DUID 00:04:ac:03:58:10:d0:76:5c:28:30:a7:8a:8b:4a:a3:06:e2
forked to background, child pid 3172
[   25.964911][ T3173] 8021q: adding VLAN 0 to HW filter on device bond0
[   25.977489][ T3173] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.79' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   58.164250][  T140] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   58.524652][  T140] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 44, changing to 9
[   58.535773][  T140] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 8262, setting to 1024
[   58.546913][  T140] usb 1-1: New USB device found, idVendor=15c2, idProduct=0037, bcdDevice=d2.65
[   58.555996][  T140] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   58.593036][  T140] usb 1-1: config 0 descriptor??
[   58.638911][  T140] input: iMON Panel, Knob and Mouse(15c2:0037) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5
[   58.934411][  T140] rc_core: IR keymap rc-imon-pad not found
[   58.940240][  T140] Registered IR keymap rc-empty
[   58.945864][  T140] imon 1-1:0.0: Looks like you're trying to use an IR protocol this device does not support
[   58.956035][  T140] imon 1-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[   59.094866][  T140] rc rc0: iMON Remote (15c2:0037) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[   59.105636][  T140] input: iMON Remote (15c2:0037) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input6
[   59.120563][  T140] imon 1-1:0.0: iMON device (15c2:0037, intf0) on usb<1:2> initialized
[   59.275024][ T3587] 
[   59.277353][ T3587] ======================================================
[   59.284345][ T3587] WARNING: possible circular locking dependency detected
[   59.291362][ T3587] 5.17.0-rc2-next-20220204-syzkaller #0 Not tainted
[   59.297926][ T3587] ------------------------------------------------------
[   59.304917][ T3587] syz-executor358/3587 is trying to acquire lock:
[   59.311305][ T3587] ffffffff8cd165e8 (driver_lock){+.+.}-{3:3}, at: display_open+0x1f/0x220
[   59.319832][ T3587] 
[   59.319832][ T3587] but task is already holding lock:
[   59.327170][ T3587] ffffffff8ca57730 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x24/0x2e0
[   59.335503][ T3587] 
[   59.335503][ T3587] which lock already depends on the new lock.
[   59.335503][ T3587] 
[   59.345880][ T3587] 
[   59.345880][ T3587] the existing dependency chain (in reverse order) is:
[   59.354870][ T3587] 
[   59.354870][ T3587] -> #2 (minor_rwsem#2){++++}-{3:3}:
[   59.362323][ T3587]        down_write+0x90/0x150
[   59.367082][ T3587]        usb_register_dev+0x19d/0x7e0
[   59.372465][ T3587]        imon_probe+0x2499/0x2b90
[   59.377478][ T3587]        usb_probe_interface+0x315/0x7f0
[   59.383094][ T3587]        really_probe+0x245/0xcc0
[   59.388120][ T3587]        __driver_probe_device+0x338/0x4d0
[   59.393927][ T3587]        driver_probe_device+0x4c/0x1a0
[   59.399465][ T3587]        __device_attach_driver+0x20b/0x2f0
[   59.405352][ T3587]        bus_for_each_drv+0x15f/0x1e0
[   59.410734][ T3587]        __device_attach+0x228/0x4a0
[   59.416022][ T3587]        bus_probe_device+0x1e4/0x290
[   59.421405][ T3587]        device_add+0xc17/0x1ee0
[   59.426340][ T3587]        usb_set_configuration+0x101e/0x1900
[   59.432321][ T3587]        usb_generic_driver_probe+0xba/0x100
[   59.438300][ T3587]        usb_probe_device+0xd9/0x2c0
[   59.443588][ T3587]        really_probe+0x245/0xcc0
[   59.448600][ T3587]        __driver_probe_device+0x338/0x4d0
[   59.454393][ T3587]        driver_probe_device+0x4c/0x1a0
[   59.459927][ T3587]        __device_attach_driver+0x20b/0x2f0
[   59.465806][ T3587]        bus_for_each_drv+0x15f/0x1e0
[   59.471180][ T3587]        __device_attach+0x228/0x4a0
[   59.476453][ T3587]        bus_probe_device+0x1e4/0x290
[   59.481824][ T3587]        device_add+0xc17/0x1ee0
[   59.486757][ T3587]        usb_new_device.cold+0x63f/0x108e
[   59.492472][ T3587]        hub_event+0x25c6/0x4680
[   59.497414][ T3587]        process_one_work+0x996/0x1610
[   59.502866][ T3587]        worker_thread+0x665/0x1080
[   59.508053][ T3587]        kthread+0x2e9/0x3a0
[   59.512655][ T3587]        ret_from_fork+0x1f/0x30
[   59.517592][ T3587] 
[   59.517592][ T3587] -> #1 (&ictx->lock){+.+.}-{3:3}:
[   59.524874][ T3587]        __mutex_lock+0x12f/0x12f0
[   59.529982][ T3587]        imon_probe+0xff9/0x2b90
[   59.534916][ T3587]        usb_probe_interface+0x315/0x7f0
[   59.540543][ T3587]        really_probe+0x245/0xcc0
[   59.545554][ T3587]        __driver_probe_device+0x338/0x4d0
[   59.551351][ T3587]        driver_probe_device+0x4c/0x1a0
[   59.556883][ T3587]        __device_attach_driver+0x20b/0x2f0
[   59.562764][ T3587]        bus_for_each_drv+0x15f/0x1e0
[   59.568136][ T3587]        __device_attach+0x228/0x4a0
[   59.573407][ T3587]        bus_probe_device+0x1e4/0x290
[   59.578776][ T3587]        device_add+0xc17/0x1ee0
[   59.583710][ T3587]        usb_set_configuration+0x101e/0x1900
[   59.589683][ T3587]        usb_generic_driver_probe+0xba/0x100
[   59.595656][ T3587]        usb_probe_device+0xd9/0x2c0
[   59.600937][ T3587]        really_probe+0x245/0xcc0
[   59.605946][ T3587]        __driver_probe_device+0x338/0x4d0
[   59.611747][ T3587]        driver_probe_device+0x4c/0x1a0
[   59.617292][ T3587]        __device_attach_driver+0x20b/0x2f0
[   59.623183][ T3587]        bus_for_each_drv+0x15f/0x1e0
[   59.628557][ T3587]        __device_attach+0x228/0x4a0
[   59.633838][ T3587]        bus_probe_device+0x1e4/0x290
[   59.639214][ T3587]        device_add+0xc17/0x1ee0
[   59.644151][ T3587]        usb_new_device.cold+0x63f/0x108e
[   59.649865][ T3587]        hub_event+0x25c6/0x4680
[   59.654811][ T3587]        process_one_work+0x996/0x1610
[   59.660261][ T3587]        worker_thread+0x665/0x1080
[   59.665450][ T3587]        kthread+0x2e9/0x3a0
[   59.670037][ T3587]        ret_from_fork+0x1f/0x30
[   59.674974][ T3587] 
[   59.674974][ T3587] -> #0 (driver_lock){+.+.}-{3:3}:
[   59.682255][ T3587]        __lock_acquire+0x2a13/0x54d0
[   59.687622][ T3587]        lock_acquire+0x1ab/0x510
[   59.692640][ T3587]        __mutex_lock+0x12f/0x12f0
[   59.697748][ T3587]        display_open+0x1f/0x220
[   59.702680][ T3587]        usb_open+0x204/0x2e0
[   59.707348][ T3587]        chrdev_open+0x266/0x770
[   59.712286][ T3587]        do_dentry_open+0x4b9/0x1240
[   59.717565][ T3587]        path_openat+0x1c9e/0x2940
[   59.722669][ T3587]        do_filp_open+0x1aa/0x400
[   59.727686][ T3587]        do_sys_openat2+0x16d/0x4d0
[   59.732882][ T3587]        __x64_sys_openat+0x13f/0x1f0
[   59.738252][ T3587]        do_syscall_64+0x35/0xb0
[   59.743186][ T3587]        entry_SYSCALL_64_after_hwframe+0x44/0xae
[   59.749588][ T3587] 
[   59.749588][ T3587] other info that might help us debug this:
[   59.749588][ T3587] 
[   59.759796][ T3587] Chain exists of:
[   59.759796][ T3587]   driver_lock --> &ictx->lock --> minor_rwsem#2
[   59.759796][ T3587] 
[   59.771952][ T3587]  Possible unsafe locking scenario:
[   59.771952][ T3587] 
[   59.779381][ T3587]        CPU0                    CPU1
[   59.784725][ T3587]        ----                    ----
[   59.790075][ T3587]   lock(minor_rwsem#2);
[   59.794307][ T3587]                                lock(&ictx->lock);
[   59.800875][ T3587]                                lock(minor_rwsem#2);
[   59.807629][ T3587]   lock(driver_lock);
[   59.811682][ T3587] 
[   59.811682][ T3587]  *** DEADLOCK ***
[   59.811682][ T3587] 
[   59.819804][ T3587] 1 lock held by syz-executor358/3587:
[   59.825248][ T3587]  #0: ffffffff8ca57730 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x24/0x2e0
[   59.834043][ T3587] 
[   59.834043][ T3587] stack backtrace:
[   59.839913][ T3587] CPU: 0 PID: 3587 Comm: syz-executor358 Not tainted 5.17.0-rc2-next-20220204-syzkaller #0
[   59.849876][ T3587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   59.859916][ T3587] Call Trace:
[   59.863183][ T3587]  <TASK>
[   59.866103][ T3587]  dump_stack_lvl+0xcd/0x134
[   59.870690][ T3587]  check_noncircular+0x25f/0x2e0
[   59.875625][ T3587]  ? print_circular_bug+0x1e0/0x1e0
[   59.880820][ T3587]  ? lockdep_lock+0xc6/0x200
[   59.885421][ T3587]  ? call_rcu_zapped+0xb0/0xb0
[   59.890181][ T3587]  __lock_acquire+0x2a13/0x54d0
[   59.895032][ T3587]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   59.901015][ T3587]  lock_acquire+0x1ab/0x510
[   59.905519][ T3587]  ? display_open+0x1f/0x220
[   59.910106][ T3587]  ? lock_release+0x720/0x720
[   59.914780][ T3587]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   59.920760][ T3587]  __mutex_lock+0x12f/0x12f0
[   59.925347][ T3587]  ? display_open+0x1f/0x220
[   59.929933][ T3587]  ? lock_release+0x720/0x720
[   59.934608][ T3587]  ? display_open+0x1f/0x220
[   59.939212][ T3587]  ? mutex_lock_io_nested+0x1150/0x1150
[   59.944756][ T3587]  ? down_read+0x198/0x440
[   59.949172][ T3587]  ? chrdev_open+0x58c/0x770
[   59.953764][ T3587]  ? rwsem_down_read_slowpath+0xa70/0xa70
[   59.959482][ T3587]  ? do_raw_spin_lock+0x120/0x2a0
[   59.964510][ T3587]  display_open+0x1f/0x220
[   59.968922][ T3587]  ? display_close+0x160/0x160
[   59.973692][ T3587]  usb_open+0x204/0x2e0
[   59.977842][ T3587]  ? usb_devnode+0xa0/0xa0
[   59.982253][ T3587]  chrdev_open+0x266/0x770
[   59.986671][ T3587]  ? cdev_device_add+0x210/0x210
[   59.991607][ T3587]  ? fsnotify_perm.part.0+0x22d/0x620
[   59.996971][ T3587]  do_dentry_open+0x4b9/0x1240
[   60.001734][ T3587]  ? cdev_device_add+0x210/0x210
[   60.006668][ T3587]  ? may_open+0x1f6/0x420
[   60.010990][ T3587]  path_openat+0x1c9e/0x2940
[   60.015584][ T3587]  ? path_lookupat+0x860/0x860
[   60.020341][ T3587]  ? mark_lock+0xef/0x17b0
[   60.024752][ T3587]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   60.030732][ T3587]  do_filp_open+0x1aa/0x400
[   60.035231][ T3587]  ? may_open_dev+0xf0/0xf0
[   60.039732][ T3587]  ? rwlock_bug.part.0+0x90/0x90
[   60.044668][ T3587]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   60.050912][ T3587]  ? _find_next_bit+0x1e3/0x260
[   60.055754][ T3587]  ? _raw_spin_unlock+0x24/0x40
[   60.060604][ T3587]  ? alloc_fd+0x2f0/0x670
[   60.064938][ T3587]  do_sys_openat2+0x16d/0x4d0
[   60.069630][ T3587]  ? build_open_flags+0x6f0/0x6f0
[   60.074674][ T3587]  ? __context_tracking_exit+0xb8/0xe0
[   60.080148][ T3587]  ? lock_downgrade+0x6e0/0x6e0
[   60.085001][ T3587]  __x64_sys_openat+0x13f/0x1f0
[   60.089861][ T3587]  ? __ia32_sys_open+0x1c0/0x1c0
[   60.094804][ T3587]  ? syscall_enter_from_user_mode+0x21/0x70
[   60.100714][ T3587]  do_syscall_64+0x35/0xb0
[   60.105139][ T3587]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   60.111031][ T3587] RIP: 0033:0x7f83584f5ce7
[   60.115441][ T3587] Code: 25 00 00 41 00 3d 00 00 41 00 74 47 64 8b 04 25 18 00 00 00 85 c0 75 6b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 95 00 00 00 48 8b 4c 24 28 64 48 2b 0c 25
[   60.135039][ T3587] RSP: 002b:00007ffea568e420 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   60.143444][ T3587] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f83584f5ce7
[   60.151419][ T3587] RDX: 0000000000000002 RSI: 00007ffea568e4a0 RDI: 00000000ffffff9c
[   60.159380][ T3587] RBP: 00007ffea568e4a0 R08: 0000000000000000 R09: 000000000000000f
[   60.167335][ T3587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   60.175291][ T3587] R13: 000000000000000