Warning: Permanently added '10.128.1.29' (ED25519) to the list of known hosts.
2025/06/01 05:27:52 ignoring optional flag "sandboxArg"="0"
2025/06/01 05:27:53 parsed 1 programs
[  129.055471][ T6305] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  131.968319][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  131.982772][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  132.008871][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  132.017111][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  132.918041][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  132.924631][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  133.467767][ T6344] chnl_net:caif_netlink_parms(): no params data found
[  133.545162][ T6344] bridge0: port 1(bridge_slave_0) entered blocking state
[  133.553965][ T6344] bridge0: port 1(bridge_slave_0) entered disabled state
[  133.561208][ T6344] bridge_slave_0: entered allmulticast mode
[  133.568960][ T6344] bridge_slave_0: entered promiscuous mode
[  133.579977][ T6344] bridge0: port 2(bridge_slave_1) entered blocking state
[  133.587290][ T6344] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.594565][ T6344] bridge_slave_1: entered allmulticast mode
[  133.601561][ T6344] bridge_slave_1: entered promiscuous mode
[  133.631116][ T6344] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  133.643670][ T6344] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  133.685143][ T6344] team0: Port device team_slave_0 added
[  133.697884][ T6344] team0: Port device team_slave_1 added
[  133.725611][ T6344] batman_adv: batadv0: Adding interface: batadv_slave_0
[  133.733654][ T6344] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  133.760222][ T6344] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  133.773151][ T6344] batman_adv: batadv0: Adding interface: batadv_slave_1
[  133.780398][ T6344] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  133.806849][ T6344] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  133.845295][ T6344] hsr_slave_0: entered promiscuous mode
[  133.851562][ T6344] hsr_slave_1: entered promiscuous mode
[  134.448511][ T6344] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  134.460729][ T6344] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  134.473813][ T6344] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  134.486643][ T6344] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  134.596931][ T6344] 8021q: adding VLAN 0 to HW filter on device bond0
[  134.625879][ T6344] 8021q: adding VLAN 0 to HW filter on device team0
[  134.641350][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  134.648649][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  134.667595][ T3002] bridge0: port 2(bridge_slave_1) entered blocking state
[  134.674812][ T3002] bridge0: port 2(bridge_slave_1) entered forwarding state
[  134.969589][ T6344] 8021q: adding VLAN 0 to HW filter on device batadv0
[  135.030252][ T6344] veth0_vlan: entered promiscuous mode
[  135.046538][ T6344] veth1_vlan: entered promiscuous mode
[  135.087311][ T6344] veth0_macvtap: entered promiscuous mode
[  135.099260][ T6344] veth1_macvtap: entered promiscuous mode
[  135.127036][ T6344] batman_adv: batadv0: Interface activated: batadv_slave_0
[  135.143917][ T6344] batman_adv: batadv0: Interface activated: batadv_slave_1
[  135.157886][ T6344] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  135.168566][ T6344] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  135.177732][ T6344] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  135.188389][ T6344] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  135.397387][ T3002] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  135.469832][ T3002] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  135.599340][ T3002] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  135.724287][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  135.726849][ T3002] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  135.745133][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  135.756811][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  135.770733][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  135.779058][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/06/01 05:28:06 executed programs: 0
[  137.886533][ T3002] bridge_slave_1: left allmulticast mode
[  137.898873][ T3002] bridge_slave_1: left promiscuous mode
[  137.919551][ T3002] bridge0: port 2(bridge_slave_1) entered disabled state
[  137.954962][ T3002] bridge_slave_0: left allmulticast mode
[  137.960684][ T3002] bridge_slave_0: left promiscuous mode
[  137.991962][ T3002] bridge0: port 1(bridge_slave_0) entered disabled state
[  138.028129][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  138.036713][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  138.045494][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  138.053887][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  138.062957][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  138.436130][ T3002] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  138.447622][ T3002] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  138.459158][ T3002] bond0 (unregistering): Released all slaves
[  138.576661][ T3002] hsr_slave_0: left promiscuous mode
[  138.584670][ T3002] hsr_slave_1: left promiscuous mode
[  138.590879][ T3002] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  138.598970][ T3002] batman_adv: batadv0: Removing interface: batadv_slave_0
[  138.610224][ T3002] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  138.618180][ T3002] batman_adv: batadv0: Removing interface: batadv_slave_1
[  138.643321][ T3002] veth1_macvtap: left promiscuous mode
[  138.648944][ T3002] veth0_macvtap: left promiscuous mode
[  138.654789][ T3002] veth1_vlan: left promiscuous mode
[  138.660210][ T3002] veth0_vlan: left promiscuous mode
[  138.977143][ T3002] team0 (unregistering): Port device team_slave_1 removed
[  139.006516][ T3002] team0 (unregistering): Port device team_slave_0 removed
[  139.434404][ T6482] chnl_net:caif_netlink_parms(): no params data found
[  139.576166][ T6482] bridge0: port 1(bridge_slave_0) entered blocking state
[  139.585985][ T6482] bridge0: port 1(bridge_slave_0) entered disabled state
[  139.593974][ T6482] bridge_slave_0: entered allmulticast mode
[  139.602769][ T6482] bridge_slave_0: entered promiscuous mode
[  139.617753][ T6482] bridge0: port 2(bridge_slave_1) entered blocking state
[  139.626179][ T6482] bridge0: port 2(bridge_slave_1) entered disabled state
[  139.633763][ T6482] bridge_slave_1: entered allmulticast mode
[  139.642557][ T6482] bridge_slave_1: entered promiscuous mode
[  139.701574][ T6482] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  139.722018][ T6482] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  140.080050][ T6482] team0: Port device team_slave_0 added
[  140.094919][ T6482] team0: Port device team_slave_1 added
[  140.114426][ T5151] Bluetooth: hci0: command tx timeout
[  140.177178][ T6482] batman_adv: batadv0: Adding interface: batadv_slave_0
[  140.184740][ T6482] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  140.211195][ T6482] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  140.223951][ T6482] batman_adv: batadv0: Adding interface: batadv_slave_1
[  140.230980][ T6482] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  140.257575][ T6482] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  140.352350][ T6482] hsr_slave_0: entered promiscuous mode
[  140.364496][ T6482] hsr_slave_1: entered promiscuous mode
[  140.971024][ T6482] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  140.991344][ T6482] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  141.005707][ T6482] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  141.017451][ T6482] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  141.132694][ T6482] 8021q: adding VLAN 0 to HW filter on device bond0
[  141.153600][ T6482] 8021q: adding VLAN 0 to HW filter on device team0
[  141.174488][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.181778][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  141.199660][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  141.206948][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  141.500380][ T6482] 8021q: adding VLAN 0 to HW filter on device batadv0
[  141.560279][ T6482] veth0_vlan: entered promiscuous mode
[  141.575420][ T6482] veth1_vlan: entered promiscuous mode
[  141.613245][ T6482] veth0_macvtap: entered promiscuous mode
[  141.624849][ T6482] veth1_macvtap: entered promiscuous mode
[  141.649235][ T6482] batman_adv: batadv0: Interface activated: batadv_slave_0
[  141.673278][ T6482] batman_adv: batadv0: Interface activated: batadv_slave_1
[  141.687634][ T6482] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  141.698055][ T6482] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  141.708616][ T6482] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  141.718641][ T6482] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  141.808099][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  141.821712][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  141.857835][ T3465] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  141.874851][ T3465] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  142.192090][ T5151] Bluetooth: hci0: command tx timeout
2025/06/01 05:28:11 executed programs: 26
[  144.279189][ T5151] Bluetooth: hci0: command tx timeout
[  146.351787][ T5151] Bluetooth: hci0: command tx timeout
2025/06/01 05:28:16 executed programs: 185
2025/06/01 05:28:21 executed programs: 397
[  157.215620][   T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  157.227763][   T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  157.236472][   T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  157.258511][   T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  157.266904][   T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  157.408057][  T802] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  157.433364][ T7946] chnl_net:caif_netlink_parms(): no params data found
[  157.516875][  T802] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  157.530010][ T7946] bridge0: port 1(bridge_slave_0) entered blocking state
[  157.539093][ T7946] bridge0: port 1(bridge_slave_0) entered disabled state
[  157.546628][ T7946] bridge_slave_0: entered allmulticast mode
[  157.555500][ T7946] bridge_slave_0: entered promiscuous mode
[  157.571577][  T802] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  157.586304][ T7946] bridge0: port 2(bridge_slave_1) entered blocking state
[  157.594958][ T7946] bridge0: port 2(bridge_slave_1) entered disabled state
[  157.602233][ T7946] bridge_slave_1: entered allmulticast mode
[  157.609306][ T7946] bridge_slave_1: entered promiscuous mode
[  157.648661][  T802] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  157.666514][ T7946] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  157.678923][ T7946] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  157.710675][ T7946] team0: Port device team_slave_0 added
[  157.721857][ T7946] team0: Port device team_slave_1 added
[  157.755828][ T7946] batman_adv: batadv0: Adding interface: batadv_slave_0
[  157.762873][ T7946] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  157.789699][ T7946] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  157.802306][ T7946] batman_adv: batadv0: Adding interface: batadv_slave_1
[  157.809380][ T7946] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  157.835623][ T7946] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  157.911534][  T802] bridge_slave_1: left allmulticast mode
[  157.925200][  T802] bridge_slave_1: left promiscuous mode
[  157.930954][  T802] bridge0: port 2(bridge_slave_1) entered disabled state
[  157.942932][  T802] bridge_slave_0: left allmulticast mode
[  157.948597][  T802] bridge_slave_0: left promiscuous mode
[  157.955807][  T802] bridge0: port 1(bridge_slave_0) entered disabled state
[  158.187895][  T802] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  158.199265][  T802] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  158.209200][  T802] bond0 (unregistering): Released all slaves
[  158.262649][ T7946] hsr_slave_0: entered promiscuous mode
[  158.269473][ T7946] hsr_slave_1: entered promiscuous mode
[  158.277057][ T7946] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  158.285015][ T7946] Cannot create hsr debugfs directory
[  158.569412][  T802] hsr_slave_0: left promiscuous mode
[  158.586831][  T802] hsr_slave_1: left promiscuous mode
[  158.593465][  T802] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  158.600909][  T802] batman_adv: batadv0: Removing interface: batadv_slave_0
[  158.611414][  T802] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  158.619286][  T802] batman_adv: batadv0: Removing interface: batadv_slave_1
[  158.644175][  T802] veth1_macvtap: left promiscuous mode
[  158.649759][  T802] veth0_macvtap: left promiscuous mode
[  158.656249][  T802] veth1_vlan: left promiscuous mode
[  158.663471][  T802] veth0_vlan: left promiscuous mode
[  159.097721][  T802] team0 (unregistering): Port device team_slave_1 removed
[  159.129557][  T802] team0 (unregistering): Port device team_slave_0 removed
[  159.315097][ T5151] Bluetooth: hci1: command tx timeout
[  159.728050][ T7946] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  159.747605][ T7946] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  159.769084][ T7946] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  159.783547][ T7946] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  159.892639][ T7946] 8021q: adding VLAN 0 to HW filter on device bond0
[  159.919710][ T7946] 8021q: adding VLAN 0 to HW filter on device team0
[  159.938420][  T802] bridge0: port 1(bridge_slave_0) entered blocking state
[  159.945659][  T802] bridge0: port 1(bridge_slave_0) entered forwarding state
[  159.962382][  T802] bridge0: port 2(bridge_slave_1) entered blocking state
[  159.969651][  T802] bridge0: port 2(bridge_slave_1) entered forwarding state
[  160.228780][ T7946] 8021q: adding VLAN 0 to HW filter on device batadv0
[  160.293342][ T7946] veth0_vlan: entered promiscuous mode
[  160.309316][ T7946] veth1_vlan: entered promiscuous mode
[  160.351073][ T7946] veth0_macvtap: entered promiscuous mode
[  160.364965][ T7946] veth1_macvtap: entered promiscuous mode
[  160.391319][ T7946] batman_adv: batadv0: Interface activated: batadv_slave_0
[  160.413223][ T7946] batman_adv: batadv0: Interface activated: batadv_slave_1
[  160.428918][ T7946] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  160.440239][ T7946] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  160.450234][ T7946] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  160.460645][ T7946] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  160.560981][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  160.573964][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  160.609581][ T3465] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  160.619016][ T3465] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/06/01 05:28:29 executed programs: 602
[  160.698709][ T8003] ==================================================================
[  160.706915][ T8003] BUG: KASAN: slab-use-after-free in force_devcd_write+0x312/0x340
[  160.714824][ T8003] Read of size 8 at addr ffff8880278a4000 by task syz.0.616/8003
[  160.722547][ T8003] 
[  160.724895][ T8003] CPU: 0 UID: 0 PID: 8003 Comm: syz.0.616 Not tainted 6.15.0-syzkaller-g7d4e49a77d99 #0 PREEMPT(full) 
[  160.724920][ T8003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  160.724935][ T8003] Call Trace:
[  160.724942][ T8003]  <TASK>
[  160.724952][ T8003]  dump_stack_lvl+0x116/0x1f0
[  160.724981][ T8003]  print_report+0xcd/0x680
[  160.725008][ T8003]  ? __virt_addr_valid+0x81/0x610
[  160.725035][ T8003]  ? __phys_addr+0xe8/0x180
[  160.725062][ T8003]  ? force_devcd_write+0x312/0x340
[  160.725089][ T8003]  kasan_report+0xe0/0x110
[  160.725115][ T8003]  ? force_devcd_write+0x312/0x340
[  160.725145][ T8003]  force_devcd_write+0x312/0x340
[  160.725172][ T8003]  ? __pfx_force_devcd_write+0x10/0x10
[  160.725200][ T8003]  ? __debugfs_file_get+0x1fe/0x840
[  160.725228][ T8003]  ? __pfx___debugfs_file_get+0x10/0x10
[  160.725259][ T8003]  full_proxy_write+0x13c/0x200
[  160.725286][ T8003]  ? __pfx_full_proxy_write+0x10/0x10
[  160.725313][ T8003]  vfs_write+0x2a0/0x1150
[  160.725338][ T8003]  ? __pfx___mutex_lock+0x10/0x10
[  160.725363][ T8003]  ? __pfx_vfs_write+0x10/0x10
[  160.725389][ T8003]  ? __fget_files+0x20e/0x3c0
[  160.725414][ T8003]  ksys_write+0x12a/0x250
[  160.725436][ T8003]  ? __pfx_ksys_write+0x10/0x10
[  160.725462][ T8003]  do_syscall_64+0xcd/0x490
[  160.725496][ T8003]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.725516][ T8003] RIP: 0033:0x7fd58c18d169
[  160.725532][ T8003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  160.725554][ T8003] RSP: 002b:00007fd58cff5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  160.725573][ T8003] RAX: ffffffffffffffda RBX: 00007fd58c3a5fa0 RCX: 00007fd58c18d169
[  160.725586][ T8003] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000002
[  160.725598][ T8003] RBP: 00007fd58c20e2a0 R08: 0000000000000000 R09: 0000000000000000
[  160.725610][ T8003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  160.725621][ T8003] R13: 0000000000000000 R14: 00007fd58c3a5fa0 R15: 00007fff0dea1de8
[  160.725641][ T8003]  </TASK>
[  160.725647][ T8003] 
[  160.934044][ T8003] Allocated by task 6482:
[  160.938369][ T8003]  kasan_save_stack+0x33/0x60
[  160.943057][ T8003]  kasan_save_track+0x14/0x30
[  160.947736][ T8003]  __kasan_kmalloc+0xaa/0xb0
[  160.952333][ T8003]  vhci_open+0x4c/0x430
[  160.956499][ T8003]  misc_open+0x35d/0x420
[  160.960935][ T8003]  chrdev_open+0x234/0x6a0
[  160.965370][ T8003]  do_dentry_open+0x741/0x1c10
[  160.970307][ T8003]  vfs_open+0x82/0x3f0
[  160.974477][ T8003]  path_openat+0x1de4/0x2cb0
[  160.979161][ T8003]  do_filp_open+0x20b/0x470
[  160.983670][ T8003]  do_sys_openat2+0x11b/0x1d0
[  160.988347][ T8003]  __x64_sys_openat+0x174/0x210
[  160.993201][ T8003]  do_syscall_64+0xcd/0x490
[  160.997712][ T8003]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.003604][ T8003] 
[  161.005929][ T8003] Freed by task 6482:
[  161.009937][ T8003]  kasan_save_stack+0x33/0x60
[  161.014618][ T8003]  kasan_save_track+0x14/0x30
[  161.019320][ T8003]  kasan_save_free_info+0x3b/0x60
[  161.024351][ T8003]  __kasan_slab_free+0x51/0x70
[  161.029129][ T8003]  kfree+0x2b4/0x4d0
[  161.033032][ T8003]  vhci_release+0xbb/0xf0
[  161.037391][ T8003]  __fput+0x3ff/0xb70
[  161.041377][ T8003]  task_work_run+0x150/0x240
[  161.046060][ T8003]  do_exit+0x864/0x2bd0
[  161.050211][ T8003]  do_group_exit+0xd3/0x2a0
[  161.054720][ T8003]  get_signal+0x2673/0x26d0
[  161.059279][ T8003]  arch_do_signal_or_restart+0x8f/0x790
[  161.064829][ T8003]  exit_to_user_mode_loop+0x84/0x110
[  161.070111][ T8003]  do_syscall_64+0x3f6/0x490
[  161.074704][ T8003]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.080604][ T8003] 
[  161.082922][ T8003] The buggy address belongs to the object at ffff8880278a4000
[  161.082922][ T8003]  which belongs to the cache kmalloc-1k of size 1024
[  161.096988][ T8003] The buggy address is located 0 bytes inside of
[  161.096988][ T8003]  freed 1024-byte region [ffff8880278a4000, ffff8880278a4400)
[  161.110872][ T8003] 
[  161.113197][ T8003] The buggy address belongs to the physical page:
[  161.119631][ T8003] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x278a0
[  161.128442][ T8003] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  161.137120][ T8003] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  161.144673][ T8003] page_type: f5(slab)
[  161.148654][ T8003] raw: 00fff00000000040 ffff88801b441dc0 ffffea000070be00 dead000000000002
[  161.157500][ T8003] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  161.166081][ T8003] head: 00fff00000000040 ffff88801b441dc0 ffffea000070be00 dead000000000002
[  161.174750][ T8003] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  161.183422][ T8003] head: 00fff00000000003 ffffea00009e2801 00000000ffffffff 00000000ffffffff
[  161.192096][ T8003] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  161.200756][ T8003] page dumped because: kasan: bad access detected
[  161.207167][ T8003] page_owner tracks the page as allocated
[  161.212872][ T8003] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 12, tgid 12 (kworker/u8:0), ts 9953408624, free_ts 0
[  161.231194][ T8003]  post_alloc_hook+0x1c0/0x230
[  161.235996][ T8003]  get_page_from_freelist+0x1321/0x3890
[  161.241636][ T8003]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  161.247532][ T8003]  new_slab+0x94/0x330
[  161.251607][ T8003]  ___slab_alloc+0xd9c/0x1940
[  161.256286][ T8003]  __slab_alloc.constprop.0+0x56/0xb0
[  161.261693][ T8003]  __kmalloc_node_noprof+0x2ed/0x500
[  161.266981][ T8003]  blk_alloc_flush_queue+0x11e/0x2d0
[  161.272362][ T8003]  blk_mq_alloc_and_init_hctx+0xc70/0x11c0
[  161.278270][ T8003]  __blk_mq_realloc_hw_ctxs+0x495/0x610
[  161.283829][ T8003]  blk_mq_init_allocated_queue+0x3af/0x1240
[  161.289816][ T8003]  blk_mq_alloc_queue+0x1be/0x290
[  161.294845][ T8003]  scsi_alloc_sdev+0x88f/0xd80
[  161.299618][ T8003]  scsi_probe_and_add_lun+0x76b/0xd80
[  161.305005][ T8003]  __scsi_scan_target+0x1e8/0x580
[  161.310046][ T8003]  scsi_scan_channel+0x149/0x1e0
[  161.315003][ T8003] page_owner free stack trace missing
[  161.320369][ T8003] 
[  161.322726][ T8003] Memory state around the buggy address:
[  161.328346][ T8003]  ffff8880278a3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  161.336420][ T8003]  ffff8880278a3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  161.344478][ T8003] >ffff8880278a4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  161.352530][ T8003]                    ^
[  161.356587][ T8003]  ffff8880278a4080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  161.364646][ T8003]  ffff8880278a4100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  161.372787][ T8003] ==================================================================
[  161.408097][ T5151] Bluetooth: hci1: command tx timeout
[  161.421798][ T8003] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  161.429181][ T8003] CPU: 1 UID: 0 PID: 8003 Comm: syz.0.616 Not tainted 6.15.0-syzkaller-g7d4e49a77d99 #0 PREEMPT(full) 
[  161.440234][ T8003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  161.450680][ T8003] Call Trace:
[  161.453982][ T8003]  <TASK>
[  161.457017][ T8003]  dump_stack_lvl+0x3d/0x1f0
[  161.461669][ T8003]  panic+0x71c/0x800
[  161.465610][ T8003]  ? __pfx_panic+0x10/0x10
[  161.470050][ T8003]  ? mark_held_locks+0x49/0x80
[  161.474824][ T8003]  ? preempt_schedule_thunk+0x16/0x30
[  161.480199][ T8003]  ? force_devcd_write+0x312/0x340
[  161.485324][ T8003]  ? preempt_schedule_common+0x44/0xc0
[  161.490878][ T8003]  ? check_panic_on_warn+0x1f/0xb0
[  161.496024][ T8003]  ? force_devcd_write+0x312/0x340
[  161.501161][ T8003]  check_panic_on_warn+0xab/0xb0
[  161.506148][ T8003]  end_report+0x107/0x170
[  161.510489][ T8003]  kasan_report+0xee/0x110
[  161.514922][ T8003]  ? force_devcd_write+0x312/0x340
[  161.520134][ T8003]  force_devcd_write+0x312/0x340
[  161.525097][ T8003]  ? __pfx_force_devcd_write+0x10/0x10
[  161.530574][ T8003]  ? __debugfs_file_get+0x1fe/0x840
[  161.535869][ T8003]  ? __pfx___debugfs_file_get+0x10/0x10
[  161.541434][ T8003]  full_proxy_write+0x13c/0x200
[  161.546293][ T8003]  ? __pfx_full_proxy_write+0x10/0x10
[  161.551678][ T8003]  vfs_write+0x2a0/0x1150
[  161.556030][ T8003]  ? __pfx___mutex_lock+0x10/0x10
[  161.561067][ T8003]  ? __pfx_vfs_write+0x10/0x10
[  161.565925][ T8003]  ? __fget_files+0x20e/0x3c0
[  161.570606][ T8003]  ksys_write+0x12a/0x250
[  161.574940][ T8003]  ? __pfx_ksys_write+0x10/0x10
[  161.579798][ T8003]  do_syscall_64+0xcd/0x490
[  161.584340][ T8003]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.590236][ T8003] RIP: 0033:0x7fd58c18d169
[  161.594655][ T8003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  161.614361][ T8003] RSP: 002b:00007fd58cff5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  161.622781][ T8003] RAX: ffffffffffffffda RBX: 00007fd58c3a5fa0 RCX: 00007fd58c18d169
[  161.631021][ T8003] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000002
[  161.638988][ T8003] RBP: 00007fd58c20e2a0 R08: 0000000000000000 R09: 0000000000000000
[  161.646965][ T8003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  161.654933][ T8003] R13: 0000000000000000 R14: 00007fd58c3a5fa0 R15: 00007fff0dea1de8
[  161.662909][ T8003]  </TASK>
[  161.666399][ T8003] Kernel Offset: disabled
[  161.670724][ T8003] Rebooting in 86400 seconds..