Warning: Permanently added '10.128.1.23' (ED25519) to the list of known hosts.
2025/02/11 12:46:52 ignoring optional flag "sandboxArg"="0"
2025/02/11 12:46:53 parsed 1 programs
[  125.274512][ T5852] cgroup: Unknown subsys name 'net'
[  125.391249][ T5852] cgroup: Unknown subsys name 'cpuset'
[  125.399414][ T5852] cgroup: Unknown subsys name 'rlimit'
[  126.781415][ T5852] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  128.994051][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.006086][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.030077][   T80] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.038014][   T80] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.092894][ T5858] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  130.720615][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  130.729526][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  130.737046][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  130.745282][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  130.753611][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  130.763452][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  131.822477][ T5933] chnl_net:caif_netlink_parms(): no params data found
[  131.878910][ T5933] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.886586][ T5933] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.894263][ T5933] bridge_slave_0: entered allmulticast mode
[  131.901188][ T5933] bridge_slave_0: entered promiscuous mode
[  131.909789][ T5933] bridge0: port 2(bridge_slave_1) entered blocking state
[  131.916888][ T5933] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.924183][ T5933] bridge_slave_1: entered allmulticast mode
[  131.930734][ T5933] bridge_slave_1: entered promiscuous mode
[  131.960541][ T5933] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  131.972302][ T5933] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  131.999097][ T5933] team0: Port device team_slave_0 added
[  132.006945][ T5933] team0: Port device team_slave_1 added
[  132.024605][ T5933] batman_adv: batadv0: Adding interface: batadv_slave_0
[  132.032014][ T5933] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  132.058773][ T5933] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  132.071698][ T5933] batman_adv: batadv0: Adding interface: batadv_slave_1
[  132.078834][ T5933] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  132.105137][ T5933] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  132.135770][ T5933] hsr_slave_0: entered promiscuous mode
[  132.141905][ T5933] hsr_slave_1: entered promiscuous mode
[  132.230600][ T5933] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  132.240418][ T5933] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  132.255558][ T5933] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  132.264478][ T5933] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  132.321722][ T5933] 8021q: adding VLAN 0 to HW filter on device bond0
[  132.343431][ T5933] 8021q: adding VLAN 0 to HW filter on device team0
[  132.355158][   T80] bridge0: port 1(bridge_slave_0) entered blocking state
[  132.362451][   T80] bridge0: port 1(bridge_slave_0) entered forwarding state
[  132.377686][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[  132.384887][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[  132.505015][ T5933] 8021q: adding VLAN 0 to HW filter on device batadv0
[  132.536677][ T5933] veth0_vlan: entered promiscuous mode
[  132.546863][ T5933] veth1_vlan: entered promiscuous mode
[  132.571356][ T5933] veth0_macvtap: entered promiscuous mode
[  132.579554][ T5933] veth1_macvtap: entered promiscuous mode
[  132.594777][ T5933] batman_adv: batadv0: Interface activated: batadv_slave_0
[  132.607704][ T5933] batman_adv: batadv0: Interface activated: batadv_slave_1
[  132.620495][ T5933] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  132.629775][ T5933] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  132.639277][ T5933] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  132.648516][ T5933] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  132.777920][ T1337] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.821143][ T1337] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.901318][ T1337] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.011164][ T1337] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/02/11 12:47:03 executed programs: 0
[  133.117978][ T5154] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  133.128771][ T5154] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  133.136758][ T5154] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  133.145639][ T5154] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  133.154073][ T5154] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  133.161499][ T5154] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  133.201349][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  133.207888][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  133.268064][ T5954] chnl_net:caif_netlink_parms(): no params data found
[  133.317286][ T5954] bridge0: port 1(bridge_slave_0) entered blocking state
[  133.325604][ T5954] bridge0: port 1(bridge_slave_0) entered disabled state
[  133.333672][ T5954] bridge_slave_0: entered allmulticast mode
[  133.341223][ T5954] bridge_slave_0: entered promiscuous mode
[  133.348962][ T5954] bridge0: port 2(bridge_slave_1) entered blocking state
[  133.356220][ T5954] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.364192][ T5954] bridge_slave_1: entered allmulticast mode
[  133.371002][ T5954] bridge_slave_1: entered promiscuous mode
[  133.394333][ T5954] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  133.405868][ T5954] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  133.430631][ T5954] team0: Port device team_slave_0 added
[  133.439016][ T5954] team0: Port device team_slave_1 added
[  133.461533][ T5954] batman_adv: batadv0: Adding interface: batadv_slave_0
[  133.468722][ T5954] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  133.494685][ T5954] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  133.507516][ T5954] batman_adv: batadv0: Adding interface: batadv_slave_1
[  133.514572][ T5954] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  133.540972][ T5954] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  133.580523][ T5954] hsr_slave_0: entered promiscuous mode
[  133.586523][ T5954] hsr_slave_1: entered promiscuous mode
[  133.592748][ T5954] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  133.600812][ T5954] Cannot create hsr debugfs directory
[  135.209736][   T54] Bluetooth: hci0: command tx timeout
[  136.272187][ T1337] bridge_slave_1: left allmulticast mode
[  136.279203][ T1337] bridge_slave_1: left promiscuous mode
[  136.285691][ T1337] bridge0: port 2(bridge_slave_1) entered disabled state
[  136.308797][ T1337] bridge_slave_0: left allmulticast mode
[  136.314521][ T1337] bridge_slave_0: left promiscuous mode
[  136.321793][ T1337] bridge0: port 1(bridge_slave_0) entered disabled state
[  136.561447][ T1337] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  136.573830][ T1337] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  136.583555][ T1337] bond0 (unregistering): Released all slaves
[  136.679483][ T1337] hsr_slave_0: left promiscuous mode
[  136.685708][ T1337] hsr_slave_1: left promiscuous mode
[  136.691894][ T1337] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  136.699806][ T1337] batman_adv: batadv0: Removing interface: batadv_slave_0
[  136.709444][ T1337] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  136.716873][ T1337] batman_adv: batadv0: Removing interface: batadv_slave_1
[  136.737493][ T1337] veth1_macvtap: left promiscuous mode
[  136.743549][ T1337] veth0_macvtap: left promiscuous mode
[  136.749649][ T1337] veth1_vlan: left promiscuous mode
[  136.756274][ T1337] veth0_vlan: left promiscuous mode
[  137.132273][ T1337] team0 (unregistering): Port device team_slave_1 removed
[  137.161860][ T1337] team0 (unregistering): Port device team_slave_0 removed
[  137.290892][   T54] Bluetooth: hci0: command tx timeout
[  137.699850][ T5954] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  137.721149][ T5954] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  137.739613][ T5954] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  137.759245][ T5954] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  137.864525][ T5954] 8021q: adding VLAN 0 to HW filter on device bond0
[  137.882788][ T5954] 8021q: adding VLAN 0 to HW filter on device team0
[  137.901431][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.908616][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[  137.937563][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.944735][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[  138.187888][ T5954] 8021q: adding VLAN 0 to HW filter on device batadv0
[  138.234808][ T5954] veth0_vlan: entered promiscuous mode
[  138.252137][ T5954] veth1_vlan: entered promiscuous mode
[  138.292885][ T5954] veth0_macvtap: entered promiscuous mode
[  138.303918][ T5954] veth1_macvtap: entered promiscuous mode
[  138.330891][ T5954] batman_adv: batadv0: Interface activated: batadv_slave_0
[  138.345042][ T5954] batman_adv: batadv0: Interface activated: batadv_slave_1
[  138.358726][ T5954] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  138.367474][ T5954] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  138.379088][ T5954] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  138.387835][ T5954] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  138.462388][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  138.472970][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  138.510759][ T1162] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  138.520328][ T1162] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/02/11 12:47:09 executed programs: 2
[  139.359686][   T54] Bluetooth: hci0: command tx timeout
[  141.438421][   T54] Bluetooth: hci0: command tx timeout
2025/02/11 12:47:14 executed programs: 243
2025/02/11 12:47:19 executed programs: 513
[  150.313838][ T5154] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  150.323924][ T5154] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  150.332652][ T5154] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  150.341436][ T5154] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  150.350167][ T5154] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  150.357537][ T5154] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  150.448028][ T6643] chnl_net:caif_netlink_parms(): no params data found
[  150.492887][ T6643] bridge0: port 1(bridge_slave_0) entered blocking state
[  150.500344][ T6643] bridge0: port 1(bridge_slave_0) entered disabled state
[  150.507484][ T6643] bridge_slave_0: entered allmulticast mode
[  150.514533][ T6643] bridge_slave_0: entered promiscuous mode
[  150.522726][ T6643] bridge0: port 2(bridge_slave_1) entered blocking state
[  150.530177][ T6643] bridge0: port 2(bridge_slave_1) entered disabled state
[  150.537753][ T6643] bridge_slave_1: entered allmulticast mode
[  150.544868][ T6643] bridge_slave_1: entered promiscuous mode
[  150.577643][ T1162] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.601905][ T6643] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  150.612848][ T6643] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  150.636207][ T6643] team0: Port device team_slave_0 added
[  150.653836][ T1162] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.667854][ T6643] team0: Port device team_slave_1 added
[  150.686835][ T6643] batman_adv: batadv0: Adding interface: batadv_slave_0
[  150.693928][ T6643] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  150.720274][ T6643] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  150.733081][ T6643] batman_adv: batadv0: Adding interface: batadv_slave_1
[  150.740795][ T6643] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  150.768610][ T6643] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  150.792524][ T1162] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.823063][ T6643] hsr_slave_0: entered promiscuous mode
[  150.829163][ T6643] hsr_slave_1: entered promiscuous mode
[  150.866842][ T1162] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.997458][ T1162] bridge_slave_1: left allmulticast mode
[  151.003662][ T1162] bridge_slave_1: left promiscuous mode
[  151.010212][ T1162] bridge0: port 2(bridge_slave_1) entered disabled state
[  151.020202][ T1162] bridge_slave_0: left allmulticast mode
[  151.025876][ T1162] bridge_slave_0: left promiscuous mode
[  151.031984][ T1162] bridge0: port 1(bridge_slave_0) entered disabled state
[  151.255167][ T1162] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  151.266443][ T1162] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  151.276547][ T1162] bond0 (unregistering): Released all slaves
[  151.563764][ T1162] hsr_slave_0: left promiscuous mode
[  151.575210][ T1162] hsr_slave_1: left promiscuous mode
[  151.581964][ T1162] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  151.592471][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_0
[  151.600746][ T1162] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  151.608568][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_1
[  151.627244][ T1162] veth1_macvtap: left promiscuous mode
[  151.632893][ T1162] veth0_macvtap: left promiscuous mode
[  151.639895][ T1162] veth1_vlan: left promiscuous mode
[  151.645239][ T1162] veth0_vlan: left promiscuous mode
[  151.926271][ T1162] team0 (unregistering): Port device team_slave_1 removed
[  151.958282][ T1162] team0 (unregistering): Port device team_slave_0 removed
[  152.244617][ T6643] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  152.257002][ T6643] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  152.277062][ T6643] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  152.290166][ T6643] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  152.398341][   T54] Bluetooth: hci1: command tx timeout
[  152.406838][ T6643] 8021q: adding VLAN 0 to HW filter on device bond0
[  152.432040][ T6643] 8021q: adding VLAN 0 to HW filter on device team0
[  152.443647][ T1337] bridge0: port 1(bridge_slave_0) entered blocking state
[  152.450840][ T1337] bridge0: port 1(bridge_slave_0) entered forwarding state
[  152.467430][ T1337] bridge0: port 2(bridge_slave_1) entered blocking state
[  152.474621][ T1337] bridge0: port 2(bridge_slave_1) entered forwarding state
[  152.690325][ T6643] 8021q: adding VLAN 0 to HW filter on device batadv0
[  152.724096][ T6643] veth0_vlan: entered promiscuous mode
[  152.733928][ T6643] veth1_vlan: entered promiscuous mode
[  152.756319][ T6643] veth0_macvtap: entered promiscuous mode
[  152.764773][ T6643] veth1_macvtap: entered promiscuous mode
[  152.781584][ T6643] batman_adv: batadv0: Interface activated: batadv_slave_0
[  152.794545][ T6643] batman_adv: batadv0: Interface activated: batadv_slave_1
[  152.805921][ T6643] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  152.814736][ T6643] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  152.823510][ T6643] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  152.832279][ T6643] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  152.880735][ T1337] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  152.889268][ T1337] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  152.910956][ T1162] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  152.919208][ T1162] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  152.969324][ T6686] ==================================================================
[  152.977414][ T6686] BUG: KASAN: slab-use-after-free in force_devcd_write+0x31f/0x350
[  152.985306][ T6686] Read of size 8 at addr ffff888061c56800 by task syz.0.616/6686
[  152.993010][ T6686] 
[  152.995328][ T6686] CPU: 1 UID: 0 PID: 6686 Comm: syz.0.616 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0
[  152.995343][ T6686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  152.995357][ T6686] Call Trace:
[  152.995361][ T6686]  <TASK>
[  152.995368][ T6686]  dump_stack_lvl+0x116/0x1f0
[  152.995395][ T6686]  print_report+0xc3/0x620
[  152.995411][ T6686]  ? __virt_addr_valid+0x5e/0x590
[  152.995422][ T6686]  ? __phys_addr+0xc6/0x150
[  152.995441][ T6686]  kasan_report+0xd9/0x110
[  152.995456][ T6686]  ? force_devcd_write+0x31f/0x350
[  152.995472][ T6686]  ? force_devcd_write+0x31f/0x350
[  152.995488][ T6686]  force_devcd_write+0x31f/0x350
[  152.995502][ T6686]  ? __pfx_force_devcd_write+0x10/0x10
[  152.995517][ T6686]  ? __debugfs_file_get+0x1ff/0x850
[  152.995539][ T6686]  ? __pfx___debugfs_file_get+0x10/0x10
[  152.995558][ T6686]  ? rcu_is_watching+0x12/0xc0
[  152.995576][ T6686]  ? trace_lock_acquire+0x14e/0x1f0
[  152.995589][ T6686]  full_proxy_write+0x13c/0x200
[  152.995608][ T6686]  ? __pfx_full_proxy_write+0x10/0x10
[  152.995627][ T6686]  vfs_write+0x24c/0x1150
[  152.995641][ T6686]  ? __pfx_vfs_write+0x10/0x10
[  152.995653][ T6686]  ? do_futex+0x123/0x350
[  152.995665][ T6686]  ? __pfx_do_futex+0x10/0x10
[  152.995679][ T6686]  ? __x64_sys_futex+0x1e1/0x4c0
[  152.995690][ T6686]  ? __x64_sys_futex+0x1ea/0x4c0
[  152.995703][ T6686]  ksys_write+0x12b/0x250
[  152.995714][ T6686]  ? __pfx_ksys_write+0x10/0x10
[  152.995728][ T6686]  do_syscall_64+0xcd/0x250
[  152.995740][ T6686]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.995759][ T6686] RIP: 0033:0x7fe70a58cde9
[  152.995769][ T6686] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  152.995781][ T6686] RSP: 002b:00007ffc07f29ca8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  152.995793][ T6686] RAX: ffffffffffffffda RBX: 00007fe70a7a5fa0 RCX: 00007fe70a58cde9
[  152.995801][ T6686] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  152.995808][ T6686] RBP: 00007fe70a60e2a0 R08: 0000000000000000 R09: 0000000000000000
[  152.995816][ T6686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  152.995823][ T6686] R13: 00007fe70a7a5fa0 R14: 00007fe70a7a5fa0 R15: 0000000000000003
[  152.995834][ T6686]  </TASK>
[  152.995838][ T6686] 
[  153.221439][ T6686] Allocated by task 5954:
[  153.225746][ T6686]  kasan_save_stack+0x33/0x60
[  153.230437][ T6686]  kasan_save_track+0x14/0x30
[  153.235095][ T6686]  __kasan_kmalloc+0xaa/0xb0
[  153.239664][ T6686]  vhci_open+0x4c/0x430
[  153.243805][ T6686]  misc_open+0x35a/0x420
[  153.248041][ T6686]  chrdev_open+0x237/0x6a0
[  153.252447][ T6686]  do_dentry_open+0x735/0x1c40
[  153.257193][ T6686]  vfs_open+0x82/0x3f0
[  153.261249][ T6686]  path_openat+0x1e88/0x2d80
[  153.265819][ T6686]  do_filp_open+0x20c/0x470
[  153.270318][ T6686]  do_sys_openat2+0x17a/0x1e0
[  153.275004][ T6686]  __x64_sys_openat+0x175/0x210
[  153.279850][ T6686]  do_syscall_64+0xcd/0x250
[  153.284341][ T6686]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.290224][ T6686] 
[  153.292527][ T6686] Freed by task 5954:
[  153.296485][ T6686]  kasan_save_stack+0x33/0x60
[  153.301158][ T6686]  kasan_save_track+0x14/0x30
[  153.305823][ T6686]  kasan_save_free_info+0x3b/0x60
[  153.310838][ T6686]  __kasan_slab_free+0x51/0x70
[  153.315586][ T6686]  kfree+0x2c4/0x4d0
[  153.319472][ T6686]  vhci_release+0xbb/0xf0
[  153.323821][ T6686]  __fput+0x3ff/0xb70
[  153.327799][ T6686]  task_work_run+0x14e/0x250
[  153.332372][ T6686]  do_exit+0xad8/0x2d70
[  153.336508][ T6686]  do_group_exit+0xd3/0x2a0
[  153.340992][ T6686]  get_signal+0x2576/0x2610
[  153.345481][ T6686]  arch_do_signal_or_restart+0x90/0x7e0
[  153.351009][ T6686]  syscall_exit_to_user_mode+0x150/0x2a0
[  153.356631][ T6686]  do_syscall_64+0xda/0x250
[  153.361116][ T6686]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.366995][ T6686] 
[  153.369314][ T6686] The buggy address belongs to the object at ffff888061c56800
[  153.369314][ T6686]  which belongs to the cache kmalloc-1k of size 1024
[  153.383386][ T6686] The buggy address is located 0 bytes inside of
[  153.383386][ T6686]  freed 1024-byte region [ffff888061c56800, ffff888061c56c00)
[  153.397085][ T6686] 
[  153.399414][ T6686] The buggy address belongs to the physical page:
[  153.405827][ T6686] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x61c50
[  153.414568][ T6686] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  153.423048][ T6686] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  153.430583][ T6686] page_type: f5(slab)
[  153.434545][ T6686] raw: 00fff00000000040 ffff88801b041dc0 ffffea0000cd0200 dead000000000002
[  153.443111][ T6686] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  153.451766][ T6686] head: 00fff00000000040 ffff88801b041dc0 ffffea0000cd0200 dead000000000002
[  153.460420][ T6686] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  153.469086][ T6686] head: 00fff00000000003 ffffea0001871401 ffffffffffffffff 0000000000000000
[  153.477762][ T6686] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  153.486416][ T6686] page dumped because: kasan: bad access detected
[  153.492814][ T6686] page_owner tracks the page as allocated
[  153.498518][ T6686] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5949, tgid 5949 (syz-executor), ts 132845120078, free_ts 131726157358
[  153.520141][ T6686]  post_alloc_hook+0x181/0x1b0
[  153.524908][ T6686]  get_page_from_freelist+0xfce/0x2f80
[  153.530372][ T6686]  __alloc_frozen_pages_noprof+0x221/0x2470
[  153.536263][ T6686]  alloc_pages_mpol+0x1fc/0x540
[  153.541108][ T6686]  new_slab+0x23d/0x330
[  153.545268][ T6686]  ___slab_alloc+0xbfa/0x1600
[  153.549932][ T6686]  __slab_alloc.constprop.0+0x56/0xb0
[  153.555294][ T6686]  __kmalloc_cache_noprof+0xf6/0x420
[  153.560577][ T6686]  afs_alloc_call+0x51/0x640
[  153.565161][ T6686]  afs_charge_preallocation+0xff/0x330
[  153.570614][ T6686]  afs_open_socket+0x298/0x350
[  153.575374][ T6686]  afs_net_init+0x95d/0xc60
[  153.579868][ T6686]  ops_init+0x1df/0x5f0
[  153.584035][ T6686]  setup_net+0x21f/0x860
[  153.588282][ T6686]  copy_net_ns+0x2b4/0x6c0
[  153.592714][ T6686]  create_new_namespaces+0x3ea/0xad0
[  153.598008][ T6686] page last free pid 5925 tgid 5925 stack trace:
[  153.604326][ T6686]  free_frozen_pages+0x6db/0xfb0
[  153.609265][ T6686]  vfree+0x174/0x950
[  153.613150][ T6686]  kcov_put+0x2a/0x40
[  153.617140][ T6686]  kcov_close+0xd/0x20
[  153.621219][ T6686]  __fput+0x3ff/0xb70
[  153.625205][ T6686]  task_work_run+0x14e/0x250
[  153.629795][ T6686]  do_exit+0xad8/0x2d70
[  153.633942][ T6686]  do_group_exit+0xd3/0x2a0
[  153.638439][ T6686]  get_signal+0x2576/0x2610
[  153.642938][ T6686]  arch_do_signal_or_restart+0x90/0x7e0
[  153.648586][ T6686]  syscall_exit_to_user_mode+0x150/0x2a0
[  153.654223][ T6686]  do_syscall_64+0xda/0x250
[  153.658716][ T6686]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.664605][ T6686] 
[  153.666919][ T6686] Memory state around the buggy address:
[  153.672533][ T6686]  ffff888061c56700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  153.680611][ T6686]  ffff888061c56780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  153.688671][ T6686] >ffff888061c56800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  153.696724][ T6686]                    ^
[  153.700780][ T6686]  ffff888061c56880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  153.708830][ T6686]  ffff888061c56900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  153.716877][ T6686] ==================================================================
[  153.734897][ T6686] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  153.742136][ T6686] CPU: 0 UID: 0 PID: 6686 Comm: syz.0.616 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0
[  153.752736][ T6686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  153.762797][ T6686] Call Trace:
[  153.766076][ T6686]  <TASK>
[  153.769002][ T6686]  dump_stack_lvl+0x3d/0x1f0
[  153.773590][ T6686]  panic+0x71d/0x800
[  153.777574][ T6686]  ? __pfx_panic+0x10/0x10
[  153.781973][ T6686]  ? preempt_schedule_thunk+0x1a/0x30
[  153.787330][ T6686]  ? preempt_schedule_common+0x44/0xc0
[  153.792778][ T6686]  ? check_panic_on_warn+0x1f/0xb0
[  153.797874][ T6686]  check_panic_on_warn+0xab/0xb0
[  153.802798][ T6686]  end_report+0x117/0x180
[  153.807123][ T6686]  kasan_report+0xe9/0x110
[  153.811546][ T6686]  ? force_devcd_write+0x31f/0x350
[  153.816644][ T6686]  ? force_devcd_write+0x31f/0x350
[  153.821741][ T6686]  force_devcd_write+0x31f/0x350
[  153.826660][ T6686]  ? __pfx_force_devcd_write+0x10/0x10
[  153.832104][ T6686]  ? __debugfs_file_get+0x1ff/0x850
[  153.837291][ T6686]  ? __pfx___debugfs_file_get+0x10/0x10
[  153.842826][ T6686]  ? rcu_is_watching+0x12/0xc0
[  153.847580][ T6686]  ? trace_lock_acquire+0x14e/0x1f0
[  153.852764][ T6686]  full_proxy_write+0x13c/0x200
[  153.857698][ T6686]  ? __pfx_full_proxy_write+0x10/0x10
[  153.863065][ T6686]  vfs_write+0x24c/0x1150
[  153.867380][ T6686]  ? __pfx_vfs_write+0x10/0x10
[  153.872130][ T6686]  ? do_futex+0x123/0x350
[  153.876463][ T6686]  ? __pfx_do_futex+0x10/0x10
[  153.881124][ T6686]  ? __x64_sys_futex+0x1e1/0x4c0
[  153.886040][ T6686]  ? __x64_sys_futex+0x1ea/0x4c0
[  153.890964][ T6686]  ksys_write+0x12b/0x250
[  153.895279][ T6686]  ? __pfx_ksys_write+0x10/0x10
[  153.900117][ T6686]  do_syscall_64+0xcd/0x250
[  153.904604][ T6686]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.910497][ T6686] RIP: 0033:0x7fe70a58cde9
[  153.914896][ T6686] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  153.934667][ T6686] RSP: 002b:00007ffc07f29ca8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  153.943073][ T6686] RAX: ffffffffffffffda RBX: 00007fe70a7a5fa0 RCX: 00007fe70a58cde9
[  153.951032][ T6686] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  153.959002][ T6686] RBP: 00007fe70a60e2a0 R08: 0000000000000000 R09: 0000000000000000
[  153.966971][ T6686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  153.974927][ T6686] R13: 00007fe70a7a5fa0 R14: 00007fe70a7a5fa0 R15: 0000000000000003
[  153.982887][ T6686]  </TASK>
[  153.986216][ T6686] Kernel Offset: disabled
[  153.990525][ T6686] Rebooting in 86400 seconds..