Warning: Permanently added '[localhost]:47571' (ED25519) to the list of known hosts.
2026/01/11 03:06:27 parsed 1 programs
syzkaller login: [   83.646805][ T5327] cgroup: Unknown subsys name 'net'
[   83.730999][ T5327] cgroup: Unknown subsys name 'cpuset'
[   83.735376][ T5327] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   85.527569][ T5327] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   86.487227][   T80] ODEBUG: Out of memory. ODEBUG disabled
[   90.904459][ T5343] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   91.850943][  T786] cfg80211: failed to load regulatory.db
[   93.898664][ T1087] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.902066][ T1087] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.951295][   T73] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.954538][   T73] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.480845][ T4684] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   95.484437][ T4684] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   95.487557][ T4684] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   95.499750][ T4684] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   95.503197][ T4684] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   96.884607][ T5415] chnl_net:caif_netlink_parms(): no params data found
[   97.100228][ T5415] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.107993][ T5415] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.111366][ T5415] bridge_slave_0: entered allmulticast mode
[   97.128370][ T5415] bridge_slave_0: entered promiscuous mode
[   97.133534][ T5415] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.136889][ T5415] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.140377][ T5415] bridge_slave_1: entered allmulticast mode
[   97.148408][ T5415] bridge_slave_1: entered promiscuous mode
[   97.196431][ T5415] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.210800][ T5415] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.251973][ T5415] team0: Port device team_slave_0 added
[   97.268564][ T5415] team0: Port device team_slave_1 added
[   97.311165][ T5415] batman_adv: batadv0: Adding interface: batadv_slave_0
[   97.314214][ T5415] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   97.338679][ T5415] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   97.346390][ T5415] batman_adv: batadv0: Adding interface: batadv_slave_1
[   97.358423][ T5415] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   97.378129][ T5415] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   97.449181][ T5415] hsr_slave_0: entered promiscuous mode
[   97.458585][ T5415] hsr_slave_1: entered promiscuous mode
[   97.644445][ T5415] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   97.653486][ T5415] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   97.659305][ T5415] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   97.665889][ T5415] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   97.686880][ T5415] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.690197][ T5415] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.693486][ T5415] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.696267][ T5415] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.743579][ T5415] 8021q: adding VLAN 0 to HW filter on device bond0
[   97.754764][ T2620] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.760728][ T2620] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.774232][ T5415] 8021q: adding VLAN 0 to HW filter on device team0
[   97.781486][ T2620] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.783778][ T2620] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.800147][ T2620] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.803330][ T2620] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.950146][ T5415] 8021q: adding VLAN 0 to HW filter on device batadv0
[   97.976572][ T5415] veth0_vlan: entered promiscuous mode
[   97.984616][ T5415] veth1_vlan: entered promiscuous mode
[   98.013194][ T5415] veth0_macvtap: entered promiscuous mode
[   98.020168][ T5415] veth1_macvtap: entered promiscuous mode
[   98.035293][ T5415] batman_adv: batadv0: Interface activated: batadv_slave_0
[   98.046458][ T5415] batman_adv: batadv0: Interface activated: batadv_slave_1
[   98.058912][   T73] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   98.071058][ T2620] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   98.075055][ T2620] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   98.099448][ T2620] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   98.235514][ T1087] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.269593][ T1087] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.341074][ T1087] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.407007][ T1087] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/01/11 03:06:44 executed programs: 0
[   98.781532][   T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   98.785143][   T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   98.788766][   T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   98.792434][   T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   98.795699][   T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   98.930332][ T5440] chnl_net:caif_netlink_parms(): no params data found
[   99.026625][ T5440] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.030262][ T5440] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.033057][ T5440] bridge_slave_0: entered allmulticast mode
[   99.036415][ T5440] bridge_slave_0: entered promiscuous mode
[   99.047333][ T5440] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.051325][ T5440] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.054283][ T5440] bridge_slave_1: entered allmulticast mode
[   99.058289][ T5440] bridge_slave_1: entered promiscuous mode
[   99.077270][ T5440] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.083678][ T5440] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.106371][ T5440] team0: Port device team_slave_0 added
[   99.110925][ T5440] team0: Port device team_slave_1 added
[   99.139891][ T5440] batman_adv: batadv0: Adding interface: batadv_slave_0
[   99.142699][ T5440] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   99.153870][ T5440] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   99.160032][ T5440] batman_adv: batadv0: Adding interface: batadv_slave_1
[   99.162902][ T5440] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   99.174642][ T5440] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   99.211488][ T5440] hsr_slave_0: entered promiscuous mode
[   99.214289][ T5440] hsr_slave_1: entered promiscuous mode
[   99.218916][ T5440] debugfs: 'hsr0' already exists in 'hsr'
[   99.221270][ T5440] Cannot create hsr debugfs directory
[  100.879595][   T47] Bluetooth: hci0: command tx timeout
[  101.010666][ T1087] bridge_slave_1: left allmulticast mode
[  101.013516][ T1087] bridge_slave_1: left promiscuous mode
[  101.017266][ T1087] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.040532][ T1087] bridge_slave_0: left allmulticast mode
[  101.042858][ T1087] bridge_slave_0: left promiscuous mode
[  101.045420][ T1087] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.482041][ T1087] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  101.489186][ T1087] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  101.494292][ T1087] bond0 (unregistering): Released all slaves
[  101.662596][ T1087] hsr_slave_0: left promiscuous mode
[  101.669052][ T1087] hsr_slave_1: left promiscuous mode
[  101.680488][ T1087] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  101.683699][ T1087] batman_adv: batadv0: Removing interface: batadv_slave_0
[  101.698930][ T1087] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  101.702408][ T1087] batman_adv: batadv0: Removing interface: batadv_slave_1
[  101.734717][ T1087] veth1_macvtap: left promiscuous mode
[  101.748088][ T1087] veth0_macvtap: left promiscuous mode
[  101.751146][ T1087] veth1_vlan: left promiscuous mode
[  101.753570][ T1087] veth0_vlan: left promiscuous mode
[  102.170766][ T1087] team0 (unregistering): Port device team_slave_1 removed
[  102.197027][ T1087] team0 (unregistering): Port device team_slave_0 removed
[  102.598828][ T5440] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  102.634647][ T5440] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  102.658437][ T5440] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  102.669655][ T5440] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  102.919983][ T5440] 8021q: adding VLAN 0 to HW filter on device bond0
[  102.948704][ T5440] 8021q: adding VLAN 0 to HW filter on device team0
[  102.957958][   T47] Bluetooth: hci0: command tx timeout
[  102.979709][   T73] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.982890][   T73] bridge0: port 1(bridge_slave_0) entered forwarding state
[  103.014236][   T73] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.017494][   T73] bridge0: port 2(bridge_slave_1) entered forwarding state
[  103.074632][ T5440] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  103.088416][ T5440] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  103.289286][ T5440] 8021q: adding VLAN 0 to HW filter on device batadv0
[  103.318640][ T5440] veth0_vlan: entered promiscuous mode
[  103.324316][ T5440] veth1_vlan: entered promiscuous mode
[  103.349867][ T5440] veth0_macvtap: entered promiscuous mode
[  103.355427][ T5440] veth1_macvtap: entered promiscuous mode
[  103.367499][ T5440] batman_adv: batadv0: Interface activated: batadv_slave_0
[  103.379478][ T5440] batman_adv: batadv0: Interface activated: batadv_slave_1
[  103.390213][ T1087] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.400438][ T1087] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.404148][ T1087] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.443023][ T1087] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  103.467037][ T2620] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.473252][ T2620] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.502103][ T1087] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.506712][ T1087] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.018028][ T5432] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[  104.170817][ T5432] usb 5-1: config 0 interface 0 has no altsetting 0
[  104.176080][ T5432] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  104.180352][ T5432] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  104.184519][ T5432] usb 5-1: Product: syz
[  104.186398][ T5432] usb 5-1: Manufacturer: syz
[  104.189475][ T5432] usb 5-1: SerialNumber: syz
[  104.194287][ T5432] usb 5-1: config 0 descriptor??
[  104.210304][ T5432] usb 5-1: selecting invalid altsetting 0
[  104.403715][ T5482] ==================================================================
[  104.407227][ T5482] BUG: KASAN: slab-out-of-bounds in copy_to_urb+0x261/0x460
[  104.410646][ T5482] Write of size 264 at addr ffff8880428f4200 by task syz.0.17/5482
[  104.414828][ T5482] 
[  104.415865][ T5482] CPU: 0 UID: 0 PID: 5482 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
[  104.415880][ T5482] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  104.415886][ T5482] Call Trace:
[  104.415893][ T5482]  <TASK>
[  104.415899][ T5482]  dump_stack_lvl+0xe8/0x150
[  104.415918][ T5482]  print_report+0xca/0x240
[  104.415926][ T5482]  ? copy_to_urb+0x261/0x460
[  104.415933][ T5482]  kasan_report+0x118/0x150
[  104.415990][ T5482]  ? copy_to_urb+0x261/0x460
[  104.416001][ T5482]  kasan_check_range+0x2b0/0x2c0
[  104.416011][ T5482]  ? copy_to_urb+0x261/0x460
[  104.416020][ T5482]  __asan_memcpy+0x40/0x70
[  104.416033][ T5482]  copy_to_urb+0x261/0x460
[  104.416045][ T5482]  prepare_playback_urb+0x953/0x13d0
[  104.416056][ T5482]  ? __pfx_prepare_playback_urb+0x10/0x10
[  104.416065][ T5482]  ? unwind_next_frame+0xa5/0x23d0
[  104.416076][ T5482]  ? rcu_is_watching+0x15/0xb0
[  104.416088][ T5482]  ? __kasan_check_byte+0x12/0x40
[  104.416097][ T5482]  ? is_bpf_text_address+0x26/0x2b0
[  104.416110][ T5482]  ? __pfx_prepare_playback_urb+0x10/0x10
[  104.416119][ T5482]  prepare_outbound_urb+0x377/0xc50
[  104.416131][ T5482]  ? check_noncircular+0xda/0x150
[  104.416142][ T5482]  ? _copy_from_iter+0xb2c/0x1630
[  104.416155][ T5482]  ? __asan_memcpy+0x40/0x70
[  104.416166][ T5482]  ? __pfx_prepare_outbound_urb+0x10/0x10
[  104.416176][ T5482]  ? _copy_from_iter+0x11eb/0x1630
[  104.416190][ T5482]  ? snd_usb_endpoint_start_quirk+0x1f7/0x320
[  104.416203][ T5482]  snd_usb_endpoint_start+0x4db/0x1530
[  104.416218][ T5482]  ? __pfx_snd_usb_endpoint_start+0x10/0x10
[  104.416230][ T5482]  start_endpoints+0xa1/0x280
[  104.416235][ T5482]  ? snd_usb_substream_playback_trigger+0x3ce/0x830
[  104.416247][ T5482]  snd_usb_substream_playback_trigger+0x3e0/0x830
[  104.416258][ T5482]  snd_pcm_do_start+0xb7/0x180
[  104.416267][ T5482]  snd_pcm_action+0xe7/0x240
[  104.416274][ T5482]  __snd_pcm_lib_xfer+0x1762/0x1d00
[  104.416284][ T5482]  ? __pfx_interleaved_copy+0x10/0x10
[  104.416292][ T5482]  ? __pfx_default_write_copy+0x10/0x10
[  104.416302][ T5482]  ? __pfx___snd_pcm_lib_xfer+0x10/0x10
[  104.416313][ T5482]  snd_pcm_oss_write3+0x1bc/0x350
[  104.416325][ T5482]  snd_pcm_plug_write_transfer+0x2cb/0x4c0
[  104.416340][ T5482]  ? __pfx_snd_pcm_plug_write_transfer+0x10/0x10
[  104.416353][ T5482]  ? snd_pcm_plug_client_channels_buf+0x490/0x640
[  104.416369][ T5482]  snd_pcm_oss_write+0xa2b/0xf20
[  104.416384][ T5482]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  104.416396][ T5482]  ? bpf_lsm_file_permission+0x9/0x20
[  104.416408][ T5482]  ? security_file_permission+0x75/0x290
[  104.416418][ T5482]  ? rw_verify_area+0x255/0x4d0
[  104.416427][ T5482]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  104.416435][ T5482]  vfs_write+0x27e/0xb30
[  104.416446][ T5482]  ? __pfx_vfs_write+0x10/0x10
[  104.416454][ T5482]  ? __pfx_do_futex+0x10/0x10
[  104.416461][ T5482]  ? kmem_cache_free+0x197/0x620
[  104.416473][ T5482]  ? do_sys_openat2+0x15a/0x200
[  104.416486][ T5482]  ksys_write+0x145/0x250
[  104.416498][ T5482]  ? __pfx_ksys_write+0x10/0x10
[  104.416512][ T5482]  do_syscall_64+0xec/0xf80
[  104.416557][ T5482]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.416567][ T5482]  ? trace_irq_disable+0x37/0x100
[  104.416579][ T5482]  ? clear_bhb_loop+0x60/0xb0
[  104.416589][ T5482]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.416599][ T5482] RIP: 0033:0x7f288dd8f7c9
[  104.416609][ T5482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  104.416617][ T5482] RSP: 002b:00007fff8efb8958 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  104.416631][ T5482] RAX: ffffffffffffffda RBX: 00007f288dfe5fa0 RCX: 00007f288dd8f7c9
[  104.416638][ T5482] RDX: 00000000000005ce RSI: 0000200000000600 RDI: 0000000000000004
[  104.416644][ T5482] RBP: 00007f288de13f91 R08: 0000000000000000 R09: 0000000000000000
[  104.416650][ T5482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  104.416656][ T5482] R13: 00007f288dfe5fa0 R14: 00007f288dfe5fa0 R15: 0000000000000003
[  104.416664][ T5482]  </TASK>
[  104.416667][ T5482] 
[  104.584951][ T5482] Allocated by task 5482:
[  104.586916][ T5482]  kasan_save_track+0x3e/0x80
[  104.589060][ T5482]  __kasan_kmalloc+0x93/0xb0
[  104.591197][ T5482]  __kmalloc_noprof+0x41d/0x800
[  104.593376][ T5482]  snd_usb_endpoint_set_params+0x1741/0x2f10
[  104.596000][ T5482]  snd_usb_hw_params+0xb12/0x12e0
[  104.598270][ T5482]  snd_pcm_hw_params+0x89d/0x1d30
[  104.600539][ T5482]  snd_pcm_oss_change_params_locked+0x21cd/0x3f70
[  104.602957][ T5482]  snd_pcm_oss_make_ready_locked+0x7d/0x300
[  104.605458][ T5482]  snd_pcm_oss_write+0x281/0xf20
[  104.607765][ T5482]  vfs_write+0x27e/0xb30
[  104.610061][ T5482]  ksys_write+0x145/0x250
[  104.611992][ T5482]  do_syscall_64+0xec/0xf80
[  104.613831][ T5482]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.616333][ T5482] 
[  104.617292][ T5482] The buggy address belongs to the object at ffff8880428f4200
[  104.617292][ T5482]  which belongs to the cache kmalloc-256 of size 256
[  104.622849][ T5482] The buggy address is located 0 bytes inside of
[  104.622849][ T5482]  allocated 240-byte region [ffff8880428f4200, ffff8880428f42f0)
[  104.628677][ T5482] 
[  104.629799][ T5482] The buggy address belongs to the physical page:
[  104.632472][ T5482] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x428f4
[  104.636250][ T5482] anon flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  104.639540][ T5482] page_type: f5(slab)
[  104.641316][ T5482] raw: 04fff00000000000 ffff88801a441b40 ffffea0001415380 0000000000000009
[  104.645005][ T5482] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  104.648903][ T5482] page dumped because: kasan: bad access detected
[  104.651884][ T5482] page_owner tracks the page as allocated
[  104.654387][ T5482] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5360, tgid 5360 (syz-executor), ts 92371033587, free_ts 92370990773
[  104.662648][ T5482]  post_alloc_hook+0x234/0x290
[  104.664644][ T5482]  get_page_from_freelist+0x24e0/0x2580
[  104.667044][ T5482]  __alloc_frozen_pages_noprof+0x181/0x370
[  104.669616][ T5482]  alloc_pages_mpol+0x232/0x4a0
[  104.671783][ T5482]  allocate_slab+0x86/0x3b0
[  104.673981][ T5482]  ___slab_alloc+0xe53/0x1820
[  104.676161][ T5482]  __slab_alloc+0x65/0x100
[  104.678155][ T5482]  __kmalloc_node_track_caller_noprof+0x5d4/0x820
[  104.680961][ T5482]  kmemdup_array+0x3f/0x80
[  104.682884][ T5482]  ebt_register_table+0x99e/0x10e0
[  104.685033][ T5482]  find_inlist_lock_noload+0x183/0x270
[  104.687130][ T5482]  do_ebt_get_ctl+0x25d/0x1c50
[  104.689065][ T5482]  nf_getsockopt+0x26e/0x290
[  104.690955][ T5482]  ip_getsockopt+0x1c4/0x220
[  104.692984][ T5482]  do_sock_getsockopt+0x33f/0x630
[  104.695058][ T5482]  __x64_sys_getsockopt+0x1a5/0x250
[  104.697172][ T5482] page last free pid 5360 tgid 5360 stack trace:
[  104.699788][ T5482]  __free_frozen_pages+0xbc8/0xd30
[  104.702058][ T5482]  __kasan_populate_vmalloc+0x137/0x1d0
[  104.704617][ T5482]  alloc_vmap_area+0xdc4/0x14e0
[  104.706827][ T5482]  __get_vm_area_node+0x1f8/0x300
[  104.708998][ T5482]  __vmalloc_node_range_noprof+0x371/0x16a0
[  104.711623][ T5482]  vmalloc_noprof+0xb2/0xf0
[  104.713559][ T5482]  ebt_register_table+0x231/0x10e0
[  104.715884][ T5482]  find_inlist_lock_noload+0x183/0x270
[  104.718422][ T5482]  do_ebt_get_ctl+0x25d/0x1c50
[  104.720609][ T5482]  nf_getsockopt+0x26e/0x290
[  104.722922][ T5482]  ip_getsockopt+0x1c4/0x220
[  104.724859][ T5482]  do_sock_getsockopt+0x33f/0x630
[  104.727035][ T5482]  __x64_sys_getsockopt+0x1a5/0x250
[  104.729304][ T5482]  do_syscall_64+0xec/0xf80
[  104.731281][ T5482]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.733666][ T5482] 
[  104.734611][ T5482] Memory state around the buggy address:
[  104.736936][ T5482]  ffff8880428f4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  104.740215][ T5482]  ffff8880428f4200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  104.743457][ T5482] >ffff8880428f4280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
[  104.746684][ T5482]                                                              ^
[  104.750021][ T5482]  ffff8880428f4300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  104.753478][ T5482]  ffff8880428f4380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  104.756940][ T5482] ==================================================================
[  104.761009][ T5482] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  104.764346][ T5482] CPU: 0 UID: 0 PID: 5482 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
[  104.767893][ T5482] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  104.772342][ T5482] Call Trace:
[  104.773782][ T5482]  <TASK>
[  104.775103][ T5482]  vpanic+0x1e0/0x670
[  104.776875][ T5482]  panic+0xb9/0xc0
[  104.778622][ T5482]  ? __pfx_panic+0x10/0x10
[  104.780630][ T5482]  ? copy_to_urb+0x261/0x460
[  104.782640][ T5482]  ? rcu_is_watching+0x15/0xb0
[  104.784654][ T5482]  ? copy_to_urb+0x261/0x460
[  104.786615][ T5482]  ? copy_to_urb+0x261/0x460
[  104.788622][ T5482]  check_panic_on_warn+0x89/0xb0
[  104.790874][ T5482]  ? copy_to_urb+0x261/0x460
[  104.792926][ T5482]  end_report+0x6f/0x140
[  104.794801][ T5482]  kasan_report+0x129/0x150
[  104.796836][ T5482]  ? copy_to_urb+0x261/0x460
[  104.798885][ T5482]  kasan_check_range+0x2b0/0x2c0
[  104.801285][ T5482]  ? copy_to_urb+0x261/0x460
[  104.803300][ T5482]  __asan_memcpy+0x40/0x70
[  104.805234][ T5482]  copy_to_urb+0x261/0x460
[  104.807095][ T5482]  prepare_playback_urb+0x953/0x13d0
[  104.809521][ T5482]  ? __pfx_prepare_playback_urb+0x10/0x10
[  104.812110][ T5482]  ? unwind_next_frame+0xa5/0x23d0
[  104.814420][ T5482]  ? rcu_is_watching+0x15/0xb0
[  104.816414][ T5482]  ? __kasan_check_byte+0x12/0x40
[  104.818561][ T5482]  ? is_bpf_text_address+0x26/0x2b0
[  104.820769][ T5482]  ? __pfx_prepare_playback_urb+0x10/0x10
[  104.823231][ T5482]  prepare_outbound_urb+0x377/0xc50
[  104.825764][ T5482]  ? check_noncircular+0xda/0x150
[  104.828402][ T5482]  ? _copy_from_iter+0xb2c/0x1630
[  104.830757][ T5482]  ? __asan_memcpy+0x40/0x70
[  104.832782][ T5482]  ? __pfx_prepare_outbound_urb+0x10/0x10
[  104.835226][ T5482]  ? _copy_from_iter+0x11eb/0x1630
[  104.837406][ T5482]  ? snd_usb_endpoint_start_quirk+0x1f7/0x320
[  104.839879][ T5482]  snd_usb_endpoint_start+0x4db/0x1530
[  104.842231][ T5482]  ? __pfx_snd_usb_endpoint_start+0x10/0x10
[  104.844693][ T5482]  start_endpoints+0xa1/0x280
[  104.846604][ T5482]  ? snd_usb_substream_playback_trigger+0x3ce/0x830
[  104.849609][ T5482]  snd_usb_substream_playback_trigger+0x3e0/0x830
[  104.852411][ T5482]  snd_pcm_do_start+0xb7/0x180
[  104.854560][ T5482]  snd_pcm_action+0xe7/0x240
[  104.856636][ T5482]  __snd_pcm_lib_xfer+0x1762/0x1d00
[  104.858904][ T5482]  ? __pfx_interleaved_copy+0x10/0x10
[  104.861193][ T5482]  ? __pfx_default_write_copy+0x10/0x10
[  104.863651][ T5482]  ? __pfx___snd_pcm_lib_xfer+0x10/0x10
[  104.866110][ T5482]  snd_pcm_oss_write3+0x1bc/0x350
[  104.868277][ T5482]  snd_pcm_plug_write_transfer+0x2cb/0x4c0
[  104.870898][ T5482]  ? __pfx_snd_pcm_plug_write_transfer+0x10/0x10
[  104.873692][ T5482]  ? snd_pcm_plug_client_channels_buf+0x490/0x640
[  104.876442][ T5482]  snd_pcm_oss_write+0xa2b/0xf20
[  104.878550][ T5482]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  104.880885][ T5482]  ? bpf_lsm_file_permission+0x9/0x20
[  104.883217][ T5482]  ? security_file_permission+0x75/0x290
[  104.885645][ T5482]  ? rw_verify_area+0x255/0x4d0
[  104.887683][ T5482]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  104.889925][ T5482]  vfs_write+0x27e/0xb30
[  104.891811][ T5482]  ? __pfx_vfs_write+0x10/0x10
[  104.893797][ T5482]  ? __pfx_do_futex+0x10/0x10
[  104.895761][ T5482]  ? kmem_cache_free+0x197/0x620
[  104.897858][ T5482]  ? do_sys_openat2+0x15a/0x200
[  104.900021][ T5482]  ksys_write+0x145/0x250
[  104.902250][ T5482]  ? __pfx_ksys_write+0x10/0x10
[  104.904543][ T5482]  do_syscall_64+0xec/0xf80
[  104.906630][ T5482]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.909464][ T5482]  ? trace_irq_disable+0x37/0x100
[  104.911782][ T5482]  ? clear_bhb_loop+0x60/0xb0
[  104.913946][ T5482]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.916165][ T5482] RIP: 0033:0x7f288dd8f7c9
[  104.917911][ T5482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  104.926031][ T5482] RSP: 002b:00007fff8efb8958 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  104.929819][ T5482] RAX: ffffffffffffffda RBX: 00007f288dfe5fa0 RCX: 00007f288dd8f7c9
[  104.933275][ T5482] RDX: 00000000000005ce RSI: 0000200000000600 RDI: 0000000000000004
[  104.936574][ T5482] RBP: 00007f288de13f91 R08: 0000000000000000 R09: 0000000000000000
[  104.940037][ T5482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  104.943560][ T5482] R13: 00007f288dfe5fa0 R14: 00007f288dfe5fa0 R15: 0000000000000003
[  104.946624][ T5482]  </TASK>
[  104.948291][ T5482] Kernel Offset: disabled
[  104.950270][ T5482] Rebooting in 86400 seconds..

VM DIAGNOSIS:
03:06:50  Registers:
info registers vcpu 0

CPU#0
RAX=1ffffffff3382a60 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=0000000000000000 RDI=0000000000000020 RBP=ffffffff99c15950 RSP=ffffc90002346b50
R8 =ffff888033cf8237 R9 =1ffff1100679f046 R10=dffffc0000000000 R11=ffffffff851bb690
R12=dffffc0000000000 R13=0000000000000000 R14=ffffffff99c156c0 R15=0000000000000000
RIP=ffffffff851bb707 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000555574ecb500 ffffffff 00c00000
GS =0000 ffff88808d414000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffeb7d0bc94 CR3=0000000011d95000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fffff800 Opmask01=0000000000000014 Opmask02=000000000000003f Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff8efb6890 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f288de15050
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f288de1505d
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f288de15057
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f288de1506b
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f288de150f1
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f288de151cf
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 2323232323232323 2323232323232323
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000336f69 6475000500060006
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000104c4a 4756420c5546470c
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000