Warning: Permanently added '10.128.0.157' (ED25519) to the list of known hosts.
2025/08/18 17:57:38 ignoring optional flag "sandboxArg"="0"
2025/08/18 17:57:39 parsed 1 programs
[   94.614610][ T5865] cgroup: Unknown subsys name 'net'
[   94.726263][ T5865] cgroup: Unknown subsys name 'cpuset'
[   94.735829][ T5865] cgroup: Unknown subsys name 'rlimit'
[   96.257849][ T5865] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   98.887409][ T5878] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   99.294547][ T5891] chnl_net:caif_netlink_parms(): no params data found
[   99.369640][ T5891] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.378385][ T5891] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.387428][ T5891] bridge_slave_0: entered allmulticast mode
[   99.395744][ T5891] bridge_slave_0: entered promiscuous mode
[   99.405069][ T5891] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.412954][ T5891] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.420957][ T5891] bridge_slave_1: entered allmulticast mode
[   99.429506][ T5891] bridge_slave_1: entered promiscuous mode
[   99.458767][ T5891] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.473001][ T5891] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.505870][ T5891] team0: Port device team_slave_0 added
[   99.514881][ T5891] team0: Port device team_slave_1 added
[   99.539134][ T5891] batman_adv: batadv0: Adding interface: batadv_slave_0
[   99.547377][ T5891] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.581488][ T5891] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   99.594371][ T5891] batman_adv: batadv0: Adding interface: batadv_slave_1
[   99.602222][ T5891] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.631663][ T5891] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   99.668380][ T5891] hsr_slave_0: entered promiscuous mode
[   99.676159][ T5891] hsr_slave_1: entered promiscuous mode
[   99.775361][ T5891] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   99.786958][ T5891] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   99.797362][ T5891] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   99.807759][ T5891] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   99.833569][ T5891] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.841239][ T5891] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.850021][ T5891] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.859203][ T5891] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.902051][ T5891] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.916806][ T3012] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.925304][ T3012] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.939283][ T5891] 8021q: adding VLAN 0 to HW filter on device team0
[   99.950704][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.958146][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.970697][ T3012] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.978482][ T3012] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.135754][ T5891] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.174053][ T5891] veth0_vlan: entered promiscuous mode
[  100.186207][ T5891] veth1_vlan: entered promiscuous mode
[  100.210695][ T5891] veth0_macvtap: entered promiscuous mode
[  100.219462][ T5891] veth1_macvtap: entered promiscuous mode
[  100.237044][ T5891] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.250464][ T5891] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.262815][ T3012] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.272334][ T3012] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.283144][ T3012] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.292746][ T3012] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.386594][ T3008] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.430267][ T3008] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.519710][ T3008] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.571497][ T3008] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.897313][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.905803][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.926634][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.935504][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.448787][ T5181] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  102.456893][ T5181] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  102.464620][ T5181] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  102.472523][ T5181] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  102.480470][ T5181] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/08/18 17:57:52 executed programs: 0
[  103.002991][ T5181] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  103.010408][ T5181] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  103.018511][ T5181] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  103.026454][ T5181] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  103.035523][ T5181] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  103.073871][ T1210] cfg80211: failed to load regulatory.db
[  103.157542][ T5974] chnl_net:caif_netlink_parms(): no params data found
[  103.210734][ T5974] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.218238][ T5974] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.225792][ T5974] bridge_slave_0: entered allmulticast mode
[  103.232656][ T5974] bridge_slave_0: entered promiscuous mode
[  103.240826][ T5974] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.248182][ T5974] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.255747][ T5974] bridge_slave_1: entered allmulticast mode
[  103.262494][ T5974] bridge_slave_1: entered promiscuous mode
[  103.285069][ T5974] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.296598][ T5974] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.321972][ T5974] team0: Port device team_slave_0 added
[  103.329615][ T5974] team0: Port device team_slave_1 added
[  103.349793][ T5974] batman_adv: batadv0: Adding interface: batadv_slave_0
[  103.357377][ T5974] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.383756][ T5974] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  103.395935][ T5974] batman_adv: batadv0: Adding interface: batadv_slave_1
[  103.403215][ T5974] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.429442][ T5974] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  103.463878][ T5974] hsr_slave_0: entered promiscuous mode
[  103.470369][ T5974] hsr_slave_1: entered promiscuous mode
[  103.476814][ T5974] debugfs: 'hsr0' already exists in 'hsr'
[  103.482603][ T5974] Cannot create hsr debugfs directory
[  103.610487][ T3008] bridge_slave_1: left allmulticast mode
[  103.617461][ T3008] bridge_slave_1: left promiscuous mode
[  103.624521][ T3008] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.636336][ T3008] bridge_slave_0: left allmulticast mode
[  103.642134][ T3008] bridge_slave_0: left promiscuous mode
[  103.650305][ T3008] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.790424][ T3008] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  103.802440][ T3008] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  103.817761][ T3008] bond0 (unregistering): Released all slaves
[  103.912300][ T3008] hsr_slave_0: left promiscuous mode
[  103.919307][ T3008] hsr_slave_1: left promiscuous mode
[  103.927024][ T3008] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  103.934863][ T3008] batman_adv: batadv0: Removing interface: batadv_slave_0
[  103.942857][ T3008] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  103.951510][ T3008] batman_adv: batadv0: Removing interface: batadv_slave_1
[  103.964562][ T3008] veth1_macvtap: left promiscuous mode
[  103.970653][ T3008] veth0_macvtap: left promiscuous mode
[  103.976824][ T3008] veth1_vlan: left promiscuous mode
[  103.982238][ T3008] veth0_vlan: left promiscuous mode
[  104.130704][ T3008] team0 (unregistering): Port device team_slave_1 removed
[  104.150171][ T3008] team0 (unregistering): Port device team_slave_0 removed
[  104.388989][ T5974] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  104.404972][ T5974] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  104.420112][ T5974] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  104.430650][ T5974] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  104.801030][ T5974] 8021q: adding VLAN 0 to HW filter on device bond0
[  104.838900][ T5974] 8021q: adding VLAN 0 to HW filter on device team0
[  104.862454][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.869684][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  104.917315][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.924509][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.073239][ T5181] Bluetooth: hci0: command tx timeout
[  105.234679][ T5974] 8021q: adding VLAN 0 to HW filter on device batadv0
[  105.315177][ T5974] veth0_vlan: entered promiscuous mode
[  105.340393][ T5974] veth1_vlan: entered promiscuous mode
[  105.370898][ T5974] veth0_macvtap: entered promiscuous mode
[  105.379683][ T5974] veth1_macvtap: entered promiscuous mode
[  105.396838][ T5974] batman_adv: batadv0: Interface activated: batadv_slave_0
[  105.411196][ T5974] batman_adv: batadv0: Interface activated: batadv_slave_1
[  105.425050][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  105.434794][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  105.444502][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  105.453376][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  105.492847][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.506447][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.526075][ T3008] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.534010][ T3008] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.163291][ T5181] Bluetooth: hci0: command tx timeout
2025/08/18 17:57:57 executed programs: 124
[  109.233552][ T5181] Bluetooth: hci0: command tx timeout
[  111.313524][ T5181] Bluetooth: hci0: command tx timeout
2025/08/18 17:58:02 executed programs: 403
[  116.509757][   T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  116.518387][   T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  116.528477][   T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  116.537464][   T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  116.545528][   T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  116.650368][ T6640] chnl_net:caif_netlink_parms(): no params data found
[  116.697990][ T6640] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.705256][ T6640] bridge0: port 1(bridge_slave_0) entered disabled state
[  116.712521][ T6640] bridge_slave_0: entered allmulticast mode
[  116.719801][ T6640] bridge_slave_0: entered promiscuous mode
[  116.727475][ T6640] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.735349][ T6640] bridge0: port 2(bridge_slave_1) entered disabled state
[  116.742549][ T6640] bridge_slave_1: entered allmulticast mode
[  116.749726][ T6640] bridge_slave_1: entered promiscuous mode
[  116.767154][  T154] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.788400][ T6640] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  116.800371][ T6640] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  116.824960][ T6640] team0: Port device team_slave_0 added
[  116.832208][ T6640] team0: Port device team_slave_1 added
[  116.849350][  T154] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.869665][ T6640] batman_adv: batadv0: Adding interface: batadv_slave_0
[  116.877298][ T6640] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  116.903364][ T6640] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  116.915683][ T6640] batman_adv: batadv0: Adding interface: batadv_slave_1
[  116.922669][ T6640] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  116.948763][ T6640] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  116.962248][  T154] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.998538][ T6640] hsr_slave_0: entered promiscuous mode
[  117.005342][ T6640] hsr_slave_1: entered promiscuous mode
[  117.024162][  T154] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.139650][  T154] bridge_slave_1: left allmulticast mode
[  117.145872][  T154] bridge_slave_1: left promiscuous mode
[  117.151646][  T154] bridge0: port 2(bridge_slave_1) entered disabled state
[  117.161639][  T154] bridge_slave_0: left allmulticast mode
[  117.167487][  T154] bridge_slave_0: left promiscuous mode
[  117.173412][  T154] bridge0: port 1(bridge_slave_0) entered disabled state
[  117.278498][  T154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  117.288742][  T154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  117.298748][  T154] bond0 (unregistering): Released all slaves
[  117.629570][  T154] hsr_slave_0: left promiscuous mode
[  117.636389][  T154] hsr_slave_1: left promiscuous mode
[  117.642287][  T154] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  117.652189][  T154] batman_adv: batadv0: Removing interface: batadv_slave_0
[  117.661148][  T154] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  117.669395][  T154] batman_adv: batadv0: Removing interface: batadv_slave_1
[  117.680664][  T154] veth1_macvtap: left promiscuous mode
[  117.686513][  T154] veth0_macvtap: left promiscuous mode
[  117.692093][  T154] veth1_vlan: left promiscuous mode
[  117.697821][  T154] veth0_vlan: left promiscuous mode
[  117.818624][  T154] team0 (unregistering): Port device team_slave_1 removed
[  117.831511][  T154] team0 (unregistering): Port device team_slave_0 removed
[  117.891165][ T6640] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  117.907551][ T6640] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  117.927841][ T6640] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  117.937650][ T6640] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  118.016602][ T6640] 8021q: adding VLAN 0 to HW filter on device bond0
[  118.038532][ T6640] 8021q: adding VLAN 0 to HW filter on device team0
[  118.052060][ T3008] bridge0: port 1(bridge_slave_0) entered blocking state
[  118.059267][ T3008] bridge0: port 1(bridge_slave_0) entered forwarding state
[  118.075425][ T3008] bridge0: port 2(bridge_slave_1) entered blocking state
[  118.082586][ T3008] bridge0: port 2(bridge_slave_1) entered forwarding state
[  118.132255][ T6640] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  118.327884][ T6640] 8021q: adding VLAN 0 to HW filter on device batadv0
[  118.377432][ T6640] veth0_vlan: entered promiscuous mode
[  118.390149][ T6640] veth1_vlan: entered promiscuous mode
[  118.416257][ T6640] veth0_macvtap: entered promiscuous mode
[  118.425078][ T6640] veth1_macvtap: entered promiscuous mode
[  118.441056][ T6640] batman_adv: batadv0: Interface activated: batadv_slave_0
[  118.454338][ T6640] batman_adv: batadv0: Interface activated: batadv_slave_1
[  118.467254][  T154] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  118.477012][  T154] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  118.486551][  T154] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  118.496129][  T154] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2025/08/18 17:58:08 executed programs: 602
[  118.535790][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.547787][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.566559][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.575384][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.602053][ T6688] ==================================================================
[  118.610209][ T6688] BUG: KASAN: slab-use-after-free in force_devcd_write+0x312/0x340
[  118.618166][ T6688] Read of size 8 at addr ffff888025ad1000 by task syz.0.617/6688
[  118.625893][ T6688] 
[  118.628235][ T6688] CPU: 0 UID: 0 PID: 6688 Comm: syz.0.617 Not tainted 6.17.0-rc2-syzkaller #0 PREEMPT(full) 
[  118.628263][ T6688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  118.628278][ T6688] Call Trace:
[  118.628286][ T6688]  <TASK>
[  118.628294][ T6688]  dump_stack_lvl+0x116/0x1f0
[  118.628330][ T6688]  print_report+0xcd/0x630
[  118.628360][ T6688]  ? __virt_addr_valid+0x81/0x610
[  118.628396][ T6688]  ? __phys_addr+0xe8/0x180
[  118.628424][ T6688]  ? force_devcd_write+0x312/0x340
[  118.628454][ T6688]  kasan_report+0xe0/0x110
[  118.628484][ T6688]  ? force_devcd_write+0x312/0x340
[  118.628517][ T6688]  force_devcd_write+0x312/0x340
[  118.628548][ T6688]  ? __pfx_force_devcd_write+0x10/0x10
[  118.628579][ T6688]  ? __debugfs_file_get+0x1fe/0x840
[  118.628614][ T6688]  ? __pfx___debugfs_file_get+0x10/0x10
[  118.628650][ T6688]  ? rcu_is_watching+0x12/0xc0
[  118.628676][ T6688]  full_proxy_write+0x131/0x1a0
[  118.628712][ T6688]  ? __pfx_full_proxy_write+0x10/0x10
[  118.628747][ T6688]  vfs_write+0x2a0/0x11d0
[  118.628776][ T6688]  ? __pfx_vfs_write+0x10/0x10
[  118.628801][ T6688]  ? do_futex+0x122/0x350
[  118.628829][ T6688]  ? __pfx_do_futex+0x10/0x10
[  118.628861][ T6688]  ? __x64_sys_futex+0x1e0/0x4c0
[  118.628890][ T6688]  ? __x64_sys_futex+0x1e9/0x4c0
[  118.628920][ T6688]  ksys_write+0x12a/0x250
[  118.628946][ T6688]  ? __pfx_ksys_write+0x10/0x10
[  118.628976][ T6688]  do_syscall_64+0xcd/0x490
[  118.629008][ T6688]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.629032][ T6688] RIP: 0033:0x7fbb9578ebe9
[  118.629052][ T6688] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  118.629075][ T6688] RSP: 002b:00007ffe87d0fb58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  118.629098][ T6688] RAX: ffffffffffffffda RBX: 00007fbb959b5fa0 RCX: 00007fbb9578ebe9
[  118.629114][ T6688] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  118.629127][ T6688] RBP: 00007fbb95811e19 R08: 0000000000000000 R09: 0000000000000000
[  118.629141][ T6688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  118.629155][ T6688] R13: 00007fbb959b5fa0 R14: 00007fbb959b5fa0 R15: 0000000000000003
[  118.629176][ T6688]  </TASK>
[  118.629183][ T6688] 
[  118.850505][ T6688] Allocated by task 5974:
[  118.854960][ T6688]  kasan_save_stack+0x33/0x60
[  118.859752][ T6688]  kasan_save_track+0x14/0x30
[  118.864454][ T6688]  __kasan_kmalloc+0xaa/0xb0
[  118.869064][ T6688]  vhci_open+0x4c/0x430
[  118.873246][ T6688]  misc_open+0x35a/0x420
[  118.877507][ T6688]  chrdev_open+0x234/0x6a0
[  118.881949][ T6688]  do_dentry_open+0x982/0x1530
[  118.886739][ T6688]  vfs_open+0x82/0x3f0
[  118.890842][ T6688]  path_openat+0x1de4/0x2cb0
[  118.895456][ T6688]  do_filp_open+0x20b/0x470
[  118.900079][ T6688]  do_sys_openat2+0x11b/0x1d0
[  118.904791][ T6688]  __x64_sys_openat+0x174/0x210
[  118.909686][ T6688]  do_syscall_64+0xcd/0x490
[  118.914223][ T6688]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.920139][ T6688] 
[  118.922473][ T6688] Freed by task 5974:
[  118.926548][ T6688]  kasan_save_stack+0x33/0x60
[  118.931281][ T6688]  kasan_save_track+0x14/0x30
[  118.935983][ T6688]  kasan_save_free_info+0x3b/0x60
[  118.941047][ T6688]  __kasan_slab_free+0x60/0x70
[  118.945848][ T6688]  kfree+0x2b4/0x4d0
[  118.949770][ T6688]  vhci_release+0xbb/0xf0
[  118.954140][ T6688]  __fput+0x402/0xb70
[  118.958173][ T6688]  task_work_run+0x150/0x240
[  118.962846][ T6688]  do_exit+0x86f/0x2bf0
[  118.967034][ T6688]  do_group_exit+0xd3/0x2a0
[  118.971573][ T6688]  get_signal+0x2673/0x26d0
[  118.976102][ T6688]  arch_do_signal_or_restart+0x8f/0x790
[  118.981698][ T6688]  exit_to_user_mode_loop+0x84/0x110
[  118.987023][ T6688]  do_syscall_64+0x3f6/0x490
[  118.991646][ T6688]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.997561][ T6688] 
[  118.999915][ T6688] The buggy address belongs to the object at ffff888025ad1000
[  118.999915][ T6688]  which belongs to the cache kmalloc-1k of size 1024
[  119.014022][ T6688] The buggy address is located 0 bytes inside of
[  119.014022][ T6688]  freed 1024-byte region [ffff888025ad1000, ffff888025ad1400)
[  119.027842][ T6688] 
[  119.030206][ T6688] The buggy address belongs to the physical page:
[  119.036633][ T6688] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x25ad0
[  119.045413][ T6688] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  119.053928][ T6688] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  119.062025][ T6688] page_type: f5(slab)
[  119.066076][ T6688] raw: 00fff00000000040 ffff88801b841dc0 0000000000000000 dead000000000001
[  119.074684][ T6688] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  119.083314][ T6688] head: 00fff00000000040 ffff88801b841dc0 0000000000000000 dead000000000001
[  119.092012][ T6688] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  119.100704][ T6688] head: 00fff00000000003 ffffea000096b401 00000000ffffffff 00000000ffffffff
[  119.109397][ T6688] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  119.118082][ T6688] page dumped because: kasan: bad access detected
[  119.124521][ T6688] page_owner tracks the page as allocated
[  119.130274][ T6688] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5630, tgid 5630 (dhcpcd), ts 64059065449, free_ts 64002036403
[  119.151152][ T6688]  post_alloc_hook+0x1c0/0x230
[  119.155949][ T6688]  get_page_from_freelist+0x132b/0x38e0
[  119.161521][ T6688]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  119.167446][ T6688]  alloc_pages_mpol+0x1fb/0x550
[  119.172421][ T6688]  new_slab+0x247/0x330
[  119.176594][ T6688]  ___slab_alloc+0xcf2/0x1740
[  119.181290][ T6688]  __slab_alloc.constprop.0+0x56/0xb0
[  119.186727][ T6688]  __kmalloc_noprof+0x2f2/0x510
[  119.191605][ T6688]  load_elf_phdrs+0x102/0x210
[  119.196307][ T6688]  load_elf_binary+0x151b/0x4fe0
[  119.201275][ T6688]  bprm_execve+0x8be/0x1640
[  119.206343][ T6688]  do_execveat_common.isra.0+0x4a5/0x610
[  119.212030][ T6688]  __x64_sys_execve+0x8e/0xb0
[  119.216744][ T6688]  do_syscall_64+0xcd/0x490
[  119.221284][ T6688]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.227289][ T6688] page last free pid 5628 tgid 5628 stack trace:
[  119.233634][ T6688]  __free_frozen_pages+0x7d5/0x10f0
[  119.238858][ T6688]  qlist_free_all+0x4d/0x120
[  119.243475][ T6688]  kasan_quarantine_reduce+0x195/0x1e0
[  119.248958][ T6688]  __kasan_slab_alloc+0x69/0x90
[  119.253835][ T6688]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  119.259323][ T6688]  getname_flags.part.0+0x4c/0x550
[  119.264475][ T6688]  getname_flags+0x93/0xf0
[  119.268913][ T6688]  vfs_fstatat+0xe1/0xf0
[  119.273204][ T6688]  __do_sys_newfstatat+0x97/0x120
[  119.278275][ T6688]  do_syscall_64+0xcd/0x490
[  119.282821][ T6688]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.289002][ T6688] 
[  119.291340][ T6688] Memory state around the buggy address:
[  119.296989][ T6688]  ffff888025ad0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  119.305068][ T6688]  ffff888025ad0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  119.313148][ T6688] >ffff888025ad1000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  119.321297][ T6688]                    ^
[  119.325382][ T6688]  ffff888025ad1080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  119.333474][ T6688]  ffff888025ad1100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  119.341549][ T6688] ==================================================================
[  119.364973][ T5181] Bluetooth: hci1: command tx timeout
[  119.371611][ T6688] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  119.378863][ T6688] CPU: 1 UID: 0 PID: 6688 Comm: syz.0.617 Not tainted 6.17.0-rc2-syzkaller #0 PREEMPT(full) 
[  119.389056][ T6688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  119.399135][ T6688] Call Trace:
[  119.402434][ T6688]  <TASK>
[  119.405477][ T6688]  dump_stack_lvl+0x3d/0x1f0
[  119.410108][ T6688]  vpanic+0x6e8/0x7a0
[  119.414650][ T6688]  ? __pfx_vpanic+0x10/0x10
[  119.419188][ T6688]  ? __pfx_vprintk_emit+0x10/0x10
[  119.424238][ T6688]  ? force_devcd_write+0x312/0x340
[  119.429387][ T6688]  panic+0xca/0xd0
[  119.433141][ T6688]  ? __pfx_panic+0x10/0x10
[  119.437613][ T6688]  ? force_devcd_write+0x312/0x340
[  119.442757][ T6688]  ? preempt_schedule_common+0x44/0xc0
[  119.448419][ T6688]  ? preempt_schedule_thunk+0x16/0x30
[  119.453827][ T6688]  ? check_panic_on_warn+0x1f/0xb0
[  119.458980][ T6688]  check_panic_on_warn+0xab/0xb0
[  119.463956][ T6688]  end_report+0x107/0x170
[  119.468316][ T6688]  kasan_report+0xee/0x110
[  119.472763][ T6688]  ? force_devcd_write+0x312/0x340
[  119.477910][ T6688]  force_devcd_write+0x312/0x340
[  119.482886][ T6688]  ? __pfx_force_devcd_write+0x10/0x10
[  119.488383][ T6688]  ? __debugfs_file_get+0x1fe/0x840
[  119.493706][ T6688]  ? __pfx___debugfs_file_get+0x10/0x10
[  119.499292][ T6688]  ? rcu_is_watching+0x12/0xc0
[  119.504090][ T6688]  full_proxy_write+0x131/0x1a0
[  119.508979][ T6688]  ? __pfx_full_proxy_write+0x10/0x10
[  119.514390][ T6688]  vfs_write+0x2a0/0x11d0
[  119.518753][ T6688]  ? __pfx_vfs_write+0x10/0x10
[  119.523558][ T6688]  ? do_futex+0x122/0x350
[  119.527916][ T6688]  ? __pfx_do_futex+0x10/0x10
[  119.532637][ T6688]  ? __x64_sys_futex+0x1e0/0x4c0
[  119.537611][ T6688]  ? __x64_sys_futex+0x1e9/0x4c0
[  119.542582][ T6688]  ksys_write+0x12a/0x250
[  119.546939][ T6688]  ? __pfx_ksys_write+0x10/0x10
[  119.551824][ T6688]  do_syscall_64+0xcd/0x490
[  119.556361][ T6688]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.562279][ T6688] RIP: 0033:0x7fbb9578ebe9
[  119.566715][ T6688] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  119.586346][ T6688] RSP: 002b:00007ffe87d0fb58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  119.594792][ T6688] RAX: ffffffffffffffda RBX: 00007fbb959b5fa0 RCX: 00007fbb9578ebe9
[  119.602804][ T6688] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  119.610867][ T6688] RBP: 00007fbb95811e19 R08: 0000000000000000 R09: 0000000000000000
[  119.618854][ T6688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  119.626868][ T6688] R13: 00007fbb959b5fa0 R14: 00007fbb959b5fa0 R15: 0000000000000003
[  119.634867][ T6688]  </TASK>
[  119.638220][ T6688] Kernel Offset: disabled
[  119.642557][ T6688] Rebooting in 86400 seconds..