Warning: Permanently added '10.128.1.179' (ED25519) to the list of known hosts. 2025/06/01 04:54:37 ignoring optional flag "sandboxArg"="0" 2025/06/01 04:54:39 parsed 1 programs [ 154.251040][ T6369] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 157.061881][ T5149] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 157.071567][ T5149] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 157.080702][ T5149] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 157.089436][ T5149] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 157.099115][ T5149] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 158.336075][ T1316] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 158.344220][ T1316] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 158.385163][ T1316] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 158.393686][ T1316] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 160.149733][ T6417] chnl_net:caif_netlink_parms(): no params data found [ 160.228028][ T6417] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.237657][ T6417] bridge0: port 1(bridge_slave_0) entered disabled state [ 160.246297][ T6417] bridge_slave_0: entered allmulticast mode [ 160.255250][ T6417] bridge_slave_0: entered promiscuous mode [ 160.264213][ T6417] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.272064][ T6417] bridge0: port 2(bridge_slave_1) entered disabled state [ 160.279635][ T6417] bridge_slave_1: entered allmulticast mode [ 160.288246][ T6417] bridge_slave_1: entered promiscuous mode [ 160.323443][ T6417] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 160.336313][ T6417] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 160.373634][ T6417] team0: Port device team_slave_0 added [ 160.383212][ T6417] team0: Port device team_slave_1 added [ 160.414293][ T6417] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 160.422243][ T6417] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 160.449957][ T6417] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 160.463083][ T6417] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 160.470655][ T6417] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 160.497877][ T6417] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 160.545237][ T6417] hsr_slave_0: entered promiscuous mode [ 160.552324][ T6417] hsr_slave_1: entered promiscuous mode [ 161.310675][ T6417] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 161.325850][ T6417] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 161.342186][ T6417] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 161.358178][ T6417] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 161.498613][ T6417] 8021q: adding VLAN 0 to HW filter on device bond0 [ 161.537493][ T6417] 8021q: adding VLAN 0 to HW filter on device team0 [ 161.554590][ T4059] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.563439][ T4059] bridge0: port 1(bridge_slave_0) entered forwarding state [ 161.587119][ T4059] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.595597][ T4059] bridge0: port 2(bridge_slave_1) entered forwarding state [ 161.933912][ T6417] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 162.007468][ T6417] veth0_vlan: entered promiscuous mode [ 162.026860][ T6417] veth1_vlan: entered promiscuous mode [ 162.078198][ T6417] veth0_macvtap: entered promiscuous mode [ 162.095381][ T6417] veth1_macvtap: entered promiscuous mode [ 162.129820][ T6417] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 162.153728][ T6417] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 162.169589][ T6417] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.184895][ T6417] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.195776][ T6417] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.206678][ T6417] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.457609][ T1316] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.548663][ T1316] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.648945][ T1316] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.753854][ T1316] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.639075][ T1316] bridge_slave_1: left allmulticast mode [ 164.671626][ T1316] bridge_slave_1: left promiscuous mode [ 164.677619][ T1316] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.755957][ T1316] bridge_slave_0: left allmulticast mode [ 164.778788][ T1316] bridge_slave_0: left promiscuous mode [ 164.785402][ T1316] bridge0: port 1(bridge_slave_0) entered disabled state 2025/06/01 04:54:56 executed programs: 0 [ 165.697636][ T1316] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 165.738010][ T5850] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 165.747011][ T5850] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 165.762315][ T5850] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 165.790633][ T1316] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 165.800049][ T5850] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 165.808330][ T5850] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 165.818092][ T1316] bond0 (unregistering): Released all slaves [ 165.962076][ T1316] hsr_slave_0: left promiscuous mode [ 165.968812][ T1316] hsr_slave_1: left promiscuous mode [ 165.977305][ T1316] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 165.986530][ T1316] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 165.995829][ T1316] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 166.004971][ T1316] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 166.032428][ T1316] veth1_macvtap: left promiscuous mode [ 166.038453][ T1316] veth0_macvtap: left promiscuous mode [ 166.045560][ T1316] veth1_vlan: left promiscuous mode [ 166.051297][ T1316] veth0_vlan: left promiscuous mode [ 166.666545][ T1316] team0 (unregistering): Port device team_slave_1 removed [ 166.715211][ T1316] team0 (unregistering): Port device team_slave_0 removed [ 167.407468][ T6542] chnl_net:caif_netlink_parms(): no params data found [ 167.592699][ T6542] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.600180][ T6542] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.609183][ T6542] bridge_slave_0: entered allmulticast mode [ 167.619185][ T6542] bridge_slave_0: entered promiscuous mode [ 167.629791][ T6542] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.639070][ T6542] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.646602][ T6542] bridge_slave_1: entered allmulticast mode [ 167.655300][ T6542] bridge_slave_1: entered promiscuous mode [ 167.702325][ T6542] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 167.719241][ T6542] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 167.920881][ T5149] Bluetooth: hci0: command tx timeout [ 168.183825][ T6542] team0: Port device team_slave_0 added [ 168.200573][ T6542] team0: Port device team_slave_1 added [ 168.393925][ T6542] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 168.412142][ T6542] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 168.442180][ T6542] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 168.456971][ T6542] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 168.471958][ T6542] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 168.502184][ T6542] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 168.631427][ T6542] hsr_slave_0: entered promiscuous mode [ 168.638956][ T6542] hsr_slave_1: entered promiscuous mode [ 169.286285][ T6542] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 169.299135][ T6542] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 169.313032][ T6542] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 169.327018][ T6542] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 169.457892][ T6542] 8021q: adding VLAN 0 to HW filter on device bond0 [ 169.495530][ T6542] 8021q: adding VLAN 0 to HW filter on device team0 [ 169.516833][ T1316] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.524599][ T1316] bridge0: port 1(bridge_slave_0) entered forwarding state [ 169.549902][ T4059] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.558121][ T4059] bridge0: port 2(bridge_slave_1) entered forwarding state [ 169.917214][ T6542] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 169.982779][ T6542] veth0_vlan: entered promiscuous mode [ 169.998687][ T6542] veth1_vlan: entered promiscuous mode [ 170.005674][ T5149] Bluetooth: hci0: command tx timeout [ 170.044588][ T6542] veth0_macvtap: entered promiscuous mode [ 170.059038][ T6542] veth1_macvtap: entered promiscuous mode [ 170.096547][ T6542] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 170.118117][ T6542] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 170.137754][ T6542] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 170.148002][ T6542] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 170.159823][ T6542] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 170.171776][ T6542] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 170.294313][ T4059] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 170.310099][ T4059] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 170.352670][ T1316] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 170.362192][ T1316] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2025/06/01 04:55:01 executed programs: 7 [ 172.082427][ T5149] Bluetooth: hci0: command tx timeout [ 174.165240][ T5149] Bluetooth: hci0: command tx timeout 2025/06/01 04:55:06 executed programs: 145 2025/06/01 04:55:11 executed programs: 309 2025/06/01 04:55:16 executed programs: 559 [ 186.668787][ T5850] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 186.678613][ T5850] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 186.688205][ T5850] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 186.702500][ T5850] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 186.711790][ T5850] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 186.884134][ T799] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.908626][ T8014] chnl_net:caif_netlink_parms(): no params data found [ 186.968838][ T799] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 187.016180][ T8014] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.023996][ T8014] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.031714][ T8014] bridge_slave_0: entered allmulticast mode [ 187.039376][ T8014] bridge_slave_0: entered promiscuous mode [ 187.057380][ T799] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 187.074301][ T8014] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.082219][ T8014] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.089708][ T8014] bridge_slave_1: entered allmulticast mode [ 187.098718][ T8014] bridge_slave_1: entered promiscuous mode [ 187.147503][ T799] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 187.167075][ T8014] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 187.179112][ T8014] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 187.222434][ T8014] team0: Port device team_slave_0 added [ 187.234199][ T8014] team0: Port device team_slave_1 added [ 187.272482][ T8014] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 187.279522][ T8014] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 187.308522][ T8014] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 187.337725][ T8014] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 187.350496][ T8014] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 187.386204][ T8014] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 187.486746][ T8014] hsr_slave_0: entered promiscuous mode [ 187.494414][ T8014] hsr_slave_1: entered promiscuous mode [ 187.502542][ T8014] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 187.511603][ T8014] Cannot create hsr debugfs directory [ 187.519418][ T799] bridge_slave_1: left allmulticast mode [ 187.526093][ T799] bridge_slave_1: left promiscuous mode [ 187.532162][ T799] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.543515][ T799] bridge_slave_0: left allmulticast mode [ 187.550454][ T799] bridge_slave_0: left promiscuous mode [ 187.556894][ T799] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.843185][ T799] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 187.854686][ T799] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 187.865147][ T799] bond0 (unregistering): Released all slaves [ 188.174927][ T799] hsr_slave_0: left promiscuous mode [ 188.181861][ T799] hsr_slave_1: left promiscuous mode [ 188.188635][ T799] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 188.198642][ T799] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 188.217949][ T799] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 188.226363][ T799] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 188.254933][ T799] veth1_macvtap: left promiscuous mode [ 188.260946][ T799] veth0_macvtap: left promiscuous mode [ 188.266852][ T799] veth1_vlan: left promiscuous mode [ 188.274934][ T799] veth0_vlan: left promiscuous mode [ 188.800567][ T5149] Bluetooth: hci1: command tx timeout [ 188.881555][ T799] team0 (unregistering): Port device team_slave_1 removed [ 188.916930][ T799] team0 (unregistering): Port device team_slave_0 removed [ 189.608424][ T8014] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 189.631119][ T8014] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 189.661082][ T8014] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 189.678788][ T8014] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 189.808216][ T8014] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.848472][ T8014] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.866567][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.874207][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 189.901311][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.908891][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.246194][ T8014] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 190.313497][ T8014] veth0_vlan: entered promiscuous mode [ 190.329280][ T8014] veth1_vlan: entered promiscuous mode [ 190.369619][ T8014] veth0_macvtap: entered promiscuous mode [ 190.383535][ T8014] veth1_macvtap: entered promiscuous mode [ 190.426979][ T8014] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 190.454191][ T8014] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 190.475998][ T8014] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.488680][ T8014] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.499308][ T8014] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.512772][ T8014] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.634358][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.658631][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 190.699795][ T4059] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.708893][ T4059] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 190.802555][ T8071] ================================================================== [ 190.810953][ T8071] BUG: KASAN: slab-use-after-free in force_devcd_write+0x312/0x340 [ 190.819175][ T8071] Read of size 8 at addr ffff88802978f800 by task syz.0.616/8071 [ 190.827363][ T8071] [ 190.829810][ T8071] CPU: 1 UID: 0 PID: 8071 Comm: syz.0.616 Not tainted 6.15.0-syzkaller-g7d4e49a77d99 #0 PREEMPT(full) [ 190.829841][ T8071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 190.829855][ T8071] Call Trace: [ 190.829869][ T8071] [ 190.829885][ T8071] dump_stack_lvl+0x116/0x1f0 [ 190.829923][ T8071] print_report+0xcd/0x680 [ 190.829954][ T8071] ? __virt_addr_valid+0x81/0x610 [ 190.829989][ T8071] ? __phys_addr+0xe8/0x180 [ 190.830021][ T8071] ? force_devcd_write+0x312/0x340 [ 190.830055][ T8071] kasan_report+0xe0/0x110 [ 190.830099][ T8071] ? force_devcd_write+0x312/0x340 [ 190.830147][ T8071] force_devcd_write+0x312/0x340 [ 190.830189][ T8071] ? __pfx_force_devcd_write+0x10/0x10 [ 190.830246][ T8071] ? __debugfs_file_get+0x1fe/0x840 [ 190.830289][ T8071] ? __pfx___debugfs_file_get+0x10/0x10 [ 190.830333][ T8071] full_proxy_write+0x13c/0x200 [ 190.830373][ T8071] ? __pfx_full_proxy_write+0x10/0x10 [ 190.830411][ T8071] vfs_write+0x2a0/0x1150 [ 190.830446][ T8071] ? __pfx___mutex_lock+0x10/0x10 [ 190.830480][ T8071] ? __pfx_vfs_write+0x10/0x10 [ 190.830519][ T8071] ? __fget_files+0x20e/0x3c0 [ 190.830551][ T8071] ksys_write+0x12a/0x250 [ 190.830578][ T8071] ? __pfx_ksys_write+0x10/0x10 [ 190.830611][ T8071] do_syscall_64+0xcd/0x490 [ 190.830644][ T8071] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.830668][ T8071] RIP: 0033:0x7f6ca918d169 [ 190.830687][ T8071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 190.830710][ T8071] RSP: 002b:00007f6ca9faa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 190.830739][ T8071] RAX: ffffffffffffffda RBX: 00007f6ca93a5fa0 RCX: 00007f6ca918d169 [ 190.830755][ T8071] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003 [ 190.830769][ T8071] RBP: 00007f6ca920e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 190.830782][ T8071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 190.830796][ T8071] R13: 0000000000000000 R14: 00007f6ca93a5fa0 R15: 00007ffce72962a8 [ 190.830817][ T8071] [ 190.830825][ T8071] [ 191.054839][ T8071] Allocated by task 6542: [ 191.059535][ T8071] kasan_save_stack+0x33/0x60 [ 191.064318][ T8071] kasan_save_track+0x14/0x30 [ 191.069304][ T8071] __kasan_kmalloc+0xaa/0xb0 [ 191.074006][ T8071] vhci_open+0x4c/0x430 [ 191.078377][ T8071] misc_open+0x35d/0x420 [ 191.082753][ T8071] chrdev_open+0x234/0x6a0 [ 191.087206][ T8071] do_dentry_open+0x741/0x1c10 [ 191.091994][ T8071] vfs_open+0x82/0x3f0 [ 191.096289][ T8071] path_openat+0x1de4/0x2cb0 [ 191.101103][ T8071] do_filp_open+0x20b/0x470 [ 191.105943][ T8071] do_sys_openat2+0x11b/0x1d0 [ 191.110987][ T8071] __x64_sys_openat+0x174/0x210 [ 191.115939][ T8071] do_syscall_64+0xcd/0x490 [ 191.120589][ T8071] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.126845][ T8071] [ 191.129180][ T8071] Freed by task 6542: [ 191.133965][ T8071] kasan_save_stack+0x33/0x60 [ 191.139424][ T8071] kasan_save_track+0x14/0x30 [ 191.144127][ T8071] kasan_save_free_info+0x3b/0x60 [ 191.149276][ T8071] __kasan_slab_free+0x51/0x70 [ 191.154365][ T8071] kfree+0x2b4/0x4d0 [ 191.158350][ T8071] vhci_release+0xbb/0xf0 [ 191.162810][ T8071] __fput+0x3ff/0xb70 [ 191.167012][ T8071] task_work_run+0x150/0x240 [ 191.171926][ T8071] do_exit+0x864/0x2bd0 [ 191.176104][ T8071] do_group_exit+0xd3/0x2a0 [ 191.180797][ T8071] get_signal+0x2673/0x26d0 [ 191.185327][ T8071] arch_do_signal_or_restart+0x8f/0x790 [ 191.191079][ T8071] exit_to_user_mode_loop+0x84/0x110 [ 191.196649][ T8071] do_syscall_64+0x3f6/0x490 [ 191.201615][ T8071] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.207908][ T8071] [ 191.210768][ T8071] The buggy address belongs to the object at ffff88802978f800 [ 191.210768][ T8071] which belongs to the cache kmalloc-1k of size 1024 [ 191.225562][ T8071] The buggy address is located 0 bytes inside of [ 191.225562][ T8071] freed 1024-byte region [ffff88802978f800, ffff88802978fc00) [ 191.240008][ T8071] [ 191.242370][ T8071] The buggy address belongs to the physical page: [ 191.249014][ T8071] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29788 [ 191.258184][ T8071] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 191.267062][ T8071] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 191.274976][ T8071] page_type: f5(slab) [ 191.279060][ T8071] raw: 00fff00000000040 ffff88801b441dc0 dead000000000100 dead000000000122 [ 191.287933][ T8071] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 191.296727][ T8071] head: 00fff00000000040 ffff88801b441dc0 dead000000000100 dead000000000122 [ 191.305968][ T8071] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 191.314997][ T8071] head: 00fff00000000003 ffffea0000a5e201 00000000ffffffff 00000000ffffffff [ 191.324473][ T8071] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 191.333544][ T8071] page dumped because: kasan: bad access detected [ 191.340421][ T8071] page_owner tracks the page as allocated [ 191.346243][ T8071] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5712, tgid 5712 (dhcpcd-run-hook), ts 83413480263, free_ts 74702645835 [ 191.368614][ T8071] post_alloc_hook+0x1c0/0x230 [ 191.373597][ T8071] get_page_from_freelist+0x1321/0x3890 [ 191.379167][ T8071] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 191.385368][ T8071] alloc_pages_mpol+0x1fb/0x550 [ 191.390623][ T8071] new_slab+0x23b/0x330 [ 191.394894][ T8071] ___slab_alloc+0xd9c/0x1940 [ 191.399588][ T8071] __slab_alloc.constprop.0+0x56/0xb0 [ 191.404991][ T8071] __kmalloc_noprof+0x2f2/0x510 [ 191.409878][ T8071] load_elf_phdrs+0x102/0x210 [ 191.414677][ T8071] load_elf_binary+0x14c1/0x4f00 [ 191.419895][ T8071] bprm_execve+0x8c0/0x1650 [ 191.424562][ T8071] do_execveat_common.isra.0+0x4a5/0x610 [ 191.431025][ T8071] __x64_sys_execve+0x8e/0xb0 [ 191.435871][ T8071] do_syscall_64+0xcd/0x490 [ 191.440540][ T8071] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.447439][ T8071] page last free pid 5493 tgid 5493 stack trace: [ 191.454524][ T8071] __free_frozen_pages+0x7fe/0x1180 [ 191.461182][ T8071] __put_partials+0x16d/0x1c0 [ 191.466612][ T8071] qlist_free_all+0x4d/0x120 [ 191.471672][ T8071] kasan_quarantine_reduce+0x195/0x1e0 [ 191.477687][ T8071] __kasan_slab_alloc+0x69/0x90 [ 191.482837][ T8071] kmem_cache_alloc_node_noprof+0x1d5/0x3b0 [ 191.488759][ T8071] __alloc_skb+0x2b2/0x380 [ 191.493988][ T8071] alloc_skb_with_frags+0xe0/0x860 [ 191.499423][ T8071] sock_alloc_send_pskb+0x7fb/0x990 [ 191.505016][ T8071] unix_dgram_sendmsg+0x41a/0x1840 [ 191.510339][ T8071] unix_seqpacket_sendmsg+0x12a/0x1c0 [ 191.516198][ T8071] sock_write_iter+0x4ff/0x5b0 [ 191.521009][ T8071] vfs_write+0x6c7/0x1150 [ 191.525551][ T8071] ksys_write+0x1f8/0x250 [ 191.530251][ T8071] do_syscall_64+0xcd/0x490 [ 191.535346][ T8071] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.541457][ T8071] [ 191.544193][ T8071] Memory state around the buggy address: [ 191.550343][ T8071] ffff88802978f700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 191.558992][ T8071] ffff88802978f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 191.567606][ T8071] >ffff88802978f800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 191.576045][ T8071] ^ [ 191.580430][ T8071] ffff88802978f880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 191.588723][ T8071] ffff88802978f900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 191.597267][ T8071] ================================================================== [ 191.616676][ T5149] Bluetooth: hci1: command tx timeout [ 191.624629][ T5149] BUG: unable to handle page fault for address: ffffc9000b2d1084 [ 191.633107][ T5149] #PF: supervisor read access in kernel mode [ 191.639136][ T5149] #PF: error_code(0x0000) - not-present page [ 191.645435][ T5149] PGD 1b400067 P4D 1b400067 PUD 1c2f1067 PMD 14c052067 PTE 0 [ 191.653591][ T5149] Oops: Oops: 0000 [#1] SMP KASAN PTI [ 191.659449][ T5149] CPU: 1 UID: 0 PID: 5149 Comm: kworker/u9:1 Not tainted 6.15.0-syzkaller-g7d4e49a77d99 #0 PREEMPT(full) [ 191.671363][ T5149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 191.681807][ T8071] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 192.815015][ T8071] Shutting down cpus with NMI [ 192.828629][ T8071] Kernel Offset: disabled [ 192.832985][ T8071] Rebooting in 86400 seconds..