./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1093928798 <...> Warning: Permanently added '10.128.1.135' (ED25519) to the list of known hosts. execve("./syz-executor1093928798", ["./syz-executor1093928798"], 0x7ffcb035d4d0 /* 10 vars */) = 0 brk(NULL) = 0x555559c40000 brk(0x555559c40d00) = 0x555559c40d00 arch_prctl(ARCH_SET_FS, 0x555559c40380) = 0 set_tid_address(0x555559c40650) = 5088 set_robust_list(0x555559c40660, 24) = 0 rseq(0x555559c40ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1093928798", 4096) = 28 getrandom("\xea\xc2\xb3\x1a\x18\x39\x3d\x47", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555559c40d00 brk(0x555559c61d00) = 0x555559c61d00 brk(0x555559c62000) = 0x555559c62000 mprotect(0x7f73dddab000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555559c40650) = 5089 ./strace-static-x86_64: Process 5089 attached [pid 5088] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5089] set_robust_list(0x555559c40660, 24) = 0 ./strace-static-x86_64: Process 5090 attached [pid 5089] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5088] <... clone resumed>, child_tidptr=0x555559c40650) = 5090 [pid 5090] set_robust_list(0x555559c40660, 24) = 0 [pid 5089] <... openat resumed>) = 3 [pid 5088] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5090] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5089] ioctl(3, LOOP_CLR_FD [pid 5090] <... openat resumed>) = 3 [pid 5090] ioctl(3, LOOP_CLR_FD [pid 5089] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5090] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5089] close(3./strace-static-x86_64: Process 5091 attached [pid 5088] <... clone resumed>, child_tidptr=0x555559c40650) = 5091 [pid 5090] close(3 [pid 5088] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5091] set_robust_list(0x555559c40660, 24 [pid 5090] <... close resumed>) = 0 [pid 5089] <... close resumed>) = 0 [pid 5091] <... set_robust_list resumed>) = 0 [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5092 attached [pid 5091] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5093 attached [pid 5092] set_robust_list(0x555559c40660, 24 [pid 5093] set_robust_list(0x555559c40660, 24 [pid 5092] <... set_robust_list resumed>) = 0 [pid 5093] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 5094 attached [pid 5093] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5092] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5091] <... openat resumed>) = 3 [pid 5088] <... clone resumed>, child_tidptr=0x555559c40650) = 5092 [pid 5094] set_robust_list(0x555559c40660, 24 [pid 5093] <... prctl resumed>) = 0 [pid 5092] <... openat resumed>) = 3 [pid 5091] ioctl(3, LOOP_CLR_FD [pid 5090] <... clone resumed>, child_tidptr=0x555559c40650) = 5093 [pid 5088] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5094] <... set_robust_list resumed>) = 0 [pid 5093] setpgid(0, 0 [pid 5092] ioctl(3, LOOP_CLR_FD [pid 5091] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5089] <... clone resumed>, child_tidptr=0x555559c40650) = 5094 ./strace-static-x86_64: Process 5095 attached [pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5093] <... setpgid resumed>) = 0 [pid 5092] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5091] close(3 [pid 5095] set_robust_list(0x555559c40660, 24) = 0 [pid 5095] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5091] <... close resumed>) = 0 [pid 5095] <... openat resumed>) = 3 [pid 5092] close(3 [pid 5095] ioctl(3, LOOP_CLR_FD [pid 5094] <... prctl resumed>) = 0 [pid 5093] <... openat resumed>) = 3 [pid 5092] <... close resumed>) = 0 [pid 5091] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5094] setpgid(0, 0 [pid 5092] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5098 attached ./strace-static-x86_64: Process 5097 attached [pid 5088] <... clone resumed>, child_tidptr=0x555559c40650) = 5095 [pid 5095] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5094] <... setpgid resumed>) = 0 [pid 5093] write(3, "1000", 4 [pid 5098] set_robust_list(0x555559c40660, 24 [pid 5097] set_robust_list(0x555559c40660, 24 [pid 5095] close(3 [pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5093] <... write resumed>) = 4 [pid 5093] close(3) = 0 [pid 5094] <... openat resumed>) = 3 [pid 5093] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5094] write(3, "1000", 4 [pid 5093] ioctl(-1, EVIOCSFF, {type=FF_RUMBLE, id=-1, direction=6, ...} [pid 5092] <... clone resumed>, child_tidptr=0x555559c40650) = 5098 [pid 5094] <... write resumed>) = 4 [pid 5093] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5091] <... clone resumed>, child_tidptr=0x555559c40650) = 5097 [pid 5094] close(3 [pid 5093] openat(AT_FDCWD, "/dev/uinput", O_RDWR|O_NONBLOCK [pid 5094] <... close resumed>) = 0 [pid 5094] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY [pid 5093] <... openat resumed>) = 3 [pid 5094] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5095] <... close resumed>) = 0 [pid 5098] <... set_robust_list resumed>) = 0 [pid 5097] <... set_robust_list resumed>) = 0 [pid 5095] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5094] ioctl(-1, EVIOCSFF, {type=FF_RUMBLE, id=-1, direction=6, ...} [pid 5093] ioctl(3, UI_SET_FFBIT [pid 5094] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) ./strace-static-x86_64: Process 5099 attached [pid 5098] <... prctl resumed>) = 0 [pid 5097] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5094] openat(AT_FDCWD, "/dev/uinput", O_RDWR|O_NONBLOCK [pid 5093] <... ioctl resumed>, 0x51) = 0 [pid 5099] set_robust_list(0x555559c40660, 24 [pid 5098] setpgid(0, 0 [pid 5097] <... prctl resumed>) = 0 [pid 5095] <... clone resumed>, child_tidptr=0x555559c40650) = 5099 [pid 5094] <... openat resumed>) = 3 [pid 5093] write(3, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x35\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1116 [pid 5098] <... setpgid resumed>) = 0 [pid 5097] setpgid(0, 0 [pid 5094] ioctl(3, UI_SET_FFBIT [pid 5093] <... write resumed>) = 1116 [pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5097] <... setpgid resumed>) = 0 [pid 5094] <... ioctl resumed>, 0x51) = 0 [pid 5093] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5094] write(3, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x35\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1116 [pid 5099] <... set_robust_list resumed>) = 0 [pid 5098] <... openat resumed>) = 3 [pid 5097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5099] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5098] write(3, "1000", 4 [pid 5097] <... openat resumed>) = 3 [pid 5094] <... write resumed>) = 1116 [pid 5098] <... write resumed>) = 4 [pid 5097] write(3, "1000", 4 [pid 5094] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5099] <... prctl resumed>) = 0 [pid 5098] close(3 [pid 5097] <... write resumed>) = 4 [pid 5099] setpgid(0, 0 [pid 5098] <... close resumed>) = 0 [pid 5097] close(3 [pid 5099] <... setpgid resumed>) = 0 [pid 5098] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY [pid 5097] <... close resumed>) = 0 [pid 5099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5097] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY [pid 5099] <... openat resumed>) = 3 [pid 5097] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5098] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5099] write(3, "1000", 4 [pid 5098] ioctl(-1, EVIOCSFF, {type=FF_RUMBLE, id=-1, direction=6, ...} [pid 5097] ioctl(-1, EVIOCSFF, {type=FF_RUMBLE, id=-1, direction=6, ...} [pid 5099] <... write resumed>) = 4 [pid 5099] close(3 [pid 5097] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5099] <... close resumed>) = 0 [pid 5097] openat(AT_FDCWD, "/dev/uinput", O_RDWR|O_NONBLOCK [pid 5099] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5097] <... openat resumed>) = 3 [pid 5097] ioctl(3, UI_SET_FFBIT [pid 5099] ioctl(-1, EVIOCSFF, {type=FF_RUMBLE, id=-1, direction=6, ...} [pid 5098] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5097] <... ioctl resumed>, 0x51) = 0 [pid 5099] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5098] openat(AT_FDCWD, "/dev/uinput", O_RDWR|O_NONBLOCK [pid 5097] write(3, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x35\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1116 [pid 5099] openat(AT_FDCWD, "/dev/uinput", O_RDWR|O_NONBLOCK [pid 5098] <... openat resumed>) = 3 [pid 5097] <... write resumed>) = 1116 [pid 5093] <... ioctl resumed>, 0) = 0 [pid 5099] <... openat resumed>) = 3 [pid 5098] ioctl(3, UI_SET_FFBIT [pid 5097] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5093] memfd_create("syzkaller", 0) = 4 [pid 5094] <... ioctl resumed>, 0) = 0 [pid 5093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5099] ioctl(3, UI_SET_FFBIT [pid 5098] <... ioctl resumed>, 0x51) = 0 [pid 5093] <... mmap resumed>) = 0x7f73d5800000 [pid 5094] memfd_create("syzkaller", 0) = 4 [pid 5093] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f73d5800000 [pid 5098] write(3, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x35\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1116 [pid 5099] <... ioctl resumed>, 0x51) = 0 [pid 5098] <... write resumed>) = 1116 [ 56.131962][ T5093] input: syz1 as /devices/virtual/input/input5 [ 56.141357][ T5094] input: syz1 as /devices/virtual/input/input6 [ 56.169644][ T5097] input: syz1 as /devices/virtual/input/input7 [pid 5098] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5099] write(3, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x35\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1116 [pid 5093] <... write resumed>) = 262144 [pid 5094] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5099] <... write resumed>) = 1116 [pid 5099] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5093] munmap(0x7f73d5800000, 138412032 [pid 5094] <... write resumed>) = 262144 [pid 5093] <... munmap resumed>) = 0 [pid 5094] munmap(0x7f73d5800000, 138412032) = 0 [pid 5093] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5093] <... openat resumed>) = 5 [pid 5094] <... openat resumed>) = 5 [pid 5093] ioctl(5, LOOP_SET_FD, 4 [pid 5097] <... ioctl resumed>, 0) = 0 [pid 5094] ioctl(5, LOOP_SET_FD, 4 [pid 5097] memfd_create("syzkaller", 0 [pid 5098] <... ioctl resumed>, 0) = 0 [pid 5097] <... memfd_create resumed>) = 4 [pid 5094] <... ioctl resumed>) = 0 [pid 5094] close(4) = 0 [pid 5094] close(5) = 0 [pid 5094] mkdir("./file0", 0777) = 0 [pid 5098] memfd_create("syzkaller", 0 [pid 5097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5094] mount("/dev/loop0", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue" [pid 5099] <... ioctl resumed>, 0) = 0 [pid 5098] <... memfd_create resumed>) = 4 [pid 5097] <... mmap resumed>) = 0x7f73d5800000 [pid 5093] <... ioctl resumed>) = 0 [pid 5099] memfd_create("syzkaller", 0 [pid 5098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5099] <... memfd_create resumed>) = 4 [pid 5098] <... mmap resumed>) = 0x7f73d5800000 [pid 5097] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5098] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5097] <... write resumed>) = 262144 [pid 5093] close(4 [pid 5099] <... mmap resumed>) = 0x7f73d5800000 [pid 5093] <... close resumed>) = 0 [ 56.184379][ T5098] input: syz1 as /devices/virtual/input/input8 [ 56.194873][ T5099] input: syz1 as /devices/virtual/input/input9 [ 56.206413][ T5094] loop0: detected capacity change from 0 to 512 [ 56.213075][ T5093] loop1: detected capacity change from 0 to 512 [pid 5093] close(5 [pid 5099] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5098] <... write resumed>) = 262144 [pid 5093] <... close resumed>) = 0 [pid 5093] mkdir("./file0", 0777 [pid 5097] munmap(0x7f73d5800000, 138412032 [pid 5093] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5097] <... munmap resumed>) = 0 [pid 5093] mount("/dev/loop1", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue" [pid 5097] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 5 [pid 5097] ioctl(5, LOOP_SET_FD, 4 [pid 5098] munmap(0x7f73d5800000, 138412032 [pid 5099] <... write resumed>) = 262144 [pid 5098] <... munmap resumed>) = 0 [pid 5098] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 5 [pid 5098] ioctl(5, LOOP_SET_FD, 4 [pid 5099] munmap(0x7f73d5800000, 138412032) = 0 [ 56.274784][ T5097] loop2: detected capacity change from 0 to 512 [ 56.291818][ T5094] EXT4-fs error (device loop0): ext4_orphan_get:1394: inode #15: comm syz-executor109: casefold flag without casefold feature [ 56.297395][ T5098] loop3: detected capacity change from 0 to 512 [pid 5099] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 5099] ioctl(5, LOOP_SET_FD, 4 [pid 5097] <... ioctl resumed>) = 0 [pid 5097] close(4) = 0 [pid 5097] close(5) = 0 [pid 5097] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 5097] mount("/dev/loop2", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue" [pid 5098] <... ioctl resumed>) = 0 [pid 5099] <... ioctl resumed>) = 0 [pid 5098] close(4 [pid 5099] close(4) = 0 [pid 5099] close(5) = 0 [pid 5099] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 5098] <... close resumed>) = 0 [pid 5099] mount("/dev/loop4", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue" [pid 5098] close(5) = 0 [pid 5098] mkdir("./file0", 0777) = -1 EEXIST (File exists) [ 56.316656][ T5093] EXT4-fs error (device loop1): ext4_orphan_get:1394: inode #15: comm syz-executor109: casefold flag without casefold feature [ 56.316907][ T5099] loop4: detected capacity change from 0 to 512 [ 56.349440][ T5094] EXT4-fs error (device loop0): ext4_orphan_get:1399: comm syz-executor109: couldn't read orphan inode 15 (err -117) [ 56.362502][ T5093] EXT4-fs error (device loop1): ext4_orphan_get:1399: comm syz-executor109: couldn't read orphan inode 15 (err -117) [ 56.401801][ T5099] EXT4-fs error (device loop4): ext4_orphan_get:1394: inode #15: comm syz-executor109: casefold flag without casefold feature [ 56.414619][ T5094] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 56.427856][ T5093] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5098] mount("/dev/loop3", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue" [pid 5093] <... mount resumed>) = 0 [ 56.441253][ T5098] EXT4-fs error (device loop3): ext4_orphan_get:1394: inode #15: comm syz-executor109: casefold flag without casefold feature [ 56.449138][ T5097] EXT4-fs error (device loop2): ext4_orphan_get:1394: inode #15: comm syz-executor109: casefold flag without casefold feature [ 56.468818][ T5098] EXT4-fs error (device loop3): ext4_orphan_get:1399: comm syz-executor109: couldn't read orphan inode 15 (err -117) [ 56.483196][ T5098] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5093] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5098] <... mount resumed>) = 0 [pid 5094] <... mount resumed>) = 0 [pid 5093] <... openat resumed>) = 4 [pid 5094] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5093] chdir("./file0" [pid 5094] chdir("./file0" [pid 5093] <... chdir resumed>) = 0 [pid 5093] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5094] <... chdir resumed>) = 0 [pid 5098] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5093] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5098] <... openat resumed>) = 4 [pid 5098] chdir("./file0" [pid 5094] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5093] exit_group(0 [pid 5098] <... chdir resumed>) = 0 [pid 5093] <... exit_group resumed>) = ? [pid 5098] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5094] exit_group(0 [pid 5098] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5094] <... exit_group resumed>) = ? [ 56.483379][ T5099] EXT4-fs error (device loop4): ext4_orphan_get:1399: comm syz-executor109: couldn't read orphan inode 15 (err -117) [ 56.518935][ T5097] EXT4-fs error (device loop2): ext4_orphan_get:1399: comm syz-executor109: couldn't read orphan inode 15 (err -117) [pid 5098] exit_group(0 [pid 5093] +++ exited with 0 +++ [pid 5098] <... exit_group resumed>) = ? [pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5093, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5094] +++ exited with 0 +++ [pid 5090] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5099] <... mount resumed>) = 0 [pid 5098] +++ exited with 0 +++ [pid 5097] <... mount resumed>) = 0 [pid 5090] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5094, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5092] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5097] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5097] chdir("./file0" [pid 5099] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5099] <... openat resumed>) = 4 [pid 5097] <... chdir resumed>) = 0 [pid 5092] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5097] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5099] chdir("./file0" [pid 5090] <... clone resumed>, child_tidptr=0x555559c40650) = 5112 [pid 5099] <... chdir resumed>) = 0 [pid 5099] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 5112 attached [pid 5097] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5092] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5089] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5112] set_robust_list(0x555559c40660, 24 [pid 5099] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5097] exit_group(0 [pid 5092] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5112] <... set_robust_list resumed>) = 0 [pid 5099] exit_group(0 [pid 5089] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5112] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5099] <... exit_group resumed>) = ? [pid 5097] <... exit_group resumed>) = ? [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5113 attached [pid 5112] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 5114 attached [pid 5113] set_robust_list(0x555559c40660, 24 [pid 5114] set_robust_list(0x555559c40660, 24 [pid 5113] <... set_robust_list resumed>) = 0 [pid 5112] setpgid(0, 0 [pid 5114] <... set_robust_list resumed>) = 0 [pid 5113] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5112] <... setpgid resumed>) = 0 [pid 5089] <... clone resumed>, child_tidptr=0x555559c40650) = 5114 [pid 5114] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5113] <... prctl resumed>) = 0 [pid 5114] <... prctl resumed>) = 0 [ 56.554167][ T5099] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 56.572337][ T5097] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5113] setpgid(0, 0 [pid 5112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5099] +++ exited with 0 +++ [pid 5097] +++ exited with 0 +++ [pid 5092] <... clone resumed>, child_tidptr=0x555559c40650) = 5113 [pid 5095] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5099, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5091] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5097, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5114] setpgid(0, 0 [pid 5113] <... setpgid resumed>) = 0 [pid 5114] <... setpgid resumed>) = 0 [pid 5113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5112] <... openat resumed>) = 3 [pid 5114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5113] <... openat resumed>) = 3 [pid 5091] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5112] write(3, "1000", 4 [pid 5095] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5112] <... write resumed>) = 4 [pid 5091] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5095] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5114] <... openat resumed>) = 3 [pid 5113] write(3, "1000", 4 [pid 5112] close(3 [pid 5095] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5091] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5114] write(3, "1000", 4 [pid 5113] <... write resumed>) = 4 [pid 5112] <... close resumed>) = 0 [pid 5114] <... write resumed>) = 4 [pid 5113] close(3 [pid 5114] close(3 [pid 5113] <... close resumed>) = 0 [pid 5114] <... close resumed>) = 0 [pid 5113] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY [pid 5114] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY [pid 5113] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5114] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5114] ioctl(-1, EVIOCSFF, {type=FF_RUMBLE, id=-1, direction=6, ...} [pid 5113] ioctl(-1, EVIOCSFF, {type=FF_RUMBLE, id=-1, direction=6, ...} [pid 5114] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5113] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5114] openat(AT_FDCWD, "/dev/uinput", O_RDWR|O_NONBLOCK [pid 5113] openat(AT_FDCWD, "/dev/uinput", O_RDWR|O_NONBLOCK./strace-static-x86_64: Process 5116 attached ./strace-static-x86_64: Process 5115 attached [pid 5114] <... openat resumed>) = 3 [pid 5113] <... openat resumed>) = 3 [pid 5112] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY [pid 5116] set_robust_list(0x555559c40660, 24 [pid 5112] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 5116] <... set_robust_list resumed>) = 0 [pid 5095] <... clone resumed>, child_tidptr=0x555559c40650) = 5115 [pid 5091] <... clone resumed>, child_tidptr=0x555559c40650) = 5116 [pid 5116] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5115] set_robust_list(0x555559c40660, 24 [pid 5114] ioctl(3, UI_SET_FFBIT [pid 5113] ioctl(3, UI_SET_FFBIT [pid 5112] ioctl(-1, EVIOCSFF, {type=FF_RUMBLE, id=-1, direction=6, ...} [pid 5116] <... prctl resumed>) = 0 [pid 5115] <... set_robust_list resumed>) = 0 [pid 5114] <... ioctl resumed>, 0x51) = 0 [pid 5113] <... ioctl resumed>, 0x51) = 0 [pid 5112] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5116] setpgid(0, 0 [pid 5115] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5114] write(3, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x35\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1116 [pid 5113] write(3, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x35\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1116 [pid 5112] openat(AT_FDCWD, "/dev/uinput", O_RDWR|O_NONBLOCK [pid 5116] <... setpgid resumed>) = 0 [pid 5115] <... prctl resumed>) = 0 [pid 5114] <... write resumed>) = 1116 [pid 5113] <... write resumed>) = 1116 [pid 5115] setpgid(0, 0 [pid 5114] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5113] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5112] <... openat resumed>) = 3 [pid 5116] <... openat resumed>) = 3 [pid 5115] <... setpgid resumed>) = 0 [pid 5112] ioctl(3, UI_SET_FFBIT, 0x51) = 0 [pid 5112] write(3, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x35\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1116) = 1116 [pid 5116] write(3, "1000", 4) = 4 [pid 5112] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5114] <... ioctl resumed>, 0) = 0 [pid 5113] <... ioctl resumed>, 0) = 0 [pid 5116] close(3) = 0 [pid 5116] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY [pid 5115] <... openat resumed>) = 3 [pid 5114] memfd_create("syzkaller", 0 [pid 5115] write(3, "1000", 4 [pid 5114] <... memfd_create resumed>) = 4 [pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5113] memfd_create("syzkaller", 0 [pid 5115] <... write resumed>) = 4 [pid 5114] <... mmap resumed>) = 0x7f73d5800000 [pid 5115] close(3) = 0 [pid 5115] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY [pid 5114] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5116] <... openat resumed>) = 3 [pid 5113] <... memfd_create resumed>) = 4 [pid 5116] ioctl(3, EVIOCSFF, {type=FF_RUMBLE, id=-1, direction=6, ...} [pid 5115] <... openat resumed>) = 3 [pid 5113] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5115] ioctl(3, EVIOCSFF, {type=FF_RUMBLE, id=-1, direction=6, ...} [pid 5113] <... mmap resumed>) = 0x7f73d5800000 [ 56.661964][ T5114] input: syz1 as /devices/virtual/input/input10 [ 56.678415][ T5113] input: syz1 as /devices/virtual/input/input11 [ 56.683480][ T5112] input: syz1 as /devices/virtual/input/input12 [ 56.702349][ T5116] [ 56.704708][ T5116] ====================================================== [pid 5114] <... write resumed>) = 262144 [pid 5113] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5114] munmap(0x7f73d5800000, 138412032 [pid 5113] <... write resumed>) = 262144 [pid 5114] <... munmap resumed>) = 0 [pid 5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 56.711730][ T5116] WARNING: possible circular locking dependency detected [ 56.718759][ T5116] 6.9.0-rc4-next-20240418-syzkaller #0 Not tainted [ 56.725279][ T5116] ------------------------------------------------------ [ 56.732305][ T5116] syz-executor109/5116 is trying to acquire lock: [ 56.738726][ T5116] ffff8880117e3870 (&newdev->mutex){+.+.}-{3:3}, at: uinput_request_submit+0x19c/0x740 [ 56.741207][ T5114] BUG: unable to handle page fault for address: fffffffffffffff8 [ 56.748415][ T5116] [ 56.748415][ T5116] but task is already holding lock: [ 56.748424][ T5116] ffff888015fb60b0 [ 56.756111][ T5114] #PF: supervisor read access in kernel mode [ 56.763450][ T5116] (&ff->mutex [ 56.767140][ T5114] #PF: error_code(0x0000) - not-present page [ 56.773086][ T5116] ){+.+.}-{3:3} [ 56.776433][ T5114] PGD e136067 [ 56.782382][ T5116] , at: input_ff_upload+0x3e4/0xb00 [ 56.785837][ T5114] P4D e136067 [ 56.789180][ T5116] [ 56.789180][ T5116] which lock already depends on the new lock. [ 56.789180][ T5116] [ 56.794345][ T5114] PUD e138067 [ 56.797687][ T5116] [ 56.797687][ T5116] the existing dependency chain (in reverse order) is: [ 56.808062][ T5114] PMD 0 [ 56.811406][ T5116] [ 56.811406][ T5116] -> #3 ( [ 56.820401][ T5114] Oops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI [ 56.823223][ T5116] &ff->mutex){+.+.}-{3:3} [ 56.828304][ T5114] CPU: 1 PID: 5114 Comm: syz-executor109 Not tainted 6.9.0-rc4-next-20240418-syzkaller #0 [ 56.834423][ T5116] : [ 56.834430][ T5116] lock_acquire+0x1ed/0x550 [ 56.838722][ T5114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 56.848576][ T5116] __mutex_lock+0x136/0xd70 [ 56.850967][ T5114] RIP: 0010:complete+0x9b/0x1c0 [ 56.855963][ T5116] input_ff_flush+0x5e/0x140 [ 56.865993][ T5114] Code: df e8 39 fd 8b 00 4c 8b 23 49 39 dc 0f 84 e2 00 00 00 49 8d 7c 24 f8 48 89 f8 48 c1 e8 03 42 80 3c 30 00 74 05 e8 15 fd 8b 00 <49> 8b 7c 24 f8 be 03 00 00 00 31 d2 e8 04 e5 f6 ff 4c 89 e7 e8 3c [ 56.870985][ T5116] input_flush_device+0x9c/0xc0 [ 56.875802][ T5114] RSP: 0018:ffffc9000355fb30 EFLAGS: 00010046 [ 56.880881][ T5116] evdev_release+0xf9/0x7d0 [ 56.900460][ T5114] [ 56.900466][ T5114] RAX: 1fffffffffffffff RBX: ffffc9000363faf8 RCX: 0000000000000001 [ 56.905804][ T5116] __fput+0x406/0x8b0 [ 56.911839][ T5114] RDX: dffffc0000000000 RSI: 0000000000000004 RDI: fffffffffffffff8 [ 56.916837][ T5116] __x64_sys_close+0x7f/0x110 [ 56.919161][ T5114] RBP: 1ffff920006c7f56 R08: 0000000000000003 R09: fffff520006abf40 [ 56.927127][ T5116] do_syscall_64+0xf5/0x240 [ 56.931625][ T5114] R10: dffffc0000000000 R11: fffff520006abf40 R12: 0000000000000000 [ 56.939572][ T5116] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 56.944745][ T5114] R13: 0000000000000246 R14: dffffc0000000000 R15: ffffc9000363fab8 [ 56.952692][ T5116] [ 56.952692][ T5116] -> #2 ( [ 56.957682][ T5114] FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 56.965626][ T5116] &dev->mutex [ 56.972006][ T5114] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.979953][ T5116] #2){+.+.}-{3:3} [ 56.985037][ T5114] CR2: fffffffffffffff8 CR3: 000000000e132000 CR4: 00000000003506f0 [ 56.993935][ T5116] : [ 56.993941][ T5116] lock_acquire+0x1ed/0x550 [ 56.997194][ T5114] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 57.003760][ T5116] __mutex_lock+0x136/0xd70 [ 57.007368][ T5114] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 57.015313][ T5116] input_register_handle+0x6d/0x3b0 [ 57.017706][ T5114] Call Trace: [ 57.022698][ T5116] kbd_connect+0xbf/0x130 [ 57.030646][ T5114] [ 57.035634][ T5116] input_register_device+0xcfa/0x1090 [ 57.043581][ T5114] ? __die_body+0x88/0xe0 [ 57.049275][ T5116] acpi_button_add+0x6c6/0xb90 [ 57.052549][ T5114] ? page_fault_oops+0x8e4/0xcc0 [ 57.057372][ T5116] acpi_device_probe+0xa5/0x2b0 [ 57.060295][ T5114] ? __pfx_page_fault_oops+0x10/0x10 [ 57.066155][ T5116] really_probe+0x2b8/0xad0 [ 57.070460][ T5114] ? is_prefetch+0x4ed/0x780 [ 57.075712][ T5116] __driver_probe_device+0x1a2/0x390 [ 57.080627][ T5114] ? is_bpf_text_address+0x285/0x2a0 [ 57.085968][ T5116] driver_probe_device+0x50/0x430 [ 57.091222][ T5114] ? __pfx_is_prefetch+0x10/0x10 [ 57.096215][ T5116] __driver_attach+0x45f/0x710 [ 57.100775][ T5114] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 57.106549][ T5116] bus_for_each_dev+0x239/0x2b0 [ 57.111817][ T5114] ? __kernel_text_address+0xd/0x40 [ 57.117341][ T5116] bus_add_driver+0x346/0x670 [ 57.122258][ T5114] ? kernelmode_fixup_or_oops+0x20e/0x2b0 [ 57.127513][ T5116] driver_register+0x23a/0x320 [ 57.133639][ T5114] ? __bad_area_nosemaphore+0x127/0x780 [ 57.138978][ T5116] do_one_initcall+0x248/0x880 [ 57.144153][ T5114] ? __pfx___bad_area_nosemaphore+0x10/0x10 [ 57.149317][ T5116] do_initcall_level+0x157/0x210 [ 57.155008][ T5114] ? spurious_kernel_fault+0x11e/0x5d0 [ 57.160260][ T5116] do_initcalls+0x3f/0x80 [ 57.165779][ T5114] ? exc_page_fault+0x5d6/0x900 [ 57.171028][ T5116] kernel_init_freeable+0x435/0x5d0 [ 57.176895][ T5114] ? asm_exc_page_fault+0x26/0x30 [ 57.182325][ T5116] kernel_init+0x1d/0x2b0 [ 57.187757][ T5114] ? complete+0x9b/0x1c0 [ 57.192573][ T5116] ret_from_fork+0x4b/0x80 [ 57.197406][ T5114] uinput_destroy_device+0x129/0x8f0 [ 57.203088][ T5116] ret_from_fork_asm+0x1a/0x30 [ 57.208086][ T5114] uinput_release+0x3e/0x50 [ 57.212906][ T5116] [ 57.212906][ T5116] -> #1 ( [ 57.217122][ T5114] ? __pfx_uinput_release+0x10/0x10 [ 57.222028][ T5116] input_mutex){+.+.}-{3:3} [ 57.227280][ T5114] __fput+0x406/0x8b0 [ 57.232537][ T5116] : [ 57.232544][ T5116] lock_acquire+0x1ed/0x550 [ 57.237019][ T5114] task_work_run+0x24f/0x310 [ 57.242096][ T5116] __mutex_lock+0x136/0xd70 [ 57.247272][ T5114] ? __pfx_task_work_run+0x10/0x10 [ 57.251653][ T5116] input_register_device+0xae5/0x1090 [ 57.255609][ T5114] ? switch_task_namespaces+0xe1/0x110 [ 57.257994][ T5116] uinput_create_device+0x40e/0x630 [ 57.262993][ T5114] do_exit+0xa1b/0x27e0 [ 57.267548][ T5116] uinput_ioctl_handler+0x48b/0x1770 [ 57.272544][ T5114] ? lock_release+0xbf/0x9f0 [ 57.277621][ T5116] __se_sys_ioctl+0xfc/0x170 [ 57.283496][ T5114] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 57.288937][ T5116] do_syscall_64+0xf5/0x240 [ 57.294633][ T5114] ? rcu_is_watching+0x15/0xb0 [ 57.298764][ T5116] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 57.304545][ T5114] ? __pfx_do_exit+0x10/0x10 [ 57.309105][ T5116] [ 57.309105][ T5116] -> #0 [ 57.314185][ T5114] ? zap_other_threads+0x3b8/0x420 [ 57.319529][ T5116] (&newdev->mutex [ 57.324526][ T5114] ? __pfx_lock_release+0x10/0x10 [ 57.329260][ T5116] ){+.+.}-{3:3} [ 57.335643][ T5114] ? _raw_spin_lock_irq+0xdf/0x120 [ 57.340209][ T5116] : [ 57.340220][ T5116] validate_chain+0x18cb/0x58e0 [ 57.345132][ T5114] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 57.350219][ T5116] __lock_acquire+0x1346/0x1fd0 [ 57.353918][ T5114] ? rcu_is_watching+0x15/0xb0 [ 57.358910][ T5116] lock_acquire+0x1ed/0x550 [ 57.362345][ T5114] do_group_exit+0x207/0x2c0 [ 57.367426][ T5116] __mutex_lock+0x136/0xd70 [ 57.369823][ T5114] __x64_sys_exit_group+0x3f/0x40 [ 57.375161][ T5116] uinput_request_submit+0x19c/0x740 [ 57.381460][ T5114] do_syscall_64+0xf5/0x240 [ 57.386801][ T5116] uinput_dev_upload_effect+0x199/0x240 [ 57.391541][ T5114] ? clear_bhb_loop+0x35/0x90 [ 57.396533][ T5116] input_ff_upload+0x5df/0xb00 [ 57.401096][ T5114] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 57.406089][ T5116] evdev_ioctl_handler+0x17d0/0x21b0 [ 57.411085][ T5114] RIP: 0033:0x7f73ddd35639 [ 57.416855][ T5116] __se_sys_ioctl+0xfc/0x170 [ 57.421330][ T5114] Code: Unable to access opcode bytes at 0x7f73ddd3560f. [ 57.427361][ T5116] do_syscall_64+0xf5/0x240 [ 57.432010][ T5114] RSP: 002b:00007ffe23ce0898 EFLAGS: 00000246 [ 57.437261][ T5116] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 57.443128][ T5114] ORIG_RAX: 00000000000000e7 [ 57.448902][ T5116] [ 57.448902][ T5116] other info that might help us debug this: [ 57.448902][ T5116] [ 57.453292][ T5114] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f73ddd35639 [ 57.458375][ T5116] Chain exists of: [ 57.458375][ T5116] &newdev->mutex [ 57.465363][ T5114] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 57.470355][ T5116] --> &dev->mutex [ 57.476389][ T5114] RBP: 00007f73dddb12d0 R08: ffffffffffffffb8 R09: 000000000000046f [ 57.482771][ T5116] #2 --> [ 57.487418][ T5114] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f73dddb12d0 [ 57.497624][ T5116] &ff->mutex [ 57.497624][ T5116] [ 57.505587][ T5114] R13: 0000000000000000 R14: 00007f73dddb2040 R15: 00007f73ddd03780 [ 57.512845][ T5116] Possible unsafe locking scenario: [ 57.512845][ T5116] [ 57.512853][ T5116] CPU0 CPU1 [ 57.520805][ T5114] [ 57.524485][ T5116] ---- ---- [ 57.524491][ T5116] lock( [ 57.532429][ T5114] Modules linked in: [ 57.535340][ T5116] &ff->mutex); [ 57.543295][ T5114] CR2: fffffffffffffff8 [ 57.543311][ T5114] ---[ end trace 0000000000000000 ]--- [ 57.548650][ T5116] lock(&dev->mutex [ 57.556598][ T5114] RIP: 0010:complete+0x9b/0x1c0 [ 57.564023][ T5116] #2); [ 57.569366][ T5114] Code: df e8 39 fd 8b 00 4c 8b 23 49 39 dc 0f 84 e2 00 00 00 49 8d 7c 24 f8 48 89 f8 48 c1 e8 03 42 80 3c 30 00 74 05 e8 15 fd 8b 00 <49> 8b 7c 24 f8 be 03 00 00 00 31 d2 e8 04 e5 f6 ff 4c 89 e7 e8 3c [ 57.572362][ T5116] lock(&ff->mutex [ 57.577701][ T5114] RSP: 0018:ffffc9000355fb30 EFLAGS: 00010046 [ 57.580611][ T5116] ); [ 57.584477][ T5114] [ 57.584483][ T5114] RAX: 1fffffffffffffff RBX: ffffc9000363faf8 RCX: 0000000000000001 [ 57.587824][ T5116] lock(&newdev->mutex [ 57.591955][ T5114] RDX: dffffc0000000000 RSI: 0000000000000004 RDI: fffffffffffffff8 [ 57.597386][ T5116] ); [ 57.597392][ T5116] [ 57.597392][ T5116] *** DEADLOCK *** [ 57.597392][ T5116] [ 57.603767][ T5114] RBP: 1ffff920006c7f56 R08: 0000000000000003 R09: fffff520006abf40 [ 57.608605][ T5116] 2 locks held by syz-executor109/5116: [ 57.611258][ T5114] R10: dffffc0000000000 R11: fffff520006abf40 R12: 0000000000000000 [ 57.630831][ T5116] #0: ffff88801cac6110 [ 57.637129][ T5114] R13: 0000000000000246 R14: dffffc0000000000 R15: ffffc9000363fab8 [ 57.643169][ T5116] (&evdev->mutex [ 57.645646][ T5114] FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 57.647948][ T5116] ){+.+.}-{3:3} [ 57.655891][ T5114] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.660015][ T5116] , at: evdev_ioctl_handler+0x125/0x21b0 [ 57.667959][ T5114] CR2: fffffffffffffff8 CR3: 000000000e132000 CR4: 00000000003506f0 [ 57.670436][ T5116] #1: ffff888015fb60b0 [ 57.678557][ T5114] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 57.686496][ T5116] (&ff->mutex [ 57.692015][ T5114] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 57.699974][ T5116] ){+.+.}-{3:3} [ 57.704111][ T5114] Kernel panic - not syncing: Fatal exception [ 57.712518][ T5114] Kernel Offset: disabled [ 57.786512][ T5114] Rebooting in 86400 seconds..