DUID 00:04:9b:41:e3:df:54:6f:ca:1f:62:a0:1b:7c:64:71:74:ce
forked to background, child pid 3173
[ 26.108572][ T3174] 8021q: adding VLAN 0 to HW filter on device bond0
[ 26.122218][ T3174] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.15.219' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 62.552750][ T917] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 62.913278][ T917] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 44, changing to 9
[ 62.924459][ T917] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 8262, setting to 1024
[ 62.936238][ T917] usb 1-1: New USB device found, idVendor=15c2, idProduct=0037, bcdDevice=d2.65
[ 62.945393][ T917] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 62.957966][ T917] usb 1-1: config 0 descriptor??
[ 63.006948][ T917] input: iMON Panel, Knob and Mouse(15c2:0037) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5
[ 63.313202][ T917] rc_core: IR keymap rc-imon-pad not found
[ 63.319041][ T917] Registered IR keymap rc-empty
[ 63.324120][ T917] imon 1-1:0.0: Looks like you're trying to use an IR protocol this device does not support
[ 63.334255][ T917] imon 1-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[ 63.464055][ T917] rc rc0: iMON Remote (15c2:0037) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[ 63.475204][ T917] input: iMON Remote (15c2:0037) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input6
[ 63.494301][ T917] imon 1-1:0.0: iMON device (15c2:0037, intf0) on usb<1:2> initialized
[ 63.643369][ T3588]
[ 63.645705][ T3588] ======================================================
[ 63.652702][ T3588] WARNING: possible circular locking dependency detected
[ 63.659693][ T3588] 5.17.0-rc3-syzkaller-00188-g1d41d2e82623 #0 Not tainted
[ 63.666775][ T3588] ------------------------------------------------------
[ 63.673769][ T3588] syz-executor347/3588 is trying to acquire lock:
[ 63.680157][ T3588] ffffffff8d73cfe8 (driver_lock){+.+.}-{3:3}, at: display_open+0x2e/0x280
[ 63.688665][ T3588]
[ 63.688665][ T3588] but task is already holding lock:
[ 63.696005][ T3588] ffffffff8d53a110 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x2c/0x2f0
[ 63.704352][ T3588]
[ 63.704352][ T3588] which lock already depends on the new lock.
[ 63.704352][ T3588]
[ 63.714734][ T3588]
[ 63.714734][ T3588] the existing dependency chain (in reverse order) is:
[ 63.723727][ T3588]
[ 63.723727][ T3588] -> #2 (minor_rwsem#2){++++}-{3:3}:
[ 63.731183][ T3588] lock_acquire+0x19f/0x4d0
[ 63.736192][ T3588] down_write+0x95/0x170
[ 63.740945][ T3588] usb_register_dev+0x2a5/0x7e0
[ 63.746296][ T3588] imon_init_display+0x8b/0x160
[ 63.751659][ T3588] imon_probe+0x2628/0x3240
[ 63.756662][ T3588] usb_probe_interface+0x633/0xb40
[ 63.762278][ T3588] call_driver_probe+0x96/0x250
[ 63.767633][ T3588] really_probe+0x222/0x9f0
[ 63.772640][ T3588] __driver_probe_device+0x1f8/0x3e0
[ 63.778687][ T3588] driver_probe_device+0x50/0x240
[ 63.784214][ T3588] __device_attach_driver+0x1e1/0x3b0
[ 63.790087][ T3588] bus_for_each_drv+0x18a/0x210
[ 63.795440][ T3588] __device_attach+0x310/0x560
[ 63.800709][ T3588] bus_probe_device+0xb8/0x1f0
[ 63.805975][ T3588] device_add+0x11c8/0x16d0
[ 63.811016][ T3588] usb_set_configuration+0x1a86/0x2100
[ 63.816977][ T3588] usb_generic_driver_probe+0x83/0x140
[ 63.822939][ T3588] usb_probe_device+0x13a/0x260
[ 63.828320][ T3588] call_driver_probe+0x96/0x250
[ 63.833683][ T3588] really_probe+0x222/0x9f0
[ 63.838687][ T3588] __driver_probe_device+0x1f8/0x3e0
[ 63.844475][ T3588] driver_probe_device+0x50/0x240
[ 63.850002][ T3588] __device_attach_driver+0x1e1/0x3b0
[ 63.855962][ T3588] bus_for_each_drv+0x18a/0x210
[ 63.861313][ T3588] __device_attach+0x310/0x560
[ 63.866583][ T3588] bus_probe_device+0xb8/0x1f0
[ 63.871849][ T3588] device_add+0x11c8/0x16d0
[ 63.876858][ T3588] usb_new_device+0x108a/0x1940
[ 63.882210][ T3588] hub_port_connect+0x100b/0x2910
[ 63.887734][ T3588] hub_port_connect_change+0x5f9/0xc20
[ 63.893692][ T3588] port_event+0xca0/0x13e0
[ 63.898610][ T3588] hub_event+0x4ed/0xe40
[ 63.903353][ T3588] process_one_work+0x850/0x1130
[ 63.908795][ T3588] worker_thread+0xab1/0x1300
[ 63.913979][ T3588] kthread+0x2a3/0x2d0
[ 63.918550][ T3588] ret_from_fork+0x1f/0x30
[ 63.923472][ T3588]
[ 63.923472][ T3588] -> #1 (&ictx->lock){+.+.}-{3:3}:
[ 63.930753][ T3588] lock_acquire+0x19f/0x4d0
[ 63.935760][ T3588] __mutex_lock_common+0x1d3/0x2490
[ 63.941462][ T3588] mutex_lock_nested+0x1a/0x20
[ 63.946729][ T3588] imon_probe+0x370/0x3240
[ 63.951649][ T3588] usb_probe_interface+0x633/0xb40
[ 63.957267][ T3588] call_driver_probe+0x96/0x250
[ 63.962638][ T3588] really_probe+0x222/0x9f0
[ 63.967643][ T3588] __driver_probe_device+0x1f8/0x3e0
[ 63.973430][ T3588] driver_probe_device+0x50/0x240
[ 63.978957][ T3588] __device_attach_driver+0x1e1/0x3b0
[ 63.984825][ T3588] bus_for_each_drv+0x18a/0x210
[ 63.990177][ T3588] __device_attach+0x310/0x560
[ 63.995444][ T3588] bus_probe_device+0xb8/0x1f0
[ 64.000708][ T3588] device_add+0x11c8/0x16d0
[ 64.005716][ T3588] usb_set_configuration+0x1a86/0x2100
[ 64.011686][ T3588] usb_generic_driver_probe+0x83/0x140
[ 64.017996][ T3588] usb_probe_device+0x13a/0x260
[ 64.023436][ T3588] call_driver_probe+0x96/0x250
[ 64.028793][ T3588] really_probe+0x222/0x9f0
[ 64.033798][ T3588] __driver_probe_device+0x1f8/0x3e0
[ 64.039585][ T3588] driver_probe_device+0x50/0x240
[ 64.045111][ T3588] __device_attach_driver+0x1e1/0x3b0
[ 64.050987][ T3588] bus_for_each_drv+0x18a/0x210
[ 64.056339][ T3588] __device_attach+0x310/0x560
[ 64.061606][ T3588] bus_probe_device+0xb8/0x1f0
[ 64.066873][ T3588] device_add+0x11c8/0x16d0
[ 64.071880][ T3588] usb_new_device+0x108a/0x1940
[ 64.077231][ T3588] hub_port_connect+0x100b/0x2910
[ 64.082769][ T3588] hub_port_connect_change+0x5f9/0xc20
[ 64.088742][ T3588] port_event+0xca0/0x13e0
[ 64.093659][ T3588] hub_event+0x4ed/0xe40
[ 64.098409][ T3588] process_one_work+0x850/0x1130
[ 64.103852][ T3588] worker_thread+0xab1/0x1300
[ 64.109031][ T3588] kthread+0x2a3/0x2d0
[ 64.113603][ T3588] ret_from_fork+0x1f/0x30
[ 64.118555][ T3588]
[ 64.118555][ T3588] -> #0 (driver_lock){+.+.}-{3:3}:
[ 64.125834][ T3588] validate_chain+0x1dfb/0x8240
[ 64.131190][ T3588] __lock_acquire+0x1382/0x2b00
[ 64.136545][ T3588] lock_acquire+0x19f/0x4d0
[ 64.141557][ T3588] __mutex_lock_common+0x1d3/0x2490
[ 64.147260][ T3588] mutex_lock_nested+0x1a/0x20
[ 64.152525][ T3588] display_open+0x2e/0x280
[ 64.157448][ T3588] usb_open+0x217/0x2f0
[ 64.162107][ T3588] chrdev_open+0x5fb/0x680
[ 64.167029][ T3588] do_dentry_open+0x78b/0x1020
[ 64.172297][ T3588] path_openat+0x273b/0x36a0
[ 64.177397][ T3588] do_filp_open+0x277/0x4f0
[ 64.182406][ T3588] do_sys_openat2+0x13b/0x500
[ 64.188025][ T3588] __x64_sys_openat+0x243/0x290
[ 64.193383][ T3588] do_syscall_64+0x44/0xd0
[ 64.198313][ T3588] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 64.204714][ T3588]
[ 64.204714][ T3588] other info that might help us debug this:
[ 64.204714][ T3588]
[ 64.214921][ T3588] Chain exists of:
[ 64.214921][ T3588] driver_lock --> &ictx->lock --> minor_rwsem#2
[ 64.214921][ T3588]
[ 64.227071][ T3588] Possible unsafe locking scenario:
[ 64.227071][ T3588]
[ 64.234502][ T3588] CPU0 CPU1
[ 64.239850][ T3588] ---- ----
[ 64.245197][ T3588] lock(minor_rwsem#2);
[ 64.249430][ T3588] lock(&ictx->lock);
[ 64.256010][ T3588] lock(minor_rwsem#2);
[ 64.262845][ T3588] lock(driver_lock);
[ 64.266898][ T3588]
[ 64.266898][ T3588] *** DEADLOCK ***
[ 64.266898][ T3588]
[ 64.275023][ T3588] 1 lock held by syz-executor347/3588:
[ 64.280475][ T3588] #0: ffffffff8d53a110 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x2c/0x2f0
[ 64.289248][ T3588]
[ 64.289248][ T3588] stack backtrace:
[ 64.295118][ T3588] CPU: 1 PID: 3588 Comm: syz-executor347 Not tainted 5.17.0-rc3-syzkaller-00188-g1d41d2e82623 #0
[ 64.305595][ T3588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 64.315632][ T3588] Call Trace:
[ 64.318897][ T3588] <TASK>
[ 64.321816][ T3588] dump_stack_lvl+0x1dc/0x2d8
[ 64.326486][ T3588] ? show_regs_print_info+0x12/0x12
[ 64.331671][ T3588] ? save_trace+0x5a/0x9f0
[ 64.336078][ T3588] ? print_circular_bug+0x48e/0x5d0
[ 64.341363][ T3588] check_noncircular+0x2f9/0x3b0
[ 64.346290][ T3588] ? add_chain_block+0x850/0x850
[ 64.351214][ T3588] ? lockdep_lock+0x11d/0x2e0
[ 64.355905][ T3588] ? __lock_acquire+0x2b00/0x2b00
[ 64.360918][ T3588] ? __rcu_read_lock+0xb0/0xb0
[ 64.365668][ T3588] validate_chain+0x1dfb/0x8240
[ 64.370509][ T3588] ? kernel_text_address+0x9e/0xd0
[ 64.375610][ T3588] ? reacquire_held_locks+0x620/0x620
[ 64.380968][ T3588] ? mark_lock+0x191/0x1e00
[ 64.385461][ T3588] ? __print_lock_name+0x1d0/0x1d0
[ 64.390557][ T3588] ? validate_chain+0x1a10/0x8240
[ 64.395570][ T3588] ? save_trace+0x5e2/0x9f0
[ 64.400062][ T3588] ? reacquire_held_locks+0x620/0x620
[ 64.405423][ T3588] ? mark_lock+0x5c9/0x1e00
[ 64.409921][ T3588] ? __stack_depot_save+0x33/0x4a0
[ 64.415019][ T3588] __lock_acquire+0x1382/0x2b00
[ 64.419877][ T3588] ? trace_lock_acquire+0x190/0x190
[ 64.425065][ T3588] lock_acquire+0x19f/0x4d0
[ 64.429552][ T3588] ? display_open+0x2e/0x280
[ 64.434131][ T3588] ? read_lock_is_recursive+0x10/0x10
[ 64.439495][ T3588] ? __might_sleep+0xe0/0xe0
[ 64.444075][ T3588] __mutex_lock_common+0x1d3/0x2490
[ 64.449260][ T3588] ? display_open+0x2e/0x280
[ 64.453842][ T3588] ? display_open+0x2e/0x280
[ 64.458420][ T3588] ? mutex_lock_io_nested+0x60/0x60
[ 64.463605][ T3588] ? __down_read_common+0x1b0/0x450
[ 64.468788][ T3588] ? __lock_acquire+0x2b00/0x2b00
[ 64.473803][ T3588] ? do_raw_spin_lock+0x151/0x8e0
[ 64.478832][ T3588] ? up_read_non_owner+0x1c0/0x1c0
[ 64.483935][ T3588] mutex_lock_nested+0x1a/0x20
[ 64.488690][ T3588] display_open+0x2e/0x280
[ 64.493098][ T3588] ? usb_open+0x20f/0x2f0
[ 64.497422][ T3588] ? lcd_write+0x2d0/0x2d0
[ 64.501830][ T3588] usb_open+0x217/0x2f0
[ 64.506010][ T3588] chrdev_open+0x5fb/0x680
[ 64.510419][ T3588] ? __fsnotify_update_child_dentry_flags+0x2d0/0x2d0
[ 64.517170][ T3588] ? cd_forget+0x160/0x160
[ 64.521842][ T3588] ? tomoyo_file_open+0xe6/0x170
[ 64.526780][ T3588] ? security_file_open+0x458/0x570
[ 64.531980][ T3588] ? cd_forget+0x160/0x160
[ 64.536483][ T3588] do_dentry_open+0x78b/0x1020
[ 64.541248][ T3588] path_openat+0x273b/0x36a0
[ 64.545845][ T3588] ? do_filp_open+0x4f0/0x4f0
[ 64.550534][ T3588] ? rcu_read_lock_sched_held+0x89/0x130
[ 64.556167][ T3588] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 64.562144][ T3588] do_filp_open+0x277/0x4f0
[ 64.566642][ T3588] ? vfs_tmpfile+0x230/0x230
[ 64.571219][ T3588] ? alloc_fd+0x5e1/0x680
[ 64.575539][ T3588] ? _raw_spin_unlock+0x24/0x40
[ 64.580375][ T3588] ? alloc_fd+0x5e1/0x680
[ 64.584692][ T3588] do_sys_openat2+0x13b/0x500
[ 64.589363][ T3588] ? do_sys_open+0x220/0x220
[ 64.593943][ T3588] __x64_sys_openat+0x243/0x290
[ 64.598781][ T3588] ? __ia32_sys_open+0x270/0x270
[ 64.603707][ T3588] ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 64.609672][ T3588] ? lockdep_hardirqs_on+0x95/0x140
[ 64.614853][ T3588] ? syscall_enter_from_user_mode+0x2e/0x1b0
[ 64.620816][ T3588] do_syscall_64+0x44/0xd0
[ 64.625219][ T3588] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 64.631098][ T3588] RIP: 0033:0x7f7162756ce7
[ 64.635496][ T3588] Code: 25 00 00 41 00 3d 00 00 41 00 74 47 64 8b 04 25 18 00 00 00 85 c0 75 6b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 95 00 00 00 48 8b 4c 24 28 64 48 2b 0c 25
[ 64.655084][ T3588] RSP: 002b:00007fff99072320 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 64.663590][ T3588] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7162756ce7
[ 64.671554][ T3588] RDX: 0000000000000002 RSI: 00007fff990723a0 RDI: 00000000ffffff9c
[ 64.679511][ T3588] RBP: 00007fff990723a0 R08: 0000000000000000 R09: 000000000000000f
[ 64.687470][ T3588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 64.695432][ T3588] R13: 000