./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1940056355 <...> pid=5666 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 42.018995][ T29] audit: type=1400 audit(1733129480.518:83): avc: denied { write } for pid=5669 comm="sftp-server" path="pipe:[5207]" dev="pipefs" ino=5207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 42.738513][ T29] audit: type=1400 audit(1733129481.238:84): avc: denied { read } for pid=5174 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 42.760628][ T29] audit: type=1400 audit(1733129481.238:85): avc: denied { append } for pid=5174 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 42.783596][ T29] audit: type=1400 audit(1733129481.238:86): avc: denied { open } for pid=5174 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 42.806880][ T29] audit: type=1400 audit(1733129481.238:87): avc: denied { getattr } for pid=5174 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 Warning: Permanently added '10.128.1.26' (ED25519) to the list of known hosts. execve("./syz-executor1940056355", ["./syz-executor1940056355"], 0x7ffd5a596720 /* 10 vars */) = 0 brk(NULL) = 0x555562883000 brk(0x555562883d40) = 0x555562883d40 arch_prctl(ARCH_SET_FS, 0x5555628833c0) = 0 set_tid_address(0x555562883690) = 5816 set_robust_list(0x5555628836a0, 24) = 0 rseq(0x555562883ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1940056355", 4096) = 28 getrandom("\xba\xbe\xf2\xa8\x91\x1a\xcd\x15", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555562883d40 brk(0x5555628a4d40) = 0x5555628a4d40 brk(0x5555628a5000) = 0x5555628a5000 mprotect(0x7f39b3e1c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5817 attached , child_tidptr=0x555562883690) = 5817 [pid 5817] set_robust_list(0x5555628836a0, 24) = 0 [pid 5817] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 3 [ 56.017397][ T29] audit: type=1400 audit(1733129494.518:88): avc: denied { execmem } for pid=5816 comm="syz-executor194" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 5817] openat(AT_FDCWD, "/dev/vhci", O_RDWR) = 4 [pid 5817] dup2(4, 202) = 202 [pid 5817] close(4) = 0 [ 56.053272][ T29] audit: type=1400 audit(1733129494.558:89): avc: denied { create } for pid=5817 comm="syz-executor194" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 56.085454][ T29] audit: type=1400 audit(1733129494.588:90): avc: denied { read write } for pid=5817 comm="syz-executor194" name="vhci" dev="devtmpfs" ino=1268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [pid 5817] write(202, "\xff\x00", 2) = 2 [pid 5817] read(202, "\xff\x00\x00\x00", 4) = 4 [pid 5817] rt_sigaction(SIGRT_1, {sa_handler=0x7f39b3dc0810, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f39b3db1e90}, NULL, 8) = 0 [pid 5817] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5817] mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f39b3551000 [pid 5817] mprotect(0x7f39b3552000, 8388608, PROT_READ|PROT_WRITE) = 0 [pid 5817] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5817] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f39b3d51990, parent_tid=0x7f39b3d51990, exit_signal=0, stack=0x7f39b3551000, stack_size=0x800300, tls=0x7f39b3d516c0}./strace-static-x86_64: Process 5821 attached => {parent_tid=[2]}, 88) = 2 [pid 5821] rseq(0x7f39b3d51fe0, 0x20, 0, 0x53053053 [pid 5817] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] <... rseq resumed>) = 0 [pid 5817] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] set_robust_list(0x7f39b3d519a0, 24 [pid 5817] ioctl(3, HCIDEVUP [pid 5821] <... set_robust_list resumed>) = 0 [pid 5821] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5821] read(202, "\x01\x03\x0c\x00", 1024) = 4 [pid 5821] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [ 56.109348][ T29] audit: type=1400 audit(1733129494.588:91): avc: denied { open } for pid=5817 comm="syz-executor194" path="/dev/vhci" dev="devtmpfs" ino=1268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [pid 5821] read(202, "\x01\x03\x10\x00", 1024) = 4 [pid 5821] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5821] read(202, "\x01\x01\x10\x00", 1024) = 4 [pid 5821] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5821] read(202, "\x01\x09\x10\x00", 1024) = 4 [pid 5821] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4) = 13 [pid 5821] read(202, "\x01\x05\x10\x00", 1024) = 4 [pid 5821] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4) = 14 [ 56.145877][ T29] audit: type=1400 audit(1733129494.648:92): avc: denied { ioctl } for pid=5817 comm="syz-executor194" path="socket:[4553]" dev="sockfs" ino=4553 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 56.148446][ T5819] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 56.179998][ T5819] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 56.200963][ T5819] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [pid 5821] read(202, "\x01\x23\x0c\x00", 1024) = 4 [pid 5821] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5821] read(202, "\x01\x14\x0c\x00", 1024) = 4 [pid 5821] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5821] read(202, "\x01\x25\x0c\x00", 1024) = 4 [pid 5821] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x25\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5821] read(202, "\x01\x38\x0c\x00", 1024) = 4 [pid 5821] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5821] read(202, "\x01\x39\x0c\x00", 1024) = 4 [pid 5821] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5821] read(202, "\x01\x16\x0c\x02\x00\x7d", 1024) = 6 [ 56.283485][ T5819] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 56.312345][ T5819] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 56.323140][ T5819] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [pid 5821] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5821] read(202, [pid 5817] <... ioctl resumed>, 0) = -1 EALREADY (Operation already in progress) [pid 5817] ioctl(3, HCISETSCAN [pid 5821] <... read resumed>"\x01\x1a\x0c\x01\x02", 1024) = 5 [pid 5821] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4) = 7 [pid 5817] <... ioctl resumed>, 0x7ffc375a93f4) = 0 [pid 5817] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3 [pid 5821] rt_sigprocmask(SIG_BLOCK, ~[RT_1], [pid 5817] <... writev resumed>) = 13 [pid 5817] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3 [pid 5821] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] madvise(0x7f39b3551000, 8372224, MADV_DONTNEED) = 0 [pid 5821] exit(0) = ? [pid 5821] +++ exited with 0 +++ [pid 5817] <... writev resumed>) = 14 [pid 5817] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3) = 14 [pid 5817] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3) = 22 [pid 5817] close(3) = 0 [pid 5817] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5817] getppid() = 0 [pid 5817] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5817] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5817] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5817] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5817] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5817] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5817] unshare(CLONE_NEWNS) = 0 [pid 5817] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5817] unshare(CLONE_NEWIPC) = 0 [pid 5817] unshare(CLONE_NEWCGROUP) = 0 [pid 5817] unshare(CLONE_NEWUTS) = 0 [pid 5817] unshare(CLONE_SYSVSEM) = 0 [pid 5817] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5817] write(3, "16777216", 8) = 8 [pid 5817] close(3) = 0 [pid 5817] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5817] write(3, "536870912", 9) = 9 [pid 5817] close(3) = 0 [pid 5817] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5817] write(3, "1024", 4) = 4 [pid 5817] close(3) = 0 [pid 5817] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [ 56.439262][ T29] audit: type=1400 audit(1733129494.938:93): avc: denied { mounton } for pid=5817 comm="syz-executor194" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [pid 5817] write(3, "8192", 4) = 4 [pid 5817] close(3) = 0 [pid 5817] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5817] write(3, "1024", 4) = 4 [pid 5817] close(3) = 0 [pid 5817] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5817] write(3, "1024", 4) = 4 [pid 5817] close(3) = 0 [pid 5817] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5817] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5817] close(3) = 0 [pid 5817] getpid() = 1 [pid 5817] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< 0b 90 90 e9 e9 f8 ff ff e8 07 47 ae fa 49 81 c4 c0 05 00 00 e9 [ 57.813852][ T5818] RSP: 0018:ffffc9000470ee60 EFLAGS: 00010286 [ 57.820480][ T5818] RAX: 0000000000000000 RBX: ffff888024cb9c00 RCX: ffffffff815a5159 [ 57.828512][ T5818] RDX: ffff888020bc0000 RSI: ffffffff815a5166 RDI: 0000000000000001 [ 57.836511][ T5818] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 57.844539][ T5818] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000003 [ 57.852552][ T5818] R13: ffff88802a7a70a8 R14: ffff88801b065840 R15: ffff888024cb9c7c [ 57.860535][ T5818] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 57.869696][ T5818] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.876303][ T5818] CR2: 00007ffc56979000 CR3: 000000000df7e000 CR4: 00000000003526f0 [ 57.884459][ T5818] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 57.892464][ T5818] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 57.900423][ T5818] Call Trace: [ 57.903736][ T5818] [ 57.906668][ T5818] ? __warn+0xea/0x3c0 [ 57.910733][ T5818] ? usb_submit_urb+0xe4b/0x1730 [ 57.915700][ T5818] ? report_bug+0x3c0/0x580 [ 57.920222][ T5818] ? handle_bug+0x54/0xa0 [ 57.924585][ T5818] ? exc_invalid_op+0x17/0x50 [ 57.929271][ T5818] ? asm_exc_invalid_op+0x1a/0x20 [ 57.934331][ T5818] ? __warn_printk+0x199/0x350 [ 57.939103][ T5818] ? __warn_printk+0x1a6/0x350 [ 57.943900][ T5818] ? usb_submit_urb+0xe4b/0x1730 [ 57.948859][ T5818] ? __init_swait_queue_head+0xca/0x150 [ 57.954461][ T5818] usb_start_wait_urb+0x103/0x4c0 [ 57.959503][ T5818] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 57.965126][ T5818] ? __asan_memset+0x23/0x50 [ 57.969725][ T5818] usb_bulk_msg+0x22c/0x550 [ 57.974281][ T5818] amradio_send_cmd+0x2e2/0x940 [ 57.979149][ T5818] ? __pfx_amradio_send_cmd+0x10/0x10 [ 57.984563][ T5818] ? read_word_at_a_time+0xe/0x20 [ 57.989607][ T5818] ? sized_strscpy+0xae/0x2e0 [ 57.994336][ T5818] usb_amradio_probe+0x4a3/0x8a0 [ 57.999280][ T5818] usb_probe_interface+0x300/0x9c0 [ 58.004430][ T5818] ? __pfx_usb_probe_interface+0x10/0x10 [ 58.010088][ T5818] really_probe+0x23e/0xa90 [ 58.014629][ T5818] __driver_probe_device+0x1de/0x440 [ 58.019924][ T5818] driver_probe_device+0x4c/0x1b0 [ 58.025008][ T5818] __device_attach_driver+0x1df/0x310 [ 58.030402][ T5818] ? __pfx___device_attach_driver+0x10/0x10 [ 58.036357][ T5818] bus_for_each_drv+0x157/0x1e0 [ 58.041223][ T5818] ? __pfx_bus_for_each_drv+0x10/0x10 [ 58.046646][ T5818] ? lockdep_hardirqs_on+0x7c/0x110 [ 58.051866][ T5818] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 58.057735][ T5818] __device_attach+0x1e8/0x4b0 [ 58.062722][ T5818] ? __pfx___device_attach+0x10/0x10 [ 58.068020][ T5818] ? do_raw_spin_unlock+0x172/0x230 [ 58.073264][ T5818] bus_probe_device+0x17f/0x1c0 [ 58.078211][ T5818] device_add+0x114b/0x1a70 [ 58.082752][ T5818] ? __pfx_device_add+0x10/0x10 [ 58.087610][ T5818] ? wakeup_sysfs_add+0x51/0x60 [ 58.092511][ T5818] usb_set_configuration+0x10cb/0x1c50 [ 58.097982][ T5818] ? __pfx_usb_generic_driver_probe+0x10/0x10 [ 58.104111][ T5818] usb_generic_driver_probe+0xb1/0x110 [ 58.109601][ T5818] usb_probe_device+0xec/0x3e0 [ 58.114412][ T5818] ? __pfx_usb_probe_device+0x10/0x10 [ 58.119818][ T5818] really_probe+0x23e/0xa90 [ 58.124530][ T5818] __driver_probe_device+0x1de/0x440 [ 58.129826][ T5818] ? usb_driver_applicable+0x1c7/0x220 [ 58.135411][ T5818] driver_probe_device+0x4c/0x1b0 [ 58.140455][ T5818] __device_attach_driver+0x1df/0x310 [ 58.145862][ T5818] ? __pfx___device_attach_driver+0x10/0x10 [ 58.151765][ T5818] bus_for_each_drv+0x157/0x1e0 [ 58.156644][ T5818] ? __pfx_bus_for_each_drv+0x10/0x10 [ 58.162026][ T5818] ? lockdep_hardirqs_on+0x7c/0x110 [ 58.167263][ T5818] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 58.173103][ T5818] __device_attach+0x1e8/0x4b0 [ 58.177856][ T5818] ? __pfx___device_attach+0x10/0x10 [ 58.183188][ T5818] ? do_raw_spin_unlock+0x172/0x230 [ 58.188428][ T5818] bus_probe_device+0x17f/0x1c0 [ 58.193312][ T5818] device_add+0x114b/0x1a70 [ 58.197828][ T5818] ? __pfx_device_add+0x10/0x10 [ 58.202718][ T5818] ? add_device_randomness+0xb8/0xf0 [ 58.208018][ T5818] usb_new_device+0xd90/0x1a10 [ 58.212838][ T5818] ? __pfx_usb_new_device+0x10/0x10 [ 58.218054][ T5818] hub_event+0x2d9a/0x4e10 [ 58.222526][ T5818] ? __pfx_hub_event+0x10/0x10 [ 58.227307][ T5818] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 58.232998][ T5818] ? rcu_is_watching+0x12/0xc0 [ 58.237790][ T5818] ? trace_lock_acquire+0x14e/0x1f0 [ 58.243055][ T5818] ? process_one_work+0x921/0x1ba0 [ 58.248177][ T5818] ? lock_acquire+0x2f/0xb0 [ 58.252702][ T5818] ? process_one_work+0x921/0x1ba0 [ 58.257818][ T5818] process_one_work+0x9c5/0x1ba0 [ 58.262789][ T5818] ? __pfx_hcd_resume_work+0x10/0x10 [ 58.268084][ T5818] ? __pfx_process_one_work+0x10/0x10 [ 58.273479][ T5818] ? rcu_is_watching+0x12/0xc0 [ 58.278252][ T5818] ? assign_work+0x1a0/0x250 [ 58.282867][ T5818] worker_thread+0x6c8/0xf00 [ 58.287466][ T5818] ? __kthread_parkme+0x148/0x220 [ 58.292522][ T5818] ? __pfx_worker_thread+0x10/0x10 [ 58.297638][ T5818] kthread+0x2c1/0x3a0 [ 58.301693][ T5818] ? _raw_spin_unlock_irq+0x23/0x50 [ 58.306951][ T5818] ? __pfx_kthread+0x10/0x10 [ 58.311550][ T5818] ret_from_fork+0x45/0x80 [ 58.315992][ T5818] ? __pfx_kthread+0x10/0x10 [ 58.320601][ T5818] ret_from_fork_asm+0x1a/0x30 [ 58.325405][ T5818] [ 58.328464][ T5818] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 58.335719][ T5818] CPU: 1 UID: 0 PID: 5818 Comm: kworker/1:3 Not tainted 6.13.0-rc1-syzkaller #0 [ 58.344718][ T5818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 58.354755][ T5818] Workqueue: usb_hub_wq hub_event [ 58.359779][ T5818] Call Trace: [ 58.363039][ T5818] [ 58.365949][ T5818] dump_stack_lvl+0x3d/0x1f0 [ 58.370525][ T5818] panic+0x71d/0x800 [ 58.374405][ T5818] ? __pfx_panic+0x10/0x10 [ 58.378804][ T5818] ? show_trace_log_lvl+0x29d/0x3d0 [ 58.384005][ T5818] ? check_panic_on_warn+0x1f/0xb0 [ 58.389131][ T5818] ? usb_submit_urb+0xe4b/0x1730 [ 58.394083][ T5818] check_panic_on_warn+0xab/0xb0 [ 58.399055][ T5818] __warn+0xf6/0x3c0 [ 58.402951][ T5818] ? usb_submit_urb+0xe4b/0x1730 [ 58.407895][ T5818] report_bug+0x3c0/0x580 [ 58.412228][ T5818] handle_bug+0x54/0xa0 [ 58.416386][ T5818] exc_invalid_op+0x17/0x50 [ 58.420891][ T5818] asm_exc_invalid_op+0x1a/0x20 [ 58.425743][ T5818] RIP: 0010:usb_submit_urb+0xe4b/0x1730 [ 58.431290][ T5818] Code: 84 3c 02 00 00 e8 35 47 ae fa 4c 89 ef e8 ed fe d9 fe 45 89 e0 89 e9 4c 89 f2 48 89 c6 48 c7 c7 40 e3 2d 8c e8 c6 90 6e fa 90 <0f> 0b 90 90 e9 e9 f8 ff ff e8 07 47 ae fa 49 81 c4 c0 05 00 00 e9 [ 58.450895][ T5818] RSP: 0018:ffffc9000470ee60 EFLAGS: 00010286 [ 58.456963][ T5818] RAX: 0000000000000000 RBX: ffff888024cb9c00 RCX: ffffffff815a5159 [ 58.464951][ T5818] RDX: ffff888020bc0000 RSI: ffffffff815a5166 RDI: 0000000000000001 [ 58.472936][ T5818] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 58.480905][ T5818] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000003 [ 58.488881][ T5818] R13: ffff88802a7a70a8 R14: ffff88801b065840 R15: ffff888024cb9c7c [ 58.496889][ T5818] ? __warn_printk+0x199/0x350 [ 58.501658][ T5818] ? __warn_printk+0x1a6/0x350 [ 58.506430][ T5818] ? __init_swait_queue_head+0xca/0x150 [ 58.511979][ T5818] usb_start_wait_urb+0x103/0x4c0 [ 58.517004][ T5818] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 58.522559][ T5818] ? __asan_memset+0x23/0x50 [ 58.527146][ T5818] usb_bulk_msg+0x22c/0x550 [ 58.531656][ T5818] amradio_send_cmd+0x2e2/0x940 [ 58.536504][ T5818] ? __pfx_amradio_send_cmd+0x10/0x10 [ 58.541873][ T5818] ? read_word_at_a_time+0xe/0x20 [ 58.546902][ T5818] ? sized_strscpy+0xae/0x2e0 [ 58.551583][ T5818] usb_amradio_probe+0x4a3/0x8a0 [ 58.556518][ T5818] usb_probe_interface+0x300/0x9c0 [ 58.561629][ T5818] ? __pfx_usb_probe_interface+0x10/0x10 [ 58.567260][ T5818] really_probe+0x23e/0xa90 [ 58.571764][ T5818] __driver_probe_device+0x1de/0x440 [ 58.577050][ T5818] driver_probe_device+0x4c/0x1b0 [ 58.582074][ T5818] __device_attach_driver+0x1df/0x310 [ 58.587445][ T5818] ? __pfx___device_attach_driver+0x10/0x10 [ 58.593338][ T5818] bus_for_each_drv+0x157/0x1e0 [ 58.598188][ T5818] ? __pfx_bus_for_each_drv+0x10/0x10 [ 58.603555][ T5818] ? lockdep_hardirqs_on+0x7c/0x110 [ 58.608751][ T5818] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 58.614557][ T5818] __device_attach+0x1e8/0x4b0 [ 58.619319][ T5818] ? __pfx___device_attach+0x10/0x10 [ 58.624603][ T5818] ? do_raw_spin_unlock+0x172/0x230 [ 58.629802][ T5818] bus_probe_device+0x17f/0x1c0 [ 58.634654][ T5818] device_add+0x114b/0x1a70 [ 58.639160][ T5818] ? __pfx_device_add+0x10/0x10 [ 58.644015][ T5818] ? wakeup_sysfs_add+0x51/0x60 [ 58.648871][ T5818] usb_set_configuration+0x10cb/0x1c50 [ 58.654340][ T5818] ? __pfx_usb_generic_driver_probe+0x10/0x10 [ 58.660406][ T5818] usb_generic_driver_probe+0xb1/0x110 [ 58.665863][ T5818] usb_probe_device+0xec/0x3e0 [ 58.670620][ T5818] ? __pfx_usb_probe_device+0x10/0x10 [ 58.675988][ T5818] really_probe+0x23e/0xa90 [ 58.680491][ T5818] __driver_probe_device+0x1de/0x440 [ 58.685772][ T5818] ? usb_driver_applicable+0x1c7/0x220 [ 58.691229][ T5818] driver_probe_device+0x4c/0x1b0 [ 58.696251][ T5818] __device_attach_driver+0x1df/0x310 [ 58.701621][ T5818] ? __pfx___device_attach_driver+0x10/0x10 [ 58.707512][ T5818] bus_for_each_drv+0x157/0x1e0 [ 58.712359][ T5818] ? __pfx_bus_for_each_drv+0x10/0x10 [ 58.717723][ T5818] ? lockdep_hardirqs_on+0x7c/0x110 [ 58.722920][ T5818] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 58.728724][ T5818] __device_attach+0x1e8/0x4b0 [ 58.733487][ T5818] ? __pfx___device_attach+0x10/0x10 [ 58.738768][ T5818] ? do_raw_spin_unlock+0x172/0x230 [ 58.743969][ T5818] bus_probe_device+0x17f/0x1c0 [ 58.748816][ T5818] device_add+0x114b/0x1a70 [ 58.753322][ T5818] ? __pfx_device_add+0x10/0x10 [ 58.758176][ T5818] ? add_device_randomness+0xb8/0xf0 [ 58.763466][ T5818] usb_new_device+0xd90/0x1a10 [ 58.768230][ T5818] ? __pfx_usb_new_device+0x10/0x10 [ 58.773428][ T5818] hub_event+0x2d9a/0x4e10 [ 58.777859][ T5818] ? __pfx_hub_event+0x10/0x10 [ 58.782626][ T5818] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 58.788271][ T5818] ? rcu_is_watching+0x12/0xc0 [ 58.793046][ T5818] ? trace_lock_acquire+0x14e/0x1f0 [ 58.798261][ T5818] ? process_one_work+0x921/0x1ba0 [ 58.803374][ T5818] ? lock_acquire+0x2f/0xb0 [ 58.807875][ T5818] ? process_one_work+0x921/0x1ba0 [ 58.812988][ T5818] process_one_work+0x9c5/0x1ba0 [ 58.817931][ T5818] ? __pfx_hcd_resume_work+0x10/0x10 [ 58.823213][ T5818] ? __pfx_process_one_work+0x10/0x10 [ 58.828583][ T5818] ? rcu_is_watching+0x12/0xc0 [ 58.833355][ T5818] ? assign_work+0x1a0/0x250 [ 58.837942][ T5818] worker_thread+0x6c8/0xf00 [ 58.842540][ T5818] ? __kthread_parkme+0x148/0x220 [ 58.847562][ T5818] ? __pfx_worker_thread+0x10/0x10 [ 58.852669][ T5818] kthread+0x2c1/0x3a0 [ 58.856732][ T5818] ? _raw_spin_unlock_irq+0x23/0x50 [ 58.861926][ T5818] ? __pfx_kthread+0x10/0x10 [ 58.866520][ T5818] ret_from_fork+0x45/0x80 [ 58.870929][ T5818] ? __pfx_kthread+0x10/0x10 [ 58.875517][ T5818] ret_from_fork_asm+0x1a/0x30 [ 58.880295][ T5818] [ 58.883420][ T5818] Kernel Offset: disabled [ 58.887757][ T5818] Rebooting in 86400 seconds..