Warning: Permanently added '10.128.1.179' (ED25519) to the list of known hosts.
2026/01/15 18:32:23 parsed 1 programs
[ 120.997442][ T6149] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 124.181842][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 124.190690][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 124.200575][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 124.208794][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 124.216531][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 124.853769][ T6187] chnl_net:caif_netlink_parms(): no params data found
[ 124.970430][ T6187] bridge0: port 1(bridge_slave_0) entered blocking state
[ 124.977793][ T6187] bridge0: port 1(bridge_slave_0) entered disabled state
[ 124.985983][ T6187] bridge_slave_0: entered allmulticast mode
[ 124.993269][ T6187] bridge_slave_0: entered promiscuous mode
[ 125.006702][ T6187] bridge0: port 2(bridge_slave_1) entered blocking state
[ 125.013947][ T6187] bridge0: port 2(bridge_slave_1) entered disabled state
[ 125.021733][ T6187] bridge_slave_1: entered allmulticast mode
[ 125.028850][ T6187] bridge_slave_1: entered promiscuous mode
[ 125.057438][ T6187] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 125.069806][ T6187] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 125.103652][ T6187] team0: Port device team_slave_0 added
[ 125.112864][ T6187] team0: Port device team_slave_1 added
[ 125.142341][ T6187] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 125.149394][ T6187] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 125.176244][ T6187] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 125.188804][ T6187] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 125.196644][ T6187] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 125.222957][ T6187] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 125.264160][ T6187] hsr_slave_0: entered promiscuous mode
[ 125.270822][ T6187] hsr_slave_1: entered promiscuous mode
[ 125.811555][ T6187] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 125.824235][ T6187] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 125.842394][ T6187] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 125.860610][ T6187] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 125.968236][ T6187] 8021q: adding VLAN 0 to HW filter on device bond0
[ 126.000398][ T6187] 8021q: adding VLAN 0 to HW filter on device team0
[ 126.014527][ T70] bridge0: port 1(bridge_slave_0) entered blocking state
[ 126.021678][ T70] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 126.052064][ T70] bridge0: port 2(bridge_slave_1) entered blocking state
[ 126.059463][ T70] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 126.307334][ T6187] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 126.369587][ T6187] veth0_vlan: entered promiscuous mode
[ 126.387199][ T6187] veth1_vlan: entered promiscuous mode
[ 126.428071][ T6187] veth0_macvtap: entered promiscuous mode
[ 126.440978][ T6187] veth1_macvtap: entered promiscuous mode
[ 126.464989][ T6187] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 126.483276][ T6187] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 126.503895][ T999] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 126.522960][ T999] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 126.544297][ T999] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 126.560345][ T999] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 126.706892][ T70] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 126.782075][ T70] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 126.882871][ T70] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 126.912456][ T3426] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 126.927331][ T3426] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 126.969267][ T70] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 127.007502][ T2905] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 127.016365][ T2905] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 129.064259][ T70] bridge_slave_1: left allmulticast mode
[ 129.070297][ T70] bridge_slave_1: left promiscuous mode
[ 129.085614][ T70] bridge0: port 2(bridge_slave_1) entered disabled state
[ 129.106063][ T70] bridge_slave_0: left allmulticast mode
[ 129.111764][ T70] bridge_slave_0: left promiscuous mode
[ 129.128957][ T70] bridge0: port 1(bridge_slave_0) entered disabled state
2026/01/15 18:32:35 executed programs: 0
[ 129.581391][ T5149] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 129.594018][ T5149] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 129.611956][ T5149] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 129.625801][ T5149] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 129.634255][ T5149] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 129.724665][ T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 129.743201][ T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 129.759029][ T70] bond0 (unregistering): Released all slaves
[ 129.866325][ T70] hsr_slave_0: left promiscuous mode
[ 129.872760][ T70] hsr_slave_1: left promiscuous mode
[ 129.880524][ T70] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 129.893887][ T70] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 129.904488][ T70] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 129.918288][ T70] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 129.944292][ T70] veth1_macvtap: left promiscuous mode
[ 129.950157][ T70] veth0_macvtap: left promiscuous mode
[ 129.956786][ T70] veth1_vlan: left promiscuous mode
[ 129.962145][ T70] veth0_vlan: left promiscuous mode
[ 130.386120][ T70] team0 (unregistering): Port device team_slave_1 removed
[ 130.415001][ T70] team0 (unregistering): Port device team_slave_0 removed
[ 130.844818][ T6363] chnl_net:caif_netlink_parms(): no params data found
[ 131.041541][ T6363] bridge0: port 1(bridge_slave_0) entered blocking state
[ 131.053983][ T6363] bridge0: port 1(bridge_slave_0) entered disabled state
[ 131.061759][ T6363] bridge_slave_0: entered allmulticast mode
[ 131.069678][ T6363] bridge_slave_0: entered promiscuous mode
[ 131.088273][ T6363] bridge0: port 2(bridge_slave_1) entered blocking state
[ 131.096364][ T6363] bridge0: port 2(bridge_slave_1) entered disabled state
[ 131.103621][ T6363] bridge_slave_1: entered allmulticast mode
[ 131.112530][ T6363] bridge_slave_1: entered promiscuous mode
[ 131.161054][ T6363] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 131.629383][ T6363] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 131.709883][ T6363] team0: Port device team_slave_0 added
[ 131.720292][ T6363] team0: Port device team_slave_1 added
[ 131.766589][ T5149] Bluetooth: hci0: command tx timeout
[ 131.796598][ T6363] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 131.803678][ T6363] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 131.841528][ T6363] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 131.854525][ T6363] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 131.861643][ T6363] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 131.889432][ T6363] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 131.982604][ T6363] hsr_slave_0: entered promiscuous mode
[ 131.989998][ T6363] hsr_slave_1: entered promiscuous mode
[ 132.749888][ T6363] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 132.760892][ T6363] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 132.771040][ T6363] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 132.782156][ T6363] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 132.882203][ T6363] 8021q: adding VLAN 0 to HW filter on device bond0
[ 132.924576][ T6363] 8021q: adding VLAN 0 to HW filter on device team0
[ 132.941059][ T70] bridge0: port 1(bridge_slave_0) entered blocking state
[ 132.948568][ T70] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 132.978489][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 132.979694][ T70] bridge0: port 2(bridge_slave_1) entered blocking state
[ 132.987101][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[ 132.995058][ T70] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 133.327490][ T6363] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 133.392339][ T6363] veth0_vlan: entered promiscuous mode
[ 133.413959][ T6363] veth1_vlan: entered promiscuous mode
[ 133.461544][ T6363] veth0_macvtap: entered promiscuous mode
[ 133.472644][ T6363] veth1_macvtap: entered promiscuous mode
[ 133.496966][ T6363] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 133.511135][ T6363] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 133.524826][ T2905] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 133.534545][ T2905] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 133.547165][ T2905] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 133.558145][ T2905] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 133.611685][ T2905] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 133.626564][ T2905] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 133.653385][ T3426] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 133.661405][ T3426] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 133.845622][ T5149] Bluetooth: hci0: command tx timeout
[ 133.945864][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 134.108156][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 134.118611][ T9] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[ 134.134395][ T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 134.143905][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 134.152754][ T9] usb 1-1: Product: syz
[ 134.156963][ T9] usb 1-1: Manufacturer: syz
[ 134.161557][ T9] usb 1-1: SerialNumber: syz
[ 134.378504][ T6466] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 134.388519][ T6466] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 134.406564][ T9] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[ 134.426650][ T9] usb 1-1: USB disconnect, device number 2
[ 134.835507][ T974] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[ 134.985441][ T974] usb 1-1: Using ep0 maxpacket: 8
[ 134.992831][ T974] usb 1-1: config index 0 descriptor too short (expected 301, got 72)
[ 135.001638][ T974] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[ 135.012366][ T974] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 135.022523][ T974] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 135.032703][ T974] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[ 135.043261][ T974] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 135.055425][ T974] usb 1-1: config 16 interface 0 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[ 135.068743][ T974] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 135.077899][ T974] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 135.291828][ T974] usb 1-1: usb_control_msg returned -32
[ 135.298495][ T974] usbtmc 1-1:16.0: can't read capabilities
[ 135.305601][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.312156][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.318563][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.324918][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.332011][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.338480][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.344674][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.350889][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.357344][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.363676][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.369907][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.377285][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.383420][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.389754][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.396185][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.402335][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.408448][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.414547][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.420685][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.426727][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.432970][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.439133][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.445379][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.451523][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.458023][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.465519][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.471830][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.478211][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.484438][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.490575][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.497096][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.503476][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.509518][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.515764][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.522005][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.528501][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.535625][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.541846][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.548073][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.554211][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.561331][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.567521][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.574115][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.580533][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.587141][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.593159][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.599435][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.606008][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.612778][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.618808][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.624918][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.631096][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.637481][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.644099][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.650670][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.657115][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.663371][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.669493][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.675835][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.682140][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.689419][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.695882][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.702398][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.709303][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.715756][ C1] usbtmc 1-1:16.0: invalid notification: 11
[ 135.721875][ C1] usbtmc 1-1:16.0: invalid notification: 1
[ 135.727967][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.734277][ C1] usbtmc 1-1:16.0: invalid notification: 0
[ 135.740454][ C1] usbtmc 1-1:16.0: invalid notification: 73
[ 135.746712][ C1] usbtmc 1-1:16.0: invalid notification: 33
[ 135.753364][ C1] usbtmc 1-1:16.0: invalid notification: 36
[ 135.759465][ C1] usbtmc 1-1:16.0: invalid notification: 8
[ 135.766265][ C1] ==================================================================
[ 135.774678][ C1] BUG: KASAN: slab-out-of-bounds in usbtmc_interrupt+0x4c7/0x730
[ 135.782407][ C1] Read of size 1 at addr ffff88814dc18821 by task kworker/1:4/5923
[ 135.790563][ C1]
[ 135.792930][ C1] CPU: 1 UID: 0 PID: 5923 Comm: kworker/1:4 Not tainted syzkaller #0 PREEMPT(full)
[ 135.792951][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 135.792960][ C1] Workqueue: mld mld_dad_work
[ 135.792988][ C1] Call Trace:
[ 135.792996][ C1]
[ 135.793002][ C1] dump_stack_lvl+0xe8/0x150
[ 135.793016][ C1] print_report+0xca/0x240
[ 135.793029][ C1] ? usbtmc_interrupt+0x4c7/0x730
[ 135.793043][ C1] kasan_report+0x118/0x150
[ 135.793056][ C1] ? usbtmc_interrupt+0x4c7/0x730
[ 135.793070][ C1] usbtmc_interrupt+0x4c7/0x730
[ 135.793082][ C1] ? usb_unanchor_urb+0xa5/0xc0
[ 135.793094][ C1] ? usb_anchor_suspend_wakeups+0x3b/0x50
[ 135.793106][ C1] __usb_hcd_giveback_urb+0x376/0x540
[ 135.793117][ C1] dummy_timer+0x85f/0x45b0
[ 135.793143][ C1] ? __pfx_dummy_timer+0x10/0x10
[ 135.793152][ C1] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 135.793169][ C1] ? __pfx_dummy_timer+0x10/0x10
[ 135.793178][ C1] ? __pfx_dummy_timer+0x10/0x10
[ 135.793187][ C1] __hrtimer_run_queues+0x51c/0xc30
[ 135.793205][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10
[ 135.793215][ C1] ? ktime_get_update_offsets_now+0x3b2/0x3d0
[ 135.793232][ C1] hrtimer_run_softirq+0x187/0x2b0
[ 135.793245][ C1] handle_softirqs+0x22b/0x7c0
[ 135.793261][ C1] ? do_softirq+0x76/0xd0
[ 135.793270][ C1] ? ipv6_get_lladdr+0x2aa/0x3f0
[ 135.793283][ C1] do_softirq+0x76/0xd0
[ 135.793292][ C1]
[ 135.793296][ C1]
[ 135.793299][ C1] __local_bh_enable_ip+0xf8/0x130
[ 135.793309][ C1] ipv6_get_lladdr+0x2aa/0x3f0
[ 135.793321][ C1] ? ipv6_get_lladdr+0x2b/0x3f0
[ 135.793333][ C1] mld_newpack+0x420/0xc40
[ 135.793344][ C1] ? mld_newpack+0x2aa/0xc40
[ 135.793355][ C1] ? __pfx_mld_newpack+0x10/0x10
[ 135.793366][ C1] ? rcu_is_watching+0x15/0xb0
[ 135.793377][ C1] ? trace_contention_end+0x39/0x100
[ 135.793390][ C1] ? __mutex_lock+0x2ff/0x1300
[ 135.793399][ C1] add_grhead+0x5a/0x2a0
[ 135.793410][ C1] ? add_grec+0x1360/0x1740
[ 135.793420][ C1] add_grec+0x1452/0x1740
[ 135.793432][ C1] ? __pfx___mutex_lock+0x10/0x10
[ 135.793441][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 135.793456][ C1] mld_send_initial_cr+0x288/0x550
[ 135.793467][ C1] mld_dad_work+0x46/0x490
[ 135.793477][ C1] ? process_one_work+0x868/0x15a0
[ 135.793486][ C1] process_one_work+0x93a/0x15a0
[ 135.793499][ C1] ? __pfx_process_one_work+0x10/0x10
[ 135.793507][ C1] ? do_raw_spin_lock+0x121/0x290
[ 135.793521][ C1] ? assign_work+0x3c7/0x5b0
[ 135.793530][ C1] worker_thread+0x9b0/0xee0
[ 135.793545][ C1] kthread+0x389/0x480
[ 135.793558][ C1] ? __pfx_worker_thread+0x10/0x10
[ 135.793566][ C1] ? __pfx_kthread+0x10/0x10
[ 135.793577][ C1] ret_from_fork+0x510/0xa50
[ 135.793587][ C1] ? __pfx_ret_from_fork+0x10/0x10
[ 135.793595][ C1] ? __switch_to+0xc9e/0x1480
[ 135.793609][ C1] ? __pfx_kthread+0x10/0x10
[ 135.793620][ C1] ret_from_fork_asm+0x1a/0x30
[ 135.793634][ C1]
[ 135.793638][ C1]
[ 136.097534][ C1] Allocated by task 974:
[ 136.101763][ C1] kasan_save_track+0x3e/0x80
[ 136.106447][ C1] __kasan_kmalloc+0x93/0xb0
[ 136.111117][ C1] __kmalloc_noprof+0x41d/0x800
[ 136.116070][ C1] usbtmc_probe+0xa38/0x1c90
[ 136.120662][ C1] usb_probe_interface+0x668/0xc90
[ 136.125761][ C1] really_probe+0x26d/0xad0
[ 136.130350][ C1] __driver_probe_device+0x18c/0x320
[ 136.135711][ C1] driver_probe_device+0x4f/0x240
[ 136.140985][ C1] __device_attach_driver+0x279/0x430
[ 136.146611][ C1] bus_for_each_drv+0x251/0x2e0
[ 136.151629][ C1] __device_attach+0x2b8/0x430
[ 136.156386][ C1] device_initial_probe+0xa1/0xd0
[ 136.161581][ C1] bus_probe_device+0x12a/0x220
[ 136.166696][ C1] device_add+0x7b6/0xb80
[ 136.171201][ C1] usb_set_configuration+0x1a87/0x2110
[ 136.176831][ C1] usb_generic_driver_probe+0x8d/0x150
[ 136.182461][ C1] usb_probe_device+0x1c4/0x3c0
[ 136.187392][ C1] really_probe+0x26d/0xad0
[ 136.191889][ C1] __driver_probe_device+0x18c/0x320
[ 136.197347][ C1] driver_probe_device+0x4f/0x240
[ 136.202996][ C1] __device_attach_driver+0x279/0x430
[ 136.208732][ C1] bus_for_each_drv+0x251/0x2e0
[ 136.213661][ C1] __device_attach+0x2b8/0x430
[ 136.218587][ C1] device_initial_probe+0xa1/0xd0
[ 136.223601][ C1] bus_probe_device+0x12a/0x220
[ 136.228618][ C1] device_add+0x7b6/0xb80
[ 136.232951][ C1] usb_new_device+0xa39/0x1720
[ 136.237724][ C1] hub_event+0x29b1/0x4ef0
[ 136.242181][ C1] process_one_work+0x93a/0x15a0
[ 136.247538][ C1] worker_thread+0x9b0/0xee0
[ 136.252157][ C1] kthread+0x389/0x480
[ 136.256594][ C1] ret_from_fork+0x510/0xa50
[ 136.261191][ C1] ret_from_fork_asm+0x1a/0x30
[ 136.265951][ C1]
[ 136.268373][ C1] The buggy address belongs to the object at ffff88814dc18820
[ 136.268373][ C1] which belongs to the cache kmalloc-8 of size 8
[ 136.282264][ C1] The buggy address is located 0 bytes to the right of
[ 136.282264][ C1] allocated 1-byte region [ffff88814dc18820, ffff88814dc18821)
[ 136.297205][ C1]
[ 136.299620][ C1] The buggy address belongs to the physical page:
[ 136.306973][ C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14dc18
[ 136.316071][ C1] flags: 0x57ff00000000000(node=1|zone=2|lastcpupid=0x7ff)
[ 136.323500][ C1] page_type: f5(slab)
[ 136.327476][ C1] raw: 057ff00000000000 ffff88813fe26500 dead000000000100 dead000000000122
[ 136.336135][ C1] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[ 136.344889][ C1] page dumped because: kasan: bad access detected
[ 136.351592][ C1] page_owner tracks the page as allocated
[ 136.357408][ C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 21962432162, free_ts 0
[ 136.375811][ C1] post_alloc_hook+0x23d/0x2a0
[ 136.381012][ C1] get_page_from_freelist+0x23a5/0x2440
[ 136.386899][ C1] __alloc_frozen_pages_noprof+0x181/0x370
[ 136.393039][ C1] alloc_pages_mpol+0x232/0x4a0
[ 136.398059][ C1] allocate_slab+0x87/0x670
[ 136.402734][ C1] ___slab_alloc+0xdb6/0x17b0
[ 136.407503][ C1] __slab_alloc+0x65/0x100
[ 136.412018][ C1] __kmalloc_node_track_caller_noprof+0x5d4/0x820
[ 136.418428][ C1] kstrdup+0x42/0x100
[ 136.422400][ C1] kobject_set_name_vargs+0x61/0x110
[ 136.427846][ C1] kobject_init_and_add+0xdd/0x190
[ 136.433138][ C1] lookup_or_create_module_kobject+0xe3/0x170
[ 136.439665][ C1] kernel_add_sysfs_param+0x14/0xe0
[ 136.445146][ C1] param_sysfs_builtin+0x18a/0x230
[ 136.450541][ C1] param_sysfs_builtin_init+0x23/0x30
[ 136.456020][ C1] do_one_initcall+0x1f1/0x800
[ 136.461596][ C1] page_owner free stack trace missing
[ 136.468156][ C1]
[ 136.471087][ C1] Memory state around the buggy address:
[ 136.478023][ C1] ffff88814dc18700: fa fc fc fc fa fc fc fc 00 fc fc fc 06 fc fc fc
[ 136.486366][ C1] ffff88814dc18780: 00 fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc
[ 136.494918][ C1] >ffff88814dc18800: fa fc fc fc 01 fc fc fc 00 fc fc fc fa fc fc fc
[ 136.503162][ C1] ^
[ 136.508372][ C1] ffff88814dc18880: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc
[ 136.516871][ C1] ffff88814dc18900: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc
[ 136.525095][ C1] ==================================================================
[ 136.533289][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 136.540495][ C1] CPU: 1 UID: 0 PID: 5923 Comm: kworker/1:4 Not tainted syzkaller #0 PREEMPT(full)
[ 136.550033][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 136.560440][ C1] Workqueue: mld mld_dad_work
[ 136.565304][ C1] Call Trace:
[ 136.568684][ C1]
[ 136.571532][ C1] vpanic+0x1e0/0x670
[ 136.575690][ C1] panic+0xb9/0xc0
[ 136.579496][ C1] ? __pfx_panic+0x10/0x10
[ 136.583906][ C1] ? usbtmc_interrupt+0x4c7/0x730
[ 136.589544][ C1] ? usbtmc_interrupt+0x4c7/0x730
[ 136.594647][ C1] ? usbtmc_interrupt+0x4c7/0x730
[ 136.599924][ C1] check_panic_on_warn+0x89/0xb0
[ 136.605102][ C1] ? usbtmc_interrupt+0x4c7/0x730
[ 136.610466][ C1] end_report+0x6f/0x140
[ 136.614700][ C1] kasan_report+0x129/0x150
[ 136.619286][ C1] ? usbtmc_interrupt+0x4c7/0x730
[ 136.624320][ C1] usbtmc_interrupt+0x4c7/0x730
[ 136.629258][ C1] ? usb_unanchor_urb+0xa5/0xc0
[ 136.634561][ C1] ? usb_anchor_suspend_wakeups+0x3b/0x50
[ 136.640621][ C1] __usb_hcd_giveback_urb+0x376/0x540
[ 136.646155][ C1] dummy_timer+0x85f/0x45b0
[ 136.650960][ C1] ? __pfx_dummy_timer+0x10/0x10
[ 136.656005][ C1] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 136.662188][ C1] ? __pfx_dummy_timer+0x10/0x10
[ 136.667479][ C1] ? __pfx_dummy_timer+0x10/0x10
[ 136.672879][ C1] __hrtimer_run_queues+0x51c/0xc30
[ 136.678461][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10
[ 136.684372][ C1] ? ktime_get_update_offsets_now+0x3b2/0x3d0
[ 136.690644][ C1] hrtimer_run_softirq+0x187/0x2b0
[ 136.695851][ C1] handle_softirqs+0x22b/0x7c0
[ 136.701178][ C1] ? do_softirq+0x76/0xd0
[ 136.705970][ C1] ? ipv6_get_lladdr+0x2aa/0x3f0
[ 136.711029][ C1] do_softirq+0x76/0xd0
[ 136.715285][ C1]
[ 136.718319][ C1]
[ 136.721340][ C1] __local_bh_enable_ip+0xf8/0x130
[ 136.726801][ C1] ipv6_get_lladdr+0x2aa/0x3f0
[ 136.731647][ C1] ? ipv6_get_lladdr+0x2b/0x3f0
[ 136.736501][ C1] mld_newpack+0x420/0xc40
[ 136.740998][ C1] ? mld_newpack+0x2aa/0xc40
[ 136.746122][ C1] ? __pfx_mld_newpack+0x10/0x10
[ 136.751265][ C1] ? rcu_is_watching+0x15/0xb0
[ 136.756389][ C1] ? trace_contention_end+0x39/0x100
[ 136.761675][ C1] ? __mutex_lock+0x2ff/0x1300
[ 136.766793][ C1] add_grhead+0x5a/0x2a0
[ 136.771326][ C1] ? add_grec+0x1360/0x1740
[ 136.775838][ C1] add_grec+0x1452/0x1740
[ 136.780263][ C1] ? __pfx___mutex_lock+0x10/0x10
[ 136.785278][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 136.790835][ C1] mld_send_initial_cr+0x288/0x550
[ 136.795961][ C1] mld_dad_work+0x46/0x490
[ 136.800474][ C1] ? process_one_work+0x868/0x15a0
[ 136.805578][ C1] process_one_work+0x93a/0x15a0
[ 136.810512][ C1] ? __pfx_process_one_work+0x10/0x10
[ 136.816137][ C1] ? do_raw_spin_lock+0x121/0x290
[ 136.821349][ C1] ? assign_work+0x3c7/0x5b0
[ 136.826108][ C1] worker_thread+0x9b0/0xee0
[ 136.830806][ C1] kthread+0x389/0x480
[ 136.834920][ C1] ? __pfx_worker_thread+0x10/0x10
[ 136.840758][ C1] ? __pfx_kthread+0x10/0x10
[ 136.845529][ C1] ret_from_fork+0x510/0xa50
[ 136.850307][ C1] ? __pfx_ret_from_fork+0x10/0x10
[ 136.855771][ C1] ? __switch_to+0xc9e/0x1480
[ 136.860642][ C1] ? __pfx_kthread+0x10/0x10
[ 136.865256][ C1] ret_from_fork_asm+0x1a/0x30
[ 136.870378][ C1]
[ 136.873533][ C1] Kernel Offset: disabled
[ 136.877935][ C1] Rebooting in 86400 seconds..