[   49.132568][   T29] kauditd_printk_skb: 21 callbacks suppressed
[   49.132588][   T29] audit: type=1400 audit(1759034957.119:92): avc:  denied  { create } for  pid=2987 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   49.159945][   T29] audit: type=1400 audit(1759034957.119:93): avc:  denied  { write } for  pid=2987 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   49.180571][   T29] audit: type=1400 audit(1759034957.159:94): avc:  denied  { read } for  pid=2987 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   58.493823][   T29] audit: type=1401 audit(1759034966.479:95): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[   58.645225][   T29] audit: type=1400 audit(1759034966.629:96): avc:  denied  { create } for  pid=3481 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   58.694432][   T29] audit: type=1400 audit(1759034966.679:97): avc:  denied  { create } for  pid=3482 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[   58.714552][   T29] audit: type=1400 audit(1759034966.679:98): avc:  denied  { sys_admin } for  pid=3482 comm="syz-executor" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[   58.737871][   T29] audit: type=1400 audit(1759034966.719:99): avc:  denied  { sys_chroot } for  pid=3483 comm="syz-executor" capability=18  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[   59.262840][   T29] audit: type=1400 audit(1759034967.249:100): avc:  denied  { write } for  pid=2958 comm="syz-execprog" path="pipe:[1729]" dev="pipefs" ino=1729 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
Warning: Permanently added '10.128.0.81' (ED25519) to the list of known hosts.
2025/09/28 04:50:01 parsed 1 programs
[   95.284497][   T29] audit: type=1400 audit(1759035003.269:101): avc:  denied  { unlink } for  pid=3970 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   95.371778][ T3970] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   96.757666][   T29] audit: type=1400 audit(1759035004.739:102): avc:  denied  { read } for  pid=3975 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   96.779717][   T29] audit: type=1400 audit(1759035004.739:103): avc:  denied  { open } for  pid=3975 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   96.846030][   T29] audit: type=1401 audit(1759035004.829:104): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[   96.908693][   T29] audit: type=1400 audit(1759035004.889:105): avc:  denied  { unmount } for  pid=3979 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
2025/09/28 04:50:18 executed programs: 0
2025/09/28 04:50:28 executed programs: 2
[  120.909630][   T29] audit: type=1400 audit(1759035028.889:106): avc:  denied  { read write } for  pid=4946 comm="syz.3.16" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  120.933314][   T29] audit: type=1400 audit(1759035028.889:107): avc:  denied  { open } for  pid=4946 comm="syz.3.16" path="/dev/raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  120.957036][   T29] audit: type=1400 audit(1759035028.939:108): avc:  denied  { ioctl } for  pid=4946 comm="syz.3.16" path="/dev/raw-gadget" dev="devtmpfs" ino=236 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  121.189774][   T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  121.339640][   T10] usb 4-1: Using ep0 maxpacket: 8
[  121.346672][   T10] usb 4-1: config 162 has an invalid interface number: 3 but max is 2
[  121.354977][   T10] usb 4-1: config 162 has an invalid interface number: 3 but max is 2
[  121.363294][   T10] usb 4-1: config 162 has 2 interfaces, different from the descriptor's value: 3
[  121.372473][   T10] usb 4-1: config 162 has no interface number 0
[  121.378743][   T10] usb 4-1: config 162 has no interface number 1
[  121.385196][   T10] usb 4-1: config 162 interface 3 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  121.398376][   T10] usb 4-1: config 162 interface 2 altsetting 1 has a duplicate endpoint with address 0x9, skipping
[  121.409323][   T10] usb 4-1: config 162 interface 2 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86
[  121.421245][   T10] usb 4-1: config 162 interface 2 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024
[  121.432956][   T10] usb 4-1: config 162 interface 2 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024
[  121.443589][   T10] usb 4-1: config 162 interface 2 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4
[  121.456659][   T10] usb 4-1: config 162 interface 3 has no altsetting 0
[  121.463554][   T10] usb 4-1: config 162 interface 3 has no altsetting 1
[  121.470403][   T10] usb 4-1: config 162 interface 2 has no altsetting 0
[  121.479213][   T10] usb 4-1: New USB device found, idVendor=0e8d, idProduct=763f, bcdDevice=9b.23
[  121.488751][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  121.496974][   T10] usb 4-1: Product: syz
[  121.501247][   T10] usb 4-1: Manufacturer: syz
[  121.505866][   T10] usb 4-1: SerialNumber: syz
[  121.738494][ T4951] Bluetooth: hci0: Opcode 0x0c03 failed: -71
[  121.749208][   T10] usb 4-1: USB disconnect, device number 2
[  121.759730][   T10] ==================================================================
[  121.767996][   T10] BUG: KASAN: slab-use-after-free in btusb_disconnect+0x4dc/0x580
[  121.775916][   T10] Read of size 4 at addr ffff888102e907c0 by task kworker/0:1/10
[  121.783825][   T10] 
[  121.786178][   T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  121.786209][   T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  121.786225][   T10] Workqueue: usb_hub_wq hub_event
[  121.786268][   T10] Call Trace:
[  121.786275][   T10]  <TASK>
[  121.786284][   T10]  dump_stack_lvl+0x116/0x1f0
[  121.786313][   T10]  print_report+0xcd/0x630
[  121.786342][   T10]  ? __virt_addr_valid+0x81/0x610
[  121.786373][   T10]  ? __phys_addr+0xe8/0x180
[  121.786403][   T10]  ? btusb_disconnect+0x4dc/0x580
[  121.786432][   T10]  kasan_report+0xe0/0x110
[  121.786463][   T10]  ? btusb_disconnect+0x4dc/0x580
[  121.786495][   T10]  btusb_disconnect+0x4dc/0x580
[  121.786526][   T10]  usb_unbind_interface+0x1da/0x9e0
[  121.786552][   T10]  ? kernfs_remove_by_name_ns+0xbe/0x110
[  121.786580][   T10]  ? __pfx_usb_unbind_interface+0x10/0x10
[  121.786603][   T10]  device_remove+0x122/0x170
[  121.786635][   T10]  device_release_driver_internal+0x44b/0x620
[  121.786678][   T10]  bus_remove_device+0x22f/0x420
[  121.786710][   T10]  device_del+0x396/0x9f0
[  121.786743][   T10]  ? __pfx_device_del+0x10/0x10
[  121.786775][   T10]  ? kobject_put+0x210/0x5a0
[  121.786806][   T10]  usb_disable_device+0x355/0x7d0
[  121.786850][   T10]  usb_disconnect+0x2e1/0x9c0
[  121.786884][   T10]  hub_event+0x1aa2/0x5060
[  121.786926][   T10]  ? __lock_acquire+0xb97/0x1ce0
[  121.786953][   T10]  ? __pfx_hub_event+0x10/0x10
[  121.786984][   T10]  ? interval_tree_remove+0x850/0xee0
[  121.787022][   T10]  ? rcu_is_watching+0x12/0xc0
[  121.787055][   T10]  process_one_work+0x9cf/0x1b70
[  121.787090][   T10]  ? __pfx_hub_event+0x10/0x10
[  121.787123][   T10]  ? __pfx_process_one_work+0x10/0x10
[  121.787156][   T10]  ? assign_work+0x1a0/0x250
[  121.787185][   T10]  worker_thread+0x6c8/0xf10
[  121.787220][   T10]  ? __kthread_parkme+0x19e/0x250
[  121.787245][   T10]  ? __pfx_worker_thread+0x10/0x10
[  121.787274][   T10]  kthread+0x3c5/0x780
[  121.787302][   T10]  ? __pfx_kthread+0x10/0x10
[  121.787331][   T10]  ? rcu_is_watching+0x12/0xc0
[  121.787361][   T10]  ? __pfx_kthread+0x10/0x10
[  121.787389][   T10]  ret_from_fork+0x56d/0x700
[  121.787411][   T10]  ? __pfx_kthread+0x10/0x10
[  121.787439][   T10]  ret_from_fork_asm+0x1a/0x30
[  121.787478][   T10]  </TASK>
[  121.787486][   T10] 
[  122.013188][   T10] Allocated by task 10:
[  122.017346][   T10]  kasan_save_stack+0x33/0x60
[  122.022028][   T10]  kasan_save_track+0x14/0x30
[  122.026794][   T10]  __kasan_kmalloc+0x8f/0xa0
[  122.031426][   T10]  __kmalloc_node_track_caller_noprof+0x212/0x4c0
[  122.037937][   T10]  devm_kmalloc+0xa5/0x260
[  122.042348][   T10]  btusb_probe+0x23f/0x4480
[  122.046850][   T10]  usb_probe_interface+0x303/0xa40
[  122.052298][   T10]  really_probe+0x241/0xa90
[  122.056845][   T10]  __driver_probe_device+0x1de/0x440
[  122.062438][   T10]  driver_probe_device+0x4c/0x1b0
[  122.067466][   T10]  __device_attach_driver+0x1df/0x310
[  122.072884][   T10]  bus_for_each_drv+0x159/0x1e0
[  122.078472][   T10]  __device_attach+0x1e4/0x4b0
[  122.083244][   T10]  bus_probe_device+0x17f/0x1c0
[  122.088121][   T10]  device_add+0x1148/0x1aa0
[  122.092733][   T10]  usb_set_configuration+0x1187/0x1e20
[  122.098290][   T10]  usb_generic_driver_probe+0xb1/0x110
[  122.103776][   T10]  usb_probe_device+0xec/0x3e0
[  122.108650][   T10]  really_probe+0x241/0xa90
[  122.113327][   T10]  __driver_probe_device+0x1de/0x440
[  122.118702][   T10]  driver_probe_device+0x4c/0x1b0
[  122.123761][   T10]  __device_attach_driver+0x1df/0x310
[  122.129131][   T10]  bus_for_each_drv+0x159/0x1e0
[  122.133992][   T10]  __device_attach+0x1e4/0x4b0
[  122.139402][   T10]  bus_probe_device+0x17f/0x1c0
[  122.144548][   T10]  device_add+0x1148/0x1aa0
[  122.149231][   T10]  usb_new_device+0xd07/0x1a60
[  122.154057][   T10]  hub_event+0x2fce/0x5060
[  122.158526][   T10]  process_one_work+0x9cf/0x1b70
[  122.163733][   T10]  worker_thread+0x6c8/0xf10
[  122.168420][   T10]  kthread+0x3c5/0x780
[  122.172665][   T10]  ret_from_fork+0x56d/0x700
[  122.177351][   T10]  ret_from_fork_asm+0x1a/0x30
[  122.182465][   T10] 
[  122.184811][   T10] Freed by task 10:
[  122.188813][   T10]  kasan_save_stack+0x33/0x60
[  122.193597][   T10]  kasan_save_track+0x14/0x30
[  122.198370][   T10]  kasan_save_free_info+0x3b/0x60
[  122.203534][   T10]  __kasan_slab_free+0x3e/0x50
[  122.208512][   T10]  kfree+0x283/0x470
[  122.212513][   T10]  release_nodes+0x11e/0x240
[  122.217106][   T10]  devres_release_all+0x112/0x180
[  122.222306][   T10]  device_unbind_cleanup+0x19/0x1f0
[  122.227519][   T10]  device_release_driver_internal+0x4c3/0x620
[  122.233592][   T10]  usb_driver_release_interface+0x109/0x190
[  122.239591][   T10]  btusb_disconnect+0x448/0x580
[  122.244633][   T10]  usb_unbind_interface+0x1da/0x9e0
[  122.249999][   T10]  device_remove+0x122/0x170
[  122.254673][   T10]  device_release_driver_internal+0x44b/0x620
[  122.261038][   T10]  bus_remove_device+0x22f/0x420
[  122.266088][   T10]  device_del+0x396/0x9f0
[  122.270432][   T10]  usb_disable_device+0x355/0x7d0
[  122.275649][   T10]  usb_disconnect+0x2e1/0x9c0
[  122.280329][   T10]  hub_event+0x1aa2/0x5060
[  122.284839][   T10]  process_one_work+0x9cf/0x1b70
[  122.289902][   T10]  worker_thread+0x6c8/0xf10
[  122.294491][   T10]  kthread+0x3c5/0x780
[  122.298555][   T10]  ret_from_fork+0x56d/0x700
[  122.303150][   T10]  ret_from_fork_asm+0x1a/0x30
[  122.307929][   T10] 
[  122.310244][   T10] The buggy address belongs to the object at ffff888102e90000
[  122.310244][   T10]  which belongs to the cache kmalloc-2k of size 2048
[  122.324646][   T10] The buggy address is located 1984 bytes inside of
[  122.324646][   T10]  freed 2048-byte region [ffff888102e90000, ffff888102e90800)
[  122.338841][   T10] 
[  122.341165][   T10] The buggy address belongs to the physical page:
[  122.347856][   T10] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102e90
[  122.356886][   T10] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  122.365718][   T10] flags: 0x200000000000040(head|node=0|zone=2)
[  122.372061][   T10] page_type: f5(slab)
[  122.376051][   T10] raw: 0200000000000040 ffff888100042000 dead000000000100 dead000000000122
[  122.384645][   T10] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  122.393518][   T10] head: 0200000000000040 ffff888100042000 dead000000000100 dead000000000122
[  122.402331][   T10] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  122.411122][   T10] head: 0200000000000003 ffffea00040ba401 00000000ffffffff 00000000ffffffff
[  122.420233][   T10] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[  122.429850][   T10] page dumped because: kasan: bad access detected
[  122.436770][   T10] page_owner tracks the page as allocated
[  122.442665][   T10] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 2496524092, free_ts 0
[  122.462999][   T10]  post_alloc_hook+0x1c0/0x230
[  122.468105][   T10]  get_page_from_freelist+0xf98/0x2ce0
[  122.473664][   T10]  __alloc_frozen_pages_noprof+0x259/0x21e0
[  122.479965][   T10]  alloc_pages_mpol+0xe4/0x410
[  122.485141][   T10]  new_slab+0x247/0x330
[  122.489307][   T10]  ___slab_alloc+0xc55/0x1620
[  122.494344][   T10]  __slab_alloc.constprop.0+0x56/0xb0
[  122.500168][   T10]  __kvmalloc_node_noprof+0x1c1/0x5d0
[  122.506084][   T10]  bpf_int_jit_compile+0x7f2/0x1830
[  122.511425][   T10]  bpf_prog_select_runtime+0x3ae/0x720
[  122.517282][   T10]  bpf_prepare_filter+0xd3b/0x1100
[  122.522425][   T10]  bpf_prog_create+0x16f/0x240
[  122.527468][   T10]  ptp_classifier_init+0x86/0xd0
[  122.532416][   T10]  sock_init+0x18b/0x1c0
[  122.536781][   T10]  do_one_initcall+0x120/0x6e0
[  122.541809][   T10]  kernel_init_freeable+0x5c2/0x910
[  122.547108][   T10] page_owner free stack trace missing
[  122.552501][   T10] 
[  122.554996][   T10] Memory state around the buggy address:
[  122.560708][   T10]  ffff888102e90680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  122.568762][   T10]  ffff888102e90700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  122.576907][   T10] >ffff888102e90780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  122.584977][   T10]                                            ^
[  122.591157][   T10]  ffff888102e90800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  122.599244][   T10]  ffff888102e90880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  122.607298][   T10] ==================================================================
[  122.615779][   T10] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  122.622999][   T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  122.632744][   T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  122.642829][   T10] Workqueue: usb_hub_wq hub_event
[  122.648019][   T10] Call Trace:
[  122.651399][   T10]  <TASK>
[  122.654589][   T10]  dump_stack_lvl+0x3d/0x1f0
[  122.659366][   T10]  vpanic+0x6e8/0x7a0
[  122.663527][   T10]  ? __pfx_vpanic+0x10/0x10
[  122.668301][   T10]  ? btusb_disconnect+0x4dc/0x580
[  122.673408][   T10]  panic+0xca/0xd0
[  122.677127][   T10]  ? __pfx_panic+0x10/0x10
[  122.681544][   T10]  ? check_panic_on_warn+0x1f/0xb0
[  122.686703][   T10]  check_panic_on_warn+0xab/0xb0
[  122.691643][   T10]  end_report+0x107/0x170
[  122.696085][   T10]  kasan_report+0xee/0x110
[  122.700504][   T10]  ? btusb_disconnect+0x4dc/0x580
[  122.705622][   T10]  btusb_disconnect+0x4dc/0x580
[  122.710567][   T10]  usb_unbind_interface+0x1da/0x9e0
[  122.715867][   T10]  ? kernfs_remove_by_name_ns+0xbe/0x110
[  122.721517][   T10]  ? __pfx_usb_unbind_interface+0x10/0x10
[  122.727419][   T10]  device_remove+0x122/0x170
[  122.732280][   T10]  device_release_driver_internal+0x44b/0x620
[  122.738549][   T10]  bus_remove_device+0x22f/0x420
[  122.743578][   T10]  device_del+0x396/0x9f0
[  122.747932][   T10]  ? __pfx_device_del+0x10/0x10
[  122.752977][   T10]  ? kobject_put+0x210/0x5a0
[  122.757659][   T10]  usb_disable_device+0x355/0x7d0
[  122.762856][   T10]  usb_disconnect+0x2e1/0x9c0
[  122.767675][   T10]  hub_event+0x1aa2/0x5060
[  122.772115][   T10]  ? __lock_acquire+0xb97/0x1ce0
[  122.777167][   T10]  ? __pfx_hub_event+0x10/0x10
[  122.782027][   T10]  ? interval_tree_remove+0x850/0xee0
[  122.787509][   T10]  ? rcu_is_watching+0x12/0xc0
[  122.792468][   T10]  process_one_work+0x9cf/0x1b70
[  122.797508][   T10]  ? __pfx_hub_event+0x10/0x10
[  122.802367][   T10]  ? __pfx_process_one_work+0x10/0x10
[  122.808066][   T10]  ? assign_work+0x1a0/0x250
[  122.812858][   T10]  worker_thread+0x6c8/0xf10
[  122.817571][   T10]  ? __kthread_parkme+0x19e/0x250
[  122.822725][   T10]  ? __pfx_worker_thread+0x10/0x10
[  122.828027][   T10]  kthread+0x3c5/0x780
[  122.832182][   T10]  ? __pfx_kthread+0x10/0x10
[  122.836795][   T10]  ? rcu_is_watching+0x12/0xc0
[  122.841694][   T10]  ? __pfx_kthread+0x10/0x10
[  122.846558][   T10]  ret_from_fork+0x56d/0x700
[  122.851161][   T10]  ? __pfx_kthread+0x10/0x10
[  122.856001][   T10]  ret_from_fork_asm+0x1a/0x30
[  122.860859][   T10]  </TASK>
[  122.864130][   T10] Kernel Offset: disabled
[  122.868442][   T10] Rebooting in 86400 seconds..