[v5.15] possible deadlock in __input_unregister_device
0 views
Skip to first unread message
syzbot
Mar 6, 2025, 9:51:22 AMMar 6
Hello,
syzbot found the following issue on:
HEAD commit: c16c81c81336 Linux 5.15.178
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17d9c078580000
kernel config: https://syzkaller.appspot.com/x/.config?x=d302c69e93fb6774
dashboard link: https://syzkaller.appspot.com/bug?extid=4bb3bcf1da5385e36785
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/267e46ee7273/disk-c16c81c8.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/944e289206cf/vmlinux-c16c81c8.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f8cadf62458e/bzImage-c16c81c8.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
======================================================
WARNING: possible circular locking dependency detected
5.15.178-syzkaller #0 Not tainted
------------------------------------------------------
syz.0.374/5502 is trying to acquire lock:
ffff88814ca742c0 (&dev->mutex#2){+.+.}-{3:3}, at: input_disconnect_device drivers/input/input.c:748 [inline]
ffff88814ca742c0 (&dev->mutex#2){+.+.}-{3:3}, at: __input_unregister_device+0x2e/0x320 drivers/input/input.c:2278
but task is already holding lock:
ffff88807cef1ee0 (&hdev->ll_open_lock){+.+.}-{3:3}, at: hid_hw_open+0x24/0x160 drivers/hid/hid-core.c:2116
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&hdev->ll_open_lock){+.+.}-{3:3}:
lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
__mutex_lock_common+0x1da/0x25a0 kernel/locking/mutex.c:596
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_killable_nested+0x17/0x20 kernel/locking/mutex.c:758
hid_hw_open+0x24/0x160 drivers/hid/hid-core.c:2116
input_open_device+0x188/0x2d0 drivers/input/input.c:640
kbd_connect+0xe5/0x120 drivers/tty/vt/keyboard.c:1581
input_attach_handler drivers/input/input.c:1046 [inline]
input_register_device+0xdae/0x1150 drivers/input/input.c:2429
hidinput_connect+0x2044/0x28b0 drivers/hid/hid-input.c:2030
hid_connect+0x45f/0xd50 drivers/hid/hid-core.c:1972
hid_hw_start+0x99/0x100 drivers/hid/hid-core.c:2079
hid_device_probe+0x341/0x3a0 drivers/hid/hid-core.c:2311
really_probe+0x24e/0xb60 drivers/base/dd.c:595
__driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:755
driver_probe_device+0x50/0x420 drivers/base/dd.c:785
__device_attach_driver+0x2b9/0x500 drivers/base/dd.c:907
bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429
__device_attach+0x359/0x570 drivers/base/dd.c:979
bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489
device_add+0xb48/0xfd0 drivers/base/core.c:3412
hid_add_device+0x3a5/0x510 drivers/hid/hid-core.c:2459
usbhid_probe+0xb32/0xec0 drivers/hid/usbhid/hid-core.c:1424
usb_probe_interface+0x5c0/0xaf0 drivers/usb/core/driver.c:396
really_probe+0x24e/0xb60 drivers/base/dd.c:595
__driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:755
driver_probe_device+0x50/0x420 drivers/base/dd.c:785
__device_attach_driver+0x2b9/0x500 drivers/base/dd.c:907
bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429
__device_attach+0x359/0x570 drivers/base/dd.c:979
bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489
device_add+0xb48/0xfd0 drivers/base/core.c:3412
usb_set_configuration+0x19dd/0x2020 drivers/usb/core/message.c:2165
usb_generic_driver_probe+0x84/0x140 drivers/usb/core/generic.c:238
usb_probe_device+0x130/0x260 drivers/usb/core/driver.c:293
really_probe+0x24e/0xb60 drivers/base/dd.c:595
__driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:755
driver_probe_device+0x50/0x420 drivers/base/dd.c:785
__device_attach_driver+0x2b9/0x500 drivers/base/dd.c:907
bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429
__device_attach+0x359/0x570 drivers/base/dd.c:979
bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489
device_add+0xb48/0xfd0 drivers/base/core.c:3412
usb_new_device+0xc21/0x18f0 drivers/usb/core/hub.c:2593
hub_port_connect drivers/usb/core/hub.c:5457 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5597 [inline]
port_event drivers/usb/core/hub.c:5743 [inline]
hub_event+0x2cdf/0x54c0 drivers/usb/core/hub.c:5825
process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
kthread+0x3f6/0x4f0 kernel/kthread.c:334
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
-> #0 (&dev->mutex#2){+.+.}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain+0x1649/0x5930 kernel/locking/lockdep.c:3788
__lock_acquire+0x1295/0x1ff0 kernel/locking/lockdep.c:5012
lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
__mutex_lock_common+0x1da/0x25a0 kernel/locking/mutex.c:596
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
input_disconnect_device drivers/input/input.c:748 [inline]
__input_unregister_device+0x2e/0x320 drivers/input/input.c:2278
input_unregister_device+0x9f/0xf0 drivers/input/input.c:2473
steam_client_ll_open+0x73/0x90 drivers/hid/hid-steam.c:640
hid_hw_open+0xdb/0x160 drivers/hid/hid-core.c:2121
hidraw_open+0x293/0x8d0 drivers/hid/hidraw.c:289
chrdev_open+0x54a/0x630 fs/char_dev.c:414
do_dentry_open+0x807/0xfb0 fs/open.c:826
do_open fs/namei.c:3608 [inline]
path_openat+0x2705/0x2f20 fs/namei.c:3742
do_filp_open+0x21c/0x460 fs/namei.c:3769
do_sys_openat2+0x13b/0x4f0 fs/open.c:1253
do_sys_open fs/open.c:1269 [inline]
__do_sys_openat fs/open.c:1285 [inline]
__se_sys_openat fs/open.c:1280 [inline]
__x64_sys_openat+0x243/0x290 fs/open.c:1280
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x66/0xd0
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&hdev->ll_open_lock);
lock(&dev->mutex#2);
lock(&hdev->ll_open_lock);
lock(&dev->mutex#2);
*** DEADLOCK ***
2 locks held by syz.0.374/5502:
#0: ffffffff8dac2ea8 (minors_lock){+.+.}-{3:3}, at: hidraw_open+0x91/0x8d0 drivers/hid/hidraw.c:275
#1: ffff88807cef1ee0 (&hdev->ll_open_lock){+.+.}-{3:3}, at: hid_hw_open+0x24/0x160 drivers/hid/hid-core.c:2116
stack backtrace:
CPU: 0 PID: 5502 Comm: syz.0.374 Not tainted 5.15.178-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2d0 lib/dump_stack.c:106
check_noncircular+0x2f8/0x3b0 kernel/locking/lockdep.c:2133
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain+0x1649/0x5930 kernel/locking/lockdep.c:3788
__lock_acquire+0x1295/0x1ff0 kernel/locking/lockdep.c:5012
lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
__mutex_lock_common+0x1da/0x25a0 kernel/locking/mutex.c:596
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
input_disconnect_device drivers/input/input.c:748 [inline]
__input_unregister_device+0x2e/0x320 drivers/input/input.c:2278
input_unregister_device+0x9f/0xf0 drivers/input/input.c:2473
steam_client_ll_open+0x73/0x90 drivers/hid/hid-steam.c:640
hid_hw_open+0xdb/0x160 drivers/hid/hid-core.c:2121
hidraw_open+0x293/0x8d0 drivers/hid/hidraw.c:289
chrdev_open+0x54a/0x630 fs/char_dev.c:414
do_dentry_open+0x807/0xfb0 fs/open.c:826
do_open fs/namei.c:3608 [inline]
path_openat+0x2705/0x2f20 fs/namei.c:3742
do_filp_open+0x21c/0x460 fs/namei.c:3769
do_sys_openat2+0x13b/0x4f0 fs/open.c:1253
do_sys_open fs/open.c:1269 [inline]
__do_sys_openat fs/open.c:1285 [inline]
__se_sys_openat fs/open.c:1280 [inline]
__x64_sys_openat+0x243/0x290 fs/open.c:1280
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f28ae0d4ad0
Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
RSP: 002b:00007f28abf3eb70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f28ae0d4ad0
RDX: 0000000000000000 RSI: 00007f28abf3ec10 RDI: 00000000ffffff9c
RBP: 00007f28abf3ec10 R08: 0000000000000000 R09: 0023776172646968
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f28ae2eefa0 R15: 00007ffcdbe6e2c8
</TASK>
input: Steam Controller as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:28DE:1102.0006/input/input14
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at [email protected].
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: c16c81c81336 Linux 5.15.178
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17d9c078580000
kernel config: https://syzkaller.appspot.com/x/.config?x=d302c69e93fb6774
dashboard link: https://syzkaller.appspot.com/bug?extid=4bb3bcf1da5385e36785
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/267e46ee7273/disk-c16c81c8.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/944e289206cf/vmlinux-c16c81c8.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f8cadf62458e/bzImage-c16c81c8.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
======================================================
WARNING: possible circular locking dependency detected
5.15.178-syzkaller #0 Not tainted
------------------------------------------------------
syz.0.374/5502 is trying to acquire lock:
ffff88814ca742c0 (&dev->mutex#2){+.+.}-{3:3}, at: input_disconnect_device drivers/input/input.c:748 [inline]
ffff88814ca742c0 (&dev->mutex#2){+.+.}-{3:3}, at: __input_unregister_device+0x2e/0x320 drivers/input/input.c:2278
but task is already holding lock:
ffff88807cef1ee0 (&hdev->ll_open_lock){+.+.}-{3:3}, at: hid_hw_open+0x24/0x160 drivers/hid/hid-core.c:2116
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&hdev->ll_open_lock){+.+.}-{3:3}:
lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
__mutex_lock_common+0x1da/0x25a0 kernel/locking/mutex.c:596
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_killable_nested+0x17/0x20 kernel/locking/mutex.c:758
hid_hw_open+0x24/0x160 drivers/hid/hid-core.c:2116
input_open_device+0x188/0x2d0 drivers/input/input.c:640
kbd_connect+0xe5/0x120 drivers/tty/vt/keyboard.c:1581
input_attach_handler drivers/input/input.c:1046 [inline]
input_register_device+0xdae/0x1150 drivers/input/input.c:2429
hidinput_connect+0x2044/0x28b0 drivers/hid/hid-input.c:2030
hid_connect+0x45f/0xd50 drivers/hid/hid-core.c:1972
hid_hw_start+0x99/0x100 drivers/hid/hid-core.c:2079
hid_device_probe+0x341/0x3a0 drivers/hid/hid-core.c:2311
really_probe+0x24e/0xb60 drivers/base/dd.c:595
__driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:755
driver_probe_device+0x50/0x420 drivers/base/dd.c:785
__device_attach_driver+0x2b9/0x500 drivers/base/dd.c:907
bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429
__device_attach+0x359/0x570 drivers/base/dd.c:979
bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489
device_add+0xb48/0xfd0 drivers/base/core.c:3412
hid_add_device+0x3a5/0x510 drivers/hid/hid-core.c:2459
usbhid_probe+0xb32/0xec0 drivers/hid/usbhid/hid-core.c:1424
usb_probe_interface+0x5c0/0xaf0 drivers/usb/core/driver.c:396
really_probe+0x24e/0xb60 drivers/base/dd.c:595
__driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:755
driver_probe_device+0x50/0x420 drivers/base/dd.c:785
__device_attach_driver+0x2b9/0x500 drivers/base/dd.c:907
bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429
__device_attach+0x359/0x570 drivers/base/dd.c:979
bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489
device_add+0xb48/0xfd0 drivers/base/core.c:3412
usb_set_configuration+0x19dd/0x2020 drivers/usb/core/message.c:2165
usb_generic_driver_probe+0x84/0x140 drivers/usb/core/generic.c:238
usb_probe_device+0x130/0x260 drivers/usb/core/driver.c:293
really_probe+0x24e/0xb60 drivers/base/dd.c:595
__driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:755
driver_probe_device+0x50/0x420 drivers/base/dd.c:785
__device_attach_driver+0x2b9/0x500 drivers/base/dd.c:907
bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429
__device_attach+0x359/0x570 drivers/base/dd.c:979
bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489
device_add+0xb48/0xfd0 drivers/base/core.c:3412
usb_new_device+0xc21/0x18f0 drivers/usb/core/hub.c:2593
hub_port_connect drivers/usb/core/hub.c:5457 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5597 [inline]
port_event drivers/usb/core/hub.c:5743 [inline]
hub_event+0x2cdf/0x54c0 drivers/usb/core/hub.c:5825
process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
kthread+0x3f6/0x4f0 kernel/kthread.c:334
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
-> #0 (&dev->mutex#2){+.+.}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain+0x1649/0x5930 kernel/locking/lockdep.c:3788
__lock_acquire+0x1295/0x1ff0 kernel/locking/lockdep.c:5012
lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
__mutex_lock_common+0x1da/0x25a0 kernel/locking/mutex.c:596
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
input_disconnect_device drivers/input/input.c:748 [inline]
__input_unregister_device+0x2e/0x320 drivers/input/input.c:2278
input_unregister_device+0x9f/0xf0 drivers/input/input.c:2473
steam_client_ll_open+0x73/0x90 drivers/hid/hid-steam.c:640
hid_hw_open+0xdb/0x160 drivers/hid/hid-core.c:2121
hidraw_open+0x293/0x8d0 drivers/hid/hidraw.c:289
chrdev_open+0x54a/0x630 fs/char_dev.c:414
do_dentry_open+0x807/0xfb0 fs/open.c:826
do_open fs/namei.c:3608 [inline]
path_openat+0x2705/0x2f20 fs/namei.c:3742
do_filp_open+0x21c/0x460 fs/namei.c:3769
do_sys_openat2+0x13b/0x4f0 fs/open.c:1253
do_sys_open fs/open.c:1269 [inline]
__do_sys_openat fs/open.c:1285 [inline]
__se_sys_openat fs/open.c:1280 [inline]
__x64_sys_openat+0x243/0x290 fs/open.c:1280
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x66/0xd0
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&hdev->ll_open_lock);
lock(&dev->mutex#2);
lock(&hdev->ll_open_lock);
lock(&dev->mutex#2);
*** DEADLOCK ***
2 locks held by syz.0.374/5502:
#0: ffffffff8dac2ea8 (minors_lock){+.+.}-{3:3}, at: hidraw_open+0x91/0x8d0 drivers/hid/hidraw.c:275
#1: ffff88807cef1ee0 (&hdev->ll_open_lock){+.+.}-{3:3}, at: hid_hw_open+0x24/0x160 drivers/hid/hid-core.c:2116
stack backtrace:
CPU: 0 PID: 5502 Comm: syz.0.374 Not tainted 5.15.178-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2d0 lib/dump_stack.c:106
check_noncircular+0x2f8/0x3b0 kernel/locking/lockdep.c:2133
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain+0x1649/0x5930 kernel/locking/lockdep.c:3788
__lock_acquire+0x1295/0x1ff0 kernel/locking/lockdep.c:5012
lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
__mutex_lock_common+0x1da/0x25a0 kernel/locking/mutex.c:596
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
input_disconnect_device drivers/input/input.c:748 [inline]
__input_unregister_device+0x2e/0x320 drivers/input/input.c:2278
input_unregister_device+0x9f/0xf0 drivers/input/input.c:2473
steam_client_ll_open+0x73/0x90 drivers/hid/hid-steam.c:640
hid_hw_open+0xdb/0x160 drivers/hid/hid-core.c:2121
hidraw_open+0x293/0x8d0 drivers/hid/hidraw.c:289
chrdev_open+0x54a/0x630 fs/char_dev.c:414
do_dentry_open+0x807/0xfb0 fs/open.c:826
do_open fs/namei.c:3608 [inline]
path_openat+0x2705/0x2f20 fs/namei.c:3742
do_filp_open+0x21c/0x460 fs/namei.c:3769
do_sys_openat2+0x13b/0x4f0 fs/open.c:1253
do_sys_open fs/open.c:1269 [inline]
__do_sys_openat fs/open.c:1285 [inline]
__se_sys_openat fs/open.c:1280 [inline]
__x64_sys_openat+0x243/0x290 fs/open.c:1280
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f28ae0d4ad0
Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
RSP: 002b:00007f28abf3eb70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f28ae0d4ad0
RDX: 0000000000000000 RSI: 00007f28abf3ec10 RDI: 00000000ffffff9c
RBP: 00007f28abf3ec10 R08: 0000000000000000 R09: 0023776172646968
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f28ae2eefa0 R15: 00007ffcdbe6e2c8
</TASK>
input: Steam Controller as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:28DE:1102.0006/input/input14
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at [email protected].
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Mar 6, 2025, 12:26:28 PMMar 6
Hello,
syzbot found the following issue on:
HEAD commit: 3a8358583626 Linux 6.1.129
syzbot found the following issue on:
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12d144b7980000
kernel config: https://syzkaller.appspot.com/x/.config?x=d841937c118666c6
dashboard link: https://syzkaller.appspot.com/bug?extid=3d32d7cd40dacc2cbf84
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/13f8e53cc467/disk-3a835858.raw.xz
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
vmlinux: https://storage.googleapis.com/syzbot-assets/a85676a44932/vmlinux-3a835858.xz
kernel image: https://storage.googleapis.com/syzbot-assets/9e9dcc0eaae9/bzImage-3a835858.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
======================================================
WARNING: possible circular locking dependency detected
------------------------------------------------------
syz.2.1408/9232 is trying to acquire lock:
ffff8880267c22c0 (&dev->mutex#2){+.+.}-{3:3}, at: input_disconnect_device drivers/input/input.c:757 [inline]
ffff8880267c22c0 (&dev->mutex#2){+.+.}-{3:3}, at: __input_unregister_device+0x31/0x630 drivers/input/input.c:2291
but task is already holding lock:
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&hdev->ll_open_lock){+.+.}-{3:3}:
__mutex_lock_common kernel/locking/mutex.c:603 [inline]
__mutex_lock+0x132/0xd80 kernel/locking/mutex.c:747
hid_hw_open+0x24/0x160 drivers/hid/hid-core.c:2338
input_open_device+0x188/0x2d0 drivers/input/input.c:650
mousedev_open_device+0xc3/0x160 drivers/input/mousedev.c:430
mousedev_open+0x2c9/0x470 drivers/input/mousedev.c:556
chrdev_open+0x54a/0x630 fs/char_dev.c:414
do_dentry_open+0x7f9/0x10f0 fs/open.c:882
do_open fs/namei.c:3626 [inline]
path_openat+0x2644/0x2e60 fs/namei.c:3783
do_filp_open+0x230/0x480 fs/namei.c:3810
do_sys_openat2+0x13b/0x4f0 fs/open.c:1318
do_sys_open fs/open.c:1334 [inline]
__do_sys_openat fs/open.c:1350 [inline]
__se_sys_openat fs/open.c:1345 [inline]
__x64_sys_openat+0x243/0x290 fs/open.c:1345
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x68/0xd2
-> #0 (&dev->mutex#2){+.+.}-{3:3}:
check_prevs_add kernel/locking/lockdep.c:3209 [inline]
validate_chain+0x1661/0x5950 kernel/locking/lockdep.c:3825
__lock_acquire+0x125b/0x1f80 kernel/locking/lockdep.c:5049
lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
__mutex_lock_common kernel/locking/mutex.c:603 [inline]
__mutex_lock+0x132/0xd80 kernel/locking/mutex.c:747
input_disconnect_device drivers/input/input.c:757 [inline]
__input_unregister_device+0x31/0x630 drivers/input/input.c:2291
input_unregister_device+0x9f/0xf0 drivers/input/input.c:2514
steam_client_ll_open+0x73/0x90 drivers/hid/hid-steam.c:640
hid_hw_open+0xdb/0x160 drivers/hid/hid-core.c:2343
hidraw_open+0x291/0x8d0 drivers/hid/hidraw.c:294
chrdev_open+0x54a/0x630 fs/char_dev.c:414
do_dentry_open+0x7f9/0x10f0 fs/open.c:882
do_open fs/namei.c:3626 [inline]
path_openat+0x2644/0x2e60 fs/namei.c:3783
do_filp_open+0x230/0x480 fs/namei.c:3810
do_sys_openat2+0x13b/0x4f0 fs/open.c:1318
do_sys_open fs/open.c:1334 [inline]
__do_sys_openat fs/open.c:1350 [inline]
__se_sys_openat fs/open.c:1345 [inline]
__x64_sys_openat+0x243/0x290 fs/open.c:1345
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x68/0xd2
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&hdev->ll_open_lock);
lock(&dev->mutex#2);
lock(&hdev->ll_open_lock);
lock(&dev->mutex#2);
*** DEADLOCK ***
#0: ffffffff8e3bccd0 (minors_rwsem){++++}-{3:3}, at: hidraw_open+0x8f/0x8d0 drivers/hid/hidraw.c:280
#1: ffff888075a81e18 (&hdev->ll_open_lock){+.+.}-{3:3}, at: hid_hw_open+0x24/0x160 drivers/hid/hid-core.c:2338
stack backtrace:
CPU: 1 PID: 9232 Comm: syz.2.1408 Not tainted 6.1.129-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
check_noncircular+0x2fa/0x3b0 kernel/locking/lockdep.c:2170
check_prev_add kernel/locking/lockdep.c:3090 [inline]
check_prevs_add kernel/locking/lockdep.c:3209 [inline]
validate_chain+0x1661/0x5950 kernel/locking/lockdep.c:3825
__lock_acquire+0x125b/0x1f80 kernel/locking/lockdep.c:5049
lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
__mutex_lock_common kernel/locking/mutex.c:603 [inline]
__mutex_lock+0x132/0xd80 kernel/locking/mutex.c:747
input_disconnect_device drivers/input/input.c:757 [inline]
__input_unregister_device+0x31/0x630 drivers/input/input.c:2291
input_unregister_device+0x9f/0xf0 drivers/input/input.c:2514
steam_client_ll_open+0x73/0x90 drivers/hid/hid-steam.c:640
hid_hw_open+0xdb/0x160 drivers/hid/hid-core.c:2343
hidraw_open+0x291/0x8d0 drivers/hid/hidraw.c:294
chrdev_open+0x54a/0x630 fs/char_dev.c:414
do_dentry_open+0x7f9/0x10f0 fs/open.c:882
do_open fs/namei.c:3626 [inline]
path_openat+0x2644/0x2e60 fs/namei.c:3783
do_filp_open+0x230/0x480 fs/namei.c:3810
do_sys_openat2+0x13b/0x4f0 fs/open.c:1318
do_sys_open fs/open.c:1334 [inline]
__do_sys_openat fs/open.c:1350 [inline]
__se_sys_openat fs/open.c:1345 [inline]
__x64_sys_openat+0x243/0x290 fs/open.c:1345
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f3308f8bad0
Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
RSP: 002b:00007f3309e4eb70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3308f8bad0
RDX: 0000000000000000 RSI: 00007f3309e4ec10 RDI: 00000000ffffff9c
RBP: 00007f3309e4ec10 R08: 0000000000000000 R09: 0023776172646968
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f33091a5fa0 R15: 00007ffd7774e4d8
</TASK>
syzbot
Jun 14, 2025, 12:26:14 PM (5 days ago) Jun 14
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages