Warning: Permanently added '[localhost]:41414' (ED25519) to the list of known hosts.
2025/01/10 07:55:05 ignoring optional flag "sandboxArg"="0"
2025/01/10 07:55:05 ignoring optional flag "type"="qemu"
2025/01/10 07:55:05 parsed 1 programs
[   56.646229][   T39] audit: type=1400 audit(1736495705.885:121): avc:  denied  { getattr } for  pid=6046 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   56.655648][   T39] audit: type=1400 audit(1736495705.885:122): avc:  denied  { read } for  pid=6046 comm="syz-execprog" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   56.662702][   T39] audit: type=1400 audit(1736495705.885:123): avc:  denied  { open } for  pid=6046 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   56.663864][ T6052] cgroup: Unknown subsys name 'net'
[   56.671556][   T39] audit: type=1400 audit(1736495705.905:124): avc:  denied  { mounton } for  pid=6052 comm="syz-executor" path="/syzcgroup/unified" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[   56.674216][ T6052] cgroup: Unknown subsys name 'cpuset'
[   56.683846][ T6052] cgroup: Unknown subsys name 'rlimit'
2025/01/10 07:55:05 executed programs: 0
[   57.764668][ T5287] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   57.767549][ T5287] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   57.770409][ T5287] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   57.773194][ T5287] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   57.775636][ T5287] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   57.777896][ T5287] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   57.782468][   T39] audit: type=1400 audit(1736495707.025:125): avc:  denied  { mounton } for  pid=6057 comm="syz-executor.0" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   57.827109][ T6057] chnl_net:caif_netlink_parms(): no params data found
[   57.908190][ T6057] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.911312][ T6057] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.914390][ T6057] bridge_slave_0: entered allmulticast mode
[   57.917592][ T6057] bridge_slave_0: entered promiscuous mode
[   57.921418][ T6057] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.924201][ T6057] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.926854][ T6057] bridge_slave_1: entered allmulticast mode
[   57.929901][ T6057] bridge_slave_1: entered promiscuous mode
[   57.962683][ T6057] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.966464][ T6057] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.987566][ T6057] team0: Port device team_slave_0 added
[   57.990543][ T6057] team0: Port device team_slave_1 added
[   58.018840][ T6057] batman_adv: batadv0: Adding interface: batadv_slave_0
[   58.021431][ T6057] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.031367][ T6057] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   58.035740][ T6057] batman_adv: batadv0: Adding interface: batadv_slave_1
[   58.037818][ T6057] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.047795][ T6057] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   58.077215][ T6057] hsr_slave_0: entered promiscuous mode
[   58.079291][ T6057] hsr_slave_1: entered promiscuous mode
[   58.131324][ T6057] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.133263][ T6057] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.135286][ T6057] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.137740][ T6057] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.158099][ T6057] 8021q: adding VLAN 0 to HW filter on device bond0
[   58.165345][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.169190][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.178600][ T6057] 8021q: adding VLAN 0 to HW filter on device team0
[   58.184291][ T1140] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.186344][ T1140] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.191080][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.193114][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.229953][ T6057] 8021q: adding VLAN 0 to HW filter on device batadv0
[   58.422584][ T6057] veth0_vlan: entered promiscuous mode
[   58.427065][ T6057] veth1_vlan: entered promiscuous mode
[   58.439468][ T6057] veth0_macvtap: entered promiscuous mode
[   58.443196][ T6057] veth1_macvtap: entered promiscuous mode
[   58.450764][ T6057] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.456768][ T6057] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.484485][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.487687][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.502228][ T1140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.504744][ T1140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.511386][   T39] audit: type=1400 audit(1736495707.755:126): avc:  denied  { mounton } for  pid=6057 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=2774 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   58.535478][   T39] audit: type=1400 audit(1736495707.775:127): avc:  denied  { write } for  pid=6079 comm="syz-executor.0" name="raw-gadget" dev="devtmpfs" ino=849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   58.542811][   T39] audit: type=1400 audit(1736495707.775:128): avc:  denied  { ioctl } for  pid=6079 comm="syz-executor.0" path="/dev/raw-gadget" dev="devtmpfs" ino=849 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   58.769766][ T3306] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   58.932831][ T3306] usb 5-1: config 0 has an invalid interface number: 130 but max is 0
[   58.935456][ T3306] usb 5-1: config 0 has no interface number 0
[   58.937284][ T3306] usb 5-1: config 0 interface 130 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   58.940543][ T3306] usb 5-1: New USB device found, idVendor=2040, idProduct=8265, bcdDevice=f3.4a
[   58.943561][ T3306] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   58.947881][ T3306] usb 5-1: config 0 descriptor??
[   58.952307][ T3306] em28xx 5-1:0.130: New device   @ 480 Mbps (2040:8265, interface 130, class 130)
[   58.955111][ T3306] em28xx 5-1:0.130: Audio interface 130 found (Vendor Class)
[   59.210211][ T3306] em28xx 5-1:0.130: unknown em28xx chip ID (0)
[   59.212581][ T3306] em28xx 5-1:0.130: Config register raw data: 0xfffffffb
[   59.214828][ T3306] em28xx 5-1:0.130: AC97 chip type couldn't be determined
[   59.217019][ T3306] em28xx 5-1:0.130: No AC97 audio processor
[   59.218749][ T3306] em28xx 5-1:0.130: We currently don't support analog TV or stream capture on dual tuners.
[   59.248853][   T39] audit: type=1400 audit(1736495708.485:129): avc:  denied  { search } for  pid=6082 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   59.256646][   T39] audit: type=1400 audit(1736495708.485:130): avc:  denied  { read } for  pid=6083 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=1768 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   59.283877][ T3306] em28xx 5-1:0.130: unknown em28xx chip ID (0)
[   59.286071][ T3306] em28xx 5-1:0.130: Config register raw data: 0xfffffffb
[   59.289850][ T3306] em28xx 5-1:0.130: AC97 chip type couldn't be determined
[   59.292716][ T3306] em28xx 5-1:0.130: No AC97 audio processor
[   59.503190][ T3306] usb 5-1: USB disconnect, device number 2
[   59.505721][ T3306] em28xx 5-1:0.130: Disconnecting em28xx #1
[   59.507501][ T3306] em28xx 5-1:0.130: Disconnecting em28xx
[   59.512464][ T3306] em28xx 5-1:0.130: Freeing device
[   59.514103][ T3306] em28xx 5-1:0.130: Freeing device
[   59.840784][ T5287] Bluetooth: hci0: command tx timeout
[   60.000383][ T3306] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   60.151718][ T3306] usb 5-1: config 0 has an invalid interface number: 130 but max is 0
[   60.154123][ T3306] usb 5-1: config 0 has no interface number 0
[   60.155883][ T3306] usb 5-1: config 0 interface 130 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   60.159607][ T3306] usb 5-1: New USB device found, idVendor=2040, idProduct=8265, bcdDevice=f3.4a
[   60.163155][ T3306] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   60.166791][ T3306] usb 5-1: config 0 descriptor??
[   60.171439][ T3306] em28xx 5-1:0.130: New device   @ 480 Mbps (2040:8265, interface 130, class 130)
[   60.174926][ T3306] em28xx 5-1:0.130: Audio interface 130 found (Vendor Class)
[   60.430128][ T3306] em28xx 5-1:0.130: unknown em28xx chip ID (0)
[   60.432447][ T3306] em28xx 5-1:0.130: Config register raw data: 0xfffffffb
[   60.435041][ T3306] em28xx 5-1:0.130: AC97 chip type couldn't be determined
[   60.437271][ T3306] em28xx 5-1:0.130: No AC97 audio processor
[   60.439163][ T3306] ==================================================================
[   60.441523][ T3306] BUG: KASAN: slab-use-after-free in __list_add_valid_or_report+0xe4/0x100
[   60.444065][ T3306] Read of size 8 at addr ffff888035d88250 by task kworker/3:2/3306
[   60.448056][ T3306] 
[   60.448776][ T3306] CPU: 3 UID: 0 PID: 3306 Comm: kworker/3:2 Not tainted 6.13.0-rc6-syzkaller-g2144da25584e #0
[   60.451731][ T3306] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   60.455339][ T3306] Workqueue: usb_hub_wq hub_event
[   60.456839][ T3306] Call Trace:
[   60.457855][ T3306]  <TASK>
[   60.458753][ T3306]  dump_stack_lvl+0x116/0x1f0
[   60.460224][ T3306]  print_report+0xc3/0x620
[   60.461574][ T3306]  ? __virt_addr_valid+0x5e/0x590
[   60.463075][ T3306]  ? __phys_addr+0xc6/0x150
[   60.464466][ T3306]  kasan_report+0xd9/0x110
[   60.465792][ T3306]  ? __list_add_valid_or_report+0xe4/0x100
[   60.467505][ T3306]  ? __list_add_valid_or_report+0xe4/0x100
[   60.469280][ T3306]  __list_add_valid_or_report+0xe4/0x100
[   60.470961][ T3306]  em28xx_init_extension+0x48/0x200
[   60.472534][ T3306]  em28xx_init_dev.constprop.0+0x197b/0x3090
[   60.474364][ T3306]  ? __pfx_em28xx_init_dev.constprop.0+0x10/0x10
[   60.476214][ T3306]  ? lockdep_init_map_type+0x16d/0x7d0
[   60.477851][ T3306]  ? lockdep_init_map_type+0x16d/0x7d0
[   60.479469][ T3306]  ? __raw_spin_lock_init+0x3a/0x110
[   60.481072][ T3306]  em28xx_usb_probe+0x1262/0x3720
[   60.482572][ T3306]  usb_probe_interface+0x300/0x9c0
[   60.484110][ T3306]  ? __pfx_usb_probe_interface+0x10/0x10
[   60.485979][ T3306]  really_probe+0x23e/0xa90
[   60.487329][ T3306]  __driver_probe_device+0x1de/0x440
[   60.488870][ T3306]  driver_probe_device+0x4c/0x1b0
[   60.490354][ T3306]  __device_attach_driver+0x1df/0x310
[   60.491958][ T3306]  ? __pfx___device_attach_driver+0x10/0x10
[   60.493683][ T3306]  bus_for_each_drv+0x157/0x1e0
[   60.495200][ T3306]  ? __pfx_bus_for_each_drv+0x10/0x10
[   60.496763][ T3306]  ? lockdep_hardirqs_on+0x7c/0x110
[   60.498344][ T3306]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[   60.500086][ T3306]  __device_attach+0x1e8/0x4b0
[   60.501524][ T3306]  ? __pfx___device_attach+0x10/0x10
[   60.503104][ T3306]  ? do_raw_spin_unlock+0x172/0x230
[   60.504650][ T3306]  bus_probe_device+0x17f/0x1c0
[   60.506142][ T3306]  device_add+0x114b/0x1a70
[   60.507501][ T3306]  ? __pfx_device_add+0x10/0x10
[   60.508980][ T3306]  ? mark_held_locks+0x9f/0xe0
[   60.510404][ T3306]  usb_set_configuration+0x10cb/0x1c50
[   60.512060][ T3306]  ? __pfx_usb_generic_driver_probe+0x10/0x10
[   60.513851][ T3306]  usb_generic_driver_probe+0xb1/0x110
[   60.515738][ T3306]  usb_probe_device+0xec/0x3e0
[   60.517293][ T3306]  ? __pfx_usb_probe_device+0x10/0x10
[   60.518909][ T3306]  really_probe+0x23e/0xa90
[   60.520237][ T3306]  __driver_probe_device+0x1de/0x440
[   60.521792][ T3306]  ? usb_driver_applicable+0x1c7/0x220
[   60.523389][ T3306]  driver_probe_device+0x4c/0x1b0
[   60.524799][ T3306]  __device_attach_driver+0x1df/0x310
[   60.526343][ T3306]  ? __pfx___device_attach_driver+0x10/0x10
[   60.527994][ T3306]  bus_for_each_drv+0x157/0x1e0
[   60.529417][ T3306]  ? __pfx_bus_for_each_drv+0x10/0x10
[   60.530908][ T3306]  ? lockdep_hardirqs_on+0x7c/0x110
[   60.532482][ T3306]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[   60.534150][ T3306]  __device_attach+0x1e8/0x4b0
[   60.535467][ T3306]  ? __pfx___device_attach+0x10/0x10
[   60.536912][ T3306]  ? do_raw_spin_unlock+0x172/0x230
[   60.538427][ T3306]  bus_probe_device+0x17f/0x1c0
[   60.539915][ T3306]  device_add+0x114b/0x1a70
[   60.541313][ T3306]  ? __pfx_device_add+0x10/0x10
[   60.542737][ T3306]  ? usb_detect_static_quirks+0x335/0x3e0
[   60.544558][ T3306]  usb_new_device+0xd90/0x1a10
[   60.546135][ T3306]  ? __pfx_usb_new_device+0x10/0x10
[   60.547704][ T3306]  hub_event+0x2d9a/0x4e10
[   60.549064][ T3306]  ? __pfx_hub_event+0x10/0x10
[   60.550486][ T3306]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   60.552175][ T3306]  ? rcu_is_watching+0x12/0xc0
[   60.553589][ T3306]  ? trace_lock_acquire+0x14e/0x1f0
[   60.555236][ T3306]  ? process_one_work+0x921/0x1ba0
[   60.556695][ T3306]  ? lock_acquire+0x2f/0xb0
[   60.557976][ T3306]  ? process_one_work+0x921/0x1ba0
[   60.559411][ T3306]  process_one_work+0x9c5/0x1ba0
[   60.560767][ T3306]  ? __pfx_hub_event+0x10/0x10
[   60.562087][ T3306]  ? __pfx_process_one_work+0x10/0x10
[   60.563478][ T3306]  ? rcu_is_watching+0x12/0xc0
[   60.565081][ T3306]  ? assign_work+0x1a0/0x250
[   60.566359][ T3306]  worker_thread+0x6c8/0xf00
[   60.567690][ T3306]  ? __kthread_parkme+0x148/0x220
[   60.569185][ T3306]  ? __pfx_worker_thread+0x10/0x10
[   60.570698][ T3306]  kthread+0x2c1/0x3a0
[   60.571895][ T3306]  ? _raw_spin_unlock_irq+0x23/0x50
[   60.573321][ T3306]  ? __pfx_kthread+0x10/0x10
[   60.574754][ T3306]  ret_from_fork+0x45/0x80
[   60.576005][ T3306]  ? __pfx_kthread+0x10/0x10
[   60.577245][ T3306]  ret_from_fork_asm+0x1a/0x30
[   60.578573][ T3306]  </TASK>
[   60.579486][ T3306] 
[   60.580160][ T3306] Allocated by task 1140:
[   60.581431][ T3306]  kasan_save_stack+0x33/0x60
[   60.582776][ T3306]  kasan_save_track+0x14/0x30
[   60.584178][ T3306]  __kasan_slab_alloc+0x89/0x90
[   60.585789][ T3306]  kmem_cache_alloc_node_noprof+0x223/0x3c0
[   60.587488][ T3306]  kmalloc_reserve+0x18b/0x2c0
[   60.588880][ T3306]  __alloc_skb+0x164/0x380
[   60.590334][ T3306]  __ipv6_ifa_notify+0x1fb/0xe20
[   60.591793][ T3306]  addrconf_dad_completed+0x19d/0x1060
[   60.593359][ T3306]  addrconf_dad_work+0x7fb/0x14d0
[   60.594841][ T3306]  process_one_work+0x9c5/0x1ba0
[   60.596273][ T3306]  worker_thread+0x6c8/0xf00
[   60.597946][ T3306]  kthread+0x2c1/0x3a0
[   60.599384][ T3306]  ret_from_fork+0x45/0x80
[   60.600668][ T3306]  ret_from_fork_asm+0x1a/0x30
[   60.602093][ T3306] 
[   60.602785][ T3306] Freed by task 1140:
[   60.603970][ T3306]  kasan_save_stack+0x33/0x60
[   60.605575][ T3306]  kasan_save_track+0x14/0x30
[   60.606934][ T3306]  kasan_save_free_info+0x3b/0x60
[   60.608381][ T3306]  __kasan_slab_free+0x51/0x70
[   60.609771][ T3306]  kmem_cache_free+0x152/0x4c0
[   60.611177][ T3306]  skb_free_head+0x18a/0x1d0
[   60.612522][ T3306]  skb_release_data+0x560/0x730
[   60.613944][ T3306]  consume_skb+0xbf/0x100
[   60.615236][ T3306]  netlink_broadcast_filtered+0x3d5/0xef0
[   60.616856][ T3306]  nlmsg_notify+0x9e/0x220
[   60.618156][ T3306]  __ipv6_ifa_notify+0x26b/0xe20
[   60.619492][ T3306]  addrconf_dad_completed+0x19d/0x1060
[   60.620907][ T3306]  addrconf_dad_work+0x7fb/0x14d0
[   60.622274][ T3306]  process_one_work+0x9c5/0x1ba0
[   60.623691][ T3306]  worker_thread+0x6c8/0xf00
[   60.625274][ T3306]  kthread+0x2c1/0x3a0
[   60.626451][ T3306]  ret_from_fork+0x45/0x80
[   60.627730][ T3306]  ret_from_fork_asm+0x1a/0x30
[   60.629107][ T3306] 
[   60.629810][ T3306] The buggy address belongs to the object at ffff888035d88000
[   60.629810][ T3306]  which belongs to the cache skbuff_small_head of size 640
[   60.633916][ T3306] The buggy address is located 592 bytes inside of
[   60.633916][ T3306]  freed 640-byte region [ffff888035d88000, ffff888035d88280)
[   60.637811][ T3306] 
[   60.638499][ T3306] The buggy address belongs to the physical page:
[   60.640327][ T3306] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x35d88
[   60.642801][ T3306] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   60.645436][ T3306] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   60.647567][ T3306] page_type: f5(slab)
[   60.648716][ T3306] raw: 00fff00000000040 ffff88801e2eaa00 dead000000000122 0000000000000000
[   60.651171][ T3306] raw: 0000000000000000 0000000000150015 00000001f5000000 0000000000000000
[   60.653611][ T3306] head: 00fff00000000040 ffff88801e2eaa00 dead000000000122 0000000000000000
[   60.656226][ T3306] head: 0000000000000000 0000000000150015 00000001f5000000 0000000000000000
[   60.658666][ T3306] head: 00fff00000000002 ffffea0000d76201 ffffffffffffffff 0000000000000000
[   60.661155][ T3306] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   60.663585][ T3306] page dumped because: kasan: bad access detected
[   60.665582][ T3306] page_owner tracks the page as allocated
[   60.667207][ T3306] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1140, tgid 1140 (kworker/u32:7), ts 59611139103, free_ts 59518034478
[   60.673031][ T3306]  post_alloc_hook+0x2d1/0x350
[   60.674432][ T3306]  get_page_from_freelist+0xfce/0x2f80
[   60.675992][ T3306]  __alloc_pages_noprof+0x223/0x25b0
[   60.677500][ T3306]  alloc_pages_mpol_noprof+0x2c9/0x610
[   60.679070][ T3306]  new_slab+0x2c9/0x410
[   60.680261][ T3306]  ___slab_alloc+0xd7d/0x17a0
[   60.681621][ T3306]  __slab_alloc.constprop.0+0x56/0xb0
[   60.683148][ T3306]  kmem_cache_alloc_node_noprof+0xfc/0x3c0
[   60.684997][ T3306]  kmalloc_reserve+0x18b/0x2c0
[   60.686388][ T3306]  __alloc_skb+0x164/0x380
[   60.687668][ T3306]  __ipv6_ifa_notify+0x1fb/0xe20
[   60.689111][ T3306]  addrconf_dad_completed+0x19d/0x1060
[   60.690665][ T3306]  addrconf_dad_work+0x7fb/0x14d0
[   60.692111][ T3306]  process_one_work+0x9c5/0x1ba0
[   60.693536][ T3306]  worker_thread+0x6c8/0xf00
[   60.694906][ T3306]  kthread+0x2c1/0x3a0
[   60.696079][ T3306] page last free pid 3306 tgid 3306 stack trace:
[   60.697996][ T3306]  free_unref_page+0x661/0x1080
[   60.699497][ T3306]  stack_depot_save_flags+0x30e/0x9c0
[   60.701076][ T3306]  kasan_save_stack+0x42/0x60
[   60.702460][ T3306]  kasan_save_track+0x14/0x30
[   60.703800][ T3306]  __kasan_kmalloc+0xaa/0xb0
[   60.705167][ T3306]  kobject_uevent_env+0x265/0x1870
[   60.706663][ T3306]  device_release_driver_internal+0x51b/0x610
[   60.708378][ T3306]  bus_remove_device+0x22f/0x420
[   60.709814][ T3306]  device_del+0x396/0x9f0
[   60.711075][ T3306]  usb_disconnect+0x58b/0x920
[   60.712475][ T3306]  hub_event+0x1da5/0x4e10
[   60.713771][ T3306]  process_one_work+0x9c5/0x1ba0
[   60.715300][ T3306]  worker_thread+0x6c8/0xf00
[   60.716669][ T3306]  kthread+0x2c1/0x3a0
[   60.717891][ T3306]  ret_from_fork+0x45/0x80
[   60.719272][ T3306]  ret_from_fork_asm+0x1a/0x30
[   60.720700][ T3306] 
[   60.721441][ T3306] Memory state around the buggy address:
[   60.723074][ T3306]  ffff888035d88100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.726139][ T3306]  ffff888035d88180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.729309][ T3306] >ffff888035d88200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.732498][ T3306]                                                  ^
[   60.735127][ T3306]  ffff888035d88280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   60.738274][ T3306]  ffff888035d88300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.741430][ T3306] ==================================================================
[   60.748041][ T3306] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   60.750967][ T3306] CPU: 3 UID: 0 PID: 3306 Comm: kworker/3:2 Not tainted 6.13.0-rc6-syzkaller-g2144da25584e #0
[   60.754970][ T3306] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   60.759172][ T3306] Workqueue: usb_hub_wq hub_event
[   60.761211][ T3306] Call Trace:
[   60.762561][ T3306]  <TASK>
[   60.763746][ T3306]  dump_stack_lvl+0x3d/0x1f0
[   60.765632][ T3306]  panic+0x71d/0x800
[   60.766870][ T3306]  ? __pfx_panic+0x10/0x10
[   60.768185][ T3306]  ? irqentry_exit+0x3b/0x90
[   60.769535][ T3306]  ? lockdep_hardirqs_on+0x7c/0x110
[   60.771030][ T3306]  ? preempt_schedule_thunk+0x1a/0x30
[   60.772578][ T3306]  ? preempt_schedule_common+0x44/0xc0
[   60.774197][ T3306]  ? check_panic_on_warn+0x1f/0xb0
[   60.775712][ T3306]  check_panic_on_warn+0xab/0xb0
[   60.777124][ T3306]  end_report+0x117/0x180
[   60.778368][ T3306]  kasan_report+0xe9/0x110
[   60.779668][ T3306]  ? __list_add_valid_or_report+0xe4/0x100
[   60.781349][ T3306]  ? __list_add_valid_or_report+0xe4/0x100
[   60.783010][ T3306]  __list_add_valid_or_report+0xe4/0x100
[   60.784813][ T3306]  em28xx_init_extension+0x48/0x200
[   60.786864][ T3306]  em28xx_init_dev.constprop.0+0x197b/0x3090
[   60.789228][ T3306]  ? __pfx_em28xx_init_dev.constprop.0+0x10/0x10
[   60.791261][ T3306]  ? lockdep_init_map_type+0x16d/0x7d0
[   60.792780][ T3306]  ? lockdep_init_map_type+0x16d/0x7d0
[   60.794307][ T3306]  ? __raw_spin_lock_init+0x3a/0x110
[   60.795941][ T3306]  em28xx_usb_probe+0x1262/0x3720
[   60.797407][ T3306]  usb_probe_interface+0x300/0x9c0
[   60.798797][ T3306]  ? __pfx_usb_probe_interface+0x10/0x10
[   60.800368][ T3306]  really_probe+0x23e/0xa90
[   60.801638][ T3306]  __driver_probe_device+0x1de/0x440
[   60.803119][ T3306]  driver_probe_device+0x4c/0x1b0
[   60.804740][ T3306]  __device_attach_driver+0x1df/0x310
[   60.806601][ T3306]  ? __pfx___device_attach_driver+0x10/0x10
[   60.808235][ T3306]  bus_for_each_drv+0x157/0x1e0
[   60.809586][ T3306]  ? __pfx_bus_for_each_drv+0x10/0x10
[   60.811046][ T3306]  ? lockdep_hardirqs_on+0x7c/0x110
[   60.812512][ T3306]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[   60.814087][ T3306]  __device_attach+0x1e8/0x4b0
[   60.815366][ T3306]  ? __pfx___device_attach+0x10/0x10
[   60.816729][ T3306]  ? do_raw_spin_unlock+0x172/0x230
[   60.818148][ T3306]  bus_probe_device+0x17f/0x1c0
[   60.819495][ T3306]  device_add+0x114b/0x1a70
[   60.820708][ T3306]  ? __pfx_device_add+0x10/0x10
[   60.822090][ T3306]  ? mark_held_locks+0x9f/0xe0
[   60.823388][ T3306]  usb_set_configuration+0x10cb/0x1c50
[   60.824887][ T3306]  ? __pfx_usb_generic_driver_probe+0x10/0x10
[   60.826555][ T3306]  usb_generic_driver_probe+0xb1/0x110
[   60.828030][ T3306]  usb_probe_device+0xec/0x3e0
[   60.829473][ T3306]  ? __pfx_usb_probe_device+0x10/0x10
[   60.831449][ T3306]  really_probe+0x23e/0xa90
[   60.833157][ T3306]  __driver_probe_device+0x1de/0x440
[   60.834852][ T3306]  ? usb_driver_applicable+0x1c7/0x220
[   60.836385][ T3306]  driver_probe_device+0x4c/0x1b0
[   60.838232][ T3306]  __device_attach_driver+0x1df/0x310
[   60.840384][ T3306]  ? __pfx___device_attach_driver+0x10/0x10
[   60.842612][ T3306]  bus_for_each_drv+0x157/0x1e0
[   60.844447][ T3306]  ? __pfx_bus_for_each_drv+0x10/0x10
[   60.846414][ T3306]  ? lockdep_hardirqs_on+0x7c/0x110
[   60.848421][ T3306]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[   60.850384][ T3306]  __device_attach+0x1e8/0x4b0
[   60.852098][ T3306]  ? __pfx___device_attach+0x10/0x10
[   60.853998][ T3306]  ? do_raw_spin_unlock+0x172/0x230
[   60.855546][ T3306]  bus_probe_device+0x17f/0x1c0
[   60.856898][ T3306]  device_add+0x114b/0x1a70
[   60.858155][ T3306]  ? __pfx_device_add+0x10/0x10
[   60.859493][ T3306]  ? usb_detect_static_quirks+0x335/0x3e0
[   60.861380][ T3306]  usb_new_device+0xd90/0x1a10
[   60.863185][ T3306]  ? __pfx_usb_new_device+0x10/0x10
[   60.865092][ T3306]  hub_event+0x2d9a/0x4e10
[   60.866338][ T3306]  ? __pfx_hub_event+0x10/0x10
[   60.867620][ T3306]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   60.869193][ T3306]  ? rcu_is_watching+0x12/0xc0
[   60.870499][ T3306]  ? trace_lock_acquire+0x14e/0x1f0
[   60.871992][ T3306]  ? process_one_work+0x921/0x1ba0
[   60.873386][ T3306]  ? lock_acquire+0x2f/0xb0
[   60.874953][ T3306]  ? process_one_work+0x921/0x1ba0
[   60.876878][ T3306]  process_one_work+0x9c5/0x1ba0
[   60.878345][ T3306]  ? __pfx_hub_event+0x10/0x10
[   60.880068][ T3306]  ? __pfx_process_one_work+0x10/0x10
[   60.882041][ T3306]  ? rcu_is_watching+0x12/0xc0
[   60.883825][ T3306]  ? assign_work+0x1a0/0x250
[   60.885557][ T3306]  worker_thread+0x6c8/0xf00
[   60.887295][ T3306]  ? __kthread_parkme+0x148/0x220
[   60.889199][ T3306]  ? __pfx_worker_thread+0x10/0x10
[   60.891133][ T3306]  kthread+0x2c1/0x3a0
[   60.892703][ T3306]  ? _raw_spin_unlock_irq+0x23/0x50
[   60.894692][ T3306]  ? __pfx_kthread+0x10/0x10
[   60.896384][ T3306]  ret_from_fork+0x45/0x80
[   60.897900][ T3306]  ? __pfx_kthread+0x10/0x10
[   60.899679][ T3306]  ret_from_fork_asm+0x1a/0x30
[   60.901210][ T3306]  </TASK>
[   60.902637][ T3306] Kernel Offset: disabled
[   60.903885][ T3306] Rebooting in 86400 seconds..