Warning: Permanently added '10.128.1.177' (ED25519) to the list of known hosts.
2025/03/07 10:07:32 ignoring optional flag "sandboxArg"="0"
2025/03/07 10:07:34 parsed 1 programs
[  262.854520][ T5859] cgroup: Unknown subsys name 'net'
[  262.985752][ T5859] cgroup: Unknown subsys name 'cpuset'
[  262.995190][ T5859] cgroup: Unknown subsys name 'rlimit'
[  264.772874][ T5859] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  268.182631][ T5877] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  268.342450][   T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  268.350808][   T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  268.359460][   T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  268.368939][   T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  268.381523][   T55] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  268.389044][   T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  269.922875][ T5909] chnl_net:caif_netlink_parms(): no params data found
[  270.004104][ T5909] bridge0: port 1(bridge_slave_0) entered blocking state
[  270.013670][ T5909] bridge0: port 1(bridge_slave_0) entered disabled state
[  270.020938][ T5909] bridge_slave_0: entered allmulticast mode
[  270.028822][ T5909] bridge_slave_0: entered promiscuous mode
[  270.043863][ T5909] bridge0: port 2(bridge_slave_1) entered blocking state
[  270.051200][ T5909] bridge0: port 2(bridge_slave_1) entered disabled state
[  270.058992][ T5909] bridge_slave_1: entered allmulticast mode
[  270.066155][ T5909] bridge_slave_1: entered promiscuous mode
[  270.093900][ T5909] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  270.105977][ T5909] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  270.134851][ T5909] team0: Port device team_slave_0 added
[  270.143899][ T5909] team0: Port device team_slave_1 added
[  270.169842][ T5909] batman_adv: batadv0: Adding interface: batadv_slave_0
[  270.177010][ T5909] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  270.203363][ T5909] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  270.216846][ T5909] batman_adv: batadv0: Adding interface: batadv_slave_1
[  270.223992][ T5909] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  270.249998][ T5909] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  270.289931][ T5909] hsr_slave_0: entered promiscuous mode
[  270.296927][ T5909] hsr_slave_1: entered promiscuous mode
[  270.422674][ T5909] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  270.435236][ T5909] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  270.448215][ T5909] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  270.459086][ T5909] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  270.488150][ T5909] bridge0: port 2(bridge_slave_1) entered blocking state
[  270.495566][ T5909] bridge0: port 2(bridge_slave_1) entered forwarding state
[  270.503841][ T5909] bridge0: port 1(bridge_slave_0) entered blocking state
[  270.511058][ T5909] bridge0: port 1(bridge_slave_0) entered forwarding state
[  270.569498][ T5909] 8021q: adding VLAN 0 to HW filter on device bond0
[  270.591012][   T82] bridge0: port 1(bridge_slave_0) entered disabled state
[  270.603166][   T82] bridge0: port 2(bridge_slave_1) entered disabled state
[  270.620833][ T5909] 8021q: adding VLAN 0 to HW filter on device team0
[  270.634968][   T82] bridge0: port 1(bridge_slave_0) entered blocking state
[  270.642790][   T82] bridge0: port 1(bridge_slave_0) entered forwarding state
[  270.656513][   T82] bridge0: port 2(bridge_slave_1) entered blocking state
[  270.663699][   T82] bridge0: port 2(bridge_slave_1) entered forwarding state
[  270.836409][ T5909] 8021q: adding VLAN 0 to HW filter on device batadv0
[  270.878903][ T5909] veth0_vlan: entered promiscuous mode
[  270.894969][ T5909] veth1_vlan: entered promiscuous mode
[  270.924952][ T5909] veth0_macvtap: entered promiscuous mode
[  270.934638][ T5909] veth1_macvtap: entered promiscuous mode
[  270.950394][ T5909] batman_adv: batadv0: Interface activated: batadv_slave_0
[  270.967704][ T5909] batman_adv: batadv0: Interface activated: batadv_slave_1
[  270.983071][ T5909] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  270.992502][ T5909] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  271.001277][ T5909] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  271.010437][ T5909] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  271.190351][   T82] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  271.261017][   T82] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  271.349494][   T82] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  271.431339][   T82] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  271.686412][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  271.700706][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  271.728703][ T1078] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  271.738104][ T1078] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/03/07 10:07:49 executed programs: 0
[  273.649985][   T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  273.659305][   T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  273.668941][   T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  273.677733][   T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  273.687196][   T55] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  273.695965][   T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  273.952299][ T5967] chnl_net:caif_netlink_parms(): no params data found
[  274.056113][ T5967] bridge0: port 1(bridge_slave_0) entered blocking state
[  274.063826][ T5967] bridge0: port 1(bridge_slave_0) entered disabled state
[  274.071057][ T5967] bridge_slave_0: entered allmulticast mode
[  274.078735][ T5967] bridge_slave_0: entered promiscuous mode
[  274.087206][ T5967] bridge0: port 2(bridge_slave_1) entered blocking state
[  274.094633][ T5967] bridge0: port 2(bridge_slave_1) entered disabled state
[  274.102722][ T5967] bridge_slave_1: entered allmulticast mode
[  274.109662][ T5967] bridge_slave_1: entered promiscuous mode
[  274.140188][ T5967] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  274.152167][ T5967] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  274.184397][ T5967] team0: Port device team_slave_0 added
[  274.193444][ T5967] team0: Port device team_slave_1 added
[  274.219674][ T5967] batman_adv: batadv0: Adding interface: batadv_slave_0
[  274.226801][ T5967] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  274.253275][ T5967] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  274.265809][ T5967] batman_adv: batadv0: Adding interface: batadv_slave_1
[  274.273218][ T5967] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  274.300624][ T5967] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  274.338421][ T5967] hsr_slave_0: entered promiscuous mode
[  274.344908][ T5967] hsr_slave_1: entered promiscuous mode
[  274.351168][ T5967] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  274.359206][ T5967] Cannot create hsr debugfs directory
[  274.528353][   T82] bridge_slave_1: left allmulticast mode
[  274.535696][   T82] bridge_slave_1: left promiscuous mode
[  274.542536][   T82] bridge0: port 2(bridge_slave_1) entered disabled state
[  274.556340][   T82] bridge_slave_0: left allmulticast mode
[  274.563068][   T82] bridge_slave_0: left promiscuous mode
[  274.568842][   T82] bridge0: port 1(bridge_slave_0) entered disabled state
[  274.856961][   T82] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  274.868788][   T82] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  274.880797][   T82] bond0 (unregistering): Released all slaves
[  274.987850][   T82] hsr_slave_0: left promiscuous mode
[  274.995935][   T82] hsr_slave_1: left promiscuous mode
[  275.002480][   T82] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  275.010255][   T82] batman_adv: batadv0: Removing interface: batadv_slave_0
[  275.023002][   T82] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  275.030497][   T82] batman_adv: batadv0: Removing interface: batadv_slave_1
[  275.054978][   T82] veth1_macvtap: left promiscuous mode
[  275.061271][   T82] veth0_macvtap: left promiscuous mode
[  275.068948][   T82] veth1_vlan: left promiscuous mode
[  275.076104][   T82] veth0_vlan: left promiscuous mode
[  275.576516][   T82] team0 (unregistering): Port device team_slave_1 removed
[  275.615539][   T82] team0 (unregistering): Port device team_slave_0 removed
[  275.803871][   T55] Bluetooth: hci0: command tx timeout
[  276.113344][ T5967] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  276.132041][ T5967] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  276.149387][ T5967] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  276.165492][ T5967] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  276.321133][ T5967] 8021q: adding VLAN 0 to HW filter on device bond0
[  276.348644][ T5967] 8021q: adding VLAN 0 to HW filter on device team0
[  276.377279][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  276.384561][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  276.570101][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  276.577271][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  277.065636][ T5967] 8021q: adding VLAN 0 to HW filter on device batadv0
[  277.147037][ T5967] veth0_vlan: entered promiscuous mode
[  277.159194][ T5967] veth1_vlan: entered promiscuous mode
[  277.219178][ T5967] veth0_macvtap: entered promiscuous mode
[  277.252773][ T5967] veth1_macvtap: entered promiscuous mode
[  277.294713][ T5967] batman_adv: batadv0: Interface activated: batadv_slave_0
[  277.325452][ T5967] batman_adv: batadv0: Interface activated: batadv_slave_1
[  277.359342][ T5967] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  277.379720][ T5967] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  277.389925][ T5967] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  277.399144][ T5967] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  277.476358][   T82] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  277.484622][   T82] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  277.512992][   T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  277.520921][   T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  277.893734][   T55] Bluetooth: hci0: command tx timeout
2025/03/07 10:07:54 executed programs: 51
[  279.972339][   T55] Bluetooth: hci0: command tx timeout
[  282.041495][   T55] Bluetooth: hci0: command tx timeout
2025/03/07 10:07:59 executed programs: 296
2025/03/07 10:08:04 executed programs: 542
[  289.907749][ T5144] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  289.916909][ T5144] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  289.926115][ T5144] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  289.939714][ T5144] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  289.948055][ T5144] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  289.955868][ T5144] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  290.085760][   T82] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  290.107685][ T6612] chnl_net:caif_netlink_parms(): no params data found
[  290.174951][   T82] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  290.188428][ T6612] bridge0: port 1(bridge_slave_0) entered blocking state
[  290.195882][ T6612] bridge0: port 1(bridge_slave_0) entered disabled state
[  290.203298][ T6612] bridge_slave_0: entered allmulticast mode
[  290.210164][ T6612] bridge_slave_0: entered promiscuous mode
[  290.219043][ T6612] bridge0: port 2(bridge_slave_1) entered blocking state
[  290.227730][ T6612] bridge0: port 2(bridge_slave_1) entered disabled state
[  290.235271][ T6612] bridge_slave_1: entered allmulticast mode
[  290.242893][ T6612] bridge_slave_1: entered promiscuous mode
[  290.269949][   T82] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  290.295920][ T6612] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  290.308055][ T6612] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  290.340832][   T82] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  290.366043][ T6612] team0: Port device team_slave_0 added
[  290.374572][ T6612] team0: Port device team_slave_1 added
[  290.399142][ T6612] batman_adv: batadv0: Adding interface: batadv_slave_0
[  290.407407][ T6612] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  290.433881][ T6612] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  290.446695][ T6612] batman_adv: batadv0: Adding interface: batadv_slave_1
[  290.454290][ T6612] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  290.480872][ T6612] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  290.535706][ T6612] hsr_slave_0: entered promiscuous mode
[  290.546429][ T6612] hsr_slave_1: entered promiscuous mode
[  290.605362][   T82] bridge_slave_1: left allmulticast mode
[  290.611072][   T82] bridge_slave_1: left promiscuous mode
[  290.617470][   T82] bridge0: port 2(bridge_slave_1) entered disabled state
[  290.627518][   T82] bridge_slave_0: left allmulticast mode
[  290.634656][   T82] bridge_slave_0: left promiscuous mode
[  290.640443][   T82] bridge0: port 1(bridge_slave_0) entered disabled state
[  290.916488][   T82] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  290.928500][   T82] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  290.939294][   T82] bond0 (unregistering): Released all slaves
[  291.288561][   T82] hsr_slave_0: left promiscuous mode
[  291.294789][   T82] hsr_slave_1: left promiscuous mode
[  291.304094][   T82] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  291.311688][   T82] batman_adv: batadv0: Removing interface: batadv_slave_0
[  291.319815][   T82] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  291.328432][   T82] batman_adv: batadv0: Removing interface: batadv_slave_1
[  291.350509][   T82] veth1_macvtap: left promiscuous mode
[  291.360170][   T82] veth0_macvtap: left promiscuous mode
[  291.365988][   T82] veth1_vlan: left promiscuous mode
[  291.374210][   T82] veth0_vlan: left promiscuous mode
[  291.807609][   T82] team0 (unregistering): Port device team_slave_1 removed
[  291.842941][   T82] team0 (unregistering): Port device team_slave_0 removed
[  292.052841][   T55] Bluetooth: hci1: command tx timeout
[  292.325564][ T6612] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  292.344159][ T6612] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  292.359200][ T6612] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  292.372509][ T6612] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  292.521323][ T6612] 8021q: adding VLAN 0 to HW filter on device bond0
[  292.544768][ T6612] 8021q: adding VLAN 0 to HW filter on device team0
[  292.564704][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  292.571923][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  292.606546][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  292.613764][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  292.655691][ T6612] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  292.784427][ T6612] 8021q: adding VLAN 0 to HW filter on device batadv0
[  292.822310][ T6612] veth0_vlan: entered promiscuous mode
[  292.833188][ T6612] veth1_vlan: entered promiscuous mode
[  292.865179][ T6612] veth0_macvtap: entered promiscuous mode
[  292.874530][ T6612] veth1_macvtap: entered promiscuous mode
[  292.891075][ T6612] batman_adv: batadv0: Interface activated: batadv_slave_0
[  292.906834][ T6612] batman_adv: batadv0: Interface activated: batadv_slave_1
[  292.920350][ T6612] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  292.929787][ T6612] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  292.939014][ T6612] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  292.948220][ T6612] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  293.007407][   T82] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  293.020353][   T82] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  293.045035][   T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  293.053345][   T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  293.116969][ T6655] ==================================================================
[  293.125173][ T6655] BUG: KASAN: slab-use-after-free in force_devcd_write+0x317/0x330
[  293.133123][ T6655] Read of size 8 at addr ffff888012126800 by task syz.0.616/6655
[  293.140856][ T6655] 
[  293.143218][ T6655] CPU: 0 UID: 0 PID: 6655 Comm: syz.0.616 Not tainted 6.14.0-rc5-syzkaller-00105-gf315296c92fd #0
[  293.143245][ T6655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  293.143263][ T6655] Call Trace:
[  293.143270][ T6655]  <TASK>
[  293.143281][ T6655]  dump_stack_lvl+0x116/0x1f0
[  293.143319][ T6655]  print_report+0xc3/0x670
[  293.143340][ T6655]  ? __virt_addr_valid+0x5e/0x590
[  293.143363][ T6655]  ? __phys_addr+0xc6/0x150
[  293.143388][ T6655]  kasan_report+0xd9/0x110
[  293.143408][ T6655]  ? force_devcd_write+0x317/0x330
[  293.143440][ T6655]  ? force_devcd_write+0x317/0x330
[  293.143473][ T6655]  force_devcd_write+0x317/0x330
[  293.143503][ T6655]  ? __pfx_force_devcd_write+0x10/0x10
[  293.143534][ T6655]  ? __debugfs_file_get+0x1ff/0x850
[  293.143565][ T6655]  ? __pfx___debugfs_file_get+0x10/0x10
[  293.143595][ T6655]  ? rcu_is_watching+0x12/0xc0
[  293.143620][ T6655]  ? trace_lock_acquire+0x14e/0x1f0
[  293.143648][ T6655]  full_proxy_write+0x13c/0x200
[  293.143679][ T6655]  ? __pfx_full_proxy_write+0x10/0x10
[  293.143710][ T6655]  vfs_write+0x24c/0x1150
[  293.143744][ T6655]  ? __pfx_vfs_write+0x10/0x10
[  293.143774][ T6655]  ? do_futex+0x123/0x350
[  293.143807][ T6655]  ? __pfx_do_futex+0x10/0x10
[  293.143838][ T6655]  ? __x64_sys_futex+0x1e1/0x4c0
[  293.143866][ T6655]  ? __x64_sys_futex+0x1ea/0x4c0
[  293.143895][ T6655]  ksys_write+0x12b/0x250
[  293.143926][ T6655]  ? __pfx_ksys_write+0x10/0x10
[  293.143962][ T6655]  do_syscall_64+0xcd/0x250
[  293.143994][ T6655]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  293.144028][ T6655] RIP: 0033:0x7f2e20d8d169
[  293.144047][ T6655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  293.144073][ T6655] RSP: 002b:00007ffe1eb68348 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  293.144094][ T6655] RAX: ffffffffffffffda RBX: 00007f2e20fa5fa0 RCX: 00007f2e20d8d169
[  293.144109][ T6655] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  293.144123][ T6655] RBP: 00007f2e20e0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  293.144137][ T6655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  293.144151][ T6655] R13: 00007f2e20fa5fa0 R14: 00007f2e20fa5fa0 R15: 0000000000000003
[  293.144172][ T6655]  </TASK>
[  293.144179][ T6655] 
[  293.370907][ T6655] Allocated by task 5967:
[  293.375253][ T6655]  kasan_save_stack+0x33/0x60
[  293.379953][ T6655]  kasan_save_track+0x14/0x30
[  293.384665][ T6655]  __kasan_kmalloc+0xaa/0xb0
[  293.389300][ T6655]  vhci_open+0x4c/0x430
[  293.393477][ T6655]  misc_open+0x35a/0x420
[  293.397736][ T6655]  chrdev_open+0x237/0x6a0
[  293.402188][ T6655]  do_dentry_open+0x735/0x1c40
[  293.406993][ T6655]  vfs_open+0x82/0x3f0
[  293.411086][ T6655]  path_openat+0x1e88/0x2d80
[  293.415796][ T6655]  do_filp_open+0x20c/0x470
[  293.420322][ T6655]  do_sys_openat2+0x17a/0x1e0
[  293.425018][ T6655]  __x64_sys_openat+0x175/0x210
[  293.429900][ T6655]  do_syscall_64+0xcd/0x250
[  293.434535][ T6655]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  293.440451][ T6655] 
[  293.442803][ T6655] Freed by task 5967:
[  293.446803][ T6655]  kasan_save_stack+0x33/0x60
[  293.451522][ T6655]  kasan_save_track+0x14/0x30
[  293.456322][ T6655]  kasan_save_free_info+0x3b/0x60
[  293.461458][ T6655]  __kasan_slab_free+0x51/0x70
[  293.466271][ T6655]  kfree+0x2c4/0x4d0
[  293.470184][ T6655]  vhci_release+0xbb/0xf0
[  293.474533][ T6655]  __fput+0x3ff/0xb70
[  293.478611][ T6655]  task_work_run+0x14e/0x250
[  293.483232][ T6655]  do_exit+0xad8/0x2d70
[  293.487420][ T6655]  do_group_exit+0xd3/0x2a0
[  293.491942][ T6655]  get_signal+0x24ed/0x26c0
[  293.496476][ T6655]  arch_do_signal_or_restart+0x90/0x7e0
[  293.502050][ T6655]  syscall_exit_to_user_mode+0x150/0x2a0
[  293.507749][ T6655]  do_syscall_64+0xda/0x250
[  293.512279][ T6655]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  293.518205][ T6655] 
[  293.520548][ T6655] The buggy address belongs to the object at ffff888012126800
[  293.520548][ T6655]  which belongs to the cache kmalloc-1k of size 1024
[  293.534625][ T6655] The buggy address is located 0 bytes inside of
[  293.534625][ T6655]  freed 1024-byte region [ffff888012126800, ffff888012126c00)
[  293.548446][ T6655] 
[  293.550881][ T6655] The buggy address belongs to the physical page:
[  293.557311][ T6655] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888012122000 pfn:0x12120
[  293.567484][ T6655] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  293.576187][ T6655] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  293.584742][ T6655] page_type: f5(slab)
[  293.588739][ T6655] raw: 00fff00000000240 ffff88801b041dc0 ffffea0001d30c10 ffffea0000d50a10
[  293.597341][ T6655] raw: ffff888012122000 000000000010000e 00000000f5000000 0000000000000000
[  293.605937][ T6655] head: 00fff00000000240 ffff88801b041dc0 ffffea0001d30c10 ffffea0000d50a10
[  293.614618][ T6655] head: ffff888012122000 000000000010000e 00000000f5000000 0000000000000000
[  293.623322][ T6655] head: 00fff00000000003 ffffea0000484801 ffffffffffffffff 0000000000000000
[  293.632031][ T6655] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  293.640708][ T6655] page dumped because: kasan: bad access detected
[  293.647175][ T6655] page_owner tracks the page as allocated
[  293.652901][ T6655] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5651, tgid 5651 (dhcpcd), ts 63256250623, free_ts 61970947926
[  293.673770][ T6655]  post_alloc_hook+0x181/0x1b0
[  293.678569][ T6655]  get_page_from_freelist+0xfce/0x2f80
[  293.684138][ T6655]  __alloc_frozen_pages_noprof+0x221/0x2470
[  293.690158][ T6655]  alloc_pages_mpol+0x1fc/0x540
[  293.695037][ T6655]  new_slab+0x23d/0x330
[  293.699213][ T6655]  ___slab_alloc+0xc5d/0x1720
[  293.703910][ T6655]  __slab_alloc.constprop.0+0x56/0xb0
[  293.709304][ T6655]  __kmalloc_node_noprof+0x2f0/0x510
[  293.714615][ T6655]  __kvmalloc_node_noprof+0xad/0x1a0
[  293.719927][ T6655]  bpf_jit_binary_pack_alloc+0xc1/0x290
[  293.725508][ T6655]  bpf_int_jit_compile+0x575/0x1830
[  293.730726][ T6655]  bpf_prog_select_runtime+0x32a/0x4c0
[  293.736245][ T6655]  bpf_prepare_filter+0xd3d/0x1100
[  293.741392][ T6655]  bpf_prog_create_from_user+0x1e4/0x2d0
[  293.747079][ T6655]  do_seccomp+0x7b6/0x2640
[  293.751516][ T6655]  prctl_set_seccomp+0x4b/0x70
[  293.756293][ T6655] page last free pid 5499 tgid 5499 stack trace:
[  293.762629][ T6655]  free_frozen_pages+0x6db/0xfb0
[  293.767612][ T6655]  __put_partials+0x14c/0x170
[  293.772307][ T6655]  qlist_free_all+0x4e/0x120
[  293.776917][ T6655]  kasan_quarantine_reduce+0x195/0x1e0
[  293.782410][ T6655]  __kasan_slab_alloc+0x69/0x90
[  293.787311][ T6655]  kmem_cache_alloc_node_noprof+0x223/0x3c0
[  293.793229][ T6655]  __alloc_skb+0x2b1/0x380
[  293.797688][ T6655]  alloc_skb_with_frags+0xe4/0x850
[  293.802911][ T6655]  sock_alloc_send_pskb+0x7f1/0x980
[  293.808155][ T6655]  unix_dgram_sendmsg+0x45e/0x1880
[  293.813294][ T6655]  sock_write_iter+0x4fe/0x5b0
[  293.818183][ T6655]  vfs_write+0x5ae/0x1150
[  293.822541][ T6655]  ksys_write+0x207/0x250
[  293.826910][ T6655]  do_syscall_64+0xcd/0x250
[  293.831521][ T6655]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  293.837432][ T6655] 
[  293.839775][ T6655] Memory state around the buggy address:
[  293.845424][ T6655]  ffff888012126700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  293.853512][ T6655]  ffff888012126780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  293.861596][ T6655] >ffff888012126800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  293.869673][ T6655]                    ^
[  293.873749][ T6655]  ffff888012126880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  293.881866][ T6655]  ffff888012126900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  293.889986][ T6655] ==================================================================
[  293.906034][ T6655] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  293.913294][ T6655] CPU: 0 UID: 0 PID: 6655 Comm: syz.0.616 Not tainted 6.14.0-rc5-syzkaller-00105-gf315296c92fd #0
[  293.923930][ T6655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  293.934034][ T6655] Call Trace:
[  293.937346][ T6655]  <TASK>
[  293.940315][ T6655]  dump_stack_lvl+0x3d/0x1f0
[  293.944966][ T6655]  panic+0x71d/0x800
[  293.948924][ T6655]  ? __pfx_panic+0x10/0x10
[  293.953391][ T6655]  ? preempt_schedule_thunk+0x1a/0x30
[  293.958816][ T6655]  ? preempt_schedule_common+0x44/0xc0
[  293.964327][ T6655]  ? check_panic_on_warn+0x1f/0xb0
[  293.969459][ T6655]  check_panic_on_warn+0xab/0xb0
[  293.974418][ T6655]  end_report+0x117/0x180
[  293.978758][ T6655]  kasan_report+0xe9/0x110
[  293.983191][ T6655]  ? force_devcd_write+0x317/0x330
[  293.988365][ T6655]  ? force_devcd_write+0x317/0x330
[  293.993501][ T6655]  force_devcd_write+0x317/0x330
[  293.998461][ T6655]  ? __pfx_force_devcd_write+0x10/0x10
[  294.004029][ T6655]  ? __debugfs_file_get+0x1ff/0x850
[  294.009260][ T6655]  ? __pfx___debugfs_file_get+0x10/0x10
[  294.014831][ T6655]  ? rcu_is_watching+0x12/0xc0
[  294.019735][ T6655]  ? trace_lock_acquire+0x14e/0x1f0
[  294.024990][ T6655]  full_proxy_write+0x13c/0x200
[  294.029869][ T6655]  ? __pfx_full_proxy_write+0x10/0x10
[  294.035267][ T6655]  vfs_write+0x24c/0x1150
[  294.039627][ T6655]  ? __pfx_vfs_write+0x10/0x10
[  294.044422][ T6655]  ? do_futex+0x123/0x350
[  294.048784][ T6655]  ? __pfx_do_futex+0x10/0x10
[  294.053490][ T6655]  ? __x64_sys_futex+0x1e1/0x4c0
[  294.058450][ T6655]  ? __x64_sys_futex+0x1ea/0x4c0
[  294.063415][ T6655]  ksys_write+0x12b/0x250
[  294.067774][ T6655]  ? __pfx_ksys_write+0x10/0x10
[  294.072655][ T6655]  do_syscall_64+0xcd/0x250
[  294.077204][ T6655]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.083135][ T6655] RIP: 0033:0x7f2e20d8d169
[  294.087567][ T6655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  294.107278][ T6655] RSP: 002b:00007ffe1eb68348 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  294.115712][ T6655] RAX: ffffffffffffffda RBX: 00007f2e20fa5fa0 RCX: 00007f2e20d8d169
[  294.123738][ T6655] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  294.131729][ T6655] RBP: 00007f2e20e0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  294.139754][ T6655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  294.147743][ T6655] R13: 00007f2e20fa5fa0 R14: 00007f2e20fa5fa0 R15: 0000000000000003
[  294.155743][ T6655]  </TASK>
[  294.159106][ T6655] Kernel Offset: disabled
[  294.163441][ T6655] Rebooting in 86400 seconds..