====================================================== WARNING: possible circular locking dependency detected 5.17.0-rc3-syzkaller-00188-g1d41d2e82623 #0 Not tainted ------------------------------------------------------ syz-executor347/3588 is trying to acquire lock: ffffffff8d73cfe8 (driver_lock){+.+.}-{3:3}, at: display_open+0x2e/0x280 drivers/media/rc/imon.c:503 but task is already holding lock: ffffffff8d53a110 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x2c/0x2f0 drivers/usb/core/file.c:39 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (minor_rwsem#2){++++}-{3:3}: lock_acquire+0x19f/0x4d0 kernel/locking/lockdep.c:5639 down_write+0x95/0x170 kernel/locking/rwsem.c:1514 usb_register_dev+0x2a5/0x7e0 drivers/usb/core/file.c:187 imon_init_display+0x8b/0x160 imon_probe+0x2628/0x3240 drivers/media/rc/imon.c:2470 usb_probe_interface+0x633/0xb40 drivers/usb/core/driver.c:396 call_driver_probe+0x96/0x250 really_probe+0x222/0x9f0 drivers/base/dd.c:596 __driver_probe_device+0x1f8/0x3e0 drivers/base/dd.c:752 driver_probe_device+0x50/0x240 drivers/base/dd.c:782 __device_attach_driver+0x1e1/0x3b0 drivers/base/dd.c:899 bus_for_each_drv+0x18a/0x210 drivers/base/bus.c:427 __device_attach+0x310/0x560 drivers/base/dd.c:970 bus_probe_device+0xb8/0x1f0 drivers/base/bus.c:487 device_add+0x11c8/0x16d0 drivers/base/core.c:3405 usb_set_configuration+0x1a86/0x2100 drivers/usb/core/message.c:2170 usb_generic_driver_probe+0x83/0x140 drivers/usb/core/generic.c:238 usb_probe_device+0x13a/0x260 drivers/usb/core/driver.c:293 call_driver_probe+0x96/0x250 really_probe+0x222/0x9f0 drivers/base/dd.c:596 __driver_probe_device+0x1f8/0x3e0 drivers/base/dd.c:752 driver_probe_device+0x50/0x240 drivers/base/dd.c:782 __device_attach_driver+0x1e1/0x3b0 drivers/base/dd.c:899 bus_for_each_drv+0x18a/0x210 drivers/base/bus.c:427 __device_attach+0x310/0x560 drivers/base/dd.c:970 bus_probe_device+0xb8/0x1f0 drivers/base/bus.c:487 device_add+0x11c8/0x16d0 drivers/base/core.c:3405 usb_new_device+0x108a/0x1940 drivers/usb/core/hub.c:2566 hub_port_connect+0x100b/0x2910 drivers/usb/core/hub.c:5358 hub_port_connect_change+0x5f9/0xc20 drivers/usb/core/hub.c:5502 port_event+0xca0/0x13e0 drivers/usb/core/hub.c:5660 hub_event+0x4ed/0xe40 drivers/usb/core/hub.c:5742 process_one_work+0x850/0x1130 kernel/workqueue.c:2307 worker_thread+0xab1/0x1300 kernel/workqueue.c:2454 kthread+0x2a3/0x2d0 kernel/kthread.c:377 ret_from_fork+0x1f/0x30 -> #1 (&ictx->lock){+.+.}-{3:3}: lock_acquire+0x19f/0x4d0 kernel/locking/lockdep.c:5639 __mutex_lock_common+0x1d3/0x2490 kernel/locking/mutex.c:600 __mutex_lock kernel/locking/mutex.c:733 [inline] mutex_lock_nested+0x1a/0x20 kernel/locking/mutex.c:785 imon_init_intf0 drivers/media/rc/imon.c:2230 [inline] imon_probe+0x370/0x3240 drivers/media/rc/imon.c:2431 usb_probe_interface+0x633/0xb40 drivers/usb/core/driver.c:396 call_driver_probe+0x96/0x250 really_probe+0x222/0x9f0 drivers/base/dd.c:596 __driver_probe_device+0x1f8/0x3e0 drivers/base/dd.c:752 driver_probe_device+0x50/0x240 drivers/base/dd.c:782 __device_attach_driver+0x1e1/0x3b0 drivers/base/dd.c:899 bus_for_each_drv+0x18a/0x210 drivers/base/bus.c:427 __device_attach+0x310/0x560 drivers/base/dd.c:970 bus_probe_device+0xb8/0x1f0 drivers/base/bus.c:487 device_add+0x11c8/0x16d0 drivers/base/core.c:3405 usb_set_configuration+0x1a86/0x2100 drivers/usb/core/message.c:2170 usb_generic_driver_probe+0x83/0x140 drivers/usb/core/generic.c:238 usb_probe_device+0x13a/0x260 drivers/usb/core/driver.c:293 call_driver_probe+0x96/0x250 really_probe+0x222/0x9f0 drivers/base/dd.c:596 __driver_probe_device+0x1f8/0x3e0 drivers/base/dd.c:752 driver_probe_device+0x50/0x240 drivers/base/dd.c:782 __device_attach_driver+0x1e1/0x3b0 drivers/base/dd.c:899 bus_for_each_drv+0x18a/0x210 drivers/base/bus.c:427 __device_attach+0x310/0x560 drivers/base/dd.c:970 bus_probe_device+0xb8/0x1f0 drivers/base/bus.c:487 device_add+0x11c8/0x16d0 drivers/base/core.c:3405 usb_new_device+0x108a/0x1940 drivers/usb/core/hub.c:2566 hub_port_connect+0x100b/0x2910 drivers/usb/core/hub.c:5358 hub_port_connect_change+0x5f9/0xc20 drivers/usb/core/hub.c:5502 port_event+0xca0/0x13e0 drivers/usb/core/hub.c:5660 hub_event+0x4ed/0xe40 drivers/usb/core/hub.c:5742 process_one_work+0x850/0x1130 kernel/workqueue.c:2307 worker_thread+0xab1/0x1300 kernel/workqueue.c:2454 kthread+0x2a3/0x2d0 kernel/kthread.c:377 ret_from_fork+0x1f/0x30 -> #0 (driver_lock){+.+.}-{3:3}: check_prev_add kernel/locking/lockdep.c:3063 [inline] check_prevs_add kernel/locking/lockdep.c:3186 [inline] validate_chain+0x1dfb/0x8240 kernel/locking/lockdep.c:3801 __lock_acquire+0x1382/0x2b00 kernel/locking/lockdep.c:5027 lock_acquire+0x19f/0x4d0 kernel/locking/lockdep.c:5639 __mutex_lock_common+0x1d3/0x2490 kernel/locking/mutex.c:600 __mutex_lock kernel/locking/mutex.c:733 [inline] mutex_lock_nested+0x1a/0x20 kernel/locking/mutex.c:785 display_open+0x2e/0x280 drivers/media/rc/imon.c:503 usb_open+0x217/0x2f0 drivers/usb/core/file.c:48 chrdev_open+0x5fb/0x680 fs/char_dev.c:414 do_dentry_open+0x78b/0x1020 fs/open.c:824 do_open fs/namei.c:3476 [inline] path_openat+0x273b/0x36a0 fs/namei.c:3609 do_filp_open+0x277/0x4f0 fs/namei.c:3636 do_sys_openat2+0x13b/0x500 fs/open.c:1214 do_sys_open fs/open.c:1230 [inline] __do_sys_openat fs/open.c:1246 [inline] __se_sys_openat fs/open.c:1241 [inline] __x64_sys_openat+0x243/0x290 fs/open.c:1241 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae other info that might help us debug this: Chain exists of: driver_lock --> &ictx->lock --> minor_rwsem#2 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(minor_rwsem#2); lock(&ictx->lock); lock(minor_rwsem#2); lock(driver_lock); *** DEADLOCK *** 1 lock held by syz-executor347/3588: #0: ffffffff8d53a110 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x2c/0x2f0 drivers/usb/core/file.c:39 stack backtrace: CPU: 1 PID: 3588 Comm: syz-executor347 Not tainted 5.17.0-rc3-syzkaller-00188-g1d41d2e82623 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1dc/0x2d8 lib/dump_stack.c:106 check_noncircular+0x2f9/0x3b0 kernel/locking/lockdep.c:2143 check_prev_add kernel/locking/lockdep.c:3063 [inline] check_prevs_add kernel/locking/lockdep.c:3186 [inline] validate_chain+0x1dfb/0x8240 kernel/locking/lockdep.c:3801 __lock_acquire+0x1382/0x2b00 kernel/locking/lockdep.c:5027 lock_acquire+0x19f/0x4d0 kernel/locking/lockdep.c:5639 __mutex_lock_common+0x1d3/0x2490 kernel/locking/mutex.c:600 __mutex_lock kernel/locking/mutex.c:733 [inline] mutex_lock_nested+0x1a/0x20 kernel/locking/mutex.c:785 display_open+0x2e/0x280 drivers/media/rc/imon.c:503 usb_open+0x217/0x2f0 drivers/usb/core/file.c:48 chrdev_open+0x5fb/0x680 fs/char_dev.c:414 do_dentry_open+0x78b/0x1020 fs/open.c:824 do_open fs/namei.c:3476 [inline] path_openat+0x273b/0x36a0 fs/namei.c:3609 do_filp_open+0x277/0x4f0 fs/namei.c:3636 do_sys_openat2+0x13b/0x500 fs/open.c:1214 do_sys_open fs/open.c:1230 [inline] __do_sys_openat fs/open.c:1246 [inline] __se_sys_openat fs/open.c:1241 [inline] __x64_sys_openat+0x243/0x290 fs/open.c:1241 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f7162756ce7 Code: 25 00 00 41 00 3d 00 00 41 00 74 47 64 8b 04 25 18 00 00 00 85 c0 75 6b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 95 00 00 00 48 8b 4c 24 28 64 48 2b 0c 25 RSP: 002b:00007fff99072320 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7162756ce7 RDX: 0000000000000002 RSI: 00007fff990723a0 RDI: 00000000ffffff9c RBP: 00007fff990723a0 R08: 0000000000000000 R09: 000000000000000f R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 R13: 000