syzkaller
syzkaller login: [ 25.047151][ T29] kauditd_printk_skb: 28 callbacks suppressed
[ 25.047169][ T29] audit: type=1400 audit(1755170995.638:55): avc: denied { read open } for pid=2914 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=468 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 29.074107][ T29] audit: type=1400 audit(1755170999.668:56): avc: denied { transition } for pid=2934 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 29.096752][ T29] audit: type=1400 audit(1755170999.668:57): avc: denied { noatsecure } for pid=2934 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 29.116783][ T29] audit: type=1400 audit(1755170999.668:58): avc: denied { write } for pid=2934 comm="sh" path="pipe:[977]" dev="pipefs" ino=977 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 29.139941][ T29] audit: type=1400 audit(1755170999.668:59): avc: denied { rlimitinh } for pid=2934 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 29.159573][ T29] audit: type=1400 audit(1755170999.668:60): avc: denied { siginh } for pid=2934 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.1.39' (ED25519) to the list of known hosts.
2025/08/14 11:30:12 ignoring optional flag "sandboxArg"="0"
2025/08/14 11:30:13 parsed 1 programs
[ 42.651358][ T29] audit: type=1400 audit(1755171013.248:61): avc: denied { node_bind } for pid=2953 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 42.672256][ T29] audit: type=1400 audit(1755171013.248:62): avc: denied { module_request } for pid=2953 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 44.222409][ T29] audit: type=1400 audit(1755171014.818:63): avc: denied { mounton } for pid=2965 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 44.226861][ T2965] cgroup: Unknown subsys name 'net'
[ 44.245203][ T29] audit: type=1400 audit(1755171014.818:64): avc: denied { mount } for pid=2965 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 44.272578][ T29] audit: type=1400 audit(1755171014.848:65): avc: denied { unmount } for pid=2965 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 44.454078][ T2965] cgroup: Unknown subsys name 'cpuset'
[ 44.462198][ T2965] cgroup: Unknown subsys name 'rlimit'
[ 44.640293][ T29] audit: type=1400 audit(1755171015.228:66): avc: denied { setattr } for pid=2965 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 44.663670][ T29] audit: type=1400 audit(1755171015.228:67): avc: denied { create } for pid=2965 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 44.684233][ T29] audit: type=1400 audit(1755171015.228:68): avc: denied { write } for pid=2965 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 44.704695][ T29] audit: type=1400 audit(1755171015.228:69): avc: denied { read } for pid=2965 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 44.725598][ T29] audit: type=1400 audit(1755171015.258:70): avc: denied { sys_module } for pid=2965 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[ 44.789032][ T2969] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 44.825480][ T2965] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 46.276180][ T2971] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 50.193661][ T29] kauditd_printk_skb: 24 callbacks suppressed
[ 50.193679][ T29] audit: type=1400 audit(1755171020.788:95): avc: denied { create } for pid=3015 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 50.220780][ T29] audit: type=1400 audit(1755171020.788:96): avc: denied { write } for pid=3015 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 50.241233][ T29] audit: type=1400 audit(1755171020.818:97): avc: denied { read } for pid=3015 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 58.094357][ T29] audit: type=1400 audit(1755171028.688:98): avc: denied { create } for pid=3468 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 58.098933][ T3015] syz-executor (3015) used greatest stack depth: 23208 bytes left
[ 58.983443][ T29] audit: type=1401 audit(1755171029.578:99): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
2025/08/14 11:30:30 executed programs: 0
[ 59.647068][ T29] audit: type=1400 audit(1755171030.238:100): avc: denied { write } for pid=2953 comm="syz-execprog" path="pipe:[2082]" dev="pipefs" ino=2082 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
2025/08/14 11:30:40 executed programs: 2
[ 70.250471][ T29] audit: type=1400 audit(1755171040.838:101): avc: denied { read write } for pid=3949 comm="syz.3.17" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 70.273992][ T29] audit: type=1400 audit(1755171040.838:102): avc: denied { open } for pid=3949 comm="syz.3.17" path="/dev/raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 70.297913][ T29] audit: type=1400 audit(1755171040.868:103): avc: denied { ioctl } for pid=3949 comm="syz.3.17" path="/dev/raw-gadget" dev="devtmpfs" ino=236 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 70.521191][ T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[ 70.673212][ T10] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 70.683490][ T10] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[ 70.698322][ T10] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 70.707425][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 70.715435][ T10] usb 4-1: Product: syz
[ 70.719600][ T10] usb 4-1: Manufacturer: syz
[ 70.724226][ T10] usb 4-1: SerialNumber: syz
[ 70.936173][ T3949] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 70.945359][ T3949] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 70.957606][ T10] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[ 70.972255][ T10] usb 4-1: USB disconnect, device number 2
[ 71.401030][ T2978] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[ 71.551082][ T2978] usb 4-1: Using ep0 maxpacket: 8
[ 71.557484][ T2978] usb 4-1: config index 0 descriptor too short (expected 301, got 72)
[ 71.565740][ T2978] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[ 71.575957][ T2978] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 71.585734][ T2978] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 71.595501][ T2978] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[ 71.605587][ T2978] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 71.616601][ T2978] usb 4-1: config 16 interface 0 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[ 71.629590][ T2978] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 71.638650][ T2978] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 71.851474][ T2978] usb 4-1: usb_control_msg returned -32
[ 71.857092][ T2978] usbtmc 4-1:16.0: can't read capabilities
[ 71.863268][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 71.869314][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 71.875323][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 71.881556][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 71.887785][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 71.893892][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 71.900088][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 71.906070][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 71.912146][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 71.918163][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 71.924310][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 71.930291][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 71.936590][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 71.942598][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 71.948618][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 71.954625][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 71.960645][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 71.966663][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 71.972663][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 71.978644][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 71.984644][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 71.990664][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 71.996652][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.002674][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.009031][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.015082][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.021103][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.027077][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.033068][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.039190][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.045213][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.051329][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.057410][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.063422][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.069424][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.075438][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.081455][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.087566][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.093595][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.099598][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.105841][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.111874][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.117873][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.123870][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.129895][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.135886][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.141886][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.147859][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.153844][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.159845][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.165832][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.171843][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.177834][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.183828][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.189821][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.195803][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.201811][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.207803][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.213786][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.219816][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.225804][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.231816][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.237810][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.243795][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.249795][ C1] usbtmc 4-1:16.0: invalid notification: 11
[ 72.255884][ C1] usbtmc 4-1:16.0: invalid notification: 1
[ 72.261890][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.267883][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 72.273862][ C1] usbtmc 4-1:16.0: invalid notification: 73
[ 72.279936][ C1] usbtmc 4-1:16.0: invalid notification: 33
[ 72.285999][ C1] usbtmc 4-1:16.0: invalid notification: 36
[ 72.292083][ C1] usbtmc 4-1:16.0: invalid notification: 8
[ 72.298059][ C1] ==================================================================
[ 72.306107][ C1] BUG: KASAN: slab-out-of-bounds in usbtmc_interrupt+0x4e1/0x6e0
[ 72.313858][ C1] Read of size 1 at addr ffff888119b8d401 by task kworker/1:2/2978
[ 72.321730][ C1]
[ 72.324050][ C1] CPU: 1 UID: 0 PID: 2978 Comm: kworker/1:2 Not tainted 6.17.0-rc1-syzkaller-00009-gc0485e864a2e #0 PREEMPT(voluntary)
[ 72.324073][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 72.324085][ C1] Workqueue: usb_hub_wq hub_event
[ 72.324114][ C1] Call Trace:
[ 72.324121][ C1]
[ 72.324128][ C1] dump_stack_lvl+0x116/0x1f0
[ 72.324160][ C1] print_report+0xcd/0x630
[ 72.324181][ C1] ? __virt_addr_valid+0x81/0x610
[ 72.324203][ C1] ? __phys_addr+0xe8/0x180
[ 72.324225][ C1] ? usbtmc_interrupt+0x4e1/0x6e0
[ 72.324252][ C1] kasan_report+0xe0/0x110
[ 72.324272][ C1] ? usbtmc_interrupt+0x4e1/0x6e0
[ 72.324296][ C1] usbtmc_interrupt+0x4e1/0x6e0
[ 72.324320][ C1] __usb_hcd_giveback_urb+0x38a/0x6e0
[ 72.324345][ C1] usb_hcd_giveback_urb+0x39b/0x450
[ 72.324370][ C1] dummy_timer+0x1814/0x3a30
[ 72.324397][ C1] ? __pfx_dummy_timer+0x10/0x10
[ 72.324412][ C1] ? __pfx_dummy_timer+0x10/0x10
[ 72.324427][ C1] ? mark_held_locks+0x49/0x80
[ 72.324442][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 72.324463][ C1] ? __pfx_dummy_timer+0x10/0x10
[ 72.324478][ C1] __hrtimer_run_queues+0x202/0xad0
[ 72.324500][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10
[ 72.324519][ C1] ? read_tsc+0x9/0x20
[ 72.324542][ C1] hrtimer_run_softirq+0x17d/0x350
[ 72.324562][ C1] handle_softirqs+0x208/0x8d0
[ 72.324588][ C1] ? __pfx_handle_softirqs+0x10/0x10
[ 72.324614][ C1] __irq_exit_rcu+0xfa/0x160
[ 72.324637][ C1] irq_exit_rcu+0x9/0x30
[ 72.324660][ C1] sysvec_apic_timer_interrupt+0x90/0xb0
[ 72.324681][ C1]
[ 72.324686][ C1]
[ 72.324692][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 72.324710][ C1] RIP: 0010:stack_trace_consume_entry+0xd7/0x170
[ 72.324734][ C1] Code: 02 00 0f 85 9a 00 00 00 8d 45 01 89 43 10 48 8b 03 48 8d 2c e8 48 b8 00 00 00 00 00 fc ff df 48 89 ea 48 c1 ea 03 80 3c 02 00 <75> 64 48 89 75 00 8b 43 08 39 43 10 0f 92 c0 48 83 c4 08 5b 5d e9
[ 72.324754][ C1] RSP: 0018:ffffc9000184f298 EFLAGS: 00000246
[ 72.324767][ C1] RAX: dffffc0000000000 RBX: ffffc9000184f378 RCX: ffffc9000184f20c
[ 72.324779][ C1] RDX: 1ffff92000309e89 RSI: ffffffff81495d68 RDI: ffffc9000184f384
[ 72.324790][ C1] RBP: ffffc9000184f448 R08: 0000000000000001 R09: 0000000000000000
[ 72.324801][ C1] R10: 0000000000000005 R11: 000000000000492d R12: ffffffff81696ea0
[ 72.324811][ C1] R13: ffffc9000184f378 R14: 0000000000000000 R15: ffff888127af8000
[ 72.324823][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 72.324848][ C1] ? worker_thread+0x6c8/0xf10
[ 72.324870][ C1] ? unwind_get_return_address+0x59/0xa0
[ 72.324892][ C1] arch_stack_walk+0x88/0x100
[ 72.324911][ C1] ? worker_thread+0x6c8/0xf10
[ 72.324933][ C1] stack_trace_save+0x8e/0xc0
[ 72.324954][ C1] ? __pfx_stack_trace_save+0x10/0x10
[ 72.324976][ C1] ? __lock_acquire+0xb97/0x1ce0
[ 72.324992][ C1] kasan_save_stack+0x33/0x60
[ 72.325010][ C1] ? kasan_save_stack+0x33/0x60
[ 72.325028][ C1] ? kasan_save_track+0x14/0x30
[ 72.325046][ C1] ? kasan_save_free_info+0x3b/0x60
[ 72.325071][ C1] ? __kasan_slab_free+0x3e/0x50
[ 72.325090][ C1] ? kfree+0x283/0x470
[ 72.325111][ C1] ? usb_hcd_submit_urb+0xa4b/0x1c60
[ 72.325134][ C1] ? usb_submit_urb+0x890/0x1770
[ 72.325150][ C1] ? usb_start_wait_urb+0x104/0x4b0
[ 72.325166][ C1] ? usb_control_msg+0x326/0x4a0
[ 72.325181][ C1] ? hub_ext_port_status+0x14e/0x670
[ 72.325206][ C1] ? hub_event+0x6e4/0x5060
[ 72.325225][ C1] ? process_one_work+0x9cf/0x1b70
[ 72.325260][ C1] kasan_save_track+0x14/0x30
[ 72.325279][ C1] kasan_save_free_info+0x3b/0x60
[ 72.325304][ C1] __kasan_slab_free+0x3e/0x50
[ 72.325324][ C1] kfree+0x283/0x470
[ 72.325344][ C1] ? usb_hcd_submit_urb+0xa4b/0x1c60
[ 72.325370][ C1] usb_hcd_submit_urb+0xa4b/0x1c60
[ 72.325397][ C1] usb_submit_urb+0x890/0x1770
[ 72.325413][ C1] ? lockdep_set_lock_cmp_fn+0x50/0xe0
[ 72.325430][ C1] ? lockdep_init_map_type+0x3/0x280
[ 72.325446][ C1] ? __init_swait_queue_head+0xca/0x150
[ 72.325470][ C1] usb_start_wait_urb+0x104/0x4b0
[ 72.325488][ C1] ? __pfx_usb_start_wait_urb+0x10/0x10
[ 72.325508][ C1] ? __asan_memset+0x23/0x50
[ 72.325525][ C1] usb_control_msg+0x326/0x4a0
[ 72.325542][ C1] ? __pfx_usb_control_msg+0x10/0x10
[ 72.325559][ C1] ? __pfx___mutex_lock+0x10/0x10
[ 72.325581][ C1] ? __pfx___pm_runtime_barrier+0x10/0x10
[ 72.325604][ C1] hub_ext_port_status+0x14e/0x670
[ 72.325632][ C1] hub_event+0x6e4/0x5060
[ 72.325654][ C1] ? look_up_lock_class+0x40/0x150
[ 72.325678][ C1] ? __lock_acquire+0xb97/0x1ce0
[ 72.325694][ C1] ? __pfx_hub_event+0x10/0x10
[ 72.325713][ C1] ? assoc_array_insert+0x1460/0x3970
[ 72.325737][ C1] ? rcu_is_watching+0x12/0xc0
[ 72.325759][ C1] process_one_work+0x9cf/0x1b70
[ 72.325782][ C1] ? __pfx_hub_event+0x10/0x10
[ 72.325802][ C1] ? __pfx_process_one_work+0x10/0x10
[ 72.325825][ C1] ? assign_work+0x1a0/0x250
[ 72.325844][ C1] worker_thread+0x6c8/0xf10
[ 72.325867][ C1] ? __kthread_parkme+0x19e/0x250
[ 72.325883][ C1] ? __pfx_worker_thread+0x10/0x10
[ 72.325904][ C1] kthread+0x3c5/0x780
[ 72.325922][ C1] ? __pfx_kthread+0x10/0x10
[ 72.325941][ C1] ? rcu_is_watching+0x12/0xc0
[ 72.325961][ C1] ? __pfx_kthread+0x10/0x10
[ 72.325980][ C1] ret_from_fork+0x5b6/0x6c0
[ 72.325994][ C1] ? __pfx_kthread+0x10/0x10
[ 72.326013][ C1] ret_from_fork_asm+0x1a/0x30
[ 72.326039][ C1]
[ 72.326044][ C1]
[ 72.860276][ C1] Allocated by task 2978:
[ 72.864590][ C1] kasan_save_stack+0x33/0x60
[ 72.869262][ C1] kasan_save_track+0x14/0x30
[ 72.873971][ C1] __kasan_kmalloc+0x8f/0xa0
[ 72.878564][ C1] __kmalloc_noprof+0x213/0x4d0
[ 72.883409][ C1] usbtmc_probe+0xa54/0x1b90
[ 72.888000][ C1] usb_probe_interface+0x300/0xa40
[ 72.893122][ C1] really_probe+0x23e/0xa90
[ 72.897619][ C1] __driver_probe_device+0x1de/0x440
[ 72.902895][ C1] driver_probe_device+0x4c/0x1b0
[ 72.907912][ C1] __device_attach_driver+0x1df/0x310
[ 72.913282][ C1] bus_for_each_drv+0x156/0x1e0
[ 72.918127][ C1] __device_attach+0x1e4/0x4b0
[ 72.922880][ C1] bus_probe_device+0x17f/0x1c0
[ 72.927718][ C1] device_add+0x1148/0x1aa0
[ 72.932218][ C1] usb_set_configuration+0x1187/0x1e20
[ 72.937676][ C1] usb_generic_driver_probe+0xb1/0x110
[ 72.943135][ C1] usb_probe_device+0xef/0x3e0
[ 72.947929][ C1] really_probe+0x23e/0xa90
[ 72.952423][ C1] __driver_probe_device+0x1de/0x440
[ 72.957701][ C1] driver_probe_device+0x4c/0x1b0
[ 72.962713][ C1] __device_attach_driver+0x1df/0x310
[ 72.968091][ C1] bus_for_each_drv+0x156/0x1e0
[ 72.972924][ C1] __device_attach+0x1e4/0x4b0
[ 72.977683][ C1] bus_probe_device+0x17f/0x1c0
[ 72.982522][ C1] device_add+0x1148/0x1aa0
[ 72.987015][ C1] usb_new_device+0xd07/0x1a60
[ 72.991775][ C1] hub_event+0x2fce/0x5060
[ 72.996193][ C1] process_one_work+0x9cf/0x1b70
[ 73.001134][ C1] worker_thread+0x6c8/0xf10
[ 73.005725][ C1] kthread+0x3c5/0x780
[ 73.009782][ C1] ret_from_fork+0x5b6/0x6c0
[ 73.014355][ C1] ret_from_fork_asm+0x1a/0x30
[ 73.019112][ C1]
[ 73.021416][ C1] The buggy address belongs to the object at ffff888119b8d400
[ 73.021416][ C1] which belongs to the cache kmalloc-8 of size 8
[ 73.035104][ C1] The buggy address is located 0 bytes to the right of
[ 73.035104][ C1] allocated 1-byte region [ffff888119b8d400, ffff888119b8d401)
[ 73.049406][ C1]
[ 73.051737][ C1] The buggy address belongs to the physical page:
[ 73.058137][ C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x119b8d
[ 73.066975][ C1] anon flags: 0x200000000000000(node=0|zone=2)
[ 73.073117][ C1] page_type: f5(slab)
[ 73.077082][ C1] raw: 0200000000000000 ffff888100041500 0000000000000000 0000000000000001
[ 73.085676][ C1] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[ 73.094240][ C1] page dumped because: kasan: bad access detected
[ 73.100629][ C1] page_owner tracks the page as allocated
[ 73.106319][ C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 2846, tgid 2846 (udevadm), ts 12790148492, free_ts 12790014316
[ 73.125242][ C1] post_alloc_hook+0x1c0/0x230
[ 73.130002][ C1] get_page_from_freelist+0xf98/0x2ce0
[ 73.135472][ C1] __alloc_frozen_pages_noprof+0x259/0x21e0
[ 73.141355][ C1] alloc_pages_mpol+0xe4/0x410
[ 73.146110][ C1] new_slab+0x247/0x330
[ 73.150285][ C1] ___slab_alloc+0xc78/0x1680
[ 73.154956][ C1] __slab_alloc.constprop.0+0x56/0xb0
[ 73.160339][ C1] __kmalloc_noprof+0x15b/0x4d0
[ 73.165199][ C1] kernfs_fop_write_iter+0x237/0x510
[ 73.170472][ C1] vfs_write+0x7d0/0x11d0
[ 73.174786][ C1] ksys_write+0x12a/0x250
[ 73.179101][ C1] do_syscall_64+0xcd/0x4b0
[ 73.183595][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.189492][ C1] page last free pid 2846 tgid 2846 stack trace:
[ 73.195799][ C1] __free_frozen_pages+0x78a/0xfd0
[ 73.200900][ C1] inode_doinit_with_dentry+0xacb/0x12e0
[ 73.206519][ C1] selinux_d_instantiate+0x26/0x30
[ 73.211633][ C1] security_d_instantiate+0x58/0xc0
[ 73.216834][ C1] d_splice_alias_ops+0x92/0x840
[ 73.221764][ C1] kernfs_iop_lookup+0x23f/0x2d0
[ 73.226683][ C1] lookup_open.isra.0+0x4c6/0x1560
[ 73.231788][ C1] path_openat+0x893/0x2cb0
[ 73.236275][ C1] do_filp_open+0x20b/0x470
[ 73.240762][ C1] do_sys_openat2+0x11b/0x1d0
[ 73.245445][ C1] __x64_sys_openat+0x174/0x210
[ 73.250287][ C1] do_syscall_64+0xcd/0x4b0
[ 73.254783][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.260688][ C1]
[ 73.263005][ C1] Memory state around the buggy address:
[ 73.268627][ C1] ffff888119b8d300: 04 fc fc fc 00 fc fc fc 04 fc fc fc fa fc fc fc
[ 73.276684][ C1] ffff888119b8d380: fa fc fc fc fa fc fc fc 00 fc fc fc 00 fc fc fc
[ 73.284739][ C1] >ffff888119b8d400: 01 fc fc fc 06 fc fc fc 06 fc fc fc 00 fc fc fc
[ 73.292797][ C1] ^
[ 73.296852][ C1] ffff888119b8d480: 06 fc fc fc 06 fc fc fc fa fc fc fc 06 fc fc fc
[ 73.304906][ C1] ffff888119b8d500: fa fc fc fc 06 fc fc fc 06 fc fc fc 06 fc fc fc
[ 73.312956][ C1] ==================================================================
[ 73.321018][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 73.328205][ C1] CPU: 1 UID: 0 PID: 2978 Comm: kworker/1:2 Not tainted 6.17.0-rc1-syzkaller-00009-gc0485e864a2e #0 PREEMPT(voluntary)
[ 73.340708][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 73.350762][ C1] Workqueue: usb_hub_wq hub_event
[ 73.355801][ C1] Call Trace:
[ 73.359072][ C1]
[ 73.361914][ C1] dump_stack_lvl+0x3d/0x1f0
[ 73.366522][ C1] vpanic+0x6e8/0x7a0
[ 73.370513][ C1] ? __pfx_vpanic+0x10/0x10
[ 73.375018][ C1] ? __pfx_vprintk_emit+0x10/0x10
[ 73.380057][ C1] ? usbtmc_interrupt+0x4e1/0x6e0
[ 73.385094][ C1] panic+0xca/0xd0
[ 73.388825][ C1] ? __pfx_panic+0x10/0x10
[ 73.393251][ C1] ? end_report+0x4c/0x170
[ 73.397676][ C1] ? rcu_is_watching+0x12/0xc0
[ 73.402448][ C1] ? lock_release+0x201/0x2f0
[ 73.407123][ C1] ? check_panic_on_warn+0x1f/0xb0
[ 73.412254][ C1] check_panic_on_warn+0xab/0xb0
[ 73.417203][ C1] end_report+0x107/0x170
[ 73.421541][ C1] kasan_report+0xee/0x110
[ 73.425979][ C1] ? usbtmc_interrupt+0x4e1/0x6e0
[ 73.431018][ C1] usbtmc_interrupt+0x4e1/0x6e0
[ 73.435886][ C1] __usb_hcd_giveback_urb+0x38a/0x6e0
[ 73.441278][ C1] usb_hcd_giveback_urb+0x39b/0x450
[ 73.446493][ C1] dummy_timer+0x1814/0x3a30
[ 73.451103][ C1] ? __pfx_dummy_timer+0x10/0x10
[ 73.456048][ C1] ? __pfx_dummy_timer+0x10/0x10
[ 73.460984][ C1] ? mark_held_locks+0x49/0x80
[ 73.465751][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 73.471567][ C1] ? __pfx_dummy_timer+0x10/0x10
[ 73.476504][ C1] __hrtimer_run_queues+0x202/0xad0
[ 73.481713][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10
[ 73.487445][ C1] ? read_tsc+0x9/0x20
[ 73.491527][ C1] hrtimer_run_softirq+0x17d/0x350
[ 73.496648][ C1] handle_softirqs+0x208/0x8d0
[ 73.501435][ C1] ? __pfx_handle_softirqs+0x10/0x10
[ 73.506744][ C1] __irq_exit_rcu+0xfa/0x160
[ 73.511348][ C1] irq_exit_rcu+0x9/0x30
[ 73.515615][ C1] sysvec_apic_timer_interrupt+0x90/0xb0
[ 73.521259][ C1]
[ 73.524184][ C1]
[ 73.527109][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 73.533202][ C1] RIP: 0010:stack_trace_consume_entry+0xd7/0x170
[ 73.539554][ C1] Code: 02 00 0f 85 9a 00 00 00 8d 45 01 89 43 10 48 8b 03 48 8d 2c e8 48 b8 00 00 00 00 00 fc ff df 48 89 ea 48 c1 ea 03 80 3c 02 00 <75> 64 48 89 75 00 8b 43 08 39 43 10 0f 92 c0 48 83 c4 08 5b 5d e9
[ 73.559183][ C1] RSP: 0018:ffffc9000184f298 EFLAGS: 00000246
[ 73.565265][ C1] RAX: dffffc0000000000 RBX: ffffc9000184f378 RCX: ffffc9000184f20c
[ 73.573238][ C1] RDX: 1ffff92000309e89 RSI: ffffffff81495d68 RDI: ffffc9000184f384
[ 73.581210][ C1] RBP: ffffc9000184f448 R08: 0000000000000001 R09: 0000000000000000
[ 73.589181][ C1] R10: 0000000000000005 R11: 000000000000492d R12: ffffffff81696ea0
[ 73.597150][ C1] R13: ffffc9000184f378 R14: 0000000000000000 R15: ffff888127af8000
[ 73.605123][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 73.611297][ C1] ? worker_thread+0x6c8/0xf10
[ 73.616079][ C1] ? unwind_get_return_address+0x59/0xa0
[ 73.621731][ C1] arch_stack_walk+0x88/0x100
[ 73.626421][ C1] ? worker_thread+0x6c8/0xf10
[ 73.631203][ C1] stack_trace_save+0x8e/0xc0
[ 73.635899][ C1] ? __pfx_stack_trace_save+0x10/0x10
[ 73.641293][ C1] ? __lock_acquire+0xb97/0x1ce0
[ 73.646264][ C1] kasan_save_stack+0x33/0x60
[ 73.650962][ C1] ? kasan_save_stack+0x33/0x60
[ 73.655823][ C1] ? kasan_save_track+0x14/0x30
[ 73.660679][ C1] ? kasan_save_free_info+0x3b/0x60
[ 73.665895][ C1] ? __kasan_slab_free+0x3e/0x50
[ 73.670869][ C1] ? kfree+0x283/0x470
[ 73.674977][ C1] ? usb_hcd_submit_urb+0xa4b/0x1c60
[ 73.680292][ C1] ? usb_submit_urb+0x890/0x1770
[ 73.685245][ C1] ? usb_start_wait_urb+0x104/0x4b0
[ 73.690460][ C1] ? usb_control_msg+0x326/0x4a0
[ 73.695430][ C1] ? hub_ext_port_status+0x14e/0x670
[ 73.700752][ C1] ? hub_event+0x6e4/0x5060
[ 73.705273][ C1] ? process_one_work+0x9cf/0x1b70
[ 73.710433][ C1] kasan_save_track+0x14/0x30
[ 73.715126][ C1] kasan_save_free_info+0x3b/0x60
[ 73.720174][ C1] __kasan_slab_free+0x3e/0x50
[ 73.724953][ C1] kfree+0x283/0x470
[ 73.728862][ C1] ? usb_hcd_submit_urb+0xa4b/0x1c60
[ 73.734167][ C1] usb_hcd_submit_urb+0xa4b/0x1c60
[ 73.739304][ C1] usb_submit_urb+0x890/0x1770
[ 73.744082][ C1] ? lockdep_set_lock_cmp_fn+0x50/0xe0
[ 73.749545][ C1] ? lockdep_init_map_type+0x3/0x280
[ 73.754834][ C1] ? __init_swait_queue_head+0xca/0x150
[ 73.760411][ C1] usb_start_wait_urb+0x104/0x4b0
[ 73.765454][ C1] ? __pfx_usb_start_wait_urb+0x10/0x10
[ 73.771015][ C1] ? __asan_memset+0x23/0x50
[ 73.775615][ C1] usb_control_msg+0x326/0x4a0
[ 73.780384][ C1] ? __pfx_usb_control_msg+0x10/0x10
[ 73.785672][ C1] ? __pfx___mutex_lock+0x10/0x10
[ 73.790715][ C1] ? __pfx___pm_runtime_barrier+0x10/0x10
[ 73.796454][ C1] hub_ext_port_status+0x14e/0x670
[ 73.801593][ C1] hub_event+0x6e4/0x5060
[ 73.805942][ C1] ? look_up_lock_class+0x40/0x150
[ 73.811071][ C1] ? __lock_acquire+0xb97/0x1ce0
[ 73.816019][ C1] ? __pfx_hub_event+0x10/0x10
[ 73.820791][ C1] ? assoc_array_insert+0x1460/0x3970
[ 73.826181][ C1] ? rcu_is_watching+0x12/0xc0
[ 73.830971][ C1] process_one_work+0x9cf/0x1b70
[ 73.835942][ C1] ? __pfx_hub_event+0x10/0x10
[ 73.840726][ C1] ? __pfx_process_one_work+0x10/0x10
[ 73.846119][ C1] ? assign_work+0x1a0/0x250
[ 73.850723][ C1] worker_thread+0x6c8/0xf10
[ 73.855332][ C1] ? __kthread_parkme+0x19e/0x250
[ 73.860366][ C1] ? __pfx_worker_thread+0x10/0x10
[ 73.865511][ C1] kthread+0x3c5/0x780
[ 73.869611][ C1] ? __pfx_kthread+0x10/0x10
[ 73.874219][ C1] ? rcu_is_watching+0x12/0xc0
[ 73.878996][ C1] ? __pfx_kthread+0x10/0x10
[ 73.883612][ C1] ret_from_fork+0x5b6/0x6c0
[ 73.888205][ C1] ? __pfx_kthread+0x10/0x10
[ 73.892802][ C1] ret_from_fork_asm+0x1a/0x30
[ 73.897585][ C1]
[ 73.900814][ C1] Kernel Offset: disabled
[ 73.905125][ C1] Rebooting in 86400 seconds..