Warning: Permanently added '10.128.0.166' (ED25519) to the list of known hosts.
2025/07/04 14:44:27 ignoring optional flag "sandboxArg"="0"
2025/07/04 14:44:28 parsed 1 programs
[  127.762000][ T6350] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  131.186984][ T6377] chnl_net:caif_netlink_parms(): no params data found
[  131.263435][ T6377] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.270868][ T6377] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.278364][ T6377] bridge_slave_0: entered allmulticast mode
[  131.285282][ T6377] bridge_slave_0: entered promiscuous mode
[  131.295143][ T6377] bridge0: port 2(bridge_slave_1) entered blocking state
[  131.302742][ T6377] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.310028][ T6377] bridge_slave_1: entered allmulticast mode
[  131.317105][ T6377] bridge_slave_1: entered promiscuous mode
[  131.349690][ T6377] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  131.392228][ T6377] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  131.424990][ T6377] team0: Port device team_slave_0 added
[  131.434039][ T6377] team0: Port device team_slave_1 added
[  131.465020][ T6377] batman_adv: batadv0: Adding interface: batadv_slave_0
[  131.472510][ T6377] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  131.498867][ T6377] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  131.514880][ T6377] batman_adv: batadv0: Adding interface: batadv_slave_1
[  131.521891][ T6377] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  131.547916][ T6377] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  131.593235][ T6377] hsr_slave_0: entered promiscuous mode
[  131.599708][ T6377] hsr_slave_1: entered promiscuous mode
[  132.263375][ T6377] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  132.282890][ T6377] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  132.294786][ T6377] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  132.311895][ T6377] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  132.414901][ T6377] 8021q: adding VLAN 0 to HW filter on device bond0
[  132.442690][ T6377] 8021q: adding VLAN 0 to HW filter on device team0
[  132.458829][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  132.466040][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  132.489270][ T3556] bridge0: port 2(bridge_slave_1) entered blocking state
[  132.496501][ T3556] bridge0: port 2(bridge_slave_1) entered forwarding state
[  132.785085][ T6377] 8021q: adding VLAN 0 to HW filter on device batadv0
[  132.846779][ T6377] veth0_vlan: entered promiscuous mode
[  132.862069][ T6377] veth1_vlan: entered promiscuous mode
[  132.903992][ T6377] veth0_macvtap: entered promiscuous mode
[  132.914749][ T6377] veth1_macvtap: entered promiscuous mode
[  132.921620][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  132.934324][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  132.957886][ T6377] batman_adv: batadv0: Interface activated: batadv_slave_0
[  132.971166][ T6377] batman_adv: batadv0: Interface activated: batadv_slave_1
[  132.991948][ T6377] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  133.002942][ T6377] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  133.012329][ T6377] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  133.024240][ T6377] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  133.212481][ T5168] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  133.225461][ T5168] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  133.235493][ T3556] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.237644][ T5168] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  133.263540][ T5168] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  133.274096][ T5168] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  133.356071][ T3556] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.437801][ T3556] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.562762][ T3556] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.937859][ T2938] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  133.950108][ T2938] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  133.982828][ T1037] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  133.991997][ T1037] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  135.642733][ T3556] bridge_slave_1: left allmulticast mode
[  135.653214][ T3556] bridge_slave_1: left promiscuous mode
[  135.662876][ T3556] bridge0: port 2(bridge_slave_1) entered disabled state
[  135.689876][ T3556] bridge_slave_0: left allmulticast mode
[  135.706253][ T3556] bridge_slave_0: left promiscuous mode
[  135.712471][ T3556] bridge0: port 1(bridge_slave_0) entered disabled state
[  136.359172][ T3556] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  136.372208][ T3556] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  136.391583][ T3556] bond0 (unregistering): Released all slaves
[  136.517112][ T3556] hsr_slave_0: left promiscuous mode
[  136.523380][ T3556] hsr_slave_1: left promiscuous mode
[  136.530858][ T3556] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  136.539723][ T3556] batman_adv: batadv0: Removing interface: batadv_slave_0
[  136.560001][ T3556] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  136.586775][ T3556] batman_adv: batadv0: Removing interface: batadv_slave_1
[  136.611703][ T3556] veth1_macvtap: left promiscuous mode
[  136.623816][ T3556] veth0_macvtap: left promiscuous mode
[  136.630529][ T3556] veth1_vlan: left promiscuous mode
[  136.646633][ T3556] veth0_vlan: left promiscuous mode
[  137.317634][ T3556] team0 (unregistering): Port device team_slave_1 removed
[  137.361974][ T3556] team0 (unregistering): Port device team_slave_0 removed
2025/07/04 14:44:43 executed programs: 0
[  138.627139][ T5938] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  138.638288][ T5938] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  138.646486][ T5938] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  138.655654][ T5938] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  138.664106][ T5938] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  139.206520][ T6589] chnl_net:caif_netlink_parms(): no params data found
[  139.331742][ T6589] bridge0: port 1(bridge_slave_0) entered blocking state
[  139.339114][ T6589] bridge0: port 1(bridge_slave_0) entered disabled state
[  139.347347][ T6589] bridge_slave_0: entered allmulticast mode
[  139.355150][ T6589] bridge_slave_0: entered promiscuous mode
[  139.364350][ T6589] bridge0: port 2(bridge_slave_1) entered blocking state
[  139.381886][ T6589] bridge0: port 2(bridge_slave_1) entered disabled state
[  139.389461][ T6589] bridge_slave_1: entered allmulticast mode
[  139.398736][ T6589] bridge_slave_1: entered promiscuous mode
[  139.446348][ T6589] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  139.470245][ T6589] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  139.524631][ T6589] team0: Port device team_slave_0 added
[  139.552336][ T6589] team0: Port device team_slave_1 added
[  139.613676][ T6589] batman_adv: batadv0: Adding interface: batadv_slave_0
[  139.623405][ T6589] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  139.650965][ T6589] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  139.664194][ T6589] batman_adv: batadv0: Adding interface: batadv_slave_1
[  139.673565][ T6589] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  139.700800][ T6589] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  139.817432][ T6589] hsr_slave_0: entered promiscuous mode
[  139.824110][ T6589] hsr_slave_1: entered promiscuous mode
[  140.363556][ T6589] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  140.386845][ T6589] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  140.411140][ T6589] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  140.438953][ T6589] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  140.605885][ T6589] 8021q: adding VLAN 0 to HW filter on device bond0
[  140.638299][ T6589] 8021q: adding VLAN 0 to HW filter on device team0
[  140.652989][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  140.660224][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  140.680121][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  140.687362][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  140.755702][ T5938] Bluetooth: hci0: command tx timeout
[  140.978673][ T6589] 8021q: adding VLAN 0 to HW filter on device batadv0
[  141.040140][ T6589] veth0_vlan: entered promiscuous mode
[  141.055050][ T6589] veth1_vlan: entered promiscuous mode
[  141.095038][ T6589] veth0_macvtap: entered promiscuous mode
[  141.109421][ T6589] veth1_macvtap: entered promiscuous mode
[  141.135205][ T6589] batman_adv: batadv0: Interface activated: batadv_slave_0
[  141.154715][ T6589] batman_adv: batadv0: Interface activated: batadv_slave_1
[  141.171380][ T6589] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  141.182177][ T6589] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  141.193593][ T6589] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  141.203529][ T6589] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  141.303629][ T3556] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  141.332396][ T3556] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  141.374905][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  141.387649][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  142.835986][ T5938] Bluetooth: hci0: command tx timeout
2025/07/04 14:44:48 executed programs: 67
[  144.916597][ T5938] Bluetooth: hci0: command tx timeout
[  146.996220][ T5938] Bluetooth: hci0: command tx timeout
2025/07/04 14:44:53 executed programs: 248
2025/07/04 14:44:58 executed programs: 497
[  155.756009][ T5168] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  155.770864][ T5168] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  155.780113][ T5168] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  155.789092][ T5168] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  155.797797][ T5168] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  155.953279][ T2954] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  155.974626][ T8005] chnl_net:caif_netlink_parms(): no params data found
[  156.041028][ T2954] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  156.067911][ T8005] bridge0: port 1(bridge_slave_0) entered blocking state
[  156.075057][ T8005] bridge0: port 1(bridge_slave_0) entered disabled state
[  156.082675][ T8005] bridge_slave_0: entered allmulticast mode
[  156.091285][ T8005] bridge_slave_0: entered promiscuous mode
[  156.109236][ T2954] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  156.123150][ T8005] bridge0: port 2(bridge_slave_1) entered blocking state
[  156.130560][ T8005] bridge0: port 2(bridge_slave_1) entered disabled state
[  156.139012][ T8005] bridge_slave_1: entered allmulticast mode
[  156.146285][ T8005] bridge_slave_1: entered promiscuous mode
[  156.183528][ T2954] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  156.201377][ T8005] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  156.213909][ T8005] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  156.251405][ T8005] team0: Port device team_slave_0 added
[  156.260745][ T8005] team0: Port device team_slave_1 added
[  156.293402][ T8005] batman_adv: batadv0: Adding interface: batadv_slave_0
[  156.301272][ T8005] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  156.327477][ T8005] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  156.340414][ T8005] batman_adv: batadv0: Adding interface: batadv_slave_1
[  156.347511][ T8005] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  156.374208][ T8005] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  156.474420][ T8005] hsr_slave_0: entered promiscuous mode
[  156.480982][ T8005] hsr_slave_1: entered promiscuous mode
[  156.488005][ T8005] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  156.496209][ T8005] Cannot create hsr debugfs directory
[  156.521106][ T2954] bridge_slave_1: left allmulticast mode
[  156.527042][ T2954] bridge_slave_1: left promiscuous mode
[  156.533322][ T2954] bridge0: port 2(bridge_slave_1) entered disabled state
[  156.542704][ T2954] bridge_slave_0: left allmulticast mode
[  156.548426][ T2954] bridge_slave_0: left promiscuous mode
[  156.554111][ T2954] bridge0: port 1(bridge_slave_0) entered disabled state
[  156.781669][ T2954] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  156.793474][ T2954] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  156.803974][ T2954] bond0 (unregistering): Released all slaves
[  157.125369][ T2954] hsr_slave_0: left promiscuous mode
[  157.135647][ T2954] hsr_slave_1: left promiscuous mode
[  157.141745][ T2954] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  157.150295][ T2954] batman_adv: batadv0: Removing interface: batadv_slave_0
[  157.159565][ T2954] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  157.167131][ T2954] batman_adv: batadv0: Removing interface: batadv_slave_1
[  157.193061][ T2954] veth1_macvtap: left promiscuous mode
[  157.198832][ T2954] veth0_macvtap: left promiscuous mode
[  157.204648][ T2954] veth1_vlan: left promiscuous mode
[  157.211537][ T2954] veth0_vlan: left promiscuous mode
[  157.615985][ T2954] team0 (unregistering): Port device team_slave_1 removed
[  157.645342][ T2954] team0 (unregistering): Port device team_slave_0 removed
[  157.875825][ T5168] Bluetooth: hci1: command tx timeout
[  158.197502][ T8005] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  158.214713][ T8005] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  158.234659][ T8005] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  158.249118][ T8005] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  158.368798][ T8005] 8021q: adding VLAN 0 to HW filter on device bond0
[  158.400349][ T8005] 8021q: adding VLAN 0 to HW filter on device team0
[  158.414596][ T3556] bridge0: port 1(bridge_slave_0) entered blocking state
[  158.421899][ T3556] bridge0: port 1(bridge_slave_0) entered forwarding state
[  158.452810][ T3556] bridge0: port 2(bridge_slave_1) entered blocking state
[  158.460043][ T3556] bridge0: port 2(bridge_slave_1) entered forwarding state
[  158.654819][ T8005] 8021q: adding VLAN 0 to HW filter on device batadv0
[  158.698118][ T8005] veth0_vlan: entered promiscuous mode
[  158.710063][ T8005] veth1_vlan: entered promiscuous mode
[  158.735350][ T8005] veth0_macvtap: entered promiscuous mode
[  158.745300][ T8005] veth1_macvtap: entered promiscuous mode
[  158.766302][ T8005] batman_adv: batadv0: Interface activated: batadv_slave_0
[  158.781079][ T8005] batman_adv: batadv0: Interface activated: batadv_slave_1
[  158.793068][ T8005] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  158.802147][ T8005] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  158.811854][ T8005] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  158.820655][ T8005] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2025/07/04 14:45:03 executed programs: 602
[  158.881569][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  158.890260][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  158.913426][ T2954] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  158.921965][ T2954] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  158.967747][ T8054] ==================================================================
[  158.975843][ T8054] BUG: KASAN: slab-use-after-free in force_devcd_write+0x3ab/0x3d0
[  158.983758][ T8054] Read of size 8 at addr ffff88807ab4c800 by task syz.0.616/8054
[  158.991467][ T8054] 
[  158.993799][ T8054] CPU: 1 UID: 0 PID: 8054 Comm: syz.0.616 Not tainted 6.16.0-rc4-syzkaller-g4c06e63b9203-dirty #0 PREEMPT(full) 
[  158.993817][ T8054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  158.993828][ T8054] Call Trace:
[  158.993834][ T8054]  <TASK>
[  158.993843][ T8054]  dump_stack_lvl+0x116/0x1f0
[  158.993871][ T8054]  print_report+0xcd/0x680
[  158.993886][ T8054]  ? __virt_addr_valid+0x81/0x610
[  158.993901][ T8054]  ? __phys_addr+0xe8/0x180
[  158.993915][ T8054]  ? force_devcd_write+0x3ab/0x3d0
[  158.993928][ T8054]  kasan_report+0xe0/0x110
[  158.993941][ T8054]  ? force_devcd_write+0x3ab/0x3d0
[  158.993955][ T8054]  force_devcd_write+0x3ab/0x3d0
[  158.993967][ T8054]  ? __pfx_force_devcd_write+0x10/0x10
[  158.993984][ T8054]  full_proxy_write+0x13c/0x200
[  158.993999][ T8054]  ? __pfx_full_proxy_write+0x10/0x10
[  158.994012][ T8054]  vfs_write+0x29d/0x1150
[  158.994033][ T8054]  ? __pfx___mutex_lock+0x10/0x10
[  158.994053][ T8054]  ? __pfx_vfs_write+0x10/0x10
[  158.994074][ T8054]  ? __fget_files+0x20e/0x3c0
[  158.994096][ T8054]  ksys_write+0x12a/0x250
[  158.994114][ T8054]  ? __pfx_ksys_write+0x10/0x10
[  158.994136][ T8054]  do_syscall_64+0xcd/0x490
[  158.994157][ T8054]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.994171][ T8054] RIP: 0033:0x7f6d5398e929
[  158.994187][ T8054] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  158.994202][ T8054] RSP: 002b:00007f6d547a1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  158.994217][ T8054] RAX: ffffffffffffffda RBX: 00007f6d53bb5fa0 RCX: 00007f6d5398e929
[  158.994227][ T8054] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  158.994234][ T8054] RBP: 00007f6d53a10b39 R08: 0000000000000000 R09: 0000000000000000
[  158.994242][ T8054] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  158.994255][ T8054] R13: 0000000000000000 R14: 00007f6d53bb5fa0 R15: 00007ffd8bc9db28
[  158.994268][ T8054]  </TASK>
[  158.994273][ T8054] 
[  159.192952][ T8054] Allocated by task 6589:
[  159.197288][ T8054]  kasan_save_stack+0x33/0x60
[  159.201973][ T8054]  kasan_save_track+0x14/0x30
[  159.206647][ T8054]  __kasan_kmalloc+0xaa/0xb0
[  159.211232][ T8054]  vhci_open+0x4c/0x430
[  159.215389][ T8054]  misc_open+0x35a/0x420
[  159.219645][ T8054]  chrdev_open+0x231/0x6a0
[  159.224155][ T8054]  do_dentry_open+0x744/0x1c10
[  159.229196][ T8054]  vfs_open+0x82/0x3f0
[  159.233266][ T8054]  path_openat+0x1de4/0x2cb0
[  159.237886][ T8054]  do_filp_open+0x20b/0x470
[  159.242391][ T8054]  do_sys_openat2+0x11b/0x1d0
[  159.247064][ T8054]  __x64_sys_openat+0x174/0x210
[  159.251921][ T8054]  do_syscall_64+0xcd/0x490
[  159.256447][ T8054]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.262349][ T8054] 
[  159.264676][ T8054] Freed by task 6589:
[  159.268659][ T8054]  kasan_save_stack+0x33/0x60
[  159.273344][ T8054]  kasan_save_track+0x14/0x30
[  159.278023][ T8054]  kasan_save_free_info+0x3b/0x60
[  159.283052][ T8054]  __kasan_slab_free+0x51/0x70
[  159.287808][ T8054]  kfree+0x2b4/0x4d0
[  159.291699][ T8054]  vhci_release+0xcd/0x110
[  159.296114][ T8054]  __fput+0x402/0xb70
[  159.300084][ T8054]  task_work_run+0x14d/0x240
[  159.304846][ T8054]  do_exit+0x86c/0x2bd0
[  159.309001][ T8054]  do_group_exit+0xd3/0x2a0
[  159.313522][ T8054]  get_signal+0x2673/0x26d0
[  159.318023][ T8054]  arch_do_signal_or_restart+0x8f/0x790
[  159.323566][ T8054]  exit_to_user_mode_loop+0x84/0x110
[  159.328850][ T8054]  do_syscall_64+0x3f6/0x490
[  159.333437][ T8054]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.339323][ T8054] 
[  159.341642][ T8054] The buggy address belongs to the object at ffff88807ab4c800
[  159.341642][ T8054]  which belongs to the cache kmalloc-1k of size 1024
[  159.355692][ T8054] The buggy address is located 0 bytes inside of
[  159.355692][ T8054]  freed 1024-byte region [ffff88807ab4c800, ffff88807ab4cc00)
[  159.369401][ T8054] 
[  159.371735][ T8054] The buggy address belongs to the physical page:
[  159.378171][ T8054] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7ab48
[  159.387047][ T8054] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  159.395537][ T8054] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  159.403618][ T8054] page_type: f5(slab)
[  159.407780][ T8054] raw: 00fff00000000040 ffff88801b841dc0 0000000000000000 0000000000000001
[  159.416385][ T8054] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  159.425076][ T8054] head: 00fff00000000040 ffff88801b841dc0 0000000000000000 0000000000000001
[  159.433753][ T8054] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  159.442438][ T8054] head: 00fff00000000003 ffffea0001ead201 00000000ffffffff 00000000ffffffff
[  159.451110][ T8054] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  159.459863][ T8054] page dumped because: kasan: bad access detected
[  159.466291][ T8054] page_owner tracks the page as allocated
[  159.472018][ T8054] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 2954, tgid 2954 (kworker/u8:8), ts 94650347230, free_ts 94499980362
[  159.491386][ T8054]  post_alloc_hook+0x1c0/0x230
[  159.496153][ T8054]  get_page_from_freelist+0x1321/0x3890
[  159.501697][ T8054]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  159.507593][ T8054]  alloc_pages_mpol+0x1fb/0x550
[  159.512452][ T8054]  new_slab+0x23b/0x330
[  159.516605][ T8054]  ___slab_alloc+0xd9c/0x1940
[  159.521283][ T8054]  __slab_alloc.constprop.0+0x56/0xb0
[  159.526662][ T8054]  __kmalloc_noprof+0x2f2/0x510
[  159.531538][ T8054]  ieee802_11_parse_elems_full+0x1d7/0x3780
[  159.537427][ T8054]  ieee80211_inform_bss+0x10b/0x1140
[  159.542803][ T8054]  cfg80211_inform_single_bss_data+0x8ea/0x1df0
[  159.549065][ T8054]  cfg80211_inform_bss_data+0x224/0x3bc0
[  159.554804][ T8054]  cfg80211_inform_bss_frame_data+0x26f/0x750
[  159.560876][ T8054]  ieee80211_bss_info_update+0x310/0xab0
[  159.566509][ T8054]  ieee80211_ibss_rx_queued_mgmt+0x1905/0x2fd0
[  159.572661][ T8054]  ieee80211_iface_work+0xbf4/0x1020
[  159.577945][ T8054] page last free pid 2938 tgid 2938 stack trace:
[  159.584256][ T8054]  __free_frozen_pages+0x7fe/0x1180
[  159.589552][ T8054]  __put_partials+0x16d/0x1c0
[  159.594241][ T8054]  qlist_free_all+0x4d/0x120
[  159.598842][ T8054]  kasan_quarantine_reduce+0x195/0x1e0
[  159.604294][ T8054]  __kasan_slab_alloc+0x69/0x90
[  159.609309][ T8054]  kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[  159.615212][ T8054]  __alloc_skb+0x2b2/0x380
[  159.619648][ T8054]  br_vlan_notify+0x15b/0x8c0
[  159.624327][ T8054]  br_vlan_bridge_event+0x343/0x5c0
[  159.629526][ T8054]  br_device_event+0x3d8/0xa00
[  159.634281][ T8054]  notifier_call_chain+0xbc/0x410
[  159.639307][ T8054]  call_netdevice_notifiers_info+0xbe/0x140
[  159.645203][ T8054]  unregister_netdevice_many_notify+0xf9d/0x2700
[  159.651639][ T8054]  ops_undo_list+0x8fc/0xab0
[  159.656226][ T8054]  cleanup_net+0x408/0x890
[  159.660733][ T8054]  process_one_work+0x9cf/0x1b70
[  159.665684][ T8054] 
[  159.668008][ T8054] Memory state around the buggy address:
[  159.673629][ T8054]  ffff88807ab4c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  159.681681][ T8054]  ffff88807ab4c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  159.689743][ T8054] >ffff88807ab4c800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  159.697837][ T8054]                    ^
[  159.701903][ T8054]  ffff88807ab4c880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  159.709968][ T8054]  ffff88807ab4c900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  159.718025][ T8054] ==================================================================
[  159.742310][ T8054] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  159.749731][ T8054] CPU: 1 UID: 0 PID: 8054 Comm: syz.0.616 Not tainted 6.16.0-rc4-syzkaller-g4c06e63b9203-dirty #0 PREEMPT(full) 
[  159.761646][ T8054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  159.771714][ T8054] Call Trace:
[  159.774990][ T8054]  <TASK>
[  159.777955][ T8054]  dump_stack_lvl+0x3d/0x1f0
[  159.782549][ T8054]  panic+0x71c/0x800
[  159.786445][ T8054]  ? __pfx_panic+0x10/0x10
[  159.790864][ T8054]  ? mark_held_locks+0x49/0x80
[  159.795633][ T8054]  ? preempt_schedule_thunk+0x16/0x30
[  159.801014][ T8054]  ? force_devcd_write+0x3ab/0x3d0
[  159.806130][ T8054]  ? preempt_schedule_common+0x44/0xc0
[  159.811605][ T8054]  ? check_panic_on_warn+0x1f/0xb0
[  159.816716][ T8054]  ? force_devcd_write+0x3ab/0x3d0
[  159.821813][ T8054]  check_panic_on_warn+0xab/0xb0
[  159.826746][ T8054]  end_report+0x107/0x170
[  159.831065][ T8054]  kasan_report+0xee/0x110
[  159.835472][ T8054]  ? force_devcd_write+0x3ab/0x3d0
[  159.840595][ T8054]  force_devcd_write+0x3ab/0x3d0
[  159.845553][ T8054]  ? __pfx_force_devcd_write+0x10/0x10
[  159.851034][ T8054]  full_proxy_write+0x13c/0x200
[  159.855901][ T8054]  ? __pfx_full_proxy_write+0x10/0x10
[  159.861274][ T8054]  vfs_write+0x29d/0x1150
[  159.865632][ T8054]  ? __pfx___mutex_lock+0x10/0x10
[  159.870682][ T8054]  ? __pfx_vfs_write+0x10/0x10
[  159.875470][ T8054]  ? __fget_files+0x20e/0x3c0
[  159.880269][ T8054]  ksys_write+0x12a/0x250
[  159.884628][ T8054]  ? __pfx_ksys_write+0x10/0x10
[  159.889498][ T8054]  do_syscall_64+0xcd/0x490
[  159.894017][ T8054]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.900008][ T8054] RIP: 0033:0x7f6d5398e929
[  159.904426][ T8054] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  159.924136][ T8054] RSP: 002b:00007f6d547a1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  159.932549][ T8054] RAX: ffffffffffffffda RBX: 00007f6d53bb5fa0 RCX: 00007f6d5398e929
[  159.940526][ T8054] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  159.948504][ T8054] RBP: 00007f6d53a10b39 R08: 0000000000000000 R09: 0000000000000000
[  159.956472][ T8054] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  159.964447][ T8054] R13: 0000000000000000 R14: 00007f6d53bb5fa0 R15: 00007ffd8bc9db28
[  159.972426][ T8054]  </TASK>
[  159.975706][ T8054] Kernel Offset: disabled
[  159.980027][ T8054] Rebooting in 86400 seconds..