Warning: Permanently added '10.128.1.83' (ED25519) to the list of known hosts.
[ 87.866182][ T5850] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 87.875933][ T5850] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 87.884783][ T5850] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 87.893451][ T5850] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 87.901937][ T5850] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 87.904052][ T5857] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 87.910362][ T5850] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 87.917715][ T5857] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 87.923914][ T5850] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 87.931823][ T5857] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 87.938336][ T5850] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 87.945519][ T5857] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 87.953498][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 87.959827][ T5857] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 87.965935][ T5850] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 87.974403][ T5857] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 87.983936][ T5850] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 87.989260][ T5856] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 87.994275][ T5859] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 88.002659][ T5857] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 88.009227][ T5850] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 88.022782][ T5857] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 88.022791][ T5859] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 88.037250][ T5859] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 88.048218][ T5859] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 88.412043][ T2121] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 88.423644][ T2121] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 88.450990][ T4869] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 88.459211][ T4869] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 88.492880][ T2121] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 88.504138][ T2121] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 88.551761][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 88.560158][ T2121] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 88.567364][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 88.568994][ T2121] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
executing program
[ 88.611327][ T2121] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 88.628634][ T2121] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[ 88.697654][ T4869] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 88.710517][ T4869] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
executing program
executing program
executing program
executing program
[ 88.777038][ T5835] ==================================================================
[ 88.785143][ T5835] BUG: KASAN: slab-use-after-free in binder_add_device+0x6b/0xb0
[ 88.785204][ T5835] Write of size 8 at addr ffff888141740c08 by task syz-executor295/5835
[ 88.785221][ T5835]
[ 88.785248][ T5835] CPU: 1 UID: 0 PID: 5835 Comm: syz-executor295 Not tainted 6.15.0-rc7-next-20250523-syzkaller #0 PREEMPT(full)
[ 88.785272][ T5835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
executing program
[ 88.785292][ T5835] Call Trace:
[ 88.785301][ T5835]
[ 88.785310][ T5835] dump_stack_lvl+0x189/0x250
[ 88.785329][ T5835] ? __virt_addr_valid+0x1c8/0x5c0
[ 88.785350][ T5835] ? rcu_is_watching+0x15/0xb0
[ 88.785368][ T5835] ? __kasan_check_byte+0x12/0x40
[ 88.785394][ T5835] ? __pfx_dump_stack_lvl+0x10/0x10
[ 88.785412][ T5835] ? rcu_is_watching+0x15/0xb0
[ 88.785431][ T5835] ? lock_release+0x4b/0x3e0
[ 88.785462][ T5835] ? __virt_addr_valid+0x1c8/0x5c0
[ 88.785483][ T5835] ? __virt_addr_valid+0x4a5/0x5c0
[ 88.785506][ T5835] print_report+0xd2/0x2b0
[ 88.785533][ T5835] ? binder_add_device+0x6b/0xb0
[ 88.785551][ T5835] kasan_report+0x118/0x150
[ 88.785573][ T5835] ? binder_add_device+0x6b/0xb0
[ 88.785596][ T5835] binder_add_device+0x6b/0xb0
[ 88.785615][ T5835] binderfs_binder_device_create+0x9e7/0xc40
[ 88.785655][ T5835] ? __pfx_binderfs_binder_device_create+0x10/0x10
[ 88.785690][ T5835] ? do_raw_spin_unlock+0x122/0x240
[ 88.785716][ T5835] binderfs_fill_super+0xa0e/0xe90
[ 88.785747][ T5835] ? __pfx_binderfs_fill_super+0x10/0x10
[ 88.785789][ T5835] ? shrinker_register+0x16b/0x230
[ 88.785823][ T5835] ? sget_fc+0x962/0xa40
[ 88.785857][ T5835] ? __pfx_set_anon_super_fc+0x10/0x10
[ 88.785892][ T5835] ? __pfx_binderfs_fill_super+0x10/0x10
[ 88.785935][ T5835] get_tree_nodev+0xbb/0x150
[ 88.785971][ T5835] vfs_get_tree+0x92/0x2b0
[ 88.785995][ T5835] do_new_mount+0x24a/0xa40
[ 88.786024][ T5835] __se_sys_mount+0x317/0x410
[ 88.786053][ T5835] ? __pfx___se_sys_mount+0x10/0x10
[ 88.786082][ T5835] ? do_syscall_64+0xbe/0x3b0
[ 88.786115][ T5835] ? __x64_sys_mount+0x20/0xc0
[ 88.786141][ T5835] do_syscall_64+0xfa/0x3b0
[ 88.786167][ T5835] ? lockdep_hardirqs_on+0x9c/0x150
[ 88.786192][ T5835] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 88.786214][ T5835] ? clear_bhb_loop+0x60/0xb0
[ 88.786240][ T5835] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 88.786263][ T5835] RIP: 0033:0x7f20db79d74a
[ 88.786292][ T5835] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 06 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 88.786312][ T5835] RSP: 002b:00007ffc6893c5a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 88.786336][ T5835] RAX: ffffffffffffffda RBX: 00007f20db7f204b RCX: 00007f20db79d74a
[ 88.786353][ T5835] RDX: 00007f20db7f21e5 RSI: 00007f20db7f204b RDI: 00007f20db7f21e5
[ 88.786370][ T5835] RBP: 00007f20db7f21b5 R08: 0000000000000000 R09: 0000000000000000
[ 88.786384][ T5835] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f20db7f211d
[ 88.786399][ T5835] R13: 0000000000000003 R14: 000000000000000c R15: 00007ffc6893c602
[ 88.786423][ T5835]
[ 88.786430][ T5835]
[ 88.811133][ T2121] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 88.816264][ T5835] Allocated by task 5842:
[ 88.816279][ T5835] kasan_save_track+0x3e/0x80
[ 88.816314][ T5835] __kasan_kmalloc+0x93/0xb0
[ 88.816332][ T5835] __kmalloc_cache_noprof+0x230/0x3d0
[ 88.816351][ T5835] binderfs_binder_device_create+0x1eb/0xc40
[ 88.846563][ T2121] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 88.847418][ T5835] binderfs_fill_super+0xa0e/0xe90
[ 89.132447][ T5835] get_tree_nodev+0xbb/0x150
[ 89.137062][ T5835] vfs_get_tree+0x92/0x2b0
[ 89.141487][ T5835] do_new_mount+0x24a/0xa40
[ 89.146361][ T5835] __se_sys_mount+0x317/0x410
[ 89.151057][ T5835] do_syscall_64+0xfa/0x3b0
[ 89.155657][ T5835] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 89.161561][ T5835]
[ 89.163892][ T5835] Freed by task 9:
[ 89.167614][ T5835] kasan_save_track+0x3e/0x80
[ 89.172314][ T5835] kasan_save_free_info+0x46/0x50
[ 89.177363][ T5835] __kasan_slab_free+0x62/0x70
[ 89.182147][ T5835] kfree+0x18e/0x440
[ 89.186125][ T5835] binder_proc_dec_tmpref+0x228/0x4f0
[ 89.191517][ T5835] binder_deferred_func+0x13a5/0x1520
[ 89.196907][ T5835] process_scheduled_works+0xade/0x17b0
[ 89.202482][ T5835] worker_thread+0x8a0/0xda0
[ 89.207078][ T5835] kthread+0x711/0x8a0
[ 89.211152][ T5835] ret_from_fork+0x3fc/0x770
[ 89.215768][ T5835] ret_from_fork_asm+0x1a/0x30
[ 89.220538][ T5835]
[ 89.222866][ T5835] The buggy address belongs to the object at ffff888141740c00
[ 89.222866][ T5835] which belongs to the cache kmalloc-512 of size 512
[ 89.236933][ T5835] The buggy address is located 8 bytes inside of
[ 89.236933][ T5835] freed 512-byte region [ffff888141740c00, ffff888141740e00)
[ 89.250578][ T5835]
[ 89.252918][ T5835] The buggy address belongs to the physical page:
[ 89.259416][ T5835] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x141740
[ 89.268287][ T5835] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 89.276808][ T5835] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[ 89.284464][ T5835] page_type: f5(slab)
[ 89.288464][ T5835] raw: 057ff00000000040 ffff88801a441c80 ffffea000514c900 dead000000000002
[ 89.297064][ T5835] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 89.305741][ T5835] head: 057ff00000000040 ffff88801a441c80 ffffea000514c900 dead000000000002
[ 89.314413][ T5835] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 89.323087][ T5835] head: 057ff00000000002 ffffea000505d001 00000000ffffffff 00000000ffffffff
[ 89.331762][ T5835] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[ 89.340430][ T5835] page dumped because: kasan: bad access detected
[ 89.346856][ T5835] page_owner tracks the page as allocated
[ 89.352571][ T5835] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2000(__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 9648630264, free_ts 0
[ 89.370653][ T5835] post_alloc_hook+0x240/0x2a0
[ 89.375432][ T5835] get_page_from_freelist+0x21e4/0x22c0
[ 89.380998][ T5835] __alloc_frozen_pages_noprof+0x181/0x370
[ 89.386862][ T5835] alloc_pages_mpol+0x232/0x4a0
[ 89.391744][ T5835] allocate_slab+0x8a/0x3b0
[ 89.396256][ T5835] ___slab_alloc+0xbfc/0x1480
[ 89.400939][ T5835] __kmalloc_cache_noprof+0x296/0x3d0
[ 89.406338][ T5835] device_add+0xbe/0xb50
[ 89.410591][ T5835] device_create+0x25b/0x2f0
[ 89.415193][ T5835] bdi_register_va+0x9c/0x740
[ 89.419885][ T5835] bdi_register+0xd4/0x120
[ 89.424337][ T5835] __add_disk+0x747/0xd50
[ 89.428676][ T5835] add_disk_fwnode+0xfc/0x480
[ 89.433359][ T5835] loop_add+0x7f5/0xad0
[ 89.437532][ T5835] loop_init+0x173/0x230
[ 89.441785][ T5835] do_one_initcall+0x233/0x820
[ 89.446560][ T5835] page_owner free stack trace missing
[ 89.451926][ T5835]
[ 89.454253][ T5835] Memory state around the buggy address:
[ 89.459891][ T5835] ffff888141740b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 89.467960][ T5835] ffff888141740b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 89.476116][ T5835] >ffff888141740c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 89.484182][ T5835] ^
[ 89.488516][ T5835] ffff888141740c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 89.496585][ T5835] ffff888141740d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 89.504648][ T5835] ==================================================================
[ 89.513655][ T5835] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 89.520913][ T5835] CPU: 1 UID: 0 PID: 5835 Comm: syz-executor295 Not tainted 6.15.0-rc7-next-20250523-syzkaller #0 PREEMPT(full)
[ 89.532821][ T5835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 89.542904][ T5835] Call Trace:
[ 89.546209][ T5835]
[ 89.549158][ T5835] dump_stack_lvl+0x99/0x250
[ 89.553765][ T5835] ? __asan_memcpy+0x40/0x70
[ 89.558409][ T5835] ? __pfx_dump_stack_lvl+0x10/0x10
[ 89.563621][ T5835] ? __pfx__printk+0x10/0x10
[ 89.568227][ T5835] panic+0x2db/0x790
[ 89.572142][ T5835] ? __pfx_panic+0x10/0x10
[ 89.576582][ T5835] ? _raw_spin_unlock_irqrestore+0xa8/0x110
[ 89.582487][ T5835] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 89.588400][ T5835] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 89.594754][ T5835] ? print_memory_metadata+0x314/0x400
[ 89.600265][ T5835] ? binder_add_device+0x6b/0xb0
[ 89.605237][ T5835] check_panic_on_warn+0x89/0xb0
[ 89.610195][ T5835] ? binder_add_device+0x6b/0xb0
[ 89.615172][ T5835] end_report+0x78/0x160
[ 89.619433][ T5835] kasan_report+0x129/0x150
[ 89.623944][ T5835] ? binder_add_device+0x6b/0xb0
[ 89.628888][ T5835] binder_add_device+0x6b/0xb0
[ 89.633746][ T5835] binderfs_binder_device_create+0x9e7/0xc40
[ 89.639773][ T5835] ? __pfx_binderfs_binder_device_create+0x10/0x10
[ 89.646499][ T5835] ? do_raw_spin_unlock+0x122/0x240
[ 89.651727][ T5835] binderfs_fill_super+0xa0e/0xe90
[ 89.656869][ T5835] ? __pfx_binderfs_fill_super+0x10/0x10
[ 89.662562][ T5835] ? shrinker_register+0x16b/0x230
[ 89.667887][ T5835] ? sget_fc+0x962/0xa40
[ 89.672273][ T5835] ? __pfx_set_anon_super_fc+0x10/0x10
[ 89.677772][ T5835] ? __pfx_binderfs_fill_super+0x10/0x10
[ 89.683469][ T5835] get_tree_nodev+0xbb/0x150
[ 89.688190][ T5835] vfs_get_tree+0x92/0x2b0
[ 89.692633][ T5835] do_new_mount+0x24a/0xa40
[ 89.697192][ T5835] __se_sys_mount+0x317/0x410
[ 89.701911][ T5835] ? __pfx___se_sys_mount+0x10/0x10
[ 89.707137][ T5835] ? do_syscall_64+0xbe/0x3b0
[ 89.711934][ T5835] ? __x64_sys_mount+0x20/0xc0
[ 89.716830][ T5835] do_syscall_64+0xfa/0x3b0
[ 89.721346][ T5835] ? lockdep_hardirqs_on+0x9c/0x150
[ 89.726551][ T5835] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 89.732622][ T5835] ? clear_bhb_loop+0x60/0xb0
[ 89.737575][ T5835] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 89.743482][ T5835] RIP: 0033:0x7f20db79d74a
[ 89.747915][ T5835] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 06 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 89.767970][ T5835] RSP: 002b:00007ffc6893c5a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 89.776506][ T5835] RAX: ffffffffffffffda RBX: 00007f20db7f204b RCX: 00007f20db79d74a
[ 89.784497][ T5835] RDX: 00007f20db7f21e5 RSI: 00007f20db7f204b RDI: 00007f20db7f21e5
[ 89.792484][ T5835] RBP: 00007f20db7f21b5 R08: 0000000000000000 R09: 0000000000000000
[ 89.800465][ T5835] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f20db7f211d
[ 89.808446][ T5835] R13: 0000000000000003 R14: 000000000000000c R15: 00007ffc6893c602
[ 89.816432][ T5835]
[ 89.819714][ T5835] Kernel Offset: disabled
[ 89.824137][ T5835] Rebooting in 86400 seconds..