| Title | Replies (including bot) | Last reply |
|---|---|---|
| [syzbot] [input?] possible deadlock in input_ff_flush | 3 (8) | 2025/07/27 04:48 |
syzbot |
sign-in | mailing list | source | docs |
| Title | Replies (including bot) | Last reply |
|---|---|---|
| [syzbot] [input?] possible deadlock in input_ff_flush | 3 (8) | 2025/07/27 04:48 |
| Created | Duration | User | Patch | Repo | Result |
|---|---|---|---|---|---|
| 2025/08/13 14:50 | 20m | retest repro | upstream | report log | |
| 2025/08/09 19:03 | 1h20m | retest repro | upstream | report log | |
| 2025/08/09 18:49 | 20m | retest repro | upstream | error | |
| 2025/07/27 03:59 | 34m | hdanton@sina.com | patch | upstream | OK log |
| 2025/06/04 14:14 | 13m | retest repro | upstream | report log | |
| 2025/05/17 23:45 | 24m | retest repro | upstream | report log | |
| 2025/03/26 13:09 | 31m | retest repro | upstream | report log | |
| 2025/01/15 12:45 | 17m | retest repro | upstream | report log | |
| 2025/01/06 11:08 | 17m | hdanton@sina.com | patch | upstream | report log |
| 2025/01/06 10:29 | 19m | hdanton@sina.com | patch | upstream | error |
======================================================
WARNING: possible circular locking dependency detected
6.16.0-rc7-syzkaller-00120-g5f33ebd2018c #0 Not tainted
------------------------------------------------------
udevd/5831 is trying to acquire lock:
ffff8880259b80b0 (&ff->mutex){+.+.}-{4:4}, at: class_mutex_constructor include/linux/mutex.h:225 [inline]
ffff8880259b80b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_flush+0x63/0x180 drivers/input/ff-core.c:231
but task is already holding lock:
ffff8880268022c0 (&dev->mutex#2){+.+.}-{4:4}, at: class_mutex_intr_constructor include/linux/mutex.h:227 [inline]
ffff8880268022c0 (&dev->mutex#2){+.+.}-{4:4}, at: input_flush_device+0x55/0x110 drivers/input/input.c:625
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #3 (&dev->mutex#2){+.+.}-{4:4}:
__mutex_lock_common kernel/locking/mutex.c:602 [inline]
__mutex_lock+0x199/0xb90 kernel/locking/mutex.c:747
class_mutex_intr_constructor include/linux/mutex.h:227 [inline]
input_register_handle+0xdc/0x620 drivers/input/input.c:2653
kbd_connect+0xca/0x160 drivers/tty/vt/keyboard.c:1580
input_attach_handler.isra.0+0x184/0x260 drivers/input/input.c:993
input_register_device+0xa84/0x1130 drivers/input/input.c:2412
acpi_button_add+0x582/0xb70 drivers/acpi/button.c:621
acpi_device_probe+0xc6/0x330 drivers/acpi/bus.c:1076
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x23e/0xa90 drivers/base/dd.c:657
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:799
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:829
__driver_attach+0x283/0x580 drivers/base/dd.c:1215
bus_for_each_dev+0x13e/0x1d0 drivers/base/bus.c:370
bus_add_driver+0x2e9/0x690 drivers/base/bus.c:678
driver_register+0x15c/0x4b0 drivers/base/driver.c:249
__acpi_bus_register_driver+0xdf/0x130 drivers/acpi/bus.c:1027
acpi_button_register_driver drivers/acpi/button.c:751 [inline]
acpi_button_driver_init+0x82/0x110 drivers/acpi/button.c:760
do_one_initcall+0x120/0x6e0 init/main.c:1274
do_initcall_level init/main.c:1336 [inline]
do_initcalls init/main.c:1352 [inline]
do_basic_setup init/main.c:1371 [inline]
kernel_init_freeable+0x5c2/0x900 init/main.c:1584
kernel_init+0x1c/0x2b0 init/main.c:1474
ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
-> #2 (input_mutex){+.+.}-{4:4}:
__mutex_lock_common kernel/locking/mutex.c:602 [inline]
__mutex_lock+0x199/0xb90 kernel/locking/mutex.c:747
class_mutex_intr_constructor include/linux/mutex.h:227 [inline]
input_register_device+0x98a/0x1130 drivers/input/input.c:2408
uinput_create_device drivers/input/misc/uinput.c:365 [inline]
uinput_ioctl_handler.isra.0+0x1357/0x1df0 drivers/input/misc/uinput.c:918
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:907 [inline]
__se_sys_ioctl fs/ioctl.c:893 [inline]
__x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #1 (&newdev->mutex){+.+.}-{4:4}:
__mutex_lock_common kernel/locking/mutex.c:602 [inline]
__mutex_lock+0x199/0xb90 kernel/locking/mutex.c:747
uinput_request_send drivers/input/misc/uinput.c:151 [inline]
uinput_request_submit.part.0+0x25/0x2e0 drivers/input/misc/uinput.c:182
uinput_request_submit drivers/input/misc/uinput.c:179 [inline]
uinput_dev_upload_effect+0x174/0x1f0 drivers/input/misc/uinput.c:257
input_ff_upload+0x568/0xc10 drivers/input/ff-core.c:148
evdev_do_ioctl+0xf40/0x1b30 drivers/input/evdev.c:1181
evdev_ioctl_handler drivers/input/evdev.c:1270 [inline]
evdev_ioctl+0x16f/0x1a0 drivers/input/evdev.c:1279
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:907 [inline]
__se_sys_ioctl fs/ioctl.c:893 [inline]
__x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #0 (&ff->mutex){+.+.}-{4:4}:
check_prev_add kernel/locking/lockdep.c:3168 [inline]
check_prevs_add kernel/locking/lockdep.c:3287 [inline]
validate_chain kernel/locking/lockdep.c:3911 [inline]
__lock_acquire+0x126f/0x1c90 kernel/locking/lockdep.c:5240
lock_acquire kernel/locking/lockdep.c:5871 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5828
__mutex_lock_common kernel/locking/mutex.c:602 [inline]
__mutex_lock+0x199/0xb90 kernel/locking/mutex.c:747
class_mutex_constructor include/linux/mutex.h:225 [inline]
input_ff_flush+0x63/0x180 drivers/input/ff-core.c:231
uinput_dev_flush+0x2a/0x40 drivers/input/misc/uinput.c:283
input_flush_device+0xa1/0x110 drivers/input/input.c:627
evdev_release+0x344/0x420 drivers/input/evdev.c:435
__fput+0x3ff/0xb70 fs/file_table.c:465
fput_close_sync+0x118/0x260 fs/file_table.c:570
__do_sys_close fs/open.c:1589 [inline]
__se_sys_close fs/open.c:1574 [inline]
__x64_sys_close+0x8b/0x120 fs/open.c:1574
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
other info that might help us debug this:
Chain exists of:
&ff->mutex --> input_mutex --> &dev->mutex#2
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&dev->mutex#2);
lock(input_mutex);
lock(&dev->mutex#2);
lock(&ff->mutex);
*** DEADLOCK ***
2 locks held by udevd/5831:
#0: ffff888026803118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_release+0x79/0x420 drivers/input/evdev.c:432
#1: ffff8880268022c0 (&dev->mutex#2){+.+.}-{4:4}, at: class_mutex_intr_constructor include/linux/mutex.h:227 [inline]
#1: ffff8880268022c0 (&dev->mutex#2){+.+.}-{4:4}, at: input_flush_device+0x55/0x110 drivers/input/input.c:625
stack backtrace:
CPU: 0 UID: 0 PID: 5831 Comm: udevd Not tainted 6.16.0-rc7-syzkaller-00120-g5f33ebd2018c #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
print_circular_bug+0x275/0x350 kernel/locking/lockdep.c:2046
check_noncircular+0x14c/0x170 kernel/locking/lockdep.c:2178
check_prev_add kernel/locking/lockdep.c:3168 [inline]
check_prevs_add kernel/locking/lockdep.c:3287 [inline]
validate_chain kernel/locking/lockdep.c:3911 [inline]
__lock_acquire+0x126f/0x1c90 kernel/locking/lockdep.c:5240
lock_acquire kernel/locking/lockdep.c:5871 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5828
__mutex_lock_common kernel/locking/mutex.c:602 [inline]
__mutex_lock+0x199/0xb90 kernel/locking/mutex.c:747
class_mutex_constructor include/linux/mutex.h:225 [inline]
input_ff_flush+0x63/0x180 drivers/input/ff-core.c:231
uinput_dev_flush+0x2a/0x40 drivers/input/misc/uinput.c:283
input_flush_device+0xa1/0x110 drivers/input/input.c:627
evdev_release+0x344/0x420 drivers/input/evdev.c:435
__fput+0x3ff/0xb70 fs/file_table.c:465
fput_close_sync+0x118/0x260 fs/file_table.c:570
__do_sys_close fs/open.c:1589 [inline]
__se_sys_close fs/open.c:1574 [inline]
__x64_sys_close+0x8b/0x120 fs/open.c:1574
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f7c2f2a7407
Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
RSP: 002b:00007fff6a7623b0 EFLAGS: 00000202 ORIG_RAX: 0000000000000003
RAX: ffffffffffffffda RBX: 00007f7c2fa12880 RCX: 00007f7c2f2a7407
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008
RBP: 00007f7c2fa126e8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000016
R13: 00007fff6a7624c0 R14: 0000000000000000 R15: 0000000000000000
</TASK>
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2025/07/26 18:46 | upstream | 5f33ebd2018c | fb8f743d | .config | console log | report | syz / log | C | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-selinux-root | possible deadlock in input_ff_flush | |
| 2025/05/03 22:36 | upstream | 95d3481af6dc | b0714e37 | .config | console log | report | syz / log | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream | possible deadlock in input_ff_flush | ||
| 2025/01/01 12:32 | upstream | ccb98ccef0e5 | d3ccff63 | .config | console log | report | syz / log | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream | possible deadlock in input_ff_flush |