Warning: Permanently added '10.128.0.132' (ED25519) to the list of known hosts.
2025/02/18 07:46:12 ignoring optional flag "sandboxArg"="0"
2025/02/18 07:46:13 parsed 1 programs
[   90.321549][ T5841] cgroup: Unknown subsys name 'net'
[   90.479829][ T5841] cgroup: Unknown subsys name 'cpuset'
[   90.489509][ T5841] cgroup: Unknown subsys name 'rlimit'
[   92.157761][ T5841] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   95.054334][ T5847] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   95.965486][ T5869] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   95.974112][ T5869] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   95.983077][ T5869] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   96.003993][ T5869] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   96.012595][ T5869] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   96.020383][ T5869] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   96.702634][ T3536] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.714965][ T3536] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.744761][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.753006][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.413089][   T46] cfg80211: failed to load regulatory.db
[   98.564738][ T5923] chnl_net:caif_netlink_parms(): no params data found
[   98.661831][ T5923] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.673613][ T5923] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.681724][ T5923] bridge_slave_0: entered allmulticast mode
[   98.693978][ T5923] bridge_slave_0: entered promiscuous mode
[   98.708050][ T5923] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.715231][ T5923] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.723163][ T5923] bridge_slave_1: entered allmulticast mode
[   98.730132][ T5923] bridge_slave_1: entered promiscuous mode
[   98.760863][ T5923] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   98.772294][ T5923] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   98.803605][ T5923] team0: Port device team_slave_0 added
[   98.812898][ T5923] team0: Port device team_slave_1 added
[   98.837139][ T5923] batman_adv: batadv0: Adding interface: batadv_slave_0
[   98.844697][ T5923] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.871195][ T5923] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   98.885794][ T5923] batman_adv: batadv0: Adding interface: batadv_slave_1
[   98.892783][ T5923] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.919881][ T5923] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   98.958771][ T5923] hsr_slave_0: entered promiscuous mode
[   98.965324][ T5923] hsr_slave_1: entered promiscuous mode
[   99.076810][ T5923] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   99.087400][ T5923] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   99.098410][ T5923] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   99.109950][ T5923] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   99.179137][ T5923] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.206301][ T5923] 8021q: adding VLAN 0 to HW filter on device team0
[   99.221856][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.229173][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.246757][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.253867][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.414846][ T5923] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.455070][ T5923] veth0_vlan: entered promiscuous mode
[   99.467979][ T5923] veth1_vlan: entered promiscuous mode
[   99.493556][ T5923] veth0_macvtap: entered promiscuous mode
[   99.502535][ T5923] veth1_macvtap: entered promiscuous mode
[   99.521938][ T5923] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.536340][ T5923] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.548309][ T5923] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.558014][ T5923] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.567075][ T5923] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.577453][ T5923] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.752533][   T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.820884][   T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.888188][   T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.953483][   T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/02/18 07:46:27 executed programs: 0
[  100.321912][ T5869] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  100.331362][ T5869] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  100.344342][ T5869] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  100.353362][ T5869] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  100.361484][ T5869] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  100.370501][ T5869] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  100.538927][ T5944] chnl_net:caif_netlink_parms(): no params data found
[  100.666462][ T5944] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.673712][ T5944] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.684496][ T5944] bridge_slave_0: entered allmulticast mode
[  100.693321][ T5944] bridge_slave_0: entered promiscuous mode
[  100.718934][ T5944] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.732473][ T5944] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.740521][ T5944] bridge_slave_1: entered allmulticast mode
[  100.750668][ T5944] bridge_slave_1: entered promiscuous mode
[  100.795632][ T5944] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  100.811085][ T5944] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.851430][ T5944] team0: Port device team_slave_0 added
[  100.869430][ T5944] team0: Port device team_slave_1 added
[  100.892791][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_0
[  100.900089][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  100.926537][ T5944] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  100.941016][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_1
[  100.948183][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  100.974265][ T5944] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  101.013844][ T5944] hsr_slave_0: entered promiscuous mode
[  101.020304][ T5944] hsr_slave_1: entered promiscuous mode
[  101.027298][ T5944] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  101.035232][ T5944] Cannot create hsr debugfs directory
[  102.447223][   T54] Bluetooth: hci0: command tx timeout
[  103.090481][   T35] bridge_slave_1: left allmulticast mode
[  103.098844][   T35] bridge_slave_1: left promiscuous mode
[  103.105347][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.119538][   T35] bridge_slave_0: left allmulticast mode
[  103.125261][   T35] bridge_slave_0: left promiscuous mode
[  103.131077][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.395077][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  103.408267][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  103.418529][   T35] bond0 (unregistering): Released all slaves
[  103.531139][   T35] hsr_slave_0: left promiscuous mode
[  103.537836][   T35] hsr_slave_1: left promiscuous mode
[  103.543925][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  103.556203][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  103.564912][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  103.576575][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  103.598475][   T35] veth1_macvtap: left promiscuous mode
[  103.604622][   T35] veth0_macvtap: left promiscuous mode
[  103.612151][   T35] veth1_vlan: left promiscuous mode
[  103.617917][   T35] veth0_vlan: left promiscuous mode
[  104.063977][   T35] team0 (unregistering): Port device team_slave_1 removed
[  104.106265][   T35] team0 (unregistering): Port device team_slave_0 removed
[  104.528372][   T54] Bluetooth: hci0: command tx timeout
[  104.712948][ T5944] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  104.732423][ T5944] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  104.748309][ T5944] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  104.759913][ T5944] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  104.859141][ T5944] 8021q: adding VLAN 0 to HW filter on device bond0
[  104.920760][ T5944] 8021q: adding VLAN 0 to HW filter on device team0
[  104.945207][ T2891] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.952403][ T2891] bridge0: port 1(bridge_slave_0) entered forwarding state
[  104.988321][ T2891] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.995469][ T2891] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.024723][ T5944] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  105.036104][ T5944] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  105.246144][ T5944] 8021q: adding VLAN 0 to HW filter on device batadv0
[  105.300468][ T5944] veth0_vlan: entered promiscuous mode
[  105.315134][ T5944] veth1_vlan: entered promiscuous mode
[  105.354931][ T5944] veth0_macvtap: entered promiscuous mode
[  105.371108][ T5944] veth1_macvtap: entered promiscuous mode
[  105.398004][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_0
[  105.416360][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_1
[  105.430003][ T5944] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  105.440431][ T5944] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  105.451498][ T5944] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  105.461335][ T5944] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  105.557301][   T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.565202][   T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.609583][ T2891] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.617885][ T2891] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/02/18 07:46:33 executed programs: 2
[  106.605933][   T54] Bluetooth: hci0: command tx timeout
[  108.687015][   T54] Bluetooth: hci0: command tx timeout
2025/02/18 07:46:38 executed programs: 232
2025/02/18 07:46:43 executed programs: 475
[  118.446775][ T5869] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  118.455765][ T5869] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  118.464799][ T5869] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  118.473890][ T5869] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  118.483677][ T5869] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  118.492037][ T5869] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  118.609334][   T63] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.653082][ T6643] chnl_net:caif_netlink_parms(): no params data found
[  118.675113][   T63] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.734878][   T63] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.758613][ T6643] bridge0: port 1(bridge_slave_0) entered blocking state
[  118.765949][ T6643] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.773120][ T6643] bridge_slave_0: entered allmulticast mode
[  118.780166][ T6643] bridge_slave_0: entered promiscuous mode
[  118.788534][ T6643] bridge0: port 2(bridge_slave_1) entered blocking state
[  118.795824][ T6643] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.803013][ T6643] bridge_slave_1: entered allmulticast mode
[  118.810618][ T6643] bridge_slave_1: entered promiscuous mode
[  118.837800][   T63] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.863712][ T6643] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  118.874969][ T6643] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  118.908432][ T6643] team0: Port device team_slave_0 added
[  118.918044][ T6643] team0: Port device team_slave_1 added
[  118.949803][ T6643] batman_adv: batadv0: Adding interface: batadv_slave_0
[  118.956884][ T6643] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  118.983462][ T6643] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  118.996841][ T6643] batman_adv: batadv0: Adding interface: batadv_slave_1
[  119.003830][ T6643] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  119.030691][ T6643] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  119.088822][   T63] bridge_slave_1: left allmulticast mode
[  119.094562][   T63] bridge_slave_1: left promiscuous mode
[  119.102700][   T63] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.111833][   T63] bridge_slave_0: left allmulticast mode
[  119.118139][   T63] bridge_slave_0: left promiscuous mode
[  119.123854][   T63] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.403729][   T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  119.419362][   T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  119.430181][   T63] bond0 (unregistering): Released all slaves
[  119.461380][ T6643] hsr_slave_0: entered promiscuous mode
[  119.467880][ T6643] hsr_slave_1: entered promiscuous mode
[  119.715050][   T63] hsr_slave_0: left promiscuous mode
[  119.721765][   T63] hsr_slave_1: left promiscuous mode
[  119.733405][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  119.742409][   T63] batman_adv: batadv0: Removing interface: batadv_slave_0
[  119.751457][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  119.759364][   T63] batman_adv: batadv0: Removing interface: batadv_slave_1
[  119.782604][   T63] veth1_macvtap: left promiscuous mode
[  119.788413][   T63] veth0_macvtap: left promiscuous mode
[  119.795248][   T63] veth1_vlan: left promiscuous mode
[  119.801457][   T63] veth0_vlan: left promiscuous mode
[  120.238975][   T63] team0 (unregistering): Port device team_slave_1 removed
[  120.270782][   T63] team0 (unregistering): Port device team_slave_0 removed
[  120.528403][   T54] Bluetooth: hci1: command tx timeout
[  120.773154][ T6643] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  120.785233][ T6643] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  120.805031][ T6643] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  120.822902][ T6643] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  120.923704][ T6643] 8021q: adding VLAN 0 to HW filter on device bond0
[  120.941824][ T6643] 8021q: adding VLAN 0 to HW filter on device team0
[  120.956370][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.963498][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  120.978825][   T63] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.986034][   T63] bridge0: port 2(bridge_slave_1) entered forwarding state
[  121.232656][ T6643] 8021q: adding VLAN 0 to HW filter on device batadv0
[  121.291156][ T6643] veth0_vlan: entered promiscuous mode
[  121.306840][ T6643] veth1_vlan: entered promiscuous mode
[  121.335233][ T6643] veth0_macvtap: entered promiscuous mode
[  121.346438][ T6643] veth1_macvtap: entered promiscuous mode
[  121.369406][ T6643] batman_adv: batadv0: Interface activated: batadv_slave_0
[  121.385192][ T6643] batman_adv: batadv0: Interface activated: batadv_slave_1
[  121.399138][ T6643] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  121.411276][ T6643] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  121.420784][ T6643] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  121.431727][ T6643] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  121.527913][ T2891] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.544138][ T2891] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.581932][   T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.591681][   T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/02/18 07:46:49 executed programs: 602
[  121.699595][ T6700] ==================================================================
[  121.707721][ T6700] BUG: KASAN: slab-use-after-free in force_devcd_write+0x317/0x330
[  121.715665][ T6700] Read of size 8 at addr ffff8880294fa800 by task syz.0.616/6700
[  121.723401][ T6700] 
[  121.725764][ T6700] CPU: 0 UID: 0 PID: 6700 Comm: syz.0.616 Not tainted 6.14.0-rc3-syzkaller-00012-g2408a807bfc3 #0
[  121.725799][ T6700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  121.725821][ T6700] Call Trace:
[  121.725830][ T6700]  <TASK>
[  121.725845][ T6700]  dump_stack_lvl+0x116/0x1f0
[  121.725891][ T6700]  print_report+0xc3/0x620
[  121.725942][ T6700]  ? __virt_addr_valid+0x5e/0x590
[  121.725977][ T6700]  ? __phys_addr+0xc6/0x150
[  121.726003][ T6700]  kasan_report+0xd9/0x110
[  121.726025][ T6700]  ? force_devcd_write+0x317/0x330
[  121.726060][ T6700]  ? force_devcd_write+0x317/0x330
[  121.726096][ T6700]  force_devcd_write+0x317/0x330
[  121.726128][ T6700]  ? __pfx_force_devcd_write+0x10/0x10
[  121.726162][ T6700]  ? __debugfs_file_get+0x1ff/0x850
[  121.726196][ T6700]  ? __pfx___debugfs_file_get+0x10/0x10
[  121.726230][ T6700]  ? rcu_is_watching+0x12/0xc0
[  121.726257][ T6700]  ? trace_lock_acquire+0x14e/0x1f0
[  121.726290][ T6700]  full_proxy_write+0x13c/0x200
[  121.726324][ T6700]  ? __pfx_full_proxy_write+0x10/0x10
[  121.726357][ T6700]  vfs_write+0x24c/0x1150
[  121.726397][ T6700]  ? __pfx_vfs_write+0x10/0x10
[  121.726431][ T6700]  ? do_futex+0x123/0x350
[  121.726462][ T6700]  ? __pfx_do_futex+0x10/0x10
[  121.726497][ T6700]  ? __x64_sys_futex+0x1e1/0x4c0
[  121.726529][ T6700]  ? __x64_sys_futex+0x1ea/0x4c0
[  121.726562][ T6700]  ksys_write+0x12b/0x250
[  121.726598][ T6700]  ? __pfx_ksys_write+0x10/0x10
[  121.726638][ T6700]  do_syscall_64+0xcd/0x250
[  121.726672][ T6700]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.726709][ T6700] RIP: 0033:0x7fad0fb8cde9
[  121.726734][ T6700] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  121.726763][ T6700] RSP: 002b:00007ffd14f493d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  121.726811][ T6700] RAX: ffffffffffffffda RBX: 00007fad0fda5fa0 RCX: 00007fad0fb8cde9
[  121.726828][ T6700] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  121.726844][ T6700] RBP: 00007fad0fc0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  121.726859][ T6700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  121.726874][ T6700] R13: 00007fad0fda5fa0 R14: 00007fad0fda5fa0 R15: 0000000000000003
[  121.726898][ T6700]  </TASK>
[  121.726906][ T6700] 
[  121.953632][ T6700] Allocated by task 5944:
[  121.957975][ T6700]  kasan_save_stack+0x33/0x60
[  121.962692][ T6700]  kasan_save_track+0x14/0x30
[  121.967403][ T6700]  __kasan_kmalloc+0xaa/0xb0
[  121.972028][ T6700]  vhci_open+0x4c/0x430
[  121.976307][ T6700]  misc_open+0x35a/0x420
[  121.980567][ T6700]  chrdev_open+0x237/0x6a0
[  121.985017][ T6700]  do_dentry_open+0x735/0x1c40
[  121.989820][ T6700]  vfs_open+0x82/0x3f0
[  121.993907][ T6700]  path_openat+0x1e88/0x2d80
[  121.998536][ T6700]  do_filp_open+0x20c/0x470
[  122.003075][ T6700]  do_sys_openat2+0x17a/0x1e0
[  122.007775][ T6700]  __x64_sys_openat+0x175/0x210
[  122.012650][ T6700]  do_syscall_64+0xcd/0x250
[  122.017183][ T6700]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.023107][ T6700] 
[  122.025444][ T6700] Freed by task 5944:
[  122.029447][ T6700]  kasan_save_stack+0x33/0x60
[  122.034161][ T6700]  kasan_save_track+0x14/0x30
[  122.038869][ T6700]  kasan_save_free_info+0x3b/0x60
[  122.043934][ T6700]  __kasan_slab_free+0x51/0x70
[  122.048732][ T6700]  kfree+0x2c4/0x4d0
[  122.052653][ T6700]  vhci_release+0xbb/0xf0
[  122.057005][ T6700]  __fput+0x3ff/0xb70
[  122.061004][ T6700]  task_work_run+0x14e/0x250
[  122.065622][ T6700]  do_exit+0xad8/0x2d70
[  122.069795][ T6700]  do_group_exit+0xd3/0x2a0
[  122.074318][ T6700]  get_signal+0x24ed/0x26c0
[  122.078908][ T6700]  arch_do_signal_or_restart+0x90/0x7e0
[  122.084483][ T6700]  syscall_exit_to_user_mode+0x150/0x2a0
[  122.090143][ T6700]  do_syscall_64+0xda/0x250
[  122.094759][ T6700]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.100682][ T6700] 
[  122.103017][ T6700] The buggy address belongs to the object at ffff8880294fa800
[  122.103017][ T6700]  which belongs to the cache kmalloc-1k of size 1024
[  122.117090][ T6700] The buggy address is located 0 bytes inside of
[  122.117090][ T6700]  freed 1024-byte region [ffff8880294fa800, ffff8880294fac00)
[  122.130826][ T6700] 
[  122.133159][ T6700] The buggy address belongs to the physical page:
[  122.139599][ T6700] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x294f8
[  122.148381][ T6700] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  122.156892][ T6700] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  122.164561][ T6700] page_type: f5(slab)
[  122.169003][ T6700] raw: 00fff00000000040 ffff88801b041dc0 dead000000000100 dead000000000122
[  122.177605][ T6700] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  122.186208][ T6700] head: 00fff00000000040 ffff88801b041dc0 dead000000000100 dead000000000122
[  122.194895][ T6700] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  122.203586][ T6700] head: 00fff00000000003 ffffea0000a53e01 ffffffffffffffff 0000000000000000
[  122.212276][ T6700] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  122.220953][ T6700] page dumped because: kasan: bad access detected
[  122.227388][ T6700] page_owner tracks the page as allocated
[  122.233108][ T6700] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 35, tgid 35 (kworker/u8:2), ts 99874371587, free_ts 99859503721
[  122.253543][ T6700]  post_alloc_hook+0x181/0x1b0
[  122.258371][ T6700]  get_page_from_freelist+0xfce/0x2f80
[  122.263868][ T6700]  __alloc_frozen_pages_noprof+0x221/0x2470
[  122.269803][ T6700]  alloc_pages_mpol+0x1fc/0x540
[  122.274687][ T6700]  new_slab+0x23d/0x330
[  122.278898][ T6700]  ___slab_alloc+0xc5d/0x1720
[  122.283651][ T6700]  __slab_alloc.constprop.0+0x56/0xb0
[  122.289083][ T6700]  __kmalloc_node_track_caller_noprof+0x2f1/0x510
[  122.295542][ T6700]  kmalloc_reserve+0xef/0x2c0
[  122.300262][ T6700]  __alloc_skb+0x164/0x380
[  122.304708][ T6700]  inet6_rt_notify+0xc7/0x260
[  122.309418][ T6700]  fib6_del+0xf56/0x1760
[  122.313677][ T6700]  fib6_clean_node+0x426/0x5b0
[  122.318466][ T6700]  fib6_walk_continue+0x44f/0x8d0
[  122.323522][ T6700]  fib6_walk+0x182/0x370
[  122.327799][ T6700]  fib6_clean_tree+0xd7/0x120
[  122.332510][ T6700] page last free pid 5939 tgid 5939 stack trace:
[  122.338973][ T6700]  free_frozen_pages+0x6db/0xfb0
[  122.343944][ T6700]  __put_partials+0x14c/0x170
[  122.348656][ T6700]  qlist_free_all+0x4e/0x120
[  122.353371][ T6700]  kasan_quarantine_reduce+0x195/0x1e0
[  122.358860][ T6700]  __kasan_slab_alloc+0x69/0x90
[  122.363740][ T6700]  kmem_cache_alloc_noprof+0x226/0x3d0
[  122.369232][ T6700]  vm_area_dup+0x21/0x2f0
[  122.373593][ T6700]  copy_process+0x776f/0x8c50
[  122.378284][ T6700]  kernel_clone+0xfd/0x960
[  122.382716][ T6700]  __do_sys_clone+0xcf/0x120
[  122.387319][ T6700]  do_syscall_64+0xcd/0x250
[  122.391847][ T6700]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.397771][ T6700] 
[  122.400103][ T6700] Memory state around the buggy address:
[  122.405745][ T6700]  ffff8880294fa700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  122.413821][ T6700]  ffff8880294fa780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  122.421898][ T6700] >ffff8880294fa800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  122.429971][ T6700]                    ^
[  122.434049][ T6700]  ffff8880294fa880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  122.442140][ T6700]  ffff8880294fa900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  122.450211][ T6700] ==================================================================
[  122.482807][ T6700] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  122.490074][ T6700] CPU: 0 UID: 0 PID: 6700 Comm: syz.0.616 Not tainted 6.14.0-rc3-syzkaller-00012-g2408a807bfc3 #0
[  122.500721][ T6700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  122.510823][ T6700] Call Trace:
[  122.514124][ T6700]  <TASK>
[  122.517070][ T6700]  dump_stack_lvl+0x3d/0x1f0
[  122.521699][ T6700]  panic+0x71d/0x800
[  122.525626][ T6700]  ? __pfx_panic+0x10/0x10
[  122.530084][ T6700]  ? preempt_schedule_thunk+0x1a/0x30
[  122.535494][ T6700]  ? preempt_schedule_common+0x44/0xc0
[  122.540998][ T6700]  ? check_panic_on_warn+0x1f/0xb0
[  122.546153][ T6700]  check_panic_on_warn+0xab/0xb0
[  122.551129][ T6700]  end_report+0x117/0x180
[  122.555498][ T6700]  kasan_report+0xe9/0x110
[  122.559947][ T6700]  ? force_devcd_write+0x317/0x330
[  122.565087][ T6700]  ? force_devcd_write+0x317/0x330
[  122.570231][ T6700]  force_devcd_write+0x317/0x330
[  122.575197][ T6700]  ? __pfx_force_devcd_write+0x10/0x10
[  122.580687][ T6700]  ? __debugfs_file_get+0x1ff/0x850
[  122.585920][ T6700]  ? __pfx___debugfs_file_get+0x10/0x10
[  122.591542][ T6700]  ? rcu_is_watching+0x12/0xc0
[  122.596334][ T6700]  ? trace_lock_acquire+0x14e/0x1f0
[  122.601562][ T6700]  full_proxy_write+0x13c/0x200
[  122.606467][ T6700]  ? __pfx_full_proxy_write+0x10/0x10
[  122.611871][ T6700]  vfs_write+0x24c/0x1150
[  122.616237][ T6700]  ? __pfx_vfs_write+0x10/0x10
[  122.621032][ T6700]  ? do_futex+0x123/0x350
[  122.625393][ T6700]  ? __pfx_do_futex+0x10/0x10
[  122.630109][ T6700]  ? __x64_sys_futex+0x1e1/0x4c0
[  122.635071][ T6700]  ? __x64_sys_futex+0x1ea/0x4c0
[  122.640046][ T6700]  ksys_write+0x12b/0x250
[  122.644412][ T6700]  ? __pfx_ksys_write+0x10/0x10
[  122.649301][ T6700]  do_syscall_64+0xcd/0x250
[  122.653836][ T6700]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.659766][ T6700] RIP: 0033:0x7fad0fb8cde9
[  122.664199][ T6700] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  122.683834][ T6700] RSP: 002b:00007ffd14f493d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  122.692278][ T6700] RAX: ffffffffffffffda RBX: 00007fad0fda5fa0 RCX: 00007fad0fb8cde9
[  122.700272][ T6700] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  122.708266][ T6700] RBP: 00007fad0fc0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  122.716256][ T6700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  122.724252][ T6700] R13: 00007fad0fda5fa0 R14: 00007fad0fda5fa0 R15: 0000000000000003
[  122.732248][ T6700]  </TASK>
[  122.735577][ T6700] Kernel Offset: disabled
[  122.739915][ T6700] Rebooting in 86400 seconds..