[ 28.955690][ T3176] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.966070][ T3176] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller syzkaller login: [ 40.545222][ T25] kauditd_printk_skb: 37 callbacks suppressed [ 40.545237][ T25] audit: type=1400 audit(1647338465.391:73): avc: denied { transition } for pid=3418 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 40.576992][ T25] audit: type=1400 audit(1647338465.391:74): avc: denied { write } for pid=3418 comm="sh" path="pipe:[27734]" dev="pipefs" ino=27734 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 Warning: Permanently added '10.128.0.40' (ECDSA) to the list of known hosts. executing program [ 59.977256][ T25] audit: type=1400 audit(1647338484.821:75): avc: denied { execmem } for pid=3591 comm="syz-executor184" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 59.996991][ T25] audit: type=1400 audit(1647338484.821:76): avc: denied { read write } for pid=3591 comm="syz-executor184" name="raw-gadget" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 60.021014][ T25] audit: type=1400 audit(1647338484.821:77): avc: denied { open } for pid=3591 comm="syz-executor184" path="/dev/raw-gadget" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 60.044910][ T25] audit: type=1400 audit(1647338484.831:78): avc: denied { ioctl } for pid=3591 comm="syz-executor184" path="/dev/raw-gadget" dev="devtmpfs" ino=730 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 60.254041][ T35] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 60.614227][ T35] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 44, changing to 9 [ 60.625353][ T35] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 8262, setting to 1024 [ 60.636765][ T35] usb 1-1: New USB device found, idVendor=15c2, idProduct=0037, bcdDevice=d2.65 [ 60.645996][ T35] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 60.664451][ T35] usb 1-1: config 0 descriptor?? [ 60.709984][ T35] input: iMON Panel, Knob and Mouse(15c2:0037) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5 [ 61.004201][ T35] rc_core: IR keymap rc-imon-pad not found [ 61.010025][ T35] Registered IR keymap rc-empty [ 61.015270][ T35] imon 1-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 61.025972][ T35] imon 1-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 61.167275][ T35] rc rc0: iMON Remote (15c2:0037) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 61.178108][ T35] input: iMON Remote (15c2:0037) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input6 [ 61.194034][ T35] imon 1-1:0.0: iMON device (15c2:0037, intf0) on usb<1:2> initialized [ 61.344921][ T3591] [ 61.347251][ T3591] ====================================================== [ 61.354243][ T3591] WARNING: possible circular locking dependency detected [ 61.361233][ T3591] 5.17.0-rc8-syzkaller #0 Not tainted [ 61.366574][ T3591] ------------------------------------------------------ [ 61.373562][ T3591] syz-executor184/3591 is trying to acquire lock: [ 61.379950][ T3591] ffffffff8cd14368 (driver_lock){+.+.}-{3:3}, at: display_open+0x1f/0x220 [ 61.388466][ T3591] [ 61.388466][ T3591] but task is already holding lock: [ 61.395799][ T3591] ffffffff8ca590b0 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x24/0x2e0 [ 61.404128][ T3591] [ 61.404128][ T3591] which lock already depends on the new lock. [ 61.404128][ T3591] [ 61.414509][ T3591] [ 61.414509][ T3591] the existing dependency chain (in reverse order) is: [ 61.423508][ T3591] [ 61.423508][ T3591] -> #2 (minor_rwsem#2){++++}-{3:3}: [ 61.430960][ T3591] down_write+0x90/0x150 [ 61.435708][ T3591] usb_register_dev+0x19d/0x7e0 [ 61.441056][ T3591] imon_probe+0x2499/0x2b90 [ 61.446059][ T3591] usb_probe_interface+0x315/0x7f0 [ 61.451850][ T3591] really_probe+0x245/0xcc0 [ 61.456855][ T3591] __driver_probe_device+0x338/0x4d0 [ 61.462646][ T3591] driver_probe_device+0x4c/0x1a0 [ 61.468179][ T3591] __device_attach_driver+0x20b/0x2f0 [ 61.474048][ T3591] bus_for_each_drv+0x15f/0x1e0 [ 61.479408][ T3591] __device_attach+0x228/0x4a0 [ 61.484678][ T3591] bus_probe_device+0x1e4/0x290 [ 61.490029][ T3591] device_add+0xb83/0x1e20 [ 61.494945][ T3591] usb_set_configuration+0x101e/0x1900 [ 61.500929][ T3591] usb_generic_driver_probe+0xba/0x100 [ 61.506905][ T3591] usb_probe_device+0xd9/0x2c0 [ 61.512178][ T3591] really_probe+0x245/0xcc0 [ 61.517189][ T3591] __driver_probe_device+0x338/0x4d0 [ 61.523016][ T3591] driver_probe_device+0x4c/0x1a0 [ 61.528544][ T3591] __device_attach_driver+0x20b/0x2f0 [ 61.534431][ T3591] bus_for_each_drv+0x15f/0x1e0 [ 61.539782][ T3591] __device_attach+0x228/0x4a0 [ 61.545046][ T3591] bus_probe_device+0x1e4/0x290 [ 61.550396][ T3591] device_add+0xb83/0x1e20 [ 61.555311][ T3591] usb_new_device.cold+0x63f/0x108e [ 61.561008][ T3591] hub_event+0x2585/0x44d0 [ 61.565934][ T3591] process_one_work+0x9ac/0x1650 [ 61.571371][ T3591] worker_thread+0x657/0x1110 [ 61.576548][ T3591] kthread+0x2e9/0x3a0 [ 61.581116][ T3591] ret_from_fork+0x1f/0x30 [ 61.586033][ T3591] [ 61.586033][ T3591] -> #1 (&ictx->lock){+.+.}-{3:3}: [ 61.593299][ T3591] __mutex_lock+0x12f/0x12f0 [ 61.598391][ T3591] imon_probe+0xff9/0x2b90 [ 61.603307][ T3591] usb_probe_interface+0x315/0x7f0 [ 61.608921][ T3591] really_probe+0x245/0xcc0 [ 61.613934][ T3591] __driver_probe_device+0x338/0x4d0 [ 61.619718][ T3591] driver_probe_device+0x4c/0x1a0 [ 61.625250][ T3591] __device_attach_driver+0x20b/0x2f0 [ 61.631151][ T3591] bus_for_each_drv+0x15f/0x1e0 [ 61.636506][ T3591] __device_attach+0x228/0x4a0 [ 61.641778][ T3591] bus_probe_device+0x1e4/0x290 [ 61.647125][ T3591] device_add+0xb83/0x1e20 [ 61.652037][ T3591] usb_set_configuration+0x101e/0x1900 [ 61.657996][ T3591] usb_generic_driver_probe+0xba/0x100 [ 61.663951][ T3591] usb_probe_device+0xd9/0x2c0 [ 61.669235][ T3591] really_probe+0x245/0xcc0 [ 61.674249][ T3591] __driver_probe_device+0x338/0x4d0 [ 61.680033][ T3591] driver_probe_device+0x4c/0x1a0 [ 61.685556][ T3591] __device_attach_driver+0x20b/0x2f0 [ 61.691428][ T3591] bus_for_each_drv+0x15f/0x1e0 [ 61.696782][ T3591] __device_attach+0x228/0x4a0 [ 61.702044][ T3591] bus_probe_device+0x1e4/0x290 [ 61.707395][ T3591] device_add+0xb83/0x1e20 [ 61.712309][ T3591] usb_new_device.cold+0x63f/0x108e [ 61.718007][ T3591] hub_event+0x2585/0x44d0 [ 61.722932][ T3591] process_one_work+0x9ac/0x1650 [ 61.728400][ T3591] worker_thread+0x657/0x1110 [ 61.733591][ T3591] kthread+0x2e9/0x3a0 [ 61.738171][ T3591] ret_from_fork+0x1f/0x30 [ 61.743100][ T3591] [ 61.743100][ T3591] -> #0 (driver_lock){+.+.}-{3:3}: [ 61.750379][ T3591] __lock_acquire+0x2ad4/0x56c0 [ 61.755740][ T3591] lock_acquire+0x1ab/0x510 [ 61.760755][ T3591] __mutex_lock+0x12f/0x12f0 [ 61.765849][ T3591] display_open+0x1f/0x220 [ 61.770767][ T3591] usb_open+0x204/0x2e0 [ 61.775422][ T3591] chrdev_open+0x266/0x770 [ 61.780340][ T3591] do_dentry_open+0x4b9/0x1250 [ 61.785602][ T3591] path_openat+0x1c9e/0x2940 [ 61.790692][ T3591] do_filp_open+0x1aa/0x400 [ 61.795693][ T3591] do_sys_openat2+0x16d/0x4d0 [ 61.800874][ T3591] __x64_sys_openat+0x13f/0x1f0 [ 61.806237][ T3591] do_syscall_64+0x35/0xb0 [ 61.811162][ T3591] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 61.817586][ T3591] [ 61.817586][ T3591] other info that might help us debug this: [ 61.817586][ T3591] [ 61.827787][ T3591] Chain exists of: [ 61.827787][ T3591] driver_lock --> &ictx->lock --> minor_rwsem#2 [ 61.827787][ T3591] [ 61.839933][ T3591] Possible unsafe locking scenario: [ 61.839933][ T3591] [ 61.847358][ T3591] CPU0 CPU1 [ 61.852697][ T3591] ---- ---- [ 61.858039][ T3591] lock(minor_rwsem#2); [ 61.862263][ T3591] lock(&ictx->lock); [ 61.868826][ T3591] lock(minor_rwsem#2); [ 61.875565][ T3591] lock(driver_lock); [ 61.879611][ T3591] [ 61.879611][ T3591] *** DEADLOCK *** [ 61.879611][ T3591] [ 61.887738][ T3591] 1 lock held by syz-executor184/3591: [ 61.893168][ T3591] #0: ffffffff8ca590b0 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x24/0x2e0 [ 61.901932][ T3591] [ 61.901932][ T3591] stack backtrace: [ 61.907794][ T3591] CPU: 1 PID: 3591 Comm: syz-executor184 Not tainted 5.17.0-rc8-syzkaller #0 [ 61.916529][ T3591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.926645][ T3591] Call Trace: [ 61.929928][ T3591] [ 61.932851][ T3591] dump_stack_lvl+0xcd/0x134 [ 61.937427][ T3591] check_noncircular+0x25f/0x2e0 [ 61.942355][ T3591] ? print_circular_bug+0x1e0/0x1e0 [ 61.947544][ T3591] ? lock_chain_count+0x20/0x20 [ 61.952387][ T3591] __lock_acquire+0x2ad4/0x56c0 [ 61.957231][ T3591] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 61.963203][ T3591] ? lockdep_unlock+0x11c/0x290 [ 61.968045][ T3591] ? __lock_acquire+0x25af/0x56c0 [ 61.973066][ T3591] lock_acquire+0x1ab/0x510 [ 61.977567][ T3591] ? display_open+0x1f/0x220 [ 61.982149][ T3591] ? lock_release+0x720/0x720 [ 61.986806][ T3591] ? __lock_acquire+0x1666/0x56c0 [ 61.991810][ T3591] __mutex_lock+0x12f/0x12f0 [ 61.996390][ T3591] ? display_open+0x1f/0x220 [ 62.000960][ T3591] ? lock_release+0x720/0x720 [ 62.005614][ T3591] ? display_open+0x1f/0x220 [ 62.010185][ T3591] ? mutex_lock_io_nested+0x1150/0x1150 [ 62.015723][ T3591] ? down_read+0x198/0x440 [ 62.020117][ T3591] ? chrdev_open+0x58c/0x770 [ 62.024686][ T3591] ? rwsem_down_read_slowpath+0xa70/0xa70 [ 62.030381][ T3591] ? do_raw_spin_lock+0x120/0x2b0 [ 62.035397][ T3591] display_open+0x1f/0x220 [ 62.039804][ T3591] ? display_close+0x160/0x160 [ 62.044550][ T3591] usb_open+0x204/0x2e0 [ 62.048684][ T3591] ? usb_devnode+0xa0/0xa0 [ 62.053075][ T3591] chrdev_open+0x266/0x770 [ 62.057472][ T3591] ? cdev_device_add+0x220/0x220 [ 62.062392][ T3591] ? fsnotify_perm.part.0+0x22d/0x620 [ 62.067743][ T3591] do_dentry_open+0x4b9/0x1250 [ 62.072488][ T3591] ? cdev_device_add+0x220/0x220 [ 62.077404][ T3591] ? may_open+0x1f6/0x420 [ 62.081710][ T3591] path_openat+0x1c9e/0x2940 [ 62.086378][ T3591] ? lock_chain_count+0x20/0x20 [ 62.091210][ T3591] ? path_lookupat+0x860/0x860 [ 62.095960][ T3591] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 62.102023][ T3591] do_filp_open+0x1aa/0x400 [ 62.106516][ T3591] ? may_open_dev+0xf0/0xf0 [ 62.111011][ T3591] ? rwlock_bug.part.0+0x90/0x90 [ 62.115933][ T3591] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 62.122161][ T3591] ? _find_next_bit+0x1e3/0x260 [ 62.127001][ T3591] ? _raw_spin_unlock+0x24/0x40 [ 62.131855][ T3591] ? alloc_fd+0x2f0/0x670 [ 62.136161][ T3591] do_sys_openat2+0x16d/0x4d0 [ 62.140821][ T3591] ? find_held_lock+0x2d/0x110 [ 62.145567][ T3591] ? build_open_flags+0x6f0/0x6f0 [ 62.150573][ T3591] ? lock_downgrade+0x6e0/0x6e0 [ 62.155404][ T3591] __x64_sys_openat+0x13f/0x1f0 [ 62.160243][ T3591] ? __ia32_sys_open+0x1c0/0x1c0 [ 62.165171][ T3591] ? syscall_enter_from_user_mode+0x21/0x70 [ 62.171050][ T3591] do_syscall_64+0x35/0xb0 [ 62.175542][ T3591] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 62.181421][ T3591] RIP: 0033:0x7fb077f6fce7 [ 62.185819][ T3591] Code: 25 00 00 41 00 3d 00 00 41 00 74 47 64 8b 04 25 18 00 00 00 85 c0 75 6b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 95 00 00 00 48 8b 4c 24 28 64 48 2b 0c 25 [ 62.205407][ T3591] RSP: 002b:00007fffc41d1410 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 62.213824][ T3591] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb077f6fce7 [ 62.221789][ T3591] RDX: 0000000000000002 RSI: 00007fffc41d1490 RDI: 00000000ffffff9c [ 62.229743][ T3591] RBP: 00007fffc41d1490 R08: 0000000000000000 R09: 000000000000000f [ 62.237703][ T3591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 62.245654][ T3591] R13: 0000000000