./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3183844314

<...>
forked to background, child pid 3175
no interfaces have a carrier
[   20.706488][ T3176] 8021q: adding VLAN 0 to HW filter on device bond0
[   20.715597][ T3176] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.132' (ECDSA) to the list of known hosts.
execve("./syz-executor3183844314", ["./syz-executor3183844314"], 0x7ffdf22f9f90 /* 10 vars */) = 0
brk(NULL)                               = 0x55555560c000
brk(0x55555560cc40)                     = 0x55555560cc40
arch_prctl(ARCH_SET_FS, 0x55555560c300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3183844314", 4096) = 28
brk(0x55555562dc40)                     = 0x55555562dc40
brk(0x55555562e000)                     = 0x55555562e000
mprotect(0x7f28bf0be000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffdf13b8ae0) = 0
ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdf13b8ae0) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdf13b8ae0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdf13b7ad0) = 18
syzkaller login: [   36.032428][  T140] usb 1-1: new high-speed USB device number 2 using dummy_hcd
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdf13b8ae0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdf13b7ad0) = 18
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdf13b8ae0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdf13b7ad0) = 9
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdf13b8ae0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdf13b7ad0) = 27
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdf13b8ae0) = 0
ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x13) = 0
ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0)    = 0
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f28bf0c43ac) = 12
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdf13b7ad0) = 0
[   36.412498][  T140] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[   36.423632][  T140] usb 1-1: New USB device found, idVendor=15c2, idProduct=0039, bcdDevice=a9.8c
[   36.432877][  T140] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   36.444214][  T140] usb 1-1: config 0 descriptor??
[   36.485788][  T140] input: iMON Panel, Knob and Mouse(15c2:0039) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdf13b8b10) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdf13b7b00) = 8
[   36.782385][  T140] rc_core: IR keymap rc-imon-pad not found
[   36.788452][  T140] Registered IR keymap rc-empty
[   36.793923][  T140] imon 1-1:0.0: Looks like you're trying to use an IR protocol this device does not support
[   36.804019][  T140] imon 1-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdf13b8b10) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdf13b7b00) = 8
[   36.933611][  T140] rc rc0: iMON Remote (15c2:0039) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[   36.944329][  T140] input: iMON Remote (15c2:0039) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input6
[   36.958322][  T140] imon 1-1:0.0: iMON device (15c2:0039, intf0) on usb<1:2> initialized
[   37.113499][ T3594] 
[   37.115945][ T3594] ======================================================
[   37.123296][ T3594] WARNING: possible circular locking dependency detected
[   37.130346][ T3594] 5.18.0-rc7-syzkaller-00048-gf993aed406ea #0 Not tainted
[   37.137425][ T3594] ------------------------------------------------------
[   37.144424][ T3594] syz-executor318/3594 is trying to acquire lock:
[   37.150804][ T3594] ffffffff8cf4e6e8 (driver_lock){+.+.}-{3:3}, at: display_open+0x1f/0x220
[   37.159321][ T3594] 
[   37.159321][ T3594] but task is already holding lock:
[   37.166656][ T3594] ffffffff8cc8e670 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x24/0x2e0
[   37.174993][ T3594] 
[   37.174993][ T3594] which lock already depends on the new lock.
[   37.174993][ T3594] 
[   37.185454][ T3594] 
[   37.185454][ T3594] the existing dependency chain (in reverse order) is:
[   37.194539][ T3594] 
[   37.194539][ T3594] -> #2 (minor_rwsem#2){++++}-{3:3}:
[   37.202000][ T3594]        down_write+0x90/0x150
[   37.206739][ T3594]        usb_register_dev+0x19d/0x7e0
[   37.212086][ T3594]        imon_probe+0x2506/0x2b90
[   37.217093][ T3594]        usb_probe_interface+0x315/0x7f0
[   37.222723][ T3594]        really_probe+0x23e/0xb20
[   37.227720][ T3594]        __driver_probe_device+0x338/0x4d0
[   37.233753][ T3594]        driver_probe_device+0x4c/0x1a0
[   37.239466][ T3594]        __device_attach_driver+0x20b/0x2f0
[   37.245562][ T3594]        bus_for_each_drv+0x15f/0x1e0
[   37.250908][ T3594]        __device_attach+0x228/0x4a0
[   37.256187][ T3594]        bus_probe_device+0x1e4/0x290
[   37.261539][ T3594]        device_add+0xb83/0x1e20
[   37.266862][ T3594]        usb_set_configuration+0x101e/0x1900
[   37.272830][ T3594]        usb_generic_driver_probe+0xba/0x100
[   37.278789][ T3594]        usb_probe_device+0xd9/0x2c0
[   37.284046][ T3594]        really_probe+0x23e/0xb20
[   37.289049][ T3594]        __driver_probe_device+0x338/0x4d0
[   37.294829][ T3594]        driver_probe_device+0x4c/0x1a0
[   37.300350][ T3594]        __device_attach_driver+0x20b/0x2f0
[   37.306303][ T3594]        bus_for_each_drv+0x15f/0x1e0
[   37.311738][ T3594]        __device_attach+0x228/0x4a0
[   37.316993][ T3594]        bus_probe_device+0x1e4/0x290
[   37.322342][ T3594]        device_add+0xb83/0x1e20
[   37.327267][ T3594]        usb_new_device.cold+0x641/0x1091
[   37.332961][ T3594]        hub_event+0x25c6/0x4680
[   37.337871][ T3594]        process_one_work+0x996/0x1610
[   37.343317][ T3594]        worker_thread+0x665/0x1080
[   37.348485][ T3594]        kthread+0x2e9/0x3a0
[   37.353044][ T3594]        ret_from_fork+0x1f/0x30
[   37.357955][ T3594] 
[   37.357955][ T3594] -> #1 (&ictx->lock){+.+.}-{3:3}:
[   37.365218][ T3594]        __mutex_lock+0x12f/0x12f0
[   37.370304][ T3594]        imon_probe+0xff9/0x2b90
[   37.375561][ T3594]        usb_probe_interface+0x315/0x7f0
[   37.381166][ T3594]        really_probe+0x23e/0xb20
[   37.386161][ T3594]        __driver_probe_device+0x338/0x4d0
[   37.391938][ T3594]        driver_probe_device+0x4c/0x1a0
[   37.397467][ T3594]        __device_attach_driver+0x20b/0x2f0
[   37.403591][ T3594]        bus_for_each_drv+0x15f/0x1e0
[   37.408942][ T3594]        __device_attach+0x228/0x4a0
[   37.414198][ T3594]        bus_probe_device+0x1e4/0x290
[   37.419547][ T3594]        device_add+0xb83/0x1e20
[   37.424458][ T3594]        usb_set_configuration+0x101e/0x1900
[   37.430412][ T3594]        usb_generic_driver_probe+0xba/0x100
[   37.436365][ T3594]        usb_probe_device+0xd9/0x2c0
[   37.441621][ T3594]        really_probe+0x23e/0xb20
[   37.446617][ T3594]        __driver_probe_device+0x338/0x4d0
[   37.452397][ T3594]        driver_probe_device+0x4c/0x1a0
[   37.457911][ T3594]        __device_attach_driver+0x20b/0x2f0
[   37.463789][ T3594]        bus_for_each_drv+0x15f/0x1e0
[   37.469135][ T3594]        __device_attach+0x228/0x4a0
[   37.474389][ T3594]        bus_probe_device+0x1e4/0x290
[   37.479730][ T3594]        device_add+0xb83/0x1e20
[   37.484637][ T3594]        usb_new_device.cold+0x641/0x1091
[   37.490331][ T3594]        hub_event+0x25c6/0x4680
[   37.496989][ T3594]        process_one_work+0x996/0x1610
[   37.502424][ T3594]        worker_thread+0x665/0x1080
[   37.507592][ T3594]        kthread+0x2e9/0x3a0
[   37.512156][ T3594]        ret_from_fork+0x1f/0x30
[   37.517065][ T3594] 
[   37.517065][ T3594] -> #0 (driver_lock){+.+.}-{3:3}:
[   37.524329][ T3594]        __lock_acquire+0x2ac6/0x56c0
[   37.529675][ T3594]        lock_acquire+0x1ab/0x510
[   37.534682][ T3594]        __mutex_lock+0x12f/0x12f0
[   37.539778][ T3594]        display_open+0x1f/0x220
[   37.544702][ T3594]        usb_open+0x204/0x2e0
[   37.549355][ T3594]        chrdev_open+0x266/0x770
[   37.554280][ T3594]        do_dentry_open+0x4a1/0x11e0
[   37.559554][ T3594]        path_openat+0x1c71/0x2910
[   37.564827][ T3594]        do_filp_open+0x1aa/0x400
[   37.569829][ T3594]        do_sys_openat2+0x16d/0x4c0
[   37.575003][ T3594]        __x64_sys_openat+0x13f/0x1f0
[   37.580349][ T3594]        do_syscall_64+0x35/0xb0
[   37.585263][ T3594]        entry_SYSCALL_64_after_hwframe+0x44/0xae
[   37.591651][ T3594] 
[   37.591651][ T3594] other info that might help us debug this:
[   37.591651][ T3594] 
[   37.601853][ T3594] Chain exists of:
[   37.601853][ T3594]   driver_lock --> &ictx->lock --> minor_rwsem#2
[   37.601853][ T3594] 
[   37.613992][ T3594]  Possible unsafe locking scenario:
[   37.613992][ T3594] 
[   37.621586][ T3594]        CPU0                    CPU1
[   37.626929][ T3594]        ----                    ----
[   37.632272][ T3594]   lock(minor_rwsem#2);
[   37.636492][ T3594]                                lock(&ictx->lock);
[   37.643075][ T3594]                                lock(minor_rwsem#2);
[   37.649806][ T3594]   lock(driver_lock);
[   37.653849][ T3594] 
[   37.653849][ T3594]  *** DEADLOCK ***
[   37.653849][ T3594] 
[   37.662066][ T3594] 1 lock held by syz-executor318/3594:
[   37.667516][ T3594]  #0: ffffffff8cc8e670 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x24/0x2e0
[   37.676471][ T3594] 
[   37.676471][ T3594] stack backtrace:
[   37.682931][ T3594] CPU: 1 PID: 3594 Comm: syz-executor318 Not tainted 5.18.0-rc7-syzkaller-00048-gf993aed406ea #0
[   37.693403][ T3594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   37.703441][ T3594] Call Trace:
[   37.706698][ T3594]  <TASK>
[   37.709691][ T3594]  dump_stack_lvl+0xcd/0x134
[   37.714259][ T3594]  check_noncircular+0x25f/0x2e0
[   37.719176][ T3594]  ? print_circular_bug+0x1e0/0x1e0
[   37.724366][ T3594]  ? lock_chain_count+0x20/0x20
[   37.729191][ T3594]  __lock_acquire+0x2ac6/0x56c0
[   37.734018][ T3594]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   37.739988][ T3594]  ? __lock_acquire+0x2589/0x56c0
[   37.745005][ T3594]  lock_acquire+0x1ab/0x510
[   37.749485][ T3594]  ? display_open+0x1f/0x220
[   37.754051][ T3594]  ? lock_release+0x720/0x720
[   37.758705][ T3594]  __mutex_lock+0x12f/0x12f0
[   37.763279][ T3594]  ? display_open+0x1f/0x220
[   37.767841][ T3594]  ? lock_release+0x720/0x720
[   37.772489][ T3594]  ? display_open+0x1f/0x220
[   37.777054][ T3594]  ? mutex_lock_io_nested+0x1150/0x1150
[   37.782570][ T3594]  ? down_read+0x198/0x440
[   37.786953][ T3594]  ? chrdev_open+0x58c/0x770
[   37.791515][ T3594]  ? rwsem_down_read_slowpath+0xa70/0xa70
[   37.797206][ T3594]  ? do_raw_spin_lock+0x120/0x2a0
[   37.802207][ T3594]  display_open+0x1f/0x220
[   37.806597][ T3594]  ? display_close+0x160/0x160
[   37.811338][ T3594]  usb_open+0x204/0x2e0
[   37.815467][ T3594]  ? usb_devnode+0xa0/0xa0
[   37.819857][ T3594]  chrdev_open+0x266/0x770
[   37.824248][ T3594]  ? cdev_device_add+0x220/0x220
[   37.829158][ T3594]  ? fsnotify_perm.part.0+0x221/0x610
[   37.834503][ T3594]  do_dentry_open+0x4a1/0x11e0
[   37.839239][ T3594]  ? cdev_device_add+0x220/0x220
[   37.844147][ T3594]  ? may_open+0x1f6/0x420
[   37.848451][ T3594]  path_openat+0x1c71/0x2910
[   37.853014][ T3594]  ? path_lookupat+0x860/0x860
[   37.857750][ T3594]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   37.863706][ T3594]  do_filp_open+0x1aa/0x400
[   37.868185][ T3594]  ? may_open_dev+0xf0/0xf0
[   37.872661][ T3594]  ? rwlock_bug.part.0+0x90/0x90
[   37.877575][ T3594]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   37.883787][ T3594]  ? _find_next_bit+0x1e3/0x260
[   37.888633][ T3594]  ? _raw_spin_unlock+0x24/0x40
[   37.893464][ T3594]  ? alloc_fd+0x2f0/0x670
[   37.897885][ T3594]  do_sys_openat2+0x16d/0x4c0
[   37.902543][ T3594]  ? build_open_flags+0x6f0/0x6f0
[   37.907806][ T3594]  ? ptrace_notify+0xfa/0x140
[   37.912495][ T3594]  ? lock_downgrade+0x6e0/0x6e0
[   37.917498][ T3594]  __x64_sys_openat+0x13f/0x1f0
[   37.922325][ T3594]  ? __ia32_sys_open+0x1c0/0x1c0
[   37.927328][ T3594]  ? _raw_spin_unlock_irq+0x1f/0x40
[   37.932498][ T3594]  ? lockdep_hardirqs_on+0x79/0x100
[   37.937758][ T3594]  ? _raw_spin_unlock_irq+0x2a/0x40
[   37.942945][ T3594]  ? ptrace_notify+0xfa/0x140
[   37.947615][ T3594]  do_syscall_64+0x35/0xb0
[   37.952011][ T3594]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   37.957880][ T3594] RIP: 0033:0x7f28bf00fbc7
[   37.962270][ T3594] Code: 25 00 00 41 00 3d 00 00 41 00 74 47 64 8b 04 25 18 00 00 00 85 c0 75 6b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 95 00 00 00 48 8b 4c 24 28 64 48 2b 0c 25
[   37.981871][ T3594] RSP: 002b:00007ffdf13b9a30 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   37.990265][ T3594] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f28bf00fbc7
[   37.998286][ T3594] RDX: 0000000000000002 RSI: 00007ffdf13b9ab0 RDI: 00000000ffffff9c
[   38.006244][ T3594] RBP: 00007ffdf13b9ab0 R08: 0000000000000000 R09: 000000000000000f
openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 4
exit_group(0)                           = ?
+++ exited with 0 +++
[   38.014195][ T3594] R10: 0000000000