Warning: Permanently added '10.128.1.34' (ED25519) to the list of known hosts.
2025/02/09 00:48:05 ignoring optional flag "sandboxArg"="0"
2025/02/09 00:48:07 parsed 1 programs
[   72.316214][ T5834] cgroup: Unknown subsys name 'net'
[   72.499632][ T5834] cgroup: Unknown subsys name 'cpuset'
[   72.507312][ T5834] cgroup: Unknown subsys name 'rlimit'
[   73.882670][ T5834] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   76.064586][ T5841] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   76.895211][ T5875] chnl_net:caif_netlink_parms(): no params data found
[   76.976530][ T5875] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.983833][ T5875] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.990942][ T5875] bridge_slave_0: entered allmulticast mode
[   76.998581][ T5875] bridge_slave_0: entered promiscuous mode
[   77.012099][ T5875] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.019596][ T5875] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.028049][ T5875] bridge_slave_1: entered allmulticast mode
[   77.035693][ T5875] bridge_slave_1: entered promiscuous mode
[   77.073550][ T5875] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   77.085221][ T5875] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   77.108825][ T5875] team0: Port device team_slave_0 added
[   77.119125][ T5875] team0: Port device team_slave_1 added
[   77.141819][ T5875] batman_adv: batadv0: Adding interface: batadv_slave_0
[   77.148931][ T5875] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   77.175343][ T5875] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   77.189046][ T5875] batman_adv: batadv0: Adding interface: batadv_slave_1
[   77.196077][ T5875] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   77.222098][ T5875] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   77.262450][ T5875] hsr_slave_0: entered promiscuous mode
[   77.268599][ T5875] hsr_slave_1: entered promiscuous mode
[   77.360422][ T5875] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   77.369688][ T5875] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   77.378965][ T5875] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   77.388640][ T5875] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   77.443378][ T5875] 8021q: adding VLAN 0 to HW filter on device bond0
[   77.468593][ T5875] 8021q: adding VLAN 0 to HW filter on device team0
[   77.480368][  T519] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.487615][  T519] bridge0: port 1(bridge_slave_0) entered forwarding state
[   77.503251][  T519] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.510376][  T519] bridge0: port 2(bridge_slave_1) entered forwarding state
[   77.632970][ T5875] 8021q: adding VLAN 0 to HW filter on device batadv0
[   77.668183][ T5875] veth0_vlan: entered promiscuous mode
[   77.679604][ T5875] veth1_vlan: entered promiscuous mode
[   77.702734][ T5875] veth0_macvtap: entered promiscuous mode
[   77.712483][ T5875] veth1_macvtap: entered promiscuous mode
[   77.726676][ T5875] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.740496][ T5875] batman_adv: batadv0: Interface activated: batadv_slave_1
[   77.751187][ T5875] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.760161][ T5875] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.769711][ T5875] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.778538][ T5875] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.905184][  T519] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.958570][  T519] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.031054][  T519] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.141026][  T519] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.755564][   T56] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   78.764925][   T56] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   78.772967][   T56] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   78.782256][   T56] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   78.790814][   T56] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   78.798434][   T56] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   79.654768][   T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.662735][   T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.701165][   T69] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.709199][   T69] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/02/09 00:48:17 executed programs: 0
[   80.203253][   T56] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   80.211609][   T56] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   80.220434][   T56] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   80.229119][   T56] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   80.237873][   T56] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   80.245513][   T56] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   80.342568][ T5942] chnl_net:caif_netlink_parms(): no params data found
[   80.388064][ T5942] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.395246][ T5942] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.402352][ T5942] bridge_slave_0: entered allmulticast mode
[   80.409303][ T5942] bridge_slave_0: entered promiscuous mode
[   80.416825][ T5942] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.424672][ T5942] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.431857][ T5942] bridge_slave_1: entered allmulticast mode
[   80.438858][ T5942] bridge_slave_1: entered promiscuous mode
[   80.459756][ T5942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   80.470803][ T5942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   80.496596][ T5942] team0: Port device team_slave_0 added
[   80.504025][ T5942] team0: Port device team_slave_1 added
[   80.522836][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_0
[   80.530095][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.556493][ T5942] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   80.568780][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_1
[   80.576198][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.602206][ T5942] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   80.632551][ T5942] hsr_slave_0: entered promiscuous mode
[   80.638688][ T5942] hsr_slave_1: entered promiscuous mode
[   80.644811][ T5942] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   80.652519][ T5942] Cannot create hsr debugfs directory
[   81.369795][  T519] bridge_slave_1: left allmulticast mode
[   81.376484][  T519] bridge_slave_1: left promiscuous mode
[   81.382589][  T519] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.395601][  T519] bridge_slave_0: left allmulticast mode
[   81.401247][  T519] bridge_slave_0: left promiscuous mode
[   81.407408][  T519] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.638397][  T519] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   81.650691][  T519] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   81.661015][  T519] bond0 (unregistering): Released all slaves
[   81.746560][  T519] hsr_slave_0: left promiscuous mode
[   81.752614][  T519] hsr_slave_1: left promiscuous mode
[   81.759357][  T519] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   81.772974][  T519] batman_adv: batadv0: Removing interface: batadv_slave_0
[   81.782028][  T519] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   81.792122][  T519] batman_adv: batadv0: Removing interface: batadv_slave_1
[   81.814912][  T519] veth1_macvtap: left promiscuous mode
[   81.820782][  T519] veth0_macvtap: left promiscuous mode
[   81.828960][  T519] veth1_vlan: left promiscuous mode
[   81.835176][  T519] veth0_vlan: left promiscuous mode
[   82.296905][ T5147] Bluetooth: hci0: command tx timeout
[   82.324256][  T519] team0 (unregistering): Port device team_slave_1 removed
[   82.367334][  T519] team0 (unregistering): Port device team_slave_0 removed
[   82.877555][ T5942] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   82.891864][ T5942] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   82.914525][ T5942] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   82.934512][ T5942] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   83.046678][ T5942] 8021q: adding VLAN 0 to HW filter on device bond0
[   83.248325][ T5942] 8021q: adding VLAN 0 to HW filter on device team0
[   83.261713][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.269391][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   83.286671][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.293832][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   83.547869][ T5942] 8021q: adding VLAN 0 to HW filter on device batadv0
[   83.610128][ T5942] veth0_vlan: entered promiscuous mode
[   83.621173][ T5942] veth1_vlan: entered promiscuous mode
[   83.648958][ T5942] veth0_macvtap: entered promiscuous mode
[   83.659374][ T5942] veth1_macvtap: entered promiscuous mode
[   83.677093][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.691693][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.702797][ T5942] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.711971][ T5942] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.721108][ T5942] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.730700][ T5942] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.807495][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.823634][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.859789][   T54] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.876374][   T54] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.384429][ T5147] Bluetooth: hci0: command tx timeout
2025/02/09 00:48:22 executed programs: 69
[   86.453888][ T5147] Bluetooth: hci0: command tx timeout
[   87.015762][   T53] cfg80211: failed to load regulatory.db
[   88.534974][ T5147] Bluetooth: hci0: command tx timeout
2025/02/09 00:48:27 executed programs: 329
2025/02/09 00:48:32 executed programs: 589
[   95.479636][   T56] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   95.500154][   T56] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   95.511086][   T56] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   95.520697][   T56] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   95.528383][   T56] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   95.536438][   T56] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   95.629578][ T6590] chnl_net:caif_netlink_parms(): no params data found
[   95.664513][   T54] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.713457][   T54] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.732113][ T6590] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.739380][ T6590] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.746592][ T6590] bridge_slave_0: entered allmulticast mode
[   95.753101][ T6590] bridge_slave_0: entered promiscuous mode
[   95.760432][ T6590] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.768012][ T6590] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.775565][ T6590] bridge_slave_1: entered allmulticast mode
[   95.783125][ T6590] bridge_slave_1: entered promiscuous mode
[   95.797432][   T54] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.826235][ T6590] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   95.837106][ T6590] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   95.866033][   T54] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.888440][ T6590] team0: Port device team_slave_0 added
[   95.896992][ T6590] team0: Port device team_slave_1 added
[   95.914993][ T6590] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.921961][ T6590] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.948129][ T6590] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   95.960221][ T6590] batman_adv: batadv0: Adding interface: batadv_slave_1
[   95.967897][ T6590] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.995887][ T6590] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   96.035273][ T6590] hsr_slave_0: entered promiscuous mode
[   96.041305][ T6590] hsr_slave_1: entered promiscuous mode
[   96.123274][   T54] bridge_slave_1: left allmulticast mode
[   96.129117][   T54] bridge_slave_1: left promiscuous mode
[   96.135027][   T54] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.144632][   T54] bridge_slave_0: left allmulticast mode
[   96.150272][   T54] bridge_slave_0: left promiscuous mode
[   96.156224][   T54] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.370765][   T54] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   96.381805][   T54] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   96.391647][   T54] bond0 (unregistering): Released all slaves
[   96.670798][   T54] hsr_slave_0: left promiscuous mode
[   96.685523][   T54] hsr_slave_1: left promiscuous mode
[   96.691384][   T54] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   96.699178][   T54] batman_adv: batadv0: Removing interface: batadv_slave_0
[   96.708260][   T54] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   96.717359][   T54] batman_adv: batadv0: Removing interface: batadv_slave_1
[   96.736259][   T54] veth1_macvtap: left promiscuous mode
[   96.741815][   T54] veth0_macvtap: left promiscuous mode
[   96.747914][   T54] veth1_vlan: left promiscuous mode
[   96.753230][   T54] veth0_vlan: left promiscuous mode
[   97.063408][   T54] team0 (unregistering): Port device team_slave_1 removed
[   97.092793][   T54] team0 (unregistering): Port device team_slave_0 removed
[   97.484682][ T6590] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   97.507788][ T6590] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   97.530606][ T6590] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   97.543541][ T6590] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   97.573903][ T5147] Bluetooth: hci1: command tx timeout
[   97.661104][ T6590] 8021q: adding VLAN 0 to HW filter on device bond0
[   97.682206][ T6590] 8021q: adding VLAN 0 to HW filter on device team0
[   97.695268][   T54] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.702376][   T54] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.733475][   T54] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.740623][   T54] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.852485][ T6590] 8021q: adding VLAN 0 to HW filter on device batadv0
[   97.884422][ T6590] veth0_vlan: entered promiscuous mode
[   97.895060][ T6590] veth1_vlan: entered promiscuous mode
[   97.916755][ T6590] veth0_macvtap: entered promiscuous mode
[   97.925948][ T6590] veth1_macvtap: entered promiscuous mode
[   97.939842][ T6590] batman_adv: batadv0: Interface activated: batadv_slave_0
[   97.951408][ T6590] batman_adv: batadv0: Interface activated: batadv_slave_1
[   97.962305][ T6590] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   97.971560][ T6590] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   97.981067][ T6590] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   97.989959][ T6590] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   98.034393][   T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.042225][   T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.069755][   T69] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.077918][   T69] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.128509][ T6633] ==================================================================
[   98.136589][ T6633] BUG: KASAN: slab-use-after-free in force_devcd_write+0x31f/0x350
[   98.144481][ T6633] Read of size 8 at addr ffff88802647c800 by task syz.0.616/6633
[   98.152178][ T6633] 
[   98.154497][ T6633] CPU: 0 UID: 0 PID: 6633 Comm: syz.0.616 Not tainted 6.14.0-rc1-syzkaller-00187-g8f6629c004b1 #0
[   98.154513][ T6633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   98.154526][ T6633] Call Trace:
[   98.154531][ T6633]  <TASK>
[   98.154539][ T6633]  dump_stack_lvl+0x116/0x1f0
[   98.154566][ T6633]  print_report+0xc3/0x620
[   98.154582][ T6633]  ? __virt_addr_valid+0x5e/0x590
[   98.154595][ T6633]  ? __phys_addr+0xc6/0x150
[   98.154607][ T6633]  kasan_report+0xd9/0x110
[   98.154622][ T6633]  ? force_devcd_write+0x31f/0x350
[   98.154639][ T6633]  ? force_devcd_write+0x31f/0x350
[   98.154656][ T6633]  force_devcd_write+0x31f/0x350
[   98.154672][ T6633]  ? __pfx_force_devcd_write+0x10/0x10
[   98.154688][ T6633]  ? __debugfs_file_get+0x1ff/0x850
[   98.154709][ T6633]  ? __pfx___debugfs_file_get+0x10/0x10
[   98.154729][ T6633]  ? rcu_is_watching+0x12/0xc0
[   98.154749][ T6633]  ? trace_lock_acquire+0x14e/0x1f0
[   98.154762][ T6633]  full_proxy_write+0x13c/0x200
[   98.154775][ T6633]  ? __pfx_full_proxy_write+0x10/0x10
[   98.154786][ T6633]  vfs_write+0x24c/0x1150
[   98.154801][ T6633]  ? __pfx_vfs_write+0x10/0x10
[   98.154813][ T6633]  ? do_futex+0x123/0x350
[   98.154827][ T6633]  ? __pfx_do_futex+0x10/0x10
[   98.154841][ T6633]  ? __x64_sys_futex+0x1e1/0x4c0
[   98.154854][ T6633]  ? __x64_sys_futex+0x1ea/0x4c0
[   98.154867][ T6633]  ksys_write+0x12b/0x250
[   98.154880][ T6633]  ? __pfx_ksys_write+0x10/0x10
[   98.154899][ T6633]  do_syscall_64+0xcd/0x250
[   98.154912][ T6633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.154931][ T6633] RIP: 0033:0x7f3f9298cde9
[   98.154942][ T6633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   98.154954][ T6633] RSP: 002b:00007fff4f8feed8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   98.154967][ T6633] RAX: ffffffffffffffda RBX: 00007f3f92ba5fa0 RCX: 00007f3f9298cde9
[   98.154975][ T6633] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[   98.154983][ T6633] RBP: 00007f3f92a0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   98.154991][ T6633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   98.154998][ T6633] R13: 00007f3f92ba5fa0 R14: 00007f3f92ba5fa0 R15: 0000000000000003
[   98.155010][ T6633]  </TASK>
[   98.155014][ T6633] 
[   98.380440][ T6633] Allocated by task 5942:
[   98.384756][ T6633]  kasan_save_stack+0x33/0x60
[   98.389442][ T6633]  kasan_save_track+0x14/0x30
[   98.394104][ T6633]  __kasan_kmalloc+0xaa/0xb0
[   98.398674][ T6633]  vhci_open+0x4c/0x430
[   98.402817][ T6633]  misc_open+0x35a/0x420
[   98.407066][ T6633]  chrdev_open+0x237/0x6a0
[   98.411470][ T6633]  do_dentry_open+0x735/0x1c40
[   98.416222][ T6633]  vfs_open+0x82/0x3f0
[   98.420278][ T6633]  path_openat+0x1e88/0x2d80
[   98.424861][ T6633]  do_filp_open+0x20c/0x470
[   98.429370][ T6633]  do_sys_openat2+0x17a/0x1e0
[   98.434034][ T6633]  __x64_sys_openat+0x175/0x210
[   98.438870][ T6633]  do_syscall_64+0xcd/0x250
[   98.443375][ T6633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.449287][ T6633] 
[   98.451596][ T6633] Freed by task 5942:
[   98.455557][ T6633]  kasan_save_stack+0x33/0x60
[   98.460223][ T6633]  kasan_save_track+0x14/0x30
[   98.464947][ T6633]  kasan_save_free_info+0x3b/0x60
[   98.469971][ T6633]  __kasan_slab_free+0x51/0x70
[   98.474723][ T6633]  kfree+0x2c4/0x4d0
[   98.478602][ T6633]  vhci_release+0xbb/0xf0
[   98.482917][ T6633]  __fput+0x3ff/0xb70
[   98.486888][ T6633]  task_work_run+0x14e/0x250
[   98.491468][ T6633]  do_exit+0xad8/0x2d70
[   98.495605][ T6633]  do_group_exit+0xd3/0x2a0
[   98.500089][ T6633]  get_signal+0x2576/0x2610
[   98.504584][ T6633]  arch_do_signal_or_restart+0x90/0x7e0
[   98.510121][ T6633]  syscall_exit_to_user_mode+0x150/0x2a0
[   98.515748][ T6633]  do_syscall_64+0xda/0x250
[   98.520233][ T6633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.526115][ T6633] 
[   98.528424][ T6633] The buggy address belongs to the object at ffff88802647c800
[   98.528424][ T6633]  which belongs to the cache kmalloc-1k of size 1024
[   98.542459][ T6633] The buggy address is located 0 bytes inside of
[   98.542459][ T6633]  freed 1024-byte region [ffff88802647c800, ffff88802647cc00)
[   98.556149][ T6633] 
[   98.558455][ T6633] The buggy address belongs to the physical page:
[   98.564859][ T6633] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26478
[   98.573597][ T6633] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   98.582074][ T6633] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   98.590043][ T6633] page_type: f5(slab)
[   98.594016][ T6633] raw: 00fff00000000040 ffff88801b041dc0 0000000000000000 0000000000000001
[   98.602602][ T6633] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   98.611186][ T6633] head: 00fff00000000040 ffff88801b041dc0 0000000000000000 0000000000000001
[   98.619843][ T6633] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   98.628505][ T6633] head: 00fff00000000003 ffffea0000991e01 ffffffffffffffff 0000000000000000
[   98.637161][ T6633] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   98.645814][ T6633] page dumped because: kasan: bad access detected
[   98.652211][ T6633] page_owner tracks the page as allocated
[   98.657905][ T6633] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 54, tgid 54 (kworker/u8:3), ts 79895438654, free_ts 79890742620
[   98.676826][ T6633]  post_alloc_hook+0x181/0x1b0
[   98.681589][ T6633]  get_page_from_freelist+0xfce/0x2f80
[   98.687037][ T6633]  __alloc_frozen_pages_noprof+0x221/0x2470
[   98.692929][ T6633]  alloc_pages_mpol+0x1fc/0x540
[   98.697777][ T6633]  new_slab+0x23d/0x330
[   98.701919][ T6633]  ___slab_alloc+0xbfa/0x1600
[   98.706579][ T6633]  __slab_alloc.constprop.0+0x56/0xb0
[   98.711936][ T6633]  __kmalloc_noprof+0x2de/0x4f0
[   98.716769][ T6633]  ieee802_11_parse_elems_full+0xe6/0x1860
[   98.722565][ T6633]  ieee80211_inform_bss+0xf1/0x10f0
[   98.727750][ T6633]  cfg80211_inform_single_bss_data+0x8b1/0x1e40
[   98.733976][ T6633]  cfg80211_inform_bss_data+0x254/0x3e50
[   98.739593][ T6633]  cfg80211_inform_bss_frame_data+0x252/0x8a0
[   98.745645][ T6633]  ieee80211_bss_info_update+0x311/0xab0
[   98.751265][ T6633]  ieee80211_ibss_rx_queued_mgmt+0x1956/0x3040
[   98.757405][ T6633]  ieee80211_iface_work+0xc15/0xf50
[   98.762592][ T6633] page last free pid 5940 tgid 5940 stack trace:
[   98.768919][ T6633]  free_frozen_pages+0x6db/0xfb0
[   98.773861][ T6633]  __put_partials+0x14c/0x170
[   98.778538][ T6633]  qlist_free_all+0x4e/0x120
[   98.783112][ T6633]  kasan_quarantine_reduce+0x195/0x1e0
[   98.788555][ T6633]  __kasan_slab_alloc+0x69/0x90
[   98.793407][ T6633]  kmem_cache_alloc_noprof+0x1c8/0x3b0
[   98.799112][ T6633]  getname_flags.part.0+0x4c/0x550
[   98.804213][ T6633]  getname+0x8d/0xe0
[   98.808091][ T6633]  vfs_fstatat+0xdf/0xf0
[   98.812320][ T6633]  __do_sys_newfstatat+0xa2/0x130
[   98.817332][ T6633]  do_syscall_64+0xcd/0x250
[   98.821816][ T6633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.827702][ T6633] 
[   98.830003][ T6633] Memory state around the buggy address:
[   98.835609][ T6633]  ffff88802647c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   98.843658][ T6633]  ffff88802647c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   98.851713][ T6633] >ffff88802647c800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   98.859753][ T6633]                    ^
[   98.863809][ T6633]  ffff88802647c880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   98.871864][ T6633]  ffff88802647c900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   98.879903][ T6633] ==================================================================
[   98.894324][ T6633] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   98.901548][ T6633] CPU: 0 UID: 0 PID: 6633 Comm: syz.0.616 Not tainted 6.14.0-rc1-syzkaller-00187-g8f6629c004b1 #0
[   98.912156][ T6633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   98.922218][ T6633] Call Trace:
[   98.925505][ T6633]  <TASK>
[   98.928419][ T6633]  dump_stack_lvl+0x3d/0x1f0
[   98.933002][ T6633]  panic+0x71d/0x800
[   98.936885][ T6633]  ? __pfx_panic+0x10/0x10
[   98.941285][ T6633]  ? preempt_schedule_thunk+0x1a/0x30
[   98.946644][ T6633]  ? preempt_schedule_common+0x44/0xc0
[   98.952097][ T6633]  ? check_panic_on_warn+0x1f/0xb0
[   98.957203][ T6633]  check_panic_on_warn+0xab/0xb0
[   98.962128][ T6633]  end_report+0x117/0x180
[   98.966449][ T6633]  kasan_report+0xe9/0x110
[   98.970849][ T6633]  ? force_devcd_write+0x31f/0x350
[   98.975969][ T6633]  ? force_devcd_write+0x31f/0x350
[   98.981064][ T6633]  force_devcd_write+0x31f/0x350
[   98.985991][ T6633]  ? __pfx_force_devcd_write+0x10/0x10
[   98.991432][ T6633]  ? __debugfs_file_get+0x1ff/0x850
[   98.996628][ T6633]  ? __pfx___debugfs_file_get+0x10/0x10
[   99.002176][ T6633]  ? rcu_is_watching+0x12/0xc0
[   99.006941][ T6633]  ? trace_lock_acquire+0x14e/0x1f0
[   99.012133][ T6633]  full_proxy_write+0x13c/0x200
[   99.016975][ T6633]  ? __pfx_full_proxy_write+0x10/0x10
[   99.022336][ T6633]  vfs_write+0x24c/0x1150
[   99.026664][ T6633]  ? __pfx_vfs_write+0x10/0x10
[   99.031419][ T6633]  ? do_futex+0x123/0x350
[   99.035742][ T6633]  ? __pfx_do_futex+0x10/0x10
[   99.040414][ T6633]  ? __x64_sys_futex+0x1e1/0x4c0
[   99.045344][ T6633]  ? __x64_sys_futex+0x1ea/0x4c0
[   99.050274][ T6633]  ksys_write+0x12b/0x250
[   99.054596][ T6633]  ? __pfx_ksys_write+0x10/0x10
[   99.059443][ T6633]  do_syscall_64+0xcd/0x250
[   99.063938][ T6633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.069833][ T6633] RIP: 0033:0x7f3f9298cde9
[   99.074240][ T6633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   99.093839][ T6633] RSP: 002b:00007fff4f8feed8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   99.102247][ T6633] RAX: ffffffffffffffda RBX: 00007f3f92ba5fa0 RCX: 00007f3f9298cde9
[   99.110207][ T6633] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[   99.118172][ T6633] RBP: 00007f3f92a0e2a0 R08: 0000000000000000 R09: 0000000000000000
[   99.126134][ T6633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   99.134092][ T6633] R13: 00007f3f92ba5fa0 R14: 00007f3f92ba5fa0 R15: 0000000000000003
[   99.142063][ T6633]  </TASK>
[   99.145309][ T6633] Kernel Offset: disabled
[   99.149618][ T6633] Rebooting in 86400 seconds..