Warning: Permanently added '10.128.0.111' (ED25519) to the list of known hosts.
2025/02/25 02:28:31 ignoring optional flag "sandboxArg"="0"
2025/02/25 02:28:32 parsed 1 programs
syzkaller login: [   71.492182][ T5836] cgroup: Unknown subsys name 'net'
[   71.601096][ T5836] cgroup: Unknown subsys name 'cpuset'
[   71.609456][ T5836] cgroup: Unknown subsys name 'rlimit'
[   71.881108][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[   71.887796][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[   72.976463][ T5836] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   75.194596][ T5842] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   75.778446][   T72] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.786665][   T72] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.818297][ T3479] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.826165][ T3479] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.931632][ T5908] chnl_net:caif_netlink_parms(): no params data found
[   78.018497][ T5908] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.025619][ T5908] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.033361][ T5908] bridge_slave_0: entered allmulticast mode
[   78.042150][ T5908] bridge_slave_0: entered promiscuous mode
[   78.052433][ T5908] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.070593][ T5908] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.079096][ T5908] bridge_slave_1: entered allmulticast mode
[   78.087107][ T5908] bridge_slave_1: entered promiscuous mode
[   78.130702][ T5908] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.141646][ T5908] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.164467][ T5908] team0: Port device team_slave_0 added
[   78.172174][ T5908] team0: Port device team_slave_1 added
[   78.190854][ T5908] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.198338][ T5908] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.224504][ T5908] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.238499][ T5908] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.245511][ T5908] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.271661][ T5908] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.311768][ T5908] hsr_slave_0: entered promiscuous mode
[   78.318313][ T5908] hsr_slave_1: entered promiscuous mode
[   78.414889][ T5908] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   78.425398][ T5908] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   78.435035][ T5908] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   78.445546][ T5908] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   78.469663][ T5908] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.476827][ T5908] bridge0: port 2(bridge_slave_1) entered forwarding state
[   78.484998][ T5908] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.492148][ T5908] bridge0: port 1(bridge_slave_0) entered forwarding state
[   78.541580][ T5908] 8021q: adding VLAN 0 to HW filter on device bond0
[   78.561206][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.570036][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.587343][ T5908] 8021q: adding VLAN 0 to HW filter on device team0
[   78.601043][   T72] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.608196][   T72] bridge0: port 1(bridge_slave_0) entered forwarding state
[   78.620642][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.627798][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   78.756360][ T5908] 8021q: adding VLAN 0 to HW filter on device batadv0
[   78.791452][ T5908] veth0_vlan: entered promiscuous mode
[   78.802314][ T5908] veth1_vlan: entered promiscuous mode
[   78.828715][ T5908] veth0_macvtap: entered promiscuous mode
[   78.837084][ T5908] veth1_macvtap: entered promiscuous mode
[   78.855911][ T5908] batman_adv: batadv0: Interface activated: batadv_slave_0
[   78.868788][ T5908] batman_adv: batadv0: Interface activated: batadv_slave_1
[   78.880633][ T5908] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   78.891541][ T5908] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   78.900366][ T5908] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   78.909250][ T5908] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   79.049864][ T3479] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.124035][ T3479] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.210985][ T3479] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.211872][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   79.230782][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   79.239042][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   79.247718][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   79.255077][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   79.263381][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   79.282649][ T3479] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/02/25 02:28:43 executed programs: 0
[   79.913386][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   79.922089][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   79.930646][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   79.943158][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   79.953982][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   79.961860][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   80.073715][ T5944] chnl_net:caif_netlink_parms(): no params data found
[   80.121457][ T5944] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.128817][ T5944] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.135967][ T5944] bridge_slave_0: entered allmulticast mode
[   80.143199][ T5944] bridge_slave_0: entered promiscuous mode
[   80.152217][ T5944] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.159492][ T5944] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.166707][ T5944] bridge_slave_1: entered allmulticast mode
[   80.173959][ T5944] bridge_slave_1: entered promiscuous mode
[   80.196718][ T5944] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   80.208610][ T5944] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   80.232739][ T5944] team0: Port device team_slave_0 added
[   80.240731][ T5944] team0: Port device team_slave_1 added
[   80.259540][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_0
[   80.266516][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.293175][ T5944] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   80.306630][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_1
[   80.313904][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.340169][ T5944] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   80.384793][ T5944] hsr_slave_0: entered promiscuous mode
[   80.391049][ T5944] hsr_slave_1: entered promiscuous mode
[   80.396963][ T5944] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   80.405048][ T5944] Cannot create hsr debugfs directory
[   81.950487][ T3479] bridge_slave_1: left allmulticast mode
[   81.956359][ T3479] bridge_slave_1: left promiscuous mode
[   81.965948][ T3479] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.986809][ T3479] bridge_slave_0: left allmulticast mode
[   81.993065][ T3479] bridge_slave_0: left promiscuous mode
[   81.999331][ T3479] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.029930][ T5147] Bluetooth: hci0: command tx timeout
[   82.300629][ T3479] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   82.313716][ T3479] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   82.324299][ T3479] bond0 (unregistering): Released all slaves
[   82.485458][ T3479] hsr_slave_0: left promiscuous mode
[   82.502178][ T3479] hsr_slave_1: left promiscuous mode
[   82.519380][ T3479] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   82.526863][ T3479] batman_adv: batadv0: Removing interface: batadv_slave_0
[   82.541600][ T3479] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   82.558975][ T3479] batman_adv: batadv0: Removing interface: batadv_slave_1
[   82.584796][ T3479] veth1_macvtap: left promiscuous mode
[   82.593967][ T3479] veth0_macvtap: left promiscuous mode
[   82.600137][ T3479] veth1_vlan: left promiscuous mode
[   82.605691][ T3479] veth0_vlan: left promiscuous mode
[   83.035543][ T3479] team0 (unregistering): Port device team_slave_1 removed
[   83.072560][ T3479] team0 (unregistering): Port device team_slave_0 removed
[   83.620361][ T5944] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   83.640339][ T5944] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   83.650905][ T5944] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   83.664394][ T5944] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   83.872102][ T5944] 8021q: adding VLAN 0 to HW filter on device bond0
[   83.891203][ T5944] 8021q: adding VLAN 0 to HW filter on device team0
[   83.903390][   T72] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.910584][   T72] bridge0: port 1(bridge_slave_0) entered forwarding state
[   83.936914][   T72] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.944168][   T72] bridge0: port 2(bridge_slave_1) entered forwarding state
[   84.010579][ T5944] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   84.113769][ T5147] Bluetooth: hci0: command tx timeout
[   84.136834][ T5944] 8021q: adding VLAN 0 to HW filter on device batadv0
[   84.168960][ T5944] veth0_vlan: entered promiscuous mode
[   84.179705][ T5944] veth1_vlan: entered promiscuous mode
[   84.206784][ T5944] veth0_macvtap: entered promiscuous mode
[   84.215939][ T5944] veth1_macvtap: entered promiscuous mode
[   84.230947][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_0
[   84.244489][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_1
[   84.256873][ T5944] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   84.266042][ T5944] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   84.274890][ T5944] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   84.283801][ T5944] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   84.333945][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.348282][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.370721][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.379120][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/02/25 02:28:48 executed programs: 21
[   86.187818][ T5147] Bluetooth: hci0: command tx timeout
[   87.240276][   T46] cfg80211: failed to load regulatory.db
[   88.267731][ T5147] Bluetooth: hci0: command tx timeout
2025/02/25 02:28:53 executed programs: 282
2025/02/25 02:28:58 executed programs: 558
[   95.772597][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   95.783256][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   95.798179][   T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   95.806962][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   95.815540][   T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   95.822972][   T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   95.918380][ T6591] chnl_net:caif_netlink_parms(): no params data found
[   95.978750][   T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.999775][ T6591] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.007620][ T6591] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.014839][ T6591] bridge_slave_0: entered allmulticast mode
[   96.022048][ T6591] bridge_slave_0: entered promiscuous mode
[   96.039109][   T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.051755][ T6591] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.059898][ T6591] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.067126][ T6591] bridge_slave_1: entered allmulticast mode
[   96.074475][ T6591] bridge_slave_1: entered promiscuous mode
[   96.108513][   T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.123389][ T6591] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   96.135287][ T6591] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   96.165113][   T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.188363][ T6591] team0: Port device team_slave_0 added
[   96.196061][ T6591] team0: Port device team_slave_1 added
[   96.223100][ T6591] batman_adv: batadv0: Adding interface: batadv_slave_0
[   96.230300][ T6591] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.256987][ T6591] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   96.270340][ T6591] batman_adv: batadv0: Adding interface: batadv_slave_1
[   96.277335][ T6591] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.304183][ T6591] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   96.384633][ T6591] hsr_slave_0: entered promiscuous mode
[   96.391588][ T6591] hsr_slave_1: entered promiscuous mode
[   96.401385][   T11] bridge_slave_1: left allmulticast mode
[   96.407098][   T11] bridge_slave_1: left promiscuous mode
[   96.413663][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.422268][   T11] bridge_slave_0: left allmulticast mode
[   96.428404][   T11] bridge_slave_0: left promiscuous mode
[   96.434144][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.715241][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   96.726034][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   96.736525][   T11] bond0 (unregistering): Released all slaves
[   97.053435][   T11] hsr_slave_0: left promiscuous mode
[   97.059609][   T11] hsr_slave_1: left promiscuous mode
[   97.066365][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   97.074453][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[   97.087036][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   97.094790][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[   97.115077][   T11] veth1_macvtap: left promiscuous mode
[   97.121555][   T11] veth0_macvtap: left promiscuous mode
[   97.127217][   T11] veth1_vlan: left promiscuous mode
[   97.134948][   T11] veth0_vlan: left promiscuous mode
[   97.493798][   T11] team0 (unregistering): Port device team_slave_1 removed
[   97.530640][   T11] team0 (unregistering): Port device team_slave_0 removed
[   97.872750][ T5147] Bluetooth: hci1: command tx timeout
[   98.039905][ T6591] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   98.060970][ T6591] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   98.086654][ T6591] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   98.110995][ T6591] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   98.230852][ T6591] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.255400][ T6591] 8021q: adding VLAN 0 to HW filter on device team0
[   98.269964][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.277112][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.305013][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.312620][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.414629][ T6591] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.447085][ T6591] veth0_vlan: entered promiscuous mode
[   98.457377][ T6591] veth1_vlan: entered promiscuous mode
[   98.479935][ T6591] veth0_macvtap: entered promiscuous mode
[   98.488508][ T6591] veth1_macvtap: entered promiscuous mode
[   98.503053][ T6591] batman_adv: batadv0: Interface activated: batadv_slave_0
[   98.515279][ T6591] batman_adv: batadv0: Interface activated: batadv_slave_1
[   98.526978][ T6591] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   98.536665][ T6591] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   98.545734][ T6591] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   98.554704][ T6591] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   98.605466][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.615484][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.638328][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.646212][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.694847][ T6634] ==================================================================
[   98.702947][ T6634] BUG: KASAN: slab-use-after-free in force_devcd_write+0x317/0x330
[   98.710834][ T6634] Read of size 8 at addr ffff88802a170000 by task syz.0.616/6634
[   98.718533][ T6634] 
[   98.720863][ T6634] CPU: 1 UID: 0 PID: 6634 Comm: syz.0.616 Not tainted 6.14.0-rc4-syzkaller #0
[   98.720878][ T6634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   98.720889][ T6634] Call Trace:
[   98.720895][ T6634]  <TASK>
[   98.720903][ T6634]  dump_stack_lvl+0x116/0x1f0
[   98.720925][ T6634]  print_report+0xc3/0x670
[   98.720945][ T6634]  ? __virt_addr_valid+0x5e/0x590
[   98.720958][ T6634]  ? __phys_addr+0xc6/0x150
[   98.720970][ T6634]  kasan_report+0xd9/0x110
[   98.720981][ T6634]  ? force_devcd_write+0x317/0x330
[   98.720997][ T6634]  ? force_devcd_write+0x317/0x330
[   98.721014][ T6634]  force_devcd_write+0x317/0x330
[   98.721029][ T6634]  ? __pfx_force_devcd_write+0x10/0x10
[   98.721044][ T6634]  ? __debugfs_file_get+0x1ff/0x850
[   98.721060][ T6634]  ? __pfx___debugfs_file_get+0x10/0x10
[   98.721075][ T6634]  ? rcu_is_watching+0x12/0xc0
[   98.721089][ T6634]  ? trace_lock_acquire+0x14e/0x1f0
[   98.721105][ T6634]  full_proxy_write+0x13c/0x200
[   98.721120][ T6634]  ? __pfx_full_proxy_write+0x10/0x10
[   98.721136][ T6634]  vfs_write+0x24c/0x1150
[   98.721154][ T6634]  ? __pfx_vfs_write+0x10/0x10
[   98.721176][ T6634]  ? do_futex+0x123/0x350
[   98.721191][ T6634]  ? __pfx_do_futex+0x10/0x10
[   98.721207][ T6634]  ? __x64_sys_futex+0x1e1/0x4c0
[   98.721222][ T6634]  ? __x64_sys_futex+0x1ea/0x4c0
[   98.721237][ T6634]  ksys_write+0x12b/0x250
[   98.721252][ T6634]  ? __pfx_ksys_write+0x10/0x10
[   98.721270][ T6634]  do_syscall_64+0xcd/0x250
[   98.721286][ T6634]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.721308][ T6634] RIP: 0033:0x7f05c278d169
[   98.721319][ T6634] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   98.721335][ T6634] RSP: 002b:00007fffa7466fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   98.721348][ T6634] RAX: ffffffffffffffda RBX: 00007f05c29a5fa0 RCX: 00007f05c278d169
[   98.721356][ T6634] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[   98.721364][ T6634] RBP: 00007f05c280e2a0 R08: 0000000000000000 R09: 0000000000000000
[   98.721371][ T6634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   98.721379][ T6634] R13: 00007f05c29a5fa0 R14: 00007f05c29a5fa0 R15: 0000000000000003
[   98.721390][ T6634]  </TASK>
[   98.721394][ T6634] 
[   98.945980][ T6634] Allocated by task 5944:
[   98.950311][ T6634]  kasan_save_stack+0x33/0x60
[   98.955010][ T6634]  kasan_save_track+0x14/0x30
[   98.959858][ T6634]  __kasan_kmalloc+0xaa/0xb0
[   98.964457][ T6634]  vhci_open+0x4c/0x430
[   98.968605][ T6634]  misc_open+0x35a/0x420
[   98.972836][ T6634]  chrdev_open+0x237/0x6a0
[   98.977255][ T6634]  do_dentry_open+0x735/0x1c40
[   98.982020][ T6634]  vfs_open+0x82/0x3f0
[   98.986073][ T6634]  path_openat+0x1e88/0x2d80
[   98.990676][ T6634]  do_filp_open+0x20c/0x470
[   98.995427][ T6634]  do_sys_openat2+0x17a/0x1e0
[   99.000130][ T6634]  __x64_sys_openat+0x175/0x210
[   99.004971][ T6634]  do_syscall_64+0xcd/0x250
[   99.009474][ T6634]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.015405][ T6634] 
[   99.017718][ T6634] Freed by task 5944:
[   99.021783][ T6634]  kasan_save_stack+0x33/0x60
[   99.026456][ T6634]  kasan_save_track+0x14/0x30
[   99.031144][ T6634]  kasan_save_free_info+0x3b/0x60
[   99.036159][ T6634]  __kasan_slab_free+0x51/0x70
[   99.041002][ T6634]  kfree+0x2c4/0x4d0
[   99.044886][ T6634]  vhci_release+0xbb/0xf0
[   99.049220][ T6634]  __fput+0x3ff/0xb70
[   99.053208][ T6634]  task_work_run+0x14e/0x250
[   99.057790][ T6634]  do_exit+0xad8/0x2d70
[   99.061967][ T6634]  do_group_exit+0xd3/0x2a0
[   99.066475][ T6634]  get_signal+0x24ed/0x26c0
[   99.070969][ T6634]  arch_do_signal_or_restart+0x90/0x7e0
[   99.076506][ T6634]  syscall_exit_to_user_mode+0x150/0x2a0
[   99.082131][ T6634]  do_syscall_64+0xda/0x250
[   99.086681][ T6634]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.092565][ T6634] 
[   99.094876][ T6634] The buggy address belongs to the object at ffff88802a170000
[   99.094876][ T6634]  which belongs to the cache kmalloc-1k of size 1024
[   99.108939][ T6634] The buggy address is located 0 bytes inside of
[   99.108939][ T6634]  freed 1024-byte region [ffff88802a170000, ffff88802a170400)
[   99.122663][ T6634] 
[   99.124992][ T6634] The buggy address belongs to the physical page:
[   99.131463][ T6634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2a170
[   99.140215][ T6634] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   99.148708][ T6634] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   99.156278][ T6634] page_type: f5(slab)
[   99.160246][ T6634] raw: 00fff00000000040 ffff88801b041dc0 ffffea0000a2e200 dead000000000002
[   99.168821][ T6634] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   99.177419][ T6634] head: 00fff00000000040 ffff88801b041dc0 ffffea0000a2e200 dead000000000002
[   99.186080][ T6634] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   99.194747][ T6634] head: 00fff00000000003 ffffea0000a85c01 ffffffffffffffff 0000000000000000
[   99.203408][ T6634] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   99.212062][ T6634] page dumped because: kasan: bad access detected
[   99.218476][ T6634] page_owner tracks the page as allocated
[   99.224175][ T6634] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5643, tgid 5643 (dhcpcd), ts 47493379801, free_ts 47489417201
[   99.245093][ T6634]  post_alloc_hook+0x181/0x1b0
[   99.249861][ T6634]  get_page_from_freelist+0xfce/0x2f80
[   99.255403][ T6634]  __alloc_frozen_pages_noprof+0x221/0x2470
[   99.261287][ T6634]  alloc_pages_mpol+0x1fc/0x540
[   99.266130][ T6634]  new_slab+0x23d/0x330
[   99.270291][ T6634]  ___slab_alloc+0xc5d/0x1720
[   99.274963][ T6634]  __slab_alloc.constprop.0+0x56/0xb0
[   99.280342][ T6634]  __kmalloc_noprof+0x2ec/0x510
[   99.285182][ T6634]  load_elf_phdrs+0x103/0x210
[   99.289856][ T6634]  load_elf_binary+0x1f8/0x4fc0
[   99.294694][ T6634]  bprm_execve+0x8dd/0x16d0
[   99.299187][ T6634]  do_execveat_common.isra.0+0x4a2/0x610
[   99.304813][ T6634]  __x64_sys_execve+0x8c/0xb0
[   99.309501][ T6634]  do_syscall_64+0xcd/0x250
[   99.314083][ T6634]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.320009][ T6634] page last free pid 5501 tgid 5501 stack trace:
[   99.326327][ T6634]  free_frozen_pages+0x6db/0xfb0
[   99.331258][ T6634]  __folio_put+0x32a/0x450
[   99.335665][ T6634]  skb_free_head+0x108/0x1d0
[   99.340332][ T6634]  skb_release_data+0x560/0x730
[   99.345200][ T6634]  consume_skb+0xbf/0x100
[   99.349532][ T6634]  netlink_recvmsg+0x606/0xf30
[   99.354306][ T6634]  sock_recvmsg+0x1f6/0x250
[   99.358800][ T6634]  ____sys_recvmsg+0x219/0x6b0
[   99.363549][ T6634]  ___sys_recvmsg+0x115/0x1a0
[   99.368236][ T6634]  __sys_recvmsg+0x16b/0x220
[   99.372813][ T6634]  do_syscall_64+0xcd/0x250
[   99.377321][ T6634]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.383204][ T6634] 
[   99.385627][ T6634] Memory state around the buggy address:
[   99.391235][ T6634]  ffff88802a16ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   99.399295][ T6634]  ffff88802a16ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   99.407383][ T6634] >ffff88802a170000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   99.415430][ T6634]                    ^
[   99.419507][ T6634]  ffff88802a170080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   99.427577][ T6634]  ffff88802a170100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   99.435638][ T6634] ==================================================================
[   99.457696][ T6634] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   99.464943][ T6634] CPU: 1 UID: 0 PID: 6634 Comm: syz.0.616 Not tainted 6.14.0-rc4-syzkaller #0
[   99.473816][ T6634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   99.483940][ T6634] Call Trace:
[   99.487228][ T6634]  <TASK>
[   99.490147][ T6634]  dump_stack_lvl+0x3d/0x1f0
[   99.494845][ T6634]  panic+0x71d/0x800
[   99.498744][ T6634]  ? __pfx_panic+0x10/0x10
[   99.503156][ T6634]  ? preempt_schedule_thunk+0x1a/0x30
[   99.508526][ T6634]  ? preempt_schedule_common+0x44/0xc0
[   99.513975][ T6634]  ? check_panic_on_warn+0x1f/0xb0
[   99.519097][ T6634]  check_panic_on_warn+0xab/0xb0
[   99.524063][ T6634]  end_report+0x117/0x180
[   99.528394][ T6634]  kasan_report+0xe9/0x110
[   99.532804][ T6634]  ? force_devcd_write+0x317/0x330
[   99.537921][ T6634]  ? force_devcd_write+0x317/0x330
[   99.543136][ T6634]  force_devcd_write+0x317/0x330
[   99.548072][ T6634]  ? __pfx_force_devcd_write+0x10/0x10
[   99.553562][ T6634]  ? __debugfs_file_get+0x1ff/0x850
[   99.558760][ T6634]  ? __pfx___debugfs_file_get+0x10/0x10
[   99.564332][ T6634]  ? rcu_is_watching+0x12/0xc0
[   99.569101][ T6634]  ? trace_lock_acquire+0x14e/0x1f0
[   99.574320][ T6634]  full_proxy_write+0x13c/0x200
[   99.579267][ T6634]  ? __pfx_full_proxy_write+0x10/0x10
[   99.584640][ T6634]  vfs_write+0x24c/0x1150
[   99.589002][ T6634]  ? __pfx_vfs_write+0x10/0x10
[   99.593774][ T6634]  ? do_futex+0x123/0x350
[   99.598102][ T6634]  ? __pfx_do_futex+0x10/0x10
[   99.602782][ T6634]  ? __x64_sys_futex+0x1e1/0x4c0
[   99.607717][ T6634]  ? __x64_sys_futex+0x1ea/0x4c0
[   99.612654][ T6634]  ksys_write+0x12b/0x250
[   99.616988][ T6634]  ? __pfx_ksys_write+0x10/0x10
[   99.621844][ T6634]  do_syscall_64+0xcd/0x250
[   99.626351][ T6634]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.632251][ T6634] RIP: 0033:0x7f05c278d169
[   99.636660][ T6634] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   99.656272][ T6634] RSP: 002b:00007fffa7466fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   99.664776][ T6634] RAX: ffffffffffffffda RBX: 00007f05c29a5fa0 RCX: 00007f05c278d169
[   99.672747][ T6634] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[   99.680718][ T6634] RBP: 00007f05c280e2a0 R08: 0000000000000000 R09: 0000000000000000
[   99.688722][ T6634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   99.696694][ T6634] R13: 00007f05c29a5fa0 R14: 00007f05c29a5fa0 R15: 0000000000000003
[   99.704714][ T6634]  </TASK>
[   99.707978][ T6634] Kernel Offset: disabled
[   99.712295][ T6634] Rebooting in 86400 seconds..