[ 45.230328][ T29] audit: type=1400 audit(1726122130.482:100): avc: denied { open } for pid=2527 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 45.253315][ T29] audit: type=1400 audit(1726122130.482:101): avc: denied { getattr } for pid=2527 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 45.396469][ T29] audit: type=1400 audit(1726122130.672:102): avc: denied { read write } for pid=2653 comm="syz-executor.0" name="loop0" dev="devtmpfs" ino=100 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 45.438242][ T29] audit: type=1400 audit(1726122130.672:103): avc: denied { open } for pid=2653 comm="syz-executor.0" path="/dev/loop0" dev="devtmpfs" ino=100 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 45.462736][ T29] audit: type=1400 audit(1726122130.672:104): avc: denied { ioctl } for pid=2653 comm="syz-executor.0" path="/dev/loop0" dev="devtmpfs" ino=100 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 45.509553][ T2653] syz-executor.0 (2653) used greatest stack depth: 22592 bytes left [ 55.938462][ T29] audit: type=1400 audit(1726122141.212:105): avc: denied { transition } for pid=3108 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 55.960620][ T29] audit: type=1400 audit(1726122141.212:106): avc: denied { noatsecure } for pid=3108 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 55.979856][ T29] audit: type=1400 audit(1726122141.212:107): avc: denied { rlimitinh } for pid=3108 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 55.998768][ T29] audit: type=1400 audit(1726122141.212:108): avc: denied { siginh } for pid=3108 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.1.190' (ED25519) to the list of known hosts. 2024/09/12 06:22:30 ignoring optional flag "sandboxArg"="0" 2024/09/12 06:22:31 parsed 1 programs 2024/09/12 06:22:31 executed programs: 0 [ 65.912262][ T29] audit: type=1400 audit(1726122151.192:109): avc: denied { mounton } for pid=3122 comm="syz-executor" path="/syzcgroup/unified" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 65.914153][ T3122] cgroup: Unknown subsys name 'net' [ 65.946637][ T3122] cgroup: Unknown subsys name 'rlimit' [ 68.242260][ T29] audit: type=1400 audit(1726122153.522:110): avc: denied { create } for pid=3126 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 68.265665][ T29] audit: type=1400 audit(1726122153.522:111): avc: denied { write } for pid=3126 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 68.287202][ T29] audit: type=1400 audit(1726122153.552:112): avc: denied { read } for pid=3126 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 75.300849][ T29] audit: type=1400 audit(1726122160.582:113): avc: denied { write } for pid=3576 comm="syz-executor.0" name="raw-gadget" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 75.337321][ T29] audit: type=1400 audit(1726122160.582:114): avc: denied { ioctl } for pid=3576 comm="syz-executor.0" path="/dev/raw-gadget" dev="devtmpfs" ino=140 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 75.569002][ T42] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 75.751030][ T42] usb 1-1: config 204 has an invalid interface number: 37 but max is 2 [ 75.759477][ T42] usb 1-1: config 204 has an invalid interface association descriptor of length 2, skipping [ 75.769598][ T42] usb 1-1: config 204 has an invalid interface number: 191 but max is 2 [ 75.777945][ T42] usb 1-1: config 204 has an invalid interface number: 98 but max is 2 [ 75.786263][ T42] usb 1-1: config 204 has no interface number 0 [ 75.792547][ T42] usb 1-1: config 204 has no interface number 1 [ 75.798860][ T42] usb 1-1: config 204 has no interface number 2 [ 75.805365][ T42] usb 1-1: config 204 interface 37 altsetting 7 has an invalid descriptor for endpoint zero, skipping [ 75.816342][ T42] usb 1-1: config 204 interface 37 altsetting 7 has an endpoint descriptor with address 0xCB, changing to 0x8B [ 75.828141][ T42] usb 1-1: config 204 interface 37 altsetting 7 endpoint 0x8B has an invalid bInterval 178, changing to 11 [ 75.839578][ T42] usb 1-1: config 204 interface 37 altsetting 7 endpoint 0x4 has an invalid bInterval 0, changing to 7 [ 75.850640][ T42] usb 1-1: config 204 interface 37 altsetting 7 has an endpoint descriptor with address 0x97, changing to 0x87 [ 75.862588][ T42] usb 1-1: config 204 interface 37 altsetting 7 has a duplicate endpoint with address 0x4, skipping [ 75.873406][ T42] usb 1-1: config 204 interface 37 altsetting 7 has a duplicate endpoint with address 0x4, skipping [ 75.884283][ T42] usb 1-1: config 204 interface 37 has no altsetting 0 [ 75.891181][ T42] usb 1-1: config 204 interface 191 has no altsetting 0 [ 75.898132][ T42] usb 1-1: config 204 interface 98 has no altsetting 0 [ 75.907434][ T42] usb 1-1: New USB device found, idVendor=054c, idProduct=0257, bcdDevice=25.0a [ 75.916549][ T42] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 75.924610][ T42] usb 1-1: Product: syz [ 75.928809][ T42] usb 1-1: Manufacturer: syz [ 75.933402][ T42] usb 1-1: SerialNumber: syz [ 76.149399][ C1] raw-gadget.0 gadget.0: ignoring, device is not running 2024/09/12 06:22:41 executed programs: 1 [ 77.050072][ T42] usb 1-1: reset high-speed USB device number 2 using dummy_hcd [ 78.067580][ T42] zd1211rw 1-1:204.37: phy0 [ 78.250776][ T42] zd1211rw 1-1:204.37: error ioread32(CR_REG1): -11 [ 79.160004][ T42] usb 1-1: reset high-speed USB device number 2 using dummy_hcd [ 80.170771][ T42] zd1211rw 1-1:204.191: phy1 [ 80.356489][ T42] zd1211rw 1-1:204.37: error ioread32(CR_REG1): -11 [ 80.363247][ T42] [ 80.365572][ T42] ============================================ [ 80.371704][ T42] WARNING: possible recursive locking detected [ 80.377837][ T42] 6.11.0-rc7-syzkaller-00138-ge5fa8db0be3e #0 Not tainted [ 80.384925][ T42] -------------------------------------------- [ 80.391052][ T42] kworker/1:2/42 is trying to acquire lock: [ 80.396921][ T42] ffff888118c3dc70 (&chip->mutex){+.+.}-{3:3}, at: zd_chip_disable_rxtx+0x1f/0x50 [ 80.406157][ T42] [ 80.406157][ T42] but task is already holding lock: [ 80.413507][ T42] ffff88811d335c70 (&chip->mutex){+.+.}-{3:3}, at: pre_reset+0x20b/0x280 [ 80.421923][ T42] [ 80.421923][ T42] other info that might help us debug this: [ 80.430054][ T42] Possible unsafe locking scenario: [ 80.430054][ T42] [ 80.437512][ T42] CPU0 [ 80.440771][ T42] ---- [ 80.444032][ T42] lock(&chip->mutex); [ 80.448174][ T42] lock(&chip->mutex); [ 80.452338][ T42] [ 80.452338][ T42] *** DEADLOCK *** [ 80.452338][ T42] [ 80.460463][ T42] May be due to missing lock nesting notation [ 80.460463][ T42] [ 80.468764][ T42] 6 locks held by kworker/1:2/42: [ 80.473865][ T42] #0: ffff8881066bb548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40 [ 80.484644][ T42] #1: ffffc900004d7d80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40 [ 80.495939][ T42] #2: ffff888109373190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1be/0x4f40 [ 80.504820][ T42] #3: ffff888105a9e190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7f/0x4b0 [ 80.514028][ T42] #4: ffff888102ec7160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7f/0x4b0 [ 80.523233][ T42] #5: ffff88811d335c70 (&chip->mutex){+.+.}-{3:3}, at: pre_reset+0x20b/0x280 [ 80.532089][ T42] [ 80.532089][ T42] stack backtrace: [ 80.537962][ T42] CPU: 1 UID: 0 PID: 42 Comm: kworker/1:2 Not tainted 6.11.0-rc7-syzkaller-00138-ge5fa8db0be3e #0 [ 80.548559][ T42] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 80.558693][ T42] Workqueue: usb_hub_wq hub_event [ 80.563724][ T42] Call Trace: [ 80.567079][ T42] [ 80.569995][ T42] dump_stack_lvl+0x116/0x1f0 [ 80.574670][ T42] __lock_acquire+0x2167/0x3cb0 [ 80.579513][ T42] ? __pfx___lock_acquire+0x10/0x10 [ 80.584700][ T42] ? __pfx___lock_acquire+0x10/0x10 [ 80.589971][ T42] lock_acquire+0x1b1/0x560 [ 80.594465][ T42] ? zd_chip_disable_rxtx+0x1f/0x50 [ 80.599703][ T42] ? __pfx_lock_acquire+0x10/0x10 [ 80.604728][ T42] ? __pfx___might_resched+0x10/0x10 [ 80.610014][ T42] ? __pfx___mutex_trylock_common+0x10/0x10 [ 80.615903][ T42] __mutex_lock+0x175/0x9c0 [ 80.620402][ T42] ? zd_chip_disable_rxtx+0x1f/0x50 [ 80.625606][ T42] ? trace_contention_end+0xea/0x140 [ 80.630887][ T42] ? zd_chip_disable_rxtx+0x1f/0x50 [ 80.636081][ T42] ? __mutex_lock+0x1a6/0x9c0 [ 80.640763][ T42] ? __pfx___mutex_lock+0x10/0x10 [ 80.645772][ T42] ? zd_usb_disable_int+0x17a/0x1b0 [ 80.650952][ T42] ? pre_reset+0x20b/0x280 [ 80.655356][ T42] ? zd_chip_disable_rxtx+0x1f/0x50 [ 80.660555][ T42] zd_chip_disable_rxtx+0x1f/0x50 [ 80.665568][ T42] zd_op_stop+0x64/0x1a0 [ 80.669818][ T42] pre_reset+0x191/0x280 [ 80.674047][ T42] usb_reset_device+0x413/0xa80 [ 80.678887][ T42] ? __pfx_pre_reset+0x10/0x10 [ 80.683649][ T42] probe+0x118/0x970 [ 80.687551][ T42] usb_probe_interface+0x309/0x9d0 [ 80.692661][ T42] ? __pfx_usb_probe_interface+0x10/0x10 [ 80.698292][ T42] really_probe+0x23e/0xa90 [ 80.702850][ T42] __driver_probe_device+0x1de/0x440 [ 80.708142][ T42] driver_probe_device+0x4c/0x1b0 [ 80.713192][ T42] __device_attach_driver+0x1df/0x310 [ 80.718559][ T42] ? __pfx___device_attach_driver+0x10/0x10 [ 80.724471][ T42] bus_for_each_drv+0x157/0x1e0 [ 80.729324][ T42] ? __pfx_bus_for_each_drv+0x10/0x10 [ 80.734683][ T42] ? lockdep_hardirqs_on+0x7c/0x110 [ 80.739872][ T42] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 80.745698][ T42] __device_attach+0x1e8/0x4b0 [ 80.750454][ T42] ? __pfx___device_attach+0x10/0x10 [ 80.755817][ T42] ? do_raw_spin_unlock+0x172/0x230 [ 80.761008][ T42] bus_probe_device+0x17f/0x1c0 [ 80.765850][ T42] device_add+0x114b/0x1a70 [ 80.770353][ T42] ? __pfx_device_add+0x10/0x10 [ 80.775195][ T42] ? kfree+0x10b/0x380 [ 80.779255][ T42] ? create_intf_ep_devs.isra.0+0x4a/0x200 [ 80.785063][ T42] usb_set_configuration+0x10cb/0x1c50 [ 80.790639][ T42] ? __pfx_usb_generic_driver_probe+0x10/0x10 [ 80.796717][ T42] usb_generic_driver_probe+0xb1/0x110 [ 80.802196][ T42] usb_probe_device+0xec/0x3e0 [ 80.806952][ T42] ? __pfx_usb_probe_device+0x10/0x10 [ 80.812396][ T42] really_probe+0x23e/0xa90 [ 80.816912][ T42] __driver_probe_device+0x1de/0x440 [ 80.822207][ T42] ? usb_driver_applicable+0x1c7/0x220 [ 80.827653][ T42] driver_probe_device+0x4c/0x1b0 [ 80.832683][ T42] __device_attach_driver+0x1df/0x310 [ 80.838043][ T42] ? __pfx___device_attach_driver+0x10/0x10 [ 80.844029][ T42] bus_for_each_drv+0x157/0x1e0 [ 80.848879][ T42] ? __pfx_bus_for_each_drv+0x10/0x10 [ 80.854249][ T42] ? lockdep_hardirqs_on+0x7c/0x110 [ 80.859439][ T42] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 80.865251][ T42] __device_attach+0x1e8/0x4b0 [ 80.870025][ T42] ? __pfx___device_attach+0x10/0x10 [ 80.875307][ T42] ? do_raw_spin_unlock+0x172/0x230 [ 80.880594][ T42] bus_probe_device+0x17f/0x1c0 [ 80.885440][ T42] device_add+0x114b/0x1a70 [ 80.889945][ T42] ? __pfx_device_add+0x10/0x10 [ 80.894794][ T42] ? add_device_randomness+0xb8/0xf0 [ 80.900075][ T42] usb_new_device+0xd90/0x1a10 [ 80.904840][ T42] ? __pfx_usb_new_device+0x10/0x10 [ 80.910130][ T42] hub_event+0x2e58/0x4f40 [ 80.914558][ T42] ? __pfx_hub_event+0x10/0x10 [ 80.919332][ T42] ? __pfx_lock_acquire+0x10/0x10 [ 80.924361][ T42] ? __pfx_lock_release+0x10/0x10 [ 80.929385][ T42] process_one_work+0x9c5/0x1b40 [ 80.934325][ T42] ? __pfx_hcd_resume_work+0x10/0x10 [ 80.939602][ T42] ? __pfx_process_one_work+0x10/0x10 [ 80.944974][ T42] ? assign_work+0x1a0/0x250 [ 80.949560][ T42] worker_thread+0x6c8/0xed0 [ 80.954157][ T42] ? __kthread_parkme+0x148/0x220 [ 80.959189][ T42] ? __pfx_worker_thread+0x10/0x10 [ 80.964383][ T42] kthread+0x2c1/0x3a0 [ 80.968447][ T42] ? _raw_spin_unlock_irq+0x23/0x50 [ 80.973647][ T42] ? __pfx_kthread+0x10/0x10 [ 80.978233][ T42] ret_from_fork+0x45/0x80 [ 80.982647][ T42] ? __pfx_kthread+0x10/0x10 [ 80.987229][ T42] ret_from_fork_asm+0x1a/0x30 [ 80.992003][ T42] [ 80.996424][ T42] zd1211rw 1-1:204.191: error ioread32(CR_REG1): -11 [ 81.369322][ T42] usb 1-1: reset high-speed USB device number 2 using dummy_hcd [ 82.353130][ T42] ieee80211 phy2: Selected rate control algorithm 'minstrel_ht' [ 82.372727][ T42] zd1211rw 1-1:204.98: phy2 [ 82.495208][ T29] audit: type=1400 audit(1726122167.772:115): avc: denied { read } for pid=2583 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 82.554210][ T9] usb 1-1: USB disconnect, device number 2 2024/09/12 06:22:48 executed programs: 4 [ 83.338748][ T42] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 83.519966][ T42] usb 1-1: config 204 has an invalid interface number: 37 but max is 2 [ 83.528254][ T42] usb 1-1: config 204 has an invalid interface association descriptor of length 2, skipping [ 83.538350][ T42] usb 1-1: config 204 has an invalid interface number: 191 but max is 2 [ 83.546730][ T42] usb 1-1: config 204 has an invalid interface number: 98 but max is 2 [ 83.555007][ T42] usb 1-1: config 204 has no interface number 0 [ 83.561267][ T42] usb 1-1: config 204 has no interface number 1 [ 83.567494][ T42] usb 1-1: config 204 has no interface number 2 [ 83.573807][ T42] usb 1-1: config 204 interface 37 altsetting 7 has an invalid descriptor for endpoint zero, skipping [ 83.584793][ T42] usb 1-1: config 204 interface 37 altsetting 7 has an endpoint descriptor with address 0xCB, changing to 0x8B [ 83.596548][ T42] usb 1-1: config 204 interface 37 altsetting 7 endpoint 0x8B has an invalid bInterval 178, changing to 11 [ 83.607947][ T42] usb 1-1: config 204 interface 37 altsetting 7 endpoint 0x4 has an invalid bInterval 0, changing to 7 [ 83.618999][ T42] usb 1-1: config 204 interface 37 altsetting 7 has an endpoint descriptor with address 0x97, changing to 0x87 [ 83.630753][ T42] usb 1-1: config 204 interface 37 altsetting 7 has a duplicate endpoint with address 0x4, skipping [ 83.641549][ T42] usb 1-1: config 204 interface 37 altsetting 7 has a duplicate endpoint with address 0x4, skipping [ 83.652540][ T42] usb 1-1: config 204 interface 37 has no altsetting 0 [ 83.659403][ T42] usb 1-1: config 204 interface 191 has no altsetting 0 [ 83.666359][ T42] usb 1-1: config 204 interface 98 has no altsetting 0 [ 83.675108][ T42] usb 1-1: New USB device found, idVendor=054c, idProduct=0257, bcdDevice=25.0a [ 83.684253][ T42] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 83.692247][ T42] usb 1-1: Product: syz [ 83.696403][ T42] usb 1-1: Manufacturer: syz [ 83.701087][ T42] usb 1-1: SerialNumber: syz [ 84.799316][ T42] usb 1-1: reset high-speed USB device number 3 using dummy_hcd [ 85.784044][ T42] ieee80211 phy3: Selected rate control algorithm 'minstrel_ht' [ 85.803537][ T42] zd1211rw 1-1:204.37: phy3 [ 85.987063][ T42] zd1211rw 1-1:204.37: error ioread32(CR_REG1): -11 [ 86.879323][ T42] usb 1-1: reset high-speed USB device number 3 using dummy_hcd [ 87.863348][ T42] ieee80211 phy4: Selected rate control algorithm 'minstrel_ht' [ 87.883606][ T42] zd1211rw 1-1:204.191: phy4 [ 88.064976][ T42] zd1211rw 1-1:204.37: error ioread32(CR_REG1): -11 [ 88.071833][ T42] zd1211rw 1-1:204.191: error ioread32(CR_REG1): -11 2024/09/12 06:22:53 executed programs: 7 [ 88.979365][ T42] usb 1-1: reset high-speed USB device number 3 using dummy_hcd [ 89.964085][ T42] ieee80211 phy5: Selected rate control algorithm 'minstrel_ht' [ 89.983619][ T42] zd1211rw 1-1:204.98: phy5 [ 90.164701][ T42] usb 1-1: USB disconnect, device number 3