Warning: Permanently added '10.128.1.194' (ED25519) to the list of known hosts.
2025/08/03 22:37:50 ignoring optional flag "sandboxArg"="0"
2025/08/03 22:37:51 parsed 1 programs
[  126.471698][ T6291] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  129.608915][ T5927] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  129.619780][ T5927] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  129.630631][ T5927] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  129.642026][ T5927] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  129.650564][ T5927] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  130.632240][ T6332] chnl_net:caif_netlink_parms(): no params data found
[  130.701658][ T6332] bridge0: port 1(bridge_slave_0) entered blocking state
[  130.708886][ T6332] bridge0: port 1(bridge_slave_0) entered disabled state
[  130.716131][ T6332] bridge_slave_0: entered allmulticast mode
[  130.723077][ T6332] bridge_slave_0: entered promiscuous mode
[  130.732046][ T6332] bridge0: port 2(bridge_slave_1) entered blocking state
[  130.740022][ T6332] bridge0: port 2(bridge_slave_1) entered disabled state
[  130.747690][ T6332] bridge_slave_1: entered allmulticast mode
[  130.754604][ T6332] bridge_slave_1: entered promiscuous mode
[  130.791983][ T6332] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  130.804243][ T6332] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  130.833724][ T6332] team0: Port device team_slave_0 added
[  130.842335][ T6332] team0: Port device team_slave_1 added
[  130.867183][ T6332] batman_adv: batadv0: Adding interface: batadv_slave_0
[  130.874341][ T6332] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  130.901159][ T6332] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  130.913507][ T6332] batman_adv: batadv0: Adding interface: batadv_slave_1
[  130.920873][ T6332] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  130.947487][ T6332] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  130.985812][ T6332] hsr_slave_0: entered promiscuous mode
[  130.992076][ T6332] hsr_slave_1: entered promiscuous mode
[  131.647041][ T6332] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  131.668803][ T6332] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  131.679882][ T6332] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  131.691447][ T6332] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  131.806918][ T6332] 8021q: adding VLAN 0 to HW filter on device bond0
[  131.842327][ T6332] 8021q: adding VLAN 0 to HW filter on device team0
[  131.857141][ T2946] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.864329][ T2946] bridge0: port 1(bridge_slave_0) entered forwarding state
[  131.883201][ T1152] bridge0: port 2(bridge_slave_1) entered blocking state
[  131.890518][ T1152] bridge0: port 2(bridge_slave_1) entered forwarding state
[  132.190387][ T6332] 8021q: adding VLAN 0 to HW filter on device batadv0
[  132.256872][ T6332] veth0_vlan: entered promiscuous mode
[  132.274060][ T6332] veth1_vlan: entered promiscuous mode
[  132.317873][ T6332] veth0_macvtap: entered promiscuous mode
[  132.330657][ T6332] veth1_macvtap: entered promiscuous mode
[  132.352923][ T6332] batman_adv: batadv0: Interface activated: batadv_slave_0
[  132.368585][ T6332] batman_adv: batadv0: Interface activated: batadv_slave_1
[  132.390877][ T6332] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  132.400016][ T6332] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  132.409258][ T6332] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  132.418482][ T6332] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  132.624471][   T49] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.726528][   T49] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.807530][   T49] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.910025][   T49] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.930784][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  132.939245][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  133.114354][ T3547] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  133.122372][ T3547] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  133.169755][ T2946] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  133.178371][ T2946] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  135.079740][   T49] bridge_slave_1: left allmulticast mode
[  135.097482][   T49] bridge_slave_1: left promiscuous mode
[  135.103306][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  135.116467][   T49] bridge_slave_0: left allmulticast mode
[  135.122244][   T49] bridge_slave_0: left promiscuous mode
[  135.128138][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  135.510723][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  135.522255][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  135.532968][   T49] bond0 (unregistering): Released all slaves
[  135.641596][   T49] hsr_slave_0: left promiscuous mode
[  135.653706][   T49] hsr_slave_1: left promiscuous mode
[  135.660288][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  135.668882][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  135.679455][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  135.688673][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  135.706607][   T49] veth1_macvtap: left promiscuous mode
[  135.712145][   T49] veth0_macvtap: left promiscuous mode
[  135.718018][   T49] veth1_vlan: left promiscuous mode
[  135.723337][   T49] veth0_vlan: left promiscuous mode
[  136.012322][   T49] team0 (unregistering): Port device team_slave_1 removed
[  136.046373][   T49] team0 (unregistering): Port device team_slave_0 removed
2025/08/03 22:38:06 executed programs: 0
[  137.435669][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  137.444400][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  137.458521][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  137.477829][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  137.502988][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  137.994486][ T6511] chnl_net:caif_netlink_parms(): no params data found
[  138.190415][ T6511] bridge0: port 1(bridge_slave_0) entered blocking state
[  138.197996][ T6511] bridge0: port 1(bridge_slave_0) entered disabled state
[  138.211664][ T6511] bridge_slave_0: entered allmulticast mode
[  138.220035][ T6511] bridge_slave_0: entered promiscuous mode
[  138.228653][ T6511] bridge0: port 2(bridge_slave_1) entered blocking state
[  138.237982][ T6511] bridge0: port 2(bridge_slave_1) entered disabled state
[  138.245461][ T6511] bridge_slave_1: entered allmulticast mode
[  138.253285][ T6511] bridge_slave_1: entered promiscuous mode
[  138.318914][ T6511] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  138.331913][ T6511] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  138.379642][ T6511] team0: Port device team_slave_0 added
[  138.390253][ T6511] team0: Port device team_slave_1 added
[  138.435560][ T6511] batman_adv: batadv0: Adding interface: batadv_slave_0
[  138.442554][ T6511] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  138.469732][ T6511] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  138.484330][ T6511] batman_adv: batadv0: Adding interface: batadv_slave_1
[  138.493205][ T6511] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  138.520447][ T6511] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  138.587025][ T6511] hsr_slave_0: entered promiscuous mode
[  138.593769][ T6511] hsr_slave_1: entered promiscuous mode
[  139.120543][ T6511] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  139.131553][ T6511] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  139.142543][ T6511] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  139.155349][ T6511] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  139.267198][ T6511] 8021q: adding VLAN 0 to HW filter on device bond0
[  139.298241][ T6511] 8021q: adding VLAN 0 to HW filter on device team0
[  139.314371][ T1152] bridge0: port 1(bridge_slave_0) entered blocking state
[  139.321594][ T1152] bridge0: port 1(bridge_slave_0) entered forwarding state
[  139.351726][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  139.358986][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  139.567294][ T6514] Bluetooth: hci0: command tx timeout
[  139.654509][ T6511] 8021q: adding VLAN 0 to HW filter on device batadv0
[  139.719334][ T6511] veth0_vlan: entered promiscuous mode
[  139.734612][ T6511] veth1_vlan: entered promiscuous mode
[  139.771600][ T6511] veth0_macvtap: entered promiscuous mode
[  139.783948][ T6511] veth1_macvtap: entered promiscuous mode
[  139.816574][ T6511] batman_adv: batadv0: Interface activated: batadv_slave_0
[  139.834971][ T6511] batman_adv: batadv0: Interface activated: batadv_slave_1
[  139.851474][ T6511] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  139.863393][ T6511] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  139.873227][ T6511] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  139.883382][ T6511] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  139.978765][ T3547] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  139.991249][ T3547] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  140.030885][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  140.040804][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  140.223110][ T6594] Console: switching to colour VGA+ 80x25
[  140.320186][ T6602] ==================================================================
[  140.320204][ T6602] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0xa03/0xc70
[  140.320243][ T6602] Read of size 256 at addr ffff88802ad9b860 by task syz.0.17/6602
[  140.320265][ T6602] 
[  140.320292][ T6602] CPU: 0 UID: 0 PID: 6602 Comm: syz.0.17 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e-dirty #0 PREEMPT(full) 
[  140.320324][ T6602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  140.320345][ T6602] Call Trace:
[  140.320353][ T6602]  <TASK>
[  140.320362][ T6602]  dump_stack_lvl+0x116/0x1f0
[  140.320393][ T6602]  print_report+0xcd/0x630
[  140.320423][ T6602]  ? __virt_addr_valid+0x81/0x610
[  140.320452][ T6602]  ? __phys_addr+0xe8/0x180
[  140.320482][ T6602]  ? fbcon_prepare_logo+0xa03/0xc70
[  140.320511][ T6602]  kasan_report+0xe0/0x110
[  140.320540][ T6602]  ? fbcon_prepare_logo+0xa03/0xc70
[  140.320580][ T6602]  kasan_check_range+0x100/0x1b0
[  140.320614][ T6602]  __asan_memcpy+0x23/0x60
[  140.320638][ T6602]  fbcon_prepare_logo+0xa03/0xc70
[  140.320675][ T6602]  fbcon_init+0x118d/0x1920
[  140.320706][ T6602]  ? __pfx_drm_fb_helper_set_par+0x10/0x10
[  140.320742][ T6602]  visual_init+0x320/0x620
[  140.320770][ T6602]  do_bind_con_driver.isra.0+0x57a/0xbf0
[  140.320806][ T6602]  store_bind+0x61d/0x760
[  140.320836][ T6602]  ? sysfs_file_kobj+0xe4/0x290
[  140.320860][ T6602]  ? __pfx_store_bind+0x10/0x10
[  140.320886][ T6602]  dev_attr_store+0x58/0x80
[  140.320920][ T6602]  ? __pfx_dev_attr_store+0x10/0x10
[  140.320953][ T6602]  sysfs_kf_write+0xef/0x150
[  140.320976][ T6602]  kernfs_fop_write_iter+0x354/0x510
[  140.321009][ T6602]  ? __pfx_sysfs_kf_write+0x10/0x10
[  140.321034][ T6602]  vfs_write+0x6c4/0x1150
[  140.321061][ T6602]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  140.321098][ T6602]  ? __pfx___mutex_lock+0x10/0x10
[  140.321128][ T6602]  ? __pfx_vfs_write+0x10/0x10
[  140.321163][ T6602]  ksys_write+0x12a/0x250
[  140.321186][ T6602]  ? __pfx_ksys_write+0x10/0x10
[  140.321221][ T6602]  do_syscall_64+0xcd/0x490
[  140.321250][ T6602]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.321274][ T6602] RIP: 0033:0x7f988878e9a9
[  140.321303][ T6602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  140.321329][ T6602] RSP: 002b:00007f9889579038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  140.321352][ T6602] RAX: ffffffffffffffda RBX: 00007f98889b5fa0 RCX: 00007f988878e9a9
[  140.321368][ T6602] RDX: 0000000000000081 RSI: 00002000000001c0 RDI: 0000000000000004
[  140.321383][ T6602] RBP: 00007f9888810d69 R08: 0000000000000000 R09: 0000000000000000
[  140.321397][ T6602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  140.321412][ T6602] R13: 0000000000000000 R14: 00007f98889b5fa0 R15: 00007ffc350333d8
[  140.321437][ T6602]  </TASK>
[  140.321446][ T6602] 
[  140.321452][ T6602] Allocated by task 6325:
[  140.321463][ T6602]  kasan_save_stack+0x33/0x60
[  140.321488][ T6602]  kasan_save_track+0x14/0x30
[  140.321511][ T6602]  __kasan_kmalloc+0xaa/0xb0
[  140.321534][ T6602]  __kmalloc_noprof+0x223/0x510
[  140.321565][ T6602]  sk_prot_alloc+0x1a8/0x2a0
[  140.321597][ T6602]  sk_alloc+0x36/0xc20
[  140.321620][ T6602]  __netlink_create+0x5e/0x2c0
[  140.321646][ T6602]  __netlink_kernel_create+0xed/0x750
[  140.321677][ T6602]  fib_net_init+0x26d/0x3f0
[  140.321710][ T6602]  ops_init+0x1df/0x5f0
[  140.321739][ T6602]  setup_net+0x1ff/0x510
[  140.321766][ T6602]  copy_net_ns+0x2a6/0x5f0
[  140.321796][ T6602]  create_new_namespaces+0x3ea/0xa90
[  140.321817][ T6602]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  140.321842][ T6602]  ksys_unshare+0x45b/0xa40
[  140.321871][ T6602]  __x64_sys_unshare+0x31/0x40
[  140.321900][ T6602]  do_syscall_64+0xcd/0x490
[  140.321927][ T6602]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.321951][ T6602] 
[  140.321956][ T6602] Freed by task 6332:
[  140.321967][ T6602]  kasan_save_stack+0x33/0x60
[  140.321992][ T6602]  kasan_save_track+0x14/0x30
[  140.322016][ T6602]  kasan_save_free_info+0x3b/0x60
[  140.322050][ T6602]  __kasan_slab_free+0x51/0x70
[  140.322075][ T6602]  kfree+0x2b4/0x4d0
[  140.322093][ T6602]  __sk_destruct+0x740/0x980
[  140.322117][ T6602]  sk_destruct+0xc2/0xf0
[  140.322142][ T6602]  __sk_free+0xf4/0x3e0
[  140.322170][ T6602]  sk_free+0x6a/0x90
[  140.322194][ T6602]  deferred_put_nlk_sk+0xc9/0x110
[  140.322222][ T6602]  rcu_core+0x79c/0x14e0
[  140.322242][ T6602]  handle_softirqs+0x219/0x8e0
[  140.322268][ T6602]  __irq_exit_rcu+0x109/0x170
[  140.322292][ T6602]  irq_exit_rcu+0x9/0x30
[  140.322315][ T6602]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  140.322341][ T6602]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  140.322366][ T6602] 
[  140.322372][ T6602] Last potentially related work creation:
[  140.322381][ T6602]  kasan_save_stack+0x33/0x60
[  140.322405][ T6602]  kasan_record_aux_stack+0xa7/0xc0
[  140.322439][ T6602]  __call_rcu_common.constprop.0+0xa5/0xa10
[  140.322473][ T6602]  netlink_release+0x12f4/0x2020
[  140.322504][ T6602]  sock_release+0x8e/0x1d0
[  140.322524][ T6602]  netlink_kernel_release+0x4e/0x60
[  140.322559][ T6602]  fib_net_exit+0x40/0x80
[  140.322591][ T6602]  ops_undo_list+0x2eb/0xab0
[  140.322620][ T6602]  cleanup_net+0x408/0x890
[  140.322651][ T6602]  process_one_work+0x9cc/0x1b70
[  140.322684][ T6602]  worker_thread+0x6c8/0xf10
[  140.322717][ T6602]  kthread+0x3c2/0x780
[  140.322746][ T6602]  ret_from_fork+0x5d4/0x6f0
[  140.322778][ T6602]  ret_from_fork_asm+0x1a/0x30
[  140.322805][ T6602] 
[  140.322811][ T6602] The buggy address belongs to the object at ffff88802ad9b000
[  140.322811][ T6602]  which belongs to the cache kmalloc-2k of size 2048
[  140.322831][ T6602] The buggy address is located 96 bytes to the right of
[  140.322831][ T6602]  allocated 2048-byte region [ffff88802ad9b000, ffff88802ad9b800)
[  140.322857][ T6602] 
[  140.322863][ T6602] The buggy address belongs to the physical page:
[  140.322879][ T6602] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2ad98
[  140.322904][ T6602] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  140.322924][ T6602] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  140.322955][ T6602] page_type: f5(slab)
[  140.322977][ T6602] raw: 00fff00000000040 ffff88801b842000 0000000000000000 dead000000000001
[  140.323000][ T6602] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[  140.323022][ T6602] head: 00fff00000000040 ffff88801b842000 0000000000000000 dead000000000001
[  140.323044][ T6602] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[  140.323067][ T6602] head: 00fff00000000003 ffffea0000ab6601 00000000ffffffff 00000000ffffffff
[  140.323089][ T6602] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  140.323103][ T6602] page dumped because: kasan: bad access detected
[  140.323119][ T6602] page_owner tracks the page as allocated
[  140.323127][ T6602] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5925, tgid 5925 (syz-executor), ts 92458486289, free_ts 63680726622
[  140.323172][ T6602]  post_alloc_hook+0x1c0/0x230
[  140.323195][ T6602]  get_page_from_freelist+0x1321/0x3890
[  140.323220][ T6602]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  140.323247][ T6602]  alloc_pages_mpol+0x1fb/0x550
[  140.323274][ T6602]  new_slab+0x23b/0x330
[  140.323292][ T6602]  ___slab_alloc+0xd9c/0x1940
[  140.323311][ T6602]  __slab_alloc.constprop.0+0x56/0xb0
[  140.323331][ T6602]  __kmalloc_noprof+0x2f2/0x510
[  140.323355][ T6602]  ops_init+0x77/0x5f0
[  140.323381][ T6602]  setup_net+0x1ff/0x510
[  140.323409][ T6602]  copy_net_ns+0x2a6/0x5f0
[  140.323439][ T6602]  create_new_namespaces+0x3ea/0xa90
[  140.323464][ T6602]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  140.323490][ T6602]  ksys_unshare+0x45b/0xa40
[  140.323519][ T6602]  __x64_sys_unshare+0x31/0x40
[  140.323554][ T6602]  do_syscall_64+0xcd/0x490
[  140.323581][ T6602] page last free pid 5666 tgid 5666 stack trace:
[  140.323595][ T6602]  __free_frozen_pages+0x7fe/0x1180
[  140.323616][ T6602]  qlist_free_all+0x4d/0x120
[  140.323638][ T6602]  kasan_quarantine_reduce+0x195/0x1e0
[  140.323663][ T6602]  __kasan_slab_alloc+0x69/0x90
[  140.323687][ T6602]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  140.323711][ T6602]  getname_flags.part.0+0x4c/0x550
[  140.323742][ T6602]  getname_flags+0x93/0xf0
[  140.323762][ T6602]  user_path_at+0x24/0x60
[  140.323783][ T6602]  do_faccessat+0x139/0xba0
[  140.323804][ T6602]  __x64_sys_access+0x5b/0x80
[  140.323830][ T6602]  do_syscall_64+0xcd/0x490
[  140.323856][ T6602]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.323880][ T6602] 
[  140.323885][ T6602] Memory state around the buggy address:
[  140.323898][ T6602]  ffff88802ad9b700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  140.323915][ T6602]  ffff88802ad9b780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  140.323931][ T6602] >ffff88802ad9b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  140.323944][ T6602]                                                        ^
[  140.323957][ T6602]  ffff88802ad9b880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  140.323974][ T6602]  ffff88802ad9b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  140.323987][ T6602] ==================================================================
[  140.324089][ T6602] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  140.324105][ T6602] CPU: 0 UID: 0 PID: 6602 Comm: syz.0.17 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e-dirty #0 PREEMPT(full) 
[  140.324136][ T6602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  140.324151][ T6602] Call Trace:
[  140.324159][ T6602]  <TASK>
[  140.324169][ T6602]  dump_stack_lvl+0x3d/0x1f0
[  140.324199][ T6602]  panic+0x71c/0x800
[  140.324231][ T6602]  ? __pfx_panic+0x10/0x10
[  140.324263][ T6602]  ? irqentry_exit+0x3b/0x90
[  140.324289][ T6602]  ? lockdep_hardirqs_on+0x7c/0x110
[  140.324317][ T6602]  ? preempt_schedule_thunk+0x16/0x30
[  140.324350][ T6602]  ? fbcon_prepare_logo+0xa03/0xc70
[  140.324380][ T6602]  ? preempt_schedule_common+0x44/0xc0
[  140.324409][ T6602]  ? check_panic_on_warn+0x1f/0xb0
[  140.324446][ T6602]  ? fbcon_prepare_logo+0xa03/0xc70
[  140.324492][ T6602]  check_panic_on_warn+0xab/0xb0
[  140.324526][ T6602]  end_report+0x107/0x170
[  140.324562][ T6602]  kasan_report+0xee/0x110
[  140.324593][ T6602]  ? fbcon_prepare_logo+0xa03/0xc70
[  140.324627][ T6602]  kasan_check_range+0x100/0x1b0
[  140.324661][ T6602]  __asan_memcpy+0x23/0x60
[  140.324686][ T6602]  fbcon_prepare_logo+0xa03/0xc70
[  140.324723][ T6602]  fbcon_init+0x118d/0x1920
[  140.324755][ T6602]  ? __pfx_drm_fb_helper_set_par+0x10/0x10
[  140.324792][ T6602]  visual_init+0x320/0x620
[  140.324819][ T6602]  do_bind_con_driver.isra.0+0x57a/0xbf0
[  140.324856][ T6602]  store_bind+0x61d/0x760
[  140.324887][ T6602]  ? sysfs_file_kobj+0xe4/0x290
[  140.324912][ T6602]  ? __pfx_store_bind+0x10/0x10
[  140.324940][ T6602]  dev_attr_store+0x58/0x80
[  140.324973][ T6602]  ? __pfx_dev_attr_store+0x10/0x10
[  140.325007][ T6602]  sysfs_kf_write+0xef/0x150
[  140.325033][ T6602]  kernfs_fop_write_iter+0x354/0x510
[  140.325069][ T6602]  ? __pfx_sysfs_kf_write+0x10/0x10
[  140.325095][ T6602]  vfs_write+0x6c4/0x1150
[  140.325122][ T6602]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  140.325158][ T6602]  ? __pfx___mutex_lock+0x10/0x10
[  140.325184][ T6602]  ? __pfx_vfs_write+0x10/0x10
[  140.325219][ T6602]  ksys_write+0x12a/0x250
[  140.325245][ T6602]  ? __pfx_ksys_write+0x10/0x10
[  140.325276][ T6602]  do_syscall_64+0xcd/0x490
[  140.325307][ T6602]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.325334][ T6602] RIP: 0033:0x7f988878e9a9
[  140.325354][ T6602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  140.325377][ T6602] RSP: 002b:00007f9889579038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  140.325402][ T6602] RAX: ffffffffffffffda RBX: 00007f98889b5fa0 RCX: 00007f988878e9a9
[  140.325419][ T6602] RDX: 0000000000000081 RSI: 00002000000001c0 RDI: 0000000000000004
[  140.325435][ T6602] RBP: 00007f9888810d69 R08: 0000000000000000 R09: 0000000000000000
[  140.325451][ T6602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  140.325467][ T6602] R13: 0000000000000000 R14: 00007f98889b5fa0 R15: 00007ffc350333d8
[  140.325492][ T6602]  </TASK>
[  140.325823][ T6602] Kernel Offset: disabled