Warning: Permanently added '10.128.1.145' (ED25519) to the list of known hosts.
2025/08/24 21:23:27 parsed 1 programs
[ 55.232865][ T5867] cgroup: Unknown subsys name 'net'
[ 55.415775][ T5867] cgroup: Unknown subsys name 'cpuset'
[ 55.422896][ T5867] cgroup: Unknown subsys name 'rlimit'
[ 56.531622][ T5867] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 58.646733][ T5874] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 59.206527][ T5895] chnl_net:caif_netlink_parms(): no params data found
[ 59.242033][ T5895] bridge0: port 1(bridge_slave_0) entered blocking state
[ 59.249489][ T5895] bridge0: port 1(bridge_slave_0) entered disabled state
[ 59.256959][ T5895] bridge_slave_0: entered allmulticast mode
[ 59.263420][ T5895] bridge_slave_0: entered promiscuous mode
[ 59.273800][ T5895] bridge0: port 2(bridge_slave_1) entered blocking state
[ 59.281207][ T5895] bridge0: port 2(bridge_slave_1) entered disabled state
[ 59.288432][ T5895] bridge_slave_1: entered allmulticast mode
[ 59.294982][ T5895] bridge_slave_1: entered promiscuous mode
[ 59.314632][ T5895] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 59.325702][ T5895] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 59.348881][ T5895] team0: Port device team_slave_0 added
[ 59.357086][ T5895] team0: Port device team_slave_1 added
[ 59.376353][ T5895] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 59.383303][ T5895] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 59.409273][ T5895] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 59.420770][ T5895] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 59.427772][ T5895] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 59.454233][ T5895] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 59.479031][ T5895] hsr_slave_0: entered promiscuous mode
[ 59.485051][ T5895] hsr_slave_1: entered promiscuous mode
[ 59.546356][ T5895] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 59.555408][ T5895] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 59.563785][ T5895] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 59.572435][ T5895] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 59.590148][ T5895] bridge0: port 2(bridge_slave_1) entered blocking state
[ 59.597231][ T5895] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 59.604586][ T5895] bridge0: port 1(bridge_slave_0) entered blocking state
[ 59.611633][ T5895] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 59.641117][ T5895] 8021q: adding VLAN 0 to HW filter on device bond0
[ 59.652921][ T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 59.660989][ T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 59.672986][ T5895] 8021q: adding VLAN 0 to HW filter on device team0
[ 59.683041][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 59.690167][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 59.700680][ T2988] bridge0: port 2(bridge_slave_1) entered blocking state
[ 59.707802][ T2988] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 59.730392][ T5895] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 59.740858][ T5895] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 59.823146][ T5895] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 59.850008][ T5895] veth0_vlan: entered promiscuous mode
[ 59.860097][ T5895] veth1_vlan: entered promiscuous mode
[ 59.878239][ T5895] veth0_macvtap: entered promiscuous mode
[ 59.885798][ T5895] veth1_macvtap: entered promiscuous mode
[ 59.898384][ T5895] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 59.910236][ T5895] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 59.921269][ T1059] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 59.930142][ T2988] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 59.950341][ T2988] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 59.959582][ T2988] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 60.016357][ T49] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 60.061348][ T49] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 60.079599][ T2973] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 60.087529][ T2973] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 60.104446][ T2988] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 60.112276][ T2988] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 60.126609][ T49] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 60.174438][ T49] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 60.579466][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 60.586880][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 60.594344][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 60.602089][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 60.609875][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/08/24 21:23:35 executed programs: 0
[ 61.298776][ T5189] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 61.306066][ T5189] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 61.313231][ T5189] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 61.321442][ T5189] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 61.329078][ T5189] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 61.408076][ T5970] chnl_net:caif_netlink_parms(): no params data found
[ 61.453607][ T5970] bridge0: port 1(bridge_slave_0) entered blocking state
[ 61.460936][ T5970] bridge0: port 1(bridge_slave_0) entered disabled state
[ 61.468318][ T5970] bridge_slave_0: entered allmulticast mode
[ 61.475152][ T5970] bridge_slave_0: entered promiscuous mode
[ 61.482196][ T5970] bridge0: port 2(bridge_slave_1) entered blocking state
[ 61.489421][ T5970] bridge0: port 2(bridge_slave_1) entered disabled state
[ 61.496962][ T5970] bridge_slave_1: entered allmulticast mode
[ 61.503400][ T5970] bridge_slave_1: entered promiscuous mode
[ 61.523859][ T5970] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 61.534819][ T5970] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 61.555374][ T5970] team0: Port device team_slave_0 added
[ 61.562196][ T5970] team0: Port device team_slave_1 added
[ 61.578695][ T5970] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 61.585750][ T5970] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 61.612306][ T5970] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 61.624847][ T5970] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 61.631783][ T5970] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 61.657975][ T5970] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 61.690131][ T5970] hsr_slave_0: entered promiscuous mode
[ 61.696171][ T5970] hsr_slave_1: entered promiscuous mode
[ 61.701954][ T5970] debugfs: 'hsr0' already exists in 'hsr'
[ 61.708032][ T5970] Cannot create hsr debugfs directory
[ 63.019391][ T49] bridge_slave_1: left allmulticast mode
[ 63.025715][ T49] bridge_slave_1: left promiscuous mode
[ 63.031458][ T49] bridge0: port 2(bridge_slave_1) entered disabled state
[ 63.042612][ T49] bridge_slave_0: left allmulticast mode
[ 63.049709][ T49] bridge_slave_0: left promiscuous mode
[ 63.055750][ T49] bridge0: port 1(bridge_slave_0) entered disabled state
[ 63.155456][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 63.166708][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 63.177189][ T49] bond0 (unregistering): Released all slaves
[ 63.276639][ T49] hsr_slave_0: left promiscuous mode
[ 63.282401][ T49] hsr_slave_1: left promiscuous mode
[ 63.288500][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 63.297111][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 63.305888][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 63.313263][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 63.322778][ T49] veth1_macvtap: left promiscuous mode
[ 63.328296][ T49] veth0_macvtap: left promiscuous mode
[ 63.333793][ T49] veth1_vlan: left promiscuous mode
[ 63.339265][ T49] veth0_vlan: left promiscuous mode
[ 63.413993][ T51] Bluetooth: hci0: command tx timeout
[ 63.421776][ T49] team0 (unregistering): Port device team_slave_1 removed
[ 63.431907][ T49] team0 (unregistering): Port device team_slave_0 removed
[ 63.618618][ T5970] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 63.630554][ T5970] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 63.640328][ T5970] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 63.650637][ T5970] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 63.716232][ T5970] 8021q: adding VLAN 0 to HW filter on device bond0
[ 63.730652][ T5970] 8021q: adding VLAN 0 to HW filter on device team0
[ 63.749709][ T1059] bridge0: port 1(bridge_slave_0) entered blocking state
[ 63.756833][ T1059] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 63.770180][ T1059] bridge0: port 2(bridge_slave_1) entered blocking state
[ 63.777309][ T1059] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 64.018749][ T5970] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 64.057542][ T5970] veth0_vlan: entered promiscuous mode
[ 64.069462][ T5970] veth1_vlan: entered promiscuous mode
[ 64.095664][ T5970] veth0_macvtap: entered promiscuous mode
[ 64.104799][ T5970] veth1_macvtap: entered promiscuous mode
[ 64.122473][ T5970] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 64.133824][ T5970] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 64.151459][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 64.166000][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 64.178223][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 64.190177][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 64.231597][ T1059] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 64.243329][ T1059] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 64.265977][ T1059] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 64.273833][ T1059] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 64.311154][ T6021] netlink: 40 bytes leftover after parsing attributes in process `syz.0.17'.
[ 64.351053][ T6023] netlink: 40 bytes leftover after parsing attributes in process `syz.0.18'.
[ 64.375991][ T6025] netlink: 40 bytes leftover after parsing attributes in process `syz.0.19'.
[ 64.400226][ T6027] netlink: 40 bytes leftover after parsing attributes in process `syz.0.20'.
[ 64.422534][ T6029] netlink: 40 bytes leftover after parsing attributes in process `syz.0.21'.
[ 64.441052][ T6031] netlink: 40 bytes leftover after parsing attributes in process `syz.0.22'.
[ 64.461950][ T6033] netlink: 40 bytes leftover after parsing attributes in process `syz.0.23'.
[ 64.480800][ T6035] netlink: 40 bytes leftover after parsing attributes in process `syz.0.24'.
[ 64.513538][ T6037] netlink: 40 bytes leftover after parsing attributes in process `syz.0.25'.
[ 64.532677][ T6039] netlink: 40 bytes leftover after parsing attributes in process `syz.0.26'.
[ 65.493997][ T51] Bluetooth: hci0: command tx timeout
2025/08/24 21:23:40 executed programs: 113
[ 67.583996][ T51] Bluetooth: hci0: command tx timeout
[ 69.315194][ T6607] __nla_validate_parse: 283 callbacks suppressed
[ 69.315211][ T6607] netlink: 40 bytes leftover after parsing attributes in process `syz.0.310'.
[ 69.338193][ T6609] netlink: 40 bytes leftover after parsing attributes in process `syz.0.311'.
[ 69.354656][ T6611] netlink: 40 bytes leftover after parsing attributes in process `syz.0.312'.
[ 69.387972][ T6613] netlink: 40 bytes leftover after parsing attributes in process `syz.0.313'.
[ 69.404240][ T6615] netlink: 40 bytes leftover after parsing attributes in process `syz.0.314'.
[ 69.421077][ T6617] netlink: 40 bytes leftover after parsing attributes in process `syz.0.315'.
[ 69.449196][ T6619] netlink: 40 bytes leftover after parsing attributes in process `syz.0.316'.
[ 69.468419][ T6621] netlink: 40 bytes leftover after parsing attributes in process `syz.0.317'.
[ 69.484838][ T6623] netlink: 40 bytes leftover after parsing attributes in process `syz.0.318'.
[ 69.508636][ T6625] netlink: 40 bytes leftover after parsing attributes in process `syz.0.319'.
[ 69.654443][ T51] Bluetooth: hci0: command tx timeout
2025/08/24 21:23:45 executed programs: 410
[ 71.336682][ T1309] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.342977][ T1309] ieee802154 phy1 wpan1: encryption failed: -22
[ 74.347957][ T7201] __nla_validate_parse: 287 callbacks suppressed
[ 74.347970][ T7201] netlink: 40 bytes leftover after parsing attributes in process `syz.0.607'.
[ 74.372579][ T7203] netlink: 40 bytes leftover after parsing attributes in process `syz.0.608'.
[ 74.389689][ T7205] netlink: 40 bytes leftover after parsing attributes in process `syz.0.609'.
[ 74.418361][ T7207] netlink: 40 bytes leftover after parsing attributes in process `syz.0.610'.
[ 74.435639][ T7209] netlink: 40 bytes leftover after parsing attributes in process `syz.0.611'.
[ 74.452065][ T7211] netlink: 40 bytes leftover after parsing attributes in process `syz.0.612'.
[ 74.477827][ T7213] netlink: 40 bytes leftover after parsing attributes in process `syz.0.613'.
[ 74.496304][ T7215] netlink: 40 bytes leftover after parsing attributes in process `syz.0.614'.
[ 74.513536][ T7217] netlink: 40 bytes leftover after parsing attributes in process `syz.0.615'.
[ 74.538352][ T7219] netlink: 40 bytes leftover after parsing attributes in process `syz.0.616'.
[ 74.571608][ T5189] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 74.582060][ T5189] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 74.590466][ T5189] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 74.599056][ T5189] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 74.606850][ T5189] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 74.681046][ T7222] chnl_net:caif_netlink_parms(): no params data found
[ 74.718132][ T7222] bridge0: port 1(bridge_slave_0) entered blocking state
[ 74.725293][ T7222] bridge0: port 1(bridge_slave_0) entered disabled state
[ 74.732768][ T7222] bridge_slave_0: entered allmulticast mode
[ 74.739656][ T7222] bridge_slave_0: entered promiscuous mode
[ 74.747023][ T7222] bridge0: port 2(bridge_slave_1) entered blocking state
[ 74.754174][ T7222] bridge0: port 2(bridge_slave_1) entered disabled state
[ 74.761267][ T7222] bridge_slave_1: entered allmulticast mode
[ 74.768066][ T7222] bridge_slave_1: entered promiscuous mode
[ 74.783522][ T1059] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 74.801408][ T7222] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 74.811836][ T7222] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 74.831320][ T7222] team0: Port device team_slave_0 added
[ 74.838356][ T7222] team0: Port device team_slave_1 added
[ 74.854362][ T7222] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 74.861313][ T7222] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 74.887334][ T7222] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 74.899395][ T7222] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 74.906425][ T7222] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 74.932311][ T7222] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 74.945789][ T1059] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 74.971603][ T7222] hsr_slave_0: entered promiscuous mode
[ 74.977558][ T7222] hsr_slave_1: entered promiscuous mode
[ 75.000336][ T1059] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 75.048390][ T1059] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 75.146225][ T1059] bridge_slave_1: left allmulticast mode
[ 75.151890][ T1059] bridge_slave_1: left promiscuous mode
[ 75.157741][ T1059] bridge0: port 2(bridge_slave_1) entered disabled state
[ 75.165732][ T1059] bridge_slave_0: left allmulticast mode
[ 75.171356][ T1059] bridge_slave_0: left promiscuous mode
[ 75.177452][ T1059] bridge0: port 1(bridge_slave_0) entered disabled state
[ 75.262325][ T1059] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 75.272211][ T1059] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 75.281691][ T1059] bond0 (unregistering): Released all slaves
[ 75.545670][ T1059] hsr_slave_0: left promiscuous mode
[ 75.551405][ T1059] hsr_slave_1: left promiscuous mode
[ 75.558285][ T1059] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 75.565888][ T1059] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 75.573815][ T1059] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 75.582491][ T1059] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 75.592951][ T1059] veth1_macvtap: left promiscuous mode
[ 75.599611][ T1059] veth0_macvtap: left promiscuous mode
[ 75.605294][ T1059] veth1_vlan: left promiscuous mode
[ 75.610558][ T1059] veth0_vlan: left promiscuous mode
[ 75.764340][ T1059] team0 (unregistering): Port device team_slave_1 removed
[ 75.777136][ T1059] team0 (unregistering): Port device team_slave_0 removed
[ 75.850565][ T7222] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 75.861225][ T7222] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 75.870450][ T7222] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 75.879314][ T7222] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 75.922394][ T7222] 8021q: adding VLAN 0 to HW filter on device bond0
[ 75.935601][ T7222] 8021q: adding VLAN 0 to HW filter on device team0
[ 75.955380][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 75.962458][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 75.971732][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 75.978845][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 76.062822][ T7222] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 76.087941][ T1059] ==================================================================
[ 76.096035][ T1059] BUG: KASAN: slab-use-after-free in __xfrm_state_delete+0x666/0xca0
[ 76.098425][ T7222] veth0_vlan: entered promiscuous mode
[ 76.104105][ T1059] Write of size 8 at addr ffff88805af9aee8 by task kworker/u8:5/1059
[ 76.104121][ T1059]
[ 76.104130][ T1059] CPU: 0 UID: 0 PID: 1059 Comm: kworker/u8:5 Not tainted syzkaller #0 PREEMPT(full)
[ 76.104147][ T1059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 76.104157][ T1059] Workqueue: netns cleanup_net
[ 76.104181][ T1059] Call Trace:
[ 76.104188][ T1059]
[ 76.104194][ T1059] dump_stack_lvl+0x189/0x250
[ 76.104218][ T1059] ? __virt_addr_valid+0x1c8/0x5c0
[ 76.104239][ T1059] ? rcu_is_watching+0x15/0xb0
[ 76.104257][ T1059] ? __pfx_dump_stack_lvl+0x10/0x10
[ 76.104276][ T1059] ? rcu_is_watching+0x15/0xb0
[ 76.104292][ T1059] ? lock_release+0x4b/0x3e0
[ 76.104309][ T1059] ? __virt_addr_valid+0x1c8/0x5c0
[ 76.104329][ T1059] ? __virt_addr_valid+0x4a5/0x5c0
[ 76.104348][ T1059] print_report+0xca/0x240
[ 76.104364][ T1059] ? __xfrm_state_delete+0x666/0xca0
[ 76.104384][ T1059] kasan_report+0x118/0x150
[ 76.104400][ T1059] ? __xfrm_state_delete+0x666/0xca0
[ 76.104422][ T1059] __xfrm_state_delete+0x666/0xca0
[ 76.104445][ T1059] xfrm_state_flush+0x45f/0x770
[ 76.104468][ T1059] xfrm6_tunnel_net_exit+0x3c/0x100
[ 76.104491][ T1059] ops_undo_list+0x49a/0x990
[ 76.104512][ T1059] ? __pfx_ops_undo_list+0x10/0x10
[ 76.104531][ T1059] ? do_raw_spin_unlock+0x122/0x240
[ 76.104552][ T1059] cleanup_net+0x4c5/0x800
[ 76.104571][ T1059] ? __pfx_cleanup_net+0x10/0x10
[ 76.104590][ T1059] ? rcu_is_watching+0x15/0xb0
[ 76.104606][ T1059] ? process_scheduled_works+0x9ef/0x17b0
[ 76.104622][ T1059] ? process_scheduled_works+0x9ef/0x17b0
[ 76.104639][ T1059] process_scheduled_works+0xae1/0x17b0
[ 76.104666][ T1059] ? __pfx_process_scheduled_works+0x10/0x10
[ 76.104688][ T1059] worker_thread+0x8a0/0xda0
[ 76.104706][ T1059] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 76.104726][ T1059] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 76.104745][ T1059] ? __kthread_parkme+0x7b/0x200
[ 76.104765][ T1059] kthread+0x711/0x8a0
[ 76.104785][ T1059] ? __pfx_worker_thread+0x10/0x10
[ 76.104802][ T1059] ? __pfx_kthread+0x10/0x10
[ 76.104821][ T1059] ? rcu_is_watching+0x15/0xb0
[ 76.104838][ T1059] ? __pfx_kthread+0x10/0x10
[ 76.104856][ T1059] ret_from_fork+0x47c/0x820
[ 76.104874][ T1059] ? __pfx_ret_from_fork+0x10/0x10
[ 76.104893][ T1059] ? __switch_to_asm+0x39/0x70
[ 76.104908][ T1059] ? __switch_to_asm+0x33/0x70
[ 76.104923][ T1059] ? __pfx_kthread+0x10/0x10
[ 76.104942][ T1059] ret_from_fork_asm+0x1a/0x30
[ 76.104963][ T1059]
[ 76.104968][ T1059]
[ 76.353745][ T1059] Allocated by task 7047:
[ 76.358052][ T1059] kasan_save_track+0x3e/0x80
[ 76.362715][ T1059] __kasan_slab_alloc+0x6c/0x80
[ 76.367546][ T1059] kmem_cache_alloc_noprof+0x1ad/0x390
[ 76.372986][ T1059] xfrm_state_alloc+0x24/0x2f0
[ 76.377737][ T1059] __find_acq_core+0x8a7/0x1c00
[ 76.382567][ T1059] xfrm_find_acq+0x78/0xa0
[ 76.386966][ T1059] xfrm_alloc_userspi+0x6b3/0xc90
[ 76.391972][ T1059] xfrm_user_rcv_msg+0x7a3/0xab0
[ 76.396893][ T1059] netlink_rcv_skb+0x205/0x470
[ 76.401636][ T1059] xfrm_netlink_rcv+0x79/0x90
[ 76.406287][ T1059] netlink_unicast+0x82f/0x9e0
[ 76.411031][ T1059] netlink_sendmsg+0x805/0xb30
[ 76.415779][ T1059] __sock_sendmsg+0x21c/0x270
[ 76.420433][ T1059] ____sys_sendmsg+0x505/0x830
[ 76.425187][ T1059] ___sys_sendmsg+0x21f/0x2a0
[ 76.429847][ T1059] __x64_sys_sendmsg+0x19b/0x260
[ 76.434765][ T1059] do_syscall_64+0xfa/0xfa0
[ 76.439247][ T1059] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.445127][ T1059]
[ 76.447434][ T1059] Freed by task 981:
[ 76.451305][ T1059] kasan_save_track+0x3e/0x80
[ 76.455974][ T1059] __kasan_save_free_info+0x46/0x50
[ 76.461158][ T1059] __kasan_slab_free+0x5b/0x80
[ 76.465908][ T1059] kmem_cache_free+0x18f/0x400
[ 76.470667][ T1059] xfrm_state_gc_task+0x52d/0x6b0
[ 76.475678][ T1059] process_scheduled_works+0xae1/0x17b0
[ 76.481206][ T1059] worker_thread+0x8a0/0xda0
[ 76.485776][ T1059] kthread+0x711/0x8a0
[ 76.489823][ T1059] ret_from_fork+0x47c/0x820
[ 76.494389][ T1059] ret_from_fork_asm+0x1a/0x30
[ 76.499132][ T1059]
[ 76.501435][ T1059] The buggy address belongs to the object at ffff88805af9aec0
[ 76.501435][ T1059] which belongs to the cache xfrm_state of size 928
[ 76.515386][ T1059] The buggy address is located 40 bytes inside of
[ 76.515386][ T1059] freed 928-byte region [ffff88805af9aec0, ffff88805af9b260)
[ 76.529070][ T1059]
[ 76.531373][ T1059] The buggy address belongs to the physical page:
[ 76.537776][ T1059] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5af98
[ 76.546517][ T1059] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 76.555017][ T1059] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 76.562534][ T1059] page_type: f5(slab)
[ 76.566496][ T1059] raw: 00fff00000000040 ffff88801b77c000 dead000000000122 0000000000000000
[ 76.575143][ T1059] raw: 0000000000000000 00000000000f000f 00000000f5000000 0000000000000000
[ 76.583706][ T1059] head: 00fff00000000040 ffff88801b77c000 dead000000000122 0000000000000000
[ 76.592352][ T1059] head: 0000000000000000 00000000000f000f 00000000f5000000 0000000000000000
[ 76.601086][ T1059] head: 00fff00000000002 ffffea00016be601 00000000ffffffff 00000000ffffffff
[ 76.609733][ T1059] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[ 76.618376][ T1059] page dumped because: kasan: bad access detected
[ 76.624786][ T1059] page_owner tracks the page as allocated
[ 76.630474][ T1059] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6997, tgid 6996 (syz.0.505), ts 72638767036, free_ts 68355788971
[ 76.649473][ T1059] post_alloc_hook+0x240/0x2a0
[ 76.654229][ T1059] get_page_from_freelist+0x21e4/0x22c0
[ 76.659757][ T1059] __alloc_frozen_pages_noprof+0x181/0x370
[ 76.665544][ T1059] alloc_pages_mpol+0x232/0x4a0
[ 76.670376][ T1059] allocate_slab+0x8a/0x330
[ 76.674856][ T1059] ___slab_alloc+0xbd1/0x13e0
[ 76.679508][ T1059] kmem_cache_alloc_noprof+0x26f/0x390
[ 76.684948][ T1059] xfrm_state_alloc+0x24/0x2f0
[ 76.689695][ T1059] __find_acq_core+0x8a7/0x1c00
[ 76.694530][ T1059] xfrm_find_acq+0x78/0xa0
[ 76.698928][ T1059] xfrm_alloc_userspi+0x6b3/0xc90
[ 76.703933][ T1059] xfrm_user_rcv_msg+0x7a3/0xab0
[ 76.708848][ T1059] netlink_rcv_skb+0x205/0x470
[ 76.713593][ T1059] xfrm_netlink_rcv+0x79/0x90
[ 76.718245][ T1059] netlink_unicast+0x82f/0x9e0
[ 76.722989][ T1059] netlink_sendmsg+0x805/0xb30
[ 76.727733][ T1059] page last free pid 5863 tgid 5859 stack trace:
[ 76.734033][ T1059] __free_frozen_pages+0xbc4/0xd30
[ 76.739122][ T1059] __slab_free+0x2e7/0x390
[ 76.743518][ T1059] qlist_free_all+0x97/0x140
[ 76.748091][ T1059] kasan_quarantine_reduce+0x148/0x160
[ 76.753560][ T1059] __kasan_slab_alloc+0x22/0x80
[ 76.758394][ T1059] kmem_cache_alloc_node_noprof+0x1a7/0x390
[ 76.764270][ T1059] kmalloc_reserve+0xbd/0x290
[ 76.768925][ T1059] __alloc_skb+0x142/0x2d0
[ 76.773319][ T1059] tcp_stream_alloc_skb+0x3d/0x340
[ 76.778411][ T1059] tcp_sendmsg_locked+0xf38/0x5620
[ 76.783507][ T1059] tcp_sendmsg+0x2f/0x50
[ 76.787732][ T1059] __sock_sendmsg+0xe5/0x270
[ 76.792304][ T1059] sock_write_iter+0x258/0x330
[ 76.797046][ T1059] vfs_write+0x5c9/0xb30
[ 76.801265][ T1059] ksys_write+0x145/0x250
[ 76.805569][ T1059] do_syscall_64+0xfa/0xfa0
[ 76.810055][ T1059]
[ 76.812357][ T1059] Memory state around the buggy address:
[ 76.817964][ T1059] ffff88805af9ad80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 76.826003][ T1059] ffff88805af9ae00: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
[ 76.834039][ T1059] >ffff88805af9ae80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 76.842073][ T1059] ^
[ 76.849499][ T1059] ffff88805af9af00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 76.857536][ T1059] ffff88805af9af80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 76.865571][ T1059] ==================================================================
[ 76.873707][ T1059] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 76.880894][ T1059] CPU: 0 UID: 0 PID: 1059 Comm: kworker/u8:5 Not tainted syzkaller #0 PREEMPT(full)
[ 76.890442][ T1059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 76.900508][ T1059] Workqueue: netns cleanup_net
[ 76.905296][ T1059] Call Trace:
[ 76.908576][ T1059]
[ 76.911504][ T1059] dump_stack_lvl+0x99/0x250
[ 76.916090][ T1059] ? __asan_memcpy+0x40/0x70
[ 76.920668][ T1059] ? __pfx_dump_stack_lvl+0x10/0x10
[ 76.925850][ T1059] ? __pfx__printk+0x10/0x10
[ 76.930433][ T1059] vpanic+0x281/0x750
[ 76.934397][ T1059] ? __pfx_print_hex_dump+0x10/0x10
[ 76.939582][ T1059] ? __pfx_vpanic+0x10/0x10
[ 76.944072][ T1059] ? rcu_is_watching+0x15/0xb0
[ 76.948821][ T1059] panic+0xb9/0xc0
[ 76.952526][ T1059] ? __pfx_panic+0x10/0x10
[ 76.956928][ T1059] ? _raw_spin_unlock_irqrestore+0xa8/0x110
[ 76.962808][ T1059] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 76.969119][ T1059] ? __xfrm_state_delete+0x666/0xca0
[ 76.974389][ T1059] check_panic_on_warn+0x89/0xb0
[ 76.979312][ T1059] ? __xfrm_state_delete+0x666/0xca0
[ 76.984581][ T1059] end_report+0x78/0x160
[ 76.988802][ T1059] kasan_report+0x129/0x150
[ 76.993285][ T1059] ? __xfrm_state_delete+0x666/0xca0
[ 76.998555][ T1059] __xfrm_state_delete+0x666/0xca0
[ 77.003651][ T1059] xfrm_state_flush+0x45f/0x770
[ 77.008486][ T1059] xfrm6_tunnel_net_exit+0x3c/0x100
[ 77.013672][ T1059] ops_undo_list+0x49a/0x990
[ 77.018422][ T1059] ? __pfx_ops_undo_list+0x10/0x10
[ 77.023514][ T1059] ? do_raw_spin_unlock+0x122/0x240
[ 77.028696][ T1059] cleanup_net+0x4c5/0x800
[ 77.033095][ T1059] ? __pfx_cleanup_net+0x10/0x10
[ 77.038013][ T1059] ? rcu_is_watching+0x15/0xb0
[ 77.042756][ T1059] ? process_scheduled_works+0x9ef/0x17b0
[ 77.048454][ T1059] ? process_scheduled_works+0x9ef/0x17b0
[ 77.054151][ T1059] process_scheduled_works+0xae1/0x17b0
[ 77.059689][ T1059] ? __pfx_process_scheduled_works+0x10/0x10
[ 77.065651][ T1059] worker_thread+0x8a0/0xda0
[ 77.070222][ T1059] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 77.076532][ T1059] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 77.082405][ T1059] ? __kthread_parkme+0x7b/0x200
[ 77.087325][ T1059] kthread+0x711/0x8a0
[ 77.091378][ T1059] ? __pfx_worker_thread+0x10/0x10
[ 77.096471][ T1059] ? __pfx_kthread+0x10/0x10
[ 77.101044][ T1059] ? rcu_is_watching+0x15/0xb0
[ 77.105790][ T1059] ? __pfx_kthread+0x10/0x10
[ 77.110364][ T1059] ret_from_fork+0x47c/0x820
[ 77.114937][ T1059] ? __pfx_ret_from_fork+0x10/0x10
[ 77.120029][ T1059] ? __switch_to_asm+0x39/0x70
[ 77.124771][ T1059] ? __switch_to_asm+0x33/0x70
[ 77.129514][ T1059] ? __pfx_kthread+0x10/0x10
[ 77.134086][ T1059] ret_from_fork_asm+0x1a/0x30
[ 77.138840][ T1059]
[ 77.142083][ T1059] Kernel Offset: disabled
[ 77.146386][ T1059] Rebooting in 86400 seconds..