Warning: Permanently added '10.128.10.0' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 48.653227][ T3317] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 49.013656][ T3317] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 49.024775][ T3317] usb 1-1: New USB device found, idVendor=15c2, idProduct=0039, bcdDevice=a9.8c [ 49.033987][ T3317] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 49.046875][ T3317] usb 1-1: config 0 descriptor?? [ 49.087571][ T3317] input: iMON Panel, Knob and Mouse(15c2:0039) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5 [ 49.383390][ T3317] rc_core: IR keymap rc-imon-pad not found [ 49.389208][ T3317] Registered IR keymap rc-empty [ 49.394177][ T3317] imon 1-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 49.404385][ T3317] imon 1-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 49.544608][ T3317] rc rc0: iMON Remote (15c2:0039) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 49.555866][ T3317] input: iMON Remote (15c2:0039) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input6 [ 49.575693][ T3317] imon 1-1:0.0: iMON device (15c2:0039, intf0) on usb<1:2> initialized [ 49.723776][ T3598] [ 49.726237][ T3598] ====================================================== [ 49.733280][ T3598] WARNING: possible circular locking dependency detected [ 49.740284][ T3598] 5.17.0-rc4-syzkaller-00162-g9195e5e0adbb #0 Not tainted [ 49.747373][ T3598] ------------------------------------------------------ [ 49.754367][ T3598] syz-executor469/3598 is trying to acquire lock: [ 49.760756][ T3598] ffffffff8cd14ac8 (driver_lock){+.+.}-{3:3}, at: display_open+0x1f/0x220 [ 49.769279][ T3598] [ 49.769279][ T3598] but task is already holding lock: [ 49.776627][ T3598] ffffffff8ca599b0 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x24/0x2e0 [ 49.784955][ T3598] [ 49.784955][ T3598] which lock already depends on the new lock. [ 49.784955][ T3598] [ 49.795336][ T3598] [ 49.795336][ T3598] the existing dependency chain (in reverse order) is: [ 49.804326][ T3598] [ 49.804326][ T3598] -> #2 (minor_rwsem#2){++++}-{3:3}: [ 49.811778][ T3598] down_write+0x90/0x150 [ 49.816542][ T3598] usb_register_dev+0x19d/0x7e0 [ 49.821895][ T3598] imon_probe+0x2506/0x2b90 [ 49.826900][ T3598] usb_probe_interface+0x315/0x7f0 [ 49.832511][ T3598] really_probe+0x245/0xcc0 [ 49.837543][ T3598] __driver_probe_device+0x338/0x4d0 [ 49.843352][ T3598] driver_probe_device+0x4c/0x1a0 [ 49.848878][ T3598] __device_attach_driver+0x20b/0x2f0 [ 49.854753][ T3598] bus_for_each_drv+0x15f/0x1e0 [ 49.860109][ T3598] __device_attach+0x228/0x4a0 [ 49.865374][ T3598] bus_probe_device+0x1e4/0x290 [ 49.870728][ T3598] device_add+0xb83/0x1e20 [ 49.875647][ T3598] usb_set_configuration+0x101e/0x1900 [ 49.881609][ T3598] usb_generic_driver_probe+0xba/0x100 [ 49.887572][ T3598] usb_probe_device+0xd9/0x2c0 [ 49.892836][ T3598] really_probe+0x245/0xcc0 [ 49.897841][ T3598] __driver_probe_device+0x338/0x4d0 [ 49.903630][ T3598] driver_probe_device+0x4c/0x1a0 [ 49.909181][ T3598] __device_attach_driver+0x20b/0x2f0 [ 49.915062][ T3598] bus_for_each_drv+0x15f/0x1e0 [ 49.920415][ T3598] __device_attach+0x228/0x4a0 [ 49.925680][ T3598] bus_probe_device+0x1e4/0x290 [ 49.931031][ T3598] device_add+0xb83/0x1e20 [ 49.935951][ T3598] usb_new_device.cold+0x63f/0x108e [ 49.941650][ T3598] hub_event+0x2585/0x44d0 [ 49.946571][ T3598] process_one_work+0x9ac/0x1650 [ 49.952010][ T3598] worker_thread+0x657/0x1110 [ 49.957190][ T3598] kthread+0x2e9/0x3a0 [ 49.961763][ T3598] ret_from_fork+0x1f/0x30 [ 49.966682][ T3598] [ 49.966682][ T3598] -> #1 (&ictx->lock){+.+.}-{3:3}: [ 49.973973][ T3598] __mutex_lock+0x12f/0x12f0 [ 49.979069][ T3598] imon_probe+0xff9/0x2b90 [ 49.983989][ T3598] usb_probe_interface+0x315/0x7f0 [ 49.989604][ T3598] really_probe+0x245/0xcc0 [ 49.994614][ T3598] __driver_probe_device+0x338/0x4d0 [ 50.000406][ T3598] driver_probe_device+0x4c/0x1a0 [ 50.005937][ T3598] __device_attach_driver+0x20b/0x2f0 [ 50.011814][ T3598] bus_for_each_drv+0x15f/0x1e0 [ 50.017186][ T3598] __device_attach+0x228/0x4a0 [ 50.022452][ T3598] bus_probe_device+0x1e4/0x290 [ 50.027806][ T3598] device_add+0xb83/0x1e20 [ 50.032723][ T3598] usb_set_configuration+0x101e/0x1900 [ 50.038689][ T3598] usb_generic_driver_probe+0xba/0x100 [ 50.044666][ T3598] usb_probe_device+0xd9/0x2c0 [ 50.049935][ T3598] really_probe+0x245/0xcc0 [ 50.054958][ T3598] __driver_probe_device+0x338/0x4d0 [ 50.060745][ T3598] driver_probe_device+0x4c/0x1a0 [ 50.066273][ T3598] __device_attach_driver+0x20b/0x2f0 [ 50.072150][ T3598] bus_for_each_drv+0x15f/0x1e0 [ 50.077504][ T3598] __device_attach+0x228/0x4a0 [ 50.082771][ T3598] bus_probe_device+0x1e4/0x290 [ 50.088124][ T3598] device_add+0xb83/0x1e20 [ 50.093043][ T3598] usb_new_device.cold+0x63f/0x108e [ 50.098742][ T3598] hub_event+0x2585/0x44d0 [ 50.103659][ T3598] process_one_work+0x9ac/0x1650 [ 50.109124][ T3598] worker_thread+0x657/0x1110 [ 50.114317][ T3598] kthread+0x2e9/0x3a0 [ 50.118910][ T3598] ret_from_fork+0x1f/0x30 [ 50.123836][ T3598] [ 50.123836][ T3598] -> #0 (driver_lock){+.+.}-{3:3}: [ 50.131109][ T3598] __lock_acquire+0x2ad4/0x56c0 [ 50.136471][ T3598] lock_acquire+0x1ab/0x510 [ 50.141479][ T3598] __mutex_lock+0x12f/0x12f0 [ 50.146575][ T3598] display_open+0x1f/0x220 [ 50.151502][ T3598] usb_open+0x204/0x2e0 [ 50.156163][ T3598] chrdev_open+0x266/0x770 [ 50.161084][ T3598] do_dentry_open+0x4b9/0x1250 [ 50.166349][ T3598] path_openat+0x1c9e/0x2940 [ 50.171471][ T3598] do_filp_open+0x1aa/0x400 [ 50.176476][ T3598] do_sys_openat2+0x16d/0x4d0 [ 50.181653][ T3598] __x64_sys_openat+0x13f/0x1f0 [ 50.187016][ T3598] do_syscall_64+0x35/0xb0 [ 50.191947][ T3598] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 50.198357][ T3598] [ 50.198357][ T3598] other info that might help us debug this: [ 50.198357][ T3598] [ 50.208590][ T3598] Chain exists of: [ 50.208590][ T3598] driver_lock --> &ictx->lock --> minor_rwsem#2 [ 50.208590][ T3598] [ 50.220755][ T3598] Possible unsafe locking scenario: [ 50.220755][ T3598] [ 50.228187][ T3598] CPU0 CPU1 [ 50.233529][ T3598] ---- ---- [ 50.238871][ T3598] lock(minor_rwsem#2); [ 50.243097][ T3598] lock(&ictx->lock); [ 50.249763][ T3598] lock(minor_rwsem#2); [ 50.256503][ T3598] lock(driver_lock); [ 50.260551][ T3598] [ 50.260551][ T3598] *** DEADLOCK *** [ 50.260551][ T3598] [ 50.268670][ T3598] 1 lock held by syz-executor469/3598: [ 50.274124][ T3598] #0: ffffffff8ca599b0 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x24/0x2e0 [ 50.282898][ T3598] [ 50.282898][ T3598] stack backtrace: [ 50.288771][ T3598] CPU: 1 PID: 3598 Comm: syz-executor469 Not tainted 5.17.0-rc4-syzkaller-00162-g9195e5e0adbb #0 [ 50.299249][ T3598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.309284][ T3598] Call Trace: [ 50.312564][ T3598] [ 50.315481][ T3598] dump_stack_lvl+0xcd/0x134 [ 50.320065][ T3598] check_noncircular+0x25f/0x2e0 [ 50.324992][ T3598] ? print_circular_bug+0x1e0/0x1e0 [ 50.330175][ T3598] ? lock_chain_count+0x20/0x20 [ 50.335020][ T3598] __lock_acquire+0x2ad4/0x56c0 [ 50.339858][ T3598] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 50.345823][ T3598] ? lockdep_unlock+0x11c/0x290 [ 50.350659][ T3598] ? __lock_acquire+0x25af/0x56c0 [ 50.355669][ T3598] lock_acquire+0x1ab/0x510 [ 50.360156][ T3598] ? display_open+0x1f/0x220 [ 50.364736][ T3598] ? lock_release+0x720/0x720 [ 50.369416][ T3598] ? __lock_acquire+0x1666/0x56c0 [ 50.374428][ T3598] __mutex_lock+0x12f/0x12f0 [ 50.379017][ T3598] ? display_open+0x1f/0x220 [ 50.383606][ T3598] ? lock_release+0x720/0x720 [ 50.388267][ T3598] ? display_open+0x1f/0x220 [ 50.392857][ T3598] ? mutex_lock_io_nested+0x1150/0x1150 [ 50.398392][ T3598] ? down_read+0x198/0x440 [ 50.402790][ T3598] ? chrdev_open+0x58c/0x770 [ 50.407364][ T3598] ? rwsem_down_read_slowpath+0xa70/0xa70 [ 50.413068][ T3598] ? do_raw_spin_lock+0x120/0x2b0 [ 50.418081][ T3598] display_open+0x1f/0x220 [ 50.422483][ T3598] ? display_close+0x160/0x160 [ 50.427232][ T3598] usb_open+0x204/0x2e0 [ 50.431369][ T3598] ? usb_devnode+0xa0/0xa0 [ 50.435765][ T3598] chrdev_open+0x266/0x770 [ 50.440177][ T3598] ? cdev_device_add+0x220/0x220 [ 50.445095][ T3598] ? fsnotify_perm.part.0+0x22d/0x620 [ 50.450450][ T3598] do_dentry_open+0x4b9/0x1250 [ 50.455229][ T3598] ? cdev_device_add+0x220/0x220 [ 50.460146][ T3598] ? may_open+0x1f6/0x420 [ 50.464461][ T3598] path_openat+0x1c9e/0x2940 [ 50.469035][ T3598] ? local_lock_release+0x1d/0x60 [ 50.474045][ T3598] ? path_lookupat+0x860/0x860 [ 50.478789][ T3598] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 50.484757][ T3598] do_filp_open+0x1aa/0x400 [ 50.489245][ T3598] ? may_open_dev+0xf0/0xf0 [ 50.493733][ T3598] ? rwlock_bug.part.0+0x90/0x90 [ 50.498656][ T3598] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 50.504881][ T3598] ? _find_next_bit+0x1e3/0x260 [ 50.509716][ T3598] ? _raw_spin_unlock+0x24/0x40 [ 50.514554][ T3598] ? alloc_fd+0x2f0/0x670 [ 50.518866][ T3598] do_sys_openat2+0x16d/0x4d0 [ 50.523557][ T3598] ? find_held_lock+0x2d/0x110 [ 50.528306][ T3598] ? build_open_flags+0x6f0/0x6f0 [ 50.533337][ T3598] ? lock_downgrade+0x6e0/0x6e0 [ 50.538170][ T3598] __x64_sys_openat+0x13f/0x1f0 [ 50.543019][ T3598] ? __ia32_sys_open+0x1c0/0x1c0 [ 50.547943][ T3598] ? syscall_enter_from_user_mode+0x21/0x70 [ 50.553825][ T3598] do_syscall_64+0x35/0xb0 [ 50.558226][ T3598] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 50.564106][ T3598] RIP: 0033:0x7fda25220c77 [ 50.568521][ T3598] Code: 25 00 00 41 00 3d 00 00 41 00 74 47 64 8b 04 25 18 00 00 00 85 c0 75 6b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 95 00 00 00 48 8b 4c 24 28 64 48 2b 0c 25 [ 50.588216][ T3598] RSP: 002b:00007fff091a1930 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 50.596624][ T3598] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fda25220c77 [ 50.604579][ T3598] RDX: 0000000000000002 RSI: 00007fff091a19b0 RDI: 00000000ffffff9c [ 50.612534][ T3598] RBP: 00007fff091a19b0 R08: 0000000000000000 R09: 000000000000000f [ 50.620484][ T3598] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000