DUID 00:04:bb:a2:40:ae:48:ac:17:b5:4c:fd:37:63:df:39:12:a9
forked to background, child pid 3181
[   32.041176][ T3182] 8021q: adding VLAN 0 to HW filter on device bond0
[   32.072463][ T3182] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.160' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   49.480388][ T3271] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   49.840806][ T3271] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[   49.851871][ T3271] usb 1-1: New USB device found, idVendor=15c2, idProduct=0039, bcdDevice=d2.65
[   49.860941][ T3271] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   49.873402][ T3271] usb 1-1: config 0 descriptor??
[   49.914658][ T3271] input: iMON Panel, Knob and Mouse(15c2:0039) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5
[   50.240678][ T3271] rc_core: IR keymap rc-imon-pad not found
[   50.246594][ T3271] Registered IR keymap rc-empty
[   50.251882][ T3271] imon 1-1:0.0: Looks like you're trying to use an IR protocol this device does not support
[   50.262308][ T3271] imon 1-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[   50.361868][ T3271] rc rc0: iMON Remote (15c2:0039) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[   50.372947][ T3271] input: iMON Remote (15c2:0039) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input6
[   50.392180][ T3271] imon 1-1:0.0: iMON device (15c2:0039, intf0) on usb<1:2> initialized
[   50.541003][ T3601] 
[   50.543338][ T3601] ======================================================
[   50.550332][ T3601] WARNING: possible circular locking dependency detected
[   50.557325][ T3601] 5.16.0-rc7-syzkaller #0 Not tainted
[   50.562668][ T3601] ------------------------------------------------------
[   50.569660][ T3601] syz-executor968/3601 is trying to acquire lock:
[   50.576079][ T3601] ffffffff8ccfeb68 (driver_lock){+.+.}-{3:3}, at: display_open+0x1f/0x220
[   50.584599][ T3601] 
[   50.584599][ T3601] but task is already holding lock:
[   50.591938][ T3601] ffffffff8ca443b0 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x24/0x2e0
[   50.600268][ T3601] 
[   50.600268][ T3601] which lock already depends on the new lock.
[   50.600268][ T3601] 
[   50.610645][ T3601] 
[   50.610645][ T3601] the existing dependency chain (in reverse order) is:
[   50.619632][ T3601] 
[   50.619632][ T3601] -> #2 (minor_rwsem#2){++++}-{3:3}:
[   50.627077][ T3601]        down_write+0x90/0x150
[   50.631822][ T3601]        usb_register_dev+0x19d/0x7e0
[   50.637174][ T3601]        imon_probe+0x2506/0x2b90
[   50.642181][ T3601]        usb_probe_interface+0x315/0x7f0
[   50.647796][ T3601]        really_probe+0x245/0xcc0
[   50.652800][ T3601]        __driver_probe_device+0x338/0x4d0
[   50.658593][ T3601]        driver_probe_device+0x4c/0x1a0
[   50.664119][ T3601]        __device_attach_driver+0x20b/0x2f0
[   50.669992][ T3601]        bus_for_each_drv+0x15f/0x1e0
[   50.675344][ T3601]        __device_attach+0x228/0x4a0
[   50.680608][ T3601]        bus_probe_device+0x1e4/0x290
[   50.685958][ T3601]        device_add+0xc17/0x1ee0
[   50.690872][ T3601]        usb_set_configuration+0x101e/0x1900
[   50.696831][ T3601]        usb_generic_driver_probe+0xba/0x100
[   50.702791][ T3601]        usb_probe_device+0xd9/0x2c0
[   50.708057][ T3601]        really_probe+0x245/0xcc0
[   50.713061][ T3601]        __driver_probe_device+0x338/0x4d0
[   50.718845][ T3601]        driver_probe_device+0x4c/0x1a0
[   50.724367][ T3601]        __device_attach_driver+0x20b/0x2f0
[   50.730239][ T3601]        bus_for_each_drv+0x15f/0x1e0
[   50.735632][ T3601]        __device_attach+0x228/0x4a0
[   50.740896][ T3601]        bus_probe_device+0x1e4/0x290
[   50.746244][ T3601]        device_add+0xc17/0x1ee0
[   50.751159][ T3601]        usb_new_device.cold+0x63f/0x108e
[   50.756862][ T3601]        hub_event+0x23e5/0x4460
[   50.761780][ T3601]        process_one_work+0x9b2/0x1660
[   50.767269][ T3601]        worker_thread+0x65d/0x1130
[   50.772443][ T3601]        kthread+0x405/0x4f0
[   50.777099][ T3601]        ret_from_fork+0x1f/0x30
[   50.782015][ T3601] 
[   50.782015][ T3601] -> #1 (&ictx->lock){+.+.}-{3:3}:
[   50.789285][ T3601]        __mutex_lock+0x12f/0x12f0
[   50.794377][ T3601]        imon_probe+0xff9/0x2b90
[   50.799295][ T3601]        usb_probe_interface+0x315/0x7f0
[   50.804908][ T3601]        really_probe+0x245/0xcc0
[   50.809922][ T3601]        __driver_probe_device+0x338/0x4d0
[   50.815708][ T3601]        driver_probe_device+0x4c/0x1a0
[   50.821235][ T3601]        __device_attach_driver+0x20b/0x2f0
[   50.827107][ T3601]        bus_for_each_drv+0x15f/0x1e0
[   50.832460][ T3601]        __device_attach+0x228/0x4a0
[   50.837725][ T3601]        bus_probe_device+0x1e4/0x290
[   50.843079][ T3601]        device_add+0xc17/0x1ee0
[   50.847995][ T3601]        usb_set_configuration+0x101e/0x1900
[   50.853967][ T3601]        usb_generic_driver_probe+0xba/0x100
[   50.859924][ T3601]        usb_probe_device+0xd9/0x2c0
[   50.865188][ T3601]        really_probe+0x245/0xcc0
[   50.870195][ T3601]        __driver_probe_device+0x338/0x4d0
[   50.875983][ T3601]        driver_probe_device+0x4c/0x1a0
[   50.881509][ T3601]        __device_attach_driver+0x20b/0x2f0
[   50.887382][ T3601]        bus_for_each_drv+0x15f/0x1e0
[   50.892730][ T3601]        __device_attach+0x228/0x4a0
[   50.898001][ T3601]        bus_probe_device+0x1e4/0x290
[   50.903370][ T3601]        device_add+0xc17/0x1ee0
[   50.908307][ T3601]        usb_new_device.cold+0x63f/0x108e
[   50.914015][ T3601]        hub_event+0x23e5/0x4460
[   50.918934][ T3601]        process_one_work+0x9b2/0x1660
[   50.924374][ T3601]        worker_thread+0x65d/0x1130
[   50.929551][ T3601]        kthread+0x405/0x4f0
[   50.934119][ T3601]        ret_from_fork+0x1f/0x30
[   50.939054][ T3601] 
[   50.939054][ T3601] -> #0 (driver_lock){+.+.}-{3:3}:
[   50.946324][ T3601]        __lock_acquire+0x2a2c/0x5470
[   50.951675][ T3601]        lock_acquire+0x1ab/0x510
[   50.956680][ T3601]        __mutex_lock+0x12f/0x12f0
[   50.961795][ T3601]        display_open+0x1f/0x220
[   50.966713][ T3601]        usb_open+0x204/0x2e0
[   50.971370][ T3601]        chrdev_open+0x266/0x770
[   50.976293][ T3601]        do_dentry_open+0x4b9/0x1240
[   50.981559][ T3601]        path_openat+0x1cad/0x2750
[   50.986650][ T3601]        do_filp_open+0x1aa/0x400
[   50.991656][ T3601]        do_sys_openat2+0x16d/0x4d0
[   50.996832][ T3601]        __x64_sys_openat+0x13f/0x1f0
[   51.002184][ T3601]        do_syscall_64+0x35/0xb0
[   51.007100][ T3601]        entry_SYSCALL_64_after_hwframe+0x44/0xae
[   51.013494][ T3601] 
[   51.013494][ T3601] other info that might help us debug this:
[   51.013494][ T3601] 
[   51.023695][ T3601] Chain exists of:
[   51.023695][ T3601]   driver_lock --> &ictx->lock --> minor_rwsem#2
[   51.023695][ T3601] 
[   51.035833][ T3601]  Possible unsafe locking scenario:
[   51.035833][ T3601] 
[   51.043265][ T3601]        CPU0                    CPU1
[   51.048607][ T3601]        ----                    ----
[   51.053952][ T3601]   lock(minor_rwsem#2);
[   51.058174][ T3601]                                lock(&ictx->lock);
[   51.064748][ T3601]                                lock(minor_rwsem#2);
[   51.071592][ T3601]   lock(driver_lock);
[   51.075652][ T3601] 
[   51.075652][ T3601]  *** DEADLOCK ***
[   51.075652][ T3601] 
[   51.083783][ T3601] 1 lock held by syz-executor968/3601:
[   51.089225][ T3601]  #0: ffffffff8ca443b0 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x24/0x2e0
[   51.097997][ T3601] 
[   51.097997][ T3601] stack backtrace:
[   51.103868][ T3601] CPU: 1 PID: 3601 Comm: syz-executor968 Not tainted 5.16.0-rc7-syzkaller #0
[   51.112609][ T3601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.122650][ T3601] Call Trace:
[   51.125920][ T3601]  <TASK>
[   51.129531][ T3601]  dump_stack_lvl+0xcd/0x134
[   51.134117][ T3601]  check_noncircular+0x25f/0x2e0
[   51.139040][ T3601]  ? print_circular_bug+0x1e0/0x1e0
[   51.144225][ T3601]  ? lockdep_lock+0xc6/0x200
[   51.148801][ T3601]  ? call_rcu_zapped+0xb0/0xb0
[   51.153547][ T3601]  __lock_acquire+0x2a2c/0x5470
[   51.158383][ T3601]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   51.164346][ T3601]  lock_acquire+0x1ab/0x510
[   51.168921][ T3601]  ? display_open+0x1f/0x220
[   51.173493][ T3601]  ? lock_release+0x720/0x720
[   51.178233][ T3601]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   51.184201][ T3601]  __mutex_lock+0x12f/0x12f0
[   51.188772][ T3601]  ? display_open+0x1f/0x220
[   51.193341][ T3601]  ? lock_release+0x720/0x720
[   51.198014][ T3601]  ? display_open+0x1f/0x220
[   51.202582][ T3601]  ? mutex_lock_io_nested+0x1150/0x1150
[   51.208112][ T3601]  ? down_read+0x198/0x440
[   51.212506][ T3601]  ? chrdev_open+0x58c/0x770
[   51.217084][ T3601]  ? rwsem_down_read_slowpath+0xa70/0xa70
[   51.222789][ T3601]  ? do_raw_spin_lock+0x120/0x2b0
[   51.227794][ T3601]  display_open+0x1f/0x220
[   51.232192][ T3601]  ? display_close+0x160/0x160
[   51.236935][ T3601]  usb_open+0x204/0x2e0
[   51.241074][ T3601]  ? usb_devnode+0xa0/0xa0
[   51.245474][ T3601]  chrdev_open+0x266/0x770
[   51.249872][ T3601]  ? cdev_device_add+0x210/0x210
[   51.254791][ T3601]  ? fsnotify_perm.part.0+0x22d/0x620
[   51.260147][ T3601]  do_dentry_open+0x4b9/0x1240
[   51.264895][ T3601]  ? cdev_device_add+0x210/0x210
[   51.269816][ T3601]  ? may_open+0x1f6/0x420
[   51.274127][ T3601]  path_openat+0x1cad/0x2750
[   51.278702][ T3601]  ? path_lookupat+0x860/0x860
[   51.283444][ T3601]  ? mark_lock+0xef/0x17b0
[   51.287843][ T3601]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   51.293818][ T3601]  do_filp_open+0x1aa/0x400
[   51.298314][ T3601]  ? may_open_dev+0xf0/0xf0
[   51.302809][ T3601]  ? rwlock_bug.part.0+0x90/0x90
[   51.307740][ T3601]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   51.313973][ T3601]  ? _find_next_bit+0x1e3/0x260
[   51.318823][ T3601]  ? _raw_spin_unlock+0x24/0x40
[   51.323670][ T3601]  ? alloc_fd+0x2f0/0x670
[   51.327985][ T3601]  do_sys_openat2+0x16d/0x4d0
[   51.332652][ T3601]  ? build_open_flags+0x6f0/0x6f0
[   51.337666][ T3601]  ? __context_tracking_exit+0xb8/0xe0
[   51.343115][ T3601]  ? lock_downgrade+0x6e0/0x6e0
[   51.347952][ T3601]  __x64_sys_openat+0x13f/0x1f0
[   51.352792][ T3601]  ? __ia32_sys_open+0x1c0/0x1c0
[   51.357715][ T3601]  ? syscall_enter_from_user_mode+0x21/0x70
[   51.363616][ T3601]  do_syscall_64+0x35/0xb0
[   51.368024][ T3601]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   51.373902][ T3601] RIP: 0033:0x7f236438dc77
[   51.378300][ T3601] Code: 25 00 00 41 00 3d 00 00 41 00 74 47 64 8b 04 25 18 00 00 00 85 c0 75 6b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 95 00 00 00 48 8b 4c 24 28 64 48 2b 0c 25
[   51.397882][ T3601] RSP: 002b:00007ffd7c5004b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   51.406272][ T3601] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f236438dc77
[   51.414223][ T3601] RDX: 0000000000000002 RSI: 00007ffd7c500530 RDI: 00000000ffffff9c
[   51.422174][ T3601] RBP: 00007ffd7c500530 R08: 0000000000000000 R09: 000000000000000f
[   51.430123][ T3601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   51.438082][ T3601] R13: 0000000000000000 R14: 0000000000000000 R15: 000000000