Warning: Permanently added '10.128.1.140' (ED25519) to the list of known hosts. 2025/03/22 18:48:43 ignoring optional flag "sandboxArg"="0" 2025/03/22 18:48:45 parsed 1 programs [ 90.484392][ T5841] cgroup: Unknown subsys name 'net' [ 90.582931][ T5841] cgroup: Unknown subsys name 'cpuset' [ 90.592117][ T5841] cgroup: Unknown subsys name 'rlimit' [ 92.406800][ T5841] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 95.375924][ T5848] chnl_net:caif_netlink_parms(): no params data found [ 95.449421][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.457597][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.465153][ T5848] bridge_slave_0: entered allmulticast mode [ 95.472240][ T5848] bridge_slave_0: entered promiscuous mode [ 95.481874][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.489170][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.496428][ T5848] bridge_slave_1: entered allmulticast mode [ 95.503893][ T5848] bridge_slave_1: entered promiscuous mode [ 95.531131][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.542825][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.573009][ T5848] team0: Port device team_slave_0 added [ 95.581546][ T5848] team0: Port device team_slave_1 added [ 95.604342][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.611663][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.637777][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.651100][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.658114][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.684146][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.723422][ T5848] hsr_slave_0: entered promiscuous mode [ 95.729817][ T5848] hsr_slave_1: entered promiscuous mode [ 95.847620][ T5848] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 95.858456][ T5848] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 95.869371][ T5848] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 95.879163][ T5848] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 95.906491][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.913780][ T5848] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.922092][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.929318][ T5848] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.988646][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.007973][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.017723][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.036837][ T5848] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.055247][ T1099] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.062440][ T1099] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.074401][ T1099] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.081645][ T1099] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.246612][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.286336][ T5848] veth0_vlan: entered promiscuous mode [ 96.300083][ T5848] veth1_vlan: entered promiscuous mode [ 96.325904][ T5848] veth0_macvtap: entered promiscuous mode [ 96.335611][ T5848] veth1_macvtap: entered promiscuous mode [ 96.355250][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.367868][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.382017][ T5848] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.391772][ T5848] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.400740][ T5848] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.410075][ T5848] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.521217][ T5848] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 96.632803][ T5848] syz-executor (5848) used greatest stack depth: 21472 bytes left [ 96.674470][ T68] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.749891][ T68] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.828358][ T68] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.936892][ T68] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.477927][ T941] cfg80211: failed to load regulatory.db [ 97.587472][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.595641][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.623595][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.633360][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.430061][ T68] bridge_slave_1: left allmulticast mode [ 99.436324][ T68] bridge_slave_1: left promiscuous mode [ 99.461452][ T68] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.493160][ T68] bridge_slave_0: left allmulticast mode [ 99.500560][ T68] bridge_slave_0: left promiscuous mode [ 99.506465][ T68] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.848197][ T68] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 99.862492][ T68] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 99.873087][ T68] bond0 (unregistering): Released all slaves [ 100.054219][ T68] hsr_slave_0: left promiscuous mode [ 100.099958][ T68] hsr_slave_1: left promiscuous mode [ 100.106141][ T68] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 100.131054][ T68] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 100.149817][ T68] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 100.157403][ T68] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 100.200091][ T68] veth1_macvtap: left promiscuous mode [ 100.206071][ T68] veth0_macvtap: left promiscuous mode [ 100.212194][ T68] veth1_vlan: left promiscuous mode [ 100.217796][ T68] veth0_vlan: left promiscuous mode [ 100.844640][ T68] team0 (unregistering): Port device team_slave_1 removed [ 100.885069][ T68] team0 (unregistering): Port device team_slave_0 removed [ 101.528418][ T5957] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 101.538105][ T5957] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 101.546833][ T5957] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 101.565905][ T5957] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 101.574340][ T5957] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 101.582099][ T5957] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 2025/03/22 18:49:02 executed programs: 0 [ 103.398703][ T5148] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 103.411606][ T5148] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 103.422552][ T5148] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 103.431694][ T5148] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 103.439909][ T5148] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 103.448265][ T5148] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 103.742705][ T5999] chnl_net:caif_netlink_parms(): no params data found [ 103.830309][ T5999] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.837457][ T5999] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.845554][ T5999] bridge_slave_0: entered allmulticast mode [ 103.854731][ T5999] bridge_slave_0: entered promiscuous mode [ 103.863204][ T5999] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.870792][ T5999] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.877981][ T5999] bridge_slave_1: entered allmulticast mode [ 103.885107][ T5999] bridge_slave_1: entered promiscuous mode [ 103.917209][ T5999] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 103.931196][ T5999] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 103.972630][ T5999] team0: Port device team_slave_0 added [ 103.983049][ T5999] team0: Port device team_slave_1 added [ 104.022037][ T5999] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.030840][ T5999] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.059087][ T5999] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.072526][ T5999] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.079976][ T5999] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.107585][ T5999] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.167142][ T5999] hsr_slave_0: entered promiscuous mode [ 104.173947][ T5999] hsr_slave_1: entered promiscuous mode [ 104.716946][ T5999] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 104.728782][ T5999] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 104.744364][ T5999] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 104.757069][ T5999] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 104.862470][ T5999] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.892094][ T5999] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.905285][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.912504][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.943469][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.950687][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.984525][ T5999] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 104.995851][ T5999] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 105.197137][ T5999] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.255602][ T5999] veth0_vlan: entered promiscuous mode [ 105.275151][ T5999] veth1_vlan: entered promiscuous mode [ 105.307014][ T5999] veth0_macvtap: entered promiscuous mode [ 105.318628][ T5999] veth1_macvtap: entered promiscuous mode [ 105.344026][ T5999] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 105.358707][ T5999] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.373258][ T5999] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.383882][ T5999] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.393326][ T5999] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.402891][ T5999] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.488378][ T1099] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.507944][ T1099] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.531281][ T5148] Bluetooth: hci0: command tx timeout [ 105.541069][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.549660][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.608991][ T5148] Bluetooth: hci0: command tx timeout 2025/03/22 18:49:07 executed programs: 71 [ 109.689494][ T5148] Bluetooth: hci0: command tx timeout [ 111.770257][ T5148] Bluetooth: hci0: command tx timeout 2025/03/22 18:49:12 executed programs: 296 2025/03/22 18:49:17 executed programs: 542 [ 119.755544][ T5957] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 119.772526][ T5957] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 119.780773][ T5957] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 119.789810][ T5957] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 119.799224][ T5957] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 119.806743][ T5957] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 119.943844][ T6745] chnl_net:caif_netlink_parms(): no params data found [ 119.970264][ T1099] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.048149][ T1099] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.063278][ T6745] bridge0: port 1(bridge_slave_0) entered blocking state [ 120.070636][ T6745] bridge0: port 1(bridge_slave_0) entered disabled state [ 120.077914][ T6745] bridge_slave_0: entered allmulticast mode [ 120.086042][ T6745] bridge_slave_0: entered promiscuous mode [ 120.095694][ T6745] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.103500][ T6745] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.111164][ T6745] bridge_slave_1: entered allmulticast mode [ 120.118013][ T6745] bridge_slave_1: entered promiscuous mode [ 120.134044][ T1099] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.168278][ T6745] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 120.180915][ T6745] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 120.212025][ T6745] team0: Port device team_slave_0 added [ 120.230304][ T1099] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.245510][ T6745] team0: Port device team_slave_1 added [ 120.268752][ T6745] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 120.276375][ T6745] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 120.302535][ T6745] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 120.315305][ T6745] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 120.323416][ T6745] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 120.349772][ T6745] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 120.393174][ T6745] hsr_slave_0: entered promiscuous mode [ 120.401676][ T6745] hsr_slave_1: entered promiscuous mode [ 120.407766][ T6745] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 120.416563][ T6745] Cannot create hsr debugfs directory [ 120.540194][ T1099] bridge_slave_1: left allmulticast mode [ 120.546003][ T1099] bridge_slave_1: left promiscuous mode [ 120.552373][ T1099] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.561745][ T1099] bridge_slave_0: left allmulticast mode [ 120.567440][ T1099] bridge_slave_0: left promiscuous mode [ 120.573782][ T1099] bridge0: port 1(bridge_slave_0) entered disabled state [ 120.834496][ T1099] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 120.845282][ T1099] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 120.855873][ T1099] bond0 (unregistering): Released all slaves [ 121.172389][ T1099] hsr_slave_0: left promiscuous mode [ 121.178516][ T1099] hsr_slave_1: left promiscuous mode [ 121.186671][ T1099] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 121.196798][ T1099] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 121.207463][ T1099] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 121.215235][ T1099] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 121.235541][ T1099] veth1_macvtap: left promiscuous mode [ 121.241315][ T1099] veth0_macvtap: left promiscuous mode [ 121.246989][ T1099] veth1_vlan: left promiscuous mode [ 121.253393][ T1099] veth0_vlan: left promiscuous mode [ 121.664342][ T1099] team0 (unregistering): Port device team_slave_1 removed [ 121.699668][ T1099] team0 (unregistering): Port device team_slave_0 removed [ 121.856231][ T5148] Bluetooth: hci1: command tx timeout [ 122.105007][ T6745] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 122.122091][ T6745] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 122.146157][ T6745] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 122.164737][ T6745] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 122.297452][ T6745] 8021q: adding VLAN 0 to HW filter on device bond0 [ 122.338630][ T6745] 8021q: adding VLAN 0 to HW filter on device team0 [ 122.362598][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.369842][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 122.390849][ T83] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.398027][ T83] bridge0: port 2(bridge_slave_1) entered forwarding state [ 122.623202][ T6745] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 122.665195][ T6745] veth0_vlan: entered promiscuous mode [ 122.678636][ T6745] veth1_vlan: entered promiscuous mode [ 122.706181][ T6745] veth0_macvtap: entered promiscuous mode [ 122.716296][ T6745] veth1_macvtap: entered promiscuous mode [ 122.732929][ T6745] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 122.746353][ T6745] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 122.757937][ T6745] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.767134][ T6745] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.776413][ T6745] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.785515][ T6745] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.844027][ T1099] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.855454][ T1099] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.888733][ T83] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.898437][ T83] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.963824][ T6790] ================================================================== [ 122.971951][ T6790] BUG: KASAN: slab-use-after-free in force_devcd_write+0x317/0x330 [ 122.979879][ T6790] Read of size 8 at addr ffff888032abd800 by task syz.0.616/6790 [ 122.987633][ T6790] [ 122.989992][ T6790] CPU: 0 UID: 0 PID: 6790 Comm: syz.0.616 Not tainted 6.14.0-rc7-syzkaller-00196-g88d324e69ea9 #0 [ 122.990019][ T6790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 122.990035][ T6790] Call Trace: [ 122.990045][ T6790] <TASK> [ 122.990054][ T6790] dump_stack_lvl+0x116/0x1f0 [ 122.990095][ T6790] print_report+0xc3/0x670 [ 122.990115][ T6790] ? __virt_addr_valid+0x5e/0x590 [ 122.990137][ T6790] ? __phys_addr+0xc6/0x150 [ 122.990165][ T6790] kasan_report+0xd9/0x110 [ 122.990185][ T6790] ? force_devcd_write+0x317/0x330 [ 122.990219][ T6790] ? force_devcd_write+0x317/0x330 [ 122.990254][ T6790] force_devcd_write+0x317/0x330 [ 122.990287][ T6790] ? __pfx_force_devcd_write+0x10/0x10 [ 122.990320][ T6790] ? __debugfs_file_get+0x1ff/0x850 [ 122.990352][ T6790] ? __pfx___debugfs_file_get+0x10/0x10 [ 122.990382][ T6790] ? rcu_is_watching+0x12/0xc0 [ 122.990407][ T6790] ? trace_lock_acquire+0x14e/0x1f0 [ 122.990436][ T6790] full_proxy_write+0x13c/0x200 [ 122.990467][ T6790] ? __pfx_full_proxy_write+0x10/0x10 [ 122.990498][ T6790] vfs_write+0x24c/0x1150 [ 122.990533][ T6790] ? __pfx_vfs_write+0x10/0x10 [ 122.990563][ T6790] ? do_futex+0x123/0x350 [ 122.990591][ T6790] ? __pfx_do_futex+0x10/0x10 [ 122.990622][ T6790] ? __x64_sys_futex+0x1e1/0x4c0 [ 122.990650][ T6790] ? __x64_sys_futex+0x1ea/0x4c0 [ 122.990679][ T6790] ksys_write+0x12b/0x250 [ 122.990711][ T6790] ? __pfx_ksys_write+0x10/0x10 [ 122.990746][ T6790] do_syscall_64+0xcd/0x250 [ 122.990783][ T6790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.990825][ T6790] RIP: 0033:0x7f7fb298d169 [ 122.990843][ T6790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 122.990868][ T6790] RSP: 002b:00007ffcd882ac98 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 122.990889][ T6790] RAX: ffffffffffffffda RBX: 00007f7fb2ba5fa0 RCX: 00007f7fb298d169 [ 122.990904][ T6790] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003 [ 122.990918][ T6790] RBP: 00007f7fb2a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 122.990932][ T6790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 122.990946][ T6790] R13: 00007f7fb2ba5fa0 R14: 00007f7fb2ba5fa0 R15: 0000000000000003 [ 122.990966][ T6790] </TASK> [ 122.990974][ T6790] [ 123.218712][ T6790] Allocated by task 5999: [ 123.223053][ T6790] kasan_save_stack+0x33/0x60 [ 123.227768][ T6790] kasan_save_track+0x14/0x30 [ 123.232476][ T6790] __kasan_kmalloc+0xaa/0xb0 [ 123.237098][ T6790] vhci_open+0x4c/0x430 [ 123.241295][ T6790] misc_open+0x35a/0x420 [ 123.245649][ T6790] chrdev_open+0x237/0x6a0 [ 123.250101][ T6790] do_dentry_open+0x735/0x1c40 [ 123.254899][ T6790] vfs_open+0x82/0x3f0 [ 123.259024][ T6790] path_openat+0x1e88/0x2d80 [ 123.263649][ T6790] do_filp_open+0x20c/0x470 [ 123.268211][ T6790] do_sys_openat2+0x17a/0x1e0 [ 123.272913][ T6790] __x64_sys_openat+0x175/0x210 [ 123.277788][ T6790] do_syscall_64+0xcd/0x250 [ 123.282400][ T6790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.288328][ T6790] [ 123.290674][ T6790] Freed by task 5999: [ 123.294670][ T6790] kasan_save_stack+0x33/0x60 [ 123.299378][ T6790] kasan_save_track+0x14/0x30 [ 123.304110][ T6790] kasan_save_free_info+0x3b/0x60 [ 123.309168][ T6790] __kasan_slab_free+0x51/0x70 [ 123.313994][ T6790] kfree+0x2c4/0x4d0 [ 123.317921][ T6790] vhci_release+0xbb/0xf0 [ 123.322283][ T6790] __fput+0x3ff/0xb70 [ 123.326324][ T6790] task_work_run+0x14e/0x250 [ 123.330942][ T6790] do_exit+0xad8/0x2db0 [ 123.335121][ T6790] do_group_exit+0xd3/0x2a0 [ 123.339656][ T6790] get_signal+0x24ed/0x26c0 [ 123.344194][ T6790] arch_do_signal_or_restart+0x90/0x7e0 [ 123.349767][ T6790] syscall_exit_to_user_mode+0x150/0x2a0 [ 123.355432][ T6790] do_syscall_64+0xda/0x250 [ 123.359982][ T6790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.365908][ T6790] [ 123.368244][ T6790] The buggy address belongs to the object at ffff888032abd800 [ 123.368244][ T6790] which belongs to the cache kmalloc-1k of size 1024 [ 123.382573][ T6790] The buggy address is located 0 bytes inside of [ 123.382573][ T6790] freed 1024-byte region [ffff888032abd800, ffff888032abdc00) [ 123.396393][ T6790] [ 123.398748][ T6790] The buggy address belongs to the physical page: [ 123.405179][ T6790] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x32ab8 [ 123.414000][ T6790] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 123.422561][ T6790] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 123.430136][ T6790] page_type: f5(slab) [ 123.434138][ T6790] raw: 00fff00000000040 ffff88801b041dc0 ffffea00004bce00 0000000000000002 [ 123.442741][ T6790] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 123.451343][ T6790] head: 00fff00000000040 ffff88801b041dc0 ffffea00004bce00 0000000000000002 [ 123.460148][ T6790] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 123.468867][ T6790] head: 00fff00000000003 ffffea0000caae01 ffffffffffffffff 0000000000000000 [ 123.477563][ T6790] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 123.486247][ T6790] page dumped because: kasan: bad access detected [ 123.492701][ T6790] page_owner tracks the page as allocated [ 123.498426][ T6790] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5753, tgid 5753 (dhcpcd-run-hook), ts 72661590465, free_ts 72601781760 [ 123.521303][ T6790] post_alloc_hook+0x181/0x1b0 [ 123.526109][ T6790] get_page_from_freelist+0xfce/0x2f80 [ 123.531632][ T6790] __alloc_frozen_pages_noprof+0x221/0x2470 [ 123.537563][ T6790] alloc_pages_mpol+0x1fc/0x540 [ 123.542432][ T6790] new_slab+0x23d/0x330 [ 123.546614][ T6790] ___slab_alloc+0xc5d/0x1720 [ 123.551349][ T6790] __slab_alloc.constprop.0+0x56/0xb0 [ 123.556752][ T6790] __kmalloc_noprof+0x2ec/0x510 [ 123.561632][ T6790] load_elf_phdrs+0x103/0x210 [ 123.566340][ T6790] load_elf_binary+0x153d/0x4fc0 [ 123.571309][ T6790] bprm_execve+0x8dd/0x16d0 [ 123.575846][ T6790] do_execveat_common.isra.0+0x4a2/0x610 [ 123.581532][ T6790] __x64_sys_execve+0x8c/0xb0 [ 123.586278][ T6790] do_syscall_64+0xcd/0x250 [ 123.590861][ T6790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.596833][ T6790] page last free pid 5750 tgid 5750 stack trace: [ 123.603195][ T6790] free_frozen_pages+0x6db/0xfb0 [ 123.608201][ T6790] __put_partials+0x14c/0x170 [ 123.612924][ T6790] qlist_free_all+0x4e/0x120 [ 123.617636][ T6790] kasan_quarantine_reduce+0x195/0x1e0 [ 123.623226][ T6790] __kasan_slab_alloc+0x69/0x90 [ 123.628118][ T6790] kmem_cache_alloc_noprof+0x226/0x3d0 [ 123.633701][ T6790] getname_flags.part.0+0x4c/0x550 [ 123.638845][ T6790] getname+0x8d/0xe0 [ 123.642774][ T6790] do_sys_openat2+0x104/0x1e0 [ 123.647480][ T6790] __x64_sys_openat+0x175/0x210 [ 123.652386][ T6790] do_syscall_64+0xcd/0x250 [ 123.657014][ T6790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.662987][ T6790] [ 123.665407][ T6790] Memory state around the buggy address: [ 123.671055][ T6790] ffff888032abd700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 123.679150][ T6790] ffff888032abd780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 123.687340][ T6790] >ffff888032abd800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 123.695417][ T6790] ^ [ 123.699498][ T6790] ffff888032abd880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 123.707595][ T6790] ffff888032abd900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 123.715673][ T6790] ================================================================== [ 123.748054][ T6790] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 123.755515][ T6790] CPU: 0 UID: 0 PID: 6790 Comm: syz.0.616 Not tainted 6.14.0-rc7-syzkaller-00196-g88d324e69ea9 #0 [ 123.766156][ T6790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 123.776255][ T6790] Call Trace: [ 123.779555][ T6790] <TASK> [ 123.782517][ T6790] dump_stack_lvl+0x3d/0x1f0 [ 123.787144][ T6790] panic+0x71d/0x800 [ 123.791117][ T6790] ? __pfx_panic+0x10/0x10 [ 123.795561][ T6790] ? preempt_schedule_thunk+0x1a/0x30 [ 123.800973][ T6790] ? preempt_schedule_common+0x44/0xc0 [ 123.806471][ T6790] ? check_panic_on_warn+0x1f/0xb0 [ 123.811614][ T6790] check_panic_on_warn+0xab/0xb0 [ 123.816583][ T6790] end_report+0x117/0x180 [ 123.820958][ T6790] kasan_report+0xe9/0x110 [ 123.825422][ T6790] ? force_devcd_write+0x317/0x330 [ 123.830628][ T6790] ? force_devcd_write+0x317/0x330 [ 123.835786][ T6790] force_devcd_write+0x317/0x330 [ 123.840768][ T6790] ? __pfx_force_devcd_write+0x10/0x10 [ 123.846293][ T6790] ? __debugfs_file_get+0x1ff/0x850 [ 123.851892][ T6790] ? __pfx___debugfs_file_get+0x10/0x10 [ 123.857482][ T6790] ? rcu_is_watching+0x12/0xc0 [ 123.862289][ T6790] ? trace_lock_acquire+0x14e/0x1f0 [ 123.867534][ T6790] full_proxy_write+0x13c/0x200 [ 123.872427][ T6790] ? __pfx_full_proxy_write+0x10/0x10 [ 123.877845][ T6790] vfs_write+0x24c/0x1150 [ 123.882213][ T6790] ? __pfx_vfs_write+0x10/0x10 [ 123.887009][ T6790] ? do_futex+0x123/0x350 [ 123.891395][ T6790] ? __pfx_do_futex+0x10/0x10 [ 123.896107][ T6790] ? __x64_sys_futex+0x1e1/0x4c0 [ 123.901078][ T6790] ? __x64_sys_futex+0x1ea/0x4c0 [ 123.906054][ T6790] ksys_write+0x12b/0x250 [ 123.910423][ T6790] ? __pfx_ksys_write+0x10/0x10 [ 123.915311][ T6790] do_syscall_64+0xcd/0x250 [ 123.919858][ T6790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.925796][ T6790] RIP: 0033:0x7f7fb298d169 [ 123.930242][ T6790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 123.949879][ T6790] RSP: 002b:00007ffcd882ac98 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 123.958317][ T6790] RAX: ffffffffffffffda RBX: 00007f7fb2ba5fa0 RCX: 00007f7fb298d169 [ 123.966307][ T6790] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003 [ 123.974297][ T6790] RBP: 00007f7fb2a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 123.982288][ T6790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 123.990305][ T6790] R13: 00007f7fb2ba5fa0 R14: 00007f7fb2ba5fa0 R15: 0000000000000003 [ 123.998314][ T6790] </TASK> [ 124.001646][ T6790] Kernel Offset: disabled [ 124.005989][ T6790] Rebooting in 86400 seconds..