./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1093928798
<...>
Warning: Permanently added '10.128.1.135' (ED25519) to the list of known hosts.
execve("./syz-executor1093928798", ["./syz-executor1093928798"], 0x7ffcb035d4d0 /* 10 vars */) = 0
brk(NULL) = 0x555559c40000
brk(0x555559c40d00) = 0x555559c40d00
arch_prctl(ARCH_SET_FS, 0x555559c40380) = 0
set_tid_address(0x555559c40650) = 5088
set_robust_list(0x555559c40660, 24) = 0
rseq(0x555559c40ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1093928798", 4096) = 28
getrandom("\xea\xc2\xb3\x1a\x18\x39\x3d\x47", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555559c40d00
brk(0x555559c61d00) = 0x555559c61d00
brk(0x555559c62000) = 0x555559c62000
mprotect(0x7f73dddab000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555559c40650) = 5089
./strace-static-x86_64: Process 5089 attached
[pid 5088] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid 5089] set_robust_list(0x555559c40660, 24) = 0
./strace-static-x86_64: Process 5090 attached
[pid 5089] openat(AT_FDCWD, "/dev/loop0", O_RDWR <unfinished ...>
[pid 5088] <... clone resumed>, child_tidptr=0x555559c40650) = 5090
[pid 5090] set_robust_list(0x555559c40660, 24) = 0
[pid 5089] <... openat resumed>) = 3
[pid 5088] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid 5090] openat(AT_FDCWD, "/dev/loop1", O_RDWR <unfinished ...>
[pid 5089] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid 5090] <... openat resumed>) = 3
[pid 5090] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid 5089] <... ioctl resumed>) = -1 ENXIO (No such device or address)
[pid 5090] <... ioctl resumed>) = -1 ENXIO (No such device or address)
[pid 5089] close(3./strace-static-x86_64: Process 5091 attached
<unfinished ...>
[pid 5088] <... clone resumed>, child_tidptr=0x555559c40650) = 5091
[pid 5090] close(3 <unfinished ...>
[pid 5088] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid 5091] set_robust_list(0x555559c40660, 24 <unfinished ...>
[pid 5090] <... close resumed>) = 0
[pid 5089] <... close resumed>) = 0
[pid 5091] <... set_robust_list resumed>) = 0
[pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5092 attached
<unfinished ...>
[pid 5091] openat(AT_FDCWD, "/dev/loop2", O_RDWR <unfinished ...>
[pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5093 attached
<unfinished ...>
[pid 5092] set_robust_list(0x555559c40660, 24 <unfinished ...>
[pid 5093] set_robust_list(0x555559c40660, 24 <unfinished ...>
[pid 5092] <... set_robust_list resumed>) = 0
[pid 5093] <... set_robust_list resumed>) = 0
./strace-static-x86_64: Process 5094 attached
[pid 5093] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid 5092] openat(AT_FDCWD, "/dev/loop3", O_RDWR <unfinished ...>
[pid 5091] <... openat resumed>) = 3
[pid 5088] <... clone resumed>, child_tidptr=0x555559c40650) = 5092
[pid 5094] set_robust_list(0x555559c40660, 24 <unfinished ...>
[pid 5093] <... prctl resumed>) = 0
[pid 5092] <... openat resumed>) = 3
[pid 5091] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid 5090] <... clone resumed>, child_tidptr=0x555559c40650) = 5093
[pid 5088] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid 5094] <... set_robust_list resumed>) = 0
[pid 5093] setpgid(0, 0 <unfinished ...>
[pid 5092] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid 5091] <... ioctl resumed>) = -1 ENXIO (No such device or address)
[pid 5089] <... clone resumed>, child_tidptr=0x555559c40650) = 5094
./strace-static-x86_64: Process 5095 attached
[pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid 5093] <... setpgid resumed>) = 0
[pid 5092] <... ioctl resumed>) = -1 ENXIO (No such device or address)
[pid 5091] close(3 <unfinished ...>
[pid 5095] set_robust_list(0x555559c40660, 24) = 0
[pid 5095] openat(AT_FDCWD, "/dev/loop4", O_RDWR <unfinished ...>
[pid 5093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid 5091] <... close resumed>) = 0
[pid 5095] <... openat resumed>) = 3
[pid 5092] close(3 <unfinished ...>
[pid 5095] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid 5094] <... prctl resumed>) = 0
[pid 5093] <... openat resumed>) = 3
[pid 5092] <... close resumed>) = 0
[pid 5091] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid 5094] setpgid(0, 0 <unfinished ...>
[pid 5092] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5098 attached
./strace-static-x86_64: Process 5097 attached
<unfinished ...>
[pid 5088] <... clone resumed>, child_tidptr=0x555559c40650) = 5095
[pid 5095] <... ioctl resumed>) = -1 ENXIO (No such device or address)
[pid 5094] <... setpgid resumed>) = 0
[pid 5093] write(3, "1000", 4 <unfinished ...>
[pid 5098] set_robust_list(0x555559c40660, 24 <unfinished ...>
[pid 5097] set_robust_list(0x555559c40660, 24 <unfinished ...>
[pid 5095] close(3 <unfinished ...>
[pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid 5093] <... write resumed>) = 4
[pid 5093] close(3) = 0
[pid 5094] <... openat resumed>) = 3
[pid 5093] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid 5094] write(3, "1000", 4 <unfinished ...>
[pid 5093] ioctl(-1, EVIOCSFF, {type=FF_RUMBLE, id=-1, direction=6, ...} <unfinished ...>
[pid 5092] <... clone resumed>, child_tidptr=0x555559c40650) = 5098
[pid 5094] <... write resumed>) = 4
[pid 5093] <... ioctl resumed>) = -1 EBADF (Bad file descriptor)
[pid 5091] <... clone resumed>, child_tidptr=0x555559c40650) = 5097
[pid 5094] close(3 <unfinished ...>
[pid 5093] openat(AT_FDCWD, "/dev/uinput", O_RDWR|O_NONBLOCK <unfinished ...>
[pid 5094] <... close resumed>) = 0
[pid 5094] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY <unfinished ...>
[pid 5093] <... openat resumed>) = 3
[pid 5094] <... openat resumed>) = -1 ENOENT (No such file or directory)
[pid 5095] <... close resumed>) = 0
[pid 5098] <... set_robust_list resumed>) = 0
[pid 5097] <... set_robust_list resumed>) = 0
[pid 5095] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid 5094] ioctl(-1, EVIOCSFF, {type=FF_RUMBLE, id=-1, direction=6, ...} <unfinished ...>
[pid 5093] ioctl(3, UI_SET_FFBIT <unfinished ...>
[pid 5094] <... ioctl resumed>) = -1 EBADF (Bad file descriptor)
./strace-static-x86_64: Process 5099 attached
[pid 5098] <... prctl resumed>) = 0
[pid 5097] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid 5094] openat(AT_FDCWD, "/dev/uinput", O_RDWR|O_NONBLOCK <unfinished ...>
[pid 5093] <... ioctl resumed>, 0x51) = 0
[pid 5099] set_robust_list(0x555559c40660, 24 <unfinished ...>
[pid 5098] setpgid(0, 0 <unfinished ...>
[pid 5097] <... prctl resumed>) = 0
[pid 5095] <... clone resumed>, child_tidptr=0x555559c40650) = 5099
[pid 5094] <... openat resumed>) = 3
[pid 5093] write(3, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x35\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1116 <unfinished ...>
[pid 5098] <... setpgid resumed>) = 0
[pid 5097] setpgid(0, 0 <unfinished ...>
[pid 5094] ioctl(3, UI_SET_FFBIT <unfinished ...>
[pid 5093] <... write resumed>) = 1116
[pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid 5097] <... setpgid resumed>) = 0
[pid 5094] <... ioctl resumed>, 0x51) = 0
[pid 5093] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN <unfinished ...>
[pid 5094] write(3, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x35\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1116 <unfinished ...>
[pid 5099] <... set_robust_list resumed>) = 0
[pid 5098] <... openat resumed>) = 3
[pid 5097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid 5099] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid 5098] write(3, "1000", 4 <unfinished ...>
[pid 5097] <... openat resumed>) = 3
[pid 5094] <... write resumed>) = 1116
[pid 5098] <... write resumed>) = 4
[pid 5097] write(3, "1000", 4 <unfinished ...>
[pid 5094] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN <unfinished ...>
[pid 5099] <... prctl resumed>) = 0
[pid 5098] close(3 <unfinished ...>
[pid 5097] <... write resumed>) = 4
[pid 5099] setpgid(0, 0 <unfinished ...>
[pid 5098] <... close resumed>) = 0
[pid 5097] close(3 <unfinished ...>
[pid 5099] <... setpgid resumed>) = 0
[pid 5098] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY <unfinished ...>
[pid 5097] <... close resumed>) = 0
[pid 5099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid 5097] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY <unfinished ...>
[pid 5099] <... openat resumed>) = 3
[pid 5097] <... openat resumed>) = -1 ENOENT (No such file or directory)
[pid 5098] <... openat resumed>) = -1 ENOENT (No such file or directory)
[pid 5099] write(3, "1000", 4 <unfinished ...>
[pid 5098] ioctl(-1, EVIOCSFF, {type=FF_RUMBLE, id=-1, direction=6, ...} <unfinished ...>
[pid 5097] ioctl(-1, EVIOCSFF, {type=FF_RUMBLE, id=-1, direction=6, ...} <unfinished ...>
[pid 5099] <... write resumed>) = 4
[pid 5099] close(3 <unfinished ...>
[pid 5097] <... ioctl resumed>) = -1 EBADF (Bad file descriptor)
[pid 5099] <... close resumed>) = 0
[pid 5097] openat(AT_FDCWD, "/dev/uinput", O_RDWR|O_NONBLOCK <unfinished ...>
[pid 5099] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid 5097] <... openat resumed>) = 3
[pid 5097] ioctl(3, UI_SET_FFBIT <unfinished ...>
[pid 5099] ioctl(-1, EVIOCSFF, {type=FF_RUMBLE, id=-1, direction=6, ...} <unfinished ...>
[pid 5098] <... ioctl resumed>) = -1 EBADF (Bad file descriptor)
[pid 5097] <... ioctl resumed>, 0x51) = 0
[pid 5099] <... ioctl resumed>) = -1 EBADF (Bad file descriptor)
[pid 5098] openat(AT_FDCWD, "/dev/uinput", O_RDWR|O_NONBLOCK <unfinished ...>
[pid 5097] write(3, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x35\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1116 <unfinished ...>
[pid 5099] openat(AT_FDCWD, "/dev/uinput", O_RDWR|O_NONBLOCK <unfinished ...>
[pid 5098] <... openat resumed>) = 3
[pid 5097] <... write resumed>) = 1116
[pid 5093] <... ioctl resumed>, 0) = 0
[pid 5099] <... openat resumed>) = 3
[pid 5098] ioctl(3, UI_SET_FFBIT <unfinished ...>
[pid 5097] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN <unfinished ...>
[pid 5093] memfd_create("syzkaller", 0) = 4
[pid 5094] <... ioctl resumed>, 0) = 0
[pid 5093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid 5099] ioctl(3, UI_SET_FFBIT <unfinished ...>
[pid 5098] <... ioctl resumed>, 0x51) = 0
[pid 5093] <... mmap resumed>) = 0x7f73d5800000
[pid 5094] memfd_create("syzkaller", 0) = 4
[pid 5093] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 <unfinished ...>
[pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f73d5800000
[pid 5098] write(3, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x35\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1116 <unfinished ...>
[pid 5099] <... ioctl resumed>, 0x51) = 0
[pid 5098] <... write resumed>) = 1116
[ 56.131962][ T5093] input: syz1 as /devices/virtual/input/input5
[ 56.141357][ T5094] input: syz1 as /devices/virtual/input/input6
[ 56.169644][ T5097] input: syz1 as /devices/virtual/input/input7
[pid 5098] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN <unfinished ...>
[pid 5099] write(3, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x35\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1116 <unfinished ...>
[pid 5093] <... write resumed>) = 262144
[pid 5094] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 <unfinished ...>
[pid 5099] <... write resumed>) = 1116
[pid 5099] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN <unfinished ...>
[pid 5093] munmap(0x7f73d5800000, 138412032 <unfinished ...>
[pid 5094] <... write resumed>) = 262144
[pid 5093] <... munmap resumed>) = 0
[pid 5094] munmap(0x7f73d5800000, 138412032) = 0
[pid 5093] openat(AT_FDCWD, "/dev/loop1", O_RDWR <unfinished ...>
[pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR <unfinished ...>
[pid 5093] <... openat resumed>) = 5
[pid 5094] <... openat resumed>) = 5
[pid 5093] ioctl(5, LOOP_SET_FD, 4 <unfinished ...>
[pid 5097] <... ioctl resumed>, 0) = 0
[pid 5094] ioctl(5, LOOP_SET_FD, 4 <unfinished ...>
[pid 5097] memfd_create("syzkaller", 0 <unfinished ...>
[pid 5098] <... ioctl resumed>, 0) = 0
[pid 5097] <... memfd_create resumed>) = 4
[pid 5094] <... ioctl resumed>) = 0
[pid 5094] close(4) = 0
[pid 5094] close(5) = 0
[pid 5094] mkdir("./file0", 0777) = 0
[pid 5098] memfd_create("syzkaller", 0 <unfinished ...>
[pid 5097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid 5094] mount("/dev/loop0", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue" <unfinished ...>
[pid 5099] <... ioctl resumed>, 0) = 0
[pid 5098] <... memfd_create resumed>) = 4
[pid 5097] <... mmap resumed>) = 0x7f73d5800000
[pid 5093] <... ioctl resumed>) = 0
[pid 5099] memfd_create("syzkaller", 0 <unfinished ...>
[pid 5098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid 5099] <... memfd_create resumed>) = 4
[pid 5098] <... mmap resumed>) = 0x7f73d5800000
[pid 5097] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 <unfinished ...>
[pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid 5098] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 <unfinished ...>
[pid 5097] <... write resumed>) = 262144
[pid 5093] close(4 <unfinished ...>
[pid 5099] <... mmap resumed>) = 0x7f73d5800000
[pid 5093] <... close resumed>) = 0
[ 56.184379][ T5098] input: syz1 as /devices/virtual/input/input8
[ 56.194873][ T5099] input: syz1 as /devices/virtual/input/input9
[ 56.206413][ T5094] loop0: detected capacity change from 0 to 512
[ 56.213075][ T5093] loop1: detected capacity change from 0 to 512
[pid 5093] close(5 <unfinished ...>
[pid 5099] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 <unfinished ...>
[pid 5098] <... write resumed>) = 262144
[pid 5093] <... close resumed>) = 0
[pid 5093] mkdir("./file0", 0777 <unfinished ...>
[pid 5097] munmap(0x7f73d5800000, 138412032 <unfinished ...>
[pid 5093] <... mkdir resumed>) = -1 EEXIST (File exists)
[pid 5097] <... munmap resumed>) = 0
[pid 5093] mount("/dev/loop1", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue" <unfinished ...>
[pid 5097] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 5
[pid 5097] ioctl(5, LOOP_SET_FD, 4 <unfinished ...>
[pid 5098] munmap(0x7f73d5800000, 138412032 <unfinished ...>
[pid 5099] <... write resumed>) = 262144
[pid 5098] <... munmap resumed>) = 0
[pid 5098] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 5
[pid 5098] ioctl(5, LOOP_SET_FD, 4 <unfinished ...>
[pid 5099] munmap(0x7f73d5800000, 138412032) = 0
[ 56.274784][ T5097] loop2: detected capacity change from 0 to 512
[ 56.291818][ T5094] EXT4-fs error (device loop0): ext4_orphan_get:1394: inode #15: comm syz-executor109: casefold flag without casefold feature
[ 56.297395][ T5098] loop3: detected capacity change from 0 to 512
[pid 5099] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5
[pid 5099] ioctl(5, LOOP_SET_FD, 4 <unfinished ...>
[pid 5097] <... ioctl resumed>) = 0
[pid 5097] close(4) = 0
[pid 5097] close(5) = 0
[pid 5097] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5097] mount("/dev/loop2", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue" <unfinished ...>
[pid 5098] <... ioctl resumed>) = 0
[pid 5099] <... ioctl resumed>) = 0
[pid 5098] close(4 <unfinished ...>
[pid 5099] close(4) = 0
[pid 5099] close(5) = 0
[pid 5099] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[pid 5098] <... close resumed>) = 0
[pid 5099] mount("/dev/loop4", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue" <unfinished ...>
[pid 5098] close(5) = 0
[pid 5098] mkdir("./file0", 0777) = -1 EEXIST (File exists)
[ 56.316656][ T5093] EXT4-fs error (device loop1): ext4_orphan_get:1394: inode #15: comm syz-executor109: casefold flag without casefold feature
[ 56.316907][ T5099] loop4: detected capacity change from 0 to 512
[ 56.349440][ T5094] EXT4-fs error (device loop0): ext4_orphan_get:1399: comm syz-executor109: couldn't read orphan inode 15 (err -117)
[ 56.362502][ T5093] EXT4-fs error (device loop1): ext4_orphan_get:1399: comm syz-executor109: couldn't read orphan inode 15 (err -117)
[ 56.401801][ T5099] EXT4-fs error (device loop4): ext4_orphan_get:1394: inode #15: comm syz-executor109: casefold flag without casefold feature
[ 56.414619][ T5094] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 56.427856][ T5093] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[pid 5098] mount("/dev/loop3", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue" <unfinished ...>
[pid 5093] <... mount resumed>) = 0
[ 56.441253][ T5098] EXT4-fs error (device loop3): ext4_orphan_get:1394: inode #15: comm syz-executor109: casefold flag without casefold feature
[ 56.449138][ T5097] EXT4-fs error (device loop2): ext4_orphan_get:1394: inode #15: comm syz-executor109: casefold flag without casefold feature
[ 56.468818][ T5098] EXT4-fs error (device loop3): ext4_orphan_get:1399: comm syz-executor109: couldn't read orphan inode 15 (err -117)
[ 56.483196][ T5098] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[pid 5093] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY <unfinished ...>
[pid 5098] <... mount resumed>) = 0
[pid 5094] <... mount resumed>) = 0
[pid 5093] <... openat resumed>) = 4
[pid 5094] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4
[pid 5093] chdir("./file0" <unfinished ...>
[pid 5094] chdir("./file0" <unfinished ...>
[pid 5093] <... chdir resumed>) = 0
[pid 5093] openat(AT_FDCWD, "/dev/loop1", O_RDWR <unfinished ...>
[pid 5094] <... chdir resumed>) = 0
[pid 5098] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY <unfinished ...>
[pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR <unfinished ...>
[pid 5093] <... openat resumed>) = -1 EBUSY (Device or resource busy)
[pid 5098] <... openat resumed>) = 4
[pid 5098] chdir("./file0" <unfinished ...>
[pid 5094] <... openat resumed>) = -1 EBUSY (Device or resource busy)
[pid 5093] exit_group(0 <unfinished ...>
[pid 5098] <... chdir resumed>) = 0
[pid 5093] <... exit_group resumed>) = ?
[pid 5098] openat(AT_FDCWD, "/dev/loop3", O_RDWR <unfinished ...>
[pid 5094] exit_group(0 <unfinished ...>
[pid 5098] <... openat resumed>) = -1 EBUSY (Device or resource busy)
[pid 5094] <... exit_group resumed>) = ?
[ 56.483379][ T5099] EXT4-fs error (device loop4): ext4_orphan_get:1399: comm syz-executor109: couldn't read orphan inode 15 (err -117)
[ 56.518935][ T5097] EXT4-fs error (device loop2): ext4_orphan_get:1399: comm syz-executor109: couldn't read orphan inode 15 (err -117)
[pid 5098] exit_group(0 <unfinished ...>
[pid 5093] +++ exited with 0 +++
[pid 5098] <... exit_group resumed>) = ?
[pid 5090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5093, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
[pid 5094] +++ exited with 0 +++
[pid 5090] openat(AT_FDCWD, "/dev/loop1", O_RDWR <unfinished ...>
[pid 5099] <... mount resumed>) = 0
[pid 5098] +++ exited with 0 +++
[pid 5097] <... mount resumed>) = 0
[pid 5090] <... openat resumed>) = -1 EBUSY (Device or resource busy)
[pid 5089] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5094, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} ---
[pid 5092] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} ---
[pid 5097] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4
[pid 5097] chdir("./file0" <unfinished ...>
[pid 5099] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY <unfinished ...>
[pid 5090] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid 5099] <... openat resumed>) = 4
[pid 5097] <... chdir resumed>) = 0
[pid 5092] openat(AT_FDCWD, "/dev/loop3", O_RDWR <unfinished ...>
[pid 5097] openat(AT_FDCWD, "/dev/loop2", O_RDWR <unfinished ...>
[pid 5099] chdir("./file0" <unfinished ...>
[pid 5090] <... clone resumed>, child_tidptr=0x555559c40650) = 5112
[pid 5099] <... chdir resumed>) = 0
[pid 5099] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 5112 attached
<unfinished ...>
[pid 5097] <... openat resumed>) = -1 EBUSY (Device or resource busy)
[pid 5092] <... openat resumed>) = -1 EBUSY (Device or resource busy)
[pid 5089] openat(AT_FDCWD, "/dev/loop0", O_RDWR <unfinished ...>
[pid 5112] set_robust_list(0x555559c40660, 24 <unfinished ...>
[pid 5099] <... openat resumed>) = -1 EBUSY (Device or resource busy)
[pid 5097] exit_group(0 <unfinished ...>
[pid 5092] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid 5112] <... set_robust_list resumed>) = 0
[pid 5099] exit_group(0 <unfinished ...>
[pid 5089] <... openat resumed>) = -1 EBUSY (Device or resource busy)
[pid 5112] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid 5099] <... exit_group resumed>) = ?
[pid 5097] <... exit_group resumed>) = ?
[pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5113 attached
<unfinished ...>
[pid 5112] <... prctl resumed>) = 0
./strace-static-x86_64: Process 5114 attached
[pid 5113] set_robust_list(0x555559c40660, 24 <unfinished ...>
[pid 5114] set_robust_list(0x555559c40660, 24 <unfinished ...>
[pid 5113] <... set_robust_list resumed>) = 0
[pid 5112] setpgid(0, 0 <unfinished ...>
[pid 5114] <... set_robust_list resumed>) = 0
[pid 5113] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid 5112] <... setpgid resumed>) = 0
[pid 5089] <... clone resumed>, child_tidptr=0x555559c40650) = 5114
[pid 5114] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid 5113] <... prctl resumed>) = 0
[pid 5114] <... prctl resumed>) = 0
[ 56.554167][ T5099] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 56.572337][ T5097] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[pid 5113] setpgid(0, 0 <unfinished ...>
[pid 5112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid 5099] +++ exited with 0 +++
[pid 5097] +++ exited with 0 +++
[pid 5092] <... clone resumed>, child_tidptr=0x555559c40650) = 5113
[pid 5095] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5099, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} ---
[pid 5091] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5097, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
[pid 5114] setpgid(0, 0 <unfinished ...>
[pid 5113] <... setpgid resumed>) = 0
[pid 5114] <... setpgid resumed>) = 0
[pid 5113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid 5112] <... openat resumed>) = 3
[pid 5114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid 5113] <... openat resumed>) = 3
[pid 5091] openat(AT_FDCWD, "/dev/loop2", O_RDWR <unfinished ...>
[pid 5112] write(3, "1000", 4 <unfinished ...>
[pid 5095] openat(AT_FDCWD, "/dev/loop4", O_RDWR <unfinished ...>
[pid 5112] <... write resumed>) = 4
[pid 5091] <... openat resumed>) = -1 EBUSY (Device or resource busy)
[pid 5095] <... openat resumed>) = -1 EBUSY (Device or resource busy)
[pid 5114] <... openat resumed>) = 3
[pid 5113] write(3, "1000", 4 <unfinished ...>
[pid 5112] close(3 <unfinished ...>
[pid 5095] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid 5091] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid 5114] write(3, "1000", 4 <unfinished ...>
[pid 5113] <... write resumed>) = 4
[pid 5112] <... close resumed>) = 0
[pid 5114] <... write resumed>) = 4
[pid 5113] close(3 <unfinished ...>
[pid 5114] close(3 <unfinished ...>
[pid 5113] <... close resumed>) = 0
[pid 5114] <... close resumed>) = 0
[pid 5113] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY <unfinished ...>
[pid 5114] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY <unfinished ...>
[pid 5113] <... openat resumed>) = -1 ENOENT (No such file or directory)
[pid 5114] <... openat resumed>) = -1 ENOENT (No such file or directory)
[pid 5114] ioctl(-1, EVIOCSFF, {type=FF_RUMBLE, id=-1, direction=6, ...} <unfinished ...>
[pid 5113] ioctl(-1, EVIOCSFF, {type=FF_RUMBLE, id=-1, direction=6, ...} <unfinished ...>
[pid 5114] <... ioctl resumed>) = -1 EBADF (Bad file descriptor)
[pid 5113] <... ioctl resumed>) = -1 EBADF (Bad file descriptor)
[pid 5114] openat(AT_FDCWD, "/dev/uinput", O_RDWR|O_NONBLOCK <unfinished ...>
[pid 5113] openat(AT_FDCWD, "/dev/uinput", O_RDWR|O_NONBLOCK./strace-static-x86_64: Process 5116 attached
./strace-static-x86_64: Process 5115 attached
<unfinished ...>
[pid 5114] <... openat resumed>) = 3
[pid 5113] <... openat resumed>) = 3
[pid 5112] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY <unfinished ...>
[pid 5116] set_robust_list(0x555559c40660, 24 <unfinished ...>
[pid 5112] <... openat resumed>) = -1 ENOENT (No such file or directory)
[pid 5116] <... set_robust_list resumed>) = 0
[pid 5095] <... clone resumed>, child_tidptr=0x555559c40650) = 5115
[pid 5091] <... clone resumed>, child_tidptr=0x555559c40650) = 5116
[pid 5116] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid 5115] set_robust_list(0x555559c40660, 24 <unfinished ...>
[pid 5114] ioctl(3, UI_SET_FFBIT <unfinished ...>
[pid 5113] ioctl(3, UI_SET_FFBIT <unfinished ...>
[pid 5112] ioctl(-1, EVIOCSFF, {type=FF_RUMBLE, id=-1, direction=6, ...} <unfinished ...>
[pid 5116] <... prctl resumed>) = 0
[pid 5115] <... set_robust_list resumed>) = 0
[pid 5114] <... ioctl resumed>, 0x51) = 0
[pid 5113] <... ioctl resumed>, 0x51) = 0
[pid 5112] <... ioctl resumed>) = -1 EBADF (Bad file descriptor)
[pid 5116] setpgid(0, 0 <unfinished ...>
[pid 5115] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid 5114] write(3, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x35\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1116 <unfinished ...>
[pid 5113] write(3, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x35\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1116 <unfinished ...>
[pid 5112] openat(AT_FDCWD, "/dev/uinput", O_RDWR|O_NONBLOCK <unfinished ...>
[pid 5116] <... setpgid resumed>) = 0
[pid 5115] <... prctl resumed>) = 0
[pid 5114] <... write resumed>) = 1116
[pid 5113] <... write resumed>) = 1116
[pid 5115] setpgid(0, 0 <unfinished ...>
[pid 5114] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN <unfinished ...>
[pid 5113] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN <unfinished ...>
[pid 5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid 5112] <... openat resumed>) = 3
[pid 5116] <... openat resumed>) = 3
[pid 5115] <... setpgid resumed>) = 0
[pid 5112] ioctl(3, UI_SET_FFBIT, 0x51) = 0
[pid 5112] write(3, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x35\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1116) = 1116
[pid 5116] write(3, "1000", 4) = 4
[pid 5112] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN <unfinished ...>
[pid 5115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid 5114] <... ioctl resumed>, 0) = 0
[pid 5113] <... ioctl resumed>, 0) = 0
[pid 5116] close(3) = 0
[pid 5116] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY <unfinished ...>
[pid 5115] <... openat resumed>) = 3
[pid 5114] memfd_create("syzkaller", 0 <unfinished ...>
[pid 5115] write(3, "1000", 4 <unfinished ...>
[pid 5114] <... memfd_create resumed>) = 4
[pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid 5113] memfd_create("syzkaller", 0 <unfinished ...>
[pid 5115] <... write resumed>) = 4
[pid 5114] <... mmap resumed>) = 0x7f73d5800000
[pid 5115] close(3) = 0
[pid 5115] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY <unfinished ...>
[pid 5114] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 <unfinished ...>
[pid 5116] <... openat resumed>) = 3
[pid 5113] <... memfd_create resumed>) = 4
[pid 5116] ioctl(3, EVIOCSFF, {type=FF_RUMBLE, id=-1, direction=6, ...} <unfinished ...>
[pid 5115] <... openat resumed>) = 3
[pid 5113] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid 5115] ioctl(3, EVIOCSFF, {type=FF_RUMBLE, id=-1, direction=6, ...} <unfinished ...>
[pid 5113] <... mmap resumed>) = 0x7f73d5800000
[ 56.661964][ T5114] input: syz1 as /devices/virtual/input/input10
[ 56.678415][ T5113] input: syz1 as /devices/virtual/input/input11
[ 56.683480][ T5112] input: syz1 as /devices/virtual/input/input12
[ 56.702349][ T5116]
[ 56.704708][ T5116] ======================================================
[pid 5114] <... write resumed>) = 262144
[pid 5113] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 <unfinished ...>
[pid 5114] munmap(0x7f73d5800000, 138412032 <unfinished ...>
[pid 5113] <... write resumed>) = 262144
[pid 5114] <... munmap resumed>) = 0
[pid 5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[ 56.711730][ T5116] WARNING: possible circular locking dependency detected
[ 56.718759][ T5116] 6.9.0-rc4-next-20240418-syzkaller #0 Not tainted
[ 56.725279][ T5116] ------------------------------------------------------
[ 56.732305][ T5116] syz-executor109/5116 is trying to acquire lock:
[ 56.738726][ T5116] ffff8880117e3870 (&newdev->mutex){+.+.}-{3:3}, at: uinput_request_submit+0x19c/0x740
[ 56.741207][ T5114] BUG: unable to handle page fault for address: fffffffffffffff8
[ 56.748415][ T5116]
[ 56.748415][ T5116] but task is already holding lock:
[ 56.748424][ T5116] ffff888015fb60b0
[ 56.756111][ T5114] #PF: supervisor read access in kernel mode
[ 56.763450][ T5116] (&ff->mutex
[ 56.767140][ T5114] #PF: error_code(0x0000) - not-present page
[ 56.773086][ T5116] ){+.+.}-{3:3}
[ 56.776433][ T5114] PGD e136067
[ 56.782382][ T5116] , at: input_ff_upload+0x3e4/0xb00
[ 56.785837][ T5114] P4D e136067
[ 56.789180][ T5116]
[ 56.789180][ T5116] which lock already depends on the new lock.
[ 56.789180][ T5116]
[ 56.794345][ T5114] PUD e138067
[ 56.797687][ T5116]
[ 56.797687][ T5116] the existing dependency chain (in reverse order) is:
[ 56.808062][ T5114] PMD 0
[ 56.811406][ T5116]
[ 56.811406][ T5116] -> #3 (
[ 56.820401][ T5114] Oops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI
[ 56.823223][ T5116] &ff->mutex){+.+.}-{3:3}
[ 56.828304][ T5114] CPU: 1 PID: 5114 Comm: syz-executor109 Not tainted 6.9.0-rc4-next-20240418-syzkaller #0
[ 56.834423][ T5116] :
[ 56.834430][ T5116] lock_acquire+0x1ed/0x550
[ 56.838722][ T5114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 56.848576][ T5116] __mutex_lock+0x136/0xd70
[ 56.850967][ T5114] RIP: 0010:complete+0x9b/0x1c0
[ 56.855963][ T5116] input_ff_flush+0x5e/0x140
[ 56.865993][ T5114] Code: df e8 39 fd 8b 00 4c 8b 23 49 39 dc 0f 84 e2 00 00 00 49 8d 7c 24 f8 48 89 f8 48 c1 e8 03 42 80 3c 30 00 74 05 e8 15 fd 8b 00 <49> 8b 7c 24 f8 be 03 00 00 00 31 d2 e8 04 e5 f6 ff 4c 89 e7 e8 3c
[ 56.870985][ T5116] input_flush_device+0x9c/0xc0
[ 56.875802][ T5114] RSP: 0018:ffffc9000355fb30 EFLAGS: 00010046
[ 56.880881][ T5116] evdev_release+0xf9/0x7d0
[ 56.900460][ T5114]
[ 56.900466][ T5114] RAX: 1fffffffffffffff RBX: ffffc9000363faf8 RCX: 0000000000000001
[ 56.905804][ T5116] __fput+0x406/0x8b0
[ 56.911839][ T5114] RDX: dffffc0000000000 RSI: 0000000000000004 RDI: fffffffffffffff8
[ 56.916837][ T5116] __x64_sys_close+0x7f/0x110
[ 56.919161][ T5114] RBP: 1ffff920006c7f56 R08: 0000000000000003 R09: fffff520006abf40
[ 56.927127][ T5116] do_syscall_64+0xf5/0x240
[ 56.931625][ T5114] R10: dffffc0000000000 R11: fffff520006abf40 R12: 0000000000000000
[ 56.939572][ T5116] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 56.944745][ T5114] R13: 0000000000000246 R14: dffffc0000000000 R15: ffffc9000363fab8
[ 56.952692][ T5116]
[ 56.952692][ T5116] -> #2 (
[ 56.957682][ T5114] FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
[ 56.965626][ T5116] &dev->mutex
[ 56.972006][ T5114] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 56.979953][ T5116] #2){+.+.}-{3:3}
[ 56.985037][ T5114] CR2: fffffffffffffff8 CR3: 000000000e132000 CR4: 00000000003506f0
[ 56.993935][ T5116] :
[ 56.993941][ T5116] lock_acquire+0x1ed/0x550
[ 56.997194][ T5114] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 57.003760][ T5116] __mutex_lock+0x136/0xd70
[ 57.007368][ T5114] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 57.015313][ T5116] input_register_handle+0x6d/0x3b0
[ 57.017706][ T5114] Call Trace:
[ 57.022698][ T5116] kbd_connect+0xbf/0x130
[ 57.030646][ T5114] <TASK>
[ 57.035634][ T5116] input_register_device+0xcfa/0x1090
[ 57.043581][ T5114] ? __die_body+0x88/0xe0
[ 57.049275][ T5116] acpi_button_add+0x6c6/0xb90
[ 57.052549][ T5114] ? page_fault_oops+0x8e4/0xcc0
[ 57.057372][ T5116] acpi_device_probe+0xa5/0x2b0
[ 57.060295][ T5114] ? __pfx_page_fault_oops+0x10/0x10
[ 57.066155][ T5116] really_probe+0x2b8/0xad0
[ 57.070460][ T5114] ? is_prefetch+0x4ed/0x780
[ 57.075712][ T5116] __driver_probe_device+0x1a2/0x390
[ 57.080627][ T5114] ? is_bpf_text_address+0x285/0x2a0
[ 57.085968][ T5116] driver_probe_device+0x50/0x430
[ 57.091222][ T5114] ? __pfx_is_prefetch+0x10/0x10
[ 57.096215][ T5116] __driver_attach+0x45f/0x710
[ 57.100775][ T5114] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 57.106549][ T5116] bus_for_each_dev+0x239/0x2b0
[ 57.111817][ T5114] ? __kernel_text_address+0xd/0x40
[ 57.117341][ T5116] bus_add_driver+0x346/0x670
[ 57.122258][ T5114] ? kernelmode_fixup_or_oops+0x20e/0x2b0
[ 57.127513][ T5116] driver_register+0x23a/0x320
[ 57.133639][ T5114] ? __bad_area_nosemaphore+0x127/0x780
[ 57.138978][ T5116] do_one_initcall+0x248/0x880
[ 57.144153][ T5114] ? __pfx___bad_area_nosemaphore+0x10/0x10
[ 57.149317][ T5116] do_initcall_level+0x157/0x210
[ 57.155008][ T5114] ? spurious_kernel_fault+0x11e/0x5d0
[ 57.160260][ T5116] do_initcalls+0x3f/0x80
[ 57.165779][ T5114] ? exc_page_fault+0x5d6/0x900
[ 57.171028][ T5116] kernel_init_freeable+0x435/0x5d0
[ 57.176895][ T5114] ? asm_exc_page_fault+0x26/0x30
[ 57.182325][ T5116] kernel_init+0x1d/0x2b0
[ 57.187757][ T5114] ? complete+0x9b/0x1c0
[ 57.192573][ T5116] ret_from_fork+0x4b/0x80
[ 57.197406][ T5114] uinput_destroy_device+0x129/0x8f0
[ 57.203088][ T5116] ret_from_fork_asm+0x1a/0x30
[ 57.208086][ T5114] uinput_release+0x3e/0x50
[ 57.212906][ T5116]
[ 57.212906][ T5116] -> #1 (
[ 57.217122][ T5114] ? __pfx_uinput_release+0x10/0x10
[ 57.222028][ T5116] input_mutex){+.+.}-{3:3}
[ 57.227280][ T5114] __fput+0x406/0x8b0
[ 57.232537][ T5116] :
[ 57.232544][ T5116] lock_acquire+0x1ed/0x550
[ 57.237019][ T5114] task_work_run+0x24f/0x310
[ 57.242096][ T5116] __mutex_lock+0x136/0xd70
[ 57.247272][ T5114] ? __pfx_task_work_run+0x10/0x10
[ 57.251653][ T5116] input_register_device+0xae5/0x1090
[ 57.255609][ T5114] ? switch_task_namespaces+0xe1/0x110
[ 57.257994][ T5116] uinput_create_device+0x40e/0x630
[ 57.262993][ T5114] do_exit+0xa1b/0x27e0
[ 57.267548][ T5116] uinput_ioctl_handler+0x48b/0x1770
[ 57.272544][ T5114] ? lock_release+0xbf/0x9f0
[ 57.277621][ T5116] __se_sys_ioctl+0xfc/0x170
[ 57.283496][ T5114] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 57.288937][ T5116] do_syscall_64+0xf5/0x240
[ 57.294633][ T5114] ? rcu_is_watching+0x15/0xb0
[ 57.298764][ T5116] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 57.304545][ T5114] ? __pfx_do_exit+0x10/0x10
[ 57.309105][ T5116]
[ 57.309105][ T5116] -> #0
[ 57.314185][ T5114] ? zap_other_threads+0x3b8/0x420
[ 57.319529][ T5116] (&newdev->mutex
[ 57.324526][ T5114] ? __pfx_lock_release+0x10/0x10
[ 57.329260][ T5116] ){+.+.}-{3:3}
[ 57.335643][ T5114] ? _raw_spin_lock_irq+0xdf/0x120
[ 57.340209][ T5116] :
[ 57.340220][ T5116] validate_chain+0x18cb/0x58e0
[ 57.345132][ T5114] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 57.350219][ T5116] __lock_acquire+0x1346/0x1fd0
[ 57.353918][ T5114] ? rcu_is_watching+0x15/0xb0
[ 57.358910][ T5116] lock_acquire+0x1ed/0x550
[ 57.362345][ T5114] do_group_exit+0x207/0x2c0
[ 57.367426][ T5116] __mutex_lock+0x136/0xd70
[ 57.369823][ T5114] __x64_sys_exit_group+0x3f/0x40
[ 57.375161][ T5116] uinput_request_submit+0x19c/0x740
[ 57.381460][ T5114] do_syscall_64+0xf5/0x240
[ 57.386801][ T5116] uinput_dev_upload_effect+0x199/0x240
[ 57.391541][ T5114] ? clear_bhb_loop+0x35/0x90
[ 57.396533][ T5116] input_ff_upload+0x5df/0xb00
[ 57.401096][ T5114] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 57.406089][ T5116] evdev_ioctl_handler+0x17d0/0x21b0
[ 57.411085][ T5114] RIP: 0033:0x7f73ddd35639
[ 57.416855][ T5116] __se_sys_ioctl+0xfc/0x170
[ 57.421330][ T5114] Code: Unable to access opcode bytes at 0x7f73ddd3560f.
[ 57.427361][ T5116] do_syscall_64+0xf5/0x240
[ 57.432010][ T5114] RSP: 002b:00007ffe23ce0898 EFLAGS: 00000246
[ 57.437261][ T5116] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 57.443128][ T5114] ORIG_RAX: 00000000000000e7
[ 57.448902][ T5116]
[ 57.448902][ T5116] other info that might help us debug this:
[ 57.448902][ T5116]
[ 57.453292][ T5114] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f73ddd35639
[ 57.458375][ T5116] Chain exists of:
[ 57.458375][ T5116] &newdev->mutex
[ 57.465363][ T5114] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
[ 57.470355][ T5116] --> &dev->mutex
[ 57.476389][ T5114] RBP: 00007f73dddb12d0 R08: ffffffffffffffb8 R09: 000000000000046f
[ 57.482771][ T5116] #2 -->
[ 57.487418][ T5114] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f73dddb12d0
[ 57.497624][ T5116] &ff->mutex
[ 57.497624][ T5116]
[ 57.505587][ T5114] R13: 0000000000000000 R14: 00007f73dddb2040 R15: 00007f73ddd03780
[ 57.512845][ T5116] Possible unsafe locking scenario:
[ 57.512845][ T5116]
[ 57.512853][ T5116] CPU0 CPU1
[ 57.520805][ T5114] </TASK>
[ 57.524485][ T5116] ---- ----
[ 57.524491][ T5116] lock(
[ 57.532429][ T5114] Modules linked in:
[ 57.535340][ T5116] &ff->mutex);
[ 57.543295][ T5114] CR2: fffffffffffffff8
[ 57.543311][ T5114] ---[ end trace 0000000000000000 ]---
[ 57.548650][ T5116] lock(&dev->mutex
[ 57.556598][ T5114] RIP: 0010:complete+0x9b/0x1c0
[ 57.564023][ T5116] #2);
[ 57.569366][ T5114] Code: df e8 39 fd 8b 00 4c 8b 23 49 39 dc 0f 84 e2 00 00 00 49 8d 7c 24 f8 48 89 f8 48 c1 e8 03 42 80 3c 30 00 74 05 e8 15 fd 8b 00 <49> 8b 7c 24 f8 be 03 00 00 00 31 d2 e8 04 e5 f6 ff 4c 89 e7 e8 3c
[ 57.572362][ T5116] lock(&ff->mutex
[ 57.577701][ T5114] RSP: 0018:ffffc9000355fb30 EFLAGS: 00010046
[ 57.580611][ T5116] );
[ 57.584477][ T5114]
[ 57.584483][ T5114] RAX: 1fffffffffffffff RBX: ffffc9000363faf8 RCX: 0000000000000001
[ 57.587824][ T5116] lock(&newdev->mutex
[ 57.591955][ T5114] RDX: dffffc0000000000 RSI: 0000000000000004 RDI: fffffffffffffff8
[ 57.597386][ T5116] );
[ 57.597392][ T5116]
[ 57.597392][ T5116] *** DEADLOCK ***
[ 57.597392][ T5116]
[ 57.603767][ T5114] RBP: 1ffff920006c7f56 R08: 0000000000000003 R09: fffff520006abf40
[ 57.608605][ T5116] 2 locks held by syz-executor109/5116:
[ 57.611258][ T5114] R10: dffffc0000000000 R11: fffff520006abf40 R12: 0000000000000000
[ 57.630831][ T5116] #0: ffff88801cac6110
[ 57.637129][ T5114] R13: 0000000000000246 R14: dffffc0000000000 R15: ffffc9000363fab8
[ 57.643169][ T5116] (&evdev->mutex
[ 57.645646][ T5114] FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
[ 57.647948][ T5116] ){+.+.}-{3:3}
[ 57.655891][ T5114] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 57.660015][ T5116] , at: evdev_ioctl_handler+0x125/0x21b0
[ 57.667959][ T5114] CR2: fffffffffffffff8 CR3: 000000000e132000 CR4: 00000000003506f0
[ 57.670436][ T5116] #1: ffff888015fb60b0
[ 57.678557][ T5114] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 57.686496][ T5116] (&ff->mutex
[ 57.692015][ T5114] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 57.699974][ T5116] ){+.+.}-{3:3}
[ 57.704111][ T5114] Kernel panic - not syncing: Fatal exception
[ 57.712518][ T5114] Kernel Offset: disabled
[ 57.786512][ T5114] Rebooting in 86400 seconds..