Warning: Permanently added '10.128.0.134' (ED25519) to the list of known hosts.
2024/12/25 07:23:39 ignoring optional flag "sandboxArg"="0"
2024/12/25 07:23:40 parsed 1 programs
[  108.039752][ T6267] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  110.391519][ T5892] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  110.400408][ T5892] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  110.409383][ T5892] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  110.418312][ T5892] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  110.426228][ T5892] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  110.434224][ T5892] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  110.751195][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.759180][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.782075][  T962] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.791197][  T962] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.251077][ T6322] chnl_net:caif_netlink_parms(): no params data found
[  111.339203][ T6322] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.347676][ T6322] bridge0: port 1(bridge_slave_0) entered disabled state
[  111.356629][ T6322] bridge_slave_0: entered allmulticast mode
[  111.365184][ T6322] bridge_slave_0: entered promiscuous mode
[  111.375125][ T6322] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.382351][ T6322] bridge0: port 2(bridge_slave_1) entered disabled state
[  111.390331][ T6322] bridge_slave_1: entered allmulticast mode
[  111.397506][ T6322] bridge_slave_1: entered promiscuous mode
[  111.434784][ T6322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  111.447208][ T6322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  111.481908][ T6322] team0: Port device team_slave_0 added
[  111.498346][ T6322] team0: Port device team_slave_1 added
[  111.516341][ T6322] batman_adv: batadv0: Adding interface: batadv_slave_0
[  111.523327][ T6322] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  111.549432][ T6322] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  111.562145][ T6322] batman_adv: batadv0: Adding interface: batadv_slave_1
[  111.569273][ T6322] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  111.595833][ T6322] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  111.642032][ T6322] hsr_slave_0: entered promiscuous mode
[  111.648305][ T6322] hsr_slave_1: entered promiscuous mode
[  112.210462][ T6322] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  112.222068][ T6322] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  112.232728][ T6322] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  112.245903][ T6322] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  112.339478][ T6322] 8021q: adding VLAN 0 to HW filter on device bond0
[  112.361360][ T6322] 8021q: adding VLAN 0 to HW filter on device team0
[  112.374531][  T962] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.381678][  T962] bridge0: port 1(bridge_slave_0) entered forwarding state
[  112.401326][  T962] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.408621][  T962] bridge0: port 2(bridge_slave_1) entered forwarding state
[  112.600642][ T6322] 8021q: adding VLAN 0 to HW filter on device batadv0
[  112.650926][ T6322] veth0_vlan: entered promiscuous mode
[  112.666095][ T6322] veth1_vlan: entered promiscuous mode
[  112.700031][ T6322] veth0_macvtap: entered promiscuous mode
[  112.709883][ T6322] veth1_macvtap: entered promiscuous mode
[  112.740520][ T6322] batman_adv: batadv0: Interface activated: batadv_slave_0
[  112.757367][ T6322] batman_adv: batadv0: Interface activated: batadv_slave_1
[  112.770469][ T6322] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  112.781106][ T6322] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  112.791338][ T6322] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  112.801242][ T6322] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  112.972159][   T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.059048][   T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.139440][   T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.248176][   T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2024/12/25 07:23:51 executed programs: 0
[  115.402378][ T5892] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  115.415999][ T5892] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  115.426471][ T5892] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  115.436778][ T5892] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  115.453652][ T5892] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  115.461038][ T5892] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  115.632081][ T6486] chnl_net:caif_netlink_parms(): no params data found
[  115.711414][ T6486] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.719976][ T6486] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.730064][ T6486] bridge_slave_0: entered allmulticast mode
[  115.738351][ T6486] bridge_slave_0: entered promiscuous mode
[  115.747819][ T6486] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.756363][ T6486] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.765802][ T6486] bridge_slave_1: entered allmulticast mode
[  115.773114][ T6486] bridge_slave_1: entered promiscuous mode
[  115.805600][ T6486] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  115.818842][ T6486] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  115.852900][ T6486] team0: Port device team_slave_0 added
[  115.861198][ T6486] team0: Port device team_slave_1 added
[  115.886806][ T6486] batman_adv: batadv0: Adding interface: batadv_slave_0
[  115.893870][ T6486] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  115.921068][ T6486] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  115.940195][ T6486] batman_adv: batadv0: Adding interface: batadv_slave_1
[  115.947367][ T6486] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  115.973905][ T6486] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  116.096677][ T6486] hsr_slave_0: entered promiscuous mode
[  116.105052][ T6486] hsr_slave_1: entered promiscuous mode
[  116.111579][ T6486] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  116.119758][ T6486] Cannot create hsr debugfs directory
[  116.126954][   T35] bridge_slave_1: left allmulticast mode
[  116.132661][   T35] bridge_slave_1: left promiscuous mode
[  116.139674][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  116.149181][   T35] bridge_slave_0: left allmulticast mode
[  116.155333][   T35] bridge_slave_0: left promiscuous mode
[  116.161070][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  116.522690][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  116.534786][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  116.548006][   T35] bond0 (unregistering): Released all slaves
[  116.633246][   T35] hsr_slave_0: left promiscuous mode
[  116.641742][   T35] hsr_slave_1: left promiscuous mode
[  116.648396][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  116.658568][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  116.667112][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  116.677397][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  116.699800][   T35] veth1_macvtap: left promiscuous mode
[  116.705576][   T35] veth0_macvtap: left promiscuous mode
[  116.711206][   T35] veth1_vlan: left promiscuous mode
[  116.720084][   T35] veth0_vlan: left promiscuous mode
[  117.155814][   T35] team0 (unregistering): Port device team_slave_1 removed
[  117.187077][   T35] team0 (unregistering): Port device team_slave_0 removed
[  117.530923][ T5142] Bluetooth: hci0: command tx timeout
[  117.839907][ T6486] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  117.865357][ T6486] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  117.875736][ T6486] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  117.888899][ T6486] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  118.121758][ T6486] 8021q: adding VLAN 0 to HW filter on device bond0
[  118.182066][ T6486] 8021q: adding VLAN 0 to HW filter on device team0
[  118.250896][   T64] bridge0: port 1(bridge_slave_0) entered blocking state
[  118.258079][   T64] bridge0: port 1(bridge_slave_0) entered forwarding state
[  118.300820][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  118.308102][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  118.558991][ T6486] 8021q: adding VLAN 0 to HW filter on device batadv0
[  118.599624][ T6486] veth0_vlan: entered promiscuous mode
[  118.612082][ T6486] veth1_vlan: entered promiscuous mode
[  118.638971][ T6486] veth0_macvtap: entered promiscuous mode
[  118.650071][ T6486] veth1_macvtap: entered promiscuous mode
[  118.669738][ T6486] batman_adv: batadv0: Interface activated: batadv_slave_0
[  118.688861][ T6486] batman_adv: batadv0: Interface activated: batadv_slave_1
[  118.703334][ T6486] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  118.713327][ T6486] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  118.725327][ T6486] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  118.734581][ T6486] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  118.798579][ T1105] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.816006][ T1105] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.847345][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.856226][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.603797][ T5142] Bluetooth: hci0: command tx timeout
2024/12/25 07:23:56 executed programs: 19
[  121.683780][ T5142] Bluetooth: hci0: command tx timeout
[  123.772178][ T5142] Bluetooth: hci0: command tx timeout
2024/12/25 07:24:01 executed programs: 106
2024/12/25 07:24:06 executed programs: 214
[  133.206119][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  133.212486][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
2024/12/25 07:24:11 executed programs: 322
2024/12/25 07:24:16 executed programs: 428
2024/12/25 07:24:21 executed programs: 530
[  149.019600][ T5892] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  149.029197][ T5892] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  149.037391][ T5892] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  149.047493][ T5892] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  149.056194][ T5892] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  149.064129][ T5892] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  149.161168][ T7926] chnl_net:caif_netlink_parms(): no params data found
[  149.191866][   T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.238167][ T7926] bridge0: port 1(bridge_slave_0) entered blocking state
[  149.245914][ T7926] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.253393][ T7926] bridge_slave_0: entered allmulticast mode
[  149.260451][ T7926] bridge_slave_0: entered promiscuous mode
[  149.267880][ T7926] bridge0: port 2(bridge_slave_1) entered blocking state
[  149.276486][ T7926] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.284272][ T7926] bridge_slave_1: entered allmulticast mode
[  149.291134][ T7926] bridge_slave_1: entered promiscuous mode
[  149.307937][   T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.333389][ T7926] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  149.344751][ T7926] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  149.367936][ T7926] team0: Port device team_slave_0 added
[  149.378534][ T7926] team0: Port device team_slave_1 added
[  149.392053][   T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.418781][ T7926] batman_adv: batadv0: Adding interface: batadv_slave_0
[  149.426197][ T7926] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  149.452962][ T7926] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  149.466065][ T7926] batman_adv: batadv0: Adding interface: batadv_slave_1
[  149.473144][ T7926] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  149.499202][ T7926] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  149.521620][   T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.552272][ T7926] hsr_slave_0: entered promiscuous mode
[  149.558825][ T7926] hsr_slave_1: entered promiscuous mode
[  149.680666][   T35] bridge_slave_1: left allmulticast mode
[  149.687921][   T35] bridge_slave_1: left promiscuous mode
[  149.694089][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.702560][   T35] bridge_slave_0: left allmulticast mode
[  149.709278][   T35] bridge_slave_0: left promiscuous mode
[  149.715006][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.961735][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  149.972840][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  149.983269][   T35] bond0 (unregistering): Released all slaves
[  150.241704][   T35] hsr_slave_0: left promiscuous mode
[  150.249169][   T35] hsr_slave_1: left promiscuous mode
[  150.258087][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  150.266868][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  150.277487][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  150.286241][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  150.306956][   T35] veth1_macvtap: left promiscuous mode
[  150.312655][   T35] veth0_macvtap: left promiscuous mode
[  150.321738][   T35] veth1_vlan: left promiscuous mode
[  150.327181][   T35] veth0_vlan: left promiscuous mode
[  150.679339][   T35] team0 (unregistering): Port device team_slave_1 removed
[  150.712130][   T35] team0 (unregistering): Port device team_slave_0 removed
[  151.123601][ T5142] Bluetooth: hci1: command tx timeout
[  151.160599][ T7926] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  151.177847][ T7926] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  151.189883][ T7926] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  151.200482][ T7926] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  151.302917][ T7926] 8021q: adding VLAN 0 to HW filter on device bond0
[  151.336207][ T7926] 8021q: adding VLAN 0 to HW filter on device team0
[  151.358267][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[  151.365458][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[  151.381992][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  151.389193][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  151.527015][ T7926] 8021q: adding VLAN 0 to HW filter on device batadv0
[  151.556314][ T7926] veth0_vlan: entered promiscuous mode
[  151.568372][ T7926] veth1_vlan: entered promiscuous mode
[  151.589834][ T7926] veth0_macvtap: entered promiscuous mode
[  151.598416][ T7926] veth1_macvtap: entered promiscuous mode
[  151.612531][ T7926] batman_adv: batadv0: Interface activated: batadv_slave_0
[  151.626504][ T7926] batman_adv: batadv0: Interface activated: batadv_slave_1
[  151.637475][ T7926] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  151.646891][ T7926] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  151.656054][ T7926] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  151.665120][ T7926] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  151.711918][ T1105] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  151.726385][ T1105] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  151.747476][   T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
2024/12/25 07:24:27 executed programs: 602
[  151.755895][   T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  151.817821][ T7968] ==================================================================
[  151.825910][ T7968] BUG: KASAN: slab-use-after-free in force_devcd_write+0x32d/0x350
[  151.833811][ T7968] Read of size 8 at addr ffff8880723fe000 by task syz.0.616/7968
[  151.841535][ T7968] 
[  151.843875][ T7968] CPU: 0 UID: 0 PID: 7968 Comm: syz.0.616 Not tainted 6.12.0-syzkaller-10299-g8e1aa2966d94 #0
[  151.854314][ T7968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  151.864395][ T7968] Call Trace:
[  151.867699][ T7968]  <TASK>
[  151.870626][ T7968]  dump_stack_lvl+0x116/0x1f0
[  151.875427][ T7968]  print_report+0xc3/0x620
[  151.879971][ T7968]  ? __virt_addr_valid+0x5e/0x590
[  151.885013][ T7968]  ? __phys_addr+0xc6/0x150
[  151.889530][ T7968]  kasan_report+0xd9/0x110
[  151.893965][ T7968]  ? force_devcd_write+0x32d/0x350
[  151.899140][ T7968]  ? force_devcd_write+0x32d/0x350
[  151.904293][ T7968]  force_devcd_write+0x32d/0x350
[  151.909248][ T7968]  ? __pfx_force_devcd_write+0x10/0x10
[  151.914761][ T7968]  ? rcu_is_watching+0x12/0xc0
[  151.919532][ T7968]  ? trace_lock_acquire+0x146/0x1e0
[  151.924737][ T7968]  full_proxy_write+0xfb/0x1b0
[  151.929596][ T7968]  ? __pfx_full_proxy_write+0x10/0x10
[  151.934984][ T7968]  vfs_write+0x24c/0x1150
[  151.939323][ T7968]  ? __fget_files+0x1fc/0x3a0
[  151.944033][ T7968]  ? __pfx___mutex_lock+0x10/0x10
[  151.949067][ T7968]  ? __pfx_vfs_write+0x10/0x10
[  151.953838][ T7968]  ? __fget_files+0x206/0x3a0
[  151.958519][ T7968]  ksys_write+0x12b/0x250
[  151.962847][ T7968]  ? __pfx_ksys_write+0x10/0x10
[  151.967700][ T7968]  do_syscall_64+0xcd/0x250
[  151.972202][ T7968]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.978104][ T7968] RIP: 0033:0x7f5b6e785d29
[  151.982569][ T7968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  152.002305][ T7968] RSP: 002b:00007f5b6f56d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  152.010744][ T7968] RAX: ffffffffffffffda RBX: 00007f5b6e975fa0 RCX: 00007f5b6e785d29
[  152.018726][ T7968] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  152.026700][ T7968] RBP: 00007f5b6e801aa8 R08: 0000000000000000 R09: 0000000000000000
[  152.034758][ T7968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  152.042726][ T7968] R13: 0000000000000000 R14: 00007f5b6e975fa0 R15: 00007ffd5c295678
[  152.050705][ T7968]  </TASK>
[  152.053728][ T7968] 
[  152.056044][ T7968] Allocated by task 6486:
[  152.060455][ T7968]  kasan_save_stack+0x33/0x60
[  152.065139][ T7968]  kasan_save_track+0x14/0x30
[  152.069824][ T7968]  __kasan_kmalloc+0xaa/0xb0
[  152.074440][ T7968]  vhci_open+0x4c/0x430
[  152.078592][ T7968]  misc_open+0x35a/0x420
[  152.082837][ T7968]  chrdev_open+0x237/0x6a0
[  152.087258][ T7968]  do_dentry_open+0xf59/0x1ea0
[  152.092122][ T7968]  vfs_open+0x82/0x3f0
[  152.096224][ T7968]  path_openat+0x1e6a/0x2d60
[  152.100826][ T7968]  do_filp_open+0x20c/0x470
[  152.105423][ T7968]  do_sys_openat2+0x17a/0x1e0
[  152.110106][ T7968]  __x64_sys_openat+0x175/0x210
[  152.115205][ T7968]  do_syscall_64+0xcd/0x250
[  152.119737][ T7968]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.125654][ T7968] 
[  152.127972][ T7968] Freed by task 6486:
[  152.131939][ T7968]  kasan_save_stack+0x33/0x60
[  152.136717][ T7968]  kasan_save_track+0x14/0x30
[  152.141392][ T7968]  kasan_save_free_info+0x3b/0x60
[  152.146437][ T7968]  __kasan_slab_free+0x51/0x70
[  152.151208][ T7968]  kfree+0x14f/0x4b0
[  152.155190][ T7968]  vhci_release+0xbb/0xf0
[  152.159524][ T7968]  __fput+0x3f8/0xb60
[  152.163534][ T7968]  task_work_run+0x14e/0x250
[  152.168151][ T7968]  do_exit+0xadd/0x2d70
[  152.172326][ T7968]  do_group_exit+0xd3/0x2a0
[  152.176923][ T7968]  get_signal+0x2576/0x2610
[  152.181449][ T7968]  arch_do_signal_or_restart+0x90/0x7e0
[  152.187073][ T7968]  syscall_exit_to_user_mode+0x150/0x2a0
[  152.192718][ T7968]  do_syscall_64+0xda/0x250
[  152.197228][ T7968]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.203119][ T7968] 
[  152.205440][ T7968] The buggy address belongs to the object at ffff8880723fe000
[  152.205440][ T7968]  which belongs to the cache kmalloc-1k of size 1024
[  152.219492][ T7968] The buggy address is located 0 bytes inside of
[  152.219492][ T7968]  freed 1024-byte region [ffff8880723fe000, ffff8880723fe400)
[  152.233232][ T7968] 
[  152.235596][ T7968] The buggy address belongs to the physical page:
[  152.242016][ T7968] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x723f8
[  152.250805][ T7968] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  152.259299][ T7968] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  152.267050][ T7968] page_type: f5(slab)
[  152.271032][ T7968] raw: 00fff00000000040 ffff88801ac41dc0 ffffea0001e8f600 dead000000000002
[  152.279613][ T7968] raw: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000
[  152.288236][ T7968] head: 00fff00000000040 ffff88801ac41dc0 ffffea0001e8f600 dead000000000002
[  152.296905][ T7968] head: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000
[  152.305570][ T7968] head: 00fff00000000003 ffffea0001c8fe01 ffffffffffffffff 0000000000000000
[  152.314329][ T7968] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  152.323165][ T7968] page dumped because: kasan: bad access detected
[  152.329574][ T7968] page_owner tracks the page as allocated
[  152.335304][ T7968] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5899, tgid 5899 (syz-executor), ts 74750997698, free_ts 73623015670
[  152.356856][ T7968]  post_alloc_hook+0x2d1/0x350
[  152.361628][ T7968]  get_page_from_freelist+0xfce/0x2f80
[  152.367096][ T7968]  __alloc_pages_noprof+0x223/0x25a0
[  152.372386][ T7968]  alloc_pages_mpol_noprof+0x2c9/0x610
[  152.377842][ T7968]  new_slab+0x2c9/0x410
[  152.382009][ T7968]  ___slab_alloc+0xd1d/0x16e0
[  152.386686][ T7968]  __slab_alloc.constprop.0+0x56/0xb0
[  152.392066][ T7968]  __kmalloc_cache_noprof+0xf6/0x420
[  152.397455][ T7968]  afs_alloc_call+0x4f/0x4a0
[  152.402041][ T7968]  afs_charge_preallocation+0xff/0x330
[  152.407498][ T7968]  afs_open_socket+0x298/0x350
[  152.412343][ T7968]  afs_net_init+0x95d/0xc60
[  152.416856][ T7968]  ops_init+0x1df/0x5f0
[  152.421054][ T7968]  setup_net+0x21f/0x860
[  152.425307][ T7968]  copy_net_ns+0x2b4/0x6b0
[  152.429758][ T7968]  create_new_namespaces+0x3ea/0xad0
[  152.435065][ T7968] page last free pid 5853 tgid 5853 stack trace:
[  152.441381][ T7968]  free_unref_page+0x661/0x1080
[  152.446235][ T7968]  vfree+0x17a/0x890
[  152.450133][ T7968]  kcov_put+0x2a/0x40
[  152.454118][ T7968]  kcov_close+0xd/0x20
[  152.458184][ T7968]  __fput+0x3f8/0xb60
[  152.462171][ T7968]  task_work_run+0x14e/0x250
[  152.466754][ T7968]  do_exit+0xadd/0x2d70
[  152.470914][ T7968]  do_group_exit+0xd3/0x2a0
[  152.475423][ T7968]  get_signal+0x2576/0x2610
[  152.479927][ T7968]  arch_do_signal_or_restart+0x90/0x7e0
[  152.485478][ T7968]  syscall_exit_to_user_mode+0x150/0x2a0
[  152.491107][ T7968]  do_syscall_64+0xda/0x250
[  152.495650][ T7968]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.501541][ T7968] 
[  152.503857][ T7968] Memory state around the buggy address:
[  152.509508][ T7968]  ffff8880723fdf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  152.517563][ T7968]  ffff8880723fdf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  152.525614][ T7968] >ffff8880723fe000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  152.533681][ T7968]                    ^
[  152.537823][ T7968]  ffff8880723fe080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  152.545876][ T7968]  ffff8880723fe100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  152.554102][ T7968] ==================================================================
[  152.566251][ T7968] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  152.573484][ T7968] CPU: 1 UID: 0 PID: 7968 Comm: syz.0.616 Not tainted 6.12.0-syzkaller-10299-g8e1aa2966d94 #0
[  152.583839][ T7968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  152.594119][ T7968] Call Trace:
[  152.597394][ T7968]  <TASK>
[  152.600327][ T7968]  dump_stack_lvl+0x3d/0x1f0
[  152.605013][ T7968]  panic+0x71d/0x800
[  152.608919][ T7968]  ? __pfx_panic+0x10/0x10
[  152.613346][ T7968]  ? preempt_schedule_thunk+0x1a/0x30
[  152.618730][ T7968]  ? preempt_schedule_common+0x44/0xc0
[  152.624198][ T7968]  ? check_panic_on_warn+0x1f/0xb0
[  152.629337][ T7968]  check_panic_on_warn+0xab/0xb0
[  152.634304][ T7968]  end_report+0x117/0x180
[  152.638728][ T7968]  kasan_report+0xe9/0x110
[  152.643150][ T7968]  ? force_devcd_write+0x32d/0x350
[  152.648262][ T7968]  ? force_devcd_write+0x32d/0x350
[  152.653373][ T7968]  force_devcd_write+0x32d/0x350
[  152.658304][ T7968]  ? __pfx_force_devcd_write+0x10/0x10
[  152.663760][ T7968]  ? rcu_is_watching+0x12/0xc0
[  152.668523][ T7968]  ? trace_lock_acquire+0x146/0x1e0
[  152.673726][ T7968]  full_proxy_write+0xfb/0x1b0
[  152.678494][ T7968]  ? __pfx_full_proxy_write+0x10/0x10
[  152.683867][ T7968]  vfs_write+0x24c/0x1150
[  152.688199][ T7968]  ? __fget_files+0x1fc/0x3a0
[  152.692883][ T7968]  ? __pfx___mutex_lock+0x10/0x10
[  152.698032][ T7968]  ? __pfx_vfs_write+0x10/0x10
[  152.702804][ T7968]  ? __fget_files+0x206/0x3a0
[  152.707501][ T7968]  ksys_write+0x12b/0x250
[  152.712376][ T7968]  ? __pfx_ksys_write+0x10/0x10
[  152.717244][ T7968]  do_syscall_64+0xcd/0x250
[  152.721744][ T7968]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.727724][ T7968] RIP: 0033:0x7f5b6e785d29
[  152.732233][ T7968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  152.752065][ T7968] RSP: 002b:00007f5b6f56d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  152.760670][ T7968] RAX: ffffffffffffffda RBX: 00007f5b6e975fa0 RCX: 00007f5b6e785d29
[  152.768903][ T7968] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  152.776977][ T7968] RBP: 00007f5b6e801aa8 R08: 0000000000000000 R09: 0000000000000000
[  152.785036][ T7968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  152.793090][ T7968] R13: 0000000000000000 R14: 00007f5b6e975fa0 R15: 00007ffd5c295678
[  152.801080][ T7968]  </TASK>
[  152.804486][ T7968] Kernel Offset: disabled
[  152.808908][ T7968] Rebooting in 86400 seconds..