Warning: Permanently added '10.128.0.92' (ED25519) to the list of known hosts. executing program [ 48.943096][ T29] audit: type=1400 audit(1726433619.399:80): avc: denied { execmem } for pid=2647 comm="syz-executor988" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 48.963195][ T29] audit: type=1400 audit(1726433619.409:81): avc: denied { read write } for pid=2648 comm="syz-executor988" name="raw-gadget" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 48.987093][ T29] audit: type=1400 audit(1726433619.409:82): avc: denied { open } for pid=2648 comm="syz-executor988" path="/dev/raw-gadget" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 49.010896][ T29] audit: type=1400 audit(1726433619.409:83): avc: denied { ioctl } for pid=2648 comm="syz-executor988" path="/dev/raw-gadget" dev="devtmpfs" ino=140 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 49.236052][ T37] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 49.415853][ T37] usb 1-1: Using ep0 maxpacket: 16 [ 49.424099][ T37] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 49.435937][ T37] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 56, changing to 7 [ 49.447073][ T37] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 57832, setting to 1024 [ 49.461184][ T37] usb 1-1: New USB device found, idVendor=2040, idProduct=0265, bcdDevice=4e.d1 [ 49.470289][ T37] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 49.478364][ T37] usb 1-1: Product: syz [ 49.482563][ T37] usb 1-1: Manufacturer: syz [ 49.487216][ T37] usb 1-1: SerialNumber: syz [ 49.501207][ T37] usb 1-1: config 0 descriptor?? [ 49.512121][ T37] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0265, interface 0, class 0) [ 49.521684][ T37] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) executing program [ 49.776349][ T37] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 49.782865][ T37] em28xx 1-1:0.0: Config register raw data: 0xfffffffb [ 49.790628][ T37] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 49.797684][ T37] em28xx 1-1:0.0: No AC97 audio processor [ 49.803520][ T37] em28xx 1-1:0.0: We currently don't support analog TV or stream capture on dual tuners. [ 49.876519][ T37] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 49.882999][ T37] em28xx 1-1:0.0: Config register raw data: 0xfffffffb [ 49.890537][ T37] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 49.897556][ T37] em28xx 1-1:0.0: No AC97 audio processor [ 50.112665][ T37] usb 1-1: USB disconnect, device number 2 [ 50.119958][ T37] em28xx 1-1:0.0: Disconnecting em28xx #1 [ 50.125781][ T37] em28xx 1-1:0.0: Disconnecting em28xx [ 50.135436][ T37] em28xx 1-1:0.0: Freeing device [ 50.140970][ T37] em28xx 1-1:0.0: Freeing device [ 50.505991][ T37] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 50.685791][ T37] usb 1-1: Using ep0 maxpacket: 16 [ 50.693150][ T37] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 50.704757][ T37] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 56, changing to 7 [ 50.715824][ T37] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 57832, setting to 1024 [ 50.729455][ T37] usb 1-1: New USB device found, idVendor=2040, idProduct=0265, bcdDevice=4e.d1 [ 50.738590][ T37] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 50.746636][ T37] usb 1-1: Product: syz [ 50.750854][ T37] usb 1-1: Manufacturer: syz [ 50.755457][ T37] usb 1-1: SerialNumber: syz [ 50.763339][ T37] usb 1-1: config 0 descriptor?? [ 50.773772][ T37] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0265, interface 0, class 0) [ 50.783140][ T37] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) executing program [ 51.046323][ T37] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 51.052788][ T37] em28xx 1-1:0.0: Config register raw data: 0xfffffffb [ 51.060306][ T37] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 51.067301][ T37] em28xx 1-1:0.0: No AC97 audio processor [ 51.073029][ T37] list_add corruption. prev->next should be next (ffffffff89df38a0), but was 0000000000000000. (prev=ffff8881127c8250). [ 51.086261][ T37] ------------[ cut here ]------------ [ 51.091751][ T37] kernel BUG at lib/list_debug.c:32! [ 51.097139][ T37] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 51.104198][ T37] CPU: 1 UID: 0 PID: 37 Comm: kworker/1:1 Not tainted 6.11.0-rc7-syzkaller-00152-g68d4209158f4 #0 [ 51.114822][ T37] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 51.124906][ T37] Workqueue: usb_hub_wq hub_event [ 51.130118][ T37] RIP: 0010:__list_add_valid_or_report+0xbe/0x100 [ 51.136573][ T37] Code: e1 fe 90 0f 0b 48 89 d9 48 c7 c7 c0 9b 46 87 e8 98 b2 e1 fe 90 0f 0b 48 89 f1 48 c7 c7 40 9c 46 87 48 89 de e8 83 b2 e1 fe 90 <0f> 0b 48 89 f2 48 89 d9 48 89 ee 48 c7 c7 c0 9c 46 87 e8 6b b2 e1 [ 51.156222][ T37] RSP: 0018:ffffc90000276f08 EFLAGS: 00010286 [ 51.162336][ T37] RAX: 0000000000000075 RBX: ffffffff89df38a0 RCX: ffffffff813560b9 [ 51.170363][ T37] RDX: 0000000000000000 RSI: ffffffff8135f4f6 RDI: 0000000000000005 [ 51.178348][ T37] RBP: ffff8881131c8250 R08: 0000000000000005 R09: 0000000000000000 [ 51.186331][ T37] R10: 0000000080000000 R11: 0000000000000001 R12: ffff8881131c8250 [ 51.194341][ T37] R13: ffff8881131c8000 R14: ffff8881131c99d4 R15: ffff888121ef7000 [ 51.202340][ T37] FS: 0000000000000000(0000) GS:ffff8881f5900000(0000) knlGS:0000000000000000 [ 51.211303][ T37] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.217901][ T37] CR2: 00007fffa8d29f18 CR3: 000000011577c000 CR4: 00000000003506f0 [ 51.225884][ T37] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 51.233884][ T37] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 51.241867][ T37] Call Trace: [ 51.245159][ T37] [ 51.248095][ T37] ? show_regs+0x8c/0xa0 [ 51.252376][ T37] ? die+0x36/0xa0 [ 51.256146][ T37] ? do_trap+0x232/0x430 [ 51.260408][ T37] ? __list_add_valid_or_report+0xbe/0x100 [ 51.266238][ T37] ? __list_add_valid_or_report+0xbe/0x100 [ 51.272067][ T37] ? do_error_trap+0xf4/0x230 [ 51.276767][ T37] ? __list_add_valid_or_report+0xbe/0x100 [ 51.282602][ T37] ? handle_invalid_op+0x34/0x40 [ 51.287558][ T37] ? __list_add_valid_or_report+0xbe/0x100 [ 51.293407][ T37] ? exc_invalid_op+0x2e/0x50 [ 51.298113][ T37] ? asm_exc_invalid_op+0x1a/0x20 [ 51.303168][ T37] ? __wake_up_klogd.part.0+0x99/0xf0 [ 51.308564][ T37] ? vprintk+0x86/0xa0 [ 51.312662][ T37] ? __list_add_valid_or_report+0xbe/0x100 [ 51.318499][ T37] ? __list_add_valid_or_report+0xbd/0x100 [ 51.324336][ T37] em28xx_init_extension+0x48/0x200 [ 51.329562][ T37] em28xx_init_dev.constprop.0+0x197b/0x3090 [ 51.335647][ T37] ? __pfx_em28xx_init_dev.constprop.0+0x10/0x10 [ 51.342110][ T37] ? lockdep_init_map_type+0x16d/0x7d0 [ 51.347611][ T37] ? lockdep_init_map_type+0x16d/0x7d0 [ 51.353091][ T37] ? __raw_spin_lock_init+0x3a/0x110 [ 51.358402][ T37] em28xx_usb_probe+0x10db/0x3730 [ 51.363448][ T37] usb_probe_interface+0x309/0x9d0 [ 51.368578][ T37] ? __pfx_usb_probe_interface+0x10/0x10 [ 51.374224][ T37] really_probe+0x23e/0xa90 [ 51.378759][ T37] __driver_probe_device+0x1de/0x440 [ 51.384069][ T37] driver_probe_device+0x4c/0x1b0 [ 51.389122][ T37] __device_attach_driver+0x1df/0x310 [ 51.394706][ T37] ? __pfx___device_attach_driver+0x10/0x10 [ 51.400614][ T37] bus_for_each_drv+0x157/0x1e0 [ 51.405496][ T37] ? __pfx_bus_for_each_drv+0x10/0x10 [ 51.410877][ T37] ? lockdep_hardirqs_on+0x7c/0x110 [ 51.416114][ T37] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 51.421952][ T37] __device_attach+0x1e8/0x4b0 [ 51.426733][ T37] ? __pfx___device_attach+0x10/0x10 [ 51.432037][ T37] ? do_raw_spin_unlock+0x172/0x230 [ 51.437351][ T37] bus_probe_device+0x17f/0x1c0 [ 51.442215][ T37] device_add+0x114b/0x1a70 [ 51.446759][ T37] ? __pfx_device_add+0x10/0x10 [ 51.451634][ T37] ? mark_held_locks+0x9f/0xe0 [ 51.456418][ T37] usb_set_configuration+0x10cb/0x1c50 [ 51.461914][ T37] ? __pfx_usb_generic_driver_probe+0x10/0x10 [ 51.468001][ T37] usb_generic_driver_probe+0xb1/0x110 [ 51.473479][ T37] usb_probe_device+0xec/0x3e0 [ 51.478261][ T37] ? __pfx_usb_probe_device+0x10/0x10 [ 51.483645][ T37] really_probe+0x23e/0xa90 [ 51.488200][ T37] __driver_probe_device+0x1de/0x440 [ 51.493501][ T37] ? usb_driver_applicable+0x1c7/0x220 [ 51.499019][ T37] driver_probe_device+0x4c/0x1b0 [ 51.504077][ T37] __device_attach_driver+0x1df/0x310 [ 51.509466][ T37] ? __pfx___device_attach_driver+0x10/0x10 [ 51.515375][ T37] bus_for_each_drv+0x157/0x1e0 [ 51.520235][ T37] ? __pfx_bus_for_each_drv+0x10/0x10 [ 51.525617][ T37] ? lockdep_hardirqs_on+0x7c/0x110 [ 51.530830][ T37] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 51.536665][ T37] __device_attach+0x1e8/0x4b0 [ 51.541450][ T37] ? __pfx___device_attach+0x10/0x10 [ 51.546753][ T37] ? do_raw_spin_unlock+0x172/0x230 [ 51.551985][ T37] bus_probe_device+0x17f/0x1c0 [ 51.556877][ T37] device_add+0x114b/0x1a70 [ 51.561415][ T37] ? __pfx_device_add+0x10/0x10 [ 51.566304][ T37] ? add_device_randomness+0xb8/0xf0 [ 51.571706][ T37] usb_new_device+0xd90/0x1a10 [ 51.576502][ T37] ? __pfx_usb_new_device+0x10/0x10 [ 51.581744][ T37] hub_event+0x2e58/0x4f40 [ 51.586220][ T37] ? __pfx_hub_event+0x10/0x10 [ 51.591027][ T37] ? __pfx_lock_acquire+0x10/0x10 [ 51.596088][ T37] ? __pfx_lock_release+0x10/0x10 [ 51.601144][ T37] process_one_work+0x9c5/0x1b40 [ 51.606125][ T37] ? __pfx_hub_event+0x10/0x10 [ 51.610918][ T37] ? __pfx_process_one_work+0x10/0x10 [ 51.616322][ T37] ? assign_work+0x1a0/0x250 [ 51.620934][ T37] worker_thread+0x6c8/0xed0 [ 51.625562][ T37] ? __kthread_parkme+0x148/0x220 [ 51.630605][ T37] ? __pfx_worker_thread+0x10/0x10 [ 51.635751][ T37] kthread+0x2c1/0x3a0 [ 51.639933][ T37] ? _raw_spin_unlock_irq+0x23/0x50 [ 51.645162][ T37] ? __pfx_kthread+0x10/0x10 [ 51.649784][ T37] ret_from_fork+0x45/0x80 [ 51.654244][ T37] ? __pfx_kthread+0x10/0x10 [ 51.658844][ T37] ret_from_fork_asm+0x1a/0x30 [ 51.663633][ T37] [ 51.666651][ T37] Modules linked in: [ 51.670688][ T37] ---[ end trace 0000000000000000 ]--- [ 51.676212][ T37] RIP: 0010:__list_add_valid_or_report+0xbe/0x100 [ 51.682694][ T37] Code: e1 fe 90 0f 0b 48 89 d9 48 c7 c7 c0 9b 46 87 e8 98 b2 e1 fe 90 0f 0b 48 89 f1 48 c7 c7 40 9c 46 87 48 89 de e8 83 b2 e1 fe 90 <0f> 0b 48 89 f2 48 89 d9 48 89 ee 48 c7 c7 c0 9c 46 87 e8 6b b2 e1 [ 51.702457][ T37] RSP: 0018:ffffc90000276f08 EFLAGS: 00010286 [ 51.708593][ T37] RAX: 0000000000000075 RBX: ffffffff89df38a0 RCX: ffffffff813560b9 [ 51.716614][ T37] RDX: 0000000000000000 RSI: ffffffff8135f4f6 RDI: 0000000000000005 [ 51.724604][ T37] RBP: ffff8881131c8250 R08: 0000000000000005 R09: 0000000000000000 [ 51.732631][ T37] R10: 0000000080000000 R11: 0000000000000001 R12: ffff8881131c8250 [ 51.740669][ T37] R13: ffff8881131c8000 R14: ffff8881131c99d4 R15: ffff888121ef7000 [ 51.748705][ T37] FS: 0000000000000000(0000) GS:ffff8881f5900000(0000) knlGS:0000000000000000 [ 51.757717][ T37] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.764325][ T37] CR2: 00007fffa8d29f18 CR3: 000000011577c000 CR4: 00000000003506f0 [ 51.772345][ T37] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 51.780386][ T37] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 51.788530][ T37] Kernel panic - not syncing: Fatal exception [ 51.794775][ T37] Kernel Offset: disabled [ 51.799110][ T37] Rebooting in 86400 seconds..