Warning: Permanently added '[localhost]:5552' (ED25519) to the list of known hosts.
2025/12/29 02:32:34 parsed 1 programs
syzkaller login: [   88.339891][ T5324] cgroup: Unknown subsys name 'net'
[   88.401852][ T5324] cgroup: Unknown subsys name 'cpuset'
[   88.407158][ T5324] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   90.227355][ T5324] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   90.818342][ T5027] ODEBUG: Out of memory. ODEBUG disabled
[   91.898864][  T787] cfg80211: failed to load regulatory.db
[   94.896686][ T5341] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   96.643281][ T4681] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   96.647665][ T4681] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   96.650722][ T4681] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   96.654491][ T4681] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   96.657671][ T4681] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   98.337957][ T5376] chnl_net:caif_netlink_parms(): no params data found
[   98.523869][ T5376] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.527889][ T5376] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.531118][ T5376] bridge_slave_0: entered allmulticast mode
[   98.539318][ T5376] bridge_slave_0: entered promiscuous mode
[   98.550419][ T5376] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.553889][ T5376] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.557092][ T5376] bridge_slave_1: entered allmulticast mode
[   98.570075][ T5376] bridge_slave_1: entered promiscuous mode
[   98.623459][ T5376] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   98.642789][ T5376] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   98.683062][ T5376] team0: Port device team_slave_0 added
[   98.700946][ T5376] team0: Port device team_slave_1 added
[   98.741843][ T5376] batman_adv: batadv0: Adding interface: batadv_slave_0
[   98.744604][ T5376] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   98.778715][ T5376] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   98.784971][ T5376] batman_adv: batadv0: Adding interface: batadv_slave_1
[   98.788021][ T5376] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   98.818871][ T5376] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   98.880048][ T5376] hsr_slave_0: entered promiscuous mode
[   98.887736][ T5376] hsr_slave_1: entered promiscuous mode
[   99.247014][ T5376] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   99.265026][ T5376] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   99.281995][ T5376] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   99.290954][ T5376] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   99.439344][ T5376] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.463042][ T5376] 8021q: adding VLAN 0 to HW filter on device team0
[   99.484593][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.488097][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.516436][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.519787][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.576245][ T5376] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   99.599558][ T5376] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   99.821417][ T5376] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.877400][ T5376] veth0_vlan: entered promiscuous mode
[   99.895977][ T5376] veth1_vlan: entered promiscuous mode
[   99.941401][ T5376] veth0_macvtap: entered promiscuous mode
[   99.952403][ T5376] veth1_macvtap: entered promiscuous mode
[   99.980599][ T5376] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.001857][ T5376] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.021262][ T2592] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.025670][ T2592] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.044974][ T2592] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.066173][ T2592] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.340011][ T2592] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.443266][ T2592] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.531021][ T2592] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.601757][ T2592] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.477808][  T954] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.481723][  T954] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.551932][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.555454][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.352635][ T2592] bridge_slave_1: left allmulticast mode
[  102.355932][ T2592] bridge_slave_1: left promiscuous mode
[  102.359210][ T2592] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.367177][ T2592] bridge_slave_0: left allmulticast mode
[  102.371557][ T2592] bridge_slave_0: left promiscuous mode
[  102.374447][ T2592] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.535845][ T2592] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  102.542107][ T2592] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  102.546588][ T2592] bond0 (unregistering): Released all slaves
[  102.663088][ T2592] hsr_slave_0: left promiscuous mode
[  102.672154][ T2592] hsr_slave_1: left promiscuous mode
[  102.676880][ T2592] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  102.699099][ T2592] batman_adv: batadv0: Removing interface: batadv_slave_0
[  102.758827][ T2592] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  102.763548][ T2592] batman_adv: batadv0: Removing interface: batadv_slave_1
[  102.795228][ T2592] veth1_macvtap: left promiscuous mode
[  102.798026][ T2592] veth0_macvtap: left promiscuous mode
[  102.818763][ T2592] veth1_vlan: left promiscuous mode
[  102.821446][ T2592] veth0_vlan: left promiscuous mode
[  103.286071][ T2592] team0 (unregistering): Port device team_slave_1 removed
[  103.311441][ T2592] team0 (unregistering): Port device team_slave_0 removed
2025/12/29 02:32:52 executed programs: 0
[  104.822557][   T46] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  104.842050][   T46] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  104.845384][   T46] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  104.849613][   T46] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  104.852953][   T46] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  105.227012][ T5454] chnl_net:caif_netlink_parms(): no params data found
[  105.357263][ T5454] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.363585][ T5454] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.366463][ T5454] bridge_slave_0: entered allmulticast mode
[  105.370060][ T5454] bridge_slave_0: entered promiscuous mode
[  105.379323][ T5454] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.382005][ T5454] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.384492][ T5454] bridge_slave_1: entered allmulticast mode
[  105.398760][ T5454] bridge_slave_1: entered promiscuous mode
[  105.441562][ T5454] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  105.452862][ T5454] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  105.503507][ T5454] team0: Port device team_slave_0 added
[  105.510212][ T5454] team0: Port device team_slave_1 added
[  105.559426][ T5454] batman_adv: batadv0: Adding interface: batadv_slave_0
[  105.562439][ T5454] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  105.582052][ T5454] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  105.600302][ T5454] batman_adv: batadv0: Adding interface: batadv_slave_1
[  105.603101][ T5454] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  105.628668][ T5454] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  105.681189][ T5454] hsr_slave_0: entered promiscuous mode
[  105.684625][ T5454] hsr_slave_1: entered promiscuous mode
[  106.193730][ T5454] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  106.212632][ T5454] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  106.229422][ T5454] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  106.242793][ T5454] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  106.460815][ T5454] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.498217][ T5454] 8021q: adding VLAN 0 to HW filter on device team0
[  106.515480][  T954] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.518596][  T954] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.545320][  T954] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.548614][  T954] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.896728][ T5454] 8021q: adding VLAN 0 to HW filter on device batadv0
[  106.929704][   T46] Bluetooth: hci0: command tx timeout
[  106.983709][ T5454] veth0_vlan: entered promiscuous mode
[  107.012741][ T5454] veth1_vlan: entered promiscuous mode
[  107.074629][ T5454] veth0_macvtap: entered promiscuous mode
[  107.082129][ T5454] veth1_macvtap: entered promiscuous mode
[  107.120359][ T5454] batman_adv: batadv0: Interface activated: batadv_slave_0
[  107.126154][ T5454] batman_adv: batadv0: Interface activated: batadv_slave_1
[  107.147558][   T43] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  107.159138][   T43] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  107.182813][   T43] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  107.187671][   T43] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  107.284364][ T2592] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.287803][ T2592] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.351274][  T954] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.357570][  T954] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.010180][   T46] Bluetooth: hci0: command tx timeout
2025/12/29 02:32:57 executed programs: 30
[  111.096313][   T46] Bluetooth: hci0: command tx timeout
[  113.168670][   T46] Bluetooth: hci0: command tx timeout
2025/12/29 02:33:03 executed programs: 138
2025/12/29 02:33:08 executed programs: 258
[  120.713468][ T6354] ==================================================================
[  120.717041][ T6354] BUG: KASAN: slab-use-after-free in number+0xc48/0xf60
[  120.720111][ T6354] Write of size 1 at addr ffff888041cfba0c by task syz.0.312/6354
[  120.724192][ T6354] 
[  120.725240][ T6354] CPU: 0 UID: 0 PID: 6354 Comm: syz.0.312 Not tainted syzkaller #0 PREEMPT(full) 
[  120.725254][ T6354] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  120.725261][ T6354] Call Trace:
[  120.725269][ T6354]  <TASK>
[  120.725274][ T6354]  dump_stack_lvl+0xe8/0x150
[  120.725290][ T6354]  print_report+0xca/0x240
[  120.725302][ T6354]  ? number+0xc48/0xf60
[  120.725314][ T6354]  kasan_report+0x118/0x150
[  120.725361][ T6354]  ? number+0xc48/0xf60
[  120.725370][ T6354]  number+0xc48/0xf60
[  120.725377][ T6354]  ? number+0xc1/0xf60
[  120.725385][ T6354]  ? __pfx_number+0x10/0x10
[  120.725392][ T6354]  ? __lock_acquire+0x6b6/0x2cf0
[  120.725403][ T6354]  ? format_decode+0x5a3/0xe10
[  120.725414][ T6354]  vsnprintf+0x8e5/0xee0
[  120.725427][ T6354]  snprintf+0xda/0x120
[  120.725437][ T6354]  ? preempt_schedule_thunk+0x16/0x30
[  120.725447][ T6354]  ? __pfx_snprintf+0x10/0x10
[  120.725458][ T6354]  ? fd_install+0x95/0x3d0
[  120.725468][ T6354]  ? fd_install+0x95/0x3d0
[  120.725476][ T6354]  ? fd_install+0x382/0x3d0
[  120.725485][ T6354]  ? fd_install+0x387/0x3d0
[  120.725495][ T6354]  media_request_alloc+0x319/0x5b0
[  120.725537][ T6354]  media_device_request_alloc+0x98/0xd0
[  120.725547][ T6354]  media_device_ioctl+0x278/0x430
[  120.725562][ T6354]  ? do_futex+0x333/0x420
[  120.725572][ T6354]  ? __pfx_media_device_ioctl+0x10/0x10
[  120.725590][ T6354]  ? __fget_files+0x3a0/0x420
[  120.725600][ T6354]  ? __fget_files+0x2a/0x420
[  120.725610][ T6354]  ? __pfx_media_device_ioctl+0x10/0x10
[  120.725625][ T6354]  ? media_ioctl+0xfe/0x120
[  120.725633][ T6354]  ? __pfx_media_ioctl+0x10/0x10
[  120.725642][ T6354]  __se_sys_ioctl+0xfc/0x170
[  120.725656][ T6354]  do_syscall_64+0xec/0xf80
[  120.725665][ T6354]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.725675][ T6354]  ? trace_irq_disable+0x37/0x100
[  120.725688][ T6354]  ? clear_bhb_loop+0x60/0xb0
[  120.725699][ T6354]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.725709][ T6354] RIP: 0033:0x7fb48eb8f7c9
[  120.725720][ T6354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  120.725728][ T6354] RSP: 002b:00007fb48f9f3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  120.725740][ T6354] RAX: ffffffffffffffda RBX: 00007fb48ede5fa0 RCX: 00007fb48eb8f7c9
[  120.725746][ T6354] RDX: 0000000000000000 RSI: 0000000080047c05 RDI: 0000000000000003
[  120.725750][ T6354] RBP: 00007fb48ec13f91 R08: 0000000000000000 R09: 0000000000000000
[  120.725754][ T6354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  120.725758][ T6354] R13: 00007fb48ede6038 R14: 00007fb48ede5fa0 R15: 00007ffd26a65d98
[  120.725765][ T6354]  </TASK>
[  120.725768][ T6354] 
[  120.839972][ T6354] Allocated by task 6354:
[  120.841874][ T6354]  kasan_save_track+0x3e/0x80
[  120.843950][ T6354]  __kasan_kmalloc+0x93/0xb0
[  120.845939][ T6354]  __kmalloc_cache_noprof+0x3e2/0x700
[  120.848193][ T6354]  media_request_alloc+0xe4/0x5b0
[  120.850437][ T6354]  media_device_request_alloc+0x98/0xd0
[  120.852859][ T6354]  media_device_ioctl+0x278/0x430
[  120.855037][ T6354]  __se_sys_ioctl+0xfc/0x170
[  120.857011][ T6354]  do_syscall_64+0xec/0xf80
[  120.859017][ T6354]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.861667][ T6354] 
[  120.862788][ T6354] Freed by task 6355:
[  120.864566][ T6354]  kasan_save_track+0x3e/0x80
[  120.866706][ T6354]  kasan_save_free_info+0x46/0x50
[  120.869047][ T6354]  __kasan_slab_free+0x5c/0x80
[  120.871254][ T6354]  kfree+0x1c0/0x660
[  120.873078][ T6354]  media_request_close+0x38/0x50
[  120.875363][ T6354]  __fput+0x44c/0xa70
[  120.877204][ T6354]  task_work_run+0x1d4/0x260
[  120.879302][ T6354]  exit_to_user_mode_loop+0xef/0x4e0
[  120.881709][ T6354]  do_syscall_64+0x2b7/0xf80
[  120.883819][ T6354]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.886645][ T6354] 
[  120.887791][ T6354] The buggy address belongs to the object at ffff888041cfba00
[  120.887791][ T6354]  which belongs to the cache kmalloc-256 of size 256
[  120.893583][ T6354] The buggy address is located 12 bytes inside of
[  120.893583][ T6354]  freed 256-byte region [ffff888041cfba00, ffff888041cfbb00)
[  120.899000][ T6354] 
[  120.900121][ T6354] The buggy address belongs to the physical page:
[  120.902926][ T6354] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x41cfb
[  120.906648][ T6354] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  120.909684][ T6354] page_type: f5(slab)
[  120.911419][ T6354] raw: 04fff00000000000 ffff88801a441b40 ffffea00014c9b40 dead000000000004
[  120.915319][ T6354] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[  120.919468][ T6354] page dumped because: kasan: bad access detected
[  120.922345][ T6354] page_owner tracks the page as allocated
[  120.924945][ T6354] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6092, tgid 6091 (syz.0.219), ts 117735454564, free_ts 117719686912
[  120.933198][ T6354]  post_alloc_hook+0x234/0x290
[  120.935326][ T6354]  get_page_from_freelist+0x24e0/0x2580
[  120.937757][ T6354]  __alloc_frozen_pages_noprof+0x181/0x370
[  120.940363][ T6354]  alloc_pages_mpol+0x232/0x4a0
[  120.942503][ T6354]  allocate_slab+0x86/0x3b0
[  120.944543][ T6354]  ___slab_alloc+0xe53/0x1820
[  120.946683][ T6354]  __slab_alloc+0x65/0x100
[  120.948666][ T6354]  __kmalloc_cache_noprof+0x41e/0x700
[  120.951135][ T6354]  media_request_alloc+0xe4/0x5b0
[  120.953370][ T6354]  media_device_request_alloc+0x98/0xd0
[  120.955841][ T6354]  media_device_ioctl+0x278/0x430
[  120.958094][ T6354]  __se_sys_ioctl+0xfc/0x170
[  120.960313][ T6354]  do_syscall_64+0xec/0xf80
[  120.962337][ T6354]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.965072][ T6354] page last free pid 15 tgid 15 stack trace:
[  120.967712][ T6354]  __free_frozen_pages+0xbc8/0xd30
[  120.969926][ T6354]  tlb_remove_table_rcu+0x85/0x100
[  120.972047][ T6354]  rcu_core+0xc8e/0x1720
[  120.974006][ T6354]  handle_softirqs+0x22b/0x7c0
[  120.976202][ T6354]  run_ksoftirqd+0x36/0x60
[  120.978375][ T6354]  smpboot_thread_fn+0x542/0xa60
[  120.980716][ T6354]  kthread+0x711/0x8a0
[  120.982462][ T6354]  ret_from_fork+0x510/0xa50
[  120.984550][ T6354]  ret_from_fork_asm+0x1a/0x30
[  120.986767][ T6354] 
[  120.987796][ T6354] Memory state around the buggy address:
[  120.990410][ T6354]  ffff888041cfb900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  120.993993][ T6354]  ffff888041cfb980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  120.997370][ T6354] >ffff888041cfba00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  121.000956][ T6354]                       ^
[  121.002886][ T6354]  ffff888041cfba80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  121.006471][ T6354]  ffff888041cfbb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  121.010712][ T6354] ==================================================================
[  121.031280][ T6354] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  121.034500][ T6354] CPU: 0 UID: 0 PID: 6354 Comm: syz.0.312 Not tainted syzkaller #0 PREEMPT(full) 
[  121.038435][ T6354] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  121.042678][ T6354] Call Trace:
[  121.044066][ T6354]  <TASK>
[  121.045299][ T6354]  vpanic+0x1e0/0x670
[  121.046912][ T6354]  panic+0xb9/0xc0
[  121.048406][ T6354]  ? __pfx_panic+0x10/0x10
[  121.050302][ T6354]  ? preempt_schedule_thunk+0x16/0x30
[  121.052379][ T6354]  ? number+0xc48/0xf60
[  121.054285][ T6354]  check_panic_on_warn+0x89/0xb0
[  121.056583][ T6354]  ? number+0xc48/0xf60
[  121.058420][ T6354]  end_report+0x6f/0x140
[  121.060342][ T6354]  kasan_report+0x129/0x150
[  121.062335][ T6354]  ? number+0xc48/0xf60
[  121.064149][ T6354]  number+0xc48/0xf60
[  121.065950][ T6354]  ? number+0xc1/0xf60
[  121.067740][ T6354]  ? __pfx_number+0x10/0x10
[  121.069646][ T6354]  ? __lock_acquire+0x6b6/0x2cf0
[  121.071845][ T6354]  ? format_decode+0x5a3/0xe10
[  121.073954][ T6354]  vsnprintf+0x8e5/0xee0
[  121.075843][ T6354]  snprintf+0xda/0x120
[  121.077773][ T6354]  ? preempt_schedule_thunk+0x16/0x30
[  121.080190][ T6354]  ? __pfx_snprintf+0x10/0x10
[  121.082298][ T6354]  ? fd_install+0x95/0x3d0
[  121.084270][ T6354]  ? fd_install+0x95/0x3d0
[  121.086117][ T6354]  ? fd_install+0x382/0x3d0
[  121.088057][ T6354]  ? fd_install+0x387/0x3d0
[  121.090719][ T6354]  media_request_alloc+0x319/0x5b0
[  121.093494][ T6354]  media_device_request_alloc+0x98/0xd0
[  121.096430][ T6354]  media_device_ioctl+0x278/0x430
[  121.098688][ T6354]  ? do_futex+0x333/0x420
[  121.100549][ T6354]  ? __pfx_media_device_ioctl+0x10/0x10
[  121.102904][ T6354]  ? __fget_files+0x3a0/0x420
[  121.104969][ T6354]  ? __fget_files+0x2a/0x420
[  121.106965][ T6354]  ? __pfx_media_device_ioctl+0x10/0x10
[  121.109422][ T6354]  ? media_ioctl+0xfe/0x120
[  121.111506][ T6354]  ? __pfx_media_ioctl+0x10/0x10
[  121.113723][ T6354]  __se_sys_ioctl+0xfc/0x170
[  121.115691][ T6354]  do_syscall_64+0xec/0xf80
[  121.117581][ T6354]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.120145][ T6354]  ? trace_irq_disable+0x37/0x100
[  121.122594][ T6354]  ? clear_bhb_loop+0x60/0xb0
[  121.124527][ T6354]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.126857][ T6354] RIP: 0033:0x7fb48eb8f7c9
[  121.128636][ T6354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  121.136475][ T6354] RSP: 002b:00007fb48f9f3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  121.140075][ T6354] RAX: ffffffffffffffda RBX: 00007fb48ede5fa0 RCX: 00007fb48eb8f7c9
[  121.143559][ T6354] RDX: 0000000000000000 RSI: 0000000080047c05 RDI: 0000000000000003
[  121.147115][ T6354] RBP: 00007fb48ec13f91 R08: 0000000000000000 R09: 0000000000000000
[  121.150473][ T6354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  121.153912][ T6354] R13: 00007fb48ede6038 R14: 00007fb48ede5fa0 R15: 00007ffd26a65d98
[  121.157397][ T6354]  </TASK>
[  121.159073][ T6354] Kernel Offset: disabled
[  121.161011][ T6354] Rebooting in 86400 seconds..

VM DIAGNOSIS:
02:33:09  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000061 RBX=0000000000000061 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90001b1f390
R8 =ffff888033be8237 R9 =1ffff1100677d046 R10=dffffc0000000000 R11=ffffffff851bb360
R12=dffffc0000000000 R13=ffffffff998fea08 R14=ffffffff99c136a0 R15=0000000000000000
RIP=ffffffff851bb3dc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fb48f9f36c0 ffffffff 00c00000
GS =0000 ffff88808d416000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fb48f9d1fc8 CR3=000000001fa63000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=000000000000003f Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb48ec15050
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb48ec1505d
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb48ec15057
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb48ec1506b
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb48ec150f1
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb48ec151cf
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb48edba4a8 00007fb48edba4a0 00007fb48edba498 00007fb48edba470
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb48f91d100 00007fb48edba460 00007fb48edba478 0000000700080006
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb48edba4b8 00007fb48edba4b0 00007fb48edba4a8 00007fb48edba4a0
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000000e 0000000000000000 0000000000000000 0000000000000308
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000