Warning: Permanently added '[localhost]:10254' (ED25519) to the list of known hosts.
2025/11/01 17:26:30 parsed 1 programs
syzkaller login: [   84.582656][ T5312] cgroup: Unknown subsys name 'net'
[   84.655613][ T5312] cgroup: Unknown subsys name 'cpuset'
[   84.661496][ T5312] cgroup: Unknown subsys name 'rlimit'
[   86.417900][ T5312] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   90.688154][ T5326] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   91.889772][    T9] cfg80211: failed to load regulatory.db
[   92.952162][ T5360] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   92.956812][ T5360] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   92.960305][ T5360] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   92.964686][ T5360] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   92.968283][ T5360] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   93.348613][ T3067] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.359348][ T3067] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.384293][  T182] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.387606][  T182] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.834094][ T5392] chnl_net:caif_netlink_parms(): no params data found
[   94.899793][ T5392] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.903726][ T5392] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.906865][ T5392] bridge_slave_0: entered allmulticast mode
[   94.910845][ T5392] bridge_slave_0: entered promiscuous mode
[   94.917132][ T5392] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.920390][ T5392] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.925034][ T5392] bridge_slave_1: entered allmulticast mode
[   94.929755][ T5392] bridge_slave_1: entered promiscuous mode
[   94.957165][ T5392] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.964324][ T5392] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.986250][ T5392] team0: Port device team_slave_0 added
[   94.990904][ T5392] team0: Port device team_slave_1 added
[   95.012714][ T5392] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.015662][ T5392] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   95.026956][ T5392] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   95.034049][ T5392] batman_adv: batadv0: Adding interface: batadv_slave_1
[   95.037086][ T5392] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   95.048522][ T5392] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.089865][ T5392] hsr_slave_0: entered promiscuous mode
[   95.093433][ T5392] hsr_slave_1: entered promiscuous mode
[   95.238857][ T5392] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   95.249206][ T5392] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   95.255504][ T5392] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   95.263178][ T5392] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   95.291454][ T5392] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.294687][ T5392] bridge0: port 2(bridge_slave_1) entered forwarding state
[   95.298579][ T5392] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.301872][ T5392] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.359577][ T5392] 8021q: adding VLAN 0 to HW filter on device bond0
[   95.374207][ T3067] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.378165][ T3067] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.390955][ T5392] 8021q: adding VLAN 0 to HW filter on device team0
[   95.400338][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.403599][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.418910][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.422354][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   95.603488][ T5392] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.645115][ T5392] veth0_vlan: entered promiscuous mode
[   95.654511][ T5392] veth1_vlan: entered promiscuous mode
[   95.681481][ T5392] veth0_macvtap: entered promiscuous mode
[   95.691057][ T5392] veth1_macvtap: entered promiscuous mode
[   95.710000][ T5392] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.721256][ T5392] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.735214][ T1044] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.738755][ T1044] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.753272][ T1044] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.757047][ T1044] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.924055][ T1044] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.974141][ T1044] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.016239][ T1044] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.074649][ T1044] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/11/01 17:26:44 executed programs: 0
[   96.585093][ T4667] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   96.589450][ T4667] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   96.595161][ T4667] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   96.598935][ T4667] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   96.606890][ T4667] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   96.784244][ T5422] chnl_net:caif_netlink_parms(): no params data found
[   96.848431][ T5422] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.851690][ T5422] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.855817][ T5422] bridge_slave_0: entered allmulticast mode
[   96.859919][ T5422] bridge_slave_0: entered promiscuous mode
[   96.864662][ T5422] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.867571][ T5422] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.870606][ T5422] bridge_slave_1: entered allmulticast mode
[   96.875251][ T5422] bridge_slave_1: entered promiscuous mode
[   96.899696][ T5422] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   96.906869][ T5422] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   96.935872][ T5422] team0: Port device team_slave_0 added
[   96.940469][ T5422] team0: Port device team_slave_1 added
[   96.962508][ T5422] batman_adv: batadv0: Adding interface: batadv_slave_0
[   96.965804][ T5422] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   96.977082][ T5422] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   96.983434][ T5422] batman_adv: batadv0: Adding interface: batadv_slave_1
[   96.986540][ T5422] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   96.997972][ T5422] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   97.035684][ T5422] hsr_slave_0: entered promiscuous mode
[   97.038891][ T5422] hsr_slave_1: entered promiscuous mode
[   97.042703][ T5422] debugfs: 'hsr0' already exists in 'hsr'
[   97.045333][ T5422] Cannot create hsr debugfs directory
[   98.590035][ T1044] bridge_slave_1: left allmulticast mode
[   98.593930][ T1044] bridge_slave_1: left promiscuous mode
[   98.597008][ T1044] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.614194][ T1044] bridge_slave_0: left allmulticast mode
[   98.616611][ T1044] bridge_slave_0: left promiscuous mode
[   98.619522][ T1044] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.684346][ T4667] Bluetooth: hci0: command tx timeout
[   99.012705][ T1044] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   99.018628][ T1044] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   99.023852][ T1044] bond0 (unregistering): Released all slaves
[   99.115484][ T1044] hsr_slave_0: left promiscuous mode
[   99.118593][ T1044] hsr_slave_1: left promiscuous mode
[   99.133338][ T1044] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   99.136844][ T1044] batman_adv: batadv0: Removing interface: batadv_slave_0
[   99.140945][ T1044] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   99.152738][ T1044] batman_adv: batadv0: Removing interface: batadv_slave_1
[   99.186369][ T1044] veth1_macvtap: left promiscuous mode
[   99.189060][ T1044] veth0_macvtap: left promiscuous mode
[   99.191567][ T1044] veth1_vlan: left promiscuous mode
[   99.212442][ T1044] veth0_vlan: left promiscuous mode
[   99.607889][ T1044] team0 (unregistering): Port device team_slave_1 removed
[   99.627057][ T1044] team0 (unregistering): Port device team_slave_0 removed
[  100.086265][ T5422] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  100.112227][ T5422] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  100.121592][ T5422] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  100.150094][ T5422] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  100.501072][ T5422] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.533666][ T5422] 8021q: adding VLAN 0 to HW filter on device team0
[  100.548581][ T1044] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.551861][ T1044] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.573808][ T1044] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.577754][ T1044] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.765617][ T4667] Bluetooth: hci0: command tx timeout
[  100.894493][ T5422] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.969450][ T5422] veth0_vlan: entered promiscuous mode
[  100.987639][ T5422] veth1_vlan: entered promiscuous mode
[  101.037844][ T5422] veth0_macvtap: entered promiscuous mode
[  101.054470][ T5422] veth1_macvtap: entered promiscuous mode
[  101.087771][ T5422] batman_adv: batadv0: Interface activated: batadv_slave_0
[  101.098662][ T5422] batman_adv: batadv0: Interface activated: batadv_slave_1
[  101.110580][   T43] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  101.115056][   T43] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  101.118680][   T43] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  101.130781][   T43] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  101.188029][   T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.191432][   T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.221353][ T1044] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.225923][ T1044] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.542076][ T5409] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[  101.694519][ T5409] usb 5-1: config 0 interface 0 has no altsetting 0
[  101.699752][ T5409] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  101.704179][ T5409] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  101.707473][ T5409] usb 5-1: Product: syz
[  101.709111][ T5409] usb 5-1: Manufacturer: syz
[  101.710943][ T5409] usb 5-1: SerialNumber: syz
[  101.717600][ T5409] usb 5-1: config 0 descriptor??
[  101.730989][ T5409] usb 5-1: selecting invalid altsetting 0
[  101.927601][ T5469] ==================================================================
[  101.930827][ T5469] BUG: KASAN: slab-out-of-bounds in copy_to_urb+0x261/0x460
[  101.936967][ T5469] Write of size 264 at addr ffff88805932f180 by task syz.0.17/5469
[  101.941323][ T5469] 
[  101.942415][ T5469] CPU: 0 UID: 0 PID: 5469 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
[  101.942430][ T5469] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  101.942437][ T5469] Call Trace:
[  101.942444][ T5469]  <TASK>
[  101.942450][ T5469]  dump_stack_lvl+0x189/0x250
[  101.942469][ T5469]  ? __virt_addr_valid+0x1c8/0x5c0
[  101.942484][ T5469]  ? rcu_is_watching+0x15/0xb0
[  101.942496][ T5469]  ? __pfx_dump_stack_lvl+0x10/0x10
[  101.942510][ T5469]  ? rcu_is_watching+0x15/0xb0
[  101.942521][ T5469]  ? lock_release+0x4b/0x3e0
[  101.942531][ T5469]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  101.942541][ T5469]  ? __virt_addr_valid+0x1c8/0x5c0
[  101.942549][ T5469]  ? __virt_addr_valid+0x4a5/0x5c0
[  101.942558][ T5469]  print_report+0xca/0x240
[  101.942567][ T5469]  ? copy_to_urb+0x261/0x460
[  101.942579][ T5469]  kasan_report+0x118/0x150
[  101.942594][ T5469]  ? copy_to_urb+0x261/0x460
[  101.942611][ T5469]  kasan_check_range+0x2b0/0x2c0
[  101.942631][ T5469]  ? copy_to_urb+0x261/0x460
[  101.942645][ T5469]  __asan_memcpy+0x40/0x70
[  101.942657][ T5469]  copy_to_urb+0x261/0x460
[  101.942672][ T5469]  ? __kernel_text_address+0xd/0x40
[  101.942690][ T5469]  prepare_playback_urb+0x953/0x13d0
[  101.942712][ T5469]  ? __pfx_prepare_playback_urb+0x10/0x10
[  101.942728][ T5469]  ? lockdep_unlock+0x89/0x120
[  101.942743][ T5469]  ? validate_chain+0x897/0x2140
[  101.942758][ T5469]  ? __pfx_prepare_playback_urb+0x10/0x10
[  101.942772][ T5469]  prepare_outbound_urb+0x377/0xc50
[  101.942786][ T5469]  ? _copy_from_iter+0xc3d/0x1790
[  101.942848][ T5469]  ? __asan_memcpy+0x40/0x70
[  101.942860][ T5469]  ? __pfx_prepare_outbound_urb+0x10/0x10
[  101.942871][ T5469]  ? snd_usb_endpoint_start_quirk+0x1f7/0x320
[  101.942884][ T5469]  snd_usb_endpoint_start+0x4d8/0x14a0
[  101.942900][ T5469]  ? __pfx_snd_usb_endpoint_start+0x10/0x10
[  101.942911][ T5469]  ? do_raw_spin_lock+0x121/0x290
[  101.942926][ T5469]  start_endpoints+0xa1/0x280
[  101.942940][ T5469]  ? snd_usb_substream_playback_trigger+0x3ce/0x7a0
[  101.942956][ T5469]  snd_usb_substream_playback_trigger+0x3e0/0x7a0
[  101.942973][ T5469]  snd_pcm_do_start+0xb7/0x180
[  101.942985][ T5469]  snd_pcm_action+0xe7/0x240
[  101.942995][ T5469]  __snd_pcm_lib_xfer+0x1762/0x1ce0
[  101.943011][ T5469]  ? __pfx_interleaved_copy+0x10/0x10
[  101.943023][ T5469]  ? __pfx_default_write_copy+0x10/0x10
[  101.943039][ T5469]  ? __pfx___snd_pcm_lib_xfer+0x10/0x10
[  101.943055][ T5469]  snd_pcm_oss_write3+0x1bc/0x320
[  101.943069][ T5469]  snd_pcm_plug_write_transfer+0x2cb/0x4c0
[  101.943086][ T5469]  ? __pfx_snd_pcm_plug_write_transfer+0x10/0x10
[  101.943098][ T5469]  ? snd_pcm_plug_client_channels_buf+0x490/0x640
[  101.943114][ T5469]  snd_pcm_oss_write+0xb9c/0x1190
[  101.943129][ T5469]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  101.943141][ T5469]  ? bpf_lsm_file_permission+0x9/0x20
[  101.943151][ T5469]  ? security_file_permission+0x75/0x290
[  101.943163][ T5469]  ? rw_verify_area+0x255/0x4d0
[  101.943175][ T5469]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  101.943186][ T5469]  vfs_write+0x27e/0xb30
[  101.943196][ T5469]  ? __pfx_vfs_write+0x10/0x10
[  101.943204][ T5469]  ? __pfx_do_futex+0x10/0x10
[  101.943222][ T5469]  ksys_write+0x145/0x250
[  101.943235][ T5469]  ? __pfx_ksys_write+0x10/0x10
[  101.943248][ T5469]  ? do_syscall_64+0xbe/0xfa0
[  101.943263][ T5469]  do_syscall_64+0xfa/0xfa0
[  101.943275][ T5469]  ? lockdep_hardirqs_on+0x9c/0x150
[  101.943288][ T5469]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.943298][ T5469]  ? clear_bhb_loop+0x60/0xb0
[  101.943310][ T5469]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.943321][ T5469] RIP: 0033:0x7fcb8838efc9
[  101.943333][ T5469] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  101.943342][ T5469] RSP: 002b:00007ffc905b2e08 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  101.943355][ T5469] RAX: ffffffffffffffda RBX: 00007fcb885e5fa0 RCX: 00007fcb8838efc9
[  101.943363][ T5469] RDX: 00000000000005ce RSI: 0000200000000e00 RDI: 0000000000000004
[  101.943371][ T5469] RBP: 00007fcb88411f91 R08: 0000000000000000 R09: 0000000000000000
[  101.943377][ T5469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  101.943384][ T5469] R13: 00007fcb885e5fa0 R14: 00007fcb885e5fa0 R15: 0000000000000003
[  101.943395][ T5469]  </TASK>
[  101.943399][ T5469] 
[  102.120457][ T5469] Allocated by task 5469:
[  102.122343][ T5469]  kasan_save_track+0x3e/0x80
[  102.124340][ T5469]  __kasan_kmalloc+0x93/0xb0
[  102.126192][ T5469]  __kmalloc_noprof+0x411/0x7f0
[  102.128341][ T5469]  snd_usb_endpoint_set_params+0x1610/0x29a0
[  102.130961][ T5469]  snd_usb_hw_params+0xb12/0x1280
[  102.133152][ T5469]  snd_pcm_hw_params+0x89d/0x1d30
[  102.135329][ T5469]  snd_pcm_oss_change_params_locked+0x21cb/0x3e40
[  102.137964][ T5469]  snd_pcm_oss_write+0x2fb/0x1190
[  102.140029][ T5469]  vfs_write+0x27e/0xb30
[  102.141767][ T5469]  ksys_write+0x145/0x250
[  102.143608][ T5469]  do_syscall_64+0xfa/0xfa0
[  102.145656][ T5469]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.148177][ T5469] 
[  102.149233][ T5469] The buggy address belongs to the object at ffff88805932f180
[  102.149233][ T5469]  which belongs to the cache kmalloc-64 of size 64
[  102.154951][ T5469] The buggy address is located 0 bytes inside of
[  102.154951][ T5469]  allocated 54-byte region [ffff88805932f180, ffff88805932f1b6)
[  102.160810][ T5469] 
[  102.161906][ T5469] The buggy address belongs to the physical page:
[  102.164624][ T5469] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5932f
[  102.168471][ T5469] anon flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  102.171888][ T5469] page_type: f5(slab)
[  102.173786][ T5469] raw: 04fff00000000000 ffff88801a0418c0 ffffea0000cb4740 dead000000000005
[  102.177644][ T5469] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[  102.181296][ T5469] page dumped because: kasan: bad access detected
[  102.184157][ T5469] page_owner tracks the page as allocated
[  102.186742][ T5469] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5420, tgid 5420 (syz-executor), ts 96353686512, free_ts 96347447655
[  102.194982][ T5469]  post_alloc_hook+0x240/0x2a0
[  102.197084][ T5469]  get_page_from_freelist+0x2365/0x2440
[  102.199554][ T5469]  __alloc_frozen_pages_noprof+0x181/0x370
[  102.202217][ T5469]  alloc_pages_mpol+0x232/0x4a0
[  102.204418][ T5469]  allocate_slab+0x96/0x350
[  102.206363][ T5469]  ___slab_alloc+0xe94/0x18a0
[  102.208512][ T5469]  __slab_alloc+0x65/0x100
[  102.210698][ T5469]  __kmalloc_noprof+0x471/0x7f0
[  102.212877][ T5469]  tomoyo_encode+0x28b/0x550
[  102.214814][ T5469]  tomoyo_realpath_from_path+0x58d/0x5d0
[  102.217575][ T5469]  tomoyo_path_perm+0x213/0x4b0
[  102.219723][ T5469]  security_inode_getattr+0x12f/0x330
[  102.222167][ T5469]  vfs_statx+0x18e/0x550
[  102.223852][ T5469]  vfs_fstatat+0x118/0x170
[  102.226002][ T5469]  __x64_sys_newfstatat+0x116/0x190
[  102.228323][ T5469]  do_syscall_64+0xfa/0xfa0
[  102.230353][ T5469] page last free pid 5420 tgid 5420 stack trace:
[  102.233202][ T5469]  __free_frozen_pages+0xbc4/0xd30
[  102.235442][ T5469]  __slab_free+0x2e7/0x390
[  102.237434][ T5469]  qlist_free_all+0x97/0x140
[  102.239388][ T5469]  kasan_quarantine_reduce+0x148/0x160
[  102.241747][ T5469]  __kasan_slab_alloc+0x22/0x80
[  102.243919][ T5469]  kmem_cache_alloc_noprof+0x367/0x6e0
[  102.246128][ T5469]  getname_flags+0xb8/0x540
[  102.247984][ T5469]  vfs_fstatat+0x43/0x170
[  102.250238][ T5469]  __x64_sys_newfstatat+0x116/0x190
[  102.253028][ T5469]  do_syscall_64+0xfa/0xfa0
[  102.255485][ T5469]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.258065][ T5469] 
[  102.259099][ T5469] Memory state around the buggy address:
[  102.261522][ T5469]  ffff88805932f080: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[  102.264929][ T5469]  ffff88805932f100: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[  102.268418][ T5469] >ffff88805932f180: 00 00 00 00 00 00 06 fc fc fc fc fc fc fc fc fc
[  102.272021][ T5469]                                      ^
[  102.274547][ T5469]  ffff88805932f200: 00 00 00 00 00 00 06 fc fc fc fc fc fc fc fc fc
[  102.277938][ T5469]  ffff88805932f280: 00 00 00 00 00 00 06 fc fc fc fc fc fc fc fc fc
[  102.281309][ T5469] ==================================================================
[  102.284278][ T5469] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  102.287106][ T5469] CPU: 0 UID: 0 PID: 5469 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
[  102.290648][ T5469] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  102.294887][ T5469] Call Trace:
[  102.296202][ T5469]  <TASK>
[  102.297574][ T5469]  dump_stack_lvl+0x99/0x250
[  102.299603][ T5469]  ? __asan_memcpy+0x40/0x70
[  102.301699][ T5469]  ? __pfx_dump_stack_lvl+0x10/0x10
[  102.303857][ T5469]  ? __pfx__printk+0x10/0x10
[  102.305789][ T5469]  vpanic+0x237/0x6d0
[  102.307540][ T5469]  ? __pfx_vpanic+0x10/0x10
[  102.309739][ T5469]  panic+0xb9/0xc0
[  102.311338][ T5469]  ? __pfx_panic+0x10/0x10
[  102.313263][ T5469]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  102.315759][ T5469]  ? is_module_address+0x17/0xf0
[  102.317882][ T5469]  ? copy_to_urb+0x261/0x460
[  102.319832][ T5469]  check_panic_on_warn+0x89/0xb0
[  102.321958][ T5469]  ? copy_to_urb+0x261/0x460
[  102.323971][ T5469]  end_report+0x78/0x160
[  102.325717][ T5469]  kasan_report+0x129/0x150
[  102.327559][ T5469]  ? copy_to_urb+0x261/0x460
[  102.329462][ T5469]  kasan_check_range+0x2b0/0x2c0
[  102.331662][ T5469]  ? copy_to_urb+0x261/0x460
[  102.333835][ T5469]  __asan_memcpy+0x40/0x70
[  102.335666][ T5469]  copy_to_urb+0x261/0x460
[  102.337640][ T5469]  ? __kernel_text_address+0xd/0x40
[  102.339884][ T5469]  prepare_playback_urb+0x953/0x13d0
[  102.342152][ T5469]  ? __pfx_prepare_playback_urb+0x10/0x10
[  102.344554][ T5469]  ? lockdep_unlock+0x89/0x120
[  102.346578][ T5469]  ? validate_chain+0x897/0x2140
[  102.348645][ T5469]  ? __pfx_prepare_playback_urb+0x10/0x10
[  102.351094][ T5469]  prepare_outbound_urb+0x377/0xc50
[  102.353261][ T5469]  ? _copy_from_iter+0xc3d/0x1790
[  102.355511][ T5469]  ? __asan_memcpy+0x40/0x70
[  102.357615][ T5469]  ? __pfx_prepare_outbound_urb+0x10/0x10
[  102.360100][ T5469]  ? snd_usb_endpoint_start_quirk+0x1f7/0x320
[  102.362857][ T5469]  snd_usb_endpoint_start+0x4d8/0x14a0
[  102.365350][ T5469]  ? __pfx_snd_usb_endpoint_start+0x10/0x10
[  102.367920][ T5469]  ? do_raw_spin_lock+0x121/0x290
[  102.370226][ T5469]  start_endpoints+0xa1/0x280
[  102.372280][ T5469]  ? snd_usb_substream_playback_trigger+0x3ce/0x7a0
[  102.375219][ T5469]  snd_usb_substream_playback_trigger+0x3e0/0x7a0
[  102.378211][ T5469]  snd_pcm_do_start+0xb7/0x180
[  102.380299][ T5469]  snd_pcm_action+0xe7/0x240
[  102.382342][ T5469]  __snd_pcm_lib_xfer+0x1762/0x1ce0
[  102.384637][ T5469]  ? __pfx_interleaved_copy+0x10/0x10
[  102.386991][ T5469]  ? __pfx_default_write_copy+0x10/0x10
[  102.389433][ T5469]  ? __pfx___snd_pcm_lib_xfer+0x10/0x10
[  102.391956][ T5469]  snd_pcm_oss_write3+0x1bc/0x320
[  102.394406][ T5469]  snd_pcm_plug_write_transfer+0x2cb/0x4c0
[  102.397044][ T5469]  ? __pfx_snd_pcm_plug_write_transfer+0x10/0x10
[  102.399903][ T5469]  ? snd_pcm_plug_client_channels_buf+0x490/0x640
[  102.402674][ T5469]  snd_pcm_oss_write+0xb9c/0x1190
[  102.404969][ T5469]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  102.407429][ T5469]  ? bpf_lsm_file_permission+0x9/0x20
[  102.409718][ T5469]  ? security_file_permission+0x75/0x290
[  102.412103][ T5469]  ? rw_verify_area+0x255/0x4d0
[  102.414220][ T5469]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  102.416641][ T5469]  vfs_write+0x27e/0xb30
[  102.418565][ T5469]  ? __pfx_vfs_write+0x10/0x10
[  102.420539][ T5469]  ? __pfx_do_futex+0x10/0x10
[  102.422634][ T5469]  ksys_write+0x145/0x250
[  102.424497][ T5469]  ? __pfx_ksys_write+0x10/0x10
[  102.426361][ T5469]  ? do_syscall_64+0xbe/0xfa0
[  102.428266][ T5469]  do_syscall_64+0xfa/0xfa0
[  102.430222][ T5469]  ? lockdep_hardirqs_on+0x9c/0x150
[  102.432489][ T5469]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.435069][ T5469]  ? clear_bhb_loop+0x60/0xb0
[  102.436958][ T5469]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.439255][ T5469] RIP: 0033:0x7fcb8838efc9
[  102.441014][ T5469] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  102.448781][ T5469] RSP: 002b:00007ffc905b2e08 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  102.452328][ T5469] RAX: ffffffffffffffda RBX: 00007fcb885e5fa0 RCX: 00007fcb8838efc9
[  102.455663][ T5469] RDX: 00000000000005ce RSI: 0000200000000e00 RDI: 0000000000000004
[  102.459474][ T5469] RBP: 00007fcb88411f91 R08: 0000000000000000 R09: 0000000000000000
[  102.462736][ T5469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  102.466111][ T5469] R13: 00007fcb885e5fa0 R14: 00007fcb885e5fa0 R15: 0000000000000003
[  102.469451][ T5469]  </TASK>
[  102.471040][ T5469] Kernel Offset: disabled
[  102.472908][ T5469] Rebooting in 86400 seconds..

VM DIAGNOSIS:
17:26:50  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000065 RBX=0000000000000065 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc9000128eab0
R8 =ffff8880004a0237 R9 =1ffff11000094046 R10=dffffc0000000000 R11=ffffffff85166e20
R12=dffffc0000000000 R13=ffffffff997e2924 R14=ffffffff99af6320 R15=0000000000000000
RIP=ffffffff85166e9c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00005555758a8500 ffffffff 00c00000
GS =0000 ffff88808d732000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000001000 CR3=0000000040c15000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fffff800 Opmask01=0000000000000014 Opmask02=000000000000003f Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc905b0d40 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fcb88412fdb
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fcb88412fe8
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fcb88412fe2
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fcb88412ff6
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fcb8841307c
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fcb8841315a
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 2323232323232323 2323232323232323
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000336f69 6475000500060006
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000104c4a 4756420c5546470c
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000048
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000