./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2022543962 <...> Warning: Permanently added '10.128.1.85' (ED25519) to the list of known hosts. execve("./syz-executor2022543962", ["./syz-executor2022543962"], 0x7ffc7ca2f9a0 /* 10 vars */) = 0 brk(NULL) = 0x55558eb54000 brk(0x55558eb54e00) = 0x55558eb54e00 arch_prctl(ARCH_SET_FS, 0x55558eb54480) = 0 set_tid_address(0x55558eb54750) = 5842 set_robust_list(0x55558eb54760, 24) = 0 rseq(0x55558eb54da0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2022543962", 4096) = 28 getrandom("\xd4\x3e\xf8\xfb\x0e\x1d\xd3\x87", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558eb54e00 brk(0x55558eb75e00) = 0x55558eb75e00 brk(0x55558eb76000) = 0x55558eb76000 mprotect(0x7f639ba50000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f639b9a8970, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f639b9b0480}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f639b9a8970, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f639b9b0480}, NULL, 8) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558eb54750) = 5843 ./strace-static-x86_64: Process 5843 attached [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5843] set_robust_list(0x55558eb54760, 24) = 0 [pid 5843] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5844 attached ./strace-static-x86_64: Process 5845 attached , child_tidptr=0x55558eb54750) = 5845 [pid 5842] <... clone resumed>, child_tidptr=0x55558eb54750) = 5844 [pid 5844] set_robust_list(0x55558eb54760, 24 [pid 5845] set_robust_list(0x55558eb54760, 24 [pid 5844] <... set_robust_list resumed>) = 0 [pid 5845] <... set_robust_list resumed>) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5844] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5845] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 5847 attached ./strace-static-x86_64: Process 5846 attached ) = 0 [pid 5845] setpgid(0, 0) = 0 [pid 5846] set_robust_list(0x55558eb54760, 24 [pid 5845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5847] set_robust_list(0x55558eb54760, 24 [pid 5846] <... set_robust_list resumed>) = 0 [pid 5845] <... openat resumed>) = 3 [pid 5842] <... clone resumed>, child_tidptr=0x55558eb54750) = 5846 [pid 5844] <... clone resumed>, child_tidptr=0x55558eb54750) = 5847 [pid 5847] <... set_robust_list resumed>) = 0 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5847] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5846] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5847] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 5849 attached ./strace-static-x86_64: Process 5848 attached [pid 5847] setpgid(0, 0 [pid 5845] write(3, "1000", 4 [pid 5842] <... clone resumed>, child_tidptr=0x55558eb54750) = 5849 [pid 5849] set_robust_list(0x55558eb54760, 24 [pid 5848] set_robust_list(0x55558eb54760, 24 [pid 5847] <... setpgid resumed>) = 0 [pid 5846] <... clone resumed>, child_tidptr=0x55558eb54750) = 5848 [pid 5845] <... write resumed>) = 4 [pid 5842] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5849] <... set_robust_list resumed>) = 0 [pid 5848] <... set_robust_list resumed>) = 0 [pid 5847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5845] close(3 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5847] <... openat resumed>) = 3 [pid 5845] <... close resumed>) = 0 [pid 5845] write(1, "executing program\n", 18executing program ) = 18 [pid 5848] <... prctl resumed>) = 0 [pid 5845] openat(AT_FDCWD, "/dev/uinput", O_RDONLY [pid 5848] setpgid(0, 0 [pid 5845] <... openat resumed>) = 3 [pid 5848] <... setpgid resumed>) = 0 [pid 5847] write(3, "1000", 4./strace-static-x86_64: Process 5850 attached [pid 5848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5847] <... write resumed>) = 4 [pid 5845] ioctl(3, UI_DEV_SETUP [pid 5842] <... clone resumed>, child_tidptr=0x55558eb54750) = 5851 [pid 5849] <... clone resumed>, child_tidptr=0x55558eb54750) = 5850 [pid 5847] close(3./strace-static-x86_64: Process 5851 attached [pid 5848] <... openat resumed>) = 3 [pid 5851] set_robust_list(0x55558eb54760, 24 [pid 5847] <... close resumed>) = 0 [pid 5845] <... ioctl resumed>, 0x200000000180) = 0 [pid 5851] <... set_robust_list resumed>) = 0 executing program [pid 5847] write(1, "executing program\n", 18 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] write(3, "1000", 4 [pid 5847] <... write resumed>) = 18 [pid 5850] set_robust_list(0x55558eb54760, 24 [pid 5848] <... write resumed>) = 4 [pid 5847] openat(AT_FDCWD, "/dev/uinput", O_RDONLY [pid 5845] ioctl(3, UI_SET_FFBIT./strace-static-x86_64: Process 5852 attached [pid 5850] <... set_robust_list resumed>) = 0 [pid 5848] close(3 [pid 5847] <... openat resumed>) = 3 [pid 5852] set_robust_list(0x55558eb54760, 24 [pid 5851] <... clone resumed>, child_tidptr=0x55558eb54750) = 5852 [pid 5850] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5848] <... close resumed>) = 0 [pid 5847] ioctl(3, UI_DEV_SETUP [pid 5845] <... ioctl resumed>, 0x51) = 0 [pid 5852] <... set_robust_list resumed>) = 0 [pid 5850] <... prctl resumed>) = 0 executing program [pid 5848] write(1, "executing program\n", 18 [pid 5847] <... ioctl resumed>, 0x200000000180) = 0 [pid 5850] setpgid(0, 0 [pid 5845] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5850] <... setpgid resumed>) = 0 [pid 5852] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5850] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5848] <... write resumed>) = 18 [pid 5847] ioctl(3, UI_SET_FFBIT, 0x51) = 0 [pid 5847] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5852] <... prctl resumed>) = 0 [pid 5850] <... openat resumed>) = 3 [pid 5848] openat(AT_FDCWD, "/dev/uinput", O_RDONLY [pid 5845] <... ioctl resumed>, 0) = 0 executing program [pid 5852] setpgid(0, 0 [pid 5848] <... openat resumed>) = 3 [pid 5845] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY [pid 5850] write(3, "1000", 4 [pid 5848] ioctl(3, UI_DEV_SETUP [pid 5852] <... setpgid resumed>) = 0 [pid 5850] <... write resumed>) = 4 [pid 5848] <... ioctl resumed>, 0x200000000180) = 0 [pid 5852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5850] close(3 [pid 5848] ioctl(3, UI_SET_FFBIT [pid 5850] <... close resumed>) = 0 [pid 5848] <... ioctl resumed>, 0x51) = 0 [pid 5850] write(1, "executing program\n", 18 [pid 5848] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5852] <... openat resumed>) = 3 [pid 5850] <... write resumed>) = 18 executing program [pid 5852] write(3, "1000", 4 [pid 5850] openat(AT_FDCWD, "/dev/uinput", O_RDONLY [pid 5852] <... write resumed>) = 4 [pid 5850] <... openat resumed>) = 3 [pid 5852] close(3 [pid 5850] ioctl(3, UI_DEV_SETUP [pid 5852] <... close resumed>) = 0 [pid 5850] <... ioctl resumed>, 0x200000000180) = 0 [pid 5852] write(1, "executing program\n", 18 [pid 5850] ioctl(3, UI_SET_FFBIT [pid 5852] <... write resumed>) = 18 [pid 5850] <... ioctl resumed>, 0x51) = 0 [pid 5852] openat(AT_FDCWD, "/dev/uinput", O_RDONLY [pid 5850] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5852] <... openat resumed>) = 3 [pid 5845] <... openat resumed>) = 4 [pid 5852] ioctl(3, UI_DEV_SETUP, 0x200000000180) = 0 [pid 5852] ioctl(3, UI_SET_FFBIT [pid 5845] ioctl(4, EVIOCSFF, {type=FF_RUMBLE, id=-1, direction=0, ...} [pid 5852] <... ioctl resumed>, 0x51) = 0 [ 90.166670][ T5845] input: syz1 as /devices/virtual/input/input5 [ 90.179377][ T5847] input: syz1 as /devices/virtual/input/input6 [ 90.200042][ T5850] input: syz1 as /devices/virtual/input/input8 [ 90.205066][ T5845] [ 90.207208][ T5852] input: syz1 as /devices/virtual/input/input9 [ 90.208590][ T5845] ====================================================== [ 90.215855][ T5848] input: syz1 as /devices/virtual/input/input7 [ 90.221836][ T5845] WARNING: possible circular locking dependency detected [ 90.221868][ T5845] 6.16.0-rc7-syzkaller #0 Not tainted [ 90.221880][ T5845] ------------------------------------------------------ [ 90.221888][ T5845] syz-executor202/5845 is trying to acquire lock: [ 90.221900][ T5845] ffff88802713a870 (&newdev->mutex){+.+.}-{4:4}, at: uinput_request_submit+0x188/0x6f0 [ 90.263954][ T5845] [ 90.263954][ T5845] but task is already holding lock: [ 90.271327][ T5845] ffff8880308cb8b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x398/0xae0 [ 90.280147][ T5845] [ 90.280147][ T5845] which lock already depends on the new lock. [ 90.280147][ T5845] [ 90.290559][ T5845] [ 90.290559][ T5845] the existing dependency chain (in reverse order) is: [ 90.299598][ T5845] [ 90.299598][ T5845] -> #3 (&ff->mutex){+.+.}-{4:4}: [ 90.306846][ T5845] lock_acquire+0x120/0x360 [ 90.311891][ T5845] __mutex_lock+0x182/0xe80 [ 90.316941][ T5845] input_ff_flush+0x5e/0x140 [ 90.322065][ T5845] input_flush_device+0xa6/0xd0 [ 90.327449][ T5845] evdev_release+0xe1/0x800 [ 90.332485][ T5845] __fput+0x44c/0xa70 [ 90.337037][ T5845] fput_close_sync+0x119/0x200 [ 90.342337][ T5845] __x64_sys_close+0x7f/0x110 [ 90.347555][ T5845] do_syscall_64+0xfa/0x3b0 [ 90.352590][ T5845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.359070][ T5845] [ 90.359070][ T5845] -> #2 (&dev->mutex#2){+.+.}-{4:4}: [ 90.366657][ T5845] lock_acquire+0x120/0x360 [ 90.371697][ T5845] __mutex_lock+0x182/0xe80 [ 90.376731][ T5845] input_register_handle+0x18f/0x4c0 [ 90.382569][ T5845] kbd_connect+0xc3/0x140 [ 90.387540][ T5845] input_register_device+0xcee/0x10b0 [ 90.393465][ T5845] acpi_button_add+0x6b1/0xb50 [ 90.398773][ T5845] acpi_device_probe+0xa5/0x2d0 [ 90.404175][ T5845] really_probe+0x26a/0x9a0 [ 90.409234][ T5845] __driver_probe_device+0x18c/0x2f0 [ 90.415058][ T5845] driver_probe_device+0x4f/0x430 [ 90.420614][ T5845] __driver_attach+0x452/0x700 [ 90.425919][ T5845] bus_for_each_dev+0x230/0x2b0 [ 90.431401][ T5845] bus_add_driver+0x345/0x640 [ 90.436611][ T5845] driver_register+0x23a/0x320 [ 90.441904][ T5845] do_one_initcall+0x233/0x820 [ 90.447214][ T5845] do_initcall_level+0x137/0x1f0 [ 90.452782][ T5845] do_initcalls+0x69/0xd0 [ 90.457647][ T5845] kernel_init_freeable+0x3d9/0x570 [ 90.463376][ T5845] kernel_init+0x1d/0x1d0 [ 90.468252][ T5845] ret_from_fork+0x3fc/0x770 [ 90.473376][ T5845] ret_from_fork_asm+0x1a/0x30 [ 90.478676][ T5845] [ 90.478676][ T5845] -> #1 (input_mutex){+.+.}-{4:4}: [ 90.485994][ T5845] lock_acquire+0x120/0x360 [ 90.491166][ T5845] __mutex_lock+0x182/0xe80 [ 90.496318][ T5845] input_register_device+0xa74/0x10b0 [ 90.502245][ T5845] uinput_create_device+0x422/0x670 [ 90.507982][ T5845] uinput_ioctl_handler+0x3f0/0x1570 [ 90.513804][ T5845] __se_sys_ioctl+0xf9/0x170 [ 90.518942][ T5845] do_syscall_64+0xfa/0x3b0 [ 90.523996][ T5845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.530428][ T5845] [ 90.530428][ T5845] -> #0 (&newdev->mutex){+.+.}-{4:4}: [ 90.538006][ T5845] validate_chain+0xb9b/0x2140 [ 90.543310][ T5845] __lock_acquire+0xab9/0xd20 [ 90.548514][ T5845] lock_acquire+0x120/0x360 [ 90.553575][ T5845] __mutex_lock+0x182/0xe80 [ 90.558635][ T5845] uinput_request_submit+0x188/0x6f0 [ 90.564459][ T5845] uinput_dev_upload_effect+0x150/0x1e0 [ 90.570536][ T5845] input_ff_upload+0x5fc/0xae0 [ 90.575834][ T5845] evdev_ioctl_handler+0x1644/0x1f10 [ 90.581651][ T5845] __se_sys_ioctl+0xf9/0x170 [ 90.586779][ T5845] do_syscall_64+0xfa/0x3b0 [ 90.591813][ T5845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.598236][ T5845] [ 90.598236][ T5845] other info that might help us debug this: [ 90.598236][ T5845] [ 90.608475][ T5845] Chain exists of: [ 90.608475][ T5845] &newdev->mutex --> &dev->mutex#2 --> &ff->mutex [ 90.608475][ T5845] [ 90.620853][ T5845] Possible unsafe locking scenario: [ 90.620853][ T5845] [ 90.628405][ T5845] CPU0 CPU1 [ 90.633793][ T5845] ---- ---- [ 90.639167][ T5845] lock(&ff->mutex); [ 90.643169][ T5845] lock(&dev->mutex#2); [ 90.649959][ T5845] lock(&ff->mutex); [ 90.656517][ T5845] lock(&newdev->mutex); [ 90.660862][ T5845] [ 90.660862][ T5845] *** DEADLOCK *** [ 90.660862][ T5845] [ 90.669015][ T5845] 2 locks held by syz-executor202/5845: [ 90.674570][ T5845] #0: ffff888143f50118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_ioctl_handler+0x121/0x1f10 [ 90.684548][ T5845] #1: ffff8880308cb8b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x398/0xae0 [ 90.693814][ T5845] [ 90.693814][ T5845] stack backtrace: [ 90.699731][ T5845] CPU: 0 UID: 0 PID: 5845 Comm: syz-executor202 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 90.699752][ T5845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 90.699769][ T5845] Call Trace: [ 90.699782][ T5845] [ 90.699790][ T5845] dump_stack_lvl+0x189/0x250 [ 90.699813][ T5845] ? __pfx_dump_stack_lvl+0x10/0x10 [ 90.699832][ T5845] ? __pfx__printk+0x10/0x10 [ 90.699859][ T5845] ? print_lock_name+0xde/0x100 [ 90.699881][ T5845] print_circular_bug+0x2ee/0x310 [ 90.699904][ T5845] check_noncircular+0x134/0x160 [ 90.699926][ T5845] validate_chain+0xb9b/0x2140 [ 90.699948][ T5845] ? stack_trace_save+0x9c/0xe0 [ 90.699969][ T5845] ? __pfx_stack_trace_save+0x10/0x10 [ 90.699989][ T5845] ? __pfx_hlock_conflict+0x10/0x10 [ 90.700012][ T5845] __lock_acquire+0xab9/0xd20 [ 90.700030][ T5845] ? uinput_request_submit+0x188/0x6f0 [ 90.700052][ T5845] lock_acquire+0x120/0x360 [ 90.700066][ T5845] ? uinput_request_submit+0x188/0x6f0 [ 90.700092][ T5845] __mutex_lock+0x182/0xe80 [ 90.700110][ T5845] ? uinput_request_submit+0x188/0x6f0 [ 90.700131][ T5845] ? __lock_acquire+0xab9/0xd20 [ 90.700147][ T5845] ? uinput_request_submit+0x188/0x6f0 [ 90.700169][ T5845] ? __pfx___mutex_lock+0x10/0x10 [ 90.700189][ T5845] ? do_raw_spin_unlock+0x122/0x240 [ 90.700213][ T5845] ? _raw_spin_unlock+0x28/0x50 [ 90.700239][ T5845] ? uinput_request_alloc_id+0x3cf/0x400 [ 90.700260][ T5845] uinput_request_submit+0x188/0x6f0 [ 90.700281][ T5845] ? __mutex_trylock_common+0x153/0x260 [ 90.700308][ T5845] ? __pfx_uinput_request_submit+0x10/0x10 [ 90.700330][ T5845] ? rcu_is_watching+0x15/0xb0 [ 90.700348][ T5845] ? trace_contention_end+0x39/0x120 [ 90.700368][ T5845] ? __mutex_lock+0x330/0xe80 [ 90.700389][ T5845] uinput_dev_upload_effect+0x150/0x1e0 [ 90.700410][ T5845] ? __pfx_uinput_dev_upload_effect+0x10/0x10 [ 90.700440][ T5845] input_ff_upload+0x5fc/0xae0 [ 90.700463][ T5845] evdev_ioctl_handler+0x1644/0x1f10 [ 90.700482][ T5845] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 90.700500][ T5845] ? __pfx_evdev_ioctl_handler+0x10/0x10 [ 90.700516][ T5845] ? __pfx_smack_log+0x10/0x10 [ 90.700540][ T5845] ? smk_access+0x14c/0x4e0 [ 90.700565][ T5845] ? smk_tskacc+0x2fc/0x370 [ 90.700590][ T5845] ? smack_file_ioctl+0x24a/0x340 [ 90.700606][ T5845] ? __pfx_smack_file_ioctl+0x10/0x10 [ 90.700623][ T5845] ? __pfx_ptrace_notify+0x10/0x10 [ 90.700644][ T5845] ? bpf_lsm_file_ioctl+0x9/0x20 [ 90.700663][ T5845] ? __pfx_evdev_ioctl+0x10/0x10 [ 90.700678][ T5845] __se_sys_ioctl+0xf9/0x170 [ 90.700704][ T5845] do_syscall_64+0xfa/0x3b0 [ 90.700723][ T5845] ? lockdep_hardirqs_on+0x9c/0x150 [ 90.700740][ T5845] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.700756][ T5845] ? clear_bhb_loop+0x60/0xb0 [ 90.700774][ T5845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.700791][ T5845] RIP: 0033:0x7f639b9dd4e9 [ 90.700812][ T5845] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 90.700827][ T5845] RSP: 002b:00007ffc9088e448 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 90.700844][ T5845] RAX: ffffffffffffffda RBX: 00007ffc9088e490 RCX: 00007f639b9dd4e9 [pid 5852] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5847] <... ioctl resumed>, 0) = 0 [pid 5847] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY [pid 5852] <... ioctl resumed>, 0) = 0 [pid 5852] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY [pid 5850] <... ioctl resumed>, 0) = 0 [pid 5848] <... ioctl resumed>, 0) = 0 [pid 5850] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY [ 90.700857][ T5845] RDX: 0000200000000300 RSI: 0000000040304580 RDI: 0000000000000004 [ 90.700868][ T5845] RBP: 0000000000000000 R08: 00007ffc9088e490 R09: 00007ffc9088e490 [ 90.700879][ T5845] R10: 000000000000000f R11: 0000000000000246 R12: 00000000000f4240 [ 90.700889][ T5845] R13: 00007ffc9088e718 R14: 00007ffc9088e47c R15: 00007ffc9088e480 [ 90.700907][ T5845] [ 91.976892][ T980] cfg80211: failed to load regulatory.db [pid 5848] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY [pid 5844] kill(-5847, SIGKILL [pid 5843] kill(-5845, SIGKILL [pid 5844] <... kill resumed>) = 0 [pid 5844] kill(5847, SIGKILL [pid 5847] <... openat resumed>) = ? [pid 5844] <... kill resumed>) = 0 [pid 5843] <... kill resumed>) = 0 [pid 5843] kill(5845, SIGKILL) = 0 [pid 5847] +++ killed by SIGKILL +++ [pid 5844] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5847, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- [pid 5844] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5864 attached [pid 5851] kill(-5852, SIGKILL [pid 5849] kill(-5850, SIGKILL [pid 5844] <... clone resumed>, child_tidptr=0x55558eb54750) = 5864 [pid 5864] set_robust_list(0x55558eb54760, 24 [pid 5852] <... openat resumed>) = ? [pid 5851] <... kill resumed>) = 0 [pid 5850] <... openat resumed>) = ? [pid 5849] <... kill resumed>) = 0 [pid 5846] kill(-5848, SIGKILL [pid 5864] <... set_robust_list resumed>) = 0 [pid 5851] kill(5852, SIGKILL [pid 5849] kill(5850, SIGKILL [pid 5864] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5851] <... kill resumed>) = 0 [pid 5849] <... kill resumed>) = 0 [pid 5864] <... prctl resumed>) = 0 [pid 5864] setpgid(0, 0) = 0 [pid 5864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5846] <... kill resumed>) = 0 [pid 5864] <... openat resumed>) = 3 executing program [pid 5852] +++ killed by SIGKILL +++ [pid 5850] +++ killed by SIGKILL +++ [pid 5848] <... openat resumed>) = ? [pid 5846] kill(5848, SIGKILL [pid 5864] write(3, "1000", 4 [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5852, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5850, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- [pid 5864] <... write resumed>) = 4 [pid 5864] close(3) = 0 [pid 5864] write(1, "executing program\n", 18) = 18 [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5865 attached [pid 5864] openat(AT_FDCWD, "/dev/uinput", O_RDONLY [pid 5846] <... kill resumed>) = 0 [pid 5848] +++ killed by SIGKILL +++ ./strace-static-x86_64: Process 5866 attached [pid 5846] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5848, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5865] set_robust_list(0x55558eb54760, 24 [pid 5864] <... openat resumed>) = 3 [pid 5846] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5865] <... set_robust_list resumed>) = 0 [pid 5864] ioctl(3, UI_DEV_SETUP [pid 5865] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5864] <... ioctl resumed>, 0x200000000180) = 0 [pid 5866] set_robust_list(0x55558eb54760, 24 [pid 5851] <... clone resumed>, child_tidptr=0x55558eb54750) = 5865 ./strace-static-x86_64: Process 5867 attached [pid 5865] <... prctl resumed>) = 0 [pid 5864] ioctl(3, UI_SET_FFBIT [pid 5867] set_robust_list(0x55558eb54760, 24 [pid 5866] <... set_robust_list resumed>) = 0 [pid 5865] setpgid(0, 0 [pid 5864] <... ioctl resumed>, 0x51) = 0 [pid 5846] <... clone resumed>, child_tidptr=0x55558eb54750) = 5867 [pid 5867] <... set_robust_list resumed>) = 0 [pid 5866] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5865] <... setpgid resumed>) = 0 [pid 5864] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5849] <... clone resumed>, child_tidptr=0x55558eb54750) = 5866 [pid 5867] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5865] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5867] <... prctl resumed>) = 0 [pid 5866] <... prctl resumed>) = 0 [pid 5867] setpgid(0, 0 [pid 5866] setpgid(0, 0 [pid 5865] <... openat resumed>) = 3 [pid 5867] <... setpgid resumed>) = 0 [pid 5866] <... setpgid resumed>) = 0 [pid 5867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5867] write(3, "1000", 4) = 4 [pid 5867] close(3) = 0 [pid 5867] write(1, "executing program\n", 18executing program ) = 18 [pid 5865] write(3, "1000", 4 [pid 5867] openat(AT_FDCWD, "/dev/uinput", O_RDONLY [pid 5866] <... openat resumed>) = 3 [pid 5865] <... write resumed>) = 4 [pid 5867] <... openat resumed>) = 3 [pid 5867] ioctl(3, UI_DEV_SETUP [pid 5865] close(3) = 0 [pid 5867] <... ioctl resumed>, 0x200000000180) = 0 [pid 5867] ioctl(3, UI_SET_FFBITexecuting program , 0x51) = 0 [pid 5866] write(3, "1000", 4 [pid 5865] write(1, "executing program\n", 18 [pid 5864] <... ioctl resumed>, 0) = 0 [pid 5867] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5866] <... write resumed>) = 4 [pid 5865] <... write resumed>) = 18 [pid 5864] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY [pid 5866] close(3) = 0 [pid 5865] openat(AT_FDCWD, "/dev/uinput", O_RDONLY executing program [pid 5866] write(1, "executing program\n", 18 [pid 5865] <... openat resumed>) = 3 [pid 5866] <... write resumed>) = 18 [pid 5865] ioctl(3, UI_DEV_SETUP [pid 5866] openat(AT_FDCWD, "/dev/uinput", O_RDONLY) = 3 [pid 5865] <... ioctl resumed>, 0x200000000180) = 0 [pid 5866] ioctl(3, UI_DEV_SETUP [pid 5865] ioctl(3, UI_SET_FFBIT [pid 5867] <... ioctl resumed>, 0) = 0 [pid 5866] <... ioctl resumed>, 0x200000000180) = 0 [pid 5865] <... ioctl resumed>, 0x51) = 0 [pid 5866] ioctl(3, UI_SET_FFBIT [ 95.213219][ T5864] input: syz1 as /devices/virtual/input/input10 [ 95.235564][ T5867] input: syz1 as /devices/virtual/input/input11 [pid 5865] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5867] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY [pid 5866] <... ioctl resumed>, 0x51) = 0 [pid 5866] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5865] <... ioctl resumed>, 0) = 0 [pid 5865] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY [pid 5866] <... ioctl resumed>, 0) = 0 [ 95.259290][ T5865] input: syz1 as /devices/virtual/input/input12 [ 95.267433][ T5866] input: syz1 as /devices/virtual/input/input13 [pid 5866] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY [pid 5843] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5843] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5843] getdents64(3, 0x55558eb557f0 /* 2 entries */, 32768) = 48 [pid 5843] getdents64(3, 0x55558eb557f0 /* 0 entries */, 32768) = 0 [pid 5843] close(3) = 0 [pid 5844] kill(-5864, SIGKILL) = 0 [pid 5864] <... openat resumed>) = ? [pid 5844] kill(5864, SIGKILL) = 0 [pid 5864] +++ killed by SIGKILL +++ [pid 5844] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5864, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- [pid 5851] kill(-5865, SIGKILL [pid 5849] kill(-5866, SIGKILL [pid 5844] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5865] <... openat resumed>) = ? [pid 5851] <... kill resumed>) = 0 [pid 5849] <... kill resumed>) = 0 [pid 5866] <... openat resumed>) = ? ./strace-static-x86_64: Process 5868 attached [pid 5865] +++ killed by SIGKILL +++ [pid 5851] kill(5865, SIGKILL [pid 5849] kill(5866, SIGKILL [pid 5851] <... kill resumed>) = 0 [pid 5849] <... kill resumed>) = 0 [pid 5846] kill(-5867, SIGKILL [pid 5868] set_robust_list(0x55558eb54760, 24 [pid 5851] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5865, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- [pid 5844] <... clone resumed>, child_tidptr=0x55558eb54750) = 5868 [pid 5868] <... set_robust_list resumed>) = 0 [pid 5867] <... openat resumed>) = ? [pid 5846] <... kill resumed>) = 0 [pid 5868] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5846] kill(5867, SIGKILL./strace-static-x86_64: Process 5869 attached [pid 5868] <... prctl resumed>) = 0 [pid 5846] <... kill resumed>) = 0 [pid 5868] setpgid(0, 0) = 0 [pid 5868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5869] set_robust_list(0x55558eb54760, 24 [pid 5868] <... openat resumed>) = 3 [pid 5869] <... set_robust_list resumed>) = 0 [pid 5868] write(3, "1000", 4 [pid 5867] +++ killed by SIGKILL +++ [pid 5866] +++ killed by SIGKILL +++ [pid 5851] <... clone resumed>, child_tidptr=0x55558eb54750) = 5869 [pid 5846] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5867, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5869] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5868] <... write resumed>) = 4 [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5866, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- [pid 5846] restart_syscall(<... resuming interrupted kill ...> [pid 5869] <... prctl resumed>) = 0 [pid 5868] close(3 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5869] setpgid(0, 0 [pid 5868] <... close resumed>) = 0 [pid 5846] <... restart_syscall resumed>) = 0 [pid 5869] <... setpgid resumed>) = 0 [pid 5868] write(1, "executing program\n", 18executing program [pid 5869] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5868] <... write resumed>) = 18 [pid 5846] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5870 attached ./strace-static-x86_64: Process 5871 attached [pid 5868] openat(AT_FDCWD, "/dev/uinput", O_RDONLY [pid 5869] <... openat resumed>) = 3 [pid 5870] set_robust_list(0x55558eb54760, 24) = 0 [pid 5870] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5871] set_robust_list(0x55558eb54760, 24 [pid 5869] write(3, "1000", 4 [pid 5868] <... openat resumed>) = 3 [pid 5846] <... clone resumed>, child_tidptr=0x55558eb54750) = 5870 [pid 5869] <... write resumed>) = 4 [pid 5849] <... clone resumed>, child_tidptr=0x55558eb54750) = 5871 [pid 5869] close(3 [pid 5870] <... prctl resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 5868] ioctl(3, UI_DEV_SETUP [pid 5870] setpgid(0, 0 [pid 5871] <... set_robust_list resumed>) = 0 executing program [pid 5869] write(1, "executing program\n", 18 [pid 5870] <... setpgid resumed>) = 0 [pid 5870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5869] <... write resumed>) = 18 [pid 5868] <... ioctl resumed>, 0x200000000180) = 0 [pid 5871] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5869] openat(AT_FDCWD, "/dev/uinput", O_RDONLY [pid 5871] <... prctl resumed>) = 0 [pid 5868] ioctl(3, UI_SET_FFBIT [pid 5870] <... openat resumed>) = 3 [pid 5870] write(3, "1000", 4 [pid 5868] <... ioctl resumed>, 0x51) = 0 [pid 5869] <... openat resumed>) = 3 [pid 5870] <... write resumed>) = 4 [pid 5870] close(3) = 0 executing program [pid 5870] write(1, "executing program\n", 18 [pid 5871] setpgid(0, 0 [pid 5869] ioctl(3, UI_DEV_SETUP [pid 5868] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5870] <... write resumed>) = 18 [pid 5869] <... ioctl resumed>, 0x200000000180) = 0 [pid 5871] <... setpgid resumed>) = 0 [pid 5871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3