Warning: Permanently added '10.128.0.95' (ED25519) to the list of known hosts.
2025/09/09 10:31:10 parsed 1 programs
[   91.971658][ T5867] cgroup: Unknown subsys name 'net'
[   92.055292][  T980] cfg80211: failed to load regulatory.db
[   92.127536][ T5867] cgroup: Unknown subsys name 'cpuset'
[   92.136611][ T5867] cgroup: Unknown subsys name 'rlimit'
[   93.817054][ T5867] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   96.871103][ T5879] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   97.657256][ T5899] chnl_net:caif_netlink_parms(): no params data found
[   97.758263][ T5899] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.765672][ T5899] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.772893][ T5899] bridge_slave_0: entered allmulticast mode
[   97.781422][ T5899] bridge_slave_0: entered promiscuous mode
[   97.790533][ T5899] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.798013][ T5899] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.805502][ T5899] bridge_slave_1: entered allmulticast mode
[   97.812720][ T5899] bridge_slave_1: entered promiscuous mode
[   97.849984][ T5899] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.864778][ T5899] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.903368][ T5899] team0: Port device team_slave_0 added
[   97.911516][ T5899] team0: Port device team_slave_1 added
[   97.941239][ T5899] batman_adv: batadv0: Adding interface: batadv_slave_0
[   97.948246][ T5899] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.974631][ T5899] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   97.990607][ T5899] batman_adv: batadv0: Adding interface: batadv_slave_1
[   97.997678][ T5899] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.024193][ T5899] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   98.074146][ T5899] hsr_slave_0: entered promiscuous mode
[   98.080555][ T5899] hsr_slave_1: entered promiscuous mode
[   98.235460][ T5899] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   98.248470][ T5899] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   98.259477][ T5899] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   98.270293][ T5899] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   98.305922][ T5899] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.313134][ T5899] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.321070][ T5899] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.328218][ T5899] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.389362][ T5899] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.411084][   T63] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.420308][   T63] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.438193][ T5899] 8021q: adding VLAN 0 to HW filter on device team0
[   98.454741][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.461879][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.480650][   T50] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.487838][   T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.678177][ T5899] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.720696][ T5899] veth0_vlan: entered promiscuous mode
[   98.733458][ T5899] veth1_vlan: entered promiscuous mode
[   98.762775][ T5899] veth0_macvtap: entered promiscuous mode
[   98.773524][ T5899] veth1_macvtap: entered promiscuous mode
[   98.796843][ T5899] batman_adv: batadv0: Interface activated: batadv_slave_0
[   98.811145][ T5899] batman_adv: batadv0: Interface activated: batadv_slave_1
[   98.829094][   T63] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   98.839471][   T63] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   98.854689][   T63] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   98.869789][   T63] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.002314][   T63] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.067913][   T63] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.121401][   T63] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.227111][   T63] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.277815][ T5941] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  100.286511][ T5941] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  100.294546][ T5941] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  100.302951][ T5941] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  100.311726][ T5941] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  100.560294][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.570224][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.600162][   T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.608372][   T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.411906][   T63] bridge_slave_1: left allmulticast mode
[  101.424407][   T63] bridge_slave_1: left promiscuous mode
[  101.430825][   T63] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.475402][   T63] bridge_slave_0: left allmulticast mode
[  101.481128][   T63] bridge_slave_0: left promiscuous mode
[  101.494297][   T63] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.950421][   T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  101.963267][   T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  101.975432][   T63] bond0 (unregistering): Released all slaves
[  102.096489][   T63] hsr_slave_0: left promiscuous mode
[  102.102792][   T63] hsr_slave_1: left promiscuous mode
[  102.109218][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  102.118379][   T63] batman_adv: batadv0: Removing interface: batadv_slave_0
[  102.127486][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  102.136542][   T63] batman_adv: batadv0: Removing interface: batadv_slave_1
[  102.158852][   T63] veth1_macvtap: left promiscuous mode
[  102.166794][   T63] veth0_macvtap: left promiscuous mode
[  102.172503][   T63] veth1_vlan: left promiscuous mode
[  102.179080][   T63] veth0_vlan: left promiscuous mode
[  102.620034][   T63] team0 (unregistering): Port device team_slave_1 removed
[  102.648719][   T63] team0 (unregistering): Port device team_slave_0 removed
2025/09/09 10:31:26 executed programs: 0
[  104.219527][ T5941] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  104.231300][ T5941] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  104.239441][ T5941] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  104.251952][ T5941] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  104.259930][ T5941] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  104.822760][ T6015] chnl_net:caif_netlink_parms(): no params data found
[  104.994997][ T6015] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.002665][ T6015] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.010779][ T6015] bridge_slave_0: entered allmulticast mode
[  105.020718][ T6015] bridge_slave_0: entered promiscuous mode
[  105.030737][ T6015] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.038180][ T6015] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.054340][ T6015] bridge_slave_1: entered allmulticast mode
[  105.062815][ T6015] bridge_slave_1: entered promiscuous mode
[  105.130565][ T6015] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  105.143410][ T6015] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  105.206341][ T6015] team0: Port device team_slave_0 added
[  105.218103][ T6015] team0: Port device team_slave_1 added
[  105.266860][ T6015] batman_adv: batadv0: Adding interface: batadv_slave_0
[  105.274523][ T6015] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.301857][ T6015] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  105.316670][ T6015] batman_adv: batadv0: Adding interface: batadv_slave_1
[  105.325622][ T6015] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.351597][ T6015] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  105.458521][ T6015] hsr_slave_0: entered promiscuous mode
[  105.467105][ T6015] hsr_slave_1: entered promiscuous mode
[  105.951195][ T6015] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  105.966769][ T6015] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  105.983174][ T6015] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  105.994794][ T6015] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  106.111617][ T6015] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.137355][ T6015] 8021q: adding VLAN 0 to HW filter on device team0
[  106.153070][   T63] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.160300][   T63] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.178003][   T63] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.185222][   T63] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.295501][ T5941] Bluetooth: hci0: command tx timeout
[  106.465299][ T6015] 8021q: adding VLAN 0 to HW filter on device batadv0
[  106.522417][ T6015] veth0_vlan: entered promiscuous mode
[  106.540988][ T6015] veth1_vlan: entered promiscuous mode
[  106.583854][ T6015] veth0_macvtap: entered promiscuous mode
[  106.597755][ T6015] veth1_macvtap: entered promiscuous mode
[  106.624024][ T6015] batman_adv: batadv0: Interface activated: batadv_slave_0
[  106.640244][ T6015] batman_adv: batadv0: Interface activated: batadv_slave_1
[  106.659597][   T50] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  106.670015][   T50] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  106.685837][   T50] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  106.695363][   T50] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  106.785395][   T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.793258][   T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  106.849921][   T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.859387][   T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.154356][  T980] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  107.320619][  T980] usb 1-1: config 0 has an invalid interface number: 219 but max is 0
[  107.332384][  T980] usb 1-1: config 0 has no interface number 0
[  107.344422][  T980] usb 1-1: New USB device found, idVendor=14aa, idProduct=022b, bcdDevice=56.19
[  107.354708][  T980] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.362730][  T980] usb 1-1: Product: syz
[  107.367715][  T980] usb 1-1: Manufacturer: syz
[  107.372335][  T980] usb 1-1: SerialNumber: syz
[  107.382374][  T980] usb 1-1: config 0 descriptor??
[  107.400070][  T980] dvb-usb: found a 'WideView WT-220U PenType Receiver (based on ZL353)' in warm state.
[  107.410738][  T980] dvb-usb: bulk message failed: -22 (2/0)
[  107.417722][  T980] dvb-usb: will use the device's hardware PID filter (table count: 15).
[  107.431798][  T980] dvbdev: DVB: registering new adapter (WideView WT-220U PenType Receiver (based on ZL353))
[  107.442757][  T980] usb 1-1: media controller created
[  107.451425][  T980] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  107.469828][  T980] usb 1-1: DVB: registering adapter 1 frontend 0 (WideView USB DVB-T)...
[  107.479025][  T980] dvbdev: dvb_create_media_entity: media entity 'WideView USB DVB-T' registered.
[  107.563694][  T980] rc_core: IR keymap rc-dtt200u not found
[  107.569899][  T980] Registered IR keymap rc-empty
[  107.583059][  T980] rc rc0: WideView WT-220U PenType Receiver (based on ZL353) as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0
[  107.608769][  T980] input: WideView WT-220U PenType Receiver (based on ZL353) as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0/input5
[  107.632310][  T980] dvb-usb: schedule remote query interval to 300 msecs.
[  107.640956][  T980] dvb-usb: WideView WT-220U PenType Receiver (based on ZL353) successfully initialized and connected.
[  107.664956][  T980] usb 1-1: USB disconnect, device number 2
[  107.698496][  T980] ==================================================================
[  107.706603][  T980] BUG: KASAN: slab-use-after-free in media_devnode_unregister+0xe2/0xf0
[  107.714968][  T980] Read of size 4 at addr ffff888144e904f0 by task kworker/1:2/980
[  107.722785][  T980] 
[  107.725135][  T980] CPU: 1 UID: 0 PID: 980 Comm: kworker/1:2 Not tainted syzkaller #0 PREEMPT(full) 
[  107.725159][  T980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  107.725173][  T980] Workqueue: usb_hub_wq hub_event
[  107.725203][  T980] Call Trace:
[  107.725211][  T980]  <TASK>
[  107.725219][  T980]  dump_stack_lvl+0x189/0x250
[  107.725250][  T980]  ? rcu_is_watching+0x15/0xb0
[  107.725271][  T980]  ? __kasan_check_byte+0x12/0x40
[  107.725293][  T980]  ? __pfx_dump_stack_lvl+0x10/0x10
[  107.725321][  T980]  ? rcu_is_watching+0x15/0xb0
[  107.725343][  T980]  ? lock_release+0x4b/0x3e0
[  107.725365][  T980]  ? __virt_addr_valid+0x1c8/0x5c0
[  107.725394][  T980]  ? __virt_addr_valid+0x4a5/0x5c0
[  107.725422][  T980]  print_report+0xca/0x240
[  107.725441][  T980]  ? media_devnode_unregister+0xe2/0xf0
[  107.725465][  T980]  kasan_report+0x118/0x150
[  107.725499][  T980]  ? media_devnode_unregister+0xe2/0xf0
[  107.725526][  T980]  media_devnode_unregister+0xe2/0xf0
[  107.725549][  T980]  media_device_unregister+0x37c/0x400
[  107.725574][  T980]  dvb_usb_adapter_dvb_exit+0xf3/0x1b0
[  107.725594][  T980]  dvb_usb_adapter_exit+0x8b/0x240
[  107.725623][  T980]  dvb_usb_device_exit+0x1b6/0x350
[  107.725650][  T980]  ? lockdep_hardirqs_on+0x9c/0x150
[  107.725676][  T980]  ? __pfx_dvb_usb_device_exit+0x10/0x10
[  107.725701][  T980]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  107.725728][  T980]  ? usb_disable_interface+0x31d/0x350
[  107.725749][  T980]  usb_unbind_interface+0x26e/0x910
[  107.725773][  T980]  ? __pfx_usb_unbind_interface+0x10/0x10
[  107.725793][  T980]  device_release_driver_internal+0x4d6/0x800
[  107.725820][  T980]  bus_remove_device+0x34d/0x410
[  107.725850][  T980]  device_del+0x511/0x8e0
[  107.725870][  T980]  ? __pm_runtime_barrier+0x212/0x460
[  107.725893][  T980]  ? __pfx_device_del+0x10/0x10
[  107.725912][  T980]  ? __pfx___mutex_lock+0x10/0x10
[  107.725942][  T980]  usb_disable_device+0x3e9/0x8a0
[  107.725964][  T980]  usb_disconnect+0x330/0x950
[  107.725994][  T980]  hub_event+0x1cf5/0x4a20
[  107.726023][  T980]  ? do_raw_spin_lock+0x121/0x290
[  107.726050][  T980]  ? register_lock_class+0x51/0x320
[  107.726105][  T980]  ? __pfx_hub_event+0x10/0x10
[  107.726125][  T980]  ? process_scheduled_works+0x9ef/0x17b0
[  107.726151][  T980]  ? _raw_spin_unlock_irq+0x23/0x50
[  107.726176][  T980]  ? process_scheduled_works+0x9ef/0x17b0
[  107.726198][  T980]  ? process_scheduled_works+0x9ef/0x17b0
[  107.726222][  T980]  process_scheduled_works+0xae1/0x17b0
[  107.726259][  T980]  ? __pfx_process_scheduled_works+0x10/0x10
[  107.726291][  T980]  worker_thread+0x8a0/0xda0
[  107.726316][  T980]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  107.726347][  T980]  ? __kthread_parkme+0x7b/0x200
[  107.726376][  T980]  kthread+0x711/0x8a0
[  107.726406][  T980]  ? __pfx_worker_thread+0x10/0x10
[  107.726429][  T980]  ? __pfx_kthread+0x10/0x10
[  107.726458][  T980]  ? _raw_spin_unlock_irq+0x23/0x50
[  107.726483][  T980]  ? lockdep_hardirqs_on+0x9c/0x150
[  107.726509][  T980]  ? __pfx_kthread+0x10/0x10
[  107.726537][  T980]  ret_from_fork+0x47c/0x820
[  107.726561][  T980]  ? __pfx_ret_from_fork+0x10/0x10
[  107.726587][  T980]  ? __switch_to_asm+0x39/0x70
[  107.726607][  T980]  ? __switch_to_asm+0x33/0x70
[  107.726626][  T980]  ? __pfx_kthread+0x10/0x10
[  107.726654][  T980]  ret_from_fork_asm+0x1a/0x30
[  107.726684][  T980]  </TASK>
[  107.726691][  T980] 
[  108.047943][  T980] Allocated by task 980:
[  108.052197][  T980]  kasan_save_track+0x3e/0x80
[  108.056897][  T980]  __kasan_kmalloc+0x93/0xb0
[  108.061506][  T980]  __kmalloc_cache_noprof+0x3d5/0x6f0
[  108.066890][  T980]  __media_device_register+0x58/0x280
[  108.072286][  T980]  dvb_usb_device_init+0x1bed/0x2580
[  108.077615][  T980]  dtt200u_usb_probe+0xb5/0x120
[  108.082483][  T980]  usb_probe_interface+0x665/0xc30
[  108.087630][  T980]  really_probe+0x26a/0x9e0
[  108.092150][  T980]  __driver_probe_device+0x18c/0x2f0
[  108.097471][  T980]  driver_probe_device+0x4f/0x430
[  108.102523][  T980]  __device_attach_driver+0x2ce/0x530
[  108.107914][  T980]  bus_for_each_drv+0x251/0x2e0
[  108.112788][  T980]  __device_attach+0x2b8/0x400
[  108.117574][  T980]  bus_probe_device+0x185/0x260
[  108.122446][  T980]  device_add+0x7b6/0xb50
[  108.126798][  T980]  usb_set_configuration+0x1a87/0x20e0
[  108.132286][  T980]  usb_generic_driver_probe+0x8d/0x150
[  108.137758][  T980]  usb_probe_device+0x1c1/0x390
[  108.142630][  T980]  really_probe+0x26a/0x9e0
[  108.147150][  T980]  __driver_probe_device+0x18c/0x2f0
[  108.152545][  T980]  driver_probe_device+0x4f/0x430
[  108.157582][  T980]  __device_attach_driver+0x2ce/0x530
[  108.162969][  T980]  bus_for_each_drv+0x251/0x2e0
[  108.167842][  T980]  __device_attach+0x2b8/0x400
[  108.172624][  T980]  bus_probe_device+0x185/0x260
[  108.177631][  T980]  device_add+0x7b6/0xb50
[  108.181975][  T980]  usb_new_device+0xa39/0x16f0
[  108.186768][  T980]  hub_event+0x2958/0x4a20
[  108.191213][  T980]  process_scheduled_works+0xae1/0x17b0
[  108.196783][  T980]  worker_thread+0x8a0/0xda0
[  108.201404][  T980]  kthread+0x711/0x8a0
[  108.205509][  T980]  ret_from_fork+0x47c/0x820
[  108.210123][  T980]  ret_from_fork_asm+0x1a/0x30
[  108.214908][  T980] 
[  108.217242][  T980] Freed by task 980:
[  108.221152][  T980]  kasan_save_track+0x3e/0x80
[  108.225846][  T980]  __kasan_save_free_info+0x46/0x50
[  108.231068][  T980]  __kasan_slab_free+0x5b/0x80
[  108.235850][  T980]  kfree+0x199/0x6d0
[  108.239778][  T980]  media_devnode_release+0x61/0xa0
[  108.244945][  T980]  device_release+0x9c/0x1c0
[  108.249570][  T980]  kobject_put+0x228/0x480
[  108.254033][  T980]  media_devnode_unregister+0x6d/0xf0
[  108.259449][  T980]  media_device_unregister+0x37c/0x400
[  108.264925][  T980]  dvb_usb_adapter_dvb_exit+0xf3/0x1b0
[  108.270474][  T980]  dvb_usb_adapter_exit+0x8b/0x240
[  108.275619][  T980]  dvb_usb_device_exit+0x1b6/0x350
[  108.280757][  T980]  usb_unbind_interface+0x26e/0x910
[  108.285978][  T980]  device_release_driver_internal+0x4d6/0x800
[  108.292067][  T980]  bus_remove_device+0x34d/0x410
[  108.297032][  T980]  device_del+0x511/0x8e0
[  108.301379][  T980]  usb_disable_device+0x3e9/0x8a0
[  108.306421][  T980]  usb_disconnect+0x330/0x950
[  108.311132][  T980]  hub_event+0x1cf5/0x4a20
[  108.315572][  T980]  process_scheduled_works+0xae1/0x17b0
[  108.321141][  T980]  worker_thread+0x8a0/0xda0
[  108.325751][  T980]  kthread+0x711/0x8a0
[  108.329851][  T980]  ret_from_fork+0x47c/0x820
[  108.334453][  T980]  ret_from_fork_asm+0x1a/0x30
[  108.339321][  T980] 
[  108.341655][  T980] The buggy address belongs to the object at ffff888144e90000
[  108.341655][  T980]  which belongs to the cache kmalloc-2k of size 2048
[  108.355724][  T980] The buggy address is located 1264 bytes inside of
[  108.355724][  T980]  freed 2048-byte region [ffff888144e90000, ffff888144e90800)
[  108.369743][  T980] 
[  108.372089][  T980] The buggy address belongs to the physical page:
[  108.378526][  T980] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x144e90
[  108.387384][  T980] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  108.395890][  T980] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[  108.403544][  T980] page_type: f5(slab)
[  108.407568][  T980] raw: 057ff00000000040 ffff88801a842000 ffffea000512b600 dead000000000002
[  108.416178][  T980] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  108.424789][  T980] head: 057ff00000000040 ffff88801a842000 ffffea000512b600 dead000000000002
[  108.433479][  T980] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  108.442169][  T980] head: 057ff00000000003 ffffea000513a401 00000000ffffffff 00000000ffffffff
[  108.450860][  T980] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  108.459559][  T980] page dumped because: kasan: bad access detected
[  108.465990][  T980] page_owner tracks the page as allocated
[  108.471712][  T980] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 4002246788, free_ts 0
[  108.491433][  T980]  post_alloc_hook+0x240/0x2a0
[  108.496214][  T980]  get_page_from_freelist+0x21e4/0x22c0
[  108.501786][  T980]  __alloc_frozen_pages_noprof+0x181/0x370
[  108.507632][  T980]  alloc_pages_mpol+0x232/0x4a0
[  108.512507][  T980]  allocate_slab+0x8a/0x330
[  108.517048][  T980]  ___slab_alloc+0xbd1/0x13f0
[  108.521791][  T980]  __slab_alloc+0x55/0xa0
[  108.526148][  T980]  __kmalloc_cache_noprof+0x411/0x6f0
[  108.531537][  T980]  acpi_ds_create_walk_state+0xd9/0x270
[  108.537108][  T980]  acpi_ps_execute_method+0x220/0x7c0
[  108.542500][  T980]  acpi_ns_evaluate+0x5a6/0xa20
[  108.547367][  T980]  acpi_evaluate_object+0x53f/0xa10
[  108.552587][  T980]  acpi_evaluate_integer+0xfc/0x270
[  108.557808][  T980]  acpi_bus_get_status+0x14a/0x380
[  108.562936][  T980]  acpi_bus_attach+0x232/0xbb0
[  108.567756][  T980]  device_for_each_child+0x103/0x190
[  108.573067][  T980] page_owner free stack trace missing
[  108.578446][  T980] 
[  108.580783][  T980] Memory state around the buggy address:
[  108.586427][  T980]  ffff888144e90380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  108.594505][  T980]  ffff888144e90400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  108.602577][  T980] >ffff888144e90480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  108.610650][  T980]                                                              ^
[  108.618379][  T980]  ffff888144e90500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  108.626459][  T980]  ffff888144e90580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  108.634532][  T980] ==================================================================
[  108.647934][ T5941] Bluetooth: hci0: command tx timeout
[  108.665317][  T980] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  108.672549][  T980] CPU: 1 UID: 0 PID: 980 Comm: kworker/1:2 Not tainted syzkaller #0 PREEMPT(full) 
[  108.681861][  T980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  108.691930][  T980] Workqueue: usb_hub_wq hub_event
[  108.696983][  T980] Call Trace:
[  108.700278][  T980]  <TASK>
[  108.703239][  T980]  dump_stack_lvl+0x99/0x250
[  108.707868][  T980]  ? __asan_memcpy+0x40/0x70
[  108.712500][  T980]  ? __pfx_dump_stack_lvl+0x10/0x10
[  108.717735][  T980]  ? __pfx__printk+0x10/0x10
[  108.722372][  T980]  vpanic+0x237/0x6d0
[  108.726482][  T980]  ? __pfx_vpanic+0x10/0x10
[  108.731009][  T980]  ? preempt_schedule+0xae/0xc0
[  108.735887][  T980]  ? __pfx_preempt_schedule+0x10/0x10
[  108.741285][  T980]  panic+0xb9/0xc0
[  108.745028][  T980]  ? __pfx_panic+0x10/0x10
[  108.749469][  T980]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  108.755387][  T980]  ? media_devnode_unregister+0xe2/0xf0
[  108.760954][  T980]  check_panic_on_warn+0x89/0xb0
[  108.765924][  T980]  ? media_devnode_unregister+0xe2/0xf0
[  108.771491][  T980]  end_report+0x78/0x160
[  108.775769][  T980]  kasan_report+0x129/0x150
[  108.780296][  T980]  ? media_devnode_unregister+0xe2/0xf0
[  108.785872][  T980]  media_devnode_unregister+0xe2/0xf0
[  108.791277][  T980]  media_device_unregister+0x37c/0x400
[  108.796763][  T980]  dvb_usb_adapter_dvb_exit+0xf3/0x1b0
[  108.802245][  T980]  dvb_usb_adapter_exit+0x8b/0x240
[  108.807387][  T980]  dvb_usb_device_exit+0x1b6/0x350
[  108.812522][  T980]  ? lockdep_hardirqs_on+0x9c/0x150
[  108.817738][  T980]  ? __pfx_dvb_usb_device_exit+0x10/0x10
[  108.823387][  T980]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  108.829304][  T980]  ? usb_disable_interface+0x31d/0x350
[  108.834788][  T980]  usb_unbind_interface+0x26e/0x910
[  108.840025][  T980]  ? __pfx_usb_unbind_interface+0x10/0x10
[  108.845766][  T980]  device_release_driver_internal+0x4d6/0x800
[  108.851862][  T980]  bus_remove_device+0x34d/0x410
[  108.856829][  T980]  device_del+0x511/0x8e0
[  108.861179][  T980]  ? __pm_runtime_barrier+0x212/0x460
[  108.866559][  T980]  ? __pfx_device_del+0x10/0x10
[  108.871414][  T980]  ? __pfx___mutex_lock+0x10/0x10
[  108.876537][  T980]  usb_disable_device+0x3e9/0x8a0
[  108.881570][  T980]  usb_disconnect+0x330/0x950
[  108.886262][  T980]  hub_event+0x1cf5/0x4a20
[  108.890777][  T980]  ? do_raw_spin_lock+0x121/0x290
[  108.895813][  T980]  ? register_lock_class+0x51/0x320
[  108.901021][  T980]  ? __pfx_hub_event+0x10/0x10
[  108.905787][  T980]  ? process_scheduled_works+0x9ef/0x17b0
[  108.911531][  T980]  ? _raw_spin_unlock_irq+0x23/0x50
[  108.916737][  T980]  ? process_scheduled_works+0x9ef/0x17b0
[  108.922459][  T980]  ? process_scheduled_works+0x9ef/0x17b0
[  108.928299][  T980]  process_scheduled_works+0xae1/0x17b0
[  108.933866][  T980]  ? __pfx_process_scheduled_works+0x10/0x10
[  108.939875][  T980]  worker_thread+0x8a0/0xda0
[  108.944473][  T980]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  108.950813][  T980]  ? __kthread_parkme+0x7b/0x200
[  108.955761][  T980]  kthread+0x711/0x8a0
[  108.959842][  T980]  ? __pfx_worker_thread+0x10/0x10
[  108.964990][  T980]  ? __pfx_kthread+0x10/0x10
[  108.969612][  T980]  ? _raw_spin_unlock_irq+0x23/0x50
[  108.974820][  T980]  ? lockdep_hardirqs_on+0x9c/0x150
[  108.980023][  T980]  ? __pfx_kthread+0x10/0x10
[  108.984624][  T980]  ret_from_fork+0x47c/0x820
[  108.989219][  T980]  ? __pfx_ret_from_fork+0x10/0x10
[  108.994339][  T980]  ? __switch_to_asm+0x39/0x70
[  108.999104][  T980]  ? __switch_to_asm+0x33/0x70
[  109.003901][  T980]  ? __pfx_kthread+0x10/0x10
[  109.008513][  T980]  ret_from_fork_asm+0x1a/0x30
[  109.013299][  T980]  </TASK>
[  109.016572][  T980] Kernel Offset: disabled
[  109.020901][  T980] Rebooting in 86400 seconds..