Warning: Permanently added '10.128.0.181' (ED25519) to the list of known hosts.
2025/02/12 18:40:57 ignoring optional flag "sandboxArg"="0"
2025/02/12 18:40:58 parsed 1 programs
[  132.017861][ T5854] cgroup: Unknown subsys name 'net'
[  132.138143][ T5854] cgroup: Unknown subsys name 'cpuset'
[  132.146773][ T5854] cgroup: Unknown subsys name 'rlimit'
[  133.266300][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  133.272818][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  133.457551][ T5854] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  135.871267][ T5860] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  137.051381][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  137.064148][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  137.088138][   T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  137.096832][   T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  137.639428][ T5906] chnl_net:caif_netlink_parms(): no params data found
[  137.734802][ T5906] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.742582][ T5906] bridge0: port 1(bridge_slave_0) entered disabled state
[  137.750345][ T5906] bridge_slave_0: entered allmulticast mode
[  137.757764][ T5906] bridge_slave_0: entered promiscuous mode
[  137.766816][ T5906] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.773929][ T5906] bridge0: port 2(bridge_slave_1) entered disabled state
[  137.781169][ T5906] bridge_slave_1: entered allmulticast mode
[  137.789292][ T5906] bridge_slave_1: entered promiscuous mode
[  137.813961][ T5906] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  137.825825][ T5906] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  137.856642][ T5906] team0: Port device team_slave_0 added
[  137.865914][ T5906] team0: Port device team_slave_1 added
[  137.895667][ T5906] batman_adv: batadv0: Adding interface: batadv_slave_0
[  137.902665][ T5906] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  137.928673][ T5906] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  137.941995][ T5906] batman_adv: batadv0: Adding interface: batadv_slave_1
[  137.949407][ T5906] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  137.975378][ T5906] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  138.008108][ T5906] hsr_slave_0: entered promiscuous mode
[  138.014303][ T5906] hsr_slave_1: entered promiscuous mode
[  138.111373][ T5906] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  138.121886][ T5906] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  138.130888][ T5906] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  138.141907][ T5906] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  138.203016][ T5906] 8021q: adding VLAN 0 to HW filter on device bond0
[  138.222041][ T5906] 8021q: adding VLAN 0 to HW filter on device team0
[  138.234222][ T3470] bridge0: port 1(bridge_slave_0) entered blocking state
[  138.241702][ T3470] bridge0: port 1(bridge_slave_0) entered forwarding state
[  138.258054][ T3470] bridge0: port 2(bridge_slave_1) entered blocking state
[  138.265244][ T3470] bridge0: port 2(bridge_slave_1) entered forwarding state
[  138.391510][ T5906] 8021q: adding VLAN 0 to HW filter on device batadv0
[  138.428503][ T5906] veth0_vlan: entered promiscuous mode
[  138.439726][ T5906] veth1_vlan: entered promiscuous mode
[  138.464247][ T5906] veth0_macvtap: entered promiscuous mode
[  138.472836][ T5906] veth1_macvtap: entered promiscuous mode
[  138.488932][ T5906] batman_adv: batadv0: Interface activated: batadv_slave_0
[  138.501948][ T5906] batman_adv: batadv0: Interface activated: batadv_slave_1
[  138.513917][ T5906] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  138.523636][ T5906] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  138.532539][ T5906] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  138.541325][ T5906] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  138.698610][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.792107][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.868090][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.958062][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.071789][ T5930] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  139.081952][ T5930] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  139.094658][ T5930] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  139.102698][ T5930] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  139.111875][ T5930] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  139.119720][ T5930] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/02/12 18:41:08 executed programs: 0
[  139.916948][ T5930] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  139.927135][ T5930] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  139.935979][ T5930] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  139.946932][ T5930] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  139.955949][ T5930] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  139.964375][ T5930] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  140.071921][ T5957] chnl_net:caif_netlink_parms(): no params data found
[  140.126812][ T5957] bridge0: port 1(bridge_slave_0) entered blocking state
[  140.133935][ T5957] bridge0: port 1(bridge_slave_0) entered disabled state
[  140.141329][ T5957] bridge_slave_0: entered allmulticast mode
[  140.148336][ T5957] bridge_slave_0: entered promiscuous mode
[  140.157024][ T5957] bridge0: port 2(bridge_slave_1) entered blocking state
[  140.164196][ T5957] bridge0: port 2(bridge_slave_1) entered disabled state
[  140.171538][ T5957] bridge_slave_1: entered allmulticast mode
[  140.178483][ T5957] bridge_slave_1: entered promiscuous mode
[  140.201907][ T5957] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  140.212888][ T5957] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  140.241966][ T5957] team0: Port device team_slave_0 added
[  140.249541][ T5957] team0: Port device team_slave_1 added
[  140.267943][ T5957] batman_adv: batadv0: Adding interface: batadv_slave_0
[  140.275380][ T5957] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  140.301969][ T5957] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  140.315583][ T5957] batman_adv: batadv0: Adding interface: batadv_slave_1
[  140.322569][ T5957] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  140.348928][ T5957] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  140.391697][ T5957] hsr_slave_0: entered promiscuous mode
[  140.398244][ T5957] hsr_slave_1: entered promiscuous mode
[  140.404222][ T5957] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  140.412164][ T5957] Cannot create hsr debugfs directory
[  141.985489][ T5930] Bluetooth: hci0: command tx timeout
[  142.094360][   T12] bridge_slave_1: left allmulticast mode
[  142.101201][   T12] bridge_slave_1: left promiscuous mode
[  142.108148][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  142.119423][   T12] bridge_slave_0: left allmulticast mode
[  142.126263][   T12] bridge_slave_0: left promiscuous mode
[  142.131951][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  142.403343][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  142.414703][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  142.425279][   T12] bond0 (unregistering): Released all slaves
[  142.537092][   T12] hsr_slave_0: left promiscuous mode
[  142.543201][   T12] hsr_slave_1: left promiscuous mode
[  142.551231][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  142.562358][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  142.571353][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  142.579218][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  142.604155][   T12] veth1_macvtap: left promiscuous mode
[  142.610248][   T12] veth0_macvtap: left promiscuous mode
[  142.616321][   T12] veth1_vlan: left promiscuous mode
[  142.621869][   T12] veth0_vlan: left promiscuous mode
[  143.019915][   T12] team0 (unregistering): Port device team_slave_1 removed
[  143.051574][   T12] team0 (unregistering): Port device team_slave_0 removed
[  143.503314][ T5957] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  143.519599][ T5957] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  143.540158][ T5957] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  143.566987][ T5957] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  143.658295][ T5957] 8021q: adding VLAN 0 to HW filter on device bond0
[  143.698514][ T5957] 8021q: adding VLAN 0 to HW filter on device team0
[  143.729748][ T3643] bridge0: port 1(bridge_slave_0) entered blocking state
[  143.736935][ T3643] bridge0: port 1(bridge_slave_0) entered forwarding state
[  143.768305][ T3643] bridge0: port 2(bridge_slave_1) entered blocking state
[  143.775527][ T3643] bridge0: port 2(bridge_slave_1) entered forwarding state
[  144.065350][ T5930] Bluetooth: hci0: command tx timeout
[  144.304245][ T5957] 8021q: adding VLAN 0 to HW filter on device batadv0
[  144.365328][ T5957] veth0_vlan: entered promiscuous mode
[  144.379580][ T5957] veth1_vlan: entered promiscuous mode
[  144.412792][ T5957] veth0_macvtap: entered promiscuous mode
[  144.425415][ T5957] veth1_macvtap: entered promiscuous mode
[  144.448373][ T5957] batman_adv: batadv0: Interface activated: batadv_slave_0
[  144.461003][ T5957] batman_adv: batadv0: Interface activated: batadv_slave_1
[  144.475387][ T5957] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  144.484151][ T5957] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  144.495886][ T5957] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  144.504998][ T5957] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  144.555404][ T3470] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  144.563250][ T3470] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  144.588228][ T3470] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  144.596313][ T3470] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/02/12 18:41:13 executed programs: 11
[  146.145408][ T5930] Bluetooth: hci0: command tx timeout
[  148.224939][ T5930] Bluetooth: hci0: command tx timeout
2025/02/12 18:41:18 executed programs: 243
2025/02/12 18:41:23 executed programs: 505
[  156.739196][ T5148] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  156.748537][ T5148] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  156.756748][ T5148] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  156.766154][ T5148] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  156.776031][ T5148] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  156.784967][ T5148] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  156.892881][ T3470] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  156.911669][ T6603] chnl_net:caif_netlink_parms(): no params data found
[  156.961838][ T3470] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  156.982974][ T6603] bridge0: port 1(bridge_slave_0) entered blocking state
[  156.990708][ T6603] bridge0: port 1(bridge_slave_0) entered disabled state
[  156.998267][ T6603] bridge_slave_0: entered allmulticast mode
[  157.005408][ T6603] bridge_slave_0: entered promiscuous mode
[  157.012786][ T6603] bridge0: port 2(bridge_slave_1) entered blocking state
[  157.020766][ T6603] bridge0: port 2(bridge_slave_1) entered disabled state
[  157.028344][ T6603] bridge_slave_1: entered allmulticast mode
[  157.035802][ T6603] bridge_slave_1: entered promiscuous mode
[  157.052683][ T3470] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  157.080262][ T6603] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  157.091267][ T6603] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  157.115609][ T6603] team0: Port device team_slave_0 added
[  157.134320][ T3470] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  157.148308][ T6603] team0: Port device team_slave_1 added
[  157.168128][ T6603] batman_adv: batadv0: Adding interface: batadv_slave_0
[  157.175318][ T6603] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  157.201589][ T6603] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  157.214024][ T6603] batman_adv: batadv0: Adding interface: batadv_slave_1
[  157.221991][ T6603] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  157.247992][ T6603] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  157.282261][ T6603] hsr_slave_0: entered promiscuous mode
[  157.288573][ T6603] hsr_slave_1: entered promiscuous mode
[  157.368402][ T3470] bridge_slave_1: left allmulticast mode
[  157.374084][ T3470] bridge_slave_1: left promiscuous mode
[  157.380270][ T3470] bridge0: port 2(bridge_slave_1) entered disabled state
[  157.389095][ T3470] bridge_slave_0: left allmulticast mode
[  157.395405][ T3470] bridge_slave_0: left promiscuous mode
[  157.401045][ T3470] bridge0: port 1(bridge_slave_0) entered disabled state
[  157.627361][ T3470] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  157.638534][ T3470] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  157.648290][ T3470] bond0 (unregistering): Released all slaves
[  157.943109][ T3470] hsr_slave_0: left promiscuous mode
[  157.949171][ T3470] hsr_slave_1: left promiscuous mode
[  157.956110][ T3470] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  157.963524][ T3470] batman_adv: batadv0: Removing interface: batadv_slave_0
[  157.972413][ T3470] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  157.989434][ T3470] batman_adv: batadv0: Removing interface: batadv_slave_1
[  158.012121][ T3470] veth1_macvtap: left promiscuous mode
[  158.017810][ T3470] veth0_macvtap: left promiscuous mode
[  158.023420][ T3470] veth1_vlan: left promiscuous mode
[  158.031553][ T3470] veth0_vlan: left promiscuous mode
[  158.298548][ T3470] team0 (unregistering): Port device team_slave_1 removed
[  158.327174][ T3470] team0 (unregistering): Port device team_slave_0 removed
[  158.612394][ T6603] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  158.629024][ T6603] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  158.647462][ T6603] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  158.671568][ T6603] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  158.771968][ T6603] 8021q: adding VLAN 0 to HW filter on device bond0
[  158.790203][ T6603] 8021q: adding VLAN 0 to HW filter on device team0
[  158.801823][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[  158.808946][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[  158.827510][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  158.834637][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  158.868794][ T5148] Bluetooth: hci1: command tx timeout
[  159.017363][ T6603] 8021q: adding VLAN 0 to HW filter on device batadv0
[  159.049338][ T6603] veth0_vlan: entered promiscuous mode
[  159.058514][ T6603] veth1_vlan: entered promiscuous mode
[  159.079043][ T6603] veth0_macvtap: entered promiscuous mode
[  159.088350][ T6603] veth1_macvtap: entered promiscuous mode
[  159.101914][ T6603] batman_adv: batadv0: Interface activated: batadv_slave_0
[  159.113978][ T6603] batman_adv: batadv0: Interface activated: batadv_slave_1
[  159.124610][ T6603] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  159.133320][ T6603] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  159.142411][ T6603] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  159.152595][ T6603] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  159.197608][ T3470] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  159.209710][ T3470] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  159.227737][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  159.236536][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  159.286161][ T6644] ==================================================================
[  159.294237][ T6644] BUG: KASAN: slab-use-after-free in force_devcd_write+0x31f/0x350
[  159.302128][ T6644] Read of size 8 at addr ffff888029c39800 by task syz.0.616/6644
[  159.309822][ T6644] 
[  159.312139][ T6644] CPU: 1 UID: 0 PID: 6644 Comm: syz.0.616 Not tainted 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0
[  159.312154][ T6644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  159.312166][ T6644] Call Trace:
[  159.312171][ T6644]  <TASK>
[  159.312178][ T6644]  dump_stack_lvl+0x116/0x1f0
[  159.312204][ T6644]  print_report+0xc3/0x620
[  159.312219][ T6644]  ? __virt_addr_valid+0x5e/0x590
[  159.312231][ T6644]  ? __phys_addr+0xc6/0x150
[  159.312250][ T6644]  kasan_report+0xd9/0x110
[  159.312265][ T6644]  ? force_devcd_write+0x31f/0x350
[  159.312280][ T6644]  ? force_devcd_write+0x31f/0x350
[  159.312296][ T6644]  force_devcd_write+0x31f/0x350
[  159.312311][ T6644]  ? __pfx_force_devcd_write+0x10/0x10
[  159.312326][ T6644]  ? __debugfs_file_get+0x1ff/0x850
[  159.312345][ T6644]  ? __pfx___debugfs_file_get+0x10/0x10
[  159.312364][ T6644]  ? rcu_is_watching+0x12/0xc0
[  159.312383][ T6644]  ? trace_lock_acquire+0x14e/0x1f0
[  159.312396][ T6644]  full_proxy_write+0x13c/0x200
[  159.312415][ T6644]  ? __pfx_full_proxy_write+0x10/0x10
[  159.312434][ T6644]  vfs_write+0x24c/0x1150
[  159.312448][ T6644]  ? __pfx_vfs_write+0x10/0x10
[  159.312459][ T6644]  ? do_futex+0x123/0x350
[  159.312472][ T6644]  ? __pfx_do_futex+0x10/0x10
[  159.312486][ T6644]  ? __x64_sys_futex+0x1e1/0x4c0
[  159.312498][ T6644]  ? __x64_sys_futex+0x1ea/0x4c0
[  159.312517][ T6644]  ksys_write+0x12b/0x250
[  159.312535][ T6644]  ? __pfx_ksys_write+0x10/0x10
[  159.312559][ T6644]  do_syscall_64+0xcd/0x250
[  159.312579][ T6644]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.312608][ T6644] RIP: 0033:0x7fb5ad98cde9
[  159.312624][ T6644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  159.312637][ T6644] RSP: 002b:00007ffd111c8e88 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  159.312648][ T6644] RAX: ffffffffffffffda RBX: 00007fb5adba5fa0 RCX: 00007fb5ad98cde9
[  159.312657][ T6644] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  159.312664][ T6644] RBP: 00007fb5ada0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  159.312671][ T6644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  159.312679][ T6644] R13: 00007fb5adba5fa0 R14: 00007fb5adba5fa0 R15: 0000000000000003
[  159.312690][ T6644]  </TASK>
[  159.312694][ T6644] 
[  159.538313][ T6644] Allocated by task 5957:
[  159.542629][ T6644]  kasan_save_stack+0x33/0x60
[  159.547308][ T6644]  kasan_save_track+0x14/0x30
[  159.551979][ T6644]  __kasan_kmalloc+0xaa/0xb0
[  159.556564][ T6644]  vhci_open+0x4c/0x430
[  159.560714][ T6644]  misc_open+0x35a/0x420
[  159.564948][ T6644]  chrdev_open+0x237/0x6a0
[  159.569357][ T6644]  do_dentry_open+0x735/0x1c40
[  159.574111][ T6644]  vfs_open+0x82/0x3f0
[  159.578175][ T6644]  path_openat+0x1e88/0x2d80
[  159.582754][ T6644]  do_filp_open+0x20c/0x470
[  159.587249][ T6644]  do_sys_openat2+0x17a/0x1e0
[  159.591920][ T6644]  __x64_sys_openat+0x175/0x210
[  159.596768][ T6644]  do_syscall_64+0xcd/0x250
[  159.601266][ T6644]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.607180][ T6644] 
[  159.609493][ T6644] Freed by task 5957:
[  159.613457][ T6644]  kasan_save_stack+0x33/0x60
[  159.618127][ T6644]  kasan_save_track+0x14/0x30
[  159.622793][ T6644]  kasan_save_free_info+0x3b/0x60
[  159.627813][ T6644]  __kasan_slab_free+0x51/0x70
[  159.632568][ T6644]  kfree+0x2c4/0x4d0
[  159.636453][ T6644]  vhci_release+0xbb/0xf0
[  159.640772][ T6644]  __fput+0x3ff/0xb70
[  159.644749][ T6644]  task_work_run+0x14e/0x250
[  159.649335][ T6644]  do_exit+0xad8/0x2d70
[  159.653480][ T6644]  do_group_exit+0xd3/0x2a0
[  159.657971][ T6644]  get_signal+0x2576/0x2610
[  159.662481][ T6644]  arch_do_signal_or_restart+0x90/0x7e0
[  159.668018][ T6644]  syscall_exit_to_user_mode+0x150/0x2a0
[  159.673659][ T6644]  do_syscall_64+0xda/0x250
[  159.678151][ T6644]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.684047][ T6644] 
[  159.686357][ T6644] The buggy address belongs to the object at ffff888029c39800
[  159.686357][ T6644]  which belongs to the cache kmalloc-1k of size 1024
[  159.700399][ T6644] The buggy address is located 0 bytes inside of
[  159.700399][ T6644]  freed 1024-byte region [ffff888029c39800, ffff888029c39c00)
[  159.714098][ T6644] 
[  159.716410][ T6644] The buggy address belongs to the physical page:
[  159.722813][ T6644] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29c38
[  159.731558][ T6644] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  159.740044][ T6644] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  159.748015][ T6644] page_type: f5(slab)
[  159.751992][ T6644] raw: 00fff00000000040 ffff88801b041dc0 0000000000000000 dead000000000001
[  159.760568][ T6644] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  159.769142][ T6644] head: 00fff00000000040 ffff88801b041dc0 0000000000000000 dead000000000001
[  159.777803][ T6644] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  159.786461][ T6644] head: 00fff00000000003 ffffea0000a70e01 ffffffffffffffff 0000000000000000
[  159.795122][ T6644] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  159.803774][ T6644] page dumped because: kasan: bad access detected
[  159.810180][ T6644] page_owner tracks the page as allocated
[  159.815875][ T6644] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5634, tgid 5634 (dhcpcd), ts 44612087255, free_ts 44608588668
[  159.836703][ T6644]  post_alloc_hook+0x181/0x1b0
[  159.841459][ T6644]  get_page_from_freelist+0xfce/0x2f80
[  159.846913][ T6644]  __alloc_frozen_pages_noprof+0x221/0x2470
[  159.852800][ T6644]  alloc_pages_mpol+0x1fc/0x540
[  159.857647][ T6644]  new_slab+0x23d/0x330
[  159.861792][ T6644]  ___slab_alloc+0xbfa/0x1600
[  159.866456][ T6644]  __slab_alloc.constprop.0+0x56/0xb0
[  159.871828][ T6644]  __kmalloc_noprof+0x2de/0x4f0
[  159.876679][ T6644]  load_elf_phdrs+0x103/0x210
[  159.881356][ T6644]  load_elf_binary+0x1518/0x4ff0
[  159.886292][ T6644]  bprm_execve+0x8dd/0x16d0
[  159.890785][ T6644]  do_execveat_common.isra.0+0x4a2/0x610
[  159.896407][ T6644]  __x64_sys_execve+0x8c/0xb0
[  159.901073][ T6644]  do_syscall_64+0xcd/0x250
[  159.905569][ T6644]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.911458][ T6644] page last free pid 5503 tgid 5503 stack trace:
[  159.917768][ T6644]  free_frozen_pages+0x6db/0xfb0
[  159.922711][ T6644]  __put_partials+0x14c/0x170
[  159.927380][ T6644]  qlist_free_all+0x4e/0x120
[  159.931969][ T6644]  kasan_quarantine_reduce+0x195/0x1e0
[  159.937425][ T6644]  __kasan_slab_alloc+0x69/0x90
[  159.942271][ T6644]  kmem_cache_alloc_node_noprof+0x1ca/0x3b0
[  159.948157][ T6644]  __alloc_skb+0x2b3/0x380
[  159.952563][ T6644]  alloc_skb_with_frags+0xe4/0x850
[  159.957669][ T6644]  sock_alloc_send_pskb+0x7f1/0x980
[  159.962870][ T6644]  unix_dgram_sendmsg+0x41f/0x17e0
[  159.967976][ T6644]  sock_write_iter+0x4fe/0x5b0
[  159.972741][ T6644]  do_iter_readv_writev+0x655/0x950
[  159.977941][ T6644]  vfs_writev+0x363/0xdd0
[  159.982258][ T6644]  do_writev+0x297/0x340
[  159.986490][ T6644]  do_syscall_64+0xcd/0x250
[  159.990981][ T6644]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.996878][ T6644] 
[  159.999190][ T6644] Memory state around the buggy address:
[  160.004805][ T6644]  ffff888029c39700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  160.012855][ T6644]  ffff888029c39780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  160.020904][ T6644] >ffff888029c39800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  160.028950][ T6644]                    ^
[  160.033006][ T6644]  ffff888029c39880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  160.041053][ T6644]  ffff888029c39900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  160.049099][ T6644] ==================================================================
[  160.069232][ T6644] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  160.076445][ T6644] CPU: 1 UID: 0 PID: 6644 Comm: syz.0.616 Not tainted 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0
[  160.087038][ T6644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  160.097088][ T6644] Call Trace:
[  160.100356][ T6644]  <TASK>
[  160.103275][ T6644]  dump_stack_lvl+0x3d/0x1f0
[  160.107872][ T6644]  panic+0x71d/0x800
[  160.111758][ T6644]  ? __pfx_panic+0x10/0x10
[  160.116166][ T6644]  ? preempt_schedule_thunk+0x1a/0x30
[  160.121535][ T6644]  ? preempt_schedule_common+0x44/0xc0
[  160.126993][ T6644]  ? check_panic_on_warn+0x1f/0xb0
[  160.132102][ T6644]  check_panic_on_warn+0xab/0xb0
[  160.137034][ T6644]  end_report+0x117/0x180
[  160.141361][ T6644]  kasan_report+0xe9/0x110
[  160.145770][ T6644]  ? force_devcd_write+0x31f/0x350
[  160.150876][ T6644]  ? force_devcd_write+0x31f/0x350
[  160.155986][ T6644]  force_devcd_write+0x31f/0x350
[  160.160933][ T6644]  ? __pfx_force_devcd_write+0x10/0x10
[  160.166388][ T6644]  ? __debugfs_file_get+0x1ff/0x850
[  160.171587][ T6644]  ? __pfx___debugfs_file_get+0x10/0x10
[  160.177133][ T6644]  ? rcu_is_watching+0x12/0xc0
[  160.181898][ T6644]  ? trace_lock_acquire+0x14e/0x1f0
[  160.187089][ T6644]  full_proxy_write+0x13c/0x200
[  160.191939][ T6644]  ? __pfx_full_proxy_write+0x10/0x10
[  160.197312][ T6644]  vfs_write+0x24c/0x1150
[  160.201637][ T6644]  ? __pfx_vfs_write+0x10/0x10
[  160.206393][ T6644]  ? do_futex+0x123/0x350
[  160.210714][ T6644]  ? __pfx_do_futex+0x10/0x10
[  160.215386][ T6644]  ? __x64_sys_futex+0x1e1/0x4c0
[  160.220320][ T6644]  ? __x64_sys_futex+0x1ea/0x4c0
[  160.225252][ T6644]  ksys_write+0x12b/0x250
[  160.229575][ T6644]  ? __pfx_ksys_write+0x10/0x10
[  160.234421][ T6644]  do_syscall_64+0xcd/0x250
[  160.238922][ T6644]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.244815][ T6644] RIP: 0033:0x7fb5ad98cde9
[  160.249217][ T6644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  160.268830][ T6644] RSP: 002b:00007ffd111c8e88 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  160.277237][ T6644] RAX: ffffffffffffffda RBX: 00007fb5adba5fa0 RCX: 00007fb5ad98cde9
[  160.285197][ T6644] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  160.293160][ T6644] RBP: 00007fb5ada0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  160.301135][ T6644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  160.309104][ T6644] R13: 00007fb5adba5fa0 R14: 00007fb5adba5fa0 R15: 0000000000000003
[  160.317076][ T6644]  </TASK>
[  160.320310][ T6644] Kernel Offset: disabled
[  160.324618][ T6644] Rebooting in 86400 seconds..