possible deadlock in input_ff

ID	Workflow	Result	Correct	Bug	Created	Started	Finished	Revision	Error
69b5c96c-753e-4291-9feb-ce0147872ab0	assessment-security		💥	possible deadlock in input_ff_flush	2026/05/15 09:58	2026/05/15 09:58	2026/05/15 09:59	9cd3beaadf14b3a22d15fd97a0bf081ee41ebe01	failed to run ["git" "pull" "origin" "HEAD" "--depth=1" "--allow-unrelated-histories"]: exit status 128 From /app/workdir/repo/linux * branch HEAD -> FETCH_HEAD error: unable to write file Documentation/devicetree/bindings/rng/sparc_sun_oracle_rng.txt error: unable to write file Documentation/devicetree/bindings/rng/st,rng.yaml error: unable to write file Documentation/devicetree/bindings/rng/st,stm32-rng.yaml error: unable to write file Documentation/devicetree/bindings/rng/starfive,jh7110-trng.yaml error: unable to write file Documentation/devicetree/bindings/rng/ti,keystone-rng.yaml error: unable to write file Documentation/devicetree/bindings/rng/ti,omap-rom-rng.yaml error: unable to write file Documentation/devicetree/bindings/rng/timeriomem_rng.yaml error: unable to write file Documentation/devicetree/bindings/rng/xiphera,xip8001b-trng.yaml fatal: cannot create directory at 'Documentation/devicetree/bindings/rtc': No space left on device

Title	Replies (including bot)	Last reply
[syzbot] Monthly input report (Oct 2025)	0 (1)	2025/10/16 08:36
[syzbot] [input?] possible deadlock in input_ff_flush	3 (8)	2025/07/27 04:48

Title

Replies (including bot)

Last reply

[syzbot] Monthly input report (Oct 2025)

0 (1)

2025/10/16 08:36

[syzbot] [input?] possible deadlock in input_ff_flush

3 (8)

2025/07/27 04:48

Kernel	Title	Rank 🛈	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-5.15	possible deadlock in input_ff_flush	4				1	297d	297d	0/3	auto-obsoleted due to no activity on 2025/11/06 04:52

Rank 🛈

linux-5.15

possible deadlock in input_ff_flush

297d

0/3

auto-obsoleted due to no activity on 2025/11/06 04:52

Created	Duration	User	Patch	Repo	Result
2026/05/17 18:05	33m	retest repro		upstream	log
2026/05/17 18:05	25m	retest repro		upstream	log
2026/04/27 19:10	35m	retest repro		upstream	OK log
2026/03/26 09:41	14m	retest repro		upstream	report log
2026/03/26 09:41	13m	retest repro		upstream	error
2026/03/08 16:15	28m	retest repro		upstream	report log
2026/03/08 16:15	16m	retest repro		upstream	report log
2026/02/03 02:22	18m	retest repro		upstream	error
2026/01/15 09:20	14m	retest repro		upstream	report log
2026/01/15 08:50	14m	retest repro		upstream	report log
2025/07/27 03:59	34m	hdanton@sina.com	patch	upstream	OK log
2025/01/06 11:08	17m	hdanton@sina.com	patch	upstream	report log
2025/01/06 10:29	19m	hdanton@sina.com	patch	upstream	error

Created

Duration

User

Patch

Repo

Result

2026/05/17 18:05

33m

retest repro

upstream

log

2026/05/17 18:05

25m

retest repro

upstream

log

2026/04/27 19:10

35m

retest repro

upstream

OK log

2026/03/26 09:41

14m

retest repro

upstream

report log

2026/03/26 09:41

13m

retest repro

upstream

error

2026/03/08 16:15

28m

retest repro

upstream

report log

2026/03/08 16:15

16m

retest repro

upstream

report log

2026/02/03 02:22

18m

retest repro

upstream

error

2026/01/15 09:20

14m

retest repro

upstream

report log

2026/01/15 08:50

14m

retest repro

upstream

report log

2025/07/27 03:59

34m

hdanton@sina.com

patch

upstream

OK log

2025/01/06 11:08

17m

hdanton@sina.com

patch

upstream

report log

2025/01/06 10:29

19m

hdanton@sina.com

patch

upstream

error

Created	Duration	User	Repo	Result
2026/02/16 02:58	1m	bisect fix	upstream	error job log
2025/12/26 02:54	1h57m	bisect fix	upstream	OK (0) job log log
2025/11/24 21:48	2h47m	bisect fix	upstream	OK (0) job log log
2025/10/11 14:36	2h20m	bisect fix	upstream	OK (0) job log log
2025/09/11 01:09	3h24m	bisect fix	upstream	OK (0) job log log

Created

Duration

User

Patch

Repo

Result

2026/02/16 02:58

bisect fix

upstream

error job log

2025/12/26 02:54

1h57m

bisect fix

upstream

OK (0) job log log

2025/11/24 21:48

2h47m

bisect fix

upstream

OK (0) job log log

2025/10/11 14:36

2h20m

bisect fix

upstream

OK (0) job log log

2025/09/11 01:09

3h24m

bisect fix

upstream

OK (0) job log log

====================================================== WARNING: possible circular locking dependency detected 6.16.0-rc7-syzkaller-00120-g5f33ebd2018c #0 Not tainted ------------------------------------------------------ udevd/5831 is trying to acquire lock: ffff8880259b80b0 (&ff->mutex){+.+.}-{4:4}, at: class_mutex_constructor include/linux/mutex.h:225 [inline] ffff8880259b80b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_flush+0x63/0x180 drivers/input/ff-core.c:231 but task is already holding lock: ffff8880268022c0 (&dev->mutex#2){+.+.}-{4:4}, at: class_mutex_intr_constructor include/linux/mutex.h:227 [inline] ffff8880268022c0 (&dev->mutex#2){+.+.}-{4:4}, at: input_flush_device+0x55/0x110 drivers/input/input.c:625 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (&dev->mutex#2){+.+.}-{4:4}: __mutex_lock_common kernel/locking/mutex.c:602 [inline] __mutex_lock+0x199/0xb90 kernel/locking/mutex.c:747 class_mutex_intr_constructor include/linux/mutex.h:227 [inline] input_register_handle+0xdc/0x620 drivers/input/input.c:2653 kbd_connect+0xca/0x160 drivers/tty/vt/keyboard.c:1580 input_attach_handler.isra.0+0x184/0x260 drivers/input/input.c:993 input_register_device+0xa84/0x1130 drivers/input/input.c:2412 acpi_button_add+0x582/0xb70 drivers/acpi/button.c:621 acpi_device_probe+0xc6/0x330 drivers/acpi/bus.c:1076 call_driver_probe drivers/base/dd.c:579 [inline] really_probe+0x23e/0xa90 drivers/base/dd.c:657 __driver_probe_device+0x1de/0x440 drivers/base/dd.c:799 driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:829 __driver_attach+0x283/0x580 drivers/base/dd.c:1215 bus_for_each_dev+0x13e/0x1d0 drivers/base/bus.c:370 bus_add_driver+0x2e9/0x690 drivers/base/bus.c:678 driver_register+0x15c/0x4b0 drivers/base/driver.c:249 __acpi_bus_register_driver+0xdf/0x130 drivers/acpi/bus.c:1027 acpi_button_register_driver drivers/acpi/button.c:751 [inline] acpi_button_driver_init+0x82/0x110 drivers/acpi/button.c:760 do_one_initcall+0x120/0x6e0 init/main.c:1274 do_initcall_level init/main.c:1336 [inline] do_initcalls init/main.c:1352 [inline] do_basic_setup init/main.c:1371 [inline] kernel_init_freeable+0x5c2/0x900 init/main.c:1584 kernel_init+0x1c/0x2b0 init/main.c:1474 ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 -> #2 (input_mutex){+.+.}-{4:4}: __mutex_lock_common kernel/locking/mutex.c:602 [inline] __mutex_lock+0x199/0xb90 kernel/locking/mutex.c:747 class_mutex_intr_constructor include/linux/mutex.h:227 [inline] input_register_device+0x98a/0x1130 drivers/input/input.c:2408 uinput_create_device drivers/input/misc/uinput.c:365 [inline] uinput_ioctl_handler.isra.0+0x1357/0x1df0 drivers/input/misc/uinput.c:918 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl fs/ioctl.c:893 [inline] __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #1 (&newdev->mutex){+.+.}-{4:4}: __mutex_lock_common kernel/locking/mutex.c:602 [inline] __mutex_lock+0x199/0xb90 kernel/locking/mutex.c:747 uinput_request_send drivers/input/misc/uinput.c:151 [inline] uinput_request_submit.part.0+0x25/0x2e0 drivers/input/misc/uinput.c:182 uinput_request_submit drivers/input/misc/uinput.c:179 [inline] uinput_dev_upload_effect+0x174/0x1f0 drivers/input/misc/uinput.c:257 input_ff_upload+0x568/0xc10 drivers/input/ff-core.c:148 evdev_do_ioctl+0xf40/0x1b30 drivers/input/evdev.c:1181 evdev_ioctl_handler drivers/input/evdev.c:1270 [inline] evdev_ioctl+0x16f/0x1a0 drivers/input/evdev.c:1279 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl fs/ioctl.c:893 [inline] __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #0 (&ff->mutex){+.+.}-{4:4}: check_prev_add kernel/locking/lockdep.c:3168 [inline] check_prevs_add kernel/locking/lockdep.c:3287 [inline] validate_chain kernel/locking/lockdep.c:3911 [inline] __lock_acquire+0x126f/0x1c90 kernel/locking/lockdep.c:5240 lock_acquire kernel/locking/lockdep.c:5871 [inline] lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5828 __mutex_lock_common kernel/locking/mutex.c:602 [inline] __mutex_lock+0x199/0xb90 kernel/locking/mutex.c:747 class_mutex_constructor include/linux/mutex.h:225 [inline] input_ff_flush+0x63/0x180 drivers/input/ff-core.c:231 uinput_dev_flush+0x2a/0x40 drivers/input/misc/uinput.c:283 input_flush_device+0xa1/0x110 drivers/input/input.c:627 evdev_release+0x344/0x420 drivers/input/evdev.c:435 __fput+0x3ff/0xb70 fs/file_table.c:465 fput_close_sync+0x118/0x260 fs/file_table.c:570 __do_sys_close fs/open.c:1589 [inline] __se_sys_close fs/open.c:1574 [inline] __x64_sys_close+0x8b/0x120 fs/open.c:1574 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f other info that might help us debug this: Chain exists of: &ff->mutex --> input_mutex --> &dev->mutex#2 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&dev->mutex#2); lock(input_mutex); lock(&dev->mutex#2); lock(&ff->mutex); *** DEADLOCK *** 2 locks held by udevd/5831: #0: ffff888026803118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_release+0x79/0x420 drivers/input/evdev.c:432 #1: ffff8880268022c0 (&dev->mutex#2){+.+.}-{4:4}, at: class_mutex_intr_constructor include/linux/mutex.h:227 [inline] #1: ffff8880268022c0 (&dev->mutex#2){+.+.}-{4:4}, at: input_flush_device+0x55/0x110 drivers/input/input.c:625 stack backtrace: CPU: 0 UID: 0 PID: 5831 Comm: udevd Not tainted 6.16.0-rc7-syzkaller-00120-g5f33ebd2018c #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_circular_bug+0x275/0x350 kernel/locking/lockdep.c:2046 check_noncircular+0x14c/0x170 kernel/locking/lockdep.c:2178 check_prev_add kernel/locking/lockdep.c:3168 [inline] check_prevs_add kernel/locking/lockdep.c:3287 [inline] validate_chain kernel/locking/lockdep.c:3911 [inline] __lock_acquire+0x126f/0x1c90 kernel/locking/lockdep.c:5240 lock_acquire kernel/locking/lockdep.c:5871 [inline] lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5828 __mutex_lock_common kernel/locking/mutex.c:602 [inline] __mutex_lock+0x199/0xb90 kernel/locking/mutex.c:747 class_mutex_constructor include/linux/mutex.h:225 [inline] input_ff_flush+0x63/0x180 drivers/input/ff-core.c:231 uinput_dev_flush+0x2a/0x40 drivers/input/misc/uinput.c:283 input_flush_device+0xa1/0x110 drivers/input/input.c:627 evdev_release+0x344/0x420 drivers/input/evdev.c:435 __fput+0x3ff/0xb70 fs/file_table.c:465 fput_close_sync+0x118/0x260 fs/file_table.c:570 __do_sys_close fs/open.c:1589 [inline] __se_sys_close fs/open.c:1574 [inline] __x64_sys_close+0x8b/0x120 fs/open.c:1574 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f7c2f2a7407 Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff RSP: 002b:00007fff6a7623b0 EFLAGS: 00000202 ORIG_RAX: 0000000000000003 RAX: ffffffffffffffda RBX: 00007f7c2fa12880 RCX: 00007f7c2f2a7407 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 RBP: 00007f7c2fa126e8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000016 R13: 00007fff6a7624c0 R14: 0000000000000000 R15: 0000000000000000 </TASK>

Crashes (6):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2025/07/26 18:46	upstream	5f33ebd2018c	fb8f743d	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	possible deadlock in input_ff_flush
2026/02/22 16:03	upstream	32a92f8c8932	6e7b5511	.config	console log	report	syz / log			[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	possible deadlock in input_ff_flush
2025/05/03 22:36	upstream	95d3481af6dc	b0714e37	.config	console log	report	syz / log			[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	possible deadlock in input_ff_flush
2025/01/01 12:32	upstream	ccb98ccef0e5	d3ccff63	.config	console log	report	syz / log			[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	possible deadlock in input_ff_flush
2025/10/23 08:22	upstream	dd72c8fcf6d3	c0460fcd	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce	possible deadlock in input_ff_flush
2026/01/17 01:22	git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci	59e4d31a0470	d6526ea3	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-gce-arm64	possible deadlock in input_ff_flush

Crashes (6):

Assets (help?)