syzbot

======================================================
WARNING: possible circular locking dependency detected
6.11.0-rc6-syzkaller-00019-g67784a74e258 #0 Not tainted
------------------------------------------------------
syz.1.1485/10317 is trying to acquire lock:
ffff8880316902c0 (&dev->mutex#2){+.+.}-{3:3}, at: input_disconnect_device drivers/input/input.c:724 [inline]
ffff8880316902c0 (&dev->mutex#2){+.+.}-{3:3}, at: __input_unregister_device+0x31/0x620 drivers/input/input.c:2273

but task is already holding lock:
ffff88804e749e28 (&hdev->ll_open_lock){+.+.}-{3:3}, at: hid_hw_open+0x28/0x170 drivers/hid/hid-core.c:2361

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&hdev->ll_open_lock){+.+.}-{3:3}:
       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5759
       __mutex_lock_common kernel/locking/mutex.c:608 [inline]
       __mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752
       hid_hw_open+0x28/0x170 drivers/hid/hid-core.c:2361
       input_open_device+0x191/0x2e0 drivers/input/input.c:617
       mousedev_open_device+0xc7/0x160 drivers/input/mousedev.c:430
       mousedev_open+0x2cf/0x470 drivers/input/mousedev.c:556
       chrdev_open+0x5b0/0x630 fs/char_dev.c:414
       do_dentry_open+0x970/0x1440 fs/open.c:959
       vfs_open+0x3e/0x330 fs/open.c:1089
       do_open fs/namei.c:3727 [inline]
       path_openat+0x2b3e/0x3470 fs/namei.c:3886
       do_filp_open+0x235/0x490 fs/namei.c:3913
       do_sys_openat2+0x13e/0x1d0 fs/open.c:1416
       do_sys_open fs/open.c:1431 [inline]
       __do_sys_openat fs/open.c:1447 [inline]
       __se_sys_openat fs/open.c:1442 [inline]
       __x64_sys_openat+0x247/0x2a0 fs/open.c:1442
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #0 (&dev->mutex#2){+.+.}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:3133 [inline]
       check_prevs_add kernel/locking/lockdep.c:3252 [inline]
       validate_chain+0x18e0/0x5900 kernel/locking/lockdep.c:3868
       __lock_acquire+0x137a/0x2040 kernel/locking/lockdep.c:5142
       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5759
       __mutex_lock_common kernel/locking/mutex.c:608 [inline]
       __mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752
       input_disconnect_device drivers/input/input.c:724 [inline]
       __input_unregister_device+0x31/0x620 drivers/input/input.c:2273
       input_unregister_device+0xa3/0x100 drivers/input/input.c:2514
       steam_client_ll_open+0x80/0xa0 drivers/hid/hid-steam.c:1120
       hid_hw_open+0xe3/0x170 drivers/hid/hid-core.c:2366
       hidraw_open+0x298/0x8e0 drivers/hid/hidraw.c:296
       chrdev_open+0x5b0/0x630 fs/char_dev.c:414
       do_dentry_open+0x970/0x1440 fs/open.c:959
       vfs_open+0x3e/0x330 fs/open.c:1089
       do_open fs/namei.c:3727 [inline]
       path_openat+0x2b3e/0x3470 fs/namei.c:3886
       do_filp_open+0x235/0x490 fs/namei.c:3913
       do_sys_openat2+0x13e/0x1d0 fs/open.c:1416
       do_sys_open fs/open.c:1431 [inline]
       __do_sys_openat fs/open.c:1447 [inline]
       __se_sys_openat fs/open.c:1442 [inline]
       __x64_sys_openat+0x247/0x2a0 fs/open.c:1442
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&hdev->ll_open_lock);
                               lock(&dev->mutex#2);
                               lock(&hdev->ll_open_lock);
  lock(&dev->mutex#2);

 *** DEADLOCK ***

2 locks held by syz.1.1485/10317:
 #0: ffffffff8facf2f0 (minors_rwsem){++++}-{3:3}, at: hidraw_open+0x93/0x8e0 drivers/hid/hidraw.c:282
 #1: ffff88804e749e28 (&hdev->ll_open_lock){+.+.}-{3:3}, at: hid_hw_open+0x28/0x170 drivers/hid/hid-core.c:2361

stack backtrace:
CPU: 1 UID: 0 PID: 10317 Comm: syz.1.1485 Not tainted 6.11.0-rc6-syzkaller-00019-g67784a74e258 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119
 check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2186
 check_prev_add kernel/locking/lockdep.c:3133 [inline]
 check_prevs_add kernel/locking/lockdep.c:3252 [inline]
 validate_chain+0x18e0/0x5900 kernel/locking/lockdep.c:3868
 __lock_acquire+0x137a/0x2040 kernel/locking/lockdep.c:5142
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5759
 __mutex_lock_common kernel/locking/mutex.c:608 [inline]
 __mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752
 input_disconnect_device drivers/input/input.c:724 [inline]
 __input_unregister_device+0x31/0x620 drivers/input/input.c:2273
 input_unregister_device+0xa3/0x100 drivers/input/input.c:2514
 steam_client_ll_open+0x80/0xa0 drivers/hid/hid-steam.c:1120
 hid_hw_open+0xe3/0x170 drivers/hid/hid-core.c:2366
 hidraw_open+0x298/0x8e0 drivers/hid/hidraw.c:296
 chrdev_open+0x5b0/0x630 fs/char_dev.c:414
 do_dentry_open+0x970/0x1440 fs/open.c:959
 vfs_open+0x3e/0x330 fs/open.c:1089
 do_open fs/namei.c:3727 [inline]
 path_openat+0x2b3e/0x3470 fs/namei.c:3886
 do_filp_open+0x235/0x490 fs/namei.c:3913
 do_sys_openat2+0x13e/0x1d0 fs/open.c:1416
 do_sys_open fs/open.c:1431 [inline]
 __do_sys_openat fs/open.c:1447 [inline]
 __se_sys_openat fs/open.c:1442 [inline]
 __x64_sys_openat+0x247/0x2a0 fs/open.c:1442
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1460d78850
Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 19 8f 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 6c 8f 02 00 8b 44
RSP: 002b:00007f1461b8bb70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1460d78850
RDX: 0000000000000000 RSI: 00007f1461b8bc10 RDI: 00000000ffffff9c
RBP: 00007f1461b8bc10 R08: 0000000000000000 R09: 0023776172646968
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f1460f16058 R15: 00007f146103fa28
 </TASK>
input: Steam Deck as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:28DE:1205.000C/input/input81
input: Steam Deck Motion Sensors as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:28DE:1205.000C/input/input82