Warning: Permanently added '[localhost]:18866' (ED25519) to the list of known hosts.
2026/01/11 02:02:40 parsed 1 programs
syzkaller login: [ 87.871448][ T5326] cgroup: Unknown subsys name 'net'
[ 87.967627][ T5326] cgroup: Unknown subsys name 'cpuset'
[ 87.973157][ T5326] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 89.760738][ T5326] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 91.943822][ T10] cfg80211: failed to load regulatory.db
[ 95.160918][ T5344] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 96.476217][ T742] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 96.479649][ T742] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 96.539356][ T54] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 96.542865][ T54] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 98.444340][ T4683] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 98.450125][ T4683] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 98.454142][ T4683] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 98.458422][ T4683] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 98.461638][ T4683] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 99.174869][ T5388] chnl_net:caif_netlink_parms(): no params data found
[ 99.345966][ T5388] bridge0: port 1(bridge_slave_0) entered blocking state
[ 99.349876][ T5388] bridge0: port 1(bridge_slave_0) entered disabled state
[ 99.352931][ T5388] bridge_slave_0: entered allmulticast mode
[ 99.363972][ T5388] bridge_slave_0: entered promiscuous mode
[ 99.370110][ T5388] bridge0: port 2(bridge_slave_1) entered blocking state
[ 99.383932][ T5388] bridge0: port 2(bridge_slave_1) entered disabled state
[ 99.387826][ T5388] bridge_slave_1: entered allmulticast mode
[ 99.394730][ T5388] bridge_slave_1: entered promiscuous mode
[ 99.446780][ T5388] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 99.454158][ T5388] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 99.501116][ T5388] team0: Port device team_slave_0 added
[ 99.516241][ T5388] team0: Port device team_slave_1 added
[ 99.558260][ T5388] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 99.561283][ T5388] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 99.584372][ T5388] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 99.604462][ T5388] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 99.607452][ T5388] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 99.633772][ T5388] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 99.694904][ T5388] hsr_slave_0: entered promiscuous mode
[ 99.702855][ T5388] hsr_slave_1: entered promiscuous mode
[ 99.906047][ T5388] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 99.916406][ T5388] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 99.927018][ T5388] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 99.934571][ T5388] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 99.962171][ T5388] bridge0: port 2(bridge_slave_1) entered blocking state
[ 99.965741][ T5388] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 99.969932][ T5388] bridge0: port 1(bridge_slave_0) entered blocking state
[ 99.973159][ T5388] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 100.033234][ T5388] 8021q: adding VLAN 0 to HW filter on device bond0
[ 100.049195][ T742] bridge0: port 1(bridge_slave_0) entered disabled state
[ 100.055191][ T742] bridge0: port 2(bridge_slave_1) entered disabled state
[ 100.068754][ T5388] 8021q: adding VLAN 0 to HW filter on device team0
[ 100.077318][ T742] bridge0: port 1(bridge_slave_0) entered blocking state
[ 100.080510][ T742] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 100.090188][ T54] bridge0: port 2(bridge_slave_1) entered blocking state
[ 100.093360][ T54] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 100.278624][ T5388] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 100.332822][ T5388] veth0_vlan: entered promiscuous mode
[ 100.355892][ T5388] veth1_vlan: entered promiscuous mode
[ 100.403152][ T5388] veth0_macvtap: entered promiscuous mode
[ 100.418981][ T5388] veth1_macvtap: entered promiscuous mode
[ 100.453300][ T5388] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 100.474798][ T5388] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 100.496133][ T742] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 100.506809][ T742] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 100.530435][ T742] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 100.546913][ T742] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 100.825997][ T54] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 100.916168][ T54] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 101.015645][ T54] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 101.096269][ T54] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 103.367053][ T54] bridge_slave_1: left allmulticast mode
[ 103.369849][ T54] bridge_slave_1: left promiscuous mode
[ 103.372532][ T54] bridge0: port 2(bridge_slave_1) entered disabled state
[ 103.485225][ T54] bridge_slave_0: left allmulticast mode
[ 103.487662][ T54] bridge_slave_0: left promiscuous mode
[ 103.490749][ T54] bridge0: port 1(bridge_slave_0) entered disabled state
[ 103.955935][ T54] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 103.961545][ T54] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 103.966995][ T54] bond0 (unregistering): Released all slaves
[ 104.084154][ T54] hsr_slave_0: left promiscuous mode
[ 104.094630][ T54] hsr_slave_1: left promiscuous mode
[ 104.097563][ T54] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 104.100555][ T54] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 104.114925][ T54] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 104.118194][ T54] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 104.149743][ T54] veth1_macvtap: left promiscuous mode
[ 104.153162][ T54] veth0_macvtap: left promiscuous mode
[ 104.173854][ T54] veth1_vlan: left promiscuous mode
[ 104.176492][ T54] veth0_vlan: left promiscuous mode
[ 104.690340][ T54] team0 (unregistering): Port device team_slave_1 removed
[ 104.727666][ T54] team0 (unregistering): Port device team_slave_0 removed
2026/01/11 02:03:01 executed programs: 0
[ 106.537706][ T46] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 106.541836][ T46] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 106.545689][ T46] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 106.549183][ T46] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 106.552150][ T46] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 106.758387][ T5470] chnl_net:caif_netlink_parms(): no params data found
[ 106.875317][ T5470] bridge0: port 1(bridge_slave_0) entered blocking state
[ 106.884252][ T5470] bridge0: port 1(bridge_slave_0) entered disabled state
[ 106.887317][ T5470] bridge_slave_0: entered allmulticast mode
[ 106.904552][ T5470] bridge_slave_0: entered promiscuous mode
[ 106.910792][ T5470] bridge0: port 2(bridge_slave_1) entered blocking state
[ 106.923129][ T5470] bridge0: port 2(bridge_slave_1) entered disabled state
[ 106.933197][ T5470] bridge_slave_1: entered allmulticast mode
[ 106.937251][ T5470] bridge_slave_1: entered promiscuous mode
[ 106.961883][ T5470] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 106.968234][ T5470] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 106.990544][ T5470] team0: Port device team_slave_0 added
[ 106.996491][ T5470] team0: Port device team_slave_1 added
[ 107.017693][ T5470] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 107.020882][ T5470] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 107.031939][ T5470] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 107.038865][ T5470] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 107.042460][ T5470] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 107.054155][ T5470] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 107.089020][ T5470] hsr_slave_0: entered promiscuous mode
[ 107.093202][ T5470] hsr_slave_1: entered promiscuous mode
[ 107.566828][ T5470] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 107.587529][ T5470] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 107.604171][ T5470] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 107.627644][ T5470] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 107.667960][ T5470] bridge0: port 2(bridge_slave_1) entered blocking state
[ 107.671480][ T5470] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 107.675074][ T5470] bridge0: port 1(bridge_slave_0) entered blocking state
[ 107.678192][ T5470] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 107.767228][ T54] bridge0: port 1(bridge_slave_0) entered disabled state
[ 107.771225][ T54] bridge0: port 2(bridge_slave_1) entered disabled state
[ 107.811319][ T5470] 8021q: adding VLAN 0 to HW filter on device bond0
[ 107.836916][ T5470] 8021q: adding VLAN 0 to HW filter on device team0
[ 107.856683][ T54] bridge0: port 1(bridge_slave_0) entered blocking state
[ 107.859850][ T54] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 107.879240][ T742] bridge0: port 2(bridge_slave_1) entered blocking state
[ 107.882412][ T742] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 108.249677][ T5470] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 108.320885][ T5470] veth0_vlan: entered promiscuous mode
[ 108.341715][ T5470] veth1_vlan: entered promiscuous mode
[ 108.395064][ T5470] veth0_macvtap: entered promiscuous mode
[ 108.406147][ T5470] veth1_macvtap: entered promiscuous mode
[ 108.445216][ T5470] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 108.466899][ T5470] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 108.488076][ T742] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 108.492247][ T742] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 108.507361][ T742] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 108.528921][ T742] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 108.646055][ T46] Bluetooth: hci0: command tx timeout
[ 108.666778][ T742] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.670550][ T742] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.712328][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.736037][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.295261][ T10] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[ 109.456640][ T10] usb 5-1: config 0 interface 0 has no altsetting 0
[ 109.461701][ T10] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 109.466156][ T10] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 109.469708][ T10] usb 5-1: Product: syz
[ 109.471557][ T10] usb 5-1: Manufacturer: syz
[ 109.474464][ T10] usb 5-1: SerialNumber: syz
[ 109.484324][ T10] usb 5-1: config 0 descriptor??
[ 109.496124][ T10] usb 5-1: selecting invalid altsetting 0
[ 109.692977][ T5516] ==================================================================
[ 109.696451][ T5516] BUG: KASAN: slab-out-of-bounds in copy_to_urb+0x261/0x460
[ 109.699718][ T5516] Write of size 264 at addr ffff88803e11b200 by task syz.0.17/5516
[ 109.703960][ T5516]
[ 109.704989][ T5516] CPU: 0 UID: 0 PID: 5516 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 109.705001][ T5516] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 109.705007][ T5516] Call Trace:
[ 109.705012][ T5516]
[ 109.705016][ T5516] dump_stack_lvl+0xe8/0x150
[ 109.705029][ T5516] print_report+0xca/0x240
[ 109.705036][ T5516] ? copy_to_urb+0x261/0x460
[ 109.705042][ T5516] kasan_report+0x118/0x150
[ 109.705099][ T5516] ? copy_to_urb+0x261/0x460
[ 109.705109][ T5516] kasan_check_range+0x2b0/0x2c0
[ 109.705118][ T5516] ? copy_to_urb+0x261/0x460
[ 109.705133][ T5516] __asan_memcpy+0x40/0x70
[ 109.705146][ T5516] copy_to_urb+0x261/0x460
[ 109.705158][ T5516] prepare_playback_urb+0x953/0x13d0
[ 109.705173][ T5516] ? __pfx_prepare_playback_urb+0x10/0x10
[ 109.705182][ T5516] ? unwind_next_frame+0xa5/0x23d0
[ 109.705192][ T5516] ? rcu_is_watching+0x15/0xb0
[ 109.705203][ T5516] ? __kasan_check_byte+0x12/0x40
[ 109.705213][ T5516] ? is_bpf_text_address+0x26/0x2b0
[ 109.705228][ T5516] ? __pfx_prepare_playback_urb+0x10/0x10
[ 109.705238][ T5516] prepare_outbound_urb+0x377/0xc50
[ 109.705250][ T5516] ? check_noncircular+0xda/0x150
[ 109.705260][ T5516] ? _copy_from_iter+0xb2c/0x1630
[ 109.705273][ T5516] ? __asan_memcpy+0x40/0x70
[ 109.705285][ T5516] ? __pfx_prepare_outbound_urb+0x10/0x10
[ 109.705295][ T5516] ? _copy_from_iter+0x11eb/0x1630
[ 109.705308][ T5516] ? snd_usb_endpoint_start_quirk+0x1f7/0x320
[ 109.705321][ T5516] snd_usb_endpoint_start+0x4db/0x1530
[ 109.705335][ T5516] ? __pfx_snd_usb_endpoint_start+0x10/0x10
[ 109.705347][ T5516] start_endpoints+0xa1/0x280
[ 109.705356][ T5516] ? snd_usb_substream_playback_trigger+0x3ce/0x830
[ 109.705371][ T5516] snd_usb_substream_playback_trigger+0x3e0/0x830
[ 109.705386][ T5516] snd_pcm_do_start+0xb7/0x180
[ 109.705399][ T5516] snd_pcm_action+0xe7/0x240
[ 109.705409][ T5516] __snd_pcm_lib_xfer+0x1762/0x1d00
[ 109.705425][ T5516] ? __pfx_interleaved_copy+0x10/0x10
[ 109.705438][ T5516] ? __pfx_default_write_copy+0x10/0x10
[ 109.705450][ T5516] ? __pfx___snd_pcm_lib_xfer+0x10/0x10
[ 109.705463][ T5516] snd_pcm_oss_write3+0x1bc/0x350
[ 109.705475][ T5516] snd_pcm_plug_write_transfer+0x2cb/0x4c0
[ 109.705490][ T5516] ? __pfx_snd_pcm_plug_write_transfer+0x10/0x10
[ 109.705504][ T5516] ? snd_pcm_plug_client_channels_buf+0x490/0x640
[ 109.705520][ T5516] snd_pcm_oss_write+0xa2b/0xf20
[ 109.705535][ T5516] ? __pfx_snd_pcm_oss_write+0x10/0x10
[ 109.705546][ T5516] ? bpf_lsm_file_permission+0x9/0x20
[ 109.705555][ T5516] ? security_file_permission+0x75/0x290
[ 109.705565][ T5516] ? rw_verify_area+0x255/0x4d0
[ 109.705573][ T5516] ? __pfx_snd_pcm_oss_write+0x10/0x10
[ 109.705580][ T5516] vfs_write+0x27e/0xb30
[ 109.705590][ T5516] ? __pfx_vfs_write+0x10/0x10
[ 109.705598][ T5516] ? __pfx_do_futex+0x10/0x10
[ 109.705605][ T5516] ? kmem_cache_free+0x197/0x620
[ 109.705616][ T5516] ? do_sys_openat2+0x15a/0x200
[ 109.705628][ T5516] ksys_write+0x145/0x250
[ 109.705641][ T5516] ? __pfx_ksys_write+0x10/0x10
[ 109.705656][ T5516] do_syscall_64+0xec/0xf80
[ 109.705706][ T5516] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 109.705716][ T5516] ? trace_irq_disable+0x37/0x100
[ 109.705728][ T5516] ? clear_bhb_loop+0x60/0xb0
[ 109.705738][ T5516] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 109.705749][ T5516] RIP: 0033:0x7fc4db98f7c9
[ 109.705760][ T5516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 109.705767][ T5516] RSP: 002b:00007ffefa8ff3f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 109.705854][ T5516] RAX: ffffffffffffffda RBX: 00007fc4dbbe5fa0 RCX: 00007fc4db98f7c9
[ 109.705864][ T5516] RDX: 00000000000005ce RSI: 0000200000000600 RDI: 0000000000000004
[ 109.705871][ T5516] RBP: 00007fc4dba13f91 R08: 0000000000000000 R09: 0000000000000000
[ 109.705878][ T5516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 109.705884][ T5516] R13: 00007fc4dbbe5fa0 R14: 00007fc4dbbe5fa0 R15: 0000000000000003
[ 109.705896][ T5516]
[ 109.705899][ T5516]
[ 109.868972][ T5516] Allocated by task 5516:
[ 109.870782][ T5516] kasan_save_track+0x3e/0x80
[ 109.872704][ T5516] __kasan_kmalloc+0x93/0xb0
[ 109.874609][ T5516] __kmalloc_noprof+0x41d/0x800
[ 109.876604][ T5516] snd_usb_endpoint_set_params+0x1741/0x2f10
[ 109.879069][ T5516] snd_usb_hw_params+0xb12/0x12e0
[ 109.881129][ T5516] snd_pcm_hw_params+0x89d/0x1d30
[ 109.883355][ T5516] snd_pcm_oss_change_params_locked+0x21cd/0x3f70
[ 109.886161][ T5516] snd_pcm_oss_make_ready_locked+0x7d/0x300
[ 109.888452][ T5516] snd_pcm_oss_write+0x281/0xf20
[ 109.890501][ T5516] vfs_write+0x27e/0xb30
[ 109.892353][ T5516] ksys_write+0x145/0x250
[ 109.894287][ T5516] do_syscall_64+0xec/0xf80
[ 109.896025][ T5516] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 109.898263][ T5516]
[ 109.899208][ T5516] The buggy address belongs to the object at ffff88803e11b200
[ 109.899208][ T5516] which belongs to the cache kmalloc-256 of size 256
[ 109.904523][ T5516] The buggy address is located 0 bytes inside of
[ 109.904523][ T5516] allocated 240-byte region [ffff88803e11b200, ffff88803e11b2f0)
[ 109.909850][ T5516]
[ 109.910863][ T5516] The buggy address belongs to the physical page:
[ 109.913410][ T5516] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3e11b
[ 109.916523][ T5516] anon flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 109.919952][ T5516] page_type: f5(slab)
[ 109.921892][ T5516] raw: 04fff00000000000 ffff88801a441b40 ffffea0000c95f80 dead000000000005
[ 109.925664][ T5516] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[ 109.929649][ T5516] page dumped because: kasan: bad access detected
[ 109.932442][ T5516] page_owner tracks the page as allocated
[ 109.934968][ T5516] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5388, tgid 5388 (syz-executor), ts 100505880047, free_ts 100441479918
[ 109.943399][ T5516] post_alloc_hook+0x234/0x290
[ 109.945633][ T5516] get_page_from_freelist+0x24e0/0x2580
[ 109.948147][ T5516] __alloc_frozen_pages_noprof+0x181/0x370
[ 109.950867][ T5516] alloc_pages_mpol+0x232/0x4a0
[ 109.953139][ T5516] allocate_slab+0x86/0x3b0
[ 109.955265][ T5516] ___slab_alloc+0xe53/0x1820
[ 109.957384][ T5516] __slab_alloc+0x65/0x100
[ 109.959436][ T5516] __kmalloc_noprof+0x47d/0x800
[ 109.961634][ T5516] fib_create_info+0x171d/0x31f0
[ 109.963872][ T5516] fib_table_insert+0xca/0x1b80
[ 109.966085][ T5516] fib_magic+0x2c4/0x390
[ 109.968140][ T5516] fib_add_ifaddr+0x3fb/0x5f0
[ 109.970347][ T5516] fib_netdev_event+0x382/0x490
[ 109.972622][ T5516] notifier_call_chain+0x19d/0x3a0
[ 109.974800][ T5516] __dev_notify_flags+0x18d/0x2e0
[ 109.976929][ T5516] netif_change_flags+0xe8/0x1a0
[ 109.979028][ T5516] page last free pid 5388 tgid 5388 stack trace:
[ 109.981713][ T5516] __free_frozen_pages+0xbc8/0xd30
[ 109.983940][ T5516] __put_partials+0x146/0x170
[ 109.985878][ T5516] __slab_free+0x294/0x320
[ 109.987637][ T5516] qlist_free_all+0x97/0x100
[ 109.989459][ T5516] kasan_quarantine_reduce+0x148/0x160
[ 109.991562][ T5516] __kasan_slab_alloc+0x22/0x80
[ 109.993612][ T5516] kmem_cache_alloc_node_noprof+0x43c/0x720
[ 109.995970][ T5516] __alloc_skb+0x1dc/0x3a0
[ 109.997746][ T5516] netlink_sendmsg+0x5c6/0xb30
[ 109.999817][ T5516] __sock_sendmsg+0x21c/0x270
[ 110.001741][ T5516] __sys_sendto+0x3bd/0x520
[ 110.003566][ T5516] __x64_sys_sendto+0xde/0x100
[ 110.005377][ T5516] do_syscall_64+0xec/0xf80
[ 110.007329][ T5516] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 110.009833][ T5516]
[ 110.010963][ T5516] Memory state around the buggy address:
[ 110.013472][ T5516] ffff88803e11b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 110.016932][ T5516] ffff88803e11b200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 110.020013][ T5516] >ffff88803e11b280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
[ 110.023321][ T5516] ^
[ 110.026127][ T5516] ffff88803e11b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 110.029226][ T5516] ffff88803e11b380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 110.032420][ T5516] ==================================================================
[ 110.035806][ T5516] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 110.038779][ T5516] CPU: 0 UID: 0 PID: 5516 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 110.042646][ T5516] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 110.047045][ T5516] Call Trace:
[ 110.048360][ T5516]
[ 110.049536][ T5516] vpanic+0x1e0/0x670
[ 110.051111][ T5516] panic+0xb9/0xc0
[ 110.052534][ T5516] ? __pfx_panic+0x10/0x10
[ 110.054554][ T5516] ? copy_to_urb+0x261/0x460
[ 110.056549][ T5516] ? rcu_is_watching+0x15/0xb0
[ 110.058565][ T5516] ? copy_to_urb+0x261/0x460
[ 110.060436][ T5516] ? copy_to_urb+0x261/0x460
[ 110.062362][ T5516] check_panic_on_warn+0x89/0xb0
[ 110.064305][ T5516] ? copy_to_urb+0x261/0x460
[ 110.066149][ T5516] end_report+0x6f/0x140
[ 110.067949][ T5516] kasan_report+0x129/0x150
[ 110.069865][ T5516] ? copy_to_urb+0x261/0x460
[ 110.071762][ T5516] kasan_check_range+0x2b0/0x2c0
[ 110.073663][ T5516] ? copy_to_urb+0x261/0x460
[ 110.075735][ T5516] __asan_memcpy+0x40/0x70
[ 110.077882][ T5516] copy_to_urb+0x261/0x460
[ 110.080084][ T5516] prepare_playback_urb+0x953/0x13d0
[ 110.082382][ T5516] ? __pfx_prepare_playback_urb+0x10/0x10
[ 110.084633][ T5516] ? unwind_next_frame+0xa5/0x23d0
[ 110.086677][ T5516] ? rcu_is_watching+0x15/0xb0
[ 110.088445][ T5516] ? __kasan_check_byte+0x12/0x40
[ 110.090501][ T5516] ? is_bpf_text_address+0x26/0x2b0
[ 110.092715][ T5516] ? __pfx_prepare_playback_urb+0x10/0x10
[ 110.095101][ T5516] prepare_outbound_urb+0x377/0xc50
[ 110.097260][ T5516] ? check_noncircular+0xda/0x150
[ 110.099381][ T5516] ? _copy_from_iter+0xb2c/0x1630
[ 110.101443][ T5516] ? __asan_memcpy+0x40/0x70
[ 110.103411][ T5516] ? __pfx_prepare_outbound_urb+0x10/0x10
[ 110.105934][ T5516] ? _copy_from_iter+0x11eb/0x1630
[ 110.108355][ T5516] ? snd_usb_endpoint_start_quirk+0x1f7/0x320
[ 110.110980][ T5516] snd_usb_endpoint_start+0x4db/0x1530
[ 110.113381][ T5516] ? __pfx_snd_usb_endpoint_start+0x10/0x10
[ 110.115963][ T5516] start_endpoints+0xa1/0x280
[ 110.117966][ T5516] ? snd_usb_substream_playback_trigger+0x3ce/0x830
[ 110.120833][ T5516] snd_usb_substream_playback_trigger+0x3e0/0x830
[ 110.123670][ T5516] snd_pcm_do_start+0xb7/0x180
[ 110.125731][ T5516] snd_pcm_action+0xe7/0x240
[ 110.127724][ T5516] __snd_pcm_lib_xfer+0x1762/0x1d00
[ 110.129963][ T5516] ? __pfx_interleaved_copy+0x10/0x10
[ 110.132369][ T5516] ? __pfx_default_write_copy+0x10/0x10
[ 110.134781][ T5516] ? __pfx___snd_pcm_lib_xfer+0x10/0x10
[ 110.137126][ T5516] snd_pcm_oss_write3+0x1bc/0x350
[ 110.139242][ T5516] snd_pcm_plug_write_transfer+0x2cb/0x4c0
[ 110.141655][ T5516] ? __pfx_snd_pcm_plug_write_transfer+0x10/0x10
[ 110.144271][ T5516] ? snd_pcm_plug_client_channels_buf+0x490/0x640
[ 110.147061][ T5516] snd_pcm_oss_write+0xa2b/0xf20
[ 110.149235][ T5516] ? __pfx_snd_pcm_oss_write+0x10/0x10
[ 110.151603][ T5516] ? bpf_lsm_file_permission+0x9/0x20
[ 110.153891][ T5516] ? security_file_permission+0x75/0x290
[ 110.156341][ T5516] ? rw_verify_area+0x255/0x4d0
[ 110.158449][ T5516] ? __pfx_snd_pcm_oss_write+0x10/0x10
[ 110.160753][ T5516] vfs_write+0x27e/0xb30
[ 110.162665][ T5516] ? __pfx_vfs_write+0x10/0x10
[ 110.164669][ T5516] ? __pfx_do_futex+0x10/0x10
[ 110.166697][ T5516] ? kmem_cache_free+0x197/0x620
[ 110.168855][ T5516] ? do_sys_openat2+0x15a/0x200
[ 110.170996][ T5516] ksys_write+0x145/0x250
[ 110.172897][ T5516] ? __pfx_ksys_write+0x10/0x10
[ 110.175176][ T5516] do_syscall_64+0xec/0xf80
[ 110.177217][ T5516] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 110.179942][ T5516] ? trace_irq_disable+0x37/0x100
[ 110.182158][ T5516] ? clear_bhb_loop+0x60/0xb0
[ 110.184208][ T5516] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 110.186816][ T5516] RIP: 0033:0x7fc4db98f7c9
[ 110.188871][ T5516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 110.197150][ T5516] RSP: 002b:00007ffefa8ff3f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 110.200843][ T5516] RAX: ffffffffffffffda RBX: 00007fc4dbbe5fa0 RCX: 00007fc4db98f7c9
[ 110.204274][ T5516] RDX: 00000000000005ce RSI: 0000200000000600 RDI: 0000000000000004
[ 110.207898][ T5516] RBP: 00007fc4dba13f91 R08: 0000000000000000 R09: 0000000000000000
[ 110.211408][ T5516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 110.214937][ T5516] R13: 00007fc4dbbe5fa0 R14: 00007fc4dbbe5fa0 R15: 0000000000000003
[ 110.218464][ T5516]
[ 110.220205][ T5516] Kernel Offset: disabled
[ 110.222159][ T5516] Rebooting in 86400 seconds..
VM DIAGNOSIS:
02:03:04 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000073 RBX=0000000000000073 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc900036c6bb0
R8 =ffff888034d20237 R9 =1ffff110069a4046 R10=dffffc0000000000 R11=ffffffff851bb760
R12=dffffc0000000000 R13=ffffffff99900a01 R14=ffffffff99c156c0 R15=0000000000000000
RIP=ffffffff851bb7dc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055555bc71500 ffffffff 00c00000
GS =0000 ffff88808d414000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007fff5970cc84 CR3=000000001ec10000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fffff800 Opmask01=0000000000000014 Opmask02=000000000000003f Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffefa8fd330 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc4dba15050
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc4dba1505d
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc4dba15057
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc4dba1506b
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc4dba150f1
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc4dba151cf
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 2323232323232323 2323232323232323
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000336f69 6475000500060006
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000104c4a 4756420c5546470c
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000