOAD(r2, 0x406855c9, &(0x7f00000000c0)={0xf, 0x9, {0x51, 0x7, 0xfff, {0xf36b}, {0x3, 0xa95a}, @cond=[{0x9, 0x0, 0x1, 0xb3, 0x101, 0x14aa}, {0x3, 0xfff, 0x9, 0x0, 0xd56, 0x5ce9}]}, {0x52, 0x81, 0x6, {0x7ff, 0xcc}, {0x1ff, 0x9}, @const={0x0, {0xbb13, 0x5, 0x4, 0x8001}}}}) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:52 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_DEV_DESTROY(r1, 0x5502) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:52 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f0000000180)={0xf, 0x0, {0x57, 0x8001, 0x3, {0x8f4}, {0x5, 0x7f}, @rumble={0x4, 0x1}}, {0x52, 0x6bcf, 0x8000, {0x8, 0x1}, {0xff, 0x208a}, @cond=[{0x20, 0xa, 0x3, 0x8, 0x5, 0x200}, {0x40, 0x3, 0x1, 0x3, 0x3, 0x1ff}]}}) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x100]}, 0x45c) ioctl$sock_bt_hidp_HIDPCONNDEL(0xffffffffffffffff, 0x400448c9, &(0x7f00000000c0)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x6}) write$apparmor_exec(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="657865632073797a30007d9b85d839580c988c3af8a1fb2bdbc39545cc30d0f6ee292e584f8f6e7cc263c0507bcdf180ae5370991ad44ef26b80f9d496284567e5ef2d59df44e881923f4ca0f30ac5a95f75aed56835b6b0a98eb7c25854cf49be5c7dbb24ede3ac61723e87669b708d3b7bc28346c42cc77c7028384900c5467229dab2417b2a1997f322ca0a6ebea5dd709462579260d6ef85a276cb716eaf5d0ad5be112c3fdf613019df7b6b635e1e204aee6d23f66ff894d79786d61d5f9b4b633f15874e3fb2b9aded6add"], 0xa) ioctl$UI_END_FF_ERASE(r0, 0x400c55cb, &(0x7f0000000080)={0x6, 0x6, 0x40}) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r4, 0x40045568, 0x0) ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) [ 3127.595540] input: syz0 as /devices/virtual/input/input33429 [ 3127.628899] FAULT_INJECTION: forcing a failure. [ 3127.628899] name failslab, interval 1, probability 0, space 0, times 0 00:21:52 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$UI_GET_SYSNAME(r2, 0x8040552c, &(0x7f0000000080)) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x4) [ 3127.678039] CPU: 1 PID: 20522 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3127.685940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3127.695304] Call Trace: [ 3127.696156] input: syz0 as /devices/virtual/input/input33434 [ 3127.697892] dump_stack+0x1b2/0x281 [ 3127.697913] should_fail.cold+0x10a/0x149 [ 3127.697925] should_failslab+0xd6/0x130 [ 3127.697936] kmem_cache_alloc+0x28e/0x3c0 [ 3127.697949] __kernfs_new_node+0x6f/0x470 [ 3127.697961] kernfs_create_dir_ns+0x8c/0x200 [ 3127.697972] sysfs_create_dir_ns+0xb7/0x1d0 [ 3127.697984] kobject_add_internal+0x28b/0x930 [ 3127.697996] kobject_add+0x11f/0x180 [ 3127.698007] ? kset_create_and_add+0x190/0x190 [ 3127.715148] input: syz0 as /devices/virtual/input/input33436 [ 3127.715625] ? device_add+0xd72/0x15c0 [ 3127.754965] ? __lockdep_init_map+0x100/0x560 [ 3127.759461] ? root_device_release+0x20/0x20 [ 3127.763869] device_add+0x33f/0x15c0 [ 3127.767609] ? kobj_map+0x2ff/0x3d0 [ 3127.771212] ? device_is_dependent+0x2a0/0x2a0 [ 3127.775862] cdev_device_add+0x14a/0x230 [ 3127.780345] ? cdev_init+0x6b/0xb0 [ 3127.783881] evdev_connect+0x388/0x480 [ 3127.787758] input_attach_handler+0x146/0x1a0 [ 3127.792238] input_register_device.cold+0xc2/0x2c3 [ 3127.797150] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3127.802326] ? uinput_write+0xfb0/0xfb0 [ 3127.806281] ? get_pid_task+0xb8/0x130 [ 3127.810145] ? proc_fail_nth_write+0x7b/0x180 [ 3127.814619] ? trace_hardirqs_on+0x10/0x10 [ 3127.818848] ? fsnotify+0x974/0x11b0 [ 3127.822548] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3127.827478] ? __handle_mm_fault+0x80f/0x4620 [ 3127.831967] ? SyS_write+0x1b7/0x210 [ 3127.835670] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3127.841106] do_vfs_ioctl+0x75a/0xff0 [ 3127.844937] ? lock_acquire+0x170/0x3f0 [ 3127.848891] ? ioctl_preallocate+0x1a0/0x1a0 [ 3127.853278] ? __fget+0x265/0x3e0 [ 3127.856710] ? do_vfs_ioctl+0xff0/0xff0 [ 3127.860668] ? security_file_ioctl+0x83/0xb0 [ 3127.865068] SyS_ioctl+0x7f/0xb0 [ 3127.868415] ? do_vfs_ioctl+0xff0/0xff0 [ 3127.872369] do_syscall_64+0x1d5/0x640 [ 3127.876258] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3127.881432] RIP: 0033:0x7f980133e109 [ 3127.885143] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3127.892835] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3127.900089] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3127.907357] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3127.914622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3127.921883] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 00:21:53 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x4) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000000c0)={{0x0, 0x3, 0xff, 0x9}, 'syz1\x00', 0x50}) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_GET_VERSION(r1, 0x8004552d, &(0x7f0000000040)) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) ioctl$UI_GET_SYSNAME(r2, 0x8040552c, &(0x7f0000000080)) 00:21:53 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 59) 00:21:53 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async, rerun: 64) ioctl$UI_DEV_DESTROY(r1, 0x5502) (rerun: 64) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:53 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x91d7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x410, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_SET_PHYS(r1, 0x4008556c, &(0x7f0000000040)='syz0\x00') r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080), 0x200001, 0x0) ioctl$UI_END_FF_UPLOAD(r2, 0x406855c9, &(0x7f00000000c0)={0xf, 0x9, {0x51, 0x7, 0xfff, {0xf36b}, {0x3, 0xa95a}, @cond=[{0x9, 0x0, 0x1, 0xb3, 0x101, 0x14aa}, {0x3, 0xfff, 0x9, 0x0, 0xd56, 0x5ce9}]}, {0x52, 0x81, 0x6, {0x7ff, 0xcc}, {0x1ff, 0x9}, @const={0x0, {0xbb13, 0x5, 0x4, 0x8001}}}}) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3127.936331] kobject_add_internal failed for event4 (error: -12 parent: input33429) [ 3127.945740] input: failed to attach handler evdev to device input33429, error: -12 00:21:53 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$UI_GET_SYSNAME(r2, 0x8040552c, &(0x7f0000000080)) (async) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x4) 00:21:53 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) (async) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) (async) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) (async) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) (async) ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f0000000180)={0xf, 0x0, {0x57, 0x8001, 0x3, {0x8f4}, {0x5, 0x7f}, @rumble={0x4, 0x1}}, {0x52, 0x6bcf, 0x8000, {0x8, 0x1}, {0xff, 0x208a}, @cond=[{0x20, 0xa, 0x3, 0x8, 0x5, 0x200}, {0x40, 0x3, 0x1, 0x3, 0x3, 0x1ff}]}}) (async) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x100]}, 0x45c) (async) ioctl$sock_bt_hidp_HIDPCONNDEL(0xffffffffffffffff, 0x400448c9, &(0x7f00000000c0)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x6}) write$apparmor_exec(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="657865632073797a30007d9b85d839580c988c3af8a1fb2bdbc39545cc30d0f6ee292e584f8f6e7cc263c0507bcdf180ae5370991ad44ef26b80f9d496284567e5ef2d59df44e881923f4ca0f30ac5a95f75aed56835b6b0a98eb7c25854cf49be5c7dbb24ede3ac61723e87669b708d3b7bc28346c42cc77c7028384900c5467229dab2417b2a1997f322ca0a6ebea5dd709462579260d6ef85a276cb716eaf5d0ad5be112c3fdf613019df7b6b635e1e204aee6d23f66ff894d79786d61d5f9b4b633f15874e3fb2b9aded6add"], 0xa) ioctl$UI_END_FF_ERASE(r0, 0x400c55cb, &(0x7f0000000080)={0x6, 0x6, 0x40}) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) (async) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (async) r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r4, 0x40045568, 0x0) (async) ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) [ 3128.001610] input: syz0 as /devices/virtual/input/input33439 [ 3128.004886] input: syz1 as /devices/virtual/input/input33440 00:21:53 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x4) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000000c0)={{0x0, 0x3, 0xff, 0x9}, 'syz1\x00', 0x50}) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_GET_VERSION(r1, 0x8004552d, &(0x7f0000000040)) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) ioctl$UI_GET_SYSNAME(r2, 0x8040552c, &(0x7f0000000080)) [ 3128.068099] input: syz0 as /devices/virtual/input/input33445 [ 3128.074098] FAULT_INJECTION: forcing a failure. [ 3128.074098] name failslab, interval 1, probability 0, space 0, times 0 [ 3128.085934] input: syz0 as /devices/virtual/input/input33444 [ 3128.100356] CPU: 1 PID: 20596 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3128.105533] input: syz0 as /devices/virtual/input/input33512 [ 3128.108262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3128.108267] Call Trace: [ 3128.108282] dump_stack+0x1b2/0x281 [ 3128.108298] should_fail.cold+0x10a/0x149 [ 3128.108312] should_failslab+0xd6/0x130 [ 3128.108325] __kmalloc_track_caller+0x2bc/0x400 [ 3128.108334] ? kstrdup_const+0x35/0x60 [ 3128.108345] ? uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3128.108356] kstrdup+0x36/0x70 [ 3128.108367] kstrdup_const+0x35/0x60 [ 3128.108379] __kernfs_new_node+0x2e/0x470 [ 3128.108391] kernfs_create_dir_ns+0x8c/0x200 [ 3128.108402] sysfs_create_dir_ns+0xb7/0x1d0 [ 3128.108413] kobject_add_internal+0x28b/0x930 [ 3128.108427] kobject_add+0x11f/0x180 [ 3128.108436] ? kset_create_and_add+0x190/0x190 [ 3128.108446] ? device_add+0xd72/0x15c0 [ 3128.108455] ? __lockdep_init_map+0x100/0x560 [ 3128.108464] ? root_device_release+0x20/0x20 [ 3128.116644] input: syz0 as /devices/virtual/input/input33514 [ 3128.123616] device_add+0x33f/0x15c0 [ 3128.123627] ? kobj_map+0x2ff/0x3d0 [ 3128.123637] ? device_is_dependent+0x2a0/0x2a0 [ 3128.123651] cdev_device_add+0x14a/0x230 [ 3128.123658] ? cdev_init+0x6b/0xb0 [ 3128.123669] evdev_connect+0x388/0x480 [ 3128.123680] input_attach_handler+0x146/0x1a0 [ 3128.123700] input_register_device.cold+0xc2/0x2c3 [ 3128.123716] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3128.123726] ? uinput_write+0xfb0/0xfb0 [ 3128.123734] ? get_pid_task+0xb8/0x130 [ 3128.123743] ? proc_fail_nth_write+0x7b/0x180 [ 3128.123754] ? trace_hardirqs_on+0x10/0x10 [ 3128.123769] ? fsnotify+0x974/0x11b0 [ 3128.123777] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3128.123788] ? __handle_mm_fault+0x80f/0x4620 [ 3128.145874] input: syz1 as /devices/virtual/input/input33515 [ 3128.146589] ? SyS_write+0x1b7/0x210 [ 3128.146606] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3128.146616] do_vfs_ioctl+0x75a/0xff0 [ 3128.289277] ? lock_acquire+0x170/0x3f0 [ 3128.293252] ? ioctl_preallocate+0x1a0/0x1a0 [ 3128.297648] ? __fget+0x265/0x3e0 [ 3128.301117] ? do_vfs_ioctl+0xff0/0xff0 [ 3128.305071] ? security_file_ioctl+0x83/0xb0 [ 3128.309466] SyS_ioctl+0x7f/0xb0 [ 3128.312833] ? do_vfs_ioctl+0xff0/0xff0 [ 3128.316785] do_syscall_64+0x1d5/0x640 [ 3128.320658] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3128.325825] RIP: 0033:0x7f980133e109 [ 3128.329609] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3128.337308] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3128.344652] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3128.351903] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3128.359167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 00:21:53 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f0000000180)={0xf, 0x0, {0x57, 0x8001, 0x3, {0x8f4}, {0x5, 0x7f}, @rumble={0x4, 0x1}}, {0x52, 0x6bcf, 0x8000, {0x8, 0x1}, {0xff, 0x208a}, @cond=[{0x20, 0xa, 0x3, 0x8, 0x5, 0x200}, {0x40, 0x3, 0x1, 0x3, 0x3, 0x1ff}]}}) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x100]}, 0x45c) ioctl$sock_bt_hidp_HIDPCONNDEL(0xffffffffffffffff, 0x400448c9, &(0x7f00000000c0)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x6}) write$apparmor_exec(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="657865632073797a30007d9b85d839580c988c3af8a1fb2bdbc39545cc30d0f6ee292e584f8f6e7cc263c0507bcdf180ae5370991ad44ef26b80f9d496284567e5ef2d59df44e881923f4ca0f30ac5a95f75aed56835b6b0a98eb7c25854cf49be5c7dbb24ede3ac61723e87669b708d3b7bc28346c42cc77c7028384900c5467229dab2417b2a1997f322ca0a6ebea5dd709462579260d6ef85a276cb716eaf5d0ad5be112c3fdf613019df7b6b635e1e204aee6d23f66ff894d79786d61d5f9b4b633f15874e3fb2b9aded6add"], 0xa) ioctl$UI_END_FF_ERASE(r0, 0x400c55cb, &(0x7f0000000080)={0x6, 0x6, 0x40}) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r4, 0x40045568, 0x0) ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) (async) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) (async) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) (async) ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f0000000180)={0xf, 0x0, {0x57, 0x8001, 0x3, {0x8f4}, {0x5, 0x7f}, @rumble={0x4, 0x1}}, {0x52, 0x6bcf, 0x8000, {0x8, 0x1}, {0xff, 0x208a}, @cond=[{0x20, 0xa, 0x3, 0x8, 0x5, 0x200}, {0x40, 0x3, 0x1, 0x3, 0x3, 0x1ff}]}}) (async) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x100]}, 0x45c) (async) ioctl$sock_bt_hidp_HIDPCONNDEL(0xffffffffffffffff, 0x400448c9, &(0x7f00000000c0)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x6}) (async) write$apparmor_exec(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="657865632073797a30007d9b85d839580c988c3af8a1fb2bdbc39545cc30d0f6ee292e584f8f6e7cc263c0507bcdf180ae5370991ad44ef26b80f9d496284567e5ef2d59df44e881923f4ca0f30ac5a95f75aed56835b6b0a98eb7c25854cf49be5c7dbb24ede3ac61723e87669b708d3b7bc28346c42cc77c7028384900c5467229dab2417b2a1997f322ca0a6ebea5dd709462579260d6ef85a276cb716eaf5d0ad5be112c3fdf613019df7b6b635e1e204aee6d23f66ff894d79786d61d5f9b4b633f15874e3fb2b9aded6add"], 0xa) (async) ioctl$UI_END_FF_ERASE(r0, 0x400c55cb, &(0x7f0000000080)={0x6, 0x6, 0x40}) (async) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (async) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) (async) ioctl$UI_SET_MSCBIT(r4, 0x40045568, 0x0) (async) ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) (async) 00:21:53 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_DEV_DESTROY(r1, 0x5502) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_DEV_DESTROY(r1, 0x5502) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) [ 3128.366424] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3128.374889] kobject_add_internal failed for event4 (error: -12 parent: input33445) [ 3128.384243] input: failed to attach handler evdev to device input33445, error: -12 00:21:53 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x91d7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x410, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async) ioctl$UI_SET_PHYS(r1, 0x4008556c, &(0x7f0000000040)='syz0\x00') r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080), 0x200001, 0x0) ioctl$UI_END_FF_UPLOAD(r2, 0x406855c9, &(0x7f00000000c0)={0xf, 0x9, {0x51, 0x7, 0xfff, {0xf36b}, {0x3, 0xa95a}, @cond=[{0x9, 0x0, 0x1, 0xb3, 0x101, 0x14aa}, {0x3, 0xfff, 0x9, 0x0, 0xd56, 0x5ce9}]}, {0x52, 0x81, 0x6, {0x7ff, 0xcc}, {0x1ff, 0x9}, @const={0x0, {0xbb13, 0x5, 0x4, 0x8001}}}}) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) 00:21:53 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async, rerun: 32) ioctl$UI_DEV_CREATE(r0, 0x5501) (async, rerun: 32) ioctl$UI_DEV_DESTROY(r0, 0x5502) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$UI_GET_SYSNAME(r2, 0x8040552c, &(0x7f0000000080)) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x4) 00:21:53 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 60) 00:21:53 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x4) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000000c0)={{0x0, 0x3, 0xff, 0x9}, 'syz1\x00', 0x50}) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_GET_VERSION(r1, 0x8004552d, &(0x7f0000000040)) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) ioctl$UI_GET_SYSNAME(r2, 0x8040552c, &(0x7f0000000080)) 00:21:53 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaeeb], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000], [0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) getuid() ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3128.483325] input: syz0 as /devices/virtual/input/input33519 [ 3128.487346] input: syz0 as /devices/virtual/input/input33521 [ 3128.501900] input: syz0 as /devices/virtual/input/input33520 [ 3128.504653] input: syz0 as /devices/virtual/input/input33526 [ 3128.520428] FAULT_INJECTION: forcing a failure. [ 3128.520428] name failslab, interval 1, probability 0, space 0, times 0 [ 3128.532371] CPU: 0 PID: 20660 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3128.540259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3128.541971] input: syz1 as /devices/virtual/input/input33527 [ 3128.549604] Call Trace: [ 3128.549621] dump_stack+0x1b2/0x281 [ 3128.549635] should_fail.cold+0x10a/0x149 [ 3128.549647] should_failslab+0xd6/0x130 [ 3128.549712] kmem_cache_alloc+0x28e/0x3c0 [ 3128.573863] __kernfs_new_node+0x6f/0x470 [ 3128.578004] kernfs_new_node+0x7b/0xe0 [ 3128.581874] __kernfs_create_file+0x3d/0x320 [ 3128.586370] sysfs_add_file_mode_ns+0x1e1/0x450 [ 3128.591028] device_create_file+0xc8/0x100 [ 3128.595251] ? acpi_platform_notify_remove+0x1f0/0x1f0 [ 3128.600508] device_add+0x37a/0x15c0 [ 3128.604207] ? kobj_map+0x2ff/0x3d0 [ 3128.607814] ? device_is_dependent+0x2a0/0x2a0 [ 3128.612385] cdev_device_add+0x14a/0x230 [ 3128.616439] ? cdev_init+0x6b/0xb0 [ 3128.620058] evdev_connect+0x388/0x480 [ 3128.623925] input_attach_handler+0x146/0x1a0 [ 3128.628405] input_register_device.cold+0xc2/0x2c3 [ 3128.633332] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3128.638503] ? uinput_write+0xfb0/0xfb0 [ 3128.642461] ? get_pid_task+0xb8/0x130 [ 3128.646395] ? proc_fail_nth_write+0x7b/0x180 [ 3128.650887] ? trace_hardirqs_on+0x10/0x10 [ 3128.655105] ? fsnotify+0x974/0x11b0 [ 3128.658809] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3128.663721] ? __handle_mm_fault+0x80f/0x4620 [ 3128.668200] ? SyS_write+0x1b7/0x210 [ 3128.672000] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3128.677467] do_vfs_ioctl+0x75a/0xff0 [ 3128.681251] ? lock_acquire+0x170/0x3f0 [ 3128.685207] ? ioctl_preallocate+0x1a0/0x1a0 [ 3128.689684] ? __fget+0x265/0x3e0 [ 3128.693126] ? do_vfs_ioctl+0xff0/0xff0 [ 3128.697086] ? security_file_ioctl+0x83/0xb0 [ 3128.701484] SyS_ioctl+0x7f/0xb0 [ 3128.704827] ? do_vfs_ioctl+0xff0/0xff0 [ 3128.708795] do_syscall_64+0x1d5/0x640 [ 3128.712673] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3128.717858] RIP: 0033:0x7f980133e109 [ 3128.721638] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 00:21:53 executing program 5: prctl$PR_GET_IO_FLUSHER(0x3a) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], [0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff1f91, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff]}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3128.729340] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3128.736588] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3128.743836] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3128.751086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3128.758333] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3128.768657] input: failed to attach handler evdev to device input33526, error: -12 00:21:53 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_BEGIN_FF_ERASE(r1, 0xc00c55ca, &(0x7f0000000040)={0x6, 0x3, 0x8}) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:53 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 61) 00:21:54 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0xffffffff]}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) setsockopt$MRT6_PIM(0xffffffffffffffff, 0x29, 0xcf, &(0x7f0000000040)=0x2, 0x4) shmget(0x3, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) 00:21:54 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaeeb], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000], [0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) getuid() ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaeeb], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000], [0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f]}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) getuid() (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) [ 3128.805862] input: syz0 as /devices/virtual/input/input33530 [ 3128.841853] input: syz0 as /devices/virtual/input/input33531 00:21:54 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x4) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000000c0)={{0x0, 0x3, 0xff, 0x9}, 'syz1\x00', 0x50}) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_GET_VERSION(r1, 0x8004552d, &(0x7f0000000040)) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x0) 00:21:54 executing program 5: prctl$PR_GET_IO_FLUSHER(0x3a) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], [0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff1f91, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff]}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_CREATE(r0, 0x5501) prctl$PR_GET_IO_FLUSHER(0x3a) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], [0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff1f91, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff]}, 0x45c) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) [ 3128.870662] input: syz0 as /devices/virtual/input/input33532 [ 3128.894905] input: syz0 as /devices/virtual/input/input33533 [ 3128.913891] input: syz0 as /devices/virtual/input/input33535 [ 3128.917539] FAULT_INJECTION: forcing a failure. [ 3128.917539] name failslab, interval 1, probability 0, space 0, times 0 [ 3128.939248] input: syz1 as /devices/virtual/input/input33536 [ 3128.942017] CPU: 1 PID: 20724 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3128.952759] input: syz0 as /devices/virtual/input/input33538 [ 3128.952940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3128.968056] Call Trace: 00:21:54 executing program 5: prctl$PR_GET_IO_FLUSHER(0x3a) (async) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], [0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff1f91, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff]}, 0x45c) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3128.970706] dump_stack+0x1b2/0x281 [ 3128.974344] should_fail.cold+0x10a/0x149 [ 3128.978662] should_failslab+0xd6/0x130 [ 3128.982623] kmem_cache_alloc+0x28e/0x3c0 [ 3128.986764] __kernfs_new_node+0x6f/0x470 [ 3128.990900] kernfs_new_node+0x7b/0xe0 [ 3128.994782] kernfs_create_link+0x27/0x160 [ 3128.999140] sysfs_do_create_link_sd+0x90/0x120 [ 3129.003801] sysfs_create_link+0x5f/0xc0 [ 3129.007869] device_add+0x4e4/0x15c0 [ 3129.011677] ? device_is_dependent+0x2a0/0x2a0 [ 3129.016267] cdev_device_add+0x14a/0x230 [ 3129.020321] ? cdev_init+0x6b/0xb0 [ 3129.023845] evdev_connect+0x388/0x480 [ 3129.027724] input_attach_handler+0x146/0x1a0 [ 3129.032212] input_register_device.cold+0xc2/0x2c3 [ 3129.037229] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3129.042416] ? uinput_write+0xfb0/0xfb0 [ 3129.046375] ? get_pid_task+0xb8/0x130 [ 3129.050255] ? proc_fail_nth_write+0x7b/0x180 [ 3129.055009] ? trace_hardirqs_on+0x10/0x10 [ 3129.059237] ? fsnotify+0x974/0x11b0 [ 3129.062933] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3129.067846] ? __handle_mm_fault+0x80f/0x4620 [ 3129.072337] ? SyS_write+0x1b7/0x210 [ 3129.076042] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3129.081482] do_vfs_ioctl+0x75a/0xff0 [ 3129.085270] ? lock_acquire+0x170/0x3f0 [ 3129.089245] ? ioctl_preallocate+0x1a0/0x1a0 [ 3129.093657] ? __fget+0x265/0x3e0 [ 3129.097089] ? do_vfs_ioctl+0xff0/0xff0 [ 3129.101042] ? security_file_ioctl+0x83/0xb0 [ 3129.105428] SyS_ioctl+0x7f/0xb0 [ 3129.108785] ? do_vfs_ioctl+0xff0/0xff0 [ 3129.112750] do_syscall_64+0x1d5/0x640 [ 3129.116676] entry_SYSCALL_64_after_hwframe+0x46/0xbb 00:21:54 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaeeb], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000], [0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f]}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) (async) getuid() (async) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3129.121882] RIP: 0033:0x7f980133e109 [ 3129.125581] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3129.133268] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3129.140517] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3129.147773] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3129.155030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3129.162275] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 00:21:54 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) (async, rerun: 32) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) (async) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) (async) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0xffffffff]}, 0x45c) (async) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) (async, rerun: 64) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 64) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (async) setsockopt$MRT6_PIM(0xffffffffffffffff, 0x29, 0xcf, &(0x7f0000000040)=0x2, 0x4) (async) shmget(0x3, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) 00:21:54 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async, rerun: 32) ioctl$UI_DEV_CREATE(r0, 0x5501) (async, rerun: 32) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async, rerun: 64) ioctl$UI_BEGIN_FF_ERASE(r1, 0xc00c55ca, &(0x7f0000000040)={0x6, 0x3, 0x8}) (rerun: 64) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:54 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x4) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000000c0)={{0x0, 0x3, 0xff, 0x9}, 'syz1\x00', 0x50}) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_GET_VERSION(r1, 0x8004552d, &(0x7f0000000040)) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) 00:21:54 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 62) [ 3129.174672] input: failed to attach handler evdev to device input33533, error: -12 00:21:54 executing program 0: syz_read_part_table(0x81, 0x5, &(0x7f0000000440)=[{&(0x7f0000000040)="8dfab5251ec72772a860fb2e8169206b738c962ce15c65eb334db9007e2e788a09fe6a1b21eff5c4712926f1e9b660f45ea1977a9a63f0e5c3f71c78a14d001db874804f9f346b6d224a33bbf0bcb6f10deb604d4eae6bdeb0af93879a73bd094529342dab979918fa78ed8f08fda622f492957c2e17638592ef878090f2bcbc721a462ec1a6d7e260a350f32c11ec6a706d16143d80aa0b96aab794bf8df29c79", 0xa1, 0xffffffffffffff0b}, {&(0x7f0000000100)="1cb5ba026052a10945a94255a9d63930fe400afe29443efe284b9d886a19851f204435bd8e6d8014ceba685cef3d727ac6af939cb61fac5d543c0187e778e30efe2b18a03f9b718ade3ecc60cda45ffb6cf687291460611a9ae5b49b90048e132bb3714423a1a02c077293b4884f42dd6760afdb58d427715e693fec7a4d7e3578c2be0d4e62767726803c7644fc563b88b0e724ccf52a1c32c7f54ad830892e07f878429d3229c365692db5222d1809c1a66787f1de1a89244ffbafe75891fb60c5f2", 0xc3, 0x9}, {&(0x7f0000000200), 0x0, 0x7ff}, {&(0x7f0000000240)="a9b7a8e3d942b63a2793027167e9828238c6f0fd9cd3bab08ae3574d2d9978bf8846afadb5c9499daa2721a2229547129b2c3ef0aaf3046ff823d81489fea4151220d2c7ee868eca313015fe2fb8b3034ac3115324974394f5775ea311df25c9a10bd55f93791337a9b5135251bc48aa1613e92e5545e76d949f06d253e91397941a2291084d2f7d42fd642dba47504cb9086d55c14a884acc6ce418ac1806f42e1f6c76b6b803761286551b2116878d261e0695bcbf9873e0bcebbe00e55c226153d002f2de38b2738e368b78a6266026a01c7c2cc2f0", 0xd7, 0x7}, {&(0x7f0000000340)="262819cf97e74ee22d909f5e8228468b2bc7d3fb7d74476a80b5e7e3341292798e3e7da260613073bb75a5b97588b8bc3731cc0858405e73a6a620eb8a1fea083683a0f03a704d3c08251ead2e8b081e562fb0953210fa0477b57c5ad6b429bd08041be055721d558b9d87f39bc5a392fc4a3807b368441d9df250c4209d7ebfaa70bfbcde5881e53d1b76561aaf973ef012341179eb74d0fabe433f5fcae711493a468fd68120432517264148c9ef09a416f8e7bc2cd6b28f84271937942cfa514f76fe466c7e0de811b4e5f20438f04dc3829c9f", 0xd5, 0x3f}]) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000200), 0xc01, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_SET_LEDBIT(r1, 0x40045569, 0xa) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3129.239203] input: syz0 as /devices/virtual/input/input33542 [ 3129.270354] input: syz0 as /devices/virtual/input/input33544 [ 3129.277515] input: syz0 as /devices/virtual/input/input33545 [ 3129.285479] input: syz1 as /devices/virtual/input/input33546 [ 3129.289165] FAULT_INJECTION: forcing a failure. [ 3129.289165] name failslab, interval 1, probability 0, space 0, times 0 [ 3129.295757] input: syz0 as /devices/virtual/input/input33547 [ 3129.309793] CPU: 0 PID: 20798 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3129.317680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3129.327086] Call Trace: [ 3129.329669] dump_stack+0x1b2/0x281 [ 3129.333279] should_fail.cold+0x10a/0x149 [ 3129.337423] should_failslab+0xd6/0x130 [ 3129.341379] kmem_cache_alloc+0x28e/0x3c0 [ 3129.345524] __kernfs_new_node+0x6f/0x470 [ 3129.349659] kernfs_new_node+0x7b/0xe0 [ 3129.353539] kernfs_create_link+0x27/0x160 [ 3129.357774] sysfs_do_create_link_sd+0x90/0x120 [ 3129.362428] sysfs_create_link+0x5f/0xc0 [ 3129.366474] device_add+0x461/0x15c0 [ 3129.370167] ? device_is_dependent+0x2a0/0x2a0 [ 3129.375078] cdev_device_add+0x14a/0x230 [ 3129.379114] ? cdev_init+0x6b/0xb0 [ 3129.382630] evdev_connect+0x388/0x480 [ 3129.386499] input_attach_handler+0x146/0x1a0 [ 3129.390988] input_register_device.cold+0xc2/0x2c3 [ 3129.395903] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3129.401070] ? uinput_write+0xfb0/0xfb0 [ 3129.405029] ? get_pid_task+0xb8/0x130 [ 3129.408926] ? proc_fail_nth_write+0x7b/0x180 [ 3129.413407] ? trace_hardirqs_on+0x10/0x10 [ 3129.417640] ? fsnotify+0x974/0x11b0 [ 3129.421340] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 3129.426246] ? __handle_mm_fault+0x80f/0x4620 [ 3129.430717] ? SyS_write+0x1b7/0x210 [ 3129.434418] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3129.439845] do_vfs_ioctl+0x75a/0xff0 [ 3129.443622] ? lock_acquire+0x170/0x3f0 [ 3129.447575] ? ioctl_preallocate+0x1a0/0x1a0 [ 3129.451968] ? __fget+0x265/0x3e0 [ 3129.455398] ? do_vfs_ioctl+0xff0/0xff0 [ 3129.459351] ? security_file_ioctl+0x83/0xb0 [ 3129.463736] SyS_ioctl+0x7f/0xb0 [ 3129.467077] ? do_vfs_ioctl+0xff0/0xff0 [ 3129.471029] do_syscall_64+0x1d5/0x640 [ 3129.474908] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3129.480257] RIP: 0033:0x7f980133e109 00:21:54 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x13) ioctl$UI_DEV_CREATE(r0, 0x5501) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x8, 0xea95, 0x80000000, 0x0, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x5, 0xa}, 0x48) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000000c0), 0x400080, 0x0) inotify_add_watch(r1, &(0x7f0000000100)='./file0\x00', 0x14000980) [ 3129.483942] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3129.491642] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3129.499156] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 3129.506402] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3129.513687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3129.520938] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 00:21:54 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0xffffffff]}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) setsockopt$MRT6_PIM(0xffffffffffffffff, 0x29, 0xcf, &(0x7f0000000040)=0x2, 0x4) shmget(0x3, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) (async) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x0) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) (async) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) (async) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) (async) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0xffffffff]}, 0x45c) (async) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (async) setsockopt$MRT6_PIM(0xffffffffffffffff, 0x29, 0xcf, &(0x7f0000000040)=0x2, 0x4) (async) shmget(0x3, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) (async) [ 3129.533269] input: failed to attach handler evdev to device input33545, error: -12 00:21:54 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 63) 00:21:54 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_BEGIN_FF_ERASE(r1, 0xc00c55ca, &(0x7f0000000040)={0x6, 0x3, 0x8}) (async) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:54 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x4) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000000c0)={{0x0, 0x3, 0xff, 0x9}, 'syz1\x00', 0x50}) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) ioctl$UI_GET_VERSION(r1, 0x8004552d, &(0x7f0000000040)) 00:21:54 executing program 0: syz_read_part_table(0x81, 0x5, &(0x7f0000000440)=[{&(0x7f0000000040)="8dfab5251ec72772a860fb2e8169206b738c962ce15c65eb334db9007e2e788a09fe6a1b21eff5c4712926f1e9b660f45ea1977a9a63f0e5c3f71c78a14d001db874804f9f346b6d224a33bbf0bcb6f10deb604d4eae6bdeb0af93879a73bd094529342dab979918fa78ed8f08fda622f492957c2e17638592ef878090f2bcbc721a462ec1a6d7e260a350f32c11ec6a706d16143d80aa0b96aab794bf8df29c79", 0xa1, 0xffffffffffffff0b}, {&(0x7f0000000100)="1cb5ba026052a10945a94255a9d63930fe400afe29443efe284b9d886a19851f204435bd8e6d8014ceba685cef3d727ac6af939cb61fac5d543c0187e778e30efe2b18a03f9b718ade3ecc60cda45ffb6cf687291460611a9ae5b49b90048e132bb3714423a1a02c077293b4884f42dd6760afdb58d427715e693fec7a4d7e3578c2be0d4e62767726803c7644fc563b88b0e724ccf52a1c32c7f54ad830892e07f878429d3229c365692db5222d1809c1a66787f1de1a89244ffbafe75891fb60c5f2", 0xc3, 0x9}, {&(0x7f0000000200), 0x0, 0x7ff}, {&(0x7f0000000240)="a9b7a8e3d942b63a2793027167e9828238c6f0fd9cd3bab08ae3574d2d9978bf8846afadb5c9499daa2721a2229547129b2c3ef0aaf3046ff823d81489fea4151220d2c7ee868eca313015fe2fb8b3034ac3115324974394f5775ea311df25c9a10bd55f93791337a9b5135251bc48aa1613e92e5545e76d949f06d253e91397941a2291084d2f7d42fd642dba47504cb9086d55c14a884acc6ce418ac1806f42e1f6c76b6b803761286551b2116878d261e0695bcbf9873e0bcebbe00e55c226153d002f2de38b2738e368b78a6266026a01c7c2cc2f0", 0xd7, 0x7}, {&(0x7f0000000340)="262819cf97e74ee22d909f5e8228468b2bc7d3fb7d74476a80b5e7e3341292798e3e7da260613073bb75a5b97588b8bc3731cc0858405e73a6a620eb8a1fea083683a0f03a704d3c08251ead2e8b081e562fb0953210fa0477b57c5ad6b429bd08041be055721d558b9d87f39bc5a392fc4a3807b368441d9df250c4209d7ebfaa70bfbcde5881e53d1b76561aaf973ef012341179eb74d0fabe433f5fcae711493a468fd68120432517264148c9ef09a416f8e7bc2cd6b28f84271937942cfa514f76fe466c7e0de811b4e5f20438f04dc3829c9f", 0xd5, 0x3f}]) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00', {}, 0x48}, 0x45c) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000200), 0xc01, 0x0) (async) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) (async, rerun: 32) ioctl$UI_SET_LEDBIT(r1, 0x40045569, 0xa) (rerun: 32) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3129.570941] input: syz0 as /devices/virtual/input/input33551 [ 3129.581864] input: syz0 as /devices/virtual/input/input33553 00:21:54 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x13) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x8, 0xea95, 0x80000000, 0x0, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x5, 0xa}, 0x48) (async) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000000c0), 0x400080, 0x0) inotify_add_watch(r1, &(0x7f0000000100)='./file0\x00', 0x14000980) [ 3129.633784] input: syz0 as /devices/virtual/input/input33554 [ 3129.649590] input: syz0 as /devices/virtual/input/input33556 [ 3129.655717] FAULT_INJECTION: forcing a failure. [ 3129.655717] name failslab, interval 1, probability 0, space 0, times 0 [ 3129.658283] input: syz1 as /devices/virtual/input/input33557 [ 3129.670732] CPU: 0 PID: 20835 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 [ 3129.680607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3129.689954] Call Trace: [ 3129.692539] dump_stack+0x1b2/0x281 [ 3129.696164] should_fail.cold+0x10a/0x149 [ 3129.700311] should_failslab+0xd6/0x130 [ 3129.704292] __kmalloc_track_caller+0x2bc/0x400 [ 3129.708969] ? kstrdup_const+0x35/0x60 [ 3129.712864] kstrdup+0x36/0x70 [ 3129.716053] kstrdup_const+0x35/0x60 [ 3129.719770] __kernfs_new_node+0x2e/0x470 [ 3129.723922] kernfs_new_node+0x7b/0xe0 [ 3129.727811] kernfs_create_link+0x27/0x160 [ 3129.732051] sysfs_do_create_link_sd+0x90/0x120 [ 3129.736723] sysfs_create_link+0x5f/0xc0 [ 3129.740787] device_add+0x749/0x15c0 [ 3129.744534] ? device_is_dependent+0x2a0/0x2a0 [ 3129.749117] cdev_device_add+0x14a/0x230 [ 3129.753175] ? cdev_init+0x6b/0xb0 [ 3129.756716] evdev_connect+0x388/0x480 [ 3129.760609] input_attach_handler+0x146/0x1a0 [ 3129.765122] input_register_device.cold+0xc2/0x2c3 [ 3129.770062] uinput_ioctl_handler.isra.0+0x84c/0x1790 [ 3129.775253] ? uinput_write+0xfb0/0xfb0 [ 3129.779229] ? __schedule+0x893/0x1de0 [ 3129.783160] ? trace_hardirqs_on+0x10/0x10 [ 3129.787396] ? mark_held_locks+0xa6/0xf0 [ 3129.791600] ? retint_kernel+0x2d/0x2d [ 3129.795589] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 3129.800605] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3129.805366] ? SyS_write+0x1b7/0x210 [ 3129.809102] ? uinput_ioctl_handler.isra.0+0x1790/0x1790 [ 3129.814577] do_vfs_ioctl+0x75a/0xff0 [ 3129.818557] ? lock_acquire+0x170/0x3f0 [ 3129.822536] ? ioctl_preallocate+0x1a0/0x1a0 [ 3129.827046] ? __fget+0x265/0x3e0 [ 3129.830667] ? do_vfs_ioctl+0xff0/0xff0 [ 3129.834653] ? security_file_ioctl+0x83/0xb0 [ 3129.839139] SyS_ioctl+0x7f/0xb0 [ 3129.842510] ? do_vfs_ioctl+0xff0/0xff0 [ 3129.846485] do_syscall_64+0x1d5/0x640 [ 3129.850387] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3129.855662] RIP: 0033:0x7f980133e109 [ 3129.859367] RSP: 002b:00007f97ffcb3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3129.867075] RAX: ffffffffffffffda RBX: 00007f9801450f60 RCX: 00007f980133e109 [ 3129.874343] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 00:21:55 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) (async) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) (async) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) (async) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) (async) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x13) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x8, 0xea95, 0x80000000, 0x0, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x5, 0xa}, 0x48) (async) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000000c0), 0x400080, 0x0) inotify_add_watch(r1, &(0x7f0000000100)='./file0\x00', 0x14000980) [ 3129.881613] RBP: 00007f97ffcb31d0 R08: 0000000000000000 R09: 0000000000000000 [ 3129.888902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3129.896174] R13: 00007ffee7798f0f R14: 00007f97ffcb3300 R15: 0000000000022000 [ 3129.920485] input: failed to attach handler evdev to device input33554, error: -12 00:21:55 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) setgroups(0x1, &(0x7f0000000040)=[0x0]) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 00:21:55 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x4) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000000c0)={{0x0, 0x3, 0xff, 0x9}, 'syz1\x00', 0x50}) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0) 00:21:55 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 64) [ 3129.932693] input: syz0 as /devices/virtual/input/input33560 00:21:55 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x4) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000000c0)={{0x0, 0x3, 0xff, 0x9}, 'syz1\x00', 0x50}) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$uinput(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) [ 3129.991738] input: syz1 as /devices/virtual/input/input33562 00:21:55 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x4) write$uinput_user_dev(r0, &(0x7f00000004c0)={'syz0\x00'}, 0x45c) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x123) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000000c0)={{0x0, 0x3, 0xff, 0x9}, 'syz1\x00', 0x50}) ioctl$UI_DEV_CREATE(r0, 0x5501) [ 3130.063980] input: syz1 as /devices/virtual/input/input33564 [ 3130.121030] input: syz1 as /devices/virtual/input/input33565 [ 3294.863659] INFO: task syz-executor.1:7993 blocked for more than 140 seconds. [ 3294.870948] Not tainted 4.14.285-syzkaller #0 [ 3294.876107] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3294.884127] syz-executor.1 D25800 7993 1 0x00000004 [ 3294.889750] Call Trace: [ 3294.892337] __schedule+0x88b/0x1de0 [ 3294.896131] ? io_schedule_timeout+0x140/0x140 [ 3294.900705] ? lock_downgrade+0x740/0x740 [ 3294.904907] schedule+0x8d/0x1b0 [ 3294.908626] schedule_preempt_disabled+0xf/0x20 [ 3294.913404] __mutex_lock+0x669/0x1310 [ 3294.917370] ? kernel_text_address+0xbd/0xf0 [ 3294.921968] ? __blkdev_get+0x191/0x1090 [ 3294.926106] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 3294.931557] ? exact_match+0x9/0x20 [ 3294.935236] ? disk_block_events+0x1d/0x120 [ 3294.939556] __blkdev_get+0x191/0x1090 [ 3294.943645] ? lookup_fast+0x430/0xe30 [ 3294.947538] ? sb_min_blocksize+0x1d0/0x1d0 [ 3294.951944] ? fsnotify+0x974/0x11b0 [ 3294.955865] blkdev_get+0x88/0x890 [ 3294.959400] ? __blkdev_get+0x1090/0x1090 [ 3294.963604] ? lock_downgrade+0x740/0x740 [ 3294.967770] ? do_raw_spin_unlock+0x164/0x220 [ 3294.972294] ? _raw_spin_unlock+0x29/0x40 [ 3294.976511] blkdev_open+0x1cc/0x250 [ 3294.980216] ? security_file_open+0x82/0x190 [ 3294.984708] do_dentry_open+0x44b/0xec0 [ 3294.988693] ? blkdev_get_by_dev+0x70/0x70 [ 3294.993012] vfs_open+0x105/0x220 [ 3294.996669] path_openat+0x628/0x2970 [ 3295.000474] ? path_lookupat+0x780/0x780 [ 3295.004684] ? trace_hardirqs_on+0x10/0x10 [ 3295.008917] ? trace_hardirqs_on+0x10/0x10 [ 3295.013149] do_filp_open+0x179/0x3c0 [ 3295.017017] ? may_open_dev+0xe0/0xe0 [ 3295.020815] ? lock_downgrade+0x740/0x740 [ 3295.025047] ? do_raw_spin_unlock+0x164/0x220 [ 3295.029760] ? _raw_spin_unlock+0x29/0x40 [ 3295.034069] ? __alloc_fd+0x1be/0x490 [ 3295.037865] ? dput.part.0+0x27/0x710 [ 3295.041651] do_sys_open+0x296/0x410 [ 3295.045430] ? filp_open+0x60/0x60 [ 3295.048970] ? do_syscall_64+0x4c/0x640 [ 3295.052928] ? SyS_open+0x30/0x30 [ 3295.056441] do_syscall_64+0x1d5/0x640 [ 3295.060325] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3295.065614] RIP: 0033:0x7f2b07067024 [ 3295.069402] RSP: 002b:00007ffc61666cd0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 3295.077219] RAX: ffffffffffffffda RBX: 00007ffc61666dd0 RCX: 00007f2b07067024 [ 3295.084561] RDX: 0000000000000002 RSI: 00007ffc61666e10 RDI: 00000000ffffff9c [ 3295.091907] RBP: 00007ffc61666e10 R08: 0000000000000000 R09: 00007ffc61666be0 [ 3295.099335] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 3295.106787] R13: 00000000002fc39c R14: 0000000000000008 R15: 00007ffc61666e10 [ 3295.114144] INFO: task syz-executor.5:7995 blocked for more than 140 seconds. [ 3295.121412] Not tainted 4.14.285-syzkaller #0 [ 3295.126481] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3295.134511] syz-executor.5 D25704 7995 1 0x00000004 [ 3295.140128] Call Trace: [ 3295.142717] __schedule+0x88b/0x1de0 [ 3295.146494] ? __lock_acquire+0x5fc/0x3f20 [ 3295.150726] ? io_schedule_timeout+0x140/0x140 [ 3295.155438] ? lock_downgrade+0x740/0x740 [ 3295.159926] schedule+0x8d/0x1b0 [ 3295.163278] schedule_preempt_disabled+0xf/0x20 [ 3295.168094] __mutex_lock+0x669/0x1310 [ 3295.172009] ? __blkdev_get+0x191/0x1090 [ 3295.176120] ? __mutex_lock+0x270/0x1310 [ 3295.180176] ? lo_open+0x19/0xb0 [ 3295.183615] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 3295.189120] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 3295.194713] ? disk_get_part+0x95/0x140 [ 3295.198690] ? loop_unregister_transfer+0x90/0x90 [ 3295.204286] lo_open+0x19/0xb0 [ 3295.207483] __blkdev_get+0x306/0x1090 [ 3295.211359] ? lookup_fast+0x430/0xe30 [ 3295.215303] ? sb_min_blocksize+0x1d0/0x1d0 [ 3295.219627] ? fsnotify+0x974/0x11b0 [ 3295.223499] blkdev_get+0x88/0x890 [ 3295.227045] ? __blkdev_get+0x1090/0x1090 [ 3295.231171] ? lock_downgrade+0x740/0x740 [ 3295.235362] ? do_raw_spin_unlock+0x164/0x220 [ 3295.239853] ? _raw_spin_unlock+0x29/0x40 [ 3295.244289] blkdev_open+0x1cc/0x250 [ 3295.248015] ? security_file_open+0x82/0x190 [ 3295.252408] do_dentry_open+0x44b/0xec0 [ 3295.256429] ? blkdev_get_by_dev+0x70/0x70 [ 3295.260760] vfs_open+0x105/0x220 [ 3295.264469] path_openat+0x628/0x2970 [ 3295.268278] ? path_lookupat+0x780/0x780 [ 3295.272321] ? trace_hardirqs_on+0x10/0x10 [ 3295.276627] ? trace_hardirqs_on+0x10/0x10 [ 3295.280859] do_filp_open+0x179/0x3c0 [ 3295.284731] ? may_open_dev+0xe0/0xe0 [ 3295.288529] ? lock_downgrade+0x740/0x740 [ 3295.292723] ? do_raw_spin_unlock+0x164/0x220 [ 3295.297403] ? _raw_spin_unlock+0x29/0x40 [ 3295.301641] ? __alloc_fd+0x1be/0x490 [ 3295.305508] ? dput.part.0+0x27/0x710 [ 3295.309309] do_sys_open+0x296/0x410 [ 3295.313008] ? filp_open+0x60/0x60 [ 3295.316669] ? do_syscall_64+0x4c/0x640 [ 3295.320724] ? SyS_open+0x30/0x30 [ 3295.324321] do_syscall_64+0x1d5/0x640 [ 3295.328202] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3295.333448] RIP: 0033:0x7f8cc8372024 [ 3295.337159] RSP: 002b:00007ffdcd028970 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 3295.345054] RAX: ffffffffffffffda RBX: 00007ffdcd028a70 RCX: 00007f8cc8372024 [ 3295.352333] RDX: 0000000000000002 RSI: 00007ffdcd028ab0 RDI: 00000000ffffff9c [ 3295.359656] RBP: 00007ffdcd028ab0 R08: 0000000000000000 R09: 00007ffdcd028880 [ 3295.366988] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 3295.374299] R13: 00000000002fc37d R14: 000000000000000a R15: 00007ffdcd028ab0 [ 3295.381586] INFO: task syz-executor.2:7996 blocked for more than 140 seconds. [ 3295.388913] Not tainted 4.14.285-syzkaller #0 [ 3295.393962] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3295.401913] syz-executor.2 D25640 7996 1 0x00000004 [ 3295.407610] Call Trace: [ 3295.410191] __schedule+0x88b/0x1de0 [ 3295.414344] ? __lock_acquire+0x5fc/0x3f20 [ 3295.418661] ? io_schedule_timeout+0x140/0x140 [ 3295.423222] ? lock_downgrade+0x740/0x740 [ 3295.427454] schedule+0x8d/0x1b0 [ 3295.430835] schedule_preempt_disabled+0xf/0x20 [ 3295.435539] __mutex_lock+0x669/0x1310 [ 3295.439417] ? __blkdev_get+0x191/0x1090 [ 3295.443540] ? __mutex_lock+0x270/0x1310 [ 3295.447602] ? lo_open+0x19/0xb0 [ 3295.450992] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 3295.456520] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 3295.461981] ? disk_get_part+0x95/0x140 [ 3295.466049] ? loop_unregister_transfer+0x90/0x90 [ 3295.470889] lo_open+0x19/0xb0 [ 3295.474141] __blkdev_get+0x306/0x1090 [ 3295.478124] ? lookup_fast+0x430/0xe30 [ 3295.482004] ? sb_min_blocksize+0x1d0/0x1d0 [ 3295.486477] ? fsnotify+0x974/0x11b0 [ 3295.490181] blkdev_get+0x88/0x890 [ 3295.493752] ? __blkdev_get+0x1090/0x1090 [ 3295.497886] ? lock_downgrade+0x740/0x740 [ 3295.502099] ? do_raw_spin_unlock+0x164/0x220 [ 3295.506701] ? _raw_spin_unlock+0x29/0x40 [ 3295.510850] blkdev_open+0x1cc/0x250 [ 3295.514629] ? security_file_open+0x82/0x190 [ 3295.519041] do_dentry_open+0x44b/0xec0 [ 3295.523000] ? blkdev_get_by_dev+0x70/0x70 [ 3295.527297] vfs_open+0x105/0x220 [ 3295.530780] path_openat+0x628/0x2970 [ 3295.534658] ? path_lookupat+0x780/0x780 [ 3295.538738] ? trace_hardirqs_on+0x10/0x10 [ 3295.542969] ? trace_hardirqs_on+0x10/0x10 [ 3295.547260] do_filp_open+0x179/0x3c0 [ 3295.551075] ? may_open_dev+0xe0/0xe0 [ 3295.554967] ? lock_downgrade+0x740/0x740 [ 3295.559219] ? do_raw_spin_unlock+0x164/0x220 [ 3295.563793] ? _raw_spin_unlock+0x29/0x40 [ 3295.567930] ? __alloc_fd+0x1be/0x490 [ 3295.571722] ? dput.part.0+0x27/0x710 [ 3295.575604] do_sys_open+0x296/0x410 [ 3295.579336] ? filp_open+0x60/0x60 [ 3295.582859] ? do_syscall_64+0x4c/0x640 [ 3295.586882] ? SyS_open+0x30/0x30 [ 3295.590331] do_syscall_64+0x1d5/0x640 [ 3295.594286] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3295.599466] RIP: 0033:0x7f98012f1024 [ 3295.603155] RSP: 002b:00007ffee77990f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 3295.610966] RAX: ffffffffffffffda RBX: 00007ffee77991f0 RCX: 00007f98012f1024 [ 3295.618284] RDX: 0000000000000002 RSI: 00007ffee7799230 RDI: 00000000ffffff9c [ 3295.625738] RBP: 00007ffee7799230 R08: 0000000000000000 R09: 00007ffee7799000 [ 3295.632997] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 3295.640459] R13: 00000000002fc3a3 R14: 0000000000000004 R15: 00007ffee7799230 [ 3295.647834] INFO: task systemd-udevd:15547 blocked for more than 140 seconds. [ 3295.655261] Not tainted 4.14.285-syzkaller #0 [ 3295.660358] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3295.668603] systemd-udevd D28296 15547 4635 0x00000300 [ 3295.674321] Call Trace: [ 3295.677066] __schedule+0x88b/0x1de0 [ 3295.681771] ? io_schedule_timeout+0x140/0x140 [ 3295.686421] ? lock_downgrade+0x740/0x740 [ 3295.690575] schedule+0x8d/0x1b0 [ 3295.694019] schedule_preempt_disabled+0xf/0x20 [ 3295.698680] __mutex_lock+0x669/0x1310 [ 3295.702559] ? kernel_text_address+0xbd/0xf0 [ 3295.707046] ? __blkdev_get+0x191/0x1090 [ 3295.711105] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 3295.717904] ? exact_match+0x9/0x20 [ 3295.721531] ? disk_block_events+0x1d/0x120 [ 3295.725913] __blkdev_get+0x191/0x1090 [ 3295.729798] ? lookup_fast+0x430/0xe30 [ 3295.733728] ? sb_min_blocksize+0x1d0/0x1d0 [ 3295.738042] ? fsnotify+0x974/0x11b0 [ 3295.741745] blkdev_get+0x88/0x890 [ 3295.745869] ? __blkdev_get+0x1090/0x1090 [ 3295.750123] ? lock_downgrade+0x740/0x740 [ 3295.754340] ? do_raw_spin_unlock+0x164/0x220 [ 3295.758823] ? _raw_spin_unlock+0x29/0x40 [ 3295.762955] blkdev_open+0x1cc/0x250 [ 3295.766718] ? security_file_open+0x82/0x190 [ 3295.771116] do_dentry_open+0x44b/0xec0 [ 3295.775135] ? blkdev_get_by_dev+0x70/0x70 [ 3295.779359] vfs_open+0x105/0x220 [ 3295.782791] path_openat+0x628/0x2970 [ 3295.786637] ? path_lookupat+0x780/0x780 [ 3295.790688] ? trace_hardirqs_on+0x10/0x10 [ 3295.794966] ? copyout+0xc0/0xc0 [ 3295.798323] do_filp_open+0x179/0x3c0 [ 3295.802103] ? may_open_dev+0xe0/0xe0 [ 3295.805964] ? lock_downgrade+0x740/0x740 [ 3295.810105] ? do_raw_spin_unlock+0x164/0x220 [ 3295.814651] ? _raw_spin_unlock+0x29/0x40 [ 3295.818873] ? __alloc_fd+0x1be/0x490 [ 3295.822843] do_sys_open+0x296/0x410 [ 3295.826619] ? filp_open+0x60/0x60 [ 3295.830155] ? do_syscall_64+0x4c/0x640 [ 3295.834323] ? do_sys_open+0x410/0x410 [ 3295.838208] do_syscall_64+0x1d5/0x640 [ 3295.842098] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3295.847341] RIP: 0033:0x7f110bc31840 [ 3295.851040] RSP: 002b:00007ffd03ede638 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 3295.858818] RAX: ffffffffffffffda RBX: 0000562513c9ef10 RCX: 00007f110bc31840 [ 3295.866152] RDX: 0000562513679fe3 RSI: 00000000000a0800 RDI: 0000562513c9cd50 [ 3295.873461] RBP: 00007ffd03ede7b0 R08: 0000562513679670 R09: 0000000000000010 [ 3295.880723] R10: 0000562513679d0c R11: 0000000000000246 R12: 00007ffd03ede700 [ 3295.888128] R13: 0000562513c9ced0 R14: 0000000000000003 R15: 000000000000000e [ 3295.895503] INFO: task systemd-udevd:15548 blocked for more than 140 seconds. [ 3295.902759] Not tainted 4.14.285-syzkaller #0 [ 3295.907856] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3295.915981] systemd-udevd D28216 15548 4635 0x00000300 [ 3295.921975] Call Trace: [ 3295.924636] __schedule+0x88b/0x1de0 [ 3295.928355] ? io_schedule_timeout+0x140/0x140 [ 3295.933019] ? lock_downgrade+0x740/0x740 [ 3295.938493] schedule+0x8d/0x1b0 [ 3295.941856] schedule_preempt_disabled+0xf/0x20 [ 3295.946571] __mutex_lock+0x669/0x1310 [ 3295.950451] ? kernel_text_address+0xbd/0xf0 [ 3295.954930] ? __blkdev_get+0x191/0x1090 [ 3295.958984] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 3295.964525] ? exact_match+0x9/0x20 [ 3295.968152] ? disk_block_events+0x1d/0x120 [ 3295.972468] __blkdev_get+0x191/0x1090 [ 3295.976406] ? lookup_fast+0x430/0xe30 [ 3295.980284] ? sb_min_blocksize+0x1d0/0x1d0 [ 3295.984665] ? fsnotify+0x974/0x11b0 [ 3295.988373] blkdev_get+0x88/0x890 [ 3295.991893] ? __blkdev_get+0x1090/0x1090 [ 3295.996097] ? lock_downgrade+0x740/0x740 [ 3296.000235] ? do_raw_spin_unlock+0x164/0x220 [ 3296.004777] ? _raw_spin_unlock+0x29/0x40 [ 3296.008916] blkdev_open+0x1cc/0x250 [ 3296.012781] ? security_file_open+0x82/0x190 [ 3296.017226] do_dentry_open+0x44b/0xec0 [ 3296.021933] ? blkdev_get_by_dev+0x70/0x70 [ 3296.026215] vfs_open+0x105/0x220 [ 3296.029660] path_openat+0x628/0x2970 [ 3296.033536] ? path_lookupat+0x780/0x780 [ 3296.037588] ? trace_hardirqs_on+0x10/0x10 [ 3296.041804] ? copyout+0xc0/0xc0 [ 3296.045376] do_filp_open+0x179/0x3c0 [ 3296.049174] ? may_open_dev+0xe0/0xe0 [ 3296.052958] ? lock_downgrade+0x740/0x740 [ 3296.057492] ? do_raw_spin_unlock+0x164/0x220 [ 3296.061980] ? _raw_spin_unlock+0x29/0x40 [ 3296.066185] ? __alloc_fd+0x1be/0x490 [ 3296.069993] do_sys_open+0x296/0x410 [ 3296.073759] ? filp_open+0x60/0x60 [ 3296.077289] ? do_syscall_64+0x4c/0x640 [ 3296.081240] ? do_sys_open+0x410/0x410 [ 3296.085194] do_syscall_64+0x1d5/0x640 [ 3296.089076] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3296.094307] RIP: 0033:0x7f110bc31840 [ 3296.098007] RSP: 002b:00007ffd03ede638 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 3296.105787] RAX: ffffffffffffffda RBX: 0000562513c9ef10 RCX: 00007f110bc31840 [ 3296.113054] RDX: 0000562513679fe3 RSI: 00000000000a0800 RDI: 0000562513c9b9b0 [ 3296.121136] RBP: 00007ffd03ede7b0 R08: 0000562513679670 R09: 0000000000000010 [ 3296.128451] R10: 0000562513679d0c R11: 0000000000000246 R12: 00007ffd03ede700 [ 3296.135758] R13: 0000562513c9d2e0 R14: 0000000000000003 R15: 000000000000000e [ 3296.143052] INFO: task systemd-udevd:15762 blocked for more than 140 seconds. [ 3296.150932] Not tainted 4.14.285-syzkaller #0 [ 3296.156002] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3296.164034] systemd-udevd D28576 15762 4635 0x00000300 [ 3296.169656] Call Trace: [ 3296.172225] __schedule+0x88b/0x1de0 [ 3296.175988] ? __lock_acquire+0x5fc/0x3f20 [ 3296.180216] ? io_schedule_timeout+0x140/0x140 [ 3296.184843] ? lock_downgrade+0x740/0x740 [ 3296.188983] schedule+0x8d/0x1b0 [ 3296.192329] schedule_preempt_disabled+0xf/0x20 [ 3296.197153] __mutex_lock+0x669/0x1310 [ 3296.201035] ? __blkdev_get+0x191/0x1090 [ 3296.205441] ? __mutex_lock+0x270/0x1310 [ 3296.209513] ? lo_open+0x19/0xb0 [ 3296.212871] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 3296.218373] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 3296.223906] ? disk_get_part+0x95/0x140 [ 3296.227891] ? loop_unregister_transfer+0x90/0x90 [ 3296.232717] lo_open+0x19/0xb0 [ 3296.235991] __blkdev_get+0x306/0x1090 [ 3296.239969] ? lookup_fast+0x430/0xe30 [ 3296.243913] ? sb_min_blocksize+0x1d0/0x1d0 [ 3296.248225] ? fsnotify+0x974/0x11b0 [ 3296.251926] blkdev_get+0x88/0x890 [ 3296.255676] ? __blkdev_get+0x1090/0x1090 [ 3296.259815] ? lock_downgrade+0x740/0x740 [ 3296.264026] ? do_raw_spin_unlock+0x164/0x220 [ 3296.268513] ? _raw_spin_unlock+0x29/0x40 [ 3296.272645] blkdev_open+0x1cc/0x250 [ 3296.276397] ? security_file_open+0x82/0x190 [ 3296.280823] do_dentry_open+0x44b/0xec0 [ 3296.284849] ? blkdev_get_by_dev+0x70/0x70 [ 3296.289074] vfs_open+0x105/0x220 [ 3296.292510] path_openat+0x628/0x2970 [ 3296.296368] ? path_lookupat+0x780/0x780 [ 3296.300417] ? trace_hardirqs_on+0x10/0x10 [ 3296.305393] ? copyout+0xc0/0xc0 [ 3296.308763] do_filp_open+0x179/0x3c0 [ 3296.312699] ? may_open_dev+0xe0/0xe0 [ 3296.316579] ? lock_downgrade+0x740/0x740 [ 3296.320719] ? do_raw_spin_unlock+0x164/0x220 [ 3296.326224] ? _raw_spin_unlock+0x29/0x40 [ 3296.330365] ? __alloc_fd+0x1be/0x490 [ 3296.334344] do_sys_open+0x296/0x410 [ 3296.338061] ? filp_open+0x60/0x60 [ 3296.341588] ? do_syscall_64+0x4c/0x640 [ 3296.345618] ? do_sys_open+0x410/0x410 [ 3296.349500] do_syscall_64+0x1d5/0x640 [ 3296.353443] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3296.358653] RIP: 0033:0x7f110bc31840 [ 3296.362349] RSP: 002b:00007ffd03ede638 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 3296.370113] RAX: ffffffffffffffda RBX: 0000562513c9b8c0 RCX: 00007f110bc31840 [ 3296.377437] RDX: 0000562513679fe3 RSI: 00000000000a0800 RDI: 0000562513c9d140 [ 3296.384893] RBP: 00007ffd03ede7b0 R08: 0000562513679670 R09: 0000000000000010 [ 3296.392161] R10: 0000562513679d0c R11: 0000000000000246 R12: 00007ffd03ede700 [ 3296.399482] R13: 0000562513c9ee30 R14: 0000000000000003 R15: 000000000000000e [ 3296.407113] INFO: task systemd-udevd:16030 blocked for more than 140 seconds. [ 3296.414736] Not tainted 4.14.285-syzkaller #0 [ 3296.419879] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3296.428148] systemd-udevd D28080 16030 4635 0x00000300 [ 3296.433937] Call Trace: [ 3296.436524] __schedule+0x88b/0x1de0 [ 3296.440221] ? io_schedule_timeout+0x140/0x140 [ 3296.444959] ? lock_downgrade+0x740/0x740 [ 3296.449297] schedule+0x8d/0x1b0 [ 3296.452816] schedule_preempt_disabled+0xf/0x20 [ 3296.457627] __mutex_lock+0x669/0x1310 [ 3296.461506] ? __blkdev_get+0x191/0x1090 [ 3296.465829] ? __mutex_lock+0x270/0x1310 [ 3296.469967] ? lo_open+0x19/0xb0 [ 3296.473386] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 3296.478852] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 3296.484398] ? exact_match+0x9/0x20 [ 3296.488024] ? kobj_lookup+0x31e/0x400 [ 3296.491971] lo_open+0x19/0xb0 [ 3296.495274] ? loop_unregister_transfer+0x90/0x90 [ 3296.500116] __blkdev_get+0xa8c/0x1090 [ 3296.504083] ? lookup_fast+0x430/0xe30 [ 3296.507966] ? sb_min_blocksize+0x1d0/0x1d0 [ 3296.512297] ? fsnotify+0x974/0x11b0 [ 3296.516054] blkdev_get+0x88/0x890 [ 3296.519587] ? __blkdev_get+0x1090/0x1090 [ 3296.523800] ? lock_downgrade+0x740/0x740 [ 3296.527955] ? do_raw_spin_unlock+0x164/0x220 [ 3296.532438] ? _raw_spin_unlock+0x29/0x40 [ 3296.536662] blkdev_open+0x1cc/0x250 [ 3296.540366] ? security_file_open+0x82/0x190 [ 3296.544829] do_dentry_open+0x44b/0xec0 [ 3296.548795] ? blkdev_get_by_dev+0x70/0x70 [ 3296.553012] vfs_open+0x105/0x220 [ 3296.556507] path_openat+0x628/0x2970 [ 3296.560329] ? path_lookupat+0x780/0x780 [ 3296.564459] ? trace_hardirqs_on+0x10/0x10 [ 3296.568698] ? copyout+0xc0/0xc0 [ 3296.572059] do_filp_open+0x179/0x3c0 [ 3296.575929] ? may_open_dev+0xe0/0xe0 [ 3296.579739] ? lock_downgrade+0x740/0x740 [ 3296.583959] ? do_raw_spin_unlock+0x164/0x220 [ 3296.588449] ? _raw_spin_unlock+0x29/0x40 [ 3296.592586] ? __alloc_fd+0x1be/0x490 [ 3296.596529] do_sys_open+0x296/0x410 [ 3296.600254] ? filp_open+0x60/0x60 [ 3296.604013] ? do_syscall_64+0x4c/0x640 [ 3296.607976] ? do_sys_open+0x410/0x410 [ 3296.611963] do_syscall_64+0x1d5/0x640 [ 3296.616014] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3296.621274] RIP: 0033:0x7f110bc31840 [ 3296.625033] RSP: 002b:00007ffd03ede638 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 3296.632730] RAX: ffffffffffffffda RBX: 0000562513c9cf40 RCX: 00007f110bc31840 [ 3296.640137] RDX: 0000562513679fe3 RSI: 00000000000a0800 RDI: 0000562513c8c4e0 [ 3296.647456] RBP: 00007ffd03ede7b0 R08: 0000562513679670 R09: 0000000000000010 [ 3296.654868] R10: 0000562513679d0c R11: 0000000000000246 R12: 00007ffd03ede700 [ 3296.662126] R13: 0000562513c9b880 R14: 0000000000000003 R15: 000000000000000e [ 3296.669554] INFO: task systemd-udevd:16862 blocked for more than 140 seconds. [ 3296.676998] Not tainted 4.14.285-syzkaller #0 [ 3296.682012] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3296.690137] systemd-udevd D28128 16862 4635 0x00000300 [ 3296.695818] Call Trace: [ 3296.698470] __schedule+0x88b/0x1de0 [ 3296.702165] ? __lock_acquire+0x5fc/0x3f20 [ 3296.706442] ? io_schedule_timeout+0x140/0x140 [ 3296.711019] ? lock_downgrade+0x740/0x740 [ 3296.715227] schedule+0x8d/0x1b0 [ 3296.718580] schedule_preempt_disabled+0xf/0x20 [ 3296.723224] __mutex_lock+0x669/0x1310 [ 3296.727180] ? __blkdev_get+0x191/0x1090 [ 3296.731238] ? __mutex_lock+0x270/0x1310 [ 3296.735353] ? lo_open+0x19/0xb0 [ 3296.738710] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 3296.744276] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 3296.749720] ? disk_get_part+0x95/0x140 [ 3296.753758] ? loop_unregister_transfer+0x90/0x90 [ 3296.758590] lo_open+0x19/0xb0 [ 3296.761782] __blkdev_get+0x306/0x1090 [ 3296.765718] ? lookup_fast+0x430/0xe30 [ 3296.769595] ? sb_min_blocksize+0x1d0/0x1d0 [ 3296.773963] ? fsnotify+0x974/0x11b0 [ 3296.777664] blkdev_get+0x88/0x890 [ 3296.781184] ? __blkdev_get+0x1090/0x1090 [ 3296.785766] ? lock_downgrade+0x740/0x740 [ 3296.789918] ? do_raw_spin_unlock+0x164/0x220 [ 3296.794471] ? _raw_spin_unlock+0x29/0x40 [ 3296.798696] blkdev_open+0x1cc/0x250 [ 3296.802390] ? security_file_open+0x82/0x190 [ 3296.806854] do_dentry_open+0x44b/0xec0 [ 3296.810821] ? blkdev_get_by_dev+0x70/0x70 [ 3296.815126] vfs_open+0x105/0x220 [ 3296.818573] path_openat+0x628/0x2970 [ 3296.822369] ? path_lookupat+0x780/0x780 [ 3296.826476] ? trace_hardirqs_on+0x10/0x10 [ 3296.830743] ? copyout+0xc0/0xc0 [ 3296.834152] do_filp_open+0x179/0x3c0 [ 3296.837944] ? may_open_dev+0xe0/0xe0 [ 3296.841756] ? lock_downgrade+0x740/0x740 [ 3296.845973] ? do_raw_spin_unlock+0x164/0x220 [ 3296.850567] ? _raw_spin_unlock+0x29/0x40 [ 3296.854820] ? __alloc_fd+0x1be/0x490 [ 3296.858638] do_sys_open+0x296/0x410 [ 3296.862334] ? filp_open+0x60/0x60 [ 3296.865933] ? do_syscall_64+0x4c/0x640 [ 3296.869993] ? do_sys_open+0x410/0x410 [ 3296.874026] do_syscall_64+0x1d5/0x640 [ 3296.877904] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3296.883460] RIP: 0033:0x7f110bc31840 [ 3296.887184] RSP: 002b:00007ffd03ede638 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 3296.895833] RAX: ffffffffffffffda RBX: 0000562513c9d140 RCX: 00007f110bc31840 [ 3296.903099] RDX: 0000562513679fe3 RSI: 00000000000a0800 RDI: 0000562513c8a980 [ 3296.910436] RBP: 00007ffd03ede7b0 R08: 0000562513679670 R09: 0000000000000010 [ 3296.918180] R10: 0000562513679d0c R11: 0000000000000246 R12: 00007ffd03ede700 [ 3296.925691] R13: 0000562513c986e0 R14: 0000000000000003 R15: 000000000000000e [ 3296.932995] INFO: task syz-executor.4:20834 blocked for more than 140 seconds. [ 3296.940588] Not tainted 4.14.285-syzkaller #0 [ 3296.945666] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3296.953685] syz-executor.4 D28752 20834 7997 0x00000004 [ 3296.959305] Call Trace: [ 3296.961873] __schedule+0x88b/0x1de0 [ 3296.965640] ? futex_wait_setup+0x260/0x260 [ 3296.969955] ? io_schedule_timeout+0x140/0x140 [ 3296.974600] ? lock_downgrade+0x740/0x740 [ 3296.978746] schedule+0x8d/0x1b0 [ 3296.982095] schedule_preempt_disabled+0xf/0x20 [ 3296.986842] __mutex_lock+0x669/0x1310 [ 3296.990723] ? loop_control_ioctl+0x181/0x3f0 [ 3296.995261] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 3297.000715] ? loop_queue_work+0x21e0/0x21e0 [ 3297.005183] loop_control_ioctl+0x181/0x3f0 [ 3297.009509] ? loop_lookup+0x190/0x190 [ 3297.013456] ? loop_lookup+0x190/0x190 [ 3297.017350] do_vfs_ioctl+0x75a/0xff0 [ 3297.021130] ? lock_acquire+0x170/0x3f0 [ 3297.025143] ? ioctl_preallocate+0x1a0/0x1a0 [ 3297.029567] ? __fget+0x265/0x3e0 [ 3297.033000] ? do_vfs_ioctl+0xff0/0xff0 [ 3297.037051] ? security_file_ioctl+0x83/0xb0 [ 3297.041469] SyS_ioctl+0x7f/0xb0 [ 3297.044989] ? do_vfs_ioctl+0xff0/0xff0 [ 3297.048958] do_syscall_64+0x1d5/0x640 [ 3297.052842] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3297.058067] RIP: 0033:0x7fc500a72109 [ 3297.061856] RSP: 002b:00007fc4ff3e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3297.069607] RAX: ffffffffffffffda RBX: 00007fc500b84f60 RCX: 00007fc500a72109 [ 3297.076941] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000006 [ 3297.084262] RBP: 00007fc500acc05d R08: 0000000000000000 R09: 0000000000000000 [ 3297.091520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3297.098973] R13: 00007ffc09c7c8af R14: 00007fc4ff3e7300 R15: 0000000000022000 [ 3297.106327] INFO: task syz-executor.0:20847 blocked for more than 140 seconds. [ 3297.113751] Not tainted 4.14.285-syzkaller #0 [ 3297.118759] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3297.126775] syz-executor.0 D29184 20847 7992 0x00000004 [ 3297.132396] Call Trace: [ 3297.135026] __schedule+0x88b/0x1de0 [ 3297.138840] ? io_schedule_timeout+0x140/0x140 [ 3297.143472] ? lock_downgrade+0x740/0x740 [ 3297.147632] schedule+0x8d/0x1b0 [ 3297.151014] schedule_preempt_disabled+0xf/0x20 [ 3297.155725] __mutex_lock+0x669/0x1310 [ 3297.159611] ? blkdev_reread_part+0x1b/0x40 [ 3297.163989] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 3297.169437] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 3297.174603] ? __wake_up_common+0x5d0/0x5d0 [ 3297.178916] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 3297.184078] blkdev_reread_part+0x1b/0x40 [ 3297.188302] loop_set_status+0xeeb/0x12b0 [ 3297.192545] loop_set_status64+0x92/0xe0 [ 3297.196670] ? loop_set_status_old+0x200/0x200 [ 3297.201242] ? __mutex_lock+0x360/0x1310 [ 3297.205376] ? wait_for_completion_io+0x10/0x10 [ 3297.210036] lo_ioctl+0x587/0x1cd0 [ 3297.213633] ? loop_set_status64+0xe0/0xe0 [ 3297.217955] blkdev_ioctl+0x540/0x1830 [ 3297.221833] ? blkpg_ioctl+0x8d0/0x8d0 [ 3297.225765] ? trace_hardirqs_on+0x10/0x10 [ 3297.230104] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 3297.235247] ? debug_check_no_obj_freed+0x2c0/0x680 [ 3297.240271] block_ioctl+0xd9/0x120 [ 3297.243954] ? blkdev_fallocate+0x3a0/0x3a0 [ 3297.248291] do_vfs_ioctl+0x75a/0xff0 [ 3297.252072] ? lock_acquire+0x170/0x3f0 [ 3297.256097] ? ioctl_preallocate+0x1a0/0x1a0 [ 3297.260498] ? __fget+0x265/0x3e0 [ 3297.264046] ? do_vfs_ioctl+0xff0/0xff0 [ 3297.268018] ? security_file_ioctl+0x83/0xb0 [ 3297.272421] SyS_ioctl+0x7f/0xb0 [ 3297.275843] ? do_vfs_ioctl+0xff0/0xff0 [ 3297.279806] do_syscall_64+0x1d5/0x640 [ 3297.283748] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 3297.288933] RIP: 0033:0x7f3466c22ec7 [ 3297.292663] RSP: 002b:00007f3465597ed8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010 [ 3297.300404] RAX: ffffffffffffffda RBX: 00007f3465597f20 RCX: 00007f3466c22ec7 [ 3297.307926] RDX: 00007f3465598030 RSI: 0000000000004c04 RDI: 0000000000000004 [ 3297.315239] RBP: 00007f3466c7d05d R08: 0000000000000000 R09: 0000000000000000 [ 3297.322501] R10: 0000000000000000 R11: 0000000000000202 R12: 00007f3465598030 [ 3297.329814] R13: 00007ffca69f96cf R14: 00007f3465598300 R15: 0000000000022000 [ 3297.337159] [ 3297.337159] Showing all locks held in the system: [ 3297.343551] 1 lock held by khungtaskd/1527: [ 3297.348066] #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7c/0x21a [ 3297.357186] 1 lock held by syz-executor.1/7993: [ 3297.362710] #0: (&bdev->bd_mutex){+.+.}, at: [] __blkdev_get+0x191/0x1090 [ 3297.371443] 2 locks held by syz-executor.5/7995: [ 3297.376271] #0: (&bdev->bd_mutex){+.+.}, at: [] __blkdev_get+0x191/0x1090 [ 3297.385007] #1: (loop_index_mutex){+.+.}, at: [] lo_open+0x19/0xb0 [ 3297.393168] 2 locks held by syz-executor.2/7996: [ 3297.397972] #0: (&bdev->bd_mutex){+.+.}, at: [] __blkdev_get+0x191/0x1090 [ 3297.406732] #1: (loop_index_mutex){+.+.}, at: [] lo_open+0x19/0xb0 [ 3297.414856] 1 lock held by systemd-udevd/15547: [ 3297.419622] #0: (&bdev->bd_mutex){+.+.}, at: [] __blkdev_get+0x191/0x1090 [ 3297.428472] 1 lock held by systemd-udevd/15548: [ 3297.433128] #0: (&bdev->bd_mutex){+.+.}, at: [] __blkdev_get+0x191/0x1090 [ 3297.441862] 2 locks held by systemd-udevd/15762: [ 3297.446658] #0: (&bdev->bd_mutex){+.+.}, at: [] __blkdev_get+0x191/0x1090 [ 3297.455377] #1: (loop_index_mutex){+.+.}, at: [] lo_open+0x19/0xb0 [ 3297.463611] 2 locks held by systemd-udevd/16030: [ 3297.468348] #0: (&bdev->bd_mutex){+.+.}, at: [] __blkdev_get+0x191/0x1090 [ 3297.477061] #1: (loop_index_mutex){+.+.}, at: [] lo_open+0x19/0xb0 [ 3297.485184] 2 locks held by systemd-udevd/16862: [ 3297.489919] #0: (&bdev->bd_mutex){+.+.}, at: [] __blkdev_get+0x191/0x1090 [ 3297.498649] #1: (loop_index_mutex){+.+.}, at: [] lo_open+0x19/0xb0 [ 3297.506802] 2 locks held by syz-executor.4/20834: [ 3297.511726] #0: (loop_index_mutex){+.+.}, at: [] loop_control_ioctl+0x67/0x3f0 [ 3297.520929] #1: (&lo->lo_ctl_mutex){+.+.}, at: [] loop_control_ioctl+0x181/0x3f0 [ 3297.530285] 2 locks held by syz-executor.0/20847: [ 3297.535181] #0: (&lo->lo_ctl_mutex/1){+.+.}, at: [] lo_ioctl+0x87/0x1cd0 [ 3297.543827] #1: (&bdev->bd_mutex){+.+.}, at: [] blkdev_reread_part+0x1b/0x40 [ 3297.552758] [ 3297.554453] ============================================= [ 3297.554453] [ 3297.561528] NMI backtrace for cpu 1 [ 3297.565281] CPU: 1 PID: 1527 Comm: khungtaskd Not tainted 4.14.285-syzkaller #0 [ 3297.572720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3297.582057] Call Trace: [ 3297.584634] dump_stack+0x1b2/0x281 [ 3297.588248] nmi_cpu_backtrace.cold+0x57/0x93 [ 3297.592722] ? irq_force_complete_move+0x350/0x350 [ 3297.597640] nmi_trigger_cpumask_backtrace+0x13a/0x180 [ 3297.602969] watchdog+0x5b9/0xb40 [ 3297.606437] ? hungtask_pm_notify+0x50/0x50 [ 3297.610742] kthread+0x30d/0x420 [ 3297.614180] ? kthread_create_on_node+0xd0/0xd0 [ 3297.618835] ret_from_fork+0x24/0x30 [ 3297.622714] Sending NMI from CPU 1 to CPUs 0: [ 3297.627375] NMI backtrace for cpu 0 [ 3297.627380] CPU: 0 PID: 7689 Comm: rs:main Q:Reg Not tainted 4.14.285-syzkaller #0 [ 3297.627384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3297.627387] task: ffff8880913f23c0 task.stack: ffff8880a2688000 [ 3297.627389] RIP: 0033:0x558b72d8aa95 [ 3297.627392] RSP: 002b:00007f86ccfc5910 EFLAGS: 00000202 [ 3297.627397] RAX: b939093a1e62e600 RBX: 0000558b732eb230 RCX: 00007f86ccfc5980 [ 3297.627400] RDX: 00007f86c0003210 RSI: 0000558b732de220 RDI: 0000558b732eb230 [ 3297.627404] RBP: 00007f86c0003210 R08: 0000000000000000 R09: 0000000000000000 [ 3297.627407] R10: 0000558b72fdc280 R11: 0000000000000000 R12: 00007f86ccfc5980 [ 3297.627410] R13: 0000558b732de220 R14: 0000558b732eb230 R15: 0000558b732de250 [ 3297.627414] FS: 00007f86ccfc6700(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000 [ 3297.627417] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3297.627420] CR2: 00007f4a77efa000 CR3: 00000000b4920000 CR4: 00000000003406f0 [ 3297.627424] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 3297.627427] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 3297.628829] Kernel panic - not syncing: hung_task: blocked tasks [ 3297.741516] CPU: 1 PID: 1527 Comm: khungtaskd Not tainted 4.14.285-syzkaller #0 [ 3297.748943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 3297.758274] Call Trace: [ 3297.760845] dump_stack+0x1b2/0x281 [ 3297.764467] panic+0x1f9/0x42d [ 3297.767804] ? add_taint.cold+0x16/0x16 [ 3297.771772] watchdog+0x5ca/0xb40 [ 3297.775219] ? hungtask_pm_notify+0x50/0x50 [ 3297.779522] kthread+0x30d/0x420 [ 3297.782870] ? kthread_create_on_node+0xd0/0xd0 [ 3297.787523] ret_from_fork+0x24/0x30 [ 3297.791412] Kernel Offset: disabled [ 3297.795028] Rebooting in 86400 seconds..