./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1823331683

<...>
Warning: Permanently added '10.128.1.166' (ED25519) to the list of known hosts.
execve("./syz-executor1823331683", ["./syz-executor1823331683"], 0x7ffde7202f20 /* 10 vars */) = 0
brk(NULL)                               = 0x55557ec1b000
brk(0x55557ec1bd00)                     = 0x55557ec1bd00
arch_prctl(ARCH_SET_FS, 0x55557ec1b380) = 0
set_tid_address(0x55557ec1b650)         = 5849
set_robust_list(0x55557ec1b660, 24)     = 0
rseq(0x55557ec1bca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1823331683", 4096) = 28
getrandom("\xea\xe8\x2f\xc9\x91\x4d\xd1\x0c", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55557ec1bd00
brk(0x55557ec3cd00)                     = 0x55557ec3cd00
brk(0x55557ec3d000)                     = 0x55557ec3d000
mprotect(0x7f68266f0000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5850 attached
 <unfinished ...>
[pid  5850] set_robust_list(0x55557ec1b660, 24 <unfinished ...>
[pid  5849] <... clone resumed>, child_tidptr=0x55557ec1b650) = 5850
[pid  5850] <... set_robust_list resumed>) = 0
[pid  5850] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5850] setpgid(0, 0)               = 0
[pid  5850] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5850] write(3, "1000", 4)         = 4
[pid  5850] close(3)                    = 0
executing program
[pid  5850] write(1, "executing program\n", 18) = 18
[pid  5850] openat(AT_FDCWD, "/dev/uinput", O_RDWR|O_NONBLOCK) = 3
[pid  5850] ioctl(3, UI_DEV_SETUP, 0x200000000280) = 0
[pid  5850] ioctl(3, UI_SET_FFBIT, 0x51) = 0
[pid  5850] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid  5850] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY) = 4
[   88.373418][ T5850] input: syz1 as /devices/virtual/input/input5
[   88.409774][ T5850] 
[   88.412148][ T5850] ======================================================
[   88.419154][ T5850] WARNING: possible circular locking dependency detected
[   88.426188][ T5850] 6.16.0-rc6-next-20250717-syzkaller #0 Not tainted
[   88.432764][ T5850] ------------------------------------------------------
[   88.439788][ T5850] syz-executor182/5850 is trying to acquire lock:
[   88.446208][ T5850] ffff888056962070 (&newdev->mutex){+.+.}-{4:4}, at: uinput_request_submit+0x188/0x6f0
[   88.455896][ T5850] 
[   88.455896][ T5850] but task is already holding lock:
[   88.463254][ T5850] ffff8880203c20b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x398/0xb30
[   88.472047][ T5850] 
[   88.472047][ T5850] which lock already depends on the new lock.
[   88.472047][ T5850] 
[   88.482438][ T5850] 
[   88.482438][ T5850] the existing dependency chain (in reverse order) is:
[   88.491450][ T5850] 
[   88.491450][ T5850] -> #3 (&ff->mutex){+.+.}-{4:4}:
[   88.498654][ T5850]        lock_acquire+0x120/0x360
[   88.503683][ T5850]        __mutex_lock+0x182/0xe80
[   88.508711][ T5850]        input_ff_flush+0x5d/0x170
[   88.513836][ T5850]        input_flush_device+0xb4/0x110
[   88.519377][ T5850]        evdev_release+0xe1/0x800
[   88.524397][ T5850]        __fput+0x449/0xa70
[   88.528895][ T5850]        fput_close_sync+0x119/0x200
[   88.534176][ T5850]        __x64_sys_close+0x7f/0x110
[   88.539369][ T5850]        do_syscall_64+0xfa/0x3b0
[   88.544387][ T5850]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.550797][ T5850] 
[   88.550797][ T5850] -> #2 (&dev->mutex#2){+.+.}-{4:4}:
[   88.558275][ T5850]        lock_acquire+0x120/0x360
[   88.563295][ T5850]        __mutex_lock+0x182/0xe80
[   88.568311][ T5850]        input_register_handle+0x18f/0x530
[   88.574110][ T5850]        kbd_connect+0xc3/0x140
[   88.578963][ T5850]        input_register_device+0xcfd/0x1140
[   88.584851][ T5850]        acpi_button_add+0x6b1/0xb50
[   88.590137][ T5850]        acpi_device_probe+0xa5/0x2d0
[   88.595502][ T5850]        really_probe+0x26a/0x9e0
[   88.600520][ T5850]        __driver_probe_device+0x18c/0x2f0
[   88.606322][ T5850]        driver_probe_device+0x4f/0x430
[   88.611864][ T5850]        __driver_attach+0x452/0x700
[   88.617141][ T5850]        bus_for_each_dev+0x230/0x2b0
[   88.622512][ T5850]        bus_add_driver+0x345/0x640
[   88.627708][ T5850]        driver_register+0x23a/0x320
[   88.632989][ T5850]        do_one_initcall+0x233/0x820
[   88.638288][ T5850]        do_initcall_level+0x137/0x1f0
[   88.643738][ T5850]        do_initcalls+0x69/0xd0
[   88.648591][ T5850]        kernel_init_freeable+0x3d9/0x590
[   88.654312][ T5850]        kernel_init+0x1d/0x1d0
[   88.659155][ T5850]        ret_from_fork+0x3f9/0x770
[   88.664273][ T5850]        ret_from_fork_asm+0x1a/0x30
[   88.669557][ T5850] 
[   88.669557][ T5850] -> #1 (input_mutex){+.+.}-{4:4}:
[   88.676851][ T5850]        lock_acquire+0x120/0x360
[   88.681872][ T5850]        __mutex_lock+0x182/0xe80
[   88.686897][ T5850]        input_register_device+0xa76/0x1140
[   88.692792][ T5850]        uinput_create_device+0x422/0x670
[   88.698516][ T5850]        uinput_ioctl_handler+0x3f0/0x1570
[   88.704316][ T5850]        __se_sys_ioctl+0xf9/0x170
[   88.709442][ T5850]        do_syscall_64+0xfa/0x3b0
[   88.714475][ T5850]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.720901][ T5850] 
[   88.720901][ T5850] -> #0 (&newdev->mutex){+.+.}-{4:4}:
[   88.728457][ T5850]        validate_chain+0xb9b/0x2140
[   88.733743][ T5850]        __lock_acquire+0xab9/0xd20
[   88.738942][ T5850]        lock_acquire+0x120/0x360
[   88.743959][ T5850]        __mutex_lock+0x182/0xe80
[   88.748986][ T5850]        uinput_request_submit+0x188/0x6f0
[   88.754785][ T5850]        uinput_dev_upload_effect+0x150/0x1e0
[   88.760844][ T5850]        input_ff_upload+0x5f8/0xb30
[   88.766124][ T5850]        evdev_ioctl_handler+0x1644/0x1f10
[   88.771923][ T5850]        __se_sys_ioctl+0xf9/0x170
[   88.777025][ T5850]        do_syscall_64+0xfa/0x3b0
[   88.782059][ T5850]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.788462][ T5850] 
[   88.788462][ T5850] other info that might help us debug this:
[   88.788462][ T5850] 
[   88.798675][ T5850] Chain exists of:
[   88.798675][ T5850]   &newdev->mutex --> &dev->mutex#2 --> &ff->mutex
[   88.798675][ T5850] 
[   88.811012][ T5850]  Possible unsafe locking scenario:
[   88.811012][ T5850] 
[   88.818449][ T5850]        CPU0                    CPU1
[   88.823804][ T5850]        ----                    ----
[   88.829273][ T5850]   lock(&ff->mutex);
[   88.833253][ T5850]                                lock(&dev->mutex#2);
[   88.840011][ T5850]                                lock(&ff->mutex);
[   88.846510][ T5850]   lock(&newdev->mutex);
[   88.850855][ T5850] 
[   88.850855][ T5850]  *** DEADLOCK ***
[   88.850855][ T5850] 
[   88.858985][ T5850] 2 locks held by syz-executor182/5850:
[   88.864517][ T5850]  #0: ffff8881427af118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_ioctl_handler+0x121/0x1f10
[   88.874450][ T5850]  #1: ffff8880203c20b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x398/0xb30
[   88.883684][ T5850] 
[   88.883684][ T5850] stack backtrace:
[   88.889579][ T5850] CPU: 0 UID: 0 PID: 5850 Comm: syz-executor182 Not tainted 6.16.0-rc6-next-20250717-syzkaller #0 PREEMPT(full) 
[   88.889598][ T5850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   88.889615][ T5850] Call Trace:
[   88.889623][ T5850]  <TASK>
[   88.889629][ T5850]  dump_stack_lvl+0x189/0x250
[   88.889654][ T5850]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.889675][ T5850]  ? __pfx__printk+0x10/0x10
[   88.889696][ T5850]  ? print_lock_name+0xde/0x100
[   88.889716][ T5850]  print_circular_bug+0x2ee/0x310
[   88.889738][ T5850]  check_noncircular+0x134/0x160
[   88.889759][ T5850]  validate_chain+0xb9b/0x2140
[   88.889780][ T5850]  ? stack_trace_save+0x9c/0xe0
[   88.889801][ T5850]  ? __pfx_stack_trace_save+0x10/0x10
[   88.889821][ T5850]  ? __pfx_hlock_conflict+0x10/0x10
[   88.889844][ T5850]  __lock_acquire+0xab9/0xd20
[   88.889861][ T5850]  ? uinput_request_submit+0x188/0x6f0
[   88.889876][ T5850]  lock_acquire+0x120/0x360
[   88.889890][ T5850]  ? uinput_request_submit+0x188/0x6f0
[   88.889909][ T5850]  __mutex_lock+0x182/0xe80
[   88.889928][ T5850]  ? uinput_request_submit+0x188/0x6f0
[   88.889943][ T5850]  ? __lock_acquire+0xab9/0xd20
[   88.889964][ T5850]  ? uinput_request_submit+0x188/0x6f0
[   88.889979][ T5850]  ? __pfx___mutex_lock+0x10/0x10
[   88.890000][ T5850]  ? do_raw_spin_unlock+0x122/0x240
[   88.890022][ T5850]  ? _raw_spin_unlock+0x28/0x50
[   88.890036][ T5850]  ? uinput_request_alloc_id+0x3cf/0x400
[   88.890052][ T5850]  uinput_request_submit+0x188/0x6f0
[   88.890066][ T5850]  ? __pfx_preempt_schedule+0x10/0x10
[   88.890082][ T5850]  ? __mutex_trylock_common+0x153/0x260
[   88.890102][ T5850]  ? __pfx_uinput_request_submit+0x10/0x10
[   88.890117][ T5850]  ? preempt_schedule_thunk+0x16/0x30
[   88.890135][ T5850]  ? __mutex_lock+0x344/0xe80
[   88.890155][ T5850]  uinput_dev_upload_effect+0x150/0x1e0
[   88.890171][ T5850]  ? __pfx_uinput_dev_upload_effect+0x10/0x10
[   88.890194][ T5850]  input_ff_upload+0x5f8/0xb30
[   88.890211][ T5850]  evdev_ioctl_handler+0x1644/0x1f10
[   88.890245][ T5850]  ? do_vfs_ioctl+0xbe8/0x1430
[   88.890262][ T5850]  ? __pfx_evdev_ioctl_handler+0x10/0x10
[   88.890282][ T5850]  ? _raw_spin_lock_irq+0xae/0xf0
[   88.890305][ T5850]  ? __pfx_ptrace_notify+0x10/0x10
[   88.890323][ T5850]  ? bpf_lsm_file_ioctl+0x9/0x20
[   88.890336][ T5850]  ? __pfx_evdev_ioctl+0x10/0x10
[   88.890353][ T5850]  __se_sys_ioctl+0xf9/0x170
[   88.890369][ T5850]  do_syscall_64+0xfa/0x3b0
[   88.890386][ T5850]  ? lockdep_hardirqs_on+0x9c/0x150
[   88.890402][ T5850]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.890414][ T5850]  ? clear_bhb_loop+0x60/0xb0
[   88.890429][ T5850]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.890442][ T5850] RIP: 0033:0x7f682667d9b9
[   88.890457][ T5850] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   88.890468][ T5850] RSP: 002b:00007ffd4d829528 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   88.890482][ T5850] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f682667d9b9
[   88.890491][ T5850] RDX: 0000200000000500 RSI: 0000000040304580 RDI: 0000000000000004
[   88.890500][ T5850] RBP: 00007f68266f05f0 R08: 0000000000000006 R09: 0000000000000006
[   88.890507][ T5850] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000000001
[   88.890515][ T5850] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
[   88.890528][ T5850]  </TASK>
[   91.883911][  T891] cfg80211: failed to load regulatory.db
[pid  5850] ioctl(4, EVIOCSFF, {type=FF_RUMBLE, id=-1, direction=13, ...} <unfinished ...>
[pid  5849] kill(-5850, SIGKILL)        = 0
[pid  5849] kill(5850, SIGKILL)         = 0
[pid  5849] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5849] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0
[pid  5849] getdents64(3, 0x55557ec1c6f0 /* 2 entries */, 32768) = 48
[pid  5849] getdents64(3, 0x55557ec1c6f0 /* 0 entries */, 32768) = 0
[pid  5849] close(3)                    = 0