Warning: Permanently added '10.128.1.74' (ED25519) to the list of known hosts. executing program [ 44.323218][ T4033] input: syz1 as /devices/virtual/input/input2 executing program [ 44.362985][ T4035] input: syz1 as /devices/virtual/input/input3 executing program [ 44.376180][ T4036] input: syz1 as /devices/virtual/input/input4 executing program executing program executing program [ 44.394591][ T4040] input: syz1 as /devices/virtual/input/input5 [ 44.403126][ T4038] input: syz1 as /devices/virtual/input/input7 [ 44.405551][ T4039] input: syz1 as /devices/virtual/input/input6 executing program [ 44.441510][ T4042] input: syz1 as /devices/virtual/input/input8 executing program [ 44.476220][ T4043] input: syz1 as /devices/virtual/input/input9 [ 44.517226][ T4042] [ 44.517981][ T4042] ====================================================== [ 44.519962][ T4042] WARNING: possible circular locking dependency detected [ 44.521996][ T4042] 5.15.183-syzkaller #0 Not tainted [ 44.523427][ T4042] ------------------------------------------------------ [ 44.525538][ T4042] syz-executor546/4042 is trying to acquire lock: [ 44.527305][ T4042] ffff0000dde1f870 (&newdev->mutex){+.+.}-{3:3}, at: uinput_request_submit+0x180/0x618 [ 44.530185][ T4042] [ 44.530185][ T4042] but task is already holding lock: [ 44.532292][ T4042] ffff0000db1980b0 (&ff->mutex){+.+.}-{3:3}, at: input_ff_upload+0x2d4/0x78c [ 44.534954][ T4042] [ 44.534954][ T4042] which lock already depends on the new lock. [ 44.534954][ T4042] [ 44.537943][ T4042] [ 44.537943][ T4042] the existing dependency chain (in reverse order) is: [ 44.540455][ T4042] [ 44.540455][ T4042] -> #3 (&ff->mutex){+.+.}-{3:3}: [ 44.542535][ T4042] __mutex_lock_common+0x194/0x1edc [ 44.544081][ T4042] mutex_lock_nested+0xac/0x11c [ 44.545567][ T4042] input_ff_upload+0x2d4/0x78c [ 44.547015][ T4042] evdev_ioctl_handler+0x1fec/0x2be0 [ 44.548647][ T4042] evdev_ioctl+0x38/0x4c [ 44.550066][ T4042] __arm64_sys_ioctl+0x14c/0x1c8 [ 44.551573][ T4042] invoke_syscall+0x98/0x2b8 [ 44.553136][ T4042] el0_svc_common+0x138/0x258 [ 44.554580][ T4042] do_el0_svc+0x58/0x14c [ 44.555887][ T4042] el0_svc+0x78/0x1e0 [ 44.557106][ T4042] el0t_64_sync_handler+0xcc/0xe4 [ 44.558778][ T4042] el0t_64_sync+0x1a0/0x1a4 [ 44.560276][ T4042] [ 44.560276][ T4042] -> #2 (&evdev->mutex){+.+.}-{3:3}: [ 44.562352][ T4042] __mutex_lock_common+0x194/0x1edc [ 44.563911][ T4042] mutex_lock_nested+0xac/0x11c [ 44.565439][ T4042] evdev_cleanup+0x30/0x15c [ 44.566774][ T4042] evdev_disconnect+0x50/0xb4 [ 44.568222][ T4042] __input_unregister_device+0x178/0x2fc [ 44.569930][ T4042] input_unregister_device+0xa8/0xf4 [ 44.571520][ T4042] uinput_destroy_device+0x598/0x774 [ 44.573104][ T4042] uinput_release+0x44/0x60 [ 44.574492][ T4042] __fput+0x1c0/0x7f8 [ 44.575707][ T4042] ____fput+0x20/0x30 [ 44.576879][ T4042] task_work_run+0x12c/0x1e0 [ 44.578364][ T4042] do_notify_resume+0x24b4/0x3128 [ 44.579836][ T4042] el0_svc+0xf0/0x1e0 [ 44.581050][ T4042] el0t_64_sync_handler+0xcc/0xe4 [ 44.582611][ T4042] el0t_64_sync+0x1a0/0x1a4 [ 44.584125][ T4042] [ 44.584125][ T4042] -> #1 (input_mutex){+.+.}-{3:3}: [ 44.586262][ T4042] __mutex_lock_common+0x194/0x1edc [ 44.587871][ T4042] mutex_lock_interruptible_nested+0xac/0x11c [ 44.589668][ T4042] input_register_device+0x900/0xe34 [ 44.591321][ T4042] uinput_create_device+0x350/0x518 [ 44.593010][ T4042] uinput_ioctl_handler+0x3c4/0x10bc [ 44.594671][ T4042] uinput_ioctl+0x38/0x4c [ 44.596070][ T4042] __arm64_sys_ioctl+0x14c/0x1c8 [ 44.597571][ T4042] invoke_syscall+0x98/0x2b8 [ 44.598992][ T4042] el0_svc_common+0x138/0x258 [ 44.600485][ T4042] do_el0_svc+0x58/0x14c [ 44.601852][ T4042] el0_svc+0x78/0x1e0 [ 44.603175][ T4042] el0t_64_sync_handler+0xcc/0xe4 [ 44.604764][ T4042] el0t_64_sync+0x1a0/0x1a4 [ 44.606208][ T4042] [ 44.606208][ T4042] -> #0 (&newdev->mutex){+.+.}-{3:3}: [ 44.608485][ T4042] __lock_acquire+0x2928/0x651c [ 44.610062][ T4042] lock_acquire+0x1f4/0x620 [ 44.611591][ T4042] __mutex_lock_common+0x194/0x1edc [ 44.613275][ T4042] mutex_lock_interruptible_nested+0xac/0x11c [ 44.615153][ T4042] uinput_request_submit+0x180/0x618 [ 44.616854][ T4042] uinput_dev_upload_effect+0x130/0x1c0 [ 44.618717][ T4042] input_ff_upload+0x454/0x78c [ 44.620224][ T4042] evdev_ioctl_handler+0x1fec/0x2be0 [ 44.621854][ T4042] evdev_ioctl+0x38/0x4c [ 44.623218][ T4042] __arm64_sys_ioctl+0x14c/0x1c8 [ 44.624742][ T4042] invoke_syscall+0x98/0x2b8 [ 44.626248][ T4042] el0_svc_common+0x138/0x258 [ 44.627781][ T4042] do_el0_svc+0x58/0x14c [ 44.629115][ T4042] el0_svc+0x78/0x1e0 [ 44.630323][ T4042] el0t_64_sync_handler+0xcc/0xe4 [ 44.631853][ T4042] el0t_64_sync+0x1a0/0x1a4 [ 44.633270][ T4042] [ 44.633270][ T4042] other info that might help us debug this: [ 44.633270][ T4042] [ 44.636133][ T4042] Chain exists of: [ 44.636133][ T4042] &newdev->mutex --> &evdev->mutex --> &ff->mutex [ 44.636133][ T4042] [ 44.639541][ T4042] Possible unsafe locking scenario: [ 44.639541][ T4042] [ 44.641528][ T4042] CPU0 CPU1 [ 44.643000][ T4042] ---- ---- [ 44.644443][ T4042] lock(&ff->mutex); [ 44.645587][ T4042] lock(&evdev->mutex); [ 44.647525][ T4042] lock(&ff->mutex); [ 44.649444][ T4042] lock(&newdev->mutex); [ 44.650744][ T4042] [ 44.650744][ T4042] *** DEADLOCK *** [ 44.650744][ T4042] [ 44.653058][ T4042] 2 locks held by syz-executor546/4042: [ 44.654580][ T4042] #0: ffff0000ced6f110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_ioctl_handler+0x114/0x2be0 [ 44.657460][ T4042] #1: ffff0000db1980b0 (&ff->mutex){+.+.}-{3:3}, at: input_ff_upload+0x2d4/0x78c [ 44.660153][ T4042] [ 44.660153][ T4042] stack backtrace: [ 44.661771][ T4042] CPU: 1 PID: 4042 Comm: syz-executor546 Not tainted 5.15.183-syzkaller #0 [ 44.664246][ T4042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 44.667059][ T4042] Call trace: [ 44.668005][ T4042] dump_backtrace+0x0/0x43c [ 44.669240][ T4042] show_stack+0x2c/0x3c [ 44.670407][ T4042] __dump_stack+0x30/0x40 [ 44.671562][ T4042] dump_stack_lvl+0xf8/0x160 [ 44.672841][ T4042] dump_stack+0x1c/0x5c [ 44.673953][ T4042] print_circular_bug+0x148/0x1b0 [ 44.675392][ T4042] check_noncircular+0x240/0x2d4 [ 44.676792][ T4042] __lock_acquire+0x2928/0x651c [ 44.678196][ T4042] lock_acquire+0x1f4/0x620 [ 44.679464][ T4042] __mutex_lock_common+0x194/0x1edc [ 44.680980][ T4042] mutex_lock_interruptible_nested+0xac/0x11c [ 44.682685][ T4042] uinput_request_submit+0x180/0x618 [ 44.684178][ T4042] uinput_dev_upload_effect+0x130/0x1c0 [ 44.685784][ T4042] input_ff_upload+0x454/0x78c [ 44.687051][ T4042] evdev_ioctl_handler+0x1fec/0x2be0 [ 44.688543][ T4042] evdev_ioctl+0x38/0x4c [ 44.689669][ T4042] __arm64_sys_ioctl+0x14c/0x1c8 [ 44.691079][ T4042] invoke_syscall+0x98/0x2b8 [ 44.692364][ T4042] el0_svc_common+0x138/0x258 [ 44.693678][ T4042] do_el0_svc+0x58/0x14c [ 44.694915][ T4042] el0_svc+0x78/0x1e0 [ 44.696016][ T4042] el0t_64_sync_handler+0xcc/0xe4 [ 44.697407][ T4042] el0t_64_sync+0x1a0/0x1a4 executing program [ 44.705050][ T4045] input: syz1 as /devices/virtual/input/input10 executing program [ 44.735275][ T4047] input: syz1 as /devices/virtual/input/input11 executing program [ 44.765798][ T4048] input: syz1 as /devices/virtual/input/input12 executing program [ 49.558469][ T4051] input: syz1 as /devices/virtual/input/input13 executing program [ 49.798247][ T4052] input: syz1 as /devices/virtual/input/input14 executing program [ 49.838299][ T4053] input: syz1 as /devices/virtual/input/input15 executing program [ 49.878472][ T4054] input: syz1 as /devices/virtual/input/input16