Warning: Permanently added '10.128.0.142' (ED25519) to the list of known hosts.
2025/09/09 14:54:45 parsed 1 programs
[   94.249173][ T5863] cgroup: Unknown subsys name 'net'
[   94.368897][ T5863] cgroup: Unknown subsys name 'cpuset'
[   94.377914][ T5863] cgroup: Unknown subsys name 'rlimit'
[   96.202173][ T5863] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   97.373607][   T43] cfg80211: failed to load regulatory.db
[   99.462371][ T5875] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  100.417237][ T1334] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.429558][ T1334] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.463569][   T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.472140][   T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.790305][ T5921] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  101.798848][ T5921] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  101.808481][ T5921] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  101.819292][ T5921] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  101.833954][ T5921] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  102.389540][ T5929] chnl_net:caif_netlink_parms(): no params data found
[  102.497432][ T5929] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.505731][ T5929] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.513002][ T5929] bridge_slave_0: entered allmulticast mode
[  102.520537][ T5929] bridge_slave_0: entered promiscuous mode
[  102.530444][ T5929] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.538079][ T5929] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.545995][ T5929] bridge_slave_1: entered allmulticast mode
[  102.553627][ T5929] bridge_slave_1: entered promiscuous mode
[  102.593238][ T5929] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  102.606485][ T5929] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  102.647230][ T5929] team0: Port device team_slave_0 added
[  102.655850][ T5929] team0: Port device team_slave_1 added
[  102.685741][ T5929] batman_adv: batadv0: Adding interface: batadv_slave_0
[  102.693479][ T5929] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  102.719611][ T5929] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  102.732952][ T5929] batman_adv: batadv0: Adding interface: batadv_slave_1
[  102.739933][ T5929] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  102.765882][ T5929] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  102.813740][ T5929] hsr_slave_0: entered promiscuous mode
[  102.820169][ T5929] hsr_slave_1: entered promiscuous mode
[  102.980732][ T5929] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  102.995148][ T5929] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  103.006221][ T5929] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  103.016796][ T5929] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  103.107151][ T5929] 8021q: adding VLAN 0 to HW filter on device bond0
[  103.135376][ T5929] 8021q: adding VLAN 0 to HW filter on device team0
[  103.149794][   T65] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.157223][   T65] bridge0: port 1(bridge_slave_0) entered forwarding state
[  103.173844][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.181071][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  103.370932][ T5929] 8021q: adding VLAN 0 to HW filter on device batadv0
[  103.419757][ T5929] veth0_vlan: entered promiscuous mode
[  103.433048][ T5929] veth1_vlan: entered promiscuous mode
[  103.468213][ T5929] veth0_macvtap: entered promiscuous mode
[  103.479329][ T5929] veth1_macvtap: entered promiscuous mode
[  103.502682][ T5929] batman_adv: batadv0: Interface activated: batadv_slave_0
[  103.517927][ T5929] batman_adv: batadv0: Interface activated: batadv_slave_1
[  103.535395][   T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.549880][   T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.560355][   T65] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.570501][   T65] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  103.704557][   T65] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.789834][   T65] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.886091][   T65] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.957252][   T65] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/09/09 14:55:00 executed programs: 0
[  105.168704][ T5921] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  105.178124][ T5921] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  105.187509][ T5921] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  105.196751][ T5921] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  105.204699][ T5921] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  105.386791][ T5971] chnl_net:caif_netlink_parms(): no params data found
[  105.472899][ T5971] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.480132][ T5971] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.487746][ T5971] bridge_slave_0: entered allmulticast mode
[  105.495575][ T5971] bridge_slave_0: entered promiscuous mode
[  105.504248][ T5971] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.511826][ T5971] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.519030][ T5971] bridge_slave_1: entered allmulticast mode
[  105.526713][ T5971] bridge_slave_1: entered promiscuous mode
[  105.564357][ T5971] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  105.576603][ T5971] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  105.616610][ T5971] team0: Port device team_slave_0 added
[  105.626611][ T5971] team0: Port device team_slave_1 added
[  105.658693][ T5971] batman_adv: batadv0: Adding interface: batadv_slave_0
[  105.665737][ T5971] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.692229][ T5971] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  105.706183][ T5971] batman_adv: batadv0: Adding interface: batadv_slave_1
[  105.713588][ T5971] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.739688][ T5971] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  105.790718][ T5971] hsr_slave_0: entered promiscuous mode
[  105.797265][ T5971] hsr_slave_1: entered promiscuous mode
[  105.804452][ T5971] debugfs: 'hsr0' already exists in 'hsr'
[  105.810278][ T5971] Cannot create hsr debugfs directory
[  106.554759][   T65] bridge_slave_1: left allmulticast mode
[  106.572474][   T65] bridge_slave_1: left promiscuous mode
[  106.584857][   T65] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.596643][   T65] bridge_slave_0: left allmulticast mode
[  106.602667][   T65] bridge_slave_0: left promiscuous mode
[  106.608671][   T65] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.951440][   T65] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  106.963097][   T65] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  106.974980][   T65] bond0 (unregistering): Released all slaves
[  107.069594][   T65] hsr_slave_0: left promiscuous mode
[  107.076111][   T65] hsr_slave_1: left promiscuous mode
[  107.084378][   T65] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  107.092040][   T65] batman_adv: batadv0: Removing interface: batadv_slave_0
[  107.100767][   T65] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  107.110764][   T65] batman_adv: batadv0: Removing interface: batadv_slave_1
[  107.137909][   T65] veth1_macvtap: left promiscuous mode
[  107.145697][   T65] veth0_macvtap: left promiscuous mode
[  107.151904][   T65] veth1_vlan: left promiscuous mode
[  107.157432][   T65] veth0_vlan: left promiscuous mode
[  107.293944][ T5180] Bluetooth: hci0: command tx timeout
[  107.648629][   T65] team0 (unregistering): Port device team_slave_1 removed
[  107.683892][   T65] team0 (unregistering): Port device team_slave_0 removed
[  108.301739][ T5971] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  108.332747][ T5971] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  108.350510][ T5971] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  108.364983][ T5971] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  108.776074][ T5971] 8021q: adding VLAN 0 to HW filter on device bond0
[  108.817916][ T5971] 8021q: adding VLAN 0 to HW filter on device team0
[  108.867760][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.875037][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  108.893311][ T1334] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.900960][ T1334] bridge0: port 2(bridge_slave_1) entered forwarding state
[  109.182873][ T5971] 8021q: adding VLAN 0 to HW filter on device batadv0
[  109.244866][ T5971] veth0_vlan: entered promiscuous mode
[  109.258798][ T5971] veth1_vlan: entered promiscuous mode
[  109.303991][ T5971] veth0_macvtap: entered promiscuous mode
[  109.315256][ T5971] veth1_macvtap: entered promiscuous mode
[  109.345113][ T5971] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.363246][ T5971] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.371751][ T5180] Bluetooth: hci0: command tx timeout
[  109.390743][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  109.400006][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  109.418195][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  109.437579][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  109.536388][   T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.559159][   T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.598742][   T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.610169][   T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.933555][ T5948] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  110.091772][ T5948] usb 1-1: Using ep0 maxpacket: 16
[  110.100381][ T5948] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  110.113049][ T5948] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  110.122176][ T5948] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  110.130207][ T5948] usb 1-1: Product: syz
[  110.134418][ T5948] usb 1-1: Manufacturer: syz
[  110.139038][ T5948] usb 1-1: SerialNumber: syz
[  110.147423][ T5948] usb 1-1: config 0 descriptor??
[  110.158249][ T5948] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  110.167705][ T5948] em28xx 1-1:0.0: DVB interface 0 found: bulk
[  110.416156][ T5948] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[  110.487409][ T5948] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  110.495682][ T5948] em28xx 1-1:0.0: board has no eeprom
[  110.572592][ T5948] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  110.580514][ T5948] em28xx 1-1:0.0: dvb set to bulk mode.
[  110.588363][  T887] em28xx 1-1:0.0: Binding DVB extension
[  110.600974][ T5948] usb 1-1: USB disconnect, device number 2
[  110.622474][ T5948] em28xx 1-1:0.0: Disconnecting em28xx
[  110.658295][  T887] em28xx 1-1:0.0: Registering input extension
[  110.665682][ T5948] em28xx 1-1:0.0: Closing input extension
[  110.675685][ T5948] ==================================================================
[  110.683796][ T5948] BUG: KASAN: slab-use-after-free in media_devnode_unregister+0xe2/0xf0
[  110.692172][ T5948] Read of size 4 at addr ffff8880286904f0 by task kworker/1:4/5948
[  110.700255][ T5948] 
[  110.702710][ T5948] CPU: 1 UID: 0 PID: 5948 Comm: kworker/1:4 Not tainted syzkaller #0 PREEMPT(full) 
[  110.702729][ T5948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  110.702740][ T5948] Workqueue: usb_hub_wq hub_event
[  110.702771][ T5948] Call Trace:
[  110.702779][ T5948]  <TASK>
[  110.702786][ T5948]  dump_stack_lvl+0x189/0x250
[  110.702812][ T5948]  ? rcu_is_watching+0x15/0xb0
[  110.702829][ T5948]  ? __kasan_check_byte+0x12/0x40
[  110.702845][ T5948]  ? __pfx_dump_stack_lvl+0x10/0x10
[  110.702865][ T5948]  ? rcu_is_watching+0x15/0xb0
[  110.702882][ T5948]  ? lock_release+0x4b/0x3e0
[  110.702898][ T5948]  ? __virt_addr_valid+0x1c8/0x5c0
[  110.702919][ T5948]  ? __virt_addr_valid+0x4a5/0x5c0
[  110.702940][ T5948]  print_report+0xca/0x240
[  110.702954][ T5948]  ? media_devnode_unregister+0xe2/0xf0
[  110.702972][ T5948]  kasan_report+0x118/0x150
[  110.702989][ T5948]  ? media_devnode_unregister+0xe2/0xf0
[  110.703010][ T5948]  media_devnode_unregister+0xe2/0xf0
[  110.703027][ T5948]  media_device_unregister+0x37c/0x400
[  110.703047][ T5948]  em28xx_release_resources+0xac/0x240
[  110.703070][ T5948]  em28xx_usb_disconnect+0x19f/0x2f0
[  110.703091][ T5948]  usb_unbind_interface+0x26e/0x910
[  110.703110][ T5948]  ? __pfx_usb_unbind_interface+0x10/0x10
[  110.703125][ T5948]  device_release_driver_internal+0x4d6/0x800
[  110.703147][ T5948]  bus_remove_device+0x34d/0x410
[  110.703170][ T5948]  device_del+0x511/0x8e0
[  110.703189][ T5948]  ? __pfx_device_del+0x10/0x10
[  110.703203][ T5948]  ? kobject_put+0x446/0x480
[  110.703228][ T5948]  usb_disable_device+0x3e9/0x8a0
[  110.703245][ T5948]  usb_disconnect+0x330/0x950
[  110.703268][ T5948]  hub_event+0x1cf5/0x4a20
[  110.703291][ T5948]  ? do_raw_spin_lock+0x121/0x290
[  110.703312][ T5948]  ? register_lock_class+0x51/0x320
[  110.703332][ T5948]  ? __pfx_hub_event+0x10/0x10
[  110.703345][ T5948]  ? process_scheduled_works+0x9ef/0x17b0
[  110.703363][ T5948]  ? _raw_spin_unlock_irq+0x23/0x50
[  110.703381][ T5948]  ? process_scheduled_works+0x9ef/0x17b0
[  110.703396][ T5948]  ? process_scheduled_works+0x9ef/0x17b0
[  110.703412][ T5948]  process_scheduled_works+0xae1/0x17b0
[  110.703439][ T5948]  ? __pfx_process_scheduled_works+0x10/0x10
[  110.703461][ T5948]  worker_thread+0x8a0/0xda0
[  110.703479][ T5948]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  110.703500][ T5948]  ? __kthread_parkme+0x7b/0x200
[  110.703521][ T5948]  kthread+0x711/0x8a0
[  110.703542][ T5948]  ? __pfx_worker_thread+0x10/0x10
[  110.703564][ T5948]  ? __pfx_kthread+0x10/0x10
[  110.703584][ T5948]  ? _raw_spin_unlock_irq+0x23/0x50
[  110.703602][ T5948]  ? lockdep_hardirqs_on+0x9c/0x150
[  110.703621][ T5948]  ? __pfx_kthread+0x10/0x10
[  110.703641][ T5948]  ret_from_fork+0x47c/0x820
[  110.703658][ T5948]  ? __pfx_ret_from_fork+0x10/0x10
[  110.703677][ T5948]  ? __switch_to_asm+0x39/0x70
[  110.703691][ T5948]  ? __switch_to_asm+0x33/0x70
[  110.703704][ T5948]  ? __pfx_kthread+0x10/0x10
[  110.703724][ T5948]  ret_from_fork_asm+0x1a/0x30
[  110.703746][ T5948]  </TASK>
[  110.703751][ T5948] 
[  110.992223][ T5948] Allocated by task 5948:
[  110.996574][ T5948]  kasan_save_track+0x3e/0x80
[  111.001312][ T5948]  __kasan_kmalloc+0x93/0xb0
[  111.005971][ T5948]  __kmalloc_cache_noprof+0x3d5/0x6f0
[  111.011361][ T5948]  __media_device_register+0x58/0x280
[  111.016748][ T5948]  em28xx_usb_probe+0x1764/0x2a20
[  111.021782][ T5948]  usb_probe_interface+0x665/0xc30
[  111.026990][ T5948]  really_probe+0x26a/0x9e0
[  111.031532][ T5948]  __driver_probe_device+0x18c/0x2f0
[  111.036859][ T5948]  driver_probe_device+0x4f/0x430
[  111.041892][ T5948]  __device_attach_driver+0x2ce/0x530
[  111.047279][ T5948]  bus_for_each_drv+0x251/0x2e0
[  111.052155][ T5948]  __device_attach+0x2b8/0x400
[  111.056931][ T5948]  bus_probe_device+0x185/0x260
[  111.061797][ T5948]  device_add+0x7b6/0xb50
[  111.066136][ T5948]  usb_set_configuration+0x1a87/0x20e0
[  111.071603][ T5948]  usb_generic_driver_probe+0x8d/0x150
[  111.077065][ T5948]  usb_probe_device+0x1c1/0x390
[  111.081924][ T5948]  really_probe+0x26a/0x9e0
[  111.086439][ T5948]  __driver_probe_device+0x18c/0x2f0
[  111.091736][ T5948]  driver_probe_device+0x4f/0x430
[  111.096860][ T5948]  __device_attach_driver+0x2ce/0x530
[  111.102241][ T5948]  bus_for_each_drv+0x251/0x2e0
[  111.107104][ T5948]  __device_attach+0x2b8/0x400
[  111.111876][ T5948]  bus_probe_device+0x185/0x260
[  111.116737][ T5948]  device_add+0x7b6/0xb50
[  111.121071][ T5948]  usb_new_device+0xa39/0x16f0
[  111.125847][ T5948]  hub_event+0x2958/0x4a20
[  111.130276][ T5948]  process_scheduled_works+0xae1/0x17b0
[  111.135830][ T5948]  worker_thread+0x8a0/0xda0
[  111.140469][ T5948]  kthread+0x711/0x8a0
[  111.144553][ T5948]  ret_from_fork+0x47c/0x820
[  111.149763][ T5948]  ret_from_fork_asm+0x1a/0x30
[  111.154537][ T5948] 
[  111.156897][ T5948] Freed by task 5948:
[  111.160878][ T5948]  kasan_save_track+0x3e/0x80
[  111.165566][ T5948]  __kasan_save_free_info+0x46/0x50
[  111.170776][ T5948]  __kasan_slab_free+0x5b/0x80
[  111.175551][ T5948]  kfree+0x199/0x6d0
[  111.179463][ T5948]  media_devnode_release+0x61/0xa0
[  111.184689][ T5948]  device_release+0x9c/0x1c0
[  111.189306][ T5948]  kobject_put+0x228/0x480
[  111.193734][ T5948]  media_devnode_unregister+0x6d/0xf0
[  111.199122][ T5948]  media_device_unregister+0x37c/0x400
[  111.204590][ T5948]  em28xx_release_resources+0xac/0x240
[  111.210060][ T5948]  em28xx_usb_disconnect+0x19f/0x2f0
[  111.215357][ T5948]  usb_unbind_interface+0x26e/0x910
[  111.220567][ T5948]  device_release_driver_internal+0x4d6/0x800
[  111.226644][ T5948]  bus_remove_device+0x34d/0x410
[  111.231598][ T5948]  device_del+0x511/0x8e0
[  111.235936][ T5948]  usb_disable_device+0x3e9/0x8a0
[  111.240971][ T5948]  usb_disconnect+0x330/0x950
[  111.245658][ T5948]  hub_event+0x1cf5/0x4a20
[  111.250084][ T5948]  process_scheduled_works+0xae1/0x17b0
[  111.255637][ T5948]  worker_thread+0x8a0/0xda0
[  111.260231][ T5948]  kthread+0x711/0x8a0
[  111.264311][ T5948]  ret_from_fork+0x47c/0x820
[  111.268912][ T5948]  ret_from_fork_asm+0x1a/0x30
[  111.273685][ T5948] 
[  111.276015][ T5948] The buggy address belongs to the object at ffff888028690000
[  111.276015][ T5948]  which belongs to the cache kmalloc-2k of size 2048
[  111.290073][ T5948] The buggy address is located 1264 bytes inside of
[  111.290073][ T5948]  freed 2048-byte region [ffff888028690000, ffff888028690800)
[  111.304050][ T5948] 
[  111.306392][ T5948] The buggy address belongs to the physical page:
[  111.312904][ T5948] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28690
[  111.321761][ T5948] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  111.330351][ T5948] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  111.337988][ T5948] page_type: f5(slab)
[  111.341978][ T5948] raw: 00fff00000000040 ffff88801a842000 dead000000000122 0000000000000000
[  111.350831][ T5948] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[  111.359423][ T5948] head: 00fff00000000040 ffff88801a842000 dead000000000122 0000000000000000
[  111.368102][ T5948] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[  111.376778][ T5948] head: 00fff00000000003 ffffea0000a1a401 00000000ffffffff 00000000ffffffff
[  111.385457][ T5948] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  111.394127][ T5948] page dumped because: kasan: bad access detected
[  111.400556][ T5948] page_owner tracks the page as allocated
[  111.406274][ T5948] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5948, tgid 5948 (kworker/1:4), ts 110586984789, free_ts 109589218044
[  111.427909][ T5948]  post_alloc_hook+0x240/0x2a0
[  111.432685][ T5948]  get_page_from_freelist+0x21e4/0x22c0
[  111.438242][ T5948]  __alloc_frozen_pages_noprof+0x181/0x370
[  111.444055][ T5948]  alloc_pages_mpol+0x232/0x4a0
[  111.448912][ T5948]  allocate_slab+0x8a/0x330
[  111.453426][ T5948]  ___slab_alloc+0xbd1/0x13f0
[  111.458137][ T5948]  __slab_alloc+0x55/0xa0
[  111.462497][ T5948]  __kmalloc_cache_noprof+0x411/0x6f0
[  111.467891][ T5948]  __media_device_register+0x58/0x280
[  111.473357][ T5948]  em28xx_usb_probe+0x1764/0x2a20
[  111.478391][ T5948]  usb_probe_interface+0x665/0xc30
[  111.483510][ T5948]  really_probe+0x26a/0x9e0
[  111.488108][ T5948]  __driver_probe_device+0x18c/0x2f0
[  111.493397][ T5948]  driver_probe_device+0x4f/0x430
[  111.498430][ T5948]  __device_attach_driver+0x2ce/0x530
[  111.503813][ T5948]  bus_for_each_drv+0x251/0x2e0
[  111.508683][ T5948] page last free pid 6039 tgid 6039 stack trace:
[  111.515011][ T5948]  __free_frozen_pages+0xbc4/0xd30
[  111.520159][ T5948]  __put_partials+0x146/0x170
[  111.524864][ T5948]  put_cpu_partial+0x17c/0x250
[  111.529661][ T5948]  __slab_free+0x2b9/0x390
[  111.534095][ T5948]  qlist_free_all+0x97/0x140
[  111.538687][ T5948]  kasan_quarantine_reduce+0x148/0x160
[  111.544150][ T5948]  __kasan_slab_alloc+0x22/0x80
[  111.549003][ T5948]  __kmalloc_noprof+0x3c3/0x7f0
[  111.553859][ T5948]  tomoyo_realpath_from_path+0xe3/0x5d0
[  111.559420][ T5948]  tomoyo_path_perm+0x213/0x4b0
[  111.564282][ T5948]  security_inode_getattr+0x12f/0x330
[  111.569659][ T5948]  __x64_sys_newfstat+0xfc/0x200
[  111.574610][ T5948]  do_syscall_64+0xfa/0xfa0
[  111.579149][ T5948]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.585046][ T5948] 
[  111.587372][ T5948] Memory state around the buggy address:
[  111.593090][ T5948]  ffff888028690380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  111.601161][ T5948]  ffff888028690400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  111.609236][ T5948] >ffff888028690480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  111.617305][ T5948]                                                              ^
[  111.625054][ T5948]  ffff888028690500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  111.633127][ T5948]  ffff888028690580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  111.641227][ T5948] ==================================================================
[  111.658596][ T5180] Bluetooth: hci0: command tx timeout
[  111.675163][ T5948] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  111.682435][ T5948] CPU: 1 UID: 0 PID: 5948 Comm: kworker/1:4 Not tainted syzkaller #0 PREEMPT(full) 
[  111.691929][ T5948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  111.702017][ T5948] Workqueue: usb_hub_wq hub_event
[  111.707080][ T5948] Call Trace:
[  111.710371][ T5948]  <TASK>
[  111.713306][ T5948]  dump_stack_lvl+0x99/0x250
[  111.717915][ T5948]  ? __asan_memcpy+0x40/0x70
[  111.722531][ T5948]  ? __pfx_dump_stack_lvl+0x10/0x10
[  111.727746][ T5948]  ? __pfx__printk+0x10/0x10
[  111.732350][ T5948]  vpanic+0x237/0x6d0
[  111.736344][ T5948]  ? __pfx_vpanic+0x10/0x10
[  111.740850][ T5948]  ? preempt_schedule+0xae/0xc0
[  111.745709][ T5948]  ? __pfx_preempt_schedule+0x10/0x10
[  111.751098][ T5948]  panic+0xb9/0xc0
[  111.754826][ T5948]  ? __pfx_panic+0x10/0x10
[  111.759246][ T5948]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  111.765160][ T5948]  ? media_devnode_unregister+0xe2/0xf0
[  111.770715][ T5948]  check_panic_on_warn+0x89/0xb0
[  111.775765][ T5948]  ? media_devnode_unregister+0xe2/0xf0
[  111.781365][ T5948]  end_report+0x78/0x160
[  111.785642][ T5948]  kasan_report+0x129/0x150
[  111.790262][ T5948]  ? media_devnode_unregister+0xe2/0xf0
[  111.795916][ T5948]  media_devnode_unregister+0xe2/0xf0
[  111.801327][ T5948]  media_device_unregister+0x37c/0x400
[  111.806806][ T5948]  em28xx_release_resources+0xac/0x240
[  111.812287][ T5948]  em28xx_usb_disconnect+0x19f/0x2f0
[  111.817594][ T5948]  usb_unbind_interface+0x26e/0x910
[  111.822808][ T5948]  ? __pfx_usb_unbind_interface+0x10/0x10
[  111.828541][ T5948]  device_release_driver_internal+0x4d6/0x800
[  111.834655][ T5948]  bus_remove_device+0x34d/0x410
[  111.839614][ T5948]  device_del+0x511/0x8e0
[  111.843955][ T5948]  ? __pfx_device_del+0x10/0x10
[  111.848818][ T5948]  ? kobject_put+0x446/0x480
[  111.853431][ T5948]  usb_disable_device+0x3e9/0x8a0
[  111.858469][ T5948]  usb_disconnect+0x330/0x950
[  111.863178][ T5948]  hub_event+0x1cf5/0x4a20
[  111.867615][ T5948]  ? do_raw_spin_lock+0x121/0x290
[  111.872655][ T5948]  ? register_lock_class+0x51/0x320
[  111.877867][ T5948]  ? __pfx_hub_event+0x10/0x10
[  111.882639][ T5948]  ? process_scheduled_works+0x9ef/0x17b0
[  111.888369][ T5948]  ? _raw_spin_unlock_irq+0x23/0x50
[  111.893576][ T5948]  ? process_scheduled_works+0x9ef/0x17b0
[  111.899304][ T5948]  ? process_scheduled_works+0x9ef/0x17b0
[  111.905034][ T5948]  process_scheduled_works+0xae1/0x17b0
[  111.910612][ T5948]  ? __pfx_process_scheduled_works+0x10/0x10
[  111.916614][ T5948]  worker_thread+0x8a0/0xda0
[  111.921241][ T5948]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  111.927614][ T5948]  ? __kthread_parkme+0x7b/0x200
[  111.932579][ T5948]  kthread+0x711/0x8a0
[  111.936668][ T5948]  ? __pfx_worker_thread+0x10/0x10
[  111.941793][ T5948]  ? __pfx_kthread+0x10/0x10
[  111.946837][ T5948]  ? _raw_spin_unlock_irq+0x23/0x50
[  111.952060][ T5948]  ? lockdep_hardirqs_on+0x9c/0x150
[  111.957389][ T5948]  ? __pfx_kthread+0x10/0x10
[  111.962004][ T5948]  ret_from_fork+0x47c/0x820
[  111.966609][ T5948]  ? __pfx_ret_from_fork+0x10/0x10
[  111.971732][ T5948]  ? __switch_to_asm+0x39/0x70
[  111.976510][ T5948]  ? __switch_to_asm+0x33/0x70
[  111.981277][ T5948]  ? __pfx_kthread+0x10/0x10
[  111.985891][ T5948]  ret_from_fork_asm+0x1a/0x30
[  111.990760][ T5948]  </TASK>
[  111.994262][ T5948] Kernel Offset: disabled
[  111.998622][ T5948] Rebooting in 86400 seconds..