Warning: Permanently added '10.128.0.18' (ED25519) to the list of known hosts. executing program executing program [ 31.586735][ T6249] input: syz1 as /devices/virtual/input/input3 [ 31.586745][ T6246] input: syz1 as /devices/virtual/input/input2 executing program [ 31.589813][ T6250] input: syz1 as /devices/virtual/input/input4 executing program [ 31.596278][ T6253] input: syz1 as /devices/virtual/input/input5 executing program [ 31.600236][ T6254] input: syz1 as /devices/virtual/input/input6 executing program [ 31.668872][ T6258] input: syz1 as /devices/virtual/input/input7 [ 31.716826][ T6253] [ 31.717487][ T6253] ====================================================== [ 31.719575][ T6253] WARNING: possible circular locking dependency detected [ 31.721419][ T6253] 6.9.0-rc7-syzkaller-gfda5695d692c #0 Not tainted [ 31.723207][ T6253] ------------------------------------------------------ [ 31.724432][ T6259] input: syz1 as /devices/virtual/input/input8 [ 31.725070][ T6253] syz-executor406/6253 is trying to acquire lock: [ 31.728612][ T6253] ffff0000d8927070 (&newdev->mutex){+.+.}-{3:3}, at: uinput_request_submit+0x188/0x654 [ 31.731311][ T6253] [ 31.731311][ T6253] but task is already holding lock: [ 31.733302][ T6253] ffff0000d89278b0 (&ff->mutex){+.+.}-{3:3}, at: input_ff_upload+0x31c/0x834 [ 31.735787][ T6253] [ 31.735787][ T6253] which lock already depends on the new lock. [ 31.735787][ T6253] [ 31.738613][ T6253] [ 31.738613][ T6253] the existing dependency chain (in reverse order) is: [ 31.741042][ T6253] [ 31.741042][ T6253] -> #3 (&ff->mutex){+.+.}-{3:3}: executing program [ 31.743015][ T6253] __mutex_lock_common+0x190/0x21a0 [ 31.744543][ T6253] mutex_lock_nested+0x2c/0x38 [ 31.746004][ T6253] input_ff_upload+0x31c/0x834 [ 31.747502][ T6253] evdev_ioctl_handler+0x1fd0/0x2d58 [ 31.749105][ T6253] evdev_ioctl+0x38/0x4c [ 31.750452][ T6253] __arm64_sys_ioctl+0x14c/0x1c8 [ 31.752015][ T6253] invoke_syscall+0x98/0x2b8 [ 31.753491][ T6253] el0_svc_common+0x130/0x23c [ 31.754964][ T6253] do_el0_svc+0x48/0x58 [ 31.756291][ T6253] el0_svc+0x54/0x168 [ 31.757551][ T6253] el0t_64_sync_handler+0x84/0xfc [ 31.759161][ T6253] el0t_64_sync+0x190/0x194 [ 31.760629][ T6253] [ 31.760629][ T6253] -> #2 (&evdev->mutex){+.+.}-{3:3}: [ 31.762723][ T6253] __mutex_lock_common+0x190/0x21a0 [ 31.764343][ T6253] mutex_lock_nested+0x2c/0x38 [ 31.765785][ T6253] evdev_cleanup+0x38/0x16c [ 31.767272][ T6253] evdev_disconnect+0x58/0xc0 [ 31.768772][ T6253] __input_unregister_device+0x31c/0x5c0 [ 31.770538][ T6253] input_unregister_device+0xb0/0xfc [ 31.772166][ T6253] uinput_destroy_device+0x5a4/0x79c [ 31.773735][ T6253] uinput_release+0x44/0x60 [ 31.775145][ T6253] __fput+0x30c/0x738 [ 31.776404][ T6253] ____fput+0x20/0x30 [ 31.777631][ T6253] task_work_run+0x230/0x2e0 [ 31.779040][ T6253] do_exit+0x4e4/0x1ac8 [ 31.780363][ T6253] do_group_exit+0x194/0x22c [ 31.781870][ T6253] pid_child_should_wake+0x0/0x1dc [ 31.783505][ T6253] invoke_syscall+0x98/0x2b8 [ 31.784951][ T6253] el0_svc_common+0x130/0x23c [ 31.786495][ T6253] do_el0_svc+0x48/0x58 [ 31.787783][ T6253] el0_svc+0x54/0x168 [ 31.789114][ T6253] el0t_64_sync_handler+0x84/0xfc [ 31.790764][ T6253] el0t_64_sync+0x190/0x194 [ 31.792164][ T6253] [ 31.792164][ T6253] -> #1 (input_mutex){+.+.}-{3:3}: [ 31.794267][ T6253] __mutex_lock_common+0x190/0x21a0 [ 31.795906][ T6253] mutex_lock_interruptible_nested+0x2c/0x38 [ 31.797881][ T6253] input_register_device+0x8dc/0xde8 [ 31.799639][ T6253] uinput_create_device+0x360/0x528 [ 31.801220][ T6253] uinput_ioctl_handler+0x8b0/0x16c0 [ 31.802817][ T6253] uinput_ioctl+0x38/0x4c [ 31.804118][ T6253] __arm64_sys_ioctl+0x14c/0x1c8 [ 31.805626][ T6253] invoke_syscall+0x98/0x2b8 [ 31.807060][ T6253] el0_svc_common+0x130/0x23c [ 31.808515][ T6253] do_el0_svc+0x48/0x58 [ 31.809867][ T6253] el0_svc+0x54/0x168 [ 31.811116][ T6253] el0t_64_sync_handler+0x84/0xfc [ 31.812579][ T6253] el0t_64_sync+0x190/0x194 [ 31.813986][ T6253] [ 31.813986][ T6253] -> #0 (&newdev->mutex){+.+.}-{3:3}: [ 31.816120][ T6253] __lock_acquire+0x3384/0x763c [ 31.817629][ T6253] lock_acquire+0x248/0x73c [ 31.819001][ T6253] __mutex_lock_common+0x190/0x21a0 [ 31.820543][ T6253] mutex_lock_interruptible_nested+0x2c/0x38 [ 31.822369][ T6253] uinput_request_submit+0x188/0x654 [ 31.823998][ T6253] uinput_dev_upload_effect+0x170/0x218 [ 31.825673][ T6253] input_ff_upload+0x49c/0x834 [ 31.827193][ T6253] evdev_ioctl_handler+0x1fd0/0x2d58 [ 31.828784][ T6253] evdev_ioctl+0x38/0x4c [ 31.830194][ T6253] __arm64_sys_ioctl+0x14c/0x1c8 [ 31.831711][ T6253] invoke_syscall+0x98/0x2b8 [ 31.833175][ T6253] el0_svc_common+0x130/0x23c [ 31.834661][ T6253] do_el0_svc+0x48/0x58 [ 31.835947][ T6253] el0_svc+0x54/0x168 [ 31.837122][ T6253] el0t_64_sync_handler+0x84/0xfc [ 31.838636][ T6253] el0t_64_sync+0x190/0x194 [ 31.839984][ T6253] [ 31.839984][ T6253] other info that might help us debug this: [ 31.839984][ T6253] [ 31.842717][ T6253] Chain exists of: [ 31.842717][ T6253] &newdev->mutex --> &evdev->mutex --> &ff->mutex [ 31.842717][ T6253] [ 31.846161][ T6253] Possible unsafe locking scenario: [ 31.846161][ T6253] [ 31.848180][ T6253] CPU0 CPU1 [ 31.849656][ T6253] ---- ---- [ 31.851432][ T6253] lock(&ff->mutex); [ 31.852584][ T6253] lock(&evdev->mutex); [ 31.854456][ T6253] lock(&ff->mutex); [ 31.856302][ T6253] lock(&newdev->mutex); [ 31.857522][ T6253] [ 31.857522][ T6253] *** DEADLOCK *** [ 31.857522][ T6253] [ 31.859799][ T6253] 2 locks held by syz-executor406/6253: [ 31.861257][ T6253] #0: ffff0000d7fd4110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_ioctl_handler+0x11c/0x2d58 [ 31.863931][ T6253] #1: ffff0000d89278b0 (&ff->mutex){+.+.}-{3:3}, at: input_ff_upload+0x31c/0x834 [ 31.866590][ T6253] [ 31.866590][ T6253] stack backtrace: [ 31.868163][ T6253] CPU: 1 PID: 6253 Comm: syz-executor406 Not tainted 6.9.0-rc7-syzkaller-gfda5695d692c #0 [ 31.870883][ T6253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 31.873667][ T6253] Call trace: [ 31.874621][ T6253] dump_backtrace+0x1b8/0x1e4 [ 31.876007][ T6253] show_stack+0x2c/0x3c [ 31.877174][ T6253] dump_stack_lvl+0xe4/0x150 [ 31.878493][ T6253] dump_stack+0x1c/0x28 [ 31.879656][ T6253] print_circular_bug+0x150/0x1b8 [ 31.881097][ T6253] check_noncircular+0x310/0x404 [ 31.882430][ T6253] __lock_acquire+0x3384/0x763c [ 31.883758][ T6253] lock_acquire+0x248/0x73c [ 31.885022][ T6253] __mutex_lock_common+0x190/0x21a0 [ 31.886532][ T6253] mutex_lock_interruptible_nested+0x2c/0x38 [ 31.888155][ T6253] uinput_request_submit+0x188/0x654 [ 31.889541][ T6253] uinput_dev_upload_effect+0x170/0x218 [ 31.891063][ T6253] input_ff_upload+0x49c/0x834 [ 31.892356][ T6253] evdev_ioctl_handler+0x1fd0/0x2d58 [ 31.893813][ T6253] evdev_ioctl+0x38/0x4c [ 31.894942][ T6253] __arm64_sys_ioctl+0x14c/0x1c8 [ 31.896277][ T6253] invoke_syscall+0x98/0x2b8 [ 31.897512][ T6253] el0_svc_common+0x130/0x23c [ 31.898798][ T6253] do_el0_svc+0x48/0x58 [ 31.899903][ T6253] el0_svc+0x54/0x168 [ 31.901016][ T6253] el0t_64_sync_handler+0x84/0xfc [ 31.902379][ T6253] el0t_64_sync+0x190/0x194 executing program [ 31.945742][ T6261] input: syz1 as /devices/virtual/input/input9 executing program [ 36.745232][ T6263] input: syz1 as /devices/virtual/input/input10 executing program [ 36.795438][ T6264] input: syz1 as /devices/virtual/input/input11 executing program [ 37.024953][ T6265] input: syz1 as /devices/virtual/input/input12