Warning: Permanently added '10.128.0.136' (ED25519) to the list of known hosts.
2025/07/02 19:38:56 ignoring optional flag "sandboxArg"="0"
2025/07/02 19:38:57 parsed 1 programs
[ 68.209061][ T5770] cgroup: Unknown subsys name 'net'
[ 68.389664][ T5770] cgroup: Unknown subsys name 'rlimit'
[ 69.843619][ T5770] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 71.577545][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.584134][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[ 73.480628][ T5814] chnl_net:caif_netlink_parms(): no params data found
[ 73.532167][ T5814] bridge0: port 1(bridge_slave_0) entered blocking state
[ 73.540390][ T5814] bridge0: port 1(bridge_slave_0) entered disabled state
[ 73.547927][ T5814] bridge_slave_0: entered allmulticast mode
[ 73.555439][ T5814] bridge_slave_0: entered promiscuous mode
[ 73.569232][ T5814] bridge0: port 2(bridge_slave_1) entered blocking state
[ 73.576468][ T5814] bridge0: port 2(bridge_slave_1) entered disabled state
[ 73.583689][ T5814] bridge_slave_1: entered allmulticast mode
[ 73.590325][ T5814] bridge_slave_1: entered promiscuous mode
[ 73.620442][ T5814] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 73.631548][ T5814] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 73.664974][ T5814] team0: Port device team_slave_0 added
[ 73.672357][ T5814] team0: Port device team_slave_1 added
[ 73.702558][ T5814] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 73.709618][ T5814] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 73.735625][ T5814] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 73.747979][ T5814] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 73.754992][ T5814] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 73.780942][ T5814] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 73.821704][ T5814] hsr_slave_0: entered promiscuous mode
[ 73.828464][ T5814] hsr_slave_1: entered promiscuous mode
[ 73.966757][ T5814] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 73.978401][ T5814] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 73.988678][ T5814] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 73.999848][ T5814] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 74.030646][ T5814] bridge0: port 2(bridge_slave_1) entered blocking state
[ 74.037865][ T5814] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 74.045785][ T5814] bridge0: port 1(bridge_slave_0) entered blocking state
[ 74.053173][ T5814] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 74.124678][ T5814] 8021q: adding VLAN 0 to HW filter on device bond0
[ 74.144924][ T48] bridge0: port 1(bridge_slave_0) entered disabled state
[ 74.154533][ T48] bridge0: port 2(bridge_slave_1) entered disabled state
[ 74.168301][ T5814] 8021q: adding VLAN 0 to HW filter on device team0
[ 74.195653][ T2927] bridge0: port 1(bridge_slave_0) entered blocking state
[ 74.202794][ T2927] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 74.216025][ T2927] bridge0: port 2(bridge_slave_1) entered blocking state
[ 74.223201][ T2927] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 74.380348][ T5814] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 74.421193][ T5814] veth0_vlan: entered promiscuous mode
[ 74.431802][ T5814] veth1_vlan: entered promiscuous mode
[ 74.461468][ T5814] veth0_macvtap: entered promiscuous mode
[ 74.471439][ T5814] veth1_macvtap: entered promiscuous mode
[ 74.492201][ T5814] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 74.508710][ T5814] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 74.521953][ T5814] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.531390][ T5814] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.541473][ T5814] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.550447][ T5814] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.658376][ T5814] syz-executor (5814) used greatest stack depth: 20936 bytes left
[ 74.687603][ T5839] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 74.696019][ T5839] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 74.705640][ T5839] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 74.715406][ T5839] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 74.723446][ T5839] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 74.730932][ T5839] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 74.934425][ T42] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 75.493386][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 75.501537][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 75.527395][ T2927] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 75.535439][ T2927] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/07/02 19:39:07 executed programs: 0
[ 75.958436][ T5086] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 75.966726][ T5086] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 75.975431][ T5086] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 75.983870][ T5086] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 75.991768][ T5086] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 75.999996][ T5086] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 76.133812][ T5876] chnl_net:caif_netlink_parms(): no params data found
[ 76.187090][ T5876] bridge0: port 1(bridge_slave_0) entered blocking state
[ 76.194773][ T5876] bridge0: port 1(bridge_slave_0) entered disabled state
[ 76.201992][ T5876] bridge_slave_0: entered allmulticast mode
[ 76.209582][ T5876] bridge_slave_0: entered promiscuous mode
[ 76.217785][ T5876] bridge0: port 2(bridge_slave_1) entered blocking state
[ 76.225258][ T5876] bridge0: port 2(bridge_slave_1) entered disabled state
[ 76.232498][ T5876] bridge_slave_1: entered allmulticast mode
[ 76.240237][ T5876] bridge_slave_1: entered promiscuous mode
[ 76.269395][ T5876] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 76.280587][ T5876] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 76.310211][ T5876] team0: Port device team_slave_0 added
[ 76.317571][ T5876] team0: Port device team_slave_1 added
[ 76.340228][ T5876] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 76.347541][ T5876] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 76.374947][ T5876] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 76.388982][ T5876] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 76.396032][ T5876] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 76.422115][ T5876] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 76.469276][ T5876] hsr_slave_0: entered promiscuous mode
[ 76.475895][ T5876] hsr_slave_1: entered promiscuous mode
[ 76.481917][ T5876] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 76.490127][ T5876] Cannot create hsr debugfs directory
[ 77.684847][ T42] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 78.043873][ T5086] Bluetooth: hci0: command tx timeout
[ 80.054149][ T42] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 80.123267][ T5086] Bluetooth: hci0: command tx timeout
[ 80.131754][ T42] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 81.013283][ T5876] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 81.039541][ T5876] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 81.051898][ T5876] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 81.061657][ T5876] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 81.082123][ T42] hsr_slave_0: left promiscuous mode
[ 81.088621][ T42] hsr_slave_1: left promiscuous mode
[ 81.096531][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 81.104237][ T42] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 81.113976][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 81.121391][ T42] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 81.129215][ T42] bridge_slave_1: left allmulticast mode
[ 81.134893][ T42] bridge_slave_1: left promiscuous mode
[ 81.141277][ T42] bridge0: port 2(bridge_slave_1) entered disabled state
[ 81.152221][ T42] bridge_slave_0: left allmulticast mode
[ 81.158520][ T42] bridge_slave_0: left promiscuous mode
[ 81.165150][ T42] bridge0: port 1(bridge_slave_0) entered disabled state
[ 81.184929][ T42] veth1_macvtap: left promiscuous mode
[ 81.190901][ T42] veth0_macvtap: left promiscuous mode
[ 81.197089][ T42] veth1_vlan: left promiscuous mode
[ 81.202443][ T42] veth0_vlan: left promiscuous mode
[ 81.509000][ T42] team0 (unregistering): Port device team_slave_1 removed
[ 81.538348][ T42] team0 (unregistering): Port device team_slave_0 removed
[ 81.565251][ T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 81.594056][ T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 81.839105][ T787] cfg80211: failed to load regulatory.db
[ 81.858784][ T42] bond0 (unregistering): Released all slaves
[ 81.995264][ T5876] 8021q: adding VLAN 0 to HW filter on device bond0
[ 82.028538][ T5876] 8021q: adding VLAN 0 to HW filter on device team0
[ 82.039636][ T48] bridge0: port 1(bridge_slave_0) entered blocking state
[ 82.046864][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 82.060636][ T48] bridge0: port 2(bridge_slave_1) entered blocking state
[ 82.067803][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 82.202773][ T5086] Bluetooth: hci0: command tx timeout
[ 82.260354][ T5876] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 82.295440][ T5876] veth0_vlan: entered promiscuous mode
[ 82.307614][ T5876] veth1_vlan: entered promiscuous mode
[ 82.344212][ T5876] veth0_macvtap: entered promiscuous mode
[ 82.363162][ T5876] veth1_macvtap: entered promiscuous mode
[ 82.394478][ T5876] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 82.417111][ T5876] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 82.437776][ T5876] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 82.447131][ T5876] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 82.455970][ T5876] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 82.464792][ T5876] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 82.531672][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 82.543507][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 82.565868][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 82.574165][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 82.913004][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 83.111989][ T9] usb 1-1: Using ep0 maxpacket: 16
[ 83.119434][ T9] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 83.129890][ T9] usb 1-1: config 5 has an invalid interface number: 196 but max is 0
[ 83.139614][ T9] usb 1-1: config 5 has no interface number 0
[ 83.149497][ T9] usb 1-1: config 5 interface 196 altsetting 5 endpoint 0x3 has invalid wMaxPacketSize 0
[ 83.159734][ T9] usb 1-1: config 5 interface 196 has no altsetting 0
[ 83.171122][ T9] usb 1-1: New USB device found, idVendor=0424, idProduct=cf18, bcdDevice=25.5e
[ 83.181522][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 83.189631][ T9] usb 1-1: Product: syz
[ 83.195176][ T9] usb 1-1: Manufacturer: syz
[ 83.199777][ T9] usb 1-1: SerialNumber: syz
[ 83.437548][ T9] usb 1-1: USB disconnect, device number 2
[ 83.451726][ T9] ==================================================================
[ 83.459823][ T9] BUG: KASAN: slab-use-after-free in hdm_disconnect+0x10d/0x1c0
[ 83.467572][ T9] Read of size 8 at addr ffff888026a19898 by task kworker/0:1/9
[ 83.475211][ T9]
[ 83.477551][ T9] CPU: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.6.95-syzkaller #0
[ 83.485360][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 83.495420][ T9] Workqueue: usb_hub_wq hub_event
[ 83.500473][ T9] Call Trace:
[ 83.503754][ T9]
[ 83.506690][ T9] dump_stack_lvl+0x16c/0x230
[ 83.511371][ T9] ? __lock_acquire+0x7c80/0x7c80
[ 83.516395][ T9] ? show_regs_print_info+0x20/0x20
[ 83.521594][ T9] ? load_image+0x3b0/0x3b0
[ 83.526088][ T9] ? __virt_addr_valid+0x469/0x540
[ 83.531286][ T9] print_report+0xac/0x230
[ 83.535691][ T9] ? hdm_disconnect+0x10d/0x1c0
[ 83.540526][ T9] kasan_report+0x117/0x150
[ 83.545014][ T9] ? hdm_disconnect+0x10d/0x1c0
[ 83.549854][ T9] hdm_disconnect+0x10d/0x1c0
[ 83.554519][ T9] usb_unbind_interface+0x1f2/0x870
[ 83.559702][ T9] ? kernfs_remove_by_name_ns+0x117/0x150
[ 83.565405][ T9] ? usb_driver_release_interface+0x1c0/0x1c0
[ 83.571456][ T9] device_release_driver_internal+0x4cb/0x7a0
[ 83.577513][ T9] bus_remove_device+0x342/0x400
[ 83.582434][ T9] device_del+0x50b/0x900
[ 83.586746][ T9] ? __kmem_cache_free+0xba/0x1f0
[ 83.591754][ T9] ? kill_device+0x160/0x160
[ 83.596324][ T9] ? kobject_put+0x43c/0x470
[ 83.600899][ T9] usb_disable_device+0x3e9/0x8a0
[ 83.605916][ T9] usb_disconnect+0x34c/0x8a0
[ 83.610580][ T9] hub_event+0x1ce5/0x49c0
[ 83.614984][ T9] ? verify_lock_unused+0x140/0x140
[ 83.620177][ T9] ? led_work+0x720/0x720
[ 83.624575][ T9] ? read_lock_is_recursive+0x20/0x20
[ 83.629933][ T9] ? _raw_spin_unlock_irq+0x23/0x50
[ 83.635120][ T9] ? process_scheduled_works+0x957/0x15b0
[ 83.640823][ T9] ? process_scheduled_works+0x957/0x15b0
[ 83.646532][ T9] process_scheduled_works+0xa45/0x15b0
[ 83.652067][ T9] ? assign_work+0x400/0x400
[ 83.656642][ T9] ? assign_work+0x39e/0x400
[ 83.661218][ T9] worker_thread+0xa55/0xfc0
[ 83.665792][ T9] ? _raw_spin_unlock_irqrestore+0xae/0x110
[ 83.671691][ T9] ? _raw_spin_unlock+0x40/0x40
[ 83.676525][ T9] ? _raw_spin_unlock_irqrestore+0x86/0x110
[ 83.682410][ T9] kthread+0x2fa/0x390
[ 83.686462][ T9] ? pr_cont_work+0x560/0x560
[ 83.691130][ T9] ? kthread_blkcg+0xd0/0xd0
[ 83.695715][ T9] ret_from_fork+0x48/0x80
[ 83.700130][ T9] ? kthread_blkcg+0xd0/0xd0
[ 83.704702][ T9] ret_from_fork_asm+0x11/0x20
[ 83.709456][ T9]
[ 83.712462][ T9]
[ 83.714778][ T9] Allocated by task 9:
[ 83.718828][ T9] kasan_set_track+0x4e/0x70
[ 83.723404][ T9] __kasan_kmalloc+0x8f/0xa0
[ 83.727978][ T9] hdm_probe+0x96/0x13e0
[ 83.732199][ T9] usb_probe_interface+0x5a4/0xb00
[ 83.737292][ T9] really_probe+0x25b/0xb40
[ 83.741781][ T9] __driver_probe_device+0x18c/0x330
[ 83.747050][ T9] driver_probe_device+0x4f/0x420
[ 83.752058][ T9] __device_attach_driver+0x2ca/0x520
[ 83.757413][ T9] bus_for_each_drv+0x24b/0x2d0
[ 83.762245][ T9] __device_attach+0x2b5/0x400
[ 83.766991][ T9] bus_probe_device+0x180/0x260
[ 83.771827][ T9] device_add+0x85b/0xc20
[ 83.776139][ T9] usb_set_configuration+0x1a79/0x20c0
[ 83.781584][ T9] usb_generic_driver_probe+0x8d/0x150
[ 83.787028][ T9] usb_probe_device+0x13d/0x280
[ 83.791857][ T9] really_probe+0x25b/0xb40
[ 83.796342][ T9] __driver_probe_device+0x18c/0x330
[ 83.801609][ T9] driver_probe_device+0x4f/0x420
[ 83.806617][ T9] __device_attach_driver+0x2ca/0x520
[ 83.811972][ T9] bus_for_each_drv+0x24b/0x2d0
[ 83.816803][ T9] __device_attach+0x2b5/0x400
[ 83.821556][ T9] bus_probe_device+0x180/0x260
[ 83.826388][ T9] device_add+0x85b/0xc20
[ 83.830697][ T9] usb_new_device+0xa31/0x1630
[ 83.835440][ T9] hub_event+0x2957/0x49c0
[ 83.839837][ T9] process_scheduled_works+0xa45/0x15b0
[ 83.845369][ T9] worker_thread+0xa55/0xfc0
[ 83.849939][ T9] kthread+0x2fa/0x390
[ 83.853985][ T9] ret_from_fork+0x48/0x80
[ 83.858428][ T9] ret_from_fork_asm+0x11/0x20
[ 83.863194][ T9]
[ 83.865498][ T9] Freed by task 9:
[ 83.869191][ T9] kasan_set_track+0x4e/0x70
[ 83.873765][ T9] kasan_save_free_info+0x2e/0x50
[ 83.878809][ T9] ____kasan_slab_free+0x126/0x1e0
[ 83.883907][ T9] slab_free_freelist_hook+0x130/0x1b0
[ 83.889348][ T9] __kmem_cache_free+0xba/0x1f0
[ 83.894179][ T9] device_release+0x96/0x1c0
[ 83.898751][ T9] kobject_put+0x221/0x470
[ 83.903147][ T9] hdm_disconnect+0xf3/0x1c0
[ 83.907721][ T9] usb_unbind_interface+0x1f2/0x870
[ 83.912904][ T9] device_release_driver_internal+0x4cb/0x7a0
[ 83.918952][ T9] bus_remove_device+0x342/0x400
[ 83.923871][ T9] device_del+0x50b/0x900
[ 83.928177][ T9] usb_disable_device+0x3e9/0x8a0
[ 83.933183][ T9] usb_disconnect+0x34c/0x8a0
[ 83.937841][ T9] hub_event+0x1ce5/0x49c0
[ 83.942239][ T9] process_scheduled_works+0xa45/0x15b0
[ 83.947769][ T9] worker_thread+0xa55/0xfc0
[ 83.952340][ T9] kthread+0x2fa/0x390
[ 83.956386][ T9] ret_from_fork+0x48/0x80
[ 83.960782][ T9] ret_from_fork_asm+0x11/0x20
[ 83.965534][ T9]
[ 83.967839][ T9] The buggy address belongs to the object at ffff888026a18000
[ 83.967839][ T9] which belongs to the cache kmalloc-8k of size 8192
[ 83.981961][ T9] The buggy address is located 6296 bytes inside of
[ 83.981961][ T9] freed 8192-byte region [ffff888026a18000, ffff888026a1a000)
[ 83.995909][ T9]
[ 83.998213][ T9] The buggy address belongs to the physical page:
[ 84.004615][ T9] page:ffffea00009a8600 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888026a1c000 pfn:0x26a18
[ 84.016057][ T9] head:ffffea00009a8600 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 84.024975][ T9] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 84.032944][ T9] page_type: 0xffffffff()
[ 84.037261][ T9] raw: 00fff00000000840 ffff888017842280 ffffea0001f95400 0000000000000006
[ 84.045831][ T9] raw: ffff888026a1c000 0000000080020001 00000001ffffffff 0000000000000000
[ 84.054390][ T9] page dumped because: kasan: bad access detected
[ 84.060792][ T9] page_owner tracks the page as allocated
[ 84.066499][ T9] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5707, tgid 5707 (sshd-session), ts 52875090794, free_ts 52777288441
[ 84.088794][ T9] post_alloc_hook+0x1cd/0x210
[ 84.093581][ T9] get_page_from_freelist+0x195c/0x19f0
[ 84.099109][ T9] __alloc_pages+0x1e3/0x460
[ 84.103679][ T9] alloc_slab_page+0x5d/0x170
[ 84.108335][ T9] new_slab+0x87/0x2e0
[ 84.112381][ T9] ___slab_alloc+0xc6d/0x12f0
[ 84.117036][ T9] __kmem_cache_alloc_node+0x1a2/0x260
[ 84.122475][ T9] __kmalloc_node_track_caller+0xa2/0x230
[ 84.128263][ T9] kmalloc_reserve+0x117/0x260
[ 84.133007][ T9] __alloc_skb+0x138/0x2c0
[ 84.137400][ T9] netlink_dump+0x1e2/0xe10
[ 84.141889][ T9] netlink_recvmsg+0x677/0xdf0
[ 84.146657][ T9] ____sys_recvmsg+0x29e/0x5b0
[ 84.151401][ T9] ___sys_recvmsg+0x1b6/0x510
[ 84.156062][ T9] __x64_sys_recvmsg+0x1f2/0x2c0
[ 84.160980][ T9] do_syscall_64+0x55/0xb0
[ 84.165381][ T9] page last free stack trace:
[ 84.170034][ T9] free_unref_page_prepare+0x7ce/0x8e0
[ 84.175476][ T9] free_unref_page+0x32/0x2e0
[ 84.180132][ T9] __unfreeze_partials+0x1cf/0x210
[ 84.185233][ T9] put_cpu_partial+0x17c/0x250
[ 84.189980][ T9] __slab_free+0x31d/0x410
[ 84.194380][ T9] qlist_free_all+0x75/0xe0
[ 84.198865][ T9] kasan_quarantine_reduce+0x143/0x160
[ 84.204308][ T9] __kasan_slab_alloc+0x22/0x80
[ 84.209581][ T9] slab_post_alloc_hook+0x6e/0x4d0
[ 84.214671][ T9] __kmem_cache_alloc_node+0x13e/0x260
[ 84.220109][ T9] __kmalloc+0xa4/0x240
[ 84.224242][ T9] tomoyo_supervisor+0xb70/0x1080
[ 84.229251][ T9] tomoyo_env_perm+0x14a/0x1e0
[ 84.234001][ T9] tomoyo_find_next_domain+0x1594/0x1a60
[ 84.239622][ T9] tomoyo_bprm_check_security+0x116/0x170
[ 84.245322][ T9] security_bprm_check+0x62/0xa0
[ 84.250245][ T9]
[ 84.252550][ T9] Memory state around the buggy address:
[ 84.258158][ T9] ffff888026a19780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 84.266200][ T9] ffff888026a19800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 84.274238][ T9] >ffff888026a19880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 84.282273][ T9] ^
[ 84.287104][ T9] ffff888026a19900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 84.295144][ T9] ffff888026a19980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 84.303182][ T9] ==================================================================
[ 84.313244][ T5086] Bluetooth: hci0: command tx timeout
[ 84.322726][ T9] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 84.329934][ T9] CPU: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.6.95-syzkaller #0
[ 84.337743][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 84.347807][ T9] Workqueue: usb_hub_wq hub_event
[ 84.352832][ T9] Call Trace:
[ 84.356095][ T9]
[ 84.359017][ T9] dump_stack_lvl+0x16c/0x230
[ 84.363686][ T9] ? show_regs_print_info+0x20/0x20
[ 84.368870][ T9] ? load_image+0x3b0/0x3b0
[ 84.373361][ T9] panic+0x2c0/0x710
[ 84.377240][ T9] ? bpf_jit_dump+0xd0/0xd0
[ 84.381732][ T9] ? _raw_spin_unlock_irqrestore+0xfa/0x110
[ 84.387629][ T9] ? _raw_spin_unlock+0x40/0x40
[ 84.392479][ T9] ? print_memory_metadata+0x314/0x400
[ 84.397944][ T9] ? hdm_disconnect+0x10d/0x1c0
[ 84.402794][ T9] check_panic_on_warn+0x84/0xa0
[ 84.407730][ T9] ? hdm_disconnect+0x10d/0x1c0
[ 84.412572][ T9] end_report+0x6f/0x140
[ 84.416814][ T9] kasan_report+0x128/0x150
[ 84.421312][ T9] ? hdm_disconnect+0x10d/0x1c0
[ 84.426152][ T9] hdm_disconnect+0x10d/0x1c0
[ 84.430816][ T9] usb_unbind_interface+0x1f2/0x870
[ 84.436008][ T9] ? kernfs_remove_by_name_ns+0x117/0x150
[ 84.441713][ T9] ? usb_driver_release_interface+0x1c0/0x1c0
[ 84.447781][ T9] device_release_driver_internal+0x4cb/0x7a0
[ 84.453856][ T9] bus_remove_device+0x342/0x400
[ 84.458797][ T9] device_del+0x50b/0x900
[ 84.463120][ T9] ? __kmem_cache_free+0xba/0x1f0
[ 84.468141][ T9] ? kill_device+0x160/0x160
[ 84.472715][ T9] ? kobject_put+0x43c/0x470
[ 84.477294][ T9] usb_disable_device+0x3e9/0x8a0
[ 84.482315][ T9] usb_disconnect+0x34c/0x8a0
[ 84.486990][ T9] hub_event+0x1ce5/0x49c0
[ 84.491393][ T9] ? verify_lock_unused+0x140/0x140
[ 84.496583][ T9] ? led_work+0x720/0x720
[ 84.500893][ T9] ? read_lock_is_recursive+0x20/0x20
[ 84.506248][ T9] ? _raw_spin_unlock_irq+0x23/0x50
[ 84.511524][ T9] ? process_scheduled_works+0x957/0x15b0
[ 84.517237][ T9] ? process_scheduled_works+0x957/0x15b0
[ 84.522938][ T9] process_scheduled_works+0xa45/0x15b0
[ 84.528476][ T9] ? assign_work+0x400/0x400
[ 84.533051][ T9] ? assign_work+0x39e/0x400
[ 84.537656][ T9] worker_thread+0xa55/0xfc0
[ 84.542247][ T9] ? _raw_spin_unlock_irqrestore+0xae/0x110
[ 84.548141][ T9] ? _raw_spin_unlock+0x40/0x40
[ 84.552984][ T9] ? _raw_spin_unlock_irqrestore+0x86/0x110
[ 84.558879][ T9] kthread+0x2fa/0x390
[ 84.562954][ T9] ? pr_cont_work+0x560/0x560
[ 84.567629][ T9] ? kthread_blkcg+0xd0/0xd0
[ 84.572203][ T9] ret_from_fork+0x48/0x80
[ 84.576605][ T9] ? kthread_blkcg+0xd0/0xd0
[ 84.581178][ T9] ret_from_fork_asm+0x11/0x20
[ 84.585930][ T9]
[ 84.589144][ T9] Kernel Offset: disabled
[ 84.593451][ T9] Rebooting in 86400 seconds..