Warning: Permanently added '10.128.0.102' (ED25519) to the list of known hosts.
2024/12/21 04:00:02 ignoring optional flag "sandboxArg"="0"
2024/12/21 04:00:02 parsed 1 programs
[  143.317731][ T5845] cgroup: Unknown subsys name 'net'
[  143.432875][ T5845] cgroup: Unknown subsys name 'cpuset'
[  143.442186][ T5845] cgroup: Unknown subsys name 'rlimit'
[  144.881824][ T5845] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  147.315583][ T5855] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  148.058772][ T5877] chnl_net:caif_netlink_parms(): no params data found
[  148.154469][ T5877] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.165051][ T5877] bridge0: port 1(bridge_slave_0) entered disabled state
[  148.173546][ T5877] bridge_slave_0: entered allmulticast mode
[  148.182331][ T5877] bridge_slave_0: entered promiscuous mode
[  148.197465][ T5877] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.204886][ T5877] bridge0: port 2(bridge_slave_1) entered disabled state
[  148.212360][ T5877] bridge_slave_1: entered allmulticast mode
[  148.219290][ T5877] bridge_slave_1: entered promiscuous mode
[  148.239751][ T5877] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  148.251584][ T5877] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  148.280512][ T5877] team0: Port device team_slave_0 added
[  148.289089][ T5877] team0: Port device team_slave_1 added
[  148.313198][ T5877] batman_adv: batadv0: Adding interface: batadv_slave_0
[  148.321998][ T5877] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  148.349823][ T5877] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  148.363030][ T5877] batman_adv: batadv0: Adding interface: batadv_slave_1
[  148.370635][ T5877] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  148.396735][ T5877] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  148.429565][ T5877] hsr_slave_0: entered promiscuous mode
[  148.435790][ T5877] hsr_slave_1: entered promiscuous mode
[  148.517348][ T5877] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  148.529710][ T5877] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  148.539872][ T5877] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  148.548601][ T5877] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  148.567510][ T5877] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.574738][ T5877] bridge0: port 2(bridge_slave_1) entered forwarding state
[  148.582647][ T5877] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.589808][ T5877] bridge0: port 1(bridge_slave_0) entered forwarding state
[  148.632846][ T5877] 8021q: adding VLAN 0 to HW filter on device bond0
[  148.652276][ T3525] bridge0: port 1(bridge_slave_0) entered disabled state
[  148.661410][ T3525] bridge0: port 2(bridge_slave_1) entered disabled state
[  148.676690][ T5877] 8021q: adding VLAN 0 to HW filter on device team0
[  148.689533][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.696619][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  148.708419][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.715503][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  148.834465][ T5877] 8021q: adding VLAN 0 to HW filter on device batadv0
[  148.867485][ T5877] veth0_vlan: entered promiscuous mode
[  148.877232][ T5877] veth1_vlan: entered promiscuous mode
[  148.900222][ T5877] veth0_macvtap: entered promiscuous mode
[  148.908513][ T5877] veth1_macvtap: entered promiscuous mode
[  148.924218][ T5877] batman_adv: batadv0: Interface activated: batadv_slave_0
[  148.942596][ T5877] batman_adv: batadv0: Interface activated: batadv_slave_1
[  148.952943][ T5877] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  148.962176][ T5877] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  148.972590][ T5877] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  148.981499][ T5877] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  149.100722][ T3525] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.151401][ T3525] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.186614][ T3451] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  149.199502][ T3451] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  149.220629][ T3525] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.243194][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  149.252817][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  149.275520][ T3525] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.629233][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  149.639476][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  149.647452][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  149.656390][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  149.664860][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  149.672618][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2024/12/21 04:00:13 executed programs: 0
[  151.312893][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  151.321128][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  151.329660][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  151.337574][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  151.345838][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  151.354177][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  151.448230][ T5940] chnl_net:caif_netlink_parms(): no params data found
[  151.490406][ T5940] bridge0: port 1(bridge_slave_0) entered blocking state
[  151.497536][ T5940] bridge0: port 1(bridge_slave_0) entered disabled state
[  151.506816][ T5940] bridge_slave_0: entered allmulticast mode
[  151.513755][ T5940] bridge_slave_0: entered promiscuous mode
[  151.521085][ T5940] bridge0: port 2(bridge_slave_1) entered blocking state
[  151.528639][ T5940] bridge0: port 2(bridge_slave_1) entered disabled state
[  151.535783][ T5940] bridge_slave_1: entered allmulticast mode
[  151.542493][ T5940] bridge_slave_1: entered promiscuous mode
[  151.563747][ T5940] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  151.574555][ T5940] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  151.597565][ T5940] team0: Port device team_slave_0 added
[  151.605488][ T5940] team0: Port device team_slave_1 added
[  151.623909][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_0
[  151.631002][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  151.657274][ T5940] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  151.669666][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_1
[  151.676616][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  151.702687][ T5940] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  151.733078][ T5940] hsr_slave_0: entered promiscuous mode
[  151.739873][ T5940] hsr_slave_1: entered promiscuous mode
[  151.745915][ T5940] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  151.754232][ T5940] Cannot create hsr debugfs directory
[  152.591246][ T3525] bridge_slave_1: left allmulticast mode
[  152.597396][ T3525] bridge_slave_1: left promiscuous mode
[  152.603981][ T3525] bridge0: port 2(bridge_slave_1) entered disabled state
[  152.614779][ T3525] bridge_slave_0: left allmulticast mode
[  152.621470][ T3525] bridge_slave_0: left promiscuous mode
[  152.627098][ T3525] bridge0: port 1(bridge_slave_0) entered disabled state
[  152.851289][ T3525] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  152.862496][ T3525] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  152.872546][ T3525] bond0 (unregistering): Released all slaves
[  152.995201][ T3525] hsr_slave_0: left promiscuous mode
[  153.001218][ T3525] hsr_slave_1: left promiscuous mode
[  153.011839][ T3525] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  153.019412][ T3525] batman_adv: batadv0: Removing interface: batadv_slave_0
[  153.027759][ T3525] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  153.036255][ T3525] batman_adv: batadv0: Removing interface: batadv_slave_1
[  153.057380][ T3525] veth1_macvtap: left promiscuous mode
[  153.065869][ T3525] veth0_macvtap: left promiscuous mode
[  153.073457][ T3525] veth1_vlan: left promiscuous mode
[  153.081428][ T3525] veth0_vlan: left promiscuous mode
[  153.412131][ T3525] team0 (unregistering): Port device team_slave_1 removed
[  153.419887][ T5144] Bluetooth: hci0: command tx timeout
[  153.440974][ T3525] team0 (unregistering): Port device team_slave_0 removed
[  153.821520][ T5940] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  153.833771][ T5940] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  153.853878][ T5940] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  153.875595][ T5940] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  153.995488][ T5940] 8021q: adding VLAN 0 to HW filter on device bond0
[  154.012251][ T5940] 8021q: adding VLAN 0 to HW filter on device team0
[  154.023792][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  154.030938][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  154.054220][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[  154.061331][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[  154.497731][ T5940] 8021q: adding VLAN 0 to HW filter on device batadv0
[  154.527925][ T5940] veth0_vlan: entered promiscuous mode
[  154.542989][ T5940] veth1_vlan: entered promiscuous mode
[  154.589474][ T5940] veth0_macvtap: entered promiscuous mode
[  154.597679][ T5940] veth1_macvtap: entered promiscuous mode
[  154.612306][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_0
[  154.626713][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_1
[  154.650329][ T5940] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  154.660082][ T5940] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  154.670584][ T5940] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  154.679625][ T5940] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  154.750456][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  154.758569][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  154.785112][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  154.794073][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  155.498530][   T54] Bluetooth: hci0: command tx timeout
2024/12/21 04:00:18 executed programs: 78
[  157.578171][ T5144] Bluetooth: hci0: command tx timeout
[  159.659651][ T5144] Bluetooth: hci0: command tx timeout
2024/12/21 04:00:23 executed programs: 358
[  165.564315][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  165.574793][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  165.582663][   T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  165.591704][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  165.600226][   T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  165.607605][   T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  165.692556][ T6582] chnl_net:caif_netlink_parms(): no params data found
[  165.735029][   T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.764710][ T6582] bridge0: port 1(bridge_slave_0) entered blocking state
[  165.772515][ T6582] bridge0: port 1(bridge_slave_0) entered disabled state
[  165.780326][ T6582] bridge_slave_0: entered allmulticast mode
[  165.787223][ T6582] bridge_slave_0: entered promiscuous mode
[  165.803926][   T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.816642][ T6582] bridge0: port 2(bridge_slave_1) entered blocking state
[  165.823875][ T6582] bridge0: port 2(bridge_slave_1) entered disabled state
[  165.831475][ T6582] bridge_slave_1: entered allmulticast mode
[  165.838002][ T6582] bridge_slave_1: entered promiscuous mode
[  165.860874][ T6582] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  165.878674][   T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.893748][ T6582] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  165.927766][   T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.943714][ T6582] team0: Port device team_slave_0 added
[  165.950751][ T6582] team0: Port device team_slave_1 added
[  165.967274][ T6582] batman_adv: batadv0: Adding interface: batadv_slave_0
[  165.974342][ T6582] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  166.000902][ T6582] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  166.014666][ T6582] batman_adv: batadv0: Adding interface: batadv_slave_1
[  166.021767][ T6582] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  166.047912][ T6582] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  166.083217][ T6582] hsr_slave_0: entered promiscuous mode
[  166.090130][ T6582] hsr_slave_1: entered promiscuous mode
[  166.168479][   T35] bridge_slave_1: left allmulticast mode
[  166.175062][   T35] bridge_slave_1: left promiscuous mode
[  166.181396][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  166.190668][   T35] bridge_slave_0: left allmulticast mode
[  166.196520][   T35] bridge_slave_0: left promiscuous mode
[  166.203360][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  166.421623][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  166.432334][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  166.442394][   T35] bond0 (unregistering): Released all slaves
[  166.708156][   T35] hsr_slave_0: left promiscuous mode
[  166.714506][   T35] hsr_slave_1: left promiscuous mode
[  166.721067][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  166.728586][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  166.736460][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  166.747500][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  166.770207][   T35] veth1_macvtap: left promiscuous mode
[  166.775768][   T35] veth0_macvtap: left promiscuous mode
[  166.784121][   T35] veth1_vlan: left promiscuous mode
[  166.789544][   T35] veth0_vlan: left promiscuous mode
[  167.072950][   T35] team0 (unregistering): Port device team_slave_1 removed
[  167.101521][   T35] team0 (unregistering): Port device team_slave_0 removed
[  167.477027][ T6582] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  167.498758][ T6582] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  167.524502][ T6582] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  167.534265][ T6582] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  167.629213][ T6582] 8021q: adding VLAN 0 to HW filter on device bond0
[  167.658766][   T54] Bluetooth: hci1: command tx timeout
[  167.667202][ T6582] 8021q: adding VLAN 0 to HW filter on device team0
[  167.688381][  T965] bridge0: port 1(bridge_slave_0) entered blocking state
[  167.695508][  T965] bridge0: port 1(bridge_slave_0) entered forwarding state
[  167.707800][ T3525] bridge0: port 2(bridge_slave_1) entered blocking state
[  167.714890][ T3525] bridge0: port 2(bridge_slave_1) entered forwarding state
[  167.830912][ T6582] 8021q: adding VLAN 0 to HW filter on device batadv0
[  167.861180][ T6582] veth0_vlan: entered promiscuous mode
[  167.871506][ T6582] veth1_vlan: entered promiscuous mode
[  167.892774][ T6582] veth0_macvtap: entered promiscuous mode
[  167.901613][ T6582] veth1_macvtap: entered promiscuous mode
[  167.915786][ T6582] batman_adv: batadv0: Interface activated: batadv_slave_0
[  167.927942][ T6582] batman_adv: batadv0: Interface activated: batadv_slave_1
[  167.937646][ T6582] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  167.946689][ T6582] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  167.955705][ T6582] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  167.964544][ T6582] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2024/12/21 04:00:29 executed programs: 602
[  168.012826][ T3525] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  168.022631][ T3525] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  168.043428][  T965] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  168.052278][  T965] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  168.085642][ T6624] ==================================================================
[  168.093715][ T6624] BUG: KASAN: slab-use-after-free in force_devcd_write+0x31f/0x350
[  168.101596][ T6624] Read of size 8 at addr ffff88804bca5000 by task syz.0.616/6624
[  168.109291][ T6624] 
[  168.111611][ T6624] CPU: 1 UID: 0 PID: 6624 Comm: syz.0.616 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0
[  168.122178][ T6624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  168.132221][ T6624] Call Trace:
[  168.135485][ T6624]  <TASK>
[  168.138414][ T6624]  dump_stack_lvl+0x116/0x1f0
[  168.143116][ T6624]  print_report+0xc3/0x620
[  168.147529][ T6624]  ? __virt_addr_valid+0x5e/0x590
[  168.152546][ T6624]  ? __phys_addr+0xc6/0x150
[  168.157042][ T6624]  kasan_report+0xd9/0x110
[  168.161453][ T6624]  ? force_devcd_write+0x31f/0x350
[  168.166552][ T6624]  ? force_devcd_write+0x31f/0x350
[  168.171654][ T6624]  force_devcd_write+0x31f/0x350
[  168.176588][ T6624]  ? __pfx_force_devcd_write+0x10/0x10
[  168.182144][ T6624]  ? debugfs_file_get+0x21c/0x5c0
[  168.187162][ T6624]  ? __pfx_debugfs_file_get+0x10/0x10
[  168.192529][ T6624]  ? rcu_is_watching+0x12/0xc0
[  168.197308][ T6624]  ? trace_lock_acquire+0x14e/0x1f0
[  168.202497][ T6624]  full_proxy_write+0xfb/0x1b0
[  168.207271][ T6624]  ? __pfx_full_proxy_write+0x10/0x10
[  168.212640][ T6624]  vfs_write+0x24c/0x1150
[  168.216980][ T6624]  ? __pfx_vfs_write+0x10/0x10
[  168.221731][ T6624]  ? do_futex+0x123/0x350
[  168.226057][ T6624]  ? __pfx_do_futex+0x10/0x10
[  168.230727][ T6624]  ? __x64_sys_futex+0x1e1/0x4c0
[  168.235673][ T6624]  ? __x64_sys_futex+0x1ea/0x4c0
[  168.240610][ T6624]  ksys_write+0x12b/0x250
[  168.244930][ T6624]  ? __pfx_ksys_write+0x10/0x10
[  168.249771][ T6624]  do_syscall_64+0xcd/0x250
[  168.254266][ T6624]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.260172][ T6624] RIP: 0033:0x7f38f2d85d29
[  168.264589][ T6624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  168.284192][ T6624] RSP: 002b:00007ffe62348be8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  168.292592][ T6624] RAX: ffffffffffffffda RBX: 00007f38f2f75fa0 RCX: 00007f38f2d85d29
[  168.300550][ T6624] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  168.308505][ T6624] RBP: 00007f38f2e01aa8 R08: 0000000000000000 R09: 0000000000000000
[  168.316463][ T6624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  168.324417][ T6624] R13: 00007f38f2f75fa0 R14: 00007f38f2f75fa0 R15: 00000000000018c5
[  168.332387][ T6624]  </TASK>
[  168.335395][ T6624] 
[  168.337705][ T6624] Allocated by task 5940:
[  168.342028][ T6624]  kasan_save_stack+0x33/0x60
[  168.346725][ T6624]  kasan_save_track+0x14/0x30
[  168.351394][ T6624]  __kasan_kmalloc+0xaa/0xb0
[  168.355973][ T6624]  vhci_open+0x4c/0x430
[  168.360118][ T6624]  misc_open+0x35a/0x420
[  168.364346][ T6624]  chrdev_open+0x237/0x6a0
[  168.368751][ T6624]  do_dentry_open+0xf59/0x1ea0
[  168.373501][ T6624]  vfs_open+0x82/0x3f0
[  168.377564][ T6624]  path_openat+0x1e6a/0x2d60
[  168.382144][ T6624]  do_filp_open+0x20c/0x470
[  168.386635][ T6624]  do_sys_openat2+0x17a/0x1e0
[  168.391310][ T6624]  __x64_sys_openat+0x175/0x210
[  168.396154][ T6624]  do_syscall_64+0xcd/0x250
[  168.400646][ T6624]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.406528][ T6624] 
[  168.408837][ T6624] Freed by task 5940:
[  168.412799][ T6624]  kasan_save_stack+0x33/0x60
[  168.417465][ T6624]  kasan_save_track+0x14/0x30
[  168.422130][ T6624]  kasan_save_free_info+0x3b/0x60
[  168.427140][ T6624]  __kasan_slab_free+0x51/0x70
[  168.431893][ T6624]  kfree+0x14f/0x4b0
[  168.435775][ T6624]  vhci_release+0xbb/0xf0
[  168.440091][ T6624]  __fput+0x3f8/0xb60
[  168.444090][ T6624]  task_work_run+0x14e/0x250
[  168.448674][ T6624]  do_exit+0xadd/0x2d70
[  168.452821][ T6624]  do_group_exit+0xd3/0x2a0
[  168.457310][ T6624]  get_signal+0x2576/0x2610
[  168.461801][ T6624]  arch_do_signal_or_restart+0x90/0x7e0
[  168.467335][ T6624]  syscall_exit_to_user_mode+0x150/0x2a0
[  168.473043][ T6624]  do_syscall_64+0xda/0x250
[  168.477534][ T6624]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.483418][ T6624] 
[  168.485724][ T6624] The buggy address belongs to the object at ffff88804bca5000
[  168.485724][ T6624]  which belongs to the cache kmalloc-1k of size 1024
[  168.499764][ T6624] The buggy address is located 0 bytes inside of
[  168.499764][ T6624]  freed 1024-byte region [ffff88804bca5000, ffff88804bca5400)
[  168.513458][ T6624] 
[  168.515768][ T6624] The buggy address belongs to the physical page:
[  168.522169][ T6624] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4bca0
[  168.530918][ T6624] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  168.539416][ T6624] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  168.546975][ T6624] page_type: f5(slab)
[  168.550963][ T6624] raw: 00fff00000000040 ffff88801ac41dc0 dead000000000100 dead000000000122
[  168.559556][ T6624] raw: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000
[  168.568144][ T6624] head: 00fff00000000040 ffff88801ac41dc0 dead000000000100 dead000000000122
[  168.576810][ T6624] head: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000
[  168.585470][ T6624] head: 00fff00000000003 ffffea00012f2801 ffffffffffffffff 0000000000000000
[  168.594132][ T6624] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  168.602807][ T6624] page dumped because: kasan: bad access detected
[  168.609210][ T6624] page_owner tracks the page as allocated
[  168.614906][ T6624] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5936, tgid 5936 (syz-executor), ts 150952513241, free_ts 150476989014
[  168.636425][ T6624]  post_alloc_hook+0x2d1/0x350
[  168.641194][ T6624]  get_page_from_freelist+0xfce/0x2f80
[  168.646665][ T6624]  __alloc_pages_noprof+0x223/0x25b0
[  168.651970][ T6624]  alloc_pages_mpol_noprof+0x2c9/0x610
[  168.657446][ T6624]  new_slab+0x2c9/0x410
[  168.661606][ T6624]  ___slab_alloc+0xce2/0x1650
[  168.666285][ T6624]  __slab_alloc.constprop.0+0x56/0xb0
[  168.671658][ T6624]  __kmalloc_cache_noprof+0xf6/0x420
[  168.676941][ T6624]  afs_alloc_call+0x4f/0x4a0
[  168.681540][ T6624]  afs_charge_preallocation+0xff/0x330
[  168.686995][ T6624]  afs_open_socket+0x298/0x350
[  168.691755][ T6624]  afs_net_init+0x95d/0xc60
[  168.696263][ T6624]  ops_init+0x1df/0x5f0
[  168.700425][ T6624]  setup_net+0x21f/0x860
[  168.704669][ T6624]  copy_net_ns+0x2b4/0x6c0
[  168.709082][ T6624]  create_new_namespaces+0x3ea/0xad0
[  168.714363][ T6624] page last free pid 5921 tgid 5921 stack trace:
[  168.720679][ T6624]  free_unref_page+0x661/0x1080
[  168.725530][ T6624]  vfree+0x17a/0x890
[  168.729425][ T6624]  kcov_put+0x2a/0x40
[  168.733405][ T6624]  kcov_close+0xd/0x20
[  168.737469][ T6624]  __fput+0x3f8/0xb60
[  168.741454][ T6624]  task_work_run+0x14e/0x250
[  168.746067][ T6624]  do_exit+0xadd/0x2d70
[  168.750223][ T6624]  do_group_exit+0xd3/0x2a0
[  168.754730][ T6624]  get_signal+0x2576/0x2610
[  168.759234][ T6624]  arch_do_signal_or_restart+0x90/0x7e0
[  168.764781][ T6624]  syscall_exit_to_user_mode+0x150/0x2a0
[  168.770414][ T6624]  do_syscall_64+0xda/0x250
[  168.774919][ T6624]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.780815][ T6624] 
[  168.783133][ T6624] Memory state around the buggy address:
[  168.788754][ T6624]  ffff88804bca4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  168.796807][ T6624]  ffff88804bca4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  168.804861][ T6624] >ffff88804bca5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  168.812912][ T6624]                    ^
[  168.816966][ T6624]  ffff88804bca5080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  168.825019][ T6624]  ffff88804bca5100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  168.833071][ T6624] ==================================================================
[  168.845897][ T6624] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  168.853137][ T6624] CPU: 1 UID: 0 PID: 6624 Comm: syz.0.616 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0
[  168.863738][ T6624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  168.873796][ T6624] Call Trace:
[  168.877063][ T6624]  <TASK>
[  168.879983][ T6624]  dump_stack_lvl+0x3d/0x1f0
[  168.884571][ T6624]  panic+0x71d/0x800
[  168.888469][ T6624]  ? __pfx_panic+0x10/0x10
[  168.892900][ T6624]  ? preempt_schedule_thunk+0x1a/0x30
[  168.898261][ T6624]  ? preempt_schedule_common+0x44/0xc0
[  168.903712][ T6624]  ? check_panic_on_warn+0x1f/0xb0
[  168.908819][ T6624]  check_panic_on_warn+0xab/0xb0
[  168.913751][ T6624]  end_report+0x117/0x180
[  168.918078][ T6624]  kasan_report+0xe9/0x110
[  168.922484][ T6624]  ? force_devcd_write+0x31f/0x350
[  168.927583][ T6624]  ? force_devcd_write+0x31f/0x350
[  168.932683][ T6624]  force_devcd_write+0x31f/0x350
[  168.937605][ T6624]  ? __pfx_force_devcd_write+0x10/0x10
[  168.943059][ T6624]  ? debugfs_file_get+0x21c/0x5c0
[  168.948079][ T6624]  ? __pfx_debugfs_file_get+0x10/0x10
[  168.953438][ T6624]  ? rcu_is_watching+0x12/0xc0
[  168.958197][ T6624]  ? trace_lock_acquire+0x14e/0x1f0
[  168.963385][ T6624]  full_proxy_write+0xfb/0x1b0
[  168.968139][ T6624]  ? __pfx_full_proxy_write+0x10/0x10
[  168.973497][ T6624]  vfs_write+0x24c/0x1150
[  168.977815][ T6624]  ? __pfx_vfs_write+0x10/0x10
[  168.982563][ T6624]  ? do_futex+0x123/0x350
[  168.986883][ T6624]  ? __pfx_do_futex+0x10/0x10
[  168.991554][ T6624]  ? __x64_sys_futex+0x1e1/0x4c0
[  168.996489][ T6624]  ? __x64_sys_futex+0x1ea/0x4c0
[  169.001417][ T6624]  ksys_write+0x12b/0x250
[  169.005736][ T6624]  ? __pfx_ksys_write+0x10/0x10
[  169.010576][ T6624]  do_syscall_64+0xcd/0x250
[  169.015077][ T6624]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.020962][ T6624] RIP: 0033:0x7f38f2d85d29
[  169.025360][ T6624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  169.044953][ T6624] RSP: 002b:00007ffe62348be8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  169.053355][ T6624] RAX: ffffffffffffffda RBX: 00007f38f2f75fa0 RCX: 00007f38f2d85d29
[  169.061318][ T6624] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  169.069275][ T6624] RBP: 00007f38f2e01aa8 R08: 0000000000000000 R09: 0000000000000000
[  169.077229][ T6624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  169.085185][ T6624] R13: 00007f38f2f75fa0 R14: 00007f38f2f75fa0 R15: 00000000000018c5
[  169.093147][ T6624]  </TASK>
[  169.096409][ T6624] Kernel Offset: disabled
[  169.100739][ T6624] Rebooting in 86400 seconds..