./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2887440502 <...> Warning: Permanently added '10.128.1.3' (ED25519) to the list of known hosts. execve("./syz-executor2887440502", ["./syz-executor2887440502"], 0x7ffcb5b36680 /* 10 vars */) = 0 brk(NULL) = 0x55558e4dd000 brk(0x55558e4ddd00) = 0x55558e4ddd00 arch_prctl(ARCH_SET_FS, 0x55558e4dd380) = 0 set_tid_address(0x55558e4dd650) = 5838 set_robust_list(0x55558e4dd660, 24) = 0 rseq(0x55558e4ddca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2887440502", 4096) = 28 getrandom("\xf1\xc1\x35\xc9\xba\x95\x8b\x31", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558e4ddd00 brk(0x55558e4fed00) = 0x55558e4fed00 brk(0x55558e4ff000) = 0x55558e4ff000 mprotect(0x7f3e0e9c5000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 executing program write(1, "executing program\n", 18) = 18 openat(AT_FDCWD, "/dev/uinput", O_RDONLY) = 3 ioctl(3, UI_DEV_SETUP, 0x200000000180) = 0 ioctl(3, UI_SET_FFBIT, 0x51) = 0 ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 openat(AT_FDCWD, "/dev/input/event4", O_RDONLY) = 4 [ 87.978012][ T5838] input: syz1 as /devices/virtual/input/input5 [ 88.004861][ T5838] [ 88.007219][ T5838] ====================================================== [ 88.014337][ T5838] WARNING: possible circular locking dependency detected [ 88.021398][ T5838] 6.16.0-rc7-syzkaller #0 Not tainted [ 88.026779][ T5838] ------------------------------------------------------ [ 88.033894][ T5838] syz-executor288/5838 is trying to acquire lock: [ 88.040317][ T5838] ffff888026a9c870 (&newdev->mutex){+.+.}-{4:4}, at: uinput_request_submit+0x188/0x6f0 [ 88.050052][ T5838] [ 88.050052][ T5838] but task is already holding lock: [ 88.057428][ T5838] ffff88814271b8b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x398/0xae0 [ 88.066249][ T5838] [ 88.066249][ T5838] which lock already depends on the new lock. [ 88.066249][ T5838] [ 88.076760][ T5838] [ 88.076760][ T5838] the existing dependency chain (in reverse order) is: [ 88.085786][ T5838] [ 88.085786][ T5838] -> #3 (&ff->mutex){+.+.}-{4:4}: [ 88.093026][ T5838] lock_acquire+0x120/0x360 [ 88.098067][ T5838] __mutex_lock+0x182/0xe80 [ 88.103117][ T5838] input_ff_flush+0x5e/0x140 [ 88.108247][ T5838] input_flush_device+0xa6/0xd0 [ 88.113661][ T5838] evdev_release+0xe1/0x800 [ 88.118803][ T5838] __fput+0x44c/0xa70 [ 88.123345][ T5838] fput_close_sync+0x119/0x200 [ 88.128711][ T5838] __x64_sys_close+0x7f/0x110 [ 88.133946][ T5838] do_syscall_64+0xfa/0x3b0 [ 88.138997][ T5838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.145434][ T5838] [ 88.145434][ T5838] -> #2 (&dev->mutex#2){+.+.}-{4:4}: [ 88.152946][ T5838] lock_acquire+0x120/0x360 [ 88.157996][ T5838] __mutex_lock+0x182/0xe80 [ 88.163045][ T5838] input_register_handle+0x18f/0x4c0 [ 88.168873][ T5838] kbd_connect+0xc3/0x140 [ 88.173748][ T5838] input_register_device+0xcee/0x10b0 [ 88.179650][ T5838] acpi_button_add+0x6b1/0xb50 [ 88.184942][ T5838] acpi_device_probe+0xa5/0x2d0 [ 88.190340][ T5838] really_probe+0x26a/0x9a0 [ 88.195361][ T5838] __driver_probe_device+0x18c/0x2f0 [ 88.201208][ T5838] driver_probe_device+0x4f/0x430 [ 88.206753][ T5838] __driver_attach+0x452/0x700 [ 88.212051][ T5838] bus_for_each_dev+0x230/0x2b0 [ 88.217602][ T5838] bus_add_driver+0x345/0x640 [ 88.222813][ T5838] driver_register+0x23a/0x320 [ 88.228099][ T5838] do_one_initcall+0x233/0x820 [ 88.233390][ T5838] do_initcall_level+0x137/0x1f0 [ 88.238954][ T5838] do_initcalls+0x69/0xd0 [ 88.243899][ T5838] kernel_init_freeable+0x3d9/0x570 [ 88.249622][ T5838] kernel_init+0x1d/0x1d0 [ 88.254497][ T5838] ret_from_fork+0x3fc/0x770 [ 88.259621][ T5838] ret_from_fork_asm+0x1a/0x30 [ 88.264920][ T5838] [ 88.264920][ T5838] -> #1 (input_mutex){+.+.}-{4:4}: [ 88.272311][ T5838] lock_acquire+0x120/0x360 [ 88.277340][ T5838] __mutex_lock+0x182/0xe80 [ 88.282373][ T5838] input_register_device+0xa74/0x10b0 [ 88.288276][ T5838] uinput_create_device+0x422/0x670 [ 88.294014][ T5838] uinput_ioctl_handler+0x3f0/0x1570 [ 88.299828][ T5838] __se_sys_ioctl+0xf9/0x170 [ 88.304957][ T5838] do_syscall_64+0xfa/0x3b0 [ 88.309989][ T5838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.316412][ T5838] [ 88.316412][ T5838] -> #0 (&newdev->mutex){+.+.}-{4:4}: [ 88.324174][ T5838] validate_chain+0xb9b/0x2140 [ 88.329466][ T5838] __lock_acquire+0xab9/0xd20 [ 88.334752][ T5838] lock_acquire+0x120/0x360 [ 88.339778][ T5838] __mutex_lock+0x182/0xe80 [ 88.344819][ T5838] uinput_request_submit+0x188/0x6f0 [ 88.350632][ T5838] uinput_dev_upload_effect+0x150/0x1e0 [ 88.356734][ T5838] input_ff_upload+0x5fc/0xae0 [ 88.362025][ T5838] evdev_ioctl_handler+0x1644/0x1f10 [ 88.367835][ T5838] __se_sys_ioctl+0xf9/0x170 [ 88.372968][ T5838] do_syscall_64+0xfa/0x3b0 [ 88.378005][ T5838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.384420][ T5838] [ 88.384420][ T5838] other info that might help us debug this: [ 88.384420][ T5838] [ 88.394654][ T5838] Chain exists of: [ 88.394654][ T5838] &newdev->mutex --> &dev->mutex#2 --> &ff->mutex [ 88.394654][ T5838] [ 88.407187][ T5838] Possible unsafe locking scenario: [ 88.407187][ T5838] [ 88.414667][ T5838] CPU0 CPU1 [ 88.420033][ T5838] ---- ---- [ 88.425423][ T5838] lock(&ff->mutex); [ 88.429415][ T5838] lock(&dev->mutex#2); [ 88.436192][ T5838] lock(&ff->mutex); [ 88.442705][ T5838] lock(&newdev->mutex); [ 88.447043][ T5838] [ 88.447043][ T5838] *** DEADLOCK *** [ 88.447043][ T5838] [ 88.455190][ T5838] 2 locks held by syz-executor288/5838: [ 88.460736][ T5838] #0: ffff888144b46118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_ioctl_handler+0x121/0x1f10 [ 88.470674][ T5838] #1: ffff88814271b8b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x398/0xae0 [ 88.479910][ T5838] [ 88.479910][ T5838] stack backtrace: [ 88.485816][ T5838] CPU: 0 UID: 0 PID: 5838 Comm: syz-executor288 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 88.485832][ T5838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 88.485846][ T5838] Call Trace: [ 88.485855][ T5838] [ 88.485861][ T5838] dump_stack_lvl+0x189/0x250 [ 88.485879][ T5838] ? __pfx_dump_stack_lvl+0x10/0x10 [ 88.485894][ T5838] ? __pfx__printk+0x10/0x10 [ 88.485911][ T5838] ? print_lock_name+0xde/0x100 [ 88.485928][ T5838] print_circular_bug+0x2ee/0x310 [ 88.485945][ T5838] check_noncircular+0x134/0x160 [ 88.485963][ T5838] validate_chain+0xb9b/0x2140 [ 88.485980][ T5838] ? stack_trace_save+0x9c/0xe0 [ 88.485996][ T5838] ? __pfx_stack_trace_save+0x10/0x10 [ 88.486012][ T5838] ? __pfx_hlock_conflict+0x10/0x10 [ 88.486030][ T5838] __lock_acquire+0xab9/0xd20 [ 88.486044][ T5838] ? uinput_request_submit+0x188/0x6f0 [ 88.486060][ T5838] lock_acquire+0x120/0x360 [ 88.486071][ T5838] ? uinput_request_submit+0x188/0x6f0 [ 88.486091][ T5838] __mutex_lock+0x182/0xe80 [ 88.486107][ T5838] ? uinput_request_submit+0x188/0x6f0 [ 88.486123][ T5838] ? __lock_acquire+0xab9/0xd20 [ 88.486135][ T5838] ? uinput_request_submit+0x188/0x6f0 [ 88.486152][ T5838] ? __pfx___mutex_lock+0x10/0x10 [ 88.486168][ T5838] ? do_raw_spin_unlock+0x122/0x240 [ 88.486186][ T5838] ? _raw_spin_unlock+0x28/0x50 [ 88.486206][ T5838] ? uinput_request_alloc_id+0x3cf/0x400 [ 88.486222][ T5838] uinput_request_submit+0x188/0x6f0 [ 88.486239][ T5838] ? __mutex_trylock_common+0x153/0x260 [ 88.486256][ T5838] ? __pfx_uinput_request_submit+0x10/0x10 [ 88.486273][ T5838] ? rcu_is_watching+0x15/0xb0 [ 88.486287][ T5838] ? trace_contention_end+0x39/0x120 [ 88.486303][ T5838] ? __mutex_lock+0x330/0xe80 [ 88.486318][ T5838] uinput_dev_upload_effect+0x150/0x1e0 [ 88.486335][ T5838] ? __pfx_uinput_dev_upload_effect+0x10/0x10 [ 88.486358][ T5838] input_ff_upload+0x5fc/0xae0 [ 88.486376][ T5838] evdev_ioctl_handler+0x1644/0x1f10 [ 88.486391][ T5838] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 88.486405][ T5838] ? __pfx_evdev_ioctl_handler+0x10/0x10 [ 88.486418][ T5838] ? __pfx_smack_log+0x10/0x10 [ 88.486436][ T5838] ? smk_access+0x14c/0x4e0 [ 88.486456][ T5838] ? smk_tskacc+0x2fc/0x370 [ 88.486475][ T5838] ? smack_file_ioctl+0x24a/0x340 [ 88.486487][ T5838] ? __pfx_smack_file_ioctl+0x10/0x10 [ 88.486500][ T5838] ? __pfx_ptrace_notify+0x10/0x10 [ 88.486516][ T5838] ? bpf_lsm_file_ioctl+0x9/0x20 [ 88.486531][ T5838] ? __pfx_evdev_ioctl+0x10/0x10 [ 88.486542][ T5838] __se_sys_ioctl+0xf9/0x170 [ 88.486563][ T5838] do_syscall_64+0xfa/0x3b0 [ 88.486577][ T5838] ? lockdep_hardirqs_on+0x9c/0x150 [ 88.486590][ T5838] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.486603][ T5838] ? clear_bhb_loop+0x60/0xb0 [ 88.486617][ T5838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.486630][ T5838] RIP: 0033:0x7f3e0e952229 [ 88.486645][ T5838] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 88.486656][ T5838] RSP: 002b:00007ffdadad4618 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 88.486669][ T5838] RAX: ffffffffffffffda RBX: 00007ffdadad47e8 RCX: 00007f3e0e952229 [ 88.486679][ T5838] RDX: 0000200000000300 RSI: 0000000040304580 RDI: 0000000000000004 [ 88.486688][ T5838] RBP: 00007f3e0e9c5610 R08: 0000000000000000 R09: 00007ffdadad47e8 [ 88.486696][ T5838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 88.486704][ T5838] R13: 00007ffdadad47d8 R14: 0000000000000001 R15: 0000000000000001 [ 88.486717][ T5838] [ 91.930771][ T1210] cfg80211: failed to load regulatory.db