Warning: Permanently added '10.128.0.81' (ED25519) to the list of known hosts.
[   69.685865][ T4252] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   69.694041][ T4256] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   69.702117][ T4256] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   69.710111][ T4256] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   69.718157][ T4256] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   69.725518][ T4256] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   69.797061][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.805344][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.813992][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   69.833564][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
executing program
[   69.841498][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.849964][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   70.135056][   T26] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[   70.317234][   T26] usb 1-1: config 0 has an invalid interface number: 226 but max is 0
[   70.325644][   T26] usb 1-1: config 0 has no interface number 0
[   70.331994][   T26] usb 1-1: config 0 interface 226 has no altsetting 0
[   70.338819][   T26] usb 1-1: New USB device found, idVendor=0424, idProduct=cf19, bcdDevice=a5.88
[   70.347980][   T26] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   70.359201][   T26] usb 1-1: config 0 descriptor??
[   70.567290][   T26] usb 1-1: string descriptor 0 read error: -71
[   70.592270][   T26] usb 1-1: USB disconnect, device number 2
[   70.621357][   T26] ==================================================================
[   70.629448][   T26] BUG: KASAN: use-after-free in hdm_disconnect+0x109/0x1c0
[   70.636657][   T26] Read of size 8 at addr ffff888079a69898 by task kworker/1:1/26
[   70.644448][   T26] 
[   70.646802][   T26] CPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 6.1.140-syzkaller #0
[   70.654766][   T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   70.664809][   T26] Workqueue: usb_hub_wq hub_event
[   70.669838][   T26] Call Trace:
[   70.673107][   T26]  <TASK>
[   70.676024][   T26]  dump_stack_lvl+0x168/0x22e
[   70.680698][   T26]  ? __lock_acquire+0x7c50/0x7c50
[   70.685711][   T26]  ? show_regs_print_info+0x12/0x12
[   70.690896][   T26]  ? load_image+0x3b0/0x3b0
[   70.695384][   T26]  ? __virt_addr_valid+0x465/0x540
[   70.700490][   T26]  ? hdm_disconnect+0x109/0x1c0
[   70.705347][   T26]  print_report+0xa8/0x220
[   70.709771][   T26]  kasan_report+0x10b/0x140
[   70.714283][   T26]  ? hdm_disconnect+0x109/0x1c0
[   70.719131][   T26]  hdm_disconnect+0x109/0x1c0
[   70.723804][   T26]  usb_unbind_interface+0x1ee/0x860
[   70.728991][   T26]  ? kernfs_remove_by_name_ns+0x113/0x150
[   70.734700][   T26]  ? usb_driver_release_interface+0x1b0/0x1b0
[   70.740763][   T26]  device_release_driver_internal+0x522/0x850
[   70.746828][   T26]  bus_remove_device+0x2e2/0x400
[   70.751760][   T26]  device_del+0x628/0xa70
[   70.756078][   T26]  ? kill_device+0x160/0x160
[   70.760667][   T26]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[   70.766642][   T26]  ? usb_disconnect+0x107/0x8a0
[   70.771489][   T26]  ? mutex_lock_nested+0x10/0x10
[   70.776417][   T26]  ? _raw_spin_lock_irq+0xab/0xe0
[   70.781447][   T26]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[   70.786809][   T26]  usb_disable_device+0x3e2/0x890
[   70.791823][   T26]  usb_disconnect+0x348/0x8a0
[   70.796503][   T26]  hub_event+0x1d20/0x5210
[   70.800913][   T26]  ? verify_lock_unused+0x140/0x140
[   70.806119][   T26]  ? led_work+0x6e0/0x6e0
[   70.810444][   T26]  ? read_lock_is_recursive+0x10/0x10
[   70.815816][   T26]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[   70.821708][   T26]  ? _raw_spin_unlock+0x40/0x40
[   70.826568][   T26]  ? _raw_spin_unlock_irq+0x1f/0x40
[   70.831760][   T26]  ? process_one_work+0x7a1/0x1160
[   70.836861][   T26]  process_one_work+0x898/0x1160
[   70.841788][   T26]  ? worker_detach_from_pool+0x240/0x240
[   70.847409][   T26]  ? _raw_spin_lock_irq+0xab/0xe0
[   70.852440][   T26]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[   70.857819][   T26]  ? kthread_data+0x4b/0xc0
[   70.862330][   T26]  worker_thread+0xd62/0x1250
[   70.867011][   T26]  kthread+0x29d/0x330
[   70.871087][   T26]  ? worker_clr_flags+0x1a0/0x1a0
[   70.876101][   T26]  ? kthread_blkcg+0xd0/0xd0
[   70.880703][   T26]  ret_from_fork+0x1f/0x30
[   70.885129][   T26]  </TASK>
[   70.888146][   T26] 
[   70.890477][   T26] Allocated by task 26:
[   70.894629][   T26]  kasan_set_track+0x4b/0x70
[   70.899218][   T26]  __kasan_kmalloc+0x8e/0xa0
[   70.903800][   T26]  hdm_probe+0x8f/0x13d0
[   70.908029][   T26]  usb_probe_interface+0x5a0/0xaf0
[   70.913147][   T26]  really_probe+0x2aa/0xc70
[   70.917640][   T26]  __driver_probe_device+0x18c/0x330
[   70.922933][   T26]  driver_probe_device+0x4f/0x420
[   70.927960][   T26]  __device_attach_driver+0x2c6/0x510
[   70.933321][   T26]  bus_for_each_drv+0x175/0x200
[   70.938166][   T26]  __device_attach+0x29b/0x460
[   70.942924][   T26]  bus_probe_device+0xbc/0x1e0
[   70.947707][   T26]  device_add+0xa00/0xfb0
[   70.952035][   T26]  usb_set_configuration+0x1991/0x1fd0
[   70.957487][   T26]  usb_generic_driver_probe+0x89/0x150
[   70.962938][   T26]  usb_probe_device+0x139/0x270
[   70.967776][   T26]  really_probe+0x2aa/0xc70
[   70.972282][   T26]  __driver_probe_device+0x18c/0x330
[   70.977557][   T26]  driver_probe_device+0x4f/0x420
[   70.982563][   T26]  __device_attach_driver+0x2c6/0x510
[   70.987916][   T26]  bus_for_each_drv+0x175/0x200
[   70.992752][   T26]  __device_attach+0x29b/0x460
[   70.997508][   T26]  bus_probe_device+0xbc/0x1e0
[   71.002259][   T26]  device_add+0xa00/0xfb0
[   71.006577][   T26]  usb_new_device+0xd4d/0x1620
[   71.011334][   T26]  hub_event+0x2b02/0x5210
[   71.015753][   T26]  process_one_work+0x898/0x1160
[   71.020682][   T26]  worker_thread+0xaa2/0x1250
[   71.025352][   T26]  kthread+0x29d/0x330
[   71.029445][   T26]  ret_from_fork+0x1f/0x30
[   71.033857][   T26] 
[   71.036168][   T26] Freed by task 26:
[   71.039962][   T26]  kasan_set_track+0x4b/0x70
[   71.044560][   T26]  kasan_save_free_info+0x2d/0x50
[   71.049575][   T26]  ____kasan_slab_free+0x126/0x1e0
[   71.054683][   T26]  slab_free_freelist_hook+0x131/0x1a0
[   71.060142][   T26]  __kmem_cache_free+0xb6/0x1f0
[   71.064981][   T26]  device_release+0x92/0x1c0
[   71.069558][   T26]  kobject_put+0x21d/0x460
[   71.073978][   T26]  hdm_disconnect+0xef/0x1c0
[   71.078567][   T26]  usb_unbind_interface+0x1ee/0x860
[   71.083837][   T26]  device_release_driver_internal+0x522/0x850
[   71.089902][   T26]  bus_remove_device+0x2e2/0x400
[   71.094841][   T26]  device_del+0x628/0xa70
[   71.099178][   T26]  usb_disable_device+0x3e2/0x890
[   71.104196][   T26]  usb_disconnect+0x348/0x8a0
[   71.108885][   T26]  hub_event+0x1d20/0x5210
[   71.109804][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[   71.113312][   T26]  process_one_work+0x898/0x1160
[   71.113335][   T26]  worker_thread+0xd62/0x1250
[   71.119776][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[   71.124529][   T26]  kthread+0x29d/0x330
[   71.139500][   T26]  ret_from_fork+0x1f/0x30
[   71.143913][   T26] 
[   71.146239][   T26] The buggy address belongs to the object at ffff888079a68000
[   71.146239][   T26]  which belongs to the cache kmalloc-8k of size 8192
[   71.160286][   T26] The buggy address is located 6296 bytes inside of
[   71.160286][   T26]  8192-byte region [ffff888079a68000, ffff888079a6a000)
[   71.173733][   T26] 
[   71.176061][   T26] The buggy address belongs to the physical page:
[   71.182475][   T26] page:ffffea0001e69a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x79a68
[   71.192619][   T26] head:ffffea0001e69a00 order:3 compound_mapcount:0 compound_pincount:0
[   71.200934][   T26] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   71.208919][   T26] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888017442280
[   71.217490][   T26] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000
[   71.226062][   T26] page dumped because: kasan: bad access detected
[   71.232473][   T26] page_owner tracks the page as allocated
[   71.238179][   T26] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 26, tgid 26 (kworker/1:1), ts 70577191636, free_ts 61072107354
[   71.259104][   T26]  post_alloc_hook+0x173/0x1a0
[   71.263874][   T26]  get_page_from_freelist+0x1a26/0x1ac0
[   71.269415][   T26]  __alloc_pages+0x1df/0x4e0
[   71.273997][   T26]  alloc_slab_page+0x5d/0x160
[   71.278668][   T26]  new_slab+0x87/0x2c0
[   71.282745][   T26]  ___slab_alloc+0xbc6/0x1220
[   71.287413][   T26]  __kmem_cache_alloc_node+0x1a0/0x260
[   71.292858][   T26]  kmalloc_trace+0x26/0xe0
[   71.297280][   T26]  hdm_probe+0x8f/0x13d0
[   71.301513][   T26]  usb_probe_interface+0x5a0/0xaf0
[   71.306613][   T26]  really_probe+0x2aa/0xc70
[   71.311098][   T26]  __driver_probe_device+0x18c/0x330
[   71.316376][   T26]  driver_probe_device+0x4f/0x420
[   71.321380][   T26]  __device_attach_driver+0x2c6/0x510
[   71.326732][   T26]  bus_for_each_drv+0x175/0x200
[   71.331565][   T26]  __device_attach+0x29b/0x460
[   71.336319][   T26] page last free stack trace:
[   71.340971][   T26]  free_unref_page_prepare+0x8b4/0x9a0
[   71.346424][   T26]  free_unref_page+0x2e/0x3f0
[   71.351090][   T26]  skb_release_data+0x499/0x7c0
[   71.355935][   T26]  skb_attempt_defer_free+0x107/0x410
[   71.361295][   T26]  tcp_recvmsg_locked+0x1190/0x22f0
[   71.366481][   T26]  tcp_recvmsg+0x212/0x810
[   71.370884][   T26]  inet_recvmsg+0x12c/0x1e0
[   71.375404][   T26]  sock_read_iter+0x2bf/0x370
[   71.380082][   T26]  vfs_read+0x434/0x920
[   71.384235][   T26]  ksys_read+0x143/0x240
[   71.388483][   T26]  do_syscall_64+0x4c/0xa0
[   71.392912][   T26]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   71.398804][   T26] 
[   71.401115][   T26] Memory state around the buggy address:
[   71.406732][   T26]  ffff888079a69780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.414778][   T26]  ffff888079a69800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.422830][   T26] >ffff888079a69880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.430878][   T26]                             ^
[   71.435719][   T26]  ffff888079a69900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.443782][   T26]  ffff888079a69980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.451831][   T26] ==================================================================
[   71.460511][   T26] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   71.467721][   T26] CPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 6.1.140-syzkaller #0
[   71.475702][   T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   71.485751][   T26] Workqueue: usb_hub_wq hub_event
[   71.490771][   T26] Call Trace:
[   71.494041][   T26]  <TASK>
[   71.496968][   T26]  dump_stack_lvl+0x168/0x22e
[   71.501644][   T26]  ? memcpy+0x3c/0x60
[   71.505616][   T26]  ? show_regs_print_info+0x12/0x12
[   71.510810][   T26]  ? load_image+0x3b0/0x3b0
[   71.515317][   T26]  panic+0x2c9/0x710
[   71.519321][   T26]  ? bpf_jit_dump+0xd0/0xd0
[   71.523828][   T26]  ? _raw_spin_unlock_irqrestore+0xf6/0x100
[   71.529721][   T26]  ? _raw_spin_unlock+0x40/0x40
[   71.534574][   T26]  ? print_memory_metadata+0x314/0x400
[   71.540037][   T26]  check_panic_on_warn+0x80/0xa0
[   71.544980][   T26]  ? hdm_disconnect+0x109/0x1c0
[   71.549829][   T26]  end_report+0x66/0x110
[   71.554072][   T26]  kasan_report+0x118/0x140
[   71.558577][   T26]  ? hdm_disconnect+0x109/0x1c0
[   71.563423][   T26]  hdm_disconnect+0x109/0x1c0
[   71.568090][   T26]  usb_unbind_interface+0x1ee/0x860
[   71.573292][   T26]  ? kernfs_remove_by_name_ns+0x113/0x150
[   71.579015][   T26]  ? usb_driver_release_interface+0x1b0/0x1b0
[   71.585094][   T26]  device_release_driver_internal+0x522/0x850
[   71.591165][   T26]  bus_remove_device+0x2e2/0x400
[   71.596138][   T26]  device_del+0x628/0xa70
[   71.600472][   T26]  ? kill_device+0x160/0x160
[   71.605081][   T26]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[   71.611083][   T26]  ? usb_disconnect+0x107/0x8a0
[   71.615937][   T26]  ? mutex_lock_nested+0x10/0x10
[   71.620874][   T26]  ? _raw_spin_lock_irq+0xab/0xe0
[   71.625897][   T26]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[   71.631286][   T26]  usb_disable_device+0x3e2/0x890
[   71.636312][   T26]  usb_disconnect+0x348/0x8a0
[   71.640999][   T26]  hub_event+0x1d20/0x5210
[   71.645414][   T26]  ? verify_lock_unused+0x140/0x140
[   71.650658][   T26]  ? led_work+0x6e0/0x6e0
[   71.654984][   T26]  ? read_lock_is_recursive+0x10/0x10
[   71.660364][   T26]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[   71.666257][   T26]  ? _raw_spin_unlock+0x40/0x40
[   71.671102][   T26]  ? _raw_spin_unlock_irq+0x1f/0x40
[   71.676400][   T26]  ? process_one_work+0x7a1/0x1160
[   71.681498][   T26]  process_one_work+0x898/0x1160
[   71.686438][   T26]  ? worker_detach_from_pool+0x240/0x240
[   71.692067][   T26]  ? _raw_spin_lock_irq+0xab/0xe0
[   71.697090][   T26]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[   71.702462][   T26]  ? kthread_data+0x4b/0xc0
[   71.706967][   T26]  worker_thread+0xd62/0x1250
[   71.711661][   T26]  kthread+0x29d/0x330
[   71.715733][   T26]  ? worker_clr_flags+0x1a0/0x1a0
[   71.720745][   T26]  ? kthread_blkcg+0xd0/0xd0
[   71.725336][   T26]  ret_from_fork+0x1f/0x30
[   71.729764][   T26]  </TASK>
[   71.733084][   T26] Kernel Offset: disabled
[   71.737405][   T26] Rebooting in 86400 seconds..