Warning: Permanently added '10.128.0.199' (ED25519) to the list of known hosts.
2026/03/12 11:43:14 parsed 1 programs
Setting up swapspace version 1, size = 127995904 bytes
[ 125.359333][ T6269] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 129.035458][ T5115] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 129.037527][ T5115] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 129.038257][ T5115] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 129.042695][ T5115] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 129.043342][ T5115] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 130.826613][ T6322] chnl_net:caif_netlink_parms(): no params data found
[ 130.911548][ T6322] bridge0: port 1(bridge_slave_0) entered blocking state
[ 130.911667][ T6322] bridge0: port 1(bridge_slave_0) entered disabled state
[ 130.911754][ T6322] bridge_slave_0: entered allmulticast mode
[ 130.913076][ T6322] bridge_slave_0: entered promiscuous mode
[ 130.917401][ T6322] bridge0: port 2(bridge_slave_1) entered blocking state
[ 130.917516][ T6322] bridge0: port 2(bridge_slave_1) entered disabled state
[ 130.917601][ T6322] bridge_slave_1: entered allmulticast mode
[ 130.919964][ T6322] bridge_slave_1: entered promiscuous mode
[ 130.957594][ T6322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 130.961628][ T6322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 130.995712][ T6322] team0: Port device team_slave_0 added
[ 130.997668][ T6322] team0: Port device team_slave_1 added
[ 131.033162][ T6322] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 131.033177][ T6322] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 131.033197][ T6322] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 131.034455][ T6322] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 131.034467][ T6322] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 131.034485][ T6322] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 131.100970][ T6322] hsr_slave_0: entered promiscuous mode
[ 131.102095][ T6322] hsr_slave_1: entered promiscuous mode
[ 132.725455][ T6322] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 132.763683][ T6322] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 132.817882][ T6322] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 132.823771][ T1318] ieee802154 phy0 wpan0: encryption failed: -22
[ 132.823851][ T1318] ieee802154 phy1 wpan1: encryption failed: -22
[ 132.866505][ T6322] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 133.011166][ T6322] 8021q: adding VLAN 0 to HW filter on device bond0
[ 133.035533][ T6322] 8021q: adding VLAN 0 to HW filter on device team0
[ 133.048554][ T1118] bridge0: port 1(bridge_slave_0) entered blocking state
[ 133.048625][ T1118] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 133.080186][ T1118] bridge0: port 2(bridge_slave_1) entered blocking state
[ 133.080259][ T1118] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 133.358602][ T6322] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 133.422501][ T6322] veth0_vlan: entered promiscuous mode
[ 133.439024][ T6322] veth1_vlan: entered promiscuous mode
[ 133.483779][ T6322] veth0_macvtap: entered promiscuous mode
[ 133.495644][ T6322] veth1_macvtap: entered promiscuous mode
[ 133.517735][ T6322] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 133.531666][ T6322] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 133.560273][ T1173] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 133.560530][ T1173] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 133.561809][ T1173] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 133.562597][ T1173] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 134.474624][ T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 134.742251][ T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 135.023603][ T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 136.033232][ T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 136.960696][ T3012] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 136.960715][ T3012] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 136.993712][ T13] bridge_slave_1: left allmulticast mode
[ 136.993738][ T13] bridge_slave_1: left promiscuous mode
[ 136.993992][ T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 137.070360][ T13] bridge_slave_0: left allmulticast mode
[ 137.070386][ T13] bridge_slave_0: left promiscuous mode
[ 137.071896][ T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 137.909531][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 137.969325][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 138.011818][ T13] bond0 (unregistering): Released all slaves
[ 138.048056][ T1118] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 138.048076][ T1118] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 138.351201][ T13] hsr_slave_0: left promiscuous mode
[ 138.388915][ T13] hsr_slave_1: left promiscuous mode
[ 138.389858][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 138.389881][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 138.449739][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 138.449765][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 138.541009][ T13] veth1_macvtap: left promiscuous mode
[ 138.541077][ T13] veth0_macvtap: left promiscuous mode
[ 138.541213][ T13] veth1_vlan: left promiscuous mode
[ 138.541302][ T13] veth0_vlan: left promiscuous mode
[ 139.200301][ T13] team0 (unregistering): Port device team_slave_1 removed
[ 139.239447][ T13] team0 (unregistering): Port device team_slave_0 removed
2026/03/12 11:43:33 executed programs: 0
[ 140.157574][ T5115] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 140.165167][ T5115] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 140.175935][ T5115] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 140.183214][ T5115] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 140.184081][ T5115] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 140.551237][ T6567] chnl_net:caif_netlink_parms(): no params data found
[ 140.994750][ T6567] bridge0: port 1(bridge_slave_0) entered blocking state
[ 140.994936][ T6567] bridge0: port 1(bridge_slave_0) entered disabled state
[ 140.995099][ T6567] bridge_slave_0: entered allmulticast mode
[ 140.998103][ T6567] bridge_slave_0: entered promiscuous mode
[ 141.032675][ T6567] bridge0: port 2(bridge_slave_1) entered blocking state
[ 141.032863][ T6567] bridge0: port 2(bridge_slave_1) entered disabled state
[ 141.032991][ T6567] bridge_slave_1: entered allmulticast mode
[ 141.034276][ T6567] bridge_slave_1: entered promiscuous mode
[ 141.095490][ T6567] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 141.101155][ T6567] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 141.147796][ T6567] team0: Port device team_slave_0 added
[ 141.151467][ T6567] team0: Port device team_slave_1 added
[ 141.209436][ T6567] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 141.209452][ T6567] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 141.209475][ T6567] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 141.211575][ T6567] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 141.211587][ T6567] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 141.211609][ T6567] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 141.279283][ T6567] hsr_slave_0: entered promiscuous mode
[ 141.280414][ T6567] hsr_slave_1: entered promiscuous mode
[ 142.258919][ T5115] Bluetooth: hci0: command tx timeout
[ 143.798091][ T6567] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 143.833592][ T6567] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 143.875084][ T6567] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 143.913172][ T6567] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 144.077932][ T6567] 8021q: adding VLAN 0 to HW filter on device bond0
[ 144.104195][ T6567] 8021q: adding VLAN 0 to HW filter on device team0
[ 144.117394][ T1118] bridge0: port 1(bridge_slave_0) entered blocking state
[ 144.117612][ T1118] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 144.147381][ T147] bridge0: port 2(bridge_slave_1) entered blocking state
[ 144.147500][ T147] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 144.341590][ T5115] Bluetooth: hci0: command tx timeout
[ 144.432615][ T6567] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 144.507501][ T6567] veth0_vlan: entered promiscuous mode
[ 144.526480][ T6567] veth1_vlan: entered promiscuous mode
[ 144.568160][ T6567] veth0_macvtap: entered promiscuous mode
[ 144.577593][ T6567] veth1_macvtap: entered promiscuous mode
[ 144.593326][ T6567] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 144.599876][ T6567] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 144.614882][ T1118] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 144.616521][ T1118] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 144.616559][ T1118] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 144.616591][ T1118] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 144.805402][ T147] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 144.805421][ T147] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 144.841618][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 144.841637][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 145.229977][ T5847] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 145.388827][ T5847] usb 1-1: Using ep0 maxpacket: 8
[ 145.395408][ T5847] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 145.395425][ T5847] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 145.395437][ T5847] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[ 145.395449][ T5847] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[ 145.395459][ T5847] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 145.395481][ T5847] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 145.395491][ T5847] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 145.626916][ T5847] usb 1-1: GET_CAPABILITIES returned 0
[ 145.626962][ T5847] usbtmc 1-1:16.0: can't read capabilities
[ 145.839607][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[ 145.851613][ T5847] usb 1-1: USB disconnect, device number 2
2026/03/12 11:43:39 executed programs: 3
[ 146.419139][ T5115] Bluetooth: hci0: command tx timeout
[ 146.618882][ T5847] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[ 146.768970][ T5847] usb 1-1: Using ep0 maxpacket: 8
[ 146.770795][ T5847] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 146.770818][ T5847] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 146.770839][ T5847] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[ 146.770860][ T5847] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[ 146.770871][ T5847] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 146.770892][ T5847] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 146.770902][ T5847] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 146.978275][ T5847] usb 1-1: GET_CAPABILITIES returned 0
[ 146.978506][ T5847] usbtmc 1-1:16.0: can't read capabilities
[ 147.193488][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[ 147.195771][ T5847] usb 1-1: USB disconnect, device number 3
[ 147.958875][ T9] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[ 148.108831][ T9] usb 1-1: Using ep0 maxpacket: 8
[ 148.110500][ T9] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 148.110523][ T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 148.110544][ T9] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[ 148.110560][ T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[ 148.110570][ T9] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 148.110591][ T9] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 148.110601][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 148.318532][ T9] usb 1-1: GET_CAPABILITIES returned 0
[ 148.318560][ T9] usbtmc 1-1:16.0: can't read capabilities
[ 148.498853][ T5115] Bluetooth: hci0: command tx timeout
[ 148.519687][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[ 148.526680][ T9] usb 1-1: USB disconnect, device number 4
[ 149.288880][ T809] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[ 149.438815][ T809] usb 1-1: Using ep0 maxpacket: 8
[ 149.440747][ T809] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 149.440791][ T809] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 149.440809][ T809] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[ 149.440821][ T809] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[ 149.440831][ T809] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 149.440854][ T809] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 149.440864][ T809] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 149.651333][ T809] usb 1-1: GET_CAPABILITIES returned 0
[ 149.651361][ T809] usbtmc 1-1:16.0: can't read capabilities
[ 149.852510][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[ 149.854998][ T809] usb 1-1: USB disconnect, device number 5
[ 150.618978][ T10] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[ 150.768809][ T10] usb 1-1: Using ep0 maxpacket: 8
[ 150.770917][ T10] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 150.770942][ T10] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 150.770963][ T10] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[ 150.770980][ T10] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[ 150.770991][ T10] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 150.771013][ T10] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 150.771030][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 150.979278][ T10] usb 1-1: GET_CAPABILITIES returned 0
[ 150.979312][ T10] usbtmc 1-1:16.0: can't read capabilities
[ 151.183283][ C1] ==================================================================
[ 151.183300][ C1] BUG: KASAN: slab-use-after-free in usb_anchor_suspend_wakeups+0x28/0x50
[ 151.183337][ C1] Write of size 4 at addr ffff8880368169d0 by task ktimers/1/29
[ 151.183352][ C1]
[ 151.183374][ C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
[ 151.183395][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 151.183409][ C1] Call Trace:
[ 151.183416][ C1]
[ 151.183422][ C1] dump_stack_lvl+0xe8/0x150
[ 151.183443][ C1] print_report+0xba/0x230
[ 151.183461][ C1] ? usb_anchor_suspend_wakeups+0x28/0x50
[ 151.183478][ C1] kasan_report+0x117/0x150
[ 151.183494][ C1] ? usb_anchor_suspend_wakeups+0x28/0x50
[ 151.183516][ C1] kasan_check_range+0x264/0x2c0
[ 151.183530][ C1] usb_anchor_suspend_wakeups+0x28/0x50
[ 151.183548][ C1] __usb_hcd_giveback_urb+0x264/0x5e0
[ 151.183566][ C1] dummy_timer+0x8a6/0x4710
[ 151.183587][ C1] ? __lock_acquire+0x6b5/0x2cf0
[ 151.183611][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 151.183638][ C1] ? __pfx_dummy_timer+0x10/0x10
[ 151.183658][ C1] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 151.183683][ C1] ? __pfx_dummy_timer+0x10/0x10
[ 151.183700][ C1] __hrtimer_run_queues+0x55f/0xda0
[ 151.183720][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10
[ 151.183733][ C1] ? read_tsc+0x9/0x20
[ 151.183753][ C1] hrtimer_run_softirq+0x192/0x5d0
[ 151.183770][ C1] handle_softirqs+0x1de/0x6f0
[ 151.183797][ C1] ? smpboot_thread_fn+0x4d/0xa50
[ 151.183818][ C1] run_ktimerd+0x69/0x100
[ 151.183830][ C1] smpboot_thread_fn+0x541/0xa50
[ 151.183851][ C1] ? smpboot_thread_fn+0x4d/0xa50
[ 151.183874][ C1] kthread+0x388/0x470
[ 151.183892][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10
[ 151.183911][ C1] ? __pfx_kthread+0x10/0x10
[ 151.183924][ C1] ret_from_fork+0x51e/0xb90
[ 151.183951][ C1] ? __pfx_ret_from_fork+0x10/0x10
[ 151.183968][ C1] ? __switch_to+0xc7d/0x1450
[ 151.183985][ C1] ? __pfx_kthread+0x10/0x10
[ 151.183998][ C1] ret_from_fork_asm+0x1a/0x30
[ 151.184017][ C1]
[ 151.184022][ C1]
[ 151.184026][ C1] Allocated by task 6693:
[ 151.184034][ C1] kasan_save_track+0x3e/0x80
[ 151.184054][ C1] __kasan_kmalloc+0x93/0xb0
[ 151.184070][ C1] __kmalloc_cache_noprof+0x3a6/0x690
[ 151.184087][ C1] usbtmc_open+0x9c/0x910
[ 151.184099][ C1] usb_open+0x159/0x1e0
[ 151.184114][ C1] chrdev_open+0x4d0/0x5f0
[ 151.184126][ C1] do_dentry_open+0x83d/0x13e0
[ 151.184140][ C1] vfs_open+0x3b/0x350
[ 151.184154][ C1] path_openat+0x2e43/0x38a0
[ 151.184171][ C1] do_file_open+0x23e/0x4a0
[ 151.184189][ C1] do_sys_openat2+0x113/0x200
[ 151.184203][ C1] __x64_sys_openat+0x138/0x170
[ 151.184216][ C1] do_syscall_64+0x14d/0xf80
[ 151.184233][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 151.184247][ C1]
[ 151.184250][ C1] Freed by task 6693:
[ 151.184257][ C1] kasan_save_track+0x3e/0x80
[ 151.184274][ C1] kasan_save_free_info+0x46/0x50
[ 151.184289][ C1] __kasan_slab_free+0x5c/0x80
[ 151.184306][ C1] kfree+0x1c1/0x6c0
[ 151.184324][ C1] usbtmc_release+0x249/0x280
[ 151.184336][ C1] __fput+0x461/0xa90
[ 151.184351][ C1] task_work_run+0x1d9/0x270
[ 151.184368][ C1] exit_to_user_mode_loop+0xed/0x480
[ 151.184389][ C1] do_syscall_64+0x32d/0xf80
[ 151.184407][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 151.184422][ C1]
[ 151.184427][ C1] The buggy address belongs to the object at ffff888036816800
[ 151.184427][ C1] which belongs to the cache kmalloc-1k of size 1024
[ 151.184441][ C1] The buggy address is located 464 bytes inside of
[ 151.184441][ C1] freed 1024-byte region [ffff888036816800, ffff888036816c00)
[ 151.184458][ C1]
[ 151.184463][ C1] The buggy address belongs to the physical page:
[ 151.184486][ C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888036813000 pfn:0x36810
[ 151.184500][ C1] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 151.184512][ C1] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[ 151.184530][ C1] page_type: f5(slab)
[ 151.184543][ C1] raw: 0080000000000240 ffff88813fe1cdc0 ffffea0000e04010 ffffea0000a7b210
[ 151.184554][ C1] raw: ffff888036813000 000000080010000d 00000000f5000000 0000000000000000
[ 151.184566][ C1] head: 0080000000000240 ffff88813fe1cdc0 ffffea0000e04010 ffffea0000a7b210
[ 151.184577][ C1] head: ffff888036813000 000000080010000d 00000000f5000000 0000000000000000
[ 151.184588][ C1] head: 0080000000000003 ffffea0000da0401 00000000ffffffff 00000000ffffffff
[ 151.184599][ C1] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[ 151.184606][ C1] page dumped because: kasan: bad access detected
[ 151.184616][ C1] page_owner tracks the page as allocated
[ 151.184625][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 29, tgid 29 (ktimers/1), ts 86459514796, free_ts 86289503176
[ 151.184651][ C1] post_alloc_hook+0x231/0x280
[ 151.184670][ C1] get_page_from_freelist+0x28bb/0x2950
[ 151.184698][ C1] __alloc_frozen_pages_noprof+0x18d/0x380
[ 151.184710][ C1] allocate_slab+0x77/0x660
[ 151.184724][ C1] refill_objects+0x334/0x3c0
[ 151.184737][ C1] __pcs_replace_empty_main+0x371/0x5c0
[ 151.184752][ C1] __kmalloc_noprof+0x530/0x7b0
[ 151.184770][ C1] ieee802_11_parse_elems_full+0x159/0x2ab0
[ 151.184785][ C1] ieee80211_inform_bss+0x161/0x1160
[ 151.184805][ C1] cfg80211_inform_single_bss_data+0xd2f/0x1bd0
[ 151.184824][ C1] cfg80211_inform_bss_data+0x266/0x3c40
[ 151.184840][ C1] cfg80211_inform_bss_frame_data+0x3c7/0x760
[ 151.184858][ C1] ieee80211_bss_info_update+0x794/0xa40
[ 151.184876][ C1] ieee80211_scan_rx+0x552/0xa40
[ 151.184893][ C1] ieee80211_rx_list+0x29fe/0x3740
[ 151.184907][ C1] ieee80211_rx_napi+0x1b1/0x3e0
[ 151.184920][ C1] page last free pid 5878 tgid 5878 stack trace:
[ 151.184930][ C1] __free_frozen_pages+0xfe3/0x1170
[ 151.184960][ C1] __slab_free+0x24f/0x2a0
[ 151.184973][ C1] qlist_free_all+0x97/0x100
[ 151.184997][ C1] kasan_quarantine_reduce+0x148/0x160
[ 151.185015][ C1] __kasan_slab_alloc+0x22/0x80
[ 151.185034][ C1] kmem_cache_alloc_noprof+0x33b/0x680
[ 151.185055][ C1] do_getname+0x2e/0x250
[ 151.185070][ C1] __se_sys_chroot+0x8d/0x3f0
[ 151.185086][ C1] do_syscall_64+0x14d/0xf80
[ 151.185108][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 151.185124][ C1]
[ 151.185128][ C1] Memory state around the buggy address:
[ 151.185138][ C1] ffff888036816880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 151.185150][ C1] ffff888036816900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 151.185162][ C1] >ffff888036816980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 151.185170][ C1] ^
[ 151.185179][ C1] ffff888036816a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 151.185191][ C1] ffff888036816a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 151.185198][ C1] ==================================================================
[ 151.185218][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 151.185232][ C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
[ 151.185252][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 151.185263][ C1] Call Trace:
[ 151.185270][ C1]
[ 151.185278][ C1] vpanic+0x56c/0xa60
[ 151.185303][ C1] ? __pfx_vpanic+0x10/0x10
[ 151.185331][ C1] panic+0xc5/0xd0
[ 151.185355][ C1] ? __pfx_panic+0x10/0x10
[ 151.185380][ C1] ? usb_anchor_suspend_wakeups+0x28/0x50
[ 151.185406][ C1] ? rcu_is_watching+0x15/0xb0
[ 151.185429][ C1] ? usb_anchor_suspend_wakeups+0x28/0x50
[ 151.185450][ C1] check_panic_on_warn+0x89/0xb0
[ 151.185471][ C1] ? usb_anchor_suspend_wakeups+0x28/0x50
[ 151.185493][ C1] end_report+0x73/0x180
[ 151.185509][ C1] ? usb_anchor_suspend_wakeups+0x28/0x50
[ 151.185531][ C1] kasan_report+0x128/0x150
[ 151.185548][ C1] ? usb_anchor_suspend_wakeups+0x28/0x50
[ 151.185574][ C1] kasan_check_range+0x264/0x2c0
[ 151.185594][ C1] usb_anchor_suspend_wakeups+0x28/0x50
[ 151.185619][ C1] __usb_hcd_giveback_urb+0x264/0x5e0
[ 151.185643][ C1] dummy_timer+0x8a6/0x4710
[ 151.185670][ C1] ? __lock_acquire+0x6b5/0x2cf0
[ 151.185695][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 151.185722][ C1] ? __pfx_dummy_timer+0x10/0x10
[ 151.185743][ C1] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 151.185770][ C1] ? __pfx_dummy_timer+0x10/0x10
[ 151.185790][ C1] __hrtimer_run_queues+0x55f/0xda0
[ 151.185818][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10
[ 151.185837][ C1] ? read_tsc+0x9/0x20
[ 151.185863][ C1] hrtimer_run_softirq+0x192/0x5d0
[ 151.185887][ C1] handle_softirqs+0x1de/0x6f0
[ 151.185915][ C1] ? smpboot_thread_fn+0x4d/0xa50
[ 151.185949][ C1] run_ktimerd+0x69/0x100
[ 151.185966][ C1] smpboot_thread_fn+0x541/0xa50
[ 151.185990][ C1] ? smpboot_thread_fn+0x4d/0xa50
[ 151.186015][ C1] kthread+0x388/0x470
[ 151.186034][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10
[ 151.186056][ C1] ? __pfx_kthread+0x10/0x10
[ 151.186074][ C1] ret_from_fork+0x51e/0xb90
[ 151.186097][ C1] ? __pfx_ret_from_fork+0x10/0x10
[ 151.186119][ C1] ? __switch_to+0xc7d/0x1450
[ 151.186140][ C1] ? __pfx_kthread+0x10/0x10
[ 151.186157][ C1] ret_from_fork_asm+0x1a/0x30
[ 151.186180][ C1]
[ 151.186449][ C1] Kernel Offset: disabled