Warning: Permanently added '10.128.1.108' (ED25519) to the list of known hosts.
2025/03/02 13:19:27 ignoring optional flag "sandboxArg"="0"
2025/03/02 13:19:28 parsed 1 programs
[   71.682352][ T5835] cgroup: Unknown subsys name 'net'
[   71.848546][ T5835] cgroup: Unknown subsys name 'cpuset'
[   71.856920][ T5835] cgroup: Unknown subsys name 'rlimit'
[   73.280077][ T5835] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   76.003739][ T5842] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   76.503163][ T5855] chnl_net:caif_netlink_parms(): no params data found
[   76.564181][ T5855] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.571895][ T5855] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.579760][ T5855] bridge_slave_0: entered allmulticast mode
[   76.587002][ T5855] bridge_slave_0: entered promiscuous mode
[   76.597947][ T5855] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.605442][ T5855] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.612622][ T5855] bridge_slave_1: entered allmulticast mode
[   76.619943][ T5855] bridge_slave_1: entered promiscuous mode
[   76.647737][ T5855] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   76.660107][ T5855] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   76.688099][ T5855] team0: Port device team_slave_0 added
[   76.696448][ T5855] team0: Port device team_slave_1 added
[   76.717584][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_0
[   76.725129][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   76.751438][ T5855] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   76.764610][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_1
[   76.771565][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   76.797504][ T5855] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   76.827495][ T5855] hsr_slave_0: entered promiscuous mode
[   76.833569][ T5855] hsr_slave_1: entered promiscuous mode
[   76.917096][ T5855] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   76.927143][ T5855] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   76.936870][ T5855] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   76.946311][ T5855] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   76.967137][ T5855] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.974317][ T5855] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.982294][ T5855] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.989412][ T5855] bridge0: port 1(bridge_slave_0) entered forwarding state
[   77.036169][ T5855] 8021q: adding VLAN 0 to HW filter on device bond0
[   77.053555][ T2910] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.062910][ T2910] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.078970][ T5855] 8021q: adding VLAN 0 to HW filter on device team0
[   77.091296][ T3475] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.098420][ T3475] bridge0: port 1(bridge_slave_0) entered forwarding state
[   77.114089][ T2910] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.121227][ T2910] bridge0: port 2(bridge_slave_1) entered forwarding state
[   77.241548][ T5855] 8021q: adding VLAN 0 to HW filter on device batadv0
[   77.273456][ T5855] veth0_vlan: entered promiscuous mode
[   77.283145][ T5855] veth1_vlan: entered promiscuous mode
[   77.307263][ T5855] veth0_macvtap: entered promiscuous mode
[   77.316779][ T5855] veth1_macvtap: entered promiscuous mode
[   77.332233][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.345170][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_1
[   77.356651][ T5855] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.365508][ T5855] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.374230][ T5855] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.384953][ T5855] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.527869][ T2910] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.598478][ T2910] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.650130][ T2910] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.719942][ T2910] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.049023][ T5896] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   78.058081][ T5896] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   78.066144][ T5896] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   78.074450][ T5896] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   78.082147][ T5896] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   78.090378][ T5896] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   78.282258][  T206] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.290378][  T206] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.312980][  T206] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.321219][  T206] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/03/02 13:19:39 executed programs: 0
[   80.040096][ T5896] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   80.048345][ T5896] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   80.056645][ T5896] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   80.066464][ T5896] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   80.074087][ T5896] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   80.082174][ T5896] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   80.187078][ T5943] chnl_net:caif_netlink_parms(): no params data found
[   80.229455][ T5943] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.237016][ T5943] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.244151][ T5943] bridge_slave_0: entered allmulticast mode
[   80.251265][ T5943] bridge_slave_0: entered promiscuous mode
[   80.258745][ T5943] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.266143][ T5943] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.273477][ T5943] bridge_slave_1: entered allmulticast mode
[   80.280322][ T5943] bridge_slave_1: entered promiscuous mode
[   80.302921][ T5943] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   80.315041][ T5943] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   80.340311][ T5943] team0: Port device team_slave_0 added
[   80.348332][ T5943] team0: Port device team_slave_1 added
[   80.367704][ T5943] batman_adv: batadv0: Adding interface: batadv_slave_0
[   80.375041][ T5943] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.401222][ T5943] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   80.413200][ T5943] batman_adv: batadv0: Adding interface: batadv_slave_1
[   80.420551][ T5943] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.446898][ T5943] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   80.477402][ T5943] hsr_slave_0: entered promiscuous mode
[   80.483455][ T5943] hsr_slave_1: entered promiscuous mode
[   80.489658][ T5943] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   80.497575][ T5943] Cannot create hsr debugfs directory
[   80.609080][ T2910] bridge_slave_1: left allmulticast mode
[   80.615818][ T2910] bridge_slave_1: left promiscuous mode
[   80.622028][ T2910] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.633484][ T2910] bridge_slave_0: left allmulticast mode
[   80.640770][ T2910] bridge_slave_0: left promiscuous mode
[   80.646713][ T2910] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.867007][ T2910] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   80.878000][ T2910] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   80.888490][ T2910] bond0 (unregistering): Released all slaves
[   81.021408][ T2910] hsr_slave_0: left promiscuous mode
[   81.029994][ T2910] hsr_slave_1: left promiscuous mode
[   81.038259][ T2910] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   81.046367][ T2910] batman_adv: batadv0: Removing interface: batadv_slave_0
[   81.060478][ T2910] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   81.068064][ T2910] batman_adv: batadv0: Removing interface: batadv_slave_1
[   81.087954][ T2910] veth1_macvtap: left promiscuous mode
[   81.093891][ T2910] veth0_macvtap: left promiscuous mode
[   81.099991][ T2910] veth1_vlan: left promiscuous mode
[   81.108900][ T2910] veth0_vlan: left promiscuous mode
[   81.442268][ T2910] team0 (unregistering): Port device team_slave_1 removed
[   81.470897][ T2910] team0 (unregistering): Port device team_slave_0 removed
[   81.990639][ T5943] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   82.006447][ T5943] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   82.024667][ T5943] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   82.045363][ T5943] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   82.173609][ T5943] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.183572][ T5896] Bluetooth: hci0: command tx timeout
[   82.221671][ T5943] 8021q: adding VLAN 0 to HW filter on device team0
[   82.234241][ T3475] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.241405][ T3475] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.665929][ T3475] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.673043][ T3475] bridge0: port 2(bridge_slave_1) entered forwarding state
[   83.062684][ T5943] 8021q: adding VLAN 0 to HW filter on device batadv0
[   83.146836][ T5943] veth0_vlan: entered promiscuous mode
[   83.157334][ T5943] veth1_vlan: entered promiscuous mode
[   83.262315][ T5943] veth0_macvtap: entered promiscuous mode
[   83.274305][ T5943] veth1_macvtap: entered promiscuous mode
[   83.306522][ T5943] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.335047][ T5943] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.354582][ T5943] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.363337][ T5943] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.387572][ T5943] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.396936][ T5943] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.515931][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.523826][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.586066][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.599869][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.255162][ T5896] Bluetooth: hci0: command tx timeout
2025/03/02 13:19:44 executed programs: 68
[   86.334942][ T5896] Bluetooth: hci0: command tx timeout
[   87.064707][   T25] cfg80211: failed to load regulatory.db
[   88.415207][ T5896] Bluetooth: hci0: command tx timeout
2025/03/02 13:19:49 executed programs: 339
[   94.986396][ T5148] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   94.995661][ T5148] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   95.004008][ T5148] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   95.013277][ T5148] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   95.021918][ T5148] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   95.029966][ T5148] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   95.135997][   T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.152699][ T6632] chnl_net:caif_netlink_parms(): no params data found
[   95.197083][   T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.232123][ T6632] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.239533][ T6632] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.248661][ T6632] bridge_slave_0: entered allmulticast mode
[   95.255824][ T6632] bridge_slave_0: entered promiscuous mode
[   95.271453][   T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.284499][ T6632] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.291636][ T6632] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.299108][ T6632] bridge_slave_1: entered allmulticast mode
[   95.308708][ T6632] bridge_slave_1: entered promiscuous mode
[   95.335170][   T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.356058][ T6632] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   95.367782][ T6632] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   95.397238][ T6632] team0: Port device team_slave_0 added
[   95.405662][ T6632] team0: Port device team_slave_1 added
[   95.427460][ T6632] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.434490][ T6632] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.460464][ T6632] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   95.479143][ T6632] batman_adv: batadv0: Adding interface: batadv_slave_1
[   95.486743][ T6632] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.512942][ T6632] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.581150][   T11] bridge_slave_1: left allmulticast mode
[   95.587713][   T11] bridge_slave_1: left promiscuous mode
[   95.594280][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.602970][   T11] bridge_slave_0: left allmulticast mode
[   95.609348][   T11] bridge_slave_0: left promiscuous mode
[   95.615316][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.832121][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   95.842753][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   95.852821][   T11] bond0 (unregistering): Released all slaves
[   95.878252][ T6632] hsr_slave_0: entered promiscuous mode
[   95.884218][ T6632] hsr_slave_1: entered promiscuous mode
[   96.168947][   T11] hsr_slave_0: left promiscuous mode
[   96.180490][   T11] hsr_slave_1: left promiscuous mode
[   96.186879][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   96.194298][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[   96.202939][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   96.210740][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[   96.228313][   T11] veth1_macvtap: left promiscuous mode
[   96.233886][   T11] veth0_macvtap: left promiscuous mode
[   96.240717][   T11] veth1_vlan: left promiscuous mode
[   96.246219][   T11] veth0_vlan: left promiscuous mode
[   96.531997][   T11] team0 (unregistering): Port device team_slave_1 removed
[   96.561932][   T11] team0 (unregistering): Port device team_slave_0 removed
[   97.052689][ T6632] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   97.059529][ T5896] Bluetooth: hci1: command tx timeout
[   97.072496][ T6632] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   97.082828][ T6632] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   97.096762][ T6632] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   97.197122][ T6632] 8021q: adding VLAN 0 to HW filter on device bond0
[   97.217540][ T6632] 8021q: adding VLAN 0 to HW filter on device team0
[   97.231069][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.238243][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.253365][ T2910] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.260455][ T2910] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.377084][ T6632] 8021q: adding VLAN 0 to HW filter on device batadv0
[   97.410745][ T6632] veth0_vlan: entered promiscuous mode
[   97.421735][ T6632] veth1_vlan: entered promiscuous mode
[   97.441153][ T6632] veth0_macvtap: entered promiscuous mode
[   97.449203][ T6632] veth1_macvtap: entered promiscuous mode
[   97.462281][ T6632] batman_adv: batadv0: Interface activated: batadv_slave_0
[   97.475840][ T6632] batman_adv: batadv0: Interface activated: batadv_slave_1
[   97.487905][ T6632] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   97.497717][ T6632] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   97.506843][ T6632] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   97.515626][ T6632] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   97.565043][ T2910] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.573625][ T2910] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.598068][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.606398][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/03/02 13:19:57 executed programs: 602
[   97.658010][ T6675] ==================================================================
[   97.666094][ T6675] BUG: KASAN: slab-use-after-free in force_devcd_write+0x317/0x330
[   97.673996][ T6675] Read of size 8 at addr ffff8880278bb800 by task syz.0.616/6675
[   97.681819][ T6675] 
[   97.684144][ T6675] CPU: 0 UID: 0 PID: 6675 Comm: syz.0.616 Not tainted 6.14.0-rc4-syzkaller-00278-gece144f151ac #0
[   97.684160][ T6675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   97.684171][ T6675] Call Trace:
[   97.684176][ T6675]  <TASK>
[   97.684185][ T6675]  dump_stack_lvl+0x116/0x1f0
[   97.684208][ T6675]  print_report+0xc3/0x670
[   97.684229][ T6675]  ? __virt_addr_valid+0x5e/0x590
[   97.684242][ T6675]  ? __phys_addr+0xc6/0x150
[   97.684258][ T6675]  kasan_report+0xd9/0x110
[   97.684275][ T6675]  ? force_devcd_write+0x317/0x330
[   97.684300][ T6675]  ? force_devcd_write+0x317/0x330
[   97.684326][ T6675]  force_devcd_write+0x317/0x330
[   97.684350][ T6675]  ? __pfx_force_devcd_write+0x10/0x10
[   97.684373][ T6675]  ? __debugfs_file_get+0x1ff/0x850
[   97.684399][ T6675]  ? __pfx___debugfs_file_get+0x10/0x10
[   97.684424][ T6675]  ? rcu_is_watching+0x12/0xc0
[   97.684442][ T6675]  ? trace_lock_acquire+0x14e/0x1f0
[   97.684457][ T6675]  full_proxy_write+0x13c/0x200
[   97.684473][ T6675]  ? __pfx_full_proxy_write+0x10/0x10
[   97.684488][ T6675]  vfs_write+0x24c/0x1150
[   97.684507][ T6675]  ? __pfx_vfs_write+0x10/0x10
[   97.684522][ T6675]  ? do_futex+0x123/0x350
[   97.684537][ T6675]  ? __pfx_do_futex+0x10/0x10
[   97.684553][ T6675]  ? __x64_sys_futex+0x1e1/0x4c0
[   97.684568][ T6675]  ? __x64_sys_futex+0x1ea/0x4c0
[   97.684590][ T6675]  ksys_write+0x12b/0x250
[   97.684606][ T6675]  ? __pfx_ksys_write+0x10/0x10
[   97.684629][ T6675]  do_syscall_64+0xcd/0x250
[   97.684646][ T6675]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.684665][ T6675] RIP: 0033:0x7f7edb98d169
[   97.684676][ T6675] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   97.684692][ T6675] RSP: 002b:00007fff4d4c8798 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   97.684704][ T6675] RAX: ffffffffffffffda RBX: 00007f7edbba5fa0 RCX: 00007f7edb98d169
[   97.684713][ T6675] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[   97.684725][ T6675] RBP: 00007f7edba0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   97.684733][ T6675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   97.684740][ T6675] R13: 00007f7edbba5fa0 R14: 00007f7edbba5fa0 R15: 0000000000000003
[   97.684751][ T6675]  </TASK>
[   97.684756][ T6675] 
[   97.910467][ T6675] Allocated by task 5943:
[   97.914784][ T6675]  kasan_save_stack+0x33/0x60
[   97.919466][ T6675]  kasan_save_track+0x14/0x30
[   97.924151][ T6675]  __kasan_kmalloc+0xaa/0xb0
[   97.928738][ T6675]  vhci_open+0x4c/0x430
[   97.932891][ T6675]  misc_open+0x35a/0x420
[   97.937125][ T6675]  chrdev_open+0x237/0x6a0
[   97.941541][ T6675]  do_dentry_open+0x735/0x1c40
[   97.946305][ T6675]  vfs_open+0x82/0x3f0
[   97.950364][ T6675]  path_openat+0x1e88/0x2d80
[   97.954953][ T6675]  do_filp_open+0x20c/0x470
[   97.959458][ T6675]  do_sys_openat2+0x17a/0x1e0
[   97.964126][ T6675]  __x64_sys_openat+0x175/0x210
[   97.968967][ T6675]  do_syscall_64+0xcd/0x250
[   97.973488][ T6675]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.979378][ T6675] 
[   97.981694][ T6675] Freed by task 5943:
[   97.985666][ T6675]  kasan_save_stack+0x33/0x60
[   97.990374][ T6675]  kasan_save_track+0x14/0x30
[   97.995049][ T6675]  kasan_save_free_info+0x3b/0x60
[   98.000085][ T6675]  __kasan_slab_free+0x51/0x70
[   98.004858][ T6675]  kfree+0x2c4/0x4d0
[   98.008750][ T6675]  vhci_release+0xbb/0xf0
[   98.013079][ T6675]  __fput+0x3ff/0xb70
[   98.017051][ T6675]  task_work_run+0x14e/0x250
[   98.021637][ T6675]  do_exit+0xad8/0x2d70
[   98.025788][ T6675]  do_group_exit+0xd3/0x2a0
[   98.030282][ T6675]  get_signal+0x24ed/0x26c0
[   98.034785][ T6675]  arch_do_signal_or_restart+0x90/0x7e0
[   98.040324][ T6675]  syscall_exit_to_user_mode+0x150/0x2a0
[   98.045955][ T6675]  do_syscall_64+0xda/0x250
[   98.050460][ T6675]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.056362][ T6675] 
[   98.058677][ T6675] The buggy address belongs to the object at ffff8880278bb800
[   98.058677][ T6675]  which belongs to the cache kmalloc-1k of size 1024
[   98.072738][ T6675] The buggy address is located 0 bytes inside of
[   98.072738][ T6675]  freed 1024-byte region [ffff8880278bb800, ffff8880278bbc00)
[   98.086459][ T6675] 
[   98.088777][ T6675] The buggy address belongs to the physical page:
[   98.095185][ T6675] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x278b8
[   98.103945][ T6675] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   98.112439][ T6675] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   98.119986][ T6675] page_type: f5(slab)
[   98.123961][ T6675] raw: 00fff00000000040 ffff88801b041dc0 dead000000000100 dead000000000122
[   98.132541][ T6675] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   98.141120][ T6675] head: 00fff00000000040 ffff88801b041dc0 dead000000000100 dead000000000122
[   98.149780][ T6675] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   98.158444][ T6675] head: 00fff00000000003 ffffea00009e2e01 ffffffffffffffff 0000000000000000
[   98.167109][ T6675] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   98.175766][ T6675] page dumped because: kasan: bad access detected
[   98.182199][ T6675] page_owner tracks the page as allocated
[   98.187906][ T6675] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5602, tgid 5602 (dhcpcd-run-hook), ts 43904844408, free_ts 43860428471
[   98.209530][ T6675]  post_alloc_hook+0x181/0x1b0
[   98.214298][ T6675]  get_page_from_freelist+0xfce/0x2f80
[   98.219764][ T6675]  __alloc_frozen_pages_noprof+0x221/0x2470
[   98.225680][ T6675]  alloc_pages_mpol+0x1fc/0x540
[   98.230521][ T6675]  new_slab+0x23d/0x330
[   98.234674][ T6675]  ___slab_alloc+0xc5d/0x1720
[   98.239346][ T6675]  __slab_alloc.constprop.0+0x56/0xb0
[   98.244727][ T6675]  __kmalloc_noprof+0x2ec/0x510
[   98.249580][ T6675]  load_elf_phdrs+0x103/0x210
[   98.254263][ T6675]  load_elf_binary+0x1f8/0x4fc0
[   98.259117][ T6675]  bprm_execve+0x8dd/0x16d0
[   98.263620][ T6675]  do_execveat_common.isra.0+0x4a2/0x610
[   98.269256][ T6675]  __x64_sys_execve+0x8c/0xb0
[   98.273945][ T6675]  do_syscall_64+0xcd/0x250
[   98.278448][ T6675]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.284438][ T6675] page last free pid 5598 tgid 5598 stack trace:
[   98.290757][ T6675]  free_frozen_pages+0x6db/0xfb0
[   98.295712][ T6675]  __put_partials+0x14c/0x170
[   98.300388][ T6675]  qlist_free_all+0x4e/0x120
[   98.304979][ T6675]  kasan_quarantine_reduce+0x195/0x1e0
[   98.310451][ T6675]  __kasan_slab_alloc+0x69/0x90
[   98.315317][ T6675]  __kmalloc_noprof+0x1cd/0x510
[   98.320187][ T6675]  tomoyo_supervisor+0x46c/0x1380
[   98.325222][ T6675]  tomoyo_path_permission+0x270/0x3b0
[   98.330597][ T6675]  tomoyo_path_perm+0x364/0x460
[   98.335445][ T6675]  security_inode_getattr+0x116/0x290
[   98.340820][ T6675]  vfs_fstat+0x4b/0xd0
[   98.344882][ T6675]  vfs_fstatat+0xbc/0xf0
[   98.349122][ T6675]  __do_sys_newfstatat+0xa2/0x130
[   98.354138][ T6675]  do_syscall_64+0xcd/0x250
[   98.358641][ T6675]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.364623][ T6675] 
[   98.366937][ T6675] Memory state around the buggy address:
[   98.372556][ T6675]  ffff8880278bb700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   98.380637][ T6675]  ffff8880278bb780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   98.388692][ T6675] >ffff8880278bb800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   98.396743][ T6675]                    ^
[   98.400807][ T6675]  ffff8880278bb880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   98.408867][ T6675]  ffff8880278bb900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   98.416918][ T6675] ==================================================================
[   98.438541][ T6675] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   98.445766][ T6675] CPU: 0 UID: 0 PID: 6675 Comm: syz.0.616 Not tainted 6.14.0-rc4-syzkaller-00278-gece144f151ac #0
[   98.456356][ T6675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   98.466402][ T6675] Call Trace:
[   98.469670][ T6675]  <TASK>
[   98.472591][ T6675]  dump_stack_lvl+0x3d/0x1f0
[   98.477184][ T6675]  panic+0x71d/0x800
[   98.481078][ T6675]  ? __pfx_panic+0x10/0x10
[   98.485489][ T6675]  ? preempt_schedule_thunk+0x1a/0x30
[   98.490859][ T6675]  ? preempt_schedule_common+0x44/0xc0
[   98.496319][ T6675]  ? check_panic_on_warn+0x1f/0xb0
[   98.501534][ T6675]  check_panic_on_warn+0xab/0xb0
[   98.506480][ T6675]  end_report+0x117/0x180
[   98.510818][ T6675]  kasan_report+0xe9/0x110
[   98.515238][ T6675]  ? force_devcd_write+0x317/0x330
[   98.520352][ T6675]  ? force_devcd_write+0x317/0x330
[   98.525465][ T6675]  force_devcd_write+0x317/0x330
[   98.530402][ T6675]  ? __pfx_force_devcd_write+0x10/0x10
[   98.535857][ T6675]  ? __debugfs_file_get+0x1ff/0x850
[   98.541052][ T6675]  ? __pfx___debugfs_file_get+0x10/0x10
[   98.546597][ T6675]  ? rcu_is_watching+0x12/0xc0
[   98.551355][ T6675]  ? trace_lock_acquire+0x14e/0x1f0
[   98.556549][ T6675]  full_proxy_write+0x13c/0x200
[   98.561396][ T6675]  ? __pfx_full_proxy_write+0x10/0x10
[   98.566764][ T6675]  vfs_write+0x24c/0x1150
[   98.571099][ T6675]  ? __pfx_vfs_write+0x10/0x10
[   98.575859][ T6675]  ? do_futex+0x123/0x350
[   98.580185][ T6675]  ? __pfx_do_futex+0x10/0x10
[   98.584862][ T6675]  ? __x64_sys_futex+0x1e1/0x4c0
[   98.589791][ T6675]  ? __x64_sys_futex+0x1ea/0x4c0
[   98.594726][ T6675]  ksys_write+0x12b/0x250
[   98.599057][ T6675]  ? __pfx_ksys_write+0x10/0x10
[   98.603910][ T6675]  do_syscall_64+0xcd/0x250
[   98.608412][ T6675]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.614306][ T6675] RIP: 0033:0x7f7edb98d169
[   98.618717][ T6675] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   98.638329][ T6675] RSP: 002b:00007fff4d4c8798 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   98.646739][ T6675] RAX: ffffffffffffffda RBX: 00007f7edbba5fa0 RCX: 00007f7edb98d169
[   98.654701][ T6675] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[   98.662662][ T6675] RBP: 00007f7edba0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   98.670622][ T6675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   98.678584][ T6675] R13: 00007f7edbba5fa0 R14: 00007f7edbba5fa0 R15: 0000000000000003
[   98.686554][ T6675]  </TASK>
[   98.689699][ T6675] Kernel Offset: disabled
[   98.694013][ T6675] Rebooting in 86400 seconds..