./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2943645180

<...>
Warning: Permanently added '10.128.0.70' (ED25519) to the list of known hosts.
execve("./syz-executor2943645180", ["./syz-executor2943645180"], 0x7ffc6efc0a60 /* 10 vars */) = 0
brk(NULL)                               = 0x5555665b3000
brk(0x5555665b3d00)                     = 0x5555665b3d00
arch_prctl(ARCH_SET_FS, 0x5555665b3380) = 0
set_tid_address(0x5555665b3650)         = 5082
set_robust_list(0x5555665b3660, 24)     = 0
rseq(0x5555665b3ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2943645180", 4096) = 28
getrandom("\xe4\xd0\x79\x90\x55\xec\xe3\x39", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x5555665b3d00
brk(0x5555665d4d00)                     = 0x5555665d4d00
brk(0x5555665d5000)                     = 0x5555665d5000
mprotect(0x7f0d96dfc000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555665b3650) = 5083
./strace-static-x86_64: Process 5083 attached
[pid  5083] set_robust_list(0x5555665b3660, 24) = 0
[pid  5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5083] setpgid(0, 0)               = 0
[pid  5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5083] write(3, "1000", 4)         = 4
[pid  5083] close(3)                    = 0
[pid  5083] openat(AT_FDCWD, "/dev/uinput", O_RDONLY) = 3
[pid  5083] ioctl(3, UI_DEV_SETUP, 0x20000180) = 0
[pid  5083] ioctl(3, UI_SET_FFBIT, 0x51) = 0
[pid  5083] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid  5083] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY) = 4
[   61.793609][ T5083] input: syz1 as /devices/virtual/input/input5
[   61.827054][ T5083] 
[   61.829407][ T5083] ======================================================
[   61.836420][ T5083] WARNING: possible circular locking dependency detected
[   61.843427][ T5083] 6.9.0-rc6-syzkaller-00227-g3d25a941ea50 #0 Not tainted
[   61.850441][ T5083] ------------------------------------------------------
[   61.857456][ T5083] syz-executor294/5083 is trying to acquire lock:
[   61.863856][ T5083] ffff88802b5b8870 (&newdev->mutex){+.+.}-{3:3}, at: uinput_request_submit+0x19c/0x740
[   61.873533][ T5083] 
[   61.873533][ T5083] but task is already holding lock:
[   61.880883][ T5083] ffff88802b5bf8b0 (&ff->mutex){+.+.}-{3:3}, at: input_ff_upload+0x3e4/0xb00
[   61.889666][ T5083] 
[   61.889666][ T5083] which lock already depends on the new lock.
[   61.889666][ T5083] 
[   61.900338][ T5083] 
[   61.900338][ T5083] the existing dependency chain (in reverse order) is:
[   61.909430][ T5083] 
[   61.909430][ T5083] -> #3 (&ff->mutex){+.+.}-{3:3}:
[   61.916635][ T5083]        lock_acquire+0x1ed/0x550
[   61.921654][ T5083]        __mutex_lock+0x136/0xd70
[   61.926704][ T5083]        input_ff_flush+0x5e/0x140
[   61.931979][ T5083]        input_flush_device+0x9c/0xc0
[   61.937345][ T5083]        evdev_release+0xf9/0x7d0
[   61.942368][ T5083]        __fput+0x429/0x8a0
[   61.946870][ T5083]        __x64_sys_close+0x7f/0x110
[   61.952066][ T5083]        do_syscall_64+0xf5/0x240
[   61.957439][ T5083]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   61.963934][ T5083] 
[   61.963934][ T5083] -> #2 (&dev->mutex#2){+.+.}-{3:3}:
[   61.971525][ T5083]        lock_acquire+0x1ed/0x550
[   61.976639][ T5083]        __mutex_lock+0x136/0xd70
[   61.981743][ T5083]        input_register_handle+0x6d/0x3b0
[   61.987495][ T5083]        kbd_connect+0xbf/0x130
[   61.992345][ T5083]        input_register_device+0xcfa/0x1090
[   61.998705][ T5083]        acpi_button_add+0x6c6/0xb90
[   62.004159][ T5083]        acpi_device_probe+0xa5/0x2b0
[   62.009521][ T5083]        really_probe+0x2b8/0xad0
[   62.014629][ T5083]        __driver_probe_device+0x1a2/0x390
[   62.020428][ T5083]        driver_probe_device+0x50/0x430
[   62.025973][ T5083]        __driver_attach+0x45f/0x710
[   62.031255][ T5083]        bus_for_each_dev+0x239/0x2b0
[   62.036746][ T5083]        bus_add_driver+0x347/0x620
[   62.041954][ T5083]        driver_register+0x23a/0x320
[   62.047249][ T5083]        do_one_initcall+0x248/0x880
[   62.052681][ T5083]        do_initcall_level+0x157/0x210
[   62.058143][ T5083]        do_initcalls+0x3f/0x80
[   62.062985][ T5083]        kernel_init_freeable+0x435/0x5d0
[   62.068696][ T5083]        kernel_init+0x1d/0x2b0
[   62.073544][ T5083]        ret_from_fork+0x4b/0x80
[   62.078476][ T5083]        ret_from_fork_asm+0x1a/0x30
[   62.083767][ T5083] 
[   62.083767][ T5083] -> #1 (input_mutex){+.+.}-{3:3}:
[   62.091060][ T5083]        lock_acquire+0x1ed/0x550
[   62.096164][ T5083]        __mutex_lock+0x136/0xd70
[   62.101181][ T5083]        input_register_device+0xae5/0x1090
[   62.107090][ T5083]        uinput_create_device+0x40e/0x630
[   62.112929][ T5083]        uinput_ioctl_handler+0x48b/0x1770
[   62.118729][ T5083]        __se_sys_ioctl+0xfc/0x170
[   62.123840][ T5083]        do_syscall_64+0xf5/0x240
[   62.128859][ T5083]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   62.135266][ T5083] 
[   62.135266][ T5083] -> #0 (&newdev->mutex){+.+.}-{3:3}:
[   62.142822][ T5083]        validate_chain+0x18cb/0x58e0
[   62.148186][ T5083]        __lock_acquire+0x1346/0x1fd0
[   62.153582][ T5083]        lock_acquire+0x1ed/0x550
[   62.158695][ T5083]        __mutex_lock+0x136/0xd70
[   62.163709][ T5083]        uinput_request_submit+0x19c/0x740
[   62.169518][ T5083]        uinput_dev_upload_effect+0x199/0x240
[   62.175643][ T5083]        input_ff_upload+0x5df/0xb00
[   62.181008][ T5083]        evdev_ioctl_handler+0x17d0/0x21b0
[   62.186894][ T5083]        __se_sys_ioctl+0xfc/0x170
[   62.192009][ T5083]        do_syscall_64+0xf5/0x240
[   62.197028][ T5083]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   62.203612][ T5083] 
[   62.203612][ T5083] other info that might help us debug this:
[   62.203612][ T5083] 
[   62.214264][ T5083] Chain exists of:
[   62.214264][ T5083]   &newdev->mutex --> &dev->mutex#2 --> &ff->mutex
[   62.214264][ T5083] 
[   62.226602][ T5083]  Possible unsafe locking scenario:
[   62.226602][ T5083] 
[   62.234047][ T5083]        CPU0                    CPU1
[   62.239414][ T5083]        ----                    ----
[   62.244858][ T5083]   lock(&ff->mutex);
[   62.249529][ T5083]                                lock(&dev->mutex#2);
[   62.256299][ T5083]                                lock(&ff->mutex);
[   62.262793][ T5083]   lock(&newdev->mutex);
[   62.267119][ T5083] 
[   62.267119][ T5083]  *** DEADLOCK ***
[   62.267119][ T5083] 
[   62.275363][ T5083] 2 locks held by syz-executor294/5083:
[   62.280931][ T5083]  #0: ffff88801c2b8110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_ioctl_handler+0x125/0x21b0
[   62.290865][ T5083]  #1: ffff88802b5bf8b0 (&ff->mutex){+.+.}-{3:3}, at: input_ff_upload+0x3e4/0xb00
[   62.300179][ T5083] 
[   62.300179][ T5083] stack backtrace:
[   62.306052][ T5083] CPU: 1 PID: 5083 Comm: syz-executor294 Not tainted 6.9.0-rc6-syzkaller-00227-g3d25a941ea50 #0
[   62.316456][ T5083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   62.326604][ T5083] Call Trace:
[   62.329878][ T5083]  <TASK>
[   62.332802][ T5083]  dump_stack_lvl+0x241/0x360
[   62.337485][ T5083]  ? __pfx_dump_stack_lvl+0x10/0x10
[   62.342683][ T5083]  ? print_circular_bug+0x130/0x1a0
[   62.347885][ T5083]  check_noncircular+0x36a/0x4a0
[   62.352820][ T5083]  ? __pfx_check_noncircular+0x10/0x10
[   62.358281][ T5083]  ? lockdep_lock+0x123/0x2b0
[   62.363060][ T5083]  ? stack_trace_save+0x118/0x1d0
[   62.368108][ T5083]  ? __pfx_stack_trace_save+0x10/0x10
[   62.373484][ T5083]  ? _find_first_zero_bit+0xd4/0x100
[   62.378855][ T5083]  validate_chain+0x18cb/0x58e0
[   62.383713][ T5083]  ? validate_chain+0x15a2/0x58e0
[   62.388738][ T5083]  ? __pfx_validate_chain+0x10/0x10
[   62.393938][ T5083]  ? __pfx_validate_chain+0x10/0x10
[   62.399135][ T5083]  ? stack_trace_save+0x118/0x1d0
[   62.404269][ T5083]  ? __pfx_stack_trace_save+0x10/0x10
[   62.409637][ T5083]  ? mark_lock+0x9a/0x350
[   62.413960][ T5083]  __lock_acquire+0x1346/0x1fd0
[   62.418823][ T5083]  lock_acquire+0x1ed/0x550
[   62.423319][ T5083]  ? uinput_request_submit+0x19c/0x740
[   62.428777][ T5083]  ? __pfx_lock_acquire+0x10/0x10
[   62.433791][ T5083]  ? __pfx___might_resched+0x10/0x10
[   62.439078][ T5083]  __mutex_lock+0x136/0xd70
[   62.443583][ T5083]  ? uinput_request_submit+0x19c/0x740
[   62.449038][ T5083]  ? uinput_request_alloc_id+0x3c5/0x3f0
[   62.454678][ T5083]  ? do_raw_spin_lock+0x14f/0x370
[   62.459753][ T5083]  ? __pfx_lock_release+0x10/0x10
[   62.465290][ T5083]  ? uinput_request_submit+0x19c/0x740
[   62.470752][ T5083]  ? __pfx___mutex_lock+0x10/0x10
[   62.475773][ T5083]  ? _raw_spin_unlock+0x28/0x50
[   62.480621][ T5083]  ? uinput_request_alloc_id+0x3c5/0x3f0
[   62.486250][ T5083]  uinput_request_submit+0x19c/0x740
[   62.491559][ T5083]  ? __pfx_uinput_request_submit+0x10/0x10
[   62.497381][ T5083]  ? __pfx___mutex_trylock_common+0x10/0x10
[   62.503302][ T5083]  ? rcu_is_watching+0x15/0xb0
[   62.508866][ T5083]  uinput_dev_upload_effect+0x199/0x240
[   62.514424][ T5083]  ? __pfx_uinput_dev_upload_effect+0x10/0x10
[   62.520495][ T5083]  input_ff_upload+0x5df/0xb00
[   62.525273][ T5083]  evdev_ioctl_handler+0x17d0/0x21b0
[   62.530642][ T5083]  ? tomoyo_path_number_perm+0x208/0x880
[   62.536274][ T5083]  ? __pfx_evdev_ioctl_handler+0x10/0x10
[   62.541912][ T5083]  ? __pfx_ptrace_notify+0x10/0x10
[   62.547028][ T5083]  ? bpf_lsm_file_ioctl+0x9/0x10
[   62.551967][ T5083]  ? security_file_ioctl+0x87/0xb0
[   62.557261][ T5083]  ? __pfx_evdev_ioctl+0x10/0x10
[   62.562376][ T5083]  __se_sys_ioctl+0xfc/0x170
[   62.567066][ T5083]  do_syscall_64+0xf5/0x240
[   62.571653][ T5083]  ? clear_bhb_loop+0x35/0x90
[   62.576356][ T5083]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   62.582617][ T5083] RIP: 0033:0x7f0d96d89979
[   62.587031][ T5083] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   62.606812][ T5083] RSP: 002b:00007ffe08145cb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   62.615324][ T5083] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0d96d89979
[   62.623377][ T5083] RDX: 0000000020000300 RSI: 0000000040304580 RDI: 0000000000000004
[   62.631341][ T5083] RBP: 00007f0d96dfc5f0 R08: 0000000000000006 R09: 0000000000000006
[   62.639306][ T5083] R10: 000000000000001f R11: 0000000000000246 R12: 0000000000000001
[   62.647358][ T5083] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
[   62.655331][ T5083]  </TASK>
[pid  5083] ioctl(4, EVIOCSFF, {type=FF_RUMBLE, id=-1, direction=0, ...} <unfinished ...>
[pid  5082] kill(-5083, SIGKILL)        = 0
[pid  5082] kill(5083, SIGKILL)         = 0
[pid  5082] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5082] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0
[pid  5082] getdents64(3, 0x5555665b46f0 /* 2 entries */, 32768) = 48
[pid  5082] getdents64(3, 0x5555665b46f0 /* 0 entries */, 32768) = 0
[pid  5082] close(3)                    = 0