./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1068592351

<...>
Warning: Permanently added '10.128.10.46' (ED25519) to the list of known hosts.
execve("./syz-executor1068592351", ["./syz-executor1068592351"], 0x7ffffffd75a0 /* 10 vars */) = 0
brk(NULL)                               = 0x55556eda1000
brk(0x55556eda1d40)                     = 0x55556eda1d40
arch_prctl(ARCH_SET_FS, 0x55556eda13c0) = 0
set_tid_address(0x55556eda1690)         = 5819
set_robust_list(0x55556eda16a0, 24)     = 0
rseq(0x55556eda1ce0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1068592351", 4096) = 28
getrandom("\x00\xc9\xe7\x38\xc6\xf1\xf1\xf0", 8, GRND_NONBLOCK) = 8
[   64.311064][   T30] audit: type=1400 audit(1749582642.083:62): avc:  denied  { write } for  pid=5816 comm="strace-static-x" path="pipe:[4295]" dev="pipefs" ino=4295 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
brk(NULL)                               = 0x55556eda1d40
brk(0x55556edc2d40)                     = 0x55556edc2d40
brk(0x55556edc3000)                     = 0x55556edc3000
mprotect(0x7f3739068000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556eda1690) = 5820
./strace-static-x86_64: Process 5820 attached
[   64.439000][   T30] audit: type=1400 audit(1749582642.213:63): avc:  denied  { execmem } for  pid=5819 comm="syz-executor106" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[pid  5820] set_robust_list(0x55556eda16a0, 24) = 0
[pid  5820] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 3
[pid  5820] openat(AT_FDCWD, "/dev/vhci", O_RDWR) = 4
[pid  5820] dup2(4, 202)                = 202
[pid  5820] close(4)                    = 0
[   64.504035][   T30] audit: type=1400 audit(1749582642.273:64): avc:  denied  { create } for  pid=5820 comm="syz-executor106" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   64.525070][   T30] audit: type=1400 audit(1749582642.293:65): avc:  denied  { read write } for  pid=5820 comm="syz-executor106" name="vhci" dev="devtmpfs" ino=1269 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[pid  5820] write(202, "\xff\x00", 2)   = 2
[pid  5820] read(202, "\xff\x00\x00\x00", 4) = 4
[pid  5820] rt_sigaction(SIGRT_1, {sa_handler=0x7f373900c250, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3738ffd8d0}, NULL, 8) = 0
[pid  5820] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid  5820] mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f373879b000
[pid  5820] mprotect(0x7f373879c000, 8388608, PROT_READ|PROT_WRITE) = 0
[pid  5820] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid  5820] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3738f9b990, parent_tid=0x7f3738f9b990, exit_signal=0, stack=0x7f373879b000, stack_size=0x800300, tls=0x7f3738f9b6c0}./strace-static-x86_64: Process 5823 attached
 => {parent_tid=[2]}, 88) = 2
[pid  5823] rseq(0x7f3738f9bfe0, 0x20, 0, 0x53053053 <unfinished ...>
[pid  5820] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5823] <... rseq resumed>)         = 0
[pid  5820] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5823] set_robust_list(0x7f3738f9b9a0, 24 <unfinished ...>
[pid  5820] ioctl(3, HCIDEVUP <unfinished ...>
[pid  5823] <... set_robust_list resumed>) = 0
[pid  5823] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid  5823] read(202, "\x01\x03\x0c\x00", 1024) = 4
[   64.549251][   T30] audit: type=1400 audit(1749582642.293:66): avc:  denied  { open } for  pid=5820 comm="syz-executor106" path="/dev/vhci" dev="devtmpfs" ino=1269 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[pid  5823] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5823] read(202, "\x01\x03\x10\x00", 1024) = 4
[pid  5823] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5823] read(202, "\x01\x01\x10\x00", 1024) = 4
[pid  5823] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5823] read(202, "\x01\x09\x10\x00", 1024) = 4
[pid  5823] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4) = 13
[pid  5823] read(202, "\x01\x05\x10\x00", 1024) = 4
[   64.582710][   T30] audit: type=1400 audit(1749582642.353:67): avc:  denied  { ioctl } for  pid=5820 comm="syz-executor106" path="socket:[4298]" dev="sockfs" ino=4298 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   64.588877][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   64.626266][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   64.636703][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[pid  5823] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4) = 14
[pid  5823] read(202, "\x01\x23\x0c\x00", 1024) = 4
[pid  5823] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5823] read(202, "\x01\x14\x0c\x00", 1024) = 4
[pid  5823] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5823] read(202, "\x01\x38\x0c\x00", 1024) = 4
[pid  5823] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5823] read(202, "\x01\x39\x0c\x00", 1024) = 4
[pid  5823] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5823] read(202, "\x01\x16\x0c\x02\x00\x7d", 1024) = 6
[pid  5823] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5823] read(202,  <unfinished ...>
[pid  5820] <... ioctl resumed>, 0)     = -1 EALREADY (Operation already in progress)
[pid  5820] ioctl(3, HCISETSCAN <unfinished ...>
[pid  5823] <... read resumed>"\x01\x1a\x0c\x01\x02", 1024) = 5
[pid  5823] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4) = 7
[pid  5823] rt_sigprocmask(SIG_BLOCK, ~[RT_1], NULL, 8) = 0
[pid  5820] <... ioctl resumed>, 0x7ffe730f8684) = 0
[pid  5823] madvise(0x7f373879b000, 8372224, MADV_DONTNEED <unfinished ...>
[pid  5820] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3 <unfinished ...>
[pid  5823] <... madvise resumed>)      = 0
[pid  5823] exit(0 <unfinished ...>
[pid  5820] <... writev resumed>)       = 13
[pid  5820] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3 <unfinished ...>
[pid  5823] <... exit resumed>)         = ?
[pid  5820] <... writev resumed>)       = 14
[pid  5823] +++ exited with 0 +++
[pid  5820] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3) = 14
[   64.696793][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   64.725021][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[pid  5820] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3) = 22
[pid  5820] close(3)                    = 0
[pid  5820] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5820] getppid()                   = 0
[pid  5820] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5820] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5820] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5820] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5820] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5820] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5820] unshare(CLONE_NEWNS)        = 0
[pid  5820] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5820] unshare(CLONE_NEWIPC)       = 0
[pid  5820] unshare(CLONE_NEWCGROUP)    = 0
[pid  5820] unshare(CLONE_NEWUTS)       = 0
[   64.872979][   T30] audit: type=1400 audit(1749582642.643:68): avc:  denied  { mounton } for  pid=5820 comm="syz-executor106" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[pid  5820] unshare(CLONE_SYSVSEM)      = 0
[pid  5820] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5820] write(3, "16777216", 8)     = 8
[pid  5820] close(3)                    = 0
[pid  5820] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5820] write(3, "536870912", 9)    = 9
[pid  5820] close(3)                    = 0
[pid  5820] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5820] write(3, "1024", 4)         = 4
[pid  5820] close(3)                    = 0
[pid  5820] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5820] write(3, "8192", 4)         = 4
[pid  5820] close(3)                    = 0
[pid  5820] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5820] write(3, "1024", 4)         = 4
[pid  5820] close(3)                    = 0
[pid  5820] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5820] write(3, "1024", 4)         = 4
[pid  5820] close(3)                    = 0
[pid  5820] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5820] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5820] close(3)                    = 0
[pid  5820] getpid()                    = 1
[pid  5820] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5820] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5820] unshare(CLONE_NEWNET)       = 0
[pid  5820] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5820] write(3, "0 65535", 7)      = 7
[pid  5820] close(3)                    = 0
[pid  5820] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid  5820] write(3, "100000", 6)       = 6
[pid  5820] close(3)                    = 0
[pid  5820] mkdir("./syz-tmp", 0777)    = 0
[pid  5820] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid  5820] mkdir("./syz-tmp/newroot", 0777) = 0
[pid  5820] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[   65.324741][   T30] audit: type=1400 audit(1749582643.093:69): avc:  denied  { mounton } for  pid=5820 comm="syz-executor106" path="/root/syz-tmp" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   65.347776][   T30] audit: type=1400 audit(1749582643.093:70): avc:  denied  { mount } for  pid=5820 comm="syz-executor106" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[pid  5820] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5820] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid  5820] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[pid  5820] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid  5820] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[   65.370649][   T30] audit: type=1400 audit(1749582643.143:71): avc:  denied  { mounton } for  pid=5820 comm="syz-executor106" path="/root/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[pid  5820] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5820] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid  5820] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5820] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5820] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5820] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5820] mkdir("./syz-tmp/newroot/syz-inputs", 0700) = 0
[pid  5820] mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5820] mkdir("./syz-tmp/pivot", 0777) = 0
[pid  5820] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[pid  5820] chdir("/")                  = 0
[pid  5820] umount2("./pivot", MNT_DETACH) = 0
[pid  5820] chroot("./newroot")         = 0
[pid  5820] chdir("/")                  = 0
[pid  5820] mkdir("/dev/gadgetfs", 0777) = 0
[pid  5820] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL) = 0
[pid  5820] mkdir("/dev/binderfs", 0777) = 0
[pid  5820] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5820] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5820] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5820] write(1, "executing program\n", 18executing program
) = 18
[pid  5820] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid  5820] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffe730f7620) = 0
[pid  5820] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid  5820] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe730f7620) = 0
[pid  5820] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe730f7620) = 0
[pid  5820] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe730f7620) = 0
[pid  5820] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe730f7620) = 0
[pid  5820] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe730f6610) = 18
[pid  5820] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe730f7620) = 0
[   65.877169][    T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[pid  5820] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe730f7620) = 0
[pid  5820] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe730f7620) = 0
[pid  5820] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe730f6610) = 18
[pid  5820] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe730f7620) = 0
[pid  5820] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe730f6610) = 0
[pid  5820] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe730f7620) = 0
[pid  5820] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe730f6610) = 0
[pid  5820] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe730f7620) = 0
[pid  5820] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe730f6610) = 0
[pid  5820] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe730f7620) = 0
[pid  5820] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe730f6610) = 9
[pid  5820] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe730f7620) = 0
[   66.100824][    T9] usb 1-1: unable to get BOS descriptor or descriptor too short
[pid  5820] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe730f6610) = 79
[   66.142584][    T9] usb 1-1: config 6 has an invalid interface number: 97 but max is 1
[   66.150965][    T9] usb 1-1: config 6 has an invalid interface number: 114 but max is 1
[   66.159448][    T9] usb 1-1: config 6 has no interface number 0
[   66.165494][    T9] usb 1-1: config 6 has no interface number 1
[   66.171600][    T9] usb 1-1: config 6 interface 97 altsetting 1 endpoint 0x6 has an invalid bInterval 17, changing to 8
[pid  5820] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe730f7620) = 0
[pid  5820] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe730f6610) = 4
[pid  5820] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe730f7620) = 0
[pid  5820] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe730f6610) = 8
[pid  5820] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe730f7620) = 0
[   66.182549][    T9] usb 1-1: config 6 interface 97 altsetting 1 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[   66.193402][    T9] usb 1-1: config 6 interface 97 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 8
[   66.203138][    T9] usb 1-1: config 6 interface 97 altsetting 1 endpoint 0xA has invalid maxpacket 1527, setting to 64
[   66.213985][    T9] usb 1-1: config 6 interface 97 has no altsetting 0
[   66.220662][    T9] usb 1-1: config 6 interface 114 has no altsetting 0
[pid  5820] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe730f6610) = 8
[pid  5820] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe730f7620) = 0
[pid  5820] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe730f6610) = 8
[pid  5820] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe730f7620) = 0
[pid  5820] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xe0) = 0
[pid  5820] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid  5820] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f373906e3ec) = 11
[   66.301272][    T9] usb 1-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=10.4c
[   66.310551][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   66.318718][    T9] usb 1-1: Product: syz
[   66.322873][    T9] usb 1-1: Manufacturer: syz
[   66.327470][    T9] usb 1-1: SerialNumber: syz
[pid  5820] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f373906e3fc) = -1 EINVAL (Invalid argument)
[pid  5820] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f373906e40c) = -1 EINVAL (Invalid argument)
[pid  5820] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f373906e41c) = -1 EINVAL (Invalid argument)
[pid  5820] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f373906e42c) = -1 EINVAL (Invalid argument)
[pid  5820] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffe730f6610) = 0
[   66.418938][ T5820] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[pid  5820] close(3)                    = 0
[pid  5820] close(4)                    = -1 EBADF (Bad file descriptor)
[pid  5820] close(5)                    = -1 EBADF (Bad file descriptor)
[pid  5820] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5820] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5820] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5820] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5820] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5820] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5820] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5820] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5820] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5820] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5820] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5820] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5820] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5820] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5820] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5820] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5820] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5820] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5820] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5820] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5820] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5820] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5820] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5820] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5820] exit_group(1)               = ?
[   66.662859][    T9] ------------[ cut here ]------------
[   66.668424][    T9] usb 1-1: BOGUS urb xfer, pipe 1 != type 3
[   66.677271][    T9] WARNING: CPU: 0 PID: 9 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4a/0x1790
[   66.686589][    T9] Modules linked in:
[   66.690625][    T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.16.0-rc1-syzkaller-00003-gf09079bd04a9 #0 PREEMPT(full) 
[   66.702438][    T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   66.712501][    T9] Workqueue: usb_hub_wq hub_event
[   66.717615][    T9] RIP: 0010:usb_submit_urb+0xe4a/0x1790
[   66.723138][    T9] Code: 84 67 02 00 00 e8 c6 f5 86 fa 4c 89 ef e8 4e c9 d5 fe 45 89 e0 89 e9 4c 89 f2 48 89 c6 48 c7 c7 60 0f 73 8c e8 c7 ba 45 fa 90 <0f> 0b 90 90 e9 ea f8 ff ff e8 98 f5 86 fa 49 81 c4 c8 05 00 00 e9
[   66.742755][    T9] RSP: 0018:ffffc900000e6df0 EFLAGS: 00010286
[   66.748865][    T9] RAX: 0000000000000000 RBX: ffff888026b11700 RCX: ffffffff817ae368
[   66.756827][    T9] RDX: ffff88801ce84880 RSI: ffffffff817ae375 RDI: 0000000000000001
[   66.764804][    T9] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[   66.772790][    T9] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000003
[   66.780787][    T9] R13: ffff88807f84e0b0 R14: ffff888028d496e0 R15: 0000000040010200
[   66.788763][    T9] FS:  0000000000000000(0000) GS:ffff888124754000(0000) knlGS:0000000000000000
[   66.797756][    T9] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   66.797784][ T5142] Bluetooth: hci0: command tx timeout
[   66.804328][    T9] CR2: 000055c370e08ef0 CR3: 00000000779a6000 CR4: 00000000003526f0
[   66.817743][    T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   66.825707][    T9] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   66.833734][    T9] Call Trace:
[   66.837030][    T9]  <TASK>
[   66.839964][    T9]  ? lockdep_init_map_type+0x5c/0x280
[   66.845326][    T9]  ? __init_swait_queue_head+0xca/0x150
[   66.850886][    T9]  usb_start_wait_urb+0x104/0x4b0
[   66.855910][    T9]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   66.861483][    T9]  ? __asan_memset+0x23/0x50
[   66.866072][    T9]  usb_bulk_msg+0x22b/0x550
[   66.870589][    T9]  amradio_send_cmd+0x2df/0x930
[   66.875457][    T9]  ? __pfx_amradio_send_cmd+0x10/0x10
[   66.880872][    T9]  ? lockdep_init_map_type+0x5c/0x280
[   66.886254][    T9]  ? lockdep_init_map_type+0x5c/0x280
[   66.891688][    T9]  usb_amradio_probe+0x4a3/0x8a0
[   66.896645][    T9]  usb_probe_interface+0x303/0x9c0
[   66.901806][    T9]  ? __pfx_usb_probe_interface+0x10/0x10
[   66.907457][    T9]  really_probe+0x23e/0xa90
[   66.911978][    T9]  __driver_probe_device+0x1de/0x440
[   66.917283][    T9]  driver_probe_device+0x4c/0x1b0
[   66.922308][    T9]  __device_attach_driver+0x1df/0x310
[   66.927704][    T9]  ? __pfx___device_attach_driver+0x10/0x10
[   66.933595][    T9]  bus_for_each_drv+0x156/0x1e0
[   66.938462][    T9]  ? __pfx_bus_for_each_drv+0x10/0x10
[   66.943833][    T9]  ? lockdep_hardirqs_on+0x7c/0x110
[   66.949051][    T9]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[   66.954946][    T9]  __device_attach+0x1e4/0x4b0
[   66.959727][    T9]  ? __pfx___device_attach+0x10/0x10
[   66.965012][    T9]  ? do_raw_spin_unlock+0x172/0x230
[   66.970236][    T9]  bus_probe_device+0x17f/0x1c0
[   66.975087][    T9]  device_add+0x1148/0x1a70
[   66.979622][    T9]  ? __pfx_device_add+0x10/0x10
[   66.984484][    T9]  ? usb_cache_string+0xf2/0x150
[   66.989468][    T9]  usb_set_configuration+0x1187/0x1e20
[   66.994947][    T9]  ? __pfx_usb_generic_driver_probe+0x10/0x10
[   67.001052][    T9]  usb_generic_driver_probe+0xb1/0x110
[   67.006599][    T9]  usb_probe_device+0xef/0x3e0
[   67.011380][    T9]  ? __pfx_usb_probe_device+0x10/0x10
[   67.016752][    T9]  really_probe+0x23e/0xa90
[   67.021293][    T9]  __driver_probe_device+0x1de/0x440
[   67.026584][    T9]  ? usb_driver_applicable+0x1c7/0x220
[   67.032076][    T9]  driver_probe_device+0x4c/0x1b0
[   67.037141][    T9]  __device_attach_driver+0x1df/0x310
[   67.042516][    T9]  ? __pfx___device_attach_driver+0x10/0x10
[   67.048428][    T9]  bus_for_each_drv+0x156/0x1e0
[   67.053274][    T9]  ? __pfx_bus_for_each_drv+0x10/0x10
[   67.058670][    T9]  ? lockdep_hardirqs_on+0x7c/0x110
[   67.063891][    T9]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[   67.069733][    T9]  __device_attach+0x1e4/0x4b0
[   67.074504][    T9]  ? __pfx___device_attach+0x10/0x10
[   67.079827][    T9]  ? do_raw_spin_unlock+0x172/0x230
[   67.085024][    T9]  bus_probe_device+0x17f/0x1c0
[   67.089908][    T9]  device_add+0x1148/0x1a70
[   67.094425][    T9]  ? __pfx_device_add+0x10/0x10
[   67.099310][    T9]  ? add_device_randomness+0xb7/0xf0
[   67.104605][    T9]  ? __usb_get_extra_descriptor+0x158/0x1c0
[   67.110524][    T9]  usb_new_device+0xd07/0x1a20
[   67.115300][    T9]  ? do_raw_spin_lock+0x12c/0x2b0
[   67.120352][    T9]  ? __pfx_usb_new_device+0x10/0x10
[   67.125581][    T9]  ? mark_held_locks+0x49/0x80
[   67.130383][    T9]  hub_event+0x2eb7/0x4fa0
[   67.134826][    T9]  ? __pfx_hub_event+0x10/0x10
[   67.139631][    T9]  ? assoc_array_insert+0x3d0/0x3970
[   67.144948][    T9]  ? rcu_is_watching+0x12/0xc0
[   67.149760][    T9]  process_one_work+0x9cf/0x1b70
[   67.154715][    T9]  ? __pfx_hcd_resume_work+0x10/0x10
[   67.160032][    T9]  ? __pfx_process_one_work+0x10/0x10
[   67.165425][    T9]  ? assign_work+0x1a0/0x250
[   67.170049][    T9]  worker_thread+0x6c8/0xf10
[   67.174665][    T9]  ? __pfx_worker_thread+0x10/0x10
[   67.179785][    T9]  kthread+0x3c5/0x780
[   67.183859][    T9]  ? __pfx_kthread+0x10/0x10
[   67.188464][    T9]  ? rcu_is_watching+0x12/0xc0
[   67.193225][    T9]  ? __pfx_kthread+0x10/0x10
[   67.197820][    T9]  ret_from_fork+0x5d4/0x6f0
[   67.202412][    T9]  ? __pfx_kthread+0x10/0x10
[   67.207009][    T9]  ret_from_fork_asm+0x1a/0x30
[   67.211786][    T9]  </TASK>
[   67.214783][    T9] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   67.222047][    T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.16.0-rc1-syzkaller-00003-gf09079bd04a9 #0 PREEMPT(full) 
[   67.233831][    T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   67.243864][    T9] Workqueue: usb_hub_wq hub_event
[   67.248872][    T9] Call Trace:
[   67.252126][    T9]  <TASK>
[   67.255035][    T9]  dump_stack_lvl+0x3d/0x1f0
[   67.259608][    T9]  panic+0x71c/0x800
[   67.263486][    T9]  ? __pfx_panic+0x10/0x10
[   67.267888][    T9]  ? show_trace_log_lvl+0x29b/0x3e0
[   67.273092][    T9]  ? check_panic_on_warn+0x1f/0xb0
[   67.278205][    T9]  ? usb_submit_urb+0xe4a/0x1790
[   67.283142][    T9]  check_panic_on_warn+0xab/0xb0
[   67.288075][    T9]  __warn+0xf6/0x3c0
[   67.291960][    T9]  ? preempt_schedule_notrace+0x62/0xe0
[   67.297497][    T9]  ? usb_submit_urb+0xe4a/0x1790
[   67.302417][    T9]  report_bug+0x3c3/0x580
[   67.306734][    T9]  ? usb_submit_urb+0xe4a/0x1790
[   67.311670][    T9]  handle_bug+0x184/0x210
[   67.315989][    T9]  exc_invalid_op+0x17/0x50
[   67.320488][    T9]  asm_exc_invalid_op+0x1a/0x20
[   67.325320][    T9] RIP: 0010:usb_submit_urb+0xe4a/0x1790
[   67.330849][    T9] Code: 84 67 02 00 00 e8 c6 f5 86 fa 4c 89 ef e8 4e c9 d5 fe 45 89 e0 89 e9 4c 89 f2 48 89 c6 48 c7 c7 60 0f 73 8c e8 c7 ba 45 fa 90 <0f> 0b 90 90 e9 ea f8 ff ff e8 98 f5 86 fa 49 81 c4 c8 05 00 00 e9
[   67.350444][    T9] RSP: 0018:ffffc900000e6df0 EFLAGS: 00010286
[   67.356494][    T9] RAX: 0000000000000000 RBX: ffff888026b11700 RCX: ffffffff817ae368
[   67.364449][    T9] RDX: ffff88801ce84880 RSI: ffffffff817ae375 RDI: 0000000000000001
[   67.372402][    T9] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[   67.380354][    T9] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000003
[   67.388308][    T9] R13: ffff88807f84e0b0 R14: ffff888028d496e0 R15: 0000000040010200
[   67.396267][    T9]  ? __warn_printk+0x198/0x350
[   67.401022][    T9]  ? __warn_printk+0x1a5/0x350
[   67.405795][    T9]  ? lockdep_init_map_type+0x5c/0x280
[   67.411160][    T9]  ? __init_swait_queue_head+0xca/0x150
[   67.416690][    T9]  usb_start_wait_urb+0x104/0x4b0
[   67.421699][    T9]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   67.427235][    T9]  ? __asan_memset+0x23/0x50
[   67.431814][    T9]  usb_bulk_msg+0x22b/0x550
[   67.436305][    T9]  amradio_send_cmd+0x2df/0x930
[   67.441148][    T9]  ? __pfx_amradio_send_cmd+0x10/0x10
[   67.446511][    T9]  ? lockdep_init_map_type+0x5c/0x280
[   67.451876][    T9]  ? lockdep_init_map_type+0x5c/0x280
[   67.457244][    T9]  usb_amradio_probe+0x4a3/0x8a0
[   67.462195][    T9]  usb_probe_interface+0x303/0x9c0
[   67.467298][    T9]  ? __pfx_usb_probe_interface+0x10/0x10
[   67.472920][    T9]  really_probe+0x23e/0xa90
[   67.477415][    T9]  __driver_probe_device+0x1de/0x440
[   67.482692][    T9]  driver_probe_device+0x4c/0x1b0
[   67.487709][    T9]  __device_attach_driver+0x1df/0x310
[   67.493078][    T9]  ? __pfx___device_attach_driver+0x10/0x10
[   67.498960][    T9]  bus_for_each_drv+0x156/0x1e0
[   67.503798][    T9]  ? __pfx_bus_for_each_drv+0x10/0x10
[   67.509156][    T9]  ? lockdep_hardirqs_on+0x7c/0x110
[   67.514344][    T9]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[   67.520141][    T9]  __device_attach+0x1e4/0x4b0
[   67.524904][    T9]  ? __pfx___device_attach+0x10/0x10
[   67.530179][    T9]  ? do_raw_spin_unlock+0x172/0x230
[   67.535366][    T9]  bus_probe_device+0x17f/0x1c0
[   67.540206][    T9]  device_add+0x1148/0x1a70
[   67.544698][    T9]  ? __pfx_device_add+0x10/0x10
[   67.549536][    T9]  ? usb_cache_string+0xf2/0x150
[   67.554463][    T9]  usb_set_configuration+0x1187/0x1e20
[   67.559933][    T9]  ? __pfx_usb_generic_driver_probe+0x10/0x10
[   67.565982][    T9]  usb_generic_driver_probe+0xb1/0x110
[   67.571425][    T9]  usb_probe_device+0xef/0x3e0
[   67.576174][    T9]  ? __pfx_usb_probe_device+0x10/0x10
[   67.581532][    T9]  really_probe+0x23e/0xa90
[   67.586026][    T9]  __driver_probe_device+0x1de/0x440
[   67.591300][    T9]  ? usb_driver_applicable+0x1c7/0x220
[   67.596751][    T9]  driver_probe_device+0x4c/0x1b0
[   67.601768][    T9]  __device_attach_driver+0x1df/0x310
[   67.607130][    T9]  ? __pfx___device_attach_driver+0x10/0x10
[   67.613019][    T9]  bus_for_each_drv+0x156/0x1e0
[   67.617856][    T9]  ? __pfx_bus_for_each_drv+0x10/0x10
[   67.623214][    T9]  ? lockdep_hardirqs_on+0x7c/0x110
[   67.628409][    T9]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[   67.634206][    T9]  __device_attach+0x1e4/0x4b0
[   67.638964][    T9]  ? __pfx___device_attach+0x10/0x10
[   67.644238][    T9]  ? do_raw_spin_unlock+0x172/0x230
[   67.649431][    T9]  bus_probe_device+0x17f/0x1c0
[   67.654274][    T9]  device_add+0x1148/0x1a70
[   67.658764][    T9]  ? __pfx_device_add+0x10/0x10
[   67.663597][    T9]  ? add_device_randomness+0xb7/0xf0
[   67.668875][    T9]  ? __usb_get_extra_descriptor+0x158/0x1c0
[   67.674762][    T9]  usb_new_device+0xd07/0x1a20
[   67.679524][    T9]  ? do_raw_spin_lock+0x12c/0x2b0
[   67.684534][    T9]  ? __pfx_usb_new_device+0x10/0x10
[   67.689722][    T9]  ? mark_held_locks+0x49/0x80
[   67.694482][    T9]  hub_event+0x2eb7/0x4fa0
[   67.698901][    T9]  ? __pfx_hub_event+0x10/0x10
[   67.703657][    T9]  ? assoc_array_insert+0x3d0/0x3970
[   67.708963][    T9]  ? rcu_is_watching+0x12/0xc0
[   67.713719][    T9]  process_one_work+0x9cf/0x1b70
[   67.718656][    T9]  ? __pfx_hcd_resume_work+0x10/0x10
[   67.723930][    T9]  ? __pfx_process_one_work+0x10/0x10
[   67.729292][    T9]  ? assign_work+0x1a0/0x250
[   67.733876][    T9]  worker_thread+0x6c8/0xf10
[   67.738462][    T9]  ? __pfx_worker_thread+0x10/0x10
[   67.743570][    T9]  kthread+0x3c5/0x780
[   67.747623][    T9]  ? __pfx_kthread+0x10/0x10
[   67.752197][    T9]  ? rcu_is_watching+0x12/0xc0
[   67.756949][    T9]  ? __pfx_kthread+0x10/0x10
[   67.761526][    T9]  ret_from_fork+0x5d4/0x6f0
[   67.766106][    T9]  ? __pfx_kthread+0x10/0x10
[   67.770697][    T9]  ret_from_fork_asm+0x1a/0x30
[   67.775458][    T9]  </TASK>
[   67.779250][    T9] Kernel Offset: disabled
[   67.783550][    T9] Rebooting in 86400 seconds..