Warning: Permanently added '10.128.10.55' (ED25519) to the list of known hosts.
2025/03/21 06:05:46 ignoring optional flag "sandboxArg"="0"
2025/03/21 06:05:47 parsed 1 programs
[   90.061352][ T5841] cgroup: Unknown subsys name 'net'
[   90.207976][ T5841] cgroup: Unknown subsys name 'cpuset'
[   90.216897][ T5841] cgroup: Unknown subsys name 'rlimit'
[   91.941671][ T5841] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   95.292143][ T5847] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   97.403969][    T9] cfg80211: failed to load regulatory.db
[   97.478824][ T1156] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.493263][ T1156] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.551599][ T1099] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.559747][ T1099] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.725401][ T5899] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   97.733882][ T5899] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   97.742644][ T5899] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   97.750962][ T5899] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   97.759505][ T5899] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   97.776936][ T5899] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   99.007414][ T5921] chnl_net:caif_netlink_parms(): no params data found
[   99.089305][ T5921] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.099512][ T5921] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.106935][ T5921] bridge_slave_0: entered allmulticast mode
[   99.113901][ T5921] bridge_slave_0: entered promiscuous mode
[   99.123297][ T5921] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.130735][ T5921] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.138477][ T5921] bridge_slave_1: entered allmulticast mode
[   99.145454][ T5921] bridge_slave_1: entered promiscuous mode
[   99.176304][ T5921] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.188918][ T5921] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.217961][ T5921] team0: Port device team_slave_0 added
[   99.227227][ T5921] team0: Port device team_slave_1 added
[   99.251233][ T5921] batman_adv: batadv0: Adding interface: batadv_slave_0
[   99.258387][ T5921] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.284822][ T5921] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   99.297973][ T5921] batman_adv: batadv0: Adding interface: batadv_slave_1
[   99.305030][ T5921] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.331167][ T5921] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   99.368433][ T5921] hsr_slave_0: entered promiscuous mode
[   99.375388][ T5921] hsr_slave_1: entered promiscuous mode
[   99.493884][ T5921] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   99.504806][ T5921] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   99.516078][ T5921] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   99.526747][ T5921] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   99.605762][ T5921] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.633822][ T5921] 8021q: adding VLAN 0 to HW filter on device team0
[   99.649778][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.657075][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.673524][   T82] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.680734][   T82] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.847358][ T5921] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.889546][ T5921] veth0_vlan: entered promiscuous mode
[   99.900798][ T5921] veth1_vlan: entered promiscuous mode
[   99.932280][ T5921] veth0_macvtap: entered promiscuous mode
[   99.942217][ T5921] veth1_macvtap: entered promiscuous mode
[   99.960893][ T5921] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.978337][ T5921] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.990577][ T5921] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.000224][ T5921] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.010046][ T5921] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.019578][ T5921] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.217749][ T1099] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.307632][ T1099] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.415883][ T1099] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.521320][ T1099] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/03/21 06:06:03 executed programs: 0
[  101.220522][ T5899] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  101.230447][ T5899] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  101.242434][ T5899] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  101.250884][ T5899] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  101.259567][ T5899] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  101.267550][ T5899] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  101.411989][ T5949] chnl_net:caif_netlink_parms(): no params data found
[  101.471364][ T5949] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.478719][ T5949] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.486053][ T5949] bridge_slave_0: entered allmulticast mode
[  101.492851][ T5949] bridge_slave_0: entered promiscuous mode
[  101.501083][ T5949] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.508483][ T5949] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.516159][ T5949] bridge_slave_1: entered allmulticast mode
[  101.523071][ T5949] bridge_slave_1: entered promiscuous mode
[  101.553008][ T5949] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  101.566144][ T5949] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  101.600627][ T5949] team0: Port device team_slave_0 added
[  101.608289][ T5949] team0: Port device team_slave_1 added
[  101.632759][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_0
[  101.639969][ T5949] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.667231][ T5949] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  101.681098][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_1
[  101.688468][ T5949] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.716378][ T5949] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  101.757836][ T5949] hsr_slave_0: entered promiscuous mode
[  101.765074][ T5949] hsr_slave_1: entered promiscuous mode
[  101.771128][ T5949] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  101.779759][ T5949] Cannot create hsr debugfs directory
[  103.195739][ T1099] bridge_slave_1: left allmulticast mode
[  103.202064][ T1099] bridge_slave_1: left promiscuous mode
[  103.217439][ T1099] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.229315][ T1099] bridge_slave_0: left allmulticast mode
[  103.236673][ T1099] bridge_slave_0: left promiscuous mode
[  103.242542][ T1099] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.320939][ T5147] Bluetooth: hci0: command tx timeout
[  103.519129][ T1099] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  103.530317][ T1099] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  103.541015][ T1099] bond0 (unregistering): Released all slaves
[  103.616477][ T1099] hsr_slave_0: left promiscuous mode
[  103.622536][ T1099] hsr_slave_1: left promiscuous mode
[  103.628911][ T1099] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  103.636663][ T1099] batman_adv: batadv0: Removing interface: batadv_slave_0
[  103.645242][ T1099] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  103.652675][ T1099] batman_adv: batadv0: Removing interface: batadv_slave_1
[  103.672677][ T1099] veth1_macvtap: left promiscuous mode
[  103.678579][ T1099] veth0_macvtap: left promiscuous mode
[  103.684372][ T1099] veth1_vlan: left promiscuous mode
[  103.689882][ T1099] veth0_vlan: left promiscuous mode
[  104.033945][ T1099] team0 (unregistering): Port device team_slave_1 removed
[  104.069459][ T1099] team0 (unregistering): Port device team_slave_0 removed
[  104.719745][ T5949] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  104.730131][ T5949] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  104.742499][ T5949] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  104.756003][ T5949] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  104.851734][ T5949] 8021q: adding VLAN 0 to HW filter on device bond0
[  104.880607][ T5949] 8021q: adding VLAN 0 to HW filter on device team0
[  104.950585][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.958437][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  104.970560][   T82] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.977739][   T82] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.283268][ T5949] 8021q: adding VLAN 0 to HW filter on device batadv0
[  105.343779][ T5949] veth0_vlan: entered promiscuous mode
[  105.359737][ T5949] veth1_vlan: entered promiscuous mode
[  105.394694][ T5147] Bluetooth: hci0: command tx timeout
[  105.397174][ T5949] veth0_macvtap: entered promiscuous mode
[  105.412104][ T5949] veth1_macvtap: entered promiscuous mode
[  105.435679][ T5949] batman_adv: batadv0: Interface activated: batadv_slave_0
[  105.451528][ T5949] batman_adv: batadv0: Interface activated: batadv_slave_1
[  105.468371][ T5949] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  105.480041][ T5949] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  105.490048][ T5949] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  105.499911][ T5949] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  105.572078][ T1156] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.585824][ T1156] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.609407][ T1156] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.617875][ T1156] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/03/21 06:06:08 executed programs: 27
[  107.484174][ T5147] Bluetooth: hci0: command tx timeout
[  109.554226][ T5147] Bluetooth: hci0: command tx timeout
2025/03/21 06:06:13 executed programs: 273
2025/03/21 06:06:18 executed programs: 522
[  117.908689][ T5899] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  117.918437][ T5899] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  117.927739][ T5899] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  117.936762][ T5899] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  117.945872][ T5899] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  117.953456][ T5899] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  118.082437][ T1156] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.100859][ T6595] chnl_net:caif_netlink_parms(): no params data found
[  118.156770][ T1156] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.180280][ T6595] bridge0: port 1(bridge_slave_0) entered blocking state
[  118.187680][ T6595] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.195117][ T6595] bridge_slave_0: entered allmulticast mode
[  118.202092][ T6595] bridge_slave_0: entered promiscuous mode
[  118.210113][ T6595] bridge0: port 2(bridge_slave_1) entered blocking state
[  118.217837][ T6595] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.225272][ T6595] bridge_slave_1: entered allmulticast mode
[  118.232686][ T6595] bridge_slave_1: entered promiscuous mode
[  118.249952][ T1156] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.283935][ T6595] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  118.296930][ T6595] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  118.327692][ T1156] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.353202][ T6595] team0: Port device team_slave_0 added
[  118.362561][ T6595] team0: Port device team_slave_1 added
[  118.390614][ T6595] batman_adv: batadv0: Adding interface: batadv_slave_0
[  118.397861][ T6595] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  118.425188][ T6595] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  118.438055][ T6595] batman_adv: batadv0: Adding interface: batadv_slave_1
[  118.445128][ T6595] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  118.471397][ T6595] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  118.540138][ T6595] hsr_slave_0: entered promiscuous mode
[  118.548098][ T6595] hsr_slave_1: entered promiscuous mode
[  118.585981][ T1156] bridge_slave_1: left allmulticast mode
[  118.591692][ T1156] bridge_slave_1: left promiscuous mode
[  118.599934][ T1156] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.608893][ T1156] bridge_slave_0: left allmulticast mode
[  118.615220][ T1156] bridge_slave_0: left promiscuous mode
[  118.621746][ T1156] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.895471][ T1156] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  118.907534][ T1156] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  118.919666][ T1156] bond0 (unregistering): Released all slaves
[  119.201109][ T1156] hsr_slave_0: left promiscuous mode
[  119.207517][ T1156] hsr_slave_1: left promiscuous mode
[  119.217374][ T1156] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  119.230926][ T1156] batman_adv: batadv0: Removing interface: batadv_slave_0
[  119.241645][ T1156] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  119.249326][ T1156] batman_adv: batadv0: Removing interface: batadv_slave_1
[  119.270807][ T1156] veth1_macvtap: left promiscuous mode
[  119.280005][ T1156] veth0_macvtap: left promiscuous mode
[  119.285869][ T1156] veth1_vlan: left promiscuous mode
[  119.291242][ T1156] veth0_vlan: left promiscuous mode
[  119.703880][ T1156] team0 (unregistering): Port device team_slave_1 removed
[  119.736354][ T1156] team0 (unregistering): Port device team_slave_0 removed
[  120.044266][ T5147] Bluetooth: hci1: command tx timeout
[  120.300771][ T6595] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  120.312029][ T6595] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  120.327864][ T6595] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  120.341103][ T6595] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  120.466670][ T6595] 8021q: adding VLAN 0 to HW filter on device bond0
[  120.485758][ T6595] 8021q: adding VLAN 0 to HW filter on device team0
[  120.503660][   T82] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.510867][   T82] bridge0: port 1(bridge_slave_0) entered forwarding state
[  120.536903][   T82] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.544092][   T82] bridge0: port 2(bridge_slave_1) entered forwarding state
[  120.757828][ T6595] 8021q: adding VLAN 0 to HW filter on device batadv0
[  120.813282][ T6595] veth0_vlan: entered promiscuous mode
[  120.828714][ T6595] veth1_vlan: entered promiscuous mode
[  120.866405][ T6595] veth0_macvtap: entered promiscuous mode
[  120.879248][ T6595] veth1_macvtap: entered promiscuous mode
[  120.903728][ T6595] batman_adv: batadv0: Interface activated: batadv_slave_0
[  120.930567][ T6595] batman_adv: batadv0: Interface activated: batadv_slave_1
[  120.943792][ T6595] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  120.955820][ T6595] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  120.965764][ T6595] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  120.976283][ T6595] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  121.059768][ T1099] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.082215][ T1099] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.112547][ T1099] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.121461][ T1099] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.208610][ T6653] ==================================================================
[  121.216721][ T6653] BUG: KASAN: slab-use-after-free in force_devcd_write+0x317/0x330
[  121.224640][ T6653] Read of size 8 at addr ffff88807ecc2000 by task syz.0.616/6653
[  121.232372][ T6653] 
[  121.234726][ T6653] CPU: 1 UID: 0 PID: 6653 Comm: syz.0.616 Not tainted 6.14.0-rc7-syzkaller-00137-g5fc319360819 #0
[  121.234756][ T6653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  121.234775][ T6653] Call Trace:
[  121.234783][ T6653]  <TASK>
[  121.234791][ T6653]  dump_stack_lvl+0x116/0x1f0
[  121.234833][ T6653]  print_report+0xc3/0x670
[  121.234852][ T6653]  ? __virt_addr_valid+0x5e/0x590
[  121.234874][ T6653]  ? __phys_addr+0xc6/0x150
[  121.234896][ T6653]  kasan_report+0xd9/0x110
[  121.234915][ T6653]  ? force_devcd_write+0x317/0x330
[  121.234946][ T6653]  ? force_devcd_write+0x317/0x330
[  121.234979][ T6653]  force_devcd_write+0x317/0x330
[  121.235009][ T6653]  ? __pfx_force_devcd_write+0x10/0x10
[  121.235040][ T6653]  ? __debugfs_file_get+0x1ff/0x850
[  121.235069][ T6653]  ? __pfx___debugfs_file_get+0x10/0x10
[  121.235098][ T6653]  ? rcu_is_watching+0x12/0xc0
[  121.235120][ T6653]  ? trace_lock_acquire+0x14e/0x1f0
[  121.235147][ T6653]  full_proxy_write+0x13c/0x200
[  121.235176][ T6653]  ? __pfx_full_proxy_write+0x10/0x10
[  121.235205][ T6653]  vfs_write+0x24c/0x1150
[  121.235237][ T6653]  ? __pfx_vfs_write+0x10/0x10
[  121.235266][ T6653]  ? do_futex+0x123/0x350
[  121.235291][ T6653]  ? __pfx_do_futex+0x10/0x10
[  121.235321][ T6653]  ? __x64_sys_futex+0x1e1/0x4c0
[  121.235346][ T6653]  ? __x64_sys_futex+0x1ea/0x4c0
[  121.235374][ T6653]  ksys_write+0x12b/0x250
[  121.235403][ T6653]  ? __pfx_ksys_write+0x10/0x10
[  121.235436][ T6653]  do_syscall_64+0xcd/0x250
[  121.235470][ T6653]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.235507][ T6653] RIP: 0033:0x7f499798d169
[  121.235524][ T6653] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  121.235550][ T6653] RSP: 002b:00007fffea7b6298 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  121.235571][ T6653] RAX: ffffffffffffffda RBX: 00007f4997ba5fa0 RCX: 00007f499798d169
[  121.235586][ T6653] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  121.235600][ T6653] RBP: 00007f4997a0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  121.235614][ T6653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  121.235628][ T6653] R13: 00007f4997ba5fa0 R14: 00007f4997ba5fa0 R15: 0000000000000003
[  121.235648][ T6653]  </TASK>
[  121.235655][ T6653] 
[  121.462109][ T6653] Allocated by task 5949:
[  121.466463][ T6653]  kasan_save_stack+0x33/0x60
[  121.471177][ T6653]  kasan_save_track+0x14/0x30
[  121.475884][ T6653]  __kasan_kmalloc+0xaa/0xb0
[  121.480503][ T6653]  vhci_open+0x4c/0x430
[  121.484702][ T6653]  misc_open+0x35a/0x420
[  121.488982][ T6653]  chrdev_open+0x237/0x6a0
[  121.493446][ T6653]  do_dentry_open+0x735/0x1c40
[  121.498245][ T6653]  vfs_open+0x82/0x3f0
[  121.502340][ T6653]  path_openat+0x1e88/0x2d80
[  121.506985][ T6653]  do_filp_open+0x20c/0x470
[  121.511518][ T6653]  do_sys_openat2+0x17a/0x1e0
[  121.516217][ T6653]  __x64_sys_openat+0x175/0x210
[  121.521087][ T6653]  do_syscall_64+0xcd/0x250
[  121.525627][ T6653]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.531550][ T6653] 
[  121.533891][ T6653] Freed by task 5949:
[  121.537881][ T6653]  kasan_save_stack+0x33/0x60
[  121.542588][ T6653]  kasan_save_track+0x14/0x30
[  121.547303][ T6653]  kasan_save_free_info+0x3b/0x60
[  121.552358][ T6653]  __kasan_slab_free+0x51/0x70
[  121.557154][ T6653]  kfree+0x2c4/0x4d0
[  121.561077][ T6653]  vhci_release+0xbb/0xf0
[  121.565433][ T6653]  __fput+0x3ff/0xb70
[  121.569456][ T6653]  task_work_run+0x14e/0x250
[  121.574072][ T6653]  do_exit+0xad8/0x2db0
[  121.578249][ T6653]  do_group_exit+0xd3/0x2a0
[  121.582771][ T6653]  get_signal+0x24ed/0x26c0
[  121.587310][ T6653]  arch_do_signal_or_restart+0x90/0x7e0
[  121.592878][ T6653]  syscall_exit_to_user_mode+0x150/0x2a0
[  121.598545][ T6653]  do_syscall_64+0xda/0x250
[  121.603086][ T6653]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.609007][ T6653] 
[  121.611338][ T6653] The buggy address belongs to the object at ffff88807ecc2000
[  121.611338][ T6653]  which belongs to the cache kmalloc-1k of size 1024
[  121.625517][ T6653] The buggy address is located 0 bytes inside of
[  121.625517][ T6653]  freed 1024-byte region [ffff88807ecc2000, ffff88807ecc2400)
[  121.639247][ T6653] 
[  121.641667][ T6653] The buggy address belongs to the physical page:
[  121.648100][ T6653] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7ecc0
[  121.656908][ T6653] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  121.665422][ T6653] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  121.672990][ T6653] page_type: f5(slab)
[  121.676986][ T6653] raw: 00fff00000000040 ffff88801b041dc0 ffffea0001a42c00 dead000000000002
[  121.685588][ T6653] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  121.694202][ T6653] head: 00fff00000000040 ffff88801b041dc0 ffffea0001a42c00 dead000000000002
[  121.702891][ T6653] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  121.711584][ T6653] head: 00fff00000000003 ffffea0001fb3001 ffffffffffffffff 0000000000000000
[  121.720307][ T6653] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  121.728990][ T6653] page dumped because: kasan: bad access detected
[  121.735423][ T6653] page_owner tracks the page as allocated
[  121.741148][ T6653] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5503, tgid 5503 (dhcpcd), ts 60391724815, free_ts 60219730194
[  121.759944][ T6653]  post_alloc_hook+0x181/0x1b0
[  121.764742][ T6653]  get_page_from_freelist+0xfce/0x2f80
[  121.770234][ T6653]  __alloc_frozen_pages_noprof+0x221/0x2470
[  121.776164][ T6653]  alloc_pages_mpol+0x1fc/0x540
[  121.781029][ T6653]  new_slab+0x23d/0x330
[  121.785213][ T6653]  ___slab_alloc+0xc5d/0x1720
[  121.789916][ T6653]  __slab_alloc.constprop.0+0x56/0xb0
[  121.795319][ T6653]  __kmalloc_noprof+0x2ec/0x510
[  121.800202][ T6653]  ___neigh_create+0x14ee/0x28e0
[  121.805161][ T6653]  ip6_finish_output2+0x130c/0x20a0
[  121.810409][ T6653]  ip6_finish_output+0x3f9/0x1360
[  121.815465][ T6653]  ip6_output+0x1f8/0x540
[  121.819828][ T6653]  ip6_local_out+0xcd/0x4a0
[  121.824355][ T6653]  ip6_send_skb+0x112/0x460
[  121.828887][ T6653]  ip6_push_pending_frames+0xe0/0x110
[  121.834289][ T6653]  rawv6_sendmsg+0x2f95/0x4610
[  121.839078][ T6653] page last free pid 5635 tgid 5635 stack trace:
[  121.845419][ T6653]  free_frozen_pages+0x6db/0xfb0
[  121.850390][ T6653]  qlist_free_all+0x4e/0x120
[  121.855029][ T6653]  kasan_quarantine_reduce+0x195/0x1e0
[  121.860516][ T6653]  __kasan_slab_alloc+0x69/0x90
[  121.865397][ T6653]  kmem_cache_alloc_noprof+0x226/0x3d0
[  121.870888][ T6653]  __anon_vma_prepare+0xae/0x5e0
[  121.875880][ T6653]  __vmf_anon_prepare+0x11c/0x240
[  121.880934][ T6653]  do_pte_missing+0x1032/0x3e10
[  121.885816][ T6653]  __handle_mm_fault+0x103c/0x2a40
[  121.890961][ T6653]  handle_mm_fault+0x3fa/0xaa0
[  121.895754][ T6653]  do_user_addr_fault+0x60d/0x13f0
[  121.900893][ T6653]  exc_page_fault+0x5c/0xc0
[  121.905424][ T6653]  asm_exc_page_fault+0x26/0x30
[  121.910307][ T6653] 
[  121.912643][ T6653] Memory state around the buggy address:
[  121.918282][ T6653]  ffff88807ecc1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  121.926360][ T6653]  ffff88807ecc1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  121.934437][ T6653] >ffff88807ecc2000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  121.942508][ T6653]                    ^
[  121.946592][ T6653]  ffff88807ecc2080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  121.954668][ T6653]  ffff88807ecc2100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  121.962738][ T6653] ==================================================================
[  121.993367][ T6653] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  122.000649][ T6653] CPU: 0 UID: 0 PID: 6653 Comm: syz.0.616 Not tainted 6.14.0-rc7-syzkaller-00137-g5fc319360819 #0
[  122.011288][ T6653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  122.021366][ T6653] Call Trace:
[  122.024693][ T6653]  <TASK>
[  122.027665][ T6653]  dump_stack_lvl+0x3d/0x1f0
[  122.032318][ T6653]  panic+0x71d/0x800
[  122.036243][ T6653]  ? __pfx_panic+0x10/0x10
[  122.040708][ T6653]  ? preempt_schedule_thunk+0x1a/0x30
[  122.046123][ T6653]  ? preempt_schedule_common+0x44/0xc0
[  122.051615][ T6653]  ? check_panic_on_warn+0x1f/0xb0
[  122.056758][ T6653]  check_panic_on_warn+0xab/0xb0
[  122.061721][ T6653]  end_report+0x117/0x180
[  122.066071][ T6653]  kasan_report+0xe9/0x110
[  122.070504][ T6653]  ? force_devcd_write+0x317/0x330
[  122.075663][ T6653]  ? force_devcd_write+0x317/0x330
[  122.080809][ T6653]  force_devcd_write+0x317/0x330
[  122.085780][ T6653]  ? __pfx_force_devcd_write+0x10/0x10
[  122.091295][ T6653]  ? __debugfs_file_get+0x1ff/0x850
[  122.096524][ T6653]  ? __pfx___debugfs_file_get+0x10/0x10
[  122.102098][ T6653]  ? rcu_is_watching+0x12/0xc0
[  122.106887][ T6653]  ? trace_lock_acquire+0x14e/0x1f0
[  122.112114][ T6653]  full_proxy_write+0x13c/0x200
[  122.116998][ T6653]  ? __pfx_full_proxy_write+0x10/0x10
[  122.122409][ T6653]  vfs_write+0x24c/0x1150
[  122.126784][ T6653]  ? __pfx_vfs_write+0x10/0x10
[  122.131581][ T6653]  ? do_futex+0x123/0x350
[  122.135955][ T6653]  ? __pfx_do_futex+0x10/0x10
[  122.140685][ T6653]  ? __x64_sys_futex+0x1e1/0x4c0
[  122.145662][ T6653]  ? __x64_sys_futex+0x1ea/0x4c0
[  122.150669][ T6653]  ksys_write+0x12b/0x250
[  122.155054][ T6653]  ? __pfx_ksys_write+0x10/0x10
[  122.159953][ T6653]  do_syscall_64+0xcd/0x250
[  122.164500][ T6653]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.170432][ T6653] RIP: 0033:0x7f499798d169
[  122.174872][ T6653] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  122.194519][ T6653] RSP: 002b:00007fffea7b6298 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  122.202978][ T6653] RAX: ffffffffffffffda RBX: 00007f4997ba5fa0 RCX: 00007f499798d169
[  122.210964][ T6653] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
[  122.218948][ T6653] RBP: 00007f4997a0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  122.226933][ T6653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  122.234918][ T6653] R13: 00007f4997ba5fa0 R14: 00007f4997ba5fa0 R15: 0000000000000003
[  122.242916][ T6653]  </TASK>
[  122.246245][ T6653] Kernel Offset: disabled
[  122.250609][ T6653] Rebooting in 86400 seconds..