Warning: Permanently added '10.128.1.238' (ED25519) to the list of known hosts.
2025/07/09 18:27:30 ignoring optional flag "sandboxArg"="0"
2025/07/09 18:27:31 parsed 1 programs
[ 108.444833][ T30] audit: type=1400 audit(1752085653.802:115): avc: denied { unlink } for pid=6273 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 109.737378][ T6273] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 111.615587][ T30] audit: type=1400 audit(1752085656.972:116): avc: denied { mount } for pid=6285 comm="syz-executor" name="/" dev="gadgetfs" ino=7610 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[ 112.243319][ T30] audit: type=1401 audit(1752085657.602:117): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[ 113.108243][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.116161][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 113.142504][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.150349][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 113.994882][ T6334] chnl_net:caif_netlink_parms(): no params data found
[ 114.049901][ T6334] bridge0: port 1(bridge_slave_0) entered blocking state
[ 114.057395][ T6334] bridge0: port 1(bridge_slave_0) entered disabled state
[ 114.065362][ T6334] bridge_slave_0: entered allmulticast mode
[ 114.073076][ T6334] bridge_slave_0: entered promiscuous mode
[ 114.080993][ T6334] bridge0: port 2(bridge_slave_1) entered blocking state
[ 114.088123][ T6334] bridge0: port 2(bridge_slave_1) entered disabled state
[ 114.095274][ T6334] bridge_slave_1: entered allmulticast mode
[ 114.102054][ T6334] bridge_slave_1: entered promiscuous mode
[ 114.128894][ T6334] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 114.141376][ T6334] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 114.173584][ T6334] team0: Port device team_slave_0 added
[ 114.180661][ T6334] team0: Port device team_slave_1 added
[ 114.201159][ T6334] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 114.208193][ T6334] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 114.234348][ T6334] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 114.247702][ T6334] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 114.255124][ T6334] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 114.281054][ T6334] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 114.341532][ T6334] hsr_slave_0: entered promiscuous mode
[ 114.348502][ T6334] hsr_slave_1: entered promiscuous mode
[ 114.889691][ T6334] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 114.899926][ T6334] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 114.910454][ T6334] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 114.921517][ T6334] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 115.009748][ T6334] 8021q: adding VLAN 0 to HW filter on device bond0
[ 115.031609][ T6334] 8021q: adding VLAN 0 to HW filter on device team0
[ 115.048667][ T3523] bridge0: port 1(bridge_slave_0) entered blocking state
[ 115.055828][ T3523] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 115.070076][ T61] bridge0: port 2(bridge_slave_1) entered blocking state
[ 115.077229][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 115.304301][ T6334] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 115.348979][ T6334] veth0_vlan: entered promiscuous mode
[ 115.365577][ T6334] veth1_vlan: entered promiscuous mode
[ 115.396771][ T6334] veth0_macvtap: entered promiscuous mode
[ 115.408464][ T6334] veth1_macvtap: entered promiscuous mode
[ 115.429490][ T6334] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 115.446619][ T6334] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 115.459521][ T6334] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 115.470083][ T6334] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 115.481048][ T6334] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 115.491915][ T6334] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 115.670495][ T3523] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 115.737020][ T3523] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 115.797211][ T3523] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 115.926649][ T3523] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 116.078492][ T5153] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 116.089262][ T5153] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 116.099300][ T5153] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 116.107267][ T5153] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 116.116604][ T5153] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/07/09 18:27:42 executed programs: 0
[ 117.008459][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 117.022841][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 117.031032][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 117.042894][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 117.050879][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 117.269929][ T6449] chnl_net:caif_netlink_parms(): no params data found
[ 117.362352][ T6449] bridge0: port 1(bridge_slave_0) entered blocking state
[ 117.369559][ T6449] bridge0: port 1(bridge_slave_0) entered disabled state
[ 117.383155][ T6449] bridge_slave_0: entered allmulticast mode
[ 117.390574][ T6449] bridge_slave_0: entered promiscuous mode
[ 117.399332][ T6449] bridge0: port 2(bridge_slave_1) entered blocking state
[ 117.406810][ T6449] bridge0: port 2(bridge_slave_1) entered disabled state
[ 117.414523][ T6449] bridge_slave_1: entered allmulticast mode
[ 117.422389][ T6449] bridge_slave_1: entered promiscuous mode
[ 117.462137][ T6449] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 117.477778][ T6449] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 117.519385][ T6449] team0: Port device team_slave_0 added
[ 117.528209][ T6449] team0: Port device team_slave_1 added
[ 117.560781][ T6449] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 117.567835][ T6449] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 117.594313][ T6449] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 117.606720][ T6449] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 117.614646][ T6449] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 117.640738][ T6449] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 117.696607][ T6449] hsr_slave_0: entered promiscuous mode
[ 117.707365][ T6449] hsr_slave_1: entered promiscuous mode
[ 117.714059][ T6449] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 117.721627][ T6449] Cannot create hsr debugfs directory
[ 118.005567][ T3523] bridge_slave_1: left allmulticast mode
[ 118.011250][ T3523] bridge_slave_1: left promiscuous mode
[ 118.018056][ T3523] bridge0: port 2(bridge_slave_1) entered disabled state
[ 118.029234][ T3523] bridge_slave_0: left allmulticast mode
[ 118.035515][ T3523] bridge_slave_0: left promiscuous mode
[ 118.042163][ T3523] bridge0: port 1(bridge_slave_0) entered disabled state
[ 118.239642][ T3523] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 118.249914][ T3523] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 118.260522][ T3523] bond0 (unregistering): Released all slaves
[ 118.339514][ T3523] hsr_slave_0: left promiscuous mode
[ 118.352045][ T3523] hsr_slave_1: left promiscuous mode
[ 118.357934][ T3523] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 118.369444][ T3523] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 118.384751][ T3523] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 118.392385][ T3523] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 118.410294][ T3523] veth1_macvtap: left promiscuous mode
[ 118.415936][ T3523] veth0_macvtap: left promiscuous mode
[ 118.422194][ T3523] veth1_vlan: left promiscuous mode
[ 118.427513][ T3523] veth0_vlan: left promiscuous mode
[ 118.828462][ T3523] team0 (unregistering): Port device team_slave_1 removed
[ 118.866066][ T3523] team0 (unregistering): Port device team_slave_0 removed
[ 119.102346][ T51] Bluetooth: hci0: command tx timeout
[ 119.423451][ T6449] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 119.435178][ T6449] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 119.451719][ T6449] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 119.470142][ T6449] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 119.691762][ T6449] 8021q: adding VLAN 0 to HW filter on device bond0
[ 119.721568][ T6449] 8021q: adding VLAN 0 to HW filter on device team0
[ 119.739384][ T36] bridge0: port 1(bridge_slave_0) entered blocking state
[ 119.746558][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 119.807876][ T1101] bridge0: port 2(bridge_slave_1) entered blocking state
[ 119.815121][ T1101] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 120.113781][ T6449] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 120.154778][ T6449] veth0_vlan: entered promiscuous mode
[ 120.169922][ T6449] veth1_vlan: entered promiscuous mode
[ 120.200798][ T6449] veth0_macvtap: entered promiscuous mode
[ 120.210497][ T6449] veth1_macvtap: entered promiscuous mode
[ 120.230561][ T6449] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 120.248372][ T6449] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 120.260023][ T6449] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 120.269138][ T6449] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 120.280859][ T6449] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 120.290021][ T6449] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 120.364183][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.376862][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.416020][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.424549][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.513490][ T30] audit: type=1400 audit(1752085665.862:118): avc: denied { read write } for pid=6559 comm="syz.0.16" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 120.547342][ T30] audit: type=1400 audit(1752085665.862:119): avc: denied { open } for pid=6559 comm="syz.0.16" path="/dev/raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 120.571026][ T30] audit: type=1400 audit(1752085665.862:120): avc: denied { ioctl } for pid=6559 comm="syz.0.16" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 120.782503][ T3087] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 120.952766][ T3087] usb 1-1: Using ep0 maxpacket: 16
[ 120.965042][ T3087] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 120.976899][ T3087] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 120.990563][ T3087] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 121.005170][ T3087] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 121.018356][ T3087] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 121.044210][ T3087] usb 1-1: config 0 descriptor??
[ 121.182432][ T51] Bluetooth: hci0: command tx timeout
[ 121.463617][ T30] audit: type=1400 audit(1752085666.812:121): avc: denied { read } for pid=6559 comm="syz.0.16" name="usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 121.490279][ T3087] usbhid 1-1:0.0: Report descriptor:
[ 121.498558][ T3087] * 96 01 00 06 01 00 03 00 00 00 00 2a 90 a0 27 00
[ 121.499750][ T30] audit: type=1400 audit(1752085666.812:122): avc: denied { open } for pid=6559 comm="syz.0.16" path="/dev/usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 121.506253][ T3087] * 00 00 00 b3 81 3e 25 03 1b dd e8 40 50 3b 5d 8c
[ 121.538501][ T3087] * 3d da
[ 121.551850][ T3087] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[ 121.560287][ T3087] microsoft 0003:045E:07DA.0001: ignoring exceeding usage max
[ 121.571864][ T3087] ==================================================================
[ 121.579939][ T3087] BUG: KASAN: slab-out-of-bounds in mon_copy_to_buff+0xc2/0x170
[ 121.587590][ T3087] Read of size 3904 at addr ffff88802a9b20a1 by task kworker/1:2/3087
[ 121.595742][ T3087]
[ 121.598084][ T3087] CPU: 1 UID: 0 PID: 3087 Comm: kworker/1:2 Not tainted 6.16.0-rc5-syzkaller-dirty #0 PREEMPT(full)
[ 121.598110][ T3087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 121.598126][ T3087] Workqueue: usb_hub_wq hub_event
[ 121.598153][ T3087] Call Trace:
[ 121.598160][ T3087]
[ 121.598171][ T3087] dump_stack_lvl+0x116/0x1f0
[ 121.598201][ T3087] print_report+0xcd/0x680
[ 121.598227][ T3087] ? __virt_addr_valid+0x81/0x610
[ 121.598249][ T3087] ? __phys_addr+0xe8/0x180
[ 121.598271][ T3087] ? mon_copy_to_buff+0xc2/0x170
[ 121.598297][ T3087] kasan_report+0xe0/0x110
[ 121.598323][ T3087] ? mon_copy_to_buff+0xc2/0x170
[ 121.598353][ T3087] kasan_check_range+0x100/0x1b0
[ 121.598372][ T3087] __asan_memcpy+0x23/0x60
[ 121.598393][ T3087] mon_copy_to_buff+0xc2/0x170
[ 121.598422][ T3087] mon_bin_event+0x1071/0x2050
[ 121.598456][ T3087] ? __pfx_mon_bin_event+0x10/0x10
[ 121.598488][ T3087] mon_bus_submit+0xcf/0x140
[ 121.598513][ T3087] usb_hcd_submit_urb+0x12d/0x1c60
[ 121.598538][ T3087] ? __device_attach+0x1e4/0x4b0
[ 121.598563][ T3087] ? bus_probe_device+0x17f/0x1c0
[ 121.598583][ T3087] ? device_add+0x1148/0x1a70
[ 121.598599][ T3087] ? usb_set_configuration+0x1187/0x1e20
[ 121.598619][ T3087] ? usb_generic_driver_probe+0xb1/0x110
[ 121.598640][ T3087] usb_submit_urb+0x87c/0x1790
[ 121.598664][ T3087] ? __pfx_lockdep_init_map_type+0x1/0x10
[ 121.598683][ T3087] ? __init_swait_queue_head+0xca/0x150
[ 121.598707][ T3087] usb_start_wait_urb+0x104/0x4b0
[ 121.598726][ T3087] ? __pfx_usb_start_wait_urb+0x10/0x10
[ 121.598749][ T3087] ? __asan_memset+0x23/0x50
[ 121.598772][ T3087] usb_control_msg+0x326/0x4a0
[ 121.598790][ T3087] ? __pfx_usb_control_msg+0x10/0x10
[ 121.598812][ T3087] usbhid_raw_request+0x58f/0x700
[ 121.598842][ T3087] ? __pfx_usbhid_raw_request+0x10/0x10
[ 121.598870][ T3087] __hid_request+0x296/0x3c0
[ 121.598894][ T3087] hidinput_connect+0x1ada/0x2bd0
[ 121.598927][ T3087] hid_connect+0x13f3/0x1a60
[ 121.598948][ T3087] ? trace_kmalloc+0x2b/0xd0
[ 121.598975][ T3087] ? __kmalloc_noprof+0x242/0x510
[ 121.598998][ T3087] ? __asan_memset+0x23/0x50
[ 121.599020][ T3087] ? __pfx_hid_connect+0x10/0x10
[ 121.599048][ T3087] hid_hw_start+0xaa/0x140
[ 121.599069][ T3087] ms_probe+0x195/0x500
[ 121.599087][ T3087] ? __pfx_ms_probe+0x10/0x10
[ 121.599103][ T3087] hid_device_probe+0x360/0x720
[ 121.599126][ T3087] ? __pfx_hid_device_probe+0x10/0x10
[ 121.599148][ T3087] really_probe+0x23e/0xa90
[ 121.599174][ T3087] __driver_probe_device+0x1de/0x440
[ 121.599200][ T3087] driver_probe_device+0x4c/0x1b0
[ 121.599225][ T3087] __device_attach_driver+0x1df/0x310
[ 121.599252][ T3087] ? __pfx___device_attach_driver+0x10/0x10
[ 121.599277][ T3087] bus_for_each_drv+0x156/0x1e0
[ 121.599298][ T3087] ? __pfx_bus_for_each_drv+0x10/0x10
[ 121.599319][ T3087] ? lockdep_hardirqs_on+0x7c/0x110
[ 121.599343][ T3087] ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 121.599368][ T3087] __device_attach+0x1e4/0x4b0
[ 121.599393][ T3087] ? __pfx___device_attach+0x10/0x10
[ 121.599419][ T3087] ? do_raw_spin_unlock+0x172/0x230
[ 121.599442][ T3087] bus_probe_device+0x17f/0x1c0
[ 121.599466][ T3087] device_add+0x1148/0x1a70
[ 121.599484][ T3087] ? __pfx_device_add+0x10/0x10
[ 121.599502][ T3087] ? debugfs_create_file_full+0x41/0x60
[ 121.599531][ T3087] hid_add_device+0x373/0xa60
[ 121.599552][ T3087] ? __pfx_hid_add_device+0x10/0x10
[ 121.599571][ T3087] ? lockdep_init_map_type+0x5c/0x280
[ 121.599590][ T3087] ? lockdep_init_map_type+0x5c/0x280
[ 121.599609][ T3087] usbhid_probe+0xd38/0x13f0
[ 121.599639][ T3087] usb_probe_interface+0x303/0x9c0
[ 121.599670][ T3087] ? __pfx_usb_probe_interface+0x10/0x10
[ 121.599695][ T3087] really_probe+0x23e/0xa90
[ 121.599721][ T3087] __driver_probe_device+0x1de/0x440
[ 121.599746][ T3087] driver_probe_device+0x4c/0x1b0
[ 121.599772][ T3087] __device_attach_driver+0x1df/0x310
[ 121.599798][ T3087] ? __pfx___device_attach_driver+0x10/0x10
[ 121.599823][ T3087] bus_for_each_drv+0x156/0x1e0
[ 121.599844][ T3087] ? __pfx_bus_for_each_drv+0x10/0x10
[ 121.599865][ T3087] ? lockdep_hardirqs_on+0x7c/0x110
[ 121.599888][ T3087] ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 121.599913][ T3087] __device_attach+0x1e4/0x4b0
[ 121.599938][ T3087] ? __pfx___device_attach+0x10/0x10
[ 121.599963][ T3087] ? do_raw_spin_unlock+0x172/0x230
[ 121.599986][ T3087] bus_probe_device+0x17f/0x1c0
[ 121.600010][ T3087] device_add+0x1148/0x1a70
[ 121.600028][ T3087] ? __pfx_device_add+0x10/0x10
[ 121.600045][ T3087] ? mark_held_locks+0x49/0x80
[ 121.600077][ T3087] usb_set_configuration+0x1187/0x1e20
[ 121.600107][ T3087] ? __pfx_usb_generic_driver_probe+0x10/0x10
[ 121.600125][ T3087] usb_generic_driver_probe+0xb1/0x110
[ 121.600144][ T3087] usb_probe_device+0xef/0x3e0
[ 121.600165][ T3087] ? __pfx_usb_probe_device+0x10/0x10
[ 121.600187][ T3087] really_probe+0x23e/0xa90
[ 121.600213][ T3087] __driver_probe_device+0x1de/0x440
[ 121.600237][ T3087] ? usb_driver_applicable+0x1c7/0x220
[ 121.600262][ T3087] driver_probe_device+0x4c/0x1b0
[ 121.600287][ T3087] __device_attach_driver+0x1df/0x310
[ 121.600313][ T3087] ? __pfx___device_attach_driver+0x10/0x10
[ 121.600338][ T3087] bus_for_each_drv+0x156/0x1e0
[ 121.600359][ T3087] ? __pfx_bus_for_each_drv+0x10/0x10
[ 121.600380][ T3087] ? lockdep_hardirqs_on+0x7c/0x110
[ 121.600403][ T3087] ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 121.600428][ T3087] __device_attach+0x1e4/0x4b0
[ 121.600453][ T3087] ? __pfx___device_attach+0x10/0x10
[ 121.600479][ T3087] ? do_raw_spin_unlock+0x172/0x230
[ 121.600502][ T3087] bus_probe_device+0x17f/0x1c0
[ 121.600525][ T3087] device_add+0x1148/0x1a70
[ 121.600544][ T3087] ? __pfx_device_add+0x10/0x10
[ 121.600559][ T3087] ? usb_detect_static_quirks+0x335/0x3e0
[ 121.600574][ T3087] ? __usb_get_extra_descriptor+0x158/0x1c0
[ 121.600598][ T3087] usb_new_device+0xd07/0x1a20
[ 121.600621][ T3087] ? do_raw_spin_lock+0x12c/0x2b0
[ 121.600641][ T3087] ? __pfx_usb_new_device+0x10/0x10
[ 121.600667][ T3087] ? mark_held_locks+0x49/0x80
[ 121.600695][ T3087] hub_event+0x2eb7/0x4fa0
[ 121.600726][ T3087] ? __pfx_hub_event+0x10/0x10
[ 121.600746][ T3087] ? ioread32_rep+0xe0/0x100
[ 121.600775][ T3087] ? rcu_is_watching+0x12/0xc0
[ 121.600800][ T3087] process_one_work+0x9cf/0x1b70
[ 121.600825][ T3087] ? __pfx_hcd_resume_work+0x10/0x10
[ 121.600848][ T3087] ? __pfx_process_one_work+0x10/0x10
[ 121.600871][ T3087] ? assign_work+0x1a0/0x250
[ 121.600891][ T3087] worker_thread+0x6c8/0xf10
[ 121.600915][ T3087] ? __kthread_parkme+0x19e/0x250
[ 121.600941][ T3087] ? __pfx_worker_thread+0x10/0x10
[ 121.600961][ T3087] kthread+0x3c5/0x780
[ 121.600979][ T3087] ? __pfx_kthread+0x10/0x10
[ 121.600998][ T3087] ? rcu_is_watching+0x12/0xc0
[ 121.601021][ T3087] ? __pfx_kthread+0x10/0x10
[ 121.601039][ T3087] ret_from_fork+0x5d4/0x6f0
[ 121.601066][ T3087] ? __pfx_kthread+0x10/0x10
[ 121.601084][ T3087] ret_from_fork_asm+0x1a/0x30
[ 121.601111][ T3087]
[ 121.601118][ T3087]
[ 122.263437][ T3087] Allocated by task 3087:
[ 122.267758][ T3087] kasan_save_stack+0x33/0x60
[ 122.272443][ T3087] kasan_save_track+0x14/0x30
[ 122.277124][ T3087] __kasan_kmalloc+0xaa/0xb0
[ 122.281721][ T3087] __kmalloc_noprof+0x223/0x510
[ 122.286578][ T3087] __hid_request+0x2c/0x3c0
[ 122.291088][ T3087] hidinput_connect+0x1ada/0x2bd0
[ 122.296121][ T3087] hid_connect+0x13f3/0x1a60
[ 122.300713][ T3087] hid_hw_start+0xaa/0x140
[ 122.305135][ T3087] ms_probe+0x195/0x500
[ 122.309292][ T3087] hid_device_probe+0x360/0x720
[ 122.314145][ T3087] really_probe+0x23e/0xa90
[ 122.318655][ T3087] __driver_probe_device+0x1de/0x440
[ 122.323948][ T3087] driver_probe_device+0x4c/0x1b0
[ 122.328978][ T3087] __device_attach_driver+0x1df/0x310
[ 122.334356][ T3087] bus_for_each_drv+0x156/0x1e0
[ 122.339211][ T3087] __device_attach+0x1e4/0x4b0
[ 122.343984][ T3087] bus_probe_device+0x17f/0x1c0
[ 122.348836][ T3087] device_add+0x1148/0x1a70
[ 122.353335][ T3087] hid_add_device+0x373/0xa60
[ 122.358015][ T3087] usbhid_probe+0xd38/0x13f0
[ 122.362615][ T3087] usb_probe_interface+0x303/0x9c0
[ 122.367737][ T3087] really_probe+0x23e/0xa90
[ 122.372263][ T3087] __driver_probe_device+0x1de/0x440
[ 122.377554][ T3087] driver_probe_device+0x4c/0x1b0
[ 122.382595][ T3087] __device_attach_driver+0x1df/0x310
[ 122.387979][ T3087] bus_for_each_drv+0x156/0x1e0
[ 122.392839][ T3087] __device_attach+0x1e4/0x4b0
[ 122.397609][ T3087] bus_probe_device+0x17f/0x1c0
[ 122.402460][ T3087] device_add+0x1148/0x1a70
[ 122.406960][ T3087] usb_set_configuration+0x1187/0x1e20
[ 122.412425][ T3087] usb_generic_driver_probe+0xb1/0x110
[ 122.417879][ T3087] usb_probe_device+0xef/0x3e0
[ 122.422646][ T3087] really_probe+0x23e/0xa90
[ 122.427153][ T3087] __driver_probe_device+0x1de/0x440
[ 122.432445][ T3087] driver_probe_device+0x4c/0x1b0
[ 122.437477][ T3087] __device_attach_driver+0x1df/0x310
[ 122.442854][ T3087] bus_for_each_drv+0x156/0x1e0
[ 122.447705][ T3087] __device_attach+0x1e4/0x4b0
[ 122.452471][ T3087] bus_probe_device+0x17f/0x1c0
[ 122.457323][ T3087] device_add+0x1148/0x1a70
[ 122.461823][ T3087] usb_new_device+0xd07/0x1a20
[ 122.466591][ T3087] hub_event+0x2eb7/0x4fa0
[ 122.471009][ T3087] process_one_work+0x9cf/0x1b70
[ 122.475951][ T3087] worker_thread+0x6c8/0xf10
[ 122.480543][ T3087] kthread+0x3c5/0x780
[ 122.484618][ T3087] ret_from_fork+0x5d4/0x6f0
[ 122.489210][ T3087] ret_from_fork_asm+0x1a/0x30
[ 122.493976][ T3087]
[ 122.496295][ T3087] The buggy address belongs to the object at ffff88802a9b20a0
[ 122.496295][ T3087] which belongs to the cache kmalloc-8 of size 8
[ 122.509999][ T3087] The buggy address is located 1 bytes inside of
[ 122.509999][ T3087] allocated 7-byte region [ffff88802a9b20a0, ffff88802a9b20a7)
[ 122.523801][ T3087]
[ 122.526129][ T3087] The buggy address belongs to the physical page:
[ 122.532531][ T3087] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2a9b2
[ 122.541307][ T3087] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 122.548426][ T3087] page_type: f5(slab)
[ 122.552406][ T3087] raw: 00fff00000000000 ffff88801b841500 dead000000000100 dead000000000122
[ 122.560991][ T3087] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[ 122.569571][ T3087] page dumped because: kasan: bad access detected
[ 122.575985][ T3087] page_owner tracks the page as allocated
[ 122.581692][ T3087] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 10064691813, free_ts 9935982490
[ 122.600116][ T3087] post_alloc_hook+0x1c0/0x230
[ 122.604896][ T3087] get_page_from_freelist+0x1321/0x3890
[ 122.610453][ T3087] __alloc_frozen_pages_noprof+0x261/0x23f0
[ 122.616365][ T3087] alloc_pages_mpol+0x1fb/0x550
[ 122.621226][ T3087] new_slab+0x23b/0x330
[ 122.625380][ T3087] ___slab_alloc+0xd9c/0x1940
[ 122.630058][ T3087] __slab_alloc.constprop.0+0x56/0xb0
[ 122.635430][ T3087] __kmalloc_cache_noprof+0xfb/0x3e0
[ 122.640723][ T3087] usb_get_bos_descriptor+0x62/0xbb0
[ 122.646025][ T3087] register_root_hub+0x332/0x730
[ 122.650973][ T3087] usb_add_hcd+0xaf2/0x1730
[ 122.655485][ T3087] vhci_hcd_probe+0x1c2/0x490
[ 122.660167][ T3087] platform_probe+0x102/0x1f0
[ 122.664846][ T3087] really_probe+0x23e/0xa90
[ 122.669354][ T3087] __driver_probe_device+0x1de/0x440
[ 122.674649][ T3087] driver_probe_device+0x4c/0x1b0
[ 122.679683][ T3087] page last free pid 1206 tgid 1206 stack trace:
[ 122.686005][ T3087] __free_frozen_pages+0x7fe/0x1180
[ 122.691208][ T3087] vfree+0x1fd/0xb50
[ 122.695101][ T3087] delayed_vfree_work+0x56/0x70
[ 122.699954][ T3087] process_one_work+0x9cf/0x1b70
[ 122.704894][ T3087] worker_thread+0x6c8/0xf10
[ 122.709490][ T3087] kthread+0x3c5/0x780
[ 122.713557][ T3087] ret_from_fork+0x5d4/0x6f0
[ 122.718157][ T3087] ret_from_fork_asm+0x1a/0x30
[ 122.722924][ T3087]
[ 122.725243][ T3087] Memory state around the buggy address:
[ 122.730864][ T3087] ffff88802a9b1f80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 122.738924][ T3087] ffff88802a9b2000: 00 fc fc fc 00 fc fc fc 00 fc fc fc 00 fc fc fc
[ 122.746986][ T3087] >ffff88802a9b2080: 00 fc fc fc 07 fc fc fc 06 fc fc fc 00 fc fc fc
[ 122.755046][ T3087] ^
[ 122.760151][ T3087] ffff88802a9b2100: fa fc fc fc 00 fc fc fc 06 fc fc fc 06 fc fc fc
[ 122.768212][ T3087] ffff88802a9b2180: 06 fc fc fc 00 fc fc fc 00 fc fc fc 00 fc fc fc
[ 122.776268][ T3087] ==================================================================
[ 122.784340][ T3087] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 122.791617][ T3087] CPU: 1 UID: 0 PID: 3087 Comm: kworker/1:2 Not tainted 6.16.0-rc5-syzkaller-dirty #0 PREEMPT(full)
[ 122.802464][ T3087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 122.812521][ T3087] Workqueue: usb_hub_wq hub_event
[ 122.817554][ T3087] Call Trace:
[ 122.820829][ T3087]
[ 122.823765][ T3087] dump_stack_lvl+0x3d/0x1f0
[ 122.828369][ T3087] panic+0x71c/0x800
[ 122.832279][ T3087] ? __pfx_panic+0x10/0x10
[ 122.836715][ T3087] ? __pfx__printk+0x10/0x10
[ 122.841316][ T3087] ? end_report+0x4c/0x170
[ 122.845743][ T3087] ? check_panic_on_warn+0x1f/0xb0
[ 122.850877][ T3087] ? mon_copy_to_buff+0xc2/0x170
[ 122.855833][ T3087] check_panic_on_warn+0xab/0xb0
[ 122.860785][ T3087] end_report+0x107/0x170
[ 122.865127][ T3087] kasan_report+0xee/0x110
[ 122.869567][ T3087] ? mon_copy_to_buff+0xc2/0x170
[ 122.874520][ T3087] kasan_check_range+0x100/0x1b0
[ 122.879456][ T3087] __asan_memcpy+0x23/0x60
[ 122.883874][ T3087] mon_copy_to_buff+0xc2/0x170
[ 122.888654][ T3087] mon_bin_event+0x1071/0x2050
[ 122.893432][ T3087] ? __pfx_mon_bin_event+0x10/0x10
[ 122.898561][ T3087] mon_bus_submit+0xcf/0x140
[ 122.903161][ T3087] usb_hcd_submit_urb+0x12d/0x1c60
[ 122.908282][ T3087] ? __device_attach+0x1e4/0x4b0
[ 122.913236][ T3087] ? bus_probe_device+0x17f/0x1c0
[ 122.918266][ T3087] ? device_add+0x1148/0x1a70
[ 122.922948][ T3087] ? usb_set_configuration+0x1187/0x1e20
[ 122.928590][ T3087] ? usb_generic_driver_probe+0xb1/0x110
[ 122.934226][ T3087] usb_submit_urb+0x87c/0x1790
[ 122.938993][ T3087] ? __pfx_lockdep_init_map_type+0x1/0x10
[ 122.944718][ T3087] ? __init_swait_queue_head+0xca/0x150
[ 122.950269][ T3087] usb_start_wait_urb+0x104/0x4b0
[ 122.955308][ T3087] ? __pfx_usb_start_wait_urb+0x10/0x10
[ 122.960863][ T3087] ? __asan_memset+0x23/0x50
[ 122.965461][ T3087] usb_control_msg+0x326/0x4a0
[ 122.970226][ T3087] ? __pfx_usb_control_msg+0x10/0x10
[ 122.975518][ T3087] usbhid_raw_request+0x58f/0x700
[ 122.980561][ T3087] ? __pfx_usbhid_raw_request+0x10/0x10
[ 122.986119][ T3087] __hid_request+0x296/0x3c0
[ 122.990719][ T3087] hidinput_connect+0x1ada/0x2bd0
[ 122.995762][ T3087] hid_connect+0x13f3/0x1a60
[ 123.000358][ T3087] ? trace_kmalloc+0x2b/0xd0
[ 123.004957][ T3087] ? __kmalloc_noprof+0x242/0x510
[ 123.009992][ T3087] ? __asan_memset+0x23/0x50
[ 123.014591][ T3087] ? __pfx_hid_connect+0x10/0x10
[ 123.019547][ T3087] hid_hw_start+0xaa/0x140
[ 123.023971][ T3087] ms_probe+0x195/0x500
[ 123.028128][ T3087] ? __pfx_ms_probe+0x10/0x10
[ 123.032808][ T3087] hid_device_probe+0x360/0x720
[ 123.037666][ T3087] ? __pfx_hid_device_probe+0x10/0x10
[ 123.043045][ T3087] really_probe+0x23e/0xa90
[ 123.047561][ T3087] __driver_probe_device+0x1de/0x440
[ 123.052854][ T3087] driver_probe_device+0x4c/0x1b0
[ 123.057889][ T3087] __device_attach_driver+0x1df/0x310
[ 123.063271][ T3087] ? __pfx___device_attach_driver+0x10/0x10
[ 123.069181][ T3087] bus_for_each_drv+0x156/0x1e0
[ 123.074038][ T3087] ? __pfx_bus_for_each_drv+0x10/0x10
[ 123.079416][ T3087] ? lockdep_hardirqs_on+0x7c/0x110
[ 123.084638][ T3087] ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 123.090458][ T3087] __device_attach+0x1e4/0x4b0
[ 123.095237][ T3087] ? __pfx___device_attach+0x10/0x10
[ 123.100546][ T3087] ? do_raw_spin_unlock+0x172/0x230
[ 123.105754][ T3087] bus_probe_device+0x17f/0x1c0
[ 123.110617][ T3087] device_add+0x1148/0x1a70
[ 123.115127][ T3087] ? __pfx_device_add+0x10/0x10
[ 123.119983][ T3087] ? debugfs_create_file_full+0x41/0x60
[ 123.125545][ T3087] hid_add_device+0x373/0xa60
[ 123.130232][ T3087] ? __pfx_hid_add_device+0x10/0x10
[ 123.135436][ T3087] ? lockdep_init_map_type+0x5c/0x280
[ 123.140813][ T3087] ? lockdep_init_map_type+0x5c/0x280
[ 123.146191][ T3087] usbhid_probe+0xd38/0x13f0
[ 123.150799][ T3087] usb_probe_interface+0x303/0x9c0
[ 123.155923][ T3087] ? __pfx_usb_probe_interface+0x10/0x10
[ 123.161564][ T3087] really_probe+0x23e/0xa90
[ 123.166077][ T3087] __driver_probe_device+0x1de/0x440
[ 123.171373][ T3087] driver_probe_device+0x4c/0x1b0
[ 123.176407][ T3087] __device_attach_driver+0x1df/0x310
[ 123.181789][ T3087] ? __pfx___device_attach_driver+0x10/0x10
[ 123.187690][ T3087] bus_for_each_drv+0x156/0x1e0
[ 123.192546][ T3087] ? __pfx_bus_for_each_drv+0x10/0x10
[ 123.197921][ T3087] ? lockdep_hardirqs_on+0x7c/0x110
[ 123.203130][ T3087] ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 123.208944][ T3087] __device_attach+0x1e4/0x4b0
[ 123.213719][ T3087] ? __pfx___device_attach+0x10/0x10
[ 123.219018][ T3087] ? do_raw_spin_unlock+0x172/0x230
[ 123.224228][ T3087] bus_probe_device+0x17f/0x1c0
[ 123.229095][ T3087] device_add+0x1148/0x1a70
[ 123.233602][ T3087] ? __pfx_device_add+0x10/0x10
[ 123.238462][ T3087] ? mark_held_locks+0x49/0x80
[ 123.243247][ T3087] usb_set_configuration+0x1187/0x1e20
[ 123.248732][ T3087] ? __pfx_usb_generic_driver_probe+0x10/0x10
[ 123.254810][ T3087] usb_generic_driver_probe+0xb1/0x110
[ 123.260272][ T3087] usb_probe_device+0xef/0x3e0
[ 123.265046][ T3087] ? __pfx_usb_probe_device+0x10/0x10
[ 123.270425][ T3087] really_probe+0x23e/0xa90
[ 123.274939][ T3087] __driver_probe_device+0x1de/0x440
[ 123.280232][ T3087] ? usb_driver_applicable+0x1c7/0x220
[ 123.285701][ T3087] driver_probe_device+0x4c/0x1b0
[ 123.290734][ T3087] __device_attach_driver+0x1df/0x310
[ 123.296116][ T3087] ? __pfx___device_attach_driver+0x10/0x10
[ 123.302018][ T3087] bus_for_each_drv+0x156/0x1e0
[ 123.306964][ T3087] ? __pfx_bus_for_each_drv+0x10/0x10
[ 123.312341][ T3087] ? lockdep_hardirqs_on+0x7c/0x110
[ 123.317547][ T3087] ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 123.323362][ T3087] __device_attach+0x1e4/0x4b0
[ 123.328135][ T3087] ? __pfx___device_attach+0x10/0x10
[ 123.333426][ T3087] ? do_raw_spin_unlock+0x172/0x230
[ 123.338631][ T3087] bus_probe_device+0x17f/0x1c0
[ 123.343490][ T3087] device_add+0x1148/0x1a70
[ 123.347993][ T3087] ? __pfx_device_add+0x10/0x10
[ 123.352842][ T3087] ? usb_detect_static_quirks+0x335/0x3e0
[ 123.358567][ T3087] ? __usb_get_extra_descriptor+0x158/0x1c0
[ 123.364469][ T3087] usb_new_device+0xd07/0x1a20
[ 123.369243][ T3087] ? do_raw_spin_lock+0x12c/0x2b0
[ 123.374280][ T3087] ? __pfx_usb_new_device+0x10/0x10
[ 123.379491][ T3087] ? mark_held_locks+0x49/0x80
[ 123.384271][ T3087] hub_event+0x2eb7/0x4fa0
[ 123.388709][ T3087] ? __pfx_hub_event+0x10/0x10
[ 123.393477][ T3087] ? ioread32_rep+0xe0/0x100
[ 123.398081][ T3087] ? rcu_is_watching+0x12/0xc0
[ 123.402856][ T3087] process_one_work+0x9cf/0x1b70
[ 123.407798][ T3087] ? __pfx_hcd_resume_work+0x10/0x10
[ 123.413090][ T3087] ? __pfx_process_one_work+0x10/0x10
[ 123.418468][ T3087] ? assign_work+0x1a0/0x250
[ 123.423061][ T3087] worker_thread+0x6c8/0xf10
[ 123.427660][ T3087] ? __kthread_parkme+0x19e/0x250
[ 123.432695][ T3087] ? __pfx_worker_thread+0x10/0x10
[ 123.437805][ T3087] kthread+0x3c5/0x780
[ 123.441879][ T3087] ? __pfx_kthread+0x10/0x10
[ 123.446474][ T3087] ? rcu_is_watching+0x12/0xc0
[ 123.451250][ T3087] ? __pfx_kthread+0x10/0x10
[ 123.455856][ T3087] ret_from_fork+0x5d4/0x6f0
[ 123.460456][ T3087] ? __pfx_kthread+0x10/0x10
[ 123.465048][ T3087] ret_from_fork_asm+0x1a/0x30
[ 123.469822][ T3087]
[ 123.473040][ T3087] Kernel Offset: disabled
[ 123.477345][ T3087] Rebooting in 86400 seconds..