Warning: Permanently added '10.128.0.86' (ED25519) to the list of known hosts.
executing program
[   43.631642][   T29] audit: type=1400 audit(1733144469.839:80): avc:  denied  { execmem } for  pid=2945 comm="syz-executor153" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   43.653353][   T29] audit: type=1400 audit(1733144469.839:81): avc:  denied  { read write } for  pid=2946 comm="syz-executor153" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   43.677273][   T29] audit: type=1400 audit(1733144469.839:82): avc:  denied  { open } for  pid=2946 comm="syz-executor153" path="/dev/raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   43.700995][   T29] audit: type=1400 audit(1733144469.839:83): avc:  denied  { ioctl } for  pid=2946 comm="syz-executor153" path="/dev/raw-gadget" dev="devtmpfs" ino=236 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   43.878080][ T1064] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   44.027723][ T1064] usb 1-1: Using ep0 maxpacket: 8
[   44.034836][ T1064] usb 1-1: config 4 has an invalid interface number: 57 but max is 3
[   44.043087][ T1064] usb 1-1: config 4 has an invalid interface association descriptor of length 2, skipping
[   44.053174][ T1064] usb 1-1: config 4 has an invalid interface number: 65 but max is 3
[   44.061380][ T1064] usb 1-1: config 4 has an invalid interface number: 212 but max is 3
[   44.069653][ T1064] usb 1-1: config 4 has an invalid interface number: 21 but max is 3
[   44.077809][ T1064] usb 1-1: config 4 has an invalid interface number: 111 but max is 3
[   44.086104][ T1064] usb 1-1: config 4 has an invalid descriptor of length 10, skipping remainder of the config
[   44.096336][ T1064] usb 1-1: config 4 has 5 interfaces, different from the descriptor's value: 4
[   44.105360][ T1064] usb 1-1: config 4 has no interface number 0
[   44.111595][ T1064] usb 1-1: config 4 has no interface number 1
[   44.117764][ T1064] usb 1-1: config 4 has no interface number 2
[   44.123867][ T1064] usb 1-1: config 4 has no interface number 3
[   44.130001][ T1064] usb 1-1: config 4 has no interface number 4
[   44.136375][ T1064] usb 1-1: config 4 interface 57 altsetting 0 endpoint 0x7 has invalid maxpacket 512, setting to 64
[   44.147232][ T1064] usb 1-1: config 4 interface 57 altsetting 0 endpoint 0xE has invalid maxpacket 1024, setting to 64
[   44.158199][ T1064] usb 1-1: config 4 interface 57 altsetting 0 endpoint 0x3 has invalid maxpacket 1064, setting to 64
[   44.169158][ T1064] usb 1-1: config 4 interface 57 altsetting 0 has 6 endpoint descriptors, different from the interface descriptor's value: 14
[   44.182258][ T1064] usb 1-1: too many endpoints for config 4 interface 65 altsetting 254: 200, using maximum allowed: 30
[   44.193382][ T1064] usb 1-1: config 4 interface 65 altsetting 254 has an invalid endpoint descriptor of length 2, skipping
[   44.204664][ T1064] usb 1-1: config 4 interface 65 altsetting 254 has an invalid descriptor for endpoint zero, skipping
[   44.215676][ T1064] usb 1-1: config 4 interface 65 altsetting 254 has a duplicate endpoint with address 0xA, skipping
[   44.226525][ T1064] usb 1-1: config 4 interface 65 altsetting 254 has a duplicate endpoint with address 0x2, skipping
[   44.237393][ T1064] usb 1-1: config 4 interface 65 altsetting 254 has a duplicate endpoint with address 0x6, skipping
[   44.248259][ T1064] usb 1-1: config 4 interface 65 altsetting 254 has a duplicate endpoint with address 0x8, skipping
[   44.259136][ T1064] usb 1-1: config 4 interface 65 altsetting 254 has 9 endpoint descriptors, different from the interface descriptor's value: 200
[   44.272497][ T1064] usb 1-1: config 4 interface 212 altsetting 149 has an invalid endpoint descriptor of length 2, skipping
[   44.283889][ T1064] usb 1-1: config 4 interface 212 altsetting 149 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[   44.297083][ T1064] usb 1-1: config 4 interface 65 has no altsetting 0
[   44.303832][ T1064] usb 1-1: config 4 interface 212 has no altsetting 0
[   44.310672][ T1064] usb 1-1: config 4 interface 21 has no altsetting 0
[   44.317369][ T1064] usb 1-1: config 4 interface 111 has no altsetting 0
[   44.326411][ T1064] usb 1-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=1c.d5
[   44.335520][ T1064] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   44.343607][ T1064] usb 1-1: Product: syz
[   44.347851][ T1064] usb 1-1: Manufacturer: syz
[   44.352472][ T1064] usb 1-1: SerialNumber: syz
executing program
[   44.569435][ T1064] ------------[ cut here ]------------
[   44.575047][ T1064] usb 1-1: BOGUS urb xfer, pipe 1 != type 3
[   44.581792][ T1064] WARNING: CPU: 1 PID: 1064 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730
[   44.591568][ T1064] Modules linked in:
[   44.595553][ T1064] CPU: 1 UID: 0 PID: 1064 Comm: kworker/1:2 Not tainted 6.13.0-rc1-syzkaller-ge70140ba0d2b #0
[   44.605898][ T1064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   44.616066][ T1064] Workqueue: usb_hub_wq hub_event
[   44.621219][ T1064] RIP: 0010:usb_submit_urb+0xe4b/0x1730
[   44.626898][ T1064] Code: 84 3c 02 00 00 e8 95 9f f1 fc 4c 89 ef e8 fd cd d5 fe 45 89 e0 89 e9 4c 89 f2 48 89 c6 48 c7 c7 00 a4 a1 87 e8 f6 a3 b5 fc 90 <0f> 0b 90 90 e9 e9 f8 ff ff e8 67 9f f1 fc 49 81 c4 b8 05 00 00 e9
[   44.646617][ T1064] RSP: 0018:ffffc90001e7ee68 EFLAGS: 00010286
[   44.652807][ T1064] RAX: 0000000000000000 RBX: ffff888104accf00 RCX: ffffffff811f5879
[   44.660965][ T1064] RDX: ffff88810f311d40 RSI: ffffffff811f5886 RDI: 0000000000000001
[   44.669105][ T1064] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[   44.677103][ T1064] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000003
[   44.685176][ T1064] R13: ffff888105abf0a8 R14: ffff8881046dec20 R15: ffff888104accf7c
[   44.693237][ T1064] FS:  0000000000000000(0000) GS:ffff8881f5900000(0000) knlGS:0000000000000000
[   44.702248][ T1064] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   44.708906][ T1064] CR2: 00007fbdd6d00128 CR3: 0000000008ca0000 CR4: 00000000003506f0
[   44.716906][ T1064] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   44.724956][ T1064] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   44.733016][ T1064] Call Trace:
[   44.736314][ T1064]  <TASK>
[   44.739317][ T1064]  ? __warn+0xea/0x3c0
[   44.743457][ T1064]  ? usb_submit_urb+0xe4b/0x1730
[   44.748479][ T1064]  ? report_bug+0x3c0/0x580
[   44.753075][ T1064]  ? handle_bug+0x54/0xa0
[   44.757540][ T1064]  ? exc_invalid_op+0x17/0x50
[   44.762418][ T1064]  ? asm_exc_invalid_op+0x1a/0x20
[   44.767521][ T1064]  ? __warn_printk+0x199/0x350
[   44.772560][ T1064]  ? __warn_printk+0x1a6/0x350
[   44.777369][ T1064]  ? usb_submit_urb+0xe4b/0x1730
[   44.782403][ T1064]  ? usb_submit_urb+0xe4a/0x1730
[   44.787434][ T1064]  ? __init_swait_queue_head+0xca/0x150
[   44.793195][ T1064]  usb_start_wait_urb+0x103/0x4c0
[   44.798306][ T1064]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   44.803910][ T1064]  ? __asan_memset+0x23/0x50
[   44.808603][ T1064]  usb_bulk_msg+0x22c/0x550
[   44.813193][ T1064]  amradio_send_cmd+0x2e2/0x940
[   44.818148][ T1064]  ? __pfx_amradio_send_cmd+0x10/0x10
[   44.823589][ T1064]  ? read_word_at_a_time+0xe/0x20
[   44.828737][ T1064]  ? sized_strscpy+0xae/0x2e0
[   44.834005][ T1064]  usb_amradio_probe+0x4a3/0x8a0
[   44.839065][ T1064]  usb_probe_interface+0x300/0x9c0
[   44.844240][ T1064]  ? __pfx_usb_probe_interface+0x10/0x10
[   44.849957][ T1064]  really_probe+0x23e/0xa90
[   44.854559][ T1064]  __driver_probe_device+0x1de/0x440
[   44.859955][ T1064]  driver_probe_device+0x4c/0x1b0
[   44.865144][ T1064]  __device_attach_driver+0x1df/0x310
[   44.870624][ T1064]  ? __pfx___device_attach_driver+0x10/0x10
[   44.876592][ T1064]  bus_for_each_drv+0x157/0x1e0
[   44.881531][ T1064]  ? __pfx_bus_for_each_drv+0x10/0x10
[   44.886961][ T1064]  ? lockdep_hardirqs_on+0x7c/0x110
[   44.892257][ T1064]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[   44.898336][ T1064]  __device_attach+0x1e8/0x4b0
[   44.903161][ T1064]  ? __pfx___device_attach+0x10/0x10
[   44.908544][ T1064]  ? do_raw_spin_unlock+0x172/0x230
[   44.913833][ T1064]  bus_probe_device+0x17f/0x1c0
[   44.918777][ T1064]  device_add+0x114b/0x1a70
[   44.923346][ T1064]  ? __pfx_device_add+0x10/0x10
[   44.928282][ T1064]  ? wakeup_sysfs_add+0x51/0x60
[   44.933221][ T1064]  usb_set_configuration+0x10cb/0x1c50
[   44.938845][ T1064]  ? __pfx_usb_generic_driver_probe+0x10/0x10
[   44.944971][ T1064]  usb_generic_driver_probe+0xb1/0x110
[   44.950558][ T1064]  usb_probe_device+0xec/0x3e0
[   44.955740][ T1064]  ? __pfx_usb_probe_device+0x10/0x10
[   44.961273][ T1064]  really_probe+0x23e/0xa90
[   44.965844][ T1064]  __driver_probe_device+0x1de/0x440
[   44.971227][ T1064]  ? usb_driver_applicable+0x1c7/0x220
[   44.976771][ T1064]  driver_probe_device+0x4c/0x1b0
[   44.981902][ T1064]  __device_attach_driver+0x1df/0x310
[   44.987342][ T1064]  ? __pfx___device_attach_driver+0x10/0x10
[   44.993322][ T1064]  bus_for_each_drv+0x157/0x1e0
[   44.998266][ T1064]  ? __pfx_bus_for_each_drv+0x10/0x10
[   45.003698][ T1064]  ? lockdep_hardirqs_on+0x7c/0x110
[   45.008983][ T1064]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[   45.015045][ T1064]  __device_attach+0x1e8/0x4b0
[   45.020008][ T1064]  ? __pfx___device_attach+0x10/0x10
[   45.025373][ T1064]  ? do_raw_spin_unlock+0x172/0x230
[   45.030716][ T1064]  bus_probe_device+0x17f/0x1c0
[   45.035632][ T1064]  device_add+0x114b/0x1a70
[   45.040328][ T1064]  ? __pfx_device_add+0x10/0x10
[   45.045262][ T1064]  ? add_device_randomness+0xb8/0xf0
[   45.050638][ T1064]  usb_new_device+0xd90/0x1a10
[   45.055487][ T1064]  ? __pfx_usb_new_device+0x10/0x10
[   45.060802][ T1064]  hub_event+0x2e58/0x4f40
[   45.065304][ T1064]  ? __pfx_hub_event+0x10/0x10
[   45.070252][ T1064]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   45.075948][ T1064]  ? rcu_is_watching+0x12/0xc0
[   45.080802][ T1064]  ? trace_lock_acquire+0x14e/0x1f0
[   45.086072][ T1064]  ? process_one_work+0x921/0x1ba0
[   45.091266][ T1064]  ? lock_acquire+0x2f/0xb0
[   45.095852][ T1064]  ? process_one_work+0x921/0x1ba0
[   45.101071][ T1064]  process_one_work+0x9c5/0x1ba0
[   45.106083][ T1064]  ? __pfx_hcd_resume_work+0x10/0x10
[   45.111465][ T1064]  ? __pfx_process_one_work+0x10/0x10
[   45.116909][ T1064]  ? rcu_is_watching+0x12/0xc0
[   45.121803][ T1064]  ? assign_work+0x1a0/0x250
[   45.126579][ T1064]  worker_thread+0x6c8/0xf00
[   45.131266][ T1064]  ? __kthread_parkme+0x148/0x220
[   45.136360][ T1064]  ? __pfx_worker_thread+0x10/0x10
[   45.141637][ T1064]  kthread+0x2c1/0x3a0
[   45.145781][ T1064]  ? _raw_spin_unlock_irq+0x23/0x50
[   45.151069][ T1064]  ? __pfx_kthread+0x10/0x10
[   45.155758][ T1064]  ret_from_fork+0x45/0x80
[   45.160260][ T1064]  ? __pfx_kthread+0x10/0x10
[   45.164935][ T1064]  ret_from_fork_asm+0x1a/0x30
[   45.169838][ T1064]  </TASK>
[   45.172896][ T1064] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   45.180285][ T1064] CPU: 1 UID: 0 PID: 1064 Comm: kworker/1:2 Not tainted 6.13.0-rc1-syzkaller-ge70140ba0d2b #0
[   45.190628][ T1064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   45.200704][ T1064] Workqueue: usb_hub_wq hub_event
[   45.205770][ T1064] Call Trace:
[   45.209064][ T1064]  <TASK>
[   45.212010][ T1064]  dump_stack_lvl+0x3d/0x1f0
[   45.216634][ T1064]  panic+0x71d/0x800
[   45.220622][ T1064]  ? __pfx_panic+0x10/0x10
[   45.225323][ T1064]  ? show_trace_log_lvl+0x29d/0x3d0
[   45.230556][ T1064]  ? check_panic_on_warn+0x1f/0xb0
[   45.235710][ T1064]  ? usb_submit_urb+0xe4b/0x1730
[   45.240712][ T1064]  check_panic_on_warn+0xab/0xb0
[   45.245683][ T1064]  __warn+0xf6/0x3c0
[   45.249604][ T1064]  ? usb_submit_urb+0xe4b/0x1730
[   45.254584][ T1064]  report_bug+0x3c0/0x580
[   45.258973][ T1064]  handle_bug+0x54/0xa0
[   45.263168][ T1064]  exc_invalid_op+0x17/0x50
[   45.267716][ T1064]  asm_exc_invalid_op+0x1a/0x20
[   45.272614][ T1064] RIP: 0010:usb_submit_urb+0xe4b/0x1730
[   45.278184][ T1064] Code: 84 3c 02 00 00 e8 95 9f f1 fc 4c 89 ef e8 fd cd d5 fe 45 89 e0 89 e9 4c 89 f2 48 89 c6 48 c7 c7 00 a4 a1 87 e8 f6 a3 b5 fc 90 <0f> 0b 90 90 e9 e9 f8 ff ff e8 67 9f f1 fc 49 81 c4 b8 05 00 00 e9
[   45.297984][ T1064] RSP: 0018:ffffc90001e7ee68 EFLAGS: 00010286
[   45.304170][ T1064] RAX: 0000000000000000 RBX: ffff888104accf00 RCX: ffffffff811f5879
[   45.312175][ T1064] RDX: ffff88810f311d40 RSI: ffffffff811f5886 RDI: 0000000000000001
[   45.320177][ T1064] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[   45.328172][ T1064] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000003
[   45.336170][ T1064] R13: ffff888105abf0a8 R14: ffff8881046dec20 R15: ffff888104accf7c
[   45.344183][ T1064]  ? __warn_printk+0x199/0x350
[   45.349008][ T1064]  ? __warn_printk+0x1a6/0x350
[   45.353804][ T1064]  ? usb_submit_urb+0xe4a/0x1730
[   45.358769][ T1064]  ? __init_swait_queue_head+0xca/0x150
[   45.364398][ T1064]  usb_start_wait_urb+0x103/0x4c0
[   45.369454][ T1064]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   45.375037][ T1064]  ? __asan_memset+0x23/0x50
[   45.379670][ T1064]  usb_bulk_msg+0x22c/0x550
[   45.384199][ T1064]  amradio_send_cmd+0x2e2/0x940
[   45.389089][ T1064]  ? __pfx_amradio_send_cmd+0x10/0x10
[   45.394500][ T1064]  ? read_word_at_a_time+0xe/0x20
[   45.399568][ T1064]  ? sized_strscpy+0xae/0x2e0
[   45.404385][ T1064]  usb_amradio_probe+0x4a3/0x8a0
[   45.409380][ T1064]  usb_probe_interface+0x300/0x9c0
[   45.414994][ T1064]  ? __pfx_usb_probe_interface+0x10/0x10
[   45.420681][ T1064]  really_probe+0x23e/0xa90
[   45.425247][ T1064]  __driver_probe_device+0x1de/0x440
[   45.430574][ T1064]  driver_probe_device+0x4c/0x1b0
[   45.435631][ T1064]  __device_attach_driver+0x1df/0x310
[   45.441080][ T1064]  ? __pfx___device_attach_driver+0x10/0x10
[   45.447002][ T1064]  bus_for_each_drv+0x157/0x1e0
[   45.451893][ T1064]  ? __pfx_bus_for_each_drv+0x10/0x10
[   45.457288][ T1064]  ? lockdep_hardirqs_on+0x7c/0x110
[   45.462630][ T1064]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[   45.468497][ T1064]  __device_attach+0x1e8/0x4b0
[   45.473290][ T1064]  ? __pfx___device_attach+0x10/0x10
[   45.478607][ T1064]  ? do_raw_spin_unlock+0x172/0x230
[   45.483842][ T1064]  bus_probe_device+0x17f/0x1c0
[   45.488723][ T1064]  device_add+0x114b/0x1a70
[   45.493262][ T1064]  ? __pfx_device_add+0x10/0x10
[   45.498146][ T1064]  ? wakeup_sysfs_add+0x51/0x60
[   45.503036][ T1064]  usb_set_configuration+0x10cb/0x1c50
[   45.508541][ T1064]  ? __pfx_usb_generic_driver_probe+0x10/0x10
[   45.514633][ T1064]  usb_generic_driver_probe+0xb1/0x110
[   45.520116][ T1064]  usb_probe_device+0xec/0x3e0
[   45.524900][ T1064]  ? __pfx_usb_probe_device+0x10/0x10
[   45.530301][ T1064]  really_probe+0x23e/0xa90
[   45.534839][ T1064]  __driver_probe_device+0x1de/0x440
[   45.540162][ T1064]  ? usb_driver_applicable+0x1c7/0x220
[   45.545661][ T1064]  driver_probe_device+0x4c/0x1b0
[   45.550733][ T1064]  __device_attach_driver+0x1df/0x310
[   45.556140][ T1064]  ? __pfx___device_attach_driver+0x10/0x10
[   45.562067][ T1064]  bus_for_each_drv+0x157/0x1e0
[   45.566949][ T1064]  ? __pfx_bus_for_each_drv+0x10/0x10
[   45.572345][ T1064]  ? lockdep_hardirqs_on+0x7c/0x110
[   45.577571][ T1064]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[   45.583464][ T1064]  __device_attach+0x1e8/0x4b0
[   45.588257][ T1064]  ? __pfx___device_attach+0x10/0x10
[   45.593601][ T1064]  ? do_raw_spin_unlock+0x172/0x230
[   45.598889][ T1064]  bus_probe_device+0x17f/0x1c0
[   45.603784][ T1064]  device_add+0x114b/0x1a70
[   45.608355][ T1064]  ? __pfx_device_add+0x10/0x10
[   45.613241][ T1064]  ? add_device_randomness+0xb8/0xf0
[   45.618570][ T1064]  usb_new_device+0xd90/0x1a10
[   45.623372][ T1064]  ? __pfx_usb_new_device+0x10/0x10
[   45.628612][ T1064]  hub_event+0x2e58/0x4f40
[   45.633081][ T1064]  ? __pfx_hub_event+0x10/0x10
[   45.637918][ T1064]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   45.643587][ T1064]  ? rcu_is_watching+0x12/0xc0
[   45.648419][ T1064]  ? trace_lock_acquire+0x14e/0x1f0
[   45.653646][ T1064]  ? process_one_work+0x921/0x1ba0
[   45.658802][ T1064]  ? lock_acquire+0x2f/0xb0
[   45.663340][ T1064]  ? process_one_work+0x921/0x1ba0
[   45.668490][ T1064]  process_one_work+0x9c5/0x1ba0
[   45.673641][ T1064]  ? __pfx_hcd_resume_work+0x10/0x10
[   45.678963][ T1064]  ? __pfx_process_one_work+0x10/0x10
[   45.684380][ T1064]  ? rcu_is_watching+0x12/0xc0
[   45.689188][ T1064]  ? assign_work+0x1a0/0x250
[   45.693812][ T1064]  worker_thread+0x6c8/0xf00
[   45.698441][ T1064]  ? __kthread_parkme+0x148/0x220
[   45.703502][ T1064]  ? __pfx_worker_thread+0x10/0x10
[   45.708641][ T1064]  kthread+0x2c1/0x3a0
[   45.712750][ T1064]  ? _raw_spin_unlock_irq+0x23/0x50
[   45.717979][ T1064]  ? __pfx_kthread+0x10/0x10
[   45.722717][ T1064]  ret_from_fork+0x45/0x80
[   45.727219][ T1064]  ? __pfx_kthread+0x10/0x10
[   45.731856][ T1064]  ret_from_fork_asm+0x1a/0x30
[   45.736665][ T1064]  </TASK>
[   45.739846][ T1064] Kernel Offset: disabled
[   45.744232][ T1064] Rebooting in 86400 seconds..