Warning: Permanently added '10.128.0.72' (ED25519) to the list of known hosts.
2025/01/13 16:17:17 ignoring optional flag "sandboxArg"="0"
2025/01/13 16:17:17 parsed 1 programs
[  260.836935][ T5851] cgroup: Unknown subsys name 'net'
[  260.965452][ T5851] cgroup: Unknown subsys name 'cpuset'
[  260.973903][ T5851] cgroup: Unknown subsys name 'rlimit'
[  262.338573][ T5851] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  264.766673][ T5860] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  265.627575][ T5881] chnl_net:caif_netlink_parms(): no params data found
[  265.706243][ T5881] bridge0: port 1(bridge_slave_0) entered blocking state
[  265.713673][ T5881] bridge0: port 1(bridge_slave_0) entered disabled state
[  265.720860][ T5881] bridge_slave_0: entered allmulticast mode
[  265.728273][ T5881] bridge_slave_0: entered promiscuous mode
[  265.737054][ T5881] bridge0: port 2(bridge_slave_1) entered blocking state
[  265.744503][ T5881] bridge0: port 2(bridge_slave_1) entered disabled state
[  265.751584][ T5881] bridge_slave_1: entered allmulticast mode
[  265.758408][ T5881] bridge_slave_1: entered promiscuous mode
[  265.781843][ T5881] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  265.793294][ T5881] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  265.816826][ T5881] team0: Port device team_slave_0 added
[  265.825304][ T5881] team0: Port device team_slave_1 added
[  265.864622][ T5881] batman_adv: batadv0: Adding interface: batadv_slave_0
[  265.871713][ T5881] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  265.897655][ T5881] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  265.911886][ T5881] batman_adv: batadv0: Adding interface: batadv_slave_1
[  265.918898][ T5881] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  265.945275][ T5881] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  265.981206][ T5881] hsr_slave_0: entered promiscuous mode
[  265.987775][ T5881] hsr_slave_1: entered promiscuous mode
[  266.092059][ T5881] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  266.103985][ T5881] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  266.113350][ T5881] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  266.122180][ T5881] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  266.145489][ T5881] bridge0: port 2(bridge_slave_1) entered blocking state
[  266.152710][ T5881] bridge0: port 2(bridge_slave_1) entered forwarding state
[  266.160262][ T5881] bridge0: port 1(bridge_slave_0) entered blocking state
[  266.167391][ T5881] bridge0: port 1(bridge_slave_0) entered forwarding state
[  266.210452][ T5881] 8021q: adding VLAN 0 to HW filter on device bond0
[  266.227151][ T2916] bridge0: port 1(bridge_slave_0) entered disabled state
[  266.238216][ T2916] bridge0: port 2(bridge_slave_1) entered disabled state
[  266.254158][ T5881] 8021q: adding VLAN 0 to HW filter on device team0
[  266.274888][ T1103] bridge0: port 1(bridge_slave_0) entered blocking state
[  266.282030][ T1103] bridge0: port 1(bridge_slave_0) entered forwarding state
[  266.306441][ T1103] bridge0: port 2(bridge_slave_1) entered blocking state
[  266.313702][ T1103] bridge0: port 2(bridge_slave_1) entered forwarding state
[  266.502184][ T5881] 8021q: adding VLAN 0 to HW filter on device batadv0
[  266.549979][ T5881] veth0_vlan: entered promiscuous mode
[  266.564743][ T5881] veth1_vlan: entered promiscuous mode
[  266.600828][ T5881] veth0_macvtap: entered promiscuous mode
[  266.613816][ T5881] veth1_macvtap: entered promiscuous mode
[  266.634791][ T5881] batman_adv: batadv0: Interface activated: batadv_slave_0
[  266.649231][ T5881] batman_adv: batadv0: Interface activated: batadv_slave_1
[  266.664013][ T5881] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  266.674558][ T5881] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  266.685254][ T5881] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  266.695514][ T5881] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  266.847506][   T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  266.929392][   T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  266.986169][   T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  267.060049][   T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  267.196770][ T2916] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  267.204920][ T2916] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  267.231534][   T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  267.241134][   T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  268.531718][ T5935] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  268.543335][ T5935] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  268.551197][ T5935] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  268.560826][ T5935] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  268.568964][ T5935] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  268.578452][ T5935] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/01/13 16:17:28 executed programs: 0
[  269.152132][ T5935] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  269.161105][ T5935] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  269.168933][ T5935] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  269.177192][ T5935] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  269.185590][ T5935] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  269.193673][ T5935] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  269.293243][ T5946] chnl_net:caif_netlink_parms(): no params data found
[  269.339655][ T5946] bridge0: port 1(bridge_slave_0) entered blocking state
[  269.347102][ T5946] bridge0: port 1(bridge_slave_0) entered disabled state
[  269.355131][ T5946] bridge_slave_0: entered allmulticast mode
[  269.361731][ T5946] bridge_slave_0: entered promiscuous mode
[  269.370141][ T5946] bridge0: port 2(bridge_slave_1) entered blocking state
[  269.377398][ T5946] bridge0: port 2(bridge_slave_1) entered disabled state
[  269.384637][ T5946] bridge_slave_1: entered allmulticast mode
[  269.391299][ T5946] bridge_slave_1: entered promiscuous mode
[  269.412229][ T5946] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  269.423215][ T5946] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  269.447819][ T5946] team0: Port device team_slave_0 added
[  269.455978][ T5946] team0: Port device team_slave_1 added
[  269.476382][ T5946] batman_adv: batadv0: Adding interface: batadv_slave_0
[  269.483612][ T5946] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  269.510719][ T5946] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  269.524626][ T5946] batman_adv: batadv0: Adding interface: batadv_slave_1
[  269.531584][ T5946] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  269.557632][ T5946] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  269.595570][ T5946] hsr_slave_0: entered promiscuous mode
[  269.602012][ T5946] hsr_slave_1: entered promiscuous mode
[  269.608821][ T5946] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  269.616854][ T5946] Cannot create hsr debugfs directory
[  269.686611][   T11] bridge_slave_1: left allmulticast mode
[  269.692618][   T11] bridge_slave_1: left promiscuous mode
[  269.705615][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  269.720926][   T11] bridge_slave_0: left allmulticast mode
[  269.728722][   T11] bridge_slave_0: left promiscuous mode
[  269.734607][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  269.974743][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  269.985889][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  269.995933][   T11] bond0 (unregistering): Released all slaves
[  270.099308][   T11] hsr_slave_0: left promiscuous mode
[  270.105310][   T11] hsr_slave_1: left promiscuous mode
[  270.111164][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  270.119780][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  270.128417][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  270.136500][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  270.150769][   T11] veth1_macvtap: left promiscuous mode
[  270.156716][   T11] veth0_macvtap: left promiscuous mode
[  270.163786][   T11] veth1_vlan: left promiscuous mode
[  270.169136][   T11] veth0_vlan: left promiscuous mode
[  270.416288][   T11] team0 (unregistering): Port device team_slave_1 removed
[  270.441721][   T11] team0 (unregistering): Port device team_slave_0 removed
[  271.010057][ T5946] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  271.019665][ T5946] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  271.034461][ T5946] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  271.048423][ T5946] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  271.273682][ T5143] Bluetooth: hci0: command tx timeout
[  271.444701][ T5946] 8021q: adding VLAN 0 to HW filter on device bond0
[  271.474205][ T5946] 8021q: adding VLAN 0 to HW filter on device team0
[  271.485866][ T1103] bridge0: port 1(bridge_slave_0) entered blocking state
[  271.493086][ T1103] bridge0: port 1(bridge_slave_0) entered forwarding state
[  271.511307][ T1103] bridge0: port 2(bridge_slave_1) entered blocking state
[  271.518596][ T1103] bridge0: port 2(bridge_slave_1) entered forwarding state
[  271.768581][ T5946] 8021q: adding VLAN 0 to HW filter on device batadv0
[  271.807221][ T5946] veth0_vlan: entered promiscuous mode
[  271.838660][ T5946] veth1_vlan: entered promiscuous mode
[  271.867713][ T5946] veth0_macvtap: entered promiscuous mode
[  271.877567][ T5946] veth1_macvtap: entered promiscuous mode
[  271.896287][ T5946] batman_adv: batadv0: Interface activated: batadv_slave_0
[  271.909309][ T5946] batman_adv: batadv0: Interface activated: batadv_slave_1
[  271.927945][ T5946] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  271.939026][ T5946] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  271.948692][ T5946] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  271.958435][ T5946] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  272.026461][ T2916] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  272.039889][ T2916] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  272.065470][   T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  272.073490][   T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  273.352863][ T5143] Bluetooth: hci0: command tx timeout
2025/01/13 16:17:33 executed programs: 36
[  275.433766][ T5143] Bluetooth: hci0: command tx timeout
[  277.513879][ T5143] Bluetooth: hci0: command tx timeout
2025/01/13 16:17:38 executed programs: 131
2025/01/13 16:17:43 executed programs: 244
2025/01/13 16:17:48 executed programs: 361
2025/01/13 16:17:53 executed programs: 477
2025/01/13 16:17:58 executed programs: 593
[  299.746341][ T5935] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  299.760934][ T5935] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  299.776022][ T5935] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  299.784703][ T5935] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  299.792274][ T5935] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  299.800966][ T5935] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  299.891104][ T6589] chnl_net:caif_netlink_parms(): no params data found
[  299.934411][ T6589] bridge0: port 1(bridge_slave_0) entered blocking state
[  299.942005][ T6589] bridge0: port 1(bridge_slave_0) entered disabled state
[  299.949914][ T6589] bridge_slave_0: entered allmulticast mode
[  299.957044][ T6589] bridge_slave_0: entered promiscuous mode
[  299.967609][ T6589] bridge0: port 2(bridge_slave_1) entered blocking state
[  299.976743][ T6589] bridge0: port 2(bridge_slave_1) entered disabled state
[  299.984628][ T6589] bridge_slave_1: entered allmulticast mode
[  299.991163][ T6589] bridge_slave_1: entered promiscuous mode
[  300.020553][ T2916] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  300.043578][ T6589] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  300.054981][ T6589] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  300.085248][ T2916] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  300.098893][ T6589] team0: Port device team_slave_0 added
[  300.108577][ T6589] team0: Port device team_slave_1 added
[  300.125631][ T6589] batman_adv: batadv0: Adding interface: batadv_slave_0
[  300.132885][ T6589] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  300.160689][ T6589] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  300.180258][ T2916] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  300.195596][ T6589] batman_adv: batadv0: Adding interface: batadv_slave_1
[  300.202705][ T6589] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  300.228810][ T6589] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  300.254125][ T2916] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  300.283932][ T6589] hsr_slave_0: entered promiscuous mode
[  300.291877][ T6589] hsr_slave_1: entered promiscuous mode
[  300.382994][ T2916] bridge_slave_1: left allmulticast mode
[  300.388698][ T2916] bridge_slave_1: left promiscuous mode
[  300.395636][ T2916] bridge0: port 2(bridge_slave_1) entered disabled state
[  300.404262][ T2916] bridge_slave_0: left allmulticast mode
[  300.409987][ T2916] bridge_slave_0: left promiscuous mode
[  300.416190][ T2916] bridge0: port 1(bridge_slave_0) entered disabled state
[  300.625509][ T2916] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  300.637550][ T2916] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  300.648200][ T2916] bond0 (unregistering): Released all slaves
[  300.882425][ T2916] hsr_slave_0: left promiscuous mode
[  300.888769][ T2916] hsr_slave_1: left promiscuous mode
[  300.899251][ T2916] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  300.909078][ T2916] batman_adv: batadv0: Removing interface: batadv_slave_0
[  300.920703][ T2916] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  300.928444][ T2916] batman_adv: batadv0: Removing interface: batadv_slave_1
[  300.948996][ T2916] veth1_macvtap: left promiscuous mode
[  300.957117][ T2916] veth0_macvtap: left promiscuous mode
[  300.963696][ T2916] veth1_vlan: left promiscuous mode
[  300.969092][ T2916] veth0_vlan: left promiscuous mode
[  301.261343][ T2916] team0 (unregistering): Port device team_slave_1 removed
[  301.289615][ T2916] team0 (unregistering): Port device team_slave_0 removed
[  301.649335][ T6589] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  301.678304][ T6589] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  301.688986][ T6589] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  301.699589][ T6589] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  301.797769][ T6589] 8021q: adding VLAN 0 to HW filter on device bond0
[  301.828043][ T6589] 8021q: adding VLAN 0 to HW filter on device team0
[  301.834954][ T5935] Bluetooth: hci1: command tx timeout
[  301.847020][ T2916] bridge0: port 1(bridge_slave_0) entered blocking state
[  301.854771][ T2916] bridge0: port 1(bridge_slave_0) entered forwarding state
[  301.873626][ T2916] bridge0: port 2(bridge_slave_1) entered blocking state
[  301.880718][ T2916] bridge0: port 2(bridge_slave_1) entered forwarding state
[  301.910550][ T6589] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  301.921188][ T6589] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  302.024004][ T6589] 8021q: adding VLAN 0 to HW filter on device batadv0
[  302.054745][ T6589] veth0_vlan: entered promiscuous mode
[  302.064247][ T6589] veth1_vlan: entered promiscuous mode
[  302.088601][ T6589] veth0_macvtap: entered promiscuous mode
[  302.096819][ T6589] veth1_macvtap: entered promiscuous mode
[  302.113519][ T6589] batman_adv: batadv0: Interface activated: batadv_slave_0
[  302.125869][ T6589] batman_adv: batadv0: Interface activated: batadv_slave_1
[  302.136119][ T6589] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  302.144910][ T6589] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  302.153842][ T6589] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  302.162580][ T6589] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  302.208132][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  302.220058][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  302.240809][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  302.248893][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  302.306754][ T6631] ==================================================================
[  302.314843][ T6631] BUG: KASAN: slab-use-after-free in force_devcd_write+0x31f/0x350
[  302.322727][ T6631] Read of size 8 at addr ffff8880233c5000 by task syz.0.616/6631
[  302.330426][ T6631] 
[  302.332769][ T6631] CPU: 1 UID: 0 PID: 6631 Comm: syz.0.616 Not tainted 6.13.0-rc7-syzkaller #0
[  302.341598][ T6631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  302.351641][ T6631] Call Trace:
[  302.354907][ T6631]  <TASK>
[  302.357824][ T6631]  dump_stack_lvl+0x116/0x1f0
[  302.362492][ T6631]  print_report+0xc3/0x620
[  302.366901][ T6631]  ? __virt_addr_valid+0x5e/0x590
[  302.371928][ T6631]  ? __phys_addr+0xc6/0x150
[  302.376426][ T6631]  kasan_report+0xd9/0x110
[  302.380842][ T6631]  ? force_devcd_write+0x31f/0x350
[  302.385946][ T6631]  ? force_devcd_write+0x31f/0x350
[  302.391060][ T6631]  force_devcd_write+0x31f/0x350
[  302.395984][ T6631]  ? __pfx_force_devcd_write+0x10/0x10
[  302.401429][ T6631]  ? __debugfs_file_get+0x43d/0x5d0
[  302.406626][ T6631]  ? __pfx___debugfs_file_get+0x10/0x10
[  302.412166][ T6631]  ? rcu_is_watching+0x12/0xc0
[  302.416920][ T6631]  ? trace_lock_acquire+0x14e/0x1f0
[  302.422110][ T6631]  full_proxy_write+0xfd/0x1b0
[  302.426867][ T6631]  ? __pfx_full_proxy_write+0x10/0x10
[  302.432233][ T6631]  vfs_write+0x24c/0x1150
[  302.436557][ T6631]  ? __pfx_vfs_write+0x10/0x10
[  302.441308][ T6631]  ? do_futex+0x123/0x350
[  302.445629][ T6631]  ? __pfx_do_futex+0x10/0x10
[  302.450314][ T6631]  ? __x64_sys_futex+0x1e1/0x4c0
[  302.456390][ T6631]  ? __x64_sys_futex+0x1ea/0x4c0
[  302.461326][ T6631]  ksys_write+0x12b/0x250
[  302.465645][ T6631]  ? __pfx_ksys_write+0x10/0x10
[  302.470487][ T6631]  do_syscall_64+0xcd/0x250
[  302.474984][ T6631]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.480872][ T6631] RIP: 0033:0x7f73fa585d29
[  302.485277][ T6631] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  302.504880][ T6631] RSP: 002b:00007ffe77e5fe18 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  302.513279][ T6631] RAX: ffffffffffffffda RBX: 00007f73fa775fa0 RCX: 00007f73fa585d29
[  302.521238][ T6631] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  302.529195][ T6631] RBP: 00007f73fa601b08 R08: 0000000000000000 R09: 0000000000000000
[  302.537258][ T6631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  302.545217][ T6631] R13: 00007f73fa775fa0 R14: 00007f73fa775fa0 R15: 00000000000018c7
[  302.553194][ T6631]  </TASK>
[  302.556210][ T6631] 
[  302.558515][ T6631] Allocated by task 5946:
[  302.562827][ T6631]  kasan_save_stack+0x33/0x60
[  302.567522][ T6631]  kasan_save_track+0x14/0x30
[  302.572192][ T6631]  __kasan_kmalloc+0xaa/0xb0
[  302.576774][ T6631]  vhci_open+0x4c/0x430
[  302.580917][ T6631]  misc_open+0x35a/0x420
[  302.585151][ T6631]  chrdev_open+0x237/0x6a0
[  302.589562][ T6631]  do_dentry_open+0xf59/0x1ea0
[  302.594320][ T6631]  vfs_open+0x82/0x3f0
[  302.598391][ T6631]  path_openat+0x1e6a/0x2d60
[  302.604419][ T6631]  do_filp_open+0x20c/0x470
[  302.608914][ T6631]  do_sys_openat2+0x17a/0x1e0
[  302.613583][ T6631]  __x64_sys_openat+0x175/0x210
[  302.618427][ T6631]  do_syscall_64+0xcd/0x250
[  302.622924][ T6631]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.628829][ T6631] 
[  302.631142][ T6631] Freed by task 5946:
[  302.635108][ T6631]  kasan_save_stack+0x33/0x60
[  302.639783][ T6631]  kasan_save_track+0x14/0x30
[  302.644451][ T6631]  kasan_save_free_info+0x3b/0x60
[  302.649462][ T6631]  __kasan_slab_free+0x51/0x70
[  302.654227][ T6631]  kfree+0x14f/0x4b0
[  302.659183][ T6631]  vhci_release+0xbb/0xf0
[  302.663508][ T6631]  __fput+0x3f8/0xb60
[  302.667484][ T6631]  task_work_run+0x14e/0x250
[  302.672080][ T6631]  do_exit+0xad8/0x2d70
[  302.676240][ T6631]  do_group_exit+0xd3/0x2a0
[  302.680773][ T6631]  get_signal+0x2576/0x2610
[  302.685273][ T6631]  arch_do_signal_or_restart+0x90/0x7e0
[  302.690835][ T6631]  syscall_exit_to_user_mode+0x150/0x2a0
[  302.696463][ T6631]  do_syscall_64+0xda/0x250
[  302.700956][ T6631]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.706841][ T6631] 
[  302.709152][ T6631] The buggy address belongs to the object at ffff8880233c5000
[  302.709152][ T6631]  which belongs to the cache kmalloc-1k of size 1024
[  302.723622][ T6631] The buggy address is located 0 bytes inside of
[  302.723622][ T6631]  freed 1024-byte region [ffff8880233c5000, ffff8880233c5400)
[  302.737318][ T6631] 
[  302.739646][ T6631] The buggy address belongs to the physical page:
[  302.746043][ T6631] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x233c0
[  302.754820][ T6631] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  302.763316][ T6631] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  302.771278][ T6631] page_type: f5(slab)
[  302.775245][ T6631] raw: 00fff00000000040 ffff88801ac41dc0 0000000000000000 dead000000000001
[  302.783814][ T6631] raw: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000
[  302.792423][ T6631] head: 00fff00000000040 ffff88801ac41dc0 0000000000000000 dead000000000001
[  302.802061][ T6631] head: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000
[  302.810729][ T6631] head: 00fff00000000003 ffffea00008cf001 ffffffffffffffff 0000000000000000
[  302.819400][ T6631] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  302.828064][ T6631] page dumped because: kasan: bad access detected
[  302.834565][ T6631] page_owner tracks the page as allocated
[  302.840270][ T6631] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2916, tgid 2916 (kworker/u8:7), ts 268796754185, free_ts 268795217968
[  302.861639][ T6631]  post_alloc_hook+0x2d1/0x350
[  302.866415][ T6631]  get_page_from_freelist+0xfce/0x2f80
[  302.871876][ T6631]  __alloc_pages_noprof+0x223/0x25b0
[  302.877162][ T6631]  alloc_pages_mpol_noprof+0x2c9/0x610
[  302.882614][ T6631]  new_slab+0x2c9/0x410
[  302.886762][ T6631]  ___slab_alloc+0xce2/0x1650
[  302.891432][ T6631]  __slab_alloc.constprop.0+0x56/0xb0
[  302.896805][ T6631]  __kmalloc_node_track_caller_noprof+0x2ee/0x520
[  302.905048][ T6631]  kmalloc_reserve+0xef/0x2c0
[  302.909732][ T6631]  __alloc_skb+0x164/0x380
[  302.914149][ T6631]  inet6_rt_notify+0xc7/0x260
[  302.918831][ T6631]  fib6_add+0x251d/0x4b20
[  302.923157][ T6631]  ip6_ins_rt+0xb6/0x110
[  302.927399][ T6631]  __ipv6_ifa_notify+0x9de/0xc30
[  302.932332][ T6631]  addrconf_dad_completed+0x19d/0x1060
[  302.937866][ T6631]  addrconf_dad_work+0x7fb/0x14d0
[  302.944298][ T6631] page last free pid 2916 tgid 2916 stack trace:
[  302.950721][ T6631]  free_unref_page+0x661/0x1080
[  302.955580][ T6631]  __put_partials+0x14c/0x170
[  302.960259][ T6631]  qlist_free_all+0x4e/0x120
[  302.964849][ T6631]  kasan_quarantine_reduce+0x195/0x1e0
[  302.970392][ T6631]  __kasan_slab_alloc+0x69/0x90
[  302.975244][ T6631]  kmem_cache_alloc_node_noprof+0x1ca/0x3b0
[  302.981240][ T6631]  __alloc_skb+0x2b3/0x380
[  302.985674][ T6631]  alloc_skb_with_frags+0xe4/0x850
[  302.990788][ T6631]  sock_alloc_send_pskb+0x7f1/0x980
[  302.995986][ T6631]  mld_newpack.isra.0+0x1d4/0x820
[  303.001014][ T6631]  add_grhead+0x299/0x340
[  303.005350][ T6631]  add_grec+0x111e/0x1670
[  303.009685][ T6631]  mld_send_initial_cr.part.0+0xe2/0x260
[  303.015324][ T6631]  ipv6_mc_dad_complete+0x22c/0x2b0
[  303.020521][ T6631]  addrconf_dad_completed+0xd40/0x1060
[  303.026012][ T6631]  addrconf_dad_work+0x7fb/0x14d0
[  303.031043][ T6631] 
[  303.033462][ T6631] Memory state around the buggy address:
[  303.039805][ T6631]  ffff8880233c4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  303.047861][ T6631]  ffff8880233c4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  303.055916][ T6631] >ffff8880233c5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  303.063967][ T6631]                    ^
[  303.068028][ T6631]  ffff8880233c5080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  303.076078][ T6631]  ffff8880233c5100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  303.084128][ T6631] ==================================================================
[  303.101988][ T6631] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  303.109295][ T6631] CPU: 0 UID: 0 PID: 6631 Comm: syz.0.616 Not tainted 6.13.0-rc7-syzkaller #0
[  303.118159][ T6631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  303.128616][ T6631] Call Trace:
[  303.131886][ T6631]  <TASK>
[  303.134810][ T6631]  dump_stack_lvl+0x3d/0x1f0
[  303.139405][ T6631]  panic+0x71d/0x800
[  303.143293][ T6631]  ? __pfx_panic+0x10/0x10
[  303.147700][ T6631]  ? preempt_schedule_thunk+0x1a/0x30
[  303.153059][ T6631]  ? preempt_schedule_common+0x44/0xc0
[  303.158505][ T6631]  ? check_panic_on_warn+0x1f/0xb0
[  303.163606][ T6631]  check_panic_on_warn+0xab/0xb0
[  303.168532][ T6631]  end_report+0x117/0x180
[  303.174072][ T6631]  kasan_report+0xe9/0x110
[  303.178839][ T6631]  ? force_devcd_write+0x31f/0x350
[  303.183948][ T6631]  ? force_devcd_write+0x31f/0x350
[  303.189055][ T6631]  force_devcd_write+0x31f/0x350
[  303.193995][ T6631]  ? __pfx_force_devcd_write+0x10/0x10
[  303.199522][ T6631]  ? __debugfs_file_get+0x43d/0x5d0
[  303.205177][ T6631]  ? __pfx___debugfs_file_get+0x10/0x10
[  303.210717][ T6631]  ? rcu_is_watching+0x12/0xc0
[  303.215474][ T6631]  ? trace_lock_acquire+0x14e/0x1f0
[  303.220680][ T6631]  full_proxy_write+0xfd/0x1b0
[  303.225437][ T6631]  ? __pfx_full_proxy_write+0x10/0x10
[  303.230798][ T6631]  vfs_write+0x24c/0x1150
[  303.235119][ T6631]  ? __pfx_vfs_write+0x10/0x10
[  303.239870][ T6631]  ? do_futex+0x123/0x350
[  303.244195][ T6631]  ? __pfx_do_futex+0x10/0x10
[  303.248868][ T6631]  ? __x64_sys_futex+0x1e1/0x4c0
[  303.253798][ T6631]  ? __x64_sys_futex+0x1ea/0x4c0
[  303.258754][ T6631]  ksys_write+0x12b/0x250
[  303.263073][ T6631]  ? __pfx_ksys_write+0x10/0x10
[  303.267917][ T6631]  do_syscall_64+0xcd/0x250
[  303.272429][ T6631]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  303.278341][ T6631] RIP: 0033:0x7f73fa585d29
[  303.282746][ T6631] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  303.304087][ T6631] RSP: 002b:00007ffe77e5fe18 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  303.312498][ T6631] RAX: ffffffffffffffda RBX: 00007f73fa775fa0 RCX: 00007f73fa585d29
[  303.320475][ T6631] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  303.328441][ T6631] RBP: 00007f73fa601b08 R08: 0000000000000000 R09: 0000000000000000
[  303.336577][ T6631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  303.344535][ T6631] R13: 00007f73fa775fa0 R14: 00007f73fa775fa0 R15: 00000000000018c7
[  303.352507][ T6631]  </TASK>
[  303.355797][ T6631] Kernel Offset: disabled
[  303.360117][ T6631] Rebooting in 86400 seconds..