Warning: Permanently added '10.128.10.6' (ED25519) to the list of known hosts.
2025/01/11 01:14:39 ignoring optional flag "sandboxArg"="0"
2025/01/11 01:14:39 parsed 1 programs
[  112.291799][ T5843] cgroup: Unknown subsys name 'net'
[  112.440985][ T5843] cgroup: Unknown subsys name 'cpuset'
[  112.448872][ T5843] cgroup: Unknown subsys name 'rlimit'
[  113.790651][ T5843] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  116.285891][ T5853] chnl_net:caif_netlink_parms(): no params data found
[  116.348207][ T5853] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.355760][ T5853] bridge0: port 1(bridge_slave_0) entered disabled state
[  116.363439][ T5853] bridge_slave_0: entered allmulticast mode
[  116.370297][ T5853] bridge_slave_0: entered promiscuous mode
[  116.379596][ T5853] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.386686][ T5853] bridge0: port 2(bridge_slave_1) entered disabled state
[  116.393961][ T5853] bridge_slave_1: entered allmulticast mode
[  116.400577][ T5853] bridge_slave_1: entered promiscuous mode
[  116.421777][ T5853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  116.432781][ T5853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  116.457763][ T5853] team0: Port device team_slave_0 added
[  116.464980][ T5853] team0: Port device team_slave_1 added
[  116.483005][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_0
[  116.490191][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  116.516583][ T5853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  116.530252][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_1
[  116.537202][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  116.563153][ T5853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  116.595010][ T5853] hsr_slave_0: entered promiscuous mode
[  116.602139][ T5853] hsr_slave_1: entered promiscuous mode
[  116.690914][ T5853] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  116.702027][ T5853] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  116.711407][ T5853] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  116.721231][ T5853] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  116.744263][ T5853] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.751631][ T5853] bridge0: port 2(bridge_slave_1) entered forwarding state
[  116.759484][ T5853] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.766551][ T5853] bridge0: port 1(bridge_slave_0) entered forwarding state
[  116.810886][ T5853] 8021q: adding VLAN 0 to HW filter on device bond0
[  116.830406][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  116.838739][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  116.854428][ T5853] 8021q: adding VLAN 0 to HW filter on device team0
[  116.866416][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.873523][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[  116.887086][   T55] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.894221][   T55] bridge0: port 2(bridge_slave_1) entered forwarding state
[  117.014560][ T5853] 8021q: adding VLAN 0 to HW filter on device batadv0
[  117.050276][ T5853] veth0_vlan: entered promiscuous mode
[  117.060181][ T5853] veth1_vlan: entered promiscuous mode
[  117.083407][ T5853] veth0_macvtap: entered promiscuous mode
[  117.091932][ T5853] veth1_macvtap: entered promiscuous mode
[  117.106215][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_0
[  117.121949][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_1
[  117.133332][ T5853] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  117.142586][ T5853] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  117.151658][ T5853] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  117.160515][ T5853] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  117.215015][ T5853] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  117.333412][   T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.411596][   T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.471762][   T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.543438][   T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.618789][ T5881] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  117.626814][ T5881] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  117.635870][ T5881] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  117.645613][ T5881] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  117.653321][ T5881] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  117.660807][ T5881] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  119.134262][   T55] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.143276][   T55] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.169644][   T70] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.178893][   T70] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/01/11 01:14:49 executed programs: 0
[  119.944141][   T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  119.952280][   T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  119.960922][   T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  119.970667][   T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  119.978685][   T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  119.986471][   T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  120.087032][ T5936] chnl_net:caif_netlink_parms(): no params data found
[  120.130052][ T5936] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.137198][ T5936] bridge0: port 1(bridge_slave_0) entered disabled state
[  120.144505][ T5936] bridge_slave_0: entered allmulticast mode
[  120.151198][ T5936] bridge_slave_0: entered promiscuous mode
[  120.158889][ T5936] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.165971][ T5936] bridge0: port 2(bridge_slave_1) entered disabled state
[  120.173379][ T5936] bridge_slave_1: entered allmulticast mode
[  120.180366][ T5936] bridge_slave_1: entered promiscuous mode
[  120.201704][ T5936] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  120.212596][ T5936] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  120.239019][ T5936] team0: Port device team_slave_0 added
[  120.246242][ T5936] team0: Port device team_slave_1 added
[  120.265360][ T5936] batman_adv: batadv0: Adding interface: batadv_slave_0
[  120.272683][ T5936] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  120.298846][ T5936] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  120.310910][ T5936] batman_adv: batadv0: Adding interface: batadv_slave_1
[  120.318568][ T5936] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  120.344730][ T5936] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  120.373820][ T5936] hsr_slave_0: entered promiscuous mode
[  120.380540][ T5936] hsr_slave_1: entered promiscuous mode
[  120.386796][ T5936] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  120.394602][ T5936] Cannot create hsr debugfs directory
[  120.942818][   T35] bridge_slave_1: left allmulticast mode
[  120.949008][   T35] bridge_slave_1: left promiscuous mode
[  120.955679][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  120.971133][   T35] bridge_slave_0: left allmulticast mode
[  120.976798][   T35] bridge_slave_0: left promiscuous mode
[  120.982807][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  121.176586][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  121.189722][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  121.199625][   T35] bond0 (unregistering): Released all slaves
[  121.311397][   T35] hsr_slave_0: left promiscuous mode
[  121.324126][   T35] hsr_slave_1: left promiscuous mode
[  121.330817][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  121.341148][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  121.350322][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  121.360285][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  121.380763][   T35] veth1_macvtap: left promiscuous mode
[  121.386682][   T35] veth0_macvtap: left promiscuous mode
[  121.394613][   T35] veth1_vlan: left promiscuous mode
[  121.402755][   T35] veth0_vlan: left promiscuous mode
[  121.721805][   T35] team0 (unregistering): Port device team_slave_1 removed
[  121.748873][   T35] team0 (unregistering): Port device team_slave_0 removed
[  122.038224][ T5881] Bluetooth: hci0: command tx timeout
[  122.189140][ T5936] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  122.204581][ T5936] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  122.214707][ T5936] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  122.225784][ T5936] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  122.340216][ T5936] 8021q: adding VLAN 0 to HW filter on device bond0
[  122.356422][ T5936] 8021q: adding VLAN 0 to HW filter on device team0
[  122.380546][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  122.387664][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  122.399456][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  122.406573][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  123.001460][ T5936] 8021q: adding VLAN 0 to HW filter on device batadv0
[  123.042637][ T5936] veth0_vlan: entered promiscuous mode
[  123.071038][ T5936] veth1_vlan: entered promiscuous mode
[  123.093136][ T5936] veth0_macvtap: entered promiscuous mode
[  123.143315][ T5936] veth1_macvtap: entered promiscuous mode
[  123.162314][ T5936] batman_adv: batadv0: Interface activated: batadv_slave_0
[  123.174996][ T5936] batman_adv: batadv0: Interface activated: batadv_slave_1
[  123.187156][ T5936] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  123.196287][ T5936] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  123.206535][ T5936] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  123.215375][ T5936] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  123.280374][ T3595] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.297965][ T3595] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.324985][ T3595] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.335537][ T3595] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  124.107573][ T5881] Bluetooth: hci0: command tx timeout
2025/01/11 01:14:54 executed programs: 73
[  126.187601][ T5881] Bluetooth: hci0: command tx timeout
[  128.269182][ T5881] Bluetooth: hci0: command tx timeout
2025/01/11 01:14:59 executed programs: 316
[  133.149020][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  133.155736][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
2025/01/11 01:15:05 executed programs: 559
[  135.861413][   T53] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  135.872336][   T53] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  135.881045][   T53] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  135.890487][   T53] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  135.898875][   T53] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  135.906137][   T53] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  135.996459][ T6581] chnl_net:caif_netlink_parms(): no params data found
[  136.041259][ T3595] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  136.081920][ T3595] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  136.093855][ T6581] bridge0: port 1(bridge_slave_0) entered blocking state
[  136.101196][ T6581] bridge0: port 1(bridge_slave_0) entered disabled state
[  136.108462][ T6581] bridge_slave_0: entered allmulticast mode
[  136.114991][ T6581] bridge_slave_0: entered promiscuous mode
[  136.122942][ T6581] bridge0: port 2(bridge_slave_1) entered blocking state
[  136.130176][ T6581] bridge0: port 2(bridge_slave_1) entered disabled state
[  136.137770][ T6581] bridge_slave_1: entered allmulticast mode
[  136.144637][ T6581] bridge_slave_1: entered promiscuous mode
[  136.159531][ T3595] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  136.185194][ T6581] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  136.197185][ T6581] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  136.233395][ T3595] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  136.247089][ T6581] team0: Port device team_slave_0 added
[  136.254233][ T6581] team0: Port device team_slave_1 added
[  136.272882][ T6581] batman_adv: batadv0: Adding interface: batadv_slave_0
[  136.280150][ T6581] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  136.306568][ T6581] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  136.319013][ T6581] batman_adv: batadv0: Adding interface: batadv_slave_1
[  136.325980][ T6581] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  136.352661][ T6581] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  136.403515][ T6581] hsr_slave_0: entered promiscuous mode
[  136.409676][ T6581] hsr_slave_1: entered promiscuous mode
[  136.466167][ T3595] bridge_slave_1: left allmulticast mode
[  136.472856][ T3595] bridge_slave_1: left promiscuous mode
[  136.479031][ T3595] bridge0: port 2(bridge_slave_1) entered disabled state
[  136.488438][ T3595] bridge_slave_0: left allmulticast mode
[  136.494086][ T3595] bridge_slave_0: left promiscuous mode
[  136.500919][ T3595] bridge0: port 1(bridge_slave_0) entered disabled state
[  136.689531][ T3595] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  136.700358][ T3595] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  136.710931][ T3595] bond0 (unregistering): Released all slaves
[  136.975061][ T3595] hsr_slave_0: left promiscuous mode
[  136.982498][ T3595] hsr_slave_1: left promiscuous mode
[  136.993354][ T3595] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  137.000865][ T3595] batman_adv: batadv0: Removing interface: batadv_slave_0
[  137.010536][ T3595] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  137.018593][ T3595] batman_adv: batadv0: Removing interface: batadv_slave_1
[  137.036379][ T3595] veth1_macvtap: left promiscuous mode
[  137.042132][ T3595] veth0_macvtap: left promiscuous mode
[  137.048178][ T3595] veth1_vlan: left promiscuous mode
[  137.053557][ T3595] veth0_vlan: left promiscuous mode
[  137.325913][ T3595] team0 (unregistering): Port device team_slave_1 removed
[  137.352326][ T3595] team0 (unregistering): Port device team_slave_0 removed
[  137.798694][ T6581] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  137.816378][ T6581] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  137.837209][ T6581] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  137.849879][ T6581] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  137.918780][ T6581] 8021q: adding VLAN 0 to HW filter on device bond0
[  137.944196][ T6581] 8021q: adding VLAN 0 to HW filter on device team0
[  137.956138][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.963306][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[  137.972554][ T5881] Bluetooth: hci1: command tx timeout
[  137.989103][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.996272][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[  138.145720][ T6581] 8021q: adding VLAN 0 to HW filter on device batadv0
[  138.176459][ T6581] veth0_vlan: entered promiscuous mode
[  138.185680][ T6581] veth1_vlan: entered promiscuous mode
[  138.206860][ T6581] veth0_macvtap: entered promiscuous mode
[  138.216339][ T6581] veth1_macvtap: entered promiscuous mode
[  138.230981][ T6581] batman_adv: batadv0: Interface activated: batadv_slave_0
[  138.243194][ T6581] batman_adv: batadv0: Interface activated: batadv_slave_1
[  138.253822][ T6581] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  138.262920][ T6581] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  138.272023][ T6581] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  138.280891][ T6581] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  138.328880][   T70] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  138.336716][   T70] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  138.361718][   T70] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  138.369645][   T70] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  138.403517][ T6623] ==================================================================
[  138.411590][ T6623] BUG: KASAN: slab-use-after-free in force_devcd_write+0x31f/0x350
[  138.419477][ T6623] Read of size 8 at addr ffff888025cf8000 by task syz.0.616/6623
[  138.427187][ T6623] 
[  138.429509][ T6623] CPU: 1 UID: 0 PID: 6623 Comm: syz.0.616 Not tainted 6.13.0-rc6-syzkaller-00130-g2144da25584e #0
[  138.440078][ T6623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  138.450136][ T6623] Call Trace:
[  138.453406][ T6623]  <TASK>
[  138.456321][ T6623]  dump_stack_lvl+0x116/0x1f0
[  138.461001][ T6623]  print_report+0xc3/0x620
[  138.465411][ T6623]  ? __virt_addr_valid+0x5e/0x590
[  138.470429][ T6623]  ? __phys_addr+0xc6/0x150
[  138.474926][ T6623]  kasan_report+0xd9/0x110
[  138.479333][ T6623]  ? force_devcd_write+0x31f/0x350
[  138.484435][ T6623]  ? force_devcd_write+0x31f/0x350
[  138.489538][ T6623]  force_devcd_write+0x31f/0x350
[  138.494465][ T6623]  ? __pfx_force_devcd_write+0x10/0x10
[  138.499912][ T6623]  ? debugfs_file_get+0x21c/0x5c0
[  138.504930][ T6623]  ? __pfx_debugfs_file_get+0x10/0x10
[  138.510294][ T6623]  ? rcu_is_watching+0x12/0xc0
[  138.515051][ T6623]  ? trace_lock_acquire+0x14e/0x1f0
[  138.520245][ T6623]  full_proxy_write+0xfb/0x1b0
[  138.525001][ T6623]  ? __pfx_full_proxy_write+0x10/0x10
[  138.530363][ T6623]  vfs_write+0x24c/0x1150
[  138.534685][ T6623]  ? __pfx_vfs_write+0x10/0x10
[  138.539442][ T6623]  ? do_futex+0x123/0x350
[  138.543766][ T6623]  ? __pfx_do_futex+0x10/0x10
[  138.548444][ T6623]  ? __x64_sys_futex+0x1e1/0x4c0
[  138.553374][ T6623]  ? __x64_sys_futex+0x1ea/0x4c0
[  138.558309][ T6623]  ksys_write+0x12b/0x250
[  138.562655][ T6623]  ? __pfx_ksys_write+0x10/0x10
[  138.567514][ T6623]  do_syscall_64+0xcd/0x250
[  138.572011][ T6623]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.577895][ T6623] RIP: 0033:0x7f9728d85d29
[  138.582296][ T6623] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  138.601901][ T6623] RSP: 002b:00007ffc395170e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  138.610303][ T6623] RAX: ffffffffffffffda RBX: 00007f9728f75fa0 RCX: 00007f9728d85d29
[  138.618262][ T6623] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  138.626221][ T6623] RBP: 00007f9728e01b08 R08: 0000000000000000 R09: 0000000000000000
[  138.634263][ T6623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  138.642221][ T6623] R13: 00007f9728f75fa0 R14: 00007f9728f75fa0 R15: 00000000000018c7
[  138.650188][ T6623]  </TASK>
[  138.653194][ T6623] 
[  138.655498][ T6623] Allocated by task 5936:
[  138.659806][ T6623]  kasan_save_stack+0x33/0x60
[  138.664477][ T6623]  kasan_save_track+0x14/0x30
[  138.669141][ T6623]  __kasan_kmalloc+0xaa/0xb0
[  138.673719][ T6623]  vhci_open+0x4c/0x430
[  138.677861][ T6623]  misc_open+0x35a/0x420
[  138.682089][ T6623]  chrdev_open+0x237/0x6a0
[  138.686494][ T6623]  do_dentry_open+0xf59/0x1ea0
[  138.691253][ T6623]  vfs_open+0x82/0x3f0
[  138.695314][ T6623]  path_openat+0x1e6a/0x2d60
[  138.699895][ T6623]  do_filp_open+0x20c/0x470
[  138.704388][ T6623]  do_sys_openat2+0x17a/0x1e0
[  138.709068][ T6623]  __x64_sys_openat+0x175/0x210
[  138.713913][ T6623]  do_syscall_64+0xcd/0x250
[  138.718409][ T6623]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.724332][ T6623] 
[  138.726641][ T6623] Freed by task 5936:
[  138.730601][ T6623]  kasan_save_stack+0x33/0x60
[  138.735266][ T6623]  kasan_save_track+0x14/0x30
[  138.739946][ T6623]  kasan_save_free_info+0x3b/0x60
[  138.744956][ T6623]  __kasan_slab_free+0x51/0x70
[  138.749710][ T6623]  kfree+0x14f/0x4b0
[  138.753599][ T6623]  vhci_release+0xbb/0xf0
[  138.757927][ T6623]  __fput+0x3f8/0xb60
[  138.761924][ T6623]  task_work_run+0x14e/0x250
[  138.766509][ T6623]  do_exit+0xad8/0x2d70
[  138.770657][ T6623]  do_group_exit+0xd3/0x2a0
[  138.775150][ T6623]  get_signal+0x2576/0x2610
[  138.779639][ T6623]  arch_do_signal_or_restart+0x90/0x7e0
[  138.785175][ T6623]  syscall_exit_to_user_mode+0x150/0x2a0
[  138.790817][ T6623]  do_syscall_64+0xda/0x250
[  138.795309][ T6623]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.801211][ T6623] 
[  138.803518][ T6623] The buggy address belongs to the object at ffff888025cf8000
[  138.803518][ T6623]  which belongs to the cache kmalloc-1k of size 1024
[  138.817555][ T6623] The buggy address is located 0 bytes inside of
[  138.817555][ T6623]  freed 1024-byte region [ffff888025cf8000, ffff888025cf8400)
[  138.831248][ T6623] 
[  138.833553][ T6623] The buggy address belongs to the physical page:
[  138.839952][ T6623] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x25cf8
[  138.848699][ T6623] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  138.857184][ T6623] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  138.864726][ T6623] page_type: f5(slab)
[  138.868711][ T6623] raw: 00fff00000000040 ffff88801ac41dc0 dead000000000122 0000000000000000
[  138.877280][ T6623] raw: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000
[  138.885862][ T6623] head: 00fff00000000040 ffff88801ac41dc0 dead000000000122 0000000000000000
[  138.894549][ T6623] head: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000
[  138.903209][ T6623] head: 00fff00000000003 ffffea0000973e01 ffffffffffffffff 0000000000000000
[  138.911876][ T6623] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  138.920566][ T6623] page dumped because: kasan: bad access detected
[  138.926977][ T6623] page_owner tracks the page as allocated
[  138.932678][ T6623] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5936, tgid 5936 (syz-executor), ts 119937409855, free_ts 119709037412
[  138.954222][ T6623]  post_alloc_hook+0x2d1/0x350
[  138.959027][ T6623]  get_page_from_freelist+0xfce/0x2f80
[  138.964496][ T6623]  __alloc_pages_noprof+0x223/0x25b0
[  138.969785][ T6623]  alloc_pages_mpol_noprof+0x2c9/0x610
[  138.975254][ T6623]  new_slab+0x2c9/0x410
[  138.979415][ T6623]  ___slab_alloc+0xce2/0x1650
[  138.984091][ T6623]  __slab_alloc.constprop.0+0x56/0xb0
[  138.989465][ T6623]  __kmalloc_cache_noprof+0xf6/0x420
[  138.994755][ T6623]  vhci_open+0x4c/0x430
[  138.998927][ T6623]  misc_open+0x35a/0x420
[  139.003172][ T6623]  chrdev_open+0x237/0x6a0
[  139.007599][ T6623]  do_dentry_open+0xf59/0x1ea0
[  139.012371][ T6623]  vfs_open+0x82/0x3f0
[  139.016448][ T6623]  path_openat+0x1e6a/0x2d60
[  139.021042][ T6623]  do_filp_open+0x20c/0x470
[  139.025544][ T6623]  do_sys_openat2+0x17a/0x1e0
[  139.030224][ T6623] page last free pid 1205 tgid 1205 stack trace:
[  139.036540][ T6623]  free_unref_page+0x661/0x1080
[  139.041408][ T6623]  qlist_free_all+0x4e/0x120
[  139.046017][ T6623]  kasan_quarantine_reduce+0x195/0x1e0
[  139.051476][ T6623]  __kasan_slab_alloc+0x69/0x90
[  139.056331][ T6623]  __kmalloc_cache_noprof+0x202/0x420
[  139.061733][ T6623]  nsim_fib_event_work+0x1ac3/0x3190
[  139.067018][ T6623]  process_one_work+0x958/0x1b30
[  139.071952][ T6623]  worker_thread+0x6c8/0xf00
[  139.076537][ T6623]  kthread+0x2c1/0x3a0
[  139.080605][ T6623]  ret_from_fork+0x45/0x80
[  139.085017][ T6623]  ret_from_fork_asm+0x1a/0x30
[  139.089785][ T6623] 
[  139.092103][ T6623] Memory state around the buggy address:
[  139.097725][ T6623]  ffff888025cf7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  139.105777][ T6623]  ffff888025cf7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  139.113832][ T6623] >ffff888025cf8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  139.121883][ T6623]                    ^
[  139.125940][ T6623]  ffff888025cf8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  139.134012][ T6623]  ffff888025cf8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  139.142069][ T6623] ==================================================================
[  139.153564][ T6623] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  139.160786][ T6623] CPU: 0 UID: 0 PID: 6623 Comm: syz.0.616 Not tainted 6.13.0-rc6-syzkaller-00130-g2144da25584e #0
[  139.171374][ T6623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  139.181424][ T6623] Call Trace:
[  139.184699][ T6623]  <TASK>
[  139.187626][ T6623]  dump_stack_lvl+0x3d/0x1f0
[  139.192222][ T6623]  panic+0x71d/0x800
[  139.196128][ T6623]  ? __pfx_panic+0x10/0x10
[  139.200550][ T6623]  ? preempt_schedule_thunk+0x1a/0x30
[  139.205922][ T6623]  ? preempt_schedule_common+0x44/0xc0
[  139.211384][ T6623]  ? check_panic_on_warn+0x1f/0xb0
[  139.216500][ T6623]  check_panic_on_warn+0xab/0xb0
[  139.221444][ T6623]  end_report+0x117/0x180
[  139.225781][ T6623]  kasan_report+0xe9/0x110
[  139.230201][ T6623]  ? force_devcd_write+0x31f/0x350
[  139.235313][ T6623]  ? force_devcd_write+0x31f/0x350
[  139.240429][ T6623]  force_devcd_write+0x31f/0x350
[  139.245365][ T6623]  ? __pfx_force_devcd_write+0x10/0x10
[  139.250824][ T6623]  ? debugfs_file_get+0x21c/0x5c0
[  139.255856][ T6623]  ? __pfx_debugfs_file_get+0x10/0x10
[  139.261228][ T6623]  ? rcu_is_watching+0x12/0xc0
[  139.265995][ T6623]  ? trace_lock_acquire+0x14e/0x1f0
[  139.271202][ T6623]  full_proxy_write+0xfb/0x1b0
[  139.275969][ T6623]  ? __pfx_full_proxy_write+0x10/0x10
[  139.281344][ T6623]  vfs_write+0x24c/0x1150
[  139.285677][ T6623]  ? __pfx_vfs_write+0x10/0x10
[  139.290439][ T6623]  ? do_futex+0x123/0x350
[  139.294772][ T6623]  ? __pfx_do_futex+0x10/0x10
[  139.299481][ T6623]  ? __x64_sys_futex+0x1e1/0x4c0
[  139.304421][ T6623]  ? __x64_sys_futex+0x1ea/0x4c0
[  139.309375][ T6623]  ksys_write+0x12b/0x250
[  139.313714][ T6623]  ? __pfx_ksys_write+0x10/0x10
[  139.318571][ T6623]  do_syscall_64+0xcd/0x250
[  139.323076][ T6623]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.328978][ T6623] RIP: 0033:0x7f9728d85d29
[  139.333386][ T6623] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  139.352991][ T6623] RSP: 002b:00007ffc395170e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  139.361402][ T6623] RAX: ffffffffffffffda RBX: 00007f9728f75fa0 RCX: 00007f9728d85d29
[  139.369370][ T6623] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  139.377340][ T6623] RBP: 00007f9728e01b08 R08: 0000000000000000 R09: 0000000000000000
[  139.385306][ T6623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  139.393273][ T6623] R13: 00007f9728f75fa0 R14: 00007f9728f75fa0 R15: 00000000000018c7
[  139.401247][ T6623]  </TASK>
[  139.404505][ T6623] Kernel Offset: disabled
[  139.408820][ T6623] Rebooting in 86400 seconds..