Warning: Permanently added '10.128.0.41' (ED25519) to the list of known hosts. [ 35.370859][ T4292] input: syz1 as /devices/virtual/input/input2 executing program executing program executing program executing program [ 35.383594][ T4300] input: syz1 as /devices/virtual/input/input3 executing program [ 35.390719][ T4297] input: syz1 as /devices/virtual/input/input6 [ 35.393294][ T4298] input: syz1 as /devices/virtual/input/input5 [ 35.400163][ T4296] input: syz1 as /devices/virtual/input/input4 [ 35.449218][ T4300] [ 35.450000][ T4300] ====================================================== [ 35.451907][ T4300] WARNING: possible circular locking dependency detected [ 35.453777][ T4300] 6.1.134-syzkaller #0 Not tainted [ 35.455151][ T4300] ------------------------------------------------------ [ 35.457097][ T4300] syz-executor967/4300 is trying to acquire lock: [ 35.458781][ T4300] ffff0000d8b2e870 (&newdev->mutex){+.+.}-{3:3}, at: uinput_request_submit+0x188/0x654 [ 35.461480][ T4300] [ 35.461480][ T4300] but task is already holding lock: [ 35.463487][ T4300] ffff0000d8b2f0b0 (&ff->mutex){+.+.}-{3:3}, at: input_ff_upload+0x31c/0x834 [ 35.465909][ T4300] [ 35.465909][ T4300] which lock already depends on the new lock. [ 35.465909][ T4300] [ 35.469250][ T4300] [ 35.469250][ T4300] the existing dependency chain (in reverse order) is: [ 35.471532][ T4300] [ 35.471532][ T4300] -> #3 (&ff->mutex){+.+.}-{3:3}: [ 35.473496][ T4300] __mutex_lock_common+0x190/0x21a0 [ 35.475092][ T4300] mutex_lock_nested+0x38/0x44 [ 35.476488][ T4300] input_ff_upload+0x31c/0x834 [ 35.477909][ T4300] evdev_ioctl_handler+0x1fd8/0x2d60 [ 35.479479][ T4300] evdev_ioctl+0x38/0x4c [ 35.480807][ T4300] __arm64_sys_ioctl+0x14c/0x1c8 [ 35.482285][ T4300] invoke_syscall+0x98/0x2bc [ 35.483637][ T4300] el0_svc_common+0x138/0x258 [ 35.485030][ T4300] do_el0_svc+0x58/0x13c [ 35.486357][ T4300] el0_svc+0x58/0x168 [ 35.487706][ T4300] el0t_64_sync_handler+0x84/0xf0 [ 35.489288][ T4300] el0t_64_sync+0x18c/0x190 [ 35.490596][ T4300] [ 35.490596][ T4300] -> #2 (&evdev->mutex){+.+.}-{3:3}: [ 35.492676][ T4300] __mutex_lock_common+0x190/0x21a0 [ 35.494285][ T4300] mutex_lock_nested+0x38/0x44 [ 35.495702][ T4300] evdev_cleanup+0x38/0x16c [ 35.497050][ T4300] evdev_disconnect+0x58/0xc0 [ 35.498460][ T4300] __input_unregister_device+0x31c/0x5c0 [ 35.500099][ T4300] input_unregister_device+0xb0/0xfc [ 35.501666][ T4300] uinput_destroy_device+0x5a4/0x79c [ 35.503234][ T4300] uinput_release+0x44/0x60 [ 35.504597][ T4300] __fput+0x1c8/0x7c8 [ 35.505820][ T4300] ____fput+0x20/0x30 [ 35.507023][ T4300] task_work_run+0x240/0x2f0 [ 35.508395][ T4300] do_exit+0x550/0x1a84 [ 35.509615][ T4300] do_group_exit+0x194/0x22c [ 35.510997][ T4300] __wake_up_parent+0x0/0x60 [ 35.512417][ T4300] invoke_syscall+0x98/0x2bc [ 35.513804][ T4300] el0_svc_common+0x138/0x258 [ 35.515167][ T4300] do_el0_svc+0x58/0x13c [ 35.516437][ T4300] el0_svc+0x58/0x168 [ 35.517642][ T4300] el0t_64_sync_handler+0x84/0xf0 [ 35.519154][ T4300] el0t_64_sync+0x18c/0x190 [ 35.520554][ T4300] [ 35.520554][ T4300] -> #1 (input_mutex){+.+.}-{3:3}: [ 35.522506][ T4300] __mutex_lock_common+0x190/0x21a0 [ 35.524116][ T4300] mutex_lock_interruptible_nested+0x38/0x44 [ 35.525835][ T4300] input_register_device+0x914/0xf8c [ 35.527363][ T4300] uinput_create_device+0x360/0x528 [ 35.528918][ T4300] uinput_ioctl_handler+0x8b0/0x16c0 [ 35.530521][ T4300] uinput_ioctl+0x38/0x4c [ 35.531819][ T4300] __arm64_sys_ioctl+0x14c/0x1c8 [ 35.533686][ T4300] invoke_syscall+0x98/0x2bc [ 35.535156][ T4300] el0_svc_common+0x138/0x258 [ 35.536623][ T4300] do_el0_svc+0x58/0x13c [ 35.537939][ T4300] el0_svc+0x58/0x168 [ 35.539226][ T4300] el0t_64_sync_handler+0x84/0xf0 [ 35.540941][ T4300] el0t_64_sync+0x18c/0x190 [ 35.542360][ T4300] [ 35.542360][ T4300] -> #0 (&newdev->mutex){+.+.}-{3:3}: [ 35.544558][ T4300] __lock_acquire+0x3338/0x7680 [ 35.546182][ T4300] lock_acquire+0x26c/0x7cc [ 35.547594][ T4300] __mutex_lock_common+0x190/0x21a0 [ 35.549188][ T4300] mutex_lock_interruptible_nested+0x38/0x44 [ 35.550984][ T4300] uinput_request_submit+0x188/0x654 [ 35.552627][ T4300] uinput_dev_upload_effect+0x170/0x218 [ 35.554261][ T4300] input_ff_upload+0x49c/0x834 [ 35.555779][ T4300] evdev_ioctl_handler+0x1fd8/0x2d60 [ 35.557392][ T4300] evdev_ioctl+0x38/0x4c [ 35.558673][ T4300] __arm64_sys_ioctl+0x14c/0x1c8 [ 35.560140][ T4300] invoke_syscall+0x98/0x2bc [ 35.561509][ T4300] el0_svc_common+0x138/0x258 [ 35.562931][ T4300] do_el0_svc+0x58/0x13c [ 35.564212][ T4300] el0_svc+0x58/0x168 [ 35.565513][ T4300] el0t_64_sync_handler+0x84/0xf0 [ 35.567040][ T4300] el0t_64_sync+0x18c/0x190 [ 35.568434][ T4300] [ 35.568434][ T4300] other info that might help us debug this: [ 35.568434][ T4300] [ 35.571236][ T4300] Chain exists of: [ 35.571236][ T4300] &newdev->mutex --> &evdev->mutex --> &ff->mutex [ 35.571236][ T4300] [ 35.574697][ T4300] Possible unsafe locking scenario: [ 35.574697][ T4300] [ 35.576975][ T4300] CPU0 CPU1 [ 35.578458][ T4300] ---- ---- [ 35.579960][ T4300] lock(&ff->mutex); [ 35.581065][ T4300] lock(&evdev->mutex); [ 35.582998][ T4300] lock(&ff->mutex); [ 35.584936][ T4300] lock(&newdev->mutex); [ 35.586153][ T4300] [ 35.586153][ T4300] *** DEADLOCK *** [ 35.586153][ T4300] [ 35.588444][ T4300] 2 locks held by syz-executor967/4300: [ 35.590025][ T4300] #0: ffff0000d0ee4110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_ioctl_handler+0x11c/0x2d60 [ 35.593267][ T4300] #1: ffff0000d8b2f0b0 (&ff->mutex){+.+.}-{3:3}, at: input_ff_upload+0x31c/0x834 [ 35.595885][ T4300] [ 35.595885][ T4300] stack backtrace: [ 35.597535][ T4300] CPU: 1 PID: 4300 Comm: syz-executor967 Not tainted 6.1.134-syzkaller #0 [ 35.599954][ T4300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 35.602862][ T4300] Call trace: [ 35.603728][ T4300] dump_backtrace+0x1c8/0x1f4 [ 35.605028][ T4300] show_stack+0x2c/0x3c [ 35.606134][ T4300] dump_stack_lvl+0x108/0x170 [ 35.607384][ T4300] dump_stack+0x1c/0x105c [ 35.608610][ T4300] print_circular_bug+0x150/0x1b8 [ 35.610164][ T4300] check_noncircular+0x2cc/0x378 [ 35.611505][ T4300] __lock_acquire+0x3338/0x7680 [ 35.612860][ T4300] lock_acquire+0x26c/0x7cc [ 35.614107][ T4300] __mutex_lock_common+0x190/0x21a0 [ 35.615536][ T4300] mutex_lock_interruptible_nested+0x38/0x44 [ 35.617170][ T4300] uinput_request_submit+0x188/0x654 [ 35.618608][ T4300] uinput_dev_upload_effect+0x170/0x218 [ 35.620145][ T4300] input_ff_upload+0x49c/0x834 [ 35.621436][ T4300] evdev_ioctl_handler+0x1fd8/0x2d60 [ 35.622888][ T4300] evdev_ioctl+0x38/0x4c [ 35.624058][ T4300] __arm64_sys_ioctl+0x14c/0x1c8 [ 35.625389][ T4300] invoke_syscall+0x98/0x2bc [ 35.626631][ T4300] el0_svc_common+0x138/0x258 [ 35.627938][ T4300] do_el0_svc+0x58/0x13c [ 35.629129][ T4300] el0_svc+0x58/0x168 [ 35.630319][ T4300] el0t_64_sync_handler+0x84/0xf0 [ 35.631788][ T4300] el0t_64_sync+0x18c/0x190 executing program [ 35.635914][ T4305] input: syz1 as /devices/virtual/input/input7 executing program [ 35.686646][ T4306] input: syz1 as /devices/virtual/input/input8 executing program [ 40.450253][ T4307] input: syz1 as /devices/virtual/input/input9 executing program [ 40.491176][ T4308] input: syz1 as /devices/virtual/input/input10 executing program [ 40.718837][ T4309] input: syz1 as /devices/virtual/input/input11 executing program [ 40.778392][ T4310] input: syz1 as /devices/virtual/input/input12