Warning: Permanently added '10.128.0.235' (ED25519) to the list of known hosts.
2025/02/26 18:56:26 ignoring optional flag "sandboxArg"="0"
2025/02/26 18:56:27 parsed 1 programs
[  279.860125][ T5859] cgroup: Unknown subsys name 'net'
[  279.987413][ T5859] cgroup: Unknown subsys name 'cpuset'
[  279.995446][ T5859] cgroup: Unknown subsys name 'rlimit'
[  281.293808][ T5859] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  283.808762][ T5865] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  284.297250][ T5878] chnl_net:caif_netlink_parms(): no params data found
[  284.361067][ T5878] bridge0: port 1(bridge_slave_0) entered blocking state
[  284.369888][ T5878] bridge0: port 1(bridge_slave_0) entered disabled state
[  284.377469][ T5878] bridge_slave_0: entered allmulticast mode
[  284.384261][ T5878] bridge_slave_0: entered promiscuous mode
[  284.395628][ T5878] bridge0: port 2(bridge_slave_1) entered blocking state
[  284.403003][ T5878] bridge0: port 2(bridge_slave_1) entered disabled state
[  284.410562][ T5878] bridge_slave_1: entered allmulticast mode
[  284.417372][ T5878] bridge_slave_1: entered promiscuous mode
[  284.439953][ T5878] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  284.451659][ T5878] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  284.479560][ T5878] team0: Port device team_slave_0 added
[  284.489289][ T5878] team0: Port device team_slave_1 added
[  284.513128][ T5878] batman_adv: batadv0: Adding interface: batadv_slave_0
[  284.521520][ T5878] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  284.547854][ T5878] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  284.560259][ T5878] batman_adv: batadv0: Adding interface: batadv_slave_1
[  284.567827][ T5878] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  284.593828][ T5878] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  284.626243][ T5878] hsr_slave_0: entered promiscuous mode
[  284.632399][ T5878] hsr_slave_1: entered promiscuous mode
[  284.724508][ T5878] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  284.735482][ T5878] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  284.744541][ T5878] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  284.753577][ T5878] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  284.777246][ T5878] bridge0: port 2(bridge_slave_1) entered blocking state
[  284.784728][ T5878] bridge0: port 2(bridge_slave_1) entered forwarding state
[  284.792430][ T5878] bridge0: port 1(bridge_slave_0) entered blocking state
[  284.799580][ T5878] bridge0: port 1(bridge_slave_0) entered forwarding state
[  284.849559][ T5878] 8021q: adding VLAN 0 to HW filter on device bond0
[  284.867901][ T3019] bridge0: port 1(bridge_slave_0) entered disabled state
[  284.876884][ T3019] bridge0: port 2(bridge_slave_1) entered disabled state
[  284.892294][ T5878] 8021q: adding VLAN 0 to HW filter on device team0
[  284.907108][  T223] bridge0: port 1(bridge_slave_0) entered blocking state
[  284.914249][  T223] bridge0: port 1(bridge_slave_0) entered forwarding state
[  284.926733][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[  284.933835][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[  285.065404][ T5878] 8021q: adding VLAN 0 to HW filter on device batadv0
[  285.099536][ T5878] veth0_vlan: entered promiscuous mode
[  285.111275][ T5878] veth1_vlan: entered promiscuous mode
[  285.133835][ T5878] veth0_macvtap: entered promiscuous mode
[  285.142685][ T5878] veth1_macvtap: entered promiscuous mode
[  285.160246][ T5878] batman_adv: batadv0: Interface activated: batadv_slave_0
[  285.174198][ T5878] batman_adv: batadv0: Interface activated: batadv_slave_1
[  285.185238][ T5878] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  285.194231][ T5878] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  285.203145][ T5878] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  285.215955][ T5878] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  285.359695][ T3019] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  285.447976][ T3019] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  285.548551][ T3019] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  285.619409][ T3019] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  285.645903][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  285.655552][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  285.682225][   T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  285.690898][   T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  287.157196][   T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  287.178458][   T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  287.188259][   T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  287.197480][   T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  287.207646][   T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  287.216808][   T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/02/26 18:56:38 executed programs: 0
[  288.215009][   T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  288.223448][   T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  288.232183][   T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  288.240280][   T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  288.249301][   T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  288.257559][   T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  288.368497][ T3019] bridge_slave_1: left allmulticast mode
[  288.378597][ T3019] bridge_slave_1: left promiscuous mode
[  288.388195][ T3019] bridge0: port 2(bridge_slave_1) entered disabled state
[  288.411156][ T3019] bridge_slave_0: left allmulticast mode
[  288.417340][ T3019] bridge_slave_0: left promiscuous mode
[  288.423136][ T3019] bridge0: port 1(bridge_slave_0) entered disabled state
[  288.682301][ T3019] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  288.694396][ T3019] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  288.705511][ T3019] bond0 (unregistering): Released all slaves
[  288.806630][ T5964] chnl_net:caif_netlink_parms(): no params data found
[  288.829915][ T3019] hsr_slave_0: left promiscuous mode
[  288.836107][ T3019] hsr_slave_1: left promiscuous mode
[  288.842745][ T3019] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  288.850629][ T3019] batman_adv: batadv0: Removing interface: batadv_slave_0
[  288.860476][ T3019] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  288.868442][ T3019] batman_adv: batadv0: Removing interface: batadv_slave_1
[  288.894333][ T3019] veth1_macvtap: left promiscuous mode
[  288.900055][ T3019] veth0_macvtap: left promiscuous mode
[  288.906552][ T3019] veth1_vlan: left promiscuous mode
[  288.912114][ T3019] veth0_vlan: left promiscuous mode
[  289.318128][ T3019] team0 (unregistering): Port device team_slave_1 removed
[  289.351038][ T3019] team0 (unregistering): Port device team_slave_0 removed
[  289.710716][ T5964] bridge0: port 1(bridge_slave_0) entered blocking state
[  289.718190][ T5964] bridge0: port 1(bridge_slave_0) entered disabled state
[  289.726065][ T5964] bridge_slave_0: entered allmulticast mode
[  289.733162][ T5964] bridge_slave_0: entered promiscuous mode
[  289.744664][ T5964] bridge0: port 2(bridge_slave_1) entered blocking state
[  289.751789][ T5964] bridge0: port 2(bridge_slave_1) entered disabled state
[  289.762102][ T5964] bridge_slave_1: entered allmulticast mode
[  289.769957][ T5964] bridge_slave_1: entered promiscuous mode
[  289.808935][ T5964] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  289.825048][ T5964] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  289.867115][ T5964] team0: Port device team_slave_0 added
[  289.876867][ T5964] team0: Port device team_slave_1 added
[  289.916826][ T5964] batman_adv: batadv0: Adding interface: batadv_slave_0
[  289.923829][ T5964] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  289.956411][ T5964] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  289.969682][ T5964] batman_adv: batadv0: Adding interface: batadv_slave_1
[  289.978557][ T5964] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  290.005405][ T5964] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  290.062295][ T5964] hsr_slave_0: entered promiscuous mode
[  290.070581][ T5964] hsr_slave_1: entered promiscuous mode
[  290.325530][ T5146] Bluetooth: hci0: command tx timeout
[  291.063371][ T5964] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  291.081147][ T5964] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  291.090438][ T5964] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  291.099645][ T5964] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  291.200893][ T5964] 8021q: adding VLAN 0 to HW filter on device bond0
[  291.238467][ T5964] 8021q: adding VLAN 0 to HW filter on device team0
[  291.253041][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[  291.260292][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[  291.287361][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[  291.294557][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[  291.516117][ T5964] 8021q: adding VLAN 0 to HW filter on device batadv0
[  291.576693][ T5964] veth0_vlan: entered promiscuous mode
[  291.590625][ T5964] veth1_vlan: entered promiscuous mode
[  291.631693][ T5964] veth0_macvtap: entered promiscuous mode
[  291.641929][ T5964] veth1_macvtap: entered promiscuous mode
[  291.663520][ T5964] batman_adv: batadv0: Interface activated: batadv_slave_0
[  291.681793][ T5964] batman_adv: batadv0: Interface activated: batadv_slave_1
[  291.697205][ T5964] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  291.708559][ T5964] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  291.718464][ T5964] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  291.729453][ T5964] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  291.810784][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  291.824781][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  291.852328][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  291.863066][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  292.399614][ T5146] Bluetooth: hci0: command tx timeout
2025/02/26 18:56:43 executed programs: 49
[  294.475483][ T5146] Bluetooth: hci0: command tx timeout
[  296.554791][ T5146] Bluetooth: hci0: command tx timeout
2025/02/26 18:56:48 executed programs: 320
2025/02/26 18:56:53 executed programs: 593
[  303.459124][   T53] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  303.468365][   T53] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  303.476691][   T53] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  303.485221][   T53] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  303.494719][   T53] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  303.502386][   T53] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  303.611636][   T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.629278][ T6680] chnl_net:caif_netlink_parms(): no params data found
[  303.678929][   T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.705117][ T6680] bridge0: port 1(bridge_slave_0) entered blocking state
[  303.712214][ T6680] bridge0: port 1(bridge_slave_0) entered disabled state
[  303.719489][ T6680] bridge_slave_0: entered allmulticast mode
[  303.726221][ T6680] bridge_slave_0: entered promiscuous mode
[  303.733473][ T6680] bridge0: port 2(bridge_slave_1) entered blocking state
[  303.744087][ T6680] bridge0: port 2(bridge_slave_1) entered disabled state
[  303.751249][ T6680] bridge_slave_1: entered allmulticast mode
[  303.758383][ T6680] bridge_slave_1: entered promiscuous mode
[  303.775172][   T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.801854][ T6680] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  303.812932][ T6680] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  303.836397][ T6680] team0: Port device team_slave_0 added
[  303.843687][ T6680] team0: Port device team_slave_1 added
[  303.861369][   T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.888042][ T6680] batman_adv: batadv0: Adding interface: batadv_slave_0
[  303.895258][ T6680] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  303.921343][ T6680] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  303.933267][ T6680] batman_adv: batadv0: Adding interface: batadv_slave_1
[  303.940782][ T6680] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  303.966757][ T6680] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  304.005170][ T6680] hsr_slave_0: entered promiscuous mode
[  304.011195][ T6680] hsr_slave_1: entered promiscuous mode
[  304.017668][ T6680] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  304.026000][ T6680] Cannot create hsr debugfs directory
[  304.118067][   T35] bridge_slave_1: left allmulticast mode
[  304.123768][   T35] bridge_slave_1: left promiscuous mode
[  304.131086][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  304.139750][   T35] bridge_slave_0: left allmulticast mode
[  304.146517][   T35] bridge_slave_0: left promiscuous mode
[  304.152186][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  304.381816][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  304.392507][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  304.402883][   T35] bond0 (unregistering): Released all slaves
[  304.702967][   T35] hsr_slave_0: left promiscuous mode
[  304.713783][   T35] hsr_slave_1: left promiscuous mode
[  304.722155][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  304.730021][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  304.739236][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  304.748218][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  304.766818][   T35] veth1_macvtap: left promiscuous mode
[  304.772408][   T35] veth0_macvtap: left promiscuous mode
[  304.778602][   T35] veth1_vlan: left promiscuous mode
[  304.784135][   T35] veth0_vlan: left promiscuous mode
[  305.066041][   T35] team0 (unregistering): Port device team_slave_1 removed
[  305.096108][   T35] team0 (unregistering): Port device team_slave_0 removed
[  305.412875][ T6680] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  305.429446][ T6680] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  305.447597][ T6680] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  305.466766][ T6680] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  305.592737][ T6680] 8021q: adding VLAN 0 to HW filter on device bond0
[  305.600078][ T5146] Bluetooth: hci1: command tx timeout
[  305.623771][ T6680] 8021q: adding VLAN 0 to HW filter on device team0
[  305.643486][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  305.650694][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  305.686491][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  305.693615][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  305.864317][ T6680] 8021q: adding VLAN 0 to HW filter on device batadv0
[  305.897496][ T6680] veth0_vlan: entered promiscuous mode
[  305.908681][ T6680] veth1_vlan: entered promiscuous mode
[  305.928684][ T6680] veth0_macvtap: entered promiscuous mode
[  305.937468][ T6680] veth1_macvtap: entered promiscuous mode
[  305.952024][ T6680] batman_adv: batadv0: Interface activated: batadv_slave_0
[  305.967520][ T6680] batman_adv: batadv0: Interface activated: batadv_slave_1
[  305.978166][ T6680] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  305.987111][ T6680] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  305.995903][ T6680] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  306.004766][ T6680] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  306.053424][ T3019] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  306.067811][ T3019] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  306.087774][ T3019] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  306.096415][ T3019] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  306.145755][ T6721] ==================================================================
[  306.153852][ T6721] BUG: KASAN: slab-use-after-free in force_devcd_write+0x317/0x330
[  306.161773][ T6721] Read of size 8 at addr ffff888029663800 by task syz.0.616/6721
[  306.169483][ T6721] 
[  306.171810][ T6721] CPU: 1 UID: 0 PID: 6721 Comm: syz.0.616 Not tainted 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0
[  306.171828][ T6721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  306.171838][ T6721] Call Trace:
[  306.171843][ T6721]  <TASK>
[  306.171851][ T6721]  dump_stack_lvl+0x116/0x1f0
[  306.171874][ T6721]  print_report+0xc3/0x670
[  306.171893][ T6721]  ? __virt_addr_valid+0x5e/0x590
[  306.171906][ T6721]  ? __phys_addr+0xc6/0x150
[  306.171918][ T6721]  kasan_report+0xd9/0x110
[  306.171929][ T6721]  ? force_devcd_write+0x317/0x330
[  306.171946][ T6721]  ? force_devcd_write+0x317/0x330
[  306.171962][ T6721]  force_devcd_write+0x317/0x330
[  306.171977][ T6721]  ? __pfx_force_devcd_write+0x10/0x10
[  306.171993][ T6721]  ? __debugfs_file_get+0x1ff/0x850
[  306.172008][ T6721]  ? __pfx___debugfs_file_get+0x10/0x10
[  306.172023][ T6721]  ? rcu_is_watching+0x12/0xc0
[  306.172037][ T6721]  ? trace_lock_acquire+0x14e/0x1f0
[  306.172052][ T6721]  full_proxy_write+0x13c/0x200
[  306.172067][ T6721]  ? __pfx_full_proxy_write+0x10/0x10
[  306.172089][ T6721]  vfs_write+0x24c/0x1150
[  306.172107][ T6721]  ? __pfx_vfs_write+0x10/0x10
[  306.172122][ T6721]  ? do_futex+0x123/0x350
[  306.172147][ T6721]  ? __pfx_do_futex+0x10/0x10
[  306.172163][ T6721]  ? __x64_sys_futex+0x1e1/0x4c0
[  306.172177][ T6721]  ? __x64_sys_futex+0x1ea/0x4c0
[  306.172192][ T6721]  ksys_write+0x12b/0x250
[  306.172208][ T6721]  ? __pfx_ksys_write+0x10/0x10
[  306.172225][ T6721]  do_syscall_64+0xcd/0x250
[  306.172242][ T6721]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  306.172259][ T6721] RIP: 0033:0x7ff48518d169
[  306.172270][ T6721] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  306.172286][ T6721] RSP: 002b:00007fff150e3048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  306.172298][ T6721] RAX: ffffffffffffffda RBX: 00007ff4853a5fa0 RCX: 00007ff48518d169
[  306.172307][ T6721] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  306.172314][ T6721] RBP: 00007ff48520e2a0 R08: 0000000000000000 R09: 0000000000000000
[  306.172322][ T6721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  306.172329][ T6721] R13: 00007ff4853a5fa0 R14: 00007ff4853a5fa0 R15: 0000000000000003
[  306.172340][ T6721]  </TASK>
[  306.172344][ T6721] 
[  306.398445][ T6721] Allocated by task 5964:
[  306.402751][ T6721]  kasan_save_stack+0x33/0x60
[  306.407421][ T6721]  kasan_save_track+0x14/0x30
[  306.412099][ T6721]  __kasan_kmalloc+0xaa/0xb0
[  306.416687][ T6721]  vhci_open+0x4c/0x430
[  306.420839][ T6721]  misc_open+0x35a/0x420
[  306.425069][ T6721]  chrdev_open+0x237/0x6a0
[  306.429480][ T6721]  do_dentry_open+0x735/0x1c40
[  306.434245][ T6721]  vfs_open+0x82/0x3f0
[  306.438321][ T6721]  path_openat+0x1e88/0x2d80
[  306.442900][ T6721]  do_filp_open+0x20c/0x470
[  306.447391][ T6721]  do_sys_openat2+0x17a/0x1e0
[  306.452057][ T6721]  __x64_sys_openat+0x175/0x210
[  306.456914][ T6721]  do_syscall_64+0xcd/0x250
[  306.461408][ T6721]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  306.467295][ T6721] 
[  306.469605][ T6721] Freed by task 5964:
[  306.473582][ T6721]  kasan_save_stack+0x33/0x60
[  306.478261][ T6721]  kasan_save_track+0x14/0x30
[  306.482929][ T6721]  kasan_save_free_info+0x3b/0x60
[  306.487940][ T6721]  __kasan_slab_free+0x51/0x70
[  306.492698][ T6721]  kfree+0x2c4/0x4d0
[  306.496581][ T6721]  vhci_release+0xbb/0xf0
[  306.500898][ T6721]  __fput+0x3ff/0xb70
[  306.504867][ T6721]  task_work_run+0x14e/0x250
[  306.509446][ T6721]  do_exit+0xad8/0x2d70
[  306.513586][ T6721]  do_group_exit+0xd3/0x2a0
[  306.518073][ T6721]  get_signal+0x24ed/0x26c0
[  306.522566][ T6721]  arch_do_signal_or_restart+0x90/0x7e0
[  306.528106][ T6721]  syscall_exit_to_user_mode+0x150/0x2a0
[  306.533729][ T6721]  do_syscall_64+0xda/0x250
[  306.538221][ T6721]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  306.544121][ T6721] 
[  306.546515][ T6721] The buggy address belongs to the object at ffff888029663800
[  306.546515][ T6721]  which belongs to the cache kmalloc-1k of size 1024
[  306.560588][ T6721] The buggy address is located 0 bytes inside of
[  306.560588][ T6721]  freed 1024-byte region [ffff888029663800, ffff888029663c00)
[  306.574291][ T6721] 
[  306.576598][ T6721] The buggy address belongs to the physical page:
[  306.583024][ T6721] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29660
[  306.591777][ T6721] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  306.600268][ T6721] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  306.607812][ T6721] page_type: f5(slab)
[  306.611789][ T6721] raw: 00fff00000000040 ffff88801b041dc0 dead000000000100 dead000000000122
[  306.620365][ T6721] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  306.628944][ T6721] head: 00fff00000000040 ffff88801b041dc0 dead000000000100 dead000000000122
[  306.637614][ T6721] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  306.646311][ T6721] head: 00fff00000000003 ffffea0000a59801 ffffffffffffffff 0000000000000000
[  306.654981][ T6721] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  306.663664][ T6721] page dumped because: kasan: bad access detected
[  306.670092][ T6721] page_owner tracks the page as allocated
[  306.675795][ T6721] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5634, tgid 5634 (dhcpcd), ts 43550917890, free_ts 43547424451
[  306.696668][ T6721]  post_alloc_hook+0x181/0x1b0
[  306.701439][ T6721]  get_page_from_freelist+0xfce/0x2f80
[  306.706900][ T6721]  __alloc_frozen_pages_noprof+0x221/0x2470
[  306.712796][ T6721]  alloc_pages_mpol+0x1fc/0x540
[  306.717643][ T6721]  new_slab+0x23d/0x330
[  306.721814][ T6721]  ___slab_alloc+0xc5d/0x1720
[  306.726506][ T6721]  __slab_alloc.constprop.0+0x56/0xb0
[  306.731888][ T6721]  __kmalloc_node_noprof+0x2f0/0x510
[  306.737457][ T6721]  __kvmalloc_node_noprof+0xad/0x1a0
[  306.742749][ T6721]  bpf_jit_binary_pack_alloc+0xc1/0x290
[  306.748299][ T6721]  bpf_int_jit_compile+0x575/0x1830
[  306.753492][ T6721]  bpf_prog_select_runtime+0x32a/0x4c0
[  306.758954][ T6721]  bpf_prepare_filter+0xd3d/0x1100
[  306.764067][ T6721]  bpf_prog_create_from_user+0x1e4/0x2d0
[  306.769699][ T6721]  do_seccomp+0x7b6/0x2640
[  306.774110][ T6721]  prctl_set_seccomp+0x4b/0x70
[  306.778872][ T6721] page last free pid 5502 tgid 5502 stack trace:
[  306.785188][ T6721]  free_frozen_pages+0x6db/0xfb0
[  306.790129][ T6721]  __put_partials+0x14c/0x170
[  306.794826][ T6721]  qlist_free_all+0x4e/0x120
[  306.799436][ T6721]  kasan_quarantine_reduce+0x195/0x1e0
[  306.804903][ T6721]  __kasan_slab_alloc+0x69/0x90
[  306.809758][ T6721]  kmem_cache_alloc_node_noprof+0x223/0x3c0
[  306.815660][ T6721]  __alloc_skb+0x2b1/0x380
[  306.820078][ T6721]  alloc_skb_with_frags+0xe4/0x850
[  306.825187][ T6721]  sock_alloc_send_pskb+0x7f1/0x980
[  306.830388][ T6721]  unix_dgram_sendmsg+0x45e/0x18c0
[  306.835676][ T6721]  sock_write_iter+0x4fe/0x5b0
[  306.840437][ T6721]  do_iter_readv_writev+0x655/0x950
[  306.845636][ T6721]  vfs_writev+0x363/0xdd0
[  306.849966][ T6721]  do_writev+0x297/0x340
[  306.854208][ T6721]  do_syscall_64+0xcd/0x250
[  306.858709][ T6721]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  306.864602][ T6721] 
[  306.866916][ T6721] Memory state around the buggy address:
[  306.872535][ T6721]  ffff888029663700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  306.880590][ T6721]  ffff888029663780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  306.888645][ T6721] >ffff888029663800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  306.896699][ T6721]                    ^
[  306.900754][ T6721]  ffff888029663880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  306.908811][ T6721]  ffff888029663900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  306.916881][ T6721] ==================================================================
[  306.927340][ T6721] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  306.934559][ T6721] CPU: 0 UID: 0 PID: 6721 Comm: syz.0.616 Not tainted 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0
[  306.945235][ T6721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  306.955291][ T6721] Call Trace:
[  306.958563][ T6721]  <TASK>
[  306.961489][ T6721]  dump_stack_lvl+0x3d/0x1f0
[  306.966084][ T6721]  panic+0x71d/0x800
[  306.969980][ T6721]  ? __pfx_panic+0x10/0x10
[  306.974405][ T6721]  ? preempt_schedule_thunk+0x1a/0x30
[  306.979782][ T6721]  ? preempt_schedule_common+0x44/0xc0
[  306.985242][ T6721]  ? check_panic_on_warn+0x1f/0xb0
[  306.990356][ T6721]  check_panic_on_warn+0xab/0xb0
[  306.995297][ T6721]  end_report+0x117/0x180
[  306.999635][ T6721]  kasan_report+0xe9/0x110
[  307.004047][ T6721]  ? force_devcd_write+0x317/0x330
[  307.009162][ T6721]  ? force_devcd_write+0x317/0x330
[  307.014279][ T6721]  force_devcd_write+0x317/0x330
[  307.019220][ T6721]  ? __pfx_force_devcd_write+0x10/0x10
[  307.024683][ T6721]  ? __debugfs_file_get+0x1ff/0x850
[  307.029886][ T6721]  ? __pfx___debugfs_file_get+0x10/0x10
[  307.035434][ T6721]  ? rcu_is_watching+0x12/0xc0
[  307.040195][ T6721]  ? trace_lock_acquire+0x14e/0x1f0
[  307.045395][ T6721]  full_proxy_write+0x13c/0x200
[  307.050251][ T6721]  ? __pfx_full_proxy_write+0x10/0x10
[  307.055625][ T6721]  vfs_write+0x24c/0x1150
[  307.059963][ T6721]  ? __pfx_vfs_write+0x10/0x10
[  307.064732][ T6721]  ? do_futex+0x123/0x350
[  307.069061][ T6721]  ? __pfx_do_futex+0x10/0x10
[  307.073740][ T6721]  ? __x64_sys_futex+0x1e1/0x4c0
[  307.078678][ T6721]  ? __x64_sys_futex+0x1ea/0x4c0
[  307.083621][ T6721]  ksys_write+0x12b/0x250
[  307.087955][ T6721]  ? __pfx_ksys_write+0x10/0x10
[  307.092817][ T6721]  do_syscall_64+0xcd/0x250
[  307.097326][ T6721]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  307.103226][ T6721] RIP: 0033:0x7ff48518d169
[  307.107636][ T6721] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  307.127245][ T6721] RSP: 002b:00007fff150e3048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  307.135657][ T6721] RAX: ffffffffffffffda RBX: 00007ff4853a5fa0 RCX: 00007ff48518d169
[  307.143629][ T6721] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  307.151598][ T6721] RBP: 00007ff48520e2a0 R08: 0000000000000000 R09: 0000000000000000
[  307.159570][ T6721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  307.167536][ T6721] R13: 00007ff4853a5fa0 R14: 00007ff4853a5fa0 R15: 0000000000000003
[  307.175510][ T6721]  </TASK>
[  307.178731][ T6721] Kernel Offset: disabled
[  307.183081][ T6721] Rebooting in 86400 seconds..