Warning: Permanently added '10.128.10.21' (ED25519) to the list of known hosts.
executing program
syzkaller login: [   50.299794][ T3500] input: syz1 as /devices/virtual/input/input5
[   50.311908][ T3500] 
[   50.314274][ T3500] ======================================================
[   50.321301][ T3500] WARNING: possible circular locking dependency detected
[   50.328325][ T3500] 5.15.158-syzkaller #0 Not tainted
[   50.333510][ T3500] ------------------------------------------------------
[   50.340511][ T3500] syz-executor233/3500 is trying to acquire lock:
[   50.346916][ T3500] ffff88807d5cd070 (&newdev->mutex){+.+.}-{3:3}, at: uinput_request_submit+0x19a/0x730
[   50.356601][ T3500] 
[   50.356601][ T3500] but task is already holding lock:
[   50.363954][ T3500] ffff88807d5cd8b0 (&ff->mutex){+.+.}-{3:3}, at: input_ff_upload+0x3a5/0xa00
[   50.372768][ T3500] 
[   50.372768][ T3500] which lock already depends on the new lock.
[   50.372768][ T3500] 
[   50.383159][ T3500] 
[   50.383159][ T3500] the existing dependency chain (in reverse order) is:
[   50.392166][ T3500] 
[   50.392166][ T3500] -> #3 (&ff->mutex){+.+.}-{3:3}:
[   50.399395][ T3500]        lock_acquire+0x1db/0x4f0
[   50.404424][ T3500]        __mutex_lock_common+0x1da/0x25a0
[   50.410162][ T3500]        mutex_lock_nested+0x17/0x20
[   50.415461][ T3500]        input_ff_flush+0x5a/0x130
[   50.420565][ T3500]        input_flush_device+0x94/0xc0
[   50.426026][ T3500]        evdev_release+0xf5/0x7c0
[   50.431054][ T3500]        __fput+0x3bf/0x890
[   50.435651][ T3500]        task_work_run+0x129/0x1a0
[   50.440766][ T3500]        exit_to_user_mode_loop+0x106/0x130
[   50.446657][ T3500]        exit_to_user_mode_prepare+0xb1/0x140
[   50.452720][ T3500]        syscall_exit_to_user_mode+0x5d/0x240
[   50.458961][ T3500]        do_syscall_64+0x47/0xb0
[   50.463918][ T3500]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   50.470377][ T3500] 
[   50.470377][ T3500] -> #2 (&dev->mutex#2){+.+.}-{3:3}:
[   50.477849][ T3500]        lock_acquire+0x1db/0x4f0
[   50.482866][ T3500]        __mutex_lock_common+0x1da/0x25a0
[   50.488579][ T3500]        mutex_lock_interruptible_nested+0x17/0x20
[   50.495077][ T3500]        input_register_handle+0x69/0x3a0
[   50.500791][ T3500]        kbd_connect+0xbb/0x120
[   50.505633][ T3500]        input_register_device+0xdae/0x1150
[   50.511538][ T3500]        acpi_button_add+0x62d/0x9f0
[   50.516825][ T3500]        acpi_device_probe+0xa3/0x2f0
[   50.522438][ T3500]        really_probe+0x24e/0xb60
[   50.527478][ T3500]        __driver_probe_device+0x1a2/0x3d0
[   50.533282][ T3500]        driver_probe_device+0x50/0x420
[   50.538827][ T3500]        __driver_attach+0x479/0x690
[   50.544128][ T3500]        bus_for_each_dev+0x17c/0x1f0
[   50.549504][ T3500]        bus_add_driver+0x334/0x600
[   50.554694][ T3500]        driver_register+0x2bf/0x3a0
[   50.559972][ T3500]        do_one_initcall+0x22b/0x7a0
[   50.565250][ T3500]        do_initcall_level+0x157/0x210
[   50.570703][ T3500]        do_initcalls+0x49/0x90
[   50.575547][ T3500]        kernel_init_freeable+0x425/0x5c0
[   50.581255][ T3500]        kernel_init+0x19/0x290
[   50.586108][ T3500]        ret_from_fork+0x1f/0x30
[   50.591051][ T3500] 
[   50.591051][ T3500] -> #1 (input_mutex){+.+.}-{3:3}:
[   50.598337][ T3500]        lock_acquire+0x1db/0x4f0
[   50.603349][ T3500]        __mutex_lock_common+0x1da/0x25a0
[   50.609072][ T3500]        mutex_lock_interruptible_nested+0x17/0x20
[   50.615573][ T3500]        input_register_device+0xb81/0x1150
[   50.621500][ T3500]        uinput_create_device+0x40e/0x620
[   50.627213][ T3500]        uinput_ioctl_handler+0xa83/0x16d0
[   50.633016][ T3500]        __se_sys_ioctl+0xf1/0x160
[   50.638123][ T3500]        do_syscall_64+0x3b/0xb0
[   50.643053][ T3500]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   50.649458][ T3500] 
[   50.649458][ T3500] -> #0 (&newdev->mutex){+.+.}-{3:3}:
[   50.657107][ T3500]        validate_chain+0x1649/0x5930
[   50.662503][ T3500]        __lock_acquire+0x1295/0x1ff0
[   50.667950][ T3500]        lock_acquire+0x1db/0x4f0
[   50.672965][ T3500]        __mutex_lock_common+0x1da/0x25a0
[   50.678872][ T3500]        mutex_lock_interruptible_nested+0x17/0x20
[   50.685406][ T3500]        uinput_request_submit+0x19a/0x730
[   50.691206][ T3500]        uinput_dev_upload_effect+0x195/0x230
[   50.697284][ T3500]        input_ff_upload+0x59c/0xa00
[   50.702644][ T3500]        evdev_ioctl_handler+0x178b/0x2090
[   50.708444][ T3500]        __se_sys_ioctl+0xf1/0x160
[   50.713584][ T3500]        do_syscall_64+0x3b/0xb0
[   50.718510][ T3500]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   50.724919][ T3500] 
[   50.724919][ T3500] other info that might help us debug this:
[   50.724919][ T3500] 
[   50.735134][ T3500] Chain exists of:
[   50.735134][ T3500]   &newdev->mutex --> &dev->mutex#2 --> &ff->mutex
[   50.735134][ T3500] 
[   50.747493][ T3500]  Possible unsafe locking scenario:
[   50.747493][ T3500] 
[   50.754963][ T3500]        CPU0                    CPU1
[   50.760341][ T3500]        ----                    ----
[   50.765699][ T3500]   lock(&ff->mutex);
[   50.769673][ T3500]                                lock(&dev->mutex#2);
[   50.776437][ T3500]                                lock(&ff->mutex);
[   50.782957][ T3500]   lock(&newdev->mutex);
[   50.787280][ T3500] 
[   50.787280][ T3500]  *** DEADLOCK ***
[   50.787280][ T3500] 
[   50.795431][ T3500] 2 locks held by syz-executor233/3500:
[   50.800965][ T3500]  #0: ffff888078cfa110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_ioctl_handler+0x124/0x2090
[   50.810892][ T3500]  #1: ffff88807d5cd8b0 (&ff->mutex){+.+.}-{3:3}, at: input_ff_upload+0x3a5/0xa00
[   50.820119][ T3500] 
[   50.820119][ T3500] stack backtrace:
[   50.826027][ T3500] CPU: 0 PID: 3500 Comm: syz-executor233 Not tainted 5.15.158-syzkaller #0
[   50.834603][ T3500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   50.844651][ T3500] Call Trace:
[   50.847927][ T3500]  <TASK>
[   50.850853][ T3500]  dump_stack_lvl+0x1e3/0x2d0
[   50.855537][ T3500]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[   50.861168][ T3500]  ? print_circular_bug+0x12b/0x1a0
[   50.866368][ T3500]  check_noncircular+0x2f8/0x3b0
[   50.871300][ T3500]  ? add_chain_block+0x850/0x850
[   50.876251][ T3500]  ? lockdep_lock+0x11f/0x2a0
[   50.881012][ T3500]  ? stack_trace_save+0x113/0x1c0
[   50.886065][ T3500]  validate_chain+0x1649/0x5930
[   50.890920][ T3500]  ? lockdep_lock+0x2a0/0x2a0
[   50.895600][ T3500]  ? reacquire_held_locks+0x660/0x660
[   50.900965][ T3500]  ? validate_chain+0x13bd/0x5930
[   50.905989][ T3500]  ? stack_trace_save+0x113/0x1c0
[   50.911011][ T3500]  ? mark_lock+0x98/0x340
[   50.915334][ T3500]  __lock_acquire+0x1295/0x1ff0
[   50.920183][ T3500]  lock_acquire+0x1db/0x4f0
[   50.924675][ T3500]  ? uinput_request_submit+0x19a/0x730
[   50.930162][ T3500]  ? read_lock_is_recursive+0x10/0x10
[   50.935550][ T3500]  ? __lock_acquire+0x1295/0x1ff0
[   50.940571][ T3500]  ? __might_sleep+0xc0/0xc0
[   50.945170][ T3500]  __mutex_lock_common+0x1da/0x25a0
[   50.950372][ T3500]  ? uinput_request_submit+0x19a/0x730
[   50.955832][ T3500]  ? uinput_request_alloc_id+0x3c5/0x3f0
[   50.961530][ T3500]  ? do_raw_spin_lock+0x14a/0x370
[   50.966590][ T3500]  ? uinput_request_submit+0x19a/0x730
[   50.972078][ T3500]  ? __lock_acquire+0x1ff0/0x1ff0
[   50.977142][ T3500]  ? mutex_lock_io_nested+0x60/0x60
[   50.982347][ T3500]  ? do_raw_spin_unlock+0x137/0x8b0
[   50.987555][ T3500]  ? _raw_spin_unlock+0x24/0x40
[   50.992406][ T3500]  mutex_lock_interruptible_nested+0x17/0x20
[   50.998389][ T3500]  uinput_request_submit+0x19a/0x730
[   51.003676][ T3500]  ? __might_sleep+0xc0/0xc0
[   51.008268][ T3500]  ? uinput_dev_event+0x340/0x340
[   51.013291][ T3500]  ? preempt_schedule_thunk+0x16/0x18
[   51.018664][ T3500]  ? __mutex_lock_common+0x45a/0x25a0
[   51.024063][ T3500]  uinput_dev_upload_effect+0x195/0x230
[   51.029624][ T3500]  ? uinput_abs_setup+0x4d0/0x4d0
[   51.034652][ T3500]  input_ff_upload+0x59c/0xa00
[   51.039419][ T3500]  evdev_ioctl_handler+0x178b/0x2090
[   51.044706][ T3500]  ? evdev_fasync+0x60/0x60
[   51.049264][ T3500]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   51.055246][ T3500]  ? vtime_user_exit+0x2d1/0x400
[   51.060201][ T3500]  ? bpf_lsm_file_ioctl+0x5/0x10
[   51.065283][ T3500]  ? security_file_ioctl+0x7d/0xa0
[   51.070403][ T3500]  ? evdev_poll+0x1e0/0x1e0
[   51.074911][ T3500]  __se_sys_ioctl+0xf1/0x160
[   51.079505][ T3500]  do_syscall_64+0x3b/0xb0
[   51.083939][ T3500]  ? clear_bhb_loop+0x15/0x70
[   51.088632][ T3500]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   51.094519][ T3500] RIP: 0033:0x7f8499890979
[   51.098929][ T3500] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   51.118528][ T3500] RSP: 002b:00007ffc1c1a74b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   51.126936][ T3500] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8499890979
[   51.134904][ T3500] RDX: 0000000020000300 RSI: 0000000040304580 RDI: 0000000000000004
[   51.142902][ T3500] RBP: 00007f84999035f0 R08: 0000000000000006 R09: 0000000000000006
[   51.150888][ T3500] R10: 000000000000001f R11: 0000000000000246 R12: 0000000000000001
[   51.158852][ T3500] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
[   51.166828][ T3500]  </TASK>