Warning: Permanently added '10.128.1.28' (ED25519) to the list of known hosts.
2025/09/09 16:48:25 parsed 1 programs
[ 89.890231][ T5868] cgroup: Unknown subsys name 'net'
[ 89.987010][ T5868] cgroup: Unknown subsys name 'cpuset'
[ 89.996479][ T5868] cgroup: Unknown subsys name 'rlimit'
[ 91.691720][ T5868] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 92.025401][ T10] cfg80211: failed to load regulatory.db
[ 94.768399][ T5881] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 96.348414][ T5906] chnl_net:caif_netlink_parms(): no params data found
[ 96.478886][ T5906] bridge0: port 1(bridge_slave_0) entered blocking state
[ 96.487658][ T5906] bridge0: port 1(bridge_slave_0) entered disabled state
[ 96.495170][ T5906] bridge_slave_0: entered allmulticast mode
[ 96.502998][ T5906] bridge_slave_0: entered promiscuous mode
[ 96.516507][ T5906] bridge0: port 2(bridge_slave_1) entered blocking state
[ 96.523758][ T5906] bridge0: port 2(bridge_slave_1) entered disabled state
[ 96.530875][ T5906] bridge_slave_1: entered allmulticast mode
[ 96.538783][ T5906] bridge_slave_1: entered promiscuous mode
[ 96.574719][ T5906] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 96.588178][ T5906] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 96.631553][ T5906] team0: Port device team_slave_0 added
[ 96.639676][ T5906] team0: Port device team_slave_1 added
[ 96.669948][ T5906] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 96.677701][ T5906] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 96.704452][ T5906] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 96.717707][ T5906] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 96.724865][ T5906] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 96.750838][ T5906] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 96.795422][ T5906] hsr_slave_0: entered promiscuous mode
[ 96.802155][ T5906] hsr_slave_1: entered promiscuous mode
[ 96.950473][ T5906] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 96.964113][ T5906] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 96.975325][ T5906] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 96.986865][ T5906] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 97.018361][ T5906] bridge0: port 2(bridge_slave_1) entered blocking state
[ 97.025585][ T5906] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 97.033456][ T5906] bridge0: port 1(bridge_slave_0) entered blocking state
[ 97.040745][ T5906] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 97.098622][ T5906] 8021q: adding VLAN 0 to HW filter on device bond0
[ 97.118275][ T49] bridge0: port 1(bridge_slave_0) entered disabled state
[ 97.127535][ T49] bridge0: port 2(bridge_slave_1) entered disabled state
[ 97.144683][ T5906] 8021q: adding VLAN 0 to HW filter on device team0
[ 97.158849][ T49] bridge0: port 1(bridge_slave_0) entered blocking state
[ 97.166009][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 97.182388][ T1062] bridge0: port 2(bridge_slave_1) entered blocking state
[ 97.189576][ T1062] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 97.370753][ T5906] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 97.418269][ T5906] veth0_vlan: entered promiscuous mode
[ 97.429602][ T5906] veth1_vlan: entered promiscuous mode
[ 97.459463][ T5906] veth0_macvtap: entered promiscuous mode
[ 97.471685][ T5906] veth1_macvtap: entered promiscuous mode
[ 97.494604][ T5906] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 97.509308][ T5906] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 97.525870][ T49] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 97.536354][ T49] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 97.549391][ T49] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 97.559190][ T49] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 97.686314][ T1062] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 97.760185][ T1062] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 97.861502][ T1062] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 97.971744][ T1062] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 98.026388][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 98.037760][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 98.068239][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 98.078139][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 98.180365][ T5183] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 98.189031][ T5183] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 98.197264][ T5183] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 98.206227][ T5183] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 98.215685][ T5183] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/09/09 16:48:37 executed programs: 0
[ 99.761105][ T5183] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 99.770164][ T5183] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 99.778514][ T5183] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 99.789017][ T5183] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 99.797411][ T5183] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 99.964305][ T5972] chnl_net:caif_netlink_parms(): no params data found
[ 100.042166][ T5972] bridge0: port 1(bridge_slave_0) entered blocking state
[ 100.050053][ T5972] bridge0: port 1(bridge_slave_0) entered disabled state
[ 100.057849][ T5972] bridge_slave_0: entered allmulticast mode
[ 100.066198][ T5972] bridge_slave_0: entered promiscuous mode
[ 100.074979][ T5972] bridge0: port 2(bridge_slave_1) entered blocking state
[ 100.082210][ T5972] bridge0: port 2(bridge_slave_1) entered disabled state
[ 100.089703][ T5972] bridge_slave_1: entered allmulticast mode
[ 100.097778][ T5972] bridge_slave_1: entered promiscuous mode
[ 100.134994][ T5972] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 100.148214][ T5972] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 100.184806][ T5972] team0: Port device team_slave_0 added
[ 100.192700][ T5972] team0: Port device team_slave_1 added
[ 100.225635][ T5972] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 100.232696][ T5972] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 100.258639][ T5972] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 100.271262][ T5972] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 100.278316][ T5972] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 100.305328][ T5972] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 100.352520][ T5972] hsr_slave_0: entered promiscuous mode
[ 100.359644][ T5972] hsr_slave_1: entered promiscuous mode
[ 100.366724][ T5972] debugfs: 'hsr0' already exists in 'hsr'
[ 100.372817][ T5972] Cannot create hsr debugfs directory
[ 100.603590][ T1062] bridge_slave_1: left allmulticast mode
[ 100.609420][ T1062] bridge_slave_1: left promiscuous mode
[ 100.616520][ T1062] bridge0: port 2(bridge_slave_1) entered disabled state
[ 100.629160][ T1062] bridge_slave_0: left allmulticast mode
[ 100.636032][ T1062] bridge_slave_0: left promiscuous mode
[ 100.642211][ T1062] bridge0: port 1(bridge_slave_0) entered disabled state
[ 100.887380][ T1062] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 100.898760][ T1062] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 100.909778][ T1062] bond0 (unregistering): Released all slaves
[ 101.052728][ T1062] hsr_slave_0: left promiscuous mode
[ 101.059178][ T1062] hsr_slave_1: left promiscuous mode
[ 101.068604][ T1062] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 101.076412][ T1062] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 101.087685][ T1062] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 101.096438][ T1062] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 101.121457][ T1062] veth1_macvtap: left promiscuous mode
[ 101.130052][ T1062] veth0_macvtap: left promiscuous mode
[ 101.135886][ T1062] veth1_vlan: left promiscuous mode
[ 101.141310][ T1062] veth0_vlan: left promiscuous mode
[ 101.680347][ T1062] team0 (unregistering): Port device team_slave_1 removed
[ 101.748058][ T1062] team0 (unregistering): Port device team_slave_0 removed
[ 101.863993][ T5183] Bluetooth: hci0: command tx timeout
[ 102.363549][ T5972] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 102.376872][ T5972] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 102.397883][ T5972] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 102.419722][ T5972] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 102.925344][ T5972] 8021q: adding VLAN 0 to HW filter on device bond0
[ 102.957978][ T5972] 8021q: adding VLAN 0 to HW filter on device team0
[ 102.973209][ T1155] bridge0: port 1(bridge_slave_0) entered blocking state
[ 102.980405][ T1155] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 102.998700][ T1155] bridge0: port 2(bridge_slave_1) entered blocking state
[ 103.005910][ T1155] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 103.401418][ T5972] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 103.447878][ T5972] veth0_vlan: entered promiscuous mode
[ 103.466415][ T5972] veth1_vlan: entered promiscuous mode
[ 103.510896][ T5972] veth0_macvtap: entered promiscuous mode
[ 103.527356][ T5972] veth1_macvtap: entered promiscuous mode
[ 103.558940][ T5972] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 103.576788][ T5972] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 103.592425][ T1155] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.608684][ T1155] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.629095][ T1155] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.642271][ T1155] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.729372][ T1062] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 103.738174][ T1062] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 103.769592][ T75] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 103.778009][ T75] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 103.943942][ T5183] Bluetooth: hci0: command tx timeout
[ 104.093656][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 104.253339][ T9] usb 1-1: Using ep0 maxpacket: 16
[ 104.267183][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 104.281256][ T9] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 104.290467][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 104.298563][ T9] usb 1-1: Product: syz
[ 104.302731][ T9] usb 1-1: Manufacturer: syz
[ 104.307432][ T9] usb 1-1: SerialNumber: syz
[ 104.315887][ T9] usb 1-1: config 0 descriptor??
[ 104.326908][ T9] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 104.336216][ T9] em28xx 1-1:0.0: DVB interface 0 found: bulk
[ 104.585453][ T9] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[ 104.648956][ T9] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[ 104.657297][ T9] em28xx 1-1:0.0: board has no eeprom
[ 104.723252][ T9] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[ 104.731161][ T9] em28xx 1-1:0.0: dvb set to bulk mode.
[ 104.738438][ T1544] em28xx 1-1:0.0: Binding DVB extension
[ 104.756821][ T9] usb 1-1: USB disconnect, device number 2
[ 104.777630][ T9] em28xx 1-1:0.0: Disconnecting em28xx
[ 104.820240][ T1544] em28xx 1-1:0.0: Registering input extension
[ 104.828767][ T9] em28xx 1-1:0.0: Closing input extension
[ 104.837491][ T9] ==================================================================
[ 104.845584][ T9] BUG: KASAN: slab-use-after-free in media_devnode_unregister+0xe2/0xf0
[ 104.853930][ T9] Read of size 4 at addr ffff88807cf204f0 by task kworker/0:0/9
[ 104.861741][ T9]
[ 104.864067][ T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted syzkaller #0 PREEMPT(full)
[ 104.864084][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 104.864094][ T9] Workqueue: usb_hub_wq hub_event
[ 104.864113][ T9] Call Trace:
[ 104.864119][ T9]
[ 104.864125][ T9] dump_stack_lvl+0x189/0x250
[ 104.864147][ T9] ? rcu_is_watching+0x15/0xb0
[ 104.864163][ T9] ? __kasan_check_byte+0x12/0x40
[ 104.864179][ T9] ? __pfx_dump_stack_lvl+0x10/0x10
[ 104.864199][ T9] ? rcu_is_watching+0x15/0xb0
[ 104.864214][ T9] ? lock_release+0x4b/0x3e0
[ 104.864230][ T9] ? __virt_addr_valid+0x1c8/0x5c0
[ 104.864250][ T9] ? __virt_addr_valid+0x4a5/0x5c0
[ 104.864277][ T9] print_report+0xca/0x240
[ 104.864291][ T9] ? media_devnode_unregister+0xe2/0xf0
[ 104.864307][ T9] kasan_report+0x118/0x150
[ 104.864323][ T9] ? media_devnode_unregister+0xe2/0xf0
[ 104.864343][ T9] media_devnode_unregister+0xe2/0xf0
[ 104.864360][ T9] media_device_unregister+0x37c/0x400
[ 104.864386][ T9] em28xx_release_resources+0xac/0x240
[ 104.864407][ T9] em28xx_usb_disconnect+0x19f/0x2f0
[ 104.864427][ T9] usb_unbind_interface+0x26e/0x910
[ 104.864445][ T9] ? __pfx_usb_unbind_interface+0x10/0x10
[ 104.864461][ T9] device_release_driver_internal+0x4d6/0x800
[ 104.864480][ T9] bus_remove_device+0x34d/0x410
[ 104.864503][ T9] device_del+0x511/0x8e0
[ 104.864520][ T9] ? __pfx_device_del+0x10/0x10
[ 104.864534][ T9] ? kobject_put+0x446/0x480
[ 104.864558][ T9] usb_disable_device+0x3e9/0x8a0
[ 104.864574][ T9] usb_disconnect+0x330/0x950
[ 104.864596][ T9] hub_event+0x1cf5/0x4a20
[ 104.864618][ T9] ? do_raw_spin_lock+0x121/0x290
[ 104.864638][ T9] ? register_lock_class+0x51/0x320
[ 104.864657][ T9] ? __pfx_hub_event+0x10/0x10
[ 104.864670][ T9] ? process_scheduled_works+0x9ef/0x17b0
[ 104.864688][ T9] ? _raw_spin_unlock_irq+0x23/0x50
[ 104.864705][ T9] ? process_scheduled_works+0x9ef/0x17b0
[ 104.864720][ T9] ? process_scheduled_works+0x9ef/0x17b0
[ 104.864736][ T9] process_scheduled_works+0xae1/0x17b0
[ 104.864761][ T9] ? __pfx_process_scheduled_works+0x10/0x10
[ 104.864781][ T9] worker_thread+0x8a0/0xda0
[ 104.864805][ T9] kthread+0x711/0x8a0
[ 104.864825][ T9] ? __pfx_worker_thread+0x10/0x10
[ 104.864841][ T9] ? __pfx_kthread+0x10/0x10
[ 104.864860][ T9] ? _raw_spin_unlock_irq+0x23/0x50
[ 104.864876][ T9] ? lockdep_hardirqs_on+0x9c/0x150
[ 104.864894][ T9] ? __pfx_kthread+0x10/0x10
[ 104.864912][ T9] ret_from_fork+0x47c/0x820
[ 104.864929][ T9] ? __pfx_ret_from_fork+0x10/0x10
[ 104.864946][ T9] ? __switch_to_asm+0x39/0x70
[ 104.864959][ T9] ? __switch_to_asm+0x33/0x70
[ 104.864972][ T9] ? __pfx_kthread+0x10/0x10
[ 104.864991][ T9] ret_from_fork_asm+0x1a/0x30
[ 104.865010][ T9]
[ 104.865015][ T9]
[ 105.141732][ T9] Allocated by task 9:
[ 105.145799][ T9] kasan_save_track+0x3e/0x80
[ 105.150484][ T9] __kasan_kmalloc+0x93/0xb0
[ 105.155155][ T9] __kmalloc_cache_noprof+0x3d5/0x6f0
[ 105.160522][ T9] __media_device_register+0x58/0x280
[ 105.165889][ T9] em28xx_usb_probe+0x1764/0x2a20
[ 105.170916][ T9] usb_probe_interface+0x665/0xc30
[ 105.176027][ T9] really_probe+0x26a/0x9e0
[ 105.180526][ T9] __driver_probe_device+0x18c/0x2f0
[ 105.185808][ T9] driver_probe_device+0x4f/0x430
[ 105.190834][ T9] __device_attach_driver+0x2ce/0x530
[ 105.196208][ T9] bus_for_each_drv+0x251/0x2e0
[ 105.201066][ T9] __device_attach+0x2b8/0x400
[ 105.205830][ T9] bus_probe_device+0x185/0x260
[ 105.210682][ T9] device_add+0x7b6/0xb50
[ 105.215008][ T9] usb_set_configuration+0x1a87/0x20e0
[ 105.220467][ T9] usb_generic_driver_probe+0x8d/0x150
[ 105.225926][ T9] usb_probe_device+0x1c1/0x390
[ 105.230784][ T9] really_probe+0x26a/0x9e0
[ 105.235298][ T9] __driver_probe_device+0x18c/0x2f0
[ 105.240585][ T9] driver_probe_device+0x4f/0x430
[ 105.245697][ T9] __device_attach_driver+0x2ce/0x530
[ 105.251076][ T9] bus_for_each_drv+0x251/0x2e0
[ 105.255939][ T9] __device_attach+0x2b8/0x400
[ 105.260705][ T9] bus_probe_device+0x185/0x260
[ 105.265905][ T9] device_add+0x7b6/0xb50
[ 105.270230][ T9] usb_new_device+0xa39/0x16f0
[ 105.274997][ T9] hub_event+0x2958/0x4a20
[ 105.279415][ T9] process_scheduled_works+0xae1/0x17b0
[ 105.284963][ T9] worker_thread+0x8a0/0xda0
[ 105.289554][ T9] kthread+0x711/0x8a0
[ 105.293626][ T9] ret_from_fork+0x47c/0x820
[ 105.298220][ T9] ret_from_fork_asm+0x1a/0x30
[ 105.302983][ T9]
[ 105.305308][ T9] Freed by task 9:
[ 105.309056][ T9] kasan_save_track+0x3e/0x80
[ 105.313727][ T9] __kasan_save_free_info+0x46/0x50
[ 105.318924][ T9] __kasan_slab_free+0x5b/0x80
[ 105.323682][ T9] kfree+0x199/0x6d0
[ 105.327633][ T9] media_devnode_release+0x61/0xa0
[ 105.332751][ T9] device_release+0x9c/0x1c0
[ 105.337344][ T9] kobject_put+0x228/0x480
[ 105.341871][ T9] media_devnode_unregister+0x6d/0xf0
[ 105.347285][ T9] media_device_unregister+0x37c/0x400
[ 105.352762][ T9] em28xx_release_resources+0xac/0x240
[ 105.358232][ T9] em28xx_usb_disconnect+0x19f/0x2f0
[ 105.363535][ T9] usb_unbind_interface+0x26e/0x910
[ 105.368759][ T9] device_release_driver_internal+0x4d6/0x800
[ 105.374913][ T9] bus_remove_device+0x34d/0x410
[ 105.379860][ T9] device_del+0x511/0x8e0
[ 105.384184][ T9] usb_disable_device+0x3e9/0x8a0
[ 105.389206][ T9] usb_disconnect+0x330/0x950
[ 105.393887][ T9] hub_event+0x1cf5/0x4a20
[ 105.398301][ T9] process_scheduled_works+0xae1/0x17b0
[ 105.403842][ T9] worker_thread+0x8a0/0xda0
[ 105.408438][ T9] kthread+0x711/0x8a0
[ 105.412537][ T9] ret_from_fork+0x47c/0x820
[ 105.417135][ T9] ret_from_fork_asm+0x1a/0x30
[ 105.421915][ T9]
[ 105.424245][ T9] The buggy address belongs to the object at ffff88807cf20000
[ 105.424245][ T9] which belongs to the cache kmalloc-2k of size 2048
[ 105.438315][ T9] The buggy address is located 1264 bytes inside of
[ 105.438315][ T9] freed 2048-byte region [ffff88807cf20000, ffff88807cf20800)
[ 105.452294][ T9]
[ 105.454621][ T9] The buggy address belongs to the physical page:
[ 105.461029][ T9] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7cf20
[ 105.469794][ T9] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 105.478296][ T9] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 105.485836][ T9] page_type: f5(slab)
[ 105.489814][ T9] raw: 00fff00000000040 ffff88801a842000 dead000000000122 0000000000000000
[ 105.498403][ T9] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[ 105.506993][ T9] head: 00fff00000000040 ffff88801a842000 dead000000000122 0000000000000000
[ 105.515747][ T9] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[ 105.524503][ T9] head: 00fff00000000003 ffffea0001f3c801 00000000ffffffff 00000000ffffffff
[ 105.533169][ T9] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 105.541831][ T9] page dumped because: kasan: bad access detected
[ 105.548241][ T9] page_owner tracks the page as allocated
[ 105.553953][ T9] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 9, tgid 9 (kworker/0:0), ts 104744933156, free_ts 104528406871
[ 105.574879][ T9] post_alloc_hook+0x240/0x2a0
[ 105.579652][ T9] get_page_from_freelist+0x21e4/0x22c0
[ 105.585199][ T9] __alloc_frozen_pages_noprof+0x181/0x370
[ 105.591020][ T9] alloc_pages_mpol+0x232/0x4a0
[ 105.595868][ T9] allocate_slab+0x8a/0x330
[ 105.600385][ T9] ___slab_alloc+0xbd1/0x13f0
[ 105.605088][ T9] __slab_alloc+0x55/0xa0
[ 105.609459][ T9] __kmalloc_cache_noprof+0x411/0x6f0
[ 105.614840][ T9] __media_device_register+0x58/0x280
[ 105.620220][ T9] em28xx_usb_probe+0x1764/0x2a20
[ 105.625364][ T9] usb_probe_interface+0x665/0xc30
[ 105.630483][ T9] really_probe+0x26a/0x9e0
[ 105.634987][ T9] __driver_probe_device+0x18c/0x2f0
[ 105.640271][ T9] driver_probe_device+0x4f/0x430
[ 105.645296][ T9] __device_attach_driver+0x2ce/0x530
[ 105.650670][ T9] bus_for_each_drv+0x251/0x2e0
[ 105.655524][ T9] page last free pid 5233 tgid 5233 stack trace:
[ 105.661844][ T9] __free_frozen_pages+0xbc4/0xd30
[ 105.667069][ T9] __slab_free+0x2e7/0x390
[ 105.671492][ T9] qlist_free_all+0x97/0x140
[ 105.676077][ T9] kasan_quarantine_reduce+0x148/0x160
[ 105.681529][ T9] __kasan_slab_alloc+0x22/0x80
[ 105.686539][ T9] kmem_cache_alloc_node_noprof+0x433/0x710
[ 105.692452][ T9] dup_task_struct+0x52/0x830
[ 105.697148][ T9] copy_process+0x54b/0x3c00
[ 105.701748][ T9] kernel_clone+0x21e/0x840
[ 105.706254][ T9] __x64_sys_clone+0x18b/0x1e0
[ 105.711023][ T9] do_syscall_64+0xfa/0xfa0
[ 105.715532][ T9] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 105.721427][ T9]
[ 105.723760][ T9] Memory state around the buggy address:
[ 105.729388][ T9] ffff88807cf20380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 105.737470][ T9] ffff88807cf20400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 105.745884][ T9] >ffff88807cf20480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 105.753960][ T9] ^
[ 105.761754][ T9] ffff88807cf20500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 105.770425][ T9] ffff88807cf20580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 105.778477][ T9] ==================================================================
[ 105.813032][ T9] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 105.820279][ T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted syzkaller #0 PREEMPT(full)
[ 105.829499][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 105.839569][ T9] Workqueue: usb_hub_wq hub_event
[ 105.844604][ T9] Call Trace:
[ 105.847893][ T9]
[ 105.850817][ T9] dump_stack_lvl+0x99/0x250
[ 105.855425][ T9] ? __asan_memcpy+0x40/0x70
[ 105.860010][ T9] ? __pfx_dump_stack_lvl+0x10/0x10
[ 105.865222][ T9] ? __pfx__printk+0x10/0x10
[ 105.869821][ T9] vpanic+0x237/0x6d0
[ 105.873818][ T9] ? __pfx_vpanic+0x10/0x10
[ 105.878321][ T9] ? preempt_schedule+0xae/0xc0
[ 105.883170][ T9] ? __pfx_preempt_schedule+0x10/0x10
[ 105.888560][ T9] panic+0xb9/0xc0
[ 105.892325][ T9] ? __pfx_panic+0x10/0x10
[ 105.896743][ T9] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 105.902648][ T9] ? media_devnode_unregister+0xe2/0xf0
[ 105.908201][ T9] check_panic_on_warn+0x89/0xb0
[ 105.913151][ T9] ? media_devnode_unregister+0xe2/0xf0
[ 105.918702][ T9] end_report+0x78/0x160
[ 105.922949][ T9] kasan_report+0x129/0x150
[ 105.927452][ T9] ? media_devnode_unregister+0xe2/0xf0
[ 105.933061][ T9] media_devnode_unregister+0xe2/0xf0
[ 105.938436][ T9] media_device_unregister+0x37c/0x400
[ 105.943900][ T9] em28xx_release_resources+0xac/0x240
[ 105.949365][ T9] em28xx_usb_disconnect+0x19f/0x2f0
[ 105.954666][ T9] usb_unbind_interface+0x26e/0x910
[ 105.959866][ T9] ? __pfx_usb_unbind_interface+0x10/0x10
[ 105.965583][ T9] device_release_driver_internal+0x4d6/0x800
[ 105.971683][ T9] bus_remove_device+0x34d/0x410
[ 105.976632][ T9] device_del+0x511/0x8e0
[ 105.980964][ T9] ? __pfx_device_del+0x10/0x10
[ 105.985819][ T9] ? kobject_put+0x446/0x480
[ 105.990422][ T9] usb_disable_device+0x3e9/0x8a0
[ 105.995446][ T9] usb_disconnect+0x330/0x950
[ 106.000132][ T9] hub_event+0x1cf5/0x4a20
[ 106.004571][ T9] ? do_raw_spin_lock+0x121/0x290
[ 106.009616][ T9] ? register_lock_class+0x51/0x320
[ 106.014825][ T9] ? __pfx_hub_event+0x10/0x10
[ 106.019591][ T9] ? process_scheduled_works+0x9ef/0x17b0
[ 106.025318][ T9] ? _raw_spin_unlock_irq+0x23/0x50
[ 106.030519][ T9] ? process_scheduled_works+0x9ef/0x17b0
[ 106.036241][ T9] ? process_scheduled_works+0x9ef/0x17b0
[ 106.042165][ T9] process_scheduled_works+0xae1/0x17b0
[ 106.047721][ T9] ? __pfx_process_scheduled_works+0x10/0x10
[ 106.053723][ T9] worker_thread+0x8a0/0xda0
[ 106.058323][ T9] kthread+0x711/0x8a0
[ 106.062421][ T9] ? __pfx_worker_thread+0x10/0x10
[ 106.067552][ T9] ? __pfx_kthread+0x10/0x10
[ 106.072150][ T9] ? _raw_spin_unlock_irq+0x23/0x50
[ 106.077353][ T9] ? lockdep_hardirqs_on+0x9c/0x150
[ 106.082556][ T9] ? __pfx_kthread+0x10/0x10
[ 106.087149][ T9] ret_from_fork+0x47c/0x820
[ 106.091742][ T9] ? __pfx_ret_from_fork+0x10/0x10
[ 106.096852][ T9] ? __switch_to_asm+0x39/0x70
[ 106.101641][ T9] ? __switch_to_asm+0x33/0x70
[ 106.106407][ T9] ? __pfx_kthread+0x10/0x10
[ 106.111001][ T9] ret_from_fork_asm+0x1a/0x30
[ 106.115774][ T9]
[ 106.119131][ T9] Kernel Offset: disabled
[ 106.123534][ T9] Rebooting in 86400 seconds..