Warning: Permanently added '10.128.0.97' (ED25519) to the list of known hosts.
2024/12/21 07:50:31 ignoring optional flag "sandboxArg"="0"
2024/12/21 07:50:32 parsed 1 programs
[   74.393255][ T5827] cgroup: Unknown subsys name 'net'
[   74.558126][ T5827] cgroup: Unknown subsys name 'cpuset'
[   74.566468][ T5827] cgroup: Unknown subsys name 'rlimit'
[   75.950989][ T5827] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   78.566761][ T5840] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   78.686170][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   78.698215][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   78.706097][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   78.714355][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   78.722238][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   78.729694][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   80.233539][ T5880] chnl_net:caif_netlink_parms(): no params data found
[   80.295745][ T5880] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.304576][ T5880] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.311789][ T5880] bridge_slave_0: entered allmulticast mode
[   80.318825][ T5880] bridge_slave_0: entered promiscuous mode
[   80.345328][ T5880] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.352516][ T5880] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.360009][ T5880] bridge_slave_1: entered allmulticast mode
[   80.367534][ T5880] bridge_slave_1: entered promiscuous mode
[   80.408109][ T5880] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   80.422736][ T5880] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   80.446473][ T5880] team0: Port device team_slave_0 added
[   80.453691][ T5880] team0: Port device team_slave_1 added
[   80.481743][ T5880] batman_adv: batadv0: Adding interface: batadv_slave_0
[   80.489208][ T5880] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.515569][ T5880] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   80.528577][ T5880] batman_adv: batadv0: Adding interface: batadv_slave_1
[   80.535948][ T5880] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.563099][ T5880] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   80.604256][ T5880] hsr_slave_0: entered promiscuous mode
[   80.611592][ T5880] hsr_slave_1: entered promiscuous mode
[   80.699955][ T5880] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   80.710518][ T5880] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   80.722092][ T5880] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   80.735423][ T5880] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   80.760852][ T5880] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.769034][ T5880] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.777647][ T5880] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.785124][ T5880] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.830921][ T5880] 8021q: adding VLAN 0 to HW filter on device bond0
[   80.851718][   T61] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.862708][   T61] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.880650][ T5880] 8021q: adding VLAN 0 to HW filter on device team0
[   80.896376][ T3007] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.903613][ T3007] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.918346][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.925594][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[   81.049049][ T5880] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.083256][ T5880] veth0_vlan: entered promiscuous mode
[   81.095219][ T5880] veth1_vlan: entered promiscuous mode
[   81.119124][ T5880] veth0_macvtap: entered promiscuous mode
[   81.127847][ T5880] veth1_macvtap: entered promiscuous mode
[   81.142685][ T5880] batman_adv: batadv0: Interface activated: batadv_slave_0
[   81.155637][ T5880] batman_adv: batadv0: Interface activated: batadv_slave_1
[   81.170219][ T5880] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   81.179957][ T5880] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   81.189250][ T5880] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   81.198098][ T5880] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   81.338699][   T61] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.416505][   T61] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.497730][   T61] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.558094][   T61] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.702671][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.721467][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   81.749351][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.758416][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2024/12/21 07:50:43 executed programs: 0
[   83.013175][ T5143] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   83.021739][ T5143] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   83.030157][ T5143] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   83.039388][ T5143] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   83.048836][ T5143] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   83.056548][ T5143] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   83.153781][ T5925] chnl_net:caif_netlink_parms(): no params data found
[   83.197973][ T5925] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.205603][ T5925] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.212929][ T5925] bridge_slave_0: entered allmulticast mode
[   83.219917][ T5925] bridge_slave_0: entered promiscuous mode
[   83.228349][ T5925] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.236291][ T5925] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.245240][ T5925] bridge_slave_1: entered allmulticast mode
[   83.251918][ T5925] bridge_slave_1: entered promiscuous mode
[   83.277785][ T5925] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   83.289582][ T5925] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   83.316429][ T5925] team0: Port device team_slave_0 added
[   83.325017][ T5925] team0: Port device team_slave_1 added
[   83.342697][ T5925] batman_adv: batadv0: Adding interface: batadv_slave_0
[   83.350293][ T5925] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   83.377385][ T5925] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   83.390707][ T5925] batman_adv: batadv0: Adding interface: batadv_slave_1
[   83.398844][ T5925] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   83.425858][ T5925] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   83.458035][ T5925] hsr_slave_0: entered promiscuous mode
[   83.464625][ T5925] hsr_slave_1: entered promiscuous mode
[   83.470933][ T5925] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   83.479076][ T5925] Cannot create hsr debugfs directory
[   84.331844][   T61] bridge_slave_1: left allmulticast mode
[   84.338936][   T61] bridge_slave_1: left promiscuous mode
[   84.347052][   T61] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.360055][   T61] bridge_slave_0: left allmulticast mode
[   84.367535][   T61] bridge_slave_0: left promiscuous mode
[   84.373332][   T61] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.627191][   T61] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   84.639168][   T61] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   84.649677][   T61] bond0 (unregistering): Released all slaves
[   84.748366][   T61] hsr_slave_0: left promiscuous mode
[   84.757000][   T61] hsr_slave_1: left promiscuous mode
[   84.763258][   T61] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   84.771404][   T61] batman_adv: batadv0: Removing interface: batadv_slave_0
[   84.793194][   T61] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   84.801026][   T61] batman_adv: batadv0: Removing interface: batadv_slave_1
[   84.822775][   T61] veth1_macvtap: left promiscuous mode
[   84.831871][   T61] veth0_macvtap: left promiscuous mode
[   84.839782][   T61] veth1_vlan: left promiscuous mode
[   84.846605][   T61] veth0_vlan: left promiscuous mode
[   85.075300][   T54] Bluetooth: hci0: command tx timeout
[   85.243483][   T61] team0 (unregistering): Port device team_slave_1 removed
[   85.276685][   T61] team0 (unregistering): Port device team_slave_0 removed
[   85.810021][ T5925] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   85.820936][ T5925] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   85.831203][ T5925] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   85.841461][ T5925] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   85.948440][ T5925] 8021q: adding VLAN 0 to HW filter on device bond0
[   85.978729][ T5925] 8021q: adding VLAN 0 to HW filter on device team0
[   86.143279][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.150472][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[   86.166667][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.173885][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[   86.425908][ T5925] 8021q: adding VLAN 0 to HW filter on device batadv0
[   86.483222][ T5925] veth0_vlan: entered promiscuous mode
[   86.494420][ T5925] veth1_vlan: entered promiscuous mode
[   86.522533][ T5925] veth0_macvtap: entered promiscuous mode
[   86.533016][ T5925] veth1_macvtap: entered promiscuous mode
[   86.557797][ T5925] batman_adv: batadv0: Interface activated: batadv_slave_0
[   86.569263][ T5925] batman_adv: batadv0: Interface activated: batadv_slave_1
[   86.583134][ T5925] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   86.592974][ T5925] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   86.602590][ T5925] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   86.612078][ T5925] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   86.686432][ T1049] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   86.697819][ T1049] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   86.718233][ T2911] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   86.728953][ T2911] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   87.155119][   T54] Bluetooth: hci0: command tx timeout
[   87.406220][  T972] cfg80211: failed to load regulatory.db
2024/12/21 07:50:48 executed programs: 45
[   89.234923][   T54] Bluetooth: hci0: command tx timeout
[   91.314970][   T54] Bluetooth: hci0: command tx timeout
2024/12/21 07:50:53 executed programs: 306
2024/12/21 07:50:58 executed programs: 577
[   98.491606][ T5143] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   98.506838][ T5143] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   98.516577][ T5143] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   98.526862][ T5143] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   98.535181][ T5143] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   98.542479][ T5143] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   98.635986][ T6571] chnl_net:caif_netlink_parms(): no params data found
[   98.679759][ T6571] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.688862][ T6571] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.697056][ T6571] bridge_slave_0: entered allmulticast mode
[   98.703620][ T6571] bridge_slave_0: entered promiscuous mode
[   98.725242][   T61] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.738767][ T6571] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.746648][ T6571] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.754094][ T6571] bridge_slave_1: entered allmulticast mode
[   98.760770][ T6571] bridge_slave_1: entered promiscuous mode
[   98.791175][   T61] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.807272][ T6571] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   98.818976][ T6571] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   98.842154][ T6571] team0: Port device team_slave_0 added
[   98.849743][ T6571] team0: Port device team_slave_1 added
[   98.871237][   T61] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.890823][ T6571] batman_adv: batadv0: Adding interface: batadv_slave_0
[   98.898923][ T6571] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.925462][ T6571] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   98.937750][ T6571] batman_adv: batadv0: Adding interface: batadv_slave_1
[   98.944824][ T6571] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.970857][ T6571] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   99.006048][ T6571] hsr_slave_0: entered promiscuous mode
[   99.012462][ T6571] hsr_slave_1: entered promiscuous mode
[   99.029982][   T61] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.163725][   T61] bridge_slave_1: left allmulticast mode
[   99.170188][   T61] bridge_slave_1: left promiscuous mode
[   99.176027][   T61] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.186032][   T61] bridge_slave_0: left allmulticast mode
[   99.191686][   T61] bridge_slave_0: left promiscuous mode
[   99.197701][   T61] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.421184][   T61] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   99.432214][   T61] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   99.442479][   T61] bond0 (unregistering): Released all slaves
[   99.760908][   T61] hsr_slave_0: left promiscuous mode
[   99.767879][   T61] hsr_slave_1: left promiscuous mode
[   99.774901][   T61] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   99.782342][   T61] batman_adv: batadv0: Removing interface: batadv_slave_0
[   99.790488][   T61] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   99.800710][   T61] batman_adv: batadv0: Removing interface: batadv_slave_1
[   99.820069][   T61] veth1_macvtap: left promiscuous mode
[   99.825895][   T61] veth0_macvtap: left promiscuous mode
[   99.831640][   T61] veth1_vlan: left promiscuous mode
[   99.837614][   T61] veth0_vlan: left promiscuous mode
[  100.122968][   T61] team0 (unregistering): Port device team_slave_1 removed
[  100.152619][   T61] team0 (unregistering): Port device team_slave_0 removed
[  100.423346][ T6571] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  100.436061][ T6571] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  100.455173][ T6571] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  100.467212][ T6571] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  100.587959][ T6571] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.595284][   T54] Bluetooth: hci1: command tx timeout
[  100.622033][ T6571] 8021q: adding VLAN 0 to HW filter on device team0
[  100.642052][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.649667][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.680019][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.687219][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.891955][ T6571] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.923140][ T6571] veth0_vlan: entered promiscuous mode
[  100.934760][ T6571] veth1_vlan: entered promiscuous mode
[  100.956643][ T6571] veth0_macvtap: entered promiscuous mode
[  100.965016][ T6571] veth1_macvtap: entered promiscuous mode
[  100.979852][ T6571] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.993336][ T6571] batman_adv: batadv0: Interface activated: batadv_slave_1
[  101.006095][ T6571] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  101.015679][ T6571] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  101.024853][ T6571] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  101.033660][ T6571] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  101.089452][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.101933][   T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.102241][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.115008][   T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.151687][ T6611] ==================================================================
[  101.159776][ T6611] BUG: KASAN: slab-use-after-free in force_devcd_write+0x31f/0x350
[  101.167672][ T6611] Read of size 8 at addr ffff8880288a2000 by task syz.0.616/6611
[  101.175409][ T6611] 
[  101.177736][ T6611] CPU: 0 UID: 0 PID: 6611 Comm: syz.0.616 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0
[  101.188317][ T6611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  101.198387][ T6611] Call Trace:
[  101.201684][ T6611]  <TASK>
[  101.204635][ T6611]  dump_stack_lvl+0x116/0x1f0
[  101.209353][ T6611]  print_report+0xc3/0x620
[  101.213782][ T6611]  ? __virt_addr_valid+0x5e/0x590
[  101.218821][ T6611]  ? __phys_addr+0xc6/0x150
[  101.223324][ T6611]  kasan_report+0xd9/0x110
[  101.227743][ T6611]  ? force_devcd_write+0x31f/0x350
[  101.232846][ T6611]  ? force_devcd_write+0x31f/0x350
[  101.237949][ T6611]  force_devcd_write+0x31f/0x350
[  101.242879][ T6611]  ? __pfx_force_devcd_write+0x10/0x10
[  101.248349][ T6611]  ? debugfs_file_get+0x21c/0x5c0
[  101.253465][ T6611]  ? __pfx_debugfs_file_get+0x10/0x10
[  101.258844][ T6611]  ? rcu_is_watching+0x12/0xc0
[  101.263621][ T6611]  ? trace_lock_acquire+0x14e/0x1f0
[  101.268832][ T6611]  full_proxy_write+0xfb/0x1b0
[  101.273604][ T6611]  ? __pfx_full_proxy_write+0x10/0x10
[  101.278985][ T6611]  vfs_write+0x24c/0x1150
[  101.283329][ T6611]  ? __pfx_vfs_write+0x10/0x10
[  101.288100][ T6611]  ? do_futex+0x123/0x350
[  101.292457][ T6611]  ? __pfx_do_futex+0x10/0x10
[  101.297148][ T6611]  ? __x64_sys_futex+0x1e1/0x4c0
[  101.302107][ T6611]  ? __x64_sys_futex+0x1ea/0x4c0
[  101.307232][ T6611]  ksys_write+0x12b/0x250
[  101.311577][ T6611]  ? __pfx_ksys_write+0x10/0x10
[  101.316436][ T6611]  do_syscall_64+0xcd/0x250
[  101.321038][ T6611]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.326953][ T6611] RIP: 0033:0x7f67d9b85d29
[  101.331375][ T6611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  101.350997][ T6611] RSP: 002b:00007ffe8846eb58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  101.359420][ T6611] RAX: ffffffffffffffda RBX: 00007f67d9d75fa0 RCX: 00007f67d9b85d29
[  101.367397][ T6611] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  101.375401][ T6611] RBP: 00007f67d9c01aa8 R08: 0000000000000000 R09: 0000000000000000
[  101.383383][ T6611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  101.391358][ T6611] R13: 00007f67d9d75fa0 R14: 00007f67d9d75fa0 R15: 00000000000018c5
[  101.399343][ T6611]  </TASK>
[  101.402367][ T6611] 
[  101.404771][ T6611] Allocated by task 5925:
[  101.409108][ T6611]  kasan_save_stack+0x33/0x60
[  101.413795][ T6611]  kasan_save_track+0x14/0x30
[  101.418483][ T6611]  __kasan_kmalloc+0xaa/0xb0
[  101.423079][ T6611]  vhci_open+0x4c/0x430
[  101.427239][ T6611]  misc_open+0x35a/0x420
[  101.431482][ T6611]  chrdev_open+0x237/0x6a0
[  101.435904][ T6611]  do_dentry_open+0xf59/0x1ea0
[  101.440672][ T6611]  vfs_open+0x82/0x3f0
[  101.444748][ T6611]  path_openat+0x1e6a/0x2d60
[  101.449352][ T6611]  do_filp_open+0x20c/0x470
[  101.453863][ T6611]  do_sys_openat2+0x17a/0x1e0
[  101.458544][ T6611]  __x64_sys_openat+0x175/0x210
[  101.463405][ T6611]  do_syscall_64+0xcd/0x250
[  101.468086][ T6611]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.473984][ T6611] 
[  101.476301][ T6611] Freed by task 5925:
[  101.480363][ T6611]  kasan_save_stack+0x33/0x60
[  101.485046][ T6611]  kasan_save_track+0x14/0x30
[  101.489729][ T6611]  kasan_save_free_info+0x3b/0x60
[  101.494843][ T6611]  __kasan_slab_free+0x51/0x70
[  101.499611][ T6611]  kfree+0x14f/0x4b0
[  101.503507][ T6611]  vhci_release+0xbb/0xf0
[  101.507836][ T6611]  __fput+0x3f8/0xb60
[  101.511828][ T6611]  task_work_run+0x14e/0x250
[  101.516431][ T6611]  do_exit+0xadd/0x2d70
[  101.520595][ T6611]  do_group_exit+0xd3/0x2a0
[  101.525103][ T6611]  get_signal+0x2576/0x2610
[  101.529610][ T6611]  arch_do_signal_or_restart+0x90/0x7e0
[  101.535169][ T6611]  syscall_exit_to_user_mode+0x150/0x2a0
[  101.540806][ T6611]  do_syscall_64+0xda/0x250
[  101.545313][ T6611]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.551220][ T6611] 
[  101.553539][ T6611] The buggy address belongs to the object at ffff8880288a2000
[  101.553539][ T6611]  which belongs to the cache kmalloc-1k of size 1024
[  101.567598][ T6611] The buggy address is located 0 bytes inside of
[  101.567598][ T6611]  freed 1024-byte region [ffff8880288a2000, ffff8880288a2400)
[  101.581310][ T6611] 
[  101.583638][ T6611] The buggy address belongs to the physical page:
[  101.590062][ T6611] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x288a0
[  101.598997][ T6611] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  101.607521][ T6611] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  101.615500][ T6611] page_type: f5(slab)
[  101.619485][ T6611] raw: 00fff00000000040 ffff88801ac41dc0 0000000000000000 dead000000000001
[  101.628106][ T6611] raw: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000
[  101.636990][ T6611] head: 00fff00000000040 ffff88801ac41dc0 0000000000000000 dead000000000001
[  101.645769][ T6611] head: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000
[  101.654459][ T6611] head: 00fff00000000003 ffffea0000a22801 ffffffffffffffff 0000000000000000
[  101.663137][ T6611] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  101.671808][ T6611] page dumped because: kasan: bad access detected
[  101.678316][ T6611] page_owner tracks the page as allocated
[  101.684019][ T6611] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 11, tgid 11 (kworker/u8:0), ts 82995506716, free_ts 82742013877
[  101.703043][ T6611]  post_alloc_hook+0x2d1/0x350
[  101.707842][ T6611]  get_page_from_freelist+0xfce/0x2f80
[  101.713316][ T6611]  __alloc_pages_noprof+0x223/0x25b0
[  101.718614][ T6611]  alloc_pages_mpol_noprof+0x2c9/0x610
[  101.724098][ T6611]  new_slab+0x2c9/0x410
[  101.728269][ T6611]  ___slab_alloc+0xce2/0x1650
[  101.732959][ T6611]  __slab_alloc.constprop.0+0x56/0xb0
[  101.738432][ T6611]  __kmalloc_noprof+0x2de/0x4f0
[  101.743296][ T6611]  ieee802_11_parse_elems_full+0xe6/0x1630
[  101.749112][ T6611]  ieee80211_ibss_rx_queued_mgmt+0xc54/0x3040
[  101.755189][ T6611]  ieee80211_iface_work+0xc0b/0xf00
[  101.760421][ T6611]  cfg80211_wiphy_work+0x3de/0x560
[  101.765553][ T6611]  process_one_work+0x958/0x1b30
[  101.770505][ T6611]  worker_thread+0x6c8/0xf00
[  101.775125][ T6611]  kthread+0x2c1/0x3a0
[  101.779224][ T6611]  ret_from_fork+0x45/0x80
[  101.783641][ T6611] page last free pid 5204 tgid 5204 stack trace:
[  101.789964][ T6611]  free_unref_page+0x661/0x1080
[  101.794818][ T6611]  __put_partials+0x14c/0x170
[  101.799502][ T6611]  qlist_free_all+0x4e/0x120
[  101.804094][ T6611]  kasan_quarantine_reduce+0x195/0x1e0
[  101.809574][ T6611]  __kasan_slab_alloc+0x69/0x90
[  101.814429][ T6611]  kmem_cache_alloc_lru_noprof+0x1c8/0x3b0
[  101.820240][ T6611]  shmem_alloc_inode+0x25/0x50
[  101.825010][ T6611]  alloc_inode+0x5d/0x230
[  101.829346][ T6611]  new_inode+0x22/0x210
[  101.833599][ T6611]  shmem_get_inode+0x194/0xf00
[  101.838380][ T6611]  shmem_mknod+0x1a8/0x450
[  101.842890][ T6611]  lookup_open.isra.0+0x1174/0x14c0
[  101.848090][ T6611]  path_openat+0x904/0x2d60
[  101.852713][ T6611]  do_filp_open+0x20c/0x470
[  101.857230][ T6611]  do_sys_openat2+0x17a/0x1e0
[  101.861922][ T6611]  __x64_sys_openat+0x175/0x210
[  101.866791][ T6611] 
[  101.869110][ T6611] Memory state around the buggy address:
[  101.874748][ T6611]  ffff8880288a1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  101.882993][ T6611]  ffff8880288a1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  101.891141][ T6611] >ffff8880288a2000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  101.899196][ T6611]                    ^
[  101.903291][ T6611]  ffff8880288a2080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  101.911379][ T6611]  ffff8880288a2100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  101.919435][ T6611] ==================================================================
[  101.932799][ T6611] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  101.940049][ T6611] CPU: 0 UID: 0 PID: 6611 Comm: syz.0.616 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0
[  101.950651][ T6611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  101.960735][ T6611] Call Trace:
[  101.964016][ T6611]  <TASK>
[  101.966964][ T6611]  dump_stack_lvl+0x3d/0x1f0
[  101.971584][ T6611]  panic+0x71d/0x800
[  101.975490][ T6611]  ? __pfx_panic+0x10/0x10
[  101.979915][ T6611]  ? preempt_schedule_thunk+0x1a/0x30
[  101.985290][ T6611]  ? preempt_schedule_common+0x44/0xc0
[  101.990758][ T6611]  ? check_panic_on_warn+0x1f/0xb0
[  101.995881][ T6611]  check_panic_on_warn+0xab/0xb0
[  102.000828][ T6611]  end_report+0x117/0x180
[  102.005168][ T6611]  kasan_report+0xe9/0x110
[  102.009594][ T6611]  ? force_devcd_write+0x31f/0x350
[  102.014714][ T6611]  ? force_devcd_write+0x31f/0x350
[  102.019841][ T6611]  force_devcd_write+0x31f/0x350
[  102.024785][ T6611]  ? __pfx_force_devcd_write+0x10/0x10
[  102.030256][ T6611]  ? debugfs_file_get+0x21c/0x5c0
[  102.035294][ T6611]  ? __pfx_debugfs_file_get+0x10/0x10
[  102.040688][ T6611]  ? rcu_is_watching+0x12/0xc0
[  102.045557][ T6611]  ? trace_lock_acquire+0x14e/0x1f0
[  102.050770][ T6611]  full_proxy_write+0xfb/0x1b0
[  102.055557][ T6611]  ? __pfx_full_proxy_write+0x10/0x10
[  102.060942][ T6611]  vfs_write+0x24c/0x1150
[  102.065297][ T6611]  ? __pfx_vfs_write+0x10/0x10
[  102.070074][ T6611]  ? do_futex+0x123/0x350
[  102.074415][ T6611]  ? __pfx_do_futex+0x10/0x10
[  102.079108][ T6611]  ? __x64_sys_futex+0x1e1/0x4c0
[  102.084056][ T6611]  ? __x64_sys_futex+0x1ea/0x4c0
[  102.089100][ T6611]  ksys_write+0x12b/0x250
[  102.093456][ T6611]  ? __pfx_ksys_write+0x10/0x10
[  102.098325][ T6611]  do_syscall_64+0xcd/0x250
[  102.102842][ T6611]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.108753][ T6611] RIP: 0033:0x7f67d9b85d29
[  102.113172][ T6611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  102.132799][ T6611] RSP: 002b:00007ffe8846eb58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  102.141237][ T6611] RAX: ffffffffffffffda RBX: 00007f67d9d75fa0 RCX: 00007f67d9b85d29
[  102.149224][ T6611] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  102.157200][ T6611] RBP: 00007f67d9c01aa8 R08: 0000000000000000 R09: 0000000000000000
[  102.165170][ T6611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  102.173146][ T6611] R13: 00007f67d9d75fa0 R14: 00007f67d9d75fa0 R15: 00000000000018c5
[  102.181136][ T6611]  </TASK>
[  102.184474][ T6611] Kernel Offset: disabled
[  102.188806][ T6611] Rebooting in 86400 seconds..