INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.77' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 25.451937][ T22] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 25.811563][ T22] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 25.822559][ T22] usb 1-1: New USB device found, idVendor=15c2, idProduct=0035, bcdDevice=d2.65 [ 25.831750][ T22] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.840874][ T22] usb 1-1: config 0 descriptor?? [ 25.885468][ T22] input: iMON Panel, Knob and Mouse(15c2:0035) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5 [ 26.111600][ T22] Registered IR keymap rc-imon-pad [ 26.332053][ T22] rc rc0: iMON Remote (15c2:0035) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 26.342684][ T22] input: iMON Remote (15c2:0035) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input6 [ 26.359984][ T22] imon 1-1:0.0: iMON device (15c2:0035, intf0) on usb<1:2> initialized [ 26.511778][ T1728] [ 26.514130][ T1728] ====================================================== [ 26.521127][ T1728] WARNING: possible circular locking dependency detected [ 26.528116][ T1728] 5.3.0+ #0 Not tainted [ 26.532238][ T1728] ------------------------------------------------------ [ 26.539230][ T1728] syz-executor958/1728 is trying to acquire lock: [ 26.545620][ T1728] ffffffff87627f40 (driver_lock#2){+.+.}, at: display_open+0x1f/0x1d0 [ 26.553753][ T1728] [ 26.553753][ T1728] but task is already holding lock: [ 26.561123][ T1728] ffffffff874267c8 (minor_rwsem){++++}, at: usb_open+0x23/0x270 [ 26.568751][ T1728] [ 26.568751][ T1728] which lock already depends on the new lock. [ 26.568751][ T1728] [ 26.579139][ T1728] [ 26.579139][ T1728] the existing dependency chain (in reverse order) is: [ 26.588125][ T1728] [ 26.588125][ T1728] -> #2 (minor_rwsem){++++}: [ 26.594866][ T1728] down_write+0x92/0x150 [ 26.599689][ T1728] usb_register_dev+0x131/0x670 [ 26.605028][ T1728] imon_probe+0x244d/0x2aed [ 26.610022][ T1728] usb_probe_interface+0x305/0x7a0 [ 26.615799][ T1728] really_probe+0x281/0x6d0 [ 26.620808][ T1728] driver_probe_device+0x104/0x210 [ 26.626408][ T1728] __device_attach_driver+0x1c2/0x220 [ 26.632273][ T1728] bus_for_each_drv+0x162/0x1e0 [ 26.637625][ T1728] __device_attach+0x217/0x360 [ 26.642879][ T1728] bus_probe_device+0x1e4/0x290 [ 26.648221][ T1728] device_add+0xae6/0x16f0 [ 26.653128][ T1728] usb_set_configuration+0xdf6/0x1670 [ 26.658990][ T1728] generic_probe+0x9d/0xd5 [ 26.663897][ T1728] usb_probe_device+0x99/0x100 [ 26.669153][ T1728] really_probe+0x281/0x6d0 [ 26.674146][ T1728] driver_probe_device+0x104/0x210 [ 26.679750][ T1728] __device_attach_driver+0x1c2/0x220 [ 26.685614][ T1728] bus_for_each_drv+0x162/0x1e0 [ 26.690956][ T1728] __device_attach+0x217/0x360 [ 26.696213][ T1728] bus_probe_device+0x1e4/0x290 [ 26.701556][ T1728] device_add+0xae6/0x16f0 [ 26.706462][ T1728] usb_new_device.cold+0x6a4/0xe79 [ 26.712066][ T1728] hub_event+0x1b5c/0x3640 [ 26.716974][ T1728] process_one_work+0x92b/0x1530 [ 26.722512][ T1728] worker_thread+0x96/0xe20 [ 26.727504][ T1728] kthread+0x318/0x420 [ 26.732064][ T1728] ret_from_fork+0x24/0x30 [ 26.736967][ T1728] [ 26.736967][ T1728] -> #1 (&ictx->lock){+.+.}: [ 26.743701][ T1728] __mutex_lock+0x158/0x1360 [ 26.748783][ T1728] imon_probe+0xf0c/0x2aed [ 26.753691][ T1728] usb_probe_interface+0x305/0x7a0 [ 26.759295][ T1728] really_probe+0x281/0x6d0 [ 26.764291][ T1728] driver_probe_device+0x104/0x210 [ 26.769892][ T1728] __device_attach_driver+0x1c2/0x220 [ 26.775754][ T1728] bus_for_each_drv+0x162/0x1e0 [ 26.781094][ T1728] __device_attach+0x217/0x360 [ 26.786363][ T1728] bus_probe_device+0x1e4/0x290 [ 26.791706][ T1728] device_add+0xae6/0x16f0 [ 26.796613][ T1728] usb_set_configuration+0xdf6/0x1670 [ 26.802474][ T1728] generic_probe+0x9d/0xd5 [ 26.807381][ T1728] usb_probe_device+0x99/0x100 [ 26.812737][ T1728] really_probe+0x281/0x6d0 [ 26.817730][ T1728] driver_probe_device+0x104/0x210 [ 26.823332][ T1728] __device_attach_driver+0x1c2/0x220 [ 26.829193][ T1728] bus_for_each_drv+0x162/0x1e0 [ 26.834541][ T1728] __device_attach+0x217/0x360 [ 26.839793][ T1728] bus_probe_device+0x1e4/0x290 [ 26.845134][ T1728] device_add+0xae6/0x16f0 [ 26.850127][ T1728] usb_new_device.cold+0x6a4/0xe79 [ 26.855738][ T1728] hub_event+0x1b5c/0x3640 [ 26.860649][ T1728] process_one_work+0x92b/0x1530 [ 26.866076][ T1728] worker_thread+0x96/0xe20 [ 26.871068][ T1728] kthread+0x318/0x420 [ 26.875631][ T1728] ret_from_fork+0x24/0x30 [ 26.880535][ T1728] [ 26.880535][ T1728] -> #0 (driver_lock#2){+.+.}: [ 26.887448][ T1728] __lock_acquire+0x1f74/0x3eb0 [ 26.892803][ T1728] lock_acquire+0x127/0x320 [ 26.897796][ T1728] __mutex_lock+0x158/0x1360 [ 26.902878][ T1728] display_open+0x1f/0x1d0 [ 26.907786][ T1728] usb_open+0x1df/0x270 [ 26.912446][ T1728] chrdev_open+0x219/0x5c0 [ 26.917349][ T1728] do_dentry_open+0x494/0x1120 [ 26.922613][ T1728] path_openat+0x1430/0x3f50 [ 26.927701][ T1728] do_filp_open+0x1a1/0x280 [ 26.932702][ T1728] do_sys_open+0x3c0/0x580 [ 26.937612][ T1728] do_syscall_64+0xb7/0x580 [ 26.942610][ T1728] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 26.948994][ T1728] [ 26.948994][ T1728] other info that might help us debug this: [ 26.948994][ T1728] [ 26.959193][ T1728] Chain exists of: [ 26.959193][ T1728] driver_lock#2 --> &ictx->lock --> minor_rwsem [ 26.959193][ T1728] [ 26.971312][ T1728] Possible unsafe locking scenario: [ 26.971312][ T1728] [ 26.979529][ T1728] CPU0 CPU1 [ 26.984869][ T1728] ---- ---- [ 26.990210][ T1728] lock(minor_rwsem); [ 26.994262][ T1728] lock(&ictx->lock); [ 27.000850][ T1728] lock(minor_rwsem); [ 27.007410][ T1728] lock(driver_lock#2); [ 27.011622][ T1728] [ 27.011622][ T1728] *** DEADLOCK *** [ 27.011622][ T1728] [ 27.019752][ T1728] 1 lock held by syz-executor958/1728: [ 27.025203][ T1728] #0: ffffffff874267c8 (minor_rwsem){++++}, at: usb_open+0x23/0x270 [ 27.033253][ T1728] [ 27.033253][ T1728] stack backtrace: [ 27.039129][ T1728] CPU: 0 PID: 1728 Comm: syz-executor958 Not tainted 5.3.0+ #0 [ 27.046653][ T1728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.056834][ T1728] Call Trace: [ 27.060105][ T1728] dump_stack+0xca/0x13e [ 27.064322][ T1728] check_noncircular+0x32e/0x3e0 [ 27.069245][ T1728] ? profile_setup.cold+0xc1/0xc1 [ 27.074262][ T1728] ? print_circular_bug.isra.0+0x1e0/0x1e0 [ 27.080040][ T1728] ? graph_lock+0x80/0x180 [ 27.084426][ T1728] ? hlock_class+0x120/0x120 [ 27.088987][ T1728] ? mark_lock+0xbc/0x1160 [ 27.093378][ T1728] ? find_first_zero_bit+0x94/0xb0 [ 27.098478][ T1728] __lock_acquire+0x1f74/0x3eb0 [ 27.103300][ T1728] ? mark_held_locks+0xe0/0xe0 [ 27.108032][ T1728] ? hlock_class+0x120/0x120 [ 27.112590][ T1728] ? mark_lock+0xbc/0x1160 [ 27.116991][ T1728] ? find_first_zero_bit+0x94/0xb0 [ 27.122072][ T1728] lock_acquire+0x127/0x320 [ 27.126546][ T1728] ? display_open+0x1f/0x1d0 [ 27.131109][ T1728] __mutex_lock+0x158/0x1360 [ 27.135685][ T1728] ? display_open+0x1f/0x1d0 [ 27.140265][ T1728] ? mark_held_locks+0xe0/0xe0 [ 27.145007][ T1728] ? display_open+0x1f/0x1d0 [ 27.149575][ T1728] ? __lock_acquire+0x145e/0x3eb0 [ 27.154579][ T1728] ? mutex_trylock+0x2c0/0x2c0 [ 27.159319][ T1728] ? lock_acquire+0x127/0x320 [ 27.163977][ T1728] ? usb_open+0x23/0x270 [ 27.168192][ T1728] ? down_read+0x115/0x420 [ 27.172580][ T1728] ? m_show+0x4f0/0x4f0 [ 27.176717][ T1728] ? display_open+0x1f/0x1d0 [ 27.181798][ T1728] display_open+0x1f/0x1d0 [ 27.186188][ T1728] ? usb_tx_callback+0x110/0x110 [ 27.191096][ T1728] usb_open+0x1df/0x270 [ 27.195225][ T1728] ? usb_devnode+0xa0/0xa0 [ 27.199637][ T1728] chrdev_open+0x219/0x5c0 [ 27.204045][ T1728] ? cdev_put.part.0+0x50/0x50 [ 27.208785][ T1728] do_dentry_open+0x494/0x1120 [ 27.213523][ T1728] ? cdev_put.part.0+0x50/0x50 [ 27.218270][ T1728] ? chmod_common+0x3c0/0x3c0 [ 27.222931][ T1728] ? inode_permission+0xbe/0x3a0 [ 27.227991][ T1728] path_openat+0x1430/0x3f50 [ 27.232565][ T1728] ? save_stack+0x1b/0x80 [ 27.236879][ T1728] ? do_sys_open+0x294/0x580 [ 27.241440][ T1728] ? do_syscall_64+0xb7/0x580 [ 27.246090][ T1728] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 27.252128][ T1728] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 27.257471][ T1728] ? __lock_acquire+0x145e/0x3eb0 [ 27.262463][ T1728] do_filp_open+0x1a1/0x280 [ 27.266937][ T1728] ? may_open_dev+0xf0/0xf0 [ 27.271419][ T1728] ? __alloc_fd+0x46d/0x600 [ 27.275999][ T1728] ? _raw_spin_unlock+0x1f/0x30 [ 27.280838][ T1728] ? __alloc_fd+0x46d/0x600 [ 27.285330][ T1728] do_sys_open+0x3c0/0x580 [ 27.289715][ T1728] ? filp_open+0x70/0x70 [ 27.293933][ T1728] ? switch_fpu_return+0x1c2/0x430 [ 27.299035][ T1728] ? hrtimer_nanosleep+0x4f0/0x4f0 [ 27.304126][ T1728] ? trace_hardirqs_off_caller+0x55/0x1e0 [ 27.309814][ T1728] do_syscall_64+0xb7/0x580 [ 27.314292][ T1728] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 27.320153][ T1728] RIP: 0033:0x401470 [ 27.324021][ T1728] Code: 01 f0 ff ff 0f 83 00 0b 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d 1d 09 2d 00 00 75 14 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 d4 0a 00 00 c3 48 83 ec 08 e8 3a 00 00 00 [ 27.343596][ T1728] RSP: 002b:00007fffbc8ff798 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 27.351977][ T1728] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000401470 [ 27.359929][ T1728] RDX: 0000000000000000 RSI: 0000000000000002 RD