Warning: Permanently added '10.128.1.148' (ED25519) to the list of known hosts. 1970/01/01 00:01:31 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:32 parsed 1 programs [ 96.121367][ T7002] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 98.817359][ T6598] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 98.818241][ T6598] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 98.818649][ T6598] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 98.819295][ T6598] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 98.819898][ T6598] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 99.252693][ T7053] chnl_net:caif_netlink_parms(): no params data found [ 99.393042][ T7053] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.393128][ T7053] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.393649][ T7053] bridge_slave_0: entered allmulticast mode [ 99.394694][ T7053] bridge_slave_0: entered promiscuous mode [ 99.396087][ T7053] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.396132][ T7053] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.396227][ T7053] bridge_slave_1: entered allmulticast mode [ 99.397091][ T7053] bridge_slave_1: entered promiscuous mode [ 99.453402][ T7053] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.454921][ T7053] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.471229][ T7053] team0: Port device team_slave_0 added [ 99.473289][ T7053] team0: Port device team_slave_1 added [ 99.487256][ T7053] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.487315][ T7053] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.487348][ T7053] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.488366][ T7053] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.488390][ T7053] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.488428][ T7053] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.525719][ T7053] hsr_slave_0: entered promiscuous mode [ 99.527879][ T7053] hsr_slave_1: entered promiscuous mode [ 100.456138][ T7053] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 100.460637][ T7053] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 100.464680][ T7053] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 100.468692][ T7053] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 100.517001][ T7053] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.530862][ T7053] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.546228][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.546326][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.547246][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.547305][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.653346][ T7053] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.675279][ T7053] veth0_vlan: entered promiscuous mode [ 100.681415][ T7053] veth1_vlan: entered promiscuous mode [ 100.693441][ T7053] veth0_macvtap: entered promiscuous mode [ 100.700689][ T7053] veth1_macvtap: entered promiscuous mode [ 100.710480][ T7053] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.717543][ T7053] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.721853][ T7053] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.724452][ T7053] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.726917][ T7053] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.729442][ T7053] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.085116][ T336] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.165323][ T336] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.284652][ T336] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.384889][ T336] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.841086][ T513] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.841158][ T513] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.861866][ T513] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.861992][ T513] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 1970/01/01 00:01:42 executed programs: 0 [ 102.296834][ T6090] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 102.299511][ T6090] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 102.301822][ T6090] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 102.305065][ T6090] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 102.305494][ T6090] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 102.398767][ T7252] chnl_net:caif_netlink_parms(): no params data found [ 102.455306][ T7252] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.457903][ T7252] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.460351][ T7252] bridge_slave_0: entered allmulticast mode [ 102.466589][ T7252] bridge_slave_0: entered promiscuous mode [ 102.471416][ T7252] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.473939][ T7252] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.476252][ T7252] bridge_slave_1: entered allmulticast mode [ 102.478951][ T7252] bridge_slave_1: entered promiscuous mode [ 102.496648][ T7252] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.501176][ T7252] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.526483][ T7252] team0: Port device team_slave_0 added [ 102.529571][ T7252] team0: Port device team_slave_1 added [ 102.545433][ T7252] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.547499][ T7252] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.555389][ T7252] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.560442][ T7252] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.563013][ T7252] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.563055][ T7252] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.597975][ T7252] hsr_slave_0: entered promiscuous mode [ 102.600176][ T7252] hsr_slave_1: entered promiscuous mode [ 102.602564][ T7252] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 102.604972][ T7252] Cannot create hsr debugfs directory [ 103.514739][ T336] bridge_slave_1: left allmulticast mode [ 103.516521][ T336] bridge_slave_1: left promiscuous mode [ 103.518503][ T336] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.522979][ T336] bridge_slave_0: left allmulticast mode [ 103.524633][ T336] bridge_slave_0: left promiscuous mode [ 103.526739][ T336] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.334140][ T6090] Bluetooth: hci0: command tx timeout [ 104.975108][ T336] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 105.024622][ T336] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 105.073778][ T336] bond0 (unregistering): Released all slaves [ 105.139457][ T336] hsr_slave_0: left promiscuous mode [ 105.141634][ T336] hsr_slave_1: left promiscuous mode [ 105.145513][ T336] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 105.147710][ T336] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 105.150439][ T336] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 105.152817][ T336] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 105.164504][ T336] veth1_macvtap: left promiscuous mode [ 105.166233][ T336] veth0_macvtap: left promiscuous mode [ 105.167923][ T336] veth1_vlan: left promiscuous mode [ 105.169519][ T336] veth0_vlan: left promiscuous mode [ 106.422074][ T6090] Bluetooth: hci0: command tx timeout [ 106.994146][ T336] team0 (unregistering): Port device team_slave_1 removed [ 107.183770][ T336] team0 (unregistering): Port device team_slave_0 removed [ 108.492047][ T6090] Bluetooth: hci0: command tx timeout [ 109.900754][ T7252] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 109.905353][ T7252] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 109.923704][ T7252] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 109.927551][ T7252] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 109.998242][ T7252] 8021q: adding VLAN 0 to HW filter on device bond0 [ 110.189459][ T7252] 8021q: adding VLAN 0 to HW filter on device team0 [ 110.207801][ T2209] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.207892][ T2209] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.208701][ T2209] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.208743][ T2209] bridge0: port 2(bridge_slave_1) entered forwarding state [ 110.487662][ T7252] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.504996][ T7252] veth0_vlan: entered promiscuous mode [ 110.508807][ T7252] veth1_vlan: entered promiscuous mode [ 110.520110][ T7252] veth0_macvtap: entered promiscuous mode [ 110.521842][ T7252] veth1_macvtap: entered promiscuous mode [ 110.572302][ T6090] Bluetooth: hci0: command tx timeout [ 110.650248][ T7252] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.655655][ T7252] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.661655][ T7252] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.665244][ T7252] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.665318][ T7252] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.665356][ T7252] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.769455][ T513] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.769513][ T513] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.846594][ T513] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.848012][ T513] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 1970/01/01 00:01:50 executed programs: 2 [ 111.089984][ T7463] ------------[ cut here ]------------ [ 111.090068][ T7463] ODEBUG: activate active (active state 1) object: 00000000997a22ca object type: rcu_head hint: 0x0 [ 111.090488][ T7463] WARNING: CPU: 1 PID: 7463 at lib/debugobjects.c:615 debug_object_activate+0x344/0x460 [ 111.097937][ T7463] Modules linked in: [ 111.099046][ T7463] CPU: 1 UID: 0 PID: 7463 Comm: syz.0.17 Not tainted 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 111.102284][ T7463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 111.105085][ T7463] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 111.107229][ T7463] pc : debug_object_activate+0x344/0x460 [ 111.108763][ T7463] lr : debug_object_activate+0x344/0x460 [ 111.110317][ T7463] sp : ffff80009cb876d0 [ 111.111422][ T7463] x29: ffff80009cb876d0 x28: ffff8000976d8000 x27: dfff800000000000 [ 111.113713][ T7463] x26: ffff80008afc2440 x25: 0000000000000001 x24: ffff8000891ac400 [ 111.115965][ T7463] x23: 0000000000000003 x22: ffff80008b5399e0 x21: 0000000000000000 [ 111.118269][ T7463] x20: ffff80008afc2440 x19: ffff8000891ac400 x18: 00000000ffffffff [ 111.120596][ T7463] x17: 6332326137393930 x16: ffff80008ae63d48 x15: ffff700011ede144 [ 111.122849][ T7463] x14: 1ffff00011ede144 x13: 0000000000000004 x12: ffffffffffffffff [ 111.125097][ T7463] x11: ffff700011ede144 x10: 0000000000ff0100 x9 : b4ca56aa78726000 [ 111.127429][ T7463] x8 : b4ca56aa78726000 x7 : 0000000000000001 x6 : 0000000000000001 [ 111.129621][ T7463] x5 : ffff80009cb87018 x4 : ffff80008f766be0 x3 : ffff80008054d314 [ 111.131880][ T7463] x2 : 0000000000000000 x1 : 0000000100000201 x0 : 0000000000000000 [ 111.134239][ T7463] Call trace: [ 111.135164][ T7463] debug_object_activate+0x344/0x460 (P) [ 111.136807][ T7463] kvfree_call_rcu+0x4c/0x3f0 [ 111.138198][ T7463] cipso_v4_sock_setattr+0x2f0/0x3f4 [ 111.139702][ T7463] netlbl_sock_setattr+0x240/0x334 [ 111.141167][ T7463] smack_netlbl_add+0xa8/0x158 [ 111.142562][ T7463] smack_inode_setsecurity+0x378/0x430 [ 111.144081][ T7463] security_inode_setsecurity+0x118/0x3c0 [ 111.145732][ T7463] __vfs_setxattr_noperm+0x174/0x5c4 [ 111.147204][ T7463] __vfs_setxattr_locked+0x1ec/0x218 [ 111.148738][ T7463] vfs_setxattr+0x158/0x2ac [ 111.150053][ T7463] file_setxattr+0x1b8/0x294 [ 111.151339][ T7463] path_setxattrat+0x2ac/0x320 [ 111.152696][ T7463] __arm64_sys_fsetxattr+0xc0/0xdc [ 111.154156][ T7463] invoke_syscall+0x98/0x2b8 [ 111.155447][ T7463] el0_svc_common+0x130/0x23c [ 111.156731][ T7463] do_el0_svc+0x48/0x58 [ 111.157981][ T7463] el0_svc+0x58/0x180 [ 111.159183][ T7463] el0t_64_sync_handler+0x84/0x12c [ 111.160607][ T7463] el0t_64_sync+0x198/0x19c [ 111.161873][ T7463] irq event stamp: 203 [ 111.162986][ T7463] hardirqs last enabled at (202): [] __console_unlock+0x70/0xc4 [ 111.165714][ T7463] hardirqs last disabled at (203): [] el1_brk64+0x1c/0x48 [ 111.168301][ T7463] softirqs last enabled at (152): [] local_bh_enable+0x10/0x34 [ 111.170820][ T7463] softirqs last disabled at (176): [] local_bh_disable+0x10/0x34 [ 111.173464][ T7463] ---[ end trace 0000000000000000 ]--- [ 111.175063][ T7463] ------------[ cut here ]------------ [ 111.175109][ T7463] ODEBUG: active_state active (active state 1) object: 00000000997a22ca object type: rcu_head hint: 0x0 [ 111.175511][ T7463] WARNING: CPU: 1 PID: 7463 at lib/debugobjects.c:615 debug_object_active_state+0x28c/0x350 [ 111.182724][ T7463] Modules linked in: [ 111.183806][ T7463] CPU: 1 UID: 0 PID: 7463 Comm: syz.0.17 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 111.187661][ T7463] Tainted: [W]=WARN [ 111.188744][ T7463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 111.191675][ T7463] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 111.193884][ T7463] pc : debug_object_active_state+0x28c/0x350 [ 111.195621][ T7463] lr : debug_object_active_state+0x28c/0x350 [ 111.197255][ T7463] sp : ffff80009cb876c0 [ 111.198427][ T7463] x29: ffff80009cb876d0 x28: ffff80008f671000 x27: dfff800000000000 [ 111.200669][ T7463] x26: 0000000000000003 x25: 0000000000000000 x24: ffff0000dbef40e0 [ 111.202964][ T7463] x23: 0000000000000001 x22: ffff80008afc2440 x21: ffff80008b5399e0 [ 111.205245][ T7463] x20: 0000000000000000 x19: ffff8000891ac400 x18: 00000000ffffffff [ 111.207628][ T7463] x17: 3739393030303030 x16: ffff80008ae63d48 x15: ffff700011ede144 [ 111.209919][ T7463] x14: 1ffff00011ede144 x13: 0000000000000004 x12: ffffffffffffffff [ 111.212195][ T7463] x11: ffff700011ede144 x10: 0000000000ff0100 x9 : b4ca56aa78726000 [ 111.214447][ T7463] x8 : b4ca56aa78726000 x7 : 0000000000000001 x6 : 0000000000000001 [ 111.216665][ T7463] x5 : ffff80009cb87018 x4 : ffff80008f766be0 x3 : ffff80008054d314 [ 111.218971][ T7463] x2 : 0000000000000000 x1 : 0000000000000201 x0 : 0000000000000000 [ 111.221295][ T7463] Call trace: [ 111.222227][ T7463] debug_object_active_state+0x28c/0x350 (P) [ 111.223899][ T7463] kvfree_call_rcu+0x64/0x3f0 [ 111.225212][ T7463] cipso_v4_sock_setattr+0x2f0/0x3f4 [ 111.226681][ T7463] netlbl_sock_setattr+0x240/0x334 [ 111.228119][ T7463] smack_netlbl_add+0xa8/0x158 [ 111.229439][ T7463] smack_inode_setsecurity+0x378/0x430 [ 111.230963][ T7463] security_inode_setsecurity+0x118/0x3c0 [ 111.232640][ T7463] __vfs_setxattr_noperm+0x174/0x5c4 [ 111.234184][ T7463] __vfs_setxattr_locked+0x1ec/0x218 [ 111.235746][ T7463] vfs_setxattr+0x158/0x2ac [ 111.236979][ T7463] file_setxattr+0x1b8/0x294 [ 111.238259][ T7463] path_setxattrat+0x2ac/0x320 [ 111.239631][ T7463] __arm64_sys_fsetxattr+0xc0/0xdc [ 111.241092][ T7463] invoke_syscall+0x98/0x2b8 [ 111.242397][ T7463] el0_svc_common+0x130/0x23c [ 111.243725][ T7463] do_el0_svc+0x48/0x58 [ 111.244836][ T7463] el0_svc+0x58/0x180 [ 111.245961][ T7463] el0t_64_sync_handler+0x84/0x12c [ 111.247384][ T7463] el0t_64_sync+0x198/0x19c [ 111.248682][ T7463] irq event stamp: 233 [ 111.249815][ T7463] hardirqs last enabled at (232): [] __console_unlock+0x70/0xc4 [ 111.252444][ T7463] hardirqs last disabled at (233): [] el1_brk64+0x1c/0x48 [ 111.254899][ T7463] softirqs last enabled at (152): [] local_bh_enable+0x10/0x34 [ 111.257460][ T7463] softirqs last disabled at (176): [] local_bh_disable+0x10/0x34 [ 111.260084][ T7463] ---[ end trace 0000000000000000 ]--- [ 111.261673][ T7463] ------------[ cut here ]------------ [ 111.261705][ T7463] kvfree_call_rcu(): Double-freed call. rcu_head 00000000997a22ca [ 111.261818][ T7463] WARNING: CPU: 1 PID: 7463 at mm/slab_common.c:1956 kvfree_call_rcu+0x94/0x3f0 [ 111.267943][ T7463] Modules linked in: [ 111.268979][ T7463] CPU: 1 UID: 0 PID: 7463 Comm: syz.0.17 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 111.272736][ T7463] Tainted: [W]=WARN [ 111.273793][ T7463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 111.276615][ T7463] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 111.278804][ T7463] pc : kvfree_call_rcu+0x94/0x3f0 [ 111.280192][ T7463] lr : kvfree_call_rcu+0x94/0x3f0 [ 111.281584][ T7463] sp : ffff80009cb87730 [ 111.282748][ T7463] x29: ffff80009cb87730 x28: 00000000fffffff5 x27: 1fffe0001b3f0863 [ 111.285013][ T7463] x26: dfff800000000000 x25: ffff0000dc6b87ee x24: 0000000000000017 [ 111.287236][ T7463] x23: ffff8000891ac400 x22: 00000000ffffffea x21: ffff8000891ac400 [ 111.289478][ T7463] x20: ffff8000891ac400 x19: ffff80008afc2440 x18: 00000000ffffffff [ 111.291794][ T7463] x17: 0000000000000000 x16: ffff80008ae63d48 x15: ffff700011ede144 [ 111.294040][ T7463] x14: 1ffff00011ede144 x13: 0000000000000004 x12: ffffffffffffffff [ 111.296288][ T7463] x11: ffff700011ede144 x10: 0000000000ff0100 x9 : b4ca56aa78726000 [ 111.298519][ T7463] x8 : b4ca56aa78726000 x7 : 0000000000000001 x6 : 0000000000000001 [ 111.300700][ T7463] x5 : ffff80009cb87078 x4 : ffff80008f766be0 x3 : ffff80008054d314 [ 111.302978][ T7463] x2 : 0000000000000000 x1 : 0000000000000201 x0 : 0000000000000000 [ 111.305130][ T7463] Call trace: [ 111.306022][ T7463] kvfree_call_rcu+0x94/0x3f0 (P) [ 111.307500][ T7463] cipso_v4_sock_setattr+0x2f0/0x3f4 [ 111.308969][ T7463] netlbl_sock_setattr+0x240/0x334 [ 111.310448][ T7463] smack_netlbl_add+0xa8/0x158 [ 111.311863][ T7463] smack_inode_setsecurity+0x378/0x430 [ 111.313415][ T7463] security_inode_setsecurity+0x118/0x3c0 [ 111.314994][ T7463] __vfs_setxattr_noperm+0x174/0x5c4 [ 111.316466][ T7463] __vfs_setxattr_locked+0x1ec/0x218 [ 111.317954][ T7463] vfs_setxattr+0x158/0x2ac [ 111.319243][ T7463] file_setxattr+0x1b8/0x294 [ 111.320595][ T7463] path_setxattrat+0x2ac/0x320 [ 111.321969][ T7463] __arm64_sys_fsetxattr+0xc0/0xdc [ 111.323437][ T7463] invoke_syscall+0x98/0x2b8 [ 111.324746][ T7463] el0_svc_common+0x130/0x23c [ 111.326099][ T7463] do_el0_svc+0x48/0x58 [ 111.327283][ T7463] el0_svc+0x58/0x180 [ 111.328432][ T7463] el0t_64_sync_handler+0x84/0x12c [ 111.329871][ T7463] el0t_64_sync+0x198/0x19c [ 111.331175][ T7463] irq event stamp: 259 [ 111.332370][ T7463] hardirqs last enabled at (258): [] __console_unlock+0x70/0xc4 [ 111.335081][ T7463] hardirqs last disabled at (259): [] el1_brk64+0x1c/0x48 [ 111.337502][ T7463] softirqs last enabled at (152): [] local_bh_enable+0x10/0x34 [ 111.340124][ T7463] softirqs last disabled at (176): [] local_bh_disable+0x10/0x34 [ 111.342849][ T7463] ---[ end trace 0000000000000000 ]--- [ 111.386570][ ** replaying previous printk message ** [ 111.386570][ T7465] ------------[ cut here ]------------ [ 111.386620][ T7465] ODEBUG: activate active (active state 1) object: 00000000997a22ca object type: rcu_head hint: 0x0 [ 111.386993][ T7465] WARNING: CPU: 0 PID: 7465 at lib/debugobjects.c:615 debug_object_activate+0x344/0x460 [ 111.395245][ T7465] Modules linked in: [ 111.396351][ T7465] CPU: 0 UID: 0 PID: 7465 Comm: syz.0.18 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 111.400074][ T7465] Tainted: [W]=WARN [ 111.401138][ T7465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 111.404022][ T7465] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 111.406242][ T7465] pc : debug_object_activate+0x344/0x460 [ 111.407812][ T7465] lr : debug_object_activate+0x344/0x460 [ 111.409367][ T7465] sp : ffff80009ca876d0 [ 111.410533][ T7465] x29: ffff80009ca876d0 x28: ffff8000976d8000 x27: dfff800000000000 [ 111.412819][ T7465] x26: ffff80008afc2440 x25: 0000000000000001 x24: ffff8000891ac400 [ 111.415096][ T7465] x23: 0000000000000003 x22: ffff80008b5399e0 x21: 0000000000000000 [ 111.417341][ T7465] x20: ffff80008afc2440 x19: ffff8000891ac400 x18: 0000000000000000 [ 111.419697][ T7465] x17: 6332326137393930 x16: ffff80008aefc4a8 x15: 0000000000000001 [ 111.421956][ T7465] x14: 1fffe000337d40e2 x13: 0000000000000000 x12: 0000000000000000 [ 111.424163][ T7465] x11: ffff6000337d40e3 x10: 0000000000ff0100 x9 : e799017c54e3d900 [ 111.426438][ T7465] x8 : e799017c54e3d900 x7 : 0000000000000001 x6 : 0000000000000001 [ 111.428651][ T7465] x5 : ffff80009ca87018 x4 : ffff80008f766be0 x3 : ffff8000807bcfac [ 111.430841][ T7465] x2 : 0000000000000001 x1 : 0000000100000201 x0 : 0000000000000000 [ 111.433107][ T7465] Call trace: [ 111.433998][ T7465] debug_object_activate+0x344/0x460 (P) [ 111.435543][ T7465] kvfree_call_rcu+0x4c/0x3f0 [ 111.436835][ T7465] cipso_v4_sock_setattr+0x2f0/0x3f4 [ 111.438275][ T7465] netlbl_sock_setattr+0x240/0x334 [ 111.439719][ T7465] smack_netlbl_add+0xa8/0x158 [ 111.441027][ T7465] smack_inode_setsecurity+0x378/0x430 [ 111.442588][ T7465] security_inode_setsecurity+0x118/0x3c0 [ 111.444203][ T7465] __vfs_setxattr_noperm+0x174/0x5c4 [ 111.445703][ T7465] __vfs_setxattr_locked+0x1ec/0x218 [ 111.447201][ T7465] vfs_setxattr+0x158/0x2ac [ 111.448503][ T7465] file_setxattr+0x1b8/0x294 [ 111.449773][ T7465] path_setxattrat+0x2ac/0x320 [ 111.451090][ T7465] __arm64_sys_fsetxattr+0xc0/0xdc [ 111.452604][ T7465] invoke_syscall+0x98/0x2b8 [ 111.453850][ T7465] el0_svc_common+0x130/0x23c [ 111.455286][ T7465] do_el0_svc+0x48/0x58 [ 111.456507][ T7465] el0_svc+0x58/0x180 [ 111.457728][ T7465] el0t_64_sync_handler+0x84/0x12c [ 111.459240][ T7465] el0t_64_sync+0x198/0x19c [ 111.460576][ T7465] irq event stamp: 185 [ 111.461749][ T7465] hardirqs last enabled at (184): [] __console_unlock+0x70/0xc4 [ 111.464480][ T7465] hardirqs last disabled at (185): [] el1_brk64+0x1c/0x48 [ 111.466958][ T7465] softirqs last enabled at (130): [] release_sock+0x14c/0x1ac [ 111.469604][ T7465] softirqs last disabled at (156): [] local_bh_disable+0x10/0x34 [ 111.472235][ T7465] ---[ end trace 0000000000000000 ]--- [ 111.473865] ** replaying previous printk message ** [ 111.473865][ T7465] ------------[ cut here ]------------ [ 111.473900][ T7465] ODEBUG: active_state active (active state 1) object: 00000000997a22ca object type: rcu_head hint: 0x0 [ 111.474288][ T7465] WARNING: CPU: 0 PID: 7465 at lib/debugobjects.c:615 debug_object_active_state+0x28c/0x350 [ 111.482867][ T7465] Modules linked in: [ 111.484039][ T7465] CPU: 0 UID: 0 PID: 7465 Comm: syz.0.18 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 111.487807][ T7465] Tainted: [W]=WARN [ 111.488857][ T7465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 111.491710][ T7465] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 111.493882][ T7465] pc : debug_object_active_state+0x28c/0x350 [ 111.495589][ T7465] lr : debug_object_active_state+0x28c/0x350 [ 111.497230][ T7465] sp : ffff80009ca876c0 [ 111.498369][ T7465] x29: ffff80009ca876d0 x28: ffff80008f671000 x27: dfff800000000000 [ 111.500668][ T7465] x26: 0000000000000003 x25: 0000000000000000 x24: ffff0000dbef40e0 [ 111.502959][ T7465] x23: 0000000000000001 x22: ffff80008afc2440 x21: ffff80008b5399e0 [ 111.505242][ T7465] x20: 0000000000000000 x19: ffff8000891ac400 x18: 0000000000000000 [ 111.507528][ T7465] x17: 3739393030303030 x16: ffff80008ae63d48 x15: ffff700011ede144 [ 111.509786][ T7465] x14: 1ffff00011ede144 x13: 0000000000000004 x12: ffffffffffffffff [ 111.512010][ T7465] x11: ffff700011ede144 x10: 0000000000ff0100 x9 : e799017c54e3d900 [ 111.514289][ T7465] x8 : e799017c54e3d900 x7 : 0000000000000001 x6 : 0000000000000001 [ 111.516639][ T7465] x5 : ffff80009ca87018 x4 : ffff80008f766be0 x3 : ffff80008054d314 [ 111.518923][ T7465] x2 : 0000000000000000 x1 : 0000000100000201 x0 : 0000000000000000 [ 111.521193][ T7465] Call trace: [ 111.522131][ T7465] debug_object_active_state+0x28c/0x350 (P) [ 111.523837][ T7465] kvfree_call_rcu+0x64/0x3f0 [ 111.525161][ T7465] cipso_v4_sock_setattr+0x2f0/0x3f4 [ 111.526637][ T7465] netlbl_sock_setattr+0x240/0x334 [ 111.528037][ T7465] smack_netlbl_add+0xa8/0x158 [ 111.529408][ T7465] smack_inode_setsecurity+0x378/0x430 [ 111.530959][ T7465] security_inode_setsecurity+0x118/0x3c0 [ 111.532509][ T7465] __vfs_setxattr_noperm+0x174/0x5c4 [ 111.534023][ T7465] __vfs_setxattr_locked+0x1ec/0x218 [ 111.535507][ T7465] vfs_setxattr+0x158/0x2ac [ 111.536800][ T7465] file_setxattr+0x1b8/0x294 [ 111.538112][ T7465] path_setxattrat+0x2ac/0x320 [ 111.539476][ T7465] __arm64_sys_fsetxattr+0xc0/0xdc [ 111.540894][ T7465] invoke_syscall+0x98/0x2b8 [ 111.542165][ T7465] el0_svc_common+0x130/0x23c [ 111.543505][ T7465] do_el0_svc+0x48/0x58 [ 111.544703][ T7465] el0_svc+0x58/0x180 [ 111.545813][ T7465] el0t_64_sync_handler+0x84/0x12c [ 111.547228][ T7465] el0t_64_sync+0x198/0x19c [ 111.548445][ T7465] irq event stamp: 211 [ 111.549591][ T7465] hardirqs last enabled at (210): [] __console_unlock+0x70/0xc4 [ 111.552102][ T7465] hardirqs last disabled at (211): [] el1_brk64+0x1c/0x48 [ 111.554534][ T7465] softirqs last enabled at (130): [] release_sock+0x14c/0x1ac [ 111.557192][ T7465] softirqs last disabled at (156): [] local_bh_disable+0x10/0x34 [ 111.559895][ T7465] ---[ end trace 0000000000000000 ]--- [ 111.577700][ T7467] ------------[ cut here ]------------ [ 111.577754][ T7467] ODEBUG: activate active (active state 1) object: 00000000997a22ca object type: rcu_head hint: 0x0 [ 111.578145][ T7467] WARNING: CPU: 1 PID: 7467 at lib/debugobjects.c:615 debug_object_activate+0x344/0x460 [ 111.585663][ T7467] Modules linked in: [ 111.586809][ T7467] CPU: 1 UID: 0 PID: 7467 Comm: syz.0.19 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 111.590617][ T7467] Tainted: [W]=WARN [ 111.591706][ T7467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 111.594535][ T7467] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 111.596769][ T7467] pc : debug_object_activate+0x344/0x460 [ 111.598389][ T7467] lr : debug_object_activate+0x344/0x460 [ 111.599927][ T7467] sp : ffff80009c7376d0 [ 111.601099][ T7467] x29: ffff80009c7376d0 x28: ffff8000976d8000 x27: dfff800000000000 [ 111.603383][ T7467] x26: ffff80008afc2440 x25: 0000000000000001 x24: ffff8000891ac400 [ 111.605644][ T7467] x23: 0000000000000003 x22: ffff80008b5399e0 x21: 0000000000000000 [ 111.607995][ T7467] x20: ffff80008afc2440 x19: ffff8000891ac400 x18: 0000000000000000 [ 111.610261][ T7467] x17: 6332326137393930 x16: ffff80008ae63d48 x15: ffff700011ede144 [ 111.612650][ T7467] x14: 1ffff00011ede144 x13: 0000000000000004 x12: ffffffffffffffff [ 111.614980][ T7467] x11: ffff700011ede144 x10: 0000000000ff0100 x9 : e182b9a72ffaa100 [ 111.617339][ T7467] x8 : e182b9a72ffaa100 x7 : 0000000000000001 x6 : 0000000000000001 [ 111.619672][ T7467] x5 : ffff80009c737018 x4 : ffff80008f766be0 x3 : ffff80008054d314 [ 111.621976][ T7467] x2 : 0000000000000000 x1 : 0000000000000201 x0 : 0000000000000000 [ 111.624383][ T7467] Call trace: [ 111.625319][ T7467] debug_object_activate+0x344/0x460 (P) [ 111.627017][ T7467] kvfree_call_rcu+0x4c/0x3f0 [ 111.628363][ T7467] cipso_v4_sock_setattr+0x2f0/0x3f4 [ 111.629865][ T7467] netlbl_sock_setattr+0x240/0x334 [ 111.631331][ T7467] smack_netlbl_add+0xa8/0x158 [ 111.632670][ T7467] smack_inode_setsecurity+0x378/0x430 [ 111.634148][ T7467] security_inode_setsecurity+0x118/0x3c0 [ 111.635776][ T7467] __vfs_setxattr_noperm+0x174/0x5c4 [ 111.637236][ T7467] __vfs_setxattr_locked+0x1ec/0x218 [ 111.638737][ T7467] vfs_setxattr+0x158/0x2ac [ 111.640035][ T7467] file_setxattr+0x1b8/0x294 [ 111.641336][ T7467] path_setxattrat+0x2ac/0x320 [ 111.642704][ T7467] __arm64_sys_fsetxattr+0xc0/0xdc [ 111.644085][ T7467] invoke_syscall+0x98/0x2b8 [ 111.645405][ T7467] el0_svc_common+0x130/0x23c [ 111.646748][ T7467] do_el0_svc+0x48/0x58 [ 111.647947][ T7467] el0_svc+0x58/0x180 [ 111.649119][ T7467] el0t_64_sync_handler+0x84/0x12c [ 111.650682][ T7467] el0t_64_sync+0x198/0x19c [ 111.651976][ T7467] irq event stamp: 191 [ 111.653121][ T7467] hardirqs last enabled at (190): [] __console_unlock+0x70/0xc4 [ 111.655782][ T7467] hardirqs last disabled at (191): [] el1_brk64+0x1c/0x48 [ 111.658123][ T7467] softirqs last enabled at (150): [] local_bh_enable+0x10/0x34 [ 111.660705][ T7467] softirqs last disabled at (164): [] local_bh_disable+0x10/0x34 [ 111.663310][ T7467] ---[ end trace 0000000000000000 ]--- [ 11 ** replaying previous printk message ** [ 115.294846][ T336] ------------[ cut here ]------------ [ 115.294964][ T336] Trying to vfree() bad address (00000000997a22ca) [ 115.295086][ T336] WARNING: CPU: 1 PID: 336 at mm/vmalloc.c:3274 remove_vm_area+0x268/0x270 [ 115.301757][ T336] Modules linked in: [ 115.302872][ T336] CPU: 1 UID: 0 PID: 336 Comm: kworker/u8:4 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 115.306762][ T336] Tainted: [W]=WARN [ 115.307809][ T336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 115.310586][ T336] Workqueue: kvfree_rcu_reclaim kfree_rcu_monitor [ 115.312441][ T336] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 115.314619][ T336] pc : remove_vm_area+0x268/0x270 [ 115.316002][ T336] lr : remove_vm_area+0x264/0x270 [ 115.317494][ T336] sp : ffff80009c5d78e0 [ 115.318751][ T336] x29: ffff80009c5d78f0 x28: ffff00019bed34d4 x27: ffff00019bed34c0 [ 115.321067][ T336] x26: ffff00019bed34b0 x25: dfff800000000000 x24: 0000000000000001 [ 115.323298][ T336] x23: ffff0000c3171028 x22: 1fffe00018caf3d1 x21: 0000000000000000 [ 115.325608][ T336] x20: 0000000000000000 x19: ffff8000891ac400 x18: 00000000ffffffff [ 115.327895][ T336] x17: 0000000000000000 x16: ffff80008aefc4a8 x15: 0000000000000001 [ 115.330239][ T336] x14: 1fffe000337d88e2 x13: 0000000000000000 x12: 0000000000000000 [ 115.332524][ T336] x11: ffff6000337d88e3 x10: 0000000000ff0100 x9 : 58d7028523fad400 [ 115.334745][ T336] x8 : 58d7028523fad400 x7 : 0000000000000001 x6 : 0000000000000001 [ 115.337015][ T336] x5 : ffff80009c5d7238 x4 : ffff80008f766be0 x3 : ffff8000807bcfac [ 115.339440][ T336] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 115.341687][ T336] Call trace: [ 115.342618][ T336] remove_vm_area+0x268/0x270 (P) [ 115.343971][ T336] vfree+0xac/0x3dc [ 115.345073][ T336] kvfree_rcu_bulk+0xc4/0x228 [ 115.346388][ T336] kfree_rcu_monitor+0x230/0x2b4 [ 115.347806][ T336] process_one_work+0x7e8/0x155c [ 115.349113][ T336] worker_thread+0x958/0xed8 [ 115.350453][ T336] kthread+0x5fc/0x75c [ 115.351585][ T336] ret_from_fork+0x10/0x20 [ 115.352833][ T336] irq event stamp: 606024 [ 115.354051][ T336] hardirqs last enabled at (606023): [] __console_unlock+0x70/0xc4 [ 115.356712][ T336] hardirqs last disabled at (606024): [] el1_brk64+0x1c/0x48 [ 115.359257][ T336] softirqs last enabled at (604458): [] batadv_nc_purge_paths+0x2f4/0x37c [ 115.362079][ T336] softirqs last disabled at (604456): [] batadv_nc_purge_paths+0xd0/0x37c [ 115.364901][ T336] ---[ end trace 0000000000000000 ]--- [ ** replaying previous printk message ** [ 115.369410][ T336] ------------[ cut here ]------------ [ 115.369452][ T336] Trying to vfree() nonexistent vm area (00000000997a22ca) [ 115.369582][ T336] WARNING: CPU: 1 PID: 336 at mm/vmalloc.c:3409 vfree+0x32c/0x3dc [ 115.376405][ T336] Modules linked in: [ 115.377480][ T336] CPU: 1 UID: 0 PID: 336 Comm: kworker/u8:4 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 115.381248][ T336] Tainted: [W]=WARN [ 115.382314][ T336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 115.385238][ T336] Workqueue: kvfree_rcu_reclaim kfree_rcu_monitor [ 115.387082][ T336] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 115.389347][ T336] pc : vfree+0x32c/0x3dc [ 115.390593][ T336] lr : vfree+0x32c/0x3dc [ 115.391818][ T336] sp : ffff80009c5d7950 [ 115.393006][ T336] x29: ffff80009c5d7960 x28: ffff00019bed34d4 x27: ffff00019bed34c0 [ 115.395286][ T336] x26: ffff00019bed34b0 x25: dfff800000000000 x24: 0000000000000001 [ 115.397493][ T336] x23: ffff0000c3171028 x22: 1fffe00018caf3d1 x21: 0000000000000000 [ 115.399801][ T336] x20: ffff8000891ac400 x19: 0000000000000000 x18: 00000000ffffffff [ 115.402108][ T336] x17: 0000000000000000 x16: ffff80008ae63d48 x15: ffff700011ede144 [ 115.404408][ T336] x14: 1ffff00011ede144 x13: 0000000000000004 x12: ffffffffffffffff [ 115.406727][ T336] x11: ffff700011ede144 x10: 0000000000ff0100 x9 : 58d7028523fad400 [ 115.408971][ T336] x8 : 58d7028523fad400 x7 : 0000000000000001 x6 : 0000000000000001 [ 115.411160][ T336] x5 : ffff80009c5d7298 x4 : ffff80008f766be0 x3 : ffff80008054d314 [ 115.413343][ T336] x2 : 0000000000000000 x1 : 0000000100000000 x0 : 0000000000000000 [ 115.415548][ T336] Call trace: [ 115.416482][ T336] vfree+0x32c/0x3dc (P) [ 115.417754][ T336] kvfree_rcu_bulk+0xc4/0x228 [ 115.419116][ T336] kfree_rcu_monitor+0x230/0x2b4 [ 115.420534][ T336] process_one_work+0x7e8/0x155c [ 115.421896][ T336] worker_thread+0x958/0xed8 [ 115.423162][ T336] kthread+0x5fc/0x75c [ 115.424341][ T336] ret_from_fork+0x10/0x20 [ 115.425613][ T336] irq event stamp: 606208 [ 115.426840][ T336] hardirqs last enabled at (606207): [] __console_unlock+0x70/0xc4 [ 115.429575][ T336] hardirqs last disabled at (606208): [] el1_brk64+0x1c/0x48 [ 115.432171][ T336] softirqs last enabled at (606182): [] handle_softirqs+0xaf8/0xc88 [ 115.434849][ T336] softirqs last disabled at (606027): [] __do_softirq+0x14/0x20 [ 115.437546][ T336] ---[ end trace 0000000000000000 ]--- 1970/01/01 00:01:55 executed programs: 249 [ 116.175623][ T336] ------------[ cut here ]------------ [ 116.175685][ T336] Trying to vfree() bad address (00000000997a22ca) [ 116.176135][ T336] WARNING: CPU: 1 PID: 336 at mm/vmalloc.c:3274 remove_vm_area+0x268/0x270 [ 116.181931][ T336] Modules linked in: [ 116.182984][ T336] CPU: 1 UID: 0 PID: 336 Comm: kworker/u8:4 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 116.186800][ T336] Tainted: [W]=WARN [ 116.187910][ T336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 116.190824][ T336] Workqueue: kvfree_rcu_reclaim kfree_rcu_monitor [ 116.192556][ T336] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 116.194854][ T336] pc : remove_vm_area+0x268/0x270 [ 116.196332][ T336] lr : remove_vm_area+0x264/0x270 [ 116.197735][ T336] sp : ffff80009c5d78e0 [ 116.198909][ T336] x29: ffff80009c5d78f0 x28: ffff00019beaf4d4 x27: ffff00019beaf4c0 [ 116.201025][ T336] x26: ffff00019beaf4b0 x25: dfff800000000000 x24: 0000000000000001 [ 116.203246][ T336] x23: ffff0000c50bb028 x22: 1fffe00018caf3d1 x21: 0000000000000000 [ 116.205523][ T336] x20: 0000000000000000 x19: ffff8000891ac400 x18: 1fffe000337d8876 [ 116.207769][ T336] x17: ffff80008f66e000 x16: ffff80008aefc4a8 x15: 0000000000000001 [ 116.209987][ T336] x14: 1fffe000337db2f0 x13: 0000000000000000 x12: 0000000000000000 [ 116.212312][ T336] x11: ffff800093163c08 x10: 0000000000000003 x9 : 58d7028523fad400 [ 116.214645][ T336] x8 : 58d7028523fad400 x7 : ffff800080488a2c x6 : 0000000000000000 [ 116.216934][ T336] x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000010 [ 116.219215][ T336] x2 : 0000000000000006 x1 : ffff80008b538ee0 x0 : 0000000000000001 [ 116.221528][ T336] Call trace: [ 116.222523][ T336] remove_vm_area+0x268/0x270 (P) [ 116.223915][ T336] vfree+0xac/0x3dc [ 116.224902][ T336] kvfree_rcu_bulk+0xc4/0x228 [ 116.226171][ T336] kfree_rcu_monitor+0x230/0x2b4 [ 116.227487][ T336] process_one_work+0x7e8/0x155c [ 116.228889][ T336] worker_thread+0x958/0xed8 [ 116.230166][ T336] kthread+0x5fc/0x75c [ 116.231326][ T336] ret_from_fork+0x10/0x20 [ 116.232623][ T336] irq event stamp: 623744 [ 116.233837][ T336] hardirqs last enabled at (623743): [] finish_lock_switch+0xb0/0x1c0 [ 116.236655][ T336] hardirqs last disabled at (623744): [] el1_brk64+0x1c/0x48 [ 116.239165][ T336] softirqs last enabled at (621912): [] batadv_nc_purge_paths+0x2f4/0x37c [ 116.242051][ T336] softirqs last disabled at (621910): [] batadv_nc_purge_paths+0xd0/0x37c [ 116.244931][ T336] ---[ end trace 0000000000000000 ]--- [ 1 ** replaying previous printk message ** [ 116.250083][ T336] ------------[ cut here ]------------ [ 116.250136][ T336] Trying to vfree() nonexistent vm area (00000000997a22ca) [ 116.250256][ T336] WARNING: CPU: 1 PID: 336 at mm/vmalloc.c:3409 vfree+0x32c/0x3dc [ 116.256926][ T336] Modules linked in: [ 116.258028][ T336] CPU: 1 UID: 0 PID: 336 Comm: kworker/u8:4 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 116.261939][ T336] Tainted: [W]=WARN [ 116.262975][ T336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 116.265705][ T336] Workqueue: kvfree_rcu_reclaim kfree_rcu_monitor [ 116.267475][ T336] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 116.269555][ T336] pc : vfree+0x32c/0x3dc [ 116.270680][ T336] lr : vfree+0x32c/0x3dc [ 116.271853][ T336] sp : ffff80009c5d7950 [ 116.272967][ T336] x29: ffff80009c5d7960 x28: ffff00019beaf4d4 x27: ffff00019beaf4c0 [ 116.275159][ T336] x26: ffff00019beaf4b0 x25: dfff800000000000 x24: 0000000000000001 [ 116.277387][ T336] x23: ffff0000c50bb028 x22: 1fffe00018caf3d1 x21: 0000000000000000 [ 116.279559][ T336] x20: ffff8000891ac400 x19: 0000000000000000 x18: 1fffe000337d8876 [ 116.281775][ T336] x17: 0000000000000000 x16: ffff80008aefc4a8 x15: 0000000000000001 [ 116.284077][ T336] x14: 1fffe000337d88e2 x13: 0000000000000000 x12: 0000000000000000 [ 116.286351][ T336] x11: ffff6000337d88e3 x10: 0000000000ff0100 x9 : 58d7028523fad400 [ 116.288534][ T336] x8 : 58d7028523fad400 x7 : 0000000000000001 x6 : 0000000000000001 [ 116.290754][ T336] x5 : ffff80009c5d7298 x4 : ffff80008f766be0 x3 : ffff8000807bcfac [ 116.292937][ T336] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 116.295154][ T336] Call trace: [ 116.296049][ T336] vfree+0x32c/0x3dc (P) [ 116.297210][ T336] kvfree_rcu_bulk+0xc4/0x228 [ 116.298535][ T336] kfree_rcu_monitor+0x230/0x2b4 [ 116.299875][ T336] process_one_work+0x7e8/0x155c [ 116.301275][ T336] worker_thread+0x958/0xed8 [ 116.302652][ T336] kthread+0x5fc/0x75c [ 116.303797][ T336] ret_from_fork+0x10/0x20 [ 116.305038][ T336] irq event stamp: 623918 [ 116.306304][ T336] hardirqs last enabled at (623917): [] __console_unlock+0x70/0xc4 [ 116.308959][ T336] hardirqs last disabled at (623918): [] el1_brk64+0x1c/0x48 [ 116.311471][ T336] softirqs last enabled at (623894): [] handle_softirqs+0xaf8/0xc88 [ 116.314094][ T336] softirqs last disabled at (623747): [] __do_softirq+0x14/0x20 [ 116.316804][ T336] ---[ end trace 0000000000000000 ]--- [ 116.352955][ T550] ------------[ cut here ]------------ [ 116.353052][ T550] Trying to vfree() bad address (00000000997a22ca) [ 116.353488][ T550] WARNING: CPU: 1 PID: 550 at mm/vmalloc.c:3274 remove_vm_area+0x268/0x270 [ 116.359185][ T550] Modules linked in: [ 116.360302][ T550] CPU: 1 UID: 0 PID: 550 Comm: kworker/u8:7 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 116.364145][ T550] Tainted: [W]=WARN [ 116.365198][ T550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 116.368019][ T550] Workqueue: kvfree_rcu_reclaim kfree_rcu_work [ 116.369773][ T550] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 116.371987][ T550] pc : remove_vm_area+0x268/0x270 [ 116.373420][ T550] lr : remove_vm_area+0x264/0x270 [ 116.374863][ T550] sp : ffff80009d0a78f0 [ 116.376063][ T550] x29: ffff80009d0a7900 x28: 1ffff00011ece29b x27: dfff800000000000 [ 116.378389][ T550] x26: ffff0000c689d018 x25: dfff800000000000 x24: 0000000000000001 [ 116.380760][ T550] x23: ffff0000c50bc028 x22: 1fffe00018dac3d1 x21: 0000000000000000 [ 116.382992][ T550] x20: 0000000000000000 x19: ffff8000891ac400 x18: 1fffe000337d8876 [ 116.385285][ T550] x17: ffff80008f66e000 x16: ffff80008aefc4a8 x15: 0000000000000001 [ 116.387590][ T550] x14: 1fffe000337db2f0 x13: 0000000000000000 x12: 0000000000000000 [ 116.389846][ T550] x11: ffff800093163c08 x10: 0000000000000003 x9 : 22ee0a6a7d3ab600 [ 116.392116][ T550] x8 : 22ee0a6a7d3ab600 x7 : ffff800080488a2c x6 : 0000000000000000 [ 116.394451][ T550] x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000010 [ 116.396718][ T550] x2 : 0000000000000006 x1 : ffff80008b538ee0 x0 : 0000000000000001 [ 116.398969][ T550] Call trace: [ 116.399850][ T550] remove_vm_area+0x268/0x270 (P) [ 116.401286][ T550] vfree+0xac/0x3dc [ 116.402372][ T550] kvfree_rcu_bulk+0xc4/0x228 [ 116.403730][ T550] kfree_rcu_work+0xe0/0x140 [ 116.405032][ T550] process_one_work+0x7e8/0x155c [ 116.406392][ T550] worker_thread+0x958/0xed8 [ 116.407658][ T550] kthread+0x5fc/0x75c [ 116.408853][ T550] ret_from_fork+0x10/0x20 [ 116.410032][ T550] irq event stamp: 1035052 [ 116.411241][ T550] hardirqs last enabled at (1035051): [] finish_lock_switch+0xb0/0x1c0 [ 116.413943][ T550] hardirqs last disabled at (1035052): [] el1_brk64+0x1c/0x48 [ 116.416405][ T550] softirqs last enabled at (1034928): [] batadv_nc_purge_paths+0x2f4/0x37c [ 116.419237][ T550] softirqs last disabled at (1034926): [] batadv_nc_purge_paths+0xd0/0x37c [ 116.422100][ T550] ---[ end trace 0000000000000000 ]--- [ 11 ** replaying previous printk message ** [ 116.428556][ T550] ------------[ cut here ]------------ [ 116.428607][ T550] Trying to vfree() nonexistent vm area (00000000997a22ca) [ 116.428726][ T550] WARNING: CPU: 1 PID: 550 at mm/vmalloc.c:3409 vfree+0x32c/0x3dc [ 116.435433][ T550] Modules linked in: [ 116.436479][ T550] CPU: 1 UID: 0 PID: 550 Comm: kworker/u8:7 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 116.440246][ T550] Tainted: [W]=WARN [ 116.441323][ T550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 116.444270][ T550] Workqueue: kvfree_rcu_reclaim kfree_rcu_work [ 116.445983][ T550] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 116.448215][ T550] pc : vfree+0x32c/0x3dc [ 116.449418][ T550] lr : vfree+0x32c/0x3dc [ 116.450567][ T550] sp : ffff80009d0a7960 [ 116.451726][ T550] x29: ffff80009d0a7970 x28: 1ffff00011ece29b x27: dfff800000000000 [ 116.453995][ T550] x26: ffff0000c689d018 x25: dfff800000000000 x24: 0000000000000001 [ 116.456230][ T550] x23: ffff0000c50bc028 x22: 1fffe00018dac3d1 x21: 0000000000000000 [ 116.458488][ T550] x20: ffff8000891ac400 x19: 0000000000000000 x18: 1fffe000337d8876 [ 116.460826][ T550] x17: 0000000000000000 x16: ffff80008aefc4a8 x15: 0000000000000001 [ 116.463006][ T550] x14: 1fffe000337d88e2 x13: 0000000000000000 x12: 0000000000000000 [ 116.465324][ T550] x11: ffff6000337d88e3 x10: 0000000000ff0100 x9 : 22ee0a6a7d3ab600 [ 116.467575][ T550] x8 : 22ee0a6a7d3ab600 x7 : 0000000000000001 x6 : 0000000000000001 [ 116.469856][ T550] x5 : ffff80009d0a72b8 x4 : ffff80008f766be0 x3 : ffff8000807bcfac [ 116.472136][ T550] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 116.474454][ T550] Call trace: [ 116.475342][ T550] vfree+0x32c/0x3dc (P) [ 116.476542][ T550] kvfree_rcu_bulk+0xc4/0x228 [ 116.477848][ T550] kfree_rcu_work+0xe0/0x140 [ 116.479134][ T550] process_one_work+0x7e8/0x155c [ 116.480550][ T550] worker_thread+0x958/0xed8 [ 116.481902][ T550] kthread+0x5fc/0x75c [ 116.483105][ T550] ret_from_fork+0x10/0x20 [ 116.484378][ T550] irq event stamp: 1035220 [ 116.485603][ T550] hardirqs last enabled at (1035219): [] __console_unlock+0x70/0xc4 [ 116.488326][ T550] hardirqs last disabled at (1035220): [] el1_brk64+0x1c/0x48 [ 116.490973][ T550] softirqs last enabled at (1035196): [] handle_softirqs+0xaf8/0xc88 [ 116.493782][ T550] softirqs last disabled at (1035055): [] __do_softirq+0x14/0x20 [ 116.496444][ T550] ---[ end trace 0000000000000000 ]---