Warning: Permanently added '10.128.1.90' (ED25519) to the list of known hosts. [ 44.222692][ T6246] input: syz1 as /devices/virtual/input/input2 executing program executing program [ 44.228133][ T6247] input: syz1 as /devices/virtual/input/input3 executing program [ 44.231907][ T6250] input: syz1 as /devices/virtual/input/input4 executing program executing program [ 44.240839][ T6252] input: syz1 as /devices/virtual/input/input6 [ 44.243290][ T6247] loop1: detected capacity change from 0 to 512 [ 44.247273][ T6251] input: syz1 as /devices/virtual/input/input5 [ 44.256196][ T6246] loop0: detected capacity change from 0 to 512 [ 44.263212][ T6250] loop2: detected capacity change from 0 to 512 [ 44.269024][ T6252] loop4: detected capacity change from 0 to 512 [ 44.276118][ T6251] loop3: detected capacity change from 0 to 512 [ 44.282345][ T6246] EXT4-fs error (device loop0): ext4_orphan_get:1394: inode #15: comm syz-executor561: casefold flag without casefold feature [ 44.283670][ T6251] EXT4-fs error (device loop3): ext4_orphan_get:1394: inode #15: comm syz-executor561: casefold flag without casefold feature [ 44.290229][ T6251] EXT4-fs error (device loop3): ext4_orphan_get:1399: comm syz-executor561: couldn't read orphan inode 15 (err -117) [ 44.293741][ T6251] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 44.295336][ T6247] EXT4-fs error (device loop1): ext4_orphan_get:1394: inode #15: comm syz-executor561: casefold flag without casefold feature [ 44.300767][ T6246] EXT4-fs error (device loop0): ext4_orphan_get:1399: comm syz-executor561: couldn't read orphan inode 15 (err -117) [ 44.307785][ T6252] EXT4-fs error (device loop4): ext4_orphan_get:1394: inode #15: comm syz-executor561: casefold flag without casefold feature [ 44.311394][ T6250] EXT4-fs error (device loop2): ext4_orphan_get:1394: inode #15: comm syz-executor561: casefold flag without casefold feature [ 44.315128][ T6247] EXT4-fs error (device loop1): ext4_orphan_get:1399: comm syz-executor561: couldn't read orphan inode 15 (err -117) [ 44.318717][ T6246] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 44.322224][ T6250] EXT4-fs error (device loop2): ext4_orphan_get:1399: comm syz-executor561: couldn't read orphan inode 15 (err -117) [ 44.325696][ T6252] EXT4-fs error (device loop4): ext4_orphan_get:1399: comm syz-executor561: couldn't read orphan inode 15 (err -117) [ 44.330354][ T6247] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 44.334326][ T6250] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 44.337702][ T6252] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. executing program [ 44.387759][ T6261] input: syz1 as /devices/virtual/input/input7 executing program [ 44.448421][ T6266] input: syz1 as /devices/virtual/input/input8 executing program [ 44.459446][ T6270] input: syz1 as /devices/virtual/input/input9 executing program [ 44.511523][ T6271] input: syz1 as /devices/virtual/input/input10 executing program [ 44.555171][ T6272] input: syz1 as /devices/virtual/input/input11 [ 44.588286][ T6273] input: syz1 as /devices/virtual/input/input12 executing program executing program [ 44.621894][ T6274] input: syz1 as /devices/virtual/input/input13 executing program [ 44.684801][ T6275] input: syz1 as /devices/virtual/input/input14 executing program [ 44.727560][ T6276] input: syz1 as /devices/virtual/input/input15 executing program [ 44.772296][ T6277] input: syz1 as /devices/virtual/input/input16 executing program [ 44.814845][ T6278] input: syz1 as /devices/virtual/input/input17 executing program [ 44.852159][ T6279] input: syz1 as /devices/virtual/input/input18 executing program [ 44.912509][ T6280] input: syz1 as /devices/virtual/input/input19 executing program [ 44.965965][ T6281] input: syz1 as /devices/virtual/input/input20 executing program [ 45.014791][ T6282] input: syz1 as /devices/virtual/input/input21 executing program [ 45.060617][ T6283] input: syz1 as /devices/virtual/input/input22 executing program executing program [ 45.160323][ T6284] input: syz1 as /devices/virtual/input/input23 [ 45.208195][ T6285] input: syz1 as /devices/virtual/input/input24 executing program [ 45.220387][ T6286] input: syz1 as /devices/virtual/input/input25 executing program [ 45.271077][ T6287] input: syz1 as /devices/virtual/input/input26 executing program [ 45.321397][ T6288] input: syz1 as /devices/virtual/input/input27 executing program [ 45.377774][ T6289] input: syz1 as /devices/virtual/input/input28 executing program [ 45.436623][ T6290] [ 45.437277][ T6290] ====================================================== [ 45.439217][ T6290] WARNING: possible circular locking dependency detected [ 45.441082][ T6290] 6.9.0-rc4-syzkaller-g6a71d2909427 #0 Not tainted [ 45.442958][ T6290] ------------------------------------------------------ [ 45.444816][ T6290] syz-executor561/6290 is trying to acquire lock: [ 45.445886][ T6288] Unable to handle kernel paging request at virtual address fffffffffffffff8 [ 45.446717][ T6290] ffff0000da061870 [ 45.449202][ T6288] KASAN: maybe wild-memory-access in range [0x0003ffffffffffc0-0x0003ffffffffffc7] [ 45.449218][ T6288] Mem abort info: [ 45.450196][ T6290] (&newdev->mutex [ 45.452630][ T6288] ESR = 0x0000000096000006 [ 45.453597][ T6290] ){+.+.}-{3:3} [ 45.454609][ T6288] EC = 0x25: DABT (current EL), IL = 32 bits [ 45.455840][ T6290] , at: uinput_request_submit+0x188/0x654 [ 45.456755][ T6288] SET = 0, FnV = 0 [ 45.458383][ T6290] [ 45.458383][ T6290] but task is already holding lock: [ 45.459942][ T6288] EA = 0, S1PTW = 0 [ 45.460958][ T6290] ffff0000da0610b0 [ 45.462979][ T6288] FSC = 0x06: level 2 translation fault [ 45.464009][ T6290] ( [ 45.464935][ T6288] Data abort info: [ 45.466360][ T6290] &ff->mutex [ 45.467109][ T6288] ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000 [ 45.467916][ T6290] ){+.+.}-{3:3} [ 45.468731][ T6288] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 45.470480][ T6290] , at: input_ff_upload+0x31c/0x834 [ 45.471408][ T6288] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 45.472899][ T6290] [ 45.472899][ T6290] which lock already depends on the new lock. [ 45.472899][ T6290] [ 45.474319][ T6288] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000001ad5bd000 [ 45.476093][ T6290] [ 45.476093][ T6290] the existing dependency chain (in reverse order) is: [ 45.478884][ T6288] [fffffffffffffff8] pgd=0000000000000000 [ 45.480926][ T6290] [ 45.480926][ T6290] -> #3 [ 45.483300][ T6288] , p4d=00000001b0d98003 [ 45.484862][ T6290] ( [ 45.485945][ T6288] , pud=00000001b0d99003 [ 45.487065][ T6290] &ff->mutex [ 45.487718][ T6288] , pmd=0000000000000000 [ 45.488858][ T6290] ){+.+.}-{3:3} [ 45.489686][ T6288] [ 45.490776][ T6290] : [ 45.491707][ T6288] Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP [ 45.492326][ T6290] __mutex_lock_common+0x190/0x21a0 [ 45.493000][ T6288] Modules linked in: [ 45.495002][ T6290] mutex_lock_nested+0x2c/0x38 [ 45.496574][ T6288] [ 45.497601][ T6290] input_ff_flush+0x64/0x150 [ 45.498997][ T6288] CPU: 1 PID: 6288 Comm: syz-executor561 Not tainted 6.9.0-rc4-syzkaller-g6a71d2909427 #0 [ 45.499626][ T6290] uinput_dev_flush+0x30/0x4c [ 45.500963][ T6288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 45.503657][ T6290] input_flush_device+0xa4/0xd4 [ 45.505032][ T6288] pstate: 004010c5 (nzcv daIF +PAN -UAO -TCO -DIT +SSBS BTYPE=--) [ 45.507735][ T6290] evdev_release+0xec/0x2ec [ 45.509196][ T6288] pc : complete+0xa8/0x1a4 [ 45.511285][ T6290] __fput+0x30c/0x738 [ 45.512613][ T6288] lr : complete+0x34/0x1a4 [ 45.513788][ T6290] __fput_sync+0x60/0x9c [ 45.514942][ T6288] sp : ffff80009ce879b0 [ 45.516149][ T6290] __arm64_sys_close+0x150/0x1e0 [ 45.517443][ T6288] x29: ffff80009ce879b0 [ 45.518601][ T6290] invoke_syscall+0x98/0x2b8 [ 45.520090][ T6288] x28: ffff0000c18fcfe0 [ 45.521197][ T6290] el0_svc_common+0x130/0x23c [ 45.522573][ T6288] x27: 1fffe00019fd61c3 [ 45.523614][ T6290] do_el0_svc+0x48/0x58 [ 45.525057][ T6288] [ 45.526118][ T6290] el0_svc+0x54/0x168 [ 45.527342][ T6288] x26: 1fffe0001b40c300 [ 45.527957][ T6290] el0t_64_sync_handler+0x84/0xfc [ 45.529150][ T6288] x25: dfff800000000000 [ 45.530239][ T6290] el0t_64_sync+0x190/0x194 [ 45.531649][ T6288] x24: dfff800000000000 [ 45.532736][ T6290] [ 45.532736][ T6290] -> #2 [ 45.534088][ T6288] [ 45.535192][ T6290] ( [ 45.536490][ T6288] x23: ffff0000da061b50 [ 45.537079][ T6290] &dev->mutex [ 45.537700][ T6288] x22: ffff8000981f78d8 [ 45.538762][ T6290] #2 [ 45.539652][ T6288] x21: 0000000000000000 [ 45.540742][ T6290] ){+.+.}-{3:3} [ 45.541347][ T6288] [ 45.542516][ T6290] : [ 45.542523][ T6290] __mutex_lock_common+0x190/0x21a0 [ 45.543505][ T6288] x20: 0000000000000000 [ 45.544122][ T6290] mutex_lock_interruptible_nested+0x2c/0x38 [ 45.544755][ T6288] x19: ffff8000981f7898 [ 45.546284][ T6290] input_register_handle+0x74/0x2d0 [ 45.547401][ T6288] x18: 0000000000000000 [ 45.549104][ T6290] kbd_connect+0xc4/0x13c [ 45.550220][ T6288] [ 45.551750][ T6290] input_register_device+0xac0/0xde8 [ 45.552889][ T6288] x17: 0000000000000000 [ 45.554148][ T6290] acpi_button_add+0x5bc/0x9e4 [ 45.554756][ T6288] x16: ffff80008034cd74 [ 45.556320][ T6290] acpi_device_probe+0xa8/0x284 [ 45.557537][ T6288] x15: ffff7000139d0f1c [ 45.559036][ T6290] really_probe+0x394/0x904 [ 45.560141][ T6288] [ 45.561593][ T6290] __driver_probe_device+0x194/0x374 [ 45.562686][ T6288] x14: 1ffff000139d0f1c [ 45.564040][ T6290] driver_probe_device+0x78/0x330 [ 45.564643][ T6288] x13: 0000000000000004 [ 45.566252][ T6290] __driver_attach+0x3dc/0x648 [ 45.567340][ T6288] x12: ffffffffffffffff [ 45.568900][ T6290] bus_for_each_dev+0x20c/0x298 [ 45.570011][ T6288] [ 45.571468][ T6290] driver_attach+0x4c/0x5c [ 45.572548][ T6288] x11: ffff7000139d0f1c [ 45.574073][ T6290] bus_add_driver+0x2f0/0x58c [ 45.574649][ T6288] x10: 1ffff000139d0f1c [ 45.575947][ T6290] driver_register+0x220/0x30c [ 45.577037][ T6288] x9 : 0000000000000000 [ 45.578489][ T6290] acpi_bus_register_driver+0xf8/0x11c [ 45.579601][ T6288] [ 45.581088][ T6290] acpi_button_driver_init+0xd4/0x10c [ 45.582212][ T6288] x8 : 0000000000000000 [ 45.583772][ T6290] do_one_initcall+0x254/0x9e4 [ 45.584377][ T6288] x7 : 0000000000000000 [ 45.585922][ T6290] do_initcall_level+0x154/0x214 [ 45.586992][ T6288] x6 : ffff80008030a1c8 [ 45.588360][ T6290] do_initcalls+0x58/0xac [ 45.589459][ T6288] [ 45.590937][ T6290] do_basic_setup+0x8c/0xa0 [ 45.592101][ T6288] x5 : 0000000000000000 [ 45.593419][ T6290] kernel_init_freeable+0x324/0x478 [ 45.594078][ T6288] x4 : 0000000000000001 [ 45.595407][ T6290] kernel_init+0x24/0x29c [ 45.596521][ T6288] x3 : ffff80008034cea4 [ 45.598070][ T6290] ret_from_fork+0x10/0x20 [ 45.599136][ T6288] [ 45.600385][ T6290] [ 45.600385][ T6290] -> #1 [ 45.601554][ T6288] x2 : 0000000000000001 [ 45.602931][ T6290] ( [ 45.603504][ T6288] x1 : 0000000000000000 [ 45.604874][ T6290] input_mutex [ 45.605949][ T6288] x0 : fffffffffffffff8 [ 45.606618][ T6290] ){+.+.}-{3:3} [ 45.607701][ T6288] [ 45.608587][ T6290] : [ 45.609712][ T6288] Call trace: [ 45.610597][ T6290] __mutex_lock_common+0x190/0x21a0 [ 45.611207][ T6288] complete+0xa8/0x1a4 [ 45.611855][ T6290] mutex_lock_interruptible_nested+0x2c/0x38 [ 45.612685][ T6288] uinput_destroy_device+0x100/0x79c [ 45.614240][ T6290] input_register_device+0x8dc/0xde8 [ 45.615270][ T6288] uinput_release+0x44/0x60 [ 45.617012][ T6290] uinput_create_device+0x360/0x528 [ 45.618334][ T6288] __fput+0x30c/0x738 [ 45.619929][ T6290] uinput_ioctl_handler+0x8b0/0x16c0 [ 45.621175][ T6288] ____fput+0x20/0x30 [ 45.622619][ T6290] uinput_ioctl+0x38/0x4c [ 45.623738][ T6288] task_work_run+0x230/0x2e0 [ 45.625288][ T6290] __arm64_sys_ioctl+0x14c/0x1c8 [ 45.626339][ T6288] do_exit+0x4e4/0x1ac8 [ 45.627708][ T6290] invoke_syscall+0x98/0x2b8 [ 45.628928][ T6288] do_group_exit+0x194/0x22c [ 45.630381][ T6290] el0_svc_common+0x130/0x23c [ 45.631481][ T6288] pid_child_should_wake+0x0/0x1dc [ 45.632821][ T6290] do_el0_svc+0x48/0x58 [ 45.633996][ T6288] invoke_syscall+0x98/0x2b8 [ 45.635390][ T6290] el0_svc+0x54/0x168 [ 45.636756][ T6288] el0_svc_common+0x130/0x23c [ 45.638062][ T6290] el0t_64_sync_handler+0x84/0xfc [ 45.639302][ T6288] do_el0_svc+0x48/0x58 [ 45.640558][ T6290] el0t_64_sync+0x190/0x194 [ 45.641837][ T6288] el0_svc+0x54/0x168 [ 45.643391][ T6290] [ 45.643391][ T6290] -> #0 [ 45.644442][ T6288] el0t_64_sync_handler+0x84/0xfc [ 45.645827][ T6290] ( [ 45.646962][ T6288] el0t_64_sync+0x190/0x194 [ 45.648385][ T6290] &newdev->mutex [ 45.649704][ T6288] Code: d343fc08 38786908 34000048 941d0a2d (f85f82a0) [ 45.650369][ T6290] ){+.+.}-{3:3} [ 45.651522][ T6288] ---[ end trace 0000000000000000 ]--- [ 45.652520][ T6290] : [ 45.658252][ T6290] __lock_acquire+0x3384/0x763c [ 45.659681][ T6290] lock_acquire+0x248/0x73c [ 45.661071][ T6290] __mutex_lock_common+0x190/0x21a0 [ 45.662656][ T6290] mutex_lock_interruptible_nested+0x2c/0x38 [ 45.664454][ T6290] uinput_request_submit+0x188/0x654 [ 45.666135][ T6290] uinput_dev_upload_effect+0x170/0x218 [ 45.667772][ T6290] input_ff_upload+0x49c/0x834 [ 45.669201][ T6290] evdev_ioctl_handler+0x1fd0/0x2d58 [ 45.670901][ T6290] evdev_ioctl+0x38/0x4c [ 45.672284][ T6290] __arm64_sys_ioctl+0x14c/0x1c8 [ 45.673812][ T6290] invoke_syscall+0x98/0x2b8 [ 45.675322][ T6290] el0_svc_common+0x130/0x23c [ 45.676790][ T6290] do_el0_svc+0x48/0x58 [ 45.678132][ T6290] el0_svc+0x54/0x168 [ 45.679426][ T6290] el0t_64_sync_handler+0x84/0xfc [ 45.681038][ T6290] el0t_64_sync+0x190/0x194 [ 45.682419][ T6290] [ 45.682419][ T6290] other info that might help us debug this: [ 45.682419][ T6290] [ 45.685233][ T6290] Chain exists of: [ 45.685233][ T6290] &newdev->mutex --> &dev->mutex#2 --> &ff->mutex [ 45.685233][ T6290] [ 45.688580][ T6290] Possible unsafe locking scenario: [ 45.688580][ T6290] [ 45.690680][ T6290] CPU0 CPU1 [ 45.692237][ T6290] ---- ---- [ 45.693715][ T6290] lock(&ff->mutex); [ 45.694822][ T6290] lock(&dev->mutex#2); [ 45.696742][ T6290] lock(&ff->mutex); [ 45.698532][ T6290] lock(&newdev->mutex); [ 45.699787][ T6290] [ 45.699787][ T6290] *** DEADLOCK *** [ 45.699787][ T6290] [ 45.702073][ T6290] 2 locks held by syz-executor561/6290: [ 45.703633][ T6290] #0: ffff0000c6a54110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_ioctl_handler+0x11c/0x2d58 [ 45.706448][ T6290] #1: ffff0000da0610b0 (&ff->mutex){+.+.}-{3:3}, at: input_ff_upload+0x31c/0x834 [ 45.709156][ T6290] [ 45.709156][ T6290] stack backtrace: [ 45.710841][ T6290] CPU: 0 PID: 6290 Comm: syz-executor561 Tainted: G D 6.9.0-rc4-syzkaller-g6a71d2909427 #0 [ 45.714021][ T6290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 45.716765][ T6290] Call trace: [ 45.717597][ T6290] dump_backtrace+0x1b8/0x1e4 [ 45.718798][ T6290] show_stack+0x2c/0x3c [ 45.719968][ T6290] dump_stack_lvl+0xe4/0x150 [ 45.721308][ T6290] dump_stack+0x1c/0x28 [ 45.722482][ T6290] print_circular_bug+0x150/0x1b8 [ 45.723833][ T6290] check_noncircular+0x310/0x404 [ 45.725253][ T6290] __lock_acquire+0x3384/0x763c [ 45.726671][ T6290] lock_acquire+0x248/0x73c [ 45.727856][ T6290] __mutex_lock_common+0x190/0x21a0 [ 45.729246][ T6290] mutex_lock_interruptible_nested+0x2c/0x38 [ 45.730958][ T6290] uinput_request_submit+0x188/0x654 [ 45.732379][ T6290] uinput_dev_upload_effect+0x170/0x218 [ 45.733836][ T6290] input_ff_upload+0x49c/0x834 [ 45.735143][ T6290] evdev_ioctl_handler+0x1fd0/0x2d58 [ 45.736671][ T6290] evdev_ioctl+0x38/0x4c [ 45.737776][ T6290] __arm64_sys_ioctl+0x14c/0x1c8 [ 45.739091][ T6290] invoke_syscall+0x98/0x2b8 [ 45.740411][ T6290] el0_svc_common+0x130/0x23c [ 45.741662][ T6290] do_el0_svc+0x48/0x58 [ 45.742739][ T6290] el0_svc+0x54/0x168 [ 45.743804][ T6290] el0t_64_sync_handler+0x84/0xfc [ 45.745258][ T6290] el0t_64_sync+0x190/0x194 [ 46.013227][ T6288] Kernel panic - not syncing: Oops: Fatal exception [ 46.015100][ T6288] SMP: stopping secondary CPUs [ 46.016364][ T6288] Kernel Offset: disabled [ 46.017543][ T6288] CPU features: 0x0,00000103,80100128,42017203 [ 46.019176][ T6288] Memory Limit: none [ 46.360247][ T6288] Rebooting in 86400 seconds..