====================================================== WARNING: possible circular locking dependency detected 5.18.0-rc3-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor208/3596 is trying to acquire lock: ffffffff8d536a88 (driver_lock){+.+.}-{3:3}, at: display_open+0x2e/0x290 drivers/media/rc/imon.c:503 but task is already holding lock: ffffffff8d334ef0 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x2c/0x2f0 drivers/usb/core/file.c:39 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (minor_rwsem#2){++++}-{3:3}: lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5641 down_write+0x95/0x170 kernel/locking/rwsem.c:1514 usb_register_dev+0x2a6/0x810 drivers/usb/core/file.c:187 imon_init_display+0x8b/0x160 imon_probe+0x258f/0x2ee0 drivers/media/rc/imon.c:2470 usb_probe_interface+0x66e/0xb60 drivers/usb/core/driver.c:396 call_driver_probe+0x96/0x250 really_probe+0x222/0x8e0 drivers/base/dd.c:621 __driver_probe_device+0x1f4/0x3f0 drivers/base/dd.c:752 driver_probe_device+0x50/0x240 drivers/base/dd.c:782 __device_attach_driver+0x254/0x3a0 drivers/base/dd.c:899 bus_for_each_drv+0x18a/0x210 drivers/base/bus.c:427 __device_attach+0x32e/0x570 drivers/base/dd.c:970 bus_probe_device+0xb8/0x1f0 drivers/base/bus.c:487 device_add+0xb20/0xf90 drivers/base/core.c:3405 usb_set_configuration+0x1a5f/0x20e0 drivers/usb/core/message.c:2170 usb_generic_driver_probe+0x83/0x140 drivers/usb/core/generic.c:238 usb_probe_device+0x131/0x260 drivers/usb/core/driver.c:293 call_driver_probe+0x96/0x250 really_probe+0x222/0x8e0 drivers/base/dd.c:621 __driver_probe_device+0x1f4/0x3f0 drivers/base/dd.c:752 driver_probe_device+0x50/0x240 drivers/base/dd.c:782 __device_attach_driver+0x254/0x3a0 drivers/base/dd.c:899 bus_for_each_drv+0x18a/0x210 drivers/base/bus.c:427 __device_attach+0x32e/0x570 drivers/base/dd.c:970 bus_probe_device+0xb8/0x1f0 drivers/base/bus.c:487 device_add+0xb20/0xf90 drivers/base/core.c:3405 usb_new_device+0xbfc/0x18a0 drivers/usb/core/hub.c:2566 hub_port_connect+0x106b/0x2930 drivers/usb/core/hub.c:5363 hub_port_connect_change+0x619/0xbe0 drivers/usb/core/hub.c:5507 port_event+0xe72/0x13a0 drivers/usb/core/hub.c:5665 hub_event+0x5be/0xd70 drivers/usb/core/hub.c:5747 process_one_work+0x81c/0xd10 kernel/workqueue.c:2289 worker_thread+0xb14/0x1330 kernel/workqueue.c:2436 kthread+0x266/0x300 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 -> #1 (&ictx->lock){+.+.}-{3:3}: lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5641 __mutex_lock_common+0x1de/0x26e0 kernel/locking/mutex.c:600 __mutex_lock kernel/locking/mutex.c:733 [inline] mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:785 imon_init_intf0 drivers/media/rc/imon.c:2230 [inline] imon_probe+0x365/0x2ee0 drivers/media/rc/imon.c:2431 usb_probe_interface+0x66e/0xb60 drivers/usb/core/driver.c:396 call_driver_probe+0x96/0x250 really_probe+0x222/0x8e0 drivers/base/dd.c:621 __driver_probe_device+0x1f4/0x3f0 drivers/base/dd.c:752 driver_probe_device+0x50/0x240 drivers/base/dd.c:782 __device_attach_driver+0x254/0x3a0 drivers/base/dd.c:899 bus_for_each_drv+0x18a/0x210 drivers/base/bus.c:427 __device_attach+0x32e/0x570 drivers/base/dd.c:970 bus_probe_device+0xb8/0x1f0 drivers/base/bus.c:487 device_add+0xb20/0xf90 drivers/base/core.c:3405 usb_set_configuration+0x1a5f/0x20e0 drivers/usb/core/message.c:2170 usb_generic_driver_probe+0x83/0x140 drivers/usb/core/generic.c:238 usb_probe_device+0x131/0x260 drivers/usb/core/driver.c:293 call_driver_probe+0x96/0x250 really_probe+0x222/0x8e0 drivers/base/dd.c:621 __driver_probe_device+0x1f4/0x3f0 drivers/base/dd.c:752 driver_probe_device+0x50/0x240 drivers/base/dd.c:782 __device_attach_driver+0x254/0x3a0 drivers/base/dd.c:899 bus_for_each_drv+0x18a/0x210 drivers/base/bus.c:427 __device_attach+0x32e/0x570 drivers/base/dd.c:970 bus_probe_device+0xb8/0x1f0 drivers/base/bus.c:487 device_add+0xb20/0xf90 drivers/base/core.c:3405 usb_new_device+0xbfc/0x18a0 drivers/usb/core/hub.c:2566 hub_port_connect+0x106b/0x2930 drivers/usb/core/hub.c:5363 hub_port_connect_change+0x619/0xbe0 drivers/usb/core/hub.c:5507 port_event+0xe72/0x13a0 drivers/usb/core/hub.c:5665 hub_event+0x5be/0xd70 drivers/usb/core/hub.c:5747 process_one_work+0x81c/0xd10 kernel/workqueue.c:2289 worker_thread+0xb14/0x1330 kernel/workqueue.c:2436 kthread+0x266/0x300 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 -> #0 (driver_lock){+.+.}-{3:3}: check_prev_add kernel/locking/lockdep.c:3065 [inline] check_prevs_add kernel/locking/lockdep.c:3188 [inline] validate_chain+0x185c/0x65c0 kernel/locking/lockdep.c:3803 __lock_acquire+0x129a/0x1f80 kernel/locking/lockdep.c:5029 lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5641 __mutex_lock_common+0x1de/0x26e0 kernel/locking/mutex.c:600 __mutex_lock kernel/locking/mutex.c:733 [inline] mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:785 display_open+0x2e/0x290 drivers/media/rc/imon.c:503 usb_open+0x217/0x2f0 drivers/usb/core/file.c:48 chrdev_open+0x5fb/0x680 fs/char_dev.c:414 do_dentry_open+0x77f/0xfd0 fs/open.c:824 do_open fs/namei.c:3476 [inline] path_openat+0x26c0/0x2ec0 fs/namei.c:3609 do_filp_open+0x277/0x4f0 fs/namei.c:3636 do_sys_openat2+0x13b/0x500 fs/open.c:1213 do_sys_open fs/open.c:1229 [inline] __do_sys_openat fs/open.c:1245 [inline] __se_sys_openat fs/open.c:1240 [inline] __x64_sys_openat+0x243/0x290 fs/open.c:1240 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae other info that might help us debug this: Chain exists of: driver_lock --> &ictx->lock --> minor_rwsem#2 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(minor_rwsem#2); lock(&ictx->lock); lock(minor_rwsem#2); lock(driver_lock); *** DEADLOCK *** 1 lock held by syz-executor208/3596: #0: ffffffff8d334ef0 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x2c/0x2f0 drivers/usb/core/file.c:39 stack backtrace: CPU: 0 PID: 3596 Comm: syz-executor208 Not tainted 5.18.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 check_noncircular+0x2f7/0x3b0 kernel/locking/lockdep.c:2145 check_prev_add kernel/locking/lockdep.c:3065 [inline] check_prevs_add kernel/locking/lockdep.c:3188 [inline] validate_chain+0x185c/0x65c0 kernel/locking/lockdep.c:3803 __lock_acquire+0x129a/0x1f80 kernel/locking/lockdep.c:5029 lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5641 __mutex_lock_common+0x1de/0x26e0 kernel/locking/mutex.c:600 __mutex_lock kernel/locking/mutex.c:733 [inline] mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:785 display_open+0x2e/0x290 drivers/media/rc/imon.c:503 usb_open+0x217/0x2f0 drivers/usb/core/file.c:48 chrdev_open+0x5fb/0x680 fs/char_dev.c:414 do_dentry_open+0x77f/0xfd0 fs/open.c:824 do_open fs/namei.c:3476 [inline] path_openat+0x26c0/0x2ec0 fs/namei.c:3609 do_filp_open+0x277/0x4f0 fs/namei.c:3636 do_sys_openat2+0x13b/0x500 fs/open.c:1213 do_sys_open fs/open.c:1229 [inline] __do_sys_openat fs/open.c:1245 [inline] __se_sys_openat fs/open.c:1240 [inline] __x64_sys_openat+0x243/0x290 fs/open.c:1240 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f8f70c6ec77 Code: 25 00 00 41 00 3d 00 00 41 00 74 47 64 8b 04 25 18 00 00 00 85 c0 75 6b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 95 00 00 00 48 8b 4c 24 28 64 48 2b 0c 25 RSP: 002b:00007ffc5a450ed0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8f70c6ec77 RDX: 0000000000000002 RSI: 00007ffc5a450f50 RDI: 00000000ffffff9c RBP: 00007ffc5a450f50 R08: 0000000000000000 R09: 000000000000000f R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000