Warning: Permanently added '10.128.0.210' (ED25519) to the list of known hosts. executing program executing program executing program executing program executing program [ 38.324796][ T6248] input: syz1 as /devices/virtual/input/input2 [ 38.327152][ T6251] input: syz1 as /devices/virtual/input/input3 [ 38.329193][ T6253] input: syz1 as /devices/virtual/input/input4 [ 38.330963][ T6252] input: syz1 as /devices/virtual/input/input6 [ 38.333101][ T6246] input: syz1 as /devices/virtual/input/input5 [ 38.342918][ T6248] [ 38.343547][ T6248] ====================================================== [ 38.345421][ T6248] WARNING: possible circular locking dependency detected [ 38.347221][ T6248] 6.9.0-rc7-syzkaller-gfda5695d692c #0 Not tainted [ 38.349005][ T6248] ------------------------------------------------------ [ 38.350913][ T6248] syz-executor144/6248 is trying to acquire lock: [ 38.352664][ T6248] ffff0000d6b65110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_cleanup+0x38/0x16c [ 38.355026][ T6248] [ 38.355026][ T6248] but task is already holding lock: [ 38.356947][ T6248] ffff800090ffb888 (input_mutex){+.+.}-{3:3}, at: __input_unregister_device+0x2a4/0x5c0 [ 38.359552][ T6248] [ 38.359552][ T6248] which lock already depends on the new lock. [ 38.359552][ T6248] [ 38.362285][ T6248] [ 38.362285][ T6248] the existing dependency chain (in reverse order) is: [ 38.364711][ T6248] [ 38.364711][ T6248] -> #3 (input_mutex){+.+.}-{3:3}: [ 38.366650][ T6248] __mutex_lock_common+0x190/0x21a0 [ 38.368229][ T6248] mutex_lock_interruptible_nested+0x2c/0x38 [ 38.370012][ T6248] input_register_device+0x8dc/0xde8 [ 38.371550][ T6248] uinput_create_device+0x360/0x528 [ 38.373163][ T6248] uinput_ioctl_handler+0x8b0/0x16c0 [ 38.374738][ T6248] uinput_ioctl+0x38/0x4c [ 38.376115][ T6248] __arm64_sys_ioctl+0x14c/0x1c8 [ 38.377623][ T6248] invoke_syscall+0x98/0x2b8 [ 38.379077][ T6248] el0_svc_common+0x130/0x23c [ 38.380544][ T6248] do_el0_svc+0x48/0x58 [ 38.381792][ T6248] el0_svc+0x54/0x168 [ 38.383002][ T6248] el0t_64_sync_handler+0x84/0xfc [ 38.384519][ T6248] el0t_64_sync+0x190/0x194 [ 38.385843][ T6248] [ 38.385843][ T6248] -> #2 (&newdev->mutex){+.+.}-{3:3}: [ 38.387923][ T6248] __mutex_lock_common+0x190/0x21a0 [ 38.389469][ T6248] mutex_lock_interruptible_nested+0x2c/0x38 [ 38.391174][ T6248] uinput_request_submit+0x188/0x654 [ 38.392800][ T6248] uinput_dev_upload_effect+0x170/0x218 [ 38.394436][ T6248] input_ff_upload+0x49c/0x834 [ 38.395777][ T6248] evdev_ioctl_handler+0x1fd0/0x2d58 [ 38.397342][ T6248] evdev_ioctl+0x38/0x4c [ 38.398609][ T6248] __arm64_sys_ioctl+0x14c/0x1c8 [ 38.400151][ T6248] invoke_syscall+0x98/0x2b8 [ 38.401487][ T6248] el0_svc_common+0x130/0x23c [ 38.402893][ T6248] do_el0_svc+0x48/0x58 [ 38.404131][ T6248] el0_svc+0x54/0x168 [ 38.405355][ T6248] el0t_64_sync_handler+0x84/0xfc [ 38.406919][ T6248] el0t_64_sync+0x190/0x194 [ 38.408342][ T6248] [ 38.408342][ T6248] -> #1 (&ff->mutex){+.+.}-{3:3}: [ 38.410212][ T6248] __mutex_lock_common+0x190/0x21a0 [ 38.411730][ T6248] mutex_lock_nested+0x2c/0x38 [ 38.413082][ T6248] input_ff_upload+0x31c/0x834 [ 38.414467][ T6248] evdev_ioctl_handler+0x1fd0/0x2d58 [ 38.415940][ T6248] evdev_ioctl+0x38/0x4c [ 38.417212][ T6248] __arm64_sys_ioctl+0x14c/0x1c8 [ 38.418670][ T6248] invoke_syscall+0x98/0x2b8 [ 38.420091][ T6248] el0_svc_common+0x130/0x23c [ 38.421402][ T6248] do_el0_svc+0x48/0x58 [ 38.422684][ T6248] el0_svc+0x54/0x168 [ 38.423916][ T6248] el0t_64_sync_handler+0x84/0xfc [ 38.425410][ T6248] el0t_64_sync+0x190/0x194 [ 38.426763][ T6248] [ 38.426763][ T6248] -> #0 (&evdev->mutex){+.+.}-{3:3}: [ 38.428818][ T6248] __lock_acquire+0x3384/0x763c [ 38.430262][ T6248] lock_acquire+0x248/0x73c [ 38.431607][ T6248] __mutex_lock_common+0x190/0x21a0 [ 38.433121][ T6248] mutex_lock_nested+0x2c/0x38 [ 38.434578][ T6248] evdev_cleanup+0x38/0x16c [ 38.435904][ T6248] evdev_disconnect+0x58/0xc0 [ 38.437319][ T6248] __input_unregister_device+0x31c/0x5c0 [ 38.438960][ T6248] input_unregister_device+0xb0/0xfc [ 38.440561][ T6248] uinput_destroy_device+0x5a4/0x79c [ 38.442122][ T6248] uinput_release+0x44/0x60 [ 38.443431][ T6248] __fput+0x30c/0x738 [ 38.444620][ T6248] ____fput+0x20/0x30 [ 38.445766][ T6248] task_work_run+0x230/0x2e0 [ 38.447076][ T6248] do_exit+0x4e4/0x1ac8 [ 38.448303][ T6248] do_group_exit+0x194/0x22c [ 38.449625][ T6248] pid_child_should_wake+0x0/0x1dc [ 38.451224][ T6248] invoke_syscall+0x98/0x2b8 [ 38.452654][ T6248] el0_svc_common+0x130/0x23c [ 38.454027][ T6248] do_el0_svc+0x48/0x58 [ 38.455254][ T6248] el0_svc+0x54/0x168 [ 38.456407][ T6248] el0t_64_sync_handler+0x84/0xfc [ 38.457872][ T6248] el0t_64_sync+0x190/0x194 [ 38.459220][ T6248] [ 38.459220][ T6248] other info that might help us debug this: [ 38.459220][ T6248] [ 38.462014][ T6248] Chain exists of: [ 38.462014][ T6248] &evdev->mutex --> &newdev->mutex --> input_mutex [ 38.462014][ T6248] [ 38.464886][ T6248] Possible unsafe locking scenario: [ 38.464886][ T6248] [ 38.466309][ T6248] CPU0 CPU1 [ 38.467356][ T6248] ---- ---- [ 38.468663][ T6248] lock(input_mutex); [ 38.469766][ T6248] lock(&newdev->mutex); [ 38.471737][ T6248] lock(input_mutex); [ 38.473652][ T6248] lock(&evdev->mutex); [ 38.474778][ T6248] [ 38.474778][ T6248] *** DEADLOCK *** [ 38.474778][ T6248] [ 38.476940][ T6248] 1 lock held by syz-executor144/6248: [ 38.478489][ T6248] #0: ffff800090ffb888 (input_mutex){+.+.}-{3:3}, at: __input_unregister_device+0x2a4/0x5c0 [ 38.481228][ T6248] [ 38.481228][ T6248] stack backtrace: [ 38.482798][ T6248] CPU: 0 PID: 6248 Comm: syz-executor144 Not tainted 6.9.0-rc7-syzkaller-gfda5695d692c #0 [ 38.485575][ T6248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 38.488228][ T6248] Call trace: [ 38.489067][ T6248] dump_backtrace+0x1b8/0x1e4 [ 38.490312][ T6248] show_stack+0x2c/0x3c [ 38.491449][ T6248] dump_stack_lvl+0xe4/0x150 [ 38.492688][ T6248] dump_stack+0x1c/0x28 [ 38.493783][ T6248] print_circular_bug+0x150/0x1b8 [ 38.495156][ T6248] check_noncircular+0x310/0x404 [ 38.496452][ T6248] __lock_acquire+0x3384/0x763c [ 38.497795][ T6248] lock_acquire+0x248/0x73c [ 38.498915][ T6248] __mutex_lock_common+0x190/0x21a0 [ 38.500287][ T6248] mutex_lock_nested+0x2c/0x38 [ 38.501500][ T6248] evdev_cleanup+0x38/0x16c [ 38.502738][ T6248] evdev_disconnect+0x58/0xc0 [ 38.503949][ T6248] __input_unregister_device+0x31c/0x5c0 [ 38.505449][ T6248] input_unregister_device+0xb0/0xfc [ 38.506904][ T6248] uinput_destroy_device+0x5a4/0x79c [ 38.508354][ T6248] uinput_release+0x44/0x60 [ 38.509542][ T6248] __fput+0x30c/0x738 [ 38.510542][ T6248] ____fput+0x20/0x30 [ 38.511576][ T6248] task_work_run+0x230/0x2e0 [ 38.512802][ T6248] do_exit+0x4e4/0x1ac8 [ 38.513939][ T6248] do_group_exit+0x194/0x22c [ 38.515123][ T6248] pid_child_should_wake+0x0/0x1dc [ 38.516464][ T6248] invoke_syscall+0x98/0x2b8 [ 38.517632][ T6248] el0_svc_common+0x130/0x23c [ 38.518879][ T6248] do_el0_svc+0x48/0x58 [ 38.520007][ T6248] el0_svc+0x54/0x168 [ 38.521089][ T6248] el0t_64_sync_handler+0x84/0xfc [ 38.522466][ T6248] el0t_64_sync+0x190/0x194 executing program [ 38.555256][ T6258] input: syz1 as /devices/virtual/input/input7 [ 38.597562][ T6259] input: syz1 as /devices/virtual/input/input8 executing program executing program [ 43.394836][ T6262] input: syz1 as /devices/virtual/input/input9 executing program [ 43.434933][ T6263] input: syz1 as /devices/virtual/input/input10 executing program [ 43.645192][ T6264] input: syz1 as /devices/virtual/input/input11 executing program [ 43.686248][ T6265] input: syz1 as /devices/virtual/input/input12