Warning: Permanently added '10.128.0.22' (ED25519) to the list of known hosts.
2025/03/03 18:00:53 ignoring optional flag "sandboxArg"="0"
2025/03/03 18:00:54 parsed 1 programs
[  256.300157][ T5870] cgroup: Unknown subsys name 'net'
[  256.454885][ T5870] cgroup: Unknown subsys name 'cpuset'
[  256.464225][ T5870] cgroup: Unknown subsys name 'rlimit'
[  258.265921][ T5870] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  261.194352][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  261.200858][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  261.398704][ T5880] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  262.553179][ T5900] chnl_net:caif_netlink_parms(): no params data found
[  262.642242][ T5900] bridge0: port 1(bridge_slave_0) entered blocking state
[  262.649367][ T5900] bridge0: port 1(bridge_slave_0) entered disabled state
[  262.657894][ T5900] bridge_slave_0: entered allmulticast mode
[  262.665251][ T5900] bridge_slave_0: entered promiscuous mode
[  262.675327][ T5900] bridge0: port 2(bridge_slave_1) entered blocking state
[  262.682604][ T5900] bridge0: port 2(bridge_slave_1) entered disabled state
[  262.689793][ T5900] bridge_slave_1: entered allmulticast mode
[  262.696917][ T5900] bridge_slave_1: entered promiscuous mode
[  262.728601][ T5900] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  262.740873][ T5900] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  262.770295][ T5900] team0: Port device team_slave_0 added
[  262.778381][ T5900] team0: Port device team_slave_1 added
[  262.800780][ T5900] batman_adv: batadv0: Adding interface: batadv_slave_0
[  262.808122][ T5900] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  262.834113][ T5900] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  262.847532][ T5900] batman_adv: batadv0: Adding interface: batadv_slave_1
[  262.854628][ T5900] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  262.880655][ T5900] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  262.916926][ T5900] hsr_slave_0: entered promiscuous mode
[  262.923304][ T5900] hsr_slave_1: entered promiscuous mode
[  263.041064][ T5900] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  263.052324][ T5900] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  263.062337][ T5900] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  263.073350][ T5900] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  263.103857][ T5900] bridge0: port 2(bridge_slave_1) entered blocking state
[  263.111151][ T5900] bridge0: port 2(bridge_slave_1) entered forwarding state
[  263.119093][ T5900] bridge0: port 1(bridge_slave_0) entered blocking state
[  263.126389][ T5900] bridge0: port 1(bridge_slave_0) entered forwarding state
[  263.182050][ T5900] 8021q: adding VLAN 0 to HW filter on device bond0
[  263.200917][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  263.212900][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  263.228661][ T5900] 8021q: adding VLAN 0 to HW filter on device team0
[  263.247158][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  263.254358][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  263.266852][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[  263.274008][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[  263.436337][ T5900] 8021q: adding VLAN 0 to HW filter on device batadv0
[  263.475813][ T5900] veth0_vlan: entered promiscuous mode
[  263.487839][ T5900] veth1_vlan: entered promiscuous mode
[  263.515439][ T5900] veth0_macvtap: entered promiscuous mode
[  263.525321][ T5900] veth1_macvtap: entered promiscuous mode
[  263.542857][ T5900] batman_adv: batadv0: Interface activated: batadv_slave_0
[  263.556663][ T5900] batman_adv: batadv0: Interface activated: batadv_slave_1
[  263.568733][ T5900] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  263.577958][ T5900] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  263.586920][ T5900] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  263.597454][ T5900] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  263.768305][   T64] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  263.837556][   T64] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  263.899095][   T64] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  263.985667][   T64] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  264.767950][ T5942] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  264.777572][ T5942] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  264.787075][ T5942] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  264.796187][ T5942] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  264.804609][ T5942] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  264.812132][ T5942] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  265.104555][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  265.112833][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  265.148324][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  265.156647][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/03/03 18:01:08 executed programs: 0
[  266.150841][ T5942] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  266.162030][ T5942] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  266.170021][ T5942] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  266.179401][ T5942] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  266.188359][ T5942] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  266.197211][ T5942] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  266.328712][ T5972] chnl_net:caif_netlink_parms(): no params data found
[  266.397128][ T5972] bridge0: port 1(bridge_slave_0) entered blocking state
[  266.404555][ T5972] bridge0: port 1(bridge_slave_0) entered disabled state
[  266.412701][ T5972] bridge_slave_0: entered allmulticast mode
[  266.419650][ T5972] bridge_slave_0: entered promiscuous mode
[  266.427711][ T5972] bridge0: port 2(bridge_slave_1) entered blocking state
[  266.435274][ T5972] bridge0: port 2(bridge_slave_1) entered disabled state
[  266.442609][ T5972] bridge_slave_1: entered allmulticast mode
[  266.449562][ T5972] bridge_slave_1: entered promiscuous mode
[  266.475541][ T5972] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  266.487144][ T5972] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  266.518814][ T5972] team0: Port device team_slave_0 added
[  266.526987][ T5972] team0: Port device team_slave_1 added
[  266.549263][ T5972] batman_adv: batadv0: Adding interface: batadv_slave_0
[  266.556732][ T5972] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  266.583368][ T5972] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  266.602066][ T5972] batman_adv: batadv0: Adding interface: batadv_slave_1
[  266.609068][ T5972] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  266.635695][ T5972] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  266.700540][ T5972] hsr_slave_0: entered promiscuous mode
[  266.722678][ T5972] hsr_slave_1: entered promiscuous mode
[  266.728826][ T5972] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  266.742212][ T5972] Cannot create hsr debugfs directory
[  266.812557][   T64] bridge_slave_1: left allmulticast mode
[  266.818689][   T64] bridge_slave_1: left promiscuous mode
[  266.825750][   T64] bridge0: port 2(bridge_slave_1) entered disabled state
[  266.837454][   T64] bridge_slave_0: left allmulticast mode
[  266.844766][   T64] bridge_slave_0: left promiscuous mode
[  266.850837][   T64] bridge0: port 1(bridge_slave_0) entered disabled state
[  267.121940][   T64] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  267.134262][   T64] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  267.144401][   T64] bond0 (unregistering): Released all slaves
[  267.261267][   T64] hsr_slave_0: left promiscuous mode
[  267.268087][   T64] hsr_slave_1: left promiscuous mode
[  267.276310][   T64] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  267.288875][   T64] batman_adv: batadv0: Removing interface: batadv_slave_0
[  267.297889][   T64] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  267.305798][   T64] batman_adv: batadv0: Removing interface: batadv_slave_1
[  267.326144][   T64] veth1_macvtap: left promiscuous mode
[  267.333533][   T64] veth0_macvtap: left promiscuous mode
[  267.339206][   T64] veth1_vlan: left promiscuous mode
[  267.345537][   T64] veth0_vlan: left promiscuous mode
[  268.001401][   T64] team0 (unregistering): Port device team_slave_1 removed
[  268.053361][   T64] team0 (unregistering): Port device team_slave_0 removed
[  268.232912][ T5145] Bluetooth: hci0: command tx timeout
[  268.657891][ T5972] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  268.670748][ T5972] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  268.685562][ T5972] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  268.711953][ T5972] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  269.062337][ T5972] 8021q: adding VLAN 0 to HW filter on device bond0
[  269.085045][ T5972] 8021q: adding VLAN 0 to HW filter on device team0
[  269.110085][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  269.117304][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  269.137290][   T64] bridge0: port 2(bridge_slave_1) entered blocking state
[  269.144660][   T64] bridge0: port 2(bridge_slave_1) entered forwarding state
[  269.213951][ T5972] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  269.230246][ T5972] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  269.650002][ T5972] 8021q: adding VLAN 0 to HW filter on device batadv0
[  269.718036][ T5972] veth0_vlan: entered promiscuous mode
[  269.749981][ T5972] veth1_vlan: entered promiscuous mode
[  269.799543][ T5972] veth0_macvtap: entered promiscuous mode
[  269.842571][ T5972] veth1_macvtap: entered promiscuous mode
[  269.873850][ T5972] batman_adv: batadv0: Interface activated: batadv_slave_0
[  269.896777][ T5972] batman_adv: batadv0: Interface activated: batadv_slave_1
[  269.910390][ T5972] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  269.924698][ T5972] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  269.935632][ T5972] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  269.946084][ T5972] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  270.073526][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  270.094533][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  270.131956][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  270.140049][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  270.311292][ T5145] Bluetooth: hci0: command tx timeout
2025/03/03 18:01:13 executed programs: 25
[  272.391294][ T5145] Bluetooth: hci0: command tx timeout
[  274.471952][ T5145] Bluetooth: hci0: command tx timeout
2025/03/03 18:01:18 executed programs: 260
2025/03/03 18:01:23 executed programs: 499
[  283.287390][ T5942] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  283.296880][ T5942] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  283.305877][ T5942] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  283.316595][ T5942] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  283.324575][ T5942] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  283.332877][ T5942] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  283.429270][   T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  283.502082][   T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  283.518539][ T6657] chnl_net:caif_netlink_parms(): no params data found
[  283.583035][   T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  283.606355][ T6657] bridge0: port 1(bridge_slave_0) entered blocking state
[  283.613689][ T6657] bridge0: port 1(bridge_slave_0) entered disabled state
[  283.620857][ T6657] bridge_slave_0: entered allmulticast mode
[  283.628061][ T6657] bridge_slave_0: entered promiscuous mode
[  283.636827][ T6657] bridge0: port 2(bridge_slave_1) entered blocking state
[  283.644555][ T6657] bridge0: port 2(bridge_slave_1) entered disabled state
[  283.651867][ T6657] bridge_slave_1: entered allmulticast mode
[  283.658736][ T6657] bridge_slave_1: entered promiscuous mode
[  283.677191][   T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  283.709429][ T6657] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  283.721571][ T6657] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  283.753719][ T6657] team0: Port device team_slave_0 added
[  283.764281][ T6657] team0: Port device team_slave_1 added
[  283.797794][ T6657] batman_adv: batadv0: Adding interface: batadv_slave_0
[  283.806155][ T6657] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  283.833415][ T6657] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  283.857218][ T6657] batman_adv: batadv0: Adding interface: batadv_slave_1
[  283.866480][ T6657] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  283.898895][ T6657] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  283.940937][   T35] bridge_slave_1: left allmulticast mode
[  283.946750][   T35] bridge_slave_1: left promiscuous mode
[  283.952654][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  283.963727][   T35] bridge_slave_0: left allmulticast mode
[  283.969391][   T35] bridge_slave_0: left promiscuous mode
[  283.975945][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  284.246294][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  284.257406][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  284.268013][   T35] bond0 (unregistering): Released all slaves
[  284.290176][ T6657] hsr_slave_0: entered promiscuous mode
[  284.296584][ T6657] hsr_slave_1: entered promiscuous mode
[  284.590006][   T35] hsr_slave_0: left promiscuous mode
[  284.598751][   T35] hsr_slave_1: left promiscuous mode
[  284.604903][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  284.616103][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  284.624533][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  284.634979][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  284.657430][   T35] veth1_macvtap: left promiscuous mode
[  284.663725][   T35] veth0_macvtap: left promiscuous mode
[  284.669399][   T35] veth1_vlan: left promiscuous mode
[  284.675406][   T35] veth0_vlan: left promiscuous mode
[  285.079106][   T35] team0 (unregistering): Port device team_slave_1 removed
[  285.115567][   T35] team0 (unregistering): Port device team_slave_0 removed
[  285.353073][ T5145] Bluetooth: hci1: command tx timeout
[  285.652460][ T6657] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  285.666753][ T6657] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  285.677118][ T6657] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  285.687835][ T6657] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  285.796561][ T6657] 8021q: adding VLAN 0 to HW filter on device bond0
[  285.830160][ T6657] 8021q: adding VLAN 0 to HW filter on device team0
[  285.845788][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  285.853002][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  285.869608][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  285.876813][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  286.084591][ T6657] 8021q: adding VLAN 0 to HW filter on device batadv0
[  286.122399][ T6657] veth0_vlan: entered promiscuous mode
[  286.134224][ T6657] veth1_vlan: entered promiscuous mode
[  286.158910][ T6657] veth0_macvtap: entered promiscuous mode
[  286.168336][ T6657] veth1_macvtap: entered promiscuous mode
[  286.186178][ T6657] batman_adv: batadv0: Interface activated: batadv_slave_0
[  286.199012][ T6657] batman_adv: batadv0: Interface activated: batadv_slave_1
[  286.210167][ T6657] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  286.219739][ T6657] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  286.228653][ T6657] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  286.238099][ T6657] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  286.297693][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  286.307376][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  286.332652][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  286.340820][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/03/03 18:01:29 executed programs: 602
[  286.405382][ T6701] ==================================================================
[  286.413479][ T6701] BUG: KASAN: slab-use-after-free in force_devcd_write+0x317/0x330
[  286.421405][ T6701] Read of size 8 at addr ffff88807b486000 by task syz.0.616/6701
[  286.429144][ T6701] 
[  286.431497][ T6701] CPU: 0 UID: 0 PID: 6701 Comm: syz.0.616 Not tainted 6.14.0-rc5-syzkaller #0
[  286.431530][ T6701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  286.431552][ T6701] Call Trace:
[  286.431564][ T6701]  <TASK>
[  286.431579][ T6701]  dump_stack_lvl+0x116/0x1f0
[  286.431627][ T6701]  print_report+0xc3/0x670
[  286.431662][ T6701]  ? __virt_addr_valid+0x5e/0x590
[  286.431685][ T6701]  ? __phys_addr+0xc6/0x150
[  286.431708][ T6701]  kasan_report+0xd9/0x110
[  286.431727][ T6701]  ? force_devcd_write+0x317/0x330
[  286.431758][ T6701]  ? force_devcd_write+0x317/0x330
[  286.431789][ T6701]  force_devcd_write+0x317/0x330
[  286.431819][ T6701]  ? __pfx_force_devcd_write+0x10/0x10
[  286.431848][ T6701]  ? __debugfs_file_get+0x1ff/0x850
[  286.431879][ T6701]  ? __pfx___debugfs_file_get+0x10/0x10
[  286.431908][ T6701]  ? rcu_is_watching+0x12/0xc0
[  286.431931][ T6701]  ? trace_lock_acquire+0x14e/0x1f0
[  286.431959][ T6701]  full_proxy_write+0x13c/0x200
[  286.431989][ T6701]  ? __pfx_full_proxy_write+0x10/0x10
[  286.432018][ T6701]  vfs_write+0x24c/0x1150
[  286.432051][ T6701]  ? __pfx_vfs_write+0x10/0x10
[  286.432082][ T6701]  ? do_futex+0x123/0x350
[  286.432115][ T6701]  ? __pfx_do_futex+0x10/0x10
[  286.432146][ T6701]  ? __x64_sys_futex+0x1e1/0x4c0
[  286.432172][ T6701]  ? __x64_sys_futex+0x1ea/0x4c0
[  286.432201][ T6701]  ksys_write+0x12b/0x250
[  286.432231][ T6701]  ? __pfx_ksys_write+0x10/0x10
[  286.432265][ T6701]  do_syscall_64+0xcd/0x250
[  286.432297][ T6701]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  286.432335][ T6701] RIP: 0033:0x7f0421d8d169
[  286.432352][ T6701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  286.432376][ T6701] RSP: 002b:00007ffd378eab78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  286.432396][ T6701] RAX: ffffffffffffffda RBX: 00007f0421fa5fa0 RCX: 00007f0421d8d169
[  286.432411][ T6701] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  286.432424][ T6701] RBP: 00007f0421e0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  286.432437][ T6701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  286.432450][ T6701] R13: 00007f0421fa5fa0 R14: 00007f0421fa5fa0 R15: 0000000000000003
[  286.432470][ T6701]  </TASK>
[  286.432477][ T6701] 
[  286.657175][ T6701] Allocated by task 5972:
[  286.661512][ T6701]  kasan_save_stack+0x33/0x60
[  286.666220][ T6701]  kasan_save_track+0x14/0x30
[  286.670924][ T6701]  __kasan_kmalloc+0xaa/0xb0
[  286.675545][ T6701]  vhci_open+0x4c/0x430
[  286.679720][ T6701]  misc_open+0x35a/0x420
[  286.683979][ T6701]  chrdev_open+0x237/0x6a0
[  286.688427][ T6701]  do_dentry_open+0x735/0x1c40
[  286.693220][ T6701]  vfs_open+0x82/0x3f0
[  286.697310][ T6701]  path_openat+0x1e88/0x2d80
[  286.701930][ T6701]  do_filp_open+0x20c/0x470
[  286.706464][ T6701]  do_sys_openat2+0x17a/0x1e0
[  286.711171][ T6701]  __x64_sys_openat+0x175/0x210
[  286.716054][ T6701]  do_syscall_64+0xcd/0x250
[  286.720581][ T6701]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  286.726499][ T6701] 
[  286.728832][ T6701] Freed by task 5972:
[  286.732824][ T6701]  kasan_save_stack+0x33/0x60
[  286.737551][ T6701]  kasan_save_track+0x14/0x30
[  286.742295][ T6701]  kasan_save_free_info+0x3b/0x60
[  286.747344][ T6701]  __kasan_slab_free+0x51/0x70
[  286.752138][ T6701]  kfree+0x2c4/0x4d0
[  286.756059][ T6701]  vhci_release+0xbb/0xf0
[  286.760407][ T6701]  __fput+0x3ff/0xb70
[  286.764414][ T6701]  task_work_run+0x14e/0x250
[  286.769027][ T6701]  do_exit+0xad8/0x2d70
[  286.773211][ T6701]  do_group_exit+0xd3/0x2a0
[  286.777731][ T6701]  get_signal+0x24ed/0x26c0
[  286.782269][ T6701]  arch_do_signal_or_restart+0x90/0x7e0
[  286.787844][ T6701]  syscall_exit_to_user_mode+0x150/0x2a0
[  286.793508][ T6701]  do_syscall_64+0xda/0x250
[  286.798038][ T6701]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  286.803958][ T6701] 
[  286.806298][ T6701] The buggy address belongs to the object at ffff88807b486000
[  286.806298][ T6701]  which belongs to the cache kmalloc-1k of size 1024
[  286.820394][ T6701] The buggy address is located 0 bytes inside of
[  286.820394][ T6701]  freed 1024-byte region [ffff88807b486000, ffff88807b486400)
[  286.834125][ T6701] 
[  286.836457][ T6701] The buggy address belongs to the physical page:
[  286.842882][ T6701] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b480
[  286.851662][ T6701] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  286.860172][ T6701] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  286.867749][ T6701] page_type: f5(slab)
[  286.871751][ T6701] raw: 00fff00000000040 ffff88801b041dc0 dead000000000100 dead000000000122
[  286.880372][ T6701] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  286.889002][ T6701] head: 00fff00000000040 ffff88801b041dc0 dead000000000100 dead000000000122
[  286.897699][ T6701] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  286.906388][ T6701] head: 00fff00000000003 ffffea0001ed2001 ffffffffffffffff 0000000000000000
[  286.915075][ T6701] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  286.923754][ T6701] page dumped because: kasan: bad access detected
[  286.930200][ T6701] page_owner tracks the page as allocated
[  286.936011][ T6701] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5621, tgid 5621 (dhcpcd-run-hook), ts 59051699009, free_ts 59051623104
[  286.957656][ T6701]  post_alloc_hook+0x181/0x1b0
[  286.962454][ T6701]  get_page_from_freelist+0xfce/0x2f80
[  286.967942][ T6701]  __alloc_frozen_pages_noprof+0x221/0x2470
[  286.973865][ T6701]  alloc_pages_mpol+0x1fc/0x540
[  286.978730][ T6701]  new_slab+0x23d/0x330
[  286.982941][ T6701]  ___slab_alloc+0xc5d/0x1720
[  286.987644][ T6701]  __slab_alloc.constprop.0+0x56/0xb0
[  286.993045][ T6701]  __kmalloc_noprof+0x2ec/0x510
[  286.997926][ T6701]  load_elf_phdrs+0x103/0x210
[  287.002625][ T6701]  load_elf_binary+0x153d/0x4fc0
[  287.007604][ T6701]  bprm_execve+0x8dd/0x16d0
[  287.012132][ T6701]  do_execveat_common.isra.0+0x4a2/0x610
[  287.018149][ T6701]  __x64_sys_execve+0x8c/0xb0
[  287.022850][ T6701]  do_syscall_64+0xcd/0x250
[  287.027378][ T6701]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.033297][ T6701] page last free pid 5621 tgid 5621 stack trace:
[  287.039629][ T6701]  free_frozen_pages+0x6db/0xfb0
[  287.044611][ T6701]  __put_partials+0x14c/0x170
[  287.049310][ T6701]  qlist_free_all+0x4e/0x120
[  287.053924][ T6701]  kasan_quarantine_reduce+0x195/0x1e0
[  287.059424][ T6701]  __kasan_slab_alloc+0x69/0x90
[  287.064315][ T6701]  __kmalloc_cache_noprof+0x243/0x410
[  287.069714][ T6701]  load_elf_binary+0x54d/0x4fc0
[  287.074597][ T6701]  bprm_execve+0x8dd/0x16d0
[  287.079128][ T6701]  do_execveat_common.isra.0+0x4a2/0x610
[  287.084790][ T6701]  __x64_sys_execve+0x8c/0xb0
[  287.089498][ T6701]  do_syscall_64+0xcd/0x250
[  287.094031][ T6701]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.099959][ T6701] 
[  287.102293][ T6701] Memory state around the buggy address:
[  287.107933][ T6701]  ffff88807b485f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  287.116011][ T6701]  ffff88807b485f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  287.124088][ T6701] >ffff88807b486000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  287.132158][ T6701]                    ^
[  287.136230][ T6701]  ffff88807b486080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  287.144311][ T6701]  ffff88807b486100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  287.152378][ T6701] ==================================================================
[  287.173316][ T6701] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  287.180566][ T6701] CPU: 0 UID: 0 PID: 6701 Comm: syz.0.616 Not tainted 6.14.0-rc5-syzkaller #0
[  287.189458][ T6701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  287.199553][ T6701] Call Trace:
[  287.202875][ T6701]  <TASK>
[  287.205819][ T6701]  dump_stack_lvl+0x3d/0x1f0
[  287.210449][ T6701]  panic+0x71d/0x800
[  287.214366][ T6701]  ? __pfx_panic+0x10/0x10
[  287.218811][ T6701]  ? preempt_schedule_thunk+0x1a/0x30
[  287.224207][ T6701]  ? preempt_schedule_common+0x44/0xc0
[  287.229704][ T6701]  ? check_panic_on_warn+0x1f/0xb0
[  287.234839][ T6701]  check_panic_on_warn+0xab/0xb0
[  287.239802][ T6701]  end_report+0x117/0x180
[  287.244163][ T6701]  kasan_report+0xe9/0x110
[  287.248592][ T6701]  ? force_devcd_write+0x317/0x330
[  287.253728][ T6701]  ? force_devcd_write+0x317/0x330
[  287.258867][ T6701]  force_devcd_write+0x317/0x330
[  287.263829][ T6701]  ? __pfx_force_devcd_write+0x10/0x10
[  287.269318][ T6701]  ? __debugfs_file_get+0x1ff/0x850
[  287.274540][ T6701]  ? __pfx___debugfs_file_get+0x10/0x10
[  287.280194][ T6701]  ? rcu_is_watching+0x12/0xc0
[  287.284987][ T6701]  ? trace_lock_acquire+0x14e/0x1f0
[  287.290397][ T6701]  full_proxy_write+0x13c/0x200
[  287.295276][ T6701]  ? __pfx_full_proxy_write+0x10/0x10
[  287.300674][ T6701]  vfs_write+0x24c/0x1150
[  287.305036][ T6701]  ? __pfx_vfs_write+0x10/0x10
[  287.309912][ T6701]  ? do_futex+0x123/0x350
[  287.314264][ T6701]  ? __pfx_do_futex+0x10/0x10
[  287.318991][ T6701]  ? __x64_sys_futex+0x1e1/0x4c0
[  287.323950][ T6701]  ? __x64_sys_futex+0x1ea/0x4c0
[  287.329007][ T6701]  ksys_write+0x12b/0x250
[  287.333364][ T6701]  ? __pfx_ksys_write+0x10/0x10
[  287.338250][ T6701]  do_syscall_64+0xcd/0x250
[  287.342781][ T6701]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.348702][ T6701] RIP: 0033:0x7f0421d8d169
[  287.353133][ T6701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  287.372756][ T6701] RSP: 002b:00007ffd378eab78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  287.381191][ T6701] RAX: ffffffffffffffda RBX: 00007f0421fa5fa0 RCX: 00007f0421d8d169
[  287.389259][ T6701] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  287.397243][ T6701] RBP: 00007f0421e0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  287.405240][ T6701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  287.413225][ T6701] R13: 00007f0421fa5fa0 R14: 00007f0421fa5fa0 R15: 0000000000000003
[  287.421247][ T6701]  </TASK>
[  287.424602][ T6701] Kernel Offset: disabled
[  287.428937][ T6701] Rebooting in 86400 seconds..