Warning: Permanently added '10.128.0.17' (ED25519) to the list of known hosts.
executing program
[   49.412932][ T3541] input: syz1 as /devices/virtual/input/input5
[   49.423474][ T3541] 
[   49.425829][ T3541] ======================================================
[   49.432847][ T3541] WARNING: possible circular locking dependency detected
[   49.439860][ T3541] 6.1.90-syzkaller #0 Not tainted
[   49.444886][ T3541] ------------------------------------------------------
[   49.451881][ T3541] syz-executor159/3541 is trying to acquire lock:
[   49.458267][ T3541] ffff8880765b4070 (&newdev->mutex){+.+.}-{3:3}, at: uinput_request_submit+0x198/0x730
[   49.467925][ T3541] 
[   49.467925][ T3541] but task is already holding lock:
[   49.475278][ T3541] ffff8880765b48b0 (&ff->mutex){+.+.}-{3:3}, at: input_ff_upload+0x3e0/0xae0
[   49.484067][ T3541] 
[   49.484067][ T3541] which lock already depends on the new lock.
[   49.484067][ T3541] 
[   49.494466][ T3541] 
[   49.494466][ T3541] the existing dependency chain (in reverse order) is:
[   49.503474][ T3541] 
[   49.503474][ T3541] -> #3 (&ff->mutex){+.+.}-{3:3}:
[   49.510684][ T3541]        lock_acquire+0x1f8/0x5a0
[   49.515706][ T3541]        __mutex_lock+0x132/0xd80
[   49.520728][ T3541]        input_ff_flush+0x5a/0x130
[   49.525830][ T3541]        input_flush_device+0x94/0xc0
[   49.531186][ T3541]        evdev_release+0xf5/0x7c0
[   49.536210][ T3541]        __fput+0x3b7/0x890
[   49.540701][ T3541]        task_work_run+0x246/0x300
[   49.545798][ T3541]        exit_to_user_mode_loop+0xde/0x100
[   49.551590][ T3541]        exit_to_user_mode_prepare+0xb1/0x140
[   49.557642][ T3541]        syscall_exit_to_user_mode+0x60/0x270
[   49.563694][ T3541]        do_syscall_64+0x47/0xb0
[   49.568618][ T3541]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   49.575023][ T3541] 
[   49.575023][ T3541] -> #2 (&dev->mutex#2){+.+.}-{3:3}:
[   49.582504][ T3541]        lock_acquire+0x1f8/0x5a0
[   49.587549][ T3541]        __mutex_lock+0x132/0xd80
[   49.592576][ T3541]        input_register_handle+0x69/0x3a0
[   49.598300][ T3541]        kbd_connect+0xbb/0x120
[   49.603143][ T3541]        input_register_device+0xcec/0x1080
[   49.609026][ T3541]        acpi_button_add+0x62a/0x9f0
[   49.614315][ T3541]        acpi_device_probe+0xa0/0x2f0
[   49.619683][ T3541]        really_probe+0x2ab/0xcb0
[   49.624701][ T3541]        __driver_probe_device+0x1a2/0x3d0
[   49.630502][ T3541]        driver_probe_device+0x50/0x420
[   49.636059][ T3541]        __driver_attach+0x458/0x6f0
[   49.641427][ T3541]        bus_for_each_dev+0x17c/0x1f0
[   49.646801][ T3541]        bus_add_driver+0x334/0x600
[   49.652007][ T3541]        driver_register+0x2bf/0x3a0
[   49.657294][ T3541]        do_one_initcall+0x265/0x8f0
[   49.662577][ T3541]        do_initcall_level+0x157/0x207
[   49.668029][ T3541]        do_initcalls+0x49/0x86
[   49.672869][ T3541]        kernel_init_freeable+0x45c/0x60f
[   49.678586][ T3541]        kernel_init+0x19/0x290
[   49.683422][ T3541]        ret_from_fork+0x1f/0x30
[   49.688354][ T3541] 
[   49.688354][ T3541] -> #1 (input_mutex){+.+.}-{3:3}:
[   49.695638][ T3541]        lock_acquire+0x1f8/0x5a0
[   49.700655][ T3541]        __mutex_lock+0x132/0xd80
[   49.705753][ T3541]        input_register_device+0xadd/0x1080
[   49.711633][ T3541]        uinput_create_device+0x40e/0x620
[   49.717344][ T3541]        uinput_ioctl_handler+0xa83/0x16d0
[   49.723140][ T3541]        __se_sys_ioctl+0xf1/0x160
[   49.728247][ T3541]        do_syscall_64+0x3b/0xb0
[   49.733176][ T3541]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   49.739578][ T3541] 
[   49.739578][ T3541] -> #0 (&newdev->mutex){+.+.}-{3:3}:
[   49.747124][ T3541]        validate_chain+0x1661/0x5950
[   49.752490][ T3541]        __lock_acquire+0x125b/0x1f80
[   49.757854][ T3541]        lock_acquire+0x1f8/0x5a0
[   49.762871][ T3541]        __mutex_lock+0x132/0xd80
[   49.767880][ T3541]        uinput_request_submit+0x198/0x730
[   49.773682][ T3541]        uinput_dev_upload_effect+0x195/0x230
[   49.779741][ T3541]        input_ff_upload+0x5d7/0xae0
[   49.785017][ T3541]        evdev_ioctl_handler+0x16ee/0x2170
[   49.790811][ T3541]        __se_sys_ioctl+0xf1/0x160
[   49.795913][ T3541]        do_syscall_64+0x3b/0xb0
[   49.800843][ T3541]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   49.807244][ T3541] 
[   49.807244][ T3541] other info that might help us debug this:
[   49.807244][ T3541] 
[   49.817455][ T3541] Chain exists of:
[   49.817455][ T3541]   &newdev->mutex --> &dev->mutex#2 --> &ff->mutex
[   49.817455][ T3541] 
[   49.829784][ T3541]  Possible unsafe locking scenario:
[   49.829784][ T3541] 
[   49.837215][ T3541]        CPU0                    CPU1
[   49.842571][ T3541]        ----                    ----
[   49.847920][ T3541]   lock(&ff->mutex);
[   49.851886][ T3541]                                lock(&dev->mutex#2);
[   49.858636][ T3541]                                lock(&ff->mutex);
[   49.865120][ T3541]   lock(&newdev->mutex);
[   49.869433][ T3541] 
[   49.869433][ T3541]  *** DEADLOCK ***
[   49.869433][ T3541] 
[   49.877557][ T3541] 2 locks held by syz-executor159/3541:
[   49.883085][ T3541]  #0: ffff888021534110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_ioctl_handler+0x124/0x2170
[   49.892992][ T3541]  #1: ffff8880765b48b0 (&ff->mutex){+.+.}-{3:3}, at: input_ff_upload+0x3e0/0xae0
[   49.902201][ T3541] 
[   49.902201][ T3541] stack backtrace:
[   49.908073][ T3541] CPU: 0 PID: 3541 Comm: syz-executor159 Not tainted 6.1.90-syzkaller #0
[   49.916475][ T3541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   49.926521][ T3541] Call Trace:
[   49.929789][ T3541]  <TASK>
[   49.932708][ T3541]  dump_stack_lvl+0x1e3/0x2cb
[   49.937387][ T3541]  ? nf_tcp_handle_invalid+0x642/0x642
[   49.942838][ T3541]  ? print_circular_bug+0x12b/0x1a0
[   49.948023][ T3541]  check_noncircular+0x2fa/0x3b0
[   49.952949][ T3541]  ? add_chain_block+0x850/0x850
[   49.957876][ T3541]  ? lockdep_lock+0x11f/0x2a0
[   49.962891][ T3541]  ? stack_trace_save+0x113/0x1c0
[   49.967906][ T3541]  ? stack_trace_snprint+0xe0/0xe0
[   49.973015][ T3541]  ? _find_first_zero_bit+0xd0/0x100
[   49.978295][ T3541]  validate_chain+0x1661/0x5950
[   49.983142][ T3541]  ? add_chain_block+0x850/0x850
[   49.988078][ T3541]  ? validate_chain+0x13ce/0x5950
[   49.993092][ T3541]  ? reacquire_held_locks+0x660/0x660
[   49.998462][ T3541]  ? stack_trace_save+0x113/0x1c0
[   50.003476][ T3541]  ? reacquire_held_locks+0x660/0x660
[   50.008839][ T3541]  ? stack_trace_snprint+0xe0/0xe0
[   50.013939][ T3541]  ? lockdep_unlock+0x165/0x300
[   50.018778][ T3541]  ? mark_lock+0x9a/0x340
[   50.023100][ T3541]  __lock_acquire+0x125b/0x1f80
[   50.027944][ T3541]  lock_acquire+0x1f8/0x5a0
[   50.032439][ T3541]  ? uinput_request_submit+0x198/0x730
[   50.037891][ T3541]  ? read_lock_is_recursive+0x10/0x10
[   50.043258][ T3541]  ? __might_sleep+0xb0/0xb0
[   50.047837][ T3541]  __mutex_lock+0x132/0xd80
[   50.052328][ T3541]  ? uinput_request_submit+0x198/0x730
[   50.057778][ T3541]  ? __lock_acquire+0x1f80/0x1f80
[   50.062788][ T3541]  ? uinput_request_submit+0x198/0x730
[   50.068236][ T3541]  ? mutex_lock_nested+0x10/0x10
[   50.073161][ T3541]  ? _raw_spin_unlock+0x24/0x40
[   50.078004][ T3541]  ? uinput_request_alloc_id+0x3c5/0x3f0
[   50.083628][ T3541]  uinput_request_submit+0x198/0x730
[   50.088901][ T3541]  ? preempt_schedule+0xd9/0xe0
[   50.093741][ T3541]  ? schedule_preempt_disabled+0x20/0x20
[   50.099363][ T3541]  ? uinput_dev_event+0x340/0x340
[   50.104380][ T3541]  ? trace_raw_output_contention_end+0xd0/0xd0
[   50.110520][ T3541]  ? preempt_schedule_thunk+0x16/0x18
[   50.115882][ T3541]  uinput_dev_upload_effect+0x195/0x230
[   50.121678][ T3541]  ? uinput_abs_setup+0x4d0/0x4d0
[   50.126695][ T3541]  ? __might_fault+0xa1/0x110
[   50.131361][ T3541]  input_ff_upload+0x5d7/0xae0
[   50.136115][ T3541]  evdev_ioctl_handler+0x16ee/0x2170
[   50.141389][ T3541]  ? evdev_fasync+0x60/0x60
[   50.145879][ T3541]  ? kmem_cache_free+0x292/0x510
[   50.150804][ T3541]  ? do_sys_openat2+0x42b/0x500
[   50.155649][ T3541]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   50.161649][ T3541]  ? print_irqtrace_events+0x210/0x210
[   50.167112][ T3541]  ? bpf_lsm_file_ioctl+0x5/0x10
[   50.172039][ T3541]  ? security_file_ioctl+0x7d/0xa0
[   50.177142][ T3541]  ? evdev_poll+0x1e0/0x1e0
[   50.181635][ T3541]  __se_sys_ioctl+0xf1/0x160
[   50.186216][ T3541]  do_syscall_64+0x3b/0xb0
[   50.190623][ T3541]  ? clear_bhb_loop+0x45/0xa0
[   50.195291][ T3541]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   50.201172][ T3541] RIP: 0033:0x7f78a76eb269
[   50.205571][ T3541] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   50.225158][ T3541] RSP: 002b:00007ffd827d23d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   50.233559][ T3541] RAX: ffffffffffffffda RBX: 00007ffd827d25a8 RCX: 00007f78a76eb269
[   50.241601][ T3541] RDX: 0000000020000300 RSI: 0000000040304580 RDI: 0000000000000004
[   50.249576][ T3541] RBP: 00007f78a775e610 R08: 0000000000000000 R09: 00007ffd827d25a8
[   50.257560][ T3541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   50.265525][ T3541] R13: 00007ffd827d2598 R14: 0000000000000001 R15: 0000000000000001
[   50.273489][ T3541]  </TASK>