Warning: Permanently added '10.128.0.236' (ED25519) to the list of known hosts.
2025/07/04 14:06:37 ignoring optional flag "sandboxArg"="0"
2025/07/04 14:06:38 parsed 1 programs
[  128.217745][ T6308] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  131.944190][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  131.953566][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  131.963562][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  131.975537][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  131.984041][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  132.957127][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  132.963908][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  133.026945][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  133.035280][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  133.085389][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  133.093532][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  133.472971][ T6371] chnl_net:caif_netlink_parms(): no params data found
[  133.565184][ T6371] bridge0: port 1(bridge_slave_0) entered blocking state
[  133.572523][ T6371] bridge0: port 1(bridge_slave_0) entered disabled state
[  133.579923][ T6371] bridge_slave_0: entered allmulticast mode
[  133.586926][ T6371] bridge_slave_0: entered promiscuous mode
[  133.595015][ T6371] bridge0: port 2(bridge_slave_1) entered blocking state
[  133.602281][ T6371] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.609915][ T6371] bridge_slave_1: entered allmulticast mode
[  133.616883][ T6371] bridge_slave_1: entered promiscuous mode
[  133.665428][ T6371] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  133.677833][ T6371] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  133.711259][ T6371] team0: Port device team_slave_0 added
[  133.720241][ T6371] team0: Port device team_slave_1 added
[  133.752552][ T6371] batman_adv: batadv0: Adding interface: batadv_slave_0
[  133.759617][ T6371] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  133.786303][ T6371] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  133.799002][ T6371] batman_adv: batadv0: Adding interface: batadv_slave_1
[  133.805983][ T6371] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  133.832610][ T6371] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  133.884413][ T6371] hsr_slave_0: entered promiscuous mode
[  133.890670][ T6371] hsr_slave_1: entered promiscuous mode
[  134.518247][ T6371] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  134.533706][ T6371] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  134.546664][ T6371] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  134.567538][ T6371] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  134.668572][ T6371] 8021q: adding VLAN 0 to HW filter on device bond0
[  134.692330][ T6371] 8021q: adding VLAN 0 to HW filter on device team0
[  134.706005][ T1153] bridge0: port 1(bridge_slave_0) entered blocking state
[  134.713310][ T1153] bridge0: port 1(bridge_slave_0) entered forwarding state
[  134.728562][   T57] bridge0: port 2(bridge_slave_1) entered blocking state
[  134.735860][   T57] bridge0: port 2(bridge_slave_1) entered forwarding state
[  135.008179][ T6371] 8021q: adding VLAN 0 to HW filter on device batadv0
[  135.075887][ T6371] veth0_vlan: entered promiscuous mode
[  135.091607][ T6371] veth1_vlan: entered promiscuous mode
[  135.135784][ T6371] veth0_macvtap: entered promiscuous mode
[  135.148897][ T6371] veth1_macvtap: entered promiscuous mode
[  135.177258][ T6371] batman_adv: batadv0: Interface activated: batadv_slave_0
[  135.196207][ T6371] batman_adv: batadv0: Interface activated: batadv_slave_1
[  135.211863][ T6371] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  135.222993][ T6371] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  135.234949][ T6371] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  135.245097][ T6371] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  135.428355][ T3472] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  135.507129][ T3472] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  135.581031][ T3472] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  135.677250][ T3472] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/07/04 14:06:50 executed programs: 0
[  136.343554][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  136.352841][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  136.361807][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  136.371326][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  136.379717][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  136.638684][ T6459] chnl_net:caif_netlink_parms(): no params data found
[  136.765970][ T6459] bridge0: port 1(bridge_slave_0) entered blocking state
[  136.776243][ T6459] bridge0: port 1(bridge_slave_0) entered disabled state
[  136.785490][ T6459] bridge_slave_0: entered allmulticast mode
[  136.796249][ T6459] bridge_slave_0: entered promiscuous mode
[  136.809625][ T6459] bridge0: port 2(bridge_slave_1) entered blocking state
[  136.817252][ T6459] bridge0: port 2(bridge_slave_1) entered disabled state
[  136.826963][ T6459] bridge_slave_1: entered allmulticast mode
[  136.835511][ T6459] bridge_slave_1: entered promiscuous mode
[  136.885064][ T6459] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  136.898046][ T6459] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  136.952606][ T6459] team0: Port device team_slave_0 added
[  136.964708][ T6459] team0: Port device team_slave_1 added
[  137.015528][ T6459] batman_adv: batadv0: Adding interface: batadv_slave_0
[  137.023633][ T6459] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  137.055166][ T6459] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  137.073350][ T6459] batman_adv: batadv0: Adding interface: batadv_slave_1
[  137.080397][ T6459] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  137.109714][ T6459] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  137.181348][ T6459] hsr_slave_0: entered promiscuous mode
[  137.188124][ T6459] hsr_slave_1: entered promiscuous mode
[  137.195904][ T6459] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  137.206170][ T6459] Cannot create hsr debugfs directory
[  137.740240][ T3472] bridge_slave_1: left allmulticast mode
[  137.746066][ T3472] bridge_slave_1: left promiscuous mode
[  137.753119][ T3472] bridge0: port 2(bridge_slave_1) entered disabled state
[  137.766424][ T3472] bridge_slave_0: left allmulticast mode
[  137.775012][ T3472] bridge_slave_0: left promiscuous mode
[  137.781371][ T3472] bridge0: port 1(bridge_slave_0) entered disabled state
[  138.121297][ T3472] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  138.132862][ T3472] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  138.142801][ T3472] bond0 (unregistering): Released all slaves
[  138.290493][ T3472] hsr_slave_0: left promiscuous mode
[  138.296763][ T3472] hsr_slave_1: left promiscuous mode
[  138.306785][ T3472] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  138.322265][ T3472] batman_adv: batadv0: Removing interface: batadv_slave_0
[  138.332359][ T3472] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  138.340912][ T3472] batman_adv: batadv0: Removing interface: batadv_slave_1
[  138.361734][ T3472] veth1_macvtap: left promiscuous mode
[  138.367335][ T3472] veth0_macvtap: left promiscuous mode
[  138.375087][ T3472] veth1_vlan: left promiscuous mode
[  138.380589][ T3472] veth0_vlan: left promiscuous mode
[  138.469872][   T51] Bluetooth: hci0: command tx timeout
[  138.914244][ T3472] team0 (unregistering): Port device team_slave_1 removed
[  138.967875][ T3472] team0 (unregistering): Port device team_slave_0 removed
[  139.681438][ T6459] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  139.704017][ T6459] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  139.724028][ T6459] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  139.744916][ T6459] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  140.002124][ T6459] 8021q: adding VLAN 0 to HW filter on device bond0
[  140.036718][ T6459] 8021q: adding VLAN 0 to HW filter on device team0
[  140.068082][ T1153] bridge0: port 1(bridge_slave_0) entered blocking state
[  140.075355][ T1153] bridge0: port 1(bridge_slave_0) entered forwarding state
[  140.124199][ T1153] bridge0: port 2(bridge_slave_1) entered blocking state
[  140.131416][ T1153] bridge0: port 2(bridge_slave_1) entered forwarding state
[  140.406508][ T6459] 8021q: adding VLAN 0 to HW filter on device batadv0
[  140.466848][ T6459] veth0_vlan: entered promiscuous mode
[  140.484229][ T6459] veth1_vlan: entered promiscuous mode
[  140.525446][ T6459] veth0_macvtap: entered promiscuous mode
[  140.540144][ T6459] veth1_macvtap: entered promiscuous mode
[  140.549197][   T51] Bluetooth: hci0: command tx timeout
[  140.572081][ T6459] batman_adv: batadv0: Interface activated: batadv_slave_0
[  140.598229][ T6459] batman_adv: batadv0: Interface activated: batadv_slave_1
[  140.612821][ T6459] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  140.622194][ T6459] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  140.633600][ T6459] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  140.642679][ T6459] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  140.738448][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  140.757563][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  140.796021][   T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  140.805374][   T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/07/04 14:06:55 executed programs: 14
[  142.629016][   T51] Bluetooth: hci0: command tx timeout
[  144.709913][   T51] Bluetooth: hci0: command tx timeout
2025/07/04 14:07:00 executed programs: 174
2025/07/04 14:07:05 executed programs: 388
[  155.605571][ T5169] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  155.620231][ T5169] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  155.630971][ T5169] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  155.644506][ T5169] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  155.652656][ T5169] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  155.804766][ T7959] chnl_net:caif_netlink_parms(): no params data found
[  155.880117][   T49] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  155.905719][ T7959] bridge0: port 1(bridge_slave_0) entered blocking state
[  155.913954][ T7959] bridge0: port 1(bridge_slave_0) entered disabled state
[  155.921272][ T7959] bridge_slave_0: entered allmulticast mode
[  155.930508][ T7959] bridge_slave_0: entered promiscuous mode
[  155.945911][   T49] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  155.962024][ T7959] bridge0: port 2(bridge_slave_1) entered blocking state
[  155.969397][ T7959] bridge0: port 2(bridge_slave_1) entered disabled state
[  155.976590][ T7959] bridge_slave_1: entered allmulticast mode
[  155.983919][ T7959] bridge_slave_1: entered promiscuous mode
[  156.024004][   T49] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  156.042572][ T7959] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  156.055181][ T7959] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  156.087330][ T7959] team0: Port device team_slave_0 added
[  156.105075][   T49] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  156.120358][ T7959] team0: Port device team_slave_1 added
[  156.147714][ T7959] batman_adv: batadv0: Adding interface: batadv_slave_0
[  156.155140][ T7959] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  156.181256][ T7959] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  156.193951][ T7959] batman_adv: batadv0: Adding interface: batadv_slave_1
[  156.202695][ T7959] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  156.228793][ T7959] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  156.278572][ T7959] hsr_slave_0: entered promiscuous mode
[  156.284993][ T7959] hsr_slave_1: entered promiscuous mode
[  156.400610][   T49] bridge_slave_1: left allmulticast mode
[  156.406467][   T49] bridge_slave_1: left promiscuous mode
[  156.413337][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  156.423361][   T49] bridge_slave_0: left allmulticast mode
[  156.429776][   T49] bridge_slave_0: left promiscuous mode
[  156.435486][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  156.676039][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  156.687550][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  156.697535][   T49] bond0 (unregistering): Released all slaves
[  156.978245][   T49] hsr_slave_0: left promiscuous mode
[  156.988414][   T49] hsr_slave_1: left promiscuous mode
[  157.003653][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  157.012240][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  157.022158][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  157.031170][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  157.053302][   T49] veth1_macvtap: left promiscuous mode
[  157.060778][   T49] veth0_macvtap: left promiscuous mode
[  157.066484][   T49] veth1_vlan: left promiscuous mode
[  157.072634][   T49] veth0_vlan: left promiscuous mode
[  157.524388][   T49] team0 (unregistering): Port device team_slave_1 removed
[  157.554552][   T49] team0 (unregistering): Port device team_slave_0 removed
[  157.750275][   T51] Bluetooth: hci1: command tx timeout
[  158.014466][ T7959] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  158.030634][ T7959] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  158.043822][ T7959] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  158.054585][ T7959] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  158.177424][ T7959] 8021q: adding VLAN 0 to HW filter on device bond0
[  158.203391][ T7959] 8021q: adding VLAN 0 to HW filter on device team0
[  158.218218][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  158.225568][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  158.255406][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  158.262631][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  158.297757][ T7959] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  158.313111][ T7959] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  158.494039][ T7959] 8021q: adding VLAN 0 to HW filter on device batadv0
[  158.532511][ T7959] veth0_vlan: entered promiscuous mode
[  158.544864][ T7959] veth1_vlan: entered promiscuous mode
[  158.572449][ T7959] veth0_macvtap: entered promiscuous mode
[  158.582162][ T7959] veth1_macvtap: entered promiscuous mode
[  158.600842][ T7959] batman_adv: batadv0: Interface activated: batadv_slave_0
[  158.615672][ T7959] batman_adv: batadv0: Interface activated: batadv_slave_1
[  158.627349][ T7959] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  158.636934][ T7959] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  158.646358][ T7959] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  158.655216][ T7959] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2025/07/04 14:07:13 executed programs: 602
[  158.714578][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  158.725528][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  158.748715][ T3472] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  158.757325][ T3472] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  158.802747][ T8009] ==================================================================
[  158.810829][ T8009] BUG: KASAN: slab-use-after-free in force_devcd_write+0x3ab/0x3d0
[  158.818720][ T8009] Read of size 8 at addr ffff88807b7c2000 by task syz.0.616/8009
[  158.826419][ T8009] 
[  158.828750][ T8009] CPU: 1 UID: 0 PID: 8009 Comm: syz.0.616 Not tainted 6.16.0-rc4-syzkaller-g4c06e63b9203-dirty #0 PREEMPT(full) 
[  158.828769][ T8009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  158.828781][ T8009] Call Trace:
[  158.828787][ T8009]  <TASK>
[  158.828797][ T8009]  dump_stack_lvl+0x116/0x1f0
[  158.828824][ T8009]  print_report+0xcd/0x680
[  158.828845][ T8009]  ? __virt_addr_valid+0x81/0x610
[  158.828867][ T8009]  ? __phys_addr+0xe8/0x180
[  158.828888][ T8009]  ? force_devcd_write+0x3ab/0x3d0
[  158.828900][ T8009]  kasan_report+0xe0/0x110
[  158.828913][ T8009]  ? force_devcd_write+0x3ab/0x3d0
[  158.828927][ T8009]  force_devcd_write+0x3ab/0x3d0
[  158.828940][ T8009]  ? __pfx_force_devcd_write+0x10/0x10
[  158.828956][ T8009]  full_proxy_write+0x13c/0x200
[  158.828972][ T8009]  ? __pfx_full_proxy_write+0x10/0x10
[  158.828990][ T8009]  vfs_write+0x29d/0x1150
[  158.829011][ T8009]  ? __pfx___mutex_lock+0x10/0x10
[  158.829032][ T8009]  ? __pfx_vfs_write+0x10/0x10
[  158.829053][ T8009]  ? __fget_files+0x20e/0x3c0
[  158.829074][ T8009]  ksys_write+0x12a/0x250
[  158.829093][ T8009]  ? __pfx_ksys_write+0x10/0x10
[  158.829114][ T8009]  do_syscall_64+0xcd/0x490
[  158.829136][ T8009]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.829150][ T8009] RIP: 0033:0x7f3d27b8e929
[  158.829165][ T8009] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  158.829180][ T8009] RSP: 002b:00007f3d28949038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  158.829193][ T8009] RAX: ffffffffffffffda RBX: 00007f3d27db5fa0 RCX: 00007f3d27b8e929
[  158.829202][ T8009] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  158.829210][ T8009] RBP: 00007f3d27c10b39 R08: 0000000000000000 R09: 0000000000000000
[  158.829218][ T8009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  158.829226][ T8009] R13: 0000000000000000 R14: 00007f3d27db5fa0 R15: 00007ffd515bb5e8
[  158.829239][ T8009]  </TASK>
[  158.829243][ T8009] 
[  159.027822][ T8009] Allocated by task 6459:
[  159.032146][ T8009]  kasan_save_stack+0x33/0x60
[  159.036823][ T8009]  kasan_save_track+0x14/0x30
[  159.041497][ T8009]  __kasan_kmalloc+0xaa/0xb0
[  159.046090][ T8009]  vhci_open+0x4c/0x430
[  159.050255][ T8009]  misc_open+0x35a/0x420
[  159.054560][ T8009]  chrdev_open+0x231/0x6a0
[  159.059081][ T8009]  do_dentry_open+0x744/0x1c10
[  159.063841][ T8009]  vfs_open+0x82/0x3f0
[  159.067908][ T8009]  path_openat+0x1de4/0x2cb0
[  159.072497][ T8009]  do_filp_open+0x20b/0x470
[  159.076999][ T8009]  do_sys_openat2+0x11b/0x1d0
[  159.081668][ T8009]  __x64_sys_openat+0x174/0x210
[  159.086510][ T8009]  do_syscall_64+0xcd/0x490
[  159.091019][ T8009]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.096901][ T8009] 
[  159.099220][ T8009] Freed by task 6459:
[  159.103199][ T8009]  kasan_save_stack+0x33/0x60
[  159.107888][ T8009]  kasan_save_track+0x14/0x30
[  159.112578][ T8009]  kasan_save_free_info+0x3b/0x60
[  159.117595][ T8009]  __kasan_slab_free+0x51/0x70
[  159.122362][ T8009]  kfree+0x2b4/0x4d0
[  159.126458][ T8009]  vhci_release+0xcd/0x110
[  159.130909][ T8009]  __fput+0x402/0xb70
[  159.134891][ T8009]  task_work_run+0x14d/0x240
[  159.139482][ T8009]  do_exit+0x86c/0x2bd0
[  159.143631][ T8009]  do_group_exit+0xd3/0x2a0
[  159.148133][ T8009]  get_signal+0x2673/0x26d0
[  159.152644][ T8009]  arch_do_signal_or_restart+0x8f/0x790
[  159.158206][ T8009]  exit_to_user_mode_loop+0x84/0x110
[  159.163503][ T8009]  do_syscall_64+0x3f6/0x490
[  159.168097][ T8009]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.173981][ T8009] 
[  159.176303][ T8009] The buggy address belongs to the object at ffff88807b7c2000
[  159.176303][ T8009]  which belongs to the cache kmalloc-1k of size 1024
[  159.190352][ T8009] The buggy address is located 0 bytes inside of
[  159.190352][ T8009]  freed 1024-byte region [ffff88807b7c2000, ffff88807b7c2400)
[  159.204142][ T8009] 
[  159.206465][ T8009] The buggy address belongs to the physical page:
[  159.212874][ T8009] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b7c0
[  159.221635][ T8009] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  159.230210][ T8009] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  159.238200][ T8009] page_type: f5(slab)
[  159.242181][ T8009] raw: 00fff00000000040 ffff88801b841dc0 0000000000000000 dead000000000001
[  159.250776][ T8009] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  159.259527][ T8009] head: 00fff00000000040 ffff88801b841dc0 0000000000000000 dead000000000001
[  159.268191][ T8009] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  159.276854][ T8009] head: 00fff00000000003 ffffea0001edf001 00000000ffffffff 00000000ffffffff
[  159.285518][ T8009] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  159.294265][ T8009] page dumped because: kasan: bad access detected
[  159.300672][ T8009] page_owner tracks the page as allocated
[  159.306380][ T8009] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 57, tgid 57 (kworker/u8:4), ts 136316981402, free_ts 132545952720
[  159.325484][ T8009]  post_alloc_hook+0x1c0/0x230
[  159.330342][ T8009]  get_page_from_freelist+0x1321/0x3890
[  159.335887][ T8009]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  159.341787][ T8009]  alloc_pages_mpol+0x1fb/0x550
[  159.346629][ T8009]  new_slab+0x23b/0x330
[  159.350808][ T8009]  ___slab_alloc+0xd9c/0x1940
[  159.355484][ T8009]  __slab_alloc.constprop.0+0x56/0xb0
[  159.360853][ T8009]  __kmalloc_noprof+0x2f2/0x510
[  159.365717][ T8009]  ___neigh_create+0x14e6/0x28c0
[  159.370664][ T8009]  ip6_finish_output2+0x1299/0x2020
[  159.375866][ T8009]  ip6_finish_output+0x3f9/0x1360
[  159.380893][ T8009]  ip6_output+0x1f9/0x540
[  159.385251][ T8009]  ndisc_send_skb+0xa91/0x1e40
[  159.390015][ T8009]  ndisc_send_rs+0x129/0x670
[  159.394601][ T8009]  addrconf_dad_completed+0x49d/0x10d0
[  159.400062][ T8009]  addrconf_dad_work+0x84d/0x14e0
[  159.405169][ T8009] page last free pid 6349 tgid 6349 stack trace:
[  159.411574][ T8009]  __free_frozen_pages+0x7fe/0x1180
[  159.416781][ T8009]  vfree+0x1fd/0xb50
[  159.420674][ T8009]  kcov_close+0x34/0x60
[  159.424832][ T8009]  __fput+0x402/0xb70
[  159.428809][ T8009]  task_work_run+0x14d/0x240
[  159.433404][ T8009]  do_exit+0x86c/0x2bd0
[  159.437559][ T8009]  do_group_exit+0xd3/0x2a0
[  159.442066][ T8009]  get_signal+0x2673/0x26d0
[  159.446570][ T8009]  arch_do_signal_or_restart+0x8f/0x790
[  159.452110][ T8009]  exit_to_user_mode_loop+0x84/0x110
[  159.457402][ T8009]  do_syscall_64+0x3f6/0x490
[  159.461996][ T8009]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.467895][ T8009] 
[  159.470217][ T8009] Memory state around the buggy address:
[  159.475842][ T8009]  ffff88807b7c1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  159.484099][ T8009]  ffff88807b7c1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  159.492150][ T8009] >ffff88807b7c2000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  159.500457][ T8009]                    ^
[  159.504515][ T8009]  ffff88807b7c2080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  159.512566][ T8009]  ffff88807b7c2100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  159.520618][ T8009] ==================================================================
[  159.549815][ T8009] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  159.557311][ T8009] CPU: 1 UID: 0 PID: 8009 Comm: syz.0.616 Not tainted 6.16.0-rc4-syzkaller-g4c06e63b9203-dirty #0 PREEMPT(full) 
[  159.569209][ T8009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  159.579265][ T8009] Call Trace:
[  159.582543][ T8009]  <TASK>
[  159.585466][ T8009]  dump_stack_lvl+0x3d/0x1f0
[  159.590059][ T8009]  panic+0x71c/0x800
[  159.593953][ T8009]  ? __pfx_panic+0x10/0x10
[  159.598366][ T8009]  ? mark_held_locks+0x49/0x80
[  159.603143][ T8009]  ? preempt_schedule_thunk+0x16/0x30
[  159.608550][ T8009]  ? force_devcd_write+0x3ab/0x3d0
[  159.613686][ T8009]  ? preempt_schedule_common+0x44/0xc0
[  159.619166][ T8009]  ? check_panic_on_warn+0x1f/0xb0
[  159.624330][ T8009]  ? force_devcd_write+0x3ab/0x3d0
[  159.629448][ T8009]  check_panic_on_warn+0xab/0xb0
[  159.634400][ T8009]  end_report+0x107/0x170
[  159.638727][ T8009]  kasan_report+0xee/0x110
[  159.643189][ T8009]  ? force_devcd_write+0x3ab/0x3d0
[  159.648298][ T8009]  force_devcd_write+0x3ab/0x3d0
[  159.653231][ T8009]  ? __pfx_force_devcd_write+0x10/0x10
[  159.658683][ T8009]  full_proxy_write+0x13c/0x200
[  159.663525][ T8009]  ? __pfx_full_proxy_write+0x10/0x10
[  159.668886][ T8009]  vfs_write+0x29d/0x1150
[  159.673218][ T8009]  ? __pfx___mutex_lock+0x10/0x10
[  159.678246][ T8009]  ? __pfx_vfs_write+0x10/0x10
[  159.683009][ T8009]  ? __fget_files+0x20e/0x3c0
[  159.687683][ T8009]  ksys_write+0x12a/0x250
[  159.692006][ T8009]  ? __pfx_ksys_write+0x10/0x10
[  159.696851][ T8009]  do_syscall_64+0xcd/0x490
[  159.701370][ T8009]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.707290][ T8009] RIP: 0033:0x7f3d27b8e929
[  159.711694][ T8009] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  159.731298][ T8009] RSP: 002b:00007f3d28949038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  159.739727][ T8009] RAX: ffffffffffffffda RBX: 00007f3d27db5fa0 RCX: 00007f3d27b8e929
[  159.747696][ T8009] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  159.755688][ T8009] RBP: 00007f3d27c10b39 R08: 0000000000000000 R09: 0000000000000000
[  159.763674][ T8009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  159.771637][ T8009] R13: 0000000000000000 R14: 00007f3d27db5fa0 R15: 00007ffd515bb5e8
[  159.779693][ T8009]  </TASK>
[  159.783004][ T8009] Kernel Offset: disabled
[  159.787358][ T8009] Rebooting in 86400 seconds..