[ 81.397030][ T10] cfg80211: failed to load regulatory.db
Warning: Permanently added '[localhost]:51966' (ED25519) to the list of known hosts.
2025/05/22 09:55:58 ignoring optional flag "sandboxArg"="0"
2025/05/22 09:55:59 parsed 1 programs
[ 87.446300][ T40] audit: type=1400 audit(1747907761.921:121): avc: denied { unlink } for pid=6218 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 88.477613][ T6218] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 90.572638][ T40] audit: type=1401 audit(1747907765.051:122): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[ 91.260536][ T5288] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 91.263451][ T5288] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 91.267283][ T5288] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 91.270740][ T5288] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 91.274515][ T5288] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 91.494733][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 91.497724][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 91.513741][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 91.516283][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 91.729234][ T6294] chnl_net:caif_netlink_parms(): no params data found
[ 91.806274][ T6294] bridge0: port 1(bridge_slave_0) entered blocking state
[ 91.808544][ T6294] bridge0: port 1(bridge_slave_0) entered disabled state
[ 91.810943][ T6294] bridge_slave_0: entered allmulticast mode
[ 91.813905][ T6294] bridge_slave_0: entered promiscuous mode
[ 91.818219][ T6294] bridge0: port 2(bridge_slave_1) entered blocking state
[ 91.821112][ T6294] bridge0: port 2(bridge_slave_1) entered disabled state
[ 91.824009][ T6294] bridge_slave_1: entered allmulticast mode
[ 91.827918][ T6294] bridge_slave_1: entered promiscuous mode
[ 91.869353][ T6294] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 91.883405][ T6294] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 91.915460][ T6294] team0: Port device team_slave_0 added
[ 91.921835][ T6294] team0: Port device team_slave_1 added
[ 91.951910][ T6294] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 91.954107][ T6294] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 91.964798][ T6294] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 91.974731][ T6294] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 91.977076][ T6294] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 91.985027][ T6294] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 92.040304][ T6294] hsr_slave_0: entered promiscuous mode
[ 92.042530][ T6294] hsr_slave_1: entered promiscuous mode
[ 92.533367][ T6294] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 92.539186][ T6294] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 92.545531][ T6294] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 92.552187][ T6294] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 92.578645][ T6294] bridge0: port 2(bridge_slave_1) entered blocking state
[ 92.581928][ T6294] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 92.585676][ T6294] bridge0: port 1(bridge_slave_0) entered blocking state
[ 92.588505][ T6294] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 92.629281][ T6294] 8021q: adding VLAN 0 to HW filter on device bond0
[ 92.640248][ T92] bridge0: port 1(bridge_slave_0) entered disabled state
[ 92.644452][ T92] bridge0: port 2(bridge_slave_1) entered disabled state
[ 92.660597][ T6294] 8021q: adding VLAN 0 to HW filter on device team0
[ 92.668067][ T1235] bridge0: port 1(bridge_slave_0) entered blocking state
[ 92.670777][ T1235] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 92.676963][ T92] bridge0: port 2(bridge_slave_1) entered blocking state
[ 92.679311][ T92] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 92.804856][ T6294] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 92.832314][ T6294] veth0_vlan: entered promiscuous mode
[ 92.837317][ T6294] veth1_vlan: entered promiscuous mode
[ 92.858387][ T6294] veth0_macvtap: entered promiscuous mode
[ 92.864332][ T6294] veth1_macvtap: entered promiscuous mode
[ 92.874770][ T6294] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 92.881093][ T6294] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 92.888961][ T6294] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 92.892560][ T6294] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 92.896077][ T6294] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 92.900281][ T6294] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 92.970828][ T64] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 93.031956][ T64] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 93.107993][ T64] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 93.173090][ T64] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/05/22 09:56:08 executed programs: 0
[ 93.669076][ T68] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 93.672360][ T68] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 93.678402][ T68] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 93.682233][ T68] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 93.685027][ T68] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 93.791935][ T6387] chnl_net:caif_netlink_parms(): no params data found
[ 93.865119][ T6387] bridge0: port 1(bridge_slave_0) entered blocking state
[ 93.867941][ T6387] bridge0: port 1(bridge_slave_0) entered disabled state
[ 93.870228][ T6387] bridge_slave_0: entered allmulticast mode
[ 93.873337][ T6387] bridge_slave_0: entered promiscuous mode
[ 93.876505][ T6387] bridge0: port 2(bridge_slave_1) entered blocking state
[ 93.878803][ T6387] bridge0: port 2(bridge_slave_1) entered disabled state
[ 93.881213][ T6387] bridge_slave_1: entered allmulticast mode
[ 93.883893][ T6387] bridge_slave_1: entered promiscuous mode
[ 93.922185][ T6387] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 93.927732][ T6387] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 93.964100][ T6387] team0: Port device team_slave_0 added
[ 93.969489][ T6387] team0: Port device team_slave_1 added
[ 94.013107][ T6387] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 94.015326][ T6387] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 94.023510][ T6387] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 94.027907][ T6387] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 94.030207][ T6387] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 94.040291][ T6387] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 94.097698][ T6387] hsr_slave_0: entered promiscuous mode
[ 94.099940][ T6387] hsr_slave_1: entered promiscuous mode
[ 94.101989][ T6387] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 94.104276][ T6387] Cannot create hsr debugfs directory
[ 95.716527][ T68] Bluetooth: hci0: command tx timeout
[ 96.192951][ T64] bridge_slave_1: left allmulticast mode
[ 96.195385][ T64] bridge_slave_1: left promiscuous mode
[ 96.198315][ T64] bridge0: port 2(bridge_slave_1) entered disabled state
[ 96.203560][ T64] bridge_slave_0: left allmulticast mode
[ 96.205888][ T64] bridge_slave_0: left promiscuous mode
[ 96.208756][ T64] bridge0: port 1(bridge_slave_0) entered disabled state
[ 96.372896][ T64] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 96.377169][ T64] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 96.380727][ T64] bond0 (unregistering): Released all slaves
[ 96.521217][ T64] hsr_slave_0: left promiscuous mode
[ 96.524057][ T64] hsr_slave_1: left promiscuous mode
[ 96.527021][ T64] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 96.530045][ T64] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 96.533566][ T64] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 96.536619][ T64] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 96.552574][ T64] veth1_macvtap: left promiscuous mode
[ 96.554400][ T64] veth0_macvtap: left promiscuous mode
[ 96.558049][ T64] veth1_vlan: left promiscuous mode
[ 96.559807][ T64] veth0_vlan: left promiscuous mode
[ 96.920416][ T64] team0 (unregistering): Port device team_slave_1 removed
[ 96.961443][ T64] team0 (unregistering): Port device team_slave_0 removed
[ 97.504866][ T6387] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 97.510161][ T6387] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 97.517089][ T6387] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 97.523140][ T6387] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 97.564326][ T6387] 8021q: adding VLAN 0 to HW filter on device bond0
[ 97.573776][ T6387] 8021q: adding VLAN 0 to HW filter on device team0
[ 97.579104][ T92] bridge0: port 1(bridge_slave_0) entered blocking state
[ 97.582176][ T92] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 97.591512][ T92] bridge0: port 2(bridge_slave_1) entered blocking state
[ 97.594496][ T92] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 97.747266][ T6387] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 97.775192][ T6387] veth0_vlan: entered promiscuous mode
[ 97.780341][ T6387] veth1_vlan: entered promiscuous mode
[ 97.793918][ T6387] veth0_macvtap: entered promiscuous mode
[ 97.796613][ T68] Bluetooth: hci0: command tx timeout
[ 97.798181][ T6387] veth1_macvtap: entered promiscuous mode
[ 97.808206][ T6387] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 97.818842][ T6387] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 97.824546][ T6387] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 97.828155][ T6387] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 97.831654][ T6387] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 97.835137][ T6387] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 97.875223][ T92] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 97.877734][ T92] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 97.891272][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 97.894064][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 97.927528][ T40] audit: type=1400 audit(1747907772.411:123): avc: denied { create } for pid=6494 comm="syz.0.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 97.934118][ T40] audit: type=1400 audit(1747907772.411:124): avc: denied { read write } for pid=6494 comm="syz.0.16" name="raw-gadget" dev="devtmpfs" ino=849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 97.943886][ T40] audit: type=1400 audit(1747907772.411:125): avc: denied { open } for pid=6494 comm="syz.0.16" path="/dev/raw-gadget" dev="devtmpfs" ino=849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 97.951643][ T40] audit: type=1400 audit(1747907772.411:126): avc: denied { ioctl } for pid=6494 comm="syz.0.16" path="/dev/raw-gadget" dev="devtmpfs" ino=849 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 98.166324][ T24] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 98.316276][ T24] usb 5-1: Using ep0 maxpacket: 8
[ 98.321608][ T24] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 98.325020][ T24] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 98.328116][ T24] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[ 98.331588][ T24] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[ 98.334692][ T24] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 98.338749][ T24] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 98.341559][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 98.548701][ T24] usb 5-1: GET_CAPABILITIES returned 0
[ 98.550566][ T24] usbtmc 5-1:16.0: can't read capabilities
[ 98.749374][ T40] audit: type=1400 audit(1747907773.231:127): avc: denied { write } for pid=6494 comm="syz.0.16" name="usbtmc0" dev="devtmpfs" ino=2833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[ 98.751659][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[ 98.764505][ T6338] usb 5-1: USB disconnect, device number 2
2025/05/22 09:56:13 executed programs: 3
[ 99.516401][ T24] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[ 99.666207][ T24] usb 5-1: Using ep0 maxpacket: 8
[ 99.669851][ T24] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 99.673408][ T24] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 99.677049][ T24] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[ 99.681111][ T24] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[ 99.684794][ T24] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 99.689656][ T24] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 99.692947][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 99.876642][ T68] Bluetooth: hci0: command tx timeout
[ 99.900777][ T24] usb 5-1: GET_CAPABILITIES returned 0
[ 99.902528][ T24] usbtmc 5-1:16.0: can't read capabilities
[ 100.107025][ C2] ==================================================================
[ 100.108254][ T9] usb 5-1: USB disconnect, device number 3
[ 100.110369][ C2] BUG: KASAN: slab-use-after-free in usb_anchor_suspend_wakeups+0x28/0x40
[ 100.116324][ C2] Write of size 4 at addr ffff88804887e110 by task swapper/2/0
[ 100.121236][ C2]
[ 100.122231][ C2] CPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.15.0-rc7-syzkaller-gd608703fcdd9 #0 PREEMPT(full)
[ 100.122253][ C2] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 100.122263][ C2] Call Trace:
[ 100.122271][ C2]
[ 100.122278][ C2] dump_stack_lvl+0x116/0x1f0
[ 100.122307][ C2] print_report+0xc3/0x670
[ 100.122324][ C2] ? __virt_addr_valid+0x5e/0x590
[ 100.122347][ C2] ? __phys_addr+0xc6/0x150
[ 100.122368][ C2] ? usb_anchor_suspend_wakeups+0x28/0x40
[ 100.122384][ C2] kasan_report+0xe0/0x110
[ 100.122402][ C2] ? usb_anchor_suspend_wakeups+0x28/0x40
[ 100.122420][ C2] kasan_check_range+0xef/0x1a0
[ 100.122441][ C2] usb_anchor_suspend_wakeups+0x28/0x40
[ 100.122456][ C2] __usb_hcd_giveback_urb+0x224/0x6e0
[ 100.122481][ C2] usb_hcd_giveback_urb+0x39b/0x450
[ 100.122512][ C2] dummy_timer+0x180e/0x3a20
[ 100.122532][ C2] ? find_held_lock+0x2b/0x80
[ 100.122551][ C2] ? debug_object_deactivate+0x1ec/0x3a0
[ 100.122574][ C2] ? debug_object_deactivate+0x1ec/0x3a0
[ 100.122589][ C2] ? __pfx_debug_object_deactivate+0x10/0x10
[ 100.122606][ C2] ? __pfx_dummy_timer+0x10/0x10
[ 100.122621][ C2] ? rcu_is_watching+0x12/0xc0
[ 100.122640][ C2] ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 100.122664][ C2] ? __pfx_dummy_timer+0x10/0x10
[ 100.122678][ C2] __hrtimer_run_queues+0x202/0xad0
[ 100.122700][ C2] ? __pfx___hrtimer_run_queues+0x10/0x10
[ 100.122716][ C2] ? read_tsc+0x9/0x20
[ 100.122740][ C2] hrtimer_run_softirq+0x17d/0x350
[ 100.122759][ C2] handle_softirqs+0x216/0x8e0
[ 100.122781][ C2] ? __pfx_handle_softirqs+0x10/0x10
[ 100.122803][ C2] __irq_exit_rcu+0x109/0x170
[ 100.122821][ C2] irq_exit_rcu+0x9/0x30
[ 100.122839][ C2] sysvec_apic_timer_interrupt+0xa4/0xc0
[ 100.122861][ C2]
[ 100.122867][ C2]
[ 100.122873][ C2] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 100.122892][ C2] RIP: 0010:pv_native_safe_halt+0xf/0x20
[ 100.122914][ C2] Code: f5 61 02 e9 53 fc 02 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 33 c0 1c 00 fb f4 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[ 100.122930][ C2] RSP: 0018:ffffc90000187df8 EFLAGS: 00000286
[ 100.122945][ C2] RAX: 0000000000090db9 RBX: 0000000000000002 RCX: ffffffff8b6d3419
[ 100.122956][ C2] RDX: 0000000000000000 RSI: ffffffff8dbe4615 RDI: ffffffff8bf4a2a0
[ 100.122967][ C2] RBP: ffffed1003b5b910 R08: 0000000000000001 R09: ffffed100d4c65bd
[ 100.122978][ C2] R10: ffff88806a632deb R11: 0000000000000000 R12: 0000000000000002
[ 100.122989][ C2] R13: ffff88801dadc880 R14: ffffffff90852e10 R15: 0000000000000000
[ 100.123003][ C2] ? ct_kernel_exit+0x139/0x190
[ 100.123029][ C2] default_idle+0x13/0x20
[ 100.123043][ C2] default_idle_call+0x6d/0xb0
[ 100.123058][ C2] do_idle+0x391/0x510
[ 100.123079][ C2] ? __pfx_do_idle+0x10/0x10
[ 100.123097][ C2] ? rcu_is_watching+0x12/0xc0
[ 100.123116][ C2] ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 100.123137][ C2] ? lockdep_hardirqs_on+0x7c/0x110
[ 100.123160][ C2] cpu_startup_entry+0x4f/0x60
[ 100.123180][ C2] start_secondary+0x21d/0x2b0
[ 100.123196][ C2] ? __pfx_start_secondary+0x10/0x10
[ 100.123213][ C2] common_startup_64+0x13e/0x148
[ 100.123238][ C2]
[ 100.123243][ C2]
[ 100.245008][ C2] Allocated by task 6500:
[ 100.246357][ C2] kasan_save_stack+0x33/0x60
[ 100.247841][ C2] kasan_save_track+0x14/0x30
[ 100.249326][ C2] __kasan_kmalloc+0xaa/0xb0
[ 100.250790][ C2] usbtmc_open+0xa9/0x9b0
[ 100.252160][ C2] usb_open+0x189/0x220
[ 100.253477][ C2] chrdev_open+0x231/0x6a0
[ 100.254888][ C2] do_dentry_open+0x744/0x1c10
[ 100.256395][ C2] vfs_open+0x82/0x3f0
[ 100.257688][ C2] path_openat+0x1e5e/0x2d40
[ 100.259139][ C2] do_filp_open+0x20b/0x470
[ 100.260581][ C2] do_sys_openat2+0x11b/0x1d0
[ 100.262066][ C2] __x64_sys_openat+0x174/0x210
[ 100.263619][ C2] do_syscall_64+0xcd/0x260
[ 100.265074][ C2] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 100.266935][ C2]
[ 100.267709][ C2] Freed by task 6500:
[ 100.268969][ C2] kasan_save_stack+0x33/0x60
[ 100.270421][ C2] kasan_save_track+0x14/0x30
[ 100.271856][ C2] kasan_save_free_info+0x3b/0x60
[ 100.273364][ C2] __kasan_slab_free+0x51/0x70
[ 100.274827][ C2] kfree+0x2b6/0x4d0
[ 100.276043][ C2] usbtmc_release+0x271/0x380
[ 100.277530][ C2] __fput+0x3ff/0xb70
[ 100.278824][ C2] task_work_run+0x150/0x240
[ 100.280294][ C2] syscall_exit_to_user_mode+0x27b/0x2a0
[ 100.282056][ C2] do_syscall_64+0xda/0x260
[ 100.283530][ C2] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 100.285370][ C2]
[ 100.286139][ C2] The buggy address belongs to the object at ffff88804887e000
[ 100.286139][ C2] which belongs to the cache kmalloc-1k of size 1024
[ 100.290406][ C2] The buggy address is located 272 bytes inside of
[ 100.290406][ C2] freed 1024-byte region [ffff88804887e000, ffff88804887e400)
[ 100.294604][ C2]
[ 100.295371][ C2] The buggy address belongs to the physical page:
[ 100.297349][ C2] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x48878
[ 100.300076][ C2] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 100.302670][ C2] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 100.305015][ C2] page_type: f5(slab)
[ 100.306268][ C2] raw: 00fff00000000040 ffff88801b442dc0 dead000000000122 0000000000000000
[ 100.308924][ C2] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[ 100.311565][ C2] head: 00fff00000000040 ffff88801b442dc0 dead000000000122 0000000000000000
[ 100.314212][ C2] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[ 100.316863][ C2] head: 00fff00000000003 ffffea0001221e01 00000000ffffffff 00000000ffffffff
[ 100.319531][ C2] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 100.322178][ C2] page dumped because: kasan: bad access detected
[ 100.324168][ C2] page_owner tracks the page as allocated
[ 100.325930][ C2] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 64, tgid 64 (kworker/u32:3), ts 98767930947, free_ts 97921436643
[ 100.331682][ C2] post_alloc_hook+0x181/0x1b0
[ 100.333191][ C2] get_page_from_freelist+0x135c/0x3920
[ 100.334916][ C2] __alloc_frozen_pages_noprof+0x263/0x23a0
[ 100.336755][ C2] alloc_pages_mpol+0x1fb/0x550
[ 100.338273][ C2] new_slab+0x244/0x340
[ 100.339598][ C2] ___slab_alloc+0xd9c/0x1940
[ 100.341072][ C2] __slab_alloc.constprop.0+0x56/0xb0
[ 100.342753][ C2] __kmalloc_noprof+0x2f2/0x510
[ 100.344281][ C2] ___neigh_create+0x14e6/0x28c0
[ 100.345849][ C2] ip6_finish_output2+0x1299/0x2020
[ 100.347492][ C2] ip6_finish_output+0x3f9/0x1360
[ 100.349089][ C2] ip6_output+0x1f9/0x540
[ 100.350449][ C2] ndisc_send_skb+0xa91/0x1e40
[ 100.351953][ C2] ndisc_send_rs+0x129/0x670
[ 100.353377][ C2] addrconf_dad_completed+0x49d/0x10d0
[ 100.355043][ C2] addrconf_dad_work+0x84d/0x14e0
[ 100.356627][ C2] page last free pid 5347 tgid 5347 stack trace:
[ 100.358587][ C2] __free_frozen_pages+0x69d/0xff0
[ 100.360230][ C2] __put_partials+0x16d/0x1c0
[ 100.361715][ C2] qlist_free_all+0x4e/0x120
[ 100.363172][ C2] kasan_quarantine_reduce+0x195/0x1e0
[ 100.364891][ C2] __kasan_slab_alloc+0x69/0x90
[ 100.366413][ C2] kmem_cache_alloc_noprof+0x1cb/0x3b0
[ 100.368118][ C2] getname_flags.part.0+0x4c/0x550
[ 100.369748][ C2] getname_flags+0x93/0xf0
[ 100.371161][ C2] vfs_fstatat+0xe1/0xf0
[ 100.372501][ C2] __do_sys_newfstatat+0xa1/0x130
[ 100.374079][ C2] do_syscall_64+0xcd/0x260
[ 100.375522][ C2] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 100.377368][ C2]
[ 100.378139][ C2] Memory state around the buggy address:
[ 100.379916][ C2] ffff88804887e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 100.382381][ C2] ffff88804887e080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 100.384867][ C2] >ffff88804887e100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 100.387332][ C2] ^
[ 100.388790][ C2] ffff88804887e180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 100.391283][ C2] ffff88804887e200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 100.393908][ C2] ==================================================================
[ 100.396432][ C2] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 100.398676][ C2] CPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.15.0-rc7-syzkaller-gd608703fcdd9 #0 PREEMPT(full)
[ 100.402083][ C2] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 100.405403][ C2] Call Trace:
[ 100.406460][ C2]
[ 100.407389][ C2] dump_stack_lvl+0x3d/0x1f0
[ 100.408889][ C2] panic+0x71c/0x800
[ 100.410131][ C2] ? __pfx_panic+0x10/0x10
[ 100.411566][ C2] ? __pfx__printk+0x10/0x10
[ 100.413026][ C2] ? end_report+0x4c/0x170
[ 100.414430][ C2] ? check_panic_on_warn+0x1f/0xb0
[ 100.416036][ C2] ? usb_anchor_suspend_wakeups+0x28/0x40
[ 100.417805][ C2] check_panic_on_warn+0xab/0xb0
[ 100.419371][ C2] end_report+0x107/0x170
[ 100.420736][ C2] kasan_report+0xee/0x110
[ 100.422147][ C2] ? usb_anchor_suspend_wakeups+0x28/0x40
[ 100.423945][ C2] kasan_check_range+0xef/0x1a0
[ 100.425489][ C2] usb_anchor_suspend_wakeups+0x28/0x40
[ 100.427224][ C2] __usb_hcd_giveback_urb+0x224/0x6e0
[ 100.428920][ C2] usb_hcd_giveback_urb+0x39b/0x450
[ 100.430558][ C2] dummy_timer+0x180e/0x3a20
[ 100.432021][ C2] ? find_held_lock+0x2b/0x80
[ 100.433506][ C2] ? debug_object_deactivate+0x1ec/0x3a0
[ 100.435257][ C2] ? debug_object_deactivate+0x1ec/0x3a0
[ 100.437017][ C2] ? __pfx_debug_object_deactivate+0x10/0x10
[ 100.438898][ C2] ? __pfx_dummy_timer+0x10/0x10
[ 100.440476][ C2] ? rcu_is_watching+0x12/0xc0
[ 100.441982][ C2] ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 100.443884][ C2] ? __pfx_dummy_timer+0x10/0x10
[ 100.445463][ C2] __hrtimer_run_queues+0x202/0xad0
[ 100.447098][ C2] ? __pfx___hrtimer_run_queues+0x10/0x10
[ 100.448892][ C2] ? read_tsc+0x9/0x20
[ 100.450187][ C2] hrtimer_run_softirq+0x17d/0x350
[ 100.451806][ C2] handle_softirqs+0x216/0x8e0
[ 100.453313][ C2] ? __pfx_handle_softirqs+0x10/0x10
[ 100.454987][ C2] __irq_exit_rcu+0x109/0x170
[ 100.456477][ C2] irq_exit_rcu+0x9/0x30
[ 100.457810][ C2] sysvec_apic_timer_interrupt+0xa4/0xc0
[ 100.459567][ C2]
[ 100.460509][ C2]
[ 100.461451][ C2] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 100.463319][ C2] RIP: 0010:pv_native_safe_halt+0xf/0x20
[ 100.465083][ C2] Code: f5 61 02 e9 53 fc 02 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 33 c0 1c 00 fb f4 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[ 100.471006][ C2] RSP: 0018:ffffc90000187df8 EFLAGS: 00000286
[ 100.472874][ C2] RAX: 0000000000090db9 RBX: 0000000000000002 RCX: ffffffff8b6d3419
[ 100.475249][ C2] RDX: 0000000000000000 RSI: ffffffff8dbe4615 RDI: ffffffff8bf4a2a0
[ 100.477718][ C2] RBP: ffffed1003b5b910 R08: 0000000000000001 R09: ffffed100d4c65bd
[ 100.480120][ C2] R10: ffff88806a632deb R11: 0000000000000000 R12: 0000000000000002
[ 100.482577][ C2] R13: ffff88801dadc880 R14: ffffffff90852e10 R15: 0000000000000000
[ 100.485053][ C2] ? ct_kernel_exit+0x139/0x190
[ 100.486599][ C2] default_idle+0x13/0x20
[ 100.487967][ C2] default_idle_call+0x6d/0xb0
[ 100.489468][ C2] do_idle+0x391/0x510
[ 100.490768][ C2] ? __pfx_do_idle+0x10/0x10
[ 100.492233][ C2] ? rcu_is_watching+0x12/0xc0
[ 100.493775][ C2] ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 100.495608][ C2] ? lockdep_hardirqs_on+0x7c/0x110
[ 100.497226][ C2] cpu_startup_entry+0x4f/0x60
[ 100.498753][ C2] start_secondary+0x21d/0x2b0
[ 100.500271][ C2] ? __pfx_start_secondary+0x10/0x10
[ 100.501852][ C2] common_startup_64+0x13e/0x148
[ 100.503519][ C2]
[ 100.505110][ C2] Kernel Offset: disabled
[ 100.506456][ C2] Rebooting in 86400 seconds..