====================================================== [ INFO: possible circular locking dependency detected ] 4.9.141+ #23 Not tainted ------------------------------------------------------- syz-executor.3/25039 is trying to acquire lock: (&newdev->mutex){+.+.+.}, at: [] uinput_request_send drivers/input/misc/uinput.c:116 [inline] (&newdev->mutex){+.+.+.}, at: [] uinput_request_submit.part.2+0x29/0x200 drivers/input/misc/uinput.c:147 but task is already holding lock: (&ff->mutex){+.+...}, at: [] input_ff_upload+0x10a/0xa00 drivers/input/ff-core.c:135 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 __mutex_lock_common kernel/locking/mutex.c:521 [inline] mutex_lock_nested+0xc0/0x900 kernel/locking/mutex.c:621 flush_effects+0x58/0x110 drivers/input/ff-core.c:249 SELinux: ebitmap start bit (-1409098496) is beyond the end of the bitmap (1762192832) input_flush_device+0x8e/0xd0 drivers/input/input.c:632 evdev_flush+0xfb/0x120 drivers/input/evdev.c:353 filp_close+0xa7/0x140 fs/open.c:1129 __close_fd+0x156/0x230 fs/file.c:651 SYSC_close fs/open.c:1148 [inline] SyS_close+0x4c/0x90 fs/open.c:1146 do_syscall_32_irqs_on arch/x86/entry/common.c:328 [inline] do_fast_syscall_32+0x2f1/0xa10 arch/x86/entry/common.c:390 entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137 lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 __mutex_lock_common kernel/locking/mutex.c:521 [inline] mutex_lock_nested+0xc0/0x900 kernel/locking/mutex.c:621 input_disconnect_device drivers/input/input.c:704 [inline] __input_unregister_device+0x2a/0x490 drivers/input/input.c:2018 input_unregister_device+0xa6/0xf0 drivers/input/input.c:2197 uinput_destroy_device+0x1cf/0x220 drivers/input/misc/uinput.c:246 uinput_ioctl_handler.isra.4+0xffb/0x1980 drivers/input/misc/uinput.c:821 uinput_compat_ioctl+0x5f/0x80 drivers/input/misc/uinput.c:1001 C_SYSC_ioctl fs/compat_ioctl.c:1602 [inline] compat_SyS_ioctl+0x12d/0x1fd0 fs/compat_ioctl.c:1549 do_syscall_32_irqs_on arch/x86/entry/common.c:328 [inline] do_fast_syscall_32+0x2f1/0xa10 arch/x86/entry/common.c:390 entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137 check_prev_add kernel/locking/lockdep.c:1828 [inline] check_prevs_add kernel/locking/lockdep.c:1938 [inline] validate_chain kernel/locking/lockdep.c:2265 [inline] __lock_acquire+0x3189/0x4a10 kernel/locking/lockdep.c:3345 lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 __mutex_lock_common kernel/locking/mutex.c:521 [inline] mutex_lock_interruptible_nested+0xcc/0x9c0 kernel/locking/mutex.c:650 uinput_request_send drivers/input/misc/uinput.c:116 [inline] uinput_request_submit.part.2+0x29/0x200 drivers/input/misc/uinput.c:147 uinput_request_submit drivers/input/misc/uinput.c:144 [inline] uinput_dev_upload_effect+0x14a/0x1c0 drivers/input/misc/uinput.c:216 input_ff_upload+0x528/0xa00 drivers/input/ff-core.c:165 evdev_do_ioctl drivers/input/evdev.c:1213 [inline] evdev_ioctl_handler+0xe62/0x1820 drivers/input/evdev.c:1302 evdev_ioctl_compat+0x29/0x30 drivers/input/evdev.c:1318 C_SYSC_ioctl fs/compat_ioctl.c:1602 [inline] compat_SyS_ioctl+0x12d/0x1fd0 fs/compat_ioctl.c:1549 do_syscall_32_irqs_on arch/x86/entry/common.c:328 [inline] do_fast_syscall_32+0x2f1/0xa10 arch/x86/entry/common.c:390 entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137 other info that might help us debug this: Chain exists of: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&ff->mutex); lock(&dev->mutex#2); lock(&ff->mutex); lock(&newdev->mutex); *** DEADLOCK *** 2 locks held by syz-executor.3/25039: #0: (&evdev->mutex){+.+.+.}, at: [] evdev_ioctl_handler+0x112/0x1820 drivers/input/evdev.c:1293 #1: (&ff->mutex){+.+...}, at: [] input_ff_upload+0x10a/0xa00 drivers/input/ff-core.c:135 stack backtrace: CPU: 1 PID: 25039 Comm: syz-executor.3 Not tainted 4.9.141+ #23 ffff8801d137f778 ffffffff81b42e79 ffffffff83c98560 ffffffff83cebc30 ffffffff83cd8fd0 ffff8801c53f3878 ffff8801c53f2f80 ffff8801d137f7c0 ffffffff813fee40 0000000000000002 00000000c53f3858 0000000000000002 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] print_circular_bug.cold.36+0x2f7/0x432 kernel/locking/lockdep.c:1202 [] check_prev_add kernel/locking/lockdep.c:1828 [inline] [] check_prevs_add kernel/locking/lockdep.c:1938 [inline] [] validate_chain kernel/locking/lockdep.c:2265 [inline] [] __lock_acquire+0x3189/0x4a10 kernel/locking/lockdep.c:3345 [] lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_interruptible_nested+0xcc/0x9c0 kernel/locking/mutex.c:650 [] uinput_request_send drivers/input/misc/uinput.c:116 [inline] [] uinput_request_submit.part.2+0x29/0x200 drivers/input/misc/uinput.c:147 [] uinput_request_submit drivers/input/misc/uinput.c:144 [inline] [] uinput_dev_upload_effect+0x14a/0x1c0 drivers/input/misc/uinput.c:216 [] input_ff_upload+0x528/0xa00 drivers/input/ff-core.c:165 [] evdev_do_ioctl drivers/input/evdev.c:1213 [inline] [] evdev_ioctl_handler+0xe62/0x1820 drivers/input/evdev.c:1302 [] evdev_ioctl_compat+0x29/0x30 drivers/input/evdev.c:1318 [] C_SYSC_ioctl fs/compat_ioctl.c:1602 [inline] [] compat_SyS_ioctl+0x12d/0x1fd0 fs/compat_ioctl.c:1549 [] do_syscall_32_irqs_on arch/x86/entry/common.c:328 [inline] [] do_fast_syscall_32+0x2f1/0xa10 arch/x86/entry/common.c:390 [] entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137 SELinux: ebitmap start bit (-1409098496) is beyond the end of the bitmap (1762192832)