Warning: Permanently added '10.128.0.207' (ED25519) to the list of known hosts.
2025/11/06 16:55:34 parsed 1 programs
[ 117.020931][ T6165] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 119.810766][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 119.818794][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 119.846341][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 119.854195][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 121.120451][ T6199] chnl_net:caif_netlink_parms(): no params data found
[ 121.200593][ T6199] bridge0: port 1(bridge_slave_0) entered blocking state
[ 121.207841][ T6199] bridge0: port 1(bridge_slave_0) entered disabled state
[ 121.214985][ T6199] bridge_slave_0: entered allmulticast mode
[ 121.222055][ T6199] bridge_slave_0: entered promiscuous mode
[ 121.230826][ T6199] bridge0: port 2(bridge_slave_1) entered blocking state
[ 121.238650][ T6199] bridge0: port 2(bridge_slave_1) entered disabled state
[ 121.246223][ T6199] bridge_slave_1: entered allmulticast mode
[ 121.253223][ T6199] bridge_slave_1: entered promiscuous mode
[ 121.293163][ T6199] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 121.306031][ T6199] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 121.335576][ T6199] team0: Port device team_slave_0 added
[ 121.343550][ T6199] team0: Port device team_slave_1 added
[ 121.368642][ T6199] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 121.376649][ T6199] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 121.402727][ T6199] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 121.415472][ T6199] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 121.422511][ T6199] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 121.449445][ T6199] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 121.520115][ T6199] hsr_slave_0: entered promiscuous mode
[ 121.527048][ T6199] hsr_slave_1: entered promiscuous mode
[ 122.083881][ T6199] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 122.095651][ T6199] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 122.106946][ T6199] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 122.118591][ T6199] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 122.221870][ T6199] 8021q: adding VLAN 0 to HW filter on device bond0
[ 122.253185][ T6199] 8021q: adding VLAN 0 to HW filter on device team0
[ 122.269641][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 122.276844][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 122.296167][ T37] bridge0: port 2(bridge_slave_1) entered blocking state
[ 122.303394][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 122.558409][ T6199] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 122.624989][ T6199] veth0_vlan: entered promiscuous mode
[ 122.641883][ T6199] veth1_vlan: entered promiscuous mode
[ 122.688975][ T6199] veth0_macvtap: entered promiscuous mode
[ 122.701186][ T6199] veth1_macvtap: entered promiscuous mode
[ 122.728349][ T6199] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 122.747984][ T6199] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 122.767893][ T37] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 122.786794][ T37] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 122.806884][ T37] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 122.817084][ T37] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 122.981022][ T1140] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 123.087872][ T1140] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 123.177524][ T1140] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 123.279821][ T1140] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 124.860458][ T5145] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 124.868990][ T5145] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 124.879646][ T5145] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 124.889110][ T5145] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 124.897112][ T5145] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 125.387350][ T1140] bridge_slave_1: left allmulticast mode
[ 125.404305][ T1140] bridge_slave_1: left promiscuous mode
[ 125.413721][ T1140] bridge0: port 2(bridge_slave_1) entered disabled state
[ 125.445571][ T1140] bridge_slave_0: left allmulticast mode
[ 125.451254][ T1140] bridge_slave_0: left promiscuous mode
[ 125.465333][ T1140] bridge0: port 1(bridge_slave_0) entered disabled state
2025/11/06 16:55:46 executed programs: 0
[ 125.778836][ T5909] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 125.791069][ T5909] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 125.800000][ T5909] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 125.819178][ T5909] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 125.827199][ T5909] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 126.037246][ T1140] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 126.052323][ T1140] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 126.066587][ T1140] bond0 (unregistering): Released all slaves
[ 126.213079][ T1140] hsr_slave_0: left promiscuous mode
[ 126.219598][ T1140] hsr_slave_1: left promiscuous mode
[ 126.227214][ T1140] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 126.234631][ T1140] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 126.243596][ T1140] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 126.252443][ T1140] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 126.272430][ T1140] veth1_macvtap: left promiscuous mode
[ 126.278191][ T1140] veth0_macvtap: left promiscuous mode
[ 126.283901][ T1140] veth1_vlan: left promiscuous mode
[ 126.290543][ T1140] veth0_vlan: left promiscuous mode
[ 126.761145][ T1140] team0 (unregistering): Port device team_slave_1 removed
[ 126.798329][ T1140] team0 (unregistering): Port device team_slave_0 removed
[ 127.236977][ T6365] chnl_net:caif_netlink_parms(): no params data found
[ 127.395323][ T6365] bridge0: port 1(bridge_slave_0) entered blocking state
[ 127.402533][ T6365] bridge0: port 1(bridge_slave_0) entered disabled state
[ 127.410448][ T6365] bridge_slave_0: entered allmulticast mode
[ 127.421663][ T6365] bridge_slave_0: entered promiscuous mode
[ 127.435415][ T6365] bridge0: port 2(bridge_slave_1) entered blocking state
[ 127.442716][ T6365] bridge0: port 2(bridge_slave_1) entered disabled state
[ 127.454576][ T6365] bridge_slave_1: entered allmulticast mode
[ 127.463443][ T6365] bridge_slave_1: entered promiscuous mode
[ 127.519120][ T6365] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 127.533604][ T6365] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 127.896932][ T5145] Bluetooth: hci0: command tx timeout
[ 127.966057][ T6365] team0: Port device team_slave_0 added
[ 127.975365][ T6365] team0: Port device team_slave_1 added
[ 128.040331][ T6365] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 128.047473][ T6365] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 128.074244][ T6365] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 128.088255][ T6365] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 128.095669][ T6365] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 128.122219][ T6365] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 128.290029][ T6365] hsr_slave_0: entered promiscuous mode
[ 128.299116][ T6365] hsr_slave_1: entered promiscuous mode
[ 128.854714][ T6365] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 128.865977][ T6365] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 128.877658][ T6365] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 128.889488][ T6365] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 128.999115][ T6365] 8021q: adding VLAN 0 to HW filter on device bond0
[ 129.024988][ T6365] 8021q: adding VLAN 0 to HW filter on device team0
[ 129.040274][ T1025] bridge0: port 1(bridge_slave_0) entered blocking state
[ 129.047467][ T1025] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 129.066128][ T1140] bridge0: port 2(bridge_slave_1) entered blocking state
[ 129.073423][ T1140] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 129.327780][ T6365] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 129.410852][ T6365] veth0_vlan: entered promiscuous mode
[ 129.439459][ T6365] veth1_vlan: entered promiscuous mode
[ 129.514730][ T6365] veth0_macvtap: entered promiscuous mode
[ 129.534138][ T6365] veth1_macvtap: entered promiscuous mode
[ 129.557886][ T6365] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 129.583470][ T6365] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 129.617431][ T1025] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 129.634016][ T1025] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 129.682125][ T1025] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 129.701311][ T1140] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 129.793652][ T1140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 129.809613][ T1140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 129.844837][ T1025] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 129.853116][ T1025] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 129.975784][ T5145] Bluetooth: hci0: command tx timeout
[ 130.155476][ T5880] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 130.338641][ T5880] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 130.348884][ T5880] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[ 130.364640][ T5880] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 130.373781][ T5880] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 130.382333][ T5880] usb 1-1: Product: syz
[ 130.386567][ T5880] usb 1-1: Manufacturer: syz
[ 130.391251][ T5880] usb 1-1: SerialNumber: syz
[ 130.603590][ T6478] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 130.613085][ T6478] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 130.633097][ T5880] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[ 130.646473][ T5880] usb 1-1: USB disconnect, device number 2
[ 131.075164][ T5880] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[ 131.225147][ T5880] usb 1-1: Using ep0 maxpacket: 8
[ 131.231593][ T5880] usb 1-1: config index 0 descriptor too short (expected 301, got 72)
[ 131.240045][ T5880] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[ 131.251407][ T5880] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 131.261227][ T5880] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 131.271005][ T5880] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[ 131.281498][ T5880] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 131.293151][ T5880] usb 1-1: config 16 interface 0 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[ 131.306433][ T5880] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 131.315725][ T5880] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 131.527705][ T5880] usb 1-1: usb_control_msg returned -32
[ 131.533302][ T5880] usbtmc 1-1:16.0: can't read capabilities
[ 131.539506][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.545998][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.552119][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.558834][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.564930][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.571081][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.577414][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.583425][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.589514][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.595861][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.601831][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.607922][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.613913][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.619881][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.625936][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.631914][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.638428][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.644404][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.650437][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.656964][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.662942][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.669589][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.675661][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.681667][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.687720][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.693770][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.699799][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.705879][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.711992][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.717970][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.724086][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.730057][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.736053][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.742160][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.748165][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.754159][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.760377][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.766420][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.772422][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.778432][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.784822][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.790812][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.796796][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.802865][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.808895][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.814914][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.821149][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.827333][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.833683][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.839734][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.845792][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.851791][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.858269][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.864351][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.870510][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.876881][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.882867][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.889449][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.895688][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.901765][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.908215][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.914240][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.920271][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.926312][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.932327][ C0] usbtmc 1-1:16.0: invalid notification: 11
[ 131.938472][ C0] usbtmc 1-1:16.0: invalid notification: 1
[ 131.944505][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.950541][ C0] usbtmc 1-1:16.0: invalid notification: 0
[ 131.956576][ C0] usbtmc 1-1:16.0: invalid notification: 73
[ 131.962810][ C0] usbtmc 1-1:16.0: invalid notification: 33
[ 131.969114][ C0] usbtmc 1-1:16.0: invalid notification: 36
[ 131.975715][ C0] usbtmc 1-1:16.0: invalid notification: 8
[ 131.981697][ C0] ==================================================================
[ 131.989828][ C0] BUG: KASAN: slab-out-of-bounds in usbtmc_interrupt+0x4c7/0x730
[ 131.997561][ C0] Read of size 1 at addr ffff88801f2869c1 by task kworker/0:0/9
[ 132.005169][ C0]
[ 132.007493][ C0] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted syzkaller #0 PREEMPT(full)
[ 132.007505][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 132.007512][ C0] Workqueue: mld mld_dad_work
[ 132.007534][ C0] Call Trace:
[ 132.007542][ C0]
[ 132.007547][ C0] dump_stack_lvl+0x189/0x250
[ 132.007559][ C0] ? __virt_addr_valid+0x1c8/0x5c0
[ 132.007571][ C0] ? rcu_is_watching+0x15/0xb0
[ 132.007582][ C0] ? __kasan_check_byte+0x12/0x40
[ 132.007595][ C0] ? __pfx_dump_stack_lvl+0x10/0x10
[ 132.007606][ C0] ? rcu_is_watching+0x15/0xb0
[ 132.007616][ C0] ? lock_release+0x4b/0x3e0
[ 132.007626][ C0] ? __virt_addr_valid+0x1c8/0x5c0
[ 132.007638][ C0] ? __virt_addr_valid+0x4a5/0x5c0
[ 132.007650][ C0] print_report+0xca/0x240
[ 132.007662][ C0] ? usbtmc_interrupt+0x4c7/0x730
[ 132.007675][ C0] kasan_report+0x118/0x150
[ 132.007688][ C0] ? usbtmc_interrupt+0x4c7/0x730
[ 132.007702][ C0] usbtmc_interrupt+0x4c7/0x730
[ 132.007714][ C0] ? usb_unanchor_urb+0xa5/0xc0
[ 132.007726][ C0] ? usb_anchor_suspend_wakeups+0x3b/0x50
[ 132.007738][ C0] __usb_hcd_giveback_urb+0x376/0x540
[ 132.007749][ C0] dummy_timer+0x85f/0x45b0
[ 132.007770][ C0] ? __pfx_dummy_timer+0x10/0x10
[ 132.007781][ C0] ? __pfx_dummy_timer+0x10/0x10
[ 132.007790][ C0] ? __pfx_dummy_timer+0x10/0x10
[ 132.007799][ C0] __hrtimer_run_queues+0x52c/0xc60
[ 132.007810][ C0] ? ktime_get_update_offsets_now+0x67/0x3d0
[ 132.007824][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10
[ 132.007835][ C0] ? read_tsc+0x9/0x20
[ 132.007848][ C0] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 132.007859][ C0] hrtimer_run_softirq+0x187/0x2b0
[ 132.007872][ C0] handle_softirqs+0x286/0x870
[ 132.007882][ C0] ? __irq_exit_rcu+0xca/0x1f0
[ 132.007893][ C0] ? __pfx_handle_softirqs+0x10/0x10
[ 132.007904][ C0] __irq_exit_rcu+0xca/0x1f0
[ 132.007914][ C0] ? __pfx___irq_exit_rcu+0x10/0x10
[ 132.007925][ C0] irq_exit_rcu+0x9/0x30
[ 132.007933][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 132.007945][ C0]
[ 132.007948][ C0]
[ 132.007951][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 132.007962][ C0] RIP: 0010:__sanitizer_cov_trace_const_cmp4+0x37/0x90
[ 132.007974][ C0] Code: 08 40 ba 92 65 8b 0d 38 6d f8 10 81 e1 00 01 ff 00 74 11 81 f9 00 01 00 00 75 5b 83 ba 84 16 00 00 00 74 52 8b 8a 60 16 00 00 <83> f9 03 75 47 48 8b 8a 68 16 00 00 44 8b 8a 64 16 00 00 49 c1 e1
[ 132.007982][ C0] RSP: 0018:ffffc900000e75d8 EFLAGS: 00000246
[ 132.007990][ C0] RAX: ffffffff8a10ccc4 RBX: 0000000000000000 RCX: 0000000000000000
[ 132.007996][ C0] RDX: ffff88801d690000 RSI: 0000000000000000 RDI: 0000000000000000
[ 132.008002][ C0] RBP: ffffc900000e7718 R08: 0000000000000000 R09: ffffffff8a1d7dde
[ 132.008009][ C0] R10: 00000000fffffff5 R11: 0000000000000000 R12: 0000000000000060
[ 132.008015][ C0] R13: ffff88807d898460 R14: 1ffff1100fb1308c R15: ffff8880325d5280
[ 132.008023][ C0] ? ipv6_chk_mcast_addr+0x2e/0x860
[ 132.008032][ C0] ? ip6_finish_output2+0x7e4/0x1480
[ 132.008045][ C0] ip6_finish_output2+0x7e4/0x1480
[ 132.008057][ C0] ? __pfx_ip6_finish_output2+0x10/0x10
[ 132.008068][ C0] ? ip6_mtu+0x7d/0x490
[ 132.008076][ C0] ? ip6_mtu+0x38c/0x490
[ 132.008085][ C0] ? ip6_finish_output+0x2ef/0x4e0
[ 132.008093][ C0] ? ip6_output+0x126/0x550
[ 132.008102][ C0] ip6_output+0x340/0x550
[ 132.008111][ C0] NF_HOOK+0x9e/0x380
[ 132.008121][ C0] ? NF_HOOK+0x101/0x380
[ 132.008136][ C0] ? __pfx_NF_HOOK+0x10/0x10
[ 132.008146][ C0] ? __pfx_dst_output+0x10/0x10
[ 132.008155][ C0] ? icmp6_dst_alloc+0x3a5/0x420
[ 132.008164][ C0] ? icmp6_dst_alloc+0x3a5/0x420
[ 132.008174][ C0] mld_sendpack+0x8d4/0xe60
[ 132.008187][ C0] ? mld_sendpack+0x1e7/0xe60
[ 132.008197][ C0] ? __pfx_mld_sendpack+0x10/0x10
[ 132.008209][ C0] ? mld_send_initial_cr+0x352/0x550
[ 132.008219][ C0] mld_dad_work+0x46/0x490
[ 132.008229][ C0] ? process_one_work+0x868/0x15d0
[ 132.008238][ C0] process_one_work+0x94a/0x15d0
[ 132.008247][ C0] ? __lock_acquire+0xab9/0xd20
[ 132.008259][ C0] ? __pfx_process_one_work+0x10/0x10
[ 132.008270][ C0] ? assign_work+0x3a1/0x410
[ 132.008280][ C0] worker_thread+0x9b0/0xee0
[ 132.008305][ C0] kthread+0x711/0x8a0
[ 132.008328][ C0] ? __pfx_worker_thread+0x10/0x10
[ 132.008345][ C0] ? __pfx_kthread+0x10/0x10
[ 132.008365][ C0] ? _raw_spin_unlock_irq+0x23/0x50
[ 132.008377][ C0] ? lockdep_hardirqs_on+0x9c/0x150
[ 132.008389][ C0] ? __pfx_kthread+0x10/0x10
[ 132.008400][ C0] ret_from_fork+0x599/0xb30
[ 132.008410][ C0] ? __pfx_ret_from_fork+0x10/0x10
[ 132.008420][ C0] ? __switch_to_asm+0x39/0x70
[ 132.008431][ C0] ? __switch_to_asm+0x33/0x70
[ 132.008442][ C0] ? __pfx_kthread+0x10/0x10
[ 132.008453][ C0] ret_from_fork_asm+0x1a/0x30
[ 132.008468][ C0]
[ 132.008472][ C0]
[ 132.085184][ T5145] Bluetooth: hci0: command tx timeout
[ 132.086714][ C0] Allocated by task 5880:
[ 132.486860][ C0] kasan_save_track+0x3e/0x80
[ 132.491542][ C0] __kasan_kmalloc+0x93/0xb0
[ 132.496118][ C0] __kmalloc_noprof+0x41d/0x800
[ 132.500950][ C0] usbtmc_probe+0xa38/0x1c90
[ 132.505521][ C0] usb_probe_interface+0x668/0xc90
[ 132.510611][ C0] really_probe+0x26d/0xad0
[ 132.515190][ C0] __driver_probe_device+0x18c/0x320
[ 132.520630][ C0] driver_probe_device+0x4f/0x240
[ 132.525636][ C0] __device_attach_driver+0x279/0x430
[ 132.530996][ C0] bus_for_each_drv+0x251/0x2e0
[ 132.535826][ C0] __device_attach+0x2b8/0x430
[ 132.540571][ C0] bus_probe_device+0x185/0x260
[ 132.545405][ C0] device_add+0x7b6/0xb80
[ 132.549802][ C0] usb_set_configuration+0x1a87/0x2110
[ 132.555249][ C0] usb_generic_driver_probe+0x8d/0x150
[ 132.560778][ C0] usb_probe_device+0x1c4/0x3c0
[ 132.565605][ C0] really_probe+0x26d/0xad0
[ 132.570090][ C0] __driver_probe_device+0x18c/0x320
[ 132.575368][ C0] driver_probe_device+0x4f/0x240
[ 132.580373][ C0] __device_attach_driver+0x279/0x430
[ 132.585729][ C0] bus_for_each_drv+0x251/0x2e0
[ 132.590564][ C0] __device_attach+0x2b8/0x430
[ 132.595311][ C0] bus_probe_device+0x185/0x260
[ 132.600145][ C0] device_add+0x7b6/0xb80
[ 132.604453][ C0] usb_new_device+0xa39/0x1720
[ 132.609200][ C0] hub_event+0x29b1/0x4ef0
[ 132.613597][ C0] process_one_work+0x94a/0x15d0
[ 132.618514][ C0] worker_thread+0x9b0/0xee0
[ 132.623125][ C0] kthread+0x711/0x8a0
[ 132.627264][ C0] ret_from_fork+0x599/0xb30
[ 132.631839][ C0] ret_from_fork_asm+0x1a/0x30
[ 132.636593][ C0]
[ 132.638898][ C0] The buggy address belongs to the object at ffff88801f2869c0
[ 132.638898][ C0] which belongs to the cache kmalloc-8 of size 8
[ 132.652593][ C0] The buggy address is located 0 bytes to the right of
[ 132.652593][ C0] allocated 1-byte region [ffff88801f2869c0, ffff88801f2869c1)
[ 132.666903][ C0]
[ 132.669226][ C0] The buggy address belongs to the physical page:
[ 132.675623][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1f286
[ 132.684367][ C0] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 132.691464][ C0] page_type: f5(slab)
[ 132.695432][ C0] raw: 00fff00000000000 ffff88813fe26500 dead000000000100 dead000000000122
[ 132.703993][ C0] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[ 132.712549][ C0] page dumped because: kasan: bad access detected
[ 132.718941][ C0] page_owner tracks the page as allocated
[ 132.724633][ C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 2978211228, free_ts 2849521976
[ 132.743113][ C0] post_alloc_hook+0x240/0x2a0
[ 132.747870][ C0] get_page_from_freelist+0x2365/0x2440
[ 132.753400][ C0] __alloc_frozen_pages_noprof+0x181/0x370
[ 132.759190][ C0] alloc_pages_mpol+0x232/0x4a0
[ 132.764023][ C0] allocate_slab+0x96/0x350
[ 132.768506][ C0] ___slab_alloc+0xf56/0x1990
[ 132.773157][ C0] __slab_alloc+0x65/0x100
[ 132.777567][ C0] __kmalloc_noprof+0x47d/0x800
[ 132.782401][ C0] acpi_ns_internalize_name+0x346/0x470
[ 132.787931][ C0] acpi_ns_get_node_unlocked+0x16d/0x470
[ 132.793549][ C0] acpi_ns_get_node+0x76/0xc0
[ 132.798211][ C0] acpi_get_handle+0x186/0x2a0
[ 132.802956][ C0] acpi_has_method+0x86/0xd0
[ 132.807526][ C0] acpi_is_video_device+0x97/0x1b0
[ 132.812618][ C0] acpi_init_device_object+0x22ea/0x29a0
[ 132.818228][ C0] acpi_add_single_object+0x103/0x1b10
[ 132.823684][ C0] page last free pid 1 tgid 1 stack trace:
[ 132.829465][ C0] __free_frozen_pages+0xbc8/0xd30
[ 132.834558][ C0] __put_partials+0x146/0x170
[ 132.839209][ C0] put_cpu_partial+0x1f2/0x2e0
[ 132.843952][ C0] __slab_free+0x2b9/0x390
[ 132.848355][ C0] qlist_free_all+0x97/0x140
[ 132.852926][ C0] kasan_quarantine_remove_cache+0x16a/0x190
[ 132.858883][ C0] kmem_cache_shrink+0xd/0x20
[ 132.863542][ C0] acpi_os_purge_cache+0x15/0x20
[ 132.868456][ C0] acpi_purge_cached_objects+0xd5/0x100
[ 132.873980][ C0] acpi_initialize_objects+0x2e/0xb0
[ 132.879255][ C0] acpi_bus_init+0xb4/0x550
[ 132.883765][ C0] acpi_init+0xa1/0x1f0
[ 132.887921][ C0] do_one_initcall+0x25a/0x860
[ 132.892704][ C0] do_initcall_level+0x104/0x190
[ 132.897663][ C0] do_initcalls+0x59/0xa0
[ 132.902015][ C0] kernel_init_freeable+0x334/0x4b0
[ 132.907217][ C0]
[ 132.909521][ C0] Memory state around the buggy address:
[ 132.915129][ C0] ffff88801f286880: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc
[ 132.923173][ C0] ffff88801f286900: 00 fc fc fc 00 fc fc fc 00 fc fc fc 00 fc fc fc
[ 132.931220][ C0] >ffff88801f286980: 00 fc fc fc fa fc fc fc 01 fc fc fc 00 fc fc fc
[ 132.939256][ C0] ^
[ 132.945382][ C0] ffff88801f286a00: fa fc fc fc 00 fc fc fc fa fc fc fc fa fc fc fc
[ 132.953421][ C0] ffff88801f286a80: fa fc fc fc 00 fc fc fc 02 fc fc fc 00 fc fc fc
[ 132.961456][ C0] ==================================================================
[ 132.969500][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 132.976675][ C0] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted syzkaller #0 PREEMPT(full)
[ 132.985762][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 132.995885][ C0] Workqueue: mld mld_dad_work
[ 133.000556][ C0] Call Trace:
[ 133.003825][ C0]
[ 133.006649][ C0] dump_stack_lvl+0x99/0x250
[ 133.011229][ C0] ? __asan_memcpy+0x40/0x70
[ 133.015812][ C0] ? __pfx_dump_stack_lvl+0x10/0x10
[ 133.021007][ C0] ? __pfx__printk+0x10/0x10
[ 133.025593][ C0] vpanic+0x237/0x6d0
[ 133.029553][ C0] ? __pfx_vpanic+0x10/0x10
[ 133.034046][ C0] panic+0xb9/0xc0
[ 133.037745][ C0] ? __pfx_panic+0x10/0x10
[ 133.042144][ C0] ? do_raw_spin_unlock+0x122/0x240
[ 133.047332][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 133.053644][ C0] ? usbtmc_interrupt+0x4c7/0x730
[ 133.058653][ C0] check_panic_on_warn+0x89/0xb0
[ 133.063578][ C0] ? usbtmc_interrupt+0x4c7/0x730
[ 133.068586][ C0] end_report+0x78/0x160
[ 133.072818][ C0] kasan_report+0x129/0x150
[ 133.077309][ C0] ? usbtmc_interrupt+0x4c7/0x730
[ 133.082322][ C0] usbtmc_interrupt+0x4c7/0x730
[ 133.087155][ C0] ? usb_unanchor_urb+0xa5/0xc0
[ 133.091986][ C0] ? usb_anchor_suspend_wakeups+0x3b/0x50
[ 133.097709][ C0] __usb_hcd_giveback_urb+0x376/0x540
[ 133.103080][ C0] dummy_timer+0x85f/0x45b0
[ 133.107673][ C0] ? __pfx_dummy_timer+0x10/0x10
[ 133.112594][ C0] ? __pfx_dummy_timer+0x10/0x10
[ 133.117599][ C0] ? __pfx_dummy_timer+0x10/0x10
[ 133.122515][ C0] __hrtimer_run_queues+0x52c/0xc60
[ 133.127694][ C0] ? ktime_get_update_offsets_now+0x67/0x3d0
[ 133.133663][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10
[ 133.139365][ C0] ? read_tsc+0x9/0x20
[ 133.143421][ C0] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 133.149211][ C0] hrtimer_run_softirq+0x187/0x2b0
[ 133.154351][ C0] handle_softirqs+0x286/0x870
[ 133.159098][ C0] ? __irq_exit_rcu+0xca/0x1f0
[ 133.163940][ C0] ? __pfx_handle_softirqs+0x10/0x10
[ 133.169210][ C0] __irq_exit_rcu+0xca/0x1f0
[ 133.173872][ C0] ? __pfx___irq_exit_rcu+0x10/0x10
[ 133.179053][ C0] irq_exit_rcu+0x9/0x30
[ 133.183281][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 133.188901][ C0]
[ 133.191814][ C0]
[ 133.194726][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 133.200690][ C0] RIP: 0010:__sanitizer_cov_trace_const_cmp4+0x37/0x90
[ 133.207524][ C0] Code: 08 40 ba 92 65 8b 0d 38 6d f8 10 81 e1 00 01 ff 00 74 11 81 f9 00 01 00 00 75 5b 83 ba 84 16 00 00 00 74 52 8b 8a 60 16 00 00 <83> f9 03 75 47 48 8b 8a 68 16 00 00 44 8b 8a 64 16 00 00 49 c1 e1
[ 133.227123][ C0] RSP: 0018:ffffc900000e75d8 EFLAGS: 00000246
[ 133.233209][ C0] RAX: ffffffff8a10ccc4 RBX: 0000000000000000 RCX: 0000000000000000
[ 133.241163][ C0] RDX: ffff88801d690000 RSI: 0000000000000000 RDI: 0000000000000000
[ 133.249119][ C0] RBP: ffffc900000e7718 R08: 0000000000000000 R09: ffffffff8a1d7dde
[ 133.257071][ C0] R10: 00000000fffffff5 R11: 0000000000000000 R12: 0000000000000060
[ 133.265026][ C0] R13: ffff88807d898460 R14: 1ffff1100fb1308c R15: ffff8880325d5280
[ 133.272985][ C0] ? ipv6_chk_mcast_addr+0x2e/0x860
[ 133.278172][ C0] ? ip6_finish_output2+0x7e4/0x1480
[ 133.283440][ C0] ip6_finish_output2+0x7e4/0x1480
[ 133.288536][ C0] ? __pfx_ip6_finish_output2+0x10/0x10
[ 133.294066][ C0] ? ip6_mtu+0x7d/0x490
[ 133.298205][ C0] ? ip6_mtu+0x38c/0x490
[ 133.302445][ C0] ? ip6_finish_output+0x2ef/0x4e0
[ 133.307649][ C0] ? ip6_output+0x126/0x550
[ 133.312146][ C0] ip6_output+0x340/0x550
[ 133.316462][ C0] NF_HOOK+0x9e/0x380
[ 133.320429][ C0] ? NF_HOOK+0x101/0x380
[ 133.324654][ C0] ? __pfx_NF_HOOK+0x10/0x10
[ 133.329233][ C0] ? __pfx_dst_output+0x10/0x10
[ 133.334067][ C0] ? icmp6_dst_alloc+0x3a5/0x420
[ 133.339070][ C0] ? icmp6_dst_alloc+0x3a5/0x420
[ 133.343987][ C0] mld_sendpack+0x8d4/0xe60
[ 133.348477][ C0] ? mld_sendpack+0x1e7/0xe60
[ 133.353139][ C0] ? __pfx_mld_sendpack+0x10/0x10
[ 133.358581][ C0] ? mld_send_initial_cr+0x352/0x550
[ 133.364022][ C0] mld_dad_work+0x46/0x490
[ 133.368428][ C0] ? process_one_work+0x868/0x15d0
[ 133.373517][ C0] process_one_work+0x94a/0x15d0
[ 133.378441][ C0] ? __lock_acquire+0xab9/0xd20
[ 133.383276][ C0] ? __pfx_process_one_work+0x10/0x10
[ 133.388628][ C0] ? assign_work+0x3a1/0x410
[ 133.393203][ C0] worker_thread+0x9b0/0xee0
[ 133.397782][ C0] kthread+0x711/0x8a0
[ 133.401836][ C0] ? __pfx_worker_thread+0x10/0x10
[ 133.406930][ C0] ? __pfx_kthread+0x10/0x10
[ 133.411503][ C0] ? _raw_spin_unlock_irq+0x23/0x50
[ 133.416681][ C0] ? lockdep_hardirqs_on+0x9c/0x150
[ 133.421867][ C0] ? __pfx_kthread+0x10/0x10
[ 133.426451][ C0] ret_from_fork+0x599/0xb30
[ 133.431048][ C0] ? __pfx_ret_from_fork+0x10/0x10
[ 133.436164][ C0] ? __switch_to_asm+0x39/0x70
[ 133.440921][ C0] ? __switch_to_asm+0x33/0x70
[ 133.445764][ C0] ? __pfx_kthread+0x10/0x10
[ 133.450341][ C0] ret_from_fork_asm+0x1a/0x30
[ 133.455095][ C0]
[ 133.458369][ C0] Kernel Offset: disabled
[ 133.462674][ C0] Rebooting in 86400 seconds..