Warning: Permanently added '10.128.1.79' (ED25519) to the list of known hosts.
2025/03/15 01:36:53 ignoring optional flag "sandboxArg"="0"
2025/03/15 01:36:54 parsed 1 programs
[  275.385214][ T5867] cgroup: Unknown subsys name 'net'
[  275.512988][ T5867] cgroup: Unknown subsys name 'cpuset'
[  275.521893][ T5867] cgroup: Unknown subsys name 'rlimit'
[  277.469370][ T5867] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  280.269918][ T5874] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  280.916544][ T5151] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  280.927668][ T5151] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  280.938261][ T5151] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  280.952505][ T5151] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  280.960811][ T5151] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  280.968263][ T5151] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  282.672276][ T5924] chnl_net:caif_netlink_parms(): no params data found
[  282.762268][ T5924] bridge0: port 1(bridge_slave_0) entered blocking state
[  282.769946][ T5924] bridge0: port 1(bridge_slave_0) entered disabled state
[  282.777232][ T5924] bridge_slave_0: entered allmulticast mode
[  282.785070][ T5924] bridge_slave_0: entered promiscuous mode
[  282.819659][ T5924] bridge0: port 2(bridge_slave_1) entered blocking state
[  282.826827][ T5924] bridge0: port 2(bridge_slave_1) entered disabled state
[  282.835582][ T5924] bridge_slave_1: entered allmulticast mode
[  282.843705][ T5924] bridge_slave_1: entered promiscuous mode
[  282.872773][ T5924] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  282.886454][ T5924] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  282.921761][ T5924] team0: Port device team_slave_0 added
[  282.930631][ T5924] team0: Port device team_slave_1 added
[  282.961649][ T5924] batman_adv: batadv0: Adding interface: batadv_slave_0
[  282.969149][ T5924] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  282.995299][ T5924] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  283.011580][ T5924] batman_adv: batadv0: Adding interface: batadv_slave_1
[  283.018933][ T5924] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  283.045806][ T5924] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  283.091469][ T5924] hsr_slave_0: entered promiscuous mode
[  283.097941][ T5924] hsr_slave_1: entered promiscuous mode
[  283.230075][ T5924] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  283.241692][ T5924] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  283.251112][ T5924] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  283.262112][ T5924] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  283.288731][ T5924] bridge0: port 2(bridge_slave_1) entered blocking state
[  283.296049][ T5924] bridge0: port 2(bridge_slave_1) entered forwarding state
[  283.304414][ T5924] bridge0: port 1(bridge_slave_0) entered blocking state
[  283.311612][ T5924] bridge0: port 1(bridge_slave_0) entered forwarding state
[  283.368597][ T5924] 8021q: adding VLAN 0 to HW filter on device bond0
[  283.390905][ T3629] bridge0: port 1(bridge_slave_0) entered disabled state
[  283.400664][ T3629] bridge0: port 2(bridge_slave_1) entered disabled state
[  283.421234][ T5924] 8021q: adding VLAN 0 to HW filter on device team0
[  283.436228][ T3553] bridge0: port 1(bridge_slave_0) entered blocking state
[  283.444121][ T3553] bridge0: port 1(bridge_slave_0) entered forwarding state
[  283.457141][ T3443] bridge0: port 2(bridge_slave_1) entered blocking state
[  283.464506][ T3443] bridge0: port 2(bridge_slave_1) entered forwarding state
[  283.636879][ T5924] 8021q: adding VLAN 0 to HW filter on device batadv0
[  283.677864][ T5924] veth0_vlan: entered promiscuous mode
[  283.690745][ T5924] veth1_vlan: entered promiscuous mode
[  283.720116][ T5924] veth0_macvtap: entered promiscuous mode
[  283.730621][ T5924] veth1_macvtap: entered promiscuous mode
[  283.746541][ T5924] batman_adv: batadv0: Interface activated: batadv_slave_0
[  283.767658][ T5924] batman_adv: batadv0: Interface activated: batadv_slave_1
[  283.781816][ T5924] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  283.791845][ T5924] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  283.801612][ T5924] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  283.810717][ T5924] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  284.001571][ T3553] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  284.105539][ T3553] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  284.199934][ T3553] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  284.304194][ T3553] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  285.139911][ T3443] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  285.147944][ T3443] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  285.175765][ T3443] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  285.183823][ T3443] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/03/15 01:37:09 executed programs: 0
[  286.172536][ T5896] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  286.181798][ T5896] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  286.191454][ T5896] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  286.200729][ T5896] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  286.209327][ T5896] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  286.216760][ T5896] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  286.367314][ T5975] chnl_net:caif_netlink_parms(): no params data found
[  286.439911][ T5975] bridge0: port 1(bridge_slave_0) entered blocking state
[  286.447633][ T5975] bridge0: port 1(bridge_slave_0) entered disabled state
[  286.468767][ T5975] bridge_slave_0: entered allmulticast mode
[  286.476145][ T5975] bridge_slave_0: entered promiscuous mode
[  286.485847][ T5975] bridge0: port 2(bridge_slave_1) entered blocking state
[  286.494152][ T5975] bridge0: port 2(bridge_slave_1) entered disabled state
[  286.501906][ T5975] bridge_slave_1: entered allmulticast mode
[  286.513080][ T5975] bridge_slave_1: entered promiscuous mode
[  286.554878][ T5975] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  286.566716][ T5975] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  286.604480][ T5975] team0: Port device team_slave_0 added
[  286.613581][ T5975] team0: Port device team_slave_1 added
[  286.657829][ T5975] batman_adv: batadv0: Adding interface: batadv_slave_0
[  286.665292][ T5975] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  286.692011][ T5975] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  286.705772][ T5975] batman_adv: batadv0: Adding interface: batadv_slave_1
[  286.713343][ T5975] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  286.740224][ T5975] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  286.787532][ T5975] hsr_slave_0: entered promiscuous mode
[  286.796337][ T5975] hsr_slave_1: entered promiscuous mode
[  286.803183][ T5975] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  286.812668][ T5975] Cannot create hsr debugfs directory
[  287.155129][ T3553] bridge_slave_1: left allmulticast mode
[  287.163995][ T3553] bridge_slave_1: left promiscuous mode
[  287.171188][ T3553] bridge0: port 2(bridge_slave_1) entered disabled state
[  287.191783][ T3553] bridge_slave_0: left allmulticast mode
[  287.197768][ T3553] bridge_slave_0: left promiscuous mode
[  287.204670][ T3553] bridge0: port 1(bridge_slave_0) entered disabled state
[  287.476093][ T3553] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  287.487558][ T3553] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  287.498534][ T3553] bond0 (unregistering): Released all slaves
[  287.616381][ T3553] hsr_slave_0: left promiscuous mode
[  287.623920][ T3553] hsr_slave_1: left promiscuous mode
[  287.632124][ T3553] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  287.640392][ T3553] batman_adv: batadv0: Removing interface: batadv_slave_0
[  287.649919][ T3553] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  287.657410][ T3553] batman_adv: batadv0: Removing interface: batadv_slave_1
[  287.680907][ T3553] veth1_macvtap: left promiscuous mode
[  287.687115][ T3553] veth0_macvtap: left promiscuous mode
[  287.696250][ T3553] veth1_vlan: left promiscuous mode
[  287.702095][ T3553] veth0_vlan: left promiscuous mode
[  288.193886][ T3553] team0 (unregistering): Port device team_slave_1 removed
[  288.231841][ T3553] team0 (unregistering): Port device team_slave_0 removed
[  288.239920][   T55] Bluetooth: hci0: command tx timeout
[  288.884545][ T5975] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  288.902311][ T5975] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  288.919814][ T5975] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  288.940363][ T5975] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  289.251158][ T5975] 8021q: adding VLAN 0 to HW filter on device bond0
[  289.270707][ T5975] 8021q: adding VLAN 0 to HW filter on device team0
[  289.291800][ T3583] bridge0: port 1(bridge_slave_0) entered blocking state
[  289.298984][ T3583] bridge0: port 1(bridge_slave_0) entered forwarding state
[  289.327722][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[  289.334913][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[  289.727149][ T5975] 8021q: adding VLAN 0 to HW filter on device batadv0
[  289.826391][ T5975] veth0_vlan: entered promiscuous mode
[  289.856877][ T5975] veth1_vlan: entered promiscuous mode
[  289.918253][ T5975] veth0_macvtap: entered promiscuous mode
[  289.941027][ T5975] veth1_macvtap: entered promiscuous mode
[  289.981477][ T5975] batman_adv: batadv0: Interface activated: batadv_slave_0
[  290.007640][ T5975] batman_adv: batadv0: Interface activated: batadv_slave_1
[  290.045727][ T5975] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  290.056026][ T5975] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  290.066583][ T5975] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  290.075471][ T5975] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  290.186635][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  290.213553][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  290.246127][ T3629] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  290.256343][ T3629] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  290.320296][   T55] Bluetooth: hci0: command tx timeout
2025/03/15 01:37:14 executed programs: 20
[  292.398574][   T55] Bluetooth: hci0: command tx timeout
[  294.478615][   T55] Bluetooth: hci0: command tx timeout
2025/03/15 01:37:19 executed programs: 234
2025/03/15 01:37:24 executed programs: 477
[  303.793387][ T5896] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  303.802860][ T5896] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  303.811418][ T5896] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  303.820761][ T5896] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  303.831372][ T5896] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  303.839092][ T5896] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  303.968618][   T53] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.991436][ T6674] chnl_net:caif_netlink_parms(): no params data found
[  304.046126][   T53] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  304.085515][ T6674] bridge0: port 1(bridge_slave_0) entered blocking state
[  304.092799][ T6674] bridge0: port 1(bridge_slave_0) entered disabled state
[  304.100626][ T6674] bridge_slave_0: entered allmulticast mode
[  304.108316][ T6674] bridge_slave_0: entered promiscuous mode
[  304.126510][   T53] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  304.143437][ T6674] bridge0: port 2(bridge_slave_1) entered blocking state
[  304.150851][ T6674] bridge0: port 2(bridge_slave_1) entered disabled state
[  304.158038][ T6674] bridge_slave_1: entered allmulticast mode
[  304.166197][ T6674] bridge_slave_1: entered promiscuous mode
[  304.192854][ T6674] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  304.214354][   T53] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  304.230592][ T6674] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  304.260667][ T6674] team0: Port device team_slave_0 added
[  304.269080][ T6674] team0: Port device team_slave_1 added
[  304.297894][ T6674] batman_adv: batadv0: Adding interface: batadv_slave_0
[  304.305080][ T6674] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  304.332193][ T6674] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  304.357311][ T6674] batman_adv: batadv0: Adding interface: batadv_slave_1
[  304.364746][ T6674] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  304.391085][ T6674] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  304.470592][   T53] bridge_slave_1: left allmulticast mode
[  304.476302][   T53] bridge_slave_1: left promiscuous mode
[  304.482708][   T53] bridge0: port 2(bridge_slave_1) entered disabled state
[  304.493644][   T53] bridge_slave_0: left allmulticast mode
[  304.499755][   T53] bridge_slave_0: left promiscuous mode
[  304.505473][   T53] bridge0: port 1(bridge_slave_0) entered disabled state
[  304.790932][   T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  304.802570][   T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  304.813339][   T53] bond0 (unregistering): Released all slaves
[  304.827679][ T6674] hsr_slave_0: entered promiscuous mode
[  304.834045][ T6674] hsr_slave_1: entered promiscuous mode
[  305.128169][   T53] hsr_slave_0: left promiscuous mode
[  305.135752][   T53] hsr_slave_1: left promiscuous mode
[  305.143482][   T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  305.160382][   T53] batman_adv: batadv0: Removing interface: batadv_slave_0
[  305.168598][   T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  305.176337][   T53] batman_adv: batadv0: Removing interface: batadv_slave_1
[  305.195355][   T53] veth1_macvtap: left promiscuous mode
[  305.202196][   T53] veth0_macvtap: left promiscuous mode
[  305.208008][   T53] veth1_vlan: left promiscuous mode
[  305.214587][   T53] veth0_vlan: left promiscuous mode
[  305.596666][   T53] team0 (unregistering): Port device team_slave_1 removed
[  305.637854][   T53] team0 (unregistering): Port device team_slave_0 removed
[  305.928599][   T55] Bluetooth: hci1: command tx timeout
[  306.253093][ T6674] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  306.264148][ T6674] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  306.291891][ T6674] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  306.312578][ T6674] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  306.434845][ T6674] 8021q: adding VLAN 0 to HW filter on device bond0
[  306.462622][ T6674] 8021q: adding VLAN 0 to HW filter on device team0
[  306.474454][ T3629] bridge0: port 1(bridge_slave_0) entered blocking state
[  306.481697][ T3629] bridge0: port 1(bridge_slave_0) entered forwarding state
[  306.501537][ T3629] bridge0: port 2(bridge_slave_1) entered blocking state
[  306.508731][ T3629] bridge0: port 2(bridge_slave_1) entered forwarding state
[  306.734597][ T6674] 8021q: adding VLAN 0 to HW filter on device batadv0
[  306.792701][ T6674] veth0_vlan: entered promiscuous mode
[  306.805893][ T6674] veth1_vlan: entered promiscuous mode
[  306.844280][ T6674] veth0_macvtap: entered promiscuous mode
[  306.855314][ T6674] veth1_macvtap: entered promiscuous mode
[  306.882087][ T6674] batman_adv: batadv0: Interface activated: batadv_slave_0
[  306.897666][ T6674] batman_adv: batadv0: Interface activated: batadv_slave_1
[  306.914147][ T6674] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  306.925530][ T6674] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  306.935031][ T6674] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  306.946163][ T6674] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  307.034304][ T3553] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  307.050622][ T3553] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  307.085680][ T3553] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  307.097112][ T3553] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/03/15 01:37:30 executed programs: 602
[  307.191399][ T6735] ==================================================================
[  307.199614][ T6735] BUG: KASAN: slab-use-after-free in force_devcd_write+0x317/0x330
[  307.207803][ T6735] Read of size 8 at addr ffff888029a72800 by task syz.0.616/6735
[  307.215640][ T6735] 
[  307.218003][ T6735] CPU: 0 UID: 0 PID: 6735 Comm: syz.0.616 Not tainted 6.14.0-rc6-syzkaller-00180-g83158b21ae9a #0
[  307.218034][ T6735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  307.218056][ T6735] Call Trace:
[  307.218066][ T6735]  <TASK>
[  307.218077][ T6735]  dump_stack_lvl+0x116/0x1f0
[  307.218122][ T6735]  print_report+0xc3/0x670
[  307.218147][ T6735]  ? __virt_addr_valid+0x5e/0x590
[  307.218174][ T6735]  ? __phys_addr+0xc6/0x150
[  307.218207][ T6735]  kasan_report+0xd9/0x110
[  307.218230][ T6735]  ? force_devcd_write+0x317/0x330
[  307.218268][ T6735]  ? force_devcd_write+0x317/0x330
[  307.218306][ T6735]  force_devcd_write+0x317/0x330
[  307.218342][ T6735]  ? __pfx_force_devcd_write+0x10/0x10
[  307.218379][ T6735]  ? __debugfs_file_get+0x1ff/0x850
[  307.218416][ T6735]  ? __pfx___debugfs_file_get+0x10/0x10
[  307.218455][ T6735]  ? rcu_is_watching+0x12/0xc0
[  307.218483][ T6735]  ? trace_lock_acquire+0x14e/0x1f0
[  307.218515][ T6735]  full_proxy_write+0x13c/0x200
[  307.218551][ T6735]  ? __pfx_full_proxy_write+0x10/0x10
[  307.218585][ T6735]  vfs_write+0x24c/0x1150
[  307.218624][ T6735]  ? __pfx_vfs_write+0x10/0x10
[  307.218659][ T6735]  ? do_futex+0x123/0x350
[  307.218690][ T6735]  ? __pfx_do_futex+0x10/0x10
[  307.218725][ T6735]  ? __x64_sys_futex+0x1e1/0x4c0
[  307.218755][ T6735]  ? __x64_sys_futex+0x1ea/0x4c0
[  307.218789][ T6735]  ksys_write+0x12b/0x250
[  307.218825][ T6735]  ? __pfx_ksys_write+0x10/0x10
[  307.218865][ T6735]  do_syscall_64+0xcd/0x250
[  307.218903][ T6735]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  307.218941][ T6735] RIP: 0033:0x7fa47018d169
[  307.218961][ T6735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  307.218992][ T6735] RSP: 002b:00007ffd8838ee28 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  307.219016][ T6735] RAX: ffffffffffffffda RBX: 00007fa4703a5fa0 RCX: 00007fa47018d169
[  307.219033][ T6735] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  307.219048][ T6735] RBP: 00007fa47020e2a0 R08: 0000000000000000 R09: 0000000000000000
[  307.219063][ T6735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  307.219078][ T6735] R13: 00007fa4703a5fa0 R14: 00007fa4703a5fa0 R15: 0000000000000003
[  307.219102][ T6735]  </TASK>
[  307.219110][ T6735] 
[  307.446272][ T6735] Allocated by task 5975:
[  307.450703][ T6735]  kasan_save_stack+0x33/0x60
[  307.455530][ T6735]  kasan_save_track+0x14/0x30
[  307.460242][ T6735]  __kasan_kmalloc+0xaa/0xb0
[  307.464866][ T6735]  vhci_open+0x4c/0x430
[  307.469047][ T6735]  misc_open+0x35a/0x420
[  307.473306][ T6735]  chrdev_open+0x237/0x6a0
[  307.477753][ T6735]  do_dentry_open+0x735/0x1c40
[  307.482569][ T6735]  vfs_open+0x82/0x3f0
[  307.486767][ T6735]  path_openat+0x1e88/0x2d80
[  307.491400][ T6735]  do_filp_open+0x20c/0x470
[  307.495940][ T6735]  do_sys_openat2+0x17a/0x1e0
[  307.500646][ T6735]  __x64_sys_openat+0x175/0x210
[  307.505554][ T6735]  do_syscall_64+0xcd/0x250
[  307.510093][ T6735]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  307.516035][ T6735] 
[  307.518371][ T6735] Freed by task 5975:
[  307.522360][ T6735]  kasan_save_stack+0x33/0x60
[  307.527093][ T6735]  kasan_save_track+0x14/0x30
[  307.531812][ T6735]  kasan_save_free_info+0x3b/0x60
[  307.537056][ T6735]  __kasan_slab_free+0x51/0x70
[  307.541864][ T6735]  kfree+0x2c4/0x4d0
[  307.545788][ T6735]  vhci_release+0xbb/0xf0
[  307.550239][ T6735]  __fput+0x3ff/0xb70
[  307.554241][ T6735]  task_work_run+0x14e/0x250
[  307.558947][ T6735]  do_exit+0xad8/0x2d70
[  307.563119][ T6735]  do_group_exit+0xd3/0x2a0
[  307.567641][ T6735]  get_signal+0x24ed/0x26c0
[  307.572176][ T6735]  arch_do_signal_or_restart+0x90/0x7e0
[  307.577748][ T6735]  syscall_exit_to_user_mode+0x150/0x2a0
[  307.583420][ T6735]  do_syscall_64+0xda/0x250
[  307.587958][ T6735]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  307.593883][ T6735] 
[  307.596213][ T6735] The buggy address belongs to the object at ffff888029a72800
[  307.596213][ T6735]  which belongs to the cache kmalloc-1k of size 1024
[  307.610292][ T6735] The buggy address is located 0 bytes inside of
[  307.610292][ T6735]  freed 1024-byte region [ffff888029a72800, ffff888029a72c00)
[  307.624020][ T6735] 
[  307.626355][ T6735] The buggy address belongs to the physical page:
[  307.632791][ T6735] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29a70
[  307.641572][ T6735] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  307.650087][ T6735] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  307.658117][ T6735] page_type: f5(slab)
[  307.662141][ T6735] raw: 00fff00000000040 ffff88801b041dc0 0000000000000000 dead000000000001
[  307.670742][ T6735] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  307.679342][ T6735] head: 00fff00000000040 ffff88801b041dc0 0000000000000000 dead000000000001
[  307.688027][ T6735] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  307.696713][ T6735] head: 00fff00000000003 ffffea0000a69c01 ffffffffffffffff 0000000000000000
[  307.705578][ T6735] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  307.714258][ T6735] page dumped because: kasan: bad access detected
[  307.720687][ T6735] page_owner tracks the page as allocated
[  307.726404][ T6735] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5647, tgid 5647 (dhcpcd-run-hook), ts 60966066112, free_ts 60915831468
[  307.748060][ T6735]  post_alloc_hook+0x181/0x1b0
[  307.752869][ T6735]  get_page_from_freelist+0xfce/0x2f80
[  307.758365][ T6735]  __alloc_frozen_pages_noprof+0x221/0x2470
[  307.764300][ T6735]  alloc_pages_mpol+0x1fc/0x540
[  307.769168][ T6735]  new_slab+0x23d/0x330
[  307.773374][ T6735]  ___slab_alloc+0xc5d/0x1720
[  307.778083][ T6735]  __slab_alloc.constprop.0+0x56/0xb0
[  307.783661][ T6735]  __kmalloc_noprof+0x2ec/0x510
[  307.788546][ T6735]  load_elf_phdrs+0x103/0x210
[  307.793253][ T6735]  load_elf_binary+0x1f8/0x4fc0
[  307.798139][ T6735]  bprm_execve+0x8dd/0x16d0
[  307.802680][ T6735]  do_execveat_common.isra.0+0x4a2/0x610
[  307.808347][ T6735]  __x64_sys_execve+0x8c/0xb0
[  307.813089][ T6735]  do_syscall_64+0xcd/0x250
[  307.817661][ T6735]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  307.823603][ T6735] page last free pid 5644 tgid 5644 stack trace:
[  307.829937][ T6735]  free_frozen_pages+0x6db/0xfb0
[  307.834907][ T6735]  qlist_free_all+0x4e/0x120
[  307.839541][ T6735]  kasan_quarantine_reduce+0x195/0x1e0
[  307.845047][ T6735]  __kasan_slab_alloc+0x69/0x90
[  307.849944][ T6735]  __kmalloc_noprof+0x1cd/0x510
[  307.854838][ T6735]  tomoyo_realpath_from_path+0xb9/0x720
[  307.860439][ T6735]  tomoyo_path_number_perm+0x248/0x590
[  307.865924][ T6735]  security_file_ioctl+0x9b/0x240
[  307.870996][ T6735]  __x64_sys_ioctl+0xb7/0x200
[  307.875699][ T6735]  do_syscall_64+0xcd/0x250
[  307.880243][ T6735]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  307.886169][ T6735] 
[  307.888501][ T6735] Memory state around the buggy address:
[  307.894141][ T6735]  ffff888029a72700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  307.902217][ T6735]  ffff888029a72780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  307.910320][ T6735] >ffff888029a72800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  307.918398][ T6735]                    ^
[  307.922498][ T6735]  ffff888029a72880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  307.930578][ T6735]  ffff888029a72900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  307.938651][ T6735] ==================================================================
[  307.978573][ T6735] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  307.985865][ T6735] CPU: 0 UID: 0 PID: 6735 Comm: syz.0.616 Not tainted 6.14.0-rc6-syzkaller-00180-g83158b21ae9a #0
[  307.996512][ T6735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  308.006699][ T6735] Call Trace:
[  308.010017][ T6735]  <TASK>
[  308.012991][ T6735]  dump_stack_lvl+0x3d/0x1f0
[  308.017643][ T6735]  panic+0x71d/0x800
[  308.021593][ T6735]  ? __pfx_panic+0x10/0x10
[  308.026058][ T6735]  ? preempt_schedule_thunk+0x1a/0x30
[  308.031496][ T6735]  ? preempt_schedule_common+0x44/0xc0
[  308.037115][ T6735]  ? check_panic_on_warn+0x1f/0xb0
[  308.042295][ T6735]  check_panic_on_warn+0xab/0xb0
[  308.047302][ T6735]  end_report+0x117/0x180
[  308.051692][ T6735]  kasan_report+0xe9/0x110
[  308.056161][ T6735]  ? force_devcd_write+0x317/0x330
[  308.061859][ T6735]  ? force_devcd_write+0x317/0x330
[  308.067079][ T6735]  force_devcd_write+0x317/0x330
[  308.072082][ T6735]  ? __pfx_force_devcd_write+0x10/0x10
[  308.077613][ T6735]  ? __debugfs_file_get+0x1ff/0x850
[  308.082875][ T6735]  ? __pfx___debugfs_file_get+0x10/0x10
[  308.088487][ T6735]  ? rcu_is_watching+0x12/0xc0
[  308.093304][ T6735]  ? trace_lock_acquire+0x14e/0x1f0
[  308.098655][ T6735]  full_proxy_write+0x13c/0x200
[  308.103575][ T6735]  ? __pfx_full_proxy_write+0x10/0x10
[  308.109010][ T6735]  vfs_write+0x24c/0x1150
[  308.113411][ T6735]  ? __pfx_vfs_write+0x10/0x10
[  308.118249][ T6735]  ? do_futex+0x123/0x350
[  308.122685][ T6735]  ? __pfx_do_futex+0x10/0x10
[  308.127438][ T6735]  ? __x64_sys_futex+0x1e1/0x4c0
[  308.132431][ T6735]  ? __x64_sys_futex+0x1ea/0x4c0
[  308.137433][ T6735]  ksys_write+0x12b/0x250
[  308.141832][ T6735]  ? __pfx_ksys_write+0x10/0x10
[  308.146754][ T6735]  do_syscall_64+0xcd/0x250
[  308.151321][ T6735]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  308.157326][ T6735] RIP: 0033:0x7fa47018d169
[  308.161792][ T6735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  308.181718][ T6735] RSP: 002b:00007ffd8838ee28 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  308.190362][ T6735] RAX: ffffffffffffffda RBX: 00007fa4703a5fa0 RCX: 00007fa47018d169
[  308.198468][ T6735] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  308.206521][ T6735] RBP: 00007fa47020e2a0 R08: 0000000000000000 R09: 0000000000000000
[  308.214538][ T6735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  308.222551][ T6735] R13: 00007fa4703a5fa0 R14: 00007fa4703a5fa0 R15: 0000000000000003
[  308.230578][ T6735]  </TASK>
[  308.233953][ T6735] Kernel Offset: disabled
[  308.238294][ T6735] Rebooting in 86400 seconds..