Warning: Permanently added '10.128.1.32' (ED25519) to the list of known hosts.
2024/12/22 12:53:40 ignoring optional flag "sandboxArg"="0"
2024/12/22 12:53:40 parsed 1 programs
[  263.571018][ T5859] cgroup: Unknown subsys name 'net'
[  263.697282][ T5859] cgroup: Unknown subsys name 'cpuset'
[  263.706321][ T5859] cgroup: Unknown subsys name 'rlimit'
[  265.454541][ T5859] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  268.249474][ T5867] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  269.658322][ T5890] chnl_net:caif_netlink_parms(): no params data found
[  269.723374][ T5890] bridge0: port 1(bridge_slave_0) entered blocking state
[  269.731282][ T5890] bridge0: port 1(bridge_slave_0) entered disabled state
[  269.740847][ T5890] bridge_slave_0: entered allmulticast mode
[  269.748835][ T5890] bridge_slave_0: entered promiscuous mode
[  269.758405][ T5890] bridge0: port 2(bridge_slave_1) entered blocking state
[  269.765655][ T5890] bridge0: port 2(bridge_slave_1) entered disabled state
[  269.772803][ T5890] bridge_slave_1: entered allmulticast mode
[  269.779840][ T5890] bridge_slave_1: entered promiscuous mode
[  269.807439][ T5890] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  269.819626][ T5890] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  269.850994][ T5890] team0: Port device team_slave_0 added
[  269.859632][ T5890] team0: Port device team_slave_1 added
[  269.881492][ T5890] batman_adv: batadv0: Adding interface: batadv_slave_0
[  269.889014][ T5890] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  269.914989][ T5890] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  269.927707][ T5890] batman_adv: batadv0: Adding interface: batadv_slave_1
[  269.934721][ T5890] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  269.960703][ T5890] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  269.997544][ T5890] hsr_slave_0: entered promiscuous mode
[  270.005067][ T5890] hsr_slave_1: entered promiscuous mode
[  270.161415][ T5890] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  270.171808][ T5890] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  270.182738][ T5890] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  270.192745][ T5890] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  270.229715][ T5890] bridge0: port 2(bridge_slave_1) entered blocking state
[  270.237009][ T5890] bridge0: port 2(bridge_slave_1) entered forwarding state
[  270.245170][ T5890] bridge0: port 1(bridge_slave_0) entered blocking state
[  270.252284][ T5890] bridge0: port 1(bridge_slave_0) entered forwarding state
[  270.309432][ T5890] 8021q: adding VLAN 0 to HW filter on device bond0
[  270.329082][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  270.338926][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  270.356828][ T5890] 8021q: adding VLAN 0 to HW filter on device team0
[  270.370679][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[  270.377861][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[  270.390709][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[  270.397889][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[  270.558487][ T5890] 8021q: adding VLAN 0 to HW filter on device batadv0
[  270.595636][ T5890] veth0_vlan: entered promiscuous mode
[  270.607679][ T5890] veth1_vlan: entered promiscuous mode
[  270.634610][ T5890] veth0_macvtap: entered promiscuous mode
[  270.644754][ T5890] veth1_macvtap: entered promiscuous mode
[  270.662289][ T5890] batman_adv: batadv0: Interface activated: batadv_slave_0
[  270.676478][ T5890] batman_adv: batadv0: Interface activated: batadv_slave_1
[  270.687538][ T5890] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  270.696608][ T5890] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  270.706875][ T5890] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  270.715895][ T5890] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  270.844500][   T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  270.930336][   T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  270.985687][   T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  271.056795][   T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  271.449411][ T5917] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  271.459126][ T5917] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  271.467260][ T5917] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  271.476915][ T5917] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  271.484810][ T5917] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  271.492179][ T5917] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  272.397353][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  272.407186][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  272.441594][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  272.449654][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2024/12/22 12:53:54 executed programs: 0
[  273.227154][ T5144] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  273.236768][ T5144] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  273.245342][ T5144] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  273.254432][ T5144] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  273.262461][ T5144] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  273.270271][ T5144] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  273.404314][ T5951] chnl_net:caif_netlink_parms(): no params data found
[  273.476206][ T5951] bridge0: port 1(bridge_slave_0) entered blocking state
[  273.483499][ T5951] bridge0: port 1(bridge_slave_0) entered disabled state
[  273.490670][ T5951] bridge_slave_0: entered allmulticast mode
[  273.497759][ T5951] bridge_slave_0: entered promiscuous mode
[  273.506093][ T5951] bridge0: port 2(bridge_slave_1) entered blocking state
[  273.513638][ T5951] bridge0: port 2(bridge_slave_1) entered disabled state
[  273.520814][ T5951] bridge_slave_1: entered allmulticast mode
[  273.528025][ T5951] bridge_slave_1: entered promiscuous mode
[  273.554175][ T5951] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  273.565854][ T5951] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  273.596227][ T5951] team0: Port device team_slave_0 added
[  273.605203][ T5951] team0: Port device team_slave_1 added
[  273.627586][ T5951] batman_adv: batadv0: Adding interface: batadv_slave_0
[  273.634972][ T5951] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  273.660965][ T5951] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  273.674216][ T5951] batman_adv: batadv0: Adding interface: batadv_slave_1
[  273.681210][ T5951] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  273.707500][ T5951] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  273.745709][ T5951] hsr_slave_0: entered promiscuous mode
[  273.752050][ T5951] hsr_slave_1: entered promiscuous mode
[  273.758589][ T5951] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  273.766518][ T5951] Cannot create hsr debugfs directory
[  274.365686][   T35] bridge_slave_1: left allmulticast mode
[  274.371599][   T35] bridge_slave_1: left promiscuous mode
[  274.381493][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  274.398573][   T35] bridge_slave_0: left allmulticast mode
[  274.404764][   T35] bridge_slave_0: left promiscuous mode
[  274.410562][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  274.768149][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  274.780810][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  274.796317][   T35] bond0 (unregistering): Released all slaves
[  274.971915][   T35] hsr_slave_0: left promiscuous mode
[  274.996772][   T35] hsr_slave_1: left promiscuous mode
[  275.006101][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  275.013675][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  275.021942][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  275.029624][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  275.057608][   T35] veth1_macvtap: left promiscuous mode
[  275.063679][   T35] veth0_macvtap: left promiscuous mode
[  275.069326][   T35] veth1_vlan: left promiscuous mode
[  275.075514][   T35] veth0_vlan: left promiscuous mode
[  275.344467][ T5917] Bluetooth: hci0: command tx timeout
[  275.514972][   T35] team0 (unregistering): Port device team_slave_1 removed
[  275.547296][   T35] team0 (unregistering): Port device team_slave_0 removed
[  275.992014][ T5951] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  276.018686][ T5951] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  276.030351][ T5951] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  276.047075][ T5951] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  276.143188][ T5951] 8021q: adding VLAN 0 to HW filter on device bond0
[  276.165320][ T5951] 8021q: adding VLAN 0 to HW filter on device team0
[  276.178872][ T2910] bridge0: port 1(bridge_slave_0) entered blocking state
[  276.186095][ T2910] bridge0: port 1(bridge_slave_0) entered forwarding state
[  276.199975][   T82] bridge0: port 2(bridge_slave_1) entered blocking state
[  276.207188][   T82] bridge0: port 2(bridge_slave_1) entered forwarding state
[  276.742292][ T5951] 8021q: adding VLAN 0 to HW filter on device batadv0
[  276.858906][ T5951] veth0_vlan: entered promiscuous mode
[  276.898026][ T5951] veth1_vlan: entered promiscuous mode
[  276.957159][ T5951] veth0_macvtap: entered promiscuous mode
[  277.074700][ T5951] veth1_macvtap: entered promiscuous mode
[  277.115946][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_0
[  277.175240][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_1
[  277.243605][ T5951] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  277.252384][ T5951] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  277.264792][ T5951] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  277.275250][ T5951] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  277.423229][ T5917] Bluetooth: hci0: command tx timeout
[  277.430154][ T3480] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  277.438701][ T3480] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  277.475316][   T82] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  277.494448][   T82] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2024/12/22 12:53:59 executed programs: 9
[  279.503007][ T5917] Bluetooth: hci0: command tx timeout
[  281.585454][ T5917] Bluetooth: hci0: command tx timeout
2024/12/22 12:54:04 executed programs: 79
2024/12/22 12:54:09 executed programs: 150
2024/12/22 12:54:15 executed programs: 221
2024/12/22 12:54:20 executed programs: 293
2024/12/22 12:54:25 executed programs: 364
2024/12/22 12:54:30 executed programs: 436
2024/12/22 12:54:35 executed programs: 519
[  318.508994][ T5144] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  318.523259][ T5144] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  318.539355][ T5144] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  318.549486][ T5144] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  318.558941][ T5144] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  318.566483][ T5144] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  318.672677][   T82] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  318.730174][   T82] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  318.742480][ T6609] chnl_net:caif_netlink_parms(): no params data found
[  318.787897][   T82] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  318.821387][ T6609] bridge0: port 1(bridge_slave_0) entered blocking state
[  318.829573][ T6609] bridge0: port 1(bridge_slave_0) entered disabled state
[  318.837189][ T6609] bridge_slave_0: entered allmulticast mode
[  318.845026][ T6609] bridge_slave_0: entered promiscuous mode
[  318.866488][   T82] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  318.879049][ T6609] bridge0: port 2(bridge_slave_1) entered blocking state
[  318.886608][ T6609] bridge0: port 2(bridge_slave_1) entered disabled state
[  318.893931][ T6609] bridge_slave_1: entered allmulticast mode
[  318.900750][ T6609] bridge_slave_1: entered promiscuous mode
[  318.929095][ T6609] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  318.940850][ T6609] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  319.005332][ T6609] team0: Port device team_slave_0 added
[  319.029180][ T6609] team0: Port device team_slave_1 added
[  319.035453][   T82] bridge_slave_1: left allmulticast mode
[  319.041169][   T82] bridge_slave_1: left promiscuous mode
[  319.047835][   T82] bridge0: port 2(bridge_slave_1) entered disabled state
[  319.056874][   T82] bridge_slave_0: left allmulticast mode
[  319.062536][   T82] bridge_slave_0: left promiscuous mode
[  319.068846][   T82] bridge0: port 1(bridge_slave_0) entered disabled state
[  319.323223][   T82] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  319.335831][   T82] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  319.346052][   T82] bond0 (unregistering): Released all slaves
[  319.380647][ T6609] batman_adv: batadv0: Adding interface: batadv_slave_0
[  319.388155][ T6609] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  319.414144][ T6609] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  319.427410][ T6609] batman_adv: batadv0: Adding interface: batadv_slave_1
[  319.434509][ T6609] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  319.460503][ T6609] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  319.521359][ T6609] hsr_slave_0: entered promiscuous mode
[  319.528320][ T6609] hsr_slave_1: entered promiscuous mode
[  319.693726][   T82] hsr_slave_0: left promiscuous mode
[  319.700129][   T82] hsr_slave_1: left promiscuous mode
[  319.706278][   T82] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  319.717047][   T82] batman_adv: batadv0: Removing interface: batadv_slave_0
[  319.725191][   T82] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  319.732632][   T82] batman_adv: batadv0: Removing interface: batadv_slave_1
[  319.755486][   T82] veth1_macvtap: left promiscuous mode
[  319.761191][   T82] veth0_macvtap: left promiscuous mode
[  319.770028][   T82] veth1_vlan: left promiscuous mode
[  319.776426][   T82] veth0_vlan: left promiscuous mode
[  320.178531][   T82] team0 (unregistering): Port device team_slave_1 removed
[  320.208307][   T82] team0 (unregistering): Port device team_slave_0 removed
[  320.625453][ T5917] Bluetooth: hci1: command tx timeout
[  320.900963][ T6609] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  320.917205][ T6609] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  320.928344][ T6609] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  320.939032][ T6609] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  321.017459][ T6609] 8021q: adding VLAN 0 to HW filter on device bond0
[  321.039680][ T6609] 8021q: adding VLAN 0 to HW filter on device team0
[  321.054192][   T82] bridge0: port 1(bridge_slave_0) entered blocking state
[  321.061318][   T82] bridge0: port 1(bridge_slave_0) entered forwarding state
[  321.075733][   T82] bridge0: port 2(bridge_slave_1) entered blocking state
[  321.082987][   T82] bridge0: port 2(bridge_slave_1) entered forwarding state
[  321.300599][ T6609] 8021q: adding VLAN 0 to HW filter on device batadv0
[  321.346883][ T6609] veth0_vlan: entered promiscuous mode
[  321.360592][ T6609] veth1_vlan: entered promiscuous mode
[  321.395888][ T6609] veth0_macvtap: entered promiscuous mode
[  321.407845][ T6609] veth1_macvtap: entered promiscuous mode
[  321.429552][ T6609] batman_adv: batadv0: Interface activated: batadv_slave_0
[  321.446048][ T6609] batman_adv: batadv0: Interface activated: batadv_slave_1
[  321.460414][ T6609] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  321.470395][ T6609] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  321.480768][ T6609] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  321.490498][ T6609] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  321.574718][ T3480] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  321.582609][ T3480] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
2024/12/22 12:54:43 executed programs: 602
[  321.636334][   T82] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  321.646482][   T82] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  321.765342][ T6672] ==================================================================
[  321.773470][ T6672] BUG: KASAN: slab-use-after-free in force_devcd_write+0x31f/0x350
[  321.781412][ T6672] Read of size 8 at addr ffff88807b71a800 by task syz.0.616/6672
[  321.789168][ T6672] 
[  321.791539][ T6672] CPU: 0 UID: 0 PID: 6672 Comm: syz.0.616 Not tainted 6.13.0-rc3-syzkaller-00289-g48f506ad0b68 #0
[  321.802167][ T6672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  321.812271][ T6672] Call Trace:
[  321.815578][ T6672]  <TASK>
[  321.818540][ T6672]  dump_stack_lvl+0x116/0x1f0
[  321.823278][ T6672]  print_report+0xc3/0x620
[  321.827741][ T6672]  ? __virt_addr_valid+0x5e/0x590
[  321.832792][ T6672]  ? __phys_addr+0xc6/0x150
[  321.837331][ T6672]  kasan_report+0xd9/0x110
[  321.841780][ T6672]  ? force_devcd_write+0x31f/0x350
[  321.846916][ T6672]  ? force_devcd_write+0x31f/0x350
[  321.852058][ T6672]  force_devcd_write+0x31f/0x350
[  321.857025][ T6672]  ? __pfx_force_devcd_write+0x10/0x10
[  321.862503][ T6672]  ? debugfs_file_get+0x21c/0x5c0
[  321.867575][ T6672]  ? __pfx_debugfs_file_get+0x10/0x10
[  321.872979][ T6672]  ? rcu_is_watching+0x12/0xc0
[  321.877769][ T6672]  ? trace_lock_acquire+0x14e/0x1f0
[  321.882998][ T6672]  full_proxy_write+0xfb/0x1b0
[  321.887790][ T6672]  ? __pfx_full_proxy_write+0x10/0x10
[  321.893187][ T6672]  vfs_write+0x24c/0x1150
[  321.897542][ T6672]  ? __pfx_vfs_write+0x10/0x10
[  321.902328][ T6672]  ? do_futex+0x123/0x350
[  321.906688][ T6672]  ? __pfx_do_futex+0x10/0x10
[  321.911440][ T6672]  ? __x64_sys_futex+0x1e1/0x4c0
[  321.916413][ T6672]  ? __x64_sys_futex+0x1ea/0x4c0
[  321.921387][ T6672]  ksys_write+0x12b/0x250
[  321.925747][ T6672]  ? __pfx_ksys_write+0x10/0x10
[  321.930626][ T6672]  do_syscall_64+0xcd/0x250
[  321.935248][ T6672]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.941174][ T6672] RIP: 0033:0x7f05f2385d29
[  321.945608][ T6672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  321.965520][ T6672] RSP: 002b:00007ffeeaf58f08 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  321.973958][ T6672] RAX: ffffffffffffffda RBX: 00007f05f2575fa0 RCX: 00007f05f2385d29
[  321.982029][ T6672] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  321.990014][ T6672] RBP: 00007f05f2401aa8 R08: 0000000000000000 R09: 0000000000000000
[  321.998001][ T6672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  322.005988][ T6672] R13: 00007f05f2575fa0 R14: 00007f05f2575fa0 R15: 00000000000018c5
[  322.013982][ T6672]  </TASK>
[  322.017019][ T6672] 
[  322.019355][ T6672] Allocated by task 5951:
[  322.023688][ T6672]  kasan_save_stack+0x33/0x60
[  322.028402][ T6672]  kasan_save_track+0x14/0x30
[  322.033100][ T6672]  __kasan_kmalloc+0xaa/0xb0
[  322.037711][ T6672]  vhci_open+0x4c/0x430
[  322.041885][ T6672]  misc_open+0x35a/0x420
[  322.046149][ T6672]  chrdev_open+0x237/0x6a0
[  322.050587][ T6672]  do_dentry_open+0xf59/0x1ea0
[  322.055374][ T6672]  vfs_open+0x82/0x3f0
[  322.059469][ T6672]  path_openat+0x1e6a/0x2d60
[  322.064101][ T6672]  do_filp_open+0x20c/0x470
[  322.068625][ T6672]  do_sys_openat2+0x17a/0x1e0
[  322.073333][ T6672]  __x64_sys_openat+0x175/0x210
[  322.078215][ T6672]  do_syscall_64+0xcd/0x250
[  322.082745][ T6672]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.088663][ T6672] 
[  322.091020][ T6672] Freed by task 5951:
[  322.095006][ T6672]  kasan_save_stack+0x33/0x60
[  322.099714][ T6672]  kasan_save_track+0x14/0x30
[  322.104407][ T6672]  kasan_save_free_info+0x3b/0x60
[  322.109446][ T6672]  __kasan_slab_free+0x51/0x70
[  322.114234][ T6672]  kfree+0x14f/0x4b0
[  322.118150][ T6672]  vhci_release+0xbb/0xf0
[  322.122509][ T6672]  __fput+0x3f8/0xb60
[  322.126517][ T6672]  task_work_run+0x14e/0x250
[  322.131136][ T6672]  do_exit+0xad8/0x2d70
[  322.135333][ T6672]  do_group_exit+0xd3/0x2a0
[  322.139863][ T6672]  get_signal+0x2576/0x2610
[  322.144483][ T6672]  arch_do_signal_or_restart+0x90/0x7e0
[  322.150066][ T6672]  syscall_exit_to_user_mode+0x150/0x2a0
[  322.155738][ T6672]  do_syscall_64+0xda/0x250
[  322.160279][ T6672]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.166205][ T6672] 
[  322.168537][ T6672] The buggy address belongs to the object at ffff88807b71a800
[  322.168537][ T6672]  which belongs to the cache kmalloc-1k of size 1024
[  322.182673][ T6672] The buggy address is located 0 bytes inside of
[  322.182673][ T6672]  freed 1024-byte region [ffff88807b71a800, ffff88807b71ac00)
[  322.196399][ T6672] 
[  322.198729][ T6672] The buggy address belongs to the physical page:
[  322.205151][ T6672] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b718
[  322.213937][ T6672] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  322.222450][ T6672] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  322.230006][ T6672] page_type: f5(slab)
[  322.234006][ T6672] raw: 00fff00000000040 ffff88801ac41dc0 ffffea00008aca00 dead000000000002
[  322.242609][ T6672] raw: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000
[  322.251219][ T6672] head: 00fff00000000040 ffff88801ac41dc0 ffffea00008aca00 dead000000000002
[  322.259908][ T6672] head: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000
[  322.268608][ T6672] head: 00fff00000000003 ffffea0001edc601 ffffffffffffffff 0000000000000000
[  322.277308][ T6672] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  322.286074][ T6672] page dumped because: kasan: bad access detected
[  322.292540][ T6672] page_owner tracks the page as allocated
[  322.298279][ T6672] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1204, tgid 1204 (kworker/0:2), ts 63786624964, free_ts 63759028198
[  322.317492][ T6672]  post_alloc_hook+0x2d1/0x350
[  322.322283][ T6672]  get_page_from_freelist+0xfce/0x2f80
[  322.327766][ T6672]  __alloc_pages_noprof+0x223/0x25b0
[  322.333109][ T6672]  alloc_pages_mpol_noprof+0x2c9/0x610
[  322.338608][ T6672]  new_slab+0x2c9/0x410
[  322.342781][ T6672]  ___slab_alloc+0xce2/0x1650
[  322.347484][ T6672]  __slab_alloc.constprop.0+0x56/0xb0
[  322.352878][ T6672]  __kmalloc_noprof+0x2de/0x4f0
[  322.357757][ T6672]  ___neigh_create+0x1530/0x2990
[  322.362726][ T6672]  ip6_finish_output2+0x111b/0x2070
[  322.367951][ T6672]  ip6_finish_output+0x3f9/0x1360
[  322.373022][ T6672]  ip6_output+0x1f8/0x540
[  322.377379][ T6672]  mld_sendpack+0x9f0/0x11d0
[  322.381991][ T6672]  mld_ifc_work+0x740/0xca0
[  322.386526][ T6672]  process_one_work+0x958/0x1b30
[  322.391492][ T6672]  worker_thread+0x6c8/0xf00
[  322.396109][ T6672] page last free pid 5499 tgid 5499 stack trace:
[  322.402465][ T6672]  free_unref_page+0x661/0x1080
[  322.407359][ T6672]  __put_partials+0x14c/0x170
[  322.412121][ T6672]  qlist_free_all+0x4e/0x120
[  322.416743][ T6672]  kasan_quarantine_reduce+0x195/0x1e0
[  322.422257][ T6672]  __kasan_slab_alloc+0x69/0x90
[  322.427138][ T6672]  kmem_cache_alloc_node_noprof+0x1ca/0x3b0
[  322.433064][ T6672]  __alloc_skb+0x2b3/0x380
[  322.437508][ T6672]  netlink_ack+0x164/0xb20
[  322.441943][ T6672]  netlink_rcv_skb+0x327/0x410
[  322.446725][ T6672]  genl_rcv+0x28/0x40
[  322.450728][ T6672]  netlink_unicast+0x53c/0x7f0
[  322.455511][ T6672]  netlink_sendmsg+0x8b8/0xd70
[  322.460291][ T6672]  ____sys_sendmsg+0x9ae/0xb40
[  322.465076][ T6672]  ___sys_sendmsg+0x135/0x1e0
[  322.469798][ T6672]  __sys_sendmsg+0x16e/0x220
[  322.474418][ T6672]  do_syscall_64+0xcd/0x250
[  322.478945][ T6672] 
[  322.481274][ T6672] Memory state around the buggy address:
[  322.486914][ T6672]  ffff88807b71a700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  322.494986][ T6672]  ffff88807b71a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  322.503060][ T6672] >ffff88807b71a800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  322.511127][ T6672]                    ^
[  322.515200][ T6672]  ffff88807b71a880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  322.523274][ T6672]  ffff88807b71a900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  322.531342][ T6672] ==================================================================
[  322.601630][ T6672] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  322.608894][ T6672] CPU: 0 UID: 0 PID: 6672 Comm: syz.0.616 Not tainted 6.13.0-rc3-syzkaller-00289-g48f506ad0b68 #0
[  322.619528][ T6672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  322.629706][ T6672] Call Trace:
[  322.633018][ T6672]  <TASK>
[  322.635991][ T6672]  dump_stack_lvl+0x3d/0x1f0
[  322.640639][ T6672]  panic+0x71d/0x800
[  322.644611][ T6672]  ? __pfx_panic+0x10/0x10
[  322.649093][ T6672]  ? preempt_schedule_thunk+0x1a/0x30
[  322.654521][ T6672]  ? preempt_schedule_common+0x44/0xc0
[  322.660030][ T6672]  ? check_panic_on_warn+0x1f/0xb0
[  322.665202][ T6672]  check_panic_on_warn+0xab/0xb0
[  322.670198][ T6672]  end_report+0x117/0x180
[  322.674584][ T6672]  kasan_report+0xe9/0x110
[  322.679056][ T6672]  ? force_devcd_write+0x31f/0x350
[  322.684219][ T6672]  ? force_devcd_write+0x31f/0x350
[  322.689384][ T6672]  force_devcd_write+0x31f/0x350
[  322.694372][ T6672]  ? __pfx_force_devcd_write+0x10/0x10
[  322.699886][ T6672]  ? debugfs_file_get+0x21c/0x5c0
[  322.704967][ T6672]  ? __pfx_debugfs_file_get+0x10/0x10
[  322.710403][ T6672]  ? rcu_is_watching+0x12/0xc0
[  322.715225][ T6672]  ? trace_lock_acquire+0x14e/0x1f0
[  322.720524][ T6672]  full_proxy_write+0xfb/0x1b0
[  322.725346][ T6672]  ? __pfx_full_proxy_write+0x10/0x10
[  322.730785][ T6672]  vfs_write+0x24c/0x1150
[  322.735172][ T6672]  ? __pfx_vfs_write+0x10/0x10
[  322.740012][ T6672]  ? do_futex+0x123/0x350
[  322.744445][ T6672]  ? __pfx_do_futex+0x10/0x10
[  322.749189][ T6672]  ? __x64_sys_futex+0x1e1/0x4c0
[  322.754188][ T6672]  ? __x64_sys_futex+0x1ea/0x4c0
[  322.759188][ T6672]  ksys_write+0x12b/0x250
[  322.763568][ T6672]  ? __pfx_ksys_write+0x10/0x10
[  322.768473][ T6672]  do_syscall_64+0xcd/0x250
[  322.773033][ T6672]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.778989][ T6672] RIP: 0033:0x7f05f2385d29
[  322.783444][ T6672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  322.803101][ T6672] RSP: 002b:00007ffeeaf58f08 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  322.811580][ T6672] RAX: ffffffffffffffda RBX: 00007f05f2575fa0 RCX: 00007f05f2385d29
[  322.819594][ T6672] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  322.827608][ T6672] RBP: 00007f05f2401aa8 R08: 0000000000000000 R09: 0000000000000000
[  322.835739][ T6672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  322.843775][ T6672] R13: 00007f05f2575fa0 R14: 00007f05f2575fa0 R15: 00000000000018c5
[  322.851794][ T6672]  </TASK>
[  322.855206][ T6672] Kernel Offset: disabled
[  322.859545][ T6672] Rebooting in 86400 seconds..