Warning: Permanently added '10.128.1.218' (ED25519) to the list of known hosts.
2026/02/02 00:19:27 parsed 1 programs
[   71.034303][ T4270] cgroup: Unknown subsys name 'net'
[   71.197858][ T4270] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   72.756980][ T4270] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   75.522677][ T4305] chnl_net:caif_netlink_parms(): no params data found
[   75.565208][ T4305] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.572749][ T4305] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.580444][ T4305] device bridge_slave_0 entered promiscuous mode
[   75.589259][ T4305] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.596407][ T4305] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.604254][ T4305] device bridge_slave_1 entered promiscuous mode
[   75.623614][ T4305] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   75.634993][ T4305] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   75.664669][ T4305] team0: Port device team_slave_0 added
[   75.672446][ T4305] team0: Port device team_slave_1 added
[   75.688663][ T4305] batman_adv: batadv0: Adding interface: batadv_slave_0
[   75.695746][ T4305] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   75.721870][ T4305] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   75.742550][ T4305] batman_adv: batadv0: Adding interface: batadv_slave_1
[   75.749549][ T4305] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   75.775549][ T4305] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   75.824840][ T4305] device hsr_slave_0 entered promiscuous mode
[   75.832715][ T4305] device hsr_slave_1 entered promiscuous mode
[   75.934197][ T4305] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   75.944718][ T4305] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   75.963376][ T4305] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   75.975763][ T4305] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   75.999403][ T4305] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.006632][ T4305] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.014456][ T4305] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.021570][ T4305] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.079475][ T4305] 8021q: adding VLAN 0 to HW filter on device bond0
[   76.093585][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   76.104765][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.114062][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.122337][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   76.142676][ T4305] 8021q: adding VLAN 0 to HW filter on device team0
[   76.153401][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   76.162428][   T41] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.169556][   T41] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.182233][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   76.191797][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.198855][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.223474][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   76.232314][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   76.243681][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   76.265205][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   76.279286][ T4305] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   76.292538][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   76.302805][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   76.509436][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   76.518520][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   76.532087][ T4305] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.548213][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   76.557525][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   76.575983][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   76.584721][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   76.598654][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   76.606673][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   76.617894][ T4305] device veth0_vlan entered promiscuous mode
[   76.629333][ T4305] device veth1_vlan entered promiscuous mode
[   76.648780][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   76.656905][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   76.665690][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   76.674364][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   76.685141][ T4305] device veth0_macvtap entered promiscuous mode
[   76.697734][ T4305] device veth1_macvtap entered promiscuous mode
[   76.712484][ T4305] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.719949][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   76.729346][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   76.737651][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   76.746990][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   76.760996][ T4305] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.769285][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   76.777942][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   76.789533][ T4305] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.798595][ T4305] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.807464][ T4305] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.816358][ T4305] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.958847][    T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.461172][   T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.471166][   T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.504147][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   77.524016][ T4341] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.532107][ T4341] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.540430][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   77.824259][ T4355] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   77.832891][ T4355] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   77.840427][ T4355] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   77.848989][ T4355] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   77.857666][ T4355] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   77.865491][ T4355] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2026/02/02 00:19:36 executed programs: 0
[   78.763674][   T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   78.772782][   T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   78.780304][   T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   78.788592][   T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   78.796735][   T48] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   78.804134][   T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   78.919770][ T4373] chnl_net:caif_netlink_parms(): no params data found
[   78.967054][ T4373] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.975523][ T4373] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.984161][ T4373] device bridge_slave_0 entered promiscuous mode
[   78.993064][ T4373] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.000204][ T4373] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.008568][ T4373] device bridge_slave_1 entered promiscuous mode
[   79.028849][ T4373] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   79.039654][ T4373] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   79.062284][ T4373] team0: Port device team_slave_0 added
[   79.069540][ T4373] team0: Port device team_slave_1 added
[   79.089716][ T4373] batman_adv: batadv0: Adding interface: batadv_slave_0
[   79.096875][ T4373] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.122907][ T4373] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   79.135412][ T4373] batman_adv: batadv0: Adding interface: batadv_slave_1
[   79.142804][ T4373] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.169201][ T4373] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   79.198773][ T4373] device hsr_slave_0 entered promiscuous mode
[   79.205475][ T4373] device hsr_slave_1 entered promiscuous mode
[   79.212227][ T4373] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   79.219988][ T4373] Cannot create hsr debugfs directory
[   79.421553][    T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.831224][   T48] Bluetooth: hci0: command 0x0409 tx timeout
[   81.552964][    T7] cfg80211: failed to load regulatory.db
[   81.808915][    T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.884452][    T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   82.732208][ T4373] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   82.744752][ T4373] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   82.761676][    T9] device hsr_slave_0 left promiscuous mode
[   82.769038][    T9] device hsr_slave_1 left promiscuous mode
[   82.778070][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   82.786130][    T9] batman_adv: batadv0: Removing interface: batadv_slave_0
[   82.794903][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   82.802913][    T9] batman_adv: batadv0: Removing interface: batadv_slave_1
[   82.811239][    T9] device bridge_slave_1 left promiscuous mode
[   82.818284][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.842488][    T9] device bridge_slave_0 left promiscuous mode
[   82.848792][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.877395][    T9] device veth1_macvtap left promiscuous mode
[   82.886290][    T9] device veth0_macvtap left promiscuous mode
[   82.893038][    T9] device veth1_vlan left promiscuous mode
[   82.899578][    T9] device veth0_vlan left promiscuous mode
[   82.911039][   T48] Bluetooth: hci0: command 0x041b tx timeout
[   83.259418][    T9] team0 (unregistering): Port device team_slave_1 removed
[   83.287135][    T9] team0 (unregistering): Port device team_slave_0 removed
[   83.313718][    T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   83.346169][    T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   83.526947][    T9] bond0 (unregistering): Released all slaves
[   83.618456][ T4373] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   83.628640][ T4373] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   83.701235][ T4373] 8021q: adding VLAN 0 to HW filter on device bond0
[   83.728197][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   83.737086][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   83.747574][ T4373] 8021q: adding VLAN 0 to HW filter on device team0
[   83.763463][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   83.773699][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   83.782542][ T4371] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.789608][ T4371] bridge0: port 1(bridge_slave_0) entered forwarding state
[   83.797646][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   83.808991][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   83.817943][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   83.828233][ T4371] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.835324][ T4371] bridge0: port 2(bridge_slave_1) entered forwarding state
[   83.852116][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   83.861766][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   83.870240][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   83.889052][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   83.897649][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   83.906807][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   83.915499][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   83.937027][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   83.946127][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   83.955834][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   83.965308][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   83.978372][ T4373] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   84.212010][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   84.219472][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   84.243776][ T4373] 8021q: adding VLAN 0 to HW filter on device batadv0
[   84.272701][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   84.282274][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   84.315743][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   84.324288][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   84.343507][ T4373] device veth0_vlan entered promiscuous mode
[   84.351110][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   84.359827][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   84.376393][ T4373] device veth1_vlan entered promiscuous mode
[   84.395300][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   84.403580][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   84.413543][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   84.422069][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   84.452813][ T4373] device veth0_macvtap entered promiscuous mode
[   84.462807][ T4373] device veth1_macvtap entered promiscuous mode
[   84.476719][ T4373] batman_adv: batadv0: Interface activated: batadv_slave_0
[   84.487406][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   84.499979][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   84.508250][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   84.517166][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   84.547933][ T4373] batman_adv: batadv0: Interface activated: batadv_slave_1
[   84.555453][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   84.564056][ T4341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   84.576299][ T4373] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   84.585337][ T4373] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   84.595227][ T4373] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   84.604470][ T4373] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   84.693930][ T4341] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.715121][ T4341] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.723546][   T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.731862][   T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.748116][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   84.757534][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   84.990724][   T48] Bluetooth: hci0: command 0x040f tx timeout
[   85.092071][ T4311] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[   85.286877][ T4311] usb 1-1: config 0 interface 0 has no altsetting 0
[   85.305448][ T4311] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[   85.317135][ T4311] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[   85.325890][ T4311] usb 1-1: Product: syz
[   85.330209][ T4311] usb 1-1: Manufacturer: syz
[   85.336364][ T4311] usb 1-1: SerialNumber: syz
[   85.356561][ T4311] usb 1-1: config 0 descriptor??
[   85.368028][ T4311] usb 1-1: selecting invalid altsetting 0
[   85.566665][ T4436] ==================================================================
[   85.574846][ T4436] BUG: KASAN: slab-out-of-bounds in copy_to_urb+0x21f/0x410
[   85.582133][ T4436] Write of size 264 at addr ffff8880729d6400 by task syz.0.17/4436
[   85.590008][ T4436] 
[   85.592327][ T4436] CPU: 0 PID: 4436 Comm: syz.0.17 Not tainted syzkaller #0
[   85.599516][ T4436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   85.609563][ T4436] Call Trace:
[   85.612864][ T4436]  <TASK>
[   85.615880][ T4436]  dump_stack_lvl+0x188/0x24e
[   85.620653][ T4436]  ? read_lock_is_recursive+0x10/0x10
[   85.626122][ T4436]  ? show_regs_print_info+0x12/0x12
[   85.631329][ T4436]  ? load_image+0x400/0x400
[   85.635852][ T4436]  ? _raw_spin_lock_irqsave+0xbc/0x100
[   85.641317][ T4436]  ? __virt_addr_valid+0x188/0x540
[   85.646429][ T4436]  ? __virt_addr_valid+0x465/0x540
[   85.651537][ T4436]  ? copy_to_urb+0x21f/0x410
[   85.656121][ T4436]  print_report+0xa8/0x210
[   85.660529][ T4436]  kasan_report+0x10b/0x140
[   85.665044][ T4436]  ? copy_to_urb+0x21f/0x410
[   85.669628][ T4436]  kasan_check_range+0x235/0x290
[   85.674564][ T4436]  ? copy_to_urb+0x21f/0x410
[   85.679145][ T4436]  memcpy+0x3c/0x60
[   85.682948][ T4436]  copy_to_urb+0x21f/0x410
[   85.687362][ T4436]  prepare_playback_urb+0x910/0x1440
[   85.692708][ T4436]  snd_usb_endpoint_start+0x4a6/0x12e0
[   85.698179][ T4436]  ? snd_usb_endpoint_get_clock_rate+0x100/0x100
[   85.704501][ T4436]  ? __rwlock_init+0x140/0x140
[   85.709261][ T4436]  start_endpoints+0xa1/0x270
[   85.713946][ T4436]  ? snd_usb_substream_playback_trigger+0x3d9/0x7d0
[   85.720569][ T4436]  snd_usb_substream_playback_trigger+0x3eb/0x7d0
[   85.727001][ T4436]  snd_pcm_action+0xda/0x230
[   85.731596][ T4436]  __snd_pcm_lib_xfer+0x17ba/0x1c90
[   85.736815][ T4436]  ? fill_silence+0x240/0x240
[   85.741548][ T4436]  ? __snd_pcm_lib_xfer+0x1c90/0x1c90
[   85.746914][ T4436]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[   85.752561][ T4436]  ? resample_expand+0x7e2/0x860
[   85.757491][ T4436]  ? pcm_lib_apply_appl_ptr+0x540/0x540
[   85.763039][ T4436]  snd_pcm_oss_write3+0x1b8/0x310
[   85.768075][ T4436]  snd_pcm_plug_write_transfer+0x2ba/0x4b0
[   85.773981][ T4436]  ? snd_pcm_plug_client_channels_buf+0x600/0x600
[   85.780400][ T4436]  ? snd_pcm_plug_client_channels_buf+0x466/0x600
[   85.786817][ T4436]  snd_pcm_oss_write2+0x1a5/0x410
[   85.791859][ T4436]  ? snd_pcm_hw_param_max+0x6a0/0x6a0
[   85.797259][ T4436]  ? snd_pcm_do_prepare+0x220/0x220
[   85.802471][ T4436]  ? snd_pcm_action_nonatomic+0x24a/0x2a0
[   85.808187][ T4436]  snd_pcm_oss_write+0x6a7/0xaf0
[   85.813119][ T4436]  ? snd_pcm_oss_read+0x8b0/0x8b0
[   85.818151][ T4436]  vfs_write+0x2e6/0xa30
[   85.822395][ T4436]  ? file_end_write+0x250/0x250
[   85.827248][ T4436]  ? __ia32_sys_get_robust_list+0x100/0x100
[   85.833152][ T4436]  ? do_sys_openat2+0x20c/0x4b0
[   85.837998][ T4436]  ? __fdget_pos+0x1d4/0x360
[   85.842582][ T4436]  ksys_write+0x14c/0x250
[   85.846909][ T4436]  ? __ia32_sys_read+0x80/0x80
[   85.851669][ T4436]  ? lockdep_hardirqs_on+0x94/0x140
[   85.856862][ T4436]  do_syscall_64+0x4c/0xa0
[   85.861271][ T4436]  ? clear_bhb_loop+0x60/0xb0
[   85.865939][ T4436]  ? clear_bhb_loop+0x60/0xb0
[   85.870622][ T4436]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   85.876537][ T4436] RIP: 0033:0x7fcaac59aeb9
[   85.880951][ T4436] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.900579][ T4436] RSP: 002b:00007ffcc59f6fd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   85.909010][ T4436] RAX: ffffffffffffffda RBX: 00007fcaac815fa0 RCX: 00007fcaac59aeb9
[   85.916976][ T4436] RDX: 00000000000005ce RSI: 0000200000000640 RDI: 0000000000000004
[   85.924941][ T4436] RBP: 00007fcaac608c1f R08: 0000000000000000 R09: 0000000000000000
[   85.932908][ T4436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.940874][ T4436] R13: 00007fcaac815fac R14: 00007fcaac815fa0 R15: 00007fcaac815fa0
[   85.948842][ T4436]  </TASK>
[   85.951872][ T4436] 
[   85.954208][ T4436] Allocated by task 4436:
[   85.958531][ T4436]  kasan_set_track+0x4b/0x70
[   85.963143][ T4436]  __kasan_kmalloc+0x8e/0xa0
[   85.967729][ T4436]  __kmalloc+0xb0/0x240
[   85.971883][ T4436]  snd_usb_endpoint_set_params+0x17f5/0x2f00
[   85.977860][ T4436]  snd_usb_hw_params+0x1239/0x19d0
[   85.982964][ T4436]  snd_pcm_hw_params+0x8a2/0x1ce0
[   85.987982][ T4436]  snd_pcm_oss_change_params_locked+0x206b/0x3c50
[   85.994388][ T4436]  snd_pcm_oss_write+0x277/0xaf0
[   85.999331][ T4436]  vfs_write+0x2e6/0xa30
[   86.003571][ T4436]  ksys_write+0x14c/0x250
[   86.008090][ T4436]  do_syscall_64+0x4c/0xa0
[   86.012521][ T4436]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   86.018436][ T4436] 
[   86.020754][ T4436] The buggy address belongs to the object at ffff8880729d6400
[   86.020754][ T4436]  which belongs to the cache kmalloc-192 of size 192
[   86.034801][ T4436] The buggy address is located 0 bytes inside of
[   86.034801][ T4436]  192-byte region [ffff8880729d6400, ffff8880729d64c0)
[   86.047894][ T4436] 
[   86.050229][ T4436] The buggy address belongs to the physical page:
[   86.056638][ T4436] page:ffffea0001ca7580 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x729d6
[   86.066868][ T4436] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   86.074409][ T4436] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff888017441a00
[   86.082998][ T4436] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   86.091567][ T4436] page dumped because: kasan: bad access detected
[   86.097979][ T4436] page_owner tracks the page as allocated
[   86.103681][ T4436] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 24, tgid 24 (kdevtmpfs), ts 85378607699, free_ts 85342998293
[   86.121313][ T4436]  post_alloc_hook+0x173/0x1a0
[   86.126098][ T4436]  get_page_from_freelist+0x1a1e/0x1ab0
[   86.131642][ T4436]  __alloc_pages+0x1ec/0x4f0
[   86.136228][ T4436]  alloc_slab_page+0x4f/0x160
[   86.141048][ T4436]  new_slab+0x87/0x2c0
[   86.145181][ T4436]  ___slab_alloc+0xbc6/0x1240
[   86.149848][ T4436]  __kmem_cache_alloc_node+0x1a0/0x260
[   86.155301][ T4436]  __kmalloc_node+0xa0/0x240
[   86.159886][ T4436]  memcg_alloc_slab_cgroups+0x83/0x120
[   86.165340][ T4436]  new_slab+0xc3/0x2c0
[   86.169400][ T4436]  ___slab_alloc+0xbc6/0x1240
[   86.174176][ T4436]  kmem_cache_alloc_lru+0x1ae/0x2e0
[   86.179373][ T4436]  shmem_alloc_inode+0x24/0x40
[   86.184240][ T4436]  new_inode_pseudo+0x5f/0x1c0
[   86.188997][ T4436]  new_inode+0x25/0x1c0
[   86.193241][ T4436]  shmem_get_inode+0x347/0xbf0
[   86.197999][ T4436] page last free stack trace:
[   86.202660][ T4436]  free_unref_page_prepare+0x8b4/0x9a0
[   86.208115][ T4436]  free_unref_page+0x2e/0x3f0
[   86.212786][ T4436]  __unfreeze_partials+0x1a5/0x200
[   86.217885][ T4436]  put_cpu_partial+0x17c/0x250
[   86.222642][ T4436]  qlist_free_all+0x76/0xe0
[   86.227142][ T4436]  kasan_quarantine_reduce+0x144/0x160
[   86.232689][ T4436]  __kasan_slab_alloc+0x1e/0x80
[   86.237535][ T4436]  slab_post_alloc_hook+0x4b/0x480
[   86.242638][ T4436]  __kmem_cache_alloc_node+0x140/0x260
[   86.248094][ T4436]  kmalloc_trace+0x26/0xe0
[   86.252522][ T4436]  nsim_fib_event_work+0x891/0x3450
[   86.257834][ T4436]  process_one_work+0x8a2/0x1160
[   86.262764][ T4436]  worker_thread+0xd27/0x1270
[   86.267521][ T4436]  kthread+0x29d/0x330
[   86.271589][ T4436]  ret_from_fork+0x1f/0x30
[   86.276018][ T4436] 
[   86.278329][ T4436] Memory state around the buggy address:
[   86.283947][ T4436]  ffff8880729d6380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   86.291996][ T4436]  ffff8880729d6400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   86.300042][ T4436] >ffff8880729d6480: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   86.308088][ T4436]                          ^
[   86.312664][ T4436]  ffff8880729d6500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   86.320715][ T4436]  ffff8880729d6580: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   86.328848][ T4436] ==================================================================
[   86.336898][ T4436] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   86.344082][ T4436] CPU: 0 PID: 4436 Comm: syz.0.17 Not tainted syzkaller #0
[   86.351273][ T4436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   86.361318][ T4436] Call Trace:
[   86.364592][ T4436]  <TASK>
[   86.367515][ T4436]  dump_stack_lvl+0x188/0x24e
[   86.372196][ T4436]  ? memcpy+0x3c/0x60
[   86.376185][ T4436]  ? show_regs_print_info+0x12/0x12
[   86.381376][ T4436]  ? load_image+0x400/0x400
[   86.385871][ T4436]  panic+0x2e5/0x730
[   86.389760][ T4436]  ? bpf_jit_dump+0xd0/0xd0
[   86.394258][ T4436]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[   86.400141][ T4436]  ? _raw_spin_unlock+0x40/0x40
[   86.405004][ T4436]  check_panic_on_warn+0x80/0xa0
[   86.409938][ T4436]  ? copy_to_urb+0x21f/0x410
[   86.414522][ T4436]  end_report+0x66/0x110
[   86.418768][ T4436]  kasan_report+0x118/0x140
[   86.423278][ T4436]  ? copy_to_urb+0x21f/0x410
[   86.427862][ T4436]  kasan_check_range+0x235/0x290
[   86.432884][ T4436]  ? copy_to_urb+0x21f/0x410
[   86.437470][ T4436]  memcpy+0x3c/0x60
[   86.441272][ T4436]  copy_to_urb+0x21f/0x410
[   86.445696][ T4436]  prepare_playback_urb+0x910/0x1440
[   86.450998][ T4436]  snd_usb_endpoint_start+0x4a6/0x12e0
[   86.456477][ T4436]  ? snd_usb_endpoint_get_clock_rate+0x100/0x100
[   86.462799][ T4436]  ? __rwlock_init+0x140/0x140
[   86.467556][ T4436]  start_endpoints+0xa1/0x270
[   86.472232][ T4436]  ? snd_usb_substream_playback_trigger+0x3d9/0x7d0
[   86.478816][ T4436]  snd_usb_substream_playback_trigger+0x3eb/0x7d0
[   86.485400][ T4436]  snd_pcm_action+0xda/0x230
[   86.489984][ T4436]  __snd_pcm_lib_xfer+0x17ba/0x1c90
[   86.495194][ T4436]  ? fill_silence+0x240/0x240
[   86.499864][ T4436]  ? __snd_pcm_lib_xfer+0x1c90/0x1c90
[   86.505237][ T4436]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[   86.510878][ T4436]  ? resample_expand+0x7e2/0x860
[   86.515830][ T4436]  ? pcm_lib_apply_appl_ptr+0x540/0x540
[   86.521374][ T4436]  snd_pcm_oss_write3+0x1b8/0x310
[   86.526392][ T4436]  snd_pcm_plug_write_transfer+0x2ba/0x4b0
[   86.532193][ T4436]  ? snd_pcm_plug_client_channels_buf+0x600/0x600
[   86.538602][ T4436]  ? snd_pcm_plug_client_channels_buf+0x466/0x600
[   86.545096][ T4436]  snd_pcm_oss_write2+0x1a5/0x410
[   86.550143][ T4436]  ? snd_pcm_hw_param_max+0x6a0/0x6a0
[   86.555509][ T4436]  ? snd_pcm_do_prepare+0x220/0x220
[   86.560716][ T4436]  ? snd_pcm_action_nonatomic+0x24a/0x2a0
[   86.566463][ T4436]  snd_pcm_oss_write+0x6a7/0xaf0
[   86.571399][ T4436]  ? snd_pcm_oss_read+0x8b0/0x8b0
[   86.576431][ T4436]  vfs_write+0x2e6/0xa30
[   86.580681][ T4436]  ? file_end_write+0x250/0x250
[   86.585530][ T4436]  ? __ia32_sys_get_robust_list+0x100/0x100
[   86.591425][ T4436]  ? do_sys_openat2+0x20c/0x4b0
[   86.596291][ T4436]  ? __fdget_pos+0x1d4/0x360
[   86.600889][ T4436]  ksys_write+0x14c/0x250
[   86.605254][ T4436]  ? __ia32_sys_read+0x80/0x80
[   86.610013][ T4436]  ? lockdep_hardirqs_on+0x94/0x140
[   86.615309][ T4436]  do_syscall_64+0x4c/0xa0
[   86.619720][ T4436]  ? clear_bhb_loop+0x60/0xb0
[   86.624418][ T4436]  ? clear_bhb_loop+0x60/0xb0
[   86.629089][ T4436]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   86.634976][ T4436] RIP: 0033:0x7fcaac59aeb9
[   86.639386][ T4436] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   86.658983][ T4436] RSP: 002b:00007ffcc59f6fd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   86.667389][ T4436] RAX: ffffffffffffffda RBX: 00007fcaac815fa0 RCX: 00007fcaac59aeb9
[   86.675357][ T4436] RDX: 00000000000005ce RSI: 0000200000000640 RDI: 0000000000000004
[   86.683323][ T4436] RBP: 00007fcaac608c1f R08: 0000000000000000 R09: 0000000000000000
[   86.691288][ T4436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.699253][ T4436] R13: 00007fcaac815fac R14: 00007fcaac815fa0 R15: 00007fcaac815fa0
[   86.707220][ T4436]  </TASK>
[   86.710690][ T4436] Kernel Offset: disabled
[   86.715012][ T4436] Rebooting in 86400 seconds..