Warning: Permanently added '10.128.1.159' (ED25519) to the list of known hosts.
2025/02/28 10:07:22 ignoring optional flag "sandboxArg"="0"
2025/02/28 10:07:24 parsed 1 programs
[  206.046882][ T5851] cgroup: Unknown subsys name 'net'
[  206.167902][ T5851] cgroup: Unknown subsys name 'cpuset'
[  206.175762][ T5851] cgroup: Unknown subsys name 'rlimit'
[  207.526091][ T5851] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  209.716161][ T5858] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  211.296557][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  211.304296][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  211.312258][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  211.320230][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  211.330831][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  211.341897][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  212.437013][ T5922] chnl_net:caif_netlink_parms(): no params data found
[  212.492818][ T5922] bridge0: port 1(bridge_slave_0) entered blocking state
[  212.500741][ T5922] bridge0: port 1(bridge_slave_0) entered disabled state
[  212.509691][ T5922] bridge_slave_0: entered allmulticast mode
[  212.516948][ T5922] bridge_slave_0: entered promiscuous mode
[  212.525171][ T5922] bridge0: port 2(bridge_slave_1) entered blocking state
[  212.532270][ T5922] bridge0: port 2(bridge_slave_1) entered disabled state
[  212.539470][ T5922] bridge_slave_1: entered allmulticast mode
[  212.545968][ T5922] bridge_slave_1: entered promiscuous mode
[  212.565888][ T5922] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  212.580091][ T5922] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  212.601625][ T5922] team0: Port device team_slave_0 added
[  212.609047][ T5922] team0: Port device team_slave_1 added
[  212.626688][ T5922] batman_adv: batadv0: Adding interface: batadv_slave_0
[  212.633621][ T5922] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  212.660049][ T5922] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  212.672724][ T5922] batman_adv: batadv0: Adding interface: batadv_slave_1
[  212.679759][ T5922] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  212.705707][ T5922] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  212.733487][ T5922] hsr_slave_0: entered promiscuous mode
[  212.739669][ T5922] hsr_slave_1: entered promiscuous mode
[  212.823272][ T5922] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  212.833441][ T5922] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  212.843347][ T5922] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  212.852424][ T5922] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  212.872645][ T5922] bridge0: port 2(bridge_slave_1) entered blocking state
[  212.879796][ T5922] bridge0: port 2(bridge_slave_1) entered forwarding state
[  212.887527][ T5922] bridge0: port 1(bridge_slave_0) entered blocking state
[  212.894590][ T5922] bridge0: port 1(bridge_slave_0) entered forwarding state
[  212.939471][ T5922] 8021q: adding VLAN 0 to HW filter on device bond0
[  212.955189][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  212.964452][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  212.982429][ T5922] 8021q: adding VLAN 0 to HW filter on device team0
[  212.995529][  T195] bridge0: port 1(bridge_slave_0) entered blocking state
[  213.002606][  T195] bridge0: port 1(bridge_slave_0) entered forwarding state
[  213.014153][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[  213.021274][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[  213.138177][ T5922] 8021q: adding VLAN 0 to HW filter on device batadv0
[  213.171218][ T5922] veth0_vlan: entered promiscuous mode
[  213.181212][ T5922] veth1_vlan: entered promiscuous mode
[  213.203106][ T5922] veth0_macvtap: entered promiscuous mode
[  213.211953][ T5922] veth1_macvtap: entered promiscuous mode
[  213.228475][ T5922] batman_adv: batadv0: Interface activated: batadv_slave_0
[  213.240615][ T5922] batman_adv: batadv0: Interface activated: batadv_slave_1
[  213.252375][ T5922] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  213.261804][ T5922] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  213.270562][ T5922] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  213.279523][ T5922] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  213.412111][ T3459] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.491883][ T3459] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.569617][ T3459] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.627252][ T3459] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.767579][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  213.775578][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  213.801464][  T195] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  213.809971][  T195] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/02/28 10:07:34 executed programs: 0
[  214.430371][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  214.439104][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  214.447107][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  214.458457][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  214.466411][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  214.473669][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  214.581477][ T5960] chnl_net:caif_netlink_parms(): no params data found
[  214.639204][ T5960] bridge0: port 1(bridge_slave_0) entered blocking state
[  214.646506][ T5960] bridge0: port 1(bridge_slave_0) entered disabled state
[  214.653586][ T5960] bridge_slave_0: entered allmulticast mode
[  214.660364][ T5960] bridge_slave_0: entered promiscuous mode
[  214.668351][ T5960] bridge0: port 2(bridge_slave_1) entered blocking state
[  214.675780][ T5960] bridge0: port 2(bridge_slave_1) entered disabled state
[  214.682901][ T5960] bridge_slave_1: entered allmulticast mode
[  214.689746][ T5960] bridge_slave_1: entered promiscuous mode
[  214.713766][ T5960] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  214.725056][ T5960] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  214.750320][ T5960] team0: Port device team_slave_0 added
[  214.759417][ T5960] team0: Port device team_slave_1 added
[  214.781549][ T5960] batman_adv: batadv0: Adding interface: batadv_slave_0
[  214.788734][ T5960] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  214.815698][ T5960] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  214.828902][ T5960] batman_adv: batadv0: Adding interface: batadv_slave_1
[  214.836177][ T5960] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  214.862387][ T5960] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  214.897915][ T5960] hsr_slave_0: entered promiscuous mode
[  214.903897][ T5960] hsr_slave_1: entered promiscuous mode
[  214.910281][ T5960] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  214.918590][ T5960] Cannot create hsr debugfs directory
[  216.505525][ T5147] Bluetooth: hci0: command tx timeout
[  216.799484][ T3459] bridge_slave_1: left allmulticast mode
[  216.806563][ T3459] bridge_slave_1: left promiscuous mode
[  216.813686][ T3459] bridge0: port 2(bridge_slave_1) entered disabled state
[  216.833004][ T3459] bridge_slave_0: left allmulticast mode
[  216.840127][ T3459] bridge_slave_0: left promiscuous mode
[  216.846202][ T3459] bridge0: port 1(bridge_slave_0) entered disabled state
[  217.032549][ T3459] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  217.044215][ T3459] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  217.054005][ T3459] bond0 (unregistering): Released all slaves
[  217.180896][ T3459] hsr_slave_0: left promiscuous mode
[  217.187157][ T3459] hsr_slave_1: left promiscuous mode
[  217.193025][ T3459] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  217.204286][ T3459] batman_adv: batadv0: Removing interface: batadv_slave_0
[  217.215428][ T3459] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  217.222886][ T3459] batman_adv: batadv0: Removing interface: batadv_slave_1
[  217.241394][ T3459] veth1_macvtap: left promiscuous mode
[  217.247285][ T3459] veth0_macvtap: left promiscuous mode
[  217.252932][ T3459] veth1_vlan: left promiscuous mode
[  217.258997][ T3459] veth0_vlan: left promiscuous mode
[  217.589564][ T3459] team0 (unregistering): Port device team_slave_1 removed
[  217.615355][ T3459] team0 (unregistering): Port device team_slave_0 removed
[  218.062972][ T5960] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  218.077507][ T5960] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  218.089864][ T5960] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  218.101577][ T5960] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  218.332332][ T5960] 8021q: adding VLAN 0 to HW filter on device bond0
[  218.353314][ T5960] 8021q: adding VLAN 0 to HW filter on device team0
[  218.372550][  T195] bridge0: port 1(bridge_slave_0) entered blocking state
[  218.379702][  T195] bridge0: port 1(bridge_slave_0) entered forwarding state
[  218.405403][  T195] bridge0: port 2(bridge_slave_1) entered blocking state
[  218.412500][  T195] bridge0: port 2(bridge_slave_1) entered forwarding state
[  218.596807][ T5147] Bluetooth: hci0: command tx timeout
[  218.617326][ T5960] 8021q: adding VLAN 0 to HW filter on device batadv0
[  218.651109][ T5960] veth0_vlan: entered promiscuous mode
[  218.673619][ T5960] veth1_vlan: entered promiscuous mode
[  218.699113][ T5960] veth0_macvtap: entered promiscuous mode
[  218.710909][ T5960] veth1_macvtap: entered promiscuous mode
[  218.736217][ T5960] batman_adv: batadv0: Interface activated: batadv_slave_0
[  218.752917][ T5960] batman_adv: batadv0: Interface activated: batadv_slave_1
[  218.763810][ T5960] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  218.773310][ T5960] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  218.783239][ T5960] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  218.792770][ T5960] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  218.840469][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  218.856572][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  218.876291][ T3459] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  218.884139][ T3459] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/02/28 10:07:39 executed programs: 27
[  220.665035][ T5147] Bluetooth: hci0: command tx timeout
[  222.745033][ T5147] Bluetooth: hci0: command tx timeout
2025/02/28 10:07:44 executed programs: 296
2025/02/28 10:07:50 executed programs: 587
[  229.709840][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  229.717952][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  229.727013][   T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  229.735577][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  229.743166][   T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  229.750660][   T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  229.849182][   T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  229.865828][ T6605] chnl_net:caif_netlink_parms(): no params data found
[  229.906130][   T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  229.930039][ T6605] bridge0: port 1(bridge_slave_0) entered blocking state
[  229.937273][ T6605] bridge0: port 1(bridge_slave_0) entered disabled state
[  229.944348][ T6605] bridge_slave_0: entered allmulticast mode
[  229.951143][ T6605] bridge_slave_0: entered promiscuous mode
[  229.958385][ T6605] bridge0: port 2(bridge_slave_1) entered blocking state
[  229.967880][ T6605] bridge0: port 2(bridge_slave_1) entered disabled state
[  229.975535][ T6605] bridge_slave_1: entered allmulticast mode
[  229.982022][ T6605] bridge_slave_1: entered promiscuous mode
[  229.997379][   T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.023103][ T6605] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  230.034321][ T6605] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  230.060644][   T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.081403][ T6605] team0: Port device team_slave_0 added
[  230.088658][ T6605] team0: Port device team_slave_1 added
[  230.109140][ T6605] batman_adv: batadv0: Adding interface: batadv_slave_0
[  230.117481][ T6605] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  230.144429][ T6605] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  230.156706][ T6605] batman_adv: batadv0: Adding interface: batadv_slave_1
[  230.163670][ T6605] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  230.189627][ T6605] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  230.230035][ T6605] hsr_slave_0: entered promiscuous mode
[  230.236534][ T6605] hsr_slave_1: entered promiscuous mode
[  230.323725][   T35] bridge_slave_1: left allmulticast mode
[  230.329511][   T35] bridge_slave_1: left promiscuous mode
[  230.335754][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  230.346514][   T35] bridge_slave_0: left allmulticast mode
[  230.352168][   T35] bridge_slave_0: left promiscuous mode
[  230.358157][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  230.557891][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  230.569277][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  230.579338][   T35] bond0 (unregistering): Released all slaves
[  230.817316][   T35] hsr_slave_0: left promiscuous mode
[  230.823227][   T35] hsr_slave_1: left promiscuous mode
[  230.831745][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  230.842784][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  230.855852][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  230.863263][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  230.888300][   T35] veth1_macvtap: left promiscuous mode
[  230.893852][   T35] veth0_macvtap: left promiscuous mode
[  230.901059][   T35] veth1_vlan: left promiscuous mode
[  230.907737][   T35] veth0_vlan: left promiscuous mode
[  231.182868][   T35] team0 (unregistering): Port device team_slave_1 removed
[  231.208551][   T35] team0 (unregistering): Port device team_slave_0 removed
[  231.580237][ T6605] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  231.601558][ T6605] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  231.613620][ T6605] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  231.629356][ T6605] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  231.724309][ T6605] 8021q: adding VLAN 0 to HW filter on device bond0
[  231.742283][ T6605] 8021q: adding VLAN 0 to HW filter on device team0
[  231.755600][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[  231.762709][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[  231.787013][ T5147] Bluetooth: hci1: command tx timeout
[  231.789597][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[  231.799631][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[  231.822487][ T6605] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  231.833166][ T6605] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  231.924435][ T6605] 8021q: adding VLAN 0 to HW filter on device batadv0
[  231.954488][ T6605] veth0_vlan: entered promiscuous mode
[  231.963706][ T6605] veth1_vlan: entered promiscuous mode
[  231.983975][ T6605] veth0_macvtap: entered promiscuous mode
[  231.992687][ T6605] veth1_macvtap: entered promiscuous mode
[  232.006966][ T6605] batman_adv: batadv0: Interface activated: batadv_slave_0
[  232.019507][ T6605] batman_adv: batadv0: Interface activated: batadv_slave_1
[  232.029992][ T6605] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  232.038962][ T6605] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  232.047786][ T6605] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  232.056562][ T6605] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  232.106338][ T3543] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  232.114158][ T3543] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  232.136233][ T3543] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  232.144079][ T3543] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  232.195309][ T6647] ==================================================================
[  232.203393][ T6647] BUG: KASAN: slab-use-after-free in force_devcd_write+0x317/0x330
[  232.211283][ T6647] Read of size 8 at addr ffff888029e4a800 by task syz.0.616/6647
[  232.218981][ T6647] 
[  232.221298][ T6647] CPU: 0 UID: 0 PID: 6647 Comm: syz.0.616 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
[  232.221314][ T6647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  232.221325][ T6647] Call Trace:
[  232.221330][ T6647]  <TASK>
[  232.221338][ T6647]  dump_stack_lvl+0x116/0x1f0
[  232.221361][ T6647]  print_report+0xc3/0x670
[  232.221382][ T6647]  ? __virt_addr_valid+0x5e/0x590
[  232.221396][ T6647]  ? __phys_addr+0xc6/0x150
[  232.221409][ T6647]  kasan_report+0xd9/0x110
[  232.221420][ T6647]  ? force_devcd_write+0x317/0x330
[  232.221438][ T6647]  ? force_devcd_write+0x317/0x330
[  232.221456][ T6647]  force_devcd_write+0x317/0x330
[  232.221473][ T6647]  ? __pfx_force_devcd_write+0x10/0x10
[  232.221490][ T6647]  ? __debugfs_file_get+0x1ff/0x850
[  232.221508][ T6647]  ? __pfx___debugfs_file_get+0x10/0x10
[  232.221524][ T6647]  ? rcu_is_watching+0x12/0xc0
[  232.221539][ T6647]  ? trace_lock_acquire+0x14e/0x1f0
[  232.221555][ T6647]  full_proxy_write+0x13c/0x200
[  232.221572][ T6647]  ? __pfx_full_proxy_write+0x10/0x10
[  232.221589][ T6647]  vfs_write+0x24c/0x1150
[  232.221609][ T6647]  ? __pfx_vfs_write+0x10/0x10
[  232.221625][ T6647]  ? do_futex+0x123/0x350
[  232.221641][ T6647]  ? __pfx_do_futex+0x10/0x10
[  232.221658][ T6647]  ? __x64_sys_futex+0x1e1/0x4c0
[  232.221674][ T6647]  ? __x64_sys_futex+0x1ea/0x4c0
[  232.221690][ T6647]  ksys_write+0x12b/0x250
[  232.221707][ T6647]  ? __pfx_ksys_write+0x10/0x10
[  232.221727][ T6647]  do_syscall_64+0xcd/0x250
[  232.221745][ T6647]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.221764][ T6647] RIP: 0033:0x7f868918d169
[  232.221775][ T6647] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  232.221791][ T6647] RSP: 002b:00007ffcb1d28f58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  232.221804][ T6647] RAX: ffffffffffffffda RBX: 00007f86893a5fa0 RCX: 00007f868918d169
[  232.221813][ T6647] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  232.221821][ T6647] RBP: 00007f868920e2a0 R08: 0000000000000000 R09: 0000000000000000
[  232.221828][ T6647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  232.221836][ T6647] R13: 00007f86893a5fa0 R14: 00007f86893a5fa0 R15: 0000000000000003
[  232.221848][ T6647]  </TASK>
[  232.221852][ T6647] 
[  232.447549][ T6647] Allocated by task 5960:
[  232.451868][ T6647]  kasan_save_stack+0x33/0x60
[  232.456554][ T6647]  kasan_save_track+0x14/0x30
[  232.461235][ T6647]  __kasan_kmalloc+0xaa/0xb0
[  232.465831][ T6647]  vhci_open+0x4c/0x430
[  232.469987][ T6647]  misc_open+0x35a/0x420
[  232.474227][ T6647]  chrdev_open+0x237/0x6a0
[  232.478647][ T6647]  do_dentry_open+0x735/0x1c40
[  232.483411][ T6647]  vfs_open+0x82/0x3f0
[  232.487476][ T6647]  path_openat+0x1e88/0x2d80
[  232.492070][ T6647]  do_filp_open+0x20c/0x470
[  232.496578][ T6647]  do_sys_openat2+0x17a/0x1e0
[  232.501251][ T6647]  __x64_sys_openat+0x175/0x210
[  232.506099][ T6647]  do_syscall_64+0xcd/0x250
[  232.510601][ T6647]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.516498][ T6647] 
[  232.518809][ T6647] Freed by task 5960:
[  232.522777][ T6647]  kasan_save_stack+0x33/0x60
[  232.527457][ T6647]  kasan_save_track+0x14/0x30
[  232.532135][ T6647]  kasan_save_free_info+0x3b/0x60
[  232.537155][ T6647]  __kasan_slab_free+0x51/0x70
[  232.541922][ T6647]  kfree+0x2c4/0x4d0
[  232.545815][ T6647]  vhci_release+0xbb/0xf0
[  232.550143][ T6647]  __fput+0x3ff/0xb70
[  232.554116][ T6647]  task_work_run+0x14e/0x250
[  232.558706][ T6647]  do_exit+0xad8/0x2d70
[  232.562861][ T6647]  do_group_exit+0xd3/0x2a0
[  232.567360][ T6647]  get_signal+0x24ed/0x26c0
[  232.571867][ T6647]  arch_do_signal_or_restart+0x90/0x7e0
[  232.577436][ T6647]  syscall_exit_to_user_mode+0x150/0x2a0
[  232.583071][ T6647]  do_syscall_64+0xda/0x250
[  232.587573][ T6647]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.593468][ T6647] 
[  232.595785][ T6647] The buggy address belongs to the object at ffff888029e4a800
[  232.595785][ T6647]  which belongs to the cache kmalloc-1k of size 1024
[  232.609833][ T6647] The buggy address is located 0 bytes inside of
[  232.609833][ T6647]  freed 1024-byte region [ffff888029e4a800, ffff888029e4ac00)
[  232.623538][ T6647] 
[  232.625854][ T6647] The buggy address belongs to the physical page:
[  232.632262][ T6647] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29e48
[  232.641027][ T6647] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  232.649518][ T6647] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  232.657069][ T6647] page_type: f5(slab)
[  232.661047][ T6647] raw: 00fff00000000040 ffff88801b041dc0 ffffea0000a26200 dead000000000002
[  232.669630][ T6647] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  232.678212][ T6647] head: 00fff00000000040 ffff88801b041dc0 ffffea0000a26200 dead000000000002
[  232.686876][ T6647] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  232.695540][ T6647] head: 00fff00000000003 ffffea0000a79201 ffffffffffffffff 0000000000000000
[  232.704204][ T6647] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  232.712863][ T6647] page dumped because: kasan: bad access detected
[  232.719276][ T6647] page_owner tracks the page as allocated
[  232.724976][ T6647] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 0, tgid 0 (swapper/1), ts 214363083682, free_ts 214265908327
[  232.743646][ T6647]  post_alloc_hook+0x181/0x1b0
[  232.748415][ T6647]  get_page_from_freelist+0xfce/0x2f80
[  232.753876][ T6647]  __alloc_frozen_pages_noprof+0x221/0x2470
[  232.759772][ T6647]  alloc_pages_mpol+0x1fc/0x540
[  232.764615][ T6647]  new_slab+0x23d/0x330
[  232.768767][ T6647]  ___slab_alloc+0xc5d/0x1720
[  232.773442][ T6647]  __slab_alloc.constprop.0+0x56/0xb0
[  232.778813][ T6647]  __kmalloc_noprof+0x2ec/0x510
[  232.783667][ T6647]  ieee802_11_parse_elems_full+0xf2/0x18c0
[  232.789467][ T6647]  ieee80211_inform_bss+0xfd/0x1100
[  232.794670][ T6647]  cfg80211_inform_single_bss_data+0x8f9/0x1df0
[  232.800910][ T6647]  cfg80211_inform_bss_data+0x205/0x3ba0
[  232.806544][ T6647]  cfg80211_inform_bss_frame_data+0x272/0x7a0
[  232.812608][ T6647]  ieee80211_bss_info_update+0x311/0xab0
[  232.818247][ T6647]  ieee80211_scan_rx+0x474/0xac0
[  232.823191][ T6647]  ieee80211_rx_list+0x1bd7/0x2970
[  232.828297][ T6647] page last free pid 35 tgid 35 stack trace:
[  232.834265][ T6647]  free_frozen_pages+0x6db/0xfb0
[  232.839208][ T6647]  __put_partials+0x14c/0x170
[  232.843886][ T6647]  qlist_free_all+0x4e/0x120
[  232.848480][ T6647]  kasan_quarantine_reduce+0x195/0x1e0
[  232.853937][ T6647]  __kasan_slab_alloc+0x69/0x90
[  232.858803][ T6647]  kmem_cache_alloc_node_noprof+0x223/0x3c0
[  232.864698][ T6647]  __alloc_skb+0x2b1/0x380
[  232.869120][ T6647]  mld_newpack.isra.0+0x18f/0xa20
[  232.874152][ T6647]  add_grhead+0x299/0x340
[  232.878483][ T6647]  add_grec+0x111e/0x1670
[  232.882813][ T6647]  mld_send_initial_cr.part.0+0xe2/0x260
[  232.888450][ T6647]  ipv6_mc_dad_complete+0x22c/0x2b0
[  232.893640][ T6647]  addrconf_dad_completed+0xd40/0x1060
[  232.899100][ T6647]  addrconf_dad_work+0x84e/0x14e0
[  232.904120][ T6647]  process_one_work+0x9c5/0x1ba0
[  232.909058][ T6647]  worker_thread+0x6c8/0xf00
[  232.913647][ T6647] 
[  232.915962][ T6647] Memory state around the buggy address:
[  232.921580][ T6647]  ffff888029e4a700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  232.929633][ T6647]  ffff888029e4a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  232.937684][ T6647] >ffff888029e4a800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  232.945731][ T6647]                    ^
[  232.949784][ T6647]  ffff888029e4a880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  232.957836][ T6647]  ffff888029e4a900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  232.965886][ T6647] ==================================================================
[  232.987309][ T6647] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  232.994529][ T6647] CPU: 0 UID: 0 PID: 6647 Comm: syz.0.616 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
[  233.005131][ T6647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  233.015190][ T6647] Call Trace:
[  233.018463][ T6647]  <TASK>
[  233.021387][ T6647]  dump_stack_lvl+0x3d/0x1f0
[  233.025982][ T6647]  panic+0x71d/0x800
[  233.029875][ T6647]  ? __pfx_panic+0x10/0x10
[  233.034288][ T6647]  ? preempt_schedule_thunk+0x1a/0x30
[  233.039663][ T6647]  ? preempt_schedule_common+0x44/0xc0
[  233.045124][ T6647]  ? check_panic_on_warn+0x1f/0xb0
[  233.050240][ T6647]  check_panic_on_warn+0xab/0xb0
[  233.055178][ T6647]  end_report+0x117/0x180
[  233.059518][ T6647]  kasan_report+0xe9/0x110
[  233.063929][ T6647]  ? force_devcd_write+0x317/0x330
[  233.069043][ T6647]  ? force_devcd_write+0x317/0x330
[  233.074158][ T6647]  force_devcd_write+0x317/0x330
[  233.079095][ T6647]  ? __pfx_force_devcd_write+0x10/0x10
[  233.084554][ T6647]  ? __debugfs_file_get+0x1ff/0x850
[  233.089752][ T6647]  ? __pfx___debugfs_file_get+0x10/0x10
[  233.095298][ T6647]  ? rcu_is_watching+0x12/0xc0
[  233.100056][ T6647]  ? trace_lock_acquire+0x14e/0x1f0
[  233.105254][ T6647]  full_proxy_write+0x13c/0x200
[  233.110105][ T6647]  ? __pfx_full_proxy_write+0x10/0x10
[  233.115476][ T6647]  vfs_write+0x24c/0x1150
[  233.119806][ T6647]  ? __pfx_vfs_write+0x10/0x10
[  233.124569][ T6647]  ? do_futex+0x123/0x350
[  233.128912][ T6647]  ? __pfx_do_futex+0x10/0x10
[  233.133600][ T6647]  ? __x64_sys_futex+0x1e1/0x4c0
[  233.138536][ T6647]  ? __x64_sys_futex+0x1ea/0x4c0
[  233.143483][ T6647]  ksys_write+0x12b/0x250
[  233.147818][ T6647]  ? __pfx_ksys_write+0x10/0x10
[  233.152682][ T6647]  do_syscall_64+0xcd/0x250
[  233.157192][ T6647]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  233.163105][ T6647] RIP: 0033:0x7f868918d169
[  233.167523][ T6647] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  233.187134][ T6647] RSP: 002b:00007ffcb1d28f58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  233.195553][ T6647] RAX: ffffffffffffffda RBX: 00007f86893a5fa0 RCX: 00007f868918d169
[  233.203516][ T6647] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  233.211489][ T6647] RBP: 00007f868920e2a0 R08: 0000000000000000 R09: 0000000000000000
[  233.219457][ T6647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  233.227421][ T6647] R13: 00007f86893a5fa0 R14: 00007f86893a5fa0 R15: 0000000000000003
[  233.235394][ T6647]  </TASK>
[  233.238616][ T6647] Kernel Offset: disabled
[  233.242926][ T6647] Rebooting in 86400 seconds..