Warning: Permanently added '10.128.10.29' (ED25519) to the list of known hosts.
2025/09/28 04:45:23 parsed 1 programs
[ 109.147696][ T29] audit: type=1400 audit(1759034725.407:101): avc: denied { unlink } for pid=3966 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 109.247759][ T3966] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 110.868889][ T29] audit: type=1400 audit(1759034727.127:102): avc: denied { read } for pid=3973 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 110.904577][ T29] audit: type=1400 audit(1759034727.127:103): avc: denied { open } for pid=3973 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 110.928602][ T29] audit: type=1400 audit(1759034727.157:104): avc: denied { unmount } for pid=3973 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 112.058485][ T29] audit: type=1401 audit(1759034728.317:105): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
2025/09/28 04:45:43 executed programs: 0
2025/09/28 04:45:55 executed programs: 2
[ 139.546139][ T29] audit: type=1400 audit(1759034755.797:106): avc: denied { read write } for pid=4944 comm="syz.3.16" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 139.570829][ T29] audit: type=1400 audit(1759034755.797:107): avc: denied { open } for pid=4944 comm="syz.3.16" path="/dev/raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 139.594356][ T29] audit: type=1400 audit(1759034755.797:108): avc: denied { ioctl } for pid=4944 comm="syz.3.16" path="/dev/raw-gadget" dev="devtmpfs" ino=236 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 139.776518][ T2655] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[ 139.926328][ T2655] usb 4-1: Using ep0 maxpacket: 8
[ 139.933794][ T2655] usb 4-1: config 162 has an invalid interface number: 3 but max is 2
[ 139.942282][ T2655] usb 4-1: config 162 has an invalid interface number: 3 but max is 2
[ 139.950785][ T2655] usb 4-1: config 162 has 2 interfaces, different from the descriptor's value: 3
[ 139.960245][ T2655] usb 4-1: config 162 has no interface number 0
[ 139.966683][ T2655] usb 4-1: config 162 has no interface number 1
[ 139.973271][ T2655] usb 4-1: config 162 interface 3 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 139.986590][ T2655] usb 4-1: config 162 interface 2 altsetting 1 has a duplicate endpoint with address 0x9, skipping
[ 139.997432][ T2655] usb 4-1: config 162 interface 2 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86
[ 140.009216][ T2655] usb 4-1: config 162 interface 2 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024
[ 140.020658][ T2655] usb 4-1: config 162 interface 2 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024
[ 140.030899][ T2655] usb 4-1: config 162 interface 2 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4
[ 140.044086][ T2655] usb 4-1: config 162 interface 3 has no altsetting 0
[ 140.051267][ T2655] usb 4-1: config 162 interface 3 has no altsetting 1
[ 140.058190][ T2655] usb 4-1: config 162 interface 2 has no altsetting 0
[ 140.067561][ T2655] usb 4-1: New USB device found, idVendor=0e8d, idProduct=763f, bcdDevice=9b.23
[ 140.076725][ T2655] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 140.084910][ T2655] usb 4-1: Product: syz
[ 140.089245][ T2655] usb 4-1: Manufacturer: syz
[ 140.093872][ T2655] usb 4-1: SerialNumber: syz
[ 140.329203][ T4948] Bluetooth: hci0: Opcode 0x0c03 failed: -71
[ 140.337304][ T2655] usb 4-1: USB disconnect, device number 2
[ 140.348753][ T2655] ==================================================================
[ 140.357124][ T2655] BUG: KASAN: slab-use-after-free in btusb_disconnect+0x4dc/0x580
[ 140.364962][ T2655] Read of size 4 at addr ffff888121d507c0 by task kworker/1:2/2655
[ 140.372961][ T2655]
[ 140.375393][ T2655] CPU: 1 UID: 0 PID: 2655 Comm: kworker/1:2 Not tainted syzkaller #0 PREEMPT(voluntary)
[ 140.375417][ T2655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 140.375431][ T2655] Workqueue: usb_hub_wq hub_event
[ 140.375461][ T2655] Call Trace:
[ 140.375471][ T2655]
[ 140.375478][ T2655] dump_stack_lvl+0x116/0x1f0
[ 140.375500][ T2655] print_report+0xcd/0x630
[ 140.375523][ T2655] ? __virt_addr_valid+0x81/0x610
[ 140.375548][ T2655] ? __phys_addr+0xe8/0x180
[ 140.375572][ T2655] ? btusb_disconnect+0x4dc/0x580
[ 140.375594][ T2655] kasan_report+0xe0/0x110
[ 140.375617][ T2655] ? btusb_disconnect+0x4dc/0x580
[ 140.375640][ T2655] btusb_disconnect+0x4dc/0x580
[ 140.375663][ T2655] usb_unbind_interface+0x1da/0x9e0
[ 140.375681][ T2655] ? kernfs_remove_by_name_ns+0xbe/0x110
[ 140.375704][ T2655] ? __pfx_usb_unbind_interface+0x10/0x10
[ 140.375721][ T2655] device_remove+0x122/0x170
[ 140.375746][ T2655] device_release_driver_internal+0x44b/0x620
[ 140.375777][ T2655] bus_remove_device+0x22f/0x420
[ 140.375802][ T2655] device_del+0x396/0x9f0
[ 140.375828][ T2655] ? __pfx_device_del+0x10/0x10
[ 140.375853][ T2655] ? kobject_put+0x210/0x5a0
[ 140.375875][ T2655] usb_disable_device+0x355/0x7d0
[ 140.375902][ T2655] usb_disconnect+0x2e1/0x9c0
[ 140.375928][ T2655] hub_event+0x1aa2/0x5060
[ 140.375959][ T2655] ? __lock_acquire+0xb97/0x1ce0
[ 140.375977][ T2655] ? __pfx_hub_event+0x10/0x10
[ 140.376002][ T2655] ? interval_tree_remove+0x850/0xee0
[ 140.376029][ T2655] ? rcu_is_watching+0x12/0xc0
[ 140.376054][ T2655] process_one_work+0x9cf/0x1b70
[ 140.376079][ T2655] ? __pfx_hub_event+0x10/0x10
[ 140.376104][ T2655] ? __pfx_process_one_work+0x10/0x10
[ 140.376129][ T2655] ? assign_work+0x1a0/0x250
[ 140.376155][ T2655] worker_thread+0x6c8/0xf10
[ 140.376208][ T2655] ? __kthread_parkme+0x19e/0x250
[ 140.376233][ T2655] ? __pfx_worker_thread+0x10/0x10
[ 140.376262][ T2655] kthread+0x3c5/0x780
[ 140.376283][ T2655] ? __pfx_kthread+0x10/0x10
[ 140.376304][ T2655] ? rcu_is_watching+0x12/0xc0
[ 140.376326][ T2655] ? __pfx_kthread+0x10/0x10
[ 140.376347][ T2655] ret_from_fork+0x56d/0x700
[ 140.376363][ T2655] ? __pfx_kthread+0x10/0x10
[ 140.376383][ T2655] ret_from_fork_asm+0x1a/0x30
[ 140.376410][ T2655]
[ 140.376417][ T2655]
[ 140.601376][ T2655] Allocated by task 2655:
[ 140.605893][ T2655] kasan_save_stack+0x33/0x60
[ 140.610583][ T2655] kasan_save_track+0x14/0x30
[ 140.615282][ T2655] __kasan_kmalloc+0x8f/0xa0
[ 140.620047][ T2655] __kmalloc_node_track_caller_noprof+0x212/0x4c0
[ 140.626664][ T2655] devm_kmalloc+0xa5/0x260
[ 140.631081][ T2655] btusb_probe+0x23f/0x4480
[ 140.635596][ T2655] usb_probe_interface+0x303/0xa40
[ 140.640704][ T2655] really_probe+0x241/0xa90
[ 140.645245][ T2655] __driver_probe_device+0x1de/0x440
[ 140.650551][ T2655] driver_probe_device+0x4c/0x1b0
[ 140.655857][ T2655] __device_attach_driver+0x1df/0x310
[ 140.661267][ T2655] bus_for_each_drv+0x159/0x1e0
[ 140.666264][ T2655] __device_attach+0x1e4/0x4b0
[ 140.671071][ T2655] bus_probe_device+0x17f/0x1c0
[ 140.676155][ T2655] device_add+0x1148/0x1aa0
[ 140.680704][ T2655] usb_set_configuration+0x1187/0x1e20
[ 140.686292][ T2655] usb_generic_driver_probe+0xb1/0x110
[ 140.691762][ T2655] usb_probe_device+0xec/0x3e0
[ 140.696550][ T2655] really_probe+0x241/0xa90
[ 140.701074][ T2655] __driver_probe_device+0x1de/0x440
[ 140.706470][ T2655] driver_probe_device+0x4c/0x1b0
[ 140.711532][ T2655] __device_attach_driver+0x1df/0x310
[ 140.716921][ T2655] bus_for_each_drv+0x159/0x1e0
[ 140.721881][ T2655] __device_attach+0x1e4/0x4b0
[ 140.726908][ T2655] bus_probe_device+0x17f/0x1c0
[ 140.732041][ T2655] device_add+0x1148/0x1aa0
[ 140.736562][ T2655] usb_new_device+0xd07/0x1a60
[ 140.741419][ T2655] hub_event+0x2fce/0x5060
[ 140.745917][ T2655] process_one_work+0x9cf/0x1b70
[ 140.751013][ T2655] worker_thread+0x6c8/0xf10
[ 140.755797][ T2655] kthread+0x3c5/0x780
[ 140.759877][ T2655] ret_from_fork+0x56d/0x700
[ 140.764559][ T2655] ret_from_fork_asm+0x1a/0x30
[ 140.769351][ T2655]
[ 140.771697][ T2655] Freed by task 2655:
[ 140.775679][ T2655] kasan_save_stack+0x33/0x60
[ 140.780464][ T2655] kasan_save_track+0x14/0x30
[ 140.785237][ T2655] kasan_save_free_info+0x3b/0x60
[ 140.790302][ T2655] __kasan_slab_free+0x3e/0x50
[ 140.795109][ T2655] kfree+0x283/0x470
[ 140.799028][ T2655] release_nodes+0x11e/0x240
[ 140.803795][ T2655] devres_release_all+0x112/0x180
[ 140.808825][ T2655] device_unbind_cleanup+0x19/0x1f0
[ 140.814033][ T2655] device_release_driver_internal+0x4c3/0x620
[ 140.820196][ T2655] usb_driver_release_interface+0x109/0x190
[ 140.826153][ T2655] btusb_disconnect+0x448/0x580
[ 140.831041][ T2655] usb_unbind_interface+0x1da/0x9e0
[ 140.836235][ T2655] device_remove+0x122/0x170
[ 140.840841][ T2655] device_release_driver_internal+0x44b/0x620
[ 140.847103][ T2655] bus_remove_device+0x22f/0x420
[ 140.852137][ T2655] device_del+0x396/0x9f0
[ 140.856485][ T2655] usb_disable_device+0x355/0x7d0
[ 140.861586][ T2655] usb_disconnect+0x2e1/0x9c0
[ 140.866359][ T2655] hub_event+0x1aa2/0x5060
[ 140.870880][ T2655] process_one_work+0x9cf/0x1b70
[ 140.875844][ T2655] worker_thread+0x6c8/0xf10
[ 140.880445][ T2655] kthread+0x3c5/0x780
[ 140.884728][ T2655] ret_from_fork+0x56d/0x700
[ 140.889680][ T2655] ret_from_fork_asm+0x1a/0x30
[ 140.894626][ T2655]
[ 140.896956][ T2655] The buggy address belongs to the object at ffff888121d50000
[ 140.896956][ T2655] which belongs to the cache kmalloc-2k of size 2048
[ 140.911023][ T2655] The buggy address is located 1984 bytes inside of
[ 140.911023][ T2655] freed 2048-byte region [ffff888121d50000, ffff888121d50800)
[ 140.925453][ T2655]
[ 140.927887][ T2655] The buggy address belongs to the physical page:
[ 140.934463][ T2655] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x121d50
[ 140.943408][ T2655] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 140.952473][ T2655] flags: 0x200000000000040(head|node=0|zone=2)
[ 140.958898][ T2655] page_type: f5(slab)
[ 140.962986][ T2655] raw: 0200000000000040 ffff888100042000 ffffea0004677600 0000000000000002
[ 140.971676][ T2655] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[ 140.980349][ T2655] head: 0200000000000040 ffff888100042000 ffffea0004677600 0000000000000002
[ 140.989281][ T2655] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[ 140.998241][ T2655] head: 0200000000000003 ffffea0004875401 00000000ffffffff 00000000ffffffff
[ 141.007024][ T2655] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[ 141.015790][ T2655] page dumped because: kasan: bad access detected
[ 141.023330][ T2655] page_owner tracks the page as allocated
[ 141.029056][ T2655] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4026, tgid 4026 (syz-executor), ts 115133188001, free_ts 114841402546
[ 141.050782][ T2655] post_alloc_hook+0x1c0/0x230
[ 141.055579][ T2655] get_page_from_freelist+0xf98/0x2ce0
[ 141.061070][ T2655] __alloc_frozen_pages_noprof+0x259/0x21e0
[ 141.067080][ T2655] alloc_pages_mpol+0xe4/0x410
[ 141.072148][ T2655] new_slab+0x247/0x330
[ 141.076341][ T2655] ___slab_alloc+0xc55/0x1620
[ 141.081205][ T2655] __slab_alloc.constprop.0+0x56/0xb0
[ 141.086792][ T2655] __kmalloc_cache_noprof+0x209/0x3c0
[ 141.092279][ T2655] rtnl_newlink+0x11b/0x1e90
[ 141.096974][ T2655] rtnetlink_rcv_msg+0x95e/0xe90
[ 141.101951][ T2655] netlink_rcv_skb+0x158/0x420
[ 141.106743][ T2655] netlink_unicast+0x5a7/0x870
[ 141.111542][ T2655] netlink_sendmsg+0x8d1/0xdd0
[ 141.116436][ T2655] __sys_sendto+0x4a0/0x520
[ 141.120961][ T2655] __x64_sys_sendto+0xe0/0x1c0
[ 141.125839][ T2655] do_syscall_64+0xcd/0x4d0
[ 141.130622][ T2655] page last free pid 4084 tgid 4084 stack trace:
[ 141.136958][ T2655] __free_frozen_pages+0x78a/0xfd0
[ 141.142090][ T2655] __put_partials+0x165/0x1c0
[ 141.146782][ T2655] qlist_free_all+0x4d/0x120
[ 141.151460][ T2655] kasan_quarantine_reduce+0x195/0x1e0
[ 141.156935][ T2655] __kasan_slab_alloc+0x4e/0x70
[ 141.161809][ T2655] kmem_cache_alloc_noprof+0x14f/0x3b0
[ 141.167482][ T2655] vm_area_dup+0x25/0x6c0
[ 141.171847][ T2655] __split_vma+0x18e/0x1040
[ 141.176458][ T2655] vms_gather_munmap_vmas+0x1d2/0x12c0
[ 141.181964][ T2655] __mmap_region+0x436/0x25d0
[ 141.186667][ T2655] mmap_region+0x1ab/0x3f0
[ 141.191118][ T2655] do_mmap+0xa2e/0x11f0
[ 141.195319][ T2655] vm_mmap_pgoff+0x201/0x390
[ 141.199931][ T2655] ksys_mmap_pgoff+0x32c/0x5c0
[ 141.204711][ T2655] __x64_sys_mmap+0x125/0x190
[ 141.209430][ T2655] do_syscall_64+0xcd/0x4d0
[ 141.214036][ T2655]
[ 141.216356][ T2655] Memory state around the buggy address:
[ 141.221987][ T2655] ffff888121d50680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 141.230238][ T2655] ffff888121d50700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 141.238479][ T2655] >ffff888121d50780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 141.246624][ T2655] ^
[ 141.252871][ T2655] ffff888121d50800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 141.261206][ T2655] ffff888121d50880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 141.269275][ T2655] ==================================================================
[ 141.277720][ T2655] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 141.285036][ T2655] CPU: 1 UID: 0 PID: 2655 Comm: kworker/1:2 Not tainted syzkaller #0 PREEMPT(voluntary)
[ 141.295150][ T2655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 141.305244][ T2655] Workqueue: usb_hub_wq hub_event
[ 141.310462][ T2655] Call Trace:
[ 141.313742][ T2655]
[ 141.316764][ T2655] dump_stack_lvl+0x3d/0x1f0
[ 141.321357][ T2655] vpanic+0x6e8/0x7a0
[ 141.325344][ T2655] ? __pfx_vpanic+0x10/0x10
[ 141.329960][ T2655] ? btusb_disconnect+0x4dc/0x580
[ 141.334999][ T2655] panic+0xca/0xd0
[ 141.338739][ T2655] ? __pfx_panic+0x10/0x10
[ 141.343276][ T2655] ? check_panic_on_warn+0x1f/0xb0
[ 141.348580][ T2655] check_panic_on_warn+0xab/0xb0
[ 141.353530][ T2655] end_report+0x107/0x170
[ 141.357878][ T2655] kasan_report+0xee/0x110
[ 141.362314][ T2655] ? btusb_disconnect+0x4dc/0x580
[ 141.367356][ T2655] btusb_disconnect+0x4dc/0x580
[ 141.372308][ T2655] usb_unbind_interface+0x1da/0x9e0
[ 141.377603][ T2655] ? kernfs_remove_by_name_ns+0xbe/0x110
[ 141.383329][ T2655] ? __pfx_usb_unbind_interface+0x10/0x10
[ 141.389050][ T2655] device_remove+0x122/0x170
[ 141.393765][ T2655] device_release_driver_internal+0x44b/0x620
[ 141.399850][ T2655] bus_remove_device+0x22f/0x420
[ 141.404813][ T2655] device_del+0x396/0x9f0
[ 141.409560][ T2655] ? __pfx_device_del+0x10/0x10
[ 141.414446][ T2655] ? kobject_put+0x210/0x5a0
[ 141.419066][ T2655] usb_disable_device+0x355/0x7d0
[ 141.424301][ T2655] usb_disconnect+0x2e1/0x9c0
[ 141.429000][ T2655] hub_event+0x1aa2/0x5060
[ 141.433462][ T2655] ? __lock_acquire+0xb97/0x1ce0
[ 141.438533][ T2655] ? __pfx_hub_event+0x10/0x10
[ 141.443405][ T2655] ? interval_tree_remove+0x850/0xee0
[ 141.448806][ T2655] ? rcu_is_watching+0x12/0xc0
[ 141.453771][ T2655] process_one_work+0x9cf/0x1b70
[ 141.458743][ T2655] ? __pfx_hub_event+0x10/0x10
[ 141.463596][ T2655] ? __pfx_process_one_work+0x10/0x10
[ 141.469379][ T2655] ? assign_work+0x1a0/0x250
[ 141.473994][ T2655] worker_thread+0x6c8/0xf10
[ 141.478609][ T2655] ? __kthread_parkme+0x19e/0x250
[ 141.483823][ T2655] ? __pfx_worker_thread+0x10/0x10
[ 141.488966][ T2655] kthread+0x3c5/0x780
[ 141.493176][ T2655] ? __pfx_kthread+0x10/0x10
[ 141.497797][ T2655] ? rcu_is_watching+0x12/0xc0
[ 141.502817][ T2655] ? __pfx_kthread+0x10/0x10
[ 141.507451][ T2655] ret_from_fork+0x56d/0x700
[ 141.512197][ T2655] ? __pfx_kthread+0x10/0x10
[ 141.516916][ T2655] ret_from_fork_asm+0x1a/0x30
[ 141.521899][ T2655]
[ 141.525525][ T2655] Kernel Offset: disabled
[ 141.529968][ T2655] Rebooting in 86400 seconds..