====================================================== WARNING: possible circular locking dependency detected 5.10.0-rc6-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor369/9986 is trying to acquire lock: ffffffff8c33ff48 (driver_lock){+.+.}-{3:3}, at: display_open+0x1f/0x220 drivers/media/rc/imon.c:503 but task is already holding lock: ffffffff8c094130 (minor_rwsem){++++}-{3:3}, at: usb_open+0x24/0x2e0 drivers/usb/core/file.c:39 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (minor_rwsem){++++}-{3:3}: down_write+0x8d/0x150 kernel/locking/rwsem.c:1531 usb_register_dev drivers/usb/core/file.c:187 [inline] usb_register_dev+0x19d/0x7e0 drivers/usb/core/file.c:156 imon_init_display drivers/media/rc/imon.c:2388 [inline] imon_probe+0x2459/0x2b60 drivers/media/rc/imon.c:2471 usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396 really_probe+0x291/0xde0 drivers/base/dd.c:554 driver_probe_device+0x26b/0x3d0 drivers/base/dd.c:738 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:844 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:431 __device_attach+0x228/0x4a0 drivers/base/dd.c:912 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491 device_add+0xbb2/0x1ce0 drivers/base/core.c:2936 usb_set_configuration+0x113c/0x1910 drivers/usb/core/message.c:2159 usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238 usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293 really_probe+0x291/0xde0 drivers/base/dd.c:554 driver_probe_device+0x26b/0x3d0 drivers/base/dd.c:738 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:844 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:431 __device_attach+0x228/0x4a0 drivers/base/dd.c:912 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491 device_add+0xbb2/0x1ce0 drivers/base/core.c:2936 usb_new_device.cold+0x71d/0xfe9 drivers/usb/core/hub.c:2554 hub_port_connect drivers/usb/core/hub.c:5222 [inline] hub_port_connect_change drivers/usb/core/hub.c:5362 [inline] port_event drivers/usb/core/hub.c:5508 [inline] hub_event+0x2348/0x42d0 drivers/usb/core/hub.c:5590 process_one_work+0x933/0x15a0 kernel/workqueue.c:2272 process_scheduled_works kernel/workqueue.c:2334 [inline] worker_thread+0x82b/0x1120 kernel/workqueue.c:2420 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296 -> #1 (&ictx->lock){+.+.}-{3:3}: __mutex_lock_common kernel/locking/mutex.c:956 [inline] __mutex_lock+0x134/0x10e0 kernel/locking/mutex.c:1103 imon_init_intf0 drivers/media/rc/imon.c:2233 [inline] imon_probe+0xfbf/0x2b60 drivers/media/rc/imon.c:2432 usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396 really_probe+0x291/0xde0 drivers/base/dd.c:554 driver_probe_device+0x26b/0x3d0 drivers/base/dd.c:738 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:844 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:431 __device_attach+0x228/0x4a0 drivers/base/dd.c:912 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491 device_add+0xbb2/0x1ce0 drivers/base/core.c:2936 usb_set_configuration+0x113c/0x1910 drivers/usb/core/message.c:2159 usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238 usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293 really_probe+0x291/0xde0 drivers/base/dd.c:554 driver_probe_device+0x26b/0x3d0 drivers/base/dd.c:738 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:844 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:431 __device_attach+0x228/0x4a0 drivers/base/dd.c:912 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491 device_add+0xbb2/0x1ce0 drivers/base/core.c:2936 usb_new_device.cold+0x71d/0xfe9 drivers/usb/core/hub.c:2554 hub_port_connect drivers/usb/core/hub.c:5222 [inline] hub_port_connect_change drivers/usb/core/hub.c:5362 [inline] port_event drivers/usb/core/hub.c:5508 [inline] hub_event+0x2348/0x42d0 drivers/usb/core/hub.c:5590 process_one_work+0x933/0x15a0 kernel/workqueue.c:2272 worker_thread+0x64c/0x1120 kernel/workqueue.c:2418 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296 -> #0 (driver_lock){+.+.}-{3:3}: check_prev_add kernel/locking/lockdep.c:2868 [inline] check_prevs_add kernel/locking/lockdep.c:2993 [inline] validate_chain kernel/locking/lockdep.c:3608 [inline] __lock_acquire+0x2ade/0x5500 kernel/locking/lockdep.c:4832 lock_acquire kernel/locking/lockdep.c:5437 [inline] lock_acquire+0x29d/0x740 kernel/locking/lockdep.c:5402 __mutex_lock_common kernel/locking/mutex.c:956 [inline] __mutex_lock+0x134/0x10e0 kernel/locking/mutex.c:1103 display_open+0x1f/0x220 drivers/media/rc/imon.c:503 usb_open+0x204/0x2e0 drivers/usb/core/file.c:48 chrdev_open+0x266/0x770 fs/char_dev.c:414 do_dentry_open+0x4b9/0x11b0 fs/open.c:817 do_open fs/namei.c:3252 [inline] path_openat+0x1b9a/0x2730 fs/namei.c:3369 do_filp_open+0x17e/0x3c0 fs/namei.c:3396 do_sys_openat2+0x16d/0x420 fs/open.c:1168 do_sys_open fs/open.c:1184 [inline] __do_sys_open fs/open.c:1192 [inline] __se_sys_open fs/open.c:1188 [inline] __x64_sys_open+0x119/0x1c0 fs/open.c:1188 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 other info that might help us debug this: Chain exists of: driver_lock --> &ictx->lock --> minor_rwsem Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(minor_rwsem); lock(&ictx->lock); lock(minor_rwsem); lock(driver_lock); *** DEADLOCK *** 1 lock held by syz-executor369/9986: #0: ffffffff8c094130 (minor_rwsem){++++}-{3:3}, at: usb_open+0x24/0x2e0 drivers/usb/core/file.c:39 stack backtrace: CPU: 0 PID: 9986 Comm: syz-executor369 Not tainted 5.10.0-rc6-syzkaller #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x107/0x163 lib/dump_stack.c:118 check_noncircular+0x25f/0x2e0 kernel/locking/lockdep.c:2117 check_prev_add kernel/locking/lockdep.c:2868 [inline] check_prevs_add kernel/locking/lockdep.c:2993 [inline] validate_chain kernel/locking/lockdep.c:3608 [inline] __lock_acquire+0x2ade/0x5500 kernel/locking/lockdep.c:4832 lock_acquire kernel/locking/lockdep.c:5437 [inline] lock_acquire+0x29d/0x740 kernel/locking/lockdep.c:5402 __mutex_lock_common kernel/locking/mutex.c:956 [inline] __mutex_lock+0x134/0x10e0 kernel/locking/mutex.c:1103 display_open+0x1f/0x220 drivers/media/rc/imon.c:503 usb_open+0x204/0x2e0 drivers/usb/core/file.c:48 chrdev_open+0x266/0x770 fs/char_dev.c:414 do_dentry_open+0x4b9/0x11b0 fs/open.c:817 do_open fs/namei.c:3252 [inline] path_openat+0x1b9a/0x2730 fs/namei.c:3369 do_filp_open+0x17e/0x3c0 fs/namei.c:3396 do_sys_openat2+0x16d/0x420 fs/open.c:1168 do_sys_open fs/open.c:1184 [inline] __do_sys_open fs/open.c:1192 [inline] __se_sys_open fs/open.c:1188 [inline] __x64_sys_open+0x119/0x1c0 fs/open.c:1188 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x401f80 Code: 01 f0 ff ff 0f 83 d0 0b 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d ed 09 2c 00 00 75 14 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 a4 0b 00 00 c3 48 83 ec 08 e8 fa 00 00 00 RSP: 002b:00007ffd5293c0d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000401f80 RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00007ffd5293c0e0 RBP: 00007ffd5293c17c R08: 0000000000000000 R09: 000000000000000f R10: 0000000000000000 R11: 0000000000000246 R12: 000000000001b442 R13: 00000000ffffffff R14: 0000000000000000 R15: 0000000000000000 imon:display_open: could not find interface for minor 0