Hello, syzbot found the following issue on: HEAD commit: 82313624b2ae usb: gadget: f_uac1: Change volume name and r.. git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing console output: https://syzkaller.appspot.com/x/log.txt?x=13983409980000 kernel config: https://syzkaller.appspot.com/x/.config?x=ab70c480460dbde dashboard link: https://syzkaller.appspot.com/bug?extid=2313ca2498b9554beeba compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/cb6687ee6ff4/disk-82313624.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/8453a8c86e39/vmlinux-82313624.xz kernel image: https://storage.googleapis.com/syzbot-assets/e57cfd8ca75c/bzImage-82313624.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+2313ca2498b9554beeba@xxxxxxxxxxxxxxxxxxxxxxxxx ====================================================== WARNING: possible circular locking dependency detected 6.11.0-rc3-syzkaller-00046-g82313624b2ae #0 Not tainted ------------------------------------------------------ acpid/2530 is trying to acquire lock: ffff88811905de20 (&hdev->ll_open_lock){+.+.}-{3:3}, at: hid_hw_open+0x25/0x170 drivers/hid/hid-core.c:2361 but task is already holding lock: ffff88810bb362c0 (&dev->mutex#2){+.+.}-{3:3}, at: input_open_device+0x4f/0x320 drivers/input/input.c:597 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&dev->mutex#2){+.+.}-{3:3}: __mutex_lock_common kernel/locking/mutex.c:608 [inline] __mutex_lock+0x175/0x9c0 kernel/locking/mutex.c:752 input_disconnect_device drivers/input/input.c:724 [inline] __input_unregister_device+0x24/0x450 drivers/input/input.c:2273 input_unregister_device+0xb9/0x100 drivers/input/input.c:2514 steam_input_unregister+0x10c/0x2c0 drivers/hid/hid-steam.c:917 steam_client_ll_open+0xc9/0x100 drivers/hid/hid-steam.c:1121 hid_hw_open+0xe2/0x170 drivers/hid/hid-core.c:2366 hidraw_open+0x274/0x7e0 drivers/hid/hidraw.c:296 chrdev_open+0x26d/0x6f0 fs/char_dev.c:414 do_dentry_open+0x957/0x1490 fs/open.c:959 vfs_open+0x82/0x3f0 fs/open.c:1089 do_open fs/namei.c:3727 [inline] path_openat+0x2141/0x2d20 fs/namei.c:3886 do_filp_open+0x1dc/0x430 fs/namei.c:3913 do_sys_openat2+0x17a/0x1e0 fs/open.c:1416 do_sys_open fs/open.c:1431 [inline] __do_sys_openat fs/open.c:1447 [inline] __se_sys_openat fs/open.c:1442 [inline] __x64_sys_openat+0x175/0x210 fs/open.c:1442 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #0 (&hdev->ll_open_lock){+.+.}-{3:3}: check_prev_add kernel/locking/lockdep.c:3133 [inline] check_prevs_add kernel/locking/lockdep.c:3252 [inline] validate_chain kernel/locking/lockdep.c:3868 [inline] __lock_acquire+0x24ed/0x3cb0 kernel/locking/lockdep.c:5142 lock_acquire kernel/locking/lockdep.c:5759 [inline] lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5724 __mutex_lock_common kernel/locking/mutex.c:608 [inline] __mutex_lock+0x175/0x9c0 kernel/locking/mutex.c:752 hid_hw_open+0x25/0x170 drivers/hid/hid-core.c:2361 input_open_device+0x1c9/0x320 drivers/input/input.c:617 evdev_open_device drivers/input/evdev.c:391 [inline] evdev_open+0x533/0x6a0 drivers/input/evdev.c:478 chrdev_open+0x26d/0x6f0 fs/char_dev.c:414 do_dentry_open+0x957/0x1490 fs/open.c:959 vfs_open+0x82/0x3f0 fs/open.c:1089 do_open fs/namei.c:3727 [inline] path_openat+0x2141/0x2d20 fs/namei.c:3886 do_filp_open+0x1dc/0x430 fs/namei.c:3913 do_sys_openat2+0x17a/0x1e0 fs/open.c:1416 do_sys_open fs/open.c:1431 [inline] __do_sys_openat fs/open.c:1447 [inline] __se_sys_openat fs/open.c:1442 [inline] __x64_sys_openat+0x175/0x210 fs/open.c:1442 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&dev->mutex#2); lock(&hdev->ll_open_lock); lock(&dev->mutex#2); lock(&hdev->ll_open_lock); *** DEADLOCK *** 2 locks held by acpid/2530: #0: ffff88810db56110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_open_device drivers/input/evdev.c:384 [inline] #0: ffff88810db56110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_open+0x2ee/0x6a0 drivers/input/evdev.c:478 #1: ffff88810bb362c0 (&dev->mutex#2){+.+.}-{3:3}, at: input_open_device+0x4f/0x320 drivers/input/input.c:597 stack backtrace: CPU: 0 UID: 0 PID: 2530 Comm: acpid Not tainted 6.11.0-rc3-syzkaller-00046-g82313624b2ae #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:93 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119 check_noncircular+0x31a/0x400 kernel/locking/lockdep.c:2186 check_prev_add kernel/locking/lockdep.c:3133 [inline] check_prevs_add kernel/locking/lockdep.c:3252 [inline] validate_chain kernel/locking/lockdep.c:3868 [inline] __lock_acquire+0x24ed/0x3cb0 kernel/locking/lockdep.c:5142 lock_acquire kernel/locking/lockdep.c:5759 [inline] lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5724 __mutex_lock_common kernel/locking/mutex.c:608 [inline] __mutex_lock+0x175/0x9c0 kernel/locking/mutex.c:752 hid_hw_open+0x25/0x170 drivers/hid/hid-core.c:2361 input_open_device+0x1c9/0x320 drivers/input/input.c:617 evdev_open_device drivers/input/evdev.c:391 [inline] evdev_open+0x533/0x6a0 drivers/input/evdev.c:478 chrdev_open+0x26d/0x6f0 fs/char_dev.c:414 do_dentry_open+0x957/0x1490 fs/open.c:959 vfs_open+0x82/0x3f0 fs/open.c:1089 do_open fs/namei.c:3727 [inline] path_openat+0x2141/0x2d20 fs/namei.c:3886 do_filp_open+0x1dc/0x430 fs/namei.c:3913 do_sys_openat2+0x17a/0x1e0 fs/open.c:1416 do_sys_open fs/open.c:1431 [inline] __do_sys_openat fs/open.c:1447 [inline] __se_sys_openat fs/open.c:1442 [inline] __x64_sys_openat+0x175/0x210 fs/open.c:1442 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f2b9d4f09a4 Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83 RSP: 002b:00007ffc30a90ad0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 00007ffc30a90db8 RCX: 00007f2b9d4f09a4 RDX: 0000000000080800 RSI: 00007ffc30a90cb8 RDI: 00000000ffffff9c RBP: 00007ffc30a90cb8 R08: 00000000000000f4 R09: 00007ffc30a90cb8 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000080800 R13: 0000000000000020 R14: 00007ffc30a90db8 R15: 00007ffc30a90cb8 </TASK> --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@xxxxxxxxxxxxxxxx. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup