Warning: Permanently added '[localhost]:16261' (ED25519) to the list of known hosts.
2025/07/25 23:34:50 ignoring optional flag "sandboxArg"="0"
2025/07/25 23:34:52 parsed 1 programs
syzkaller login: [ 88.572398][ T5328] cgroup: Unknown subsys name 'net'
[ 88.642354][ T5328] cgroup: Unknown subsys name 'cpuset'
[ 88.650848][ T5328] cgroup: Unknown subsys name 'rlimit'
[ 90.302330][ T5328] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 91.914290][ T10] cfg80211: failed to load regulatory.db
[ 94.631147][ T5344] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 97.151128][ T5381] chnl_net:caif_netlink_parms(): no params data found
[ 97.216726][ T5381] bridge0: port 1(bridge_slave_0) entered blocking state
[ 97.220907][ T5381] bridge0: port 1(bridge_slave_0) entered disabled state
[ 97.224766][ T5381] bridge_slave_0: entered allmulticast mode
[ 97.228928][ T5381] bridge_slave_0: entered promiscuous mode
[ 97.236205][ T5381] bridge0: port 2(bridge_slave_1) entered blocking state
[ 97.239421][ T5381] bridge0: port 2(bridge_slave_1) entered disabled state
[ 97.242494][ T5381] bridge_slave_1: entered allmulticast mode
[ 97.246661][ T5381] bridge_slave_1: entered promiscuous mode
[ 97.272793][ T5381] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 97.280190][ T5381] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 97.308014][ T5381] team0: Port device team_slave_0 added
[ 97.313377][ T5381] team0: Port device team_slave_1 added
[ 97.337393][ T5381] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 97.340951][ T5381] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 97.353038][ T5381] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 97.360650][ T5381] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 97.364381][ T5381] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 97.375941][ T5381] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 97.410478][ T5381] hsr_slave_0: entered promiscuous mode
[ 97.414825][ T5381] hsr_slave_1: entered promiscuous mode
[ 97.565463][ T5381] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 97.575657][ T5381] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 97.582812][ T5381] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 97.590328][ T5381] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 97.622626][ T5381] bridge0: port 2(bridge_slave_1) entered blocking state
[ 97.626086][ T5381] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 97.630090][ T5381] bridge0: port 1(bridge_slave_0) entered blocking state
[ 97.633356][ T5381] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 97.698639][ T5381] 8021q: adding VLAN 0 to HW filter on device bond0
[ 97.711742][ T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 97.718084][ T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 97.730925][ T5381] 8021q: adding VLAN 0 to HW filter on device team0
[ 97.741138][ T3033] bridge0: port 1(bridge_slave_0) entered blocking state
[ 97.744697][ T3033] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 97.766706][ T3033] bridge0: port 2(bridge_slave_1) entered blocking state
[ 97.769561][ T3033] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 97.947907][ T5381] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 97.987295][ T5381] veth0_vlan: entered promiscuous mode
[ 97.997464][ T5381] veth1_vlan: entered promiscuous mode
[ 98.026260][ T5381] veth0_macvtap: entered promiscuous mode
[ 98.031971][ T5381] veth1_macvtap: entered promiscuous mode
[ 98.049860][ T5381] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 98.065577][ T5381] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 98.073667][ T5381] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.080779][ T5381] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.086327][ T5381] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.090014][ T5381] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.256973][ T3033] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 98.316319][ T3033] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 98.354922][ T3033] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 98.401678][ T3033] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 98.429060][ T31] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 98.432696][ T31] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 98.469291][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 98.473632][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 99.464825][ T5424] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 99.468939][ T5424] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 99.472445][ T5424] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 99.478885][ T5424] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 99.481900][ T5424] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/07/25 23:35:06 executed programs: 0
[ 100.088108][ T4685] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 100.091967][ T4685] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 100.097590][ T4685] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 100.101238][ T4685] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 100.105318][ T4685] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 100.338354][ T5434] chnl_net:caif_netlink_parms(): no params data found
[ 100.471635][ T5434] bridge0: port 1(bridge_slave_0) entered blocking state
[ 100.484358][ T5434] bridge0: port 1(bridge_slave_0) entered disabled state
[ 100.487817][ T5434] bridge_slave_0: entered allmulticast mode
[ 100.503915][ T5434] bridge_slave_0: entered promiscuous mode
[ 100.516370][ T5434] bridge0: port 2(bridge_slave_1) entered blocking state
[ 100.519614][ T5434] bridge0: port 2(bridge_slave_1) entered disabled state
[ 100.522846][ T5434] bridge_slave_1: entered allmulticast mode
[ 100.547462][ T5434] bridge_slave_1: entered promiscuous mode
[ 100.589139][ T5434] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 100.598980][ T5434] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 100.625221][ T5434] team0: Port device team_slave_0 added
[ 100.632114][ T5434] team0: Port device team_slave_1 added
[ 100.653497][ T5434] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 100.657252][ T5434] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 100.668973][ T5434] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 100.676161][ T5434] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 100.679178][ T5434] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 100.690682][ T5434] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 100.726122][ T5434] hsr_slave_0: entered promiscuous mode
[ 100.729260][ T5434] hsr_slave_1: entered promiscuous mode
[ 100.733080][ T5434] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 100.738199][ T5434] Cannot create hsr debugfs directory
[ 100.921775][ T3033] bridge_slave_1: left allmulticast mode
[ 100.934999][ T3033] bridge_slave_1: left promiscuous mode
[ 100.939531][ T3033] bridge0: port 2(bridge_slave_1) entered disabled state
[ 100.952250][ T3033] bridge_slave_0: left allmulticast mode
[ 100.965882][ T3033] bridge_slave_0: left promiscuous mode
[ 100.968857][ T3033] bridge0: port 1(bridge_slave_0) entered disabled state
[ 101.374781][ T3033] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 101.380449][ T3033] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 101.385974][ T3033] bond0 (unregistering): Released all slaves
[ 101.481224][ T3033] hsr_slave_0: left promiscuous mode
[ 101.488299][ T3033] hsr_slave_1: left promiscuous mode
[ 101.491207][ T3033] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 101.496740][ T3033] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 101.500748][ T3033] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 101.508955][ T3033] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 101.522352][ T3033] veth1_macvtap: left promiscuous mode
[ 101.525352][ T3033] veth0_macvtap: left promiscuous mode
[ 101.527695][ T3033] veth1_vlan: left promiscuous mode
[ 101.529904][ T3033] veth0_vlan: left promiscuous mode
[ 101.823024][ T3033] team0 (unregistering): Port device team_slave_1 removed
[ 101.843366][ T3033] team0 (unregistering): Port device team_slave_0 removed
[ 102.135385][ T4685] Bluetooth: hci0: command tx timeout
[ 102.858401][ T5434] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 102.886142][ T5434] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 102.968160][ T5434] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 102.991241][ T5434] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 103.319600][ T5434] 8021q: adding VLAN 0 to HW filter on device bond0
[ 103.385955][ T5434] 8021q: adding VLAN 0 to HW filter on device team0
[ 103.402206][ T1135] bridge0: port 1(bridge_slave_0) entered blocking state
[ 103.405453][ T1135] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 103.468515][ T31] bridge0: port 2(bridge_slave_1) entered blocking state
[ 103.472418][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 103.806179][ T5434] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 103.871903][ T5434] veth0_vlan: entered promiscuous mode
[ 103.880963][ T5434] veth1_vlan: entered promiscuous mode
[ 103.912359][ T5434] veth0_macvtap: entered promiscuous mode
[ 103.919117][ T5434] veth1_macvtap: entered promiscuous mode
[ 103.936498][ T5434] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 103.947259][ T5434] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 103.956035][ T5434] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.960313][ T5434] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.966857][ T5434] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.970918][ T5434] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 104.040030][ T1041] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 104.043404][ T1041] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 104.081372][ T3033] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 104.086250][ T3033] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 104.214146][ T4685] Bluetooth: hci0: command tx timeout
[ 104.383954][ T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 104.534722][ T10] usb 5-1: Using ep0 maxpacket: 32
[ 104.541713][ T10] usb 5-1: config 0 has an invalid interface number: 201 but max is 0
[ 104.546808][ T10] usb 5-1: config 0 has no interface number 0
[ 104.552252][ T10] usb 5-1: New USB device found, idVendor=0424, idProduct=c001, bcdDevice=c3.55
[ 104.557217][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 104.560664][ T10] usb 5-1: Product: syz
[ 104.562381][ T10] usb 5-1: Manufacturer: syz
[ 104.565873][ T10] usb 5-1: SerialNumber: syz
[ 104.571104][ T10] usb 5-1: config 0 descriptor??
[ 104.791106][ T10] usb 5-1: USB disconnect, device number 2
[ 104.799407][ T10] ==================================================================
[ 104.802677][ T10] BUG: KASAN: slab-use-after-free in hdm_disconnect+0x10d/0x1c0
[ 104.805826][ T10] Read of size 8 at addr ffff88803ef2d898 by task kworker/0:1/10
[ 104.808834][ T10]
[ 104.809848][ T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.16.0-rc7-syzkaller-00105-g2942242dde89 #0 PREEMPT(full)
[ 104.809862][ T10] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 104.809870][ T10] Workqueue: usb_hub_wq hub_event
[ 104.809887][ T10] Call Trace:
[ 104.809894][ T10]
[ 104.809900][ T10] dump_stack_lvl+0x189/0x250
[ 104.809913][ T10] ? __kasan_check_byte+0x12/0x40
[ 104.810041][ T10] ? __pfx_dump_stack_lvl+0x10/0x10
[ 104.810053][ T10] ? lock_release+0x4b/0x3e0
[ 104.810064][ T10] ? __virt_addr_valid+0x4a5/0x5c0
[ 104.810077][ T10] print_report+0xca/0x240
[ 104.810087][ T10] ? hdm_disconnect+0x10d/0x1c0
[ 104.810101][ T10] kasan_report+0x118/0x150
[ 104.810114][ T10] ? hdm_disconnect+0x10d/0x1c0
[ 104.810127][ T10] hdm_disconnect+0x10d/0x1c0
[ 104.810141][ T10] usb_unbind_interface+0x26e/0x8f0
[ 104.810156][ T10] ? __pfx_usb_unbind_interface+0x10/0x10
[ 104.810169][ T10] device_release_driver_internal+0x4d6/0x7c0
[ 104.810183][ T10] bus_remove_device+0x34d/0x410
[ 104.810195][ T10] device_del+0x511/0x8e0
[ 104.810218][ T10] ? __pm_runtime_barrier+0x212/0x460
[ 104.810233][ T10] ? __pfx_device_del+0x10/0x10
[ 104.810246][ T10] ? __pfx___mutex_lock+0x10/0x10
[ 104.810293][ T10] usb_disable_device+0x3e9/0x8a0
[ 104.810307][ T10] usb_disconnect+0x330/0x950
[ 104.810321][ T10] hub_event+0x1cf5/0x4a20
[ 104.810339][ T10] ? do_raw_spin_lock+0x121/0x290
[ 104.810354][ T10] ? register_lock_class+0x51/0x320
[ 104.810368][ T10] ? __pfx_hub_event+0x10/0x10
[ 104.810379][ T10] ? process_scheduled_works+0x9ef/0x17b0
[ 104.810393][ T10] ? _raw_spin_unlock_irq+0x23/0x50
[ 104.810407][ T10] ? process_scheduled_works+0x9ef/0x17b0
[ 104.810418][ T10] ? process_scheduled_works+0x9ef/0x17b0
[ 104.810428][ T10] process_scheduled_works+0xae1/0x17b0
[ 104.810444][ T10] ? __pfx_process_scheduled_works+0x10/0x10
[ 104.810457][ T10] worker_thread+0x8a0/0xda0
[ 104.810473][ T10] kthread+0x711/0x8a0
[ 104.810487][ T10] ? __pfx_worker_thread+0x10/0x10
[ 104.810498][ T10] ? __pfx_kthread+0x10/0x10
[ 104.810511][ T10] ? _raw_spin_unlock_irq+0x23/0x50
[ 104.810524][ T10] ? lockdep_hardirqs_on+0x9c/0x150
[ 104.810532][ T10] ? __pfx_kthread+0x10/0x10
[ 104.810544][ T10] ret_from_fork+0x3fc/0x770
[ 104.810554][ T10] ? __pfx_ret_from_fork+0x10/0x10
[ 104.810566][ T10] ? __pfx_kthread+0x10/0x10
[ 104.810578][ T10] ret_from_fork_asm+0x1a/0x30
[ 104.810594][ T10]
[ 104.810598][ T10]
[ 104.913406][ T10] Allocated by task 10:
[ 104.915736][ T10] kasan_save_track+0x3e/0x80
[ 104.918400][ T10] __kasan_kmalloc+0x93/0xb0
[ 104.920844][ T10] __kmalloc_cache_noprof+0x230/0x3d0
[ 104.923348][ T10] hdm_probe+0x96/0x1400
[ 104.925218][ T10] usb_probe_interface+0x644/0xbc0
[ 104.927413][ T10] really_probe+0x26a/0x9a0
[ 104.929332][ T10] __driver_probe_device+0x18c/0x2f0
[ 104.931649][ T10] driver_probe_device+0x4f/0x430
[ 104.933782][ T10] __device_attach_driver+0x2ce/0x530
[ 104.935968][ T10] bus_for_each_drv+0x251/0x2e0
[ 104.938119][ T10] __device_attach+0x2b8/0x400
[ 104.940106][ T10] bus_probe_device+0x185/0x260
[ 104.942047][ T10] device_add+0x7b6/0xb50
[ 104.943901][ T10] usb_set_configuration+0x1a87/0x20e0
[ 104.946076][ T10] usb_generic_driver_probe+0x8d/0x150
[ 104.948312][ T10] usb_probe_device+0x1c4/0x390
[ 104.950360][ T10] really_probe+0x26a/0x9a0
[ 104.951964][ T10] __driver_probe_device+0x18c/0x2f0
[ 104.954330][ T10] driver_probe_device+0x4f/0x430
[ 104.956656][ T10] __device_attach_driver+0x2ce/0x530
[ 104.959085][ T10] bus_for_each_drv+0x251/0x2e0
[ 104.961348][ T10] __device_attach+0x2b8/0x400
[ 104.963491][ T10] bus_probe_device+0x185/0x260
[ 104.965582][ T10] device_add+0x7b6/0xb50
[ 104.967356][ T10] usb_new_device+0xa39/0x16c0
[ 104.969243][ T10] hub_event+0x2958/0x4a20
[ 104.971047][ T10] process_scheduled_works+0xae1/0x17b0
[ 104.973269][ T10] worker_thread+0x8a0/0xda0
[ 104.975083][ T10] kthread+0x711/0x8a0
[ 104.976732][ T10] ret_from_fork+0x3fc/0x770
[ 104.978639][ T10] ret_from_fork_asm+0x1a/0x30
[ 104.980676][ T10]
[ 104.981796][ T10] Freed by task 10:
[ 104.983549][ T10] kasan_save_track+0x3e/0x80
[ 104.985394][ T10] kasan_save_free_info+0x46/0x50
[ 104.987303][ T10] __kasan_slab_free+0x62/0x70
[ 104.989389][ T10] kfree+0x18e/0x440
[ 104.990853][ T10] device_release+0x99/0x1c0
[ 104.992737][ T10] kobject_put+0x22b/0x480
[ 104.994682][ T10] hdm_disconnect+0xf3/0x1c0
[ 104.996731][ T10] usb_unbind_interface+0x26e/0x8f0
[ 104.999064][ T10] device_release_driver_internal+0x4d6/0x7c0
[ 105.001742][ T10] bus_remove_device+0x34d/0x410
[ 105.003978][ T10] device_del+0x511/0x8e0
[ 105.005865][ T10] usb_disable_device+0x3e9/0x8a0
[ 105.008142][ T10] usb_disconnect+0x330/0x950
[ 105.010089][ T10] hub_event+0x1cf5/0x4a20
[ 105.011980][ T10] process_scheduled_works+0xae1/0x17b0
[ 105.014232][ T10] worker_thread+0x8a0/0xda0
[ 105.016162][ T10] kthread+0x711/0x8a0
[ 105.017845][ T10] ret_from_fork+0x3fc/0x770
[ 105.019680][ T10] ret_from_fork_asm+0x1a/0x30
[ 105.021672][ T10]
[ 105.022726][ T10] The buggy address belongs to the object at ffff88803ef2c000
[ 105.022726][ T10] which belongs to the cache kmalloc-8k of size 8192
[ 105.028550][ T10] The buggy address is located 6296 bytes inside of
[ 105.028550][ T10] freed 8192-byte region [ffff88803ef2c000, ffff88803ef2e000)
[ 105.034396][ T10]
[ 105.035464][ T10] The buggy address belongs to the physical page:
[ 105.038724][ T10] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3ef28
[ 105.043674][ T10] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 105.048706][ T10] anon flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[ 105.052914][ T10] page_type: f5(slab)
[ 105.054496][ T10] raw: 04fff00000000040 ffff88801a442280 ffffea000047e200 0000000000000005
[ 105.058313][ T10] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[ 105.063132][ T10] head: 04fff00000000040 ffff88801a442280 ffffea000047e200 0000000000000005
[ 105.068046][ T10] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[ 105.071717][ T10] head: 04fff00000000003 ffffea0000fbca01 00000000ffffffff 00000000ffffffff
[ 105.075448][ T10] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 105.079364][ T10] page dumped because: kasan: bad access detected
[ 105.082162][ T10] page_owner tracks the page as allocated
[ 105.084691][ T10] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5328, tgid 5328 (syz-execprog), ts 86228573612, free_ts 86224856199
[ 105.093335][ T10] post_alloc_hook+0x240/0x2a0
[ 105.095487][ T10] get_page_from_freelist+0x21e4/0x22c0
[ 105.098041][ T10] __alloc_frozen_pages_noprof+0x181/0x370
[ 105.100552][ T10] alloc_pages_mpol+0x232/0x4a0
[ 105.102762][ T10] allocate_slab+0x8a/0x3b0
[ 105.104695][ T10] ___slab_alloc+0xbfc/0x1480
[ 105.106716][ T10] __kmalloc_cache_noprof+0x296/0x3d0
[ 105.108801][ T10] tomoyo_init_log+0x111f/0x1f70
[ 105.110869][ T10] tomoyo_supervisor+0x340/0x1480
[ 105.112876][ T10] tomoyo_env_perm+0x149/0x1e0
[ 105.114728][ T10] tomoyo_find_next_domain+0x15cf/0x1aa0
[ 105.117022][ T10] tomoyo_bprm_check_security+0x11c/0x180
[ 105.119280][ T10] security_bprm_check+0x89/0x270
[ 105.121273][ T10] bprm_execve+0x8ee/0x1450
[ 105.123189][ T10] do_execveat_common+0x510/0x6a0
[ 105.125289][ T10] __x64_sys_execve+0x94/0xb0
[ 105.127248][ T10] page last free pid 5326 tgid 5322 stack trace:
[ 105.129808][ T10] __free_frozen_pages+0xc71/0xe70
[ 105.131964][ T10] __put_partials+0x161/0x1c0
[ 105.133993][ T10] put_cpu_partial+0x17c/0x250
[ 105.136091][ T10] __slab_free+0x2f7/0x400
[ 105.138099][ T10] qlist_free_all+0x97/0x140
[ 105.140080][ T10] kasan_quarantine_reduce+0x148/0x160
[ 105.142394][ T10] __kasan_slab_alloc+0x22/0x80
[ 105.144417][ T10] __kmalloc_noprof+0x224/0x4f0
[ 105.146481][ T10] tomoyo_supervisor+0xbd5/0x1480
[ 105.148524][ T10] tomoyo_path_permission+0x25a/0x380
[ 105.150809][ T10] tomoyo_check_open_permission+0x24d/0x3b0
[ 105.153333][ T10] security_file_open+0xb1/0x270
[ 105.155394][ T10] do_dentry_open+0x35e/0x1970
[ 105.157441][ T10] vfs_open+0x3b/0x340
[ 105.159295][ T10] dentry_open+0x61/0xa0
[ 105.161098][ T10] pidfs_alloc_file+0x1c9/0x300
[ 105.163250][ T10]
[ 105.164326][ T10] Memory state around the buggy address:
[ 105.166838][ T10] ffff88803ef2d780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 105.170329][ T10] ffff88803ef2d800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 105.173787][ T10] >ffff88803ef2d880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 105.177269][ T10] ^
[ 105.179435][ T10] ffff88803ef2d900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 105.182723][ T10] ffff88803ef2d980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 105.186040][ T10] ==================================================================
[ 105.232536][ T10] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 105.235596][ T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.16.0-rc7-syzkaller-00105-g2942242dde89 #0 PREEMPT(full)
[ 105.240625][ T10] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 105.245159][ T10] Workqueue: usb_hub_wq hub_event
[ 105.247544][ T10] Call Trace:
[ 105.249001][ T10]
[ 105.250305][ T10] dump_stack_lvl+0x99/0x250
[ 105.252393][ T10] ? __asan_memcpy+0x40/0x70
[ 105.254539][ T10] ? __pfx_dump_stack_lvl+0x10/0x10
[ 105.256795][ T10] ? __pfx__printk+0x10/0x10
[ 105.258826][ T10] panic+0x2db/0x790
[ 105.260572][ T10] ? __pfx_panic+0x10/0x10
[ 105.262520][ T10] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 105.265115][ T10] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 105.267979][ T10] ? print_memory_metadata+0x314/0x400
[ 105.270317][ T10] ? hdm_disconnect+0x10d/0x1c0
[ 105.272410][ T10] check_panic_on_warn+0x89/0xb0
[ 105.274589][ T10] ? hdm_disconnect+0x10d/0x1c0
[ 105.276682][ T10] end_report+0x78/0x160
[ 105.278532][ T10] kasan_report+0x129/0x150
[ 105.280544][ T10] ? hdm_disconnect+0x10d/0x1c0
[ 105.282683][ T10] hdm_disconnect+0x10d/0x1c0
[ 105.284695][ T10] usb_unbind_interface+0x26e/0x8f0
[ 105.286952][ T10] ? __pfx_usb_unbind_interface+0x10/0x10
[ 105.289379][ T10] device_release_driver_internal+0x4d6/0x7c0
[ 105.292067][ T10] bus_remove_device+0x34d/0x410
[ 105.294310][ T10] device_del+0x511/0x8e0
[ 105.296192][ T10] ? __pm_runtime_barrier+0x212/0x460
[ 105.298435][ T10] ? __pfx_device_del+0x10/0x10
[ 105.300510][ T10] ? __pfx___mutex_lock+0x10/0x10
[ 105.302645][ T10] usb_disable_device+0x3e9/0x8a0
[ 105.304788][ T10] usb_disconnect+0x330/0x950
[ 105.306890][ T10] hub_event+0x1cf5/0x4a20
[ 105.308991][ T10] ? do_raw_spin_lock+0x121/0x290
[ 105.311168][ T10] ? register_lock_class+0x51/0x320
[ 105.313511][ T10] ? __pfx_hub_event+0x10/0x10
[ 105.315604][ T10] ? process_scheduled_works+0x9ef/0x17b0
[ 105.318168][ T10] ? _raw_spin_unlock_irq+0x23/0x50
[ 105.320467][ T10] ? process_scheduled_works+0x9ef/0x17b0
[ 105.323000][ T10] ? process_scheduled_works+0x9ef/0x17b0
[ 105.325526][ T10] process_scheduled_works+0xae1/0x17b0
[ 105.328069][ T10] ? __pfx_process_scheduled_works+0x10/0x10
[ 105.330721][ T10] worker_thread+0x8a0/0xda0
[ 105.332878][ T10] kthread+0x711/0x8a0
[ 105.334592][ T10] ? __pfx_worker_thread+0x10/0x10
[ 105.336684][ T10] ? __pfx_kthread+0x10/0x10
[ 105.338473][ T10] ? _raw_spin_unlock_irq+0x23/0x50
[ 105.340637][ T10] ? lockdep_hardirqs_on+0x9c/0x150
[ 105.342848][ T10] ? __pfx_kthread+0x10/0x10
[ 105.344781][ T10] ret_from_fork+0x3fc/0x770
[ 105.346829][ T10] ? __pfx_ret_from_fork+0x10/0x10
[ 105.349048][ T10] ? __pfx_kthread+0x10/0x10
[ 105.351176][ T10] ret_from_fork_asm+0x1a/0x30
[ 105.353238][ T10]
[ 105.354853][ T10] Kernel Offset: disabled
[ 105.356846][ T10] Rebooting in 86400 seconds..
VM DIAGNOSIS:
23:35:11 Registers:
info registers vcpu 0
CPU#0
RAX=000000000000004d RBX=000000000000004d RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc900001c6d30
R8 =ffff888033e10237 R9 =1ffff110067c2046 R10=dffffc0000000000 R11=ffffffff8547a800
R12=dffffc0000000000 R13=ffffffff99afc8fc R14=ffffffff99e01700 R15=0000000000000000
RIP=ffffffff8547a87c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88808d218000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000562e8a36a2c0 CR3=00000000504fa000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000002000002 Opmask01=0000000000020020 Opmask02=000000007ffeffff Opmask03=0000000000000000
Opmask04=00000000ffffefff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000562e8a411880 0000562e8a411880
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000562e8a274520
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000562e8a2aa380
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3d87bf1b20
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000ff00
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffff00 ffffffffffffff00
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2c2c2c2c2c2c2c2c 2c2c2c2c2c2c2c2c 2c2c2c2c2c2c2c2c 2c2c2c2c2c2c2c2c
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e69646165520073 25203a656c696620 7974706d6520676e 697070696b530065
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4245484d4952005f 090c164940454a0c 55585c41490c4b42 455c5c4547530049
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7361647c2a737369 63637c2a65686361 63627c2a6476787c 2a64767c2a64737c
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 003a756b733a302e 30312d3533712d63 707276633a317463 3a554d45516e7663
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3a302e30312d3533 712d63707276703a 29393030322c3948 43492b3533512843
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 50647261646e6174 536e703a554d4551 6e76733a302e3072 623a343130322f31
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 302f343064623a31 2b32316f70627e32 2d332e36312e312d 6e61696265642d33
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 313731302c453631 302c353631302c34 3631302c33343130 2c323431302c3134
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000