DUID 00:04:73:f3:4e:f0:17:a2:2c:d5:b8:ff:6a:f8:14:55:d6:9a
forked to background, child pid 3838
[ 58.648411][ T3839] 8021q: adding VLAN 0 to HW filter on device bond0
[ 58.661315][ T3839] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.235' (ED25519) to the list of known hosts.
syzkaller login: [ 84.688567][ T4163] cgroup: Unknown subsys name 'net'
[ 84.856125][ T4163] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 86.551219][ T4163] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 86.711990][ T4169] chnl_net:caif_netlink_parms(): no params data found
[ 86.768748][ T4169] bridge0: port 1(bridge_slave_0) entered blocking state
[ 86.778755][ T4169] bridge0: port 1(bridge_slave_0) entered disabled state
[ 86.788209][ T4169] device bridge_slave_0 entered promiscuous mode
[ 86.802427][ T4169] bridge0: port 2(bridge_slave_1) entered blocking state
[ 86.812096][ T4169] bridge0: port 2(bridge_slave_1) entered disabled state
[ 86.821374][ T4169] device bridge_slave_1 entered promiscuous mode
[ 86.847376][ T4169] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 86.861894][ T4169] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 86.899718][ T4169] team0: Port device team_slave_0 added
[ 86.908692][ T4169] team0: Port device team_slave_1 added
[ 86.930212][ T4169] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 86.938988][ T4169] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 86.972262][ T4169] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 86.986408][ T4169] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 86.994017][ T4169] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 87.023774][ T4169] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 87.068406][ T4169] device hsr_slave_0 entered promiscuous mode
[ 87.089046][ T4169] device hsr_slave_1 entered promiscuous mode
[ 87.204502][ T4169] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 87.221029][ T4169] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 87.231960][ T4169] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 87.242842][ T4169] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 87.273256][ T4169] bridge0: port 2(bridge_slave_1) entered blocking state
[ 87.281162][ T4169] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 87.289662][ T4169] bridge0: port 1(bridge_slave_0) entered blocking state
[ 87.298062][ T4169] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 87.353927][ T4169] 8021q: adding VLAN 0 to HW filter on device bond0
[ 87.370443][ T140] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 87.382703][ T140] bridge0: port 1(bridge_slave_0) entered disabled state
[ 87.392188][ T140] bridge0: port 2(bridge_slave_1) entered disabled state
[ 87.403439][ T140] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 87.419693][ T4169] 8021q: adding VLAN 0 to HW filter on device team0
[ 87.432438][ T140] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 87.446098][ T140] bridge0: port 1(bridge_slave_0) entered blocking state
[ 87.455354][ T140] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 87.471528][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 87.482519][ T1275] bridge0: port 2(bridge_slave_1) entered blocking state
[ 87.492282][ T1275] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 87.524895][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 87.534637][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 87.550614][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 87.562705][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 87.577057][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 87.590574][ T4169] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 87.613978][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 87.622991][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 87.639104][ T4169] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 87.661831][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 87.684219][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 87.693350][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 87.703331][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 87.716208][ T4169] device veth0_vlan entered promiscuous mode
[ 87.730978][ T4169] device veth1_vlan entered promiscuous mode
[ 87.759205][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 87.769040][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 87.783533][ T4169] device veth0_macvtap entered promiscuous mode
[ 87.797051][ T4169] device veth1_macvtap entered promiscuous mode
[ 87.821349][ T4169] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 87.832069][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 87.841756][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 87.850999][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 87.861940][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 87.874686][ T4169] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 87.885157][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 87.895377][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 87.909948][ T4169] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 87.921103][ T4169] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 87.930733][ T4169] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 87.941663][ T4169] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 88.013350][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 88.042030][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 88.047108][ T1275] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 88.052728][ T140] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 88.068013][ T1275] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 88.082911][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
executing program
[ 88.437940][ T7] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[ 88.678896][ T1336] Bluetooth: hci0: command 0x0409 tx timeout
[ 88.838629][ T7] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 88.852744][ T7] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[ 88.864672][ T7] usb 1-1: config 0 interface 0 has no altsetting 0
[ 88.872014][ T7] usb 1-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[ 88.881381][ T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 88.895423][ T7] usb 1-1: config 0 descriptor??
[ 89.382107][ T7] hid-steam 0003:28DE:1102.0001: unknown main item tag 0x0
[ 89.392648][ T7] hid-steam 0003:28DE:1102.0001: unknown main item tag 0x0
[ 89.402978][ T7] hid-steam 0003:28DE:1102.0001: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.0-1/input0
[ 89.421438][ T7] hid-steam 0003:28DE:1102.0002: unknown main item tag 0x0
[ 89.431470][ T7] hid-steam 0003:28DE:1102.0002: unknown main item tag 0x0
[ 89.451398][ T7] hid-steam 0003:28DE:1102.0002: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.0-1/input0
[ 89.548214][ T7] hid-steam 0003:28DE:1102.0001: Steam Controller 'XXXXXXXXXX' connected
[ 89.561575][ T7] input: Steam Controller as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:28DE:1102.0001/input/input5
[ 89.586206][ T4178] input: Steam Controller as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:28DE:1102.0001/input/input6
[ 89.615335][ T7] usb 1-1: USB disconnect, device number 2
executing program
[ 89.680634][ T7] hid-steam 0003:28DE:1102.0001: Steam Controller 'XXXXXXXXXX' disconnected
[ 90.068971][ T7] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[ 90.427942][ T7] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 90.442067][ T7] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[ 90.456228][ T7] usb 1-1: config 0 interface 0 has no altsetting 0
[ 90.463280][ T7] usb 1-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[ 90.482404][ T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 90.493797][ T7] usb 1-1: config 0 descriptor??
[ 90.758913][ T13] Bluetooth: hci0: command 0x041b tx timeout
[ 90.971108][ T7] hid-steam 0003:28DE:1102.0003: unknown main item tag 0x0
[ 90.981582][ T7] hid-steam 0003:28DE:1102.0003: unknown main item tag 0x0
[ 90.990509][ T7] hid-steam 0003:28DE:1102.0003: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.0-1/input0
[ 91.009096][ T7] hid-steam 0003:28DE:1102.0004: unknown main item tag 0x0
[ 91.017910][ T7] hid-steam 0003:28DE:1102.0004: unknown main item tag 0x0
[ 91.029304][ T7] hid-steam 0003:28DE:1102.0004: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.0-1/input0
[ 91.108016][ T7] hid-steam 0003:28DE:1102.0003: Steam Controller 'XXXXXXXXXX' connected
[ 91.119483][ T7] input: Steam Controller as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:28DE:1102.0003/input/input7
[ 91.151501][ T4166] ==================================================================
[ 91.160719][ T4166] BUG: KASAN: use-after-free in __mutex_lock_common+0x11e/0x25a0
[ 91.169443][ T4166] Read of size 8 at addr ffff88807de954e8 by task udevd/4166
[ 91.178615][ T4166]
[ 91.181228][ T4166] CPU: 1 PID: 4166 Comm: udevd Not tainted 5.15.178-syzkaller #0
[ 91.190822][ T4166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 91.204305][ T4166] Call Trace:
[ 91.209483][ T4166]
[ 91.212603][ T4166] dump_stack_lvl+0x1e3/0x2d0
[ 91.221457][ T4166] ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[ 91.227933][ T4166] ? _printk+0xd1/0x120
[ 91.233461][ T4166] ? __wake_up_klogd+0xcc/0x100
[ 91.239238][ T4166] ? panic+0x860/0x860
[ 91.243805][ T4166] ? _raw_spin_lock_irqsave+0xdd/0x120
[ 91.249328][ T4166] print_address_description+0x63/0x3b0
[ 91.256786][ T4166] ? __mutex_lock_common+0x11e/0x25a0
[ 91.262304][ T4166] kasan_report+0x16b/0x1c0
[ 91.266838][ T4166] ? __mutex_lock_common+0x11e/0x25a0
[ 91.272957][ T4166] __mutex_lock_common+0x11e/0x25a0
[ 91.278241][ T4166] ? rcu_lock_release+0x20/0x20
[ 91.283542][ T4166] ? rcu_lock_release+0x20/0x20
[ 91.288575][ T4166] ? steam_input_open+0x93/0x1b0
[ 91.293815][ T4166] ? mutex_lock_io_nested+0x60/0x60
[ 91.299793][ T4166] ? __mutex_lock_common+0x444/0x25a0
[ 91.306110][ T4166] ? input_open_device+0x4e/0x2d0
[ 91.311658][ T4166] mutex_lock_nested+0x17/0x20
[ 91.317061][ T4166] steam_input_open+0x93/0x1b0
[ 91.322256][ T4166] ? steam_input_register+0xbd0/0xbd0
[ 91.327880][ T4166] ? do_raw_spin_lock+0x14a/0x370
[ 91.335404][ T4166] input_open_device+0x188/0x2d0
[ 91.341799][ T4166] evdev_open+0x3ed/0x600
[ 91.346669][ T4166] chrdev_open+0x54a/0x630
[ 91.351690][ T4166] ? cd_forget+0x160/0x160
[ 91.358532][ T4166] ? do_raw_spin_unlock+0x137/0x8b0
[ 91.364291][ T4166] ? fsnotify_perm+0x47b/0x590
[ 91.369349][ T4166] ? cd_forget+0x160/0x160
[ 91.374084][ T4166] do_dentry_open+0x807/0xfb0
[ 91.379179][ T4166] path_openat+0x2705/0x2f20
[ 91.385125][ T4166] ? do_filp_open+0x460/0x460
[ 91.391737][ T4166] do_filp_open+0x21c/0x460
[ 91.396520][ T4166] ? vfs_tmpfile+0x2e0/0x2e0
[ 91.402776][ T4166] ? _raw_spin_unlock+0x24/0x40
[ 91.408797][ T4166] ? alloc_fd+0x598/0x630
[ 91.413992][ T4166] do_sys_openat2+0x13b/0x4f0
[ 91.420167][ T4166] ? do_sys_open+0x220/0x220
[ 91.425994][ T4166] ? __x64_sys_newfstatat+0x140/0x1b0
[ 91.432565][ T4166] __x64_sys_openat+0x243/0x290
[ 91.439692][ T4166] ? __ia32_sys_open+0x270/0x270
[ 91.445341][ T4166] ? syscall_enter_from_user_mode+0x2e/0x240
[ 91.453257][ T4166] ? lockdep_hardirqs_on+0x94/0x130
[ 91.460269][ T4166] ? syscall_enter_from_user_mode+0x2e/0x240
[ 91.466992][ T4166] do_syscall_64+0x3b/0xb0
[ 91.472054][ T4166] ? clear_bhb_loop+0x15/0x70
[ 91.477608][ T4166] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 91.484264][ T4166] RIP: 0033:0x7f998cd2c9a4
[ 91.489247][ T4166] Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83
[ 91.512951][ T4166] RSP: 002b:00007ffc18578f90 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 91.522111][ T4166] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f998cd2c9a4
[ 91.531586][ T4166] RDX: 0000000000080000 RSI: 0000555daf70d250 RDI: 00000000ffffff9c
[ 91.542086][ T4166] RBP: 0000555daf70d250 R08: 0000555daf721028 R09: 00007f998ce07b10
[ 91.552949][ T4166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000080000
[ 91.572547][ T4166] R13: 00007ffc18579158 R14: 0000000000000000 R15: 0000555daec94ed5
[ 91.593763][ T4166]
[ 91.599573][ T4166]
[ 91.602628][ T4166] Allocated by task 7:
[ 91.607319][ T4166] ____kasan_kmalloc+0xba/0xf0
[ 91.617826][ T4166] __kmalloc_node_track_caller+0x195/0x390
[ 91.625886][ T4166] devm_kmalloc+0x7a/0x290
[ 91.631731][ T4166] steam_probe+0x11d/0xaa0
[ 91.639550][ T4166] hid_device_probe+0x2a6/0x3a0
[ 91.645512][ T4166] really_probe+0x24e/0xb60
[ 91.650907][ T4166] __driver_probe_device+0x1a2/0x3d0
[ 91.657845][ T4166] driver_probe_device+0x50/0x420
[ 91.663283][ T4166] __device_attach_driver+0x2b9/0x500
[ 91.668918][ T4166] bus_for_each_drv+0x183/0x200
[ 91.674190][ T4166] __device_attach+0x359/0x570
[ 91.680229][ T4166] bus_probe_device+0xba/0x1e0
[ 91.685154][ T4166] device_add+0xb48/0xfd0
[ 91.690071][ T4166] hid_add_device+0x3a5/0x510
[ 91.696505][ T4166] usbhid_probe+0xb32/0xec0
[ 91.703815][ T4166] usb_probe_interface+0x5c0/0xaf0
[ 91.709894][ T4166] really_probe+0x24e/0xb60
[ 91.716256][ T4166] __driver_probe_device+0x1a2/0x3d0
[ 91.724340][ T4166] driver_probe_device+0x50/0x420
[ 91.730078][ T4166] __device_attach_driver+0x2b9/0x500
[ 91.738679][ T4166] bus_for_each_drv+0x183/0x200
[ 91.744841][ T4166] __device_attach+0x359/0x570
[ 91.749884][ T4166] bus_probe_device+0xba/0x1e0
[ 91.758768][ T4166] device_add+0xb48/0xfd0
[ 91.763864][ T4166] usb_set_configuration+0x19dd/0x2020
[ 91.772823][ T4166] usb_generic_driver_probe+0x84/0x140
[ 91.786224][ T4166] usb_probe_device+0x130/0x260
[ 91.792897][ T4166] really_probe+0x24e/0xb60
[ 91.799303][ T4166] __driver_probe_device+0x1a2/0x3d0
[ 91.805934][ T4166] driver_probe_device+0x50/0x420
[ 91.812919][ T4166] __device_attach_driver+0x2b9/0x500
[ 91.825508][ T4166] bus_for_each_drv+0x183/0x200
[ 91.832584][ T4166] __device_attach+0x359/0x570
[ 91.842445][ T4166] bus_probe_device+0xba/0x1e0
[ 91.847668][ T4166] device_add+0xb48/0xfd0
[ 91.852783][ T4166] usb_new_device+0xc21/0x18f0
[ 91.859755][ T4166] hub_event+0x2cdf/0x54c0
[ 91.865123][ T4166] process_one_work+0x8a1/0x10c0
[ 91.871312][ T4166] worker_thread+0xaca/0x1280
[ 91.876495][ T4166] kthread+0x3f6/0x4f0
[ 91.881053][ T4166] ret_from_fork+0x1f/0x30
[ 91.886024][ T4166]
[ 91.889443][ T4166] Freed by task 7:
[ 91.894657][ T4166] kasan_set_track+0x4b/0x80
[ 91.899823][ T4166] kasan_set_free_info+0x1f/0x40
[ 91.905056][ T4166] ____kasan_slab_free+0xd8/0x120
[ 91.910367][ T4166] slab_free_freelist_hook+0xdd/0x160
[ 91.916279][ T4166] kfree+0xf1/0x270
[ 91.920114][ T4166] devres_release_all+0x1c1/0x240
[ 91.925313][ T4166] device_release_driver_internal+0x51d/0x7f0
[ 91.931407][ T4166] bus_remove_device+0x2e5/0x400
[ 91.936377][ T4166] device_del+0x6e2/0xbd0
[ 91.940947][ T4166] hid_destroy_device+0x64/0x100
[ 91.948297][ T4166] usbhid_disconnect+0x9a/0xc0
[ 91.955005][ T4166] usb_unbind_interface+0x1cd/0x840
[ 91.961752][ T4166] device_release_driver_internal+0x50e/0x7f0
[ 91.968918][ T4166] bus_remove_device+0x2e5/0x400
[ 91.975028][ T4166] device_del+0x6e2/0xbd0
[ 91.979658][ T4166] usb_disable_device+0x3b8/0x840
[ 91.984815][ T4166] usb_disconnect+0x33c/0x8c0
[ 91.989779][ T4166] hub_event+0x1d58/0x54c0
[ 91.994352][ T4166] process_one_work+0x8a1/0x10c0
[ 91.999309][ T4166] worker_thread+0xdcf/0x1280
[ 92.004424][ T4166] kthread+0x3f6/0x4f0
[ 92.008487][ T4166] ret_from_fork+0x1f/0x30
[ 92.013580][ T4166]
[ 92.017282][ T4166] The buggy address belongs to the object at ffff88807de95400
[ 92.017282][ T4166] which belongs to the cache kmalloc-512 of size 512
[ 92.037071][ T4166] The buggy address is located 232 bytes inside of
[ 92.037071][ T4166] 512-byte region [ffff88807de95400, ffff88807de95600)
[ 92.052384][ T4166] The buggy address belongs to the page:
[ 92.058708][ T4166] page:ffffea0001f7a500 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7de94
[ 92.070295][ T4166] head:ffffea0001f7a500 order:2 compound_mapcount:0 compound_pincount:0
[ 92.083731][ T4166] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 92.094366][ T4166] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888017441c80
[ 92.105661][ T4166] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[ 92.117804][ T4166] page dumped because: kasan: bad access detected
[ 92.124329][ T4166] page_owner tracks the page as allocated
[ 92.131588][ T4166] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 13, ts 89309546664, free_ts 74146402385
[ 92.153558][ T4166] get_page_from_freelist+0x3b78/0x3d40
[ 92.159589][ T4166] __alloc_pages+0x272/0x700
[ 92.165373][ T4166] new_slab+0xbb/0x4b0
[ 92.170747][ T4166] ___slab_alloc+0x6f6/0xe10
[ 92.177770][ T4166] __kmalloc_node_track_caller+0x1f6/0x390
[ 92.184370][ T4166] __alloc_skb+0x12c/0x590
[ 92.189363][ T4166] __ipv6_ifa_notify+0x2db/0x11d0
[ 92.194742][ T4166] addrconf_dad_completed+0x18a/0xc40
[ 92.200503][ T4166] addrconf_dad_work+0xdd0/0x1720
[ 92.205889][ T4166] process_one_work+0x8a1/0x10c0
[ 92.215548][ T4166] worker_thread+0xaca/0x1280
[ 92.221376][ T4166] kthread+0x3f6/0x4f0
[ 92.225628][ T4166] ret_from_fork+0x1f/0x30
[ 92.231804][ T4166] page last free stack trace:
[ 92.238098][ T4166] free_unref_page_prepare+0xc34/0xcf0
[ 92.244511][ T4166] free_unref_page+0x95/0x2d0
[ 92.250645][ T4166] skb_release_data+0x411/0x8a0
[ 92.259169][ T4166] __kfree_skb+0x4c/0x60
[ 92.264206][ T4166] tcp_recvmsg_locked+0x1629/0x29b0
[ 92.270415][ T4166] tcp_recvmsg+0x24e/0x7f0
[ 92.276498][ T4166] inet_recvmsg+0x157/0x280
[ 92.281545][ T4166] sock_read_iter+0x353/0x480
[ 92.287103][ T4166] vfs_read+0xa93/0xe10
[ 92.287706][ T4182] usb 1-1: reset full-speed USB device number 3 using dummy_hcd
[ 92.291551][ T4166] ksys_read+0x1a2/0x2c0
[ 92.305185][ T4166] do_syscall_64+0x3b/0xb0
[ 92.310153][ T4166] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 92.317025][ T4166]
[ 92.319473][ T4166] Memory state around the buggy address:
[ 92.326084][ T4166] ffff88807de95380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 92.335977][ T4166] ffff88807de95400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 92.345178][ T4166] >ffff88807de95480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 92.354035][ T4166] ^
[ 92.363448][ T4166] ffff88807de95500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 92.372730][ T4166] ffff88807de95580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 92.382607][ T4166] ==================================================================
[ 92.395309][ T4166] Disabling lock debugging due to kernel taint
[ 92.409667][ T4166] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 92.410684][ T4180] input: Steam Controller as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:28DE:1102.0003/input/input8
[ 92.418189][ T4166] CPU: 1 PID: 4166 Comm: udevd Tainted: G B 5.15.178-syzkaller #0
[ 92.418238][ T4166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 92.418250][ T4166] Call Trace:
executing program
[ 92.418260][ T4166]
[ 92.418267][ T4166] dump_stack_lvl+0x1e3/0x2d0
[ 92.418294][ T4166] ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[ 92.418315][ T4166] ? panic+0x860/0x860
[ 92.418337][ T4166] ? rcu_is_watching+0x11/0xa0
[ 92.418359][ T4166] ? preempt_schedule_common+0xa6/0xd0
[ 92.418384][ T4166] panic+0x318/0x860
[ 92.418405][ T4166] ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 92.418428][ T4166] ? check_panic_on_warn+0x1d/0xa0
[ 92.418450][ T4166] ? fb_is_primary_device+0xd0/0xd0
[ 92.418476][ T4166] ? _raw_spin_unlock_irqrestore+0x128/0x130
[ 92.418501][ T4166] ? _raw_spin_unlock+0x40/0x40
[ 92.535534][ T4166] check_panic_on_warn+0x7e/0xa0
[ 92.540990][ T4166] ? __mutex_lock_common+0x11e/0x25a0
[ 92.546801][ T4166] end_report+0x6d/0xf0
[ 92.551795][ T4166] kasan_report+0x18e/0x1c0
[ 92.557705][ T4166] ? __mutex_lock_common+0x11e/0x25a0
[ 92.564477][ T4166] __mutex_lock_common+0x11e/0x25a0
[ 92.570613][ T4166] ? rcu_lock_release+0x20/0x20
[ 92.576677][ T4166] ? rcu_lock_release+0x20/0x20
[ 92.582543][ T4166] ? steam_input_open+0x93/0x1b0
[ 92.588363][ T4166] ? mutex_lock_io_nested+0x60/0x60
[ 92.594501][ T4166] ? __mutex_lock_common+0x444/0x25a0
[ 92.600553][ T4166] ? input_open_device+0x4e/0x2d0
[ 92.605850][ T4166] mutex_lock_nested+0x17/0x20
[ 92.611515][ T4166] steam_input_open+0x93/0x1b0
[ 92.616726][ T4166] ? steam_input_register+0xbd0/0xbd0
[ 92.624865][ T4166] ? do_raw_spin_lock+0x14a/0x370
[ 92.631777][ T4166] input_open_device+0x188/0x2d0
[ 92.638200][ T4166] evdev_open+0x3ed/0x600
[ 92.643304][ T4166] chrdev_open+0x54a/0x630
[ 92.648605][ T4166] ? cd_forget+0x160/0x160
[ 92.654349][ T4166] ? do_raw_spin_unlock+0x137/0x8b0
[ 92.660407][ T4166] ? fsnotify_perm+0x47b/0x590
[ 92.665950][ T4166] ? cd_forget+0x160/0x160
[ 92.670774][ T4166] do_dentry_open+0x807/0xfb0
[ 92.676618][ T4166] path_openat+0x2705/0x2f20
[ 92.682315][ T4166] ? do_filp_open+0x460/0x460
[ 92.688241][ T4166] do_filp_open+0x21c/0x460
[ 92.693415][ T4166] ? vfs_tmpfile+0x2e0/0x2e0
[ 92.698136][ T4166] ? _raw_spin_unlock+0x24/0x40
[ 92.703230][ T4166] ? alloc_fd+0x598/0x630
[ 92.708145][ T4166] do_sys_openat2+0x13b/0x4f0
[ 92.713553][ T4166] ? do_sys_open+0x220/0x220
[ 92.719366][ T4166] ? __x64_sys_newfstatat+0x140/0x1b0
[ 92.725236][ T4166] __x64_sys_openat+0x243/0x290
[ 92.731033][ T4166] ? __ia32_sys_open+0x270/0x270
[ 92.736697][ T4166] ? syscall_enter_from_user_mode+0x2e/0x240
[ 92.743122][ T4166] ? lockdep_hardirqs_on+0x94/0x130
[ 92.748797][ T4166] ? syscall_enter_from_user_mode+0x2e/0x240
[ 92.755177][ T4166] do_syscall_64+0x3b/0xb0
[ 92.760131][ T4166] ? clear_bhb_loop+0x15/0x70
[ 92.765330][ T4166] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 92.771621][ T4166] RIP: 0033:0x7f998cd2c9a4
[ 92.776210][ T4166] Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83
[ 92.796379][ T4166] RSP: 002b:00007ffc18578f90 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 92.806048][ T4166] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f998cd2c9a4
[ 92.807725][ T4182] usb 1-1: device descriptor read/64, error -71
[ 92.814514][ T4166] RDX: 0000000000080000 RSI: 0000555daf70d250 RDI: 00000000ffffff9c
[ 92.814533][ T4166] RBP: 0000555daf70d250 R08: 0000555daf721028 R09: 00007f998ce07b10
[ 92.814548][ T4166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000080000
[ 92.848116][ T4166] R13: 00007ffc18579158 R14: 0000000000000000 R15: 0000555daec94ed5
[ 92.858404][ T4166]
[ 92.862333][ T4166] Kernel Offset: disabled
[ 92.868085][ T4166] Rebooting in 86400 seconds..