Re: [syzbot] [input?] possible deadlock in evdev_cleanup (2)

From: Hillf Danton
Date: Sat May 18 2024 - 19:02:18 EST

Next message: Hillf Danton: "Re: [syzbot] [v9fs?] KASAN: slab-use-after-free Read in p9_fid_destroy"
Previous message: Jeff Johnson: "[PATCH] kernel: trace: preemptirq_delay_test: add MODULE_DESCRIPTION()"
In reply to: syzbot: "[syzbot] [input?] possible deadlock in evdev_cleanup (2)"
Next in thread: syzbot: "Re: [syzbot] [input?] possible deadlock in evdev_cleanup (2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 18 May 2024 07:18:36 -0700
> syzbot found the following issue on:
>
> HEAD commit: fda5695d692c Merge branch 'for-next/core' into for-kernelci
> git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=134d3182980000

#syz test https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci

--- l/drivers/input/misc/uinput.c
+++ u/drivers/input/misc/uinput.c
@@ -311,6 +311,7 @@ static int uinput_create_device(struct u
struct input_dev *dev = udev->dev;
int error, nslot;

+ lockdep_assert_held(&udev->mutex);
if (udev->state != UIST_SETUP_COMPLETE) {
printk(KERN_DEBUG "%s: write device info first\n", UINPUT_NAME);
return -EINVAL;
@@ -362,7 +363,9 @@ static int uinput_create_device(struct u

input_set_drvdata(udev->dev, udev);

- error = input_register_device(udev->dev);
+ mutex_unlock(&udev->mutex);
+ error = input_register_device(dev);
+ mutex_lock(&udev->mutex);
if (error)
goto fail2;

--

Next message: Hillf Danton: "Re: [syzbot] [v9fs?] KASAN: slab-use-after-free Read in p9_fid_destroy"
Previous message: Jeff Johnson: "[PATCH] kernel: trace: preemptirq_delay_test: add MODULE_DESCRIPTION()"
In reply to: syzbot: "[syzbot] [input?] possible deadlock in evdev_cleanup (2)"
Next in thread: syzbot: "Re: [syzbot] [input?] possible deadlock in evdev_cleanup (2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]