DUID 00:04:9b:41:e3:df:54:6f:ca:1f:62:a0:1b:7c:64:71:74:ce forked to background, child pid 3173 [ 26.108572][ T3174] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.122218][ T3174] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.15.219' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 62.552750][ T917] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 62.913278][ T917] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 44, changing to 9 [ 62.924459][ T917] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 8262, setting to 1024 [ 62.936238][ T917] usb 1-1: New USB device found, idVendor=15c2, idProduct=0037, bcdDevice=d2.65 [ 62.945393][ T917] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 62.957966][ T917] usb 1-1: config 0 descriptor?? [ 63.006948][ T917] input: iMON Panel, Knob and Mouse(15c2:0037) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5 [ 63.313202][ T917] rc_core: IR keymap rc-imon-pad not found [ 63.319041][ T917] Registered IR keymap rc-empty [ 63.324120][ T917] imon 1-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 63.334255][ T917] imon 1-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 63.464055][ T917] rc rc0: iMON Remote (15c2:0037) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 63.475204][ T917] input: iMON Remote (15c2:0037) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input6 [ 63.494301][ T917] imon 1-1:0.0: iMON device (15c2:0037, intf0) on usb<1:2> initialized [ 63.643369][ T3588] [ 63.645705][ T3588] ====================================================== [ 63.652702][ T3588] WARNING: possible circular locking dependency detected [ 63.659693][ T3588] 5.17.0-rc3-syzkaller-00188-g1d41d2e82623 #0 Not tainted [ 63.666775][ T3588] ------------------------------------------------------ [ 63.673769][ T3588] syz-executor347/3588 is trying to acquire lock: [ 63.680157][ T3588] ffffffff8d73cfe8 (driver_lock){+.+.}-{3:3}, at: display_open+0x2e/0x280 [ 63.688665][ T3588] [ 63.688665][ T3588] but task is already holding lock: [ 63.696005][ T3588] ffffffff8d53a110 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x2c/0x2f0 [ 63.704352][ T3588] [ 63.704352][ T3588] which lock already depends on the new lock. [ 63.704352][ T3588] [ 63.714734][ T3588] [ 63.714734][ T3588] the existing dependency chain (in reverse order) is: [ 63.723727][ T3588] [ 63.723727][ T3588] -> #2 (minor_rwsem#2){++++}-{3:3}: [ 63.731183][ T3588] lock_acquire+0x19f/0x4d0 [ 63.736192][ T3588] down_write+0x95/0x170 [ 63.740945][ T3588] usb_register_dev+0x2a5/0x7e0 [ 63.746296][ T3588] imon_init_display+0x8b/0x160 [ 63.751659][ T3588] imon_probe+0x2628/0x3240 [ 63.756662][ T3588] usb_probe_interface+0x633/0xb40 [ 63.762278][ T3588] call_driver_probe+0x96/0x250 [ 63.767633][ T3588] really_probe+0x222/0x9f0 [ 63.772640][ T3588] __driver_probe_device+0x1f8/0x3e0 [ 63.778687][ T3588] driver_probe_device+0x50/0x240 [ 63.784214][ T3588] __device_attach_driver+0x1e1/0x3b0 [ 63.790087][ T3588] bus_for_each_drv+0x18a/0x210 [ 63.795440][ T3588] __device_attach+0x310/0x560 [ 63.800709][ T3588] bus_probe_device+0xb8/0x1f0 [ 63.805975][ T3588] device_add+0x11c8/0x16d0 [ 63.811016][ T3588] usb_set_configuration+0x1a86/0x2100 [ 63.816977][ T3588] usb_generic_driver_probe+0x83/0x140 [ 63.822939][ T3588] usb_probe_device+0x13a/0x260 [ 63.828320][ T3588] call_driver_probe+0x96/0x250 [ 63.833683][ T3588] really_probe+0x222/0x9f0 [ 63.838687][ T3588] __driver_probe_device+0x1f8/0x3e0 [ 63.844475][ T3588] driver_probe_device+0x50/0x240 [ 63.850002][ T3588] __device_attach_driver+0x1e1/0x3b0 [ 63.855962][ T3588] bus_for_each_drv+0x18a/0x210 [ 63.861313][ T3588] __device_attach+0x310/0x560 [ 63.866583][ T3588] bus_probe_device+0xb8/0x1f0 [ 63.871849][ T3588] device_add+0x11c8/0x16d0 [ 63.876858][ T3588] usb_new_device+0x108a/0x1940 [ 63.882210][ T3588] hub_port_connect+0x100b/0x2910 [ 63.887734][ T3588] hub_port_connect_change+0x5f9/0xc20 [ 63.893692][ T3588] port_event+0xca0/0x13e0 [ 63.898610][ T3588] hub_event+0x4ed/0xe40 [ 63.903353][ T3588] process_one_work+0x850/0x1130 [ 63.908795][ T3588] worker_thread+0xab1/0x1300 [ 63.913979][ T3588] kthread+0x2a3/0x2d0 [ 63.918550][ T3588] ret_from_fork+0x1f/0x30 [ 63.923472][ T3588] [ 63.923472][ T3588] -> #1 (&ictx->lock){+.+.}-{3:3}: [ 63.930753][ T3588] lock_acquire+0x19f/0x4d0 [ 63.935760][ T3588] __mutex_lock_common+0x1d3/0x2490 [ 63.941462][ T3588] mutex_lock_nested+0x1a/0x20 [ 63.946729][ T3588] imon_probe+0x370/0x3240 [ 63.951649][ T3588] usb_probe_interface+0x633/0xb40 [ 63.957267][ T3588] call_driver_probe+0x96/0x250 [ 63.962638][ T3588] really_probe+0x222/0x9f0 [ 63.967643][ T3588] __driver_probe_device+0x1f8/0x3e0 [ 63.973430][ T3588] driver_probe_device+0x50/0x240 [ 63.978957][ T3588] __device_attach_driver+0x1e1/0x3b0 [ 63.984825][ T3588] bus_for_each_drv+0x18a/0x210 [ 63.990177][ T3588] __device_attach+0x310/0x560 [ 63.995444][ T3588] bus_probe_device+0xb8/0x1f0 [ 64.000708][ T3588] device_add+0x11c8/0x16d0 [ 64.005716][ T3588] usb_set_configuration+0x1a86/0x2100 [ 64.011686][ T3588] usb_generic_driver_probe+0x83/0x140 [ 64.017996][ T3588] usb_probe_device+0x13a/0x260 [ 64.023436][ T3588] call_driver_probe+0x96/0x250 [ 64.028793][ T3588] really_probe+0x222/0x9f0 [ 64.033798][ T3588] __driver_probe_device+0x1f8/0x3e0 [ 64.039585][ T3588] driver_probe_device+0x50/0x240 [ 64.045111][ T3588] __device_attach_driver+0x1e1/0x3b0 [ 64.050987][ T3588] bus_for_each_drv+0x18a/0x210 [ 64.056339][ T3588] __device_attach+0x310/0x560 [ 64.061606][ T3588] bus_probe_device+0xb8/0x1f0 [ 64.066873][ T3588] device_add+0x11c8/0x16d0 [ 64.071880][ T3588] usb_new_device+0x108a/0x1940 [ 64.077231][ T3588] hub_port_connect+0x100b/0x2910 [ 64.082769][ T3588] hub_port_connect_change+0x5f9/0xc20 [ 64.088742][ T3588] port_event+0xca0/0x13e0 [ 64.093659][ T3588] hub_event+0x4ed/0xe40 [ 64.098409][ T3588] process_one_work+0x850/0x1130 [ 64.103852][ T3588] worker_thread+0xab1/0x1300 [ 64.109031][ T3588] kthread+0x2a3/0x2d0 [ 64.113603][ T3588] ret_from_fork+0x1f/0x30 [ 64.118555][ T3588] [ 64.118555][ T3588] -> #0 (driver_lock){+.+.}-{3:3}: [ 64.125834][ T3588] validate_chain+0x1dfb/0x8240 [ 64.131190][ T3588] __lock_acquire+0x1382/0x2b00 [ 64.136545][ T3588] lock_acquire+0x19f/0x4d0 [ 64.141557][ T3588] __mutex_lock_common+0x1d3/0x2490 [ 64.147260][ T3588] mutex_lock_nested+0x1a/0x20 [ 64.152525][ T3588] display_open+0x2e/0x280 [ 64.157448][ T3588] usb_open+0x217/0x2f0 [ 64.162107][ T3588] chrdev_open+0x5fb/0x680 [ 64.167029][ T3588] do_dentry_open+0x78b/0x1020 [ 64.172297][ T3588] path_openat+0x273b/0x36a0 [ 64.177397][ T3588] do_filp_open+0x277/0x4f0 [ 64.182406][ T3588] do_sys_openat2+0x13b/0x500 [ 64.188025][ T3588] __x64_sys_openat+0x243/0x290 [ 64.193383][ T3588] do_syscall_64+0x44/0xd0 [ 64.198313][ T3588] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 64.204714][ T3588] [ 64.204714][ T3588] other info that might help us debug this: [ 64.204714][ T3588] [ 64.214921][ T3588] Chain exists of: [ 64.214921][ T3588] driver_lock --> &ictx->lock --> minor_rwsem#2 [ 64.214921][ T3588] [ 64.227071][ T3588] Possible unsafe locking scenario: [ 64.227071][ T3588] [ 64.234502][ T3588] CPU0 CPU1 [ 64.239850][ T3588] ---- ---- [ 64.245197][ T3588] lock(minor_rwsem#2); [ 64.249430][ T3588] lock(&ictx->lock); [ 64.256010][ T3588] lock(minor_rwsem#2); [ 64.262845][ T3588] lock(driver_lock); [ 64.266898][ T3588] [ 64.266898][ T3588] *** DEADLOCK *** [ 64.266898][ T3588] [ 64.275023][ T3588] 1 lock held by syz-executor347/3588: [ 64.280475][ T3588] #0: ffffffff8d53a110 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x2c/0x2f0 [ 64.289248][ T3588] [ 64.289248][ T3588] stack backtrace: [ 64.295118][ T3588] CPU: 1 PID: 3588 Comm: syz-executor347 Not tainted 5.17.0-rc3-syzkaller-00188-g1d41d2e82623 #0 [ 64.305595][ T3588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.315632][ T3588] Call Trace: [ 64.318897][ T3588] [ 64.321816][ T3588] dump_stack_lvl+0x1dc/0x2d8 [ 64.326486][ T3588] ? show_regs_print_info+0x12/0x12 [ 64.331671][ T3588] ? save_trace+0x5a/0x9f0 [ 64.336078][ T3588] ? print_circular_bug+0x48e/0x5d0 [ 64.341363][ T3588] check_noncircular+0x2f9/0x3b0 [ 64.346290][ T3588] ? add_chain_block+0x850/0x850 [ 64.351214][ T3588] ? lockdep_lock+0x11d/0x2e0 [ 64.355905][ T3588] ? __lock_acquire+0x2b00/0x2b00 [ 64.360918][ T3588] ? __rcu_read_lock+0xb0/0xb0 [ 64.365668][ T3588] validate_chain+0x1dfb/0x8240 [ 64.370509][ T3588] ? kernel_text_address+0x9e/0xd0 [ 64.375610][ T3588] ? reacquire_held_locks+0x620/0x620 [ 64.380968][ T3588] ? mark_lock+0x191/0x1e00 [ 64.385461][ T3588] ? __print_lock_name+0x1d0/0x1d0 [ 64.390557][ T3588] ? validate_chain+0x1a10/0x8240 [ 64.395570][ T3588] ? save_trace+0x5e2/0x9f0 [ 64.400062][ T3588] ? reacquire_held_locks+0x620/0x620 [ 64.405423][ T3588] ? mark_lock+0x5c9/0x1e00 [ 64.409921][ T3588] ? __stack_depot_save+0x33/0x4a0 [ 64.415019][ T3588] __lock_acquire+0x1382/0x2b00 [ 64.419877][ T3588] ? trace_lock_acquire+0x190/0x190 [ 64.425065][ T3588] lock_acquire+0x19f/0x4d0 [ 64.429552][ T3588] ? display_open+0x2e/0x280 [ 64.434131][ T3588] ? read_lock_is_recursive+0x10/0x10 [ 64.439495][ T3588] ? __might_sleep+0xe0/0xe0 [ 64.444075][ T3588] __mutex_lock_common+0x1d3/0x2490 [ 64.449260][ T3588] ? display_open+0x2e/0x280 [ 64.453842][ T3588] ? display_open+0x2e/0x280 [ 64.458420][ T3588] ? mutex_lock_io_nested+0x60/0x60 [ 64.463605][ T3588] ? __down_read_common+0x1b0/0x450 [ 64.468788][ T3588] ? __lock_acquire+0x2b00/0x2b00 [ 64.473803][ T3588] ? do_raw_spin_lock+0x151/0x8e0 [ 64.478832][ T3588] ? up_read_non_owner+0x1c0/0x1c0 [ 64.483935][ T3588] mutex_lock_nested+0x1a/0x20 [ 64.488690][ T3588] display_open+0x2e/0x280 [ 64.493098][ T3588] ? usb_open+0x20f/0x2f0 [ 64.497422][ T3588] ? lcd_write+0x2d0/0x2d0 [ 64.501830][ T3588] usb_open+0x217/0x2f0 [ 64.506010][ T3588] chrdev_open+0x5fb/0x680 [ 64.510419][ T3588] ? __fsnotify_update_child_dentry_flags+0x2d0/0x2d0 [ 64.517170][ T3588] ? cd_forget+0x160/0x160 [ 64.521842][ T3588] ? tomoyo_file_open+0xe6/0x170 [ 64.526780][ T3588] ? security_file_open+0x458/0x570 [ 64.531980][ T3588] ? cd_forget+0x160/0x160 [ 64.536483][ T3588] do_dentry_open+0x78b/0x1020 [ 64.541248][ T3588] path_openat+0x273b/0x36a0 [ 64.545845][ T3588] ? do_filp_open+0x4f0/0x4f0 [ 64.550534][ T3588] ? rcu_read_lock_sched_held+0x89/0x130 [ 64.556167][ T3588] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 64.562144][ T3588] do_filp_open+0x277/0x4f0 [ 64.566642][ T3588] ? vfs_tmpfile+0x230/0x230 [ 64.571219][ T3588] ? alloc_fd+0x5e1/0x680 [ 64.575539][ T3588] ? _raw_spin_unlock+0x24/0x40 [ 64.580375][ T3588] ? alloc_fd+0x5e1/0x680 [ 64.584692][ T3588] do_sys_openat2+0x13b/0x500 [ 64.589363][ T3588] ? do_sys_open+0x220/0x220 [ 64.593943][ T3588] __x64_sys_openat+0x243/0x290 [ 64.598781][ T3588] ? __ia32_sys_open+0x270/0x270 [ 64.603707][ T3588] ? syscall_enter_from_user_mode+0x2e/0x1b0 [ 64.609672][ T3588] ? lockdep_hardirqs_on+0x95/0x140 [ 64.614853][ T3588] ? syscall_enter_from_user_mode+0x2e/0x1b0 [ 64.620816][ T3588] do_syscall_64+0x44/0xd0 [ 64.625219][ T3588] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 64.631098][ T3588] RIP: 0033:0x7f7162756ce7 [ 64.635496][ T3588] Code: 25 00 00 41 00 3d 00 00 41 00 74 47 64 8b 04 25 18 00 00 00 85 c0 75 6b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 95 00 00 00 48 8b 4c 24 28 64 48 2b 0c 25 [ 64.655084][ T3588] RSP: 002b:00007fff99072320 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 64.663590][ T3588] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7162756ce7 [ 64.671554][ T3588] RDX: 0000000000000002 RSI: 00007fff990723a0 RDI: 00000000ffffff9c [ 64.679511][ T3588] RBP: 00007fff990723a0 R08: 0000000000000000 R09: 000000000000000f [ 64.687470][ T3588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 64.695432][ T3588] R13: 000