Warning: Permanently added '10.128.0.124' (ED25519) to the list of known hosts.
[   87.952822][ T4584] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   87.962130][ T4584] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   87.995308][ T1165] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.009217][ T1165] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   88.047636][ T1165] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.055500][ T1165] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   88.083755][ T4584] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.092182][ T4584] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   88.121811][ T1165] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.129991][ T4584] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.134288][ T1165] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   88.145868][ T4584] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
executing program
[   88.183885][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.209413][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
executing program
executing program
executing program
[   88.260696][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.279032][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   88.371899][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.386198][ T4584] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.399466][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   88.409386][ T4584] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   88.459441][ T5842] ==================================================================
[   88.467553][ T5842] BUG: KASAN: slab-use-after-free in binder_add_device+0x6b/0xb0
[   88.475326][ T5842] Write of size 8 at addr ffff88807c490c08 by task syz-executor353/5842
[   88.483677][ T5842] 
[   88.486044][ T5842] CPU: 1 UID: 0 PID: 5842 Comm: syz-executor353 Not tainted 6.15.0-rc7-next-20250523-syzkaller #0 PREEMPT(full) 
[   88.486071][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   88.486091][ T5842] Call Trace:
[   88.486100][ T5842]  <TASK>
[   88.486108][ T5842]  dump_stack_lvl+0x189/0x250
[   88.486131][ T5842]  ? __virt_addr_valid+0x1c8/0x5c0
[   88.486154][ T5842]  ? rcu_is_watching+0x15/0xb0
[   88.486171][ T5842]  ? __kasan_check_byte+0x12/0x40
[   88.486197][ T5842]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.486215][ T5842]  ? rcu_is_watching+0x15/0xb0
[   88.486233][ T5842]  ? lock_release+0x4b/0x3e0
[   88.486263][ T5842]  ? __virt_addr_valid+0x1c8/0x5c0
[   88.486284][ T5842]  ? __virt_addr_valid+0x4a5/0x5c0
[   88.486304][ T5842]  print_report+0xd2/0x2b0
[   88.486331][ T5842]  ? binder_add_device+0x6b/0xb0
[   88.486349][ T5842]  kasan_report+0x118/0x150
[   88.486372][ T5842]  ? binder_add_device+0x6b/0xb0
[   88.486394][ T5842]  binder_add_device+0x6b/0xb0
[   88.486413][ T5842]  binderfs_binder_device_create+0x9e7/0xc40
[   88.486452][ T5842]  ? __pfx_binderfs_binder_device_create+0x10/0x10
[   88.486487][ T5842]  ? do_raw_spin_unlock+0x122/0x240
[   88.486515][ T5842]  binderfs_fill_super+0xa0e/0xe90
[   88.486551][ T5842]  ? __pfx_binderfs_fill_super+0x10/0x10
[   88.486594][ T5842]  ? shrinker_register+0x16b/0x230
[   88.486622][ T5842]  ? sget_fc+0x962/0xa40
[   88.486652][ T5842]  ? __pfx_set_anon_super_fc+0x10/0x10
[   88.486683][ T5842]  ? __pfx_binderfs_fill_super+0x10/0x10
[   88.486715][ T5842]  get_tree_nodev+0xbb/0x150
[   88.486749][ T5842]  vfs_get_tree+0x92/0x2b0
[   88.486771][ T5842]  do_new_mount+0x24a/0xa40
[   88.486797][ T5842]  __se_sys_mount+0x317/0x410
[   88.486824][ T5842]  ? __pfx___se_sys_mount+0x10/0x10
[   88.486846][ T5842]  ? rcu_is_watching+0x15/0xb0
[   88.486867][ T5842]  ? do_syscall_64+0xbe/0x3b0
[   88.486898][ T5842]  ? __x64_sys_mount+0x20/0xc0
[   88.486922][ T5842]  do_syscall_64+0xfa/0x3b0
[   88.486946][ T5842]  ? lockdep_hardirqs_on+0x9c/0x150
[   88.486969][ T5842]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.486989][ T5842]  ? clear_bhb_loop+0x60/0xb0
[   88.487012][ T5842]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.487041][ T5842] RIP: 0033:0x7fde35b2b93a
[   88.487073][ T5842] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 9e 06 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   88.487091][ T5842] RSP: 002b:00007ffe02f84878 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   88.487113][ T5842] RAX: ffffffffffffffda RBX: 00007fde35b76038 RCX: 00007fde35b2b93a
[   88.487128][ T5842] RDX: 00007fde35b761db RSI: 00007fde35b76038 RDI: 00007fde35b761db
[   88.487143][ T5842] RBP: 00007fde35b761ab R08: 0000000000000000 R09: 0000000000000000
[   88.487156][ T5842] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fde35b76113
[   88.487169][ T5842] R13: 0000000000000003 R14: 00007fde35bad160 R15: 00007ffe02f848ba
[   88.487192][ T5842]  </TASK>
[   88.487200][ T5842] 
[   88.773362][ T5842] Allocated by task 5840:
[   88.777697][ T5842]  kasan_save_track+0x3e/0x80
[   88.782392][ T5842]  __kasan_kmalloc+0x93/0xb0
[   88.786996][ T5842]  __kmalloc_cache_noprof+0x230/0x3d0
[   88.792386][ T5842]  binderfs_binder_device_create+0x1eb/0xc40
[   88.798465][ T5842]  binderfs_fill_super+0xa0e/0xe90
[   88.803608][ T5842]  get_tree_nodev+0xbb/0x150
[   88.808216][ T5842]  vfs_get_tree+0x92/0x2b0
[   88.812634][ T5842]  do_new_mount+0x24a/0xa40
[   88.817135][ T5842]  __se_sys_mount+0x317/0x410
[   88.821815][ T5842]  do_syscall_64+0xfa/0x3b0
[   88.826319][ T5842]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.832214][ T5842] 
[   88.834530][ T5842] Freed by task 10:
[   88.838328][ T5842]  kasan_save_track+0x3e/0x80
[   88.843010][ T5842]  kasan_save_free_info+0x46/0x50
[   88.848036][ T5842]  __kasan_slab_free+0x62/0x70
[   88.852803][ T5842]  kfree+0x18e/0x440
[   88.856698][ T5842]  binder_proc_dec_tmpref+0x228/0x4f0
[   88.862074][ T5842]  binder_deferred_func+0x13a5/0x1520
[   88.867446][ T5842]  process_scheduled_works+0xade/0x17b0
[   88.872999][ T5842]  worker_thread+0x8a0/0xda0
[   88.877688][ T5842]  kthread+0x711/0x8a0
[   88.881766][ T5842]  ret_from_fork+0x3fc/0x770
[   88.886356][ T5842]  ret_from_fork_asm+0x1a/0x30
[   88.891117][ T5842] 
[   88.893442][ T5842] The buggy address belongs to the object at ffff88807c490c00
[   88.893442][ T5842]  which belongs to the cache kmalloc-512 of size 512
[   88.907492][ T5842] The buggy address is located 8 bytes inside of
[   88.907492][ T5842]  freed 512-byte region [ffff88807c490c00, ffff88807c490e00)
[   88.921113][ T5842] 
[   88.923435][ T5842] The buggy address belongs to the physical page:
[   88.929842][ T5842] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807c493c00 pfn:0x7c490
[   88.939932][ T5842] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   88.948438][ T5842] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   88.956419][ T5842] page_type: f5(slab)
[   88.960394][ T5842] raw: 00fff00000000040 ffff88801a441c80 0000000000000000 0000000000000001
[   88.969066][ T5842] raw: ffff88807c493c00 000000000010000e 00000000f5000000 0000000000000000
[   88.977646][ T5842] head: 00fff00000000040 ffff88801a441c80 0000000000000000 0000000000000001
[   88.986313][ T5842] head: ffff88807c493c00 000000000010000e 00000000f5000000 0000000000000000
[   88.995005][ T5842] head: 00fff00000000002 ffffea0001f12401 00000000ffffffff 00000000ffffffff
[   89.003671][ T5842] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   89.012337][ T5842] page dumped because: kasan: bad access detected
[   89.018751][ T5842] page_owner tracks the page as allocated
[   89.024470][ T5842] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5501, tgid 5501 (dhcpcd), ts 54294551314, free_ts 54049120956
[   89.044522][ T5842]  post_alloc_hook+0x240/0x2a0
[   89.049288][ T5842]  get_page_from_freelist+0x21e4/0x22c0
[   89.054833][ T5842]  __alloc_frozen_pages_noprof+0x181/0x370
[   89.060637][ T5842]  alloc_pages_mpol+0x232/0x4a0
[   89.065494][ T5842]  allocate_slab+0x8a/0x3b0
[   89.069994][ T5842]  ___slab_alloc+0xbfc/0x1480
[   89.074667][ T5842]  __kmalloc_noprof+0x305/0x4f0
[   89.079510][ T5842]  tomoyo_init_log+0x1a6e/0x1f70
[   89.084438][ T5842]  tomoyo_supervisor+0x340/0x1480
[   89.089469][ T5842]  tomoyo_path_permission+0x25a/0x380
[   89.094839][ T5842]  tomoyo_path_perm+0x392/0x4b0
[   89.099693][ T5842]  security_inode_getattr+0x12f/0x330
[   89.105058][ T5842]  vfs_statx+0x18e/0x550
[   89.109297][ T5842]  vfs_fstatat+0x118/0x170
[   89.113706][ T5842]  __x64_sys_newfstatat+0x116/0x190
[   89.118900][ T5842]  do_syscall_64+0xfa/0x3b0
[   89.123397][ T5842] page last free pid 5495 tgid 5495 stack trace:
[   89.129710][ T5842]  __free_frozen_pages+0xc71/0xe70
[   89.134820][ T5842]  stack_depot_save_flags+0x445/0x900
[   89.140190][ T5842]  kasan_save_track+0x4f/0x80
[   89.144865][ T5842]  __kasan_slab_alloc+0x6c/0x80
[   89.149705][ T5842]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[   89.155155][ T5842]  sk_prot_alloc+0x57/0x220
[   89.159671][ T5842]  sk_alloc+0x3a/0x370
[   89.163736][ T5842]  inet_create+0x76b/0x1000
[   89.168252][ T5842]  __sock_create+0x4b3/0x9f0
[   89.172842][ T5842]  __sys_socket+0xd7/0x1b0
[   89.177254][ T5842]  __x64_sys_socket+0x7a/0x90
[   89.181936][ T5842]  do_syscall_64+0xfa/0x3b0
[   89.186445][ T5842]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.192330][ T5842] 
[   89.194644][ T5842] Memory state around the buggy address:
[   89.200267][ T5842]  ffff88807c490b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   89.208335][ T5842]  ffff88807c490b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   89.216393][ T5842] >ffff88807c490c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   89.224447][ T5842]                       ^
[   89.228768][ T5842]  ffff88807c490c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   89.236840][ T5842]  ffff88807c490d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   89.244905][ T5842] ==================================================================
[   89.254476][ T5842] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   89.261690][ T5842] CPU: 1 UID: 0 PID: 5842 Comm: syz-executor353 Not tainted 6.15.0-rc7-next-20250523-syzkaller #0 PREEMPT(full) 
[   89.273567][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   89.283613][ T5842] Call Trace:
[   89.286904][ T5842]  <TASK>
[   89.289843][ T5842]  dump_stack_lvl+0x99/0x250
[   89.294427][ T5842]  ? __asan_memcpy+0x40/0x70
[   89.299020][ T5842]  ? __pfx_dump_stack_lvl+0x10/0x10
[   89.304221][ T5842]  ? __pfx__printk+0x10/0x10
[   89.308814][ T5842]  panic+0x2db/0x790
[   89.312726][ T5842]  ? __pfx_panic+0x10/0x10
[   89.317166][ T5842]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[   89.323062][ T5842]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   89.328966][ T5842]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   89.335289][ T5842]  ? print_memory_metadata+0x314/0x400
[   89.340754][ T5842]  ? binder_add_device+0x6b/0xb0
[   89.345690][ T5842]  check_panic_on_warn+0x89/0xb0
[   89.350630][ T5842]  ? binder_add_device+0x6b/0xb0
[   89.355561][ T5842]  end_report+0x78/0x160
[   89.359797][ T5842]  kasan_report+0x129/0x150
[   89.364301][ T5842]  ? binder_add_device+0x6b/0xb0
[   89.369237][ T5842]  binder_add_device+0x6b/0xb0
[   89.373994][ T5842]  binderfs_binder_device_create+0x9e7/0xc40
[   89.379985][ T5842]  ? __pfx_binderfs_binder_device_create+0x10/0x10
[   89.386489][ T5842]  ? do_raw_spin_unlock+0x122/0x240
[   89.391690][ T5842]  binderfs_fill_super+0xa0e/0xe90
[   89.396810][ T5842]  ? __pfx_binderfs_fill_super+0x10/0x10
[   89.402459][ T5842]  ? shrinker_register+0x16b/0x230
[   89.407573][ T5842]  ? sget_fc+0x962/0xa40
[   89.411822][ T5842]  ? __pfx_set_anon_super_fc+0x10/0x10
[   89.417288][ T5842]  ? __pfx_binderfs_fill_super+0x10/0x10
[   89.422974][ T5842]  get_tree_nodev+0xbb/0x150
[   89.427571][ T5842]  vfs_get_tree+0x92/0x2b0
[   89.431988][ T5842]  do_new_mount+0x24a/0xa40
[   89.436496][ T5842]  __se_sys_mount+0x317/0x410
[   89.441180][ T5842]  ? __pfx___se_sys_mount+0x10/0x10
[   89.446376][ T5842]  ? rcu_is_watching+0x15/0xb0
[   89.451149][ T5842]  ? do_syscall_64+0xbe/0x3b0
[   89.455824][ T5842]  ? __x64_sys_mount+0x20/0xc0
[   89.460585][ T5842]  do_syscall_64+0xfa/0x3b0
[   89.465086][ T5842]  ? lockdep_hardirqs_on+0x9c/0x150
[   89.470277][ T5842]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.476336][ T5842]  ? clear_bhb_loop+0x60/0xb0
[   89.481016][ T5842]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.486902][ T5842] RIP: 0033:0x7fde35b2b93a
[   89.491315][ T5842] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 9e 06 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   89.510907][ T5842] RSP: 002b:00007ffe02f84878 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   89.519316][ T5842] RAX: ffffffffffffffda RBX: 00007fde35b76038 RCX: 00007fde35b2b93a
[   89.527286][ T5842] RDX: 00007fde35b761db RSI: 00007fde35b76038 RDI: 00007fde35b761db
[   89.535255][ T5842] RBP: 00007fde35b761ab R08: 0000000000000000 R09: 0000000000000000
[   89.543218][ T5842] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fde35b76113
[   89.551184][ T5842] R13: 0000000000000003 R14: 00007fde35bad160 R15: 00007ffe02f848ba
[   89.559256][ T5842]  </TASK>
[   89.562632][ T5842] Kernel Offset: disabled
[   89.566964][ T5842] Rebooting in 86400 seconds..