Warning: Permanently added '[localhost]:17392' (ED25519) to the list of known hosts.
2025/10/23 00:57:38 parsed 1 programs
syzkaller login: [ 83.447945][ T5317] cgroup: Unknown subsys name 'net'
[ 83.512936][ T5317] cgroup: Unknown subsys name 'cpuset'
[ 83.518812][ T5317] cgroup: Unknown subsys name 'rlimit'
[ 85.090005][ T5317] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 89.558676][ T5329] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 91.890170][ T56] cfg80211: failed to load regulatory.db
[ 92.911458][ T5364] chnl_net:caif_netlink_parms(): no params data found
[ 93.041862][ T5364] bridge0: port 1(bridge_slave_0) entered blocking state
[ 93.049822][ T5364] bridge0: port 1(bridge_slave_0) entered disabled state
[ 93.053124][ T5364] bridge_slave_0: entered allmulticast mode
[ 93.069619][ T5364] bridge_slave_0: entered promiscuous mode
[ 93.074891][ T5364] bridge0: port 2(bridge_slave_1) entered blocking state
[ 93.077823][ T5364] bridge0: port 2(bridge_slave_1) entered disabled state
[ 93.089245][ T5364] bridge_slave_1: entered allmulticast mode
[ 93.093628][ T5364] bridge_slave_1: entered promiscuous mode
[ 93.141610][ T5364] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 93.148660][ T5364] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 93.199902][ T5364] team0: Port device team_slave_0 added
[ 93.211374][ T5364] team0: Port device team_slave_1 added
[ 93.257926][ T5364] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 93.269201][ T5364] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 93.289655][ T5364] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 93.309811][ T5364] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 93.312510][ T5364] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 93.329099][ T5364] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 93.389903][ T5364] hsr_slave_0: entered promiscuous mode
[ 93.393075][ T5364] hsr_slave_1: entered promiscuous mode
[ 93.531556][ T5364] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 93.541187][ T5364] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 93.547233][ T5364] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 93.554200][ T5364] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 93.581509][ T5364] bridge0: port 2(bridge_slave_1) entered blocking state
[ 93.584806][ T5364] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 93.588727][ T5364] bridge0: port 1(bridge_slave_0) entered blocking state
[ 93.591744][ T5364] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 93.642385][ T5364] 8021q: adding VLAN 0 to HW filter on device bond0
[ 93.665132][ T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 93.679897][ T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 93.691675][ T5364] 8021q: adding VLAN 0 to HW filter on device team0
[ 93.715776][ T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 93.719114][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 93.740357][ T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 93.743713][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 94.053048][ T5364] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 94.127364][ T5364] veth0_vlan: entered promiscuous mode
[ 94.143900][ T5364] veth1_vlan: entered promiscuous mode
[ 94.193898][ T5364] veth0_macvtap: entered promiscuous mode
[ 94.209849][ T5364] veth1_macvtap: entered promiscuous mode
[ 94.234068][ T5364] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 94.251403][ T5364] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 94.274900][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.279717][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.283805][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.287628][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.452703][ T5364] syz-executor (5364) used greatest stack depth: 19256 bytes left
[ 94.467048][ T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 94.522026][ T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 94.560121][ T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 94.611578][ T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 94.840127][ T3056] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 94.843805][ T3056] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 94.897028][ T3056] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 94.902330][ T3056] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 96.921094][ T13] bridge_slave_1: left allmulticast mode
[ 96.923373][ T13] bridge_slave_1: left promiscuous mode
[ 96.926653][ T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 96.971285][ T13] bridge_slave_0: left allmulticast mode
[ 96.973918][ T13] bridge_slave_0: left promiscuous mode
[ 96.976526][ T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 97.411389][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 97.422904][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 97.427750][ T13] bond0 (unregistering): Released all slaves
[ 97.513416][ T13] hsr_slave_0: left promiscuous mode
[ 97.520219][ T13] hsr_slave_1: left promiscuous mode
[ 97.523184][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 97.526479][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 97.538016][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 97.549097][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 97.586377][ T13] veth1_macvtap: left promiscuous mode
[ 97.592447][ T13] veth0_macvtap: left promiscuous mode
[ 97.595198][ T13] veth1_vlan: left promiscuous mode
[ 97.598228][ T13] veth0_vlan: left promiscuous mode
[ 97.693925][ T5419] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 97.697907][ T5419] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 97.702250][ T5419] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 97.706220][ T5419] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 97.710058][ T5419] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 97.946968][ T13] team0 (unregistering): Port device team_slave_1 removed
[ 97.966150][ T13] team0 (unregistering): Port device team_slave_0 removed
2025/10/23 00:57:58 executed programs: 0
[ 100.766156][ T4673] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 100.771822][ T4673] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 100.775617][ T4673] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 100.780167][ T4673] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 100.793788][ T4673] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 100.983617][ T5456] chnl_net:caif_netlink_parms(): no params data found
[ 101.044395][ T5456] bridge0: port 1(bridge_slave_0) entered blocking state
[ 101.047566][ T5456] bridge0: port 1(bridge_slave_0) entered disabled state
[ 101.050945][ T5456] bridge_slave_0: entered allmulticast mode
[ 101.055326][ T5456] bridge_slave_0: entered promiscuous mode
[ 101.060663][ T5456] bridge0: port 2(bridge_slave_1) entered blocking state
[ 101.063766][ T5456] bridge0: port 2(bridge_slave_1) entered disabled state
[ 101.066768][ T5456] bridge_slave_1: entered allmulticast mode
[ 101.071373][ T5456] bridge_slave_1: entered promiscuous mode
[ 101.096392][ T5456] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 101.102902][ T5456] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 101.124800][ T5456] team0: Port device team_slave_0 added
[ 101.129504][ T5456] team0: Port device team_slave_1 added
[ 101.148896][ T5456] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 101.152514][ T5456] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 101.163754][ T5456] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 101.169901][ T5456] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 101.172900][ T5456] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 101.184604][ T5456] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 101.221084][ T5456] hsr_slave_0: entered promiscuous mode
[ 101.224595][ T5456] hsr_slave_1: entered promiscuous mode
[ 101.682502][ T5456] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 101.700195][ T5456] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 101.710601][ T5456] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 101.731155][ T5456] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 101.771479][ T5456] bridge0: port 2(bridge_slave_1) entered blocking state
[ 101.774585][ T5456] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 101.778059][ T5456] bridge0: port 1(bridge_slave_0) entered blocking state
[ 101.781437][ T5456] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 101.895469][ T5456] 8021q: adding VLAN 0 to HW filter on device bond0
[ 101.930083][ T5456] 8021q: adding VLAN 0 to HW filter on device team0
[ 101.935417][ T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 101.940246][ T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 101.971363][ T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 101.974577][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 102.001229][ T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 102.004183][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 102.339893][ T5456] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 102.401487][ T5456] veth0_vlan: entered promiscuous mode
[ 102.423971][ T5456] veth1_vlan: entered promiscuous mode
[ 102.468816][ T5456] veth0_macvtap: entered promiscuous mode
[ 102.484148][ T5456] veth1_macvtap: entered promiscuous mode
[ 102.530668][ T5456] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 102.550165][ T5456] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 102.568283][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.573471][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.577364][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.603610][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.713687][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 102.729685][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 102.772129][ T1152] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 102.783195][ T1152] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 102.834689][ T4673] Bluetooth: hci0: command tx timeout
[ 103.120842][ T5381] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[ 103.281693][ T5381] usb 5-1: New USB device found, idVendor=0424, idProduct=cf30, bcdDevice= 0.4a
[ 103.285608][ T5381] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 103.301543][ T5381] usb 5-1: config 0 descriptor??
[ 103.508716][ T5381] usb 5-1: USB disconnect, device number 2
[ 103.536144][ T5381] ==================================================================
[ 103.539896][ T5381] BUG: KASAN: slab-use-after-free in hdm_disconnect+0x10d/0x1c0
[ 103.544100][ T5381] Read of size 8 at addr ffff888059c918a0 by task kworker/0:4/5381
[ 103.548951][ T5381]
[ 103.550328][ T5381] CPU: 0 UID: 0 PID: 5381 Comm: kworker/0:4 Not tainted syzkaller #0 PREEMPT(full)
[ 103.550343][ T5381] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 103.550352][ T5381] Workqueue: usb_hub_wq hub_event
[ 103.550475][ T5381] Call Trace:
[ 103.550482][ T5381]
[ 103.550487][ T5381] dump_stack_lvl+0x189/0x250
[ 103.550503][ T5381] ? __kasan_check_byte+0x12/0x40
[ 103.550517][ T5381] ? __pfx_dump_stack_lvl+0x10/0x10
[ 103.550531][ T5381] ? lock_release+0x4b/0x3e0
[ 103.550543][ T5381] ? __virt_addr_valid+0x4a5/0x5c0
[ 103.550558][ T5381] print_report+0xca/0x240
[ 103.550573][ T5381] ? hdm_disconnect+0x10d/0x1c0
[ 103.550587][ T5381] kasan_report+0x118/0x150
[ 103.550602][ T5381] ? hdm_disconnect+0x10d/0x1c0
[ 103.550617][ T5381] hdm_disconnect+0x10d/0x1c0
[ 103.550633][ T5381] usb_unbind_interface+0x26e/0x910
[ 103.550651][ T5381] ? __pfx_usb_unbind_interface+0x10/0x10
[ 103.550666][ T5381] device_release_driver_internal+0x4d9/0x800
[ 103.550681][ T5381] bus_remove_device+0x34d/0x410
[ 103.550696][ T5381] device_del+0x511/0x8e0
[ 103.550707][ T5381] ? __pm_runtime_barrier+0x212/0x460
[ 103.550717][ T5381] ? __pfx_device_del+0x10/0x10
[ 103.550728][ T5381] ? __pfx___mutex_lock+0x10/0x10
[ 103.550744][ T5381] usb_disable_device+0x3e9/0x8a0
[ 103.550760][ T5381] usb_disconnect+0x330/0x950
[ 103.550774][ T5381] hub_event+0x1cf5/0x4a20
[ 103.550787][ T5381] ? cpuacct_charge+0x117/0x320
[ 103.550805][ T5381] ? do_raw_spin_lock+0x121/0x290
[ 103.550820][ T5381] ? register_lock_class+0x51/0x320
[ 103.550833][ T5381] ? __pfx_hub_event+0x10/0x10
[ 103.550847][ T5381] ? process_scheduled_works+0x9ef/0x17b0
[ 103.550861][ T5381] ? _raw_spin_unlock_irq+0x23/0x50
[ 103.550873][ T5381] ? process_scheduled_works+0x9ef/0x17b0
[ 103.550883][ T5381] ? process_scheduled_works+0x9ef/0x17b0
[ 103.550894][ T5381] process_scheduled_works+0xae1/0x17b0
[ 103.550912][ T5381] ? __pfx_process_scheduled_works+0x10/0x10
[ 103.550926][ T5381] worker_thread+0x8a0/0xda0
[ 103.550937][ T5381] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 103.550949][ T5381] ? __kthread_parkme+0x7b/0x200
[ 103.550962][ T5381] kthread+0x711/0x8a0
[ 103.550975][ T5381] ? __pfx_worker_thread+0x10/0x10
[ 103.550985][ T5381] ? __pfx_kthread+0x10/0x10
[ 103.550997][ T5381] ? _raw_spin_unlock_irq+0x23/0x50
[ 103.551007][ T5381] ? lockdep_hardirqs_on+0x9c/0x150
[ 103.551018][ T5381] ? __pfx_kthread+0x10/0x10
[ 103.551030][ T5381] ret_from_fork+0x4bc/0x870
[ 103.551047][ T5381] ? __pfx_ret_from_fork+0x10/0x10
[ 103.551059][ T5381] ? __pfx_kthread+0x10/0x10
[ 103.551070][ T5381] ret_from_fork_asm+0x1a/0x30
[ 103.551084][ T5381]
[ 103.551088][ T5381]
[ 103.665917][ T5381] Allocated by task 5381:
[ 103.667945][ T5381] kasan_save_track+0x3e/0x80
[ 103.670051][ T5381] __kasan_kmalloc+0x93/0xb0
[ 103.672121][ T5381] __kmalloc_cache_noprof+0x3d5/0x6f0
[ 103.674673][ T5381] hdm_probe+0x96/0x1400
[ 103.676673][ T5381] usb_probe_interface+0x668/0xc30
[ 103.679131][ T5381] really_probe+0x26d/0x9e0
[ 103.680962][ T5381] __driver_probe_device+0x18c/0x2f0
[ 103.683161][ T5381] driver_probe_device+0x4f/0x430
[ 103.685445][ T5381] __device_attach_driver+0x2ce/0x530
[ 103.687848][ T5381] bus_for_each_drv+0x251/0x2e0
[ 103.690045][ T5381] __device_attach+0x2b8/0x400
[ 103.692182][ T5381] bus_probe_device+0x185/0x260
[ 103.694325][ T5381] device_add+0x7b6/0xb50
[ 103.696290][ T5381] usb_set_configuration+0x1a87/0x20e0
[ 103.698885][ T5381] usb_generic_driver_probe+0x8d/0x150
[ 103.701480][ T5381] usb_probe_device+0x1c4/0x390
[ 103.703670][ T5381] really_probe+0x26d/0x9e0
[ 103.705654][ T5381] __driver_probe_device+0x18c/0x2f0
[ 103.707831][ T5381] driver_probe_device+0x4f/0x430
[ 103.709983][ T5381] __device_attach_driver+0x2ce/0x530
[ 103.712416][ T5381] bus_for_each_drv+0x251/0x2e0
[ 103.714557][ T5381] __device_attach+0x2b8/0x400
[ 103.716755][ T5381] bus_probe_device+0x185/0x260
[ 103.718948][ T5381] device_add+0x7b6/0xb50
[ 103.720983][ T5381] usb_new_device+0xa39/0x16f0
[ 103.723081][ T5381] hub_event+0x2958/0x4a20
[ 103.725051][ T5381] process_scheduled_works+0xae1/0x17b0
[ 103.727503][ T5381] worker_thread+0x8a0/0xda0
[ 103.729572][ T5381] kthread+0x711/0x8a0
[ 103.731425][ T5381] ret_from_fork+0x4bc/0x870
[ 103.733529][ T5381] ret_from_fork_asm+0x1a/0x30
[ 103.735653][ T5381]
[ 103.736652][ T5381] Freed by task 5381:
[ 103.738379][ T5381] kasan_save_track+0x3e/0x80
[ 103.740552][ T5381] __kasan_save_free_info+0x46/0x50
[ 103.742895][ T5381] __kasan_slab_free+0x5c/0x80
[ 103.745078][ T5381] kfree+0x19a/0x6d0
[ 103.746901][ T5381] device_release+0x9c/0x1c0
[ 103.748958][ T5381] kobject_put+0x22b/0x480
[ 103.750905][ T5381] hdm_disconnect+0xf3/0x1c0
[ 103.753013][ T5381] usb_unbind_interface+0x26e/0x910
[ 103.755336][ T5381] device_release_driver_internal+0x4d9/0x800
[ 103.757946][ T5381] bus_remove_device+0x34d/0x410
[ 103.760131][ T5381] device_del+0x511/0x8e0
[ 103.762010][ T5381] usb_disable_device+0x3e9/0x8a0
[ 103.764274][ T5381] usb_disconnect+0x330/0x950
[ 103.766352][ T5381] hub_event+0x1cf5/0x4a20
[ 103.768328][ T5381] process_scheduled_works+0xae1/0x17b0
[ 103.770705][ T5381] worker_thread+0x8a0/0xda0
[ 103.772782][ T5381] kthread+0x711/0x8a0
[ 103.774592][ T5381] ret_from_fork+0x4bc/0x870
[ 103.776616][ T5381] ret_from_fork_asm+0x1a/0x30
[ 103.778697][ T5381]
[ 103.779769][ T5381] The buggy address belongs to the object at ffff888059c90000
[ 103.779769][ T5381] which belongs to the cache kmalloc-8k of size 8192
[ 103.785794][ T5381] The buggy address is located 6304 bytes inside of
[ 103.785794][ T5381] freed 8192-byte region [ffff888059c90000, ffff888059c92000)
[ 103.791320][ T5381]
[ 103.792499][ T5381] The buggy address belongs to the physical page:
[ 103.795273][ T5381] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x59c90
[ 103.798916][ T5381] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 103.802535][ T5381] ksm flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[ 103.806071][ T5381] page_type: f5(slab)
[ 103.807847][ T5381] raw: 04fff00000000040 ffff88801a042280 ffffea0000013c00 0000000000000003
[ 103.811531][ T5381] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[ 103.815353][ T5381] head: 04fff00000000040 ffff88801a042280 ffffea0000013c00 0000000000000003
[ 103.819207][ T5381] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[ 103.822979][ T5381] head: 04fff00000000003 ffffea0001672401 00000000ffffffff 00000000ffffffff
[ 103.826818][ T5381] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 103.830769][ T5381] page dumped because: kasan: bad access detected
[ 103.833644][ T5381] page_owner tracks the page as allocated
[ 103.836596][ T5381] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x528c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP), pid 5364, tgid 5364 (syz-executor), ts 93636314692, free_ts 93579559421
[ 103.845387][ T5381] post_alloc_hook+0x240/0x2a0
[ 103.847466][ T5381] get_page_from_freelist+0x2365/0x2440
[ 103.849861][ T5381] __alloc_frozen_pages_noprof+0x181/0x370
[ 103.852418][ T5381] alloc_pages_mpol+0x232/0x4a0
[ 103.854612][ T5381] allocate_slab+0x96/0x3a0
[ 103.856638][ T5381] ___slab_alloc+0xe94/0x18a0
[ 103.858716][ T5381] __slab_alloc+0x65/0x100
[ 103.860752][ T5381] __kvmalloc_node_noprof+0x6ba/0x910
[ 103.863096][ T5381] pfifo_fast_init+0x372/0x6c0
[ 103.865253][ T5381] qdisc_create_dflt+0x13b/0x4e0
[ 103.867464][ T5381] dev_activate+0x378/0x1150
[ 103.869544][ T5381] __dev_open+0x69c/0x880
[ 103.871503][ T5381] __dev_change_flags+0x1ea/0x6d0
[ 103.873793][ T5381] netif_change_flags+0x88/0x1a0
[ 103.875963][ T5381] do_setlink+0xc55/0x41c0
[ 103.878014][ T5381] rtnl_newlink+0x1619/0x1c80
[ 103.880191][ T5381] page last free pid 1365 tgid 1365 stack trace:
[ 103.883032][ T5381] __free_frozen_pages+0xbc4/0xd30
[ 103.885457][ T5381] __put_partials+0x146/0x170
[ 103.887723][ T5381] put_cpu_partial+0x1f2/0x2e0
[ 103.890153][ T5381] __slab_free+0x2b9/0x390
[ 103.892649][ T5381] qlist_free_all+0x97/0x140
[ 103.897722][ T5381] kasan_quarantine_reduce+0x148/0x160
[ 103.900268][ T5381] __kasan_slab_alloc+0x22/0x80
[ 103.902435][ T5381] kmem_cache_alloc_node_noprof+0x433/0x710
[ 103.905122][ T5381] __alloc_skb+0x112/0x2d0
[ 103.907026][ T5381] mld_newpack+0x13c/0xc40
[ 103.909082][ T5381] add_grhead+0x5a/0x2a0
[ 103.911068][ T5381] add_grec+0x1452/0x1740
[ 103.913079][ T5381] mld_ifc_work+0x6ed/0xd60
[ 103.915142][ T5381] process_scheduled_works+0xae1/0x17b0
[ 103.917667][ T5381] worker_thread+0x8a0/0xda0
[ 103.919730][ T5381] kthread+0x711/0x8a0
[ 103.921546][ T5381]
[ 103.922675][ T5381] Memory state around the buggy address:
[ 103.925213][ T5381] ffff888059c91780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 103.929304][ T5381] ffff888059c91800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 103.933745][ T5381] >ffff888059c91880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 103.937219][ T5381] ^
[ 103.939529][ T5381] ffff888059c91900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 103.943055][ T5381] ffff888059c91980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 103.946606][ T5381] ==================================================================
[ 104.037503][ T5381] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 104.040685][ T5381] CPU: 0 UID: 0 PID: 5381 Comm: kworker/0:4 Not tainted syzkaller #0 PREEMPT(full)
[ 104.045481][ T5381] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 104.050068][ T5381] Workqueue: usb_hub_wq hub_event
[ 104.052267][ T5381] Call Trace:
[ 104.053669][ T5381]
[ 104.054980][ T5381] dump_stack_lvl+0x99/0x250
[ 104.057026][ T5381] ? __asan_memcpy+0x40/0x70
[ 104.058997][ T5381] ? __pfx_dump_stack_lvl+0x10/0x10
[ 104.061270][ T5381] ? __pfx__printk+0x10/0x10
[ 104.063342][ T5381] vpanic+0x237/0x6d0
[ 104.065139][ T5381] ? __pfx_vpanic+0x10/0x10
[ 104.067270][ T5381] ? preempt_schedule+0xae/0xc0
[ 104.069533][ T5381] ? __pfx_preempt_schedule+0x10/0x10
[ 104.071903][ T5381] panic+0xb9/0xc0
[ 104.073538][ T5381] ? __pfx_panic+0x10/0x10
[ 104.075538][ T5381] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 104.078110][ T5381] ? hdm_disconnect+0x10d/0x1c0
[ 104.080250][ T5381] check_panic_on_warn+0x89/0xb0
[ 104.082241][ T5381] ? hdm_disconnect+0x10d/0x1c0
[ 104.084354][ T5381] end_report+0x78/0x160
[ 104.086163][ T5381] kasan_report+0x129/0x150
[ 104.088205][ T5381] ? hdm_disconnect+0x10d/0x1c0
[ 104.090254][ T5381] hdm_disconnect+0x10d/0x1c0
[ 104.092532][ T5381] usb_unbind_interface+0x26e/0x910
[ 104.094841][ T5381] ? __pfx_usb_unbind_interface+0x10/0x10
[ 104.097408][ T5381] device_release_driver_internal+0x4d9/0x800
[ 104.100000][ T5381] bus_remove_device+0x34d/0x410
[ 104.102049][ T5381] device_del+0x511/0x8e0
[ 104.103881][ T5381] ? __pm_runtime_barrier+0x212/0x460
[ 104.106074][ T5381] ? __pfx_device_del+0x10/0x10
[ 104.108136][ T5381] ? __pfx___mutex_lock+0x10/0x10
[ 104.110365][ T5381] usb_disable_device+0x3e9/0x8a0
[ 104.112547][ T5381] usb_disconnect+0x330/0x950
[ 104.114645][ T5381] hub_event+0x1cf5/0x4a20
[ 104.116688][ T5381] ? cpuacct_charge+0x117/0x320
[ 104.118921][ T5381] ? do_raw_spin_lock+0x121/0x290
[ 104.121143][ T5381] ? register_lock_class+0x51/0x320
[ 104.123494][ T5381] ? __pfx_hub_event+0x10/0x10
[ 104.125728][ T5381] ? process_scheduled_works+0x9ef/0x17b0
[ 104.128168][ T5381] ? _raw_spin_unlock_irq+0x23/0x50
[ 104.130567][ T5381] ? process_scheduled_works+0x9ef/0x17b0
[ 104.133092][ T5381] ? process_scheduled_works+0x9ef/0x17b0
[ 104.135609][ T5381] process_scheduled_works+0xae1/0x17b0
[ 104.138076][ T5381] ? __pfx_process_scheduled_works+0x10/0x10
[ 104.140742][ T5381] worker_thread+0x8a0/0xda0
[ 104.142771][ T5381] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 104.145603][ T5381] ? __kthread_parkme+0x7b/0x200
[ 104.147858][ T5381] kthread+0x711/0x8a0
[ 104.149716][ T5381] ? __pfx_worker_thread+0x10/0x10
[ 104.152212][ T5381] ? __pfx_kthread+0x10/0x10
[ 104.154655][ T5381] ? _raw_spin_unlock_irq+0x23/0x50
[ 104.157077][ T5381] ? lockdep_hardirqs_on+0x9c/0x150
[ 104.159823][ T5381] ? __pfx_kthread+0x10/0x10
[ 104.162458][ T5381] ret_from_fork+0x4bc/0x870
[ 104.164577][ T5381] ? __pfx_ret_from_fork+0x10/0x10
[ 104.166881][ T5381] ? __pfx_kthread+0x10/0x10
[ 104.168957][ T5381] ret_from_fork_asm+0x1a/0x30
[ 104.171136][ T5381]
[ 104.172920][ T5381] Kernel Offset: disabled
[ 104.174856][ T5381] Rebooting in 86400 seconds..
VM DIAGNOSIS:
00:58:01 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000069 RBX=0000000000000069 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc9000288ed10
R8 =ffff888033628237 R9 =1ffff110066c5046 R10=dffffc0000000000 R11=ffffffff85165550
R12=dffffc0000000000 R13=ffffffff997e1901 R14=ffffffff99af5300 R15=0000000000000000
RIP=ffffffff851655cc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88808d733000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=000055bf83bbf950 CR3=000000003dbce000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000104080 Opmask01=0000000000000000 Opmask02=00000000ffff7fdf Opmask03=0000000000000000
Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 44455a494c414954 494e495f43455355
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000563b888a17d0
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000563b888acb40
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ff000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294b52c80
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 302e303a312d352f 302e303a312d352f 312d352f35627375 2f302e6463685f79
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 005600051f40494c 43055c5155484005 424b4c55554c4e53 004057005b1a0f00
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000563b888cf348 0000563b888cf348 0000000000000041 000000000000302e
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 003a756b733a302e 30312d3533712d63 707276633a317463 3a554d45516e7663
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3a302e30312d3533 712d63707276703a 29393030322c3948 43492b3533512843
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 50647261646e6174 536e703a554d4551 6e76733a302e3072 623a343130322f31
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 302f343064623a31 2b32316f70627e32 2d332e36312e312d 6e61696265642d33
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 313731302c453631 302c353631302c34 3631302c33343130 2c323431302c3134
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000