Warning: Permanently added '10.128.1.95' (ED25519) to the list of known hosts. executing program executing program executing program executing program executing program [ 37.087388][ T4300] input: syz1 as /devices/virtual/input/input4 [ 37.089274][ T4299] input: syz1 as /devices/virtual/input/input3 [ 37.091091][ T4302] input: syz1 as /devices/virtual/input/input5 [ 37.092767][ T4301] input: syz1 as /devices/virtual/input/input6 [ 37.095482][ T4298] input: syz1 as /devices/virtual/input/input2 executing program [ 37.175688][ T4307] input: syz1 as /devices/virtual/input/input7 [ 37.204483][ T4298] [ 37.205079][ T4298] ====================================================== [ 37.206765][ T4298] WARNING: possible circular locking dependency detected [ 37.208442][ T4298] 6.1.134-syzkaller #0 Not tainted [ 37.209673][ T4298] ------------------------------------------------------ [ 37.211317][ T4298] syz-executor240/4298 is trying to acquire lock: [ 37.212917][ T4298] ffff0000d9ccf870 (&newdev->mutex){+.+.}-{3:3}, at: uinput_request_submit+0x188/0x654 [ 37.215353][ T4298] [ 37.215353][ T4298] but task is already holding lock: [ 37.217348][ T4298] ffff0000db3500b0 (&ff->mutex){+.+.}-{3:3}, at: input_ff_upload+0x31c/0x834 [ 37.219760][ T4298] [ 37.219760][ T4298] which lock already depends on the new lock. [ 37.219760][ T4298] [ 37.222575][ T4298] [ 37.222575][ T4298] the existing dependency chain (in reverse order) is: [ 37.224960][ T4298] [ 37.224960][ T4298] -> #3 (&ff->mutex){+.+.}-{3:3}: [ 37.226997][ T4298] __mutex_lock_common+0x190/0x21a0 [ 37.228524][ T4298] mutex_lock_nested+0x38/0x44 [ 37.229881][ T4298] input_ff_upload+0x31c/0x834 [ 37.231348][ T4298] evdev_ioctl_handler+0x1fd8/0x2d60 [ 37.232933][ T4298] evdev_ioctl+0x38/0x4c [ 37.234211][ T4298] __arm64_sys_ioctl+0x14c/0x1c8 [ 37.235644][ T4298] invoke_syscall+0x98/0x2bc [ 37.236967][ T4298] el0_svc_common+0x138/0x258 [ 37.238239][ T4298] do_el0_svc+0x58/0x13c [ 37.239512][ T4298] el0_svc+0x58/0x168 [ 37.240722][ T4298] el0t_64_sync_handler+0x84/0xf0 [ 37.242172][ T4298] el0t_64_sync+0x18c/0x190 [ 37.243433][ T4298] [ 37.243433][ T4298] -> #2 (&evdev->mutex){+.+.}-{3:3}: [ 37.245434][ T4298] __mutex_lock_common+0x190/0x21a0 [ 37.246887][ T4298] mutex_lock_nested+0x38/0x44 [ 37.248263][ T4298] evdev_cleanup+0x38/0x16c [ 37.249577][ T4298] evdev_disconnect+0x58/0xc0 [ 37.250910][ T4298] __input_unregister_device+0x31c/0x5c0 [ 37.252447][ T4298] input_unregister_device+0xb0/0xfc [ 37.253946][ T4298] uinput_destroy_device+0x5a4/0x79c [ 37.255458][ T4298] uinput_release+0x44/0x60 [ 37.256813][ T4298] __fput+0x1c8/0x7c8 [ 37.257997][ T4298] ____fput+0x20/0x30 [ 37.259284][ T4298] task_work_run+0x240/0x2f0 [ 37.260628][ T4298] do_exit+0x550/0x1a84 [ 37.261886][ T4298] do_group_exit+0x194/0x22c [ 37.263181][ T4298] __wake_up_parent+0x0/0x60 [ 37.264511][ T4298] invoke_syscall+0x98/0x2bc [ 37.265836][ T4298] el0_svc_common+0x138/0x258 [ 37.267153][ T4298] do_el0_svc+0x58/0x13c [ 37.268439][ T4298] el0_svc+0x58/0x168 [ 37.269620][ T4298] el0t_64_sync_handler+0x84/0xf0 [ 37.271064][ T4298] el0t_64_sync+0x18c/0x190 [ 37.272327][ T4298] [ 37.272327][ T4298] -> #1 (input_mutex){+.+.}-{3:3}: [ 37.274228][ T4298] __mutex_lock_common+0x190/0x21a0 [ 37.275717][ T4298] mutex_lock_interruptible_nested+0x38/0x44 [ 37.277531][ T4298] input_register_device+0x914/0xf8c [ 37.279010][ T4298] uinput_create_device+0x360/0x528 [ 37.280514][ T4298] uinput_ioctl_handler+0x8b0/0x16c0 [ 37.282044][ T4298] uinput_ioctl+0x38/0x4c [ 37.283285][ T4298] __arm64_sys_ioctl+0x14c/0x1c8 [ 37.284689][ T4298] invoke_syscall+0x98/0x2bc [ 37.286102][ T4298] el0_svc_common+0x138/0x258 [ 37.287428][ T4298] do_el0_svc+0x58/0x13c [ 37.288700][ T4298] el0_svc+0x58/0x168 [ 37.289818][ T4298] el0t_64_sync_handler+0x84/0xf0 [ 37.291418][ T4298] el0t_64_sync+0x18c/0x190 [ 37.292778][ T4298] [ 37.292778][ T4298] -> #0 (&newdev->mutex){+.+.}-{3:3}: [ 37.294729][ T4298] __lock_acquire+0x3338/0x7680 [ 37.296140][ T4298] lock_acquire+0x26c/0x7cc [ 37.297511][ T4298] __mutex_lock_common+0x190/0x21a0 [ 37.298942][ T4298] mutex_lock_interruptible_nested+0x38/0x44 [ 37.300650][ T4298] uinput_request_submit+0x188/0x654 [ 37.302161][ T4298] uinput_dev_upload_effect+0x170/0x218 [ 37.303697][ T4298] input_ff_upload+0x49c/0x834 [ 37.305096][ T4298] evdev_ioctl_handler+0x1fd8/0x2d60 [ 37.306578][ T4298] evdev_ioctl+0x38/0x4c [ 37.307800][ T4298] __arm64_sys_ioctl+0x14c/0x1c8 [ 37.309240][ T4298] invoke_syscall+0x98/0x2bc [ 37.310702][ T4298] el0_svc_common+0x138/0x258 [ 37.312149][ T4298] do_el0_svc+0x58/0x13c [ 37.313547][ T4298] el0_svc+0x58/0x168 [ 37.314629][ T4298] el0t_64_sync_handler+0x84/0xf0 [ 37.316084][ T4298] el0t_64_sync+0x18c/0x190 [ 37.317419][ T4298] [ 37.317419][ T4298] other info that might help us debug this: [ 37.317419][ T4298] [ 37.320276][ T4298] Chain exists of: [ 37.320276][ T4298] &newdev->mutex --> &evdev->mutex --> &ff->mutex [ 37.320276][ T4298] [ 37.323726][ T4298] Possible unsafe locking scenario: [ 37.323726][ T4298] [ 37.325665][ T4298] CPU0 CPU1 [ 37.327029][ T4298] ---- ---- [ 37.328479][ T4298] lock(&ff->mutex); [ 37.329465][ T4298] lock(&evdev->mutex); [ 37.331141][ T4298] lock(&ff->mutex); [ 37.332768][ T4298] lock(&newdev->mutex); [ 37.333859][ T4298] [ 37.333859][ T4298] *** DEADLOCK *** [ 37.333859][ T4298] [ 37.336040][ T4298] 2 locks held by syz-executor240/4298: [ 37.337449][ T4298] #0: ffff0000c4be1110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_ioctl_handler+0x11c/0x2d60 [ 37.340161][ T4298] #1: ffff0000db3500b0 (&ff->mutex){+.+.}-{3:3}, at: input_ff_upload+0x31c/0x834 [ 37.342594][ T4298] [ 37.342594][ T4298] stack backtrace: [ 37.344141][ T4298] CPU: 1 PID: 4298 Comm: syz-executor240 Not tainted 6.1.134-syzkaller #0 [ 37.346351][ T4298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 37.348994][ T4298] Call trace: [ 37.349827][ T4298] dump_backtrace+0x1c8/0x1f4 [ 37.351039][ T4298] show_stack+0x2c/0x3c [ 37.352102][ T4298] dump_stack_lvl+0x108/0x170 [ 37.353349][ T4298] dump_stack+0x1c/0x105c [ 37.354500][ T4298] print_circular_bug+0x150/0x1b8 [ 37.355380][ T4298] check_noncircular+0x2cc/0x378 [ 37.356306][ T4298] __lock_acquire+0x3338/0x7680 [ 37.357388][ T4298] lock_acquire+0x26c/0x7cc [ 37.358562][ T4298] __mutex_lock_common+0x190/0x21a0 [ 37.359987][ T4298] mutex_lock_interruptible_nested+0x38/0x44 [ 37.361603][ T4298] uinput_request_submit+0x188/0x654 [ 37.363103][ T4298] uinput_dev_upload_effect+0x170/0x218 [ 37.364536][ T4298] input_ff_upload+0x49c/0x834 [ 37.365828][ T4298] evdev_ioctl_handler+0x1fd8/0x2d60 [ 37.367149][ T4298] evdev_ioctl+0x38/0x4c [ 37.368278][ T4298] __arm64_sys_ioctl+0x14c/0x1c8 [ 37.369593][ T4298] invoke_syscall+0x98/0x2bc [ 37.370713][ T4298] el0_svc_common+0x138/0x258 [ 37.371973][ T4298] do_el0_svc+0x58/0x13c [ 37.373072][ T4298] el0_svc+0x58/0x168 [ 37.374087][ T4298] el0t_64_sync_handler+0x84/0xf0 [ 37.375381][ T4298] el0t_64_sync+0x18c/0x190 executing program [ 37.383187][ T4308] input: syz1 as /devices/virtual/input/input8 executing program [ 37.389833][ T4309] input: syz1 as /devices/virtual/input/input9 executing program [ 37.430576][ T4310] input: syz1 as /devices/virtual/input/input10 executing program [ 42.254884][ T4311] input: syz1 as /devices/virtual/input/input11 executing program [ 42.465323][ T4312] input: syz1 as /devices/virtual/input/input12 executing program [ 42.504971][ T4313] input: syz1 as /devices/virtual/input/input13 executing program [ 42.555489][ T4314] input: syz1 as /devices/virtual/input/input14