DUID 00:04:92:3d:a4:bf:d8:99:95:1d:d2:9f:0e:34:7d:20:a7:e6
forked to background, child pid 3171
[   27.174231][ T3172] 8021q: adding VLAN 0 to HW filter on device bond0
[   27.184716][ T3172] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.129' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   50.680263][  T918] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   51.040730][  T918] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[   51.051858][  T918] usb 1-1: New USB device found, idVendor=15c2, idProduct=0039, bcdDevice=d2.65
[   51.061204][  T918] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   51.072204][  T918] usb 1-1: config 0 descriptor??
[   51.114493][  T918] input: iMON Panel, Knob and Mouse(15c2:0039) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5
[   51.410319][  T918] rc_core: IR keymap rc-imon-pad not found
[   51.416151][  T918] Registered IR keymap rc-empty
[   51.421713][  T918] imon 1-1:0.0: Looks like you're trying to use an IR protocol this device does not support
[   51.432282][  T918] imon 1-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[   51.571327][  T918] rc rc0: iMON Remote (15c2:0039) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[   51.582435][  T918] input: iMON Remote (15c2:0039) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input6
[   51.602474][  T918] imon 1-1:0.0: iMON device (15c2:0039, intf0) on usb<1:2> initialized
[   51.750904][ T3587] 
[   51.753235][ T3587] ======================================================
[   51.760229][ T3587] WARNING: possible circular locking dependency detected
[   51.767222][ T3587] 5.18.0-rc2-next-20220414-syzkaller #0 Not tainted
[   51.773788][ T3587] ------------------------------------------------------
[   51.780779][ T3587] syz-executor778/3587 is trying to acquire lock:
[   51.787185][ T3587] ffffffff8cf33428 (driver_lock){+.+.}-{3:3}, at: display_open+0x1f/0x220
[   51.795703][ T3587] 
[   51.795703][ T3587] but task is already holding lock:
[   51.803058][ T3587] ffffffff8cc73750 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x24/0x2e0
[   51.811389][ T3587] 
[   51.811389][ T3587] which lock already depends on the new lock.
[   51.811389][ T3587] 
[   51.821800][ T3587] 
[   51.821800][ T3587] the existing dependency chain (in reverse order) is:
[   51.830821][ T3587] 
[   51.830821][ T3587] -> #2 (minor_rwsem#2){++++}-{3:3}:
[   51.838291][ T3587]        down_write+0x90/0x150
[   51.843050][ T3587]        usb_register_dev+0x19d/0x7e0
[   51.848424][ T3587]        imon_probe+0x2506/0x2b90
[   51.853550][ T3587]        usb_probe_interface+0x315/0x7f0
[   51.859180][ T3587]        really_probe+0x23e/0xb20
[   51.864206][ T3587]        __driver_probe_device+0x338/0x4d0
[   51.870004][ T3587]        driver_probe_device+0x4c/0x1a0
[   51.875541][ T3587]        __device_attach_driver+0x20b/0x2f0
[   51.881426][ T3587]        bus_for_each_drv+0x15f/0x1e0
[   51.886785][ T3587]        __device_attach+0x228/0x4a0
[   51.892060][ T3587]        bus_probe_device+0x1e4/0x290
[   51.897422][ T3587]        device_add+0xb83/0x1e20
[   51.902356][ T3587]        usb_set_configuration+0x101e/0x1900
[   51.908336][ T3587]        usb_generic_driver_probe+0xba/0x100
[   51.914314][ T3587]        usb_probe_device+0xd9/0x2c0
[   51.919587][ T3587]        really_probe+0x23e/0xb20
[   51.924605][ T3587]        __driver_probe_device+0x338/0x4d0
[   51.930404][ T3587]        driver_probe_device+0x4c/0x1a0
[   51.935939][ T3587]        __device_attach_driver+0x20b/0x2f0
[   51.941824][ T3587]        bus_for_each_drv+0x15f/0x1e0
[   51.947190][ T3587]        __device_attach+0x228/0x4a0
[   51.952484][ T3587]        bus_probe_device+0x1e4/0x290
[   51.957855][ T3587]        device_add+0xb83/0x1e20
[   51.963141][ T3587]        usb_new_device.cold+0x641/0x1091
[   51.968859][ T3587]        hub_event+0x25c6/0x4680
[   51.973796][ T3587]        process_one_work+0x996/0x1610
[   51.979251][ T3587]        worker_thread+0x665/0x1080
[   51.984443][ T3587]        kthread+0x2e9/0x3a0
[   51.989026][ T3587]        ret_from_fork+0x1f/0x30
[   51.993967][ T3587] 
[   51.993967][ T3587] -> #1 (&ictx->lock){+.+.}-{3:3}:
[   52.001251][ T3587]        __mutex_lock+0x12f/0x1350
[   52.006363][ T3587]        imon_probe+0xff9/0x2b90
[   52.011289][ T3587]        usb_probe_interface+0x315/0x7f0
[   52.016909][ T3587]        really_probe+0x23e/0xb20
[   52.021927][ T3587]        __driver_probe_device+0x338/0x4d0
[   52.027728][ T3587]        driver_probe_device+0x4c/0x1a0
[   52.033265][ T3587]        __device_attach_driver+0x20b/0x2f0
[   52.039152][ T3587]        bus_for_each_drv+0x15f/0x1e0
[   52.044514][ T3587]        __device_attach+0x228/0x4a0
[   52.049792][ T3587]        bus_probe_device+0x1e4/0x290
[   52.055153][ T3587]        device_add+0xb83/0x1e20
[   52.060091][ T3587]        usb_set_configuration+0x101e/0x1900
[   52.066077][ T3587]        usb_generic_driver_probe+0xba/0x100
[   52.072056][ T3587]        usb_probe_device+0xd9/0x2c0
[   52.077327][ T3587]        really_probe+0x23e/0xb20
[   52.082342][ T3587]        __driver_probe_device+0x338/0x4d0
[   52.088139][ T3587]        driver_probe_device+0x4c/0x1a0
[   52.093679][ T3587]        __device_attach_driver+0x20b/0x2f0
[   52.099572][ T3587]        bus_for_each_drv+0x15f/0x1e0
[   52.104931][ T3587]        __device_attach+0x228/0x4a0
[   52.110205][ T3587]        bus_probe_device+0x1e4/0x290
[   52.115572][ T3587]        device_add+0xb83/0x1e20
[   52.120505][ T3587]        usb_new_device.cold+0x641/0x1091
[   52.126218][ T3587]        hub_event+0x25c6/0x4680
[   52.131148][ T3587]        process_one_work+0x996/0x1610
[   52.136599][ T3587]        worker_thread+0x665/0x1080
[   52.141796][ T3587]        kthread+0x2e9/0x3a0
[   52.146387][ T3587]        ret_from_fork+0x1f/0x30
[   52.151326][ T3587] 
[   52.151326][ T3587] -> #0 (driver_lock){+.+.}-{3:3}:
[   52.158624][ T3587]        __lock_acquire+0x2abe/0x5660
[   52.164016][ T3587]        lock_acquire+0x1ab/0x570
[   52.169054][ T3587]        __mutex_lock+0x12f/0x1350
[   52.174175][ T3587]        display_open+0x1f/0x220
[   52.179112][ T3587]        usb_open+0x204/0x2e0
[   52.183782][ T3587]        chrdev_open+0x266/0x770
[   52.188713][ T3587]        do_dentry_open+0x4a1/0x11f0
[   52.193994][ T3587]        path_openat+0x1c71/0x2910
[   52.199199][ T3587]        do_filp_open+0x1aa/0x400
[   52.204222][ T3587]        do_sys_openat2+0x16d/0x4c0
[   52.209428][ T3587]        __x64_sys_openat+0x13f/0x1f0
[   52.214803][ T3587]        do_syscall_64+0x35/0xb0
[   52.219749][ T3587]        entry_SYSCALL_64_after_hwframe+0x44/0xae
[   52.226174][ T3587] 
[   52.226174][ T3587] other info that might help us debug this:
[   52.226174][ T3587] 
[   52.236568][ T3587] Chain exists of:
[   52.236568][ T3587]   driver_lock --> &ictx->lock --> minor_rwsem#2
[   52.236568][ T3587] 
[   52.248731][ T3587]  Possible unsafe locking scenario:
[   52.248731][ T3587] 
[   52.256168][ T3587]        CPU0                    CPU1
[   52.261517][ T3587]        ----                    ----
[   52.266880][ T3587]   lock(minor_rwsem#2);
[   52.271120][ T3587]                                lock(&ictx->lock);
[   52.277704][ T3587]                                lock(minor_rwsem#2);
[   52.284470][ T3587]   lock(driver_lock);
[   52.288540][ T3587] 
[   52.288540][ T3587]  *** DEADLOCK ***
[   52.288540][ T3587] 
[   52.296682][ T3587] 1 lock held by syz-executor778/3587:
[   52.302134][ T3587]  #0: ffffffff8cc73750 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x24/0x2e0
[   52.310931][ T3587] 
[   52.310931][ T3587] stack backtrace:
[   52.316815][ T3587] CPU: 1 PID: 3587 Comm: syz-executor778 Not tainted 5.18.0-rc2-next-20220414-syzkaller #0
[   52.326790][ T3587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   52.336848][ T3587] Call Trace:
[   52.340119][ T3587]  <TASK>
[   52.343050][ T3587]  dump_stack_lvl+0xcd/0x134
[   52.347647][ T3587]  check_noncircular+0x25f/0x2e0
[   52.352593][ T3587]  ? print_circular_bug+0x1e0/0x1e0
[   52.357794][ T3587]  ? lock_chain_count+0x20/0x20
[   52.362648][ T3587]  __lock_acquire+0x2abe/0x5660
[   52.367509][ T3587]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   52.373489][ T3587]  ? __lock_acquire+0x2581/0x5660
[   52.378533][ T3587]  lock_acquire+0x1ab/0x570
[   52.383057][ T3587]  ? display_open+0x1f/0x220
[   52.387649][ T3587]  ? lock_release+0x780/0x780
[   52.392350][ T3587]  __mutex_lock+0x12f/0x1350
[   52.396964][ T3587]  ? display_open+0x1f/0x220
[   52.401559][ T3587]  ? __mutex_unlock_slowpath+0x157/0x5e0
[   52.407209][ T3587]  ? display_open+0x1f/0x220
[   52.411802][ T3587]  ? mutex_lock_io_nested+0x1190/0x1190
[   52.417365][ T3587]  ? down_read+0x198/0x440
[   52.421773][ T3587]  ? chrdev_open+0x58c/0x770
[   52.426356][ T3587]  ? rwsem_down_read_slowpath+0xb00/0xb00
[   52.432066][ T3587]  ? do_raw_spin_lock+0x120/0x2a0
[   52.437083][ T3587]  display_open+0x1f/0x220
[   52.441490][ T3587]  ? display_close+0x160/0x160
[   52.446242][ T3587]  usb_open+0x204/0x2e0
[   52.450388][ T3587]  ? usb_devnode+0xa0/0xa0
[   52.454792][ T3587]  chrdev_open+0x266/0x770
[   52.459199][ T3587]  ? cdev_device_add+0x220/0x220
[   52.464133][ T3587]  ? fsnotify_perm.part.0+0x221/0x610
[   52.469502][ T3587]  do_dentry_open+0x4a1/0x11f0
[   52.474258][ T3587]  ? cdev_device_add+0x220/0x220
[   52.479186][ T3587]  ? may_open+0x1f6/0x420
[   52.483519][ T3587]  path_openat+0x1c71/0x2910
[   52.488125][ T3587]  ? path_lookupat+0x860/0x860
[   52.492890][ T3587]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   52.498877][ T3587]  do_filp_open+0x1aa/0x400
[   52.503368][ T3587]  ? may_open_dev+0xf0/0xf0
[   52.507865][ T3587]  ? rwlock_bug.part.0+0x90/0x90
[   52.512792][ T3587]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   52.519029][ T3587]  ? _find_next_bit+0x1e3/0x260
[   52.524050][ T3587]  ? _raw_spin_unlock+0x24/0x40
[   52.528893][ T3587]  ? alloc_fd+0x2f0/0x670
[   52.533220][ T3587]  do_sys_openat2+0x16d/0x4c0
[   52.537889][ T3587]  ? find_held_lock+0x2d/0x110
[   52.542655][ T3587]  ? build_open_flags+0x6f0/0x6f0
[   52.547677][ T3587]  ? lock_downgrade+0x6e0/0x6e0
[   52.552531][ T3587]  __x64_sys_openat+0x13f/0x1f0
[   52.557377][ T3587]  ? __ia32_sys_open+0x1c0/0x1c0
[   52.562315][ T3587]  ? syscall_enter_from_user_mode+0x21/0x70
[   52.568494][ T3587]  do_syscall_64+0x35/0xb0
[   52.572932][ T3587]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   52.578840][ T3587] RIP: 0033:0x7f22640f3c77
[   52.583252][ T3587] Code: 25 00 00 41 00 3d 00 00 41 00 74 47 64 8b 04 25 18 00 00 00 85 c0 75 6b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 95 00 00 00 48 8b 4c 24 28 64 48 2b 0c 25
[   52.602849][ T3587] RSP: 002b:00007ffc66fa1c90 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   52.611250][ T3587] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f22640f3c77
[   52.619221][ T3587] RDX: 0000000000000002 RSI: 00007ffc66fa1d10 RDI: 00000000ffffff9c
[   52.627179][ T3587] RBP: 00007ffc66fa1d10 R08: 0000000000000000 R09: 000000000000000f
[   52.635135][ T3587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   52.643095][ T3587] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   52.651069][ T3587]  </TASK>
[