Warning: Permanently added '10.128.0.108' (ED25519) to the list of known hosts. executing program [ 43.352971][ T29] audit: type=1400 audit(1736885235.366:80): avc: denied { execmem } for pid=2946 comm="syz-executor218" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 43.374688][ T29] audit: type=1400 audit(1736885235.376:81): avc: denied { read write } for pid=2947 comm="syz-executor218" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 43.398591][ T29] audit: type=1400 audit(1736885235.376:82): avc: denied { open } for pid=2947 comm="syz-executor218" path="/dev/raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 43.422625][ T29] audit: type=1400 audit(1736885235.376:83): avc: denied { ioctl } for pid=2947 comm="syz-executor218" path="/dev/raw-gadget" dev="devtmpfs" ino=236 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 43.593015][ T2807] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 43.745505][ T2807] usb 1-1: config 0 has an invalid interface number: 244 but max is 0 [ 43.753823][ T2807] usb 1-1: config 0 has no interface number 0 [ 43.759937][ T2807] usb 1-1: config 0 interface 244 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 43.770879][ T2807] usb 1-1: config 0 interface 244 altsetting 0 endpoint 0x83 has an invalid bInterval 31, changing to 7 [ 43.782098][ T2807] usb 1-1: config 0 interface 244 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 43.797489][ T2807] usb 1-1: New USB device found, idVendor=2040, idProduct=026d, bcdDevice=57.6a [ 43.806602][ T2807] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 43.814660][ T2807] usb 1-1: Product: syz [ 43.818854][ T2807] usb 1-1: Manufacturer: syz [ 43.823525][ T2807] usb 1-1: SerialNumber: syz [ 43.831398][ T2807] usb 1-1: config 0 descriptor?? [ 43.841064][ T2807] em28xx 1-1:0.244: New device syz syz @ 480 Mbps (2040:026d, interface 244, class 244) [ 43.850993][ T2807] em28xx 1-1:0.244: Audio interface 244 found (Vendor Class) executing program [ 44.103236][ T2807] em28xx 1-1:0.244: unknown em28xx chip ID (0) [ 44.109980][ T2807] em28xx 1-1:0.244: Config register raw data: 0xfffffffb [ 44.117883][ T2807] em28xx 1-1:0.244: AC97 chip type couldn't be determined [ 44.125093][ T2807] em28xx 1-1:0.244: No AC97 audio processor [ 44.131068][ T2807] em28xx 1-1:0.244: We currently don't support analog TV or stream capture on dual tuners. [ 44.193299][ T2807] em28xx 1-1:0.244: unknown em28xx chip ID (0) [ 44.199909][ T2807] em28xx 1-1:0.244: Config register raw data: 0xfffffffb [ 44.207458][ T2807] em28xx 1-1:0.244: AC97 chip type couldn't be determined [ 44.214660][ T2807] em28xx 1-1:0.244: No AC97 audio processor [ 44.426283][ T2807] usb 1-1: USB disconnect, device number 2 [ 44.433260][ T2807] em28xx 1-1:0.244: Disconnecting em28xx #1 [ 44.439201][ T2807] em28xx 1-1:0.244: Disconnecting em28xx [ 44.447468][ T2807] em28xx 1-1:0.244: Freeing device [ 44.452769][ T2807] em28xx 1-1:0.244: Freeing device [ 44.763294][ T2807] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 44.924860][ T2807] usb 1-1: config 0 has an invalid interface number: 244 but max is 0 [ 44.933095][ T2807] usb 1-1: config 0 has no interface number 0 [ 44.939201][ T2807] usb 1-1: config 0 interface 244 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 44.950141][ T2807] usb 1-1: config 0 interface 244 altsetting 0 endpoint 0x83 has an invalid bInterval 31, changing to 7 [ 44.961335][ T2807] usb 1-1: config 0 interface 244 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 44.977094][ T2807] usb 1-1: New USB device found, idVendor=2040, idProduct=026d, bcdDevice=57.6a [ 44.986398][ T2807] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 44.994487][ T2807] usb 1-1: Product: syz [ 44.998690][ T2807] usb 1-1: Manufacturer: syz [ 45.003354][ T2807] usb 1-1: SerialNumber: syz [ 45.009947][ T2807] usb 1-1: config 0 descriptor?? [ 45.018219][ T2807] em28xx 1-1:0.244: New device syz syz @ 480 Mbps (2040:026d, interface 244, class 244) [ 45.028054][ T2807] em28xx 1-1:0.244: Audio interface 244 found (Vendor Class) executing program [ 45.283558][ T2807] em28xx 1-1:0.244: unknown em28xx chip ID (0) [ 45.290053][ T2807] em28xx 1-1:0.244: Config register raw data: 0xfffffffb [ 45.297630][ T2807] em28xx 1-1:0.244: AC97 chip type couldn't be determined [ 45.304825][ T2807] em28xx 1-1:0.244: No AC97 audio processor [ 45.310759][ T2807] list_add corruption. prev->next should be next (ffffffff89e29520), but was 0000000000000000. (prev=ffff88811462c250). [ 45.323848][ T2807] ------------[ cut here ]------------ [ 45.329352][ T2807] kernel BUG at lib/list_debug.c:32! [ 45.334760][ T2807] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 45.341737][ T2807] CPU: 0 UID: 0 PID: 2807 Comm: kworker/0:2 Not tainted 6.13.0-rc7-syzkaller-g26a6cc10f19a #0 [ 45.351993][ T2807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 45.362060][ T2807] Workqueue: usb_hub_wq hub_event [ 45.367125][ T2807] RIP: 0010:__list_add_valid_or_report+0xbe/0x100 [ 45.373568][ T2807] Code: dc fe 90 0f 0b 48 89 d9 48 c7 c7 e0 35 47 87 e8 b8 20 dc fe 90 0f 0b 48 89 f1 48 c7 c7 60 36 47 87 48 89 de e8 a3 20 dc fe 90 <0f> 0b 48 89 f2 48 89 d9 48 89 ee 48 c7 c7 e0 36 47 87 e8 8b 20 dc [ 45.393225][ T2807] RSP: 0018:ffffc9000549ef08 EFLAGS: 00010286 [ 45.399341][ T2807] RAX: 0000000000000075 RBX: ffffffff89e29520 RCX: ffffffff813ae369 [ 45.407322][ T2807] RDX: 0000000000000000 RSI: ffffffff813b8d36 RDI: 0000000000000005 [ 45.415319][ T2807] RBP: ffff888122c40250 R08: 0000000000000005 R09: 0000000000000000 [ 45.423305][ T2807] R10: 0000000080000000 R11: 0000000000000001 R12: ffff888122c40250 [ 45.431290][ T2807] R13: ffff888122c40000 R14: ffff888122c419d4 R15: ffff888120a87000 [ 45.439271][ T2807] FS: 0000000000000000(0000) GS:ffff8881f5800000(0000) knlGS:0000000000000000 [ 45.448214][ T2807] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 45.454811][ T2807] CR2: 00007f1fa4d10e10 CR3: 0000000116eec000 CR4: 00000000003506f0 [ 45.462793][ T2807] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 45.470775][ T2807] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 45.478765][ T2807] Call Trace: [ 45.482058][ T2807] [ 45.484999][ T2807] ? die+0x31/0x80 [ 45.488755][ T2807] ? do_trap+0x232/0x430 [ 45.493029][ T2807] ? __list_add_valid_or_report+0xbe/0x100 [ 45.498870][ T2807] ? __list_add_valid_or_report+0xbe/0x100 [ 45.504707][ T2807] ? do_error_trap+0xf4/0x230 [ 45.509403][ T2807] ? __list_add_valid_or_report+0xbe/0x100 [ 45.515241][ T2807] ? handle_invalid_op+0x34/0x40 [ 45.520202][ T2807] ? __list_add_valid_or_report+0xbe/0x100 [ 45.526036][ T2807] ? exc_invalid_op+0x2e/0x50 [ 45.530740][ T2807] ? asm_exc_invalid_op+0x1a/0x20 [ 45.535793][ T2807] ? __wake_up_klogd.part.0+0x99/0xf0 [ 45.541187][ T2807] ? vprintk+0x86/0xa0 [ 45.545283][ T2807] ? __list_add_valid_or_report+0xbe/0x100 [ 45.551364][ T2807] ? __list_add_valid_or_report+0xbd/0x100 [ 45.557204][ T2807] em28xx_init_extension+0x48/0x200 [ 45.562436][ T2807] em28xx_init_dev.constprop.0+0x197b/0x3090 [ 45.568435][ T2807] ? __pfx_em28xx_init_dev.constprop.0+0x10/0x10 [ 45.574777][ T2807] ? lockdep_init_map_type+0x16d/0x7d0 [ 45.580260][ T2807] ? lockdep_init_map_type+0x16d/0x7d0 [ 45.585764][ T2807] ? __raw_spin_lock_init+0x3a/0x110 [ 45.591072][ T2807] em28xx_usb_probe+0x1262/0x3720 [ 45.596121][ T2807] usb_probe_interface+0x300/0x9c0 [ 45.601257][ T2807] ? __pfx_usb_probe_interface+0x10/0x10 [ 45.606909][ T2807] really_probe+0x23e/0xa90 [ 45.611429][ T2807] __driver_probe_device+0x1de/0x440 [ 45.616732][ T2807] driver_probe_device+0x4c/0x1b0 [ 45.621775][ T2807] __device_attach_driver+0x1df/0x310 [ 45.627168][ T2807] ? __pfx___device_attach_driver+0x10/0x10 [ 45.633080][ T2807] bus_for_each_drv+0x157/0x1e0 [ 45.637943][ T2807] ? __pfx_bus_for_each_drv+0x10/0x10 [ 45.643329][ T2807] ? lockdep_hardirqs_on+0x7c/0x110 [ 45.648562][ T2807] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 45.654381][ T2807] __device_attach+0x1e8/0x4b0 [ 45.659167][ T2807] ? __pfx___device_attach+0x10/0x10 [ 45.664472][ T2807] ? do_raw_spin_unlock+0x172/0x230 [ 45.669729][ T2807] bus_probe_device+0x17f/0x1c0 [ 45.674614][ T2807] device_add+0x114b/0x1a70 [ 45.679145][ T2807] ? __pfx_device_add+0x10/0x10 [ 45.684044][ T2807] ? mark_held_locks+0x9f/0xe0 [ 45.688834][ T2807] usb_set_configuration+0x10cb/0x1c50 [ 45.694330][ T2807] ? __pfx_usb_generic_driver_probe+0x10/0x10 [ 45.700448][ T2807] usb_generic_driver_probe+0xb1/0x110 [ 45.705931][ T2807] usb_probe_device+0xec/0x3e0 [ 45.710720][ T2807] ? __pfx_usb_probe_device+0x10/0x10 [ 45.716113][ T2807] really_probe+0x23e/0xa90 [ 45.720643][ T2807] __driver_probe_device+0x1de/0x440 [ 45.725970][ T2807] ? usb_driver_applicable+0x1c7/0x220 [ 45.731459][ T2807] driver_probe_device+0x4c/0x1b0 [ 45.736509][ T2807] __device_attach_driver+0x1df/0x310 [ 45.741904][ T2807] ? __pfx___device_attach_driver+0x10/0x10 [ 45.747820][ T2807] bus_for_each_drv+0x157/0x1e0 [ 45.752693][ T2807] ? __pfx_bus_for_each_drv+0x10/0x10 [ 45.758080][ T2807] ? lockdep_hardirqs_on+0x7c/0x110 [ 45.763396][ T2807] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 45.769229][ T2807] __device_attach+0x1e8/0x4b0 [ 45.774020][ T2807] ? __pfx___device_attach+0x10/0x10 [ 45.779417][ T2807] ? do_raw_spin_unlock+0x172/0x230 [ 45.784669][ T2807] bus_probe_device+0x17f/0x1c0 [ 45.789543][ T2807] device_add+0x114b/0x1a70 [ 45.794074][ T2807] ? __pfx_device_add+0x10/0x10 [ 45.798963][ T2807] ? add_device_randomness+0xb8/0xf0 [ 45.804288][ T2807] usb_new_device+0xd09/0x1a20 [ 45.809087][ T2807] ? __pfx_usb_new_device+0x10/0x10 [ 45.814328][ T2807] hub_event+0x2e58/0x4f40 [ 45.818774][ T2807] ? __pfx_hub_event+0x10/0x10 [ 45.823558][ T2807] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 45.829244][ T2807] ? rcu_is_watching+0x12/0xc0 [ 45.834068][ T2807] ? trace_lock_acquire+0x14e/0x1f0 [ 45.839277][ T2807] ? process_one_work+0x921/0x1ba0 [ 45.844425][ T2807] ? lock_acquire+0x2f/0xb0 [ 45.848968][ T2807] ? process_one_work+0x921/0x1ba0 [ 45.854100][ T2807] process_one_work+0x9c5/0x1ba0 [ 45.859062][ T2807] ? __pfx_hub_event+0x10/0x10 [ 45.863844][ T2807] ? __pfx_process_one_work+0x10/0x10 [ 45.869252][ T2807] ? rcu_is_watching+0x12/0xc0 [ 45.874148][ T2807] ? assign_work+0x1a0/0x250 [ 45.878767][ T2807] worker_thread+0x6c8/0xf00 [ 45.883390][ T2807] ? __kthread_parkme+0x148/0x220 [ 45.888469][ T2807] ? __pfx_worker_thread+0x10/0x10 [ 45.893608][ T2807] kthread+0x2c1/0x3a0 [ 45.897704][ T2807] ? _raw_spin_unlock_irq+0x23/0x50 [ 45.902917][ T2807] ? __pfx_kthread+0x10/0x10 [ 45.907536][ T2807] ret_from_fork+0x45/0x80 [ 45.911973][ T2807] ? __pfx_kthread+0x10/0x10 [ 45.916589][ T2807] ret_from_fork_asm+0x1a/0x30 [ 45.921384][ T2807] [ 45.924412][ T2807] Modules linked in: [ 45.928472][ T2807] ---[ end trace 0000000000000000 ]--- [ 45.933994][ T2807] RIP: 0010:__list_add_valid_or_report+0xbe/0x100 [ 45.940476][ T2807] Code: dc fe 90 0f 0b 48 89 d9 48 c7 c7 e0 35 47 87 e8 b8 20 dc fe 90 0f 0b 48 89 f1 48 c7 c7 60 36 47 87 48 89 de e8 a3 20 dc fe 90 <0f> 0b 48 89 f2 48 89 d9 48 89 ee 48 c7 c7 e0 36 47 87 e8 8b 20 dc [ 45.960182][ T2807] RSP: 0018:ffffc9000549ef08 EFLAGS: 00010286 [ 45.966345][ T2807] RAX: 0000000000000075 RBX: ffffffff89e29520 RCX: ffffffff813ae369 [ 45.974377][ T2807] RDX: 0000000000000000 RSI: ffffffff813b8d36 RDI: 0000000000000005 [ 45.982469][ T2807] RBP: ffff888122c40250 R08: 0000000000000005 R09: 0000000000000000 [ 45.990517][ T2807] R10: 0000000080000000 R11: 0000000000000001 R12: ffff888122c40250 [ 45.998546][ T2807] R13: ffff888122c40000 R14: ffff888122c419d4 R15: ffff888120a87000 [ 46.006606][ T2807] FS: 0000000000000000(0000) GS:ffff8881f5800000(0000) knlGS:0000000000000000 [ 46.015766][ T2807] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 46.022381][ T2807] CR2: 00007f1fa4d10e10 CR3: 0000000116eec000 CR4: 00000000003506f0 [ 46.030441][ T2807] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 46.038589][ T2807] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 46.046677][ T2807] Kernel panic - not syncing: Fatal exception [ 46.052890][ T2807] Kernel Offset: disabled [ 46.057229][ T2807] Rebooting in 86400 seconds..