dhcpcd-9.4.0 starting dev: loaded udev DUID 00:04:38:86:54:de:e3:84:6f:42:f0:0e:4e:a9:8b:37:24:d9 forked to background, child pid 1216 Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.39' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 52.198454][ T1140] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 52.558521][ T1140] usb 1-1: config 204 has an invalid interface number: 37 but max is 2 [ 52.566998][ T1140] usb 1-1: config 204 has an invalid interface association descriptor of length 2, skipping [ 52.577146][ T1140] usb 1-1: config 204 has an invalid interface number: 191 but max is 2 [ 52.585556][ T1140] usb 1-1: config 204 has an invalid interface number: 98 but max is 2 [ 52.593848][ T1140] usb 1-1: config 204 has no interface number 0 [ 52.600272][ T1140] usb 1-1: config 204 has no interface number 1 [ 52.606514][ T1140] usb 1-1: config 204 has no interface number 2 [ 52.612852][ T1140] usb 1-1: config 204 interface 37 altsetting 7 has an invalid endpoint with address 0x80, skipping [ 52.623673][ T1140] usb 1-1: config 204 interface 37 altsetting 7 has an invalid endpoint with address 0xCB, skipping [ 52.634492][ T1140] usb 1-1: config 204 interface 37 altsetting 7 endpoint 0x4 has an invalid bInterval 0, changing to 7 [ 52.645559][ T1140] usb 1-1: config 204 interface 37 altsetting 7 has an invalid endpoint with address 0x97, skipping [ 52.656372][ T1140] usb 1-1: config 204 interface 37 altsetting 7 has a duplicate endpoint with address 0x4, skipping [ 52.667200][ T1140] usb 1-1: config 204 interface 37 altsetting 7 has a duplicate endpoint with address 0x4, skipping [ 52.678064][ T1140] usb 1-1: config 204 interface 37 has no altsetting 0 [ 52.685010][ T1140] usb 1-1: config 204 interface 191 has no altsetting 0 [ 52.692027][ T1140] usb 1-1: config 204 interface 98 has no altsetting 0 [ 52.858540][ T1140] usb 1-1: New USB device found, idVendor=054c, idProduct=0257, bcdDevice=25.0a [ 52.867600][ T1140] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 52.875829][ T1140] usb 1-1: Product: syz [ 52.880015][ T1140] usb 1-1: Manufacturer: syz [ 52.884604][ T1140] usb 1-1: SerialNumber: syz executing program [ 53.689543][ T1140] usb 1-1: reset high-speed USB device number 2 using dummy_hcd [ 54.978492][ T1140] zd1211rw 1-1:204.37: phy0 executing program [ 55.219643][ T1140] zd1211rw 1-1:204.37: error ioread32(CR_REG1): -11 [ 55.588981][ T1140] usb 1-1: reset high-speed USB device number 2 using dummy_hcd [ 56.873412][ T1140] zd1211rw 1-1:204.191: phy1 executing program [ 57.108913][ T1140] zd1211rw 1-1:204.37: error ioread32(CR_REG1): -11 [ 57.115593][ T1140] [ 57.117915][ T1140] ============================================ [ 57.124066][ T1140] WARNING: possible recursive locking detected [ 57.130206][ T1140] 5.19.0-rc4-syzkaller-00118-g8affe37c525d #0 Not tainted [ 57.137297][ T1140] -------------------------------------------- [ 57.143430][ T1140] kworker/0:2/1140 is trying to acquire lock: [ 57.149480][ T1140] ffff88810a10df30 (&chip->mutex){+.+.}-{3:3}, at: zd_chip_disable_rxtx+0x1c/0x40 [ 57.158800][ T1140] [ 57.158800][ T1140] but task is already holding lock: [ 57.166151][ T1140] ffff88811d125f30 (&chip->mutex){+.+.}-{3:3}, at: pre_reset+0x217/0x290 [ 57.174581][ T1140] [ 57.174581][ T1140] other info that might help us debug this: [ 57.182628][ T1140] Possible unsafe locking scenario: [ 57.182628][ T1140] [ 57.190086][ T1140] CPU0 [ 57.193352][ T1140] ---- [ 57.196620][ T1140] lock(&chip->mutex); [ 57.200762][ T1140] lock(&chip->mutex); [ 57.205018][ T1140] [ 57.205018][ T1140] *** DEADLOCK *** [ 57.205018][ T1140] [ 57.213252][ T1140] May be due to missing lock nesting notation [ 57.213252][ T1140] [ 57.221578][ T1140] 6 locks held by kworker/0:2/1140: [ 57.226773][ T1140] #0: ffff888109c17138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x87a/0x1610 [ 57.237647][ T1140] #1: ffffc900029cfda8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8ae/0x1610 [ 57.248871][ T1140] #2: ffff88810f209190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1c1/0x4690 [ 57.257941][ T1140] #3: ffff88811f899190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x76/0x530 [ 57.267156][ T1140] #4: ffff88811f89c118 (&dev->mutex){....}-{3:3}, at: __device_attach+0x76/0x530 [ 57.276519][ T1140] #5: ffff88811d125f30 (&chip->mutex){+.+.}-{3:3}, at: pre_reset+0x217/0x290 [ 57.285489][ T1140] [ 57.285489][ T1140] stack backtrace: [ 57.291369][ T1140] CPU: 0 PID: 1140 Comm: kworker/0:2 Not tainted 5.19.0-rc4-syzkaller-00118-g8affe37c525d #0 [ 57.301542][ T1140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 57.311625][ T1140] Workqueue: usb_hub_wq hub_event [ 57.316651][ T1140] Call Trace: [ 57.319931][ T1140] [ 57.322868][ T1140] dump_stack_lvl+0xcd/0x134 [ 57.327459][ T1140] __lock_acquire.cold+0x1f5/0x3b4 [ 57.332667][ T1140] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 57.338649][ T1140] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 57.344634][ T1140] lock_acquire+0x1ab/0x570 [ 57.349229][ T1140] ? zd_chip_disable_rxtx+0x1c/0x40 [ 57.354444][ T1140] ? lock_release+0x780/0x780 [ 57.359161][ T1140] __mutex_lock+0x12f/0x1350 [ 57.363750][ T1140] ? zd_chip_disable_rxtx+0x1c/0x40 [ 57.368944][ T1140] ? rcu_read_lock_sched_held+0x3a/0x70 [ 57.374674][ T1140] ? trace_contention_end+0xea/0x150 [ 57.379951][ T1140] ? zd_chip_disable_rxtx+0x1c/0x40 [ 57.385365][ T1140] ? mutex_lock_io_nested+0x1190/0x1190 [ 57.390914][ T1140] ? pre_reset+0x217/0x290 [ 57.395329][ T1140] ? mutex_lock_io_nested+0x1190/0x1190 [ 57.400872][ T1140] ? mark_held_locks+0x9f/0xe0 [ 57.405638][ T1140] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 57.411556][ T1140] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 57.417374][ T1140] zd_chip_disable_rxtx+0x1c/0x40 [ 57.422417][ T1140] zd_op_stop+0x60/0x1a0 [ 57.426750][ T1140] pre_reset+0x19d/0x290 [ 57.430996][ T1140] usb_reset_device+0x37d/0x9a0 [ 57.435841][ T1140] ? zd_usb_disable_tx+0x170/0x170 [ 57.441006][ T1140] probe+0x10f/0x590 [ 57.444895][ T1140] usb_probe_interface+0x315/0x7f0 [ 57.449997][ T1140] ? usb_match_dynamic_id+0x1a0/0x1a0 [ 57.455368][ T1140] really_probe+0x23e/0xb90 [ 57.459863][ T1140] __driver_probe_device+0x338/0x4d0 [ 57.465142][ T1140] ? usb_match_id.part.0+0x15d/0x1b0 [ 57.470431][ T1140] driver_probe_device+0x4c/0x1a0 [ 57.475536][ T1140] __device_attach_driver+0x20b/0x2f0 [ 57.480903][ T1140] ? driver_allows_async_probing+0x170/0x170 [ 57.486872][ T1140] bus_for_each_drv+0x15f/0x1e0 [ 57.491726][ T1140] ? bus_for_each_dev+0x1d0/0x1d0 [ 57.496743][ T1140] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 57.502543][ T1140] ? lockdep_hardirqs_on+0x79/0x100 [ 57.507730][ T1140] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 57.513526][ T1140] __device_attach+0x1e4/0x530 [ 57.518374][ T1140] ? device_driver_attach+0x210/0x210 [ 57.523735][ T1140] ? kobject_uevent_env+0x2ac/0x1660 [ 57.529112][ T1140] bus_probe_device+0x1e4/0x290 [ 57.533953][ T1140] device_add+0xbda/0x1ea0 [ 57.538366][ T1140] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0 [ 57.544693][ T1140] ? usb_cache_string+0x102/0x140 [ 57.549831][ T1140] ? usb_string+0x3d4/0x530 [ 57.554328][ T1140] ? create_intf_ep_devs.isra.0+0x4a/0x1f0 [ 57.560129][ T1140] usb_set_configuration+0x101e/0x1900 [ 57.565603][ T1140] usb_generic_driver_probe+0xba/0x100 [ 57.571096][ T1140] usb_probe_device+0xd9/0x2c0 [ 57.575904][ T1140] ? usb_driver_release_interface+0x180/0x180 [ 57.582065][ T1140] really_probe+0x23e/0xb90 [ 57.586584][ T1140] __driver_probe_device+0x338/0x4d0 [ 57.591885][ T1140] driver_probe_device+0x4c/0x1a0 [ 57.597353][ T1140] __device_attach_driver+0x20b/0x2f0 [ 57.602749][ T1140] ? driver_allows_async_probing+0x170/0x170 [ 57.608762][ T1140] bus_for_each_drv+0x15f/0x1e0 [ 57.613617][ T1140] ? bus_for_each_dev+0x1d0/0x1d0 [ 57.618641][ T1140] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 57.624554][ T1140] ? lockdep_hardirqs_on+0x79/0x100 [ 57.629771][ T1140] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 57.635607][ T1140] __device_attach+0x1e4/0x530 [ 57.640373][ T1140] ? device_driver_attach+0x210/0x210 [ 57.645741][ T1140] ? kobject_uevent_env+0x2ac/0x1660 [ 57.651020][ T1140] bus_probe_device+0x1e4/0x290 [ 57.656008][ T1140] device_add+0xbda/0x1ea0 [ 57.660455][ T1140] ? lockdep_hardirqs_on+0x79/0x100 [ 57.665746][ T1140] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0 [ 57.671996][ T1140] ? add_device_randomness+0xb4/0xe0 [ 57.677304][ T1140] usb_new_device.cold+0x641/0x1091 [ 57.682605][ T1140] ? hub_disconnect+0x510/0x510 [ 57.687460][ T1140] ? rwlock_bug.part.0+0x90/0x90 [ 57.692398][ T1140] ? _raw_spin_unlock_irq+0x1f/0x40 [ 57.697608][ T1140] ? _raw_spin_unlock_irq+0x1f/0x40 [ 57.702802][ T1140] hub_event+0x25d5/0x4690 [ 57.707227][ T1140] ? hub_port_debounce+0x3c0/0x3c0 [ 57.712354][ T1140] ? lock_release+0x780/0x780 [ 57.717049][ T1140] ? lock_downgrade+0x6e0/0x6e0 [ 57.721928][ T1140] ? do_raw_spin_lock+0x120/0x2a0 [ 57.726955][ T1140] process_one_work+0x996/0x1610 [ 57.731980][ T1140] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 57.737343][ T1140] ? rwlock_bug.part.0+0x90/0x90 [ 57.742280][ T1140] ? _raw_spin_lock_irq+0x41/0x50 [ 57.747309][ T1140] worker_thread+0x665/0x1080 [ 57.751983][ T1140] ? __kthread_parkme+0x15f/0x220 [ 57.757002][ T1140] ? process_one_work+0x1610/0x1610 [ 57.762232][ T1140] kthread+0x2ef/0x3a0 [ 57.766301][ T1140] ? kthread_complete_and_exit+0x40/0x40 [ 57.771939][ T1140] ret_from_fork+0x1f/0x30 [ 57.776398][ T1140] [ 57.779610][ T1140] zd1211rw 1-1:204.191: error ioread32(CR_REG1): -11 [ 58.148600][ T1140] usb 1-1: reset high-speed USB device number 2 using dummy_hcd [ 59.428553][ T1140] ieee80211 phy2: Selected rate control algorithm 'minstrel_ht' [ 59.440298][ T1140] zd1211rw 1-1:204.98: phy2 executing program [ 59.631801][ T1140] usb 1-1: USB disconnect, device number 2 [ 60.178430][ T1140] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 60.538463][ T1140] usb 1-1: config 204 has an invalid interface number: 37 but max is 2 [ 60.546723][ T1140] usb 1-1: config 204 has an invalid interface association descriptor of length 2, skipping [ 60.556814][ T1140] usb 1-1: config 204 has an invalid interface number: 191 but max is 2 [ 60.565154][ T1140] usb 1-1: config 204 has an invalid interface number: 98 but max is 2 [ 60.573431][ T1140] usb 1-1: config 204 has no interface number 0 [ 60.579687][ T1140] usb 1-1: config 204 has no interface number 1 [ 60.585934][ T1140] usb 1-1: config 204 has no interface number 2 [ 60.592228][ T1140] usb 1-1: config 204 interface 37 altsetting 7 has an invalid endpoint with address 0x80, skipping [ 60.603009][ T1140] usb 1-1: config 204 interface 37 altsetting 7 has an invalid endpoint with address 0xCB, skipping [ 60.613788][ T1140] usb 1-1: config 204 interface 37 altsetting 7 endpoint 0x4 has an invalid bInterval 0, changing to 7 [ 60.624922][ T1140] usb 1-1: config 204 interface 37 altsetting 7 has an invalid endpoint with address 0x97, skipping [ 60.635804][ T1140] usb 1-1: config 204 interface 37 altsetting 7 has a duplicate endpoint with address 0x4, skipping [ 60.646719][ T1140] usb 1-1: config 204 interface 37 altsetting 7 has a duplicate endpoint with address 0x4, skipping [ 60.657608][ T1140] usb 1-1: config 204 interface 37 has no altsetting 0 [ 60.664578][ T1140] usb 1-1: config 204 interface 191 has no altsetting 0 [ 60.671555][ T1140] usb 1-1: config 204 interface 98 has no altsetting 0 [ 60.838521][ T1140] usb 1-1: New USB device found, idVendor=054c, idProduct=0257, bcdDevice=25.0a [ 60.847596][ T1140] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 60.855612][ T1140] usb 1-1: Product: syz [ 60.859800][ T1140] usb 1-1: Manufacturer: syz [ 60.864427][ T1140] usb 1-1: SerialNumber: syz executing program [ 61.668618][ T1140] usb 1-1: reset high-speed USB device number 3 using dummy_hcd [ 62.948567][ T1140] ieee80211 phy3: Selected rate control algorithm 'minstrel_ht' [ 62.960232][ T1140] zd1211rw 1-1:204.37: phy3 executing program [ 63.188895][ T1140] zd1211rw 1-1:204.37: error ioread32(CR_REG1): -11 [ 63.558614][ T1140] usb 1-1: reset high-speed USB device number 3 using dummy_hcd [ 64.848580][ T1140] ieee80211 phy4: Selected rate control algorithm 'minstrel_ht' [ 64.860224][ T1140] zd1211rw 1-1:204.191: phy4 executing program [ 65.098684][ T1140] zd1211rw 1-1:204.37: error ioread32(CR_REG1): -11 [ 65.105633][ T1140] zd1211rw 1-1:204.191: error ioread32(CR_REG1): -11 [ 65.478550][ T1140] usb 1-1: reset high-speed USB device number 3 using dummy_hcd [ 66.758553][ T1140] ieee80211 phy5: Selected rate control algorithm 'minstrel_ht' [ 66.770618][ T1140] zd1211rw 1-1:204.98: phy5 executing program [ 66.959636][ T1140] usb 1-1: USB disconnect, device number 3