./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3083308689

<...>
Warning: Permanently added '10.128.0.231' (ECDSA) to the list of known hosts.
execve("./syz-executor3083308689", ["./syz-executor3083308689"], 0x7ffd80218ea0 /* 10 vars */) = 0
brk(NULL)                               = 0x555556efc000
brk(0x555556efcc40)                     = 0x555556efcc40
arch_prctl(ARCH_SET_FS, 0x555556efc300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3083308689", 4096) = 28
brk(0x555556f1dc40)                     = 0x555556f1dc40
brk(0x555556f1e000)                     = 0x555556f1e000
mprotect(0x7f6230ce3000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
mount(NULL, "/proc/sys/fs/binfmt_misc", "binfmt_misc", 0, NULL) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3
write(3, "\x3a\x73\x79\x7a\x30\x3a\x4d\x3a\x30\x3a\x01\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a", 21) = 21
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3
write(3, "\x3a\x73\x79\x7a\x31\x3a\x4d\x3a\x31\x3a\x02\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a\x50\x4f\x43", 24) = 24
close(3)                                = 0
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556efc5d0) = 3608
./strace-static-x86_64: Process 3608 attached
[pid  3608] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  3608] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3608] setsid()                    = 1
[pid  3608] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  3608] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  3608] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  3608] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  3608] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0
[pid  3608] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  3608] unshare(CLONE_NEWNS)        = 0
[pid  3608] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  3608] unshare(CLONE_NEWIPC)       = 0
[pid  3608] unshare(CLONE_NEWCGROUP)    = 0
[pid  3608] unshare(CLONE_NEWUTS)       = 0
[pid  3608] unshare(CLONE_SYSVSEM)      = 0
[pid  3608] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3608] write(3, "16777216", 8)     = 8
[pid  3608] close(3)                    = 0
[pid  3608] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  3608] write(3, "536870912", 9)    = 9
[pid  3608] close(3)                    = 0
[pid  3608] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3608] write(3, "1024", 4)         = 4
[   50.503810][   T27] audit: type=1400 audit(1657085803.055:75): avc:  denied  { execmem } for  pid=3607 comm="syz-executor308" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   50.523509][   T27] audit: type=1400 audit(1657085803.055:76): avc:  denied  { mounton } for  pid=3607 comm="syz-executor308" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[pid  3608] close(3)                    = 0
[pid  3608] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3608] write(3, "8192", 4)         = 4
[pid  3608] close(3)                    = 0
[pid  3608] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3608] write(3, "1024", 4)         = 4
[pid  3608] close(3)                    = 0
[pid  3608] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  3608] write(3, "1024", 4)         = 4
[pid  3608] close(3)                    = 0
[pid  3608] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  3608] write(3, "1024 1048576 500 1024", 21) = 21
[pid  3608] close(3)                    = 0
[pid  3608] getpid()                    = 1
[pid  3608] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  3608] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[   50.549292][   T27] audit: type=1400 audit(1657085803.055:77): avc:  denied  { mount } for  pid=3607 comm="syz-executor308" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   50.573058][   T27] audit: type=1400 audit(1657085803.055:78): avc:  denied  { mounton } for  pid=3608 comm="syz-executor308" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[pid  3608] unshare(CLONE_NEWNET)       = 0
[pid  3608] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  3608] write(3, "0 65535", 7)      = 7
[pid  3608] close(3)                    = 0
[pid  3608] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK) = 3
[pid  3608] dup2(3, 200)                = 200
[pid  3608] close(3)                    = 0
[pid  3608] ioctl(200, TUNSETIFF, 0x7ffea64e7270) = 0
[pid  3608] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC) = 3
[pid  3608] write(3, "0", 1)            = 1
[pid  3608] close(3)                    = 0
[pid  3608] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC) = 3
[pid  3608] write(3, "0", 1)            = 1
[pid  3608] close(3)                    = 0
[pid  3608] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
[pid  3608] access("/proc/net", R_OK)   = 0
[pid  3608] access("/proc/net/unix", R_OK) = 0
[pid  3608] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3608] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  3608] close(4)                    = 0
[   50.597392][   T27] audit: type=1400 audit(1657085803.055:79): avc:  denied  { mount } for  pid=3608 comm="syz-executor308" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[   50.620256][   T27] audit: type=1400 audit(1657085803.075:80): avc:  denied  { mounton } for  pid=3608 comm="syz-executor308" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[pid  3608] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  3608] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3608] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3608] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  3608] close(4)                    = 0
[pid  3608] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  3608] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3608] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3608] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  3608] close(4)                    = 0
[pid  3608] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 48
[pid  3608] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3608] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3608] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  3608] close(4)                    = 0
[pid  3608] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 60
[pid  3608] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3608] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3608] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  3608] close(4)                    = 0
[pid  3608] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
[pid  3608] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3608] close(3)                    = 0
[pid  3608] mkdir("/dev/binderfs", 0777) = 0
[   50.664315][   T27] audit: type=1400 audit(1657085803.215:81): avc:  denied  { create } for  pid=3604 comm="strace-static-x" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   50.685160][   T27] audit: type=1400 audit(1657085803.215:82): avc:  denied  { write } for  pid=3604 comm="strace-static-x" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[pid  3608] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  3608] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3608] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid  3608] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffea64e61e0) = 0
[pid  3608] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffea64e61e0) = 0
[   50.706221][   T27] audit: type=1400 audit(1657085803.215:83): avc:  denied  { nlmsg_read } for  pid=3604 comm="strace-static-x" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   50.727868][   T27] audit: type=1400 audit(1657085803.215:84): avc:  denied  { read } for  pid=3604 comm="strace-static-x" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffea64e61e0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffea64e51d0) = 18
[   50.989464][   T26] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffea64e61e0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffea64e51d0) = 18
[   51.229433][   T26] usb 1-1: Using ep0 maxpacket: 8
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffea64e61e0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffea64e51d0) = 9
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffea64e61e0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffea64e51d0) = 27
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffea64e61e0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f6230ce946c) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffea64e51d0) = 0
[   51.350290][   T26] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   51.361350][   T26] usb 1-1: New USB device found, idVendor=06e1, idProduct=a155, bcdDevice=ad.15
[   51.370673][   T26] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   51.384043][   T26] usb 1-1: config 0 descriptor??
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffea64e6200) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffea64e51f0) = 0
[   51.650632][   T26] radio-si470x 1-1:0.0: DeviceID=0x0000 ChipID=0x0000
[   51.657527][   T26] radio-si470x 1-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffea64e6200) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffea64e51f0) = 0
[   51.869994][   T26] radio-si470x 1-1:0.0: software version 0, hardware version 0
[   51.877732][   T26] radio-si470x 1-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0.
[   51.890049][   T26] radio-si470x 1-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org
[pid  3608] close(3)                    = 0
[pid  3608] close(4)                    = -1 EBADF (Bad file descriptor)
[pid  3608] close(5)                    = -1 EBADF (Bad file descriptor)
[pid  3608] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  3608] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  3608] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  3608] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  3608] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  3608] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  3608] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  3608] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  3608] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  3608] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  3608] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  3608] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  3608] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  3608] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  3608] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  3608] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  3608] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  3608] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  3608] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  3608] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  3608] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  3608] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  3608] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  3608] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  3608] exit_group(1)               = ?
[   52.079494][   T26] radio-si470x 1-1:0.0: si470x_set_report: usb_control_msg returned -71
[   52.099467][    C1] radio-si470x 1-1:0.0: non-zero urb status (-71)
[   52.106362][   T26] radio-si470x 1-1:0.0: si470x_set_report: usb_control_msg returned -71
[   52.115362][   T26] radio-si470x: probe of 1-1:0.0 failed with error -22
[   52.122373][    C1] ==================================================================
[   52.122382][    C1] BUG: KASAN: use-after-free in si470x_int_in_callback.cold+0x96/0xbf
[   52.122422][    C1] Read of size 8 at addr ffff888072530ac0 by task kworker/1:1/26
[   52.122440][    C1] 
[   52.122445][    C1] CPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 5.19.0-rc5-syzkaller-00056-ge35e5b6f695d #0
[   52.122474][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[   52.122490][    C1] Workqueue: usb_hub_wq hub_event
[   52.122516][    C1] Call Trace:
[   52.122523][    C1]  <IRQ>
[   52.122532][    C1]  dump_stack_lvl+0xcd/0x134
[   52.122561][    C1]  print_address_description.constprop.0.cold+0xeb/0x467
[   52.122593][    C1]  ? si470x_int_in_callback.cold+0x96/0xbf
[   52.122618][    C1]  kasan_report.cold+0xf4/0x1c6
[   52.122642][    C1]  ? si470x_int_in_callback.cold+0x96/0xbf
[   52.122666][    C1]  si470x_int_in_callback.cold+0x96/0xbf
[   52.122691][    C1]  ? rwlock_bug.part.0+0x90/0x90
[   52.122714][    C1]  ? si470x_fops_read+0x790/0x790
[   52.122741][    C1]  ? usb_hcd_unmap_urb_for_dma+0x105/0x6d0
[   52.122765][    C1]  ? dummy_timer+0x11e7/0x32b0
[   52.122791][    C1]  __usb_hcd_giveback_urb+0x2b0/0x5c0
[   52.122816][    C1]  usb_hcd_giveback_urb+0x367/0x410
[   52.122841][    C1]  dummy_timer+0x11f9/0x32b0
[   52.122866][    C1]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   52.122900][    C1]  ? dummy_dequeue+0x500/0x500
[   52.122926][    C1]  ? dummy_dequeue+0x500/0x500
[   52.122951][    C1]  call_timer_fn+0x1a5/0x6b0
[   52.122972][    C1]  ? timer_fixup_activate+0x350/0x350
[   52.122995][    C1]  ? _raw_spin_unlock_irq+0x1f/0x40
[   52.123020][    C1]  ? _raw_spin_unlock_irq+0x1f/0x40
[   52.123043][    C1]  ? dummy_dequeue+0x500/0x500
[   52.123064][    C1]  __run_timers.part.0+0x679/0xa80
[   52.123084][    C1]  ? call_timer_fn+0x6b0/0x6b0
[   52.123106][    C1]  ? __wake_up_locked_sync_key+0x20/0x20
[   52.123136][    C1]  run_timer_softirq+0xb3/0x1d0
[   52.123159][    C1]  __do_softirq+0x29b/0x9c2
[   52.123182][    C1]  __irq_exit_rcu+0x123/0x180
[   52.123204][    C1]  irq_exit_rcu+0x5/0x20
[   52.123225][    C1]  sysvec_apic_timer_interrupt+0x93/0xc0
[   52.123251][    C1]  </IRQ>
[   52.123258][    C1]  <TASK>
[   52.123266][    C1]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[   52.123296][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60
[   52.123326][    C1] Code: 48 89 ef 5d e9 61 a4 4b 00 5d be 03 00 00 00 e9 b6 7b 82 02 66 0f 1f 44 00 00 48 8b be a8 01 00 00 e8 b4 ff ff ff 31 c0 c3 90 <65> 8b 05 b9 d7 88 7e 89 c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b
[   52.123349][    C1] RSP: 0018:ffffc90000c2ee80 EFLAGS: 00000293
[   52.123369][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   52.123385][    C1] RDX: ffff888016ad61c0 RSI: ffffffff815fb8f5 RDI: 0000000000000007
[   52.123401][    C1] RBP: ffffc90000c2f028 R08: 0000000000000007 R09: 0000000000000000
[   52.123416][    C1] R10: 0000000000000200 R11: 0000000000000001 R12: 0000000000000001
[   52.123431][    C1] R13: ffffffff90f0ad20 R14: 0000000000000200 R15: ffffffff8c8112b8
[   52.123449][    C1]  ? console_emit_next_record.constprop.0+0x4f5/0x840
[   52.123503][    C1]  console_emit_next_record.constprop.0+0x4fb/0x840
[   52.123535][    C1]  ? devkmsg_read+0x730/0x730
[   52.123563][    C1]  ? lock_release+0x780/0x780
[   52.123589][    C1]  console_unlock+0x37a/0x5a0
[   52.123616][    C1]  ? console_emit_next_record.constprop.0+0x840/0x840
[   52.123647][    C1]  ? __down_trylock_console_sem+0x108/0x120
[   52.123677][    C1]  ? vprintk+0x70/0x90
[   52.123697][    C1]  ? vprintk+0x80/0x90
[   52.123719][    C1]  vprintk_emit+0x1b9/0x5f0
[   52.123746][    C1]  ? _raw_spin_unlock_irqrestore+0x50/0x70
[   52.123774][    C1]  vprintk+0x80/0x90
[   52.123794][    C1]  _printk+0xba/0xed
[   52.123815][    C1]  ? record_print_text.cold+0x16/0x16
[   52.123837][    C1]  ? rpm_drop_usage_count+0x46/0x80
[   52.123861][    C1]  ? __pm_runtime_suspend+0xd0/0x2d0
[   52.123886][    C1]  ? usb_probe_interface+0x3bf/0x7f0
[   52.123913][    C1]  really_probe.cold+0x6c/0x179
[   52.123938][    C1]  __driver_probe_device+0x338/0x4d0
[   52.123963][    C1]  ? usb_match_id.part.0+0x15d/0x1b0
[   52.123990][    C1]  driver_probe_device+0x4c/0x1a0
[   52.124015][    C1]  __device_attach_driver+0x20b/0x2f0
[   52.124040][    C1]  ? driver_allows_async_probing+0x170/0x170
[   52.124066][    C1]  bus_for_each_drv+0x15f/0x1e0
[   52.124088][    C1]  ? bus_for_each_dev+0x1d0/0x1d0
[   52.124110][    C1]  ? _raw_spin_unlock_irqrestore+0x50/0x70
[   52.124138][    C1]  ? lockdep_hardirqs_on+0x79/0x100
[   52.124162][    C1]  ? _raw_spin_unlock_irqrestore+0x3d/0x70
[   52.124194][    C1]  __device_attach+0x1e4/0x530
[   52.124217][    C1]  ? device_driver_attach+0x210/0x210
[   52.124242][    C1]  ? kobject_uevent_env+0x2ac/0x1660
[   52.124272][    C1]  bus_probe_device+0x1e4/0x290
[   52.124297][    C1]  device_add+0xbda/0x1ea0
[   52.124319][    C1]  ? preempt_schedule_common+0x59/0xc0
[   52.124343][    C1]  ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0
[   52.124367][    C1]  ? preempt_schedule_thunk+0x16/0x18
[   52.124397][    C1]  usb_set_configuration+0x101e/0x1900
[   52.124427][    C1]  usb_generic_driver_probe+0xba/0x100
[   52.124454][    C1]  usb_probe_device+0xd9/0x2c0
[   52.124486][    C1]  ? usb_driver_release_interface+0x180/0x180
[   52.124514][    C1]  really_probe+0x23e/0xb90
[   52.124538][    C1]  __driver_probe_device+0x338/0x4d0
[   52.124564][    C1]  driver_probe_device+0x4c/0x1a0
[   52.124589][    C1]  __device_attach_driver+0x20b/0x2f0
[   52.124615][    C1]  ? driver_allows_async_probing+0x170/0x170
[   52.124642][    C1]  bus_for_each_drv+0x15f/0x1e0
[   52.124665][    C1]  ? bus_for_each_dev+0x1d0/0x1d0
[   52.124686][    C1]  ? _raw_spin_unlock_irqrestore+0x50/0x70
[   52.124712][    C1]  ? lockdep_hardirqs_on+0x79/0x100
[   52.124737][    C1]  ? _raw_spin_unlock_irqrestore+0x3d/0x70
[   52.124764][    C1]  __device_attach+0x1e4/0x530
[   52.124788][    C1]  ? device_driver_attach+0x210/0x210
[   52.124813][    C1]  ? kobject_uevent_env+0x2ac/0x1660
[   52.124842][    C1]  bus_probe_device+0x1e4/0x290
[   52.124866][    C1]  device_add+0xbda/0x1ea0
[   52.124888][    C1]  ? usb_match_device+0xd4/0x550
[   52.124912][    C1]  ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0
[   52.124937][    C1]  ? usb_detect_static_quirks+0x305/0x3b0
[   52.124971][    C1]  usb_new_device.cold+0x641/0x1091
[   52.125000][    C1]  ? hub_disconnect+0x510/0x510
[   52.125022][    C1]  ? rwlock_bug.part.0+0x90/0x90
[   52.125044][    C1]  ? _raw_spin_unlock_irq+0x1f/0x40
[   52.125069][    C1]  ? _raw_spin_unlock_irq+0x1f/0x40
[   52.125096][    C1]  hub_event+0x25d5/0x4690
[   52.125120][    C1]  ? hub_port_debounce+0x3c0/0x3c0
[   52.125143][    C1]  ? lock_release+0x780/0x780
[   52.125169][    C1]  ? lock_downgrade+0x6e0/0x6e0
[   52.125196][    C1]  ? do_raw_spin_lock+0x120/0x2a0
[   52.125219][    C1]  process_one_work+0x996/0x1610
[   52.125245][    C1]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   52.125270][    C1]  ? rwlock_bug.part.0+0x90/0x90
[   52.125290][    C1]  ? _raw_spin_lock_irq+0x41/0x50
[   52.125316][    C1]  worker_thread+0x665/0x1080
[   52.125340][    C1]  ? __kthread_parkme+0x15f/0x220
[   52.125367][    C1]  ? process_one_work+0x1610/0x1610
[   52.125392][    C1]  kthread+0x2e9/0x3a0
[   52.125412][    C1]  ? kthread_complete_and_exit+0x40/0x40
[   52.125436][    C1]  ret_from_fork+0x1f/0x30
[   52.125469][    C1]  </TASK>
[   52.125477][    C1] 
[   52.125481][    C1] Allocated by task 26:
[   52.125491][    C1]  kasan_save_stack+0x1e/0x40
[   52.125516][    C1]  __kasan_kmalloc+0xa6/0xd0
[   52.125539][    C1]  kmem_cache_alloc_trace+0x1ea/0x4a0
[   52.125562][    C1]  si470x_usb_driver_probe+0x51/0xf90
[   52.125587][    C1]  usb_probe_interface+0x315/0x7f0
[   52.125611][    C1]  really_probe+0x23e/0xb90
[   52.125633][    C1]  __driver_probe_device+0x338/0x4d0
[   52.125656][    C1]  driver_probe_device+0x4c/0x1a0
[   52.125678][    C1]  __device_attach_driver+0x20b/0x2f0
[   52.125701][    C1]  bus_for_each_drv+0x15f/0x1e0
[   52.125722][    C1]  __device_attach+0x1e4/0x530
[   52.125743][    C1]  bus_probe_device+0x1e4/0x290
[   52.125763][    C1]  device_add+0xbda/0x1ea0
[   52.125778][    C1]  usb_set_configuration+0x101e/0x1900
[   52.125798][    C1]  usb_generic_driver_probe+0xba/0x100
[   52.125820][    C1]  usb_probe_device+0xd9/0x2c0
[   52.125841][    C1]  really_probe+0x23e/0xb90
[   52.125860][    C1]  __driver_probe_device+0x338/0x4d0
[   52.125882][    C1]  driver_probe_device+0x4c/0x1a0
[   52.125905][    C1]  __device_attach_driver+0x20b/0x2f0
[   52.125927][    C1]  bus_for_each_drv+0x15f/0x1e0
[   52.125948][    C1]  __device_attach+0x1e4/0x530
[   52.125969][    C1]  bus_probe_device+0x1e4/0x290
[   52.125989][    C1]  device_add+0xbda/0x1ea0
[   52.126008][    C1]  usb_new_device.cold+0x641/0x1091
[   52.126030][    C1]  hub_event+0x25d5/0x4690
[   52.126048][    C1]  process_one_work+0x996/0x1610
[   52.126069][    C1]  worker_thread+0x665/0x1080
[   52.126089][    C1]  kthread+0x2e9/0x3a0
[   52.126107][    C1]  ret_from_fork+0x1f/0x30
[   52.126129][    C1] 
[   52.126134][    C1] Freed by task 26:
[   52.126143][    C1]  kasan_save_stack+0x1e/0x40
[   52.126166][    C1]  kasan_set_track+0x21/0x30
[   52.126187][    C1]  kasan_set_free_info+0x20/0x30
[   52.126211][    C1]  ____kasan_slab_free+0x13d/0x180
[   52.126234][    C1]  kfree+0x113/0x310
[   52.126253][    C1]  si470x_usb_driver_probe+0xb3d/0xf90
[   52.126278][    C1]  usb_probe_interface+0x315/0x7f0
[   52.126302][    C1]  really_probe+0x23e/0xb90
[   52.126323][    C1]  __driver_probe_device+0x338/0x4d0
[   52.126346][    C1]  driver_probe_device+0x4c/0x1a0
[   52.126368][    C1]  __device_attach_driver+0x20b/0x2f0
[   52.126390][    C1]  bus_for_each_drv+0x15f/0x1e0
[   52.126410][    C1]  __device_attach+0x1e4/0x530
[   52.126430][    C1]  bus_probe_device+0x1e4/0x290
[   52.126450][    C1]  device_add+0xbda/0x1ea0
[   52.126474][    C1]  usb_set_configuration+0x101e/0x1900
[   52.126498][    C1]  usb_generic_driver_probe+0xba/0x100
[   52.126521][    C1]  usb_probe_device+0xd9/0x2c0
[   52.126544][    C1]  really_probe+0x23e/0xb90
[   52.126564][    C1]  __driver_probe_device+0x338/0x4d0
[   52.126587][    C1]  driver_probe_device+0x4c/0x1a0
[   52.126610][    C1]  __device_attach_driver+0x20b/0x2f0
[   52.126633][    C1]  bus_for_each_drv+0x15f/0x1e0
[   52.126653][    C1]  __device_attach+0x1e4/0x530
[   52.126675][    C1]  bus_probe_device+0x1e4/0x290
[   52.126696][    C1]  device_add+0xbda/0x1ea0
[   52.126714][    C1]  usb_new_device.cold+0x641/0x1091
[   52.126737][    C1]  hub_event+0x25d5/0x4690
[   52.126756][    C1]  process_one_work+0x996/0x1610
[   52.126777][    C1]  worker_thread+0x665/0x1080
[   52.126798][    C1]  kthread+0x2e9/0x3a0
[   52.126816][    C1]  ret_from_fork+0x1f/0x30
[   52.126838][    C1] 
[   52.126842][    C1] The buggy address belongs to the object at ffff888072530000
[   52.126842][    C1]  which belongs to the cache kmalloc-4k of size 4096
[   52.126860][    C1] The buggy address is located 2752 bytes inside of
[   52.126860][    C1]  4096-byte region [ffff888072530000, ffff888072531000)
[   52.126882][    C1] 
[   52.126886][    C1] The buggy address belongs to the physical page:
[   52.126894][    C1] page:ffffea0001c94c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x72530
[   52.126918][    C1] head:ffffea0001c94c00 order:1 compound_mapcount:0 compound_pincount:0
[   52.126935][    C1] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   52.126965][    C1] raw: 00fff00000010200 ffffea0001c2b008 ffffea00008f5488 ffff888011840900
[   52.126987][    C1] raw: 0000000000000000 ffff888072530000 0000000100000001 0000000000000000
[   52.127000][    C1] page dumped because: kasan: bad access detected
[   52.127009][    C1] page_owner tracks the page as allocated
[   52.127015][    C1] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x2420c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_COMP|__GFP_THISNODE), pid 26, tgid 26 (kworker/1:1), ts 51432430344, free_ts 50719597953
[   52.127054][    C1]  get_page_from_freelist+0x1290/0x3b70
[   52.127077][    C1]  __alloc_pages+0x1c7/0x510
[   52.127097][    C1]  cache_grow_begin+0x75/0x350
[   52.127118][    C1]  cache_alloc_refill+0x27f/0x380
[   52.127140][    C1]  kmem_cache_alloc_trace+0x380/0x4a0
[   52.127162][    C1]  si470x_usb_driver_probe+0x51/0xf90
[   52.127187][    C1]  usb_probe_interface+0x315/0x7f0
[   52.127211][    C1]  really_probe+0x23e/0xb90
[   52.127231][    C1]  __driver_probe_device+0x338/0x4d0
[   52.127254][    C1]  driver_probe_device+0x4c/0x1a0
[   52.127276][    C1]  __device_attach_driver+0x20b/0x2f0
[   52.127299][    C1]  bus_for_each_drv+0x15f/0x1e0
[   52.127319][    C1]  __device_attach+0x1e4/0x530
[   52.127340][    C1]  bus_probe_device+0x1e4/0x290
[   52.127360][    C1]  device_add+0xbda/0x1ea0
[   52.127379][    C1]  usb_set_configuration+0x101e/0x1900
[   52.127402][    C1] page last free stack trace:
[   52.127408][    C1]  free_pcp_prepare+0x549/0xd20
[   52.127434][    C1]  free_unref_page+0x19/0x6a0
[   52.127453][    C1]  slabs_destroy+0x89/0xc0
[   52.127481][    C1]  ___cache_free+0x34e/0x670
[   52.127502][    C1]  qlist_free_all+0x4f/0x1b0
[   52.127528][    C1]  kasan_quarantine_reduce+0x180/0x200
[   52.127555][    C1]  __kasan_slab_alloc+0x97/0xb0
[   52.127578][    C1]  __kmalloc+0x27a/0x4d0
[   52.127599][    C1]  tomoyo_encode2.part.0+0xe9/0x3a0
[   52.127620][    C1]  tomoyo_encode+0x28/0x50
[   52.127639][    C1]  tomoyo_path_perm+0x368/0x400
[   52.127664][    C1]  tomoyo_path_symlink+0x94/0xe0
[   52.127685][    C1]  security_path_symlink+0xdf/0x150
[   52.127709][    C1]  do_symlinkat+0x106/0x2e0
[   52.127728][    C1]  __x64_sys_symlink+0x75/0x90
[   52.127748][    C1]  do_syscall_64+0x35/0xb0
[   52.127767][    C1] 
[   52.127771][    C1] Memory state around the buggy address:
[   52.127781][    C1]  ffff888072530980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.127796][    C1]  ffff888072530a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.127811][    C1] >ffff888072530a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.127822][    C1]                                            ^
[   52.127833][    C1]  ffff888072530b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.127848][    C1]  ffff888072530b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.127860][    C1] ==================================================================
[   52.127868][    C1] Kernel panic - not syncing: panic_on_warn set ...
[   52.127877][    C1] CPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 5.19.0-rc5-syzkaller-00056-ge35e5b6f695d #0
[   52.127903][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[   52.127919][    C1] Workqueue: usb_hub_wq hub_event
[   52.127940][    C1] Call Trace:
[   52.127946][    C1]  <IRQ>
[   52.127953][    C1]  dump_stack_lvl+0xcd/0x134
[   52.127980][    C1]  panic+0x2d7/0x636
[   52.128003][    C1]  ? panic_print_sys_info.part.0+0x10b/0x10b
[   52.128031][    C1]  ? si470x_int_in_callback.cold+0x96/0xbf
[   52.128057][    C1]  end_report.part.0+0x3f/0x7c
[   52.128080][    C1]  kasan_report.cold+0x93/0x1c6
[   52.128104][    C1]  ? si470x_int_in_callback.cold+0x96/0xbf
[   52.128127][    C1]  si470x_int_in_callback.cold+0x96/0xbf
[   52.128151][    C1]  ? rwlock_bug.part.0+0x90/0x90
[   52.128173][    C1]  ? si470x_fops_read+0x790/0x790
[   52.128198][    C1]  ? usb_hcd_unmap_urb_for_dma+0x105/0x6d0
[   52.128221][    C1]  ? dummy_timer+0x11e7/0x32b0
[   52.128247][    C1]  __usb_hcd_giveback_urb+0x2b0/0x5c0
[   52.128271][    C1]  usb_hcd_giveback_urb+0x367/0x410
[   52.128295][    C1]  dummy_timer+0x11f9/0x32b0
[   52.128320][    C1]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   52.128354][    C1]  ? dummy_dequeue+0x500/0x500
[   52.128380][    C1]  ? dummy_dequeue+0x500/0x500
[   52.128413][    C1]  call_timer_fn+0x1a5/0x6b0
[   52.128433][    C1]  ? timer_fixup_activate+0x350/0x350
[   52.128461][    C1]  ? _raw_spin_unlock_irq+0x1f/0x40
[   52.128486][    C1]  ? _raw_spin_unlock_irq+0x1f/0x40
[   52.128511][    C1]  ? dummy_dequeue+0x500/0x500
[   52.128536][    C1]  __run_timers.part.0+0x679/0xa80
[   52.128560][    C1]  ? call_timer_fn+0x6b0/0x6b0
[   52.128582][    C1]  ? __wake_up_locked_sync_key+0x20/0x20
[   52.128613][    C1]  run_timer_softirq+0xb3/0x1d0
[   52.128635][    C1]  __do_softirq+0x29b/0x9c2
[   52.128657][    C1]  __irq_exit_rcu+0x123/0x180
[   52.128678][    C1]  irq_exit_rcu+0x5/0x20
[   52.128697][    C1]  sysvec_apic_timer_interrupt+0x93/0xc0
[   52.128723][    C1]  </IRQ>
[   52.128729][    C1]  <TASK>
[   52.128736][    C1]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[   52.128764][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60
[   52.128792][    C1] Code: 48 89 ef 5d e9 61 a4 4b 00 5d be 03 00 00 00 e9 b6 7b 82 02 66 0f 1f 44 00 00 48 8b be a8 01 00 00 e8 b4 ff ff ff 31 c0 c3 90 <65> 8b 05 b9 d7 88 7e 89 c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b
[   52.128814][    C1] RSP: 0018:ffffc90000c2ee80 EFLAGS: 00000293
[   52.128831][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   52.128846][    C1] RDX: ffff888016ad61c0 RSI: ffffffff815fb8f5 RDI: 0000000000000007
[   52.128861][    C1] RBP: ffffc90000c2f028 R08: 0000000000000007 R09: 0000000000000000
[   52.128875][    C1] R10: 0000000000000200 R11: 0000000000000001 R12: 0000000000000001
[   52.128889][    C1] R13: ffffffff90f0ad20 R14: 0000000000000200 R15: ffffffff8c8112b8
[   52.128907][    C1]  ? console_emit_next_record.constprop.0+0x4f5/0x840
[   52.128935][    C1]  console_emit_next_record.constprop.0+0x4fb/0x840
[   52.128965][    C1]  ? devkmsg_read+0x730/0x730
[   52.128992][    C1]  ? lock_release+0x780/0x780
[   52.129018][    C1]  console_unlock+0x37a/0x5a0
[   52.129044][    C1]  ? console_emit_next_record.constprop.0+0x840/0x840
[   52.129074][    C1]  ? __down_trylock_console_sem+0x108/0x120
[   52.129102][    C1]  ? vprintk+0x70/0x90
[   52.129121][    C1]  ? vprintk+0x80/0x90
[   52.129141][    C1]  vprintk_emit+0x1b9/0x5f0
[   52.129166][    C1]  ? _raw_spin_unlock_irqrestore+0x50/0x70
[   52.129194][    C1]  vprintk+0x80/0x90
[   52.129213][    C1]  _printk+0xba/0xed
[   52.129232][    C1]  ? record_print_text.cold+0x16/0x16
[   52.129255][    C1]  ? rpm_drop_usage_count+0x46/0x80
[   52.129278][    C1]  ? __pm_runtime_suspend+0xd0/0x2d0
[   52.129304][    C1]  ? usb_probe_interface+0x3bf/0x7f0
[   52.129328][    C1]  really_probe.cold+0x6c/0x179
[   52.129350][    C1]  __driver_probe_device+0x338/0x4d0
[   52.129372][    C1]  ? usb_match_id.part.0+0x15d/0x1b0
[   52.129395][    C1]  driver_probe_device+0x4c/0x1a0
[   52.129418][    C1]  __device_attach_driver+0x20b/0x2f0
[   52.129463][    C1]  ? driver_allows_async_probing+0x170/0x170
[   52.129488][    C1]  bus_for_each_drv+0x15f/0x1e0
[   52.129507][    C1]  ? bus_for_each_dev+0x1d0/0x1d0
[   52.129526][    C1]  ? _raw_spin_unlock_irqrestore+0x50/0x70
[   52.129550][    C1]  ? lockdep_hardirqs_on+0x79/0x100
[   52.129574][    C1]  ? _raw_spin_unlock_irqrestore+0x3d/0x70
[   52.129622][    C1]  __device_attach+0x1e4/0x530
[   52.129642][    C1]  ? device_driver_attach+0x210/0x210
[   52.129666][    C1]  ? kobject_uevent_env+0x2ac/0x1660
[   52.129695][    C1]  bus_probe_device+0x1e4/0x290
[   52.129718][    C1]  device_add+0xbda/0x1ea0
[   52.129738][    C1]  ? preempt_schedule_common+0x59/0xc0
[   52.129761][    C1]  ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0
[   52.129785][    C1]  ? preempt_schedule_thunk+0x16/0x18
[   52.129811][    C1]  usb_set_configuration+0x101e/0x1900
[   52.129839][    C1]  usb_generic_driver_probe+0xba/0x100
[   52.129864][    C1]  usb_probe_device+0xd9/0x2c0
[   52.129888][    C1]  ? usb_driver_release_interface+0x180/0x180
[   52.129914][    C1]  really_probe+0x23e/0xb90
[   52.129937][    C1]  __driver_probe_device+0x338/0x4d0
[   52.129960][    C1]  driver_probe_device+0x4c/0x1a0
[   52.129981][    C1]  __device_attach_driver+0x20b/0x2f0
[   52.130004][    C1]  ? driver_allows_async_probing+0x170/0x170
[   52.130029][    C1]  bus_for_each_drv+0x15f/0x1e0
[   52.130050][    C1]  ? bus_for_each_dev+0x1d0/0x1d0
[   52.130071][    C1]  ? _raw_spin_unlock_irqrestore+0x50/0x70
[   52.130097][    C1]  ? lockdep_hardirqs_on+0x79/0x100
[   52.130119][    C1]  ? _raw_spin_unlock_irqrestore+0x3d/0x70
[   52.130146][    C1]  __device_attach+0x1e4/0x530
[   52.130168][    C1]  ? device_driver_attach+0x210/0x210
[   52.130192][    C1]  ? kobject_uevent_env+0x2ac/0x1660
[   52.130220][    C1]  bus_probe_device+0x1e4/0x290
[   52.130242][    C1]  device_add+0xbda/0x1ea0
[   52.130262][    C1]  ? usb_match_device+0xd4/0x550
[   52.130285][    C1]  ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0
[   52.130307][    C1]  ? usb_detect_static_quirks+0x305/0x3b0
[   52.130338][    C1]  usb_new_device.cold+0x641/0x1091
[   52.130365][    C1]  ? hub_disconnect+0x510/0x510
[   52.130385][    C1]  ? rwlock_bug.part.0+0x90/0x90
[   52.130405][    C1]  ? _raw_spin_unlock_irq+0x1f/0x40
[   52.130430][    C1]  ? _raw_spin_unlock_irq+0x1f/0x40
[   52.130461][    C1]  hub_event+0x25d5/0x4690
[   52.130488][    C1]  ? hub_port_debounce+0x3c0/0x3c0
[   52.130509][    C1]  ? lock_release+0x780/0x780
[   52.130533][    C1]  ? lock_downgrade+0x6e0/0x6e0
[   52.130558][    C1]  ? do_raw_spin_lock+0x120/0x2a0
[   52.130588][    C1]  process_one_work+0x996/0x1610
[   52.130611][    C1]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   52.130634][    C1]  ? rwlock_bug.part.0+0x90/0x90
[   52.130654][    C1]  ? _raw_spin_lock_irq+0x41/0x50
[   52.130680][    C1]  worker_thread+0x665/0x1080
[   52.130702][    C1]  ? __kthread_parkme+0x15f/0x220
[   52.130727][    C1]  ? process_one_work+0x1610/0x1610
[   52.130748][    C1]  kthread+0x2e9/0x3a0
[   52.130766][    C1]  ? kthread_complete_and_exit+0x40/0x40
[   52.130789][    C1]  ret_from_fork+0x1f/0x30
[   52.130815][    C1]  </TASK>
[   52.130976][    C1] Kernel Offset: disabled
[   54.156407][    C1] Rebooting in 86400 seconds..