Warning: Permanently added '10.128.0.189' (ED25519) to the list of known hosts. executing program executing program syzkaller login: [ 37.572878][ T4298] input: syz1 as /devices/virtual/input/input2 executing program [ 37.582524][ T4299] input: syz1 as /devices/virtual/input/input4 executing program [ 37.585209][ T4293] input: syz1 as /devices/virtual/input/input3 executing program [ 37.594639][ T4297] input: syz1 as /devices/virtual/input/input5 [ 37.596917][ T4300] input: syz1 as /devices/virtual/input/input6 executing program [ 37.636072][ T4304] input: syz1 as /devices/virtual/input/input7 [ 37.653908][ T4293] [ 37.654546][ T4293] ====================================================== [ 37.656278][ T4293] WARNING: possible circular locking dependency detected [ 37.658236][ T4293] 6.1.134-syzkaller #0 Not tainted [ 37.659537][ T4293] ------------------------------------------------------ executing program [ 37.661101][ T4305] input: syz1 as /devices/virtual/input/input8 [ 37.661434][ T4293] syz-executor217/4293 is trying to acquire lock: [ 37.661446][ T4293] ffff0000d2726870 (&newdev->mutex){+.+.}-{3:3}, at: uinput_request_submit+0x188/0x654 [ 37.667173][ T4293] [ 37.667173][ T4293] but task is already holding lock: [ 37.669109][ T4293] ffff0000d27278b0 (&ff->mutex){+.+.}-{3:3}, at: input_ff_upload+0x31c/0x834 [ 37.671457][ T4293] [ 37.671457][ T4293] which lock already depends on the new lock. [ 37.671457][ T4293] [ 37.674178][ T4293] [ 37.674178][ T4293] the existing dependency chain (in reverse order) is: [ 37.676492][ T4293] [ 37.676492][ T4293] -> #3 (&ff->mutex){+.+.}-{3:3}: [ 37.678433][ T4293] __mutex_lock_common+0x190/0x21a0 [ 37.679992][ T4293] mutex_lock_nested+0x38/0x44 [ 37.681417][ T4293] input_ff_upload+0x31c/0x834 [ 37.682761][ T4293] evdev_ioctl_handler+0x1fd8/0x2d60 [ 37.684255][ T4293] evdev_ioctl+0x38/0x4c [ 37.685560][ T4293] __arm64_sys_ioctl+0x14c/0x1c8 [ 37.687008][ T4293] invoke_syscall+0x98/0x2bc [ 37.688387][ T4293] el0_svc_common+0x138/0x258 [ 37.689732][ T4293] do_el0_svc+0x58/0x13c [ 37.690987][ T4293] el0_svc+0x58/0x168 [ 37.692179][ T4293] el0t_64_sync_handler+0x84/0xf0 [ 37.693671][ T4293] el0t_64_sync+0x18c/0x190 [ 37.694989][ T4293] [ 37.694989][ T4293] -> #2 (&evdev->mutex){+.+.}-{3:3}: [ 37.697068][ T4293] __mutex_lock_common+0x190/0x21a0 [ 37.698587][ T4293] mutex_lock_nested+0x38/0x44 [ 37.699993][ T4293] evdev_cleanup+0x38/0x16c [ 37.701263][ T4293] evdev_disconnect+0x58/0xc0 [ 37.702612][ T4293] __input_unregister_device+0x31c/0x5c0 [ 37.704231][ T4293] input_unregister_device+0xb0/0xfc [ 37.705768][ T4293] uinput_destroy_device+0x5a4/0x79c [ 37.707299][ T4293] uinput_release+0x44/0x60 [ 37.708583][ T4293] __fput+0x1c8/0x7c8 [ 37.709709][ T4293] ____fput+0x20/0x30 [ 37.710821][ T4293] task_work_run+0x240/0x2f0 [ 37.712172][ T4293] do_exit+0x550/0x1a84 [ 37.713400][ T4293] do_group_exit+0x194/0x22c [ 37.714797][ T4293] __wake_up_parent+0x0/0x60 [ 37.716098][ T4293] invoke_syscall+0x98/0x2bc [ 37.717438][ T4293] el0_svc_common+0x138/0x258 [ 37.718743][ T4293] do_el0_svc+0x58/0x13c [ 37.719979][ T4293] el0_svc+0x58/0x168 [ 37.721187][ T4293] el0t_64_sync_handler+0x84/0xf0 [ 37.722742][ T4293] el0t_64_sync+0x18c/0x190 [ 37.724161][ T4293] [ 37.724161][ T4293] -> #1 (input_mutex){+.+.}-{3:3}: [ 37.726047][ T4293] __mutex_lock_common+0x190/0x21a0 [ 37.727526][ T4293] mutex_lock_interruptible_nested+0x38/0x44 [ 37.729283][ T4293] input_register_device+0x914/0xf8c [ 37.730762][ T4293] uinput_create_device+0x360/0x528 [ 37.732298][ T4293] uinput_ioctl_handler+0x8b0/0x16c0 [ 37.733873][ T4293] uinput_ioctl+0x38/0x4c [ 37.735172][ T4293] __arm64_sys_ioctl+0x14c/0x1c8 [ 37.736577][ T4293] invoke_syscall+0x98/0x2bc [ 37.737937][ T4293] el0_svc_common+0x138/0x258 [ 37.739295][ T4293] do_el0_svc+0x58/0x13c [ 37.740563][ T4293] el0_svc+0x58/0x168 [ 37.741744][ T4293] el0t_64_sync_handler+0x84/0xf0 [ 37.743141][ T4293] el0t_64_sync+0x18c/0x190 [ 37.744499][ T4293] [ 37.744499][ T4293] -> #0 (&newdev->mutex){+.+.}-{3:3}: [ 37.746430][ T4293] __lock_acquire+0x3338/0x7680 [ 37.747804][ T4293] lock_acquire+0x26c/0x7cc [ 37.749118][ T4293] __mutex_lock_common+0x190/0x21a0 [ 37.750607][ T4293] mutex_lock_interruptible_nested+0x38/0x44 [ 37.752313][ T4293] uinput_request_submit+0x188/0x654 [ 37.753818][ T4293] uinput_dev_upload_effect+0x170/0x218 [ 37.755444][ T4293] input_ff_upload+0x49c/0x834 [ 37.756861][ T4293] evdev_ioctl_handler+0x1fd8/0x2d60 [ 37.758359][ T4293] evdev_ioctl+0x38/0x4c [ 37.759626][ T4293] __arm64_sys_ioctl+0x14c/0x1c8 [ 37.760968][ T4293] invoke_syscall+0x98/0x2bc [ 37.762407][ T4293] el0_svc_common+0x138/0x258 [ 37.763764][ T4293] do_el0_svc+0x58/0x13c [ 37.765046][ T4293] el0_svc+0x58/0x168 [ 37.766252][ T4293] el0t_64_sync_handler+0x84/0xf0 [ 37.767681][ T4293] el0t_64_sync+0x18c/0x190 [ 37.769049][ T4293] [ 37.769049][ T4293] other info that might help us debug this: [ 37.769049][ T4293] [ 37.771710][ T4293] Chain exists of: [ 37.771710][ T4293] &newdev->mutex --> &evdev->mutex --> &ff->mutex [ 37.771710][ T4293] [ 37.775007][ T4293] Possible unsafe locking scenario: [ 37.775007][ T4293] [ 37.776892][ T4293] CPU0 CPU1 [ 37.778318][ T4293] ---- ---- [ 37.779727][ T4293] lock(&ff->mutex); [ 37.780755][ T4293] lock(&evdev->mutex); [ 37.782600][ T4293] lock(&ff->mutex); [ 37.784334][ T4293] lock(&newdev->mutex); [ 37.785510][ T4293] [ 37.785510][ T4293] *** DEADLOCK *** [ 37.785510][ T4293] [ 37.787561][ T4293] 2 locks held by syz-executor217/4293: [ 37.788999][ T4293] #0: ffff0000d0b3a110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_ioctl_handler+0x11c/0x2d60 [ 37.791491][ T4293] #1: ffff0000d27278b0 (&ff->mutex){+.+.}-{3:3}, at: input_ff_upload+0x31c/0x834 [ 37.793799][ T4293] [ 37.793799][ T4293] stack backtrace: [ 37.795339][ T4293] CPU: 1 PID: 4293 Comm: syz-executor217 Not tainted 6.1.134-syzkaller #0 [ 37.797549][ T4293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 37.800258][ T4293] Call trace: [ 37.801090][ T4293] dump_backtrace+0x1c8/0x1f4 [ 37.802378][ T4293] show_stack+0x2c/0x3c [ 37.803484][ T4293] dump_stack_lvl+0x108/0x170 [ 37.804727][ T4293] dump_stack+0x1c/0x105c [ 37.805903][ T4293] print_circular_bug+0x150/0x1b8 [ 37.807198][ T4293] check_noncircular+0x2cc/0x378 [ 37.808467][ T4293] __lock_acquire+0x3338/0x7680 [ 37.809753][ T4293] lock_acquire+0x26c/0x7cc [ 37.810967][ T4293] __mutex_lock_common+0x190/0x21a0 [ 37.812364][ T4293] mutex_lock_interruptible_nested+0x38/0x44 [ 37.813990][ T4293] uinput_request_submit+0x188/0x654 [ 37.815282][ T4293] uinput_dev_upload_effect+0x170/0x218 [ 37.816689][ T4293] input_ff_upload+0x49c/0x834 [ 37.817987][ T4293] evdev_ioctl_handler+0x1fd8/0x2d60 [ 37.819283][ T4293] evdev_ioctl+0x38/0x4c [ 37.820421][ T4293] __arm64_sys_ioctl+0x14c/0x1c8 [ 37.821748][ T4293] invoke_syscall+0x98/0x2bc [ 37.822942][ T4293] el0_svc_common+0x138/0x258 [ 37.824212][ T4293] do_el0_svc+0x58/0x13c [ 37.825275][ T4293] el0_svc+0x58/0x168 [ 37.826285][ T4293] el0t_64_sync_handler+0x84/0xf0 [ 37.827516][ T4293] el0t_64_sync+0x18c/0x190 executing program [ 37.851408][ T4308] input: syz1 as /devices/virtual/input/input9 executing program [ 42.644571][ T4309] input: syz1 as /devices/virtual/input/input10 executing program [ 42.755851][ T4310] input: syz1 as /devices/virtual/input/input11 executing program [ 42.794421][ T4311] input: syz1 as /devices/virtual/input/input12 executing program [ 42.933955][ T4312] input: syz1 as /devices/virtual/input/input13