syzbot

======================================================
WARNING: possible circular locking dependency detected
6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0 Not tainted
------------------------------------------------------
syz.3.683/9672 is trying to acquire lock:
ffff88805c9ba2c0 (&dev->mutex#2){+.+.}-{4:4}, at: input_disconnect_device drivers/input/input.c:729 [inline]
ffff88805c9ba2c0 (&dev->mutex#2){+.+.}-{4:4}, at: __input_unregister_device+0x31/0x620 drivers/input/input.c:2275

but task is already holding lock:
ffff88805ca15e20 (&hdev->ll_open_lock){+.+.}-{4:4}, at: hid_hw_open+0x28/0x170 drivers/hid/hid-core.c:2392

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&hdev->ll_open_lock){+.+.}-{4:4}:
       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
       __mutex_lock_common kernel/locking/mutex.c:585 [inline]
       __mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735
       hid_hw_open+0x28/0x170 drivers/hid/hid-core.c:2392
       input_open_device+0x1d2/0x340 drivers/input/input.c:620
       kbd_connect+0xe9/0x130 drivers/tty/vt/keyboard.c:1591
       input_attach_handler drivers/input/input.c:1032 [inline]
       input_register_device+0xd3b/0x1110 drivers/input/input.c:2475
       hidinput_connect+0x23c4/0x2c00 drivers/hid/hid-input.c:2343
       hid_connect+0x482/0x1ac0 drivers/hid/hid-core.c:2240
       hid_hw_start drivers/hid/hid-core.c:2355 [inline]
       __hid_device_probe drivers/hid/hid-core.c:2722 [inline]
       hid_device_probe+0x595/0x710 drivers/hid/hid-core.c:2755
       really_probe+0x2b8/0xad0 drivers/base/dd.c:658
       __driver_probe_device+0x1a2/0x390 drivers/base/dd.c:800
       driver_probe_device+0x50/0x430 drivers/base/dd.c:830
       __device_attach_driver+0x2d6/0x530 drivers/base/dd.c:958
       bus_for_each_drv+0x24e/0x2e0 drivers/base/bus.c:459
       __device_attach+0x333/0x520 drivers/base/dd.c:1030
       bus_probe_device+0x189/0x260 drivers/base/bus.c:534
       device_add+0x856/0xbf0 drivers/base/core.c:3665
       hid_add_device+0x3b6/0x520 drivers/hid/hid-core.c:2901
       usbhid_probe+0xb52/0xec0 drivers/hid/usbhid/hid-core.c:1431
       usb_probe_interface+0x641/0xbb0 drivers/usb/core/driver.c:396
       really_probe+0x2b8/0xad0 drivers/base/dd.c:658
       __driver_probe_device+0x1a2/0x390 drivers/base/dd.c:800
       driver_probe_device+0x50/0x430 drivers/base/dd.c:830
       __device_attach_driver+0x2d6/0x530 drivers/base/dd.c:958
       bus_for_each_drv+0x24e/0x2e0 drivers/base/bus.c:459
       __device_attach+0x333/0x520 drivers/base/dd.c:1030
       bus_probe_device+0x189/0x260 drivers/base/bus.c:534
       device_add+0x856/0xbf0 drivers/base/core.c:3665
       usb_set_configuration+0x1976/0x1fb0 drivers/usb/core/message.c:2210
       usb_generic_driver_probe+0x88/0x140 drivers/usb/core/generic.c:254
       usb_probe_device+0x1b8/0x380 drivers/usb/core/driver.c:291
       really_probe+0x2b8/0xad0 drivers/base/dd.c:658
       __driver_probe_device+0x1a2/0x390 drivers/base/dd.c:800
       driver_probe_device+0x50/0x430 drivers/base/dd.c:830
       __device_attach_driver+0x2d6/0x530 drivers/base/dd.c:958
       bus_for_each_drv+0x24e/0x2e0 drivers/base/bus.c:459
       __device_attach+0x333/0x520 drivers/base/dd.c:1030
       bus_probe_device+0x189/0x260 drivers/base/bus.c:534
       device_add+0x856/0xbf0 drivers/base/core.c:3665
       usb_new_device+0x104a/0x19a0 drivers/usb/core/hub.c:2651
       hub_port_connect drivers/usb/core/hub.c:5521 [inline]
       hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
       port_event drivers/usb/core/hub.c:5821 [inline]
       hub_event+0x2d6d/0x5150 drivers/usb/core/hub.c:5903
       process_one_work kernel/workqueue.c:3229 [inline]
       process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310
       worker_thread+0x870/0xd30 kernel/workqueue.c:3391
       kthread+0x2f0/0x390 kernel/kthread.c:389
       ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
       ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

-> #0 (&dev->mutex#2){+.+.}-{4:4}:
       check_prev_add kernel/locking/lockdep.c:3161 [inline]
       check_prevs_add kernel/locking/lockdep.c:3280 [inline]
       validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904
       __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226
       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
       __mutex_lock_common kernel/locking/mutex.c:585 [inline]
       __mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735
       input_disconnect_device drivers/input/input.c:729 [inline]
       __input_unregister_device+0x31/0x620 drivers/input/input.c:2275
       input_unregister_device+0xa3/0x100 drivers/input/input.c:2516
       steam_client_ll_open+0x88/0xa0 drivers/hid/hid-steam.c:1121
       hid_hw_open+0xe3/0x170 drivers/hid/hid-core.c:2397
       hidraw_open+0x298/0x8e0 drivers/hid/hidraw.c:308
       chrdev_open+0x521/0x600 fs/char_dev.c:414
       do_dentry_open+0xbe1/0x1b70 fs/open.c:945
       vfs_open+0x3e/0x330 fs/open.c:1075
       do_open fs/namei.c:3828 [inline]
       path_openat+0x2c84/0x3590 fs/namei.c:3987
       do_filp_open+0x27f/0x4e0 fs/namei.c:4014
       do_sys_openat2+0x13e/0x1d0 fs/open.c:1402
       do_sys_open fs/open.c:1417 [inline]
       __do_sys_openat fs/open.c:1433 [inline]
       __se_sys_openat fs/open.c:1428 [inline]
       __x64_sys_openat+0x247/0x2a0 fs/open.c:1428
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&hdev->ll_open_lock);
                               lock(&dev->mutex#2);
                               lock(&hdev->ll_open_lock);
  lock(&dev->mutex#2);

 *** DEADLOCK ***

2 locks held by syz.3.683/9672:
 #0: ffffffff8faf9ad0 (minors_rwsem){+.+.}-{4:4}, at: hidraw_open+0x93/0x8e0 drivers/hid/hidraw.c:294
 #1: ffff88805ca15e20 (&hdev->ll_open_lock){+.+.}-{4:4}, at: hid_hw_open+0x28/0x170 drivers/hid/hid-core.c:2392

stack backtrace:
CPU: 1 UID: 0 PID: 9672 Comm: syz.3.683 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2074
 check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2206
 check_prev_add kernel/locking/lockdep.c:3161 [inline]
 check_prevs_add kernel/locking/lockdep.c:3280 [inline]
 validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904
 __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
 __mutex_lock_common kernel/locking/mutex.c:585 [inline]
 __mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735
 input_disconnect_device drivers/input/input.c:729 [inline]
 __input_unregister_device+0x31/0x620 drivers/input/input.c:2275
 input_unregister_device+0xa3/0x100 drivers/input/input.c:2516
 steam_client_ll_open+0x88/0xa0 drivers/hid/hid-steam.c:1121
 hid_hw_open+0xe3/0x170 drivers/hid/hid-core.c:2397
 hidraw_open+0x298/0x8e0 drivers/hid/hidraw.c:308
 chrdev_open+0x521/0x600 fs/char_dev.c:414
 do_dentry_open+0xbe1/0x1b70 fs/open.c:945
 vfs_open+0x3e/0x330 fs/open.c:1075
 do_open fs/namei.c:3828 [inline]
 path_openat+0x2c84/0x3590 fs/namei.c:3987
 do_filp_open+0x27f/0x4e0 fs/namei.c:4014
 do_sys_openat2+0x13e/0x1d0 fs/open.c:1402
 do_sys_open fs/open.c:1417 [inline]
 __do_sys_openat fs/open.c:1433 [inline]
 __se_sys_openat fs/open.c:1428 [inline]
 __x64_sys_openat+0x247/0x2a0 fs/open.c:1428
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f60bf384690
Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
RSP: 002b:00007f60c014db70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 000000000004a141 RCX: 00007f60bf384690
RDX: 000000000004a141 RSI: 00007f60c014dc10 RDI: 00000000ffffff9c
RBP: 00007f60c014dc10 R08: 0000000000000000 R09: 0023776172646968
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f60bf575fa0 R15: 00007f60bf69fa28
 </TASK>