Warning: Permanently added '10.128.0.207' (ED25519) to the list of known hosts. 2025/09/27 09:34:14 parsed 1 programs [ 80.104321][ T4514] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 82.155943][ T4560] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.163117][ T4560] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.170314][ T4560] bridge_slave_0: entered allmulticast mode [ 82.177110][ T4560] bridge_slave_0: entered promiscuous mode [ 82.184013][ T4560] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.191194][ T4560] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.198625][ T4560] bridge_slave_1: entered allmulticast mode [ 82.205405][ T4560] bridge_slave_1: entered promiscuous mode [ 82.313638][ T4560] team0: Port device team_slave_0 added [ 82.321530][ T4560] team0: Port device team_slave_1 added [ 82.433356][ T4560] hsr_slave_0: entered promiscuous mode [ 82.440953][ T4560] hsr_slave_1: entered promiscuous mode [ 82.576070][ T4560] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 82.584928][ T4560] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 82.593718][ T4560] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 82.602372][ T4560] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 82.625697][ T4560] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.633078][ T4560] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.640594][ T4560] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.647754][ T4560] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.888450][ T981] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.896519][ T981] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.145945][ T4560] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.159676][ T3144] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.166886][ T3144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.176102][ T3144] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.183422][ T3144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.696607][ T4560] veth0_vlan: entered promiscuous mode [ 83.706036][ T4560] veth1_vlan: entered promiscuous mode [ 83.906071][ T4560] veth0_macvtap: entered promiscuous mode [ 83.914291][ T4560] veth1_macvtap: entered promiscuous mode [ 85.373838][ T2954] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.381884][ T2954] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.410165][ T3144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.419146][ T3144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2025/09/27 09:34:21 executed programs: 0 [ 86.101863][ T4740] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.109537][ T4740] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.117050][ T4740] bridge_slave_0: entered allmulticast mode [ 86.124275][ T4740] bridge_slave_0: entered promiscuous mode [ 86.131335][ T4740] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.138720][ T4740] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.146107][ T4740] bridge_slave_1: entered allmulticast mode [ 86.153160][ T4740] bridge_slave_1: entered promiscuous mode [ 86.243828][ T4740] team0: Port device team_slave_0 added [ 86.252038][ T4740] team0: Port device team_slave_1 added [ 86.350332][ T4740] hsr_slave_0: entered promiscuous mode [ 86.356450][ T4740] hsr_slave_1: entered promiscuous mode [ 86.362581][ T4740] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 86.370190][ T4740] Cannot create hsr debugfs directory [ 86.781924][ T4740] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 86.799050][ T4740] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 86.809005][ T4740] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 86.819015][ T4740] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 86.846895][ T4740] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.854109][ T4740] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.861654][ T4740] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.868842][ T4740] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.129338][ T3144] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.148198][ T3144] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.795478][ T2972] hsr_slave_0: left promiscuous mode [ 87.810805][ T2972] hsr_slave_1: left promiscuous mode [ 87.816766][ T2972] bridge_slave_1: left allmulticast mode [ 87.822596][ T2972] bridge_slave_1: left promiscuous mode [ 87.828353][ T2972] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.837056][ T2972] bridge_slave_0: left allmulticast mode [ 87.842944][ T2972] bridge_slave_0: left promiscuous mode [ 87.848864][ T2972] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.862666][ T2972] veth1_macvtap: left promiscuous mode [ 87.868867][ T2972] veth0_macvtap: left promiscuous mode [ 87.874882][ T2972] veth1_vlan: left promiscuous mode [ 87.880337][ T2972] veth0_vlan: left promiscuous mode [ 88.147536][ T2972] team0 (unregistering): Port device team_slave_1 removed [ 88.173853][ T2972] team0 (unregistering): Port device team_slave_0 removed [ 88.437895][ T4740] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.449113][ T981] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.456704][ T981] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.498092][ T981] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.505335][ T981] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.525087][ T4740] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 88.536040][ T4740] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 89.653346][ T4740] veth0_vlan: entered promiscuous mode [ 89.666901][ T4740] veth1_vlan: entered promiscuous mode [ 90.054413][ T4740] veth0_macvtap: entered promiscuous mode [ 90.063974][ T4740] veth1_macvtap: entered promiscuous mode [ 90.454824][ T2972] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.463045][ T2972] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.493857][ T1543] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.501981][ T1543] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.928678][ T28] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 91.107948][ T28] usb 2-1: Using ep0 maxpacket: 16 [ 91.115632][ T28] usb 2-1: unable to get BOS descriptor or descriptor too short [ 91.124866][ T28] usb 2-1: config 5 has an invalid interface number: 196 but max is 0 [ 91.133704][ T28] usb 2-1: config 5 has no interface number 0 [ 91.140116][ T28] usb 2-1: config 5 interface 196 altsetting 5 endpoint 0x3 has invalid wMaxPacketSize 0 [ 91.150275][ T28] usb 2-1: config 5 interface 196 has no altsetting 0 [ 91.159899][ T28] usb 2-1: New USB device found, idVendor=0424, idProduct=cf18, bcdDevice=25.5e [ 91.169164][ T28] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 91.177161][ T28] usb 2-1: Product: syz [ 91.181478][ T28] usb 2-1: Manufacturer: syz [ 91.186087][ T28] usb 2-1: SerialNumber: syz [ 91.422659][ T28] usb 2-1: USB disconnect, device number 2 [ 91.432125][ T28] ================================================================== [ 91.440343][ T28] BUG: KASAN: slab-use-after-free in hdm_disconnect+0x10d/0x1c0 [ 91.448024][ T28] Read of size 8 at addr ffff888100bdd890 by task kworker/1:1/28 [ 91.455847][ T28] [ 91.458190][ T28] CPU: 1 PID: 28 Comm: kworker/1:1 Not tainted syzkaller #0 [ 91.465655][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 91.475895][ T28] Workqueue: usb_hub_wq hub_event [ 91.481151][ T28] Call Trace: [ 91.484508][ T28] [ 91.487424][ T28] dump_stack_lvl+0x168/0x230 [ 91.492176][ T28] ? __lock_acquire+0xba0/0xba0 [ 91.497035][ T28] ? show_regs_print_info+0x20/0x20 [ 91.502427][ T28] ? load_image+0x630/0x630 [ 91.506927][ T28] ? __virt_addr_valid+0x2c5/0x380 [ 91.512064][ T28] print_report+0xac/0x220 [ 91.516591][ T28] ? hdm_disconnect+0x10d/0x1c0 [ 91.521548][ T28] kasan_report+0x117/0x150 [ 91.526136][ T28] ? hdm_disconnect+0x10d/0x1c0 [ 91.531064][ T28] hdm_disconnect+0x10d/0x1c0 [ 91.535772][ T28] usb_unbind_interface+0x1f2/0x870 [ 91.541061][ T28] ? kernfs_remove_by_name_ns+0xf9/0x120 [ 91.546684][ T28] ? usb_driver_release_interface+0x1c0/0x1c0 [ 91.552845][ T28] device_release_driver_internal+0x4cb/0x7a0 [ 91.558917][ T28] bus_remove_device+0x342/0x400 [ 91.563931][ T28] device_del+0x54a/0x860 [ 91.568336][ T28] ? device_release+0x96/0x170 [ 91.573081][ T28] ? __kmem_cache_free+0xba/0x1f0 [ 91.578107][ T28] ? kill_device+0x140/0x140 [ 91.582686][ T28] ? kobject_put+0x3a2/0x3e0 [ 91.587437][ T28] usb_disable_device+0x398/0x750 [ 91.592536][ T28] usb_disconnect+0x34c/0x8a0 [ 91.597202][ T28] hub_event+0x1c65/0x4860 [ 91.601694][ T28] ? __lock_acquire+0x5c5/0xba0 [ 91.606549][ T28] ? hub_post_resume+0x120/0x120 [ 91.611570][ T28] ? read_lock_is_recursive+0x20/0x20 [ 91.616972][ T28] ? process_scheduled_works+0x910/0x1420 [ 91.622676][ T28] process_scheduled_works+0x9cd/0x1420 [ 91.628392][ T28] ? assign_work+0x3e0/0x3e0 [ 91.633146][ T28] ? assign_work+0x38b/0x3e0 [ 91.637745][ T28] worker_thread+0xa0f/0xec0 [ 91.642538][ T28] ? _raw_spin_unlock_irqrestore+0xa1/0x100 [ 91.648626][ T28] kthread+0x27c/0x2e0 [ 91.652687][ T28] ? pr_cont_work+0x560/0x560 [ 91.657438][ T28] ? kthread_blkcg+0xd0/0xd0 [ 91.662041][ T28] ret_from_fork+0x48/0x80 [ 91.666573][ T28] ? kthread_blkcg+0xd0/0xd0 [ 91.671277][ T28] ret_from_fork_asm+0x11/0x20 [ 91.676154][ T28] [ 91.679181][ T28] [ 91.681494][ T28] Allocated by task 28: [ 91.685649][ T28] kasan_set_track+0x4e/0x70 [ 91.690324][ T28] __kasan_kmalloc+0x8f/0xa0 [ 91.695052][ T28] hdm_probe+0x96/0x13e0 [ 91.699309][ T28] usb_probe_interface+0x5a4/0xb00 [ 91.704433][ T28] really_probe+0x34b/0xd90 [ 91.709011][ T28] __driver_probe_device+0x18c/0x330 [ 91.714369][ T28] driver_probe_device+0x4f/0x420 [ 91.719507][ T28] __device_attach_driver+0x2ca/0x520 [ 91.724950][ T28] bus_for_each_drv+0x24b/0x2d0 [ 91.729876][ T28] __device_attach+0x28c/0x3d0 [ 91.734712][ T28] bus_probe_device+0x180/0x260 [ 91.739554][ T28] device_add+0x7ed/0xb80 [ 91.743871][ T28] usb_set_configuration+0x19be/0x1fd0 [ 91.749489][ T28] usb_generic_driver_probe+0x8d/0x150 [ 91.755041][ T28] usb_probe_device+0x13d/0x280 [ 91.759988][ T28] really_probe+0x34b/0xd90 [ 91.764495][ T28] __driver_probe_device+0x18c/0x330 [ 91.769867][ T28] driver_probe_device+0x4f/0x420 [ 91.775165][ T28] __device_attach_driver+0x2ca/0x520 [ 91.780626][ T28] bus_for_each_drv+0x24b/0x2d0 [ 91.785587][ T28] __device_attach+0x28c/0x3d0 [ 91.790434][ T28] bus_probe_device+0x180/0x260 [ 91.795287][ T28] device_add+0x7ed/0xb80 [ 91.799615][ T28] usb_new_device+0xa31/0x15d0 [ 91.804474][ T28] hub_event+0x2869/0x4860 [ 91.808928][ T28] process_scheduled_works+0x9cd/0x1420 [ 91.814489][ T28] worker_thread+0xa0f/0xec0 [ 91.819075][ T28] kthread+0x27c/0x2e0 [ 91.823131][ T28] ret_from_fork+0x48/0x80 [ 91.827526][ T28] ret_from_fork_asm+0x11/0x20 [ 91.832286][ T28] [ 91.834589][ T28] Freed by task 28: [ 91.838373][ T28] kasan_set_track+0x4e/0x70 [ 91.842945][ T28] kasan_save_free_info+0x2e/0x50 [ 91.847954][ T28] ____kasan_slab_free+0x126/0x1e0 [ 91.853139][ T28] slab_free_freelist_hook+0x130/0x1b0 [ 91.858684][ T28] __kmem_cache_free+0xba/0x1f0 [ 91.863698][ T28] device_release+0x96/0x170 [ 91.868579][ T28] kobject_put+0x21d/0x3e0 [ 91.873169][ T28] hdm_disconnect+0xf3/0x1c0 [ 91.877922][ T28] usb_unbind_interface+0x1f2/0x870 [ 91.883221][ T28] device_release_driver_internal+0x4cb/0x7a0 [ 91.889725][ T28] bus_remove_device+0x342/0x400 [ 91.894831][ T28] device_del+0x54a/0x860 [ 91.899169][ T28] usb_disable_device+0x398/0x750 [ 91.904281][ T28] usb_disconnect+0x34c/0x8a0 [ 91.909039][ T28] hub_event+0x1c65/0x4860 [ 91.913452][ T28] process_scheduled_works+0x9cd/0x1420 [ 91.919348][ T28] worker_thread+0xa0f/0xec0 [ 91.924053][ T28] kthread+0x27c/0x2e0 [ 91.928207][ T28] ret_from_fork+0x48/0x80 [ 91.932883][ T28] ret_from_fork_asm+0x11/0x20 [ 91.937694][ T28] [ 91.940192][ T28] The buggy address belongs to the object at ffff888100bdc000 [ 91.940192][ T28] which belongs to the cache kmalloc-8k of size 8192 [ 91.954509][ T28] The buggy address is located 6288 bytes inside of [ 91.954509][ T28] freed 8192-byte region [ffff888100bdc000, ffff888100bde000) [ 91.968739][ T28] [ 91.971052][ T28] The buggy address belongs to the physical page: [ 91.977660][ T28] page:ffffea000402f600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100bd8 [ 91.988075][ T28] head:ffffea000402f600 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 91.997256][ T28] flags: 0x200000000000840(slab|head|node=0|zone=2) [ 92.004035][ T28] page_type: 0xffffffff() [ 92.008456][ T28] raw: 0200000000000840 ffff888100042280 ffffea00046e0800 0000000000000006 [ 92.017242][ T28] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000 [ 92.026010][ T28] page dumped because: kasan: bad access detected [ 92.032438][ T28] page_owner tracks the page as allocated [ 92.038324][ T28] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3735, tgid 3735 (S50sshd), ts 25333004299, free_ts 25309669508 [ 92.058728][ T28] post_alloc_hook+0x26b/0x290 [ 92.063484][ T28] get_page_from_freelist+0x2a25/0x2b60 [ 92.069274][ T28] __alloc_pages+0x1e3/0x430 [ 92.073855][ T28] alloc_slab_page+0x5d/0x170 [ 92.078610][ T28] new_slab+0x70/0x260 [ 92.082766][ T28] ___slab_alloc+0xa3e/0xee0 [ 92.087446][ T28] __kmem_cache_alloc_node+0x19c/0x250 [ 92.092982][ T28] kmalloc_trace+0x2a/0xc0 [ 92.097559][ T28] tomoyo_init_log+0xee3/0x1cb0 [ 92.102405][ T28] tomoyo_supervisor+0x2f7/0x1010 [ 92.107418][ T28] tomoyo_env_perm+0x14a/0x1e0 [ 92.112230][ T28] tomoyo_find_next_domain+0x1594/0x1a60 [ 92.118057][ T28] tomoyo_bprm_check_security+0x10d/0x140 [ 92.123846][ T28] security_bprm_check+0x62/0x90 [ 92.128960][ T28] bprm_execve+0x76f/0x1480 [ 92.133444][ T28] do_execveat_common+0x948/0xab0 [ 92.138538][ T28] page last free stack trace: [ 92.143191][ T28] free_unref_page_prepare+0x7ed/0x910 [ 92.148638][ T28] free_unref_page+0x32/0x290 [ 92.153384][ T28] __unfreeze_partials+0x1a4/0x1e0 [ 92.158972][ T28] put_cpu_partial+0x14c/0x1b0 [ 92.163942][ T28] __slab_free+0x297/0x380 [ 92.168359][ T28] qlist_free_all+0x75/0xe0 [ 92.173298][ T28] kasan_quarantine_reduce+0x143/0x160 [ 92.178851][ T28] __kasan_slab_alloc+0x22/0x80 [ 92.184153][ T28] slab_post_alloc_hook+0x66/0x430 [ 92.189532][ T28] __kmem_cache_alloc_node+0x13e/0x250 [ 92.195156][ T28] __kmalloc+0x97/0x1c0 [ 92.199299][ T28] tomoyo_supervisor+0xb2f/0x1010 [ 92.204446][ T28] tomoyo_path_perm+0x412/0x520 [ 92.209437][ T28] security_inode_getattr+0xd3/0x120 [ 92.214898][ T28] __se_sys_newfstat+0xdf/0x3d0 [ 92.219839][ T28] do_syscall_64+0x55/0xb0 [ 92.224259][ T28] [ 92.226760][ T28] Memory state around the buggy address: [ 92.232557][ T28] ffff888100bdd780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 92.240853][ T28] ffff888100bdd800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 92.249163][ T28] >ffff888100bdd880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 92.257224][ T28] ^ [ 92.261804][ T28] ffff888100bdd900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 92.270195][ T28] ffff888100bdd980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 92.278335][ T28] ================================================================== [ 92.287432][ T28] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 92.295087][ T28] Kernel Offset: disabled [ 92.299509][ T28] Rebooting in 86400 seconds..