[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 11.413964] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 12.547872] random: crng init done Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.54' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 41.300102] input: syz0 as /devices/virtual/input/input4 [ 41.300221] input: syz0 as /devices/virtual/input/input5 [ 41.308740] input: syz0 as /devices/virtual/input/input6 [ 41.312583] input: syz0 as /devices/virtual/input/input7 [ 41.313995] input: syz0 as /devices/virtual/input/input8 executing program [ 41.346381] input: syz0 as /devices/virtual/input/input9 executing program [ 41.401026] input: syz0 as /devices/virtual/input/input10 executing program executing program [ 41.446810] input: syz0 as /devices/virtual/input/input11 [ 41.498673] input: syz0 as /devices/virtual/input/input12 executing program executing program [ 41.546569] input: syz0 as /devices/virtual/input/input13 [ 41.571596] input: syz0 as /devices/virtual/input/input14 executing program [ 41.618809] input: syz0 as /devices/virtual/input/input15 executing program executing program [ 41.668122] input: syz0 as /devices/virtual/input/input16 [ 41.686798] input: syz0 as /devices/virtual/input/input17 executing program executing program executing program [ 41.718785] input: syz0 as /devices/virtual/input/input18 [ 41.748547] input: syz0 as /devices/virtual/input/input19 executing program [ 41.804172] input: syz0 as /devices/virtual/input/input20 [ 41.837500] input: syz0 as /devices/virtual/input/input21 executing program executing program [ 41.888517] input: syz0 as /devices/virtual/input/input22 [ 41.903402] input: syz0 as /devices/virtual/input/input23 executing program [ 41.945358] input: syz0 as /devices/virtual/input/input24 executing program [ 42.018248] input: syz0 as /devices/virtual/input/input25 executing program executing program [ 42.066828] input: syz0 as /devices/virtual/input/input26 executing program [ 42.121548] input: syz0 as /devices/virtual/input/input27 [ 42.126481] input: syz0 as /devices/virtual/input/input28 executing program [ 42.166136] input: syz0 as /devices/virtual/input/input29 executing program [ 42.218177] input: syz0 as /devices/virtual/input/input30 executing program [ 42.268822] input: syz0 as /devices/virtual/input/input31 executing program [ 42.318220] input: syz0 as /devices/virtual/input/input32 executing program executing program [ 42.401761] input: syz0 as /devices/virtual/input/input33 [ 42.440370] input: syz0 as /devices/virtual/input/input34 executing program executing program [ 42.486771] input: syz0 as /devices/virtual/input/input35 [ 42.502584] input: syz0 as /devices/virtual/input/input36 executing program [ 42.536322] input: syz0 as /devices/virtual/input/input37 executing program [ 42.587431] input: syz0 as /devices/virtual/input/input38 executing program [ 42.638175] input: syz0 as /devices/virtual/input/input39 executing program [ 42.728412] input: syz0 as /devices/virtual/input/input40 executing program executing program [ 42.787324] input: syz0 as /devices/virtual/input/input41 [ 42.802380] input: syz0 as /devices/virtual/input/input42 executing program executing program [ 42.835175] input: syz0 as /devices/virtual/input/input43 [ 42.855440] input: syz0 as /devices/virtual/input/input44 executing program [ 42.918231] input: syz0 as /devices/virtual/input/input45 executing program executing program [ 42.966986] input: syz0 as /devices/virtual/input/input46 executing program [ 43.007975] input: syz0 as /devices/virtual/input/input47 [ 43.047332] input: syz0 as /devices/virtual/input/input48 executing program [ 43.062017] input: syz0 as /devices/virtual/input/input49 executing program [ 43.108183] input: syz0 as /devices/virtual/input/input50 executing program [ 43.157843] input: syz0 as /devices/virtual/input/input51 executing program [ 43.208338] input: syz0 as /devices/virtual/input/input52 [ 43.248999] [ 43.250656] ====================================================== [ 43.256959] [ INFO: possible circular locking dependency detected ] [ 43.263361] 4.9.141+ #23 Not tainted [ 43.267240] ------------------------------------------------------- [ 43.273618] syz-executor116/2216 is trying to acquire lock: [ 43.279301] (&newdev->mutex){+.+.+.}, at: [] uinput_request_submit.part.2+0x29/0x200 [ 43.289224] but task is already holding lock: [ 43.293879] (&ff->mutex){+.+...}, at: [] input_ff_upload+0x10a/0xa00 [ 43.302386] which lock already depends on the new lock. [ 43.302386] [ 43.309374] [ 43.309374] the existing dependency chain (in reverse order) is: [ 43.316971] -> #3 (&ff->mutex){+.+...}: [ 43.321602] lock_acquire+0x130/0x3e0 [ 43.325902] mutex_lock_nested+0xc0/0x900 [ 43.330549] input_ff_upload+0x10a/0xa00 [ 43.335107] evdev_ioctl_handler+0xe62/0x1820 [ 43.340701] evdev_ioctl_compat+0x29/0x30 [ 43.345356] compat_SyS_ioctl+0x12d/0x1fd0 [ 43.350180] do_fast_syscall_32+0x2f1/0xa10 [ 43.355006] entry_SYSENTER_compat+0x90/0xa2 [ 43.359914] -> #2 (&evdev->mutex){+.+...}: [ 43.364908] lock_acquire+0x130/0x3e0 [ 43.369206] mutex_lock_nested+0xc0/0x900 [ 43.373850] evdev_cleanup+0x26/0x1a0 [ 43.378150] evdev_disconnect+0x43/0xa0 [ 43.382622] __input_unregister_device+0x1ec/0x490 [ 43.388051] input_unregister_device+0xa6/0xf0 [ 43.393130] uinput_destroy_device+0x1cf/0x220 [ 43.398209] uinput_release+0x3a/0x50 [ 43.402510] __fput+0x263/0x700 [ 43.406287] ____fput+0x15/0x20 [ 43.410071] task_work_run+0x10c/0x180 [ 43.414454] do_exit+0x78d/0x2a50 [ 43.418406] do_group_exit+0x111/0x300 [ 43.422788] SyS_exit_group+0x1d/0x20 [ 43.427099] do_fast_syscall_32+0x2f1/0xa10 [ 43.432008] entry_SYSENTER_compat+0x90/0xa2 [ 43.436909] -> #1 (input_mutex){+.+.+.}: [ 43.441622] lock_acquire+0x130/0x3e0 [ 43.445921] mutex_lock_interruptible_nested+0xcc/0x9c0 [ 43.451786] input_register_device.cold.13+0x39/0x204 [ 43.457559] uinput_ioctl_handler.isra.4+0x84a/0x1980 [ 43.463246] uinput_compat_ioctl+0x5f/0x80 [ 43.467987] compat_SyS_ioctl+0x12d/0x1fd0 [ 43.472718] do_fast_syscall_32+0x2f1/0xa10 [ 43.477537] entry_SYSENTER_compat+0x90/0xa2 [ 43.482453] -> #0 (&newdev->mutex){+.+.+.}: [ 43.487422] __lock_acquire+0x3189/0x4a10 [ 43.492078] lock_acquire+0x130/0x3e0 [ 43.496725] mutex_lock_interruptible_nested+0xcc/0x9c0 [ 43.502688] uinput_request_submit.part.2+0x29/0x200 [ 43.508290] uinput_dev_upload_effect+0x14a/0x1c0 [ 43.513630] input_ff_upload+0x528/0xa00 [ 43.518190] evdev_ioctl_handler+0xe62/0x1820 [ 43.523180] evdev_ioctl_compat+0x29/0x30 [ 43.527825] compat_SyS_ioctl+0x12d/0x1fd0 [ 43.532566] do_fast_syscall_32+0x2f1/0xa10 [ 43.537387] entry_SYSENTER_compat+0x90/0xa2 [ 43.542300] [ 43.542300] other info that might help us debug this: [ 43.542300] [ 43.550418] Chain exists of: &newdev->mutex --> &evdev->mutex --> &ff->mutex [ 43.558756] Possible unsafe locking scenario: [ 43.558756] [ 43.564792] CPU0 CPU1 [ 43.569434] ---- ---- [ 43.574088] lock(&ff->mutex); [ 43.577604] lock(&evdev->mutex); [ 43.583883] lock(&ff->mutex); [ 43.589902] lock(&newdev->mutex); [ 43.593759] [ 43.593759] *** DEADLOCK *** [ 43.593759] [ 43.599796] 2 locks held by syz-executor116/2216: [ 43.604613] #0: (&evdev->mutex){+.+...}, at: [] evdev_ioctl_handler+0x112/0x1820 [ 43.614400] #1: (&ff->mutex){+.+...}, at: [] input_ff_upload+0x10a/0xa00 [ 43.623461] [ 43.623461] stack backtrace: [ 43.627941] CPU: 1 PID: 2216 Comm: syz-executor116 Not tainted 4.9.141+ #23 [ 43.635040] ffff8801c9dc7778 ffffffff81b42e79 ffffffff83cc2500 ffffffff83cc4bd0 [ 43.643088] ffffffff83cc10c0 ffff8801c9b120b8 ffff8801c9b117c0 ffff8801c9dc77c0 [ 43.651097] ffffffff813fee40 0000000000000002 00000000c9b12098 0000000000000002 [ 43.659119] Call Trace: [ 43.661712] [] dump_stack+0xc1/0x128 [ 43.667056] [] print_circular_bug.cold.36+0x2f7/0x432 [ 43.673876] [] __lock_acquire+0x3189/0x4a10 [ 43.679824] [] ? trace_hardirqs_on+0x10/0x10 [ 43.685864] [] ? trace_hardirqs_on+0x10/0x10 [ 43.691905] [] ? mark_held_locks+0xc7/0x130 [ 43.697855] [] lock_acquire+0x130/0x3e0 [ 43.703457] [] ? uinput_request_submit.part.2+0x29/0x200 [ 43.710538] [] mutex_lock_interruptible_nested+0xcc/0x9c0 [ 43.717734] [] ? uinput_request_submit.part.2+0x29/0x200 [ 43.724812] [] ? uinput_request_submit.part.2+0x29/0x200 [ 43.731888] [] ? _raw_spin_unlock+0x2c/0x50 [ 43.737837] [] ? mutex_lock_killable_nested+0x9f0/0x9f0 [ 43.744939] [] ? uinput_write+0xce0/0xce0 [ 43.750734] [] ? preempt_schedule_common+0x1f/0xe0 [ 43.757313] [] uinput_request_submit.part.2+0x29/0x200 [ 43.764304] [] uinput_dev_upload_effect+0x14a/0x1c0 [ 43.770956] [] ? uinput_request_reserve_slot+0x2e0/0x2e0 [ 43.778033] [] ? mutex_trylock+0x3e0/0x3e0 [ 43.783904] [] ? lock_acquire+0x173/0x3e0 [ 43.789856] [] ? __might_fault+0x114/0x1d0 [ 43.795722] [] input_ff_upload+0x528/0xa00 [ 43.801685] [] evdev_ioctl_handler+0xe62/0x1820 [ 43.807985] [] ? __might_sleep+0x95/0x1a0 [ 43.813758] [] ? evdev_open+0x4b0/0x4b0 [ 43.819360] [] ? selinux_file_ioctl+0x10a/0x550 [ 43.825672] [] ? putname+0xdb/0x110 [ 43.830928] [] ? selinux_parse_skb.constprop.42+0x1a90/0x1a90 [ 43.838446] [] ? kmem_cache_free+0x28f/0x310 [ 43.844482] [] ? putname+0xe0/0x110 [ 43.849739] [] ? filp_open+0x70/0x70 [ 43.855083] [] ? evdev_ioctl_handler+0x1820/0x1820 [ 43.861639] [] evdev_ioctl_compat+0x29/0x30 [ 43.867591] [] compat_SyS_ioctl+0x12d/0x1fd0 [ 43.873628] [] ? do_ioctl+0x60/0x60 [ 43.878883] [] do_fast_syscall_32+0x2f1/0xa10 [ 43.885008] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 43.891769] [] entry_SYSENTER_compat+0x90/0xa2