Warning: Permanently added '10.128.1.197' (ED25519) to the list of known hosts.
2025/09/23 11:56:03 parsed 1 programs
[ 91.056777][ T4640] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 92.560200][ T4259] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 92.568496][ T4259] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 92.579110][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 92.598264][ T4259] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 92.607358][ T4259] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 92.618863][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 92.829779][ T4667] chnl_net:caif_netlink_parms(): no params data found
[ 92.871468][ T4667] bridge0: port 1(bridge_slave_0) entered blocking state
[ 92.879490][ T4667] bridge0: port 1(bridge_slave_0) entered disabled state
[ 92.888647][ T4667] device bridge_slave_0 entered promiscuous mode
[ 92.899793][ T4667] bridge0: port 2(bridge_slave_1) entered blocking state
[ 92.907426][ T4667] bridge0: port 2(bridge_slave_1) entered disabled state
[ 92.915964][ T4667] device bridge_slave_1 entered promiscuous mode
[ 92.935591][ T4667] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 92.949600][ T4667] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 92.973722][ T4667] team0: Port device team_slave_0 added
[ 92.981839][ T4667] team0: Port device team_slave_1 added
[ 92.998187][ T4667] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 93.005946][ T4667] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 93.034267][ T4667] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 93.048041][ T4667] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 93.055745][ T4667] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 93.084611][ T4667] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 93.125436][ T4667] device hsr_slave_0 entered promiscuous mode
[ 93.133036][ T4667] device hsr_slave_1 entered promiscuous mode
[ 93.715045][ T4667] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 93.736162][ T4667] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 93.756565][ T4667] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 93.777083][ T4667] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 93.966046][ T4667] 8021q: adding VLAN 0 to HW filter on device bond0
[ 93.989594][ T1158] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 93.999943][ T1158] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 94.011290][ T4667] 8021q: adding VLAN 0 to HW filter on device team0
[ 94.024241][ T1158] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 94.034930][ T1158] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 94.045030][ T1158] bridge0: port 1(bridge_slave_0) entered blocking state
[ 94.052921][ T1158] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 94.073849][ T1158] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 94.083475][ T1158] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 94.093121][ T1158] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 94.105691][ T1158] bridge0: port 2(bridge_slave_1) entered blocking state
[ 94.113650][ T1158] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 94.123245][ T1158] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 94.133050][ T1158] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 94.163234][ T1158] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 94.182181][ T1158] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 94.201553][ T1158] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 94.211340][ T1158] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 94.221020][ T1158] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 94.231511][ T1158] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 94.241036][ T1158] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 94.251004][ T1158] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 94.263040][ T4667] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 94.273720][ T1158] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 94.414401][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 94.422247][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 94.437217][ T4667] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 94.458887][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 94.478675][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 94.534611][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 94.546858][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 94.558331][ T4667] device veth0_vlan entered promiscuous mode
[ 94.566876][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 94.583936][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 94.598869][ T4667] device veth1_vlan entered promiscuous mode
[ 94.613001][ T1158] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 94.624706][ T1158] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 94.644792][ T1158] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 94.654635][ T1158] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 94.668313][ T4667] device veth0_macvtap entered promiscuous mode
[ 94.678896][ T4667] device veth1_macvtap entered promiscuous mode
[ 94.708857][ T4667] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 94.717251][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 94.727602][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 94.736922][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 94.747079][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 94.761484][ T4667] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 94.779443][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 94.789635][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 94.801935][ T4667] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.812278][ T4667] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.821822][ T4667] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.832237][ T4667] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 97.454880][ T1277] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/09/23 11:56:12 executed programs: 0
[ 98.014702][ T4883] chnl_net:caif_netlink_parms(): no params data found
[ 98.075494][ T4883] bridge0: port 1(bridge_slave_0) entered blocking state
[ 98.083340][ T4883] bridge0: port 1(bridge_slave_0) entered disabled state
[ 98.091677][ T4883] device bridge_slave_0 entered promiscuous mode
[ 98.103543][ T4883] bridge0: port 2(bridge_slave_1) entered blocking state
[ 98.110906][ T4883] bridge0: port 2(bridge_slave_1) entered disabled state
[ 98.121563][ T4883] device bridge_slave_1 entered promiscuous mode
[ 98.151032][ T4883] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 98.163739][ T4883] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 98.194178][ T4883] team0: Port device team_slave_0 added
[ 98.203579][ T4883] team0: Port device team_slave_1 added
[ 98.228192][ T4883] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 98.236043][ T4883] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 98.263356][ T4883] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 98.276550][ T4883] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 98.285096][ T4883] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 98.315353][ T4883] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 98.353442][ T4883] device hsr_slave_0 entered promiscuous mode
[ 98.360914][ T4883] device hsr_slave_1 entered promiscuous mode
[ 98.368395][ T4883] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 98.376512][ T4883] Cannot create hsr debugfs directory
[ 99.278126][ T1277] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 99.328371][ T1277] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 99.390942][ T1277] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 99.922619][ T1107] Bluetooth: hci0: command 0x0409 tx timeout
[ 100.196070][ T4883] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 100.208131][ T4883] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 100.218734][ T4883] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 100.269875][ T4883] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 100.406341][ T4883] 8021q: adding VLAN 0 to HW filter on device bond0
[ 100.424264][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 100.433177][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 100.444018][ T4883] 8021q: adding VLAN 0 to HW filter on device team0
[ 100.456815][ T4259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 100.466631][ T4259] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 100.478480][ T4259] bridge0: port 1(bridge_slave_0) entered blocking state
[ 100.485895][ T4259] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 100.503546][ T4259] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 100.515247][ T4259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 100.526518][ T4259] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 100.539065][ T4259] bridge0: port 2(bridge_slave_1) entered blocking state
[ 100.546498][ T4259] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 100.557308][ T4259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 100.604767][ T4259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 100.617152][ T4259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 100.629658][ T4259] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 100.642795][ T4259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 100.652030][ T4259] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 100.670585][ T4883] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 100.683533][ T4883] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 100.702603][ T4259] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 100.714831][ T4259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 100.725557][ T4259] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 100.736068][ T4259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 100.745401][ T4259] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 100.754597][ T4259] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 100.932491][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 100.940689][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 100.957172][ T4883] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 100.978702][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 100.988058][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 101.016611][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 101.025792][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 101.036789][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 101.046235][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 101.059155][ T4883] device veth0_vlan entered promiscuous mode
[ 101.097446][ T4883] device veth1_vlan entered promiscuous mode
[ 101.121365][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 101.130398][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 101.140687][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 101.151228][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 101.164438][ T4883] device veth0_macvtap entered promiscuous mode
[ 101.176146][ T4883] device veth1_macvtap entered promiscuous mode
[ 101.220957][ T4883] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 101.233816][ T4883] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 101.245960][ T4883] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 101.254886][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 101.265041][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 101.273815][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 101.284309][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 101.295789][ T4883] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 101.307238][ T4883] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 101.320528][ T4883] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 101.329497][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 101.339080][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 101.363183][ T4883] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 101.372226][ T4883] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 101.381505][ T4883] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 101.391412][ T4883] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 101.408494][ T1277] device hsr_slave_0 left promiscuous mode
[ 101.415544][ T1277] device hsr_slave_1 left promiscuous mode
[ 101.423114][ T1277] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 101.431322][ T1277] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 101.440178][ T1277] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 101.448859][ T1277] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 101.458796][ T1277] device bridge_slave_1 left promiscuous mode
[ 101.465850][ T1277] bridge0: port 2(bridge_slave_1) entered disabled state
[ 101.476054][ T1277] device bridge_slave_0 left promiscuous mode
[ 101.482276][ T1277] bridge0: port 1(bridge_slave_0) entered disabled state
[ 101.494162][ T1277] device veth1_macvtap left promiscuous mode
[ 101.500695][ T1277] device veth0_macvtap left promiscuous mode
[ 101.507199][ T1277] device veth1_vlan left promiscuous mode
[ 101.513742][ T1277] device veth0_vlan left promiscuous mode
[ 101.651685][ T1277] team0 (unregistering): Port device team_slave_1 removed
[ 101.665630][ T1277] team0 (unregistering): Port device team_slave_0 removed
[ 101.678242][ T1277] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 101.693106][ T1277] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 101.743963][ T1277] bond0 (unregistering): Released all slaves
[ 101.848478][ T4259] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 101.859449][ T4259] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 101.877709][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 101.890156][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 101.898756][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 101.908646][ T1158] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 102.012897][ T4201] Bluetooth: hci0: command 0x041b tx timeout
[ 102.232447][ T1107] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 102.472452][ T1107] usb 1-1: Using ep0 maxpacket: 32
[ 102.592920][ T1107] usb 1-1: config 0 has an invalid interface number: 201 but max is 0
[ 102.601840][ T1107] usb 1-1: config 0 has no interface number 0
[ 102.763588][ T1107] usb 1-1: New USB device found, idVendor=0424, idProduct=c001, bcdDevice=c3.55
[ 102.774329][ T1107] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 102.784728][ T1107] usb 1-1: Product: syz
[ 102.788989][ T1107] usb 1-1: Manufacturer: syz
[ 102.795427][ T1107] usb 1-1: SerialNumber: syz
[ 102.813106][ T1107] usb 1-1: config 0 descriptor??
[ 103.058188][ T1107] usb 1-1: USB disconnect, device number 2
[ 103.066516][ T1107] ==================================================================
[ 103.075218][ T1107] BUG: KASAN: use-after-free in hdm_disconnect+0x109/0x1c0
[ 103.082777][ T1107] Read of size 8 at addr ffff888060b75960 by task kworker/1:2/1107
[ 103.090928][ T1107]
[ 103.093268][ T1107] CPU: 1 PID: 1107 Comm: kworker/1:2 Not tainted syzkaller #0
[ 103.101670][ T1107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 103.112414][ T1107] Workqueue: usb_hub_wq hub_event
[ 103.117677][ T1107] Call Trace:
[ 103.121166][ T1107]
[ 103.124329][ T1107] dump_stack_lvl+0x168/0x230
[ 103.129543][ T1107] ? show_regs_print_info+0x20/0x20
[ 103.135391][ T1107] ? load_image+0x3b0/0x3b0
[ 103.139975][ T1107] ? _raw_spin_lock_irqsave+0xb0/0xf0
[ 103.145804][ T1107] print_address_description+0x60/0x2d0
[ 103.151528][ T1107] ? hdm_disconnect+0x109/0x1c0
[ 103.156459][ T1107] kasan_report+0xdf/0x130
[ 103.161078][ T1107] ? hdm_disconnect+0x109/0x1c0
[ 103.166226][ T1107] hdm_disconnect+0x109/0x1c0
[ 103.170908][ T1107] usb_unbind_interface+0x1ee/0x860
[ 103.176371][ T1107] ? usb_driver_release_interface+0x1b0/0x1b0
[ 103.182909][ T1107] device_release_driver_internal+0x4b4/0x750
[ 103.190011][ T1107] bus_remove_device+0x2e2/0x400
[ 103.195132][ T1107] device_del+0x628/0xa70
[ 103.199720][ T1107] ? kill_device+0x160/0x160
[ 103.204900][ T1107] ? lock_chain_count+0x20/0x20
[ 103.209955][ T1107] ? mutex_lock_io_nested+0x60/0x60
[ 103.215747][ T1107] ? _raw_spin_lock_irq+0xab/0xe0
[ 103.221288][ T1107] usb_disable_device+0x3e2/0x890
[ 103.226426][ T1107] usb_disconnect+0x348/0x8a0
[ 103.231404][ T1107] hub_event+0x1e9f/0x5560
[ 103.235853][ T1107] ? hub_post_resume+0x120/0x120
[ 103.241128][ T1107] ? read_lock_is_recursive+0x10/0x10
[ 103.246883][ T1107] ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 103.253058][ T1107] ? _raw_spin_unlock+0x40/0x40
[ 103.258275][ T1107] ? _raw_spin_unlock_irq+0x1f/0x40
[ 103.263946][ T1107] process_one_work+0x863/0x1000
[ 103.269140][ T1107] ? worker_detach_from_pool+0x240/0x240
[ 103.274956][ T1107] ? lockdep_hardirqs_off+0x70/0x100
[ 103.280414][ T1107] ? _raw_spin_lock_irq+0xab/0xe0
[ 103.285731][ T1107] ? _raw_spin_lock_irqsave+0xf0/0xf0
[ 103.292052][ T1107] ? wq_worker_running+0x97/0x170
[ 103.297555][ T1107] worker_thread+0xaa8/0x12a0
[ 103.302340][ T1107] ? lockdep_hardirqs_on+0x94/0x140
[ 103.307732][ T1107] ? lockdep_hardirqs_on+0x94/0x140
[ 103.313116][ T1107] ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 103.319540][ T1107] kthread+0x436/0x520
[ 103.323876][ T1107] ? rcu_lock_release+0x20/0x20
[ 103.328827][ T1107] ? kthread_blkcg+0xd0/0xd0
[ 103.333685][ T1107] ret_from_fork+0x1f/0x30
[ 103.338726][ T1107]
[ 103.342124][ T1107]
[ 103.344480][ T1107] Allocated by task 1107:
[ 103.349196][ T1107] __kasan_kmalloc+0xb5/0xf0
[ 103.354288][ T1107] hdm_probe+0x8f/0x13d0
[ 103.358670][ T1107] usb_probe_interface+0x5a0/0xaf0
[ 103.364219][ T1107] really_probe+0x284/0xc80
[ 103.369402][ T1107] __driver_probe_device+0x18c/0x330
[ 103.374787][ T1107] driver_probe_device+0x4f/0x420
[ 103.379907][ T1107] __device_attach_driver+0x2b0/0x500
[ 103.385628][ T1107] bus_for_each_drv+0x175/0x200
[ 103.390567][ T1107] __device_attach+0x29b/0x460
[ 103.395734][ T1107] bus_probe_device+0xbc/0x1e0
[ 103.400599][ T1107] device_add+0xa00/0xfb0
[ 103.405047][ T1107] usb_set_configuration+0x1991/0x1fd0
[ 103.410934][ T1107] usb_generic_driver_probe+0x89/0x150
[ 103.416398][ T1107] usb_probe_device+0x139/0x270
[ 103.421359][ T1107] really_probe+0x284/0xc80
[ 103.425857][ T1107] __driver_probe_device+0x18c/0x330
[ 103.431239][ T1107] driver_probe_device+0x4f/0x420
[ 103.436251][ T1107] __device_attach_driver+0x2b0/0x500
[ 103.441796][ T1107] bus_for_each_drv+0x175/0x200
[ 103.446636][ T1107] __device_attach+0x29b/0x460
[ 103.451755][ T1107] bus_probe_device+0xbc/0x1e0
[ 103.456521][ T1107] device_add+0xa00/0xfb0
[ 103.461036][ T1107] usb_new_device+0xd53/0x1640
[ 103.466097][ T1107] hub_event+0x2dd9/0x5560
[ 103.471159][ T1107] process_one_work+0x863/0x1000
[ 103.476374][ T1107] worker_thread+0xaa8/0x12a0
[ 103.481105][ T1107] kthread+0x436/0x520
[ 103.485378][ T1107] ret_from_fork+0x1f/0x30
[ 103.489990][ T1107]
[ 103.492413][ T1107] Freed by task 1107:
[ 103.496551][ T1107] kasan_set_track+0x4b/0x70
[ 103.501540][ T1107] kasan_set_free_info+0x1f/0x40
[ 103.506801][ T1107] ____kasan_slab_free+0xd5/0x110
[ 103.511929][ T1107] slab_free_freelist_hook+0xea/0x170
[ 103.517599][ T1107] kfree+0xef/0x2a0
[ 103.522372][ T1107] device_release+0x92/0x1c0
[ 103.527170][ T1107] kobject_put+0x21d/0x460
[ 103.531774][ T1107] hdm_disconnect+0xef/0x1c0
[ 103.536371][ T1107] usb_unbind_interface+0x1ee/0x860
[ 103.541785][ T1107] device_release_driver_internal+0x4b4/0x750
[ 103.547951][ T1107] bus_remove_device+0x2e2/0x400
[ 103.552975][ T1107] device_del+0x628/0xa70
[ 103.557571][ T1107] usb_disable_device+0x3e2/0x890
[ 103.562584][ T1107] usb_disconnect+0x348/0x8a0
[ 103.567257][ T1107] hub_event+0x1e9f/0x5560
[ 103.571839][ T1107] process_one_work+0x863/0x1000
[ 103.576939][ T1107] worker_thread+0xaa8/0x12a0
[ 103.582095][ T1107] kthread+0x436/0x520
[ 103.586429][ T1107] ret_from_fork+0x1f/0x30
[ 103.591747][ T1107]
[ 103.594155][ T1107] The buggy address belongs to the object at ffff888060b74000
[ 103.594155][ T1107] which belongs to the cache kmalloc-8k of size 8192
[ 103.610148][ T1107] The buggy address is located 6496 bytes inside of
[ 103.610148][ T1107] 8192-byte region [ffff888060b74000, ffff888060b76000)
[ 103.624161][ T1107] The buggy address belongs to the page:
[ 103.629993][ T1107] page:ffffea000182dc00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x60b70
[ 103.640253][ T1107] head:ffffea000182dc00 order:3 compound_mapcount:0 compound_pincount:0
[ 103.649016][ T1107] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 103.657409][ T1107] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888016842280
[ 103.666382][ T1107] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000
[ 103.675135][ T1107] page dumped because: kasan: bad access detected
[ 103.681751][ T1107] page_owner tracks the page as allocated
[ 103.687732][ T1107] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 1107, ts 101927918451, free_ts 101912651185
[ 103.707230][ T1107] get_page_from_freelist+0x1b77/0x1c60
[ 103.712960][ T1107] __alloc_pages+0x1e1/0x470
[ 103.717951][ T1107] new_slab+0xc0/0x4b0
[ 103.722210][ T1107] ___slab_alloc+0x81e/0xdf0
[ 103.726898][ T1107] __kmalloc+0x1cd/0x330
[ 103.731815][ T1107] sta_info_alloc+0x84/0x1d00
[ 103.736890][ T1107] ieee80211_ibss_rx_no_sta+0x3e3/0x730
[ 103.743072][ T1107] ieee80211_prepare_and_rx_handle+0x33ce/0x5250
[ 103.749493][ T1107] ieee80211_rx_list+0x1ba1/0x2680
[ 103.754700][ T1107] ieee80211_rx_napi+0x15d/0x360
[ 103.759904][ T1107] ieee80211_handle_queued_frames+0x105/0x1b0
[ 103.766421][ T1107] tasklet_action_common+0x298/0x400
[ 103.771918][ T1107] handle_softirqs+0x328/0x820
[ 103.776776][ T1107] do_softirq+0x13b/0x200
[ 103.781224][ T1107] __local_bh_enable_ip+0x174/0x1b0
[ 103.786605][ T1107] ip6_finish_output2+0x110b/0x1500
[ 103.792843][ T1107] page last free stack trace:
[ 103.798147][ T1107] free_unref_page_prepare+0x637/0x6c0
[ 103.804542][ T1107] free_unref_page+0x94/0x280
[ 103.809607][ T1107] free_nonslab_page+0xe2/0x150
[ 103.815035][ T1107] wg_destruct+0x2a6/0x300
[ 103.819455][ T1107] netdev_run_todo+0x82d/0xa40
[ 103.824242][ T1107] default_device_exit_batch+0x33b/0x390
[ 103.830162][ T1107] cleanup_net+0x77b/0xb80
[ 103.834940][ T1107] process_one_work+0x863/0x1000
[ 103.840130][ T1107] worker_thread+0xaa8/0x12a0
[ 103.845119][ T1107] kthread+0x436/0x520
[ 103.849321][ T1107] ret_from_fork+0x1f/0x30
[ 103.854046][ T1107]
[ 103.856648][ T1107] Memory state around the buggy address:
[ 103.862687][ T1107] ffff888060b75800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 103.871208][ T1107] ffff888060b75880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 103.879942][ T1107] >ffff888060b75900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 103.888960][ T1107] ^
[ 103.896540][ T1107] ffff888060b75980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 103.905071][ T1107] ffff888060b75a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 103.913674][ T1107] ==================================================================
[ 103.921989][ T1107] Disabling lock debugging due to kernel taint
[ 103.929599][ T1107] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 103.937292][ T1107] CPU: 1 PID: 1107 Comm: kworker/1:2 Tainted: G B syzkaller #0
[ 103.946892][ T1107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 103.958386][ T1107] Workqueue: usb_hub_wq hub_event
[ 103.964996][ T1107] Call Trace:
[ 103.969031][ T1107]
[ 103.971991][ T1107] dump_stack_lvl+0x168/0x230
[ 103.977149][ T1107] ? show_regs_print_info+0x20/0x20
[ 103.982704][ T1107] ? load_image+0x3b0/0x3b0
[ 103.987202][ T1107] panic+0x2c9/0x7f0
[ 103.991123][ T1107] ? bpf_jit_dump+0xd0/0xd0
[ 103.996144][ T1107] ? _raw_spin_unlock_irqrestore+0xf6/0x100
[ 104.002549][ T1107] ? _raw_spin_unlock+0x40/0x40
[ 104.008057][ T1107] ? hdm_disconnect+0x109/0x1c0
[ 104.013174][ T1107] check_panic_on_warn+0x80/0xa0
[ 104.018192][ T1107] ? hdm_disconnect+0x109/0x1c0
[ 104.023253][ T1107] end_report+0x6d/0xf0
[ 104.027930][ T1107] kasan_report+0x102/0x130
[ 104.032989][ T1107] ? hdm_disconnect+0x109/0x1c0
[ 104.038217][ T1107] hdm_disconnect+0x109/0x1c0
[ 104.043033][ T1107] usb_unbind_interface+0x1ee/0x860
[ 104.049118][ T1107] ? usb_driver_release_interface+0x1b0/0x1b0
[ 104.056288][ T1107] device_release_driver_internal+0x4b4/0x750
[ 104.063226][ T1107] bus_remove_device+0x2e2/0x400
[ 104.069114][ T1107] device_del+0x628/0xa70
[ 104.073808][ T1107] ? kill_device+0x160/0x160
[ 104.078787][ T1107] ? lock_chain_count+0x20/0x20
[ 104.084341][ T1107] ? mutex_lock_io_nested+0x60/0x60
[ 104.089974][ T1107] ? _raw_spin_lock_irq+0xab/0xe0
[ 104.095198][ T1107] usb_disable_device+0x3e2/0x890
[ 104.101368][ T1107] usb_disconnect+0x348/0x8a0
[ 104.106953][ T1107] hub_event+0x1e9f/0x5560
[ 104.111735][ T1107] ? hub_post_resume+0x120/0x120
[ 104.116758][ T1107] ? read_lock_is_recursive+0x10/0x10
[ 104.122385][ T1107] ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 104.128716][ T1107] ? _raw_spin_unlock+0x40/0x40
[ 104.134038][ T1107] ? _raw_spin_unlock_irq+0x1f/0x40
[ 104.139755][ T1107] process_one_work+0x863/0x1000
[ 104.144781][ T1107] ? worker_detach_from_pool+0x240/0x240
[ 104.150577][ T1107] ? lockdep_hardirqs_off+0x70/0x100
[ 104.156443][ T1107] ? _raw_spin_lock_irq+0xab/0xe0
[ 104.161929][ T1107] ? _raw_spin_lock_irqsave+0xf0/0xf0
[ 104.167763][ T1107] ? wq_worker_running+0x97/0x170
[ 104.173306][ T1107] worker_thread+0xaa8/0x12a0
[ 104.178157][ T1107] ? lockdep_hardirqs_on+0x94/0x140
[ 104.184182][ T1107] ? lockdep_hardirqs_on+0x94/0x140
[ 104.189707][ T1107] ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 104.196622][ T1107] kthread+0x436/0x520
[ 104.200705][ T1107] ? rcu_lock_release+0x20/0x20
[ 104.206058][ T1107] ? kthread_blkcg+0xd0/0xd0
[ 104.210738][ T1107] ret_from_fork+0x1f/0x30
[ 104.215803][ T1107]
[ 104.219652][ T1107] Kernel Offset: disabled
[ 104.224333][ T1107] Rebooting in 86400 seconds..