forked to background, child pid 5497
[   56.017284][ T5495] dhcpcd (5495) used greatest stack depth: 20912 bytes left
[   56.030619][ T5498] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.040803][ T5498] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.191' (ED25519) to the list of known hosts.
syzkaller login: [   83.883248][ T5835] chnl_net:caif_netlink_parms(): no params data found
[   83.960260][ T5831] chnl_net:caif_netlink_parms(): no params data found
[   84.023552][ T5830] chnl_net:caif_netlink_parms(): no params data found
[   84.040537][ T5834] chnl_net:caif_netlink_parms(): no params data found
[   84.050846][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.058790][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.066306][ T5835] bridge_slave_0: entered allmulticast mode
[   84.073614][ T5835] bridge_slave_0: entered promiscuous mode
[   84.109087][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.116347][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.123764][ T5835] bridge_slave_1: entered allmulticast mode
[   84.130632][ T5835] bridge_slave_1: entered promiscuous mode
[   84.205204][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   84.218686][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.225981][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.233602][ T5831] bridge_slave_0: entered allmulticast mode
[   84.240355][ T5831] bridge_slave_0: entered promiscuous mode
[   84.248478][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.255757][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.263035][ T5831] bridge_slave_1: entered allmulticast mode
[   84.269816][ T5831] bridge_slave_1: entered promiscuous mode
[   84.281901][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   84.381957][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   84.397853][ T5835] team0: Port device team_slave_0 added
[   84.432535][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   84.444038][ T5835] team0: Port device team_slave_1 added
[   84.450638][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.457881][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.467032][ T5830] bridge_slave_0: entered allmulticast mode
[   84.474995][ T5830] bridge_slave_0: entered promiscuous mode
[   84.483777][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.490878][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.498850][ T5830] bridge_slave_1: entered allmulticast mode
[   84.505910][ T5830] bridge_slave_1: entered promiscuous mode
[   84.512895][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.520002][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.527361][ T5834] bridge_slave_0: entered allmulticast mode
[   84.534335][ T5834] bridge_slave_0: entered promiscuous mode
[   84.543154][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.550284][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.557582][ T5834] bridge_slave_1: entered allmulticast mode
[   84.564554][ T5834] bridge_slave_1: entered promiscuous mode
[   84.629166][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0
[   84.636338][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   84.662419][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   84.685950][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   84.699611][ T5831] team0: Port device team_slave_0 added
[   84.708291][ T5831] team0: Port device team_slave_1 added
[   84.714876][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1
[   84.722177][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   84.748251][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   84.761858][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   84.773036][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   84.806714][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   84.834236][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0
[   84.841603][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   84.867862][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   84.902210][ T5834] team0: Port device team_slave_0 added
[   84.919931][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1
[   84.927095][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   84.953756][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   84.988552][ T5834] team0: Port device team_slave_1 added
[   84.998970][ T5835] hsr_slave_0: entered promiscuous mode
[   85.009268][ T5835] hsr_slave_1: entered promiscuous mode
[   85.018894][ T5830] team0: Port device team_slave_0 added
[   85.028177][ T5830] team0: Port device team_slave_1 added
[   85.069610][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0
[   85.076813][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   85.103452][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   85.141167][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1
[   85.148319][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   85.174527][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   85.197446][ T5831] hsr_slave_0: entered promiscuous mode
[   85.205434][ T5831] hsr_slave_1: entered promiscuous mode
[   85.211925][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   85.219679][ T5831] Cannot create hsr debugfs directory
[   85.226167][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0
[   85.233253][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   85.259377][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   85.287185][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1
[   85.294379][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   85.320455][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   85.362287][ T5834] hsr_slave_0: entered promiscuous mode
[   85.368578][ T5834] hsr_slave_1: entered promiscuous mode
[   85.375442][ T5834] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   85.383153][ T5834] Cannot create hsr debugfs directory
[   85.489339][ T5830] hsr_slave_0: entered promiscuous mode
[   85.496688][ T5830] hsr_slave_1: entered promiscuous mode
[   85.503301][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   85.510897][ T5830] Cannot create hsr debugfs directory
[   85.715947][ T5835] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   85.727659][ T5835] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   85.757920][ T5835] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   85.778046][ T5835] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   85.813296][ T5831] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   85.828912][ T5831] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   85.864696][ T5831] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   85.885054][ T5831] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   85.920181][ T5834] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   85.940771][ T5834] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   85.969907][ T5834] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   85.984255][ T5834] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   86.040565][ T5830] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   86.058494][ T5830] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   86.075155][ T5830] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   86.085245][ T5830] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   86.171138][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0
[   86.227433][ T5835] 8021q: adding VLAN 0 to HW filter on device team0
[   86.256309][   T82] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.263641][   T82] bridge0: port 1(bridge_slave_0) entered forwarding state
[   86.280660][   T82] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.287829][   T82] bridge0: port 2(bridge_slave_1) entered forwarding state
[   86.319320][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0
[   86.388599][ T5831] 8021q: adding VLAN 0 to HW filter on device team0
[   86.400590][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0
[   86.420467][ T5835] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   86.446938][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0
[   86.459401][ T3533] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.466724][ T3533] bridge0: port 1(bridge_slave_0) entered forwarding state
[   86.493012][ T3533] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.500125][ T3533] bridge0: port 2(bridge_slave_1) entered forwarding state
[   86.521557][ T5834] 8021q: adding VLAN 0 to HW filter on device team0
[   86.544830][ T3533] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.552040][ T3533] bridge0: port 1(bridge_slave_0) entered forwarding state
[   86.562476][ T3533] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.569610][ T3533] bridge0: port 2(bridge_slave_1) entered forwarding state
[   86.590008][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0
[   86.618597][ T5830] 8021q: adding VLAN 0 to HW filter on device team0
[   86.643281][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.650426][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[   86.676767][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.684000][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   86.787298][ T5835] veth0_vlan: entered promiscuous mode
[   86.820541][ T5835] veth1_vlan: entered promiscuous mode
[   86.838068][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0
[   86.861732][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0
[   86.919472][ T5835] veth0_macvtap: entered promiscuous mode
[   86.957093][ T5835] veth1_macvtap: entered promiscuous mode
[   86.977503][ T5831] veth0_vlan: entered promiscuous mode
[   86.996536][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0
[   87.011099][ T5831] veth1_vlan: entered promiscuous mode
[   87.050633][ T5834] veth0_vlan: entered promiscuous mode
[   87.062672][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0
[   87.079858][ T5831] veth0_macvtap: entered promiscuous mode
[   87.092416][ T5834] veth1_vlan: entered promiscuous mode
[   87.102781][ T5831] veth1_macvtap: entered promiscuous mode
[   87.110380][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1
[   87.137489][ T5835] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   87.147345][ T5835] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   87.156408][ T5835] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   87.165440][ T5835] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   87.196225][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[   87.208129][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   87.219359][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0
[   87.234865][ T5830] veth0_vlan: entered promiscuous mode
[   87.251042][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[   87.262513][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   87.274927][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1
[   87.302845][ T5830] veth1_vlan: entered promiscuous mode
[   87.331692][ T5831] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
executing program
[   87.350579][ T5831] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   87.360133][ T5831] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   87.369693][ T5831] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   87.389402][ T5834] veth0_macvtap: entered promiscuous mode
[   87.401209][ T5863] 
executing program
[   87.403669][ T5863] ================================================
[   87.410180][ T5863] WARNING: lock held when returning to user space!
[   87.416707][ T5863] 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 Not tainted
[   87.423822][ T5863] ------------------------------------------------
[   87.430312][ T5863] syz-executor336/5863 is leaving the kernel with locks still held!
[   87.438299][ T5863] 1 lock held by syz-executor336/5863:
[   87.443765][ T5863]  #0: ffffffff8fabfb08 (rtnl_mutex){+.+.}-{4:4}, at: nsim_pp_hold_write+0x105/0x4d0
[   87.941890][  T748] ==================================================================
[   87.950004][  T748] BUG: KASAN: slab-use-after-free in mutex_can_spin_on_owner+0x1d9/0x210
[   87.958433][  T748] Read of size 4 at addr ffff88802d3b1e34 by task kworker/u8:5/748
[   87.966349][  T748] 
[   87.968705][  T748] CPU: 0 UID: 0 PID: 748 Comm: kworker/u8:5 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0
[   87.979496][  T748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[   87.989561][  T748] Workqueue: events_unbound linkwatch_event
[   87.995500][  T748] Call Trace:
[   87.998800][  T748]  <TASK>
[   88.001744][  T748]  dump_stack_lvl+0x116/0x1f0
[   88.006491][  T748]  print_report+0xc3/0x620
[   88.010926][  T748]  ? __virt_addr_valid+0x5e/0x590
[   88.015965][  T748]  ? __phys_addr+0xc6/0x150
[   88.020484][  T748]  kasan_report+0xd9/0x110
[   88.024937][  T748]  ? mutex_can_spin_on_owner+0x1d9/0x210
[   88.030576][  T748]  ? mutex_can_spin_on_owner+0x1d9/0x210
[   88.036244][  T748]  mutex_can_spin_on_owner+0x1d9/0x210
[   88.041799][  T748]  __mutex_lock+0x23d/0xa60
[   88.046315][  T748]  ? linkwatch_event+0x51/0xc0
[   88.051095][  T748]  ? lock_acquire+0x2f/0xb0
[   88.055632][  T748]  ? try_to_wake_up+0xb6/0x1490
[   88.060490][  T748]  ? __pfx___mutex_lock+0x10/0x10
[   88.065534][  T748]  ? do_raw_spin_unlock+0x172/0x230
[   88.070758][  T748]  ? lock_release+0x4e2/0x6f0
[   88.075452][  T748]  ? process_one_work+0x7b5/0x1b30
[   88.080571][  T748]  ? rcu_is_watching+0x12/0xc0
[   88.085349][  T748]  ? linkwatch_event+0x51/0xc0
[   88.090135][  T748]  linkwatch_event+0x51/0xc0
[   88.094743][  T748]  ? __pfx_linkwatch_event+0x10/0x10
[   88.100040][  T748]  ? rcu_is_watching+0x12/0xc0
[   88.104817][  T748]  process_one_work+0x958/0x1b30
[   88.109797][  T748]  ? __pfx_batadv_nc_worker+0x10/0x10
[   88.115191][  T748]  ? __pfx_process_one_work+0x10/0x10
[   88.120585][  T748]  ? rcu_is_watching+0x12/0xc0
[   88.125357][  T748]  ? assign_work+0x1a0/0x250
[   88.129965][  T748]  worker_thread+0x6c8/0xf00
[   88.134563][  T748]  ? __kthread_parkme+0x148/0x220
[   88.139619][  T748]  ? __pfx_worker_thread+0x10/0x10
[   88.144736][  T748]  kthread+0x2c1/0x3a0
[   88.148816][  T748]  ? _raw_spin_unlock_irq+0x23/0x50
[   88.154029][  T748]  ? __pfx_kthread+0x10/0x10
[   88.158633][  T748]  ret_from_fork+0x45/0x80
[   88.163070][  T748]  ? __pfx_kthread+0x10/0x10
[   88.167684][  T748]  ret_from_fork_asm+0x1a/0x30
[   88.172469][  T748]  </TASK>
[   88.175489][  T748] 
[   88.177812][  T748] Allocated by task 5835:
[   88.182136][  T748]  kasan_save_stack+0x33/0x60
[   88.186830][  T748]  kasan_save_track+0x14/0x30
[   88.191516][  T748]  __kasan_slab_alloc+0x89/0x90
[   88.196379][  T748]  kmem_cache_alloc_node_noprof+0x1ca/0x3b0
[   88.202290][  T748]  copy_process+0x49c/0x6f20
[   88.206917][  T748]  kernel_clone+0xfd/0x960
[   88.211342][  T748]  __do_sys_clone+0xba/0x100
[   88.215944][  T748]  do_syscall_64+0xcd/0x250
[   88.220473][  T748]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.226380][  T748] 
[   88.228701][  T748] Freed by task 0:
[   88.232430][  T748]  kasan_save_stack+0x33/0x60
[   88.237117][  T748]  kasan_save_track+0x14/0x30
[   88.241802][  T748]  kasan_save_free_info+0x3b/0x60
[   88.246832][  T748]  __kasan_slab_free+0x51/0x70
[   88.251612][  T748]  kmem_cache_free+0x152/0x4c0
[   88.256405][  T748]  delayed_put_task_struct+0x119/0x2f0
[   88.261879][  T748]  rcu_core+0x79d/0x14d0
[   88.266128][  T748]  handle_softirqs+0x213/0x8f0
[   88.270899][  T748]  __irq_exit_rcu+0x109/0x170
[   88.275582][  T748]  irq_exit_rcu+0x9/0x30
[   88.279832][  T748]  sysvec_apic_timer_interrupt+0xa4/0xc0
[   88.285475][  T748]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   88.291467][  T748] 
[   88.293789][  T748] Last potentially related work creation:
[   88.299502][  T748]  kasan_save_stack+0x33/0x60
[   88.304217][  T748]  __kasan_record_aux_stack+0xba/0xd0
[   88.309600][  T748]  __call_rcu_common.constprop.0+0x99/0x7a0
[   88.315504][  T748]  put_task_struct_rcu_user+0x75/0xc0
[   88.320884][  T748]  release_task+0xe75/0x1b00
[   88.325485][  T748]  wait_consider_task+0x1812/0x4100
[   88.330697][  T748]  __do_wait+0x1e2/0x890
[   88.334953][  T748]  do_wait+0x217/0x570
[   88.339054][  T748]  kernel_wait4+0x16c/0x280
[   88.343577][  T748]  __do_sys_wait4+0x15f/0x170
[   88.348267][  T748]  do_syscall_64+0xcd/0x250
[   88.352792][  T748]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.358724][  T748] 
[   88.361064][  T748] The buggy address belongs to the object at ffff88802d3b1e00
[   88.361064][  T748]  which belongs to the cache task_struct of size 7424
[   88.375203][  T748] The buggy address is located 52 bytes inside of
[   88.375203][  T748]  freed 7424-byte region [ffff88802d3b1e00, ffff88802d3b3b00)
[   88.389006][  T748] 
[   88.391329][  T748] The buggy address belongs to the physical page:
[   88.397751][  T748] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2d3b0
[   88.406522][  T748] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   88.415046][  T748] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   88.422608][  T748] page_type: f5(slab)
[   88.426594][  T748] raw: 00fff00000000040 ffff888140409500 ffffea0000a46400 dead000000000002
[   88.435183][  T748] raw: 0000000000000000 0000000080040004 00000001f5000000 0000000000000000
[   88.443787][  T748] head: 00fff00000000040 ffff888140409500 ffffea0000a46400 dead000000000002
[   88.452498][  T748] head: 0000000000000000 0000000080040004 00000001f5000000 0000000000000000
[   88.461215][  T748] head: 00fff00000000003 ffffea0000b4ec01 ffffffffffffffff 0000000000000000
[   88.469908][  T748] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   88.478600][  T748] page dumped because: kasan: bad access detected
[   88.485046][  T748] page_owner tracks the page as allocated
[   88.490763][  T748] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2, tgid 2 (kthreadd), ts 24543565853, free_ts 0
[   88.510438][  T748]  post_alloc_hook+0x2d1/0x350
[   88.515229][  T748]  get_page_from_freelist+0xfce/0x2f80
[   88.520697][  T748]  __alloc_pages_noprof+0x223/0x25b0
[   88.526005][  T748]  alloc_pages_mpol_noprof+0x2c9/0x610
[   88.531487][  T748]  new_slab+0x2c9/0x410
[   88.535649][  T748]  ___slab_alloc+0xce2/0x1650
[   88.540350][  T748]  __slab_alloc.constprop.0+0x56/0xb0
[   88.545743][  T748]  kmem_cache_alloc_node_noprof+0xf2/0x3b0
[   88.551574][  T748]  copy_process+0x49c/0x6f20
[   88.556202][  T748]  kernel_clone+0xfd/0x960
[   88.560629][  T748]  kernel_thread+0xc0/0x100
[   88.565144][  T748]  kthreadd+0x4ef/0x7d0
[   88.569333][  T748]  ret_from_fork+0x45/0x80
[   88.573756][  T748]  ret_from_fork_asm+0x1a/0x30
[   88.578550][  T748] page_owner free stack trace missing
[   88.583907][  T748] 
[   88.586233][  T748] Memory state around the buggy address:
[   88.591859][  T748]  ffff88802d3b1d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   88.599924][  T748]  ffff88802d3b1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   88.607994][  T748] >ffff88802d3b1e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   88.616063][  T748]                                      ^
[   88.621704][  T748]  ffff88802d3b1e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   88.629770][  T748]  ffff88802d3b1f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   88.637842][  T748] ==================================================================
[   88.646650][  T748] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   88.653866][  T748] CPU: 0 UID: 0 PID: 748 Comm: kworker/u8:5 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0
[   88.664640][  T748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[   88.674707][  T748] Workqueue: events_unbound linkwatch_event
[   88.680639][  T748] Call Trace:
[   88.683927][  T748]  <TASK>
[   88.686867][  T748]  dump_stack_lvl+0x3d/0x1f0
[   88.691480][  T748]  panic+0x71d/0x800
[   88.695426][  T748]  ? __pfx_panic+0x10/0x10
[   88.699866][  T748]  ? trace_irq_enable.constprop.0+0xea/0x140
[   88.705875][  T748]  ? check_panic_on_warn+0x1f/0xb0
[   88.711015][  T748]  check_panic_on_warn+0xab/0xb0
[   88.715975][  T748]  end_report+0x117/0x180
[   88.720328][  T748]  kasan_report+0xe9/0x110
[   88.724769][  T748]  ? mutex_can_spin_on_owner+0x1d9/0x210
[   88.730416][  T748]  ? mutex_can_spin_on_owner+0x1d9/0x210
[   88.736064][  T748]  mutex_can_spin_on_owner+0x1d9/0x210
[   88.741539][  T748]  __mutex_lock+0x23d/0xa60
[   88.746061][  T748]  ? linkwatch_event+0x51/0xc0
[   88.750846][  T748]  ? lock_acquire+0x2f/0xb0
[   88.755363][  T748]  ? try_to_wake_up+0xb6/0x1490
[   88.760236][  T748]  ? __pfx___mutex_lock+0x10/0x10
[   88.765288][  T748]  ? do_raw_spin_unlock+0x172/0x230
[   88.770507][  T748]  ? lock_release+0x4e2/0x6f0
[   88.775197][  T748]  ? process_one_work+0x7b5/0x1b30
[   88.780321][  T748]  ? rcu_is_watching+0x12/0xc0
[   88.785106][  T748]  ? linkwatch_event+0x51/0xc0
[   88.789900][  T748]  linkwatch_event+0x51/0xc0
[   88.794522][  T748]  ? __pfx_linkwatch_event+0x10/0x10
[   88.799836][  T748]  ? rcu_is_watching+0x12/0xc0
[   88.804624][  T748]  process_one_work+0x958/0x1b30
[   88.809585][  T748]  ? __pfx_batadv_nc_worker+0x10/0x10
[   88.815006][  T748]  ? __pfx_process_one_work+0x10/0x10
[   88.820421][  T748]  ? rcu_is_watching+0x12/0xc0
[   88.825244][  T748]  ? assign_work+0x1a0/0x250
[   88.829884][  T748]  worker_thread+0x6c8/0xf00
[   88.834503][  T748]  ? __kthread_parkme+0x148/0x220
[   88.839557][  T748]  ? __pfx_worker_thread+0x10/0x10
[   88.844702][  T748]  kthread+0x2c1/0x3a0
[   88.848795][  T748]  ? _raw_spin_unlock_irq+0x23/0x50
[   88.854030][  T748]  ? __pfx_kthread+0x10/0x10
[   88.858644][  T748]  ret_from_fork+0x45/0x80
[   88.863074][  T748]  ? __pfx_kthread+0x10/0x10
[   88.867681][  T748]  ret_from_fork_asm+0x1a/0x30
[   88.872477][  T748]  </TASK>
[   88.875830][  T748] Kernel Offset: disabled
[   88.880158][  T748] Rebooting in 86400 seconds..