Warning: Permanently added '10.128.0.101' (ED25519) to the list of known hosts. [ 42.187891][ T4026] input: syz1 as /devices/virtual/input/input2 executing program executing program executing program executing program [ 42.200994][ T4033] input: syz1 as /devices/virtual/input/input3 [ 42.205278][ T4031] input: syz1 as /devices/virtual/input/input5 executing program [ 42.214644][ T4030] input: syz1 as /devices/virtual/input/input4 [ 42.217454][ T4034] input: syz1 as /devices/virtual/input/input6 executing program [ 42.246745][ T4038] input: syz1 as /devices/virtual/input/input7 [ 42.254123][ T4038] [ 42.254822][ T4038] ====================================================== [ 42.256788][ T4038] WARNING: possible circular locking dependency detected [ 42.258731][ T4038] 5.15.183-syzkaller #0 Not tainted [ 42.260311][ T4038] ------------------------------------------------------ [ 42.262158][ T4038] syz-executor122/4038 is trying to acquire lock: [ 42.264013][ T4038] ffff0000d1a7c070 (&newdev->mutex){+.+.}-{3:3}, at: uinput_request_submit+0x180/0x618 [ 42.266712][ T4038] [ 42.266712][ T4038] but task is already holding lock: [ 42.268783][ T4038] ffff0000d1a7c8b0 (&ff->mutex){+.+.}-{3:3}, at: input_ff_upload+0x2d4/0x78c [ 42.271241][ T4038] [ 42.271241][ T4038] which lock already depends on the new lock. [ 42.271241][ T4038] [ 42.274107][ T4038] [ 42.274107][ T4038] the existing dependency chain (in reverse order) is: [ 42.276632][ T4038] [ 42.276632][ T4038] -> #3 (&ff->mutex){+.+.}-{3:3}: [ 42.278677][ T4038] __mutex_lock_common+0x194/0x1edc [ 42.280280][ T4038] mutex_lock_nested+0xac/0x11c [ 42.281767][ T4038] input_ff_upload+0x2d4/0x78c [ 42.283316][ T4038] evdev_ioctl_handler+0x1fec/0x2be0 [ 42.284983][ T4038] evdev_ioctl+0x38/0x4c [ 42.286282][ T4038] __arm64_sys_ioctl+0x14c/0x1c8 [ 42.287797][ T4038] invoke_syscall+0x98/0x2b8 [ 42.289232][ T4038] el0_svc_common+0x138/0x258 [ 42.290660][ T4038] do_el0_svc+0x58/0x14c [ 42.291983][ T4038] el0_svc+0x78/0x1e0 [ 42.293295][ T4038] el0t_64_sync_handler+0xcc/0xe4 [ 42.294872][ T4038] el0t_64_sync+0x1a0/0x1a4 [ 42.296332][ T4038] [ 42.296332][ T4038] -> #2 (&evdev->mutex){+.+.}-{3:3}: [ 42.298544][ T4038] __mutex_lock_common+0x194/0x1edc [ 42.300226][ T4038] mutex_lock_nested+0xac/0x11c [ 42.301677][ T4038] evdev_cleanup+0x30/0x15c [ 42.303095][ T4038] evdev_disconnect+0x50/0xb4 [ 42.304558][ T4038] __input_unregister_device+0x178/0x2fc [ 42.306290][ T4038] input_unregister_device+0xa8/0xf4 [ 42.307937][ T4038] uinput_destroy_device+0x598/0x774 [ 42.309677][ T4038] uinput_release+0x44/0x60 [ 42.311181][ T4038] __fput+0x1c0/0x7f8 [ 42.312421][ T4038] ____fput+0x20/0x30 [ 42.313625][ T4038] task_work_run+0x12c/0x1e0 [ 42.315068][ T4038] do_exit+0x67c/0x1f58 [ 42.316407][ T4038] do_group_exit+0x100/0x268 [ 42.317816][ T4038] __wake_up_parent+0x0/0x60 [ 42.319236][ T4038] invoke_syscall+0x98/0x2b8 [ 42.320645][ T4038] el0_svc_common+0x138/0x258 [ 42.322128][ T4038] do_el0_svc+0x58/0x14c [ 42.323398][ T4038] el0_svc+0x78/0x1e0 [ 42.324676][ T4038] el0t_64_sync_handler+0xcc/0xe4 [ 42.326281][ T4038] el0t_64_sync+0x1a0/0x1a4 [ 42.327704][ T4038] [ 42.327704][ T4038] -> #1 (input_mutex){+.+.}-{3:3}: [ 42.329673][ T4038] __mutex_lock_common+0x194/0x1edc [ 42.331273][ T4038] mutex_lock_interruptible_nested+0xac/0x11c [ 42.333125][ T4038] input_register_device+0x900/0xe34 [ 42.334724][ T4038] uinput_create_device+0x350/0x518 [ 42.336376][ T4038] uinput_ioctl_handler+0x3c4/0x10bc [ 42.338014][ T4038] uinput_ioctl+0x38/0x4c [ 42.339320][ T4038] __arm64_sys_ioctl+0x14c/0x1c8 [ 42.340828][ T4038] invoke_syscall+0x98/0x2b8 [ 42.342304][ T4038] el0_svc_common+0x138/0x258 [ 42.343794][ T4038] do_el0_svc+0x58/0x14c [ 42.345154][ T4038] el0_svc+0x78/0x1e0 [ 42.346403][ T4038] el0t_64_sync_handler+0xcc/0xe4 [ 42.347923][ T4038] el0t_64_sync+0x1a0/0x1a4 [ 42.349315][ T4038] [ 42.349315][ T4038] -> #0 (&newdev->mutex){+.+.}-{3:3}: [ 42.351444][ T4038] __lock_acquire+0x2928/0x651c [ 42.352907][ T4038] lock_acquire+0x1f4/0x620 [ 42.354296][ T4038] __mutex_lock_common+0x194/0x1edc [ 42.355951][ T4038] mutex_lock_interruptible_nested+0xac/0x11c [ 42.357813][ T4038] uinput_request_submit+0x180/0x618 [ 42.359442][ T4038] uinput_dev_upload_effect+0x130/0x1c0 [ 42.361220][ T4038] input_ff_upload+0x454/0x78c [ 42.362713][ T4038] evdev_ioctl_handler+0x1fec/0x2be0 [ 42.364305][ T4038] evdev_ioctl+0x38/0x4c [ 42.365606][ T4038] __arm64_sys_ioctl+0x14c/0x1c8 [ 42.367182][ T4038] invoke_syscall+0x98/0x2b8 [ 42.368615][ T4038] el0_svc_common+0x138/0x258 [ 42.370039][ T4038] do_el0_svc+0x58/0x14c [ 42.371367][ T4038] el0_svc+0x78/0x1e0 [ 42.372618][ T4038] el0t_64_sync_handler+0xcc/0xe4 [ 42.374170][ T4038] el0t_64_sync+0x1a0/0x1a4 [ 42.375603][ T4038] [ 42.375603][ T4038] other info that might help us debug this: [ 42.375603][ T4038] [ 42.378611][ T4038] Chain exists of: [ 42.378611][ T4038] &newdev->mutex --> &evdev->mutex --> &ff->mutex [ 42.378611][ T4038] [ 42.382104][ T4038] Possible unsafe locking scenario: [ 42.382104][ T4038] [ 42.384181][ T4038] CPU0 CPU1 [ 42.385787][ T4038] ---- ---- [ 42.387303][ T4038] lock(&ff->mutex); [ 42.388444][ T4038] lock(&evdev->mutex); [ 42.390326][ T4038] lock(&ff->mutex); [ 42.392101][ T4038] lock(&newdev->mutex); [ 42.393272][ T4038] [ 42.393272][ T4038] *** DEADLOCK *** [ 42.393272][ T4038] [ 42.395489][ T4038] 2 locks held by syz-executor122/4038: [ 42.397035][ T4038] #0: ffff0000db02e110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_ioctl_handler+0x114/0x2be0 [ 42.399753][ T4038] #1: ffff0000d1a7c8b0 (&ff->mutex){+.+.}-{3:3}, at: input_ff_upload+0x2d4/0x78c [ 42.402399][ T4038] [ 42.402399][ T4038] stack backtrace: [ 42.404055][ T4038] CPU: 0 PID: 4038 Comm: syz-executor122 Not tainted 5.15.183-syzkaller #0 [ 42.406502][ T4038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 42.409285][ T4038] Call trace: [ 42.410186][ T4038] dump_backtrace+0x0/0x43c [ 42.411508][ T4038] show_stack+0x2c/0x3c [ 42.412677][ T4038] __dump_stack+0x30/0x40 [ 42.413950][ T4038] dump_stack_lvl+0xf8/0x160 [ 42.415233][ T4038] dump_stack+0x1c/0x5c [ 42.416367][ T4038] print_circular_bug+0x148/0x1b0 [ 42.417742][ T4038] check_noncircular+0x240/0x2d4 [ 42.419170][ T4038] __lock_acquire+0x2928/0x651c [ 42.420515][ T4038] lock_acquire+0x1f4/0x620 [ 42.421887][ T4038] __mutex_lock_common+0x194/0x1edc [ 42.423387][ T4038] mutex_lock_interruptible_nested+0xac/0x11c [ 42.425076][ T4038] uinput_request_submit+0x180/0x618 [ 42.426555][ T4038] uinput_dev_upload_effect+0x130/0x1c0 [ 42.428173][ T4038] input_ff_upload+0x454/0x78c [ 42.429492][ T4038] evdev_ioctl_handler+0x1fec/0x2be0 [ 42.431058][ T4038] evdev_ioctl+0x38/0x4c [ 42.432226][ T4038] __arm64_sys_ioctl+0x14c/0x1c8 [ 42.433622][ T4038] invoke_syscall+0x98/0x2b8 [ 42.434957][ T4038] el0_svc_common+0x138/0x258 [ 42.436255][ T4038] do_el0_svc+0x58/0x14c [ 42.437459][ T4038] el0_svc+0x78/0x1e0 [ 42.438596][ T4038] el0t_64_sync_handler+0xcc/0xe4 [ 42.440047][ T4038] el0t_64_sync+0x1a0/0x1a4 executing program [ 42.469291][ T4040] input: syz1 as /devices/virtual/input/input8 executing program [ 42.525826][ T4041] input: syz1 as /devices/virtual/input/input9 executing program [ 47.265876][ T4042] input: syz1 as /devices/virtual/input/input10 executing program [ 47.298046][ T4043] input: syz1 as /devices/virtual/input/input11 executing program [ 47.556156][ T4044] input: syz1 as /devices/virtual/input/input12 executing program [ 47.615887][ T4045] input: syz1 as /devices/virtual/input/input13