./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1902458431

<...>
Warning: Permanently added '10.128.0.144' (ED25519) to the list of known hosts.
execve("./syz-executor1902458431", ["./syz-executor1902458431"], 0x7ffe976d81a0 /* 10 vars */) = 0
brk(NULL)                               = 0x55556be7b000
brk(0x55556be7bd00)                     = 0x55556be7bd00
arch_prctl(ARCH_SET_FS, 0x55556be7b380) = 0
set_tid_address(0x55556be7b650)         = 5838
set_robust_list(0x55556be7b660, 24)     = 0
rseq(0x55556be7bca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1902458431", 4096) = 28
getrandom("\x41\x70\xe2\x58\xb2\xda\x59\x2a", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55556be7bd00
brk(0x55556be9cd00)                     = 0x55556be9cd00
brk(0x55556be9d000)                     = 0x55556be9d000
mprotect(0x7f626c7d1000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556be7b650) = 5839
./strace-static-x86_64: Process 5839 attached
[pid  5839] set_robust_list(0x55556be7b660, 24) = 0
[pid  5839] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5839] setpgid(0, 0)               = 0
[pid  5839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5839] write(3, "1000", 4)         = 4
[pid  5839] close(3)                    = 0
executing program
[pid  5839] write(1, "executing program\n", 18) = 18
[pid  5839] openat(AT_FDCWD, "/dev/uinput", O_RDWR) = 3
[pid  5839] ioctl(3, UI_DEV_SETUP, 0x200000000280) = 0
[pid  5839] ioctl(3, UI_SET_FFBIT, 0x51) = 0
[pid  5839] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid  5839] openat(AT_FDCWD, "/dev/input/event4", O_RDONLY) = 4
[   89.213162][ T5839] input: syz0 as /devices/virtual/input/input5
[   89.250153][ T5839] 
[   89.252515][ T5839] ======================================================
[   89.259532][ T5839] WARNING: possible circular locking dependency detected
[   89.266564][ T5839] 6.15.0-next-20250605-syzkaller #0 Not tainted
[   89.272821][ T5839] ------------------------------------------------------
[   89.279836][ T5839] syz-executor190/5839 is trying to acquire lock:
[   89.286251][ T5839] ffff88802771a870 (&newdev->mutex){+.+.}-{4:4}, at: uinput_request_submit+0x188/0x6f0
[   89.295961][ T5839] 
[   89.295961][ T5839] but task is already holding lock:
[   89.303323][ T5839] ffff8880284d90b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x398/0xae0
[   89.312117][ T5839] 
[   89.312117][ T5839] which lock already depends on the new lock.
[   89.312117][ T5839] 
[   89.322520][ T5839] 
[   89.322520][ T5839] the existing dependency chain (in reverse order) is:
[   89.331535][ T5839] 
[   89.331535][ T5839] -> #3 (&ff->mutex){+.+.}-{4:4}:
[   89.338751][ T5839]        lock_acquire+0x120/0x360
[   89.343785][ T5839]        __mutex_lock+0x182/0xe80
[   89.348818][ T5839]        input_ff_flush+0x5e/0x140
[   89.353930][ T5839]        input_flush_device+0xa6/0xd0
[   89.359300][ T5839]        evdev_release+0xe1/0x800
[   89.364330][ T5839]        __fput+0x449/0xa70
[   89.368845][ T5839]        fput_close_sync+0x119/0x200
[   89.374149][ T5839]        __x64_sys_close+0x7f/0x110
[   89.379347][ T5839]        do_syscall_64+0xfa/0x3b0
[   89.384375][ T5839]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.390786][ T5839] 
[   89.390786][ T5839] -> #2 (&dev->mutex#2){+.+.}-{4:4}:
[   89.398270][ T5839]        lock_acquire+0x120/0x360
[   89.403315][ T5839]        __mutex_lock+0x182/0xe80
[   89.408338][ T5839]        input_register_handle+0x18f/0x4c0
[   89.414152][ T5839]        kbd_connect+0xc3/0x140
[   89.419003][ T5839]        input_register_device+0xceb/0x10b0
[   89.424895][ T5839]        acpi_button_add+0x6b1/0xb50
[   89.430268][ T5839]        acpi_device_probe+0xa5/0x2d0
[   89.435640][ T5839]        really_probe+0x26a/0x9a0
[   89.440667][ T5839]        __driver_probe_device+0x18c/0x2f0
[   89.446476][ T5839]        driver_probe_device+0x4f/0x430
[   89.452116][ T5839]        __driver_attach+0x452/0x700
[   89.457412][ T5839]        bus_for_each_dev+0x230/0x2b0
[   89.462794][ T5839]        bus_add_driver+0x345/0x640
[   89.467999][ T5839]        driver_register+0x23a/0x320
[   89.473292][ T5839]        do_one_initcall+0x233/0x820
[   89.478574][ T5839]        do_initcall_level+0x137/0x1f0
[   89.484074][ T5839]        do_initcalls+0x69/0xd0
[   89.488934][ T5839]        kernel_init_freeable+0x3d9/0x570
[   89.494661][ T5839]        kernel_init+0x1d/0x1d0
[   89.499604][ T5839]        ret_from_fork+0x3f9/0x770
[   89.504717][ T5839]        ret_from_fork_asm+0x1a/0x30
[   89.510003][ T5839] 
[   89.510003][ T5839] -> #1 (input_mutex){+.+.}-{4:4}:
[   89.517310][ T5839]        lock_acquire+0x120/0x360
[   89.522338][ T5839]        __mutex_lock+0x182/0xe80
[   89.527362][ T5839]        input_register_device+0xa74/0x10b0
[   89.533259][ T5839]        uinput_create_device+0x422/0x670
[   89.538975][ T5839]        uinput_ioctl_handler+0x3f0/0x1570
[   89.544779][ T5839]        __se_sys_ioctl+0xfc/0x170
[   89.549902][ T5839]        do_syscall_64+0xfa/0x3b0
[   89.554942][ T5839]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.561357][ T5839] 
[   89.561357][ T5839] -> #0 (&newdev->mutex){+.+.}-{4:4}:
[   89.568918][ T5839]        validate_chain+0xb9b/0x2140
[   89.574199][ T5839]        __lock_acquire+0xab9/0xd20
[   89.579413][ T5839]        lock_acquire+0x120/0x360
[   89.584435][ T5839]        __mutex_lock+0x182/0xe80
[   89.589478][ T5839]        uinput_request_submit+0x188/0x6f0
[   89.595292][ T5839]        uinput_dev_upload_effect+0x150/0x1e0
[   89.601356][ T5839]        input_ff_upload+0x5fc/0xae0
[   89.606740][ T5839]        evdev_ioctl_handler+0x1644/0x1f10
[   89.612569][ T5839]        __se_sys_ioctl+0xfc/0x170
[   89.617774][ T5839]        do_syscall_64+0xfa/0x3b0
[   89.622798][ T5839]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.629211][ T5839] 
[   89.629211][ T5839] other info that might help us debug this:
[   89.629211][ T5839] 
[   89.639468][ T5839] Chain exists of:
[   89.639468][ T5839]   &newdev->mutex --> &dev->mutex#2 --> &ff->mutex
[   89.639468][ T5839] 
[   89.651909][ T5839]  Possible unsafe locking scenario:
[   89.651909][ T5839] 
[   89.659360][ T5839]        CPU0                    CPU1
[   89.664737][ T5839]        ----                    ----
[   89.670096][ T5839]   lock(&ff->mutex);
[   89.674081][ T5839]                                lock(&dev->mutex#2);
[   89.680853][ T5839]                                lock(&ff->mutex);
[   89.687358][ T5839]   lock(&newdev->mutex);
[   89.691692][ T5839] 
[   89.691692][ T5839]  *** DEADLOCK ***
[   89.691692][ T5839] 
[   89.699829][ T5839] 2 locks held by syz-executor190/5839:
[   89.705365][ T5839]  #0: ffff888141688118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_ioctl_handler+0x121/0x1f10
[   89.715293][ T5839]  #1: ffff8880284d90b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x398/0xae0
[   89.724532][ T5839] 
[   89.724532][ T5839] stack backtrace:
[   89.730437][ T5839] CPU: 1 UID: 0 PID: 5839 Comm: syz-executor190 Not tainted 6.15.0-next-20250605-syzkaller #0 PREEMPT(full) 
[   89.730455][ T5839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   89.730469][ T5839] Call Trace:
[   89.730477][ T5839]  <TASK>
[   89.730483][ T5839]  dump_stack_lvl+0x189/0x250
[   89.730500][ T5839]  ? __pfx_dump_stack_lvl+0x10/0x10
[   89.730512][ T5839]  ? __pfx__printk+0x10/0x10
[   89.730527][ T5839]  ? print_lock_name+0xde/0x100
[   89.730542][ T5839]  print_circular_bug+0x2ee/0x310
[   89.730557][ T5839]  check_noncircular+0x134/0x160
[   89.730573][ T5839]  validate_chain+0xb9b/0x2140
[   89.730588][ T5839]  ? stack_trace_save+0x9c/0xe0
[   89.730602][ T5839]  ? __pfx_stack_trace_save+0x10/0x10
[   89.730616][ T5839]  ? __pfx_hlock_conflict+0x10/0x10
[   89.730632][ T5839]  __lock_acquire+0xab9/0xd20
[   89.730653][ T5839]  ? uinput_request_submit+0x188/0x6f0
[   89.730666][ T5839]  lock_acquire+0x120/0x360
[   89.730684][ T5839]  ? uinput_request_submit+0x188/0x6f0
[   89.730702][ T5839]  __mutex_lock+0x182/0xe80
[   89.730717][ T5839]  ? uinput_request_submit+0x188/0x6f0
[   89.730731][ T5839]  ? uinput_request_alloc_id+0x2f/0x400
[   89.730746][ T5839]  ? uinput_request_submit+0x188/0x6f0
[   89.730760][ T5839]  ? __pfx___mutex_lock+0x10/0x10
[   89.730776][ T5839]  ? do_raw_spin_unlock+0x122/0x240
[   89.730793][ T5839]  ? _raw_spin_unlock+0x28/0x50
[   89.730813][ T5839]  ? uinput_request_alloc_id+0x3cf/0x400
[   89.730827][ T5839]  uinput_request_submit+0x188/0x6f0
[   89.730841][ T5839]  ? __mutex_trylock_common+0x153/0x260
[   89.730855][ T5839]  ? __pfx_uinput_request_submit+0x10/0x10
[   89.730870][ T5839]  ? rcu_is_watching+0x15/0xb0
[   89.730892][ T5839]  ? trace_contention_end+0x39/0x120
[   89.730905][ T5839]  ? __mutex_lock+0x330/0xe80
[   89.730922][ T5839]  uinput_dev_upload_effect+0x150/0x1e0
[   89.730936][ T5839]  ? __pfx_uinput_dev_upload_effect+0x10/0x10
[   89.730957][ T5839]  input_ff_upload+0x5fc/0xae0
[   89.730974][ T5839]  evdev_ioctl_handler+0x1644/0x1f10
[   89.730996][ T5839]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   89.731012][ T5839]  ? __pfx_evdev_ioctl_handler+0x10/0x10
[   89.731033][ T5839]  ? _raw_spin_lock_irq+0xae/0xf0
[   89.731063][ T5839]  ? __pfx_ptrace_notify+0x10/0x10
[   89.731086][ T5839]  ? bpf_lsm_file_ioctl+0x9/0x20
[   89.731107][ T5839]  ? __pfx_evdev_ioctl+0x10/0x10
[   89.731129][ T5839]  __se_sys_ioctl+0xfc/0x170
[   89.731150][ T5839]  do_syscall_64+0xfa/0x3b0
[   89.731166][ T5839]  ? lockdep_hardirqs_on+0x9c/0x150
[   89.731179][ T5839]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.731192][ T5839]  ? clear_bhb_loop+0x60/0xb0
[   89.731207][ T5839]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.731221][ T5839] RIP: 0033:0x7f626c75e9b9
[   89.731237][ T5839] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   89.731252][ T5839] RSP: 002b:00007fff695b26c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   89.731266][ T5839] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f626c75e9b9
[   89.731276][ T5839] RDX: 0000200000000300 RSI: 0000000040304580 RDI: 0000000000000004
[   89.731285][ T5839] RBP: 00007f626c7d15f0 R08: 0000000000000006 R09: 0000000000000006
[   89.731294][ T5839] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000000001
[   89.731301][ T5839] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
[   89.731316][ T5839]  </TASK>
[   91.957298][    T9] cfg80211: failed to load regulatory.db
[pid  5839] ioctl(4, EVIOCSFF, {type=FF_RUMBLE, id=-1, direction=0, ...} <unfinished ...>
[pid  5838] kill(-5839, SIGKILL)        = 0
[pid  5838] kill(5839, SIGKILL)         = 0
[pid  5838] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5838] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0
[pid  5838] getdents64(3, 0x55556be7c6f0 /* 2 entries */, 32768) = 48
[pid  5838] getdents64(3, 0x55556be7c6f0 /* 0 entries */, 32768) = 0
[pid  5838] close(3)                    = 0