Warning: Permanently added '10.128.0.192' (ED25519) to the list of known hosts.
2025/02/19 18:31:07 ignoring optional flag "sandboxArg"="0"
2025/02/19 18:31:08 parsed 1 programs
[   72.044456][ T5835] cgroup: Unknown subsys name 'net'
[   72.207556][ T5835] cgroup: Unknown subsys name 'cpuset'
[   72.215480][ T5835] cgroup: Unknown subsys name 'rlimit'
[   73.594774][ T5835] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   76.035266][ T5842] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   77.088106][ T5869] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   77.097376][ T5869] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   77.105563][ T5869] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   77.113599][ T5869] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   77.122225][ T5869] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   77.129880][ T5869] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   77.381350][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.393250][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.399912][ T3485] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.409321][ T3485] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.990429][ T5916] chnl_net:caif_netlink_parms(): no params data found
[   79.081182][ T5916] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.088981][ T5916] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.098045][ T5916] bridge_slave_0: entered allmulticast mode
[   79.105219][ T5916] bridge_slave_0: entered promiscuous mode
[   79.113665][ T5916] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.121543][ T5916] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.128801][ T5916] bridge_slave_1: entered allmulticast mode
[   79.135890][ T5916] bridge_slave_1: entered promiscuous mode
[   79.162819][ T5916] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   79.174254][ T5916] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   79.202339][ T5916] team0: Port device team_slave_0 added
[   79.210578][ T5916] team0: Port device team_slave_1 added
[   79.232396][ T5916] batman_adv: batadv0: Adding interface: batadv_slave_0
[   79.240005][ T5916] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.267858][ T5916] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   79.280835][ T5916] batman_adv: batadv0: Adding interface: batadv_slave_1
[   79.289318][ T5916] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.315642][ T5916] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   79.354239][ T5916] hsr_slave_0: entered promiscuous mode
[   79.360612][ T5916] hsr_slave_1: entered promiscuous mode
[   79.454772][ T5916] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   79.464536][ T5916] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   79.473233][ T5916] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   79.483156][ T5916] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   79.533429][ T5916] 8021q: adding VLAN 0 to HW filter on device bond0
[   79.552529][ T5916] 8021q: adding VLAN 0 to HW filter on device team0
[   79.563397][ T3485] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.570689][ T3485] bridge0: port 1(bridge_slave_0) entered forwarding state
[   79.585856][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.592971][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[   79.714763][ T5916] 8021q: adding VLAN 0 to HW filter on device batadv0
[   79.750761][ T5916] veth0_vlan: entered promiscuous mode
[   79.760562][ T5916] veth1_vlan: entered promiscuous mode
[   79.781246][ T5916] veth0_macvtap: entered promiscuous mode
[   79.789857][ T5916] veth1_macvtap: entered promiscuous mode
[   79.805798][ T5916] batman_adv: batadv0: Interface activated: batadv_slave_0
[   79.820271][ T5916] batman_adv: batadv0: Interface activated: batadv_slave_1
[   79.831290][ T5916] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   79.840612][ T5916] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   79.849974][ T5916] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   79.860190][ T5916] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   80.009649][ T3011] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.106641][ T3011] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.170816][ T3011] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.220939][ T3011] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/02/19 18:31:19 executed programs: 0
[   80.529697][ T5148] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   80.537623][ T5148] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   80.545566][ T5148] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   80.553628][ T5148] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   80.563102][ T5148] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   80.571232][ T5148] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   80.663462][ T5944] chnl_net:caif_netlink_parms(): no params data found
[   80.708078][ T5944] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.715410][ T5944] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.722519][ T5944] bridge_slave_0: entered allmulticast mode
[   80.730228][ T5944] bridge_slave_0: entered promiscuous mode
[   80.738042][ T5944] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.745485][ T5944] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.752587][ T5944] bridge_slave_1: entered allmulticast mode
[   80.759333][ T5944] bridge_slave_1: entered promiscuous mode
[   80.784147][ T5944] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   80.795840][ T5944] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   80.826810][ T5944] team0: Port device team_slave_0 added
[   80.834998][ T5944] team0: Port device team_slave_1 added
[   80.853238][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_0
[   80.860378][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.886705][ T5944] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   80.899644][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_1
[   80.907057][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.933249][ T5944] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   80.971363][ T5944] hsr_slave_0: entered promiscuous mode
[   80.977570][ T5944] hsr_slave_1: entered promiscuous mode
[   80.983440][ T5944] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   80.991374][ T5944] Cannot create hsr debugfs directory
[   82.635161][ T5869] Bluetooth: hci0: command tx timeout
[   83.284788][ T3011] bridge_slave_1: left allmulticast mode
[   83.290649][ T3011] bridge_slave_1: left promiscuous mode
[   83.299518][ T3011] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.312521][ T3011] bridge_slave_0: left allmulticast mode
[   83.320763][ T3011] bridge_slave_0: left promiscuous mode
[   83.329200][ T3011] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.649421][ T3011] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   83.659904][ T3011] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   83.669756][ T3011] bond0 (unregistering): Released all slaves
[   83.759582][ T3011] hsr_slave_0: left promiscuous mode
[   83.766696][ T3011] hsr_slave_1: left promiscuous mode
[   83.772582][ T3011] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   83.780784][ T3011] batman_adv: batadv0: Removing interface: batadv_slave_0
[   83.790571][ T3011] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   83.800324][ T3011] batman_adv: batadv0: Removing interface: batadv_slave_1
[   83.821889][ T3011] veth1_macvtap: left promiscuous mode
[   83.827963][ T3011] veth0_macvtap: left promiscuous mode
[   83.833590][ T3011] veth1_vlan: left promiscuous mode
[   83.839239][ T3011] veth0_vlan: left promiscuous mode
[   84.207466][ T3011] team0 (unregistering): Port device team_slave_1 removed
[   84.232642][ T3011] team0 (unregistering): Port device team_slave_0 removed
[   84.711888][ T5944] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   84.719963][ T5869] Bluetooth: hci0: command tx timeout
[   84.733994][ T5944] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   84.752595][ T5944] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   84.764819][ T5944] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   84.851738][ T5944] 8021q: adding VLAN 0 to HW filter on device bond0
[   84.927006][ T5944] 8021q: adding VLAN 0 to HW filter on device team0
[   84.940371][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.947504][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   84.963859][ T3011] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.971108][ T3011] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.238035][ T5944] 8021q: adding VLAN 0 to HW filter on device batadv0
[   85.291566][ T5944] veth0_vlan: entered promiscuous mode
[   85.308689][ T5944] veth1_vlan: entered promiscuous mode
[   85.338952][ T5944] veth0_macvtap: entered promiscuous mode
[   85.349348][ T5944] veth1_macvtap: entered promiscuous mode
[   85.370556][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_0
[   85.387120][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_1
[   85.399119][ T5944] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   85.408398][ T5944] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   85.418054][ T5944] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   85.427192][ T5944] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   85.503645][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.516669][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.541975][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.552186][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/02/19 18:31:24 executed programs: 2
[   86.798319][ T5869] Bluetooth: hci0: command tx timeout
[   87.045955][  T974] cfg80211: failed to load regulatory.db
[   88.884409][ T5869] Bluetooth: hci0: command tx timeout
2025/02/19 18:31:29 executed programs: 216
2025/02/19 18:31:34 executed programs: 476
[   97.958330][ T5148] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   97.970178][ T5148] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   97.978359][ T5148] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   97.987209][ T5148] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   97.995565][ T5148] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   98.002976][ T5148] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   98.107091][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.120688][ T6655] chnl_net:caif_netlink_parms(): no params data found
[   98.167287][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.194234][ T6655] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.201447][ T6655] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.209550][ T6655] bridge_slave_0: entered allmulticast mode
[   98.217245][ T6655] bridge_slave_0: entered promiscuous mode
[   98.224436][ T6655] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.231506][ T6655] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.239082][ T6655] bridge_slave_1: entered allmulticast mode
[   98.246096][ T6655] bridge_slave_1: entered promiscuous mode
[   98.268378][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.288850][ T6655] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   98.299830][ T6655] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   98.319809][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.347571][ T6655] team0: Port device team_slave_0 added
[   98.355344][ T6655] team0: Port device team_slave_1 added
[   98.379197][ T6655] batman_adv: batadv0: Adding interface: batadv_slave_0
[   98.386512][ T6655] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.412563][ T6655] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   98.424928][ T6655] batman_adv: batadv0: Adding interface: batadv_slave_1
[   98.431889][ T6655] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.458058][ T6655] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   98.516303][ T6655] hsr_slave_0: entered promiscuous mode
[   98.522369][ T6655] hsr_slave_1: entered promiscuous mode
[   98.558983][   T12] bridge_slave_1: left allmulticast mode
[   98.564844][   T12] bridge_slave_1: left promiscuous mode
[   98.570538][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.579356][   T12] bridge_slave_0: left allmulticast mode
[   98.585802][   T12] bridge_slave_0: left promiscuous mode
[   98.591465][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.799479][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   98.810068][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   98.819935][   T12] bond0 (unregistering): Released all slaves
[   99.095550][   T12] hsr_slave_0: left promiscuous mode
[   99.101531][   T12] hsr_slave_1: left promiscuous mode
[   99.107472][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   99.119376][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[   99.132890][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   99.140724][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[   99.160056][   T12] veth1_macvtap: left promiscuous mode
[   99.165707][   T12] veth0_macvtap: left promiscuous mode
[   99.171315][   T12] veth1_vlan: left promiscuous mode
[   99.177260][   T12] veth0_vlan: left promiscuous mode
[   99.467066][   T12] team0 (unregistering): Port device team_slave_1 removed
[   99.496397][   T12] team0 (unregistering): Port device team_slave_0 removed
[   99.871995][ T6655] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   99.888766][ T6655] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   99.908585][ T6655] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   99.924873][ T6655] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  100.024045][ T6655] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.048676][ T6655] 8021q: adding VLAN 0 to HW filter on device team0
[  100.061932][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.069107][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.084826][ T5148] Bluetooth: hci1: command tx timeout
[  100.089508][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.097530][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.212525][ T6655] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.241597][ T6655] veth0_vlan: entered promiscuous mode
[  100.251548][ T6655] veth1_vlan: entered promiscuous mode
[  100.273788][ T6655] veth0_macvtap: entered promiscuous mode
[  100.283285][ T6655] veth1_macvtap: entered promiscuous mode
[  100.297754][ T6655] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.310125][ T6655] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.320609][ T6655] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.329634][ T6655] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.338702][ T6655] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.347795][ T6655] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.393097][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.406808][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.427545][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.435586][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.487782][ T6695] ==================================================================
[  100.495863][ T6695] BUG: KASAN: slab-use-after-free in force_devcd_write+0x317/0x330
[  100.503760][ T6695] Read of size 8 at addr ffff888028b4d800 by task syz.0.616/6695
[  100.511472][ T6695] 
[  100.513794][ T6695] CPU: 1 UID: 0 PID: 6695 Comm: syz.0.616 Not tainted 6.14.0-rc3-syzkaller-00060-g6537cfb395f3 #0
[  100.513810][ T6695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  100.513822][ T6695] Call Trace:
[  100.513828][ T6695]  <TASK>
[  100.513836][ T6695]  dump_stack_lvl+0x116/0x1f0
[  100.513863][ T6695]  print_report+0xc3/0x620
[  100.513894][ T6695]  ? __virt_addr_valid+0x5e/0x590
[  100.513915][ T6695]  ? __phys_addr+0xc6/0x150
[  100.513935][ T6695]  kasan_report+0xd9/0x110
[  100.513954][ T6695]  ? force_devcd_write+0x317/0x330
[  100.513981][ T6695]  ? force_devcd_write+0x317/0x330
[  100.514001][ T6695]  force_devcd_write+0x317/0x330
[  100.514017][ T6695]  ? __pfx_force_devcd_write+0x10/0x10
[  100.514034][ T6695]  ? __debugfs_file_get+0x1ff/0x850
[  100.514051][ T6695]  ? __pfx___debugfs_file_get+0x10/0x10
[  100.514067][ T6695]  ? rcu_is_watching+0x12/0xc0
[  100.514081][ T6695]  ? trace_lock_acquire+0x14e/0x1f0
[  100.514097][ T6695]  full_proxy_write+0x13c/0x200
[  100.514114][ T6695]  ? __pfx_full_proxy_write+0x10/0x10
[  100.514130][ T6695]  vfs_write+0x24c/0x1150
[  100.514156][ T6695]  ? __pfx_vfs_write+0x10/0x10
[  100.514172][ T6695]  ? do_futex+0x123/0x350
[  100.514188][ T6695]  ? __pfx_do_futex+0x10/0x10
[  100.514205][ T6695]  ? __x64_sys_futex+0x1e1/0x4c0
[  100.514220][ T6695]  ? __x64_sys_futex+0x1ea/0x4c0
[  100.514237][ T6695]  ksys_write+0x12b/0x250
[  100.514254][ T6695]  ? __pfx_ksys_write+0x10/0x10
[  100.514273][ T6695]  do_syscall_64+0xcd/0x250
[  100.514291][ T6695]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.514316][ T6695] RIP: 0033:0x7f7aeb98cde9
[  100.514333][ T6695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  100.514356][ T6695] RSP: 002b:00007ffc60dbe788 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  100.514370][ T6695] RAX: ffffffffffffffda RBX: 00007f7aebba5fa0 RCX: 00007f7aeb98cde9
[  100.514378][ T6695] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  100.514386][ T6695] RBP: 00007f7aeba0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  100.514394][ T6695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  100.514404][ T6695] R13: 00007f7aebba5fa0 R14: 00007f7aebba5fa0 R15: 0000000000000003
[  100.514417][ T6695]  </TASK>
[  100.514422][ T6695] 
[  100.740124][ T6695] Allocated by task 5944:
[  100.744447][ T6695]  kasan_save_stack+0x33/0x60
[  100.749138][ T6695]  kasan_save_track+0x14/0x30
[  100.753818][ T6695]  __kasan_kmalloc+0xaa/0xb0
[  100.758416][ T6695]  vhci_open+0x4c/0x430
[  100.762570][ T6695]  misc_open+0x35a/0x420
[  100.766807][ T6695]  chrdev_open+0x237/0x6a0
[  100.771232][ T6695]  do_dentry_open+0x735/0x1c40
[  100.775999][ T6695]  vfs_open+0x82/0x3f0
[  100.780063][ T6695]  path_openat+0x1e88/0x2d80
[  100.784660][ T6695]  do_filp_open+0x20c/0x470
[  100.789167][ T6695]  do_sys_openat2+0x17a/0x1e0
[  100.793841][ T6695]  __x64_sys_openat+0x175/0x210
[  100.798691][ T6695]  do_syscall_64+0xcd/0x250
[  100.803201][ T6695]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.809101][ T6695] 
[  100.811416][ T6695] Freed by task 5944:
[  100.815386][ T6695]  kasan_save_stack+0x33/0x60
[  100.820069][ T6695]  kasan_save_track+0x14/0x30
[  100.824748][ T6695]  kasan_save_free_info+0x3b/0x60
[  100.829771][ T6695]  __kasan_slab_free+0x51/0x70
[  100.834539][ T6695]  kfree+0x2c4/0x4d0
[  100.838435][ T6695]  vhci_release+0xbb/0xf0
[  100.842761][ T6695]  __fput+0x3ff/0xb70
[  100.846739][ T6695]  task_work_run+0x14e/0x250
[  100.851330][ T6695]  do_exit+0xad8/0x2d70
[  100.855482][ T6695]  do_group_exit+0xd3/0x2a0
[  100.859982][ T6695]  get_signal+0x24ed/0x26c0
[  100.864491][ T6695]  arch_do_signal_or_restart+0x90/0x7e0
[  100.870035][ T6695]  irqentry_exit_to_user_mode+0x13f/0x280
[  100.875756][ T6695]  asm_exc_page_fault+0x26/0x30
[  100.880607][ T6695] 
[  100.882925][ T6695] The buggy address belongs to the object at ffff888028b4d800
[  100.882925][ T6695]  which belongs to the cache kmalloc-1k of size 1024
[  100.896973][ T6695] The buggy address is located 0 bytes inside of
[  100.896973][ T6695]  freed 1024-byte region [ffff888028b4d800, ffff888028b4dc00)
[  100.910681][ T6695] 
[  100.913008][ T6695] The buggy address belongs to the physical page:
[  100.919421][ T6695] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28b48
[  100.928186][ T6695] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  100.936682][ T6695] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  100.944230][ T6695] page_type: f5(slab)
[  100.948216][ T6695] raw: 00fff00000000040 ffff88801b041dc0 ffffea000083de00 dead000000000002
[  100.956795][ T6695] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  100.965377][ T6695] head: 00fff00000000040 ffff88801b041dc0 ffffea000083de00 dead000000000002
[  100.974043][ T6695] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  100.982711][ T6695] head: 00fff00000000003 ffffea0000a2d201 ffffffffffffffff 0000000000000000
[  100.991375][ T6695] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  101.000035][ T6695] page dumped because: kasan: bad access detected
[  101.006449][ T6695] page_owner tracks the page as allocated
[  101.012154][ T6695] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5630, tgid 5630 (dhcpcd-run-hook), ts 47448262668, free_ts 47416279037
[  101.033774][ T6695]  post_alloc_hook+0x181/0x1b0
[  101.038546][ T6695]  get_page_from_freelist+0xfce/0x2f80
[  101.044013][ T6695]  __alloc_frozen_pages_noprof+0x221/0x2470
[  101.049916][ T6695]  alloc_pages_mpol+0x1fc/0x540
[  101.054760][ T6695]  new_slab+0x23d/0x330
[  101.058919][ T6695]  ___slab_alloc+0xc5d/0x1720
[  101.063597][ T6695]  __slab_alloc.constprop.0+0x56/0xb0
[  101.068972][ T6695]  __kmalloc_noprof+0x2ec/0x510
[  101.073824][ T6695]  load_elf_phdrs+0x103/0x210
[  101.078499][ T6695]  load_elf_binary+0x1f8/0x4fc0
[  101.083349][ T6695]  bprm_execve+0x8dd/0x16d0
[  101.087854][ T6695]  do_execveat_common.isra.0+0x4a2/0x610
[  101.093488][ T6695]  __x64_sys_execve+0x8c/0xb0
[  101.098165][ T6695]  do_syscall_64+0xcd/0x250
[  101.102668][ T6695]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.108565][ T6695] page last free pid 5628 tgid 5628 stack trace:
[  101.114882][ T6695]  free_frozen_pages+0x6db/0xfb0
[  101.119823][ T6695]  qlist_free_all+0x4e/0x120
[  101.124418][ T6695]  kasan_quarantine_reduce+0x195/0x1e0
[  101.129882][ T6695]  __kasan_slab_alloc+0x69/0x90
[  101.134745][ T6695]  __kmalloc_noprof+0x1cd/0x510
[  101.139600][ T6695]  tomoyo_realpath_from_path+0xb9/0x720
[  101.145149][ T6695]  tomoyo_path_perm+0x276/0x460
[  101.149995][ T6695]  security_inode_getattr+0x116/0x290
[  101.155400][ T6695]  vfs_fstat+0x4b/0xd0
[  101.159475][ T6695]  vfs_fstatat+0xbc/0xf0
[  101.163725][ T6695]  __do_sys_newfstatat+0xa2/0x130
[  101.168756][ T6695]  do_syscall_64+0xcd/0x250
[  101.173263][ T6695]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.179162][ T6695] 
[  101.181475][ T6695] Memory state around the buggy address:
[  101.187096][ T6695]  ffff888028b4d700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  101.195152][ T6695]  ffff888028b4d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  101.203203][ T6695] >ffff888028b4d800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  101.211254][ T6695]                    ^
[  101.215313][ T6695]  ffff888028b4d880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  101.223373][ T6695]  ffff888028b4d900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  101.231421][ T6695] ==================================================================
[  101.256050][ T6695] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  101.263274][ T6695] CPU: 1 UID: 0 PID: 6695 Comm: syz.0.616 Not tainted 6.14.0-rc3-syzkaller-00060-g6537cfb395f3 #0
[  101.273855][ T6695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  101.283900][ T6695] Call Trace:
[  101.287171][ T6695]  <TASK>
[  101.290095][ T6695]  dump_stack_lvl+0x3d/0x1f0
[  101.294691][ T6695]  panic+0x71d/0x800
[  101.298582][ T6695]  ? __pfx_panic+0x10/0x10
[  101.302997][ T6695]  ? preempt_schedule_thunk+0x1a/0x30
[  101.308370][ T6695]  ? preempt_schedule_common+0x44/0xc0
[  101.313827][ T6695]  ? check_panic_on_warn+0x1f/0xb0
[  101.318944][ T6695]  check_panic_on_warn+0xab/0xb0
[  101.323884][ T6695]  end_report+0x117/0x180
[  101.328219][ T6695]  kasan_report+0xe9/0x110
[  101.332626][ T6695]  ? force_devcd_write+0x317/0x330
[  101.337737][ T6695]  ? force_devcd_write+0x317/0x330
[  101.342848][ T6695]  force_devcd_write+0x317/0x330
[  101.347787][ T6695]  ? __pfx_force_devcd_write+0x10/0x10
[  101.353267][ T6695]  ? __debugfs_file_get+0x1ff/0x850
[  101.358478][ T6695]  ? __pfx___debugfs_file_get+0x10/0x10
[  101.364036][ T6695]  ? rcu_is_watching+0x12/0xc0
[  101.368813][ T6695]  ? trace_lock_acquire+0x14e/0x1f0
[  101.374018][ T6695]  full_proxy_write+0x13c/0x200
[  101.378873][ T6695]  ? __pfx_full_proxy_write+0x10/0x10
[  101.384246][ T6695]  vfs_write+0x24c/0x1150
[  101.388587][ T6695]  ? __pfx_vfs_write+0x10/0x10
[  101.393349][ T6695]  ? do_futex+0x123/0x350
[  101.397679][ T6695]  ? __pfx_do_futex+0x10/0x10
[  101.402359][ T6695]  ? __x64_sys_futex+0x1e1/0x4c0
[  101.407297][ T6695]  ? __x64_sys_futex+0x1ea/0x4c0
[  101.412234][ T6695]  ksys_write+0x12b/0x250
[  101.416575][ T6695]  ? __pfx_ksys_write+0x10/0x10
[  101.421433][ T6695]  do_syscall_64+0xcd/0x250
[  101.425939][ T6695]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.431835][ T6695] RIP: 0033:0x7f7aeb98cde9
[  101.436242][ T6695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  101.455849][ T6695] RSP: 002b:00007ffc60dbe788 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  101.464272][ T6695] RAX: ffffffffffffffda RBX: 00007f7aebba5fa0 RCX: 00007f7aeb98cde9
[  101.472238][ T6695] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  101.480209][ T6695] RBP: 00007f7aeba0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  101.488178][ T6695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  101.496140][ T6695] R13: 00007f7aebba5fa0 R14: 00007f7aebba5fa0 R15: 0000000000000003
[  101.504109][ T6695]  </TASK>
[  101.507356][ T6695] Kernel Offset: disabled
[  101.511668][ T6695] Rebooting in 86400 seconds..