Warning: Permanently added '10.128.0.109' (ED25519) to the list of known hosts.
[   86.541674][ T4256] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   86.550209][ T4256] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   86.558140][ T4256] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   86.567356][ T4256] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   86.575255][ T4256] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   86.582711][ T4256] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   86.666188][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   86.674466][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   86.691215][ T2940] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   86.705795][ T2940] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
executing program
[   86.714187][ T2940] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   86.723028][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   86.912824][ T4258] loop0: detected capacity change from 0 to 32768
[   87.004532][ T4259] ==================================================================
[   87.012747][ T4259] BUG: KASAN: use-after-free in dtSplitPage+0x1aba/0x31d0
[   87.019920][ T4259] Write of size 1 at addr ffff88807a274000 by task syz-executor170/4259
[   87.028287][ T4259] 
[   87.030661][ T4259] CPU: 1 PID: 4259 Comm: syz-executor170 Not tainted 6.1.138-syzkaller #0
[   87.039321][ T4259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   87.049422][ T4259] Call Trace:
[   87.052729][ T4259]  <TASK>
[   87.055681][ T4259]  dump_stack_lvl+0x168/0x22e
[   87.060414][ T4259]  ? __lock_acquire+0x7c50/0x7c50
[   87.065487][ T4259]  ? show_regs_print_info+0x12/0x12
[   87.070734][ T4259]  ? load_image+0x3b0/0x3b0
[   87.075368][ T4259]  ? __virt_addr_valid+0x465/0x540
[   87.080526][ T4259]  ? dtSplitPage+0x1aba/0x31d0
[   87.085504][ T4259]  print_report+0xa8/0x220
[   87.089955][ T4259]  kasan_report+0x10b/0x140
[   87.094518][ T4259]  ? dtSplitPage+0x1aba/0x31d0
[   87.099325][ T4259]  dtSplitPage+0x1aba/0x31d0
[   87.104062][ T4259]  dtInsert+0xfbd/0x58a0
[   87.108342][ T4259]  ? txLock+0x2ad/0x2090
[   87.112627][ T4259]  ? do_raw_spin_lock+0x11d/0x280
[   87.117702][ T4259]  ? UniStrupr+0x2e0/0x2e0
[   87.122163][ T4259]  ? txLock+0x1121/0x2090
[   87.126531][ T4259]  ? dtSearch+0x1c67/0x2050
[   87.131072][ T4259]  ? txEnd+0x520/0x520
[   87.135242][ T4259]  jfs_create+0x69d/0xa50
[   87.139624][ T4259]  ? jfs_lookup+0x380/0x380
[   87.144183][ T4259]  ? jfs_get_parent+0xa0/0xa0
[   87.149094][ T4259]  ? make_kgid+0x640/0x640
[   87.153548][ T4259]  ? rwsem_write_trylock+0x12f/0x1b0
[   87.158958][ T4259]  ? generic_permission+0x230/0x510
[   87.164199][ T4259]  ? inode_permission+0xef/0x480
[   87.169175][ T4259]  ? bpf_lsm_inode_create+0x5/0x10
[   87.174329][ T4259]  ? security_inode_create+0xb3/0x100
[   87.179736][ T4259]  ? jfs_lookup+0x380/0x380
[   87.184280][ T4259]  path_openat+0x1187/0x2e70
[   87.188928][ T4259]  ? do_filp_open+0x3c0/0x3c0
[   87.193640][ T4259]  do_filp_open+0x1c1/0x3c0
[   87.198177][ T4259]  ? vfs_tmpfile+0x480/0x480
[   87.202798][ T4259]  ? _raw_spin_unlock+0x24/0x40
[   87.207744][ T4259]  ? alloc_fd+0x58f/0x630
[   87.212160][ T4259]  do_sys_openat2+0x142/0x490
[   87.216859][ T4259]  ? do_sys_open+0xe0/0xe0
[   87.221276][ T4259]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[   87.227263][ T4259]  ? lock_chain_count+0x20/0x20
[   87.232184][ T4259]  __x64_sys_creat+0x8c/0xb0
[   87.236804][ T4259]  do_syscall_64+0x4c/0xa0
[   87.241224][ T4259]  ? clear_bhb_loop+0x45/0xa0
[   87.245895][ T4259]  ? clear_bhb_loop+0x45/0xa0
[   87.250568][ T4259]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   87.256472][ T4259] RIP: 0033:0x7f95a28a9929
[   87.260897][ T4259] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   87.280502][ T4259] RSP: 002b:00007f95a203b218 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[   87.288920][ T4259] RAX: ffffffffffffffda RBX: 00007f95a2930638 RCX: 00007f95a28a9929
[   87.296912][ T4259] RDX: 00007f95a28a9929 RSI: 0000000000000000 RDI: 00002000000006c0
[   87.304886][ T4259] RBP: 00007f95a2930630 R08: 0000000000000000 R09: 0000000000000000
[   87.312864][ T4259] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f95a28fc45c
[   87.321004][ T4259] R13: 0000200000000080 R14: 00002000000008c0 R15: 00002000000006c0
[   87.329000][ T4259]  </TASK>
[   87.332041][ T4259] 
[   87.334358][ T4259] The buggy address belongs to the physical page:
[   87.340767][ T4259] page:ffffea0001e89d00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7a274
[   87.350916][ T4259] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   87.358036][ T4259] raw: 00fff00000000000 ffffea00009dd088 ffffea0001e89d88 0000000000000000
[   87.366617][ T4259] raw: 0000000000000000 0000000000100000 00000000ffffffff 0000000000000000
[   87.375191][ T4259] page dumped because: kasan: bad access detected
[   87.381602][ T4259] page_owner tracks the page as freed
[   87.386959][ T4259] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3962, tgid 3962 (dhcpcd-run-hook), ts 57205764727, free_ts 86539493011
[   87.408582][ T4259]  post_alloc_hook+0x173/0x1a0
[   87.413500][ T4259]  get_page_from_freelist+0x1a26/0x1ac0
[   87.419060][ T4259]  __alloc_pages+0x1df/0x4e0
[   87.423693][ T4259]  alloc_slab_page+0x5d/0x160
[   87.428376][ T4259]  new_slab+0x87/0x2c0
[   87.432464][ T4259]  ___slab_alloc+0xbc6/0x1220
[   87.437143][ T4259]  kmem_cache_alloc_bulk+0x1a3/0x4e0
[   87.442511][ T4259]  mas_alloc_nodes+0x449/0x890
[   87.447296][ T4259]  mas_preallocate+0x11e/0x340
[   87.452055][ T4259]  __vma_adjust+0x2e2/0x1bd0
[   87.456659][ T4259]  __split_vma+0x3a7/0x500
[   87.461072][ T4259]  do_mas_align_munmap+0x351/0x1220
[   87.466303][ T4259]  do_mas_munmap+0x240/0x2b0
[   87.470896][ T4259]  mmap_region+0x713/0x1d30
[   87.475436][ T4259]  do_mmap+0x894/0xf30
[   87.479533][ T4259]  vm_mmap_pgoff+0x1b2/0x2b0
[   87.484231][ T4259] page last free stack trace:
[   87.488894][ T4259]  free_unref_page_prepare+0x8b4/0x9a0
[   87.494373][ T4259]  free_unref_page+0x2e/0x3f0
[   87.499052][ T4259]  qlist_free_all+0x76/0xe0
[   87.503557][ T4259]  kasan_quarantine_reduce+0x144/0x160
[   87.509039][ T4259]  __kasan_slab_alloc+0x1e/0x80
[   87.513947][ T4259]  slab_post_alloc_hook+0x4b/0x480
[   87.519100][ T4259]  __kmem_cache_alloc_node+0x140/0x260
[   87.524579][ T4259]  kmalloc_node_trace+0x22/0xe0
[   87.529462][ T4259]  create_worker+0x10f/0x630
[   87.534069][ T4259]  worker_thread+0x4de/0x1250
[   87.538817][ T4259]  kthread+0x29d/0x330
[   87.542893][ T4259]  ret_from_fork+0x1f/0x30
[   87.547319][ T4259] 
[   87.549648][ T4259] Memory state around the buggy address:
[   87.555457][ T4259]  ffff88807a273f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   87.563518][ T4259]  ffff88807a273f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   87.571580][ T4259] >ffff88807a274000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   87.579630][ T4259]                    ^
[   87.583692][ T4259]  ffff88807a274080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   87.591750][ T4259]  ffff88807a274100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   87.599802][ T4259] ==================================================================
[   87.608547][ T4259] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   87.615771][ T4259] CPU: 1 PID: 4259 Comm: syz-executor170 Not tainted 6.1.138-syzkaller #0
[   87.624282][ T4259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   87.634376][ T4259] Call Trace:
[   87.637668][ T4259]  <TASK>
[   87.640608][ T4259]  dump_stack_lvl+0x168/0x22e
[   87.645303][ T4259]  ? memcpy+0x3c/0x60
[   87.649297][ T4259]  ? show_regs_print_info+0x12/0x12
[   87.654501][ T4259]  ? load_image+0x3b0/0x3b0
[   87.659016][ T4259]  panic+0x2c9/0x710
[   87.662927][ T4259]  ? bpf_jit_dump+0xd0/0xd0
[   87.667444][ T4259]  ? _raw_spin_unlock_irqrestore+0xf6/0x100
[   87.673372][ T4259]  ? _raw_spin_unlock+0x40/0x40
[   87.678235][ T4259]  ? print_memory_metadata+0x314/0x400
[   87.683705][ T4259]  check_panic_on_warn+0x80/0xa0
[   87.688655][ T4259]  ? dtSplitPage+0x1aba/0x31d0
[   87.693425][ T4259]  end_report+0x66/0x110
[   87.697943][ T4259]  kasan_report+0x118/0x140
[   87.702462][ T4259]  ? dtSplitPage+0x1aba/0x31d0
[   87.707248][ T4259]  dtSplitPage+0x1aba/0x31d0
[   87.711868][ T4259]  dtInsert+0xfbd/0x58a0
[   87.716141][ T4259]  ? txLock+0x2ad/0x2090
[   87.720419][ T4259]  ? do_raw_spin_lock+0x11d/0x280
[   87.725464][ T4259]  ? UniStrupr+0x2e0/0x2e0
[   87.729904][ T4259]  ? txLock+0x1121/0x2090
[   87.734244][ T4259]  ? dtSearch+0x1c67/0x2050
[   87.738757][ T4259]  ? txEnd+0x520/0x520
[   87.742840][ T4259]  jfs_create+0x69d/0xa50
[   87.747188][ T4259]  ? jfs_lookup+0x380/0x380
[   87.751707][ T4259]  ? jfs_get_parent+0xa0/0xa0
[   87.756401][ T4259]  ? make_kgid+0x640/0x640
[   87.760824][ T4259]  ? rwsem_write_trylock+0x12f/0x1b0
[   87.766120][ T4259]  ? generic_permission+0x230/0x510
[   87.771353][ T4259]  ? inode_permission+0xef/0x480
[   87.776299][ T4259]  ? bpf_lsm_inode_create+0x5/0x10
[   87.781426][ T4259]  ? security_inode_create+0xb3/0x100
[   87.786916][ T4259]  ? jfs_lookup+0x380/0x380
[   87.791433][ T4259]  path_openat+0x1187/0x2e70
[   87.796472][ T4259]  ? do_filp_open+0x3c0/0x3c0
[   87.801165][ T4259]  do_filp_open+0x1c1/0x3c0
[   87.805674][ T4259]  ? vfs_tmpfile+0x480/0x480
[   87.810278][ T4259]  ? _raw_spin_unlock+0x24/0x40
[   87.815141][ T4259]  ? alloc_fd+0x58f/0x630
[   87.819581][ T4259]  do_sys_openat2+0x142/0x490
[   87.824358][ T4259]  ? do_sys_open+0xe0/0xe0
[   87.828812][ T4259]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[   87.834818][ T4259]  ? lock_chain_count+0x20/0x20
[   87.839765][ T4259]  __x64_sys_creat+0x8c/0xb0
[   87.844369][ T4259]  do_syscall_64+0x4c/0xa0
[   87.848796][ T4259]  ? clear_bhb_loop+0x45/0xa0
[   87.853477][ T4259]  ? clear_bhb_loop+0x45/0xa0
[   87.858164][ T4259]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   87.864071][ T4259] RIP: 0033:0x7f95a28a9929
[   87.868499][ T4259] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   87.888137][ T4259] RSP: 002b:00007f95a203b218 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[   87.896560][ T4259] RAX: ffffffffffffffda RBX: 00007f95a2930638 RCX: 00007f95a28a9929
[   87.904536][ T4259] RDX: 00007f95a28a9929 RSI: 0000000000000000 RDI: 00002000000006c0
[   87.912512][ T4259] RBP: 00007f95a2930630 R08: 0000000000000000 R09: 0000000000000000
[   87.920494][ T4259] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f95a28fc45c
[   87.928469][ T4259] R13: 0000200000000080 R14: 00002000000008c0 R15: 00002000000006c0
[   87.936453][ T4259]  </TASK>
[   87.939721][ T4259] Kernel Offset: disabled
[   87.944048][ T4259] Rebooting in 86400 seconds..