Warning: Permanently added '10.128.1.75' (ED25519) to the list of known hosts.
2025/02/21 03:39:12 ignoring optional flag "sandboxArg"="0"
2025/02/21 03:39:13 parsed 1 programs
[  101.081806][ T5839] cgroup: Unknown subsys name 'net'
[  101.225030][ T5839] cgroup: Unknown subsys name 'cpuset'
[  101.233056][ T5839] cgroup: Unknown subsys name 'rlimit'
[  102.645980][ T5839] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  105.031744][ T5845] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  106.088594][ T5874] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  106.096592][ T5874] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  106.104875][ T5874] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  106.114058][ T5874] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  106.122313][ T5874] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  106.129770][ T5874] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  106.791171][ T5896] chnl_net:caif_netlink_parms(): no params data found
[  106.853139][ T5896] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.860259][ T5896] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.869035][ T5896] bridge_slave_0: entered allmulticast mode
[  106.876270][ T5896] bridge_slave_0: entered promiscuous mode
[  106.885788][ T5896] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.893624][ T5896] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.900725][ T5896] bridge_slave_1: entered allmulticast mode
[  106.907383][ T5896] bridge_slave_1: entered promiscuous mode
[  106.929970][ T5896] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  106.940686][ T5896] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  106.968398][ T5896] team0: Port device team_slave_0 added
[  106.977031][ T5896] team0: Port device team_slave_1 added
[  107.009239][ T5896] batman_adv: batadv0: Adding interface: batadv_slave_0
[  107.016312][ T5896] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.043310][ T5896] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  107.056442][ T5896] batman_adv: batadv0: Adding interface: batadv_slave_1
[  107.063549][ T5896] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.089551][ T5896] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  107.130724][ T5896] hsr_slave_0: entered promiscuous mode
[  107.137883][ T5896] hsr_slave_1: entered promiscuous mode
[  107.235570][ T5896] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  107.244827][ T5896] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  107.254394][ T5896] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  107.263408][ T5896] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  107.314142][ T5896] 8021q: adding VLAN 0 to HW filter on device bond0
[  107.337945][ T5896] 8021q: adding VLAN 0 to HW filter on device team0
[  107.348484][   T62] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.355722][   T62] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.369353][   T62] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.376447][   T62] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.496240][ T5896] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.526216][ T5896] veth0_vlan: entered promiscuous mode
[  107.536660][ T5896] veth1_vlan: entered promiscuous mode
[  107.557417][ T5896] veth0_macvtap: entered promiscuous mode
[  107.565373][ T5896] veth1_macvtap: entered promiscuous mode
[  107.579982][ T5896] batman_adv: batadv0: Interface activated: batadv_slave_0
[  107.594733][ T5896] batman_adv: batadv0: Interface activated: batadv_slave_1
[  107.605619][ T5896] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  107.614755][ T5896] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  107.623659][ T5896] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  107.632730][ T5896] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  107.761591][   T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.835577][   T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.886262][   T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.947161][   T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.008723][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.021443][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.044716][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.053635][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/02/21 03:39:23 executed programs: 0
[  109.002469][ T5874] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  109.010482][ T5874] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  109.018607][ T5874] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  109.027124][ T5874] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  109.037308][ T5874] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  109.044754][ T5874] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  109.145978][ T5947] chnl_net:caif_netlink_parms(): no params data found
[  109.188625][ T5947] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.196288][ T5947] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.203764][ T5947] bridge_slave_0: entered allmulticast mode
[  109.210245][ T5947] bridge_slave_0: entered promiscuous mode
[  109.218318][ T5947] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.225621][ T5947] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.233662][ T5947] bridge_slave_1: entered allmulticast mode
[  109.240480][ T5947] bridge_slave_1: entered promiscuous mode
[  109.263373][ T5947] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  109.275150][ T5947] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  109.300818][ T5947] team0: Port device team_slave_0 added
[  109.310067][ T5947] team0: Port device team_slave_1 added
[  109.333550][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_0
[  109.340659][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.367321][ T5947] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  109.379885][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_1
[  109.387099][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.413277][ T5947] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  109.446636][ T5947] hsr_slave_0: entered promiscuous mode
[  109.453189][ T5947] hsr_slave_1: entered promiscuous mode
[  109.459160][ T5947] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  109.467097][ T5947] Cannot create hsr debugfs directory
[  111.132663][ T5146] Bluetooth: hci0: command tx timeout
[  111.258015][   T35] bridge_slave_1: left allmulticast mode
[  111.263998][   T35] bridge_slave_1: left promiscuous mode
[  111.272499][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  111.284775][   T35] bridge_slave_0: left allmulticast mode
[  111.290574][   T35] bridge_slave_0: left promiscuous mode
[  111.296805][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  111.508650][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  111.518938][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  111.528777][   T35] bond0 (unregistering): Released all slaves
[  111.599025][   T35] hsr_slave_0: left promiscuous mode
[  111.614218][   T35] hsr_slave_1: left promiscuous mode
[  111.620116][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  111.630633][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  111.643356][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  111.650748][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  111.671290][   T35] veth1_macvtap: left promiscuous mode
[  111.677830][   T35] veth0_macvtap: left promiscuous mode
[  111.683888][   T35] veth1_vlan: left promiscuous mode
[  111.689318][   T35] veth0_vlan: left promiscuous mode
[  112.031155][   T35] team0 (unregistering): Port device team_slave_1 removed
[  112.056376][   T35] team0 (unregistering): Port device team_slave_0 removed
[  112.565169][ T5947] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  112.578196][ T5947] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  112.592390][ T5947] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  112.614967][ T5947] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  112.828673][ T5947] 8021q: adding VLAN 0 to HW filter on device bond0
[  112.853054][ T5947] 8021q: adding VLAN 0 to HW filter on device team0
[  112.870509][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.877641][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  112.902741][   T62] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.909974][   T62] bridge0: port 2(bridge_slave_1) entered forwarding state
[  112.973334][ T5947] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  112.993066][ T5947] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  113.212400][ T5146] Bluetooth: hci0: command tx timeout
[  113.264848][ T5947] 8021q: adding VLAN 0 to HW filter on device batadv0
[  113.316733][ T5947] veth0_vlan: entered promiscuous mode
[  113.333729][ T5947] veth1_vlan: entered promiscuous mode
[  113.383792][ T5947] veth0_macvtap: entered promiscuous mode
[  113.403760][ T5947] veth1_macvtap: entered promiscuous mode
[  113.429194][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_0
[  113.449603][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_1
[  113.468960][ T5947] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  113.478609][ T5947] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  113.487646][ T5947] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  113.497691][ T5947] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  113.568780][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.584326][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.610444][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.620592][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/02/21 03:39:28 executed programs: 15
[  115.292890][ T5146] Bluetooth: hci0: command tx timeout
[  117.372070][ T5146] Bluetooth: hci0: command tx timeout
2025/02/21 03:39:33 executed programs: 292
2025/02/21 03:39:38 executed programs: 570
[  124.577348][ T5874] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  124.585650][ T5874] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  124.594295][ T5874] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  124.603334][ T5874] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  124.611213][ T5874] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  124.618745][ T5874] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  124.708617][ T6633] chnl_net:caif_netlink_parms(): no params data found
[  124.730745][   T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  124.776064][ T6633] bridge0: port 1(bridge_slave_0) entered blocking state
[  124.783234][ T6633] bridge0: port 1(bridge_slave_0) entered disabled state
[  124.790301][ T6633] bridge_slave_0: entered allmulticast mode
[  124.797627][ T6633] bridge_slave_0: entered promiscuous mode
[  124.811509][   T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  124.825211][ T6633] bridge0: port 2(bridge_slave_1) entered blocking state
[  124.832779][ T6633] bridge0: port 2(bridge_slave_1) entered disabled state
[  124.839851][ T6633] bridge_slave_1: entered allmulticast mode
[  124.847006][ T6633] bridge_slave_1: entered promiscuous mode
[  124.865992][   T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  124.887311][ T6633] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  124.898556][ T6633] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  124.921303][ T6633] team0: Port device team_slave_0 added
[  124.930173][ T6633] team0: Port device team_slave_1 added
[  124.943813][   T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  124.967450][ T6633] batman_adv: batadv0: Adding interface: batadv_slave_0
[  124.975352][ T6633] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  125.001392][ T6633] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  125.014318][ T6633] batman_adv: batadv0: Adding interface: batadv_slave_1
[  125.021279][ T6633] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  125.047531][ T6633] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  125.091690][ T6633] hsr_slave_0: entered promiscuous mode
[  125.098063][ T6633] hsr_slave_1: entered promiscuous mode
[  125.130895][   T35] bridge_slave_1: left allmulticast mode
[  125.145133][   T35] bridge_slave_1: left promiscuous mode
[  125.150850][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  125.161602][   T35] bridge_slave_0: left allmulticast mode
[  125.168142][   T35] bridge_slave_0: left promiscuous mode
[  125.174130][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  125.370064][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  125.381713][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  125.392696][   T35] bond0 (unregistering): Released all slaves
[  125.636000][   T35] hsr_slave_0: left promiscuous mode
[  125.644771][   T35] hsr_slave_1: left promiscuous mode
[  125.650889][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  125.658698][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  125.670531][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  125.678393][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  125.698051][   T35] veth1_macvtap: left promiscuous mode
[  125.706203][   T35] veth0_macvtap: left promiscuous mode
[  125.711836][   T35] veth1_vlan: left promiscuous mode
[  125.717633][   T35] veth0_vlan: left promiscuous mode
[  125.996386][   T35] team0 (unregistering): Port device team_slave_1 removed
[  126.023102][   T35] team0 (unregistering): Port device team_slave_0 removed
[  126.462284][ T6633] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  126.471851][ T6633] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  126.483057][ T6633] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  126.495140][ T6633] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  126.609868][ T6633] 8021q: adding VLAN 0 to HW filter on device bond0
[  126.634042][ T6633] 8021q: adding VLAN 0 to HW filter on device team0
[  126.647337][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.654486][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[  126.665010][ T5874] Bluetooth: hci1: command tx timeout
[  126.674303][ T1012] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.681360][ T1012] bridge0: port 2(bridge_slave_1) entered forwarding state
[  126.788724][ T6633] 8021q: adding VLAN 0 to HW filter on device batadv0
[  126.818190][ T6633] veth0_vlan: entered promiscuous mode
[  126.827747][ T6633] veth1_vlan: entered promiscuous mode
[  126.850143][ T6633] veth0_macvtap: entered promiscuous mode
[  126.858351][ T6633] veth1_macvtap: entered promiscuous mode
[  126.871220][ T6633] batman_adv: batadv0: Interface activated: batadv_slave_0
[  126.885097][ T6633] batman_adv: batadv0: Interface activated: batadv_slave_1
[  126.895559][ T6633] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  126.905128][ T6633] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  126.913883][ T6633] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  126.922715][ T6633] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  126.969247][ T1012] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.978315][ T1012] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.997468][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.005450][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.054953][ T6677] ==================================================================
[  127.063015][ T6677] BUG: KASAN: slab-use-after-free in force_devcd_write+0x317/0x330
[  127.070899][ T6677] Read of size 8 at addr ffff88805fefd000 by task syz.0.616/6677
[  127.078596][ T6677] 
[  127.080916][ T6677] CPU: 0 UID: 0 PID: 6677 Comm: syz.0.616 Not tainted 6.14.0-rc3-syzkaller-00096-ge9a8cac0bf89 #0
[  127.080933][ T6677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  127.080944][ T6677] Call Trace:
[  127.080949][ T6677]  <TASK>
[  127.080957][ T6677]  dump_stack_lvl+0x116/0x1f0
[  127.080979][ T6677]  print_report+0xc3/0x670
[  127.081000][ T6677]  ? __virt_addr_valid+0x5e/0x590
[  127.081014][ T6677]  ? __phys_addr+0xc6/0x150
[  127.081027][ T6677]  kasan_report+0xd9/0x110
[  127.081038][ T6677]  ? force_devcd_write+0x317/0x330
[  127.081055][ T6677]  ? force_devcd_write+0x317/0x330
[  127.081073][ T6677]  force_devcd_write+0x317/0x330
[  127.081089][ T6677]  ? __pfx_force_devcd_write+0x10/0x10
[  127.081106][ T6677]  ? __debugfs_file_get+0x1ff/0x850
[  127.081123][ T6677]  ? __pfx___debugfs_file_get+0x10/0x10
[  127.081139][ T6677]  ? rcu_is_watching+0x12/0xc0
[  127.081153][ T6677]  ? trace_lock_acquire+0x14e/0x1f0
[  127.081169][ T6677]  full_proxy_write+0x13c/0x200
[  127.081186][ T6677]  ? __pfx_full_proxy_write+0x10/0x10
[  127.081202][ T6677]  vfs_write+0x24c/0x1150
[  127.081221][ T6677]  ? __pfx_vfs_write+0x10/0x10
[  127.081238][ T6677]  ? do_futex+0x123/0x350
[  127.081254][ T6677]  ? __pfx_do_futex+0x10/0x10
[  127.081271][ T6677]  ? __x64_sys_futex+0x1e1/0x4c0
[  127.081291][ T6677]  ? __x64_sys_futex+0x1ea/0x4c0
[  127.081307][ T6677]  ksys_write+0x12b/0x250
[  127.081324][ T6677]  ? __pfx_ksys_write+0x10/0x10
[  127.081344][ T6677]  do_syscall_64+0xcd/0x250
[  127.081361][ T6677]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.081380][ T6677] RIP: 0033:0x7f244098d0a9
[  127.081390][ T6677] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  127.081406][ T6677] RSP: 002b:00007ffcd068bfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  127.081419][ T6677] RAX: ffffffffffffffda RBX: 00007f2440ba5fa0 RCX: 00007f244098d0a9
[  127.081428][ T6677] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  127.081436][ T6677] RBP: 00007f2440a0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  127.081444][ T6677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  127.081451][ T6677] R13: 00007f2440ba5fa0 R14: 00007f2440ba5fa0 R15: 0000000000000003
[  127.081463][ T6677]  </TASK>
[  127.081467][ T6677] 
[  127.308674][ T6677] Allocated by task 5947:
[  127.312991][ T6677]  kasan_save_stack+0x33/0x60
[  127.317675][ T6677]  kasan_save_track+0x14/0x30
[  127.322355][ T6677]  __kasan_kmalloc+0xaa/0xb0
[  127.326945][ T6677]  vhci_open+0x4c/0x430
[  127.331097][ T6677]  misc_open+0x35a/0x420
[  127.335335][ T6677]  chrdev_open+0x237/0x6a0
[  127.339754][ T6677]  do_dentry_open+0x735/0x1c40
[  127.344526][ T6677]  vfs_open+0x82/0x3f0
[  127.348589][ T6677]  path_openat+0x1e88/0x2d80
[  127.353180][ T6677]  do_filp_open+0x20c/0x470
[  127.357683][ T6677]  do_sys_openat2+0x17a/0x1e0
[  127.362353][ T6677]  __x64_sys_openat+0x175/0x210
[  127.367198][ T6677]  do_syscall_64+0xcd/0x250
[  127.371699][ T6677]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.377597][ T6677] 
[  127.379910][ T6677] Freed by task 5947:
[  127.383877][ T6677]  kasan_save_stack+0x33/0x60
[  127.388555][ T6677]  kasan_save_track+0x14/0x30
[  127.393234][ T6677]  kasan_save_free_info+0x3b/0x60
[  127.398257][ T6677]  __kasan_slab_free+0x51/0x70
[  127.403026][ T6677]  kfree+0x2c4/0x4d0
[  127.406923][ T6677]  vhci_release+0xbb/0xf0
[  127.411248][ T6677]  __fput+0x3ff/0xb70
[  127.415224][ T6677]  task_work_run+0x14e/0x250
[  127.419814][ T6677]  do_exit+0xad8/0x2d70
[  127.423964][ T6677]  do_group_exit+0xd3/0x2a0
[  127.428462][ T6677]  get_signal+0x24ed/0x26c0
[  127.432970][ T6677]  arch_do_signal_or_restart+0x90/0x7e0
[  127.438516][ T6677]  syscall_exit_to_user_mode+0x150/0x2a0
[  127.444146][ T6677]  do_syscall_64+0xda/0x250
[  127.448645][ T6677]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.454540][ T6677] 
[  127.456852][ T6677] The buggy address belongs to the object at ffff88805fefd000
[  127.456852][ T6677]  which belongs to the cache kmalloc-1k of size 1024
[  127.470896][ T6677] The buggy address is located 0 bytes inside of
[  127.470896][ T6677]  freed 1024-byte region [ffff88805fefd000, ffff88805fefd400)
[  127.484599][ T6677] 
[  127.486914][ T6677] The buggy address belongs to the physical page:
[  127.493321][ T6677] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5fef8
[  127.502078][ T6677] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  127.510568][ T6677] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  127.518109][ T6677] page_type: f5(slab)
[  127.522086][ T6677] raw: 00fff00000000040 ffff88801b041dc0 ffffea0000a0b200 dead000000000002
[  127.530662][ T6677] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  127.539238][ T6677] head: 00fff00000000040 ffff88801b041dc0 ffffea0000a0b200 dead000000000002
[  127.547900][ T6677] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  127.556565][ T6677] head: 00fff00000000003 ffffea00017fbe01 ffffffffffffffff 0000000000000000
[  127.565229][ T6677] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  127.573888][ T6677] page dumped because: kasan: bad access detected
[  127.580295][ T6677] page_owner tracks the page as allocated
[  127.585996][ T6677] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5830, tgid 5830 (syz-execprog), ts 108932995711, free_ts 108552593277
[  127.605442][ T6677]  post_alloc_hook+0x181/0x1b0
[  127.610213][ T6677]  get_page_from_freelist+0xfce/0x2f80
[  127.615675][ T6677]  __alloc_frozen_pages_noprof+0x221/0x2470
[  127.621574][ T6677]  alloc_pages_mpol+0x1fc/0x540
[  127.626416][ T6677]  new_slab+0x23d/0x330
[  127.630573][ T6677]  ___slab_alloc+0xc5d/0x1720
[  127.635250][ T6677]  __slab_alloc.constprop.0+0x56/0xb0
[  127.640620][ T6677]  __kmalloc_noprof+0x2ec/0x510
[  127.645471][ T6677]  ieee802_11_parse_elems_full+0xf2/0x18c0
[  127.651287][ T6677]  ieee80211_inform_bss+0xfd/0x1100
[  127.656487][ T6677]  cfg80211_inform_single_bss_data+0x8f9/0x1df0
[  127.662731][ T6677]  cfg80211_inform_bss_data+0x205/0x3ba0
[  127.668359][ T6677]  cfg80211_inform_bss_frame_data+0x272/0x7a0
[  127.674423][ T6677]  ieee80211_bss_info_update+0x311/0xab0
[  127.680059][ T6677]  ieee80211_scan_rx+0x474/0xac0
[  127.684998][ T6677]  ieee80211_rx_list+0x1bd7/0x2970
[  127.690113][ T6677] page last free pid 5927 tgid 5927 stack trace:
[  127.696426][ T6677]  free_frozen_pages+0x6db/0xfb0
[  127.701365][ T6677]  vfree+0x174/0x950
[  127.705260][ T6677]  kcov_put+0x2a/0x40
[  127.709246][ T6677]  kcov_close+0xd/0x20
[  127.713317][ T6677]  __fput+0x3ff/0xb70
[  127.717293][ T6677]  task_work_run+0x14e/0x250
[  127.721882][ T6677]  do_exit+0xad8/0x2d70
[  127.726031][ T6677]  do_group_exit+0xd3/0x2a0
[  127.730531][ T6677]  get_signal+0x24ed/0x26c0
[  127.735038][ T6677]  arch_do_signal_or_restart+0x90/0x7e0
[  127.740579][ T6677]  syscall_exit_to_user_mode+0x150/0x2a0
[  127.746209][ T6677]  do_syscall_64+0xda/0x250
[  127.750709][ T6677]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.756603][ T6677] 
[  127.758914][ T6677] Memory state around the buggy address:
[  127.764531][ T6677]  ffff88805fefcf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  127.772582][ T6677]  ffff88805fefcf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  127.780634][ T6677] >ffff88805fefd000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  127.788683][ T6677]                    ^
[  127.792738][ T6677]  ffff88805fefd080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  127.800788][ T6677]  ffff88805fefd100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  127.808839][ T6677] ==================================================================
[  127.833915][ T6677] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  127.841127][ T6677] CPU: 0 UID: 0 PID: 6677 Comm: syz.0.616 Not tainted 6.14.0-rc3-syzkaller-00096-ge9a8cac0bf89 #0
[  127.851710][ T6677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  127.861759][ T6677] Call Trace:
[  127.865030][ T6677]  <TASK>
[  127.867954][ T6677]  dump_stack_lvl+0x3d/0x1f0
[  127.872546][ T6677]  panic+0x71d/0x800
[  127.876439][ T6677]  ? __pfx_panic+0x10/0x10
[  127.880862][ T6677]  ? preempt_schedule_thunk+0x1a/0x30
[  127.886241][ T6677]  ? preempt_schedule_common+0x44/0xc0
[  127.891702][ T6677]  ? check_panic_on_warn+0x1f/0xb0
[  127.896816][ T6677]  check_panic_on_warn+0xab/0xb0
[  127.901751][ T6677]  end_report+0x117/0x180
[  127.906087][ T6677]  kasan_report+0xe9/0x110
[  127.910505][ T6677]  ? force_devcd_write+0x317/0x330
[  127.915619][ T6677]  ? force_devcd_write+0x317/0x330
[  127.920734][ T6677]  force_devcd_write+0x317/0x330
[  127.925673][ T6677]  ? __pfx_force_devcd_write+0x10/0x10
[  127.931130][ T6677]  ? __debugfs_file_get+0x1ff/0x850
[  127.936330][ T6677]  ? __pfx___debugfs_file_get+0x10/0x10
[  127.941874][ T6677]  ? rcu_is_watching+0x12/0xc0
[  127.946636][ T6677]  ? trace_lock_acquire+0x14e/0x1f0
[  127.951832][ T6677]  full_proxy_write+0x13c/0x200
[  127.956685][ T6677]  ? __pfx_full_proxy_write+0x10/0x10
[  127.962058][ T6677]  vfs_write+0x24c/0x1150
[  127.966392][ T6677]  ? __pfx_vfs_write+0x10/0x10
[  127.971158][ T6677]  ? do_futex+0x123/0x350
[  127.975489][ T6677]  ? __pfx_do_futex+0x10/0x10
[  127.980172][ T6677]  ? __x64_sys_futex+0x1e1/0x4c0
[  127.985110][ T6677]  ? __x64_sys_futex+0x1ea/0x4c0
[  127.990048][ T6677]  ksys_write+0x12b/0x250
[  127.994380][ T6677]  ? __pfx_ksys_write+0x10/0x10
[  127.999238][ T6677]  do_syscall_64+0xcd/0x250
[  128.003741][ T6677]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.009637][ T6677] RIP: 0033:0x7f244098d0a9
[  128.014046][ T6677] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  128.033649][ T6677] RSP: 002b:00007ffcd068bfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  128.042061][ T6677] RAX: ffffffffffffffda RBX: 00007f2440ba5fa0 RCX: 00007f244098d0a9
[  128.050027][ T6677] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  128.057990][ T6677] RBP: 00007f2440a0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  128.065953][ T6677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  128.073916][ T6677] R13: 00007f2440ba5fa0 R14: 00007f2440ba5fa0 R15: 0000000000000003
[  128.081886][ T6677]  </TASK>
[  128.085111][ T6677] Kernel Offset: disabled
[  128.089423][ T6677] Rebooting in 86400 seconds..