Warning: Permanently added '10.128.1.107' (ED25519) to the list of known hosts.
2025/02/17 01:35:46 ignoring optional flag "sandboxArg"="0"
2025/02/17 01:35:47 parsed 1 programs
[  753.583642][ T5878] cgroup: Unknown subsys name 'net'
[  753.701721][ T5878] cgroup: Unknown subsys name 'cpuset'
[  753.710117][ T5878] cgroup: Unknown subsys name 'rlimit'
[  755.502652][ T5878] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  758.538988][ T5886] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  759.680017][ T5907] chnl_net:caif_netlink_parms(): no params data found
[  759.743441][ T5907] bridge0: port 1(bridge_slave_0) entered blocking state
[  759.751495][ T5907] bridge0: port 1(bridge_slave_0) entered disabled state
[  759.759107][ T5907] bridge_slave_0: entered allmulticast mode
[  759.766227][ T5907] bridge_slave_0: entered promiscuous mode
[  759.775694][ T5907] bridge0: port 2(bridge_slave_1) entered blocking state
[  759.783677][ T5907] bridge0: port 2(bridge_slave_1) entered disabled state
[  759.790960][ T5907] bridge_slave_1: entered allmulticast mode
[  759.798045][ T5907] bridge_slave_1: entered promiscuous mode
[  759.829121][ T5907] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  759.841256][ T5907] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  759.873496][ T5907] team0: Port device team_slave_0 added
[  759.881095][ T5907] team0: Port device team_slave_1 added
[  759.902987][ T5907] batman_adv: batadv0: Adding interface: batadv_slave_0
[  759.910514][ T5907] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  759.936574][ T5907] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  759.950897][ T5907] batman_adv: batadv0: Adding interface: batadv_slave_1
[  759.957937][ T5907] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  759.983888][ T5907] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  760.022586][ T5907] hsr_slave_0: entered promiscuous mode
[  760.030692][ T5907] hsr_slave_1: entered promiscuous mode
[  760.154964][ T5907] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  760.167517][ T5907] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  760.177492][ T5907] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  760.189112][ T5907] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  760.220460][ T5907] bridge0: port 2(bridge_slave_1) entered blocking state
[  760.227764][ T5907] bridge0: port 2(bridge_slave_1) entered forwarding state
[  760.235749][ T5907] bridge0: port 1(bridge_slave_0) entered blocking state
[  760.242934][ T5907] bridge0: port 1(bridge_slave_0) entered forwarding state
[  760.304896][ T5907] 8021q: adding VLAN 0 to HW filter on device bond0
[  760.325156][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  760.334425][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  760.351431][ T5907] 8021q: adding VLAN 0 to HW filter on device team0
[  760.366165][   T81] bridge0: port 1(bridge_slave_0) entered blocking state
[  760.373382][   T81] bridge0: port 1(bridge_slave_0) entered forwarding state
[  760.385485][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  760.392685][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  760.569820][ T5907] 8021q: adding VLAN 0 to HW filter on device batadv0
[  760.610069][ T5907] veth0_vlan: entered promiscuous mode
[  760.621537][ T5907] veth1_vlan: entered promiscuous mode
[  760.651505][ T5907] veth0_macvtap: entered promiscuous mode
[  760.660811][ T5907] veth1_macvtap: entered promiscuous mode
[  760.679390][ T5907] batman_adv: batadv0: Interface activated: batadv_slave_0
[  760.694226][ T5907] batman_adv: batadv0: Interface activated: batadv_slave_1
[  760.706522][ T5907] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  760.716581][ T5907] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  760.725645][ T5907] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  760.734803][ T5907] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  760.919378][   T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  761.012795][   T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  761.103655][   T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  761.183160][   T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  762.433253][ T5922] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  762.451199][ T5922] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  762.488223][ T1099] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  762.496176][ T1099] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  762.667133][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  762.675424][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  762.684592][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  762.692816][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  762.700707][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  762.708613][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/02/17 01:36:02 executed programs: 0
[  763.912898][ T5143] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  763.921632][ T5143] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  763.929464][ T5143] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  763.948050][ T5143] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  763.955743][ T5143] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  763.963229][ T5143] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  763.993177][   T11] bridge_slave_1: left allmulticast mode
[  764.008488][   T11] bridge_slave_1: left promiscuous mode
[  764.025527][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  764.045604][   T11] bridge_slave_0: left allmulticast mode
[  764.053302][   T11] bridge_slave_0: left promiscuous mode
[  764.060121][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  764.407796][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  764.422897][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  764.433776][   T11] bond0 (unregistering): Released all slaves
[  764.578814][   T11] hsr_slave_0: left promiscuous mode
[  764.584951][   T11] hsr_slave_1: left promiscuous mode
[  764.591184][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  764.599609][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  764.610380][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  764.619149][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  764.644294][   T11] veth1_macvtap: left promiscuous mode
[  764.650566][   T11] veth0_macvtap: left promiscuous mode
[  764.656410][   T11] veth1_vlan: left promiscuous mode
[  764.662028][   T11] veth0_vlan: left promiscuous mode
[  765.338778][   T11] team0 (unregistering): Port device team_slave_1 removed
[  765.369471][   T11] team0 (unregistering): Port device team_slave_0 removed
[  765.725912][ T5994] chnl_net:caif_netlink_parms(): no params data found
[  765.826053][ T5994] bridge0: port 1(bridge_slave_0) entered blocking state
[  765.835545][ T5994] bridge0: port 1(bridge_slave_0) entered disabled state
[  765.843335][ T5994] bridge_slave_0: entered allmulticast mode
[  765.854626][ T5994] bridge_slave_0: entered promiscuous mode
[  765.877684][ T5994] bridge0: port 2(bridge_slave_1) entered blocking state
[  765.894015][ T5994] bridge0: port 2(bridge_slave_1) entered disabled state
[  765.901595][ T5994] bridge_slave_1: entered allmulticast mode
[  765.910406][ T5994] bridge_slave_1: entered promiscuous mode
[  765.968965][ T5994] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  765.982080][ T5994] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  766.028254][   T54] Bluetooth: hci0: command tx timeout
[  766.390603][ T5994] team0: Port device team_slave_0 added
[  766.405053][ T5994] team0: Port device team_slave_1 added
[  766.465117][ T5994] batman_adv: batadv0: Adding interface: batadv_slave_0
[  766.472272][ T5994] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  766.499234][ T5994] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  766.526796][ T5994] batman_adv: batadv0: Adding interface: batadv_slave_1
[  766.534408][ T5994] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  766.560898][ T5994] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  766.754295][ T5994] hsr_slave_0: entered promiscuous mode
[  766.761652][ T5994] hsr_slave_1: entered promiscuous mode
[  767.462276][ T5994] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  767.475745][ T5994] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  767.487399][ T5994] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  767.499767][ T5994] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  767.583648][ T5994] 8021q: adding VLAN 0 to HW filter on device bond0
[  767.609764][ T5994] 8021q: adding VLAN 0 to HW filter on device team0
[  767.622330][ T5922] bridge0: port 1(bridge_slave_0) entered blocking state
[  767.629497][ T5922] bridge0: port 1(bridge_slave_0) entered forwarding state
[  767.652844][ T1099] bridge0: port 2(bridge_slave_1) entered blocking state
[  767.660053][ T1099] bridge0: port 2(bridge_slave_1) entered forwarding state
[  767.901485][ T5994] 8021q: adding VLAN 0 to HW filter on device batadv0
[  767.975707][ T5994] veth0_vlan: entered promiscuous mode
[  767.993797][ T5994] veth1_vlan: entered promiscuous mode
[  768.032442][ T5994] veth0_macvtap: entered promiscuous mode
[  768.045432][ T5994] veth1_macvtap: entered promiscuous mode
[  768.071135][ T5994] batman_adv: batadv0: Interface activated: batadv_slave_0
[  768.085894][ T5994] batman_adv: batadv0: Interface activated: batadv_slave_1
[  768.102416][ T5994] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  768.113281][   T54] Bluetooth: hci0: command tx timeout
[  768.121986][ T5994] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  768.132425][ T5994] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  768.143343][ T5994] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  768.262738][ T5922] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  768.281139][ T5922] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  768.312576][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  768.322154][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/02/17 01:36:07 executed programs: 10
[  770.189163][   T54] Bluetooth: hci0: command tx timeout
[  772.276899][   T54] Bluetooth: hci0: command tx timeout
2025/02/17 01:36:12 executed programs: 166
2025/02/17 01:36:17 executed programs: 379
[  783.552979][ T5143] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  783.567204][ T5143] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  783.575188][ T5143] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  783.589124][ T5143] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  783.597654][ T5143] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  783.605307][ T5143] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  783.730482][ T6775] chnl_net:caif_netlink_parms(): no params data found
[  783.763881][   T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  783.822960][ T6775] bridge0: port 1(bridge_slave_0) entered blocking state
[  783.830228][ T6775] bridge0: port 1(bridge_slave_0) entered disabled state
[  783.838189][ T6775] bridge_slave_0: entered allmulticast mode
[  783.844951][ T6775] bridge_slave_0: entered promiscuous mode
[  783.864520][   T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  783.879275][ T6775] bridge0: port 2(bridge_slave_1) entered blocking state
[  783.886898][ T6775] bridge0: port 2(bridge_slave_1) entered disabled state
[  783.894070][ T6775] bridge_slave_1: entered allmulticast mode
[  783.901928][ T6775] bridge_slave_1: entered promiscuous mode
[  783.929346][ T6775] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  783.948786][   T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  783.965016][ T6775] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  783.993930][ T6775] team0: Port device team_slave_0 added
[  784.012010][   T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  784.026633][ T6775] team0: Port device team_slave_1 added
[  784.051500][ T6775] batman_adv: batadv0: Adding interface: batadv_slave_0
[  784.059014][ T6775] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  784.085106][ T6775] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  784.097460][ T6775] batman_adv: batadv0: Adding interface: batadv_slave_1
[  784.104433][ T6775] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  784.131370][ T6775] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  784.173637][ T6775] hsr_slave_0: entered promiscuous mode
[  784.180409][ T6775] hsr_slave_1: entered promiscuous mode
[  784.186447][ T6775] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  784.194555][ T6775] Cannot create hsr debugfs directory
[  784.277839][   T11] bridge_slave_1: left allmulticast mode
[  784.283555][   T11] bridge_slave_1: left promiscuous mode
[  784.289615][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  784.299363][   T11] bridge_slave_0: left allmulticast mode
[  784.305028][   T11] bridge_slave_0: left promiscuous mode
[  784.311349][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  784.532904][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  784.543900][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  784.554168][   T11] bond0 (unregistering): Released all slaves
[  784.834908][   T11] hsr_slave_0: left promiscuous mode
[  784.841214][   T11] hsr_slave_1: left promiscuous mode
[  784.849959][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  784.857676][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  784.865771][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  784.879218][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  784.901842][   T11] veth1_macvtap: left promiscuous mode
[  784.907552][   T11] veth0_macvtap: left promiscuous mode
[  784.913217][   T11] veth1_vlan: left promiscuous mode
[  784.919007][   T11] veth0_vlan: left promiscuous mode
[  785.349403][   T11] team0 (unregistering): Port device team_slave_1 removed
[  785.380835][   T11] team0 (unregistering): Port device team_slave_0 removed
[  785.630683][   T54] Bluetooth: hci1: command tx timeout
[  785.898575][ T6775] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  785.910669][ T6775] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  785.929962][ T6775] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  785.958053][ T6775] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  786.079628][ T6775] 8021q: adding VLAN 0 to HW filter on device bond0
[  786.110262][ T6775] 8021q: adding VLAN 0 to HW filter on device team0
[  786.124207][   T81] bridge0: port 1(bridge_slave_0) entered blocking state
[  786.131440][   T81] bridge0: port 1(bridge_slave_0) entered forwarding state
[  786.159518][   T81] bridge0: port 2(bridge_slave_1) entered blocking state
[  786.166799][   T81] bridge0: port 2(bridge_slave_1) entered forwarding state
[  786.352010][ T6775] 8021q: adding VLAN 0 to HW filter on device batadv0
[  786.384975][ T6775] veth0_vlan: entered promiscuous mode
[  786.398620][ T6775] veth1_vlan: entered promiscuous mode
[  786.422338][ T6775] veth0_macvtap: entered promiscuous mode
[  786.431524][ T6775] veth1_macvtap: entered promiscuous mode
[  786.448771][ T6775] batman_adv: batadv0: Interface activated: batadv_slave_0
[  786.463088][ T6775] batman_adv: batadv0: Interface activated: batadv_slave_1
[  786.473847][ T6775] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  786.483109][ T6775] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  786.491920][ T6775] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  786.500735][ T6775] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  786.559095][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  786.574215][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  786.595721][ T1099] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  786.604768][ T1099] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/02/17 01:36:25 executed programs: 602
[  786.670258][ T6818] ==================================================================
[  786.678352][ T6818] BUG: KASAN: slab-use-after-free in force_devcd_write+0x317/0x330
[  786.686267][ T6818] Read of size 8 at addr ffff8880681fc800 by task syz.0.616/6818
[  786.694097][ T6818] 
[  786.696442][ T6818] CPU: 0 UID: 0 PID: 6818 Comm: syz.0.616 Not tainted 6.14.0-rc2-syzkaller-00346-gba643b6d8440 #0
[  786.696469][ T6818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  786.696485][ T6818] Call Trace:
[  786.696493][ T6818]  <TASK>
[  786.696505][ T6818]  dump_stack_lvl+0x116/0x1f0
[  786.696538][ T6818]  print_report+0xc3/0x620
[  786.696573][ T6818]  ? __virt_addr_valid+0x5e/0x590
[  786.696595][ T6818]  ? __phys_addr+0xc6/0x150
[  786.696617][ T6818]  kasan_report+0xd9/0x110
[  786.696635][ T6818]  ? force_devcd_write+0x317/0x330
[  786.696662][ T6818]  ? force_devcd_write+0x317/0x330
[  786.696698][ T6818]  force_devcd_write+0x317/0x330
[  786.696733][ T6818]  ? __pfx_force_devcd_write+0x10/0x10
[  786.696770][ T6818]  ? __debugfs_file_get+0x1ff/0x850
[  786.696807][ T6818]  ? __pfx___debugfs_file_get+0x10/0x10
[  786.696845][ T6818]  ? rcu_is_watching+0x12/0xc0
[  786.696877][ T6818]  ? trace_lock_acquire+0x14e/0x1f0
[  786.696913][ T6818]  full_proxy_write+0x13c/0x200
[  786.696951][ T6818]  ? __pfx_full_proxy_write+0x10/0x10
[  786.696997][ T6818]  vfs_write+0x24c/0x1150
[  786.697040][ T6818]  ? __pfx_vfs_write+0x10/0x10
[  786.697078][ T6818]  ? do_futex+0x123/0x350
[  786.697112][ T6818]  ? __pfx_do_futex+0x10/0x10
[  786.697152][ T6818]  ? __x64_sys_futex+0x1e1/0x4c0
[  786.697188][ T6818]  ? __x64_sys_futex+0x1ea/0x4c0
[  786.697227][ T6818]  ksys_write+0x12b/0x250
[  786.697259][ T6818]  ? __pfx_ksys_write+0x10/0x10
[  786.697293][ T6818]  do_syscall_64+0xcd/0x250
[  786.697321][ T6818]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  786.697354][ T6818] RIP: 0033:0x7fce6678cde9
[  786.697371][ T6818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  786.697398][ T6818] RSP: 002b:00007ffea548df98 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  786.697419][ T6818] RAX: ffffffffffffffda RBX: 00007fce669a5fa0 RCX: 00007fce6678cde9
[  786.697434][ T6818] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  786.697448][ T6818] RBP: 00007fce6680e2a0 R08: 0000000000000000 R09: 0000000000000000
[  786.697462][ T6818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  786.697475][ T6818] R13: 00007fce669a5fa0 R14: 00007fce669a5fa0 R15: 0000000000000003
[  786.697496][ T6818]  </TASK>
[  786.697503][ T6818] 
[  786.923797][ T6818] Allocated by task 5994:
[  786.928131][ T6818]  kasan_save_stack+0x33/0x60
[  786.932832][ T6818]  kasan_save_track+0x14/0x30
[  786.937547][ T6818]  __kasan_kmalloc+0xaa/0xb0
[  786.942159][ T6818]  vhci_open+0x4c/0x430
[  786.946338][ T6818]  misc_open+0x35a/0x420
[  786.950596][ T6818]  chrdev_open+0x237/0x6a0
[  786.955042][ T6818]  do_dentry_open+0x735/0x1c40
[  786.959821][ T6818]  vfs_open+0x82/0x3f0
[  786.963909][ T6818]  path_openat+0x1e88/0x2d80
[  786.968519][ T6818]  do_filp_open+0x20c/0x470
[  786.973048][ T6818]  do_sys_openat2+0x17a/0x1e0
[  786.977733][ T6818]  __x64_sys_openat+0x175/0x210
[  786.982593][ T6818]  do_syscall_64+0xcd/0x250
[  786.987115][ T6818]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  786.993050][ T6818] 
[  786.995385][ T6818] Freed by task 5994:
[  786.999369][ T6818]  kasan_save_stack+0x33/0x60
[  787.004081][ T6818]  kasan_save_track+0x14/0x30
[  787.008815][ T6818]  kasan_save_free_info+0x3b/0x60
[  787.013866][ T6818]  __kasan_slab_free+0x51/0x70
[  787.018658][ T6818]  kfree+0x2c4/0x4d0
[  787.022574][ T6818]  vhci_release+0xbb/0xf0
[  787.026924][ T6818]  __fput+0x3ff/0xb70
[  787.030925][ T6818]  task_work_run+0x14e/0x250
[  787.035543][ T6818]  do_exit+0xad8/0x2d70
[  787.039717][ T6818]  do_group_exit+0xd3/0x2a0
[  787.044241][ T6818]  get_signal+0x24ed/0x26c0
[  787.048771][ T6818]  arch_do_signal_or_restart+0x90/0x7e0
[  787.054599][ T6818]  syscall_exit_to_user_mode+0x150/0x2a0
[  787.060259][ T6818]  do_syscall_64+0xda/0x250
[  787.064784][ T6818]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  787.071498][ T6818] 
[  787.073832][ T6818] The buggy address belongs to the object at ffff8880681fc800
[  787.073832][ T6818]  which belongs to the cache kmalloc-1k of size 1024
[  787.087908][ T6818] The buggy address is located 0 bytes inside of
[  787.087908][ T6818]  freed 1024-byte region [ffff8880681fc800, ffff8880681fcc00)
[  787.101642][ T6818] 
[  787.103973][ T6818] The buggy address belongs to the physical page:
[  787.110402][ T6818] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x681f8
[  787.119706][ T6818] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  787.128217][ T6818] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  787.136218][ T6818] page_type: f5(slab)
[  787.140218][ T6818] raw: 00fff00000000040 ffff88801b041dc0 0000000000000000 dead000000000001
[  787.148820][ T6818] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  787.157421][ T6818] head: 00fff00000000040 ffff88801b041dc0 0000000000000000 dead000000000001
[  787.166109][ T6818] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  787.174795][ T6818] head: 00fff00000000003 ffffea0001a07e01 ffffffffffffffff 0000000000000000
[  787.183479][ T6818] head: 0000000700000008 0000000000000000 00000000ffffffff 0000000000000000
[  787.192156][ T6818] page dumped because: kasan: bad access detected
[  787.198585][ T6818] page_owner tracks the page as allocated
[  787.204303][ T6818] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5989, tgid 5989 (syz-executor), ts 763336235346, free_ts 762419833053
[  787.223775][ T6818]  post_alloc_hook+0x181/0x1b0
[  787.228569][ T6818]  get_page_from_freelist+0xfce/0x2f80
[  787.234060][ T6818]  __alloc_frozen_pages_noprof+0x221/0x2470
[  787.239984][ T6818]  alloc_pages_mpol+0x1fc/0x540
[  787.244870][ T6818]  new_slab+0x23d/0x330
[  787.249051][ T6818]  ___slab_alloc+0xc5d/0x1720
[  787.253762][ T6818]  __slab_alloc.constprop.0+0x56/0xb0
[  787.259160][ T6818]  __kmalloc_cache_noprof+0xfa/0x410
[  787.264521][ T6818]  tipc_link_create+0x17a/0x1040
[  787.269493][ T6818]  tipc_link_bc_create+0x114/0x480
[  787.274642][ T6818]  tipc_bcast_init+0x1c7/0x370
[  787.279443][ T6818]  tipc_init_net+0x36b/0x430
[  787.284085][ T6818]  ops_init+0x1df/0x5f0
[  787.288288][ T6818]  setup_net+0x21f/0x860
[  787.292564][ T6818]  copy_net_ns+0x2b4/0x6c0
[  787.297015][ T6818]  create_new_namespaces+0x3ea/0xad0
[  787.302347][ T6818] page last free pid 5952 tgid 5952 stack trace:
[  787.308876][ T6818]  free_frozen_pages+0x6db/0xfb0
[  787.313852][ T6818]  vfree+0x174/0x950
[  787.317804][ T6818]  kcov_put+0x2a/0x40
[  787.321814][ T6818]  kcov_close+0xd/0x20
[  787.325915][ T6818]  __fput+0x3ff/0xb70
[  787.329909][ T6818]  task_work_run+0x14e/0x250
[  787.334522][ T6818]  do_exit+0xad8/0x2d70
[  787.338700][ T6818]  do_group_exit+0xd3/0x2a0
[  787.343228][ T6818]  get_signal+0x24ed/0x26c0
[  787.347772][ T6818]  arch_do_signal_or_restart+0x90/0x7e0
[  787.353345][ T6818]  syscall_exit_to_user_mode+0x150/0x2a0
[  787.359008][ T6818]  do_syscall_64+0xda/0x250
[  787.363543][ T6818]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  787.369470][ T6818] 
[  787.371801][ T6818] Memory state around the buggy address:
[  787.377437][ T6818]  ffff8880681fc700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  787.385512][ T6818]  ffff8880681fc780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  787.393586][ T6818] >ffff8880681fc800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  787.401918][ T6818]                    ^
[  787.406014][ T6818]  ffff8880681fc880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  787.414190][ T6818]  ffff8880681fc900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  787.422267][ T6818] ==================================================================
[  787.440760][ T6818] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  787.448017][ T6818] CPU: 1 UID: 0 PID: 6818 Comm: syz.0.616 Not tainted 6.14.0-rc2-syzkaller-00346-gba643b6d8440 #0
[  787.458646][ T6818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  787.468738][ T6818] Call Trace:
[  787.472044][ T6818]  <TASK>
[  787.475005][ T6818]  dump_stack_lvl+0x3d/0x1f0
[  787.479630][ T6818]  panic+0x71d/0x800
[  787.483541][ T6818]  ? __pfx_panic+0x10/0x10
[  787.487982][ T6818]  ? preempt_schedule_thunk+0x1a/0x30
[  787.493382][ T6818]  ? preempt_schedule_common+0x44/0xc0
[  787.498869][ T6818]  ? check_panic_on_warn+0x1f/0xb0
[  787.504046][ T6818]  check_panic_on_warn+0xab/0xb0
[  787.509001][ T6818]  end_report+0x117/0x180
[  787.513351][ T6818]  kasan_report+0xe9/0x110
[  787.517773][ T6818]  ? force_devcd_write+0x317/0x330
[  787.522901][ T6818]  ? force_devcd_write+0x317/0x330
[  787.528028][ T6818]  force_devcd_write+0x317/0x330
[  787.532978][ T6818]  ? __pfx_force_devcd_write+0x10/0x10
[  787.538450][ T6818]  ? __debugfs_file_get+0x1ff/0x850
[  787.543665][ T6818]  ? __pfx___debugfs_file_get+0x10/0x10
[  787.549246][ T6818]  ? rcu_is_watching+0x12/0xc0
[  787.554048][ T6818]  ? trace_lock_acquire+0x14e/0x1f0
[  787.559264][ T6818]  full_proxy_write+0x13c/0x200
[  787.564137][ T6818]  ? __pfx_full_proxy_write+0x10/0x10
[  787.569533][ T6818]  vfs_write+0x24c/0x1150
[  787.573882][ T6818]  ? __pfx_vfs_write+0x10/0x10
[  787.578666][ T6818]  ? do_futex+0x123/0x350
[  787.583023][ T6818]  ? __pfx_do_futex+0x10/0x10
[  787.587731][ T6818]  ? __x64_sys_futex+0x1e1/0x4c0
[  787.592688][ T6818]  ? __x64_sys_futex+0x1ea/0x4c0
[  787.597658][ T6818]  ksys_write+0x12b/0x250
[  787.602032][ T6818]  ? __pfx_ksys_write+0x10/0x10
[  787.606905][ T6818]  do_syscall_64+0xcd/0x250
[  787.611448][ T6818]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  787.617368][ T6818] RIP: 0033:0x7fce6678cde9
[  787.621796][ T6818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  787.641514][ T6818] RSP: 002b:00007ffea548df98 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  787.649968][ T6818] RAX: ffffffffffffffda RBX: 00007fce669a5fa0 RCX: 00007fce6678cde9
[  787.658001][ T6818] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  787.665979][ T6818] RBP: 00007fce6680e2a0 R08: 0000000000000000 R09: 0000000000000000
[  787.673974][ T6818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  787.681965][ T6818] R13: 00007fce669a5fa0 R14: 00007fce669a5fa0 R15: 0000000000000003
[  787.689963][ T6818]  </TASK>
[  787.693144][ T6818] Kernel Offset: disabled
[  787.697480][ T6818] Rebooting in 86400 seconds..