forked to background, child pid 3171 no interfaces have a carrier [ 23.096132][ T3172] 8021q: adding VLAN 0 to HW filter on device bond0 [ 23.109294][ T3172] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 40.754627][ T3257] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 41.114805][ T3257] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 41.126620][ T3257] usb 1-1: New USB device found, idVendor=15c2, idProduct=0039, bcdDevice=d2.65 [ 41.135866][ T3257] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 41.148006][ T3257] usb 1-1: config 0 descriptor?? [ 41.188563][ T3257] input: iMON Panel, Knob and Mouse(15c2:0039) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5 [ 41.484699][ T3257] rc_core: IR keymap rc-imon-pad not found [ 41.490724][ T3257] Registered IR keymap rc-empty [ 41.496366][ T3257] imon 1-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 41.506577][ T3257] imon 1-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 41.635542][ T3257] rc rc0: iMON Remote (15c2:0039) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 41.647466][ T3257] input: iMON Remote (15c2:0039) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input6 [ 41.662164][ T3257] imon 1-1:0.0: iMON device (15c2:0039, intf0) on usb<1:2> initialized [ 41.815421][ T3594] [ 41.817756][ T3594] ====================================================== [ 41.825043][ T3594] WARNING: possible circular locking dependency detected [ 41.833960][ T3594] 5.18.0-rc2-syzkaller-00351-ga2c29ccd9477 #0 Not tainted [ 41.841221][ T3594] ------------------------------------------------------ [ 41.848215][ T3594] syz-executor161/3594 is trying to acquire lock: [ 41.854603][ T3594] ffffffff8cf2c928 (driver_lock){+.+.}-{3:3}, at: display_open+0x1f/0x220 [ 41.863142][ T3594] [ 41.863142][ T3594] but task is already holding lock: [ 41.870661][ T3594] ffffffff8cc6cc90 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x24/0x2e0 [ 41.879449][ T3594] [ 41.879449][ T3594] which lock already depends on the new lock. [ 41.879449][ T3594] [ 41.890625][ T3594] [ 41.890625][ T3594] the existing dependency chain (in reverse order) is: [ 41.899644][ T3594] [ 41.899644][ T3594] -> #2 (minor_rwsem#2){++++}-{3:3}: [ 41.907105][ T3594] down_write+0x90/0x150 [ 41.911862][ T3594] usb_register_dev+0x19d/0x7e0 [ 41.917221][ T3594] imon_probe+0x2506/0x2b90 [ 41.922231][ T3594] usb_probe_interface+0x315/0x7f0 [ 41.928308][ T3594] really_probe+0x23e/0xb20 [ 41.933529][ T3594] __driver_probe_device+0x338/0x4d0 [ 41.939317][ T3594] driver_probe_device+0x4c/0x1a0 [ 41.944850][ T3594] __device_attach_driver+0x20b/0x2f0 [ 41.950727][ T3594] bus_for_each_drv+0x15f/0x1e0 [ 41.956080][ T3594] __device_attach+0x228/0x4a0 [ 41.961435][ T3594] bus_probe_device+0x1e4/0x290 [ 41.967328][ T3594] device_add+0xb83/0x1e20 [ 41.972286][ T3594] usb_set_configuration+0x101e/0x1900 [ 41.978268][ T3594] usb_generic_driver_probe+0xba/0x100 [ 41.984432][ T3594] usb_probe_device+0xd9/0x2c0 [ 41.989810][ T3594] really_probe+0x23e/0xb20 [ 41.994924][ T3594] __driver_probe_device+0x338/0x4d0 [ 42.000864][ T3594] driver_probe_device+0x4c/0x1a0 [ 42.006426][ T3594] __device_attach_driver+0x20b/0x2f0 [ 42.012424][ T3594] bus_for_each_drv+0x15f/0x1e0 [ 42.017797][ T3594] __device_attach+0x228/0x4a0 [ 42.023079][ T3594] bus_probe_device+0x1e4/0x290 [ 42.028441][ T3594] device_add+0xb83/0x1e20 [ 42.033375][ T3594] usb_new_device.cold+0x641/0x1091 [ 42.039087][ T3594] hub_event+0x25c6/0x4680 [ 42.044018][ T3594] process_one_work+0x996/0x1610 [ 42.049465][ T3594] worker_thread+0x665/0x1080 [ 42.054654][ T3594] kthread+0x2e9/0x3a0 [ 42.059234][ T3594] ret_from_fork+0x1f/0x30 [ 42.064158][ T3594] [ 42.064158][ T3594] -> #1 (&ictx->lock){+.+.}-{3:3}: [ 42.071545][ T3594] __mutex_lock+0x12f/0x12f0 [ 42.076662][ T3594] imon_probe+0xff9/0x2b90 [ 42.081873][ T3594] usb_probe_interface+0x315/0x7f0 [ 42.087523][ T3594] really_probe+0x23e/0xb20 [ 42.092546][ T3594] __driver_probe_device+0x338/0x4d0 [ 42.098691][ T3594] driver_probe_device+0x4c/0x1a0 [ 42.104233][ T3594] __device_attach_driver+0x20b/0x2f0 [ 42.110117][ T3594] bus_for_each_drv+0x15f/0x1e0 [ 42.115486][ T3594] __device_attach+0x228/0x4a0 [ 42.120764][ T3594] bus_probe_device+0x1e4/0x290 [ 42.126123][ T3594] device_add+0xb83/0x1e20 [ 42.131046][ T3594] usb_set_configuration+0x101e/0x1900 [ 42.137014][ T3594] usb_generic_driver_probe+0xba/0x100 [ 42.142980][ T3594] usb_probe_device+0xd9/0x2c0 [ 42.148248][ T3594] really_probe+0x23e/0xb20 [ 42.153267][ T3594] __driver_probe_device+0x338/0x4d0 [ 42.159065][ T3594] driver_probe_device+0x4c/0x1a0 [ 42.164605][ T3594] __device_attach_driver+0x20b/0x2f0 [ 42.170485][ T3594] bus_for_each_drv+0x15f/0x1e0 [ 42.175846][ T3594] __device_attach+0x228/0x4a0 [ 42.181122][ T3594] bus_probe_device+0x1e4/0x290 [ 42.186479][ T3594] device_add+0xb83/0x1e20 [ 42.191405][ T3594] usb_new_device.cold+0x641/0x1091 [ 42.197290][ T3594] hub_event+0x25c6/0x4680 [ 42.202229][ T3594] process_one_work+0x996/0x1610 [ 42.207766][ T3594] worker_thread+0x665/0x1080 [ 42.212956][ T3594] kthread+0x2e9/0x3a0 [ 42.217531][ T3594] ret_from_fork+0x1f/0x30 [ 42.222462][ T3594] [ 42.222462][ T3594] -> #0 (driver_lock){+.+.}-{3:3}: [ 42.229749][ T3594] __lock_acquire+0x2ac6/0x56c0 [ 42.235114][ T3594] lock_acquire+0x1ab/0x510 [ 42.240126][ T3594] __mutex_lock+0x12f/0x12f0 [ 42.245223][ T3594] display_open+0x1f/0x220 [ 42.250147][ T3594] usb_open+0x204/0x2e0 [ 42.254812][ T3594] chrdev_open+0x266/0x770 [ 42.259736][ T3594] do_dentry_open+0x4a1/0x11e0 [ 42.265006][ T3594] path_openat+0x1c71/0x2910 [ 42.270099][ T3594] do_filp_open+0x1aa/0x400 [ 42.275102][ T3594] do_sys_openat2+0x16d/0x4c0 [ 42.280286][ T3594] __x64_sys_openat+0x13f/0x1f0 [ 42.285646][ T3594] do_syscall_64+0x35/0xb0 [ 42.290676][ T3594] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 42.297078][ T3594] [ 42.297078][ T3594] other info that might help us debug this: [ 42.297078][ T3594] [ 42.307283][ T3594] Chain exists of: [ 42.307283][ T3594] driver_lock --> &ictx->lock --> minor_rwsem#2 [ 42.307283][ T3594] [ 42.319438][ T3594] Possible unsafe locking scenario: [ 42.319438][ T3594] [ 42.326866][ T3594] CPU0 CPU1 [ 42.332212][ T3594] ---- ---- [ 42.337556][ T3594] lock(minor_rwsem#2); [ 42.341789][ T3594] lock(&ictx->lock); [ 42.348534][ T3594] lock(minor_rwsem#2); [ 42.355284][ T3594] lock(driver_lock); [ 42.359339][ T3594] [ 42.359339][ T3594] *** DEADLOCK *** [ 42.359339][ T3594] [ 42.368611][ T3594] 1 lock held by syz-executor161/3594: [ 42.374330][ T3594] #0: ffffffff8cc6cc90 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x24/0x2e0 [ 42.383137][ T3594] [ 42.383137][ T3594] stack backtrace: [ 42.389024][ T3594] CPU: 0 PID: 3594 Comm: syz-executor161 Not tainted 5.18.0-rc2-syzkaller-00351-ga2c29ccd9477 #0 [ 42.399509][ T3594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.409551][ T3594] Call Trace: [ 42.412901][ T3594] [ 42.415814][ T3594] dump_stack_lvl+0xcd/0x134 [ 42.420400][ T3594] check_noncircular+0x25f/0x2e0 [ 42.425332][ T3594] ? print_circular_bug+0x1e0/0x1e0 [ 42.430520][ T3594] ? lock_chain_count+0x20/0x20 [ 42.435357][ T3594] __lock_acquire+0x2ac6/0x56c0 [ 42.440200][ T3594] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 42.446170][ T3594] ? __lock_acquire+0x2589/0x56c0 [ 42.451184][ T3594] lock_acquire+0x1ab/0x510 [ 42.457775][ T3594] ? display_open+0x1f/0x220 [ 42.462371][ T3594] ? lock_release+0x720/0x720 [ 42.468001][ T3594] __mutex_lock+0x12f/0x12f0 [ 42.472586][ T3594] ? display_open+0x1f/0x220 [ 42.479535][ T3594] ? lock_release+0x720/0x720 [ 42.484211][ T3594] ? display_open+0x1f/0x220 [ 42.488899][ T3594] ? mutex_lock_io_nested+0x1150/0x1150 [ 42.494445][ T3594] ? down_read+0x198/0x440 [ 42.498852][ T3594] ? chrdev_open+0x58c/0x770 [ 42.503437][ T3594] ? rwsem_down_read_slowpath+0xa70/0xa70 [ 42.510456][ T3594] ? do_raw_spin_lock+0x120/0x2a0 [ 42.515487][ T3594] display_open+0x1f/0x220 [ 42.519897][ T3594] ? display_close+0x160/0x160 [ 42.524649][ T3594] usb_open+0x204/0x2e0 [ 42.528800][ T3594] ? usb_devnode+0xa0/0xa0 [ 42.533203][ T3594] chrdev_open+0x266/0x770 [ 42.537612][ T3594] ? cdev_device_add+0x220/0x220 [ 42.542721][ T3594] ? fsnotify_perm.part.0+0x221/0x610 [ 42.548090][ T3594] do_dentry_open+0x4a1/0x11e0 [ 42.552848][ T3594] ? cdev_device_add+0x220/0x220 [ 42.557777][ T3594] ? may_open+0x1f6/0x420 [ 42.562102][ T3594] path_openat+0x1c71/0x2910 [ 42.566690][ T3594] ? path_lookupat+0x860/0x860 [ 42.571448][ T3594] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 42.577428][ T3594] do_filp_open+0x1aa/0x400 [ 42.581928][ T3594] ? may_open_dev+0xf0/0xf0 [ 42.586430][ T3594] ? rwlock_bug.part.0+0x90/0x90 [ 42.591364][ T3594] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 42.597601][ T3594] ? _find_next_bit+0x1e3/0x260 [ 42.602454][ T3594] ? _raw_spin_unlock+0x24/0x40 [ 42.607302][ T3594] ? alloc_fd+0x2f0/0x670 [ 42.611986][ T3594] do_sys_openat2+0x16d/0x4c0 [ 42.616655][ T3594] ? find_held_lock+0x2d/0x110 [ 42.621588][ T3594] ? build_open_flags+0x6f0/0x6f0 [ 42.626614][ T3594] ? lock_downgrade+0x6e0/0x6e0 [ 42.631471][ T3594] __x64_sys_openat+0x13f/0x1f0 [ 42.636323][ T3594] ? __ia32_sys_open+0x1c0/0x1c0 [ 42.641444][ T3594] ? syscall_enter_from_user_mode+0x21/0x70 [ 42.647421][ T3594] do_syscall_64+0x35/0xb0 [ 42.651834][ T3594] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 42.657723][ T3594] RIP: 0033:0x7f40fd3a7c77 [ 42.662130][ T3594] Code: 25 00 00 41 00 3d 00 00 41 00 74 47 64 8b 04 25 18 00 00 00 85 c0 75 6b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 95 00 00 00 48 8b 4c 24 28 64 48 2b 0c 25 [ 42.682431][ T3594] RSP: 002b:00007ffc75a93180 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 42.690849][ T3594] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f40fd3a7c77 [ 42.698822][ T3594] RDX: 0000000000000002 RSI: 00007ffc75a93200 RDI: 00000000ffffff9c [ 42.707137][ T3594] RBP: 00007ffc75a93200 R08: 0000000000000000 R09: 000000000000000f [ 42.715099][ T3594] R10: 0000000000000000 R11: