Warning: Permanently added '10.128.10.27' (ED25519) to the list of known hosts. 2023/08/21 05:01:41 ignoring optional flag "sandboxArg"="0" 2023/08/21 05:01:41 parsed 1 programs 2023/08/21 05:01:43 executed programs: 0 [ 56.022359][ T3218] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 57.513694][ T3226] veth0_vlan: entered promiscuous mode [ 58.195831][ T3037] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 58.555883][ T3037] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 58.566832][ T3037] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 58.577112][ T3037] usb 1-1: New USB device found, idVendor=5543, idProduct=0047, bcdDevice= 0.00 [ 58.586139][ T3037] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 58.594937][ T3037] usb 1-1: config 0 descriptor?? [ 59.727784][ T3037] input: HID 5543:0047 Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:5543:0047.0001/input/input4 [ 59.877777][ T3037] input: HID 5543:0047 Pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:5543:0047.0001/input/input5 [ 59.905999][ T3037] input: HID 5543:0047 Touch Strip as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:5543:0047.0001/input/input6 [ 59.921494][ T3037] input: HID 5543:0047 Dial as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:5543:0047.0001/input/input7 [ 59.972035][ T3037] uclogic 0003:5543:0047.0001: input,hidraw0: USB HID v0.00 Keypad [HID 5543:0047] on usb-dummy_hcd.0-1/input0 [ 59.996842][ T3037] usb 1-1: USB disconnect, device number 2 [ 60.023402][ T3037] ================================================================== [ 60.031903][ T3037] BUG: KASAN: slab-use-after-free in string+0x2a5/0x330 [ 60.039010][ T3037] Read of size 1 at addr ffff88811848c6a8 by task kworker/0:3/3037 [ 60.047150][ T3037] [ 60.049460][ T3037] CPU: 0 PID: 3037 Comm: kworker/0:3 Not tainted 6.5.0-rc4-syzkaller #0 [ 60.057753][ T3037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 60.068050][ T3037] Workqueue: usb_hub_wq hub_event [ 60.073055][ T3037] Call Trace: [ 60.076486][ T3037] [ 60.079391][ T3037] dump_stack_lvl+0x3d/0x60 [ 60.084016][ T3037] print_report+0xc4/0x620 [ 60.088583][ T3037] kasan_report+0xda/0x110 [ 60.092973][ T3037] ? string+0x2a5/0x330 [ 60.097269][ T3037] ? string+0x2a5/0x330 [ 60.101403][ T3037] string+0x2a5/0x330 [ 60.105365][ T3037] ? do_raw_spin_unlock+0x173/0x230 [ 60.110817][ T3037] ? ip6_addr_string_sa+0x860/0x860 [ 60.116181][ T3037] ? _raw_spin_unlock_irqrestore+0x3c/0x60 [ 60.122065][ T3037] ? __stack_depot_save+0x247/0x460 [ 60.127861][ T3037] vsnprintf+0xa01/0x15c0 [ 60.132264][ T3037] ? kobject_uevent_env+0x1ff/0x1410 [ 60.137536][ T3037] ? pointer+0x960/0x960 [ 60.142225][ T3037] ? string+0x167/0x330 [ 60.146847][ T3037] ? bus_remove_device+0x1ed/0x3e0 [ 60.152133][ T3037] ? device_del+0x3de/0x9a0 [ 60.156608][ T3037] ? hid_destroy_device+0xbe/0x130 [ 60.161821][ T3037] add_uevent_var+0x150/0x2c0 [ 60.166502][ T3037] ? process_one_work+0x922/0x1370 [ 60.171689][ T3037] ? worker_thread+0x58d/0xe40 [ 60.176428][ T3037] ? cleanup_uevent_env+0x40/0x40 [ 60.181530][ T3037] ? vsnprintf+0xa01/0x15c0 [ 60.186104][ T3037] ? pointer+0x960/0x960 [ 60.190375][ T3037] input_dev_uevent+0x145/0x710 [ 60.195417][ T3037] dev_uevent+0x28e/0x6c0 [ 60.199915][ T3037] ? cleanup_uevent_env+0x40/0x40 [ 60.205093][ T3037] ? device_get_devnode+0x2b0/0x2b0 [ 60.210384][ T3037] ? rcu_is_watching+0x15/0xb0 [ 60.215300][ T3037] ? __kmalloc+0xd8/0x160 [ 60.219723][ T3037] kobject_uevent_env+0x52c/0x1410 [ 60.224819][ T3037] device_del+0x5c1/0x9a0 [ 60.229138][ T3037] ? __fw_devlink_pickup_dangling_consumers+0x210/0x210 [ 60.236067][ T3037] input_unregister_device+0x7f/0xb0 [ 60.241622][ T3037] hidinput_disconnect+0x13f/0x3d0 [ 60.246799][ T3037] ? up_write+0x159/0x210 [ 60.251617][ T3037] hid_disconnect+0xe8/0x150 [ 60.256319][ T3037] hid_hw_stop+0xe/0x70 [ 60.260544][ T3037] uclogic_remove+0x42/0x90 [ 60.265364][ T3037] hid_device_remove+0xbc/0x220 [ 60.270190][ T3037] device_release_driver_internal+0x370/0x530 [ 60.276285][ T3037] bus_remove_device+0x1ed/0x3e0 [ 60.281370][ T3037] device_del+0x3de/0x9a0 [ 60.285760][ T3037] ? __fw_devlink_pickup_dangling_consumers+0x210/0x210 [ 60.293125][ T3037] ? do_raw_spin_lock+0x12e/0x2b0 [ 60.298762][ T3037] ? spin_bug+0x1d0/0x1d0 [ 60.303251][ T3037] hid_destroy_device+0xbe/0x130 [ 60.308527][ T3037] usbhid_disconnect+0x92/0xc0 [ 60.313287][ T3037] usb_unbind_interface+0x17d/0x7b0 [ 60.318540][ T3037] ? kernfs_remove_by_name_ns+0xfc/0x130 [ 60.324331][ T3037] device_release_driver_internal+0x370/0x530 [ 60.330491][ T3037] bus_remove_device+0x1ed/0x3e0 [ 60.335500][ T3037] device_del+0x3de/0x9a0 [ 60.339842][ T3037] ? __fw_devlink_pickup_dangling_consumers+0x210/0x210 [ 60.346779][ T3037] ? kobject_put.part.0+0x17c/0x400 [ 60.352137][ T3037] ? kobject_put.part.0+0x17c/0x400 [ 60.357661][ T3037] usb_disable_device+0x290/0x680 [ 60.362930][ T3037] usb_disconnect+0x272/0x880 [ 60.367591][ T3037] hub_event+0x1894/0x45e0 [ 60.371987][ T3037] ? trace_event_raw_event_sched_pi_setprio+0x1a0/0x320 [ 60.379440][ T3037] ? is_dynamic_key+0x140/0x140 [ 60.384352][ T3037] ? __schedule+0xb6b/0x2760 [ 60.388946][ T3037] ? hub_port_debounce+0x300/0x300 [ 60.394041][ T3037] ? __lock_acquire.constprop.0+0x486/0xf20 [ 60.400043][ T3037] ? reacquire_held_locks+0x380/0x380 [ 60.405681][ T3037] ? lock_acquire+0x12a/0x2b0 [ 60.410464][ T3037] process_one_work+0x922/0x1370 [ 60.415379][ T3037] ? mod_delayed_work_on+0x290/0x290 [ 60.420735][ T3037] ? spin_bug+0x1d0/0x1d0 [ 60.425404][ T3037] worker_thread+0x58d/0xe40 [ 60.429971][ T3037] ? __kthread_parkme+0x7e/0x150 [ 60.435278][ T3037] ? rescuer_thread+0xb60/0xb60 [ 60.442283][ T3037] kthread+0x278/0x330 [ 60.447304][ T3037] ? kthread_complete_and_exit+0x20/0x20 [ 60.453579][ T3037] ret_from_fork+0x2c/0x70 [ 60.458076][ T3037] ? kthread_complete_and_exit+0x20/0x20 [ 60.463791][ T3037] ret_from_fork_asm+0x11/0x20 [ 60.469438][ T3037] [ 60.472537][ T3037] [ 60.475267][ T3037] Allocated by task 3037: [ 60.479836][ T3037] kasan_save_stack+0x33/0x50 [ 60.484927][ T3037] kasan_set_track+0x25/0x30 [ 60.489757][ T3037] __kasan_kmalloc+0xa2/0xb0 [ 60.494675][ T3037] __kmalloc_node_track_caller+0x5e/0x160 [ 60.500486][ T3037] devm_kmalloc+0x75/0x1e0 [ 60.505071][ T3037] uclogic_input_configured+0x1c8/0x5f0 [ 60.510593][ T3037] hidinput_connect+0x14fc/0x25a0 [ 60.515588][ T3037] hid_connect+0xfe4/0x1520 [ 60.520258][ T3037] hid_hw_start+0x75/0xf0 [ 60.524583][ T3037] uclogic_probe+0x1cb/0x2d0 [ 60.529143][ T3037] hid_device_probe+0x272/0x3d0 [ 60.534233][ T3037] really_probe+0x1bf/0xb20 [ 60.538772][ T3037] __driver_probe_device+0x187/0x440 [ 60.544032][ T3037] driver_probe_device+0x45/0x110 [ 60.549118][ T3037] __device_attach_driver+0x152/0x260 [ 60.554557][ T3037] bus_for_each_drv+0x110/0x190 [ 60.559418][ T3037] __device_attach+0x194/0x3a0 [ 60.564157][ T3037] bus_probe_device+0x12b/0x170 [ 60.568982][ T3037] device_add+0xee3/0x1720 [ 60.573371][ T3037] hid_add_device+0x307/0x900 [ 60.578278][ T3037] usbhid_probe+0xab8/0x1080 [ 60.583021][ T3037] usb_probe_interface+0x279/0x820 [ 60.588280][ T3037] really_probe+0x1bf/0xb20 [ 60.592768][ T3037] __driver_probe_device+0x187/0x440 [ 60.598109][ T3037] driver_probe_device+0x45/0x110 [ 60.603202][ T3037] __device_attach_driver+0x152/0x260 [ 60.608545][ T3037] bus_for_each_drv+0x110/0x190 [ 60.613464][ T3037] __device_attach+0x194/0x3a0 [ 60.618294][ T3037] bus_probe_device+0x12b/0x170 [ 60.623472][ T3037] device_add+0xee3/0x1720 [ 60.627869][ T3037] usb_set_configuration+0xdc1/0x1830 [ 60.633221][ T3037] usb_generic_driver_probe+0x84/0xd0 [ 60.638651][ T3037] usb_probe_device+0x9f/0x240 [ 60.643559][ T3037] really_probe+0x1bf/0xb20 [ 60.648216][ T3037] __driver_probe_device+0x187/0x440 [ 60.653562][ T3037] driver_probe_device+0x45/0x110 [ 60.658561][ T3037] __device_attach_driver+0x152/0x260 [ 60.664073][ T3037] bus_for_each_drv+0x110/0x190 [ 60.669073][ T3037] __device_attach+0x194/0x3a0 [ 60.674078][ T3037] bus_probe_device+0x12b/0x170 [ 60.679245][ T3037] device_add+0xee3/0x1720 [ 60.683631][ T3037] usb_new_device+0xc70/0x17b0 [ 60.688371][ T3037] hub_event+0x26da/0x45e0 [ 60.692810][ T3037] process_one_work+0x922/0x1370 [ 60.697809][ T3037] worker_thread+0xfb/0xe40 [ 60.702285][ T3037] kthread+0x278/0x330 [ 60.706650][ T3037] ret_from_fork+0x2c/0x70 [ 60.711337][ T3037] ret_from_fork_asm+0x11/0x20 [ 60.716431][ T3037] [ 60.719062][ T3037] Freed by task 3037: [ 60.723027][ T3037] kasan_save_stack+0x33/0x50 [ 60.727944][ T3037] kasan_set_track+0x25/0x30 [ 60.732513][ T3037] kasan_save_free_info+0x2b/0x40 [ 60.737516][ T3037] ____kasan_slab_free+0x15e/0x1b0 [ 60.742598][ T3037] slab_free_freelist_hook+0x10b/0x1e0 [ 60.748118][ T3037] __kmem_cache_free+0xba/0x340 [ 60.753149][ T3037] devres_release_all+0x172/0x210 [ 60.759205][ T3037] device_del+0x5a7/0x9a0 [ 60.764273][ T3037] input_unregister_device+0x7f/0xb0 [ 60.770076][ T3037] hidinput_disconnect+0x13f/0x3d0 [ 60.775367][ T3037] hid_disconnect+0xe8/0x150 [ 60.779936][ T3037] hid_hw_stop+0xe/0x70 [ 60.784954][ T3037] uclogic_remove+0x42/0x90 [ 60.789534][ T3037] hid_device_remove+0xbc/0x220 [ 60.794532][ T3037] device_release_driver_internal+0x370/0x530 [ 60.800745][ T3037] bus_remove_device+0x1ed/0x3e0 [ 60.805661][ T3037] device_del+0x3de/0x9a0 [ 60.810072][ T3037] hid_destroy_device+0xbe/0x130 [ 60.815252][ T3037] usbhid_disconnect+0x92/0xc0 [ 60.820258][ T3037] usb_unbind_interface+0x17d/0x7b0 [ 60.825525][ T3037] device_release_driver_internal+0x370/0x530 [ 60.831682][ T3037] bus_remove_device+0x1ed/0x3e0 [ 60.836607][ T3037] device_del+0x3de/0x9a0 [ 60.840906][ T3037] usb_disable_device+0x290/0x680 [ 60.846076][ T3037] usb_disconnect+0x272/0x880 [ 60.850817][ T3037] hub_event+0x1894/0x45e0 [ 60.855413][ T3037] process_one_work+0x922/0x1370 [ 60.860588][ T3037] worker_thread+0x58d/0xe40 [ 60.865152][ T3037] kthread+0x278/0x330 [ 60.869278][ T3037] ret_from_fork+0x2c/0x70 [ 60.873744][ T3037] ret_from_fork_asm+0x11/0x20 [ 60.878481][ T3037] [ 60.880786][ T3037] The buggy address belongs to the object at ffff88811848c680 [ 60.880786][ T3037] which belongs to the cache kmalloc-64 of size 64 [ 60.895864][ T3037] The buggy address is located 40 bytes inside of [ 60.895864][ T3037] freed 64-byte region [ffff88811848c680, ffff88811848c6c0) [ 60.909544][ T3037] [ 60.911935][ T3037] The buggy address belongs to the physical page: [ 60.918321][ T3037] page:ffffea0004612300 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11848c [ 60.929560][ T3037] flags: 0x100000000000200(slab|node=0|zone=2) [ 60.935946][ T3037] page_type: 0xffffffff() [ 60.940256][ T3037] raw: 0100000000000200 ffff888100041640 dead000000000100 dead000000000122 [ 60.948998][ T3037] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 [ 60.957830][ T3037] page dumped because: kasan: bad access detected [ 60.964334][ T3037] page_owner tracks the page as allocated [ 60.970388][ T3037] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY), pid 2572, tgid 2572 (start-stop-daem), ts 7819185710, free_ts 7815662957 [ 60.989678][ T3037] post_alloc_hook+0x281/0x2f0 [ 60.994421][ T3037] get_page_from_freelist+0xfcb/0x31e0 [ 60.999865][ T3037] __alloc_pages+0x1d0/0x470 [ 61.004441][ T3037] allocate_slab+0x24e/0x360 [ 61.009039][ T3037] ___slab_alloc+0x7a7/0x1000 [ 61.013690][ T3037] __slab_alloc.constprop.0+0x4d/0x90 [ 61.019043][ T3037] __kmem_cache_alloc_node+0x143/0x390 [ 61.024714][ T3037] __kmalloc+0x4c/0x160 [ 61.028852][ T3037] tomoyo_commit_ok+0x1a/0x60 [ 61.033510][ T3037] tomoyo_update_domain+0x514/0x7c0 [ 61.038771][ T3037] tomoyo_write_file+0x375/0x570 [ 61.044243][ T3037] tomoyo_write_domain2+0xdd/0x150 [ 61.049327][ T3037] tomoyo_supervisor+0x417/0xc40 [ 61.054321][ T3037] tomoyo_path_permission+0x23d/0x330 [ 61.059663][ T3037] tomoyo_check_open_permission+0x287/0x2b0 [ 61.065704][ T3037] security_file_open+0x4f/0x80 [ 61.070605][ T3037] page last free stack trace: [ 61.075299][ T3037] free_unref_page_prepare+0x5ac/0xcf0 [ 61.080826][ T3037] free_unref_page_list+0xe6/0xaa0 [ 61.085956][ T3037] release_pages+0x25c/0x10c0 [ 61.090606][ T3037] tlb_batch_pages_flush+0x79/0x140 [ 61.095777][ T3037] tlb_finish_mmu+0x114/0x6c0 [ 61.100451][ T3037] exit_mmap+0x26a/0x730 [ 61.104750][ T3037] __mmput+0xb7/0x3e0 [ 61.108711][ T3037] begin_new_exec+0xe05/0x2900 [ 61.113456][ T3037] load_elf_binary+0x659/0x4500 [ 61.118380][ T3037] bprm_execve+0x686/0x1430 [ 61.123373][ T3037] do_execveat_common.isra.0+0x4bc/0x690 [ 61.129151][ T3037] __x64_sys_execve+0x87/0xb0 [ 61.133824][ T3037] do_syscall_64+0x38/0xb0 [ 61.138211][ T3037] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 61.144083][ T3037] [ 61.146554][ T3037] Memory state around the buggy address: [ 61.152254][ T3037] ffff88811848c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 61.161245][ T3037] ffff88811848c600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 61.169274][ T3037] >ffff88811848c680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 61.178003][ T3037] ^ [ 61.183357][ T3037] ffff88811848c700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 61.191477][ T3037] ffff88811848c780: 00 00 00 00 00 00 07 fc fc fc fc fc fc fc fc fc [ 61.199604][ T3037] ================================================================== [ 61.207890][ T3037] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 61.215594][ T3037] Kernel Offset: disabled [ 61.219999][ T3037] Rebooting in 86400 seconds..