Warning: Permanently added '10.128.0.183' (ED25519) to the list of known hosts. executing program executing program [ 37.874342][ T4304] input: syz1 as /devices/virtual/input/input2 [ 37.878048][ T4305] input: syz1 as /devices/virtual/input/input3 executing program [ 37.889244][ T4306] input: syz1 as /devices/virtual/input/input4 executing program executing program [ 37.894348][ T4308] input: syz1 as /devices/virtual/input/input5 [ 37.896725][ T4307] input: syz1 as /devices/virtual/input/input6 [ 37.952459][ T4305] [ 37.953111][ T4305] ====================================================== [ 37.954671][ T4305] WARNING: possible circular locking dependency detected [ 37.956369][ T4305] 6.1.134-syzkaller #0 Not tainted [ 37.957691][ T4305] ------------------------------------------------------ [ 37.959276][ T4305] syz-executor383/4305 is trying to acquire lock: [ 37.960670][ T4305] ffff0000d5beb070 (&newdev->mutex){+.+.}-{3:3}, at: uinput_request_submit+0x188/0x654 [ 37.962957][ T4305] [ 37.962957][ T4305] but task is already holding lock: [ 37.964829][ T4305] ffff0000d5bea8b0 (&ff->mutex){+.+.}-{3:3}, at: input_ff_upload+0x31c/0x834 [ 37.966949][ T4305] [ 37.966949][ T4305] which lock already depends on the new lock. [ 37.966949][ T4305] [ 37.969688][ T4305] [ 37.969688][ T4305] the existing dependency chain (in reverse order) is: [ 37.971911][ T4305] [ 37.971911][ T4305] -> #3 (&ff->mutex){+.+.}-{3:3}: executing program [ 37.972126][ T4314] input: syz1 as /devices/virtual/input/input7 [ 37.973761][ T4305] __mutex_lock_common+0x190/0x21a0 [ 37.976852][ T4305] mutex_lock_nested+0x38/0x44 [ 37.978260][ T4305] input_ff_upload+0x31c/0x834 [ 37.979618][ T4305] evdev_ioctl_handler+0x1fd8/0x2d60 [ 37.981188][ T4305] evdev_ioctl+0x38/0x4c [ 37.982483][ T4305] __arm64_sys_ioctl+0x14c/0x1c8 [ 37.983889][ T4305] invoke_syscall+0x98/0x2bc [ 37.985181][ T4305] el0_svc_common+0x138/0x258 [ 37.986508][ T4305] do_el0_svc+0x58/0x13c [ 37.987709][ T4305] el0_svc+0x58/0x168 [ 37.988971][ T4305] el0t_64_sync_handler+0x84/0xf0 [ 37.990522][ T4305] el0t_64_sync+0x18c/0x190 [ 37.991815][ T4305] [ 37.991815][ T4305] -> #2 (&evdev->mutex){+.+.}-{3:3}: [ 37.993691][ T4305] __mutex_lock_common+0x190/0x21a0 [ 37.995137][ T4305] mutex_lock_nested+0x38/0x44 [ 37.996491][ T4305] evdev_cleanup+0x38/0x16c [ 37.997768][ T4305] evdev_disconnect+0x58/0xc0 [ 37.999247][ T4305] __input_unregister_device+0x31c/0x5c0 [ 38.000809][ T4305] input_unregister_device+0xb0/0xfc [ 38.002320][ T4305] uinput_destroy_device+0x5a4/0x79c [ 38.003863][ T4305] uinput_release+0x44/0x60 [ 38.005015][ T4305] __fput+0x1c8/0x7c8 [ 38.006205][ T4305] ____fput+0x20/0x30 [ 38.007361][ T4305] task_work_run+0x240/0x2f0 [ 38.008705][ T4305] do_exit+0x550/0x1a84 [ 38.009913][ T4305] do_group_exit+0x194/0x22c [ 38.011059][ T4305] __wake_up_parent+0x0/0x60 [ 38.012395][ T4305] invoke_syscall+0x98/0x2bc [ 38.013757][ T4305] el0_svc_common+0x138/0x258 [ 38.015142][ T4305] do_el0_svc+0x58/0x13c [ 38.016359][ T4305] el0_svc+0x58/0x168 [ 38.017493][ T4305] el0t_64_sync_handler+0x84/0xf0 [ 38.018864][ T4305] el0t_64_sync+0x18c/0x190 [ 38.020242][ T4305] [ 38.020242][ T4305] -> #1 (input_mutex){+.+.}-{3:3}: [ 38.022187][ T4305] __mutex_lock_common+0x190/0x21a0 [ 38.023700][ T4305] mutex_lock_interruptible_nested+0x38/0x44 [ 38.025421][ T4305] input_register_device+0x914/0xf8c [ 38.026986][ T4305] uinput_create_device+0x360/0x528 [ 38.028529][ T4305] uinput_ioctl_handler+0x8b0/0x16c0 [ 38.030168][ T4305] uinput_ioctl+0x38/0x4c [ 38.031512][ T4305] __arm64_sys_ioctl+0x14c/0x1c8 [ 38.032779][ T4305] invoke_syscall+0x98/0x2bc [ 38.034125][ T4305] el0_svc_common+0x138/0x258 [ 38.035488][ T4305] do_el0_svc+0x58/0x13c [ 38.036803][ T4305] el0_svc+0x58/0x168 [ 38.038003][ T4305] el0t_64_sync_handler+0x84/0xf0 [ 38.039448][ T4305] el0t_64_sync+0x18c/0x190 [ 38.040759][ T4305] [ 38.040759][ T4305] -> #0 (&newdev->mutex){+.+.}-{3:3}: [ 38.042780][ T4305] __lock_acquire+0x3338/0x7680 [ 38.044284][ T4305] lock_acquire+0x26c/0x7cc [ 38.045572][ T4305] __mutex_lock_common+0x190/0x21a0 [ 38.047091][ T4305] mutex_lock_interruptible_nested+0x38/0x44 [ 38.048802][ T4305] uinput_request_submit+0x188/0x654 [ 38.050359][ T4305] uinput_dev_upload_effect+0x170/0x218 [ 38.051869][ T4305] input_ff_upload+0x49c/0x834 [ 38.053260][ T4305] evdev_ioctl_handler+0x1fd8/0x2d60 [ 38.054707][ T4305] evdev_ioctl+0x38/0x4c [ 38.055893][ T4305] __arm64_sys_ioctl+0x14c/0x1c8 [ 38.057350][ T4305] invoke_syscall+0x98/0x2bc [ 38.058610][ T4305] el0_svc_common+0x138/0x258 [ 38.059959][ T4305] do_el0_svc+0x58/0x13c [ 38.061189][ T4305] el0_svc+0x58/0x168 [ 38.062406][ T4305] el0t_64_sync_handler+0x84/0xf0 [ 38.063874][ T4305] el0t_64_sync+0x18c/0x190 [ 38.065136][ T4305] [ 38.065136][ T4305] other info that might help us debug this: [ 38.065136][ T4305] [ 38.067715][ T4305] Chain exists of: [ 38.067715][ T4305] &newdev->mutex --> &evdev->mutex --> &ff->mutex [ 38.067715][ T4305] [ 38.070804][ T4305] Possible unsafe locking scenario: [ 38.070804][ T4305] [ 38.072596][ T4305] CPU0 CPU1 [ 38.074027][ T4305] ---- ---- [ 38.075459][ T4305] lock(&ff->mutex); [ 38.076549][ T4305] lock(&evdev->mutex); [ 38.078351][ T4305] lock(&ff->mutex); [ 38.080154][ T4305] lock(&newdev->mutex); [ 38.081425][ T4305] [ 38.081425][ T4305] *** DEADLOCK *** [ 38.081425][ T4305] [ 38.083617][ T4305] 2 locks held by syz-executor383/4305: [ 38.085059][ T4305] #0: ffff0000de7f2110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_ioctl_handler+0x11c/0x2d60 [ 38.087620][ T4305] #1: ffff0000d5bea8b0 (&ff->mutex){+.+.}-{3:3}, at: input_ff_upload+0x31c/0x834 [ 38.090083][ T4305] [ 38.090083][ T4305] stack backtrace: [ 38.091507][ T4305] CPU: 0 PID: 4305 Comm: syz-executor383 Not tainted 6.1.134-syzkaller #0 [ 38.093676][ T4305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 38.096224][ T4305] Call trace: [ 38.097140][ T4305] dump_backtrace+0x1c8/0x1f4 [ 38.098347][ T4305] show_stack+0x2c/0x3c [ 38.099483][ T4305] dump_stack_lvl+0x108/0x170 [ 38.100816][ T4305] dump_stack+0x1c/0x105c [ 38.102000][ T4305] print_circular_bug+0x150/0x1b8 [ 38.103305][ T4305] check_noncircular+0x2cc/0x378 [ 38.104590][ T4305] __lock_acquire+0x3338/0x7680 [ 38.105941][ T4305] lock_acquire+0x26c/0x7cc [ 38.107159][ T4305] __mutex_lock_common+0x190/0x21a0 [ 38.108434][ T4305] mutex_lock_interruptible_nested+0x38/0x44 [ 38.109997][ T4305] uinput_request_submit+0x188/0x654 [ 38.111449][ T4305] uinput_dev_upload_effect+0x170/0x218 [ 38.112836][ T4305] input_ff_upload+0x49c/0x834 [ 38.114066][ T4305] evdev_ioctl_handler+0x1fd8/0x2d60 [ 38.115368][ T4305] evdev_ioctl+0x38/0x4c [ 38.116437][ T4305] __arm64_sys_ioctl+0x14c/0x1c8 [ 38.117660][ T4305] invoke_syscall+0x98/0x2bc [ 38.118882][ T4305] el0_svc_common+0x138/0x258 [ 38.120187][ T4305] do_el0_svc+0x58/0x13c [ 38.121296][ T4305] el0_svc+0x58/0x168 [ 38.122429][ T4305] el0t_64_sync_handler+0x84/0xf0 [ 38.123669][ T4305] el0t_64_sync+0x18c/0x190 executing program [ 38.138900][ T4315] input: syz1 as /devices/virtual/input/input8 executing program [ 38.206132][ T4316] input: syz1 as /devices/virtual/input/input9 executing program [ 42.951534][ T4317] input: syz1 as /devices/virtual/input/input10 executing program [ 43.052559][ T4318] input: syz1 as /devices/virtual/input/input11 executing program [ 43.221166][ T4319] input: syz1 as /devices/virtual/input/input12 executing program [ 43.281451][ T4320] input: syz1 as /devices/virtual/input/input13