Warning: Permanently added '10.128.1.50' (ED25519) to the list of known hosts.
2025/10/09 17:50:25 parsed 1 programs
[ 74.892977][ T5830] cgroup: Unknown subsys name 'net'
[ 75.019595][ T5830] cgroup: Unknown subsys name 'cpuset'
[ 75.027981][ T5830] cgroup: Unknown subsys name 'rlimit'
[ 76.404543][ T5830] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 79.166735][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 79.174973][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 79.200625][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 79.209676][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 79.242876][ T5837] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 81.390526][ T5892] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 81.401287][ T5892] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 81.409761][ T5892] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 81.425745][ T5892] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 81.434793][ T5892] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 82.170822][ T5903] chnl_net:caif_netlink_parms(): no params data found
[ 82.252591][ T5903] bridge0: port 1(bridge_slave_0) entered blocking state
[ 82.261527][ T5903] bridge0: port 1(bridge_slave_0) entered disabled state
[ 82.268838][ T5903] bridge_slave_0: entered allmulticast mode
[ 82.276547][ T5903] bridge_slave_0: entered promiscuous mode
[ 82.285593][ T5903] bridge0: port 2(bridge_slave_1) entered blocking state
[ 82.292830][ T5903] bridge0: port 2(bridge_slave_1) entered disabled state
[ 82.300066][ T5903] bridge_slave_1: entered allmulticast mode
[ 82.307220][ T5903] bridge_slave_1: entered promiscuous mode
[ 82.338041][ T5903] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 82.349263][ T5903] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 82.380389][ T5903] team0: Port device team_slave_0 added
[ 82.388470][ T5903] team0: Port device team_slave_1 added
[ 82.418163][ T5903] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 82.425151][ T5903] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 82.451132][ T5903] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 82.464717][ T5903] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 82.471731][ T5903] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 82.497651][ T5903] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 82.545735][ T5903] hsr_slave_0: entered promiscuous mode
[ 82.552310][ T5903] hsr_slave_1: entered promiscuous mode
[ 82.678511][ T5903] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 82.691535][ T5903] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 82.702027][ T5903] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 82.712268][ T5903] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 82.739318][ T5903] bridge0: port 2(bridge_slave_1) entered blocking state
[ 82.746550][ T5903] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 82.754310][ T5903] bridge0: port 1(bridge_slave_0) entered blocking state
[ 82.761589][ T5903] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 82.811199][ T5903] 8021q: adding VLAN 0 to HW filter on device bond0
[ 82.828144][ T50] bridge0: port 1(bridge_slave_0) entered disabled state
[ 82.837602][ T50] bridge0: port 2(bridge_slave_1) entered disabled state
[ 82.853691][ T5903] 8021q: adding VLAN 0 to HW filter on device team0
[ 82.868372][ T36] bridge0: port 1(bridge_slave_0) entered blocking state
[ 82.875477][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 82.889261][ T50] bridge0: port 2(bridge_slave_1) entered blocking state
[ 82.896448][ T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 82.962300][ T5903] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 83.002694][ T5903] veth0_vlan: entered promiscuous mode
[ 83.012638][ T5903] veth1_vlan: entered promiscuous mode
[ 83.038568][ T5903] veth0_macvtap: entered promiscuous mode
[ 83.048088][ T5903] veth1_macvtap: entered promiscuous mode
[ 83.065462][ T5903] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 83.080560][ T5903] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 83.094481][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.107478][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.119316][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.129106][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.264412][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 83.321561][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 83.403389][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/10/09 17:50:37 executed programs: 0
[ 84.434729][ T5147] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 84.442821][ T5147] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 84.451897][ T5147] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 84.461762][ T5147] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 84.469985][ T5147] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 84.619060][ T5936] chnl_net:caif_netlink_parms(): no params data found
[ 84.687806][ T5936] bridge0: port 1(bridge_slave_0) entered blocking state
[ 84.694897][ T5936] bridge0: port 1(bridge_slave_0) entered disabled state
[ 84.702739][ T5936] bridge_slave_0: entered allmulticast mode
[ 84.710290][ T5936] bridge_slave_0: entered promiscuous mode
[ 84.718239][ T5936] bridge0: port 2(bridge_slave_1) entered blocking state
[ 84.725305][ T5936] bridge0: port 2(bridge_slave_1) entered disabled state
[ 84.733181][ T5936] bridge_slave_1: entered allmulticast mode
[ 84.740442][ T5936] bridge_slave_1: entered promiscuous mode
[ 84.775656][ T5936] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 84.787943][ T5936] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 84.819828][ T5936] team0: Port device team_slave_0 added
[ 84.829779][ T5936] team0: Port device team_slave_1 added
[ 84.855043][ T5936] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 84.862198][ T5936] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 84.888150][ T5936] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 84.900696][ T5936] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 84.907720][ T5936] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 84.933635][ T5936] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 84.985922][ T5936] hsr_slave_0: entered promiscuous mode
[ 84.992598][ T5936] hsr_slave_1: entered promiscuous mode
[ 84.999612][ T5936] debugfs: 'hsr0' already exists in 'hsr'
[ 85.005420][ T5936] Cannot create hsr debugfs directory
[ 85.095805][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 86.497171][ T5147] Bluetooth: hci0: command tx timeout
[ 86.588842][ T12] bridge_slave_1: left allmulticast mode
[ 86.594741][ T12] bridge_slave_1: left promiscuous mode
[ 86.601465][ T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 86.614203][ T12] bridge_slave_0: left allmulticast mode
[ 86.620864][ T12] bridge_slave_0: left promiscuous mode
[ 86.626941][ T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 86.826390][ T981] cfg80211: failed to load regulatory.db
[ 86.835114][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 86.846519][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 86.857037][ T12] bond0 (unregistering): Released all slaves
[ 86.974516][ T12] hsr_slave_0: left promiscuous mode
[ 86.982557][ T12] hsr_slave_1: left promiscuous mode
[ 86.989765][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 87.000559][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 87.009316][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 87.017056][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 87.037256][ T12] veth1_macvtap: left promiscuous mode
[ 87.042947][ T12] veth0_macvtap: left promiscuous mode
[ 87.049039][ T12] veth1_vlan: left promiscuous mode
[ 87.054916][ T12] veth0_vlan: left promiscuous mode
[ 87.449443][ T12] team0 (unregistering): Port device team_slave_1 removed
[ 87.474676][ T12] team0 (unregistering): Port device team_slave_0 removed
[ 87.921989][ T5936] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 87.948751][ T5936] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 87.961489][ T5936] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 87.976773][ T5936] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 88.269561][ T5936] 8021q: adding VLAN 0 to HW filter on device bond0
[ 88.312860][ T5936] 8021q: adding VLAN 0 to HW filter on device team0
[ 88.343913][ T36] bridge0: port 1(bridge_slave_0) entered blocking state
[ 88.351144][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 88.371546][ T36] bridge0: port 2(bridge_slave_1) entered blocking state
[ 88.378974][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 88.528402][ T5936] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 88.578688][ T5147] Bluetooth: hci0: command tx timeout
[ 88.589452][ T5936] veth0_vlan: entered promiscuous mode
[ 88.603203][ T5936] veth1_vlan: entered promiscuous mode
[ 88.645172][ T5936] veth0_macvtap: entered promiscuous mode
[ 88.657060][ T5936] veth1_macvtap: entered promiscuous mode
[ 88.681760][ T5936] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 88.701605][ T5936] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 88.720146][ T62] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 88.741132][ T62] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 88.756767][ T62] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 88.765568][ T62] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 88.821614][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 88.835951][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 88.863083][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 88.871961][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 89.166868][ T1209] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 89.326266][ T1209] usb 2-1: Using ep0 maxpacket: 8
[ 89.334091][ T1209] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 89.344152][ T1209] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 89.353984][ T1209] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 89.364347][ T1209] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 89.377831][ T1209] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 89.386979][ T1209] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 89.601248][ T1209] usb 2-1: GET_CAPABILITIES returned 0
[ 89.606924][ T1209] usbtmc 2-1:16.0: can't read capabilities
[ 89.803537][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[ 89.813561][ C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[ 89.822635][ C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[ 89.831670][ C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[ 89.840701][ C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[ 89.850742][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[ 89.859789][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[ 89.868811][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[ 89.877841][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[ 89.886876][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[ 89.895907][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[ 89.904937][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[ 89.919001][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[ 89.928074][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[ 89.938187][ C1] ==================================================================
[ 89.946280][ C1] BUG: KASAN: slab-use-after-free in usb_anchor_suspend_wakeups+0x28/0x50
[ 89.954796][ C1] Write of size 4 at addr ffff8880722fb910 by task syz.1.17/5993
[ 89.962489][ C1]
[ 89.964806][ C1] CPU: 1 UID: 0 PID: 5993 Comm: syz.1.17 Not tainted syzkaller #0 PREEMPT(full)
[ 89.964818][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 89.964835][ C1] Call Trace:
[ 89.964841][ C1]
[ 89.964846][ C1] dump_stack_lvl+0x189/0x250
[ 89.964860][ C1] ? rcu_is_watching+0x15/0xb0
[ 89.964871][ C1] ? __kasan_check_byte+0x12/0x40
[ 89.964887][ C1] ? __pfx_dump_stack_lvl+0x10/0x10
[ 89.964896][ C1] ? rcu_is_watching+0x15/0xb0
[ 89.964907][ C1] ? lock_release+0x4b/0x3e0
[ 89.964917][ C1] ? __virt_addr_valid+0x1c8/0x5c0
[ 89.964931][ C1] ? __virt_addr_valid+0x4a5/0x5c0
[ 89.964943][ C1] print_report+0xca/0x240
[ 89.964956][ C1] ? usb_anchor_suspend_wakeups+0x28/0x50
[ 89.964966][ C1] kasan_report+0x118/0x150
[ 89.964975][ C1] ? usb_anchor_suspend_wakeups+0x28/0x50
[ 89.964986][ C1] kasan_check_range+0x2b0/0x2c0
[ 89.964996][ C1] usb_anchor_suspend_wakeups+0x28/0x50
[ 89.965006][ C1] __usb_hcd_giveback_urb+0x260/0x540
[ 89.965021][ C1] dummy_timer+0x85f/0x44c0
[ 89.965039][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 89.965057][ C1] ? __pfx_dummy_timer+0x10/0x10
[ 89.965069][ C1] ? __pfx_dummy_timer+0x10/0x10
[ 89.965081][ C1] ? __pfx_dummy_timer+0x10/0x10
[ 89.965092][ C1] __hrtimer_run_queues+0x52c/0xc60
[ 89.965103][ C1] ? ktime_get_update_offsets_now+0x67/0x3d0
[ 89.965120][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10
[ 89.965130][ C1] ? read_tsc+0x9/0x20
[ 89.965149][ C1] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 89.965161][ C1] hrtimer_run_softirq+0x187/0x2b0
[ 89.965173][ C1] handle_softirqs+0x283/0x870
[ 89.965183][ C1] ? __irq_exit_rcu+0xca/0x1f0
[ 89.965194][ C1] ? __pfx_handle_softirqs+0x10/0x10
[ 89.965206][ C1] __irq_exit_rcu+0xca/0x1f0
[ 89.965216][ C1] ? __pfx___irq_exit_rcu+0x10/0x10
[ 89.965227][ C1] irq_exit_rcu+0x9/0x30
[ 89.965236][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 89.965249][ C1]
[ 89.965252][ C1]
[ 89.965256][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 89.965267][ C1] RIP: 0010:lock_acquire+0x175/0x360
[ 89.965277][ C1] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 eb fc f3 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
[ 89.965285][ C1] RSP: 0018:ffffc90003d6f5d8 EFLAGS: 00000206
[ 89.965296][ C1] RAX: 966f91219cec4f00 RBX: 0000000000000000 RCX: 966f91219cec4f00
[ 89.965303][ C1] RDX: 0000000000000001 RSI: ffffffff8d9d150b RDI: ffffffff8bc074e0
[ 89.965310][ C1] RBP: ffffffff81731d25 R08: 0000000000000000 R09: ffffffff81731d25
[ 89.965317][ C1] R10: ffffc90003d6f798 R11: ffffffff81abbce0 R12: 0000000000000002
[ 89.965324][ C1] R13: ffffffff8e13d320 R14: 0000000000000000 R15: 0000000000000246
[ 89.965331][ C1] ? unwind_next_frame+0xa5/0x2390
[ 89.965342][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 89.965355][ C1] ? unwind_next_frame+0xa5/0x2390
[ 89.965369][ C1] ? unwind_next_frame+0xa5/0x2390
[ 89.965380][ C1] ? get_signal+0x11ec/0x1340
[ 89.965389][ C1] ? unwind_next_frame+0xa5/0x2390
[ 89.965400][ C1] unwind_next_frame+0xc2/0x2390
[ 89.965410][ C1] ? unwind_next_frame+0xa5/0x2390
[ 89.965422][ C1] ? unwind_next_frame+0xa5/0x2390
[ 89.965432][ C1] ? task_work_run+0x1d4/0x260
[ 89.965447][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 89.965459][ C1] arch_stack_walk+0x11c/0x150
[ 89.965472][ C1] ? get_signal+0x11ec/0x1340
[ 89.965482][ C1] stack_trace_save+0x9c/0xe0
[ 89.965495][ C1] ? __pfx_stack_trace_save+0x10/0x10
[ 89.965508][ C1] ? kasan_save_track+0x3e/0x80
[ 89.965520][ C1] ? __kasan_save_free_info+0x46/0x50
[ 89.965531][ C1] kasan_save_track+0x3e/0x80
[ 89.965544][ C1] ? kasan_save_track+0x3e/0x80
[ 89.965555][ C1] ? __kasan_kmalloc+0x93/0xb0
[ 89.965568][ C1] ? __kmalloc_cache_noprof+0x3d5/0x6f0
[ 89.965581][ C1] ? kmem_cache_free+0x16f/0x690
[ 89.965594][ C1] ? task_work_run+0x1d4/0x260
[ 89.965606][ C1] ? get_signal+0x11ec/0x1340
[ 89.965625][ C1] __kasan_kmalloc+0x93/0xb0
[ 89.965638][ C1] __kmalloc_cache_noprof+0x3d5/0x6f0
[ 89.965652][ C1] ? kmem_cache_free+0x16f/0x690
[ 89.965664][ C1] ? __phys_addr+0xd3/0x180
[ 89.965676][ C1] ? task_work_run+0x1d4/0x260
[ 89.965689][ C1] kmem_cache_free+0x16f/0x690
[ 89.965703][ C1] task_work_run+0x1d4/0x260
[ 89.965717][ C1] ? __pfx_task_work_run+0x10/0x10
[ 89.965732][ C1] get_signal+0x11ec/0x1340
[ 89.965746][ C1] arch_do_signal_or_restart+0xa0/0x790
[ 89.965761][ C1] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 89.965775][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 89.965788][ C1] ? __pfx_usbtmc_ioctl+0x10/0x10
[ 89.965802][ C1] ? exit_to_user_mode_loop+0x40/0x130
[ 89.965817][ C1] exit_to_user_mode_loop+0x72/0x130
[ 89.965832][ C1] do_syscall_64+0x2bd/0xfa0
[ 89.965844][ C1] ? lockdep_hardirqs_on+0x9c/0x150
[ 89.965855][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 89.965864][ C1] ? clear_bhb_loop+0x60/0xb0
[ 89.965874][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 89.965884][ C1] RIP: 0033:0x7fea1f18eec9
[ 89.965897][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 89.965905][ C1] RSP: 002b:00007fea2002e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 89.965915][ C1] RAX: ffffffffffffffea RBX: 00007fea1f3e5fa0 RCX: 00007fea1f18eec9
[ 89.965922][ C1] RDX: 0000200000000040 RSI: 00000000c0145b0e RDI: 0000000000000005
[ 89.965929][ C1] RBP: 00007fea1f211f91 R08: 0000000000000000 R09: 0000000000000000
[ 89.965935][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 89.965940][ C1] R13: 00007fea1f3e6038 R14: 00007fea1f3e5fa0 R15: 00007fea1f50fa28
[ 89.965951][ C1]
[ 89.965954][ C1]
[ 90.539099][ C1] Allocated by task 5993:
[ 90.543409][ C1] kasan_save_track+0x3e/0x80
[ 90.548087][ C1] __kasan_kmalloc+0x93/0xb0
[ 90.552673][ C1] __kmalloc_cache_noprof+0x3d5/0x6f0
[ 90.558034][ C1] usbtmc_open+0x9c/0x8e0
[ 90.562349][ C1] usb_open+0x153/0x1e0
[ 90.566493][ C1] chrdev_open+0x4c9/0x5e0
[ 90.570891][ C1] do_dentry_open+0x950/0x13f0
[ 90.575638][ C1] vfs_open+0x3b/0x340
[ 90.580038][ C1] path_openat+0x2ee5/0x3830
[ 90.584620][ C1] do_filp_open+0x1fa/0x410
[ 90.589111][ C1] do_sys_openat2+0x121/0x1c0
[ 90.593783][ C1] __x64_sys_openat+0x138/0x170
[ 90.598639][ C1] do_syscall_64+0xfa/0xfa0
[ 90.603144][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 90.609040][ C1]
[ 90.611364][ C1] Freed by task 5993:
[ 90.615329][ C1] kasan_save_track+0x3e/0x80
[ 90.620008][ C1] __kasan_save_free_info+0x46/0x50
[ 90.625196][ C1] __kasan_slab_free+0x5c/0x80
[ 90.629951][ C1] kfree+0x19a/0x6d0
[ 90.633834][ C1] usbtmc_release+0x246/0x280
[ 90.638495][ C1] __fput+0x44c/0xa70
[ 90.642464][ C1] task_work_run+0x1d4/0x260
[ 90.647046][ C1] get_signal+0x11ec/0x1340
[ 90.651538][ C1] arch_do_signal_or_restart+0xa0/0x790
[ 90.657085][ C1] exit_to_user_mode_loop+0x72/0x130
[ 90.662362][ C1] do_syscall_64+0x2bd/0xfa0
[ 90.666941][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 90.672819][ C1]
[ 90.675126][ C1] The buggy address belongs to the object at ffff8880722fb800
[ 90.675126][ C1] which belongs to the cache kmalloc-1k of size 1024
[ 90.689163][ C1] The buggy address is located 272 bytes inside of
[ 90.689163][ C1] freed 1024-byte region [ffff8880722fb800, ffff8880722fbc00)
[ 90.703037][ C1]
[ 90.705359][ C1] The buggy address belongs to the physical page:
[ 90.711769][ C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x722f8
[ 90.720519][ C1] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 90.729000][ C1] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 90.736537][ C1] page_type: f5(slab)
[ 90.740505][ C1] raw: 00fff00000000040 ffff88813ffa6dc0 dead000000000122 0000000000000000
[ 90.749075][ C1] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[ 90.757658][ C1] head: 00fff00000000040 ffff88813ffa6dc0 dead000000000122 0000000000000000
[ 90.766313][ C1] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[ 90.774967][ C1] head: 00fff00000000003 ffffea0001c8be01 00000000ffffffff 00000000ffffffff
[ 90.784061][ C1] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 90.792712][ C1] page dumped because: kasan: bad access detected
[ 90.799118][ C1] page_owner tracks the page as allocated
[ 90.804816][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 3480, tgid 3480 (kworker/u8:6), ts 89690555929, free_ts 88211621843
[ 90.824099][ C1] post_alloc_hook+0x240/0x2a0
[ 90.828857][ C1] get_page_from_freelist+0x2365/0x2440
[ 90.834386][ C1] __alloc_frozen_pages_noprof+0x181/0x370
[ 90.840174][ C1] alloc_pages_mpol+0x232/0x4a0
[ 90.845019][ C1] allocate_slab+0x96/0x3a0
[ 90.849512][ C1] ___slab_alloc+0xe94/0x1920
[ 90.854171][ C1] __slab_alloc+0x65/0x100
[ 90.858571][ C1] __kmalloc_noprof+0x471/0x7f0
[ 90.863410][ C1] ieee802_11_parse_elems_full+0x152/0x2ab0
[ 90.869302][ C1] ieee80211_ibss_rx_queued_mgmt+0x47a/0x2af0
[ 90.875355][ C1] ieee80211_iface_work+0x85f/0x12d0
[ 90.881065][ C1] cfg80211_wiphy_work+0x2b8/0x470
[ 90.886167][ C1] process_scheduled_works+0xae1/0x17b0
[ 90.891731][ C1] worker_thread+0x8a0/0xda0
[ 90.896305][ C1] kthread+0x711/0x8a0
[ 90.900363][ C1] ret_from_fork+0x4bc/0x870
[ 90.904937][ C1] page last free pid 12 tgid 12 stack trace:
[ 90.910894][ C1] __free_frozen_pages+0xbc4/0xd30
[ 90.915994][ C1] __put_partials+0x146/0x170
[ 90.920654][ C1] put_cpu_partial+0x1f2/0x2e0
[ 90.925402][ C1] __slab_free+0x2b9/0x390
[ 90.929806][ C1] qlist_free_all+0x97/0x140
[ 90.934385][ C1] kasan_quarantine_reduce+0x148/0x160
[ 90.939841][ C1] __kasan_slab_alloc+0x22/0x80
[ 90.944680][ C1] __kmalloc_cache_noprof+0x36f/0x6f0
[ 90.950047][ C1] gro_cells_destroy+0x357/0x430
[ 90.954981][ C1] ip_tunnel_dev_free+0x19/0x30
[ 90.959817][ C1] netdev_run_todo+0xcd4/0xea0
[ 90.964567][ C1] ops_undo_list+0x3e1/0x990
[ 90.969140][ C1] cleanup_net+0x4d8/0x820
[ 90.973541][ C1] process_scheduled_works+0xae1/0x17b0
[ 90.979073][ C1] worker_thread+0x8a0/0xda0
[ 90.983656][ C1] kthread+0x711/0x8a0
[ 90.987712][ C1]
[ 90.990021][ C1] Memory state around the buggy address:
[ 90.995632][ C1] ffff8880722fb800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 91.003690][ C1] ffff8880722fb880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 91.011752][ C1] >ffff8880722fb900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 91.019803][ C1] ^
[ 91.024376][ C1] ffff8880722fb980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 91.032457][ C1] ffff8880722fba00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 91.040507][ C1] ==================================================================
[ 91.048595][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 91.055790][ C1] CPU: 1 UID: 0 PID: 5993 Comm: syz.1.17 Not tainted syzkaller #0 PREEMPT(full)
[ 91.064893][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 91.074951][ C1] Call Trace:
[ 91.078235][ C1]
[ 91.081067][ C1] dump_stack_lvl+0x99/0x250
[ 91.085649][ C1] ? __asan_memcpy+0x40/0x70
[ 91.090235][ C1] ? __pfx_dump_stack_lvl+0x10/0x10
[ 91.095425][ C1] ? __pfx__printk+0x10/0x10
[ 91.100014][ C1] vpanic+0x237/0x6d0
[ 91.103992][ C1] ? __pfx_vpanic+0x10/0x10
[ 91.108492][ C1] panic+0xb9/0xc0
[ 91.112208][ C1] ? __pfx_panic+0x10/0x10
[ 91.116619][ C1] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 91.122505][ C1] ? usb_anchor_suspend_wakeups+0x28/0x50
[ 91.128212][ C1] check_panic_on_warn+0x89/0xb0
[ 91.133144][ C1] ? usb_anchor_suspend_wakeups+0x28/0x50
[ 91.138849][ C1] end_report+0x78/0x160
[ 91.143087][ C1] kasan_report+0x129/0x150
[ 91.147576][ C1] ? usb_anchor_suspend_wakeups+0x28/0x50
[ 91.153287][ C1] kasan_check_range+0x2b0/0x2c0
[ 91.158212][ C1] usb_anchor_suspend_wakeups+0x28/0x50
[ 91.163745][ C1] __usb_hcd_giveback_urb+0x260/0x540
[ 91.169113][ C1] dummy_timer+0x85f/0x44c0
[ 91.173616][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 91.178992][ C1] ? __pfx_dummy_timer+0x10/0x10
[ 91.183925][ C1] ? __pfx_dummy_timer+0x10/0x10
[ 91.188850][ C1] ? __pfx_dummy_timer+0x10/0x10
[ 91.193777][ C1] __hrtimer_run_queues+0x52c/0xc60
[ 91.198964][ C1] ? ktime_get_update_offsets_now+0x67/0x3d0
[ 91.204950][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10
[ 91.210656][ C1] ? read_tsc+0x9/0x20
[ 91.214717][ C1] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 91.220513][ C1] hrtimer_run_softirq+0x187/0x2b0
[ 91.225618][ C1] handle_softirqs+0x283/0x870
[ 91.230374][ C1] ? __irq_exit_rcu+0xca/0x1f0
[ 91.235129][ C1] ? __pfx_handle_softirqs+0x10/0x10
[ 91.240402][ C1] __irq_exit_rcu+0xca/0x1f0
[ 91.244977][ C1] ? __pfx___irq_exit_rcu+0x10/0x10
[ 91.250168][ C1] irq_exit_rcu+0x9/0x30
[ 91.254397][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 91.260030][ C1]
[ 91.262944][ C1]
[ 91.265866][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 91.271834][ C1] RIP: 0010:lock_acquire+0x175/0x360
[ 91.277107][ C1] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 eb fc f3 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
[ 91.296698][ C1] RSP: 0018:ffffc90003d6f5d8 EFLAGS: 00000206
[ 91.302760][ C1] RAX: 966f91219cec4f00 RBX: 0000000000000000 RCX: 966f91219cec4f00
[ 91.310720][ C1] RDX: 0000000000000001 RSI: ffffffff8d9d150b RDI: ffffffff8bc074e0
[ 91.318682][ C1] RBP: ffffffff81731d25 R08: 0000000000000000 R09: ffffffff81731d25
[ 91.326647][ C1] R10: ffffc90003d6f798 R11: ffffffff81abbce0 R12: 0000000000000002
[ 91.334602][ C1] R13: ffffffff8e13d320 R14: 0000000000000000 R15: 0000000000000246
[ 91.342558][ C1] ? unwind_next_frame+0xa5/0x2390
[ 91.347665][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 91.353840][ C1] ? unwind_next_frame+0xa5/0x2390
[ 91.358953][ C1] ? unwind_next_frame+0xa5/0x2390
[ 91.364055][ C1] ? get_signal+0x11ec/0x1340
[ 91.368719][ C1] ? unwind_next_frame+0xa5/0x2390
[ 91.373837][ C1] unwind_next_frame+0xc2/0x2390
[ 91.378789][ C1] ? unwind_next_frame+0xa5/0x2390
[ 91.383902][ C1] ? unwind_next_frame+0xa5/0x2390
[ 91.389006][ C1] ? task_work_run+0x1d4/0x260
[ 91.393766][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 91.399909][ C1] arch_stack_walk+0x11c/0x150
[ 91.404667][ C1] ? get_signal+0x11ec/0x1340
[ 91.409331][ C1] stack_trace_save+0x9c/0xe0
[ 91.414012][ C1] ? __pfx_stack_trace_save+0x10/0x10
[ 91.419388][ C1] ? kasan_save_track+0x3e/0x80
[ 91.424231][ C1] ? __kasan_save_free_info+0x46/0x50
[ 91.429640][ C1] kasan_save_track+0x3e/0x80
[ 91.434329][ C1] ? kasan_save_track+0x3e/0x80
[ 91.439175][ C1] ? __kasan_kmalloc+0x93/0xb0
[ 91.443935][ C1] ? __kmalloc_cache_noprof+0x3d5/0x6f0
[ 91.449480][ C1] ? kmem_cache_free+0x16f/0x690
[ 91.454410][ C1] ? task_work_run+0x1d4/0x260
[ 91.459166][ C1] ? get_signal+0x11ec/0x1340
[ 91.463871][ C1] __kasan_kmalloc+0x93/0xb0
[ 91.468461][ C1] __kmalloc_cache_noprof+0x3d5/0x6f0
[ 91.473835][ C1] ? kmem_cache_free+0x16f/0x690
[ 91.478818][ C1] ? __phys_addr+0xd3/0x180
[ 91.483316][ C1] ? task_work_run+0x1d4/0x260
[ 91.488074][ C1] kmem_cache_free+0x16f/0x690
[ 91.492849][ C1] task_work_run+0x1d4/0x260
[ 91.497446][ C1] ? __pfx_task_work_run+0x10/0x10
[ 91.502555][ C1] get_signal+0x11ec/0x1340
[ 91.507074][ C1] arch_do_signal_or_restart+0xa0/0x790
[ 91.512621][ C1] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 91.518598][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 91.524748][ C1] ? __pfx_usbtmc_ioctl+0x10/0x10
[ 91.529767][ C1] ? exit_to_user_mode_loop+0x40/0x130
[ 91.535224][ C1] exit_to_user_mode_loop+0x72/0x130
[ 91.540503][ C1] do_syscall_64+0x2bd/0xfa0
[ 91.545086][ C1] ? lockdep_hardirqs_on+0x9c/0x150
[ 91.550275][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 91.556332][ C1] ? clear_bhb_loop+0x60/0xb0
[ 91.561000][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 91.566884][ C1] RIP: 0033:0x7fea1f18eec9
[ 91.571307][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 91.590907][ C1] RSP: 002b:00007fea2002e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 91.599320][ C1] RAX: ffffffffffffffea RBX: 00007fea1f3e5fa0 RCX: 00007fea1f18eec9
[ 91.607282][ C1] RDX: 0000200000000040 RSI: 00000000c0145b0e RDI: 0000000000000005
[ 91.615333][ C1] RBP: 00007fea1f211f91 R08: 0000000000000000 R09: 0000000000000000
[ 91.623401][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 91.631384][ C1] R13: 00007fea1f3e6038 R14: 00007fea1f3e5fa0 R15: 00007fea1f50fa28
[ 91.639371][ C1]
[ 91.642633][ C1] Kernel Offset: disabled
[ 91.646939][ C1] Rebooting in 86400 seconds..