Warning: Permanently added '10.128.1.153' (ED25519) to the list of known hosts.
2025/07/20 03:36:21 ignoring optional flag "sandboxArg"="0"
2025/07/20 03:36:22 parsed 1 programs
[   99.238719][   T29] audit: type=1400 audit(1752982584.337:101): avc:  denied  { unlink } for  pid=4003 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   99.388222][ T4003] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  100.722731][   T29] audit: type=1400 audit(1752982585.817:102): avc:  denied  { read } for  pid=4009 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  100.744400][   T29] audit: type=1400 audit(1752982585.817:103): avc:  denied  { open } for  pid=4009 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  111.196903][   T29] audit: type=1400 audit(1752982596.297:104): avc:  denied  { unmount } for  pid=4009 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  114.594763][   T29] audit: type=1401 audit(1752982599.687:105): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
2025/07/20 03:36:40 executed programs: 0
2025/07/20 03:36:51 executed programs: 2
[  125.949617][   T29] audit: type=1400 audit(1752982611.047:106): avc:  denied  { read write } for  pid=5030 comm="syz.3.16" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  125.973231][   T29] audit: type=1400 audit(1752982611.047:107): avc:  denied  { open } for  pid=5030 comm="syz.3.16" path="/dev/raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  125.997745][   T29] audit: type=1400 audit(1752982611.067:108): avc:  denied  { ioctl } for  pid=5030 comm="syz.3.16" path="/dev/raw-gadget" dev="devtmpfs" ino=236 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  126.205720][   T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  126.355507][   T10] usb 4-1: Using ep0 maxpacket: 8
[  126.362644][   T10] usb 4-1: config 162 has an invalid interface number: 3 but max is 2
[  126.370942][   T10] usb 4-1: config 162 has an invalid interface number: 3 but max is 2
[  126.379233][   T10] usb 4-1: config 162 has 2 interfaces, different from the descriptor's value: 3
[  126.388401][   T10] usb 4-1: config 162 has no interface number 0
[  126.394655][   T10] usb 4-1: config 162 has no interface number 1
[  126.401041][   T10] usb 4-1: config 162 interface 3 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  126.414055][   T10] usb 4-1: config 162 interface 2 altsetting 1 has a duplicate endpoint with address 0x9, skipping
[  126.424798][   T10] usb 4-1: config 162 interface 2 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86
[  126.436494][   T10] usb 4-1: config 162 interface 2 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024
[  126.447828][   T10] usb 4-1: config 162 interface 2 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024
[  126.458028][   T10] usb 4-1: config 162 interface 2 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4
[  126.471108][   T10] usb 4-1: config 162 interface 3 has no altsetting 0
[  126.477946][   T10] usb 4-1: config 162 interface 3 has no altsetting 1
[  126.484712][   T10] usb 4-1: config 162 interface 2 has no altsetting 0
[  126.494662][   T10] usb 4-1: New USB device found, idVendor=0e8d, idProduct=763f, bcdDevice=9b.23
[  126.503811][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.511867][   T10] usb 4-1: Product: syz
[  126.516072][   T10] usb 4-1: Manufacturer: syz
[  126.520695][   T10] usb 4-1: SerialNumber: syz
[  126.762034][ T5035] Bluetooth: hci0: Opcode 0x0c03 failed: -71
[  126.770379][   T10] usb 4-1: USB disconnect, device number 2
[  126.780582][   T10] ==================================================================
[  126.788672][   T10] BUG: KASAN: slab-use-after-free in btusb_disconnect+0x4dc/0x580
[  126.796579][   T10] Read of size 4 at addr ffff888114fbf7c0 by task kworker/0:1/10
[  126.804286][   T10] 
[  126.806619][   T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.16.0-rc4-syzkaller-00324-gf72b9aa821a2 #0 PREEMPT(voluntary) 
[  126.806638][   T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  126.806648][   T10] Workqueue: usb_hub_wq hub_event
[  126.806667][   T10] Call Trace:
[  126.806674][   T10]  <TASK>
[  126.806679][   T10]  dump_stack_lvl+0x116/0x1f0
[  126.806706][   T10]  print_report+0xcd/0x680
[  126.806722][   T10]  ? __virt_addr_valid+0x81/0x610
[  126.806744][   T10]  ? __phys_addr+0xe8/0x180
[  126.806761][   T10]  ? btusb_disconnect+0x4dc/0x580
[  126.806775][   T10]  kasan_report+0xe0/0x110
[  126.806790][   T10]  ? btusb_disconnect+0x4dc/0x580
[  126.806806][   T10]  btusb_disconnect+0x4dc/0x580
[  126.806821][   T10]  usb_unbind_interface+0x1da/0x9a0
[  126.806838][   T10]  ? kernfs_remove_by_name_ns+0xbe/0x110
[  126.806858][   T10]  ? __pfx_usb_unbind_interface+0x10/0x10
[  126.806873][   T10]  device_remove+0x125/0x170
[  126.806888][   T10]  device_release_driver_internal+0x44b/0x620
[  126.806907][   T10]  bus_remove_device+0x22f/0x420
[  126.806921][   T10]  device_del+0x396/0x9f0
[  126.806937][   T10]  ? __pfx_device_del+0x10/0x10
[  126.806951][   T10]  ? kobject_put+0x210/0x5a0
[  126.806966][   T10]  usb_disable_device+0x355/0x7d0
[  126.806981][   T10]  usb_disconnect+0x2e1/0x9c0
[  126.806995][   T10]  hub_event+0x1aa0/0x5030
[  126.807013][   T10]  ? __lock_acquire+0xb8a/0x1c90
[  126.807027][   T10]  ? __pfx_hub_event+0x10/0x10
[  126.807039][   T10]  ? assoc_array_gc+0xb40/0x15b0
[  126.807064][   T10]  ? rcu_is_watching+0x12/0xc0
[  126.807084][   T10]  process_one_work+0x9cc/0x1b70
[  126.807102][   T10]  ? __pfx_hub_event+0x10/0x10
[  126.807115][   T10]  ? __pfx_process_one_work+0x10/0x10
[  126.807133][   T10]  ? assign_work+0x1a0/0x250
[  126.807148][   T10]  worker_thread+0x6c8/0xf10
[  126.807166][   T10]  ? __kthread_parkme+0x19e/0x250
[  126.807187][   T10]  ? __pfx_worker_thread+0x10/0x10
[  126.807202][   T10]  kthread+0x3c2/0x780
[  126.807217][   T10]  ? __pfx_kthread+0x10/0x10
[  126.807231][   T10]  ? rcu_is_watching+0x12/0xc0
[  126.807248][   T10]  ? __pfx_kthread+0x10/0x10
[  126.807262][   T10]  ret_from_fork+0x5b3/0x6c0
[  126.807283][   T10]  ? __pfx_kthread+0x10/0x10
[  126.807297][   T10]  ret_from_fork_asm+0x1a/0x30
[  126.807318][   T10]  </TASK>
[  126.807323][   T10] 
[  127.029219][   T10] Allocated by task 10:
[  127.033363][   T10]  kasan_save_stack+0x33/0x60
[  127.038114][   T10]  kasan_save_track+0x14/0x30
[  127.042778][   T10]  __kasan_kmalloc+0x8f/0xa0
[  127.047350][   T10]  __kmalloc_node_track_caller_noprof+0x212/0x4c0
[  127.053774][   T10]  devm_kmalloc+0xa5/0x260
[  127.058193][   T10]  btusb_probe+0x23f/0x4480
[  127.062680][   T10]  usb_probe_interface+0x303/0x9c0
[  127.067808][   T10]  really_probe+0x23e/0xa90
[  127.072297][   T10]  __driver_probe_device+0x1de/0x440
[  127.077565][   T10]  driver_probe_device+0x4c/0x1b0
[  127.082586][   T10]  __device_attach_driver+0x1df/0x310
[  127.088030][   T10]  bus_for_each_drv+0x156/0x1e0
[  127.092879][   T10]  __device_attach+0x1e4/0x4b0
[  127.097636][   T10]  bus_probe_device+0x17f/0x1c0
[  127.102466][   T10]  device_add+0x1148/0x1a70
[  127.106962][   T10]  usb_set_configuration+0x1187/0x1e20
[  127.112403][   T10]  usb_generic_driver_probe+0xb1/0x110
[  127.118203][   T10]  usb_probe_device+0xef/0x3e0
[  127.122967][   T10]  really_probe+0x23e/0xa90
[  127.127480][   T10]  __driver_probe_device+0x1de/0x440
[  127.132757][   T10]  driver_probe_device+0x4c/0x1b0
[  127.137774][   T10]  __device_attach_driver+0x1df/0x310
[  127.143137][   T10]  bus_for_each_drv+0x156/0x1e0
[  127.147988][   T10]  __device_attach+0x1e4/0x4b0
[  127.152827][   T10]  bus_probe_device+0x17f/0x1c0
[  127.157661][   T10]  device_add+0x1148/0x1a70
[  127.162151][   T10]  usb_new_device+0xd07/0x1a20
[  127.166896][   T10]  hub_event+0x2f85/0x5030
[  127.171483][   T10]  process_one_work+0x9cc/0x1b70
[  127.176407][   T10]  worker_thread+0x6c8/0xf10
[  127.180982][   T10]  kthread+0x3c2/0x780
[  127.185043][   T10]  ret_from_fork+0x5b3/0x6c0
[  127.189625][   T10]  ret_from_fork_asm+0x1a/0x30
[  127.194387][   T10] 
[  127.196784][   T10] Freed by task 10:
[  127.200570][   T10]  kasan_save_stack+0x33/0x60
[  127.205247][   T10]  kasan_save_track+0x14/0x30
[  127.209933][   T10]  kasan_save_free_info+0x3b/0x60
[  127.215040][   T10]  __kasan_slab_free+0x37/0x50
[  127.219794][   T10]  kfree+0x283/0x470
[  127.223676][   T10]  release_nodes+0x11e/0x240
[  127.228256][   T10]  devres_release_all+0x112/0x180
[  127.233281][   T10]  device_unbind_cleanup+0x19/0x1b0
[  127.238483][   T10]  device_release_driver_internal+0x4c3/0x620
[  127.244651][   T10]  usb_driver_release_interface+0x109/0x190
[  127.250578][   T10]  btusb_disconnect+0x448/0x580
[  127.255431][   T10]  usb_unbind_interface+0x1da/0x9a0
[  127.260649][   T10]  device_remove+0x125/0x170
[  127.265255][   T10]  device_release_driver_internal+0x44b/0x620
[  127.271510][   T10]  bus_remove_device+0x22f/0x420
[  127.276466][   T10]  device_del+0x396/0x9f0
[  127.280809][   T10]  usb_disable_device+0x355/0x7d0
[  127.285912][   T10]  usb_disconnect+0x2e1/0x9c0
[  127.290614][   T10]  hub_event+0x1aa0/0x5030
[  127.295039][   T10]  process_one_work+0x9cc/0x1b70
[  127.299989][   T10]  worker_thread+0x6c8/0xf10
[  127.304585][   T10]  kthread+0x3c2/0x780
[  127.308656][   T10]  ret_from_fork+0x5b3/0x6c0
[  127.313258][   T10]  ret_from_fork_asm+0x1a/0x30
[  127.318113][   T10] 
[  127.320428][   T10] The buggy address belongs to the object at ffff888114fbf000
[  127.320428][   T10]  which belongs to the cache kmalloc-2k of size 2048
[  127.334494][   T10] The buggy address is located 1984 bytes inside of
[  127.334494][   T10]  freed 2048-byte region [ffff888114fbf000, ffff888114fbf800)
[  127.348469][   T10] 
[  127.350786][   T10] The buggy address belongs to the physical page:
[  127.357199][   T10] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x114fb8
[  127.366239][   T10] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  127.374747][   T10] anon flags: 0x200000000000040(head|node=0|zone=2)
[  127.381352][   T10] page_type: f5(slab)
[  127.385353][   T10] raw: 0200000000000040 ffff888100042000 0000000000000000 dead000000000001
[  127.393938][   T10] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  127.402521][   T10] head: 0200000000000040 ffff888100042000 0000000000000000 dead000000000001
[  127.411298][   T10] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  127.419993][   T10] head: 0200000000000003 ffffea000453ee01 00000000ffffffff 00000000ffffffff
[  127.428666][   T10] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[  127.437334][   T10] page dumped because: kasan: bad access detected
[  127.443754][   T10] page_owner tracks the page as allocated
[  127.449638][   T10] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 9375970240, free_ts 0
[  127.469384][   T10]  post_alloc_hook+0x1c0/0x230
[  127.474157][   T10]  get_page_from_freelist+0xf98/0x2ce0
[  127.479618][   T10]  __alloc_frozen_pages_noprof+0x259/0x21e0
[  127.485516][   T10]  alloc_pages_mpol+0xe4/0x410
[  127.490283][   T10]  new_slab+0x23b/0x330
[  127.494528][   T10]  ___slab_alloc+0xda5/0x1940
[  127.499207][   T10]  __slab_alloc.constprop.0+0x56/0xb0
[  127.504614][   T10]  __kmalloc_node_track_caller_noprof+0x15e/0x4c0
[  127.511035][   T10]  krealloc_noprof+0xf8/0x320
[  127.515720][   T10]  add_sysfs_param+0xd3/0xa00
[  127.520403][   T10]  param_sysfs_builtin_init+0x307/0x4c0
[  127.525983][   T10]  do_one_initcall+0x120/0x6e0
[  127.530751][   T10]  kernel_init_freeable+0x5c2/0x900
[  127.535958][   T10]  kernel_init+0x1c/0x2b0
[  127.540288][   T10]  ret_from_fork+0x5b3/0x6c0
[  127.544978][   T10]  ret_from_fork_asm+0x1a/0x30
[  127.549745][   T10] page_owner free stack trace missing
[  127.555104][   T10] 
[  127.557435][   T10] Memory state around the buggy address:
[  127.563154][   T10]  ffff888114fbf680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  127.571209][   T10]  ffff888114fbf700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  127.579265][   T10] >ffff888114fbf780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  127.587316][   T10]                                            ^
[  127.593475][   T10]  ffff888114fbf800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  127.601534][   T10]  ffff888114fbf880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  127.609588][   T10] ==================================================================
[  127.617969][   T10] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  127.625287][   T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.16.0-rc4-syzkaller-00324-gf72b9aa821a2 #0 PREEMPT(voluntary) 
[  127.637639][   T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  127.647716][   T10] Workqueue: usb_hub_wq hub_event
[  127.652754][   T10] Call Trace:
[  127.656027][   T10]  <TASK>
[  127.658955][   T10]  dump_stack_lvl+0x3d/0x1f0
[  127.663566][   T10]  panic+0x71c/0x800
[  127.667474][   T10]  ? __pfx_panic+0x10/0x10
[  127.671916][   T10]  ? irqentry_exit+0x3b/0x90
[  127.676539][   T10]  ? lockdep_hardirqs_on+0x7c/0x110
[  127.681779][   T10]  ? btusb_disconnect+0x4dc/0x580
[  127.686914][   T10]  ? check_panic_on_warn+0x1f/0xb0
[  127.692032][   T10]  ? btusb_disconnect+0x4dc/0x580
[  127.697065][   T10]  check_panic_on_warn+0xab/0xb0
[  127.702012][   T10]  end_report+0x107/0x170
[  127.706347][   T10]  kasan_report+0xee/0x110
[  127.710811][   T10]  ? btusb_disconnect+0x4dc/0x580
[  127.715843][   T10]  btusb_disconnect+0x4dc/0x580
[  127.720700][   T10]  usb_unbind_interface+0x1da/0x9a0
[  127.725917][   T10]  ? kernfs_remove_by_name_ns+0xbe/0x110
[  127.731559][   T10]  ? __pfx_usb_unbind_interface+0x10/0x10
[  127.737284][   T10]  device_remove+0x125/0x170
[  127.741967][   T10]  device_release_driver_internal+0x44b/0x620
[  127.748083][   T10]  bus_remove_device+0x22f/0x420
[  127.753026][   T10]  device_del+0x396/0x9f0
[  127.757362][   T10]  ? __pfx_device_del+0x10/0x10
[  127.762222][   T10]  ? kobject_put+0x210/0x5a0
[  127.766826][   T10]  usb_disable_device+0x355/0x7d0
[  127.771859][   T10]  usb_disconnect+0x2e1/0x9c0
[  127.776549][   T10]  hub_event+0x1aa0/0x5030
[  127.780976][   T10]  ? __lock_acquire+0xb8a/0x1c90
[  127.785952][   T10]  ? __pfx_hub_event+0x10/0x10
[  127.790715][   T10]  ? assoc_array_gc+0xb40/0x15b0
[  127.795670][   T10]  ? rcu_is_watching+0x12/0xc0
[  127.800443][   T10]  process_one_work+0x9cc/0x1b70
[  127.805404][   T10]  ? __pfx_hub_event+0x10/0x10
[  127.810171][   T10]  ? __pfx_process_one_work+0x10/0x10
[  127.815551][   T10]  ? assign_work+0x1a0/0x250
[  127.820146][   T10]  worker_thread+0x6c8/0xf10
[  127.824746][   T10]  ? __kthread_parkme+0x19e/0x250
[  127.829786][   T10]  ? __pfx_worker_thread+0x10/0x10
[  127.834901][   T10]  kthread+0x3c2/0x780
[  127.838975][   T10]  ? __pfx_kthread+0x10/0x10
[  127.843574][   T10]  ? rcu_is_watching+0x12/0xc0
[  127.848346][   T10]  ? __pfx_kthread+0x10/0x10
[  127.852941][   T10]  ret_from_fork+0x5b3/0x6c0
[  127.857545][   T10]  ? __pfx_kthread+0x10/0x10
[  127.862146][   T10]  ret_from_fork_asm+0x1a/0x30
[  127.866924][   T10]  </TASK>
[  127.870169][   T10] Kernel Offset: disabled
[  127.874510][   T10] Rebooting in 86400 seconds..