syzbot |
sign-in | mailing list | source | docs |
| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| linux-6.1 | possible deadlock in uinput_request_submit origin:upstream | C | error | 2 | 84d | 200d | 0/3 | upstream: reported C repro on 2024/05/05 13:52 | |
| upstream | possible deadlock in uinput_request_submit input | C | error | 21 | 4d08h | 209d | 0/28 | upstream: reported C repro on 2024/04/26 04:42 | |
| linux-5.15 | possible deadlock in uinput_request_submit origin:upstream | C | 2 | 3d07h | 200d | 0/3 | upstream: reported C repro on 2024/05/05 13:53 |
input: syz0 as /devices/virtual/input/input49
input: syz0 as /devices/virtual/input/input50
input: syz0 as /devices/virtual/input/input51
input: syz0 as /devices/virtual/input/input52
======================================================
[ INFO: possible circular locking dependency detected ]
4.9.141+ #23 Not tainted
-------------------------------------------------------
syz-executor116/2216 is trying to acquire lock:
(&newdev->mutex){+.+.+.}, at: [<ffffffff8207f2e9>] uinput_request_send drivers/input/misc/uinput.c:116 [inline]
(&newdev->mutex){+.+.+.}, at: [<ffffffff8207f2e9>] uinput_request_submit.part.2+0x29/0x200 drivers/input/misc/uinput.c:147
but task is already holding lock:
(&ff->mutex){+.+...}, at: [<ffffffff8204aefa>] input_ff_upload+0x10a/0xa00 drivers/input/ff-core.c:135
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
__mutex_lock_common kernel/locking/mutex.c:521 [inline]
mutex_lock_nested+0xc0/0x900 kernel/locking/mutex.c:621
input_ff_upload+0x10a/0xa00 drivers/input/ff-core.c:135
evdev_do_ioctl drivers/input/evdev.c:1213 [inline]
evdev_ioctl_handler+0xe62/0x1820 drivers/input/evdev.c:1302
evdev_ioctl_compat+0x29/0x30 drivers/input/evdev.c:1318
C_SYSC_ioctl fs/compat_ioctl.c:1602 [inline]
compat_SyS_ioctl+0x12d/0x1fd0 fs/compat_ioctl.c:1549
do_syscall_32_irqs_on arch/x86/entry/common.c:328 [inline]
do_fast_syscall_32+0x2f1/0xa10 arch/x86/entry/common.c:390
entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137
lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
__mutex_lock_common kernel/locking/mutex.c:521 [inline]
mutex_lock_nested+0xc0/0x900 kernel/locking/mutex.c:621
evdev_mark_dead drivers/input/evdev.c:1345 [inline]
evdev_cleanup+0x26/0x1a0 drivers/input/evdev.c:1354
evdev_disconnect+0x43/0xa0 drivers/input/evdev.c:1446
__input_unregister_device+0x1ec/0x490 drivers/input/input.c:2023
input_unregister_device+0xa6/0xf0 drivers/input/input.c:2197
uinput_destroy_device+0x1cf/0x220 drivers/input/misc/uinput.c:246
uinput_release+0x3a/0x50 drivers/input/misc/uinput.c:658
__fput+0x263/0x700 fs/file_table.c:208
____fput+0x15/0x20 fs/file_table.c:244
task_work_run+0x10c/0x180 kernel/task_work.c:116
exit_task_work include/linux/task_work.h:21 [inline]
do_exit+0x78d/0x2a50 kernel/exit.c:833
do_group_exit+0x111/0x300 kernel/exit.c:937
SYSC_exit_group kernel/exit.c:948 [inline]
SyS_exit_group+0x1d/0x20 kernel/exit.c:946
do_syscall_32_irqs_on arch/x86/entry/common.c:328 [inline]
do_fast_syscall_32+0x2f1/0xa10 arch/x86/entry/common.c:390
entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137
lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
__mutex_lock_common kernel/locking/mutex.c:521 [inline]
mutex_lock_interruptible_nested+0xcc/0x9c0 kernel/locking/mutex.c:650
input_register_device.cold.13+0x39/0x204 drivers/input/input.c:2146
uinput_create_device drivers/input/misc/uinput.c:302 [inline]
uinput_ioctl_handler.isra.4+0x84a/0x1980 drivers/input/misc/uinput.c:817
uinput_compat_ioctl+0x5f/0x80 drivers/input/misc/uinput.c:1001
C_SYSC_ioctl fs/compat_ioctl.c:1602 [inline]
compat_SyS_ioctl+0x12d/0x1fd0 fs/compat_ioctl.c:1549
do_syscall_32_irqs_on arch/x86/entry/common.c:328 [inline]
do_fast_syscall_32+0x2f1/0xa10 arch/x86/entry/common.c:390
entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137
check_prev_add kernel/locking/lockdep.c:1828 [inline]
check_prevs_add kernel/locking/lockdep.c:1938 [inline]
validate_chain kernel/locking/lockdep.c:2265 [inline]
__lock_acquire+0x3189/0x4a10 kernel/locking/lockdep.c:3345
lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
__mutex_lock_common kernel/locking/mutex.c:521 [inline]
mutex_lock_interruptible_nested+0xcc/0x9c0 kernel/locking/mutex.c:650
uinput_request_send drivers/input/misc/uinput.c:116 [inline]
uinput_request_submit.part.2+0x29/0x200 drivers/input/misc/uinput.c:147
uinput_request_submit drivers/input/misc/uinput.c:144 [inline]
uinput_dev_upload_effect+0x14a/0x1c0 drivers/input/misc/uinput.c:216
input_ff_upload+0x528/0xa00 drivers/input/ff-core.c:165
evdev_do_ioctl drivers/input/evdev.c:1213 [inline]
evdev_ioctl_handler+0xe62/0x1820 drivers/input/evdev.c:1302
evdev_ioctl_compat+0x29/0x30 drivers/input/evdev.c:1318
C_SYSC_ioctl fs/compat_ioctl.c:1602 [inline]
compat_SyS_ioctl+0x12d/0x1fd0 fs/compat_ioctl.c:1549
do_syscall_32_irqs_on arch/x86/entry/common.c:328 [inline]
do_fast_syscall_32+0x2f1/0xa10 arch/x86/entry/common.c:390
entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137
other info that might help us debug this:
Chain exists of:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&ff->mutex);
lock(&evdev->mutex);
lock(&ff->mutex);
lock(&newdev->mutex);
*** DEADLOCK ***
2 locks held by syz-executor116/2216:
#0: (&evdev->mutex){+.+...}, at: [<ffffffff820577f2>] evdev_ioctl_handler+0x112/0x1820 drivers/input/evdev.c:1293
#1: (&ff->mutex){+.+...}, at: [<ffffffff8204aefa>] input_ff_upload+0x10a/0xa00 drivers/input/ff-core.c:135
stack backtrace:
CPU: 1 PID: 2216 Comm: syz-executor116 Not tainted 4.9.141+ #23
ffff8801c9dc7778 ffffffff81b42e79 ffffffff83cc2500 ffffffff83cc4bd0
ffffffff83cc10c0 ffff8801c9b120b8 ffff8801c9b117c0 ffff8801c9dc77c0
ffffffff813fee40 0000000000000002 00000000c9b12098 0000000000000002
Call Trace:
[<ffffffff81b42e79>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81b42e79>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff813fee40>] print_circular_bug.cold.36+0x2f7/0x432 kernel/locking/lockdep.c:1202
[<ffffffff8120a539>] check_prev_add kernel/locking/lockdep.c:1828 [inline]
[<ffffffff8120a539>] check_prevs_add kernel/locking/lockdep.c:1938 [inline]
[<ffffffff8120a539>] validate_chain kernel/locking/lockdep.c:2265 [inline]
[<ffffffff8120a539>] __lock_acquire+0x3189/0x4a10 kernel/locking/lockdep.c:3345
[<ffffffff8120c8d0>] lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
[<ffffffff8280ce4c>] __mutex_lock_common kernel/locking/mutex.c:521 [inline]
[<ffffffff8280ce4c>] mutex_lock_interruptible_nested+0xcc/0x9c0 kernel/locking/mutex.c:650
[<ffffffff8207f2e9>] uinput_request_send drivers/input/misc/uinput.c:116 [inline]
[<ffffffff8207f2e9>] uinput_request_submit.part.2+0x29/0x200 drivers/input/misc/uinput.c:147
[<ffffffff8208237a>] uinput_request_submit drivers/input/misc/uinput.c:144 [inline]
[<ffffffff8208237a>] uinput_dev_upload_effect+0x14a/0x1c0 drivers/input/misc/uinput.c:216
[<ffffffff8204b318>] input_ff_upload+0x528/0xa00 drivers/input/ff-core.c:165
[<ffffffff82058542>] evdev_do_ioctl drivers/input/evdev.c:1213 [inline]
[<ffffffff82058542>] evdev_ioctl_handler+0xe62/0x1820 drivers/input/evdev.c:1302
[<ffffffff82058f29>] evdev_ioctl_compat+0x29/0x30 drivers/input/evdev.c:1318
[<ffffffff81619c8d>] C_SYSC_ioctl fs/compat_ioctl.c:1602 [inline]
[<ffffffff81619c8d>] compat_SyS_ioctl+0x12d/0x1fd0 fs/compat_ioctl.c:1549
[<ffffffff81006311>] do_syscall_32_irqs_on arch/x86/entry/common.c:328 [inline]
[<ffffffff81006311>] do_fast_syscall_32+0x2f1/0xa10 arch/x86/entry/common.c:390
[<ffffffff82818de0>] entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2019/05/24 14:58 | https://android.googlesource.com/kernel/common android-4.9 | 8fe428403e30 | 0dadcd9d | .config | console log | report | syz | C | ci-android-49-kasan-gce-386 | |||
| 2019/08/01 22:49 | https://android.googlesource.com/kernel/common android-4.9 | 8fe428403e30 | 835dffe7 | .config | console log | report | ci-android-49-kasan-gce-386 | |||||
| 2019/06/23 20:52 | https://android.googlesource.com/kernel/common android-4.9 | 8fe428403e30 | 472f0082 | .config | console log | report | ci-android-49-kasan-gce-386 | |||||
| 2019/05/24 12:38 | https://android.googlesource.com/kernel/common android-4.9 | 8fe428403e30 | 0dadcd9d | .config | console log | report | ci-android-49-kasan-gce-386 | |||||
| 2019/02/09 20:59 | https://android.googlesource.com/kernel/common android-4.9 | 8fe428403e30 | d75f7686 | .config | console log | report | ci-android-49-kasan-gce-386 |