Warning: Permanently added '10.128.0.175' (ED25519) to the list of known hosts.
2024/12/21 05:35:26 ignoring optional flag "sandboxArg"="0"
2024/12/21 05:35:27 parsed 1 programs
[   99.354823][ T5833] cgroup: Unknown subsys name 'net'
[   99.520016][ T5833] cgroup: Unknown subsys name 'cpuset'
[   99.527689][ T5833] cgroup: Unknown subsys name 'rlimit'
[  100.928445][ T5833] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  103.358420][ T5846] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  104.349260][ T5148] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  104.357221][ T5148] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  104.364711][ T5148] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  104.374009][ T5148] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  104.382560][ T5148] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  104.389922][ T5148] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  104.604463][ T3521] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.623472][ T3521] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.636425][ T3521] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.644346][ T3521] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.269244][ T5888] chnl_net:caif_netlink_parms(): no params data found
[  105.322073][ T5888] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.330499][ T5888] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.339766][ T5888] bridge_slave_0: entered allmulticast mode
[  105.346379][ T5888] bridge_slave_0: entered promiscuous mode
[  105.355876][ T5888] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.363616][ T5888] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.370914][ T5888] bridge_slave_1: entered allmulticast mode
[  105.377506][ T5888] bridge_slave_1: entered promiscuous mode
[  105.401905][ T5888] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  105.414074][ T5888] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  105.438804][ T5888] team0: Port device team_slave_0 added
[  105.445717][ T5888] team0: Port device team_slave_1 added
[  105.463027][ T5888] batman_adv: batadv0: Adding interface: batadv_slave_0
[  105.470626][ T5888] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.496602][ T5888] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  105.509169][ T5888] batman_adv: batadv0: Adding interface: batadv_slave_1
[  105.516134][ T5888] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.542127][ T5888] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  105.612913][ T5888] hsr_slave_0: entered promiscuous mode
[  105.620383][ T5888] hsr_slave_1: entered promiscuous mode
[  105.730242][ T5888] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  105.741566][ T5888] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  105.752734][ T5888] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  105.761755][ T5888] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  105.829396][ T5888] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.849556][ T5888] 8021q: adding VLAN 0 to HW filter on device team0
[  105.860670][ T3470] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.867846][ T3470] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.881306][ T1006] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.888442][ T1006] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.008725][ T5888] 8021q: adding VLAN 0 to HW filter on device batadv0
[  106.040157][ T5888] veth0_vlan: entered promiscuous mode
[  106.051134][ T5888] veth1_vlan: entered promiscuous mode
[  106.069982][ T5888] veth0_macvtap: entered promiscuous mode
[  106.081615][ T5888] veth1_macvtap: entered promiscuous mode
[  106.095590][ T5888] batman_adv: batadv0: Interface activated: batadv_slave_0
[  106.109960][ T5888] batman_adv: batadv0: Interface activated: batadv_slave_1
[  106.120891][ T5888] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  106.130125][ T5888] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  106.139261][ T5888] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  106.148669][ T5888] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  106.255410][ T1006] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.359456][ T1006] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.441026][ T1006] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.514152][ T1006] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2024/12/21 05:35:37 executed programs: 0
[  107.424386][ T5148] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  107.433564][ T5148] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  107.441536][ T5148] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  107.450126][ T5148] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  107.457878][ T5148] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  107.465354][ T5148] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  107.562124][ T5933] chnl_net:caif_netlink_parms(): no params data found
[  107.602022][ T5933] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.609397][ T5933] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.616559][ T5933] bridge_slave_0: entered allmulticast mode
[  107.623070][ T5933] bridge_slave_0: entered promiscuous mode
[  107.633018][ T5933] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.640304][ T5933] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.648101][ T5933] bridge_slave_1: entered allmulticast mode
[  107.654595][ T5933] bridge_slave_1: entered promiscuous mode
[  107.678179][ T5933] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  107.689837][ T5933] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  107.717100][ T5933] team0: Port device team_slave_0 added
[  107.724981][ T5933] team0: Port device team_slave_1 added
[  107.743194][ T5933] batman_adv: batadv0: Adding interface: batadv_slave_0
[  107.750352][ T5933] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.776866][ T5933] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  107.789200][ T5933] batman_adv: batadv0: Adding interface: batadv_slave_1
[  107.796151][ T5933] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.823756][ T5933] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  107.859492][ T5933] hsr_slave_0: entered promiscuous mode
[  107.865534][ T5933] hsr_slave_1: entered promiscuous mode
[  107.871811][ T5933] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  107.879944][ T5933] Cannot create hsr debugfs directory
[  109.538274][   T54] Bluetooth: hci0: command tx timeout
[  109.720912][ T1006] bridge_slave_1: left allmulticast mode
[  109.727068][ T1006] bridge_slave_1: left promiscuous mode
[  109.733135][ T1006] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.753940][ T1006] bridge_slave_0: left allmulticast mode
[  109.759953][ T1006] bridge_slave_0: left promiscuous mode
[  109.765913][ T1006] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.987602][ T1006] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  109.998450][ T1006] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  110.008940][ T1006] bond0 (unregistering): Released all slaves
[  110.105515][ T1006] hsr_slave_0: left promiscuous mode
[  110.115604][ T1006] hsr_slave_1: left promiscuous mode
[  110.121995][ T1006] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  110.132124][ T1006] batman_adv: batadv0: Removing interface: batadv_slave_0
[  110.141508][ T1006] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  110.151626][ T1006] batman_adv: batadv0: Removing interface: batadv_slave_1
[  110.174236][ T1006] veth1_macvtap: left promiscuous mode
[  110.181274][ T1006] veth0_macvtap: left promiscuous mode
[  110.189712][ T1006] veth1_vlan: left promiscuous mode
[  110.195199][ T1006] veth0_vlan: left promiscuous mode
[  110.530003][ T1006] team0 (unregistering): Port device team_slave_1 removed
[  110.555419][ T1006] team0 (unregistering): Port device team_slave_0 removed
[  110.982123][ T5933] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  110.998748][ T5933] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  111.009682][ T5933] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  111.020551][ T5933] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  111.131186][ T5933] 8021q: adding VLAN 0 to HW filter on device bond0
[  111.302611][ T5933] 8021q: adding VLAN 0 to HW filter on device team0
[  111.312628][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.319756][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  111.334619][ T3470] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.341741][ T3470] bridge0: port 2(bridge_slave_1) entered forwarding state
[  111.404936][ T5933] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  111.556383][ T5933] 8021q: adding VLAN 0 to HW filter on device batadv0
[  111.600571][ T5933] veth0_vlan: entered promiscuous mode
[  111.616375][ T5933] veth1_vlan: entered promiscuous mode
[  111.623345][   T54] Bluetooth: hci0: command tx timeout
[  111.652750][ T5933] veth0_macvtap: entered promiscuous mode
[  111.661036][ T5933] veth1_macvtap: entered promiscuous mode
[  111.674782][ T5933] batman_adv: batadv0: Interface activated: batadv_slave_0
[  111.691106][ T5933] batman_adv: batadv0: Interface activated: batadv_slave_1
[  111.703005][ T5933] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  111.711908][ T5933] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  111.720793][ T5933] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  111.729819][ T5933] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  111.774925][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.788382][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.809621][ T3470] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.817864][ T3470] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2024/12/21 05:35:42 executed programs: 30
[  113.706821][   T54] Bluetooth: hci0: command tx timeout
[  115.776869][   T54] Bluetooth: hci0: command tx timeout
2024/12/21 05:35:47 executed programs: 321
2024/12/21 05:35:52 executed programs: 595
[  122.613614][ T5148] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  122.623955][ T5148] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  122.632141][ T5148] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  122.641205][ T5148] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  122.651195][ T5148] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  122.660523][ T5148] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  122.747540][ T6578] chnl_net:caif_netlink_parms(): no params data found
[  122.787538][ T6578] bridge0: port 1(bridge_slave_0) entered blocking state
[  122.794677][ T6578] bridge0: port 1(bridge_slave_0) entered disabled state
[  122.801977][ T6578] bridge_slave_0: entered allmulticast mode
[  122.811173][ T6578] bridge_slave_0: entered promiscuous mode
[  122.821044][ T6578] bridge0: port 2(bridge_slave_1) entered blocking state
[  122.828242][ T6578] bridge0: port 2(bridge_slave_1) entered disabled state
[  122.835404][ T6578] bridge_slave_1: entered allmulticast mode
[  122.842411][ T6578] bridge_slave_1: entered promiscuous mode
[  122.867155][ T3521] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  122.888910][ T6578] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  122.901377][ T6578] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  122.924345][ T6578] team0: Port device team_slave_0 added
[  122.939263][ T3521] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  122.952509][ T6578] team0: Port device team_slave_1 added
[  122.970291][ T6578] batman_adv: batadv0: Adding interface: batadv_slave_0
[  122.980296][ T6578] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  123.006758][ T6578] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  123.027917][ T3521] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  123.042284][ T6578] batman_adv: batadv0: Adding interface: batadv_slave_1
[  123.049304][ T6578] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  123.075860][ T6578] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  123.114077][ T3521] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  123.130975][ T6578] hsr_slave_0: entered promiscuous mode
[  123.137164][ T6578] hsr_slave_1: entered promiscuous mode
[  123.236750][ T3521] bridge_slave_1: left allmulticast mode
[  123.242518][ T3521] bridge_slave_1: left promiscuous mode
[  123.255073][ T3521] bridge0: port 2(bridge_slave_1) entered disabled state
[  123.265954][ T3521] bridge_slave_0: left allmulticast mode
[  123.275335][ T3521] bridge_slave_0: left promiscuous mode
[  123.281735][ T3521] bridge0: port 1(bridge_slave_0) entered disabled state
[  123.498968][ T3521] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  123.510482][ T3521] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  123.520412][ T3521] bond0 (unregistering): Released all slaves
[  123.800735][ T3521] hsr_slave_0: left promiscuous mode
[  123.810342][ T3521] hsr_slave_1: left promiscuous mode
[  123.816247][ T3521] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  123.826316][ T3521] batman_adv: batadv0: Removing interface: batadv_slave_0
[  123.834833][ T3521] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  123.842564][ T3521] batman_adv: batadv0: Removing interface: batadv_slave_1
[  123.862619][ T3521] veth1_macvtap: left promiscuous mode
[  123.868204][ T3521] veth0_macvtap: left promiscuous mode
[  123.873811][ T3521] veth1_vlan: left promiscuous mode
[  123.879691][ T3521] veth0_vlan: left promiscuous mode
[  124.122889][ T3521] team0 (unregistering): Port device team_slave_1 removed
[  124.151604][ T3521] team0 (unregistering): Port device team_slave_0 removed
[  124.523953][ T6578] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  124.550540][ T6578] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  124.561944][ T6578] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  124.573037][ T6578] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  124.657015][ T6578] 8021q: adding VLAN 0 to HW filter on device bond0
[  124.673411][ T6578] 8021q: adding VLAN 0 to HW filter on device team0
[  124.691138][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  124.698297][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  124.715185][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  124.722334][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  124.736871][   T54] Bluetooth: hci1: command tx timeout
[  124.775653][ T6578] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  124.871010][ T6578] 8021q: adding VLAN 0 to HW filter on device batadv0
[  124.902571][ T6578] veth0_vlan: entered promiscuous mode
[  124.911767][ T6578] veth1_vlan: entered promiscuous mode
[  124.932567][ T6578] veth0_macvtap: entered promiscuous mode
[  124.942002][ T6578] veth1_macvtap: entered promiscuous mode
[  124.954770][ T6578] batman_adv: batadv0: Interface activated: batadv_slave_0
[  124.967961][ T6578] batman_adv: batadv0: Interface activated: batadv_slave_1
[  124.979728][ T6578] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  124.988611][ T6578] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  124.997953][ T6578] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  125.006964][ T6578] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  125.054430][ T3470] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  125.069601][ T3470] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  125.091698][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  125.099613][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  125.131791][ T6621] ==================================================================
[  125.139861][ T6621] BUG: KASAN: slab-use-after-free in force_devcd_write+0x31f/0x350
[  125.147763][ T6621] Read of size 8 at addr ffff888074f71800 by task syz.0.616/6621
[  125.155462][ T6621] 
[  125.157787][ T6621] CPU: 1 UID: 0 PID: 6621 Comm: syz.0.616 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0
[  125.168355][ T6621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  125.178416][ T6621] Call Trace:
[  125.181704][ T6621]  <TASK>
[  125.184648][ T6621]  dump_stack_lvl+0x116/0x1f0
[  125.189348][ T6621]  print_report+0xc3/0x620
[  125.193760][ T6621]  ? __virt_addr_valid+0x5e/0x590
[  125.198773][ T6621]  ? __phys_addr+0xc6/0x150
[  125.203273][ T6621]  kasan_report+0xd9/0x110
[  125.207701][ T6621]  ? force_devcd_write+0x31f/0x350
[  125.212798][ T6621]  ? force_devcd_write+0x31f/0x350
[  125.217898][ T6621]  force_devcd_write+0x31f/0x350
[  125.222821][ T6621]  ? __pfx_force_devcd_write+0x10/0x10
[  125.228280][ T6621]  ? debugfs_file_get+0x21c/0x5c0
[  125.233319][ T6621]  ? __pfx_debugfs_file_get+0x10/0x10
[  125.238685][ T6621]  ? rcu_is_watching+0x12/0xc0
[  125.243437][ T6621]  ? trace_lock_acquire+0x14e/0x1f0
[  125.248629][ T6621]  full_proxy_write+0xfb/0x1b0
[  125.253381][ T6621]  ? __pfx_full_proxy_write+0x10/0x10
[  125.258739][ T6621]  vfs_write+0x24c/0x1150
[  125.263056][ T6621]  ? __pfx_vfs_write+0x10/0x10
[  125.267806][ T6621]  ? do_futex+0x123/0x350
[  125.272128][ T6621]  ? __pfx_do_futex+0x10/0x10
[  125.276809][ T6621]  ? __x64_sys_futex+0x1e1/0x4c0
[  125.281763][ T6621]  ? __x64_sys_futex+0x1ea/0x4c0
[  125.286697][ T6621]  ksys_write+0x12b/0x250
[  125.291015][ T6621]  ? __pfx_ksys_write+0x10/0x10
[  125.295856][ T6621]  do_syscall_64+0xcd/0x250
[  125.300357][ T6621]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.306240][ T6621] RIP: 0033:0x7f9d29d85d29
[  125.310727][ T6621] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  125.330328][ T6621] RSP: 002b:00007fff175e41b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  125.338727][ T6621] RAX: ffffffffffffffda RBX: 00007f9d29f75fa0 RCX: 00007f9d29d85d29
[  125.346686][ T6621] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  125.354641][ T6621] RBP: 00007f9d29e01aa8 R08: 0000000000000000 R09: 0000000000000000
[  125.362596][ T6621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  125.370550][ T6621] R13: 00007f9d29f75fa0 R14: 00007f9d29f75fa0 R15: 00000000000018c5
[  125.378527][ T6621]  </TASK>
[  125.381548][ T6621] 
[  125.383853][ T6621] Allocated by task 5933:
[  125.388165][ T6621]  kasan_save_stack+0x33/0x60
[  125.392832][ T6621]  kasan_save_track+0x14/0x30
[  125.397503][ T6621]  __kasan_kmalloc+0xaa/0xb0
[  125.402076][ T6621]  vhci_open+0x4c/0x430
[  125.406218][ T6621]  misc_open+0x35a/0x420
[  125.410446][ T6621]  chrdev_open+0x237/0x6a0
[  125.414847][ T6621]  do_dentry_open+0xf59/0x1ea0
[  125.419599][ T6621]  vfs_open+0x82/0x3f0
[  125.423656][ T6621]  path_openat+0x1e6a/0x2d60
[  125.428244][ T6621]  do_filp_open+0x20c/0x470
[  125.432756][ T6621]  do_sys_openat2+0x17a/0x1e0
[  125.437424][ T6621]  __x64_sys_openat+0x175/0x210
[  125.442263][ T6621]  do_syscall_64+0xcd/0x250
[  125.446753][ T6621]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.452632][ T6621] 
[  125.454938][ T6621] Freed by task 5933:
[  125.458897][ T6621]  kasan_save_stack+0x33/0x60
[  125.463559][ T6621]  kasan_save_track+0x14/0x30
[  125.468222][ T6621]  kasan_save_free_info+0x3b/0x60
[  125.473229][ T6621]  __kasan_slab_free+0x51/0x70
[  125.477991][ T6621]  kfree+0x14f/0x4b0
[  125.481896][ T6621]  vhci_release+0xbb/0xf0
[  125.486208][ T6621]  __fput+0x3f8/0xb60
[  125.490182][ T6621]  task_work_run+0x14e/0x250
[  125.494762][ T6621]  do_exit+0xadd/0x2d70
[  125.498905][ T6621]  do_group_exit+0xd3/0x2a0
[  125.503395][ T6621]  get_signal+0x2576/0x2610
[  125.507884][ T6621]  arch_do_signal_or_restart+0x90/0x7e0
[  125.513416][ T6621]  syscall_exit_to_user_mode+0x150/0x2a0
[  125.519035][ T6621]  do_syscall_64+0xda/0x250
[  125.523522][ T6621]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.529406][ T6621] 
[  125.531711][ T6621] The buggy address belongs to the object at ffff888074f71800
[  125.531711][ T6621]  which belongs to the cache kmalloc-1k of size 1024
[  125.545744][ T6621] The buggy address is located 0 bytes inside of
[  125.545744][ T6621]  freed 1024-byte region [ffff888074f71800, ffff888074f71c00)
[  125.559433][ T6621] 
[  125.561737][ T6621] The buggy address belongs to the physical page:
[  125.568131][ T6621] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x74f70
[  125.576886][ T6621] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  125.585383][ T6621] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  125.592911][ T6621] page_type: f5(slab)
[  125.596876][ T6621] raw: 00fff00000000040 ffff88801ac41dc0 ffffea0000a34a00 dead000000000002
[  125.605447][ T6621] raw: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000
[  125.614012][ T6621] head: 00fff00000000040 ffff88801ac41dc0 ffffea0000a34a00 dead000000000002
[  125.622664][ T6621] head: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000
[  125.631321][ T6621] head: 00fff00000000003 ffffea0001d3dc01 ffffffffffffffff 0000000000000000
[  125.639978][ T6621] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  125.648639][ T6621] page dumped because: kasan: bad access detected
[  125.655037][ T6621] page_owner tracks the page as allocated
[  125.660730][ T6621] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5929, tgid 5929 (syz-executor), ts 107044636227, free_ts 106796113823
[  125.682242][ T6621]  post_alloc_hook+0x2d1/0x350
[  125.686999][ T6621]  get_page_from_freelist+0xfce/0x2f80
[  125.692448][ T6621]  __alloc_pages_noprof+0x223/0x25b0
[  125.697723][ T6621]  alloc_pages_mpol_noprof+0x2c9/0x610
[  125.703172][ T6621]  new_slab+0x2c9/0x410
[  125.707316][ T6621]  ___slab_alloc+0xce2/0x1650
[  125.711979][ T6621]  __slab_alloc.constprop.0+0x56/0xb0
[  125.717338][ T6621]  __kmalloc_noprof+0x2de/0x4f0
[  125.722177][ T6621]  __alloc_workqueue+0xd4c/0x1810
[  125.727202][ T6621]  alloc_workqueue+0xd3/0x200
[  125.731892][ T6621]  tipc_topsrv_init_net+0x3df/0x970
[  125.737078][ T6621]  ops_init+0x1df/0x5f0
[  125.741232][ T6621]  setup_net+0x21f/0x860
[  125.745482][ T6621]  copy_net_ns+0x2b4/0x6c0
[  125.749883][ T6621]  create_new_namespaces+0x3ea/0xad0
[  125.755155][ T6621]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  125.760773][ T6621] page last free pid 5909 tgid 5909 stack trace:
[  125.767077][ T6621]  free_unref_page+0x661/0x1080
[  125.771919][ T6621]  vfree+0x17a/0x890
[  125.775797][ T6621]  kcov_put+0x2a/0x40
[  125.779783][ T6621]  kcov_close+0xd/0x20
[  125.783884][ T6621]  __fput+0x3f8/0xb60
[  125.787859][ T6621]  task_work_run+0x14e/0x250
[  125.792447][ T6621]  do_exit+0xadd/0x2d70
[  125.796594][ T6621]  do_group_exit+0xd3/0x2a0
[  125.801086][ T6621]  get_signal+0x2576/0x2610
[  125.805577][ T6621]  arch_do_signal_or_restart+0x90/0x7e0
[  125.811113][ T6621]  syscall_exit_to_user_mode+0x150/0x2a0
[  125.816734][ T6621]  do_syscall_64+0xda/0x250
[  125.821224][ T6621]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.827117][ T6621] 
[  125.829438][ T6621] Memory state around the buggy address:
[  125.835048][ T6621]  ffff888074f71700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  125.843092][ T6621]  ffff888074f71780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  125.851138][ T6621] >ffff888074f71800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  125.859179][ T6621]                    ^
[  125.863226][ T6621]  ffff888074f71880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  125.871271][ T6621]  ffff888074f71900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  125.879323][ T6621] ==================================================================
[  125.889914][ T6621] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  125.897130][ T6621] CPU: 1 UID: 0 PID: 6621 Comm: syz.0.616 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0
[  125.907741][ T6621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  125.917799][ T6621] Call Trace:
[  125.921065][ T6621]  <TASK>
[  125.923983][ T6621]  dump_stack_lvl+0x3d/0x1f0
[  125.928573][ T6621]  panic+0x71d/0x800
[  125.932474][ T6621]  ? __pfx_panic+0x10/0x10
[  125.936889][ T6621]  ? preempt_schedule_thunk+0x1a/0x30
[  125.942250][ T6621]  ? preempt_schedule_common+0x44/0xc0
[  125.947714][ T6621]  ? check_panic_on_warn+0x1f/0xb0
[  125.952847][ T6621]  check_panic_on_warn+0xab/0xb0
[  125.957782][ T6621]  end_report+0x117/0x180
[  125.962113][ T6621]  kasan_report+0xe9/0x110
[  125.966523][ T6621]  ? force_devcd_write+0x31f/0x350
[  125.971624][ T6621]  ? force_devcd_write+0x31f/0x350
[  125.976727][ T6621]  force_devcd_write+0x31f/0x350
[  125.981653][ T6621]  ? __pfx_force_devcd_write+0x10/0x10
[  125.987098][ T6621]  ? debugfs_file_get+0x21c/0x5c0
[  125.992117][ T6621]  ? __pfx_debugfs_file_get+0x10/0x10
[  125.997491][ T6621]  ? rcu_is_watching+0x12/0xc0
[  126.002272][ T6621]  ? trace_lock_acquire+0x14e/0x1f0
[  126.007477][ T6621]  full_proxy_write+0xfb/0x1b0
[  126.012244][ T6621]  ? __pfx_full_proxy_write+0x10/0x10
[  126.017617][ T6621]  vfs_write+0x24c/0x1150
[  126.021949][ T6621]  ? __pfx_vfs_write+0x10/0x10
[  126.026712][ T6621]  ? do_futex+0x123/0x350
[  126.031046][ T6621]  ? __pfx_do_futex+0x10/0x10
[  126.035731][ T6621]  ? __x64_sys_futex+0x1e1/0x4c0
[  126.040673][ T6621]  ? __x64_sys_futex+0x1ea/0x4c0
[  126.045617][ T6621]  ksys_write+0x12b/0x250
[  126.049948][ T6621]  ? __pfx_ksys_write+0x10/0x10
[  126.054806][ T6621]  do_syscall_64+0xcd/0x250
[  126.059314][ T6621]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  126.065213][ T6621] RIP: 0033:0x7f9d29d85d29
[  126.069625][ T6621] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  126.089233][ T6621] RSP: 002b:00007fff175e41b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  126.097648][ T6621] RAX: ffffffffffffffda RBX: 00007f9d29f75fa0 RCX: 00007f9d29d85d29
[  126.105630][ T6621] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  126.113607][ T6621] RBP: 00007f9d29e01aa8 R08: 0000000000000000 R09: 0000000000000000
[  126.121580][ T6621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  126.129550][ T6621] R13: 00007f9d29f75fa0 R14: 00007f9d29f75fa0 R15: 00000000000018c5
[  126.137526][ T6621]  </TASK>
[  126.140781][ T6621] Kernel Offset: disabled
[  126.145091][ T6621] Rebooting in 86400 seconds..