Warning: Permanently added '[localhost]:60192' (ED25519) to the list of known hosts.
2025/12/29 05:44:43 parsed 1 programs
syzkaller login: [   89.547968][ T5324] cgroup: Unknown subsys name 'net'
[   89.619494][ T5324] cgroup: Unknown subsys name 'cpuset'
[   89.624475][ T5324] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   91.343182][ T5324] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   96.333294][  T951] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.337124][  T951] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.365848][  T951] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.370372][  T951] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.420131][ T5341] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   97.057794][  T787] cfg80211: failed to load regulatory.db
[   98.324331][ T5359] chnl_net:caif_netlink_parms(): no params data found
[   98.508530][ T5359] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.512525][ T5359] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.515837][ T5359] bridge_slave_0: entered allmulticast mode
[   98.528165][ T5359] bridge_slave_0: entered promiscuous mode
[   98.538247][ T5359] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.546371][ T5359] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.550302][ T5359] bridge_slave_1: entered allmulticast mode
[   98.566644][ T5359] bridge_slave_1: entered promiscuous mode
[   98.627801][ T5359] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   98.638492][ T5359] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   98.691842][ T5359] team0: Port device team_slave_0 added
[   98.706486][ T5359] team0: Port device team_slave_1 added
[   98.747173][ T5359] batman_adv: batadv0: Adding interface: batadv_slave_0
[   98.750266][ T5359] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   98.786547][ T5359] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   98.797110][ T5359] batman_adv: batadv0: Adding interface: batadv_slave_1
[   98.800186][ T5359] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   98.832552][ T5359] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   98.918256][ T5359] hsr_slave_0: entered promiscuous mode
[   98.921979][ T5359] hsr_slave_1: entered promiscuous mode
[   99.247496][ T5359] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   99.278431][ T5359] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   99.290779][ T5359] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   99.310885][ T5359] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   99.373227][ T5359] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.376935][ T5359] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.381343][ T5359] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.384383][ T5359] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.410796][ T2948] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.417784][ T2948] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.531498][ T5359] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.567946][ T5359] 8021q: adding VLAN 0 to HW filter on device team0
[   99.581185][  T951] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.584497][  T951] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.602717][  T951] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.605876][  T951] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.966771][ T5359] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.034085][ T5359] veth0_vlan: entered promiscuous mode
[  100.049584][ T5359] veth1_vlan: entered promiscuous mode
[  100.093769][ T5359] veth0_macvtap: entered promiscuous mode
[  100.111291][ T5359] veth1_macvtap: entered promiscuous mode
[  100.142645][ T5359] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.163647][ T5359] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.185494][ T2948] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.208103][ T2948] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.228389][ T2948] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.232003][ T2948] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.523146][  T951] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.672037][  T951] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.651545][  T951] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.367849][  T951] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.202794][ T4681] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  103.219766][ T4681] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  103.223491][ T4681] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  103.227786][ T4681] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  103.231033][ T4681] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  103.487427][  T951] bridge_slave_1: left allmulticast mode
[  103.490515][  T951] bridge_slave_1: left promiscuous mode
[  103.494596][  T951] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.567144][  T951] bridge_slave_0: left allmulticast mode
[  103.569796][  T951] bridge_slave_0: left promiscuous mode
[  103.572810][  T951] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.147122][  T951] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  104.153329][  T951] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  104.159461][  T951] bond0 (unregistering): Released all slaves
[  104.251175][  T951] hsr_slave_0: left promiscuous mode
[  104.256924][  T951] hsr_slave_1: left promiscuous mode
[  104.267130][  T951] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  104.271227][  T951] batman_adv: batadv0: Removing interface: batadv_slave_0
[  104.288506][  T951] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  104.292987][  T951] batman_adv: batadv0: Removing interface: batadv_slave_1
[  104.319441][  T951] veth1_macvtap: left promiscuous mode
[  104.322106][  T951] veth0_macvtap: left promiscuous mode
[  104.324692][  T951] veth1_vlan: left promiscuous mode
[  104.338379][  T951] veth0_vlan: left promiscuous mode
[  104.834386][  T951] team0 (unregistering): Port device team_slave_1 removed
[  104.859789][  T951] team0 (unregistering): Port device team_slave_0 removed
2025/12/29 05:45:02 executed programs: 0
[  106.315522][   T46] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  106.324063][   T46] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  106.328620][   T46] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  106.333128][   T46] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  106.343381][   T46] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  107.092700][ T5454] chnl_net:caif_netlink_parms(): no params data found
[  107.289648][ T5454] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.292979][ T5454] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.317122][ T5454] bridge_slave_0: entered allmulticast mode
[  107.320932][ T5454] bridge_slave_0: entered promiscuous mode
[  107.328575][ T5454] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.336988][ T5454] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.340599][ T5454] bridge_slave_1: entered allmulticast mode
[  107.351540][ T5454] bridge_slave_1: entered promiscuous mode
[  107.384442][ T5454] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  107.392921][ T5454] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  107.413755][ T5454] team0: Port device team_slave_0 added
[  107.419133][ T5454] team0: Port device team_slave_1 added
[  107.438483][ T5454] batman_adv: batadv0: Adding interface: batadv_slave_0
[  107.441793][ T5454] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  107.452830][ T5454] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  107.458546][ T5454] batman_adv: batadv0: Adding interface: batadv_slave_1
[  107.461810][ T5454] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  107.473851][ T5454] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  107.508207][ T5454] hsr_slave_0: entered promiscuous mode
[  107.511592][ T5454] hsr_slave_1: entered promiscuous mode
[  107.988947][ T5454] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  108.010326][ T5454] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  108.025106][ T5454] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  108.040283][ T5454] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  108.187261][ T5454] 8021q: adding VLAN 0 to HW filter on device bond0
[  108.214754][ T5454] 8021q: adding VLAN 0 to HW filter on device team0
[  108.230844][  T951] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.234033][  T951] bridge0: port 1(bridge_slave_0) entered forwarding state
[  108.266185][  T140] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.269169][  T140] bridge0: port 2(bridge_slave_1) entered forwarding state
[  108.419827][   T46] Bluetooth: hci0: command tx timeout
[  108.607820][ T5454] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.675392][ T5454] veth0_vlan: entered promiscuous mode
[  108.692249][ T5454] veth1_vlan: entered promiscuous mode
[  108.740550][ T5454] veth0_macvtap: entered promiscuous mode
[  108.759311][ T5454] veth1_macvtap: entered promiscuous mode
[  108.795426][ T5454] batman_adv: batadv0: Interface activated: batadv_slave_0
[  108.812999][ T5454] batman_adv: batadv0: Interface activated: batadv_slave_1
[  108.835412][  T951] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.848774][  T951] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  108.868463][  T951] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.872658][  T951] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  109.019579][ T2948] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.022984][ T2948] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.087684][ T2948] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.090885][ T2948] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.861515][ T5548] ==================================================================
[  109.865703][ T5548] BUG: KASAN: slab-use-after-free in number+0xc48/0xf60
[  109.869010][ T5548] Write of size 1 at addr ffff88801158b60c by task syz.0.30/5548
[  109.873581][ T5548] 
[  109.875005][ T5548] CPU: 0 UID: 0 PID: 5548 Comm: syz.0.30 Not tainted syzkaller #0 PREEMPT(full) 
[  109.875021][ T5548] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  109.875028][ T5548] Call Trace:
[  109.875035][ T5548]  <TASK>
[  109.875042][ T5548]  dump_stack_lvl+0xe8/0x150
[  109.875063][ T5548]  print_report+0xca/0x240
[  109.875076][ T5548]  ? number+0xc48/0xf60
[  109.875088][ T5548]  kasan_report+0x118/0x150
[  109.875170][ T5548]  ? number+0xc48/0xf60
[  109.875183][ T5548]  number+0xc48/0xf60
[  109.875195][ T5548]  ? number+0xc1/0xf60
[  109.875206][ T5548]  ? __pfx_number+0x10/0x10
[  109.875219][ T5548]  ? vsnprintf+0x17c/0xee0
[  109.875231][ T5548]  vsnprintf+0x8e5/0xee0
[  109.875245][ T5548]  snprintf+0xda/0x120
[  109.875257][ T5548]  ? __pfx_snprintf+0x10/0x10
[  109.875269][ T5548]  ? fd_install+0x95/0x3d0
[  109.875280][ T5548]  ? fd_install+0x95/0x3d0
[  109.875289][ T5548]  ? fd_install+0x307/0x3d0
[  109.875299][ T5548]  media_request_alloc+0x319/0x5b0
[  109.875363][ T5548]  media_device_request_alloc+0x98/0xd0
[  109.875375][ T5548]  media_device_ioctl+0x278/0x430
[  109.875391][ T5548]  ? do_futex+0x333/0x420
[  109.875403][ T5548]  ? __pfx_media_device_ioctl+0x10/0x10
[  109.875423][ T5548]  ? __fget_files+0x3a0/0x420
[  109.875433][ T5548]  ? __fget_files+0x2a/0x420
[  109.875444][ T5548]  ? __pfx_media_device_ioctl+0x10/0x10
[  109.875460][ T5548]  ? media_ioctl+0xfe/0x120
[  109.875469][ T5548]  ? __pfx_media_ioctl+0x10/0x10
[  109.875479][ T5548]  __se_sys_ioctl+0xfc/0x170
[  109.875494][ T5548]  do_syscall_64+0xec/0xf80
[  109.875505][ T5548]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.875516][ T5548]  ? trace_irq_disable+0x37/0x100
[  109.875531][ T5548]  ? clear_bhb_loop+0x60/0xb0
[  109.875542][ T5548]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.875554][ T5548] RIP: 0033:0x7fe41c98f7c9
[  109.875567][ T5548] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  109.875576][ T5548] RSP: 002b:00007fe41bffe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  109.875588][ T5548] RAX: ffffffffffffffda RBX: 00007fe41cbe5fa0 RCX: 00007fe41c98f7c9
[  109.875595][ T5548] RDX: 0000000000000000 RSI: 0000000080047c05 RDI: 0000000000000003
[  109.875601][ T5548] RBP: 00007fe41ca13f91 R08: 0000000000000000 R09: 0000000000000000
[  109.875607][ T5548] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  109.875613][ T5548] R13: 00007fe41cbe6038 R14: 00007fe41cbe5fa0 R15: 00007ffce8739818
[  109.875623][ T5548]  </TASK>
[  109.875628][ T5548] 
[  109.986621][ T5548] Allocated by task 5548:
[  109.988735][ T5548]  kasan_save_track+0x3e/0x80
[  109.991049][ T5548]  __kasan_kmalloc+0x93/0xb0
[  109.993262][ T5548]  __kmalloc_cache_noprof+0x3e2/0x700
[  109.995653][ T5548]  media_request_alloc+0xe4/0x5b0
[  109.997857][ T5548]  media_device_request_alloc+0x98/0xd0
[  110.000260][ T5548]  media_device_ioctl+0x278/0x430
[  110.002356][ T5548]  __se_sys_ioctl+0xfc/0x170
[  110.004393][ T5548]  do_syscall_64+0xec/0xf80
[  110.006569][ T5548]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.009413][ T5548] 
[  110.010573][ T5548] Freed by task 5549:
[  110.012354][ T5548]  kasan_save_track+0x3e/0x80
[  110.014370][ T5548]  kasan_save_free_info+0x46/0x50
[  110.016586][ T5548]  __kasan_slab_free+0x5c/0x80
[  110.018634][ T5548]  kfree+0x1c0/0x660
[  110.020338][ T5548]  media_request_close+0x38/0x50
[  110.022447][ T5548]  __fput+0x44c/0xa70
[  110.024387][ T5548]  task_work_run+0x1d4/0x260
[  110.026444][ T5548]  exit_to_user_mode_loop+0xef/0x4e0
[  110.028824][ T5548]  do_syscall_64+0x2b7/0xf80
[  110.031575][ T5548]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.034935][ T5548] 
[  110.036298][ T5548] The buggy address belongs to the object at ffff88801158b600
[  110.036298][ T5548]  which belongs to the cache kmalloc-256 of size 256
[  110.042032][ T5548] The buggy address is located 12 bytes inside of
[  110.042032][ T5548]  freed 256-byte region [ffff88801158b600, ffff88801158b700)
[  110.047309][ T5548] 
[  110.048272][ T5548] The buggy address belongs to the physical page:
[  110.050709][ T5548] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1158b
[  110.054298][ T5548] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  110.057305][ T5548] page_type: f5(slab)
[  110.059099][ T5548] raw: 00fff00000000000 ffff88801a441b40 dead000000000122 0000000000000000
[  110.062658][ T5548] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[  110.066356][ T5548] page dumped because: kasan: bad access detected
[  110.069226][ T5548] page_owner tracks the page as allocated
[  110.071724][ T5548] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5548, tgid 5547 (syz.0.30), ts 109855780649, free_ts 109836972307
[  110.079959][ T5548]  post_alloc_hook+0x234/0x290
[  110.082123][ T5548]  get_page_from_freelist+0x24e0/0x2580
[  110.084636][ T5548]  __alloc_frozen_pages_noprof+0x181/0x370
[  110.087357][ T5548]  alloc_pages_mpol+0x232/0x4a0
[  110.089581][ T5548]  allocate_slab+0x86/0x3b0
[  110.091580][ T5548]  ___slab_alloc+0xe53/0x1820
[  110.093690][ T5548]  __slab_alloc+0x65/0x100
[  110.095779][ T5548]  __kmalloc_cache_noprof+0x41e/0x700
[  110.098132][ T5548]  media_request_alloc+0xe4/0x5b0
[  110.100337][ T5548]  media_device_request_alloc+0x98/0xd0
[  110.102741][ T5548]  media_device_ioctl+0x278/0x430
[  110.104956][ T5548]  __se_sys_ioctl+0xfc/0x170
[  110.107023][ T5548]  do_syscall_64+0xec/0xf80
[  110.109026][ T5548]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.111641][ T5548] page last free pid 15 tgid 15 stack trace:
[  110.114528][ T5548]  __free_frozen_pages+0xbc8/0xd30
[  110.117025][ T5548]  tlb_remove_table_rcu+0x85/0x100
[  110.119422][ T5548]  rcu_core+0xc8e/0x1720
[  110.121457][ T5548]  handle_softirqs+0x22b/0x7c0
[  110.123499][ T5548]  run_ksoftirqd+0x36/0x60
[  110.125426][ T5548]  smpboot_thread_fn+0x542/0xa60
[  110.127535][ T5548]  kthread+0x711/0x8a0
[  110.129237][ T5548]  ret_from_fork+0x510/0xa50
[  110.131206][ T5548]  ret_from_fork_asm+0x1a/0x30
[  110.133257][ T5548] 
[  110.134301][ T5548] Memory state around the buggy address:
[  110.136796][ T5548]  ffff88801158b500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  110.140237][ T5548]  ffff88801158b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  110.143539][ T5548] >ffff88801158b600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  110.146939][ T5548]                       ^
[  110.148776][ T5548]  ffff88801158b680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  110.152118][ T5548]  ffff88801158b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  110.155785][ T5548] ==================================================================
[  110.190685][ T5548] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  110.194017][ T5548] CPU: 0 UID: 0 PID: 5548 Comm: syz.0.30 Not tainted syzkaller #0 PREEMPT(full) 
[  110.198479][ T5548] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  110.204025][ T5548] Call Trace:
[  110.205683][ T5548]  <TASK>
[  110.207072][ T5548]  vpanic+0x1e0/0x670
[  110.208878][ T5548]  panic+0xb9/0xc0
[  110.210727][ T5548]  ? __pfx_panic+0x10/0x10
[  110.212845][ T5548]  ? preempt_schedule_thunk+0x16/0x30
[  110.215427][ T5548]  ? number+0xc48/0xf60
[  110.217587][ T5548]  check_panic_on_warn+0x89/0xb0
[  110.219890][ T5548]  ? number+0xc48/0xf60
[  110.221810][ T5548]  end_report+0x6f/0x140
[  110.223693][ T5548]  kasan_report+0x129/0x150
[  110.225641][ T5548]  ? number+0xc48/0xf60
[  110.227588][ T5548]  number+0xc48/0xf60
[  110.229379][ T5548]  ? number+0xc1/0xf60
[  110.231169][ T5548]  ? __pfx_number+0x10/0x10
[  110.233191][ T5548]  ? vsnprintf+0x17c/0xee0
[  110.235177][ T5548]  vsnprintf+0x8e5/0xee0
[  110.237047][ T5548]  snprintf+0xda/0x120
[  110.238765][ T5548]  ? __pfx_snprintf+0x10/0x10
[  110.240794][ T5548]  ? fd_install+0x95/0x3d0
[  110.242650][ T5548]  ? fd_install+0x95/0x3d0
[  110.244647][ T5548]  ? fd_install+0x307/0x3d0
[  110.246746][ T5548]  media_request_alloc+0x319/0x5b0
[  110.249093][ T5548]  media_device_request_alloc+0x98/0xd0
[  110.251789][ T5548]  media_device_ioctl+0x278/0x430
[  110.254362][ T5548]  ? do_futex+0x333/0x420
[  110.256633][ T5548]  ? __pfx_media_device_ioctl+0x10/0x10
[  110.259163][ T5548]  ? __fget_files+0x3a0/0x420
[  110.261147][ T5548]  ? __fget_files+0x2a/0x420
[  110.263113][ T5548]  ? __pfx_media_device_ioctl+0x10/0x10
[  110.265516][ T5548]  ? media_ioctl+0xfe/0x120
[  110.267623][ T5548]  ? __pfx_media_ioctl+0x10/0x10
[  110.269525][ T5548]  __se_sys_ioctl+0xfc/0x170
[  110.271368][ T5548]  do_syscall_64+0xec/0xf80
[  110.273039][ T5548]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.275429][ T5548]  ? trace_irq_disable+0x37/0x100
[  110.277877][ T5548]  ? clear_bhb_loop+0x60/0xb0
[  110.280084][ T5548]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.282689][ T5548] RIP: 0033:0x7fe41c98f7c9
[  110.285173][ T5548] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  110.293582][ T5548] RSP: 002b:00007fe41bffe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  110.297103][ T5548] RAX: ffffffffffffffda RBX: 00007fe41cbe5fa0 RCX: 00007fe41c98f7c9
[  110.300455][ T5548] RDX: 0000000000000000 RSI: 0000000080047c05 RDI: 0000000000000003
[  110.303955][ T5548] RBP: 00007fe41ca13f91 R08: 0000000000000000 R09: 0000000000000000
[  110.307502][ T5548] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  110.310947][ T5548] R13: 00007fe41cbe6038 R14: 00007fe41cbe5fa0 R15: 00007ffce8739818
[  110.314462][ T5548]  </TASK>
[  110.316238][ T5548] Kernel Offset: disabled
[  110.318179][ T5548] Rebooting in 86400 seconds..

VM DIAGNOSIS:
05:45:06  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000065 RBX=0000000000000065 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90008b8f390
R8 =ffff888033b48237 R9 =1ffff11006769046 R10=dffffc0000000000 R11=ffffffff851bb360
R12=dffffc0000000000 R13=ffffffff998fea04 R14=ffffffff99c136a0 R15=0000000000000000
RIP=ffffffff851bb3dc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fe41bffe6c0 ffffffff 00c00000
GS =0000 ffff88808d416000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fe41bfdcfc8 CR3=00000000113a3000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=0000000000000014 Opmask02=000000000000003f Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe41ca15050
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe41ca1505d
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe41ca15057
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe41ca1506b
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe41ca150f1
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe41ca151cf
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe41cbba4a8 00007fe41cbba4a0 00007fe41cbba498 00007fe41cbba470
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe41d71d100 00007fe41cbba460 00007fe41cbba478 00007fe41cbba4c0
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe41cbba4b8 00007fe41cbba4b0 00007fe41cbba4a8 00007fe41cbba4a0
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000