Warning: Permanently added '10.128.1.167' (ED25519) to the list of known hosts.
2025/11/24 09:50:17 parsed 1 programs
[   73.162617][ T5790] cgroup: Unknown subsys name 'net'
[   73.328231][ T5790] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   74.932329][ T5790] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   76.681004][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.689347][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.720429][   T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.728706][   T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.205705][ T5830] chnl_net:caif_netlink_parms(): no params data found
[   78.276202][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.283585][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.291102][ T5830] bridge_slave_0: entered allmulticast mode
[   78.298179][ T5830] bridge_slave_0: entered promiscuous mode
[   78.306445][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.313969][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.322253][ T5830] bridge_slave_1: entered allmulticast mode
[   78.329106][ T5830] bridge_slave_1: entered promiscuous mode
[   78.361765][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.373708][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.406903][ T5830] team0: Port device team_slave_0 added
[   78.415787][ T5830] team0: Port device team_slave_1 added
[   78.443739][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.450719][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.477464][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.490191][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.497228][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.524582][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.577506][ T5830] hsr_slave_0: entered promiscuous mode
[   78.589510][ T5830] hsr_slave_1: entered promiscuous mode
[   78.717993][ T5830] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   78.738241][ T5830] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   78.748431][ T5830] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   78.759467][ T5830] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   78.800063][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.807306][ T5830] bridge0: port 2(bridge_slave_1) entered forwarding state
[   78.815226][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.822390][ T5830] bridge0: port 1(bridge_slave_0) entered forwarding state
[   78.895896][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0
[   78.914135][ T1085] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.922415][ T1085] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.936563][ T5830] 8021q: adding VLAN 0 to HW filter on device team0
[   78.958036][ T1085] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.965303][ T1085] bridge0: port 1(bridge_slave_0) entered forwarding state
[   78.977844][   T68] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.984999][   T68] bridge0: port 2(bridge_slave_1) entered forwarding state
[   79.188889][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0
[   79.235364][ T5830] veth0_vlan: entered promiscuous mode
[   79.248127][ T5830] veth1_vlan: entered promiscuous mode
[   79.282547][ T5830] veth0_macvtap: entered promiscuous mode
[   79.292742][ T5830] veth1_macvtap: entered promiscuous mode
[   79.321127][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0
[   79.338111][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1
[   79.349395][ T5830] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   79.362910][ T5830] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   79.372040][ T5830] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   79.380844][ T5830] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   79.524440][   T68] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.672843][ T5860] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   79.682396][ T5860] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   79.690444][ T5860] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   79.699864][ T5860] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   79.708258][ T5860] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   79.715668][ T5860] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/11/24 09:50:27 executed programs: 0
[   81.522387][ T5860] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   81.530143][ T5860] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   81.538540][ T5860] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   81.548544][ T5860] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   81.556425][ T5860] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   81.564104][ T5860] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   81.747491][ T5900] chnl_net:caif_netlink_parms(): no params data found
[   81.836199][ T5900] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.843593][ T5900] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.850861][ T5900] bridge_slave_0: entered allmulticast mode
[   81.858044][ T5900] bridge_slave_0: entered promiscuous mode
[   81.868229][ T5900] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.875661][ T5900] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.882865][ T5900] bridge_slave_1: entered allmulticast mode
[   81.889990][ T5900] bridge_slave_1: entered promiscuous mode
[   81.929360][ T5900] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   81.941559][ T5900] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   81.983435][ T5900] team0: Port device team_slave_0 added
[   81.991972][ T5900] team0: Port device team_slave_1 added
[   82.024790][ T5900] batman_adv: batadv0: Adding interface: batadv_slave_0
[   82.031895][ T5900] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   82.062850][ T5900] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   82.085991][   T68] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   82.099806][ T5900] batman_adv: batadv0: Adding interface: batadv_slave_1
[   82.106975][ T5900] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   82.132958][ T5900] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   82.176827][ T5900] hsr_slave_0: entered promiscuous mode
[   82.183432][ T5900] hsr_slave_1: entered promiscuous mode
[   82.189531][ T5900] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   82.197440][ T5900] Cannot create hsr debugfs directory
[   83.621746][ T5860] Bluetooth: hci0: command tx timeout
[   84.362395][   T68] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   84.443347][   T68] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   85.369782][   T68] hsr_slave_0: left promiscuous mode
[   85.375851][   T68] hsr_slave_1: left promiscuous mode
[   85.382318][   T68] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   85.389736][   T68] batman_adv: batadv0: Removing interface: batadv_slave_0
[   85.397806][   T68] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   85.405250][   T68] batman_adv: batadv0: Removing interface: batadv_slave_1
[   85.413236][   T68] bridge_slave_1: left allmulticast mode
[   85.418870][   T68] bridge_slave_1: left promiscuous mode
[   85.425071][   T68] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.435720][   T68] bridge_slave_0: left allmulticast mode
[   85.442120][   T68] bridge_slave_0: left promiscuous mode
[   85.447808][   T68] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.468768][   T68] veth1_macvtap: left promiscuous mode
[   85.474822][   T68] veth0_macvtap: left promiscuous mode
[   85.480407][   T68] veth1_vlan: left promiscuous mode
[   85.486032][   T68] veth0_vlan: left promiscuous mode
[   85.703852][ T5860] Bluetooth: hci0: command tx timeout
[   85.811174][   T68] team0 (unregistering): Port device team_slave_1 removed
[   85.838597][   T68] team0 (unregistering): Port device team_slave_0 removed
[   85.867178][   T68] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   85.896072][   T68] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   86.144881][   T68] bond0 (unregistering): Released all slaves
[   86.234225][ T5900] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   86.244455][ T5900] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   86.255346][ T5900] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   86.265599][ T5900] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   86.353269][ T5900] 8021q: adding VLAN 0 to HW filter on device bond0
[   86.374005][ T5900] 8021q: adding VLAN 0 to HW filter on device team0
[   86.395892][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.403143][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   86.413113][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.420222][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   86.605390][ T5900] 8021q: adding VLAN 0 to HW filter on device batadv0
[   86.659023][ T5900] veth0_vlan: entered promiscuous mode
[   86.683168][ T5900] veth1_vlan: entered promiscuous mode
[   86.718125][ T5900] veth0_macvtap: entered promiscuous mode
[   86.728924][ T5900] veth1_macvtap: entered promiscuous mode
[   86.761951][ T5900] batman_adv: batadv0: Interface activated: batadv_slave_0
[   86.761966][   T27] cfg80211: failed to load regulatory.db
[   86.780677][ T5900] batman_adv: batadv0: Interface activated: batadv_slave_1
[   86.792848][ T5900] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   86.806219][ T5900] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   86.816016][ T5900] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   86.825796][ T5900] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   86.951781][ T1149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   86.959916][ T1149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/11/24 09:50:33 executed programs: 2
[   86.998001][  T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   87.016440][  T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   87.370800][   T27] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[   87.554645][   T27] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has an invalid bInterval 0, changing to 4
[   87.565907][   T27] usb 1-1: config 0 interface 0 has no altsetting 0
[   87.574734][   T27] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[   87.583833][   T27] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[   87.596116][   T27] usb 1-1: Product: syz
[   87.600313][   T27] usb 1-1: Manufacturer: syz
[   87.605335][   T27] usb 1-1: SerialNumber: syz
[   87.616528][   T27] usb 1-1: config 0 descriptor??
[   87.640355][   T27] usb 1-1: selecting invalid altsetting 0
[   87.781133][ T5860] Bluetooth: hci0: command tx timeout
[   87.841738][ T5947] ==================================================================
[   87.849831][ T5947] BUG: KASAN: slab-out-of-bounds in copy_to_urb+0x255/0x440
[   87.857117][ T5947] Write of size 264 at addr ffff888072d73b00 by task syz.0.17/5947
[   87.864994][ T5947] 
[   87.867320][ T5947] CPU: 1 PID: 5947 Comm: syz.0.17 Not tainted syzkaller #0
[   87.874512][ T5947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   87.884567][ T5947] Call Trace:
[   87.887853][ T5947]  <TASK>
[   87.890778][ T5947]  dump_stack_lvl+0x16c/0x230
[   87.895449][ T5947]  ? read_lock_is_recursive+0x20/0x20
[   87.900816][ T5947]  ? show_regs_print_info+0x20/0x20
[   87.906036][ T5947]  ? load_image+0x3b0/0x3b0
[   87.910534][ T5947]  ? _raw_spin_lock_irqsave+0xb4/0xf0
[   87.915909][ T5947]  ? __virt_addr_valid+0x18c/0x540
[   87.921043][ T5947]  ? __virt_addr_valid+0x469/0x540
[   87.926166][ T5947]  print_report+0xac/0x220
[   87.930578][ T5947]  ? copy_to_urb+0x255/0x440
[   87.935178][ T5947]  kasan_report+0x117/0x150
[   87.939685][ T5947]  ? copy_to_urb+0x255/0x440
[   87.944280][ T5947]  kasan_check_range+0x288/0x290
[   87.949219][ T5947]  ? copy_to_urb+0x255/0x440
[   87.953807][ T5947]  __asan_memcpy+0x40/0x70
[   87.958261][ T5947]  copy_to_urb+0x255/0x440
[   87.962693][ T5947]  ? snd_usb_endpoint_next_packet_size+0x333/0x520
[   87.969192][ T5947]  prepare_playback_urb+0x932/0x1360
[   87.974488][ T5947]  ? start_endpoints+0x270/0x270
[   87.979423][ T5947]  ? __lock_acquire+0x7c80/0x7c80
[   87.984446][ T5947]  ? start_endpoints+0x270/0x270
[   87.989381][ T5947]  prepare_outbound_urb+0x372/0xc40
[   87.994581][ T5947]  ? verify_lock_unused+0x140/0x140
[   87.999778][ T5947]  ? __asan_memcpy+0x40/0x70
[   88.004399][ T5947]  ? snd_usb_queue_pending_output_urbs+0xd00/0xd00
[   88.010905][ T5947]  ? _copy_from_iter+0xe60/0x1290
[   88.015945][ T5947]  ? find_vmap_area+0xfc/0x110
[   88.020726][ T5947]  ? snd_usb_endpoint_start_quirk+0x1f7/0x310
[   88.026814][ T5947]  snd_usb_endpoint_start+0x4d9/0x1440
[   88.032286][ T5947]  ? snd_usb_endpoint_get_clock_rate+0x100/0x100
[   88.038614][ T5947]  ? do_raw_spin_lock+0x121/0x2c0
[   88.043637][ T5947]  start_endpoints+0xa1/0x270
[   88.048314][ T5947]  ? snd_usb_substream_playback_trigger+0x3ce/0x7a0
[   88.054907][ T5947]  snd_usb_substream_playback_trigger+0x3e0/0x7a0
[   88.061332][ T5947]  snd_pcm_do_start+0xb1/0x170
[   88.066102][ T5947]  snd_pcm_action+0xda/0x230
[   88.070694][ T5947]  __snd_pcm_lib_xfer+0x16fa/0x1c40
[   88.075889][ T5947]  ? __snd_pcm_lib_xfer+0x1c40/0x1c40
[   88.081259][ T5947]  ? fill_silence+0x240/0x240
[   88.085947][ T5947]  ? __mutex_unlock_slowpath+0x1a2/0x6a0
[   88.091594][ T5947]  ? resample_expand+0x7e4/0x860
[   88.096560][ T5947]  ? pcm_lib_apply_appl_ptr+0x510/0x510
[   88.102133][ T5947]  snd_pcm_oss_write3+0x1bc/0x320
[   88.107160][ T5947]  snd_pcm_plug_write_transfer+0x2b8/0x4a0
[   88.112965][ T5947]  ? __lock_acquire+0x7c80/0x7c80
[   88.117990][ T5947]  ? snd_pcm_plug_client_channels_buf+0x610/0x610
[   88.124401][ T5947]  ? snd_pcm_plug_client_channels_buf+0x46a/0x610
[   88.130824][ T5947]  snd_pcm_oss_write+0xbb5/0x1120
[   88.135855][ T5947]  ? snd_pcm_oss_read+0x8c0/0x8c0
[   88.140872][ T5947]  ? common_file_perm+0x198/0x1f0
[   88.145896][ T5947]  ? fsnotify_perm+0x5d/0x5e0
[   88.150578][ T5947]  ? security_file_permission+0x79/0xa0
[   88.156131][ T5947]  ? snd_pcm_oss_read+0x8c0/0x8c0
[   88.161149][ T5947]  vfs_write+0x288/0x940
[   88.165398][ T5947]  ? file_end_write+0x250/0x250
[   88.170246][ T5947]  ? __ia32_sys_get_robust_list+0x90/0x90
[   88.175960][ T5947]  ? __fdget_pos+0x1d8/0x330
[   88.180571][ T5947]  ksys_write+0x147/0x250
[   88.184911][ T5947]  ? __ia32_sys_read+0x90/0x90
[   88.189680][ T5947]  ? lockdep_hardirqs_on+0x98/0x150
[   88.194871][ T5947]  do_syscall_64+0x55/0xb0
[   88.199290][ T5947]  ? clear_bhb_loop+0x40/0x90
[   88.203981][ T5947]  ? clear_bhb_loop+0x40/0x90
[   88.208672][ T5947]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   88.214562][ T5947] RIP: 0033:0x7f8b97d8f749
[   88.218987][ T5947] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   88.238585][ T5947] RSP: 002b:00007ffeb0c35718 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   88.246993][ T5947] RAX: ffffffffffffffda RBX: 00007f8b97fe5fa0 RCX: 00007f8b97d8f749
[   88.254966][ T5947] RDX: 00000000000005ce RSI: 0000200000000640 RDI: 0000000000000004
[   88.262938][ T5947] RBP: 00007f8b97e13f91 R08: 0000000000000000 R09: 0000000000000000
[   88.270904][ T5947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   88.278956][ T5947] R13: 00007f8b97fe5fa0 R14: 00007f8b97fe5fa0 R15: 0000000000000003
[   88.287019][ T5947]  </TASK>
[   88.290037][ T5947] 
[   88.292360][ T5947] Allocated by task 5947:
[   88.296675][ T5947]  kasan_set_track+0x4e/0x70
[   88.301264][ T5947]  __kasan_kmalloc+0x8f/0xa0
[   88.305852][ T5947]  __kmalloc+0xb4/0x240
[   88.310010][ T5947]  snd_usb_endpoint_set_params+0x1575/0x28e0
[   88.315988][ T5947]  snd_usb_hw_params+0x123e/0x19c0
[   88.321107][ T5947]  snd_pcm_hw_params+0x835/0x1c50
[   88.326142][ T5947]  snd_pcm_oss_change_params_locked+0x2144/0x3d30
[   88.332552][ T5947]  snd_pcm_oss_write+0x2ff/0x1120
[   88.337570][ T5947]  vfs_write+0x288/0x940
[   88.341811][ T5947]  ksys_write+0x147/0x250
[   88.346147][ T5947]  do_syscall_64+0x55/0xb0
[   88.350571][ T5947]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   88.356460][ T5947] 
[   88.358776][ T5947] The buggy address belongs to the object at ffff888072d73b00
[   88.358776][ T5947]  which belongs to the cache kmalloc-128 of size 128
[   88.372823][ T5947] The buggy address is located 0 bytes inside of
[   88.372823][ T5947]  allocated 120-byte region [ffff888072d73b00, ffff888072d73b78)
[   88.386782][ T5947] 
[   88.389103][ T5947] The buggy address belongs to the physical page:
[   88.395515][ T5947] page:ffffea0001cb5cc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x72d73
[   88.405668][ T5947] flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff)
[   88.413208][ T5947] page_type: 0xffffffff()
[   88.417531][ T5947] raw: 00fff00000000800 ffff8880178418c0 dead000000000122 0000000000000000
[   88.426129][ T5947] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   88.434708][ T5947] page dumped because: kasan: bad access detected
[   88.441129][ T5947] page_owner tracks the page as allocated
[   88.446832][ T5947] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 5908, tgid 5908 (udevd), ts 87750353367, free_ts 87746794222
[   88.464443][ T5947]  post_alloc_hook+0x1cd/0x210
[   88.469211][ T5947]  get_page_from_freelist+0x195c/0x19f0
[   88.474762][ T5947]  __alloc_pages+0x1e3/0x460
[   88.479360][ T5947]  alloc_slab_page+0x5d/0x170
[   88.484039][ T5947]  new_slab+0x87/0x2e0
[   88.488110][ T5947]  ___slab_alloc+0xc6d/0x1300
[   88.492787][ T5947]  __kmem_cache_alloc_node+0x1a2/0x260
[   88.498245][ T5947]  kmalloc_trace+0x2a/0xe0
[   88.502664][ T5947]  kernfs_fop_open+0x7d7/0xcc0
[   88.507427][ T5947]  do_dentry_open+0x8c6/0x1500
[   88.512195][ T5947]  path_openat+0x274b/0x3190
[   88.516788][ T5947]  do_filp_open+0x1c5/0x3d0
[   88.521298][ T5947]  do_sys_openat2+0x12c/0x1c0
[   88.525979][ T5947]  __x64_sys_openat+0x139/0x160
[   88.530825][ T5947]  do_syscall_64+0x55/0xb0
[   88.535242][ T5947]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   88.541138][ T5947] page last free stack trace:
[   88.545808][ T5947]  free_unref_page_prepare+0x7ce/0x8e0
[   88.551274][ T5947]  free_unref_page+0x32/0x2e0
[   88.555952][ T5947]  __unfreeze_partials+0x1cf/0x210
[   88.561066][ T5947]  put_cpu_partial+0x17c/0x250
[   88.565833][ T5947]  __slab_free+0x31d/0x410
[   88.570247][ T5947]  qlist_free_all+0x75/0xe0
[   88.574748][ T5947]  kasan_quarantine_reduce+0x143/0x160
[   88.580206][ T5947]  __kasan_slab_alloc+0x22/0x80
[   88.585064][ T5947]  slab_post_alloc_hook+0x6e/0x4d0
[   88.590185][ T5947]  kmem_cache_alloc+0x11e/0x2e0
[   88.595041][ T5947]  getname_flags+0xbb/0x500
[   88.599549][ T5947]  do_sys_openat2+0xcb/0x1c0
[   88.604141][ T5947]  __x64_sys_openat+0x139/0x160
[   88.608992][ T5947]  do_syscall_64+0x55/0xb0
[   88.613408][ T5947]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   88.619300][ T5947] 
[   88.621618][ T5947] Memory state around the buggy address:
[   88.627244][ T5947]  ffff888072d73a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   88.635317][ T5947]  ffff888072d73a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   88.643375][ T5947] >ffff888072d73b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   88.651427][ T5947]                                                                 ^
[   88.659391][ T5947]  ffff888072d73b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   88.667443][ T5947]  ffff888072d73c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   88.675491][ T5947] ==================================================================
[   88.683550][ T5947] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   88.690730][ T5947] CPU: 1 PID: 5947 Comm: syz.0.17 Not tainted syzkaller #0
[   88.697915][ T5947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   88.707960][ T5947] Call Trace:
[   88.711241][ T5947]  <TASK>
[   88.714172][ T5947]  dump_stack_lvl+0x16c/0x230
[   88.718855][ T5947]  ? show_regs_print_info+0x20/0x20
[   88.724051][ T5947]  ? load_image+0x3b0/0x3b0
[   88.728552][ T5947]  panic+0x2c0/0x710
[   88.732439][ T5947]  ? __lock_acquire+0x7c80/0x7c80
[   88.737458][ T5947]  ? bpf_jit_dump+0xd0/0xd0
[   88.741959][ T5947]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[   88.747851][ T5947]  ? _raw_spin_unlock+0x40/0x40
[   88.752696][ T5947]  ? copy_to_urb+0x255/0x440
[   88.757325][ T5947]  check_panic_on_warn+0x84/0xa0
[   88.762273][ T5947]  ? copy_to_urb+0x255/0x440
[   88.766862][ T5947]  end_report+0x6f/0x140
[   88.771108][ T5947]  kasan_report+0x128/0x150
[   88.775611][ T5947]  ? copy_to_urb+0x255/0x440
[   88.780202][ T5947]  kasan_check_range+0x288/0x290
[   88.785135][ T5947]  ? copy_to_urb+0x255/0x440
[   88.789736][ T5947]  __asan_memcpy+0x40/0x70
[   88.794151][ T5947]  copy_to_urb+0x255/0x440
[   88.798567][ T5947]  ? snd_usb_endpoint_next_packet_size+0x333/0x520
[   88.805066][ T5947]  prepare_playback_urb+0x932/0x1360
[   88.810364][ T5947]  ? start_endpoints+0x270/0x270
[   88.815299][ T5947]  ? __lock_acquire+0x7c80/0x7c80
[   88.820332][ T5947]  ? start_endpoints+0x270/0x270
[   88.825268][ T5947]  prepare_outbound_urb+0x372/0xc40
[   88.830463][ T5947]  ? verify_lock_unused+0x140/0x140
[   88.835663][ T5947]  ? __asan_memcpy+0x40/0x70
[   88.840247][ T5947]  ? snd_usb_queue_pending_output_urbs+0xd00/0xd00
[   88.846772][ T5947]  ? _copy_from_iter+0xe60/0x1290
[   88.851800][ T5947]  ? find_vmap_area+0xfc/0x110
[   88.856565][ T5947]  ? snd_usb_endpoint_start_quirk+0x1f7/0x310
[   88.862632][ T5947]  snd_usb_endpoint_start+0x4d9/0x1440
[   88.868093][ T5947]  ? snd_usb_endpoint_get_clock_rate+0x100/0x100
[   88.874423][ T5947]  ? do_raw_spin_lock+0x121/0x2c0
[   88.879444][ T5947]  start_endpoints+0xa1/0x270
[   88.884117][ T5947]  ? snd_usb_substream_playback_trigger+0x3ce/0x7a0
[   88.890708][ T5947]  snd_usb_substream_playback_trigger+0x3e0/0x7a0
[   88.897133][ T5947]  snd_pcm_do_start+0xb1/0x170
[   88.901907][ T5947]  snd_pcm_action+0xda/0x230
[   88.906497][ T5947]  __snd_pcm_lib_xfer+0x16fa/0x1c40
[   88.911694][ T5947]  ? __snd_pcm_lib_xfer+0x1c40/0x1c40
[   88.917067][ T5947]  ? fill_silence+0x240/0x240
[   88.921740][ T5947]  ? __mutex_unlock_slowpath+0x1a2/0x6a0
[   88.927375][ T5947]  ? resample_expand+0x7e4/0x860
[   88.932306][ T5947]  ? pcm_lib_apply_appl_ptr+0x510/0x510
[   88.937852][ T5947]  snd_pcm_oss_write3+0x1bc/0x320
[   88.942870][ T5947]  snd_pcm_plug_write_transfer+0x2b8/0x4a0
[   88.948675][ T5947]  ? __lock_acquire+0x7c80/0x7c80
[   88.953697][ T5947]  ? snd_pcm_plug_client_channels_buf+0x610/0x610
[   88.960113][ T5947]  ? snd_pcm_plug_client_channels_buf+0x46a/0x610
[   88.966525][ T5947]  snd_pcm_oss_write+0xbb5/0x1120
[   88.971556][ T5947]  ? snd_pcm_oss_read+0x8c0/0x8c0
[   88.976581][ T5947]  ? common_file_perm+0x198/0x1f0
[   88.981607][ T5947]  ? fsnotify_perm+0x5d/0x5e0
[   88.986292][ T5947]  ? security_file_permission+0x79/0xa0
[   88.991849][ T5947]  ? snd_pcm_oss_read+0x8c0/0x8c0
[   88.996872][ T5947]  vfs_write+0x288/0x940
[   89.001122][ T5947]  ? file_end_write+0x250/0x250
[   89.005973][ T5947]  ? __ia32_sys_get_robust_list+0x90/0x90
[   89.011699][ T5947]  ? __fdget_pos+0x1d8/0x330
[   89.016290][ T5947]  ksys_write+0x147/0x250
[   89.020624][ T5947]  ? __ia32_sys_read+0x90/0x90
[   89.025388][ T5947]  ? lockdep_hardirqs_on+0x98/0x150
[   89.030589][ T5947]  do_syscall_64+0x55/0xb0
[   89.035016][ T5947]  ? clear_bhb_loop+0x40/0x90
[   89.039699][ T5947]  ? clear_bhb_loop+0x40/0x90
[   89.044374][ T5947]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   89.050261][ T5947] RIP: 0033:0x7f8b97d8f749
[   89.054677][ T5947] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   89.074293][ T5947] RSP: 002b:00007ffeb0c35718 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   89.082706][ T5947] RAX: ffffffffffffffda RBX: 00007f8b97fe5fa0 RCX: 00007f8b97d8f749
[   89.090672][ T5947] RDX: 00000000000005ce RSI: 0000200000000640 RDI: 0000000000000004
[   89.098641][ T5947] RBP: 00007f8b97e13f91 R08: 0000000000000000 R09: 0000000000000000
[   89.106607][ T5947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   89.114570][ T5947] R13: 00007f8b97fe5fa0 R14: 00007f8b97fe5fa0 R15: 0000000000000003
[   89.122541][ T5947]  </TASK>
[   89.125884][ T5947] Kernel Offset: disabled
[   89.130205][ T5947] Rebooting in 86400 seconds..