syzkaller login: [ 41.007762][ T31] kauditd_printk_skb: 5 callbacks suppressed [ 41.007830][ T31] audit: type=1400 audit(40.950:68): avc: denied { read write } for pid=3100 comm="sftp-server" name="null" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 41.029592][ T31] audit: type=1400 audit(40.970:69): avc: denied { open } for pid=3100 comm="sftp-server" path="/dev/null" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 Warning: Permanently added '[localhost]:63829' (ED25519) to the list of known hosts. [ 81.698124][ T31] audit: type=1400 audit(81.620:70): avc: denied { execute } for pid=3113 comm="sh" name="syz-executor2493800087" dev="vda" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 81.851540][ T31] audit: type=1400 audit(81.790:71): avc: denied { execute_no_trans } for pid=3113 comm="sh" path="/syz-executor2493800087" dev="vda" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 82.438243][ T31] audit: type=1400 audit(82.380:72): avc: denied { execmem } for pid=3113 comm="syz-executor249" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 executing program [ 82.483907][ T31] audit: type=1400 audit(82.430:73): avc: denied { ioctl } for pid=3114 comm="syz-executor249" path="/dev/raw-gadget" dev="devtmpfs" ino=707 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 82.759588][ T105] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 82.953628][ T105] usb 1-1: config 0 has an invalid interface number: 230 but max is 0 [ 82.954043][ T105] usb 1-1: config 0 has no interface number 0 [ 82.954351][ T105] usb 1-1: config 0 interface 230 altsetting 0 endpoint 0x4 has invalid maxpacket 1024, setting to 64 [ 82.954853][ T105] usb 1-1: New USB device found, idVendor=0424, idProduct=c001, bcdDevice=7f.ee [ 82.955158][ T105] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 82.959646][ T105] usb 1-1: config 0 descriptor?? [ 83.193871][ T46] usb 1-1: USB disconnect, device number 2 [ 83.201074][ T46] ------------[ cut here ]------------ [ 83.201634][ T46] WARNING: CPU: 1 PID: 46 at lib/refcount.c:28 refcount_warn_saturate+0x13c/0x174 [ 83.203093][ T46] refcount_t: underflow; use-after-free. [ 83.203756][ T46] Modules linked in: [ 83.204486][ T46] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 83.206124][ T46] CPU: 1 UID: 0 PID: 46 Comm: kworker/1:1 Not tainted 6.11.0-rc7-syzkaller #0 [ 83.207057][ T46] Hardware name: ARM-Versatile Express [ 83.207553][ T46] Workqueue: usb_hub_wq hub_event [ 83.208164][ T46] Call trace: [ 83.208633][ T46] [<8195d3d8>] (dump_backtrace) from [<8195d4d4>] (show_stack+0x18/0x1c) [ 83.211105][ T46] r7:00000000 r6:826228c4 r5:00000000 r4:8200cac0 [ 83.211630][ T46] [<8195d4bc>] (show_stack) from [<8197b1f4>] (dump_stack_lvl+0x54/0x7c) [ 83.212173][ T46] [<8197b1a0>] (dump_stack_lvl) from [<8197b234>] (dump_stack+0x18/0x1c) [ 83.212786][ T46] r5:00000000 r4:8286dd18 [ 83.213215][ T46] [<8197b21c>] (dump_stack) from [<8195df7c>] (panic+0x120/0x368) [ 83.213669][ T46] [<8195de5c>] (panic) from [<802421e4>] (get_taint+0x0/0x1c) [ 83.214171][ T46] r3:8260c5c4 r2:00000001 r1:81ff52e4 r0:81ffd0bc [ 83.214767][ T46] r7:80813f4c [ 83.215124][ T46] [<80242170>] (check_panic_on_warn) from [<80242338>] (__warn+0x7c/0x180) [ 83.215789][ T46] [<802422bc>] (__warn) from [<80242624>] (warn_slowpath_fmt+0x1e8/0x1f4) [ 83.216423][ T46] r8:00000009 r7:8205adc0 r6:df91dc04 r5:8348a400 r4:00000000 [ 83.216809][ T46] [<80242440>] (warn_slowpath_fmt) from [<80813f4c>] (refcount_warn_saturate+0x13c/0x174) [ 83.218017][ T46] r10:827c8bd8 r9:848e4080 r8:00000044 r7:848e4430 r6:83ed47b4 r5:848e4400 [ 83.219882][ T46] r4:83ed4000 [ 83.220637][ T46] [<80813e10>] (refcount_warn_saturate) from [<819372e0>] (kobject_put+0x158/0x1f4) [ 83.221074][ T46] [<81937188>] (kobject_put) from [<80a74a04>] (put_device+0x18/0x1c) [ 83.222493][ T46] r7:848e4430 r6:83ed47b4 r5:848e4400 r4:83ed4000 [ 83.222790][ T46] [<80a749ec>] (put_device) from [<81344bf8>] (hdm_disconnect+0x98/0x9c) [ 83.223294][ T46] [<81344b60>] (hdm_disconnect) from [<80dbe638>] (usb_unbind_interface+0x84/0x2c4) [ 83.224325][ T46] r7:848e4430 r6:827c8bd8 r5:00000000 r4:848e4400 [ 83.224958][ T46] [<80dbe5b4>] (usb_unbind_interface) from [<80a7c8dc>] (device_remove+0x64/0x6c) [ 83.225820][ T46] r10:00000000 r9:848e4080 r8:00000044 r7:848e4474 r6:827c8bd8 r5:00000000 [ 83.226462][ T46] r4:848e4430 [ 83.226745][ T46] [<80a7c878>] (device_remove) from [<80a7ddf4>] (device_release_driver_internal+0x18c/0x200) [ 83.227972][ T46] r5:00000000 r4:848e4430 [ 83.228409][ T46] [<80a7dc68>] (device_release_driver_internal) from [<80a7de80>] (device_release_driver+0x18/0x1c) [ 83.230678][ T46] r9:848e4080 r8:82fbc140 r7:82fbc138 r6:82fbc10c r5:848e4430 r4:82fbc130 [ 83.231588][ T46] [<80a7de68>] (device_release_driver) from [<80a7bf60>] (bus_remove_device+0xcc/0x120) [ 83.232270][ T46] [<80a7be94>] (bus_remove_device) from [<80a76070>] (device_del+0x148/0x38c) [ 83.232934][ T46] r9:848e4080 r8:8348a400 r7:04208060 r6:00000000 r5:848e4430 r4:848e4474 [ 83.233764][ T46] [<80a75f28>] (device_del) from [<80dbc054>] (usb_disable_device+0xdc/0x1f0) [ 83.235078][ T46] r10:00000000 r9:00000000 r8:848e4400 r7:848e4000 r6:84aae288 r5:00000001 [ 83.235898][ T46] r4:00000038 [ 83.236474][ T46] [<80dbbf78>] (usb_disable_device) from [<80db0eb8>] (usb_disconnect+0xec/0x29c) [ 83.237453][ T46] r10:00000001 r9:83ff9600 r8:848e40c4 r7:83e03c00 r6:848e4080 r5:848e4000 [ 83.238762][ T46] r4:60000013 [ 83.239012][ T46] [<80db0dcc>] (usb_disconnect) from [<80db3b68>] (hub_event+0xe78/0x194c) [ 83.240738][ T46] r10:00000001 r9:00000100 r8:839cc900 r7:848e4000 r6:83e03400 r5:83e03e10 [ 83.241398][ T46] r4:00000001 [ 83.241702][ T46] [<80db2cf0>] (hub_event) from [<80265f04>] (process_one_work+0x1b4/0x4f4) [ 83.242227][ T46] r10:82ea8c05 r9:8348a400 r8:01800000 r7:ddde4000 r6:82ea8c00 r5:839cc900 [ 83.242748][ T46] r4:82fbdb80 [ 83.242934][ T46] [<80265d50>] (process_one_work) from [<80266ae8>] (worker_thread+0x1ec/0x3bc) [ 83.243534][ T46] r10:8348a400 r9:82fbdbac r8:61c88647 r7:ddde4020 r6:82604d40 r5:ddde4000 [ 83.244021][ T46] r4:82fbdb80 [ 83.244223][ T46] [<802668fc>] (worker_thread) from [<8026fb04>] (kthread+0x104/0x134) [ 83.244653][ T46] r10:00000000 r9:df87de78 r8:82fbfbc0 r7:82fbdb80 r6:802668fc r5:8348a400 [ 83.244998][ T46] r4:82fbf940 [ 83.245365][ T46] [<8026fa00>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20) [ 83.246008][ T46] Exception stack(0xdf91dfb0 to 0xdf91dff8) [ 83.246587][ T46] dfa0: 00000000 00000000 00000000 00000000 [ 83.247341][ T46] dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 83.247922][ T46] dfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 83.248509][ T46] r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8026fa00 r4:82fbf940 [ 83.251162][ T46] Rebooting in 86400 seconds.. VM DIAGNOSIS: 07:45:07 Registers: info registers vcpu 0 CPU#0 R00=0000005a R01=01601588 R02=0000005a R03=00004000 R04=015fa1a8 R05=76fc75a0 R06=76fc75a0 R07=00000121 R08=00000000 R09=00000013 R10=76e90e60 R11=0160158b R12=00000000 R13=ec48dff8 R14=76e1d918 R15=76e1d918 PSR=60000093 -ZC- A S svc32 s00=00000000 s01=00000000 d00=0000000000000000 s02=00000000 s03=00000000 d01=0000000000000000 s04=00000000 s05=00000000 d02=0000000000000000 s06=00000000 s07=00000000 d03=0000000000000000 s08=00000000 s09=00000000 d04=0000000000000000 s10=00000000 s11=00000000 d05=0000000000000000 s12=00000000 s13=00000000 d06=0000000000000000 s14=00000000 s15=00000000 d07=0000000000000000 s16=00000000 s17=00000000 d08=0000000000000000 s18=00000000 s19=00000000 d09=0000000000000000 s20=00000000 s21=00000000 d10=0000000000000000 s22=00000000 s23=00000000 d11=0000000000000000 s24=00000000 s25=00000000 d12=0000000000000000 s26=00000000 s27=00000000 d13=0000000000000000 s28=00000000 s29=00000000 d14=0000000000000000 s30=00000000 s31=00000000 d15=0000000000000000 s32=00000000 s33=00000000 d16=0000000000000000 s34=00000000 s35=00000000 d17=0000000000000000 s36=00000000 s37=00000000 d18=0000000000000000 s38=00000000 s39=00000000 d19=0000000000000000 s40=00000000 s41=00000000 d20=0000000000000000 s42=00000000 s43=00000000 d21=0000000000000000 s44=00000000 s45=00000000 d22=0000000000000000 s46=00000000 s47=00000000 d23=0000000000000000 s48=00000000 s49=00000000 d24=0000000000000000 s50=00000000 s51=00000000 d25=0000000000000000 s52=00000000 s53=00000000 d26=0000000000000000 s54=00000000 s55=00000000 d27=0000000000000000 s56=00000000 s57=00000000 d28=0000000000000000 s58=00000000 s59=00000000 d29=0000000000000000 s60=00000000 s61=00000000 d30=0000000000000000 s62=00000000 s63=00000000 d31=0000000000000000 FPSCR: 00000000 info registers vcpu 1 CPU#1 R00=00000001 R01=8200cac0 R02=00000000 R03=8197cf84 R04=826f54c8 R05=826f54c0 R06=00000028 R07=00000006 R08=826f54c8 R09=00000000 R10=82201ec0 R11=df91d97c R12=df91d980 R13=df91d970 R14=8197bc18 R15=8197cf94 PSR=80000093 N--- A S svc32 s00=00000000 s01=00000000 d00=0000000000000000 s02=00000000 s03=00000000 d01=0000000000000000 s04=00000000 s05=00000000 d02=0000000000000000 s06=00000000 s07=00000000 d03=0000000000000000 s08=00000000 s09=00000000 d04=0000000000000000 s10=00000000 s11=00000000 d05=0000000000000000 s12=00000000 s13=00000000 d06=0000000000000000 s14=00000000 s15=00000000 d07=0000000000000000 s16=00000000 s17=00000000 d08=0000000000000000 s18=00000000 s19=00000000 d09=0000000000000000 s20=00000000 s21=00000000 d10=0000000000000000 s22=00000000 s23=00000000 d11=0000000000000000 s24=00000000 s25=00000000 d12=0000000000000000 s26=00000000 s27=00000000 d13=0000000000000000 s28=00000000 s29=00000000 d14=0000000000000000 s30=00000000 s31=00000000 d15=0000000000000000 s32=00000000 s33=00000000 d16=0000000000000000 s34=00000000 s35=00000000 d17=0000000000000000 s36=00000000 s37=00000000 d18=0000000000000000 s38=00000000 s39=00000000 d19=0000000000000000 s40=00000000 s41=00000000 d20=0000000000000000 s42=00000000 s43=00000000 d21=0000000000000000 s44=00000000 s45=00000000 d22=0000000000000000 s46=00000000 s47=00000000 d23=0000000000000000 s48=00000000 s49=00000000 d24=0000000000000000 s50=00000000 s51=00000000 d25=0000000000000000 s52=00000000 s53=00000000 d26=0000000000000000 s54=00000000 s55=00000000 d27=0000000000000000 s56=00000000 s57=00000000 d28=0000000000000000 s58=00000000 s59=00000000 d29=0000000000000000 s60=00000000 s61=00000000 d30=0000000000000000 s62=00000000 s63=00000000 d31=0000000000000000 FPSCR: 00000000