syzbot

======================================================
WARNING: possible circular locking dependency detected
6.13.0-syzkaller-09760-g69e858e0b8b2 #0 Not tainted
------------------------------------------------------
syz.4.3180/23539 is trying to acquire lock:
ffff88805686a2c0 (&dev->mutex#2){+.+.}-{4:4}, at: class_mutex_constructor include/linux/mutex.h:201 [inline]
ffff88805686a2c0 (&dev->mutex#2){+.+.}-{4:4}, at: input_disconnect_device drivers/input/input.c:702 [inline]
ffff88805686a2c0 (&dev->mutex#2){+.+.}-{4:4}, at: __input_unregister_device+0x31/0x620 drivers/input/input.c:2219

but task is already holding lock:
ffff88804ebe9e20 (&hdev->ll_open_lock){+.+.}-{4:4}, at: hid_hw_open+0x28/0x170 drivers/hid/hid-core.c:2387

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&hdev->ll_open_lock){+.+.}-{4:4}:
       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
       __mutex_lock_common kernel/locking/mutex.c:585 [inline]
       __mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730
       hid_hw_open+0x28/0x170 drivers/hid/hid-core.c:2387
       input_open_device+0x1eb/0x360 drivers/input/input.c:600
       mousedev_open_device+0xc7/0x160 drivers/input/mousedev.c:430
       mousedev_open+0x2cf/0x470 drivers/input/mousedev.c:556
       chrdev_open+0x521/0x600 fs/char_dev.c:414
       do_dentry_open+0xdec/0x1960 fs/open.c:955
       vfs_open+0x3b/0x370 fs/open.c:1085
       do_open fs/namei.c:3830 [inline]
       path_openat+0x2c81/0x3590 fs/namei.c:3989
       do_filp_open+0x27f/0x4e0 fs/namei.c:4016
       do_sys_openat2+0x13e/0x1d0 fs/open.c:1427
       do_sys_open fs/open.c:1442 [inline]
       __do_sys_openat fs/open.c:1458 [inline]
       __se_sys_openat fs/open.c:1453 [inline]
       __x64_sys_openat+0x247/0x2a0 fs/open.c:1453
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #0 (&dev->mutex#2){+.+.}-{4:4}
:
       check_prev_add kernel/locking/lockdep.c:3163 [inline]
       check_prevs_add kernel/locking/lockdep.c:3282 [inline]
       validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3906
       __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5228
       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
       __mutex_lock_common kernel/locking/mutex.c:585 [inline]
       __mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730
       class_mutex_constructor include/linux/mutex.h:201 [inline]
       input_disconnect_device drivers/input/input.c:702 [inline]
       __input_unregister_device+0x31/0x620 drivers/input/input.c:2219
       input_unregister_device+0xa3/0x100 drivers/input/input.c:2452
       steam_client_ll_open+0x80/0xa0 drivers/hid/hid-steam.c:1120
       hid_hw_open+0xe3/0x170 drivers/hid/hid-core.c:2392
       hidraw_open+0x298/0x8e0 drivers/hid/hidraw.c:308
       chrdev_open+0x521/0x600 fs/char_dev.c:414
       do_dentry_open+0xdec/0x1960 fs/open.c:955
       vfs_open+0x3b/0x370 fs/open.c:1085
       do_open fs/namei.c:3830 [inline]
       path_openat+0x2c81/0x3590 fs/namei.c:3989
       do_filp_open+0x27f/0x4e0 fs/namei.c:4016
       do_sys_openat2+0x13e/0x1d0 fs/open.c:1427
       do_sys_open fs/open.c:1442 [inline]
       __do_sys_openat fs/open.c:1458 [inline]
       __se_sys_openat fs/open.c:1453 [inline]
       __x64_sys_openat+0x247/0x2a0 fs/open.c:1453
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&hdev->ll_open_lock);
                               lock(&dev->mutex#2);
                               lock(&hdev->ll_open_lock);
  lock(&dev->mutex#2);

 *** DEADLOCK ***

2 locks held by syz.4.3180/23539:
 #0: ffffffff8fb09fb0 (minors_rwsem){+.+.}-{4:4}, at: hidraw_open+0x93/0x8e0 drivers/hid/hidraw.c:294
 #1: ffff88804ebe9e20 (&hdev->ll_open_lock){+.+.}-{4:4}, at: hid_hw_open+0x28/0x170 drivers/hid/hid-core.c:2387

stack backtrace:
CPU: 1 UID: 0 PID: 23539 Comm: syz.4.3180 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2076
 check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2208
 check_prev_add kernel/locking/lockdep.c:3163 [inline]
 check_prevs_add kernel/locking/lockdep.c:3282 [inline]
 validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3906
 __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5228
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
 __mutex_lock_common kernel/locking/mutex.c:585 [inline]
 __mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730
 class_mutex_constructor include/linux/mutex.h:201 [inline]
 input_disconnect_device drivers/input/input.c:702 [inline]
 __input_unregister_device+0x31/0x620 drivers/input/input.c:2219
 input_unregister_device+0xa3/0x100 drivers/input/input.c:2452
 steam_client_ll_open+0x80/0xa0 drivers/hid/hid-steam.c:1120
 hid_hw_open+0xe3/0x170 drivers/hid/hid-core.c:2392
 hidraw_open+0x298/0x8e0 drivers/hid/hidraw.c:308
 chrdev_open+0x521/0x600 fs/char_dev.c:414
 do_dentry_open+0xdec/0x1960 fs/open.c:955
 vfs_open+0x3b/0x370 fs/open.c:1085
 do_open fs/namei.c:3830 [inline]
 path_openat+0x2c81/0x3590 fs/namei.c:3989
 do_filp_open+0x27f/0x4e0 fs/namei.c:4016
 do_sys_openat2+0x13e/0x1d0 fs/open.c:1427
 do_sys_open fs/open.c:1442 [inline]
 __do_sys_openat fs/open.c:1458 [inline]
 __se_sys_openat fs/open.c:1453 [inline]
 __x64_sys_openat+0x247/0x2a0 fs/open.c:1453
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7feb27b8b710
Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
RSP: 002b:00007feb28ab1b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 000000000000c103 RCX: 00007feb27b8b710
RDX: 000000000000c103 RSI: 00007feb28ab1c10 RDI: 00000000ffffff9c
RBP: 00007feb28ab1c10 R08: 0000000000000000 R09: 0023776172646968
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007feb27da5fa0 R15: 00007feb27ecfa18
 </TASK>