e } for pid=2934 comm="sh" path="pipe:[1439]" dev="pipefs" ino=1439 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 33.145330][ T29] audit: type=1400 audit(1755174853.300:59): avc: denied { rlimitinh } for pid=2934 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 33.166206][ T29] audit: type=1400 audit(1755174853.300:60): avc: denied { siginh } for pid=2934 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 41.240590][ T2943] sshd-session (2943) used greatest stack depth: 23656 bytes left
Warning: Permanently added '10.128.1.79' (ED25519) to the list of known hosts.
2025/08/14 12:34:27 ignoring optional flag "sandboxArg"="0"
2025/08/14 12:34:29 parsed 1 programs
[ 48.880714][ T29] audit: type=1400 audit(1755174869.100:61): avc: denied { node_bind } for pid=2955 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 48.901679][ T29] audit: type=1400 audit(1755174869.100:62): avc: denied { module_request } for pid=2955 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 51.571587][ T29] audit: type=1400 audit(1755174871.790:63): avc: denied { mounton } for pid=2965 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 51.577350][ T2965] cgroup: Unknown subsys name 'net'
[ 51.594423][ T29] audit: type=1400 audit(1755174871.790:64): avc: denied { mount } for pid=2965 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 51.624405][ T29] audit: type=1400 audit(1755174871.820:65): avc: denied { unmount } for pid=2965 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 51.821902][ T2965] cgroup: Unknown subsys name 'cpuset'
[ 51.830897][ T2965] cgroup: Unknown subsys name 'rlimit'
[ 52.004752][ T29] audit: type=1400 audit(1755174872.220:66): avc: denied { setattr } for pid=2965 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 52.028808][ T29] audit: type=1400 audit(1755174872.220:67): avc: denied { create } for pid=2965 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 52.049438][ T29] audit: type=1400 audit(1755174872.220:68): avc: denied { write } for pid=2965 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 52.069934][ T29] audit: type=1400 audit(1755174872.220:69): avc: denied { read } for pid=2965 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 52.091014][ T29] audit: type=1400 audit(1755174872.270:70): avc: denied { sys_module } for pid=2965 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[ 52.186324][ T2969] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 52.279194][ T2965] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 54.038755][ T29] kauditd_printk_skb: 7 callbacks suppressed
[ 54.038777][ T29] audit: type=1400 audit(1755174874.250:78): avc: denied { read } for pid=2971 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 54.066876][ T29] audit: type=1400 audit(1755174874.250:79): avc: denied { open } for pid=2971 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 54.090305][ T29] audit: type=1400 audit(1755174874.260:80): avc: denied { mounton } for pid=2971 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[ 54.119762][ T29] audit: type=1400 audit(1755174874.310:81): avc: denied { mounton } for pid=2971 comm="syz-executor" path="/root/syzkaller.w2bZx0/syz-tmp" dev="sda1" ino=2030 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 54.144089][ T29] audit: type=1400 audit(1755174874.310:82): avc: denied { mount } for pid=2971 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 54.166389][ T29] audit: type=1400 audit(1755174874.310:83): avc: denied { mounton } for pid=2971 comm="syz-executor" path="/root/syzkaller.w2bZx0/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 54.191642][ T29] audit: type=1400 audit(1755174874.310:84): avc: denied { mount } for pid=2971 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[ 54.213492][ T29] audit: type=1400 audit(1755174874.330:85): avc: denied { mounton } for pid=2971 comm="syz-executor" path="/root/syzkaller.w2bZx0/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[ 54.240210][ T29] audit: type=1400 audit(1755174874.330:86): avc: denied { mounton } for pid=2971 comm="syz-executor" path="/root/syzkaller.w2bZx0/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=1579 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[ 54.267767][ T29] audit: type=1400 audit(1755174874.330:87): avc: denied { unmount } for pid=2971 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 54.295089][ T2971] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 71.516500][ T3023] syz-executor (3023) used greatest stack depth: 23208 bytes left
2025/08/14 12:34:52 executed programs: 0
[ 72.268385][ T29] kauditd_printk_skb: 12 callbacks suppressed
[ 72.268409][ T29] audit: type=1400 audit(1755174892.480:100): avc: denied { write } for pid=2955 comm="syz-execprog" path="pipe:[2418]" dev="pipefs" ino=2418 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
2025/08/14 12:35:07 executed programs: 2
[ 87.010876][ T29] audit: type=1400 audit(1755174907.230:101): avc: denied { read write } for pid=3947 comm="syz.3.17" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 87.034924][ T29] audit: type=1400 audit(1755174907.230:102): avc: denied { open } for pid=3947 comm="syz.3.17" path="/dev/raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 87.058953][ T29] audit: type=1400 audit(1755174907.230:103): avc: denied { ioctl } for pid=3947 comm="syz.3.17" path="/dev/raw-gadget" dev="devtmpfs" ino=236 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 87.259132][ T38] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[ 87.411670][ T38] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 87.422010][ T38] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[ 87.437603][ T38] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 87.446788][ T38] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 87.454873][ T38] usb 4-1: Product: syz
[ 87.459138][ T38] usb 4-1: Manufacturer: syz
[ 87.463771][ T38] usb 4-1: SerialNumber: syz
[ 87.676847][ T3947] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 87.686253][ T3947] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 87.702236][ T38] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[ 87.719398][ T38] usb 4-1: USB disconnect, device number 2
[ 88.199630][ T38] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[ 88.348991][ T38] usb 4-1: Using ep0 maxpacket: 8
[ 88.355616][ T38] usb 4-1: config index 0 descriptor too short (expected 301, got 72)
[ 88.363949][ T38] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[ 88.374528][ T38] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 88.384383][ T38] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 88.394286][ T38] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[ 88.404565][ T38] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 88.415630][ T38] usb 4-1: config 16 interface 0 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[ 88.429397][ T38] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 88.439230][ T38] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 88.651355][ T38] usb 4-1: usb_control_msg returned -32
[ 88.657020][ T38] usbtmc 4-1:16.0: can't read capabilities
[ 88.663624][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.669909][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.676141][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.682214][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.688356][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.694398][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.700506][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.706591][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.712656][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.718772][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.724906][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.731173][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.737254][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.743443][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.749611][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.755663][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.761760][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.768134][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.774405][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.780990][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.787098][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.793244][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.799481][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.805568][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.811655][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.817827][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.824109][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.830289][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.836353][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.843164][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.849514][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.855637][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.862084][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.868273][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.874600][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.880993][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.887449][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.893708][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.899824][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.906099][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.912756][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.918961][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.927064][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.933636][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.939741][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.945874][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.952603][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.958704][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.964780][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.970920][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.977070][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.983181][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.989253][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 88.995402][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 89.001607][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 89.007702][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 89.013848][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 89.019964][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 89.026145][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 89.032282][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 89.038468][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 89.044726][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 89.050814][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 89.056885][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 89.063064][ C1] usbtmc 4-1:16.0: invalid notification: 11
[ 89.069256][ C1] usbtmc 4-1:16.0: invalid notification: 1
[ 89.075301][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 89.081333][ C1] usbtmc 4-1:16.0: invalid notification: 0
[ 89.087430][ C1] usbtmc 4-1:16.0: invalid notification: 73
[ 89.093585][ C1] usbtmc 4-1:16.0: invalid notification: 33
[ 89.099827][ C1] usbtmc 4-1:16.0: invalid notification: 36
[ 89.105967][ C1] usbtmc 4-1:16.0: invalid notification: 8
[ 89.112042][ C1] ==================================================================
[ 89.120288][ C1] BUG: KASAN: slab-out-of-bounds in usbtmc_interrupt+0x4e1/0x6e0
[ 89.128251][ C1] Read of size 1 at addr ffff88811b3c67c1 by task kworker/1:1/38
[ 89.136264][ C1]
[ 89.138751][ C1] CPU: 1 UID: 0 PID: 38 Comm: kworker/1:1 Not tainted 6.17.0-rc1-syzkaller-00009-gc0485e864a2e #0 PREEMPT(voluntary)
[ 89.138785][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 89.138802][ C1] Workqueue: usb_hub_wq hub_event
[ 89.138856][ C1] Call Trace:
[ 89.138870][ C1]
[ 89.138882][ C1] dump_stack_lvl+0x116/0x1f0
[ 89.138942][ C1] print_report+0xcd/0x630
[ 89.138973][ C1] ? __virt_addr_valid+0x81/0x610
[ 89.139004][ C1] ? __phys_addr+0xe8/0x180
[ 89.139035][ C1] ? usbtmc_interrupt+0x4e1/0x6e0
[ 89.139067][ C1] kasan_report+0xe0/0x110
[ 89.139097][ C1] ? usbtmc_interrupt+0x4e1/0x6e0
[ 89.139132][ C1] usbtmc_interrupt+0x4e1/0x6e0
[ 89.139167][ C1] __usb_hcd_giveback_urb+0x38a/0x6e0
[ 89.139204][ C1] usb_hcd_giveback_urb+0x39b/0x450
[ 89.139241][ C1] dummy_timer+0x1814/0x3a30
[ 89.139297][ C1] ? __pfx_dummy_timer+0x10/0x10
[ 89.139319][ C1] ? __pfx_dummy_timer+0x10/0x10
[ 89.139340][ C1] ? mark_held_locks+0x49/0x80
[ 89.139361][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 89.139390][ C1] ? __pfx_dummy_timer+0x10/0x10
[ 89.139411][ C1] __hrtimer_run_queues+0x202/0xad0
[ 89.139443][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10
[ 89.139470][ C1] ? read_tsc+0x9/0x20
[ 89.139505][ C1] hrtimer_run_softirq+0x17d/0x350
[ 89.139537][ C1] handle_softirqs+0x208/0x8d0
[ 89.139575][ C1] ? __pfx_handle_softirqs+0x10/0x10
[ 89.139616][ C1] __irq_exit_rcu+0xfa/0x160
[ 89.139651][ C1] irq_exit_rcu+0x9/0x30
[ 89.139685][ C1] sysvec_apic_timer_interrupt+0x90/0xb0
[ 89.139717][ C1]
[ 89.139726][ C1]
[ 89.139734][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 89.139761][ C1] RIP: 0010:finish_task_switch.isra.0+0x1e9/0x9e0
[ 89.139795][ C1] Code: 0f 85 5f 07 00 00 8b 0d f9 90 4e 09 85 c9 0f 85 b9 02 00 00 48 89 df e8 95 e3 f0 05 e8 20 f9 36 00 fb 65 48 8b 1d ef 5e 43 0b <48> 8d bb 50 15 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1
[ 89.139822][ C1] RSP: 0018:ffffc90000286ee8 EFLAGS: 00000202
[ 89.139841][ C1] RAX: 000000000000c8a7 RBX: ffff88810569ba00 RCX: 0000000000000006
[ 89.139857][ C1] RDX: 0000000000000000 RSI: ffffffff88d267ba RDI: ffffffff878963e0
[ 89.139873][ C1] RBP: ffffc90000286f28 R08: 0000000000000001 R09: 0000000000000001
[ 89.139888][ C1] R10: ffffffff8a9d63d7 R11: 0000000000000000 R12: ffff888101ee3a00
[ 89.139903][ C1] R13: 0000000000000000 R14: ffff8881f59388d8 R15: ffff8881f5939418
[ 89.139927][ C1] ? finish_task_switch.isra.0+0x1e0/0x9e0
[ 89.139956][ C1] ? __switch_to+0x7a5/0x11a0
[ 89.139987][ C1] __schedule+0x1304/0x3b90
[ 89.140018][ C1] ? __pfx___schedule+0x10/0x10
[ 89.140051][ C1] ? __pfx___kernfs_new_node+0x10/0x10
[ 89.140074][ C1] ? __cond_resched+0x22/0x30
[ 89.140102][ C1] preempt_schedule_common+0x44/0xc0
[ 89.140132][ C1] __cond_resched+0x22/0x30
[ 89.140159][ C1] down_write+0x73/0x200
[ 89.140199][ C1] ? __pfx_down_write+0x10/0x10
[ 89.140237][ C1] kernfs_add_one+0x38/0x840
[ 89.140271][ C1] __kernfs_create_file+0x295/0x350
[ 89.140305][ C1] sysfs_add_file_mode_ns+0x207/0x3c0
[ 89.140345][ C1] sysfs_merge_group+0x1aa/0x340
[ 89.140369][ C1] ? __pfx_sysfs_merge_group+0x10/0x10
[ 89.140394][ C1] ? __pfx_dev_add_physical_location+0x10/0x10
[ 89.140422][ C1] ? bus_to_subsys+0x131/0x160
[ 89.140447][ C1] dpm_sysfs_add+0x237/0x280
[ 89.140483][ C1] device_add+0x9a6/0x1aa0
[ 89.140585][ C1] ? __pfx_device_add+0x10/0x10
[ 89.140629][ C1] ? lockdep_init_map_type+0x5c/0x280
[ 89.140656][ C1] ? __init_waitqueue_head+0xca/0x150
[ 89.140699][ C1] usb_create_ep_devs+0x160/0x2b0
[ 89.140739][ C1] create_intf_ep_devs.isra.0+0x161/0x200
[ 89.140775][ C1] usb_set_configuration+0x11a7/0x1e20
[ 89.140830][ C1] ? __pfx_usb_generic_driver_probe+0x10/0x10
[ 89.140859][ C1] usb_generic_driver_probe+0xb1/0x110
[ 89.140890][ C1] usb_probe_device+0xef/0x3e0
[ 89.140925][ C1] ? __pfx_usb_probe_device+0x10/0x10
[ 89.140959][ C1] really_probe+0x23e/0xa90
[ 89.140995][ C1] __driver_probe_device+0x1de/0x440
[ 89.141029][ C1] ? usb_driver_applicable+0x1c7/0x220
[ 89.141068][ C1] driver_probe_device+0x4c/0x1b0
[ 89.141103][ C1] __device_attach_driver+0x1df/0x310
[ 89.141140][ C1] ? __pfx___device_attach_driver+0x10/0x10
[ 89.141175][ C1] bus_for_each_drv+0x156/0x1e0
[ 89.141202][ C1] ? __pfx_bus_for_each_drv+0x10/0x10
[ 89.141256][ C1] ? lockdep_hardirqs_on+0x7c/0x110
[ 89.141308][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 89.141353][ C1] __device_attach+0x1e4/0x4b0
[ 89.141401][ C1] ? __pfx___device_attach+0x10/0x10
[ 89.141449][ C1] ? do_raw_spin_unlock+0x172/0x230
[ 89.141498][ C1] bus_probe_device+0x17f/0x1c0
[ 89.141532][ C1] device_add+0x1148/0x1aa0
[ 89.141575][ C1] ? __pfx_device_add+0x10/0x10
[ 89.141614][ C1] ? usb_detect_static_quirks+0x335/0x3e0
[ 89.141666][ C1] ? __usb_get_extra_descriptor+0x158/0x1c0
[ 89.141708][ C1] usb_new_device+0xd07/0x1a60
[ 89.141743][ C1] ? do_raw_spin_lock+0x12c/0x2b0
[ 89.141773][ C1] ? __pfx_usb_new_device+0x10/0x10
[ 89.141807][ C1] ? mark_held_locks+0x49/0x80
[ 89.141833][ C1] hub_event+0x2fce/0x5060
[ 89.141880][ C1] ? __pfx_hub_event+0x10/0x10
[ 89.141912][ C1] ? assoc_array_insert+0x1460/0x3970
[ 89.141951][ C1] ? rcu_is_watching+0x12/0xc0
[ 89.141989][ C1] process_one_work+0x9cf/0x1b70
[ 89.142030][ C1] ? __pfx_hub_event+0x10/0x10
[ 89.142062][ C1] ? __pfx_process_one_work+0x10/0x10
[ 89.142101][ C1] ? assign_work+0x1a0/0x250
[ 89.142133][ C1] worker_thread+0x6c8/0xf10
[ 89.142173][ C1] ? __kthread_parkme+0x19e/0x250
[ 89.142198][ C1] ? __pfx_worker_thread+0x10/0x10
[ 89.142239][ C1] kthread+0x3c5/0x780
[ 89.142270][ C1] ? __pfx_kthread+0x10/0x10
[ 89.142302][ C1] ? rcu_is_watching+0x12/0xc0
[ 89.142336][ C1] ? __pfx_kthread+0x10/0x10
[ 89.142368][ C1] ret_from_fork+0x5b6/0x6c0
[ 89.142392][ C1] ? __pfx_kthread+0x10/0x10
[ 89.142422][ C1] ret_from_fork_asm+0x1a/0x30
[ 89.142466][ C1]
[ 89.142476][ C1]
[ 89.739190][ C1] Allocated by task 38:
[ 89.743372][ C1] kasan_save_stack+0x33/0x60
[ 89.748111][ C1] kasan_save_track+0x14/0x30
[ 89.752929][ C1] __kasan_kmalloc+0x8f/0xa0
[ 89.757563][ C1] __kmalloc_noprof+0x213/0x4d0
[ 89.762463][ C1] usbtmc_probe+0xa54/0x1b90
[ 89.767096][ C1] usb_probe_interface+0x300/0xa40
[ 89.772287][ C1] really_probe+0x23e/0xa90
[ 89.776846][ C1] __driver_probe_device+0x1de/0x440
[ 89.782189][ C1] driver_probe_device+0x4c/0x1b0
[ 89.787248][ C1] __device_attach_driver+0x1df/0x310
[ 89.792755][ C1] bus_for_each_drv+0x156/0x1e0
[ 89.798010][ C1] __device_attach+0x1e4/0x4b0
[ 89.802799][ C1] bus_probe_device+0x17f/0x1c0
[ 89.807669][ C1] device_add+0x1148/0x1aa0
[ 89.812203][ C1] usb_set_configuration+0x1187/0x1e20
[ 89.817783][ C1] usb_generic_driver_probe+0xb1/0x110
[ 89.823261][ C1] usb_probe_device+0xef/0x3e0
[ 89.828078][ C1] really_probe+0x23e/0xa90
[ 89.832718][ C1] __driver_probe_device+0x1de/0x440
[ 89.838120][ C1] driver_probe_device+0x4c/0x1b0
[ 89.843180][ C1] __device_attach_driver+0x1df/0x310
[ 89.848580][ C1] bus_for_each_drv+0x156/0x1e0
[ 89.853449][ C1] __device_attach+0x1e4/0x4b0
[ 89.858241][ C1] bus_probe_device+0x17f/0x1c0
[ 89.863113][ C1] device_add+0x1148/0x1aa0
[ 89.867634][ C1] usb_new_device+0xd07/0x1a60
[ 89.872436][ C1] hub_event+0x2fce/0x5060
[ 89.876873][ C1] process_one_work+0x9cf/0x1b70
[ 89.881845][ C1] worker_thread+0x6c8/0xf10
[ 89.886463][ C1] kthread+0x3c5/0x780
[ 89.890556][ C1] ret_from_fork+0x5b6/0x6c0
[ 89.895188][ C1] ret_from_fork_asm+0x1a/0x30
[ 89.899999][ C1]
[ 89.902341][ C1] The buggy address belongs to the object at ffff88811b3c67c0
[ 89.902341][ C1] which belongs to the cache kmalloc-8 of size 8
[ 89.916062][ C1] The buggy address is located 0 bytes to the right of
[ 89.916062][ C1] allocated 1-byte region [ffff88811b3c67c0, ffff88811b3c67c1)
[ 89.930420][ C1]
[ 89.932862][ C1] The buggy address belongs to the physical page:
[ 89.939472][ C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88811b3c6120 pfn:0x11b3c6
[ 89.949655][ C1] flags: 0x200000000000000(node=0|zone=2)
[ 89.955396][ C1] page_type: f5(slab)
[ 89.959389][ C1] raw: 0200000000000000 ffff888100041500 ffffea000466b4c0 0000000000000002
[ 89.967994][ C1] raw: ffff88811b3c6120 000000008080007f 00000000f5000000 0000000000000000
[ 89.976938][ C1] page dumped because: kasan: bad access detected
[ 89.983364][ C1] page_owner tracks the page as allocated
[ 89.989342][ C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 2847, tgid 2847 (udevadm), ts 19444000448, free_ts 19443835885
[ 90.008234][ C1] post_alloc_hook+0x1c0/0x230
[ 90.013029][ C1] get_page_from_freelist+0xf98/0x2ce0
[ 90.018555][ C1] __alloc_frozen_pages_noprof+0x259/0x21e0
[ 90.024508][ C1] alloc_pages_mpol+0xe4/0x410
[ 90.029328][ C1] new_slab+0x247/0x330
[ 90.033533][ C1] ___slab_alloc+0xc78/0x1680
[ 90.038246][ C1] __slab_alloc.constprop.0+0x56/0xb0
[ 90.043657][ C1] __kmalloc_noprof+0x15b/0x4d0
[ 90.048542][ C1] kernfs_fop_write_iter+0x237/0x510
[ 90.053866][ C1] vfs_write+0x7d0/0x11d0
[ 90.058261][ C1] ksys_write+0x12a/0x250
[ 90.062637][ C1] do_syscall_64+0xcd/0x4b0
[ 90.067200][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 90.073127][ C1] page last free pid 2847 tgid 2847 stack trace:
[ 90.079481][ C1] __free_frozen_pages+0x78a/0xfd0
[ 90.084732][ C1] inode_doinit_with_dentry+0xacb/0x12e0
[ 90.090418][ C1] selinux_d_instantiate+0x26/0x30
[ 90.095582][ C1] security_d_instantiate+0x58/0xc0
[ 90.100840][ C1] d_splice_alias_ops+0x92/0x840
[ 90.105846][ C1] kernfs_iop_lookup+0x23f/0x2d0
[ 90.110822][ C1] lookup_open.isra.0+0x4c6/0x1560
[ 90.115983][ C1] path_openat+0x893/0x2cb0
[ 90.120612][ C1] do_filp_open+0x20b/0x470
[ 90.125245][ C1] do_sys_openat2+0x11b/0x1d0
[ 90.130063][ C1] __x64_sys_openat+0x174/0x210
[ 90.134976][ C1] do_syscall_64+0xcd/0x4b0
[ 90.139539][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 90.145471][ C1]
[ 90.147809][ C1] Memory state around the buggy address:
[ 90.153455][ C1] ffff88811b3c6680: fa fc fc fc fa fc fc fc fa fc fc fc 04 fc fc fc
[ 90.161549][ C1] ffff88811b3c6700: 00 fc fc fc fa fc fc fc 04 fc fc fc 04 fc fc fc
[ 90.169731][ C1] >ffff88811b3c6780: fa fc fc fc fa fc fc fc 01 fc fc fc 00 fc fc fc
[ 90.177845][ C1] ^
[ 90.184018][ C1] ffff88811b3c6800: 05 fc fc fc 00 fc fc fc 00 fc fc fc 06 fc fc fc
[ 90.192207][ C1] ffff88811b3c6880: 05 fc fc fc 06 fc fc fc 06 fc fc fc 05 fc fc fc
[ 90.200278][ C1] ==================================================================
[ 90.208452][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 90.218463][ C1] CPU: 1 UID: 0 PID: 38 Comm: kworker/1:1 Not tainted 6.17.0-rc1-syzkaller-00009-gc0485e864a2e #0 PREEMPT(voluntary)
[ 90.230956][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 90.241047][ C1] Workqueue: usb_hub_wq hub_event
[ 90.246129][ C1] Call Trace:
[ 90.249426][ C1]
[ 90.252282][ C1] dump_stack_lvl+0x3d/0x1f0
[ 90.256913][ C1] vpanic+0x6e8/0x7a0
[ 90.260919][ C1] ? __pfx_vpanic+0x10/0x10
[ 90.265448][ C1] ? __pfx_vprintk_emit+0x10/0x10
[ 90.270538][ C1] ? usbtmc_interrupt+0x4e1/0x6e0
[ 90.275596][ C1] panic+0xca/0xd0
[ 90.279340][ C1] ? __pfx_panic+0x10/0x10
[ 90.283800][ C1] ? end_report+0x4c/0x170
[ 90.288270][ C1] ? rcu_is_watching+0x12/0xc0
[ 90.293087][ C1] ? lock_release+0x201/0x2f0
[ 90.297791][ C1] ? check_panic_on_warn+0x1f/0xb0
[ 90.302946][ C1] check_panic_on_warn+0xab/0xb0
[ 90.307952][ C1] end_report+0x107/0x170
[ 90.312336][ C1] kasan_report+0xee/0x110
[ 90.316784][ C1] ? usbtmc_interrupt+0x4e1/0x6e0
[ 90.321841][ C1] usbtmc_interrupt+0x4e1/0x6e0
[ 90.326726][ C1] __usb_hcd_giveback_urb+0x38a/0x6e0
[ 90.332141][ C1] usb_hcd_giveback_urb+0x39b/0x450
[ 90.337378][ C1] dummy_timer+0x1814/0x3a30
[ 90.342011][ C1] ? __pfx_dummy_timer+0x10/0x10
[ 90.346987][ C1] ? __pfx_dummy_timer+0x10/0x10
[ 90.351940][ C1] ? mark_held_locks+0x49/0x80
[ 90.356724][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 90.362561][ C1] ? __pfx_dummy_timer+0x10/0x10
[ 90.367516][ C1] __hrtimer_run_queues+0x202/0xad0
[ 90.372744][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10
[ 90.378501][ C1] ? read_tsc+0x9/0x20
[ 90.382607][ C1] hrtimer_run_softirq+0x17d/0x350
[ 90.387744][ C1] handle_softirqs+0x208/0x8d0
[ 90.392548][ C1] ? __pfx_handle_softirqs+0x10/0x10
[ 90.397873][ C1] __irq_exit_rcu+0xfa/0x160
[ 90.402497][ C1] irq_exit_rcu+0x9/0x30
[ 90.406777][ C1] sysvec_apic_timer_interrupt+0x90/0xb0
[ 90.412441][ C1]
[ 90.415415][ C1]
[ 90.418363][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 90.424456][ C1] RIP: 0010:finish_task_switch.isra.0+0x1e9/0x9e0
[ 90.430938][ C1] Code: 0f 85 5f 07 00 00 8b 0d f9 90 4e 09 85 c9 0f 85 b9 02 00 00 48 89 df e8 95 e3 f0 05 e8 20 f9 36 00 fb 65 48 8b 1d ef 5e 43 0b <48> 8d bb 50 15 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1
[ 90.451526][ C1] RSP: 0018:ffffc90000286ee8 EFLAGS: 00000202
[ 90.457614][ C1] RAX: 000000000000c8a7 RBX: ffff88810569ba00 RCX: 0000000000000006
[ 90.465605][ C1] RDX: 0000000000000000 RSI: ffffffff88d267ba RDI: ffffffff878963e0
[ 90.473592][ C1] RBP: ffffc90000286f28 R08: 0000000000000001 R09: 0000000000000001
[ 90.481582][ C1] R10: ffffffff8a9d63d7 R11: 0000000000000000 R12: ffff888101ee3a00
[ 90.489593][ C1] R13: 0000000000000000 R14: ffff8881f59388d8 R15: ffff8881f5939418
[ 90.497607][ C1] ? finish_task_switch.isra.0+0x1e0/0x9e0
[ 90.503442][ C1] ? __switch_to+0x7a5/0x11a0
[ 90.508155][ C1] __schedule+0x1304/0x3b90
[ 90.512686][ C1] ? __pfx___schedule+0x10/0x10
[ 90.517582][ C1] ? __pfx___kernfs_new_node+0x10/0x10
[ 90.523061][ C1] ? __cond_resched+0x22/0x30
[ 90.527886][ C1] preempt_schedule_common+0x44/0xc0
[ 90.533213][ C1] __cond_resched+0x22/0x30
[ 90.537741][ C1] down_write+0x73/0x200
[ 90.542025][ C1] ? __pfx_down_write+0x10/0x10
[ 90.546911][ C1] kernfs_add_one+0x38/0x840
[ 90.551536][ C1] __kernfs_create_file+0x295/0x350
[ 90.556764][ C1] sysfs_add_file_mode_ns+0x207/0x3c0
[ 90.562180][ C1] sysfs_merge_group+0x1aa/0x340
[ 90.567246][ C1] ? __pfx_sysfs_merge_group+0x10/0x10
[ 90.572726][ C1] ? __pfx_dev_add_physical_location+0x10/0x10
[ 90.578942][ C1] ? bus_to_subsys+0x131/0x160
[ 90.583731][ C1] dpm_sysfs_add+0x237/0x280
[ 90.588462][ C1] device_add+0x9a6/0x1aa0
[ 90.592924][ C1] ? __pfx_device_add+0x10/0x10
[ 90.597806][ C1] ? lockdep_init_map_type+0x5c/0x280
[ 90.603209][ C1] ? __init_waitqueue_head+0xca/0x150
[ 90.608706][ C1] usb_create_ep_devs+0x160/0x2b0
[ 90.613781][ C1] create_intf_ep_devs.isra.0+0x161/0x200
[ 90.619532][ C1] usb_set_configuration+0x11a7/0x1e20
[ 90.625031][ C1] ? __pfx_usb_generic_driver_probe+0x10/0x10
[ 90.631138][ C1] usb_generic_driver_probe+0xb1/0x110
[ 90.636624][ C1] usb_probe_device+0xef/0x3e0
[ 90.641415][ C1] ? __pfx_usb_probe_device+0x10/0x10
[ 90.646817][ C1] really_probe+0x23e/0xa90
[ 90.651353][ C1] __driver_probe_device+0x1de/0x440
[ 90.656668][ C1] ? usb_driver_applicable+0x1c7/0x220
[ 90.662163][ C1] driver_probe_device+0x4c/0x1b0
[ 90.667219][ C1] __device_attach_driver+0x1df/0x310
[ 90.672712][ C1] ? __pfx___device_attach_driver+0x10/0x10
[ 90.678636][ C1] bus_for_each_drv+0x156/0x1e0
[ 90.683605][ C1] ? __pfx_bus_for_each_drv+0x10/0x10
[ 90.689005][ C1] ? lockdep_hardirqs_on+0x7c/0x110
[ 90.694240][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 90.700164][ C1] __device_attach+0x1e4/0x4b0
[ 90.704973][ C1] ? __pfx___device_attach+0x10/0x10
[ 90.710285][ C1] ? do_raw_spin_unlock+0x172/0x230
[ 90.715523][ C1] bus_probe_device+0x17f/0x1c0
[ 90.720404][ C1] device_add+0x1148/0x1aa0
[ 90.724943][ C1] ? __pfx_device_add+0x10/0x10
[ 90.729851][ C1] ? usb_detect_static_quirks+0x335/0x3e0
[ 90.735593][ C1] ? __usb_get_extra_descriptor+0x158/0x1c0
[ 90.741614][ C1] usb_new_device+0xd07/0x1a60
[ 90.746410][ C1] ? do_raw_spin_lock+0x12c/0x2b0
[ 90.751460][ C1] ? __pfx_usb_new_device+0x10/0x10
[ 90.756683][ C1] ? mark_held_locks+0x49/0x80
[ 90.761468][ C1] hub_event+0x2fce/0x5060
[ 90.765938][ C1] ? __pfx_hub_event+0x10/0x10
[ 90.770746][ C1] ? assoc_array_insert+0x1460/0x3970
[ 90.776162][ C1] ? rcu_is_watching+0x12/0xc0
[ 90.781007][ C1] process_one_work+0x9cf/0x1b70
[ 90.786005][ C1] ? __pfx_hub_event+0x10/0x10
[ 90.790846][ C1] ? __pfx_process_one_work+0x10/0x10
[ 90.796255][ C1] ? assign_work+0x1a0/0x250
[ 90.800882][ C1] worker_thread+0x6c8/0xf10
[ 90.805513][ C1] ? __kthread_parkme+0x19e/0x250
[ 90.810577][ C1] ? __pfx_worker_thread+0x10/0x10
[ 90.815739][ C1] kthread+0x3c5/0x780
[ 90.819830][ C1] ? __pfx_kthread+0x10/0x10
[ 90.824621][ C1] ? rcu_is_watching+0x12/0xc0
[ 90.829413][ C1] ? __pfx_kthread+0x10/0x10
[ 90.834121][ C1] ret_from_fork+0x5b6/0x6c0
[ 90.838843][ C1] ? __pfx_kthread+0x10/0x10
[ 90.843461][ C1] ret_from_fork_asm+0x1a/0x30
[ 90.848265][ C1]
[ 90.851563][ C1] Kernel Offset: disabled
[ 90.855912][ C1] Rebooting in 86400 seconds..