./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor212116277

<...>
Warning: Permanently added '10.128.0.167' (ED25519) to the list of known hosts.
execve("./syz-executor212116277", ["./syz-executor212116277"], 0x7fff374b2a40 /* 10 vars */) = 0
brk(NULL)                               = 0x5555578c7000
brk(0x5555578c7d00)                     = 0x5555578c7d00
arch_prctl(ARCH_SET_FS, 0x5555578c7380) = 0
set_tid_address(0x5555578c7650)         = 5838
set_robust_list(0x5555578c7660, 24)     = 0
rseq(0x5555578c7ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor212116277", 4096) = 27
getrandom("\xf9\x78\xec\x56\x44\xb0\x40\xbb", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x5555578c7d00
brk(0x5555578e8d00)                     = 0x5555578e8d00
brk(0x5555578e9000)                     = 0x5555578e9000
mprotect(0x7f2c7d51d000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5839 attached
, child_tidptr=0x5555578c7650) = 5839
[pid  5839] set_robust_list(0x5555578c7660, 24) = 0
[pid  5839] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5839] getppid()                   = 0
[pid  5839] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5839] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5839] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5839] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5839] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5839] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5839] unshare(CLONE_NEWNS)        = 0
[pid  5839] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5839] unshare(CLONE_NEWIPC)       = 0
[   89.265942][   T30] audit: type=1400 audit(1753558457.924:63): avc:  denied  { execmem } for  pid=5838 comm="syz-executor212" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[pid  5839] unshare(CLONE_NEWCGROUP)    = 0
[pid  5839] unshare(CLONE_NEWUTS)       = 0
[   89.295684][   T30] audit: type=1400 audit(1753558457.954:64): avc:  denied  { mounton } for  pid=5839 comm="syz-executor212" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[pid  5839] unshare(CLONE_SYSVSEM)      = 0
[pid  5839] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5839] write(3, "16777216", 8)     = 8
[pid  5839] close(3)                    = 0
[pid  5839] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5839] write(3, "536870912", 9)    = 9
[pid  5839] close(3)                    = 0
[pid  5839] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5839] write(3, "1024", 4)         = 4
[pid  5839] close(3)                    = 0
[pid  5839] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5839] write(3, "8192", 4)         = 4
[pid  5839] close(3)                    = 0
[pid  5839] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5839] write(3, "1024", 4)         = 4
[pid  5839] close(3)                    = 0
[pid  5839] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5839] write(3, "1024", 4)         = 4
[pid  5839] close(3)                    = 0
[pid  5839] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5839] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5839] close(3)                    = 0
[pid  5839] getpid()                    = 1
[pid  5839] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5839] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5839] unshare(CLONE_NEWNET)       = 0
[pid  5839] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5839] write(3, "0 65535", 7)      = 7
[pid  5839] close(3)                    = 0
[pid  5839] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid  5839] write(3, "100000", 6)       = 6
[pid  5839] close(3)                    = 0
[pid  5839] mkdir("./syz-tmp", 0777)    = 0
[pid  5839] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid  5839] mkdir("./syz-tmp/newroot", 0777) = 0
[pid  5839] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[pid  5839] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[   89.649768][   T30] audit: type=1400 audit(1753558458.304:65): avc:  denied  { mounton } for  pid=5839 comm="syz-executor212" path="/root/syz-tmp" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   89.673139][   T30] audit: type=1400 audit(1753558458.314:66): avc:  denied  { mount } for  pid=5839 comm="syz-executor212" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[pid  5839] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid  5839] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[pid  5839] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid  5839] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5839] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5839] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid  5839] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5839] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[   89.695611][   T30] audit: type=1400 audit(1753558458.344:67): avc:  denied  { mounton } for  pid=5839 comm="syz-executor212" path="/root/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   89.722044][   T30] audit: type=1400 audit(1753558458.384:68): avc:  denied  { mount } for  pid=5839 comm="syz-executor212" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[pid  5839] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5839] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5839] mkdir("./syz-tmp/newroot/syz-inputs", 0700) = 0
[   89.777240][   T30] audit: type=1400 audit(1753558458.434:69): avc:  denied  { mounton } for  pid=5839 comm="syz-executor212" path="/root/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[pid  5839] mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5839] mkdir("./syz-tmp/pivot", 0777) = 0
[pid  5839] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[pid  5839] chdir("/")                  = 0
[   89.809675][   T30] audit: type=1400 audit(1753558458.474:70): avc:  denied  { mounton } for  pid=5839 comm="syz-executor212" path="/root/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3906 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[pid  5839] umount2("./pivot", MNT_DETACH) = 0
[pid  5839] chroot("./newroot")         = 0
[pid  5839] chdir("/")                  = 0
[pid  5839] mkdir("/dev/gadgetfs", 0777) = 0
[pid  5839] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL) = 0
[   89.864660][   T30] audit: type=1400 audit(1753558458.534:71): avc:  denied  { unmount } for  pid=5839 comm="syz-executor212" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[pid  5839] mkdir("/dev/binderfs", 0777) = 0
[pid  5839] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5839] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5839] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5839] write(1, "executing program\n", 18executing program
) = 18
[   89.927140][   T30] audit: type=1400 audit(1753558458.584:72): avc:  denied  { mounton } for  pid=5839 comm="syz-executor212" path="/dev/gadgetfs" dev="devtmpfs" ino=2787 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[pid  5839] openat(AT_FDCWD, "/dev/uinput", O_RDONLY) = 3
[pid  5839] ioctl(3, UI_DEV_SETUP, 0x200000000180) = 0
[pid  5839] ioctl(3, UI_SET_FFBIT, 0x51) = 0
[pid  5839] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid  5839] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY) = 4
[   90.027778][ T5839] input: syz1 as /devices/virtual/input/input5
[   90.040522][ T5839] 
[   90.042869][ T5839] ======================================================
[   90.049955][ T5839] WARNING: possible circular locking dependency detected
[   90.056948][ T5839] 6.16.0-rc7-syzkaller-00120-g5f33ebd2018c #0 Not tainted
[   90.064022][ T5839] ------------------------------------------------------
[   90.071019][ T5839] syz-executor212/5839 is trying to acquire lock:
[   90.077396][ T5839] ffff8880250ef070 (&newdev->mutex){+.+.}-{4:4}, at: uinput_request_submit.part.0+0x25/0x2e0
[   90.087554][ T5839] 
[   90.087554][ T5839] but task is already holding lock:
[   90.094889][ T5839] ffff8880250ee8b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x1dd/0xc10
[   90.103636][ T5839] 
[   90.103636][ T5839] which lock already depends on the new lock.
[   90.103636][ T5839] 
[   90.114007][ T5839] 
[   90.114007][ T5839] the existing dependency chain (in reverse order) is:
[   90.122995][ T5839] 
[   90.122995][ T5839] -> #3 (&ff->mutex){+.+.}-{4:4}:
[   90.130171][ T5839]        __mutex_lock+0x199/0xb90
[   90.135165][ T5839]        input_ff_flush+0x63/0x180
[   90.140247][ T5839]        uinput_dev_flush+0x2a/0x40
[   90.145414][ T5839]        input_flush_device+0xa1/0x110
[   90.150847][ T5839]        evdev_release+0x344/0x420
[   90.155937][ T5839]        __fput+0x3ff/0xb70
[   90.160411][ T5839]        fput_close_sync+0x118/0x260
[   90.165664][ T5839]        __x64_sys_close+0x8b/0x120
[   90.170838][ T5839]        do_syscall_64+0xcd/0x4c0
[   90.175832][ T5839]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.182214][ T5839] 
[   90.182214][ T5839] -> #2 (&dev->mutex#2){+.+.}-{4:4}:
[   90.189654][ T5839]        __mutex_lock+0x199/0xb90
[   90.194645][ T5839]        input_register_handle+0xdc/0x620
[   90.200337][ T5839]        kbd_connect+0xca/0x160
[   90.205168][ T5839]        input_attach_handler.isra.0+0x184/0x260
[   90.211467][ T5839]        input_register_device+0xa84/0x1130
[   90.217332][ T5839]        acpi_button_add+0x582/0xb70
[   90.222585][ T5839]        acpi_device_probe+0xc6/0x330
[   90.227929][ T5839]        really_probe+0x23e/0xa90
[   90.232924][ T5839]        __driver_probe_device+0x1de/0x440
[   90.238698][ T5839]        driver_probe_device+0x4c/0x1b0
[   90.244213][ T5839]        __driver_attach+0x283/0x580
[   90.249473][ T5839]        bus_for_each_dev+0x13e/0x1d0
[   90.254824][ T5839]        bus_add_driver+0x2e9/0x690
[   90.259996][ T5839]        driver_register+0x15c/0x4b0
[   90.265250][ T5839]        __acpi_bus_register_driver+0xdf/0x130
[   90.271377][ T5839]        acpi_button_driver_init+0x82/0x110
[   90.277247][ T5839]        do_one_initcall+0x120/0x6e0
[   90.282508][ T5839]        kernel_init_freeable+0x5c2/0x900
[   90.288195][ T5839]        kernel_init+0x1c/0x2b0
[   90.293024][ T5839]        ret_from_fork+0x5d4/0x6f0
[   90.298122][ T5839]        ret_from_fork_asm+0x1a/0x30
[   90.303379][ T5839] 
[   90.303379][ T5839] -> #1 (input_mutex){+.+.}-{4:4}:
[   90.310639][ T5839]        __mutex_lock+0x199/0xb90
[   90.315630][ T5839]        input_register_device+0x98a/0x1130
[   90.321506][ T5839]        uinput_ioctl_handler.isra.0+0x1357/0x1df0
[   90.327985][ T5839]        __x64_sys_ioctl+0x18e/0x210
[   90.333240][ T5839]        do_syscall_64+0xcd/0x4c0
[   90.338233][ T5839]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.344618][ T5839] 
[   90.344618][ T5839] -> #0 (&newdev->mutex){+.+.}-{4:4}:
[   90.352145][ T5839]        __lock_acquire+0x126f/0x1c90
[   90.357494][ T5839]        lock_acquire+0x179/0x350
[   90.362486][ T5839]        __mutex_lock+0x199/0xb90
[   90.367478][ T5839]        uinput_request_submit.part.0+0x25/0x2e0
[   90.373776][ T5839]        uinput_dev_upload_effect+0x174/0x1f0
[   90.379813][ T5839]        input_ff_upload+0x568/0xc10
[   90.385066][ T5839]        evdev_do_ioctl+0xf40/0x1b30
[   90.390325][ T5839]        evdev_ioctl+0x16f/0x1a0
[   90.395237][ T5839]        __x64_sys_ioctl+0x18e/0x210
[   90.400494][ T5839]        do_syscall_64+0xcd/0x4c0
[   90.405487][ T5839]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.411872][ T5839] 
[   90.411872][ T5839] other info that might help us debug this:
[   90.411872][ T5839] 
[   90.422068][ T5839] Chain exists of:
[   90.422068][ T5839]   &newdev->mutex --> &dev->mutex#2 --> &ff->mutex
[   90.422068][ T5839] 
[   90.434374][ T5839]  Possible unsafe locking scenario:
[   90.434374][ T5839] 
[   90.441793][ T5839]        CPU0                    CPU1
[   90.447128][ T5839]        ----                    ----
[   90.452462][ T5839]   lock(&ff->mutex);
[   90.456413][ T5839]                                lock(&dev->mutex#2);
[   90.463146][ T5839]                                lock(&ff->mutex);
[   90.469625][ T5839]   lock(&newdev->mutex);
[   90.473923][ T5839] 
[   90.473923][ T5839]  *** DEADLOCK ***
[   90.473923][ T5839] 
[   90.482035][ T5839] 2 locks held by syz-executor212/5839:
[   90.487556][ T5839]  #0: ffff888034196118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_ioctl+0x7f/0x1a0
[   90.496583][ T5839]  #1: ffff8880250ee8b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x1dd/0xc10
[   90.505765][ T5839] 
[   90.505765][ T5839] stack backtrace:
[   90.511626][ T5839] CPU: 0 UID: 0 PID: 5839 Comm: syz-executor212 Not tainted 6.16.0-rc7-syzkaller-00120-g5f33ebd2018c #0 PREEMPT(full) 
[   90.511639][ T5839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   90.511645][ T5839] Call Trace:
[   90.511649][ T5839]  <TASK>
[   90.511653][ T5839]  dump_stack_lvl+0x116/0x1f0
[   90.511670][ T5839]  print_circular_bug+0x275/0x350
[   90.511685][ T5839]  check_noncircular+0x14c/0x170
[   90.511701][ T5839]  __lock_acquire+0x126f/0x1c90
[   90.511712][ T5839]  lock_acquire+0x179/0x350
[   90.511720][ T5839]  ? uinput_request_submit.part.0+0x25/0x2e0
[   90.511731][ T5839]  ? __pfx___might_resched+0x10/0x10
[   90.511745][ T5839]  __mutex_lock+0x199/0xb90
[   90.511754][ T5839]  ? uinput_request_submit.part.0+0x25/0x2e0
[   90.511765][ T5839]  ? uinput_request_reserve_slot+0x3ca/0x4d0
[   90.511775][ T5839]  ? uinput_request_submit.part.0+0x25/0x2e0
[   90.511786][ T5839]  ? __pfx___mutex_lock+0x10/0x10
[   90.511795][ T5839]  ? _raw_spin_unlock+0x28/0x50
[   90.511809][ T5839]  ? __mutex_trylock_common+0xe9/0x250
[   90.511818][ T5839]  ? __pfx_uinput_request_reserve_slot+0x10/0x10
[   90.511830][ T5839]  ? __pfx___might_resched+0x10/0x10
[   90.511843][ T5839]  ? uinput_request_submit.part.0+0x25/0x2e0
[   90.511853][ T5839]  uinput_request_submit.part.0+0x25/0x2e0
[   90.511865][ T5839]  uinput_dev_upload_effect+0x174/0x1f0
[   90.511876][ T5839]  ? __pfx_uinput_dev_upload_effect+0x10/0x10
[   90.511888][ T5839]  ? __might_fault+0x13b/0x190
[   90.511905][ T5839]  input_ff_upload+0x568/0xc10
[   90.511916][ T5839]  evdev_do_ioctl+0xf40/0x1b30
[   90.511931][ T5839]  ? __pfx_evdev_do_ioctl+0x10/0x10
[   90.511949][ T5839]  evdev_ioctl+0x16f/0x1a0
[   90.511964][ T5839]  ? __pfx_evdev_ioctl+0x10/0x10
[   90.511978][ T5839]  __x64_sys_ioctl+0x18e/0x210
[   90.511991][ T5839]  do_syscall_64+0xcd/0x4c0
[   90.512001][ T5839]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.512011][ T5839] RIP: 0033:0x7f2c7d4a98f9
[   90.512019][ T5839] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   90.512029][ T5839] RSP: 002b:00007fffeb611bc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   90.512038][ T5839] RAX: ffffffffffffffda RBX: 00007f2c7d4f314a RCX: 00007f2c7d4a98f9
[   90.512044][ T5839] RDX: 0000200000000300 RSI: 0000000040304580 RDI: 0000000000000004
[   90.512050][ T5839] RBP: 00007f2c7d4f311a R08: 0000000000000006 R09: 0000000000000006
[   90.512055][ T5839] R10: 000000000000000f R11: 0000000000000246 R12: 00007f2c7d4f833c
[   90.512061][ T5839] R13: 00007f2c7d4f3082 R14: 0000000000000001 R15: 0000000000000001
[   90.512069][ T5839]  </TASK>