Warning: Permanently added '10.128.1.192' (ED25519) to the list of known hosts.
2025/09/09 19:55:35 parsed 1 programs
[   91.883723][ T5864] cgroup: Unknown subsys name 'net'
[   91.939730][  T983] cfg80211: failed to load regulatory.db
[   92.006209][ T5864] cgroup: Unknown subsys name 'cpuset'
[   92.015861][ T5864] cgroup: Unknown subsys name 'rlimit'
[   93.736821][ T5864] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   96.702208][ T5878] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   97.773638][ T5901] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   97.782090][ T5901] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   97.792093][ T5901] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   97.801070][   T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   97.809948][   T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   99.443918][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.452237][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.492266][ T1325] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.501418][ T1325] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.845542][ T5932] chnl_net:caif_netlink_parms(): no params data found
[   99.945044][ T5932] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.953715][ T5932] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.961075][ T5932] bridge_slave_0: entered allmulticast mode
[   99.969420][ T5932] bridge_slave_0: entered promiscuous mode
[   99.979349][ T5932] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.986811][ T5932] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.994232][ T5932] bridge_slave_1: entered allmulticast mode
[  100.001609][ T5932] bridge_slave_1: entered promiscuous mode
[  100.043213][ T5932] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  100.055882][ T5932] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.095718][ T5932] team0: Port device team_slave_0 added
[  100.103970][ T5932] team0: Port device team_slave_1 added
[  100.133927][ T5932] batman_adv: batadv0: Adding interface: batadv_slave_0
[  100.141090][ T5932] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  100.167865][ T5932] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  100.181569][ T5932] batman_adv: batadv0: Adding interface: batadv_slave_1
[  100.189627][ T5932] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  100.215996][ T5932] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  100.263237][ T5932] hsr_slave_0: entered promiscuous mode
[  100.269781][ T5932] hsr_slave_1: entered promiscuous mode
[  100.431945][ T5932] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  100.444145][ T5932] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  100.455898][ T5932] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  100.466836][ T5932] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  100.502705][ T5932] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.509944][ T5932] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.518327][ T5932] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.525549][ T5932] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.582104][ T5932] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.602156][ T1325] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.611316][ T1325] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.628651][ T5932] 8021q: adding VLAN 0 to HW filter on device team0
[  100.642446][ T3484] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.649630][ T3484] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.665740][ T3484] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.672900][ T3484] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.863514][ T5932] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.908149][ T5932] veth0_vlan: entered promiscuous mode
[  100.921555][ T5932] veth1_vlan: entered promiscuous mode
[  100.954767][ T5932] veth0_macvtap: entered promiscuous mode
[  100.965452][ T5932] veth1_macvtap: entered promiscuous mode
[  100.989018][ T5932] batman_adv: batadv0: Interface activated: batadv_slave_0
[  101.006580][ T5932] batman_adv: batadv0: Interface activated: batadv_slave_1
[  101.023724][ T3484] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  101.033363][ T3484] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  101.044440][ T3484] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  101.054315][ T3484] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  101.194255][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.264138][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.340726][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.407889][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/09/09 19:55:49 executed programs: 0
[  102.320666][   T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  102.332431][   T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  102.342009][   T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  102.350675][   T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  102.358910][   T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  102.537531][ T5972] chnl_net:caif_netlink_parms(): no params data found
[  102.623203][ T5972] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.630674][ T5972] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.638540][ T5972] bridge_slave_0: entered allmulticast mode
[  102.645762][ T5972] bridge_slave_0: entered promiscuous mode
[  102.654158][ T5972] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.662307][ T5972] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.670521][ T5972] bridge_slave_1: entered allmulticast mode
[  102.677808][ T5972] bridge_slave_1: entered promiscuous mode
[  102.717383][ T5972] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  102.730740][ T5972] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  102.771121][ T5972] team0: Port device team_slave_0 added
[  102.779551][ T5972] team0: Port device team_slave_1 added
[  102.815719][ T5972] batman_adv: batadv0: Adding interface: batadv_slave_0
[  102.823781][ T5972] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  102.849908][ T5972] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  102.863125][ T5972] batman_adv: batadv0: Adding interface: batadv_slave_1
[  102.870420][ T5972] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  102.896370][ T5972] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  102.956151][ T5972] hsr_slave_0: entered promiscuous mode
[  102.963457][ T5972] hsr_slave_1: entered promiscuous mode
[  102.970147][ T5972] debugfs: 'hsr0' already exists in 'hsr'
[  102.975973][ T5972] Cannot create hsr debugfs directory
[  104.370419][   T13] bridge_slave_1: left allmulticast mode
[  104.376284][   T13] bridge_slave_1: left promiscuous mode
[  104.383751][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.401062][   T13] bridge_slave_0: left allmulticast mode
[  104.406764][   T13] bridge_slave_0: left promiscuous mode
[  104.412651][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.422099][   T52] Bluetooth: hci0: command tx timeout
[  104.770514][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  104.788214][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  104.804817][   T13] bond0 (unregistering): Released all slaves
[  104.908571][   T13] hsr_slave_0: left promiscuous mode
[  104.914804][   T13] hsr_slave_1: left promiscuous mode
[  104.925380][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  104.933286][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  104.941895][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  104.949400][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  104.966259][   T13] veth1_macvtap: left promiscuous mode
[  104.972086][   T13] veth0_macvtap: left promiscuous mode
[  104.979821][   T13] veth1_vlan: left promiscuous mode
[  104.985246][   T13] veth0_vlan: left promiscuous mode
[  105.293446][   T13] team0 (unregistering): Port device team_slave_1 removed
[  105.320597][   T13] team0 (unregistering): Port device team_slave_0 removed
[  105.767078][ T5972] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  105.790011][ T5972] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  105.802871][ T5972] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  105.815921][ T5972] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  106.173069][ T5972] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.205791][ T5972] 8021q: adding VLAN 0 to HW filter on device team0
[  106.235938][ T1325] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.243958][ T1325] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.293680][   T60] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.300890][   T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.507905][   T52] Bluetooth: hci0: command tx timeout
[  106.554330][ T5972] 8021q: adding VLAN 0 to HW filter on device batadv0
[  106.599487][ T5972] veth0_vlan: entered promiscuous mode
[  106.611743][ T5972] veth1_vlan: entered promiscuous mode
[  106.641940][ T5972] veth0_macvtap: entered promiscuous mode
[  106.651657][ T5972] veth1_macvtap: entered promiscuous mode
[  106.671952][ T5972] batman_adv: batadv0: Interface activated: batadv_slave_0
[  106.686420][ T5972] batman_adv: batadv0: Interface activated: batadv_slave_1
[  106.701202][   T60] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  106.710287][   T60] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  106.721434][   T60] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  106.730453][   T60] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  106.791675][ T3484] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.805462][ T3484] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  106.836054][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.844617][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.128123][ T5945] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  107.287693][ T5945] usb 1-1: Using ep0 maxpacket: 32
[  107.296172][ T5945] usb 1-1: config 0 has an invalid interface number: 132 but max is 0
[  107.304922][ T5945] usb 1-1: config 0 has no interface number 0
[  107.311846][ T5945] usb 1-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  107.324583][ T5945] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  107.333808][ T5945] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.342004][ T5945] usb 1-1: Product: syz
[  107.346186][ T5945] usb 1-1: Manufacturer: syz
[  107.351077][ T5945] usb 1-1: SerialNumber: syz
[  107.360340][ T5945] usb 1-1: config 0 descriptor??
[  107.367291][ T6019] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  107.381387][ T5945] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  107.391759][ T5945] em28xx 1-1:0.132: Video interface 132 found: bulk
[  107.629068][ T5945] em28xx 1-1:0.132: unknown em28xx chip ID (0)
[  107.694373][ T5945] em28xx 1-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[  107.703442][ T5945] em28xx 1-1:0.132: board has no eeprom
[  107.768063][ T5945] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  107.775945][ T5945] em28xx 1-1:0.132: analog set to bulk mode.
[  107.783201][ T6020] em28xx 1-1:0.132: Registering V4L2 extension
[  107.798788][ T5945] usb 1-1: USB disconnect, device number 2
[  107.807058][ T5945] em28xx 1-1:0.132: Disconnecting em28xx
[  107.895512][ T6020] em28xx 1-1:0.132: Config register raw data: 0xffffffed
[  107.903491][ T6020] em28xx 1-1:0.132: AC97 chip type couldn't be determined
[  107.910797][ T6020] em28xx 1-1:0.132: No AC97 audio processor
[  107.921306][ T6020] usb 1-1: Decoder not found
[  107.925954][ T6020] em28xx 1-1:0.132: failed to create media graph
[  107.932639][ T6020] em28xx 1-1:0.132: V4L2 device video103 deregistered
[  107.942460][ T6020] em28xx 1-1:0.132: Remote control support is not available for this card.
[  107.951435][ T5945] em28xx 1-1:0.132: Closing input extension
[  107.960059][ T5945] ==================================================================
[  107.968155][ T5945] BUG: KASAN: slab-use-after-free in media_devnode_unregister+0xe2/0xf0
[  107.976525][ T5945] Read of size 4 at addr ffff888077b7f4f0 by task kworker/0:3/5945
[  107.984412][ T5945] 
[  107.986765][ T5945] CPU: 0 UID: 0 PID: 5945 Comm: kworker/0:3 Not tainted syzkaller #0 PREEMPT(full) 
[  107.986782][ T5945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  107.986793][ T5945] Workqueue: usb_hub_wq hub_event
[  107.986818][ T5945] Call Trace:
[  107.986826][ T5945]  <TASK>
[  107.986832][ T5945]  dump_stack_lvl+0x189/0x250
[  107.986857][ T5945]  ? rcu_is_watching+0x15/0xb0
[  107.986875][ T5945]  ? __kasan_check_byte+0x12/0x40
[  107.986892][ T5945]  ? __pfx_dump_stack_lvl+0x10/0x10
[  107.986911][ T5945]  ? rcu_is_watching+0x15/0xb0
[  107.986927][ T5945]  ? lock_release+0x4b/0x3e0
[  107.986943][ T5945]  ? __virt_addr_valid+0x1c8/0x5c0
[  107.986965][ T5945]  ? __virt_addr_valid+0x4a5/0x5c0
[  107.986985][ T5945]  print_report+0xca/0x240
[  107.986999][ T5945]  ? media_devnode_unregister+0xe2/0xf0
[  107.987017][ T5945]  kasan_report+0x118/0x150
[  107.987033][ T5945]  ? media_devnode_unregister+0xe2/0xf0
[  107.987054][ T5945]  media_devnode_unregister+0xe2/0xf0
[  107.987071][ T5945]  media_device_unregister+0x37c/0x400
[  107.987091][ T5945]  em28xx_release_resources+0xac/0x240
[  107.987113][ T5945]  em28xx_usb_disconnect+0x19f/0x2f0
[  107.987133][ T5945]  usb_unbind_interface+0x26e/0x910
[  107.987152][ T5945]  ? __pfx_usb_unbind_interface+0x10/0x10
[  107.987167][ T5945]  device_release_driver_internal+0x4d6/0x800
[  107.987187][ T5945]  bus_remove_device+0x34d/0x410
[  107.987211][ T5945]  device_del+0x511/0x8e0
[  107.987229][ T5945]  ? __pfx_device_del+0x10/0x10
[  107.987243][ T5945]  ? kobject_put+0x446/0x480
[  107.987267][ T5945]  usb_disable_device+0x3e9/0x8a0
[  107.987284][ T5945]  usb_disconnect+0x330/0x950
[  107.987307][ T5945]  hub_event+0x1cf5/0x4a20
[  107.987330][ T5945]  ? do_raw_spin_lock+0x121/0x290
[  107.987350][ T5945]  ? register_lock_class+0x51/0x320
[  107.987370][ T5945]  ? __pfx_hub_event+0x10/0x10
[  107.987383][ T5945]  ? process_scheduled_works+0x9ef/0x17b0
[  107.987402][ T5945]  ? _raw_spin_unlock_irq+0x23/0x50
[  107.987419][ T5945]  ? process_scheduled_works+0x9ef/0x17b0
[  107.987435][ T5945]  ? process_scheduled_works+0x9ef/0x17b0
[  107.987451][ T5945]  process_scheduled_works+0xae1/0x17b0
[  107.987477][ T5945]  ? __pfx_process_scheduled_works+0x10/0x10
[  107.987499][ T5945]  worker_thread+0x8a0/0xda0
[  107.987516][ T5945]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  107.987537][ T5945]  ? __kthread_parkme+0x7b/0x200
[  107.987560][ T5945]  kthread+0x711/0x8a0
[  107.987589][ T5945]  ? __pfx_worker_thread+0x10/0x10
[  107.987613][ T5945]  ? __pfx_kthread+0x10/0x10
[  107.987633][ T5945]  ? _raw_spin_unlock_irq+0x23/0x50
[  107.987651][ T5945]  ? lockdep_hardirqs_on+0x9c/0x150
[  107.987670][ T5945]  ? __pfx_kthread+0x10/0x10
[  107.987690][ T5945]  ret_from_fork+0x47c/0x820
[  107.987707][ T5945]  ? __pfx_ret_from_fork+0x10/0x10
[  107.987733][ T5945]  ? __switch_to_asm+0x39/0x70
[  107.987747][ T5945]  ? __switch_to_asm+0x33/0x70
[  107.987761][ T5945]  ? __pfx_kthread+0x10/0x10
[  107.987780][ T5945]  ret_from_fork_asm+0x1a/0x30
[  107.987801][ T5945]  </TASK>
[  107.987806][ T5945] 
[  108.276076][ T5945] Allocated by task 5945:
[  108.280406][ T5945]  kasan_save_track+0x3e/0x80
[  108.285097][ T5945]  __kasan_kmalloc+0x93/0xb0
[  108.289699][ T5945]  __kmalloc_cache_noprof+0x3d5/0x6f0
[  108.295250][ T5945]  __media_device_register+0x58/0x280
[  108.300634][ T5945]  em28xx_usb_probe+0x1764/0x2a20
[  108.305700][ T5945]  usb_probe_interface+0x665/0xc30
[  108.310835][ T5945]  really_probe+0x26a/0x9e0
[  108.315343][ T5945]  __driver_probe_device+0x18c/0x2f0
[  108.320728][ T5945]  driver_probe_device+0x4f/0x430
[  108.325783][ T5945]  __device_attach_driver+0x2ce/0x530
[  108.331174][ T5945]  bus_for_each_drv+0x251/0x2e0
[  108.336053][ T5945]  __device_attach+0x2b8/0x400
[  108.340823][ T5945]  bus_probe_device+0x185/0x260
[  108.345691][ T5945]  device_add+0x7b6/0xb50
[  108.350024][ T5945]  usb_set_configuration+0x1a87/0x20e0
[  108.355485][ T5945]  usb_generic_driver_probe+0x8d/0x150
[  108.360946][ T5945]  usb_probe_device+0x1c1/0x390
[  108.365907][ T5945]  really_probe+0x26a/0x9e0
[  108.370428][ T5945]  __driver_probe_device+0x18c/0x2f0
[  108.375731][ T5945]  driver_probe_device+0x4f/0x430
[  108.380787][ T5945]  __device_attach_driver+0x2ce/0x530
[  108.386182][ T5945]  bus_for_each_drv+0x251/0x2e0
[  108.391054][ T5945]  __device_attach+0x2b8/0x400
[  108.395824][ T5945]  bus_probe_device+0x185/0x260
[  108.400692][ T5945]  device_add+0x7b6/0xb50
[  108.405023][ T5945]  usb_new_device+0xa39/0x16f0
[  108.409795][ T5945]  hub_event+0x2958/0x4a20
[  108.414216][ T5945]  process_scheduled_works+0xae1/0x17b0
[  108.419780][ T5945]  worker_thread+0x8a0/0xda0
[  108.424373][ T5945]  kthread+0x711/0x8a0
[  108.428450][ T5945]  ret_from_fork+0x47c/0x820
[  108.433127][ T5945]  ret_from_fork_asm+0x1a/0x30
[  108.437894][ T5945] 
[  108.440217][ T5945] Freed by task 5945:
[  108.444192][ T5945]  kasan_save_track+0x3e/0x80
[  108.449217][ T5945]  __kasan_save_free_info+0x46/0x50
[  108.454426][ T5945]  __kasan_slab_free+0x5b/0x80
[  108.459192][ T5945]  kfree+0x199/0x6d0
[  108.463096][ T5945]  media_devnode_release+0x61/0xa0
[  108.468996][ T5945]  device_release+0x9c/0x1c0
[  108.473591][ T5945]  kobject_put+0x228/0x480
[  108.478017][ T5945]  media_devnode_unregister+0x6d/0xf0
[  108.483396][ T5945]  media_device_unregister+0x37c/0x400
[  108.488858][ T5945]  em28xx_release_resources+0xac/0x240
[  108.494333][ T5945]  em28xx_usb_disconnect+0x19f/0x2f0
[  108.499630][ T5945]  usb_unbind_interface+0x26e/0x910
[  108.504843][ T5945]  device_release_driver_internal+0x4d6/0x800
[  108.510916][ T5945]  bus_remove_device+0x34d/0x410
[  108.515862][ T5945]  device_del+0x511/0x8e0
[  108.520190][ T5945]  usb_disable_device+0x3e9/0x8a0
[  108.525219][ T5945]  usb_disconnect+0x330/0x950
[  108.529988][ T5945]  hub_event+0x1cf5/0x4a20
[  108.534451][ T5945]  process_scheduled_works+0xae1/0x17b0
[  108.539998][ T5945]  worker_thread+0x8a0/0xda0
[  108.544592][ T5945]  kthread+0x711/0x8a0
[  108.548675][ T5945]  ret_from_fork+0x47c/0x820
[  108.553270][ T5945]  ret_from_fork_asm+0x1a/0x30
[  108.558038][ T5945] 
[  108.560377][ T5945] The buggy address belongs to the object at ffff888077b7f000
[  108.560377][ T5945]  which belongs to the cache kmalloc-2k of size 2048
[  108.574433][ T5945] The buggy address is located 1264 bytes inside of
[  108.574433][ T5945]  freed 2048-byte region [ffff888077b7f000, ffff888077b7f800)
[  108.588409][ T5945] 
[  108.590735][ T5945] The buggy address belongs to the physical page:
[  108.597155][ T5945] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x77b78
[  108.605913][ T5945] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  108.614424][ T5945] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  108.621971][ T5945] page_type: f5(slab)
[  108.625957][ T5945] raw: 00fff00000000040 ffff88801a842000 dead000000000122 0000000000000000
[  108.634625][ T5945] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  108.643227][ T5945] head: 00fff00000000040 ffff88801a842000 dead000000000122 0000000000000000
[  108.651898][ T5945] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  108.660568][ T5945] head: 00fff00000000003 ffffea0001dede01 00000000ffffffff 00000000ffffffff
[  108.669241][ T5945] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  108.677912][ T5945] page dumped because: kasan: bad access detected
[  108.684334][ T5945] page_owner tracks the page as allocated
[  108.690049][ T5945] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6020, tgid 6020 (kworker/0:4), ts 107508329196, free_ts 106053601945
[  108.711500][ T5945]  post_alloc_hook+0x240/0x2a0
[  108.716273][ T5945]  get_page_from_freelist+0x21e4/0x22c0
[  108.721840][ T5945]  __alloc_frozen_pages_noprof+0x181/0x370
[  108.727656][ T5945]  alloc_pages_mpol+0x232/0x4a0
[  108.732515][ T5945]  allocate_slab+0x8a/0x330
[  108.737027][ T5945]  ___slab_alloc+0xbd1/0x13f0
[  108.741711][ T5945]  __slab_alloc+0x55/0xa0
[  108.746043][ T5945]  __kmalloc_node_track_caller_noprof+0x5c7/0x800
[  108.752459][ T5945]  kmalloc_reserve+0x136/0x290
[  108.757233][ T5945]  __alloc_skb+0x142/0x2d0
[  108.761660][ T5945]  mld_newpack+0x13c/0xc40
[  108.766084][ T5945]  add_grhead+0x5a/0x2a0
[  108.770333][ T5945]  add_grec+0x1452/0x1740
[  108.774697][ T5945]  mld_send_initial_cr+0x288/0x550
[  108.779827][ T5945]  mld_dad_work+0x46/0x490
[  108.784260][ T5945]  process_scheduled_works+0xae1/0x17b0
[  108.789821][ T5945] page last free pid 13 tgid 13 stack trace:
[  108.795800][ T5945]  __free_frozen_pages+0xbc4/0xd30
[  108.800912][ T5945]  __put_partials+0x146/0x170
[  108.805590][ T5945]  put_cpu_partial+0x17c/0x250
[  108.810367][ T5945]  __slab_free+0x2b9/0x390
[  108.814787][ T5945]  qlist_free_all+0x97/0x140
[  108.819374][ T5945]  kasan_quarantine_reduce+0x148/0x160
[  108.824834][ T5945]  __kasan_slab_alloc+0x22/0x80
[  108.829682][ T5945]  kmem_cache_alloc_node_noprof+0x433/0x710
[  108.835579][ T5945]  __alloc_skb+0x112/0x2d0
[  108.840006][ T5945]  rtmsg_ifinfo_build_skb+0x84/0x260
[  108.845296][ T5945]  unregister_netdevice_many_notify+0x1556/0x1ff0
[  108.851730][ T5945]  ops_undo_list+0x3dc/0x990
[  108.856331][ T5945]  cleanup_net+0x4c5/0x800
[  108.860757][ T5945]  process_scheduled_works+0xae1/0x17b0
[  108.866307][ T5945]  worker_thread+0x8a0/0xda0
[  108.870899][ T5945]  kthread+0x711/0x8a0
[  108.874976][ T5945] 
[  108.877296][ T5945] Memory state around the buggy address:
[  108.882926][ T5945]  ffff888077b7f380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  108.890986][ T5945]  ffff888077b7f400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  108.899050][ T5945] >ffff888077b7f480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  108.907123][ T5945]                                                              ^
[  108.914835][ T5945]  ffff888077b7f500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  108.922897][ T5945]  ffff888077b7f580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  108.930966][ T5945] ==================================================================
[  108.959301][ T5945] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  108.966553][ T5945] CPU: 0 UID: 0 PID: 5945 Comm: kworker/0:3 Not tainted syzkaller #0 PREEMPT(full) 
[  108.975953][ T5945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  108.986032][ T5945] Workqueue: usb_hub_wq hub_event
[  108.991071][ T5945] Call Trace:
[  108.994378][ T5945]  <TASK>
[  108.997313][ T5945]  dump_stack_lvl+0x99/0x250
[  109.001920][ T5945]  ? __asan_memcpy+0x40/0x70
[  109.006534][ T5945]  ? __pfx_dump_stack_lvl+0x10/0x10
[  109.011743][ T5945]  ? __pfx__printk+0x10/0x10
[  109.016363][ T5945]  vpanic+0x237/0x6d0
[  109.020528][ T5945]  ? __pfx_vpanic+0x10/0x10
[  109.025051][ T5945]  ? preempt_schedule+0xae/0xc0
[  109.030011][ T5945]  ? __pfx_preempt_schedule+0x10/0x10
[  109.035397][ T5945]  panic+0xb9/0xc0
[  109.039127][ T5945]  ? __pfx_panic+0x10/0x10
[  109.043554][ T5945]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  109.049470][ T5945]  ? media_devnode_unregister+0xe2/0xf0
[  109.055022][ T5945]  check_panic_on_warn+0x89/0xb0
[  109.059976][ T5945]  ? media_devnode_unregister+0xe2/0xf0
[  109.065531][ T5945]  end_report+0x78/0x160
[  109.069791][ T5945]  kasan_report+0x129/0x150
[  109.074303][ T5945]  ? media_devnode_unregister+0xe2/0xf0
[  109.079879][ T5945]  media_devnode_unregister+0xe2/0xf0
[  109.085272][ T5945]  media_device_unregister+0x37c/0x400
[  109.090838][ T5945]  em28xx_release_resources+0xac/0x240
[  109.096310][ T5945]  em28xx_usb_disconnect+0x19f/0x2f0
[  109.101621][ T5945]  usb_unbind_interface+0x26e/0x910
[  109.106837][ T5945]  ? __pfx_usb_unbind_interface+0x10/0x10
[  109.112569][ T5945]  device_release_driver_internal+0x4d6/0x800
[  109.118652][ T5945]  bus_remove_device+0x34d/0x410
[  109.123630][ T5945]  device_del+0x511/0x8e0
[  109.127974][ T5945]  ? __pfx_device_del+0x10/0x10
[  109.132828][ T5945]  ? kobject_put+0x446/0x480
[  109.137457][ T5945]  usb_disable_device+0x3e9/0x8a0
[  109.142518][ T5945]  usb_disconnect+0x330/0x950
[  109.147237][ T5945]  hub_event+0x1cf5/0x4a20
[  109.151690][ T5945]  ? do_raw_spin_lock+0x121/0x290
[  109.156739][ T5945]  ? register_lock_class+0x51/0x320
[  109.161956][ T5945]  ? __pfx_hub_event+0x10/0x10
[  109.166750][ T5945]  ? process_scheduled_works+0x9ef/0x17b0
[  109.172488][ T5945]  ? _raw_spin_unlock_irq+0x23/0x50
[  109.177790][ T5945]  ? process_scheduled_works+0x9ef/0x17b0
[  109.183592][ T5945]  ? process_scheduled_works+0x9ef/0x17b0
[  109.189321][ T5945]  process_scheduled_works+0xae1/0x17b0
[  109.194890][ T5945]  ? __pfx_process_scheduled_works+0x10/0x10
[  109.200887][ T5945]  worker_thread+0x8a0/0xda0
[  109.205495][ T5945]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  109.211847][ T5945]  ? __kthread_parkme+0x7b/0x200
[  109.216818][ T5945]  kthread+0x711/0x8a0
[  109.220911][ T5945]  ? __pfx_worker_thread+0x10/0x10
[  109.226035][ T5945]  ? __pfx_kthread+0x10/0x10
[  109.230643][ T5945]  ? _raw_spin_unlock_irq+0x23/0x50
[  109.235867][ T5945]  ? lockdep_hardirqs_on+0x9c/0x150
[  109.241077][ T5945]  ? __pfx_kthread+0x10/0x10
[  109.245941][ T5945]  ret_from_fork+0x47c/0x820
[  109.250540][ T5945]  ? __pfx_ret_from_fork+0x10/0x10
[  109.255668][ T5945]  ? __switch_to_asm+0x39/0x70
[  109.260438][ T5945]  ? __switch_to_asm+0x33/0x70
[  109.265217][ T5945]  ? __pfx_kthread+0x10/0x10
[  109.269827][ T5945]  ret_from_fork_asm+0x1a/0x30
[  109.275076][ T5945]  </TASK>
[  109.278439][ T5945] Kernel Offset: disabled
[  109.282779][ T5945] Rebooting in 86400 seconds..