Warning: Permanently added '10.128.10.22' (ED25519) to the list of known hosts. [ 41.942447][ T4026] input: syz1 as /devices/virtual/input/input2 executing program executing program executing program executing program executing program [ 41.960025][ T4031] input: syz1 as /devices/virtual/input/input5 [ 41.960413][ T4030] input: syz1 as /devices/virtual/input/input3 [ 41.970439][ T4034] input: syz1 as /devices/virtual/input/input4 [ 41.975369][ T4032] input: syz1 as /devices/virtual/input/input6 executing program [ 42.027795][ T4039] input: syz1 as /devices/virtual/input/input7 executing program [ 42.087026][ T4040] input: syz1 as /devices/virtual/input/input8 [ 42.110020][ T4039] [ 42.110712][ T4039] ====================================================== [ 42.112643][ T4039] WARNING: possible circular locking dependency detected [ 42.114579][ T4039] 5.15.183-syzkaller #0 Not tainted [ 42.115987][ T4039] ------------------------------------------------------ [ 42.117883][ T4039] syz-executor152/4039 is trying to acquire lock: [ 42.119640][ T4039] ffff0000c2cb2070 (&newdev->mutex){+.+.}-{3:3}, at: uinput_request_submit+0x180/0x618 [ 42.122350][ T4039] [ 42.122350][ T4039] but task is already holding lock: [ 42.124366][ T4039] ffff0000c2cb28b0 (&ff->mutex){+.+.}-{3:3}, at: input_ff_upload+0x2d4/0x78c [ 42.126832][ T4039] [ 42.126832][ T4039] which lock already depends on the new lock. [ 42.126832][ T4039] [ 42.129763][ T4039] [ 42.129763][ T4039] the existing dependency chain (in reverse order) is: [ 42.132294][ T4039] [ 42.132294][ T4039] -> #3 (&ff->mutex){+.+.}-{3:3}: [ 42.134249][ T4039] __mutex_lock_common+0x194/0x1edc [ 42.135847][ T4039] mutex_lock_nested+0xac/0x11c [ 42.137276][ T4039] input_ff_upload+0x2d4/0x78c [ 42.138742][ T4039] evdev_ioctl_handler+0x1fec/0x2be0 [ 42.140368][ T4039] evdev_ioctl+0x38/0x4c [ 42.141635][ T4039] __arm64_sys_ioctl+0x14c/0x1c8 [ 42.143106][ T4039] invoke_syscall+0x98/0x2b8 [ 42.144457][ T4039] el0_svc_common+0x138/0x258 [ 42.145853][ T4039] do_el0_svc+0x58/0x14c [ 42.147113][ T4039] el0_svc+0x78/0x1e0 [ 42.148294][ T4039] el0t_64_sync_handler+0xcc/0xe4 [ 42.149749][ T4039] el0t_64_sync+0x1a0/0x1a4 [ 42.151131][ T4039] [ 42.151131][ T4039] -> #2 (&evdev->mutex){+.+.}-{3:3}: [ 42.153257][ T4039] __mutex_lock_common+0x194/0x1edc [ 42.154870][ T4039] mutex_lock_nested+0xac/0x11c [ 42.156349][ T4039] evdev_cleanup+0x30/0x15c [ 42.157715][ T4039] evdev_disconnect+0x50/0xb4 [ 42.159220][ T4039] __input_unregister_device+0x178/0x2fc [ 42.160871][ T4039] input_unregister_device+0xa8/0xf4 [ 42.162447][ T4039] uinput_destroy_device+0x598/0x774 [ 42.164087][ T4039] uinput_release+0x44/0x60 [ 42.165442][ T4039] __fput+0x1c0/0x7f8 [ 42.166673][ T4039] ____fput+0x20/0x30 [ 42.167976][ T4039] task_work_run+0x12c/0x1e0 [ 42.169404][ T4039] do_exit+0x67c/0x1f58 [ 42.170737][ T4039] do_group_exit+0x100/0x268 [ 42.172148][ T4039] __wake_up_parent+0x0/0x60 [ 42.173634][ T4039] invoke_syscall+0x98/0x2b8 [ 42.175102][ T4039] el0_svc_common+0x138/0x258 [ 42.176547][ T4039] do_el0_svc+0x58/0x14c [ 42.177897][ T4039] el0_svc+0x78/0x1e0 [ 42.179126][ T4039] el0t_64_sync_handler+0xcc/0xe4 [ 42.180648][ T4039] el0t_64_sync+0x1a0/0x1a4 [ 42.182151][ T4039] [ 42.182151][ T4039] -> #1 (input_mutex){+.+.}-{3:3}: [ 42.184190][ T4039] __mutex_lock_common+0x194/0x1edc [ 42.185819][ T4039] mutex_lock_interruptible_nested+0xac/0x11c [ 42.187666][ T4039] input_register_device+0x900/0xe34 [ 42.189287][ T4039] uinput_create_device+0x350/0x518 [ 42.190843][ T4039] uinput_ioctl_handler+0x3c4/0x10bc [ 42.192432][ T4039] uinput_ioctl+0x38/0x4c [ 42.193786][ T4039] __arm64_sys_ioctl+0x14c/0x1c8 [ 42.195215][ T4039] invoke_syscall+0x98/0x2b8 [ 42.196580][ T4039] el0_svc_common+0x138/0x258 [ 42.198020][ T4039] do_el0_svc+0x58/0x14c [ 42.199313][ T4039] el0_svc+0x78/0x1e0 [ 42.200550][ T4039] el0t_64_sync_handler+0xcc/0xe4 [ 42.202072][ T4039] el0t_64_sync+0x1a0/0x1a4 [ 42.203452][ T4039] [ 42.203452][ T4039] -> #0 (&newdev->mutex){+.+.}-{3:3}: [ 42.205567][ T4039] __lock_acquire+0x2928/0x651c [ 42.207061][ T4039] lock_acquire+0x1f4/0x620 [ 42.208442][ T4039] __mutex_lock_common+0x194/0x1edc [ 42.209977][ T4039] mutex_lock_interruptible_nested+0xac/0x11c [ 42.211803][ T4039] uinput_request_submit+0x180/0x618 [ 42.213436][ T4039] uinput_dev_upload_effect+0x130/0x1c0 [ 42.215107][ T4039] input_ff_upload+0x454/0x78c [ 42.216587][ T4039] evdev_ioctl_handler+0x1fec/0x2be0 [ 42.218262][ T4039] evdev_ioctl+0x38/0x4c [ 42.219578][ T4039] __arm64_sys_ioctl+0x14c/0x1c8 [ 42.221133][ T4039] invoke_syscall+0x98/0x2b8 [ 42.222520][ T4039] el0_svc_common+0x138/0x258 [ 42.224024][ T4039] do_el0_svc+0x58/0x14c [ 42.225303][ T4039] el0_svc+0x78/0x1e0 [ 42.226508][ T4039] el0t_64_sync_handler+0xcc/0xe4 [ 42.227979][ T4039] el0t_64_sync+0x1a0/0x1a4 [ 42.229380][ T4039] [ 42.229380][ T4039] other info that might help us debug this: [ 42.229380][ T4039] [ 42.232246][ T4039] Chain exists of: [ 42.232246][ T4039] &newdev->mutex --> &evdev->mutex --> &ff->mutex [ 42.232246][ T4039] [ 42.235664][ T4039] Possible unsafe locking scenario: [ 42.235664][ T4039] [ 42.237652][ T4039] CPU0 CPU1 [ 42.239098][ T4039] ---- ---- [ 42.240533][ T4039] lock(&ff->mutex); [ 42.241631][ T4039] lock(&evdev->mutex); [ 42.243532][ T4039] lock(&ff->mutex); [ 42.245372][ T4039] lock(&newdev->mutex); [ 42.246536][ T4039] [ 42.246536][ T4039] *** DEADLOCK *** [ 42.246536][ T4039] [ 42.248759][ T4039] 2 locks held by syz-executor152/4039: [ 42.250317][ T4039] #0: ffff0000c20ce110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_ioctl_handler+0x114/0x2be0 [ 42.253117][ T4039] #1: ffff0000c2cb28b0 (&ff->mutex){+.+.}-{3:3}, at: input_ff_upload+0x2d4/0x78c [ 42.255678][ T4039] [ 42.255678][ T4039] stack backtrace: [ 42.257318][ T4039] CPU: 0 PID: 4039 Comm: syz-executor152 Not tainted 5.15.183-syzkaller #0 [ 42.259681][ T4039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 42.262462][ T4039] Call trace: [ 42.263368][ T4039] dump_backtrace+0x0/0x43c [ 42.264646][ T4039] show_stack+0x2c/0x3c [ 42.265839][ T4039] __dump_stack+0x30/0x40 [ 42.267021][ T4039] dump_stack_lvl+0xf8/0x160 [ 42.268338][ T4039] dump_stack+0x1c/0x5c [ 42.269463][ T4039] print_circular_bug+0x148/0x1b0 [ 42.270855][ T4039] check_noncircular+0x240/0x2d4 [ 42.272224][ T4039] __lock_acquire+0x2928/0x651c [ 42.273598][ T4039] lock_acquire+0x1f4/0x620 [ 42.274810][ T4039] __mutex_lock_common+0x194/0x1edc [ 42.276190][ T4039] mutex_lock_interruptible_nested+0xac/0x11c [ 42.277868][ T4039] uinput_request_submit+0x180/0x618 [ 42.279271][ T4039] uinput_dev_upload_effect+0x130/0x1c0 [ 42.280815][ T4039] input_ff_upload+0x454/0x78c [ 42.282168][ T4039] evdev_ioctl_handler+0x1fec/0x2be0 [ 42.283604][ T4039] evdev_ioctl+0x38/0x4c [ 42.284773][ T4039] __arm64_sys_ioctl+0x14c/0x1c8 [ 42.286181][ T4039] invoke_syscall+0x98/0x2b8 [ 42.287482][ T4039] el0_svc_common+0x138/0x258 [ 42.288767][ T4039] do_el0_svc+0x58/0x14c [ 42.289938][ T4039] el0_svc+0x78/0x1e0 [ 42.291043][ T4039] el0t_64_sync_handler+0xcc/0xe4 [ 42.292438][ T4039] el0t_64_sync+0x1a0/0x1a4 executing program [ 42.295972][ T4041] input: syz1 as /devices/virtual/input/input9 executing program [ 42.314379][ T4042] input: syz1 as /devices/virtual/input/input10 executing program [ 42.356391][ T4043] input: syz1 as /devices/virtual/input/input11 executing program [ 47.200460][ T4044] input: syz1 as /devices/virtual/input/input12 executing program [ 47.400819][ T4046] input: syz1 as /devices/virtual/input/input13 executing program [ 47.441306][ T4047] input: syz1 as /devices/virtual/input/input14 executing program [ 47.498079][ T4048] input: syz1 as /devices/virtual/input/input15