Warning: Permanently added '10.128.0.151' (ED25519) to the list of known hosts.
2025/09/28 04:54:37 parsed 1 programs
[   91.725334][   T29] audit: type=1400 audit(1759035278.758:101): avc:  denied  { unlink } for  pid=3965 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   91.840738][ T3965] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   93.483190][   T29] audit: type=1400 audit(1759035280.518:102): avc:  denied  { read } for  pid=3971 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   93.512835][   T29] audit: type=1400 audit(1759035280.518:103): avc:  denied  { open } for  pid=3971 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   93.536304][   T29] audit: type=1400 audit(1759035280.548:104): avc:  denied  { unmount } for  pid=3971 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   95.203292][   T29] audit: type=1401 audit(1759035282.238:105): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
2025/09/28 04:54:53 executed programs: 0
2025/09/28 04:55:03 executed programs: 2
[  116.721093][   T29] audit: type=1400 audit(1759035303.758:106): avc:  denied  { read write } for  pid=4939 comm="syz.3.16" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  116.744774][   T29] audit: type=1400 audit(1759035303.758:107): avc:  denied  { open } for  pid=4939 comm="syz.3.16" path="/dev/raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  116.768055][   T29] audit: type=1400 audit(1759035303.758:108): avc:  denied  { ioctl } for  pid=4939 comm="syz.3.16" path="/dev/raw-gadget" dev="devtmpfs" ino=236 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  117.027618][   T37] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  117.177491][   T37] usb 4-1: Using ep0 maxpacket: 8
[  117.184495][   T37] usb 4-1: config 162 has an invalid interface number: 3 but max is 2
[  117.192866][   T37] usb 4-1: config 162 has an invalid interface number: 3 but max is 2
[  117.201162][   T37] usb 4-1: config 162 has 2 interfaces, different from the descriptor's value: 3
[  117.210328][   T37] usb 4-1: config 162 has no interface number 0
[  117.216625][   T37] usb 4-1: config 162 has no interface number 1
[  117.224137][   T37] usb 4-1: config 162 interface 3 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  117.237177][   T37] usb 4-1: config 162 interface 2 altsetting 1 has a duplicate endpoint with address 0x9, skipping
[  117.248024][   T37] usb 4-1: config 162 interface 2 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86
[  117.259717][   T37] usb 4-1: config 162 interface 2 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024
[  117.271194][   T37] usb 4-1: config 162 interface 2 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024
[  117.281416][   T37] usb 4-1: config 162 interface 2 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4
[  117.294519][   T37] usb 4-1: config 162 interface 3 has no altsetting 0
[  117.301338][   T37] usb 4-1: config 162 interface 3 has no altsetting 1
[  117.308160][   T37] usb 4-1: config 162 interface 2 has no altsetting 0
[  117.317374][   T37] usb 4-1: New USB device found, idVendor=0e8d, idProduct=763f, bcdDevice=9b.23
[  117.326447][   T37] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  117.334989][   T37] usb 4-1: Product: syz
[  117.339198][   T37] usb 4-1: Manufacturer: syz
[  117.343797][   T37] usb 4-1: SerialNumber: syz
[  117.579198][ T4944] Bluetooth: hci0: Opcode 0x0c03 failed: -71
[  117.580748][   T37] usb 4-1: USB disconnect, device number 2
[  117.596971][   T37] ==================================================================
[  117.605169][   T37] BUG: KASAN: slab-use-after-free in btusb_disconnect+0x4dc/0x580
[  117.613119][   T37] Read of size 4 at addr ffff8881000a47c0 by task kworker/1:1/37
[  117.620844][   T37] 
[  117.623268][   T37] CPU: 1 UID: 0 PID: 37 Comm: kworker/1:1 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  117.623290][   T37] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  117.623302][   T37] Workqueue: usb_hub_wq hub_event
[  117.623332][   T37] Call Trace:
[  117.623346][   T37]  <TASK>
[  117.623354][   T37]  dump_stack_lvl+0x116/0x1f0
[  117.623374][   T37]  print_report+0xcd/0x630
[  117.623394][   T37]  ? __virt_addr_valid+0x81/0x610
[  117.623414][   T37]  ? __phys_addr+0xe8/0x180
[  117.623433][   T37]  ? btusb_disconnect+0x4dc/0x580
[  117.623450][   T37]  kasan_report+0xe0/0x110
[  117.623469][   T37]  ? btusb_disconnect+0x4dc/0x580
[  117.623488][   T37]  btusb_disconnect+0x4dc/0x580
[  117.623507][   T37]  usb_unbind_interface+0x1da/0x9e0
[  117.623522][   T37]  ? kernfs_remove_by_name_ns+0xbe/0x110
[  117.623541][   T37]  ? __pfx_usb_unbind_interface+0x10/0x10
[  117.623555][   T37]  device_remove+0x122/0x170
[  117.623576][   T37]  device_release_driver_internal+0x44b/0x620
[  117.623603][   T37]  bus_remove_device+0x22f/0x420
[  117.623623][   T37]  device_del+0x396/0x9f0
[  117.623645][   T37]  ? __pfx_device_del+0x10/0x10
[  117.623664][   T37]  ? kobject_put+0x210/0x5a0
[  117.623683][   T37]  usb_disable_device+0x355/0x7d0
[  117.623706][   T37]  usb_disconnect+0x2e1/0x9c0
[  117.623727][   T37]  hub_event+0x1aa2/0x5060
[  117.623753][   T37]  ? __lock_acquire+0xb97/0x1ce0
[  117.623769][   T37]  ? __pfx_hub_event+0x10/0x10
[  117.623788][   T37]  ? interval_tree_remove+0x850/0xee0
[  117.623813][   T37]  ? rcu_is_watching+0x12/0xc0
[  117.623835][   T37]  process_one_work+0x9cf/0x1b70
[  117.623857][   T37]  ? __pfx_hub_event+0x10/0x10
[  117.623877][   T37]  ? __pfx_process_one_work+0x10/0x10
[  117.623898][   T37]  ? assign_work+0x1a0/0x250
[  117.623915][   T37]  worker_thread+0x6c8/0xf10
[  117.623935][   T37]  ? __kthread_parkme+0x19e/0x250
[  117.623949][   T37]  ? __pfx_worker_thread+0x10/0x10
[  117.623967][   T37]  kthread+0x3c5/0x780
[  117.623984][   T37]  ? __pfx_kthread+0x10/0x10
[  117.624006][   T37]  ? rcu_is_watching+0x12/0xc0
[  117.624025][   T37]  ? __pfx_kthread+0x10/0x10
[  117.624041][   T37]  ret_from_fork+0x56d/0x700
[  117.624056][   T37]  ? __pfx_kthread+0x10/0x10
[  117.624072][   T37]  ret_from_fork_asm+0x1a/0x30
[  117.624096][   T37]  </TASK>
[  117.624101][   T37] 
[  117.844951][   T37] Allocated by task 37:
[  117.849088][   T37]  kasan_save_stack+0x33/0x60
[  117.853853][   T37]  kasan_save_track+0x14/0x30
[  117.858566][   T37]  __kasan_kmalloc+0x8f/0xa0
[  117.863154][   T37]  __kmalloc_node_track_caller_noprof+0x212/0x4c0
[  117.869667][   T37]  devm_kmalloc+0xa5/0x260
[  117.874089][   T37]  btusb_probe+0x23f/0x4480
[  117.878789][   T37]  usb_probe_interface+0x303/0xa40
[  117.883898][   T37]  really_probe+0x241/0xa90
[  117.888396][   T37]  __driver_probe_device+0x1de/0x440
[  117.893692][   T37]  driver_probe_device+0x4c/0x1b0
[  117.898711][   T37]  __device_attach_driver+0x1df/0x310
[  117.904105][   T37]  bus_for_each_drv+0x159/0x1e0
[  117.908960][   T37]  __device_attach+0x1e4/0x4b0
[  117.913829][   T37]  bus_probe_device+0x17f/0x1c0
[  117.918767][   T37]  device_add+0x1148/0x1aa0
[  117.923271][   T37]  usb_set_configuration+0x1187/0x1e20
[  117.928740][   T37]  usb_generic_driver_probe+0xb1/0x110
[  117.934236][   T37]  usb_probe_device+0xec/0x3e0
[  117.939027][   T37]  really_probe+0x241/0xa90
[  117.943538][   T37]  __driver_probe_device+0x1de/0x440
[  117.948854][   T37]  driver_probe_device+0x4c/0x1b0
[  117.954005][   T37]  __device_attach_driver+0x1df/0x310
[  117.959402][   T37]  bus_for_each_drv+0x159/0x1e0
[  117.964363][   T37]  __device_attach+0x1e4/0x4b0
[  117.969124][   T37]  bus_probe_device+0x17f/0x1c0
[  117.973970][   T37]  device_add+0x1148/0x1aa0
[  117.978461][   T37]  usb_new_device+0xd07/0x1a60
[  117.983234][   T37]  hub_event+0x2fce/0x5060
[  117.987646][   T37]  process_one_work+0x9cf/0x1b70
[  117.992593][   T37]  worker_thread+0x6c8/0xf10
[  117.997213][   T37]  kthread+0x3c5/0x780
[  118.001278][   T37]  ret_from_fork+0x56d/0x700
[  118.005861][   T37]  ret_from_fork_asm+0x1a/0x30
[  118.010628][   T37] 
[  118.012936][   T37] Freed by task 37:
[  118.016721][   T37]  kasan_save_stack+0x33/0x60
[  118.021415][   T37]  kasan_save_track+0x14/0x30
[  118.026200][   T37]  kasan_save_free_info+0x3b/0x60
[  118.031212][   T37]  __kasan_slab_free+0x3e/0x50
[  118.035970][   T37]  kfree+0x283/0x470
[  118.039862][   T37]  release_nodes+0x11e/0x240
[  118.044483][   T37]  devres_release_all+0x112/0x180
[  118.049503][   T37]  device_unbind_cleanup+0x19/0x1f0
[  118.054831][   T37]  device_release_driver_internal+0x4c3/0x620
[  118.060930][   T37]  usb_driver_release_interface+0x109/0x190
[  118.066823][   T37]  btusb_disconnect+0x448/0x580
[  118.071680][   T37]  usb_unbind_interface+0x1da/0x9e0
[  118.076874][   T37]  device_remove+0x122/0x170
[  118.081460][   T37]  device_release_driver_internal+0x44b/0x620
[  118.087542][   T37]  bus_remove_device+0x22f/0x420
[  118.092467][   T37]  device_del+0x396/0x9f0
[  118.096843][   T37]  usb_disable_device+0x355/0x7d0
[  118.101859][   T37]  usb_disconnect+0x2e1/0x9c0
[  118.106543][   T37]  hub_event+0x1aa2/0x5060
[  118.110950][   T37]  process_one_work+0x9cf/0x1b70
[  118.115879][   T37]  worker_thread+0x6c8/0xf10
[  118.120457][   T37]  kthread+0x3c5/0x780
[  118.124516][   T37]  ret_from_fork+0x56d/0x700
[  118.129090][   T37]  ret_from_fork_asm+0x1a/0x30
[  118.133852][   T37] 
[  118.136221][   T37] The buggy address belongs to the object at ffff8881000a4000
[  118.136221][   T37]  which belongs to the cache kmalloc-2k of size 2048
[  118.150294][   T37] The buggy address is located 1984 bytes inside of
[  118.150294][   T37]  freed 2048-byte region [ffff8881000a4000, ffff8881000a4800)
[  118.164442][   T37] 
[  118.166758][   T37] The buggy address belongs to the physical page:
[  118.173226][   T37] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1000a0
[  118.182063][   T37] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  118.190569][   T37] anon flags: 0x200000000000040(head|node=0|zone=2)
[  118.197153][   T37] page_type: f5(slab)
[  118.201123][   T37] raw: 0200000000000040 ffff888100042000 0000000000000000 dead000000000001
[  118.209853][   T37] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  118.218507][   T37] head: 0200000000000040 ffff888100042000 0000000000000000 dead000000000001
[  118.227359][   T37] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  118.236033][   T37] head: 0200000000000003 ffffea0004002801 00000000ffffffff 00000000ffffffff
[  118.244725][   T37] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[  118.253548][   T37] page dumped because: kasan: bad access detected
[  118.260060][   T37] page_owner tracks the page as allocated
[  118.265770][   T37] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52000(__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 0, tgid 0 (swapper/0), ts 1657545179, free_ts 0
[  118.282451][   T37]  post_alloc_hook+0x1c0/0x230
[  118.287217][   T37]  get_page_from_freelist+0xf98/0x2ce0
[  118.292669][   T37]  __alloc_frozen_pages_noprof+0x259/0x21e0
[  118.298561][   T37]  alloc_pages_mpol+0xe4/0x410
[  118.303405][   T37]  new_slab+0x247/0x330
[  118.307648][   T37]  ___slab_alloc+0xc55/0x1620
[  118.312325][   T37]  __slab_alloc.constprop.0+0x56/0xb0
[  118.317704][   T37]  __kmalloc_cache_node_noprof+0x208/0x3c0
[  118.323503][   T37]  alloc_unbound_pwq+0x5fc/0xe10
[  118.328627][   T37]  apply_wqattrs_prepare+0x3af/0xbd0
[  118.333922][   T37]  apply_workqueue_attrs_locked+0x64/0xe0
[  118.339737][   T37]  __alloc_workqueue+0x1007/0x1810
[  118.344835][   T37]  alloc_workqueue_noprof+0xd2/0x200
[  118.350122][   T37]  workqueue_init_early+0xd46/0x1480
[  118.355426][   T37]  start_kernel+0x1da/0x4d0
[  118.359932][   T37]  x86_64_start_reservations+0x18/0x30
[  118.365475][   T37] page_owner free stack trace missing
[  118.370839][   T37] 
[  118.373148][   T37] Memory state around the buggy address:
[  118.378784][   T37]  ffff8881000a4680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  118.386853][   T37]  ffff8881000a4700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  118.394901][   T37] >ffff8881000a4780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  118.402956][   T37]                                            ^
[  118.409106][   T37]  ffff8881000a4800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  118.417192][   T37]  ffff8881000a4880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  118.425434][   T37] ==================================================================
[  118.433700][   T37] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  118.440989][   T37] CPU: 1 UID: 0 PID: 37 Comm: kworker/1:1 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  118.450719][   T37] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  118.460882][   T37] Workqueue: usb_hub_wq hub_event
[  118.465913][   T37] Call Trace:
[  118.469181][   T37]  <TASK>
[  118.472189][   T37]  dump_stack_lvl+0x3d/0x1f0
[  118.476771][   T37]  vpanic+0x6e8/0x7a0
[  118.480755][   T37]  ? __pfx_vpanic+0x10/0x10
[  118.485248][   T37]  ? btusb_disconnect+0x4dc/0x580
[  118.490276][   T37]  panic+0xca/0xd0
[  118.494002][   T37]  ? __pfx_panic+0x10/0x10
[  118.498414][   T37]  ? check_panic_on_warn+0x1f/0xb0
[  118.503527][   T37]  check_panic_on_warn+0xab/0xb0
[  118.508484][   T37]  end_report+0x107/0x170
[  118.512838][   T37]  kasan_report+0xee/0x110
[  118.517256][   T37]  ? btusb_disconnect+0x4dc/0x580
[  118.522274][   T37]  btusb_disconnect+0x4dc/0x580
[  118.527178][   T37]  usb_unbind_interface+0x1da/0x9e0
[  118.532374][   T37]  ? kernfs_remove_by_name_ns+0xbe/0x110
[  118.537999][   T37]  ? __pfx_usb_unbind_interface+0x10/0x10
[  118.543986][   T37]  device_remove+0x122/0x170
[  118.548673][   T37]  device_release_driver_internal+0x44b/0x620
[  118.554741][   T37]  bus_remove_device+0x22f/0x420
[  118.559691][   T37]  device_del+0x396/0x9f0
[  118.564044][   T37]  ? __pfx_device_del+0x10/0x10
[  118.568996][   T37]  ? kobject_put+0x210/0x5a0
[  118.573672][   T37]  usb_disable_device+0x355/0x7d0
[  118.578707][   T37]  usb_disconnect+0x2e1/0x9c0
[  118.583399][   T37]  hub_event+0x1aa2/0x5060
[  118.587826][   T37]  ? __lock_acquire+0xb97/0x1ce0
[  118.592768][   T37]  ? __pfx_hub_event+0x10/0x10
[  118.597535][   T37]  ? interval_tree_remove+0x850/0xee0
[  118.602904][   T37]  ? rcu_is_watching+0x12/0xc0
[  118.607684][   T37]  process_one_work+0x9cf/0x1b70
[  118.612640][   T37]  ? __pfx_hub_event+0x10/0x10
[  118.617405][   T37]  ? __pfx_process_one_work+0x10/0x10
[  118.622788][   T37]  ? assign_work+0x1a0/0x250
[  118.627458][   T37]  worker_thread+0x6c8/0xf10
[  118.632074][   T37]  ? __kthread_parkme+0x19e/0x250
[  118.637090][   T37]  ? __pfx_worker_thread+0x10/0x10
[  118.642390][   T37]  kthread+0x3c5/0x780
[  118.646476][   T37]  ? __pfx_kthread+0x10/0x10
[  118.651057][   T37]  ? rcu_is_watching+0x12/0xc0
[  118.655836][   T37]  ? __pfx_kthread+0x10/0x10
[  118.660510][   T37]  ret_from_fork+0x56d/0x700
[  118.665102][   T37]  ? __pfx_kthread+0x10/0x10
[  118.669780][   T37]  ret_from_fork_asm+0x1a/0x30
[  118.674571][   T37]  </TASK>
[  118.677915][   T37] Kernel Offset: disabled
[  118.682251][   T37] Rebooting in 86400 seconds..