Warning: Permanently added '10.128.0.145' (ED25519) to the list of known hosts.
2025/02/01 04:09:30 ignoring optional flag "sandboxArg"="0"
2025/02/01 04:09:32 parsed 1 programs
[   90.631420][ T5839] cgroup: Unknown subsys name 'net'
[   90.750492][ T5839] cgroup: Unknown subsys name 'cpuset'
[   90.758911][ T5839] cgroup: Unknown subsys name 'rlimit'
[   92.719717][ T5839] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   95.031466][ T5848] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   97.259933][   T47] cfg80211: failed to load regulatory.db
[   98.124857][ T3494] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.140011][ T3494] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.170855][ T3566] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.180791][ T3566] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.504006][ T5920] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   98.517326][ T5920] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   98.525150][ T5920] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   98.533960][ T5920] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   98.542448][ T5920] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   98.550094][ T5920] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   98.883441][ T5927] chnl_net:caif_netlink_parms(): no params data found
[   99.037407][ T5927] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.044543][ T5927] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.052459][ T5927] bridge_slave_0: entered allmulticast mode
[   99.061395][ T5927] bridge_slave_0: entered promiscuous mode
[   99.070969][ T5927] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.078214][ T5927] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.085382][ T5927] bridge_slave_1: entered allmulticast mode
[   99.092829][ T5927] bridge_slave_1: entered promiscuous mode
[   99.121724][ T5927] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.133733][ T5927] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.169153][ T5927] team0: Port device team_slave_0 added
[   99.177946][ T5927] team0: Port device team_slave_1 added
[   99.203840][ T5927] batman_adv: batadv0: Adding interface: batadv_slave_0
[   99.212430][ T5927] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.238540][ T5927] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   99.252678][ T5927] batman_adv: batadv0: Adding interface: batadv_slave_1
[   99.260022][ T5927] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.286725][ T5927] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   99.323959][ T5927] hsr_slave_0: entered promiscuous mode
[   99.330360][ T5927] hsr_slave_1: entered promiscuous mode
[   99.443104][ T5927] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   99.453628][ T5927] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   99.463418][ T5927] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   99.473324][ T5927] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   99.499042][ T5927] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.506350][ T5927] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.514197][ T5927] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.521380][ T5927] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.575563][ T5927] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.587980][   T82] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.596898][   T82] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.622920][ T5927] 8021q: adding VLAN 0 to HW filter on device team0
[   99.636066][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.643853][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.658490][   T82] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.665805][   T82] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.818929][ T5927] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.856205][ T5927] veth0_vlan: entered promiscuous mode
[   99.868031][ T5927] veth1_vlan: entered promiscuous mode
[   99.894764][ T5927] veth0_macvtap: entered promiscuous mode
[   99.904182][ T5927] veth1_macvtap: entered promiscuous mode
[   99.922872][ T5927] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.937355][ T5927] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.949257][ T5927] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.958219][ T5927] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.969610][ T5927] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.985984][ T5927] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.144102][   T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.223490][   T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.292651][   T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.356874][   T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/02/01 04:09:45 executed programs: 0
[  100.532383][ T5920] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  100.541361][ T5920] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  100.551557][ T5920] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  100.561471][ T5920] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  100.570838][ T5920] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  100.578641][ T5920] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  100.707783][ T5949] chnl_net:caif_netlink_parms(): no params data found
[  100.763838][ T5949] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.771170][ T5949] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.779570][ T5949] bridge_slave_0: entered allmulticast mode
[  100.786904][ T5949] bridge_slave_0: entered promiscuous mode
[  100.798072][ T5949] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.805169][ T5949] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.812951][ T5949] bridge_slave_1: entered allmulticast mode
[  100.820547][ T5949] bridge_slave_1: entered promiscuous mode
[  100.845201][ T5949] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  100.858984][ T5949] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.888425][ T5949] team0: Port device team_slave_0 added
[  100.896034][ T5949] team0: Port device team_slave_1 added
[  100.919678][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_0
[  100.926802][ T5949] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  100.953162][ T5949] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  100.968073][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_1
[  100.975055][ T5949] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.001074][ T5949] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  101.051143][ T5949] hsr_slave_0: entered promiscuous mode
[  101.058102][ T5949] hsr_slave_1: entered promiscuous mode
[  101.064103][ T5949] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  101.073160][ T5949] Cannot create hsr debugfs directory
[  102.628402][ T5920] Bluetooth: hci0: command tx timeout
[  103.521165][   T35] bridge_slave_1: left allmulticast mode
[  103.530095][   T35] bridge_slave_1: left promiscuous mode
[  103.537639][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.563987][   T35] bridge_slave_0: left allmulticast mode
[  103.572538][   T35] bridge_slave_0: left promiscuous mode
[  103.578926][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.931461][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  103.944074][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  103.954904][   T35] bond0 (unregistering): Released all slaves
[  104.085161][   T35] hsr_slave_0: left promiscuous mode
[  104.093128][   T35] hsr_slave_1: left promiscuous mode
[  104.106316][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  104.116566][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  104.128222][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  104.135672][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  104.174543][   T35] veth1_macvtap: left promiscuous mode
[  104.182330][   T35] veth0_macvtap: left promiscuous mode
[  104.190229][   T35] veth1_vlan: left promiscuous mode
[  104.195790][   T35] veth0_vlan: left promiscuous mode
[  104.593242][   T35] team0 (unregistering): Port device team_slave_1 removed
[  104.623468][   T35] team0 (unregistering): Port device team_slave_0 removed
[  104.696360][ T5920] Bluetooth: hci0: command tx timeout
[  105.093146][ T5949] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  105.136690][ T5949] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  105.161863][ T5949] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  105.191300][ T5949] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  105.466792][ T5949] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.512101][ T5949] 8021q: adding VLAN 0 to HW filter on device team0
[  105.555612][   T82] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.562816][   T82] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.595480][   T82] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.602702][   T82] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.888233][ T5949] 8021q: adding VLAN 0 to HW filter on device batadv0
[  105.943567][ T5949] veth0_vlan: entered promiscuous mode
[  105.959500][ T5949] veth1_vlan: entered promiscuous mode
[  105.993125][ T5949] veth0_macvtap: entered promiscuous mode
[  106.005046][ T5949] veth1_macvtap: entered promiscuous mode
[  106.031527][ T5949] batman_adv: batadv0: Interface activated: batadv_slave_0
[  106.047980][ T5949] batman_adv: batadv0: Interface activated: batadv_slave_1
[  106.063644][ T5949] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  106.074401][ T5949] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  106.085305][ T5949] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  106.095203][ T5949] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  106.185448][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.206552][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  106.249852][   T82] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.262066][   T82] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/02/01 04:09:51 executed programs: 2
[  106.776359][ T5920] Bluetooth: hci0: command tx timeout
[  108.857843][ T5920] Bluetooth: hci0: command tx timeout
2025/02/01 04:09:56 executed programs: 236
2025/02/01 04:10:01 executed programs: 482
[  118.895154][ T5146] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  118.905426][ T5146] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  118.914010][ T5146] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  118.923493][ T5146] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  118.931780][ T5146] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  118.939436][ T5146] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  119.067043][ T3494] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  119.110967][ T6635] chnl_net:caif_netlink_parms(): no params data found
[  119.159169][ T3494] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  119.192408][ T6635] bridge0: port 1(bridge_slave_0) entered blocking state
[  119.200103][ T6635] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.207715][ T6635] bridge_slave_0: entered allmulticast mode
[  119.214466][ T6635] bridge_slave_0: entered promiscuous mode
[  119.232336][ T3494] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  119.248090][ T6635] bridge0: port 2(bridge_slave_1) entered blocking state
[  119.255238][ T6635] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.262622][ T6635] bridge_slave_1: entered allmulticast mode
[  119.269951][ T6635] bridge_slave_1: entered promiscuous mode
[  119.308694][ T3494] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  119.325101][ T6635] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  119.336723][ T6635] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  119.368947][ T6635] team0: Port device team_slave_0 added
[  119.378572][ T6635] team0: Port device team_slave_1 added
[  119.403889][ T6635] batman_adv: batadv0: Adding interface: batadv_slave_0
[  119.410977][ T6635] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  119.438446][ T6635] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  119.469372][ T6635] batman_adv: batadv0: Adding interface: batadv_slave_1
[  119.479146][ T6635] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  119.506536][ T6635] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  119.555929][ T3494] bridge_slave_1: left allmulticast mode
[  119.561844][ T3494] bridge_slave_1: left promiscuous mode
[  119.567694][ T3494] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.578060][ T3494] bridge_slave_0: left allmulticast mode
[  119.583743][ T3494] bridge_slave_0: left promiscuous mode
[  119.590384][ T3494] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.844947][ T3494] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  119.855804][ T3494] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  119.866016][ T3494] bond0 (unregistering): Released all slaves
[  119.901953][ T6635] hsr_slave_0: entered promiscuous mode
[  119.908481][ T6635] hsr_slave_1: entered promiscuous mode
[  120.164957][ T3494] hsr_slave_0: left promiscuous mode
[  120.171005][ T3494] hsr_slave_1: left promiscuous mode
[  120.181385][ T3494] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  120.189317][ T3494] batman_adv: batadv0: Removing interface: batadv_slave_0
[  120.200854][ T3494] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  120.208648][ T3494] batman_adv: batadv0: Removing interface: batadv_slave_1
[  120.231370][ T3494] veth1_macvtap: left promiscuous mode
[  120.241195][ T3494] veth0_macvtap: left promiscuous mode
[  120.247391][ T3494] veth1_vlan: left promiscuous mode
[  120.252755][ T3494] veth0_vlan: left promiscuous mode
[  120.635622][ T3494] team0 (unregistering): Port device team_slave_1 removed
[  120.666770][ T3494] team0 (unregistering): Port device team_slave_0 removed
[  121.018038][ T5920] Bluetooth: hci1: command tx timeout
[  121.183411][ T6635] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  121.195039][ T6635] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  121.206073][ T6635] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  121.215775][ T6635] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  121.317857][ T6635] 8021q: adding VLAN 0 to HW filter on device bond0
[  121.352443][ T6635] 8021q: adding VLAN 0 to HW filter on device team0
[  121.365321][ T3494] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.372564][ T3494] bridge0: port 1(bridge_slave_0) entered forwarding state
[  121.389146][ T3494] bridge0: port 2(bridge_slave_1) entered blocking state
[  121.396359][ T3494] bridge0: port 2(bridge_slave_1) entered forwarding state
[  121.634756][ T6635] 8021q: adding VLAN 0 to HW filter on device batadv0
[  121.688796][ T6635] veth0_vlan: entered promiscuous mode
[  121.703112][ T6635] veth1_vlan: entered promiscuous mode
[  121.736255][ T6635] veth0_macvtap: entered promiscuous mode
[  121.745675][ T6635] veth1_macvtap: entered promiscuous mode
[  121.766902][ T6635] batman_adv: batadv0: Interface activated: batadv_slave_0
[  121.782661][ T6635] batman_adv: batadv0: Interface activated: batadv_slave_1
[  121.794797][ T6635] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  121.806467][ T6635] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  121.815230][ T6635] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  121.825297][ T6635] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  121.901962][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.915990][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.951508][ T3566] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.962276][ T3566] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/02/01 04:10:07 executed programs: 602
[  122.054911][ T6694] ==================================================================
[  122.063049][ T6694] BUG: KASAN: slab-use-after-free in force_devcd_write+0x31f/0x350
[  122.071026][ T6694] Read of size 8 at addr ffff888028d7d000 by task syz.0.616/6694
[  122.078768][ T6694] 
[  122.081144][ T6694] CPU: 0 UID: 0 PID: 6694 Comm: syz.0.616 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0
[  122.081170][ T6694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  122.081188][ T6694] Call Trace:
[  122.081195][ T6694]  <TASK>
[  122.081205][ T6694]  dump_stack_lvl+0x116/0x1f0
[  122.081246][ T6694]  print_report+0xc3/0x620
[  122.081273][ T6694]  ? __virt_addr_valid+0x5e/0x590
[  122.081293][ T6694]  ? __phys_addr+0xc6/0x150
[  122.081329][ T6694]  kasan_report+0xd9/0x110
[  122.081367][ T6694]  ? force_devcd_write+0x31f/0x350
[  122.081393][ T6694]  ? force_devcd_write+0x31f/0x350
[  122.081420][ T6694]  force_devcd_write+0x31f/0x350
[  122.081445][ T6694]  ? __pfx_force_devcd_write+0x10/0x10
[  122.081471][ T6694]  ? __debugfs_file_get+0x1ff/0x940
[  122.081505][ T6694]  ? __pfx___debugfs_file_get+0x10/0x10
[  122.081539][ T6694]  ? rcu_is_watching+0x12/0xc0
[  122.081572][ T6694]  ? trace_lock_acquire+0x14e/0x1f0
[  122.081594][ T6694]  full_proxy_write+0x13c/0x200
[  122.081628][ T6694]  ? __pfx_full_proxy_write+0x10/0x10
[  122.081662][ T6694]  vfs_write+0x24c/0x1150
[  122.081685][ T6694]  ? __pfx_vfs_write+0x10/0x10
[  122.081704][ T6694]  ? do_futex+0x123/0x350
[  122.081725][ T6694]  ? __pfx_do_futex+0x10/0x10
[  122.081749][ T6694]  ? __x64_sys_futex+0x1e1/0x4c0
[  122.081770][ T6694]  ? __x64_sys_futex+0x1ea/0x4c0
[  122.081792][ T6694]  ksys_write+0x12b/0x250
[  122.081812][ T6694]  ? __pfx_ksys_write+0x10/0x10
[  122.081836][ T6694]  do_syscall_64+0xcd/0x250
[  122.081871][ T6694]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.081901][ T6694] RIP: 0033:0x7f377c18cda9
[  122.081920][ T6694] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  122.081944][ T6694] RSP: 002b:00007ffdcb83a168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  122.081964][ T6694] RAX: ffffffffffffffda RBX: 00007f377c3a5fa0 RCX: 00007f377c18cda9
[  122.081989][ T6694] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  122.082002][ T6694] RBP: 00007f377c20e2a0 R08: 0000000000000000 R09: 0000000000000000
[  122.082015][ T6694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  122.082027][ T6694] R13: 00007f377c3a5fa0 R14: 00007f377c3a5fa0 R15: 0000000000001d62
[  122.082047][ T6694]  </TASK>
[  122.082054][ T6694] 
[  122.308338][ T6694] Allocated by task 5949:
[  122.312692][ T6694]  kasan_save_stack+0x33/0x60
[  122.317409][ T6694]  kasan_save_track+0x14/0x30
[  122.322095][ T6694]  __kasan_kmalloc+0xaa/0xb0
[  122.326723][ T6694]  vhci_open+0x4c/0x430
[  122.330893][ T6694]  misc_open+0x35a/0x420
[  122.335172][ T6694]  chrdev_open+0x237/0x6a0
[  122.339593][ T6694]  do_dentry_open+0x735/0x1c40
[  122.344377][ T6694]  vfs_open+0x82/0x3f0
[  122.348478][ T6694]  path_openat+0x1e88/0x2d80
[  122.353081][ T6694]  do_filp_open+0x20c/0x470
[  122.357603][ T6694]  do_sys_openat2+0x17a/0x1e0
[  122.362346][ T6694]  __x64_sys_openat+0x175/0x210
[  122.367217][ T6694]  do_syscall_64+0xcd/0x250
[  122.371743][ T6694]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.377660][ T6694] 
[  122.379984][ T6694] Freed by task 5949:
[  122.383993][ T6694]  kasan_save_stack+0x33/0x60
[  122.388683][ T6694]  kasan_save_track+0x14/0x30
[  122.393369][ T6694]  kasan_save_free_info+0x3b/0x60
[  122.398413][ T6694]  __kasan_slab_free+0x51/0x70
[  122.403188][ T6694]  kfree+0x2c4/0x4d0
[  122.407097][ T6694]  vhci_release+0xbb/0xf0
[  122.411452][ T6694]  __fput+0x3ff/0xb70
[  122.415443][ T6694]  task_work_run+0x14e/0x250
[  122.420042][ T6694]  do_exit+0xad8/0x2d70
[  122.424279][ T6694]  do_group_exit+0xd3/0x2a0
[  122.428803][ T6694]  get_signal+0x2576/0x2610
[  122.433359][ T6694]  arch_do_signal_or_restart+0x90/0x7e0
[  122.438967][ T6694]  syscall_exit_to_user_mode+0x150/0x2a0
[  122.444651][ T6694]  do_syscall_64+0xda/0x250
[  122.449193][ T6694]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.455133][ T6694] 
[  122.457471][ T6694] The buggy address belongs to the object at ffff888028d7d000
[  122.457471][ T6694]  which belongs to the cache kmalloc-1k of size 1024
[  122.471554][ T6694] The buggy address is located 0 bytes inside of
[  122.471554][ T6694]  freed 1024-byte region [ffff888028d7d000, ffff888028d7d400)
[  122.485280][ T6694] 
[  122.487605][ T6694] The buggy address belongs to the physical page:
[  122.494033][ T6694] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28d78
[  122.502834][ T6694] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  122.511424][ T6694] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  122.518982][ T6694] page_type: f5(slab)
[  122.522965][ T6694] raw: 00fff00000000040 ffff88801b041dc0 dead000000000100 dead000000000122
[  122.531571][ T6694] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  122.540187][ T6694] head: 00fff00000000040 ffff88801b041dc0 dead000000000100 dead000000000122
[  122.548885][ T6694] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  122.557582][ T6694] head: 00fff00000000003 ffffea0000a35e01 ffffffffffffffff 0000000000000000
[  122.566303][ T6694] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  122.574981][ T6694] page dumped because: kasan: bad access detected
[  122.581399][ T6694] page_owner tracks the page as allocated
[  122.587112][ T6694] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5636, tgid 5636 (dhcpcd-run-hook), ts 59567703659, free_ts 59553210844
[  122.608748][ T6694]  post_alloc_hook+0x181/0x1b0
[  122.613521][ T6694]  get_page_from_freelist+0xfce/0x2f80
[  122.618991][ T6694]  __alloc_frozen_pages_noprof+0x221/0x2470
[  122.624899][ T6694]  alloc_pages_mpol+0x1fc/0x540
[  122.629766][ T6694]  new_slab+0x23d/0x330
[  122.633929][ T6694]  ___slab_alloc+0xbfa/0x1600
[  122.638615][ T6694]  __slab_alloc.constprop.0+0x56/0xb0
[  122.643993][ T6694]  __kmalloc_noprof+0x2de/0x4f0
[  122.648868][ T6694]  load_elf_phdrs+0x103/0x210
[  122.653578][ T6694]  load_elf_binary+0x1f8/0x4ff0
[  122.658463][ T6694]  bprm_execve+0x8dd/0x16d0
[  122.662975][ T6694]  do_execveat_common.isra.0+0x4a2/0x610
[  122.668614][ T6694]  __x64_sys_execve+0x8c/0xb0
[  122.673292][ T6694]  do_syscall_64+0xcd/0x250
[  122.677816][ T6694]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.683726][ T6694] page last free pid 5635 tgid 5635 stack trace:
[  122.690048][ T6694]  free_frozen_pages+0x6db/0xfb0
[  122.695007][ T6694]  __put_partials+0x14c/0x170
[  122.699687][ T6694]  qlist_free_all+0x4e/0x120
[  122.704281][ T6694]  kasan_quarantine_reduce+0x195/0x1e0
[  122.709748][ T6694]  __kasan_slab_alloc+0x69/0x90
[  122.714605][ T6694]  __kmalloc_noprof+0x1d1/0x4f0
[  122.719467][ T6694]  tomoyo_realpath_from_path+0xbf/0x710
[  122.725023][ T6694]  tomoyo_path_perm+0x276/0x480
[  122.729878][ T6694]  security_inode_getattr+0x116/0x290
[  122.735257][ T6694]  vfs_fstat+0x4b/0xd0
[  122.739336][ T6694]  vfs_fstatat+0xbc/0xf0
[  122.743589][ T6694]  __do_sys_newfstatat+0xa2/0x130
[  122.748651][ T6694]  do_syscall_64+0xcd/0x250
[  122.753198][ T6694]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.759107][ T6694] 
[  122.761440][ T6694] Memory state around the buggy address:
[  122.767083][ T6694]  ffff888028d7cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  122.775149][ T6694]  ffff888028d7cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  122.783222][ T6694] >ffff888028d7d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  122.791285][ T6694]                    ^
[  122.795353][ T6694]  ffff888028d7d080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  122.803417][ T6694]  ffff888028d7d100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  122.811483][ T6694] ==================================================================
[  122.838598][ T6694] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  122.845884][ T6694] CPU: 0 UID: 0 PID: 6694 Comm: syz.0.616 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0
[  122.856169][ T6694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  122.866263][ T6694] Call Trace:
[  122.869570][ T6694]  <TASK>
[  122.872521][ T6694]  dump_stack_lvl+0x3d/0x1f0
[  122.877132][ T6694]  panic+0x71d/0x800
[  122.881039][ T6694]  ? __pfx_panic+0x10/0x10
[  122.885459][ T6694]  ? preempt_schedule_thunk+0x1a/0x30
[  122.890846][ T6694]  ? preempt_schedule_common+0x44/0xc0
[  122.896328][ T6694]  ? check_panic_on_warn+0x1f/0xb0
[  122.901470][ T6694]  check_panic_on_warn+0xab/0xb0
[  122.906413][ T6694]  end_report+0x117/0x180
[  122.910750][ T6694]  kasan_report+0xe9/0x110
[  122.915302][ T6694]  ? force_devcd_write+0x31f/0x350
[  122.920428][ T6694]  ? force_devcd_write+0x31f/0x350
[  122.925558][ T6694]  force_devcd_write+0x31f/0x350
[  122.930510][ T6694]  ? __pfx_force_devcd_write+0x10/0x10
[  122.935977][ T6694]  ? __debugfs_file_get+0x1ff/0x940
[  122.941199][ T6694]  ? __pfx___debugfs_file_get+0x10/0x10
[  122.946786][ T6694]  ? rcu_is_watching+0x12/0xc0
[  122.951576][ T6694]  ? trace_lock_acquire+0x14e/0x1f0
[  122.956789][ T6694]  full_proxy_write+0x13c/0x200
[  122.961674][ T6694]  ? __pfx_full_proxy_write+0x10/0x10
[  122.967099][ T6694]  vfs_write+0x24c/0x1150
[  122.971489][ T6694]  ? __pfx_vfs_write+0x10/0x10
[  122.976277][ T6694]  ? do_futex+0x123/0x350
[  122.980636][ T6694]  ? __pfx_do_futex+0x10/0x10
[  122.985356][ T6694]  ? __x64_sys_futex+0x1e1/0x4c0
[  122.990345][ T6694]  ? __x64_sys_futex+0x1ea/0x4c0
[  122.995305][ T6694]  ksys_write+0x12b/0x250
[  122.999653][ T6694]  ? __pfx_ksys_write+0x10/0x10
[  123.004545][ T6694]  do_syscall_64+0xcd/0x250
[  123.009085][ T6694]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.015007][ T6694] RIP: 0033:0x7f377c18cda9
[  123.019436][ T6694] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  123.039063][ T6694] RSP: 002b:00007ffdcb83a168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  123.047496][ T6694] RAX: ffffffffffffffda RBX: 00007f377c3a5fa0 RCX: 00007f377c18cda9
[  123.055561][ T6694] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  123.063539][ T6694] RBP: 00007f377c20e2a0 R08: 0000000000000000 R09: 0000000000000000
[  123.071536][ T6694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  123.079515][ T6694] R13: 00007f377c3a5fa0 R14: 00007f377c3a5fa0 R15: 0000000000001d62
[  123.087508][ T6694]  </TASK>
[  123.090861][ T6694] Kernel Offset: disabled
[  123.095188][ T6694] Rebooting in 86400 seconds..