Warning: Permanently added '[localhost]:41981' (ED25519) to the list of known hosts. executing program [ 67.172470][ T5305] input: syz1 as /devices/virtual/input/input5 [ 67.185902][ T5305] [ 67.186873][ T5305] ====================================================== [ 67.189280][ T5305] WARNING: possible circular locking dependency detected [ 67.192082][ T5305] 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 Not tainted [ 67.195690][ T5305] ------------------------------------------------------ [ 67.198427][ T5305] syz-executor322/5305 is trying to acquire lock: [ 67.200923][ T5305] ffff88803f4e9070 (&newdev->mutex){+.+.}-{4:4}, at: uinput_request_submit+0x19c/0x740 [ 67.204836][ T5305] [ 67.204836][ T5305] but task is already holding lock: [ 67.207698][ T5305] ffff888040e5f4b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x3ea/0xb20 [ 67.211142][ T5305] [ 67.211142][ T5305] which lock already depends on the new lock. [ 67.211142][ T5305] [ 67.215251][ T5305] [ 67.215251][ T5305] the existing dependency chain (in reverse order) is: [ 67.218695][ T5305] [ 67.218695][ T5305] -> #3 (&ff->mutex){+.+.}-{4:4}: [ 67.221636][ T5305] lock_acquire+0x1ed/0x550 [ 67.223694][ T5305] __mutex_lock+0x19c/0x1010 [ 67.225734][ T5305] input_ff_flush+0x5e/0x150 [ 67.227805][ T5305] input_flush_device+0xb2/0xe0 [ 67.229953][ T5305] evdev_release+0xf6/0x7d0 [ 67.232008][ T5305] __fput+0x3e9/0x9f0 [ 67.233870][ T5305] __x64_sys_close+0x7f/0x110 [ 67.235945][ T5305] do_syscall_64+0xf3/0x230 [ 67.237962][ T5305] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.240557][ T5305] [ 67.240557][ T5305] -> #2 (&dev->mutex#2){+.+.}-{4:4}: [ 67.243506][ T5305] lock_acquire+0x1ed/0x550 [ 67.245486][ T5305] __mutex_lock+0x19c/0x1010 [ 67.247444][ T5305] input_register_handle+0x1a5/0x500 [ 67.249748][ T5305] kbd_connect+0xbf/0x130 [ 67.251893][ T5305] input_register_device+0xce2/0x10c0 [ 67.254160][ T5305] acpi_button_add+0x6c6/0xb90 [ 67.256266][ T5305] acpi_device_probe+0xa5/0x2b0 [ 67.258424][ T5305] really_probe+0x2b9/0xad0 [ 67.260436][ T5305] __driver_probe_device+0x1a2/0x390 [ 67.262727][ T5305] driver_probe_device+0x50/0x430 [ 67.264918][ T5305] __driver_attach+0x45f/0x710 [ 67.267130][ T5305] bus_for_each_dev+0x239/0x2b0 [ 67.269235][ T5305] bus_add_driver+0x346/0x670 [ 67.271403][ T5305] driver_register+0x23a/0x320 [ 67.273356][ T5305] do_one_initcall+0x248/0x930 [ 67.275319][ T5305] do_initcall_level+0x157/0x210 [ 67.277320][ T5305] do_initcalls+0x71/0xd0 [ 67.279197][ T5305] kernel_init_freeable+0x435/0x5d0 [ 67.281428][ T5305] kernel_init+0x1d/0x2b0 [ 67.283256][ T5305] ret_from_fork+0x4b/0x80 [ 67.285199][ T5305] ret_from_fork_asm+0x1a/0x30 [ 67.287317][ T5305] [ 67.287317][ T5305] -> #1 (input_mutex){+.+.}-{4:4}: [ 67.290187][ T5305] lock_acquire+0x1ed/0x550 [ 67.292176][ T5305] __mutex_lock+0x19c/0x1010 [ 67.294078][ T5305] input_register_device+0xa8f/0x10c0 [ 67.296240][ T5305] uinput_create_device+0x40e/0x630 [ 67.298255][ T5305] uinput_ioctl_handler+0x488/0x1770 [ 67.300289][ T5305] __se_sys_ioctl+0xf5/0x170 [ 67.302287][ T5305] do_syscall_64+0xf3/0x230 [ 67.304132][ T5305] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.306489][ T5305] [ 67.306489][ T5305] -> #0 (&newdev->mutex){+.+.}-{4:4}: [ 67.309092][ T5305] validate_chain+0x18ef/0x5920 [ 67.311177][ T5305] __lock_acquire+0x1397/0x2100 [ 67.312933][ T5305] lock_acquire+0x1ed/0x550 [ 67.314760][ T5305] __mutex_lock+0x19c/0x1010 [ 67.316795][ T5305] uinput_request_submit+0x19c/0x740 [ 67.319117][ T5305] uinput_dev_upload_effect+0x199/0x240 [ 67.321520][ T5305] input_ff_upload+0x5ef/0xb20 [ 67.323441][ T5305] evdev_ioctl_handler+0x17c7/0x21b0 [ 67.325631][ T5305] __se_sys_ioctl+0xf5/0x170 [ 67.327540][ T5305] do_syscall_64+0xf3/0x230 [ 67.329567][ T5305] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.332149][ T5305] [ 67.332149][ T5305] other info that might help us debug this: [ 67.332149][ T5305] [ 67.335909][ T5305] Chain exists of: [ 67.335909][ T5305] &newdev->mutex --> &dev->mutex#2 --> &ff->mutex [ 67.335909][ T5305] [ 67.340363][ T5305] Possible unsafe locking scenario: [ 67.340363][ T5305] [ 67.343283][ T5305] CPU0 CPU1 [ 67.345268][ T5305] ---- ---- [ 67.347333][ T5305] lock(&ff->mutex); [ 67.348848][ T5305] lock(&dev->mutex#2); [ 67.351401][ T5305] lock(&ff->mutex); [ 67.353857][ T5305] lock(&newdev->mutex); [ 67.355490][ T5305] [ 67.355490][ T5305] *** DEADLOCK *** [ 67.355490][ T5305] [ 67.358553][ T5305] 2 locks held by syz-executor322/5305: [ 67.360694][ T5305] #0: ffff88801d181118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_ioctl_handler+0x122/0x21b0 [ 67.364537][ T5305] #1: ffff888040e5f4b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x3ea/0xb20 [ 67.367936][ T5305] [ 67.367936][ T5305] stack backtrace: [ 67.370273][ T5305] CPU: 0 UID: 0 PID: 5305 Comm: syz-executor322 Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 [ 67.370286][ T5305] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 67.370293][ T5305] Call Trace: [ 67.370300][ T5305] [ 67.370306][ T5305] dump_stack_lvl+0x241/0x360 [ 67.370321][ T5305] ? __pfx_dump_stack_lvl+0x10/0x10 [ 67.370332][ T5305] ? __pfx__printk+0x10/0x10 [ 67.370342][ T5305] print_circular_bug+0x13a/0x1b0 [ 67.370355][ T5305] check_noncircular+0x36a/0x4a0 [ 67.370365][ T5305] ? kernel_text_address+0xa7/0xe0 [ 67.370377][ T5305] ? __pfx_check_noncircular+0x10/0x10 [ 67.370387][ T5305] ? lockdep_lock+0x123/0x2b0 [ 67.370402][ T5305] ? stack_trace_save+0x118/0x1d0 [ 67.370415][ T5305] validate_chain+0x18ef/0x5920 [ 67.370428][ T5305] ? lockdep_unlock+0x16a/0x300 [ 67.370442][ T5305] ? __pfx_validate_chain+0x10/0x10 [ 67.370452][ T5305] ? validate_chain+0x15c0/0x5920 [ 67.370466][ T5305] ? __pfx_validate_chain+0x10/0x10 [ 67.370478][ T5305] ? mark_lock+0x9a/0x360 [ 67.370486][ T5305] ? __pfx_stack_trace_save+0x10/0x10 [ 67.370498][ T5305] __lock_acquire+0x1397/0x2100 [ 67.370515][ T5305] lock_acquire+0x1ed/0x550 [ 67.370528][ T5305] ? uinput_request_submit+0x19c/0x740 [ 67.370545][ T5305] ? __pfx_lock_acquire+0x10/0x10 [ 67.370558][ T5305] ? __pfx___might_resched+0x10/0x10 [ 67.370573][ T5305] __mutex_lock+0x19c/0x1010 [ 67.370588][ T5305] ? uinput_request_submit+0x19c/0x740 [ 67.370604][ T5305] ? uinput_request_submit+0x19c/0x740 [ 67.370617][ T5305] ? __pfx_lock_release+0x10/0x10 [ 67.370629][ T5305] ? __pfx___mutex_lock+0x10/0x10 [ 67.370646][ T5305] ? _raw_spin_unlock+0x28/0x50 [ 67.370658][ T5305] ? uinput_request_alloc_id+0x3c5/0x3f0 [ 67.370672][ T5305] uinput_request_submit+0x19c/0x740 [ 67.370686][ T5305] ? __pfx___might_resched+0x10/0x10 [ 67.370698][ T5305] ? __pfx_uinput_request_submit+0x10/0x10 [ 67.370713][ T5305] ? rcu_is_watching+0x15/0xb0 [ 67.370724][ T5305] ? trace_contention_end+0x3c/0x120 [ 67.370735][ T5305] ? __mutex_lock+0x397/0x1010 [ 67.370748][ T5305] uinput_dev_upload_effect+0x199/0x240 [ 67.370763][ T5305] ? __pfx_uinput_dev_upload_effect+0x10/0x10 [ 67.370780][ T5305] input_ff_upload+0x5ef/0xb20 [ 67.370796][ T5305] evdev_ioctl_handler+0x17c7/0x21b0 [ 67.370810][ T5305] ? __pfx_evdev_ioctl_handler+0x10/0x10 [ 67.370822][ T5305] ? do_sys_openat2+0x17a/0x1d0 [ 67.370845][ T5305] ? __pfx_evdev_ioctl+0x10/0x10 [ 67.370856][ T5305] __se_sys_ioctl+0xf5/0x170 [ 67.370867][ T5305] do_syscall_64+0xf3/0x230 [ 67.370883][ T5305] ? clear_bhb_loop+0x35/0x90 [ 67.370899][ T5305] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.370911][ T5305] RIP: 0033:0x7fee93a209b9 [ 67.370923][ T5305] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 67.370932][ T5305] RSP: 002b:00007ffe3b4e1548 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 67.370944][ T5305] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fee93a209b9 [ 67.370951][ T5305] RDX: 0000400000000040 RSI: 0000000040304580 RDI: 0000000000000004 [ 67.370957][ T5305] RBP: 00007fee93a935f0 R08: 0000000000000006 R09: 0000000000000006 [ 67.370963][ T5305] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000000001 [ 67.370969][ T5305] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 [ 67.370978][ T5305] VM DIAGNOSIS: 15:13:06 Registers: info registers vcpu 0 CPU#0 RAX=000000000000006c RBX=ffffffff9a99a100 RCX=0000000000000000 RDX=00000000000003f8 RSI=0000000000000000 RDI=0000000000000020 RBP=0000000000000000 RSP=ffffc9000d0b6990 R8 =ffffffff8584562b R9 =1ffff1100684d046 R10=dffffc0000000000 R11=ffffffff858455e0 R12=dffffc0000000000 R13=000000000000006c R14=000000000000006c R15=00000000000003f8 RIP=ffffffff8584565e RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 000055558cbe4380 ffffffff 00c00000 GS =0000 ffff88801fc00000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ffeb36be080 CR3=0000000042512000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fffe0000 Opmask01=0000000000000001 Opmask02=00000000fff7ffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 746e6576652f7475 706e692f7665642f ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe3b4e1550 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fee93a9f260 00007fee93a935d8 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fee93a850e4 00007fee93a98260 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 2323232323232323 2323232323232323 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000034 746e6576652f7475 706e692f7665642f ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000017 574d4655460c5756 534d4a0c5546470c ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000