Warning: Permanently added '10.128.1.107' (ED25519) to the list of known hosts. executing program [ 32.285834][ T29] audit: type=1400 audit(1728724368.637:80): avc: denied { execmem } for pid=2645 comm="syz-executor145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 32.306859][ T29] audit: type=1400 audit(1728724368.637:81): avc: denied { read write } for pid=2646 comm="syz-executor145" name="raw-gadget" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 32.330813][ T29] audit: type=1400 audit(1728724368.637:82): avc: denied { open } for pid=2646 comm="syz-executor145" path="/dev/raw-gadget" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 32.354635][ T29] audit: type=1400 audit(1728724368.637:83): avc: denied { ioctl } for pid=2646 comm="syz-executor145" path="/dev/raw-gadget" dev="devtmpfs" ino=140 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 32.530213][ T41] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 32.690053][ T41] usb 1-1: Using ep0 maxpacket: 32 [ 32.697074][ T41] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 32.709358][ T41] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 32.718436][ T41] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 32.726631][ T41] usb 1-1: Product: syz [ 32.730827][ T41] usb 1-1: Manufacturer: syz [ 32.735425][ T41] usb 1-1: SerialNumber: syz [ 32.742760][ T41] usb 1-1: config 0 descriptor?? [ 32.748680][ T2646] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 executing program [ 32.960381][ T9] usb 1-1: USB disconnect, device number 2 [ 33.310104][ T9] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 33.460094][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 33.466707][ T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 33.478588][ T9] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 33.487679][ T9] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 33.495897][ T9] usb 1-1: Product: syz [ 33.500151][ T9] usb 1-1: Manufacturer: syz [ 33.504754][ T9] usb 1-1: SerialNumber: syz [ 33.510944][ T9] usb 1-1: config 0 descriptor?? [ 33.516625][ T2649] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 executing program [ 33.725839][ T41] usb 1-1: USB disconnect, device number 3 [ 34.070125][ T41] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 34.220098][ T41] usb 1-1: Using ep0 maxpacket: 32 [ 34.226535][ T41] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 34.238359][ T41] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 34.247576][ T41] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 34.255869][ T41] usb 1-1: Product: syz [ 34.260111][ T41] usb 1-1: Manufacturer: syz [ 34.264722][ T41] usb 1-1: SerialNumber: syz [ 34.270983][ T41] usb 1-1: config 0 descriptor?? [ 34.276578][ T2651] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 executing program [ 34.486176][ T9] usb 1-1: USB disconnect, device number 4 [ 34.830116][ T9] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 34.980080][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 34.986682][ T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 34.998595][ T9] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 35.007715][ T9] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 35.015969][ T9] usb 1-1: Product: syz [ 35.020184][ T9] usb 1-1: Manufacturer: syz [ 35.024786][ T9] usb 1-1: SerialNumber: syz [ 35.031140][ T9] usb 1-1: config 0 descriptor?? [ 35.036522][ T2653] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 executing program [ 35.245674][ T9] usb 1-1: USB disconnect, device number 5 [ 35.590076][ T9] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 35.740070][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 35.746681][ T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 35.758742][ T9] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 35.767885][ T9] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 35.776118][ T9] usb 1-1: Product: syz [ 35.780316][ T9] usb 1-1: Manufacturer: syz [ 35.784900][ T9] usb 1-1: SerialNumber: syz [ 35.791217][ T9] usb 1-1: config 0 descriptor?? [ 35.796696][ T2654] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 executing program [ 36.005969][ T41] usb 1-1: USB disconnect, device number 6 [ 36.012774][ T2655] [ 36.015134][ T2655] ====================================================== [ 36.022151][ T2655] WARNING: possible circular locking dependency detected [ 36.029166][ T2655] 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53 #0 Not tainted [ 36.036276][ T2655] ------------------------------------------------------ [ 36.043372][ T2655] syz-executor145/2655 is trying to acquire lock: [ 36.049762][ T2655] ffffffff89b120e8 (chaoskey_list_lock){+.+.}-{3:3}, at: chaoskey_open+0xdd/0x220 [ 36.059076][ T2655] [ 36.059076][ T2655] but task is already holding lock: [ 36.066443][ T2655] ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 [ 36.075056][ T2655] [ 36.075056][ T2655] which lock already depends on the new lock. [ 36.075056][ T2655] [ 36.085460][ T2655] [ 36.085460][ T2655] the existing dependency chain (in reverse order) is: [ 36.094499][ T2655] [ 36.094499][ T2655] -> #1 (minor_rwsem){++++}-{3:3}: [ 36.101791][ T2655] down_write+0x93/0x200 [ 36.106552][ T2655] usb_deregister_dev+0x7c/0x1e0 [ 36.112007][ T2655] chaoskey_disconnect+0xb7/0x2a0 [ 36.117575][ T2655] usb_unbind_interface+0x1e8/0x970 [ 36.123281][ T2655] device_remove+0x122/0x170 [ 36.128405][ T2655] device_release_driver_internal+0x44a/0x610 [ 36.134989][ T2655] bus_remove_device+0x22f/0x420 [ 36.140454][ T2655] device_del+0x396/0x9f0 [ 36.145303][ T2655] usb_disable_device+0x36c/0x7f0 [ 36.150848][ T2655] usb_disconnect+0x2e1/0x920 [ 36.156037][ T2655] hub_event+0x1bed/0x4f40 [ 36.160997][ T2655] process_one_work+0x9c5/0x1ba0 [ 36.166454][ T2655] worker_thread+0x6c8/0xf00 [ 36.171568][ T2655] kthread+0x2c1/0x3a0 [ 36.176255][ T2655] ret_from_fork+0x45/0x80 [ 36.181203][ T2655] ret_from_fork_asm+0x1a/0x30 [ 36.186488][ T2655] [ 36.186488][ T2655] -> #0 (chaoskey_list_lock){+.+.}-{3:3}: [ 36.194499][ T2655] __lock_acquire+0x250b/0x3ce0 [ 36.199883][ T2655] lock_acquire.part.0+0x11b/0x380 [ 36.205518][ T2655] __mutex_lock+0x175/0x9c0 [ 36.210533][ T2655] chaoskey_open+0xdd/0x220 [ 36.215548][ T2655] usb_open+0x186/0x220 [ 36.220213][ T2655] chrdev_open+0x237/0x6a0 [ 36.225135][ T2655] do_dentry_open+0x6cb/0x1390 [ 36.230409][ T2655] vfs_open+0x82/0x3f0 [ 36.234988][ T2655] path_openat+0x1e6a/0x2d60 [ 36.240088][ T2655] do_filp_open+0x1dc/0x430 [ 36.245105][ T2655] do_sys_openat2+0x17a/0x1e0 [ 36.250295][ T2655] __x64_sys_openat+0x175/0x210 [ 36.255674][ T2655] do_syscall_64+0xcd/0x250 [ 36.260692][ T2655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 36.267098][ T2655] [ 36.267098][ T2655] other info that might help us debug this: [ 36.267098][ T2655] [ 36.277308][ T2655] Possible unsafe locking scenario: [ 36.277308][ T2655] [ 36.284738][ T2655] CPU0 CPU1 [ 36.290107][ T2655] ---- ---- [ 36.295451][ T2655] rlock(minor_rwsem); [ 36.299596][ T2655] lock(chaoskey_list_lock); [ 36.306774][ T2655] lock(minor_rwsem); [ 36.313347][ T2655] lock(chaoskey_list_lock); [ 36.318006][ T2655] [ 36.318006][ T2655] *** DEADLOCK *** [ 36.318006][ T2655] [ 36.326134][ T2655] 1 lock held by syz-executor145/2655: [ 36.331573][ T2655] #0: ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_open+0x23/0x220 [ 36.340174][ T2655] [ 36.340174][ T2655] stack backtrace: [ 36.346050][ T2655] CPU: 0 UID: 0 PID: 2655 Comm: syz-executor145 Not tainted 6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53 #0 [ 36.357332][ T2655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 36.367404][ T2655] Call Trace: [ 36.370703][ T2655] [ 36.373625][ T2655] dump_stack_lvl+0x116/0x1f0 [ 36.378314][ T2655] print_circular_bug+0x41c/0x610 [ 36.383370][ T2655] check_noncircular+0x31a/0x400 [ 36.388325][ T2655] ? __pfx_check_noncircular+0x10/0x10 [ 36.393786][ T2655] ? lockdep_lock+0xc6/0x200 [ 36.398402][ T2655] ? lockdep_lock+0xc6/0x200 [ 36.403008][ T2655] ? __pfx_lockdep_lock+0x10/0x10 [ 36.408039][ T2655] ? __lock_acquire+0x163e/0x3ce0 [ 36.413078][ T2655] __lock_acquire+0x250b/0x3ce0 [ 36.417926][ T2655] ? __pfx___lock_acquire+0x10/0x10 [ 36.423117][ T2655] ? lock_acquire.part.0+0x11b/0x380 [ 36.428392][ T2655] ? find_held_lock+0x2d/0x110 [ 36.433141][ T2655] lock_acquire.part.0+0x11b/0x380 [ 36.438253][ T2655] ? chaoskey_open+0xdd/0x220 [ 36.442918][ T2655] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 36.448545][ T2655] ? rcu_is_watching+0x12/0xc0 [ 36.453304][ T2655] ? trace_lock_acquire+0x14a/0x1d0 [ 36.458490][ T2655] ? chaoskey_open+0xdd/0x220 [ 36.463153][ T2655] ? lock_acquire+0x2f/0xb0 [ 36.467645][ T2655] ? chaoskey_open+0xdd/0x220 [ 36.472311][ T2655] __mutex_lock+0x175/0x9c0 [ 36.476805][ T2655] ? chaoskey_open+0xdd/0x220 [ 36.481474][ T2655] ? bus_find_device+0x181/0x1e0 [ 36.486405][ T2655] ? chaoskey_open+0xdd/0x220 [ 36.491070][ T2655] ? __pfx_rwsem_read_trylock+0x10/0x10 [ 36.496601][ T2655] ? __pfx___mutex_lock+0x10/0x10 [ 36.501624][ T2655] ? kobject_put+0xab/0x5a0 [ 36.506140][ T2655] ? usb_find_interface+0xb4/0xf0 [ 36.511247][ T2655] ? __pfx_usb_find_interface+0x10/0x10 [ 36.516784][ T2655] ? chaoskey_open+0xdd/0x220 [ 36.521449][ T2655] chaoskey_open+0xdd/0x220 [ 36.525941][ T2655] ? __pfx_chaoskey_open+0x10/0x10 [ 36.531058][ T2655] usb_open+0x186/0x220 [ 36.535202][ T2655] ? __pfx_usb_open+0x10/0x10 [ 36.539863][ T2655] chrdev_open+0x237/0x6a0 [ 36.544272][ T2655] ? __pfx_chrdev_open+0x10/0x10 [ 36.549194][ T2655] ? lockref_get+0x15/0x50 [ 36.553616][ T2655] do_dentry_open+0x6cb/0x1390 [ 36.558379][ T2655] ? __pfx_chrdev_open+0x10/0x10 [ 36.563304][ T2655] ? inode_permission+0xdd/0x5f0 [ 36.568231][ T2655] vfs_open+0x82/0x3f0 [ 36.572313][ T2655] ? may_open+0x1f2/0x400 [ 36.576658][ T2655] path_openat+0x1e6a/0x2d60 [ 36.581260][ T2655] ? __pfx_path_openat+0x10/0x10 [ 36.586188][ T2655] ? __pfx___lock_acquire+0x10/0x10 [ 36.591376][ T2655] do_filp_open+0x1dc/0x430 [ 36.595879][ T2655] ? __pfx_do_filp_open+0x10/0x10 [ 36.600896][ T2655] ? find_held_lock+0x2d/0x110 [ 36.605673][ T2655] ? _raw_spin_unlock+0x28/0x50 [ 36.610541][ T2655] ? alloc_fd+0x2d7/0x6c0 [ 36.614869][ T2655] do_sys_openat2+0x17a/0x1e0 [ 36.619539][ T2655] ? __pfx_do_sys_openat2+0x10/0x10 [ 36.624740][ T2655] ? do_user_addr_fault+0xd97/0x12c0 [ 36.630016][ T2655] ? __pfx_lock_release+0x10/0x10 [ 36.635029][ T2655] ? trace_lock_acquire+0x14a/0x1d0 [ 36.640213][ T2655] __x64_sys_openat+0x175/0x210 [ 36.645068][ T2655] ? __pfx___x64_sys_openat+0x10/0x10 [ 36.650446][ T2655] ? do_user_addr_fault+0x839/0x12c0 [ 36.655745][ T2655] do_syscall_64+0xcd/0x250 [ 36.660242][ T2655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 36.666129][ T2655] RIP: 0033:0x7fb0ccb4d361 [ 36.670540][ T2655] Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d 2a 8d 07 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 93 00 00 00 48 8b 54 24 28 64 48 2b 14 25 [ 36.690414][ T2655] RSP: 002b:00007fff9c9d3660 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 36.698813][ T2655] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fb0ccb4d361 [ 36.706770][ T2655] RDX: 0000000000000002 RSI: 00007fff9c9d36e0 RDI: 00000000ffffff9c [ 36.714729][ T2655] RBP: 00007fff9c9d36e0 R08: 000000000000000f R09: 00007fff9c9d3477 [ 36.722689][ T2655] R10: 0000000000000000 R11: 0000000000000202 R12: 00007fff9c9d377c [ 36.730658][ T2655] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 [ 36.738725][ T2655]