Warning: Permanently added '10.128.0.42' (ED25519) to the list of known hosts. 1970/01/01 00:01:38 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:39 parsed 1 programs [ 102.791743][ T6932] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 112.956847][ T7029] chnl_net:caif_netlink_parms(): no params data found [ 113.054609][ T7029] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.054718][ T7029] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.054838][ T7029] bridge_slave_0: entered allmulticast mode [ 113.055659][ T7029] bridge_slave_0: entered promiscuous mode [ 113.057159][ T7029] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.057234][ T7029] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.057340][ T7029] bridge_slave_1: entered allmulticast mode [ 113.058211][ T7029] bridge_slave_1: entered promiscuous mode [ 113.075973][ T7029] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 113.077432][ T7029] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 113.095176][ T7029] team0: Port device team_slave_0 added [ 113.096539][ T7029] team0: Port device team_slave_1 added [ 113.110943][ T7029] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 113.111003][ T7029] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 113.111279][ T7029] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 113.112352][ T7029] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 113.112378][ T7029] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 113.112407][ T7029] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 113.139602][ T7029] hsr_slave_0: entered promiscuous mode [ 113.140106][ T7029] hsr_slave_1: entered promiscuous mode [ 114.179018][ T7029] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 114.183003][ T7029] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 114.187337][ T7029] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 114.191478][ T7029] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 114.245637][ T7029] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.252670][ T7029] 8021q: adding VLAN 0 to HW filter on device team0 [ 114.261518][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.262013][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 114.277061][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.277156][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.292339][ T7029] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 114.292409][ T7029] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 114.391508][ T7029] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 114.418716][ T7029] veth0_vlan: entered promiscuous mode [ 114.422313][ T7029] veth1_vlan: entered promiscuous mode [ 114.438099][ T7029] veth0_macvtap: entered promiscuous mode [ 114.440141][ T7029] veth1_macvtap: entered promiscuous mode [ 114.449547][ T7029] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 114.456152][ T7029] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 114.459006][ T7029] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.459084][ T7029] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.459116][ T7029] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.459146][ T7029] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.574564][ T6618] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 114.575355][ T6618] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 114.575725][ T6618] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 114.576355][ T6618] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 114.576748][ T6618] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 114.805301][ T165] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.880953][ T165] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.947326][ T165] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.026933][ T165] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.184498][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.184557][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.207158][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.207216][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 1970/01/01 00:01:56 executed programs: 0 [ 116.967472][ T6093] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 116.969807][ T6093] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 116.972045][ T6093] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 116.979288][ T6093] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 116.980076][ T6093] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 117.076557][ T7323] chnl_net:caif_netlink_parms(): no params data found [ 117.130886][ T7323] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.133109][ T7323] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.144838][ T7323] bridge_slave_0: entered allmulticast mode [ 117.147980][ T7323] bridge_slave_0: entered promiscuous mode [ 117.151449][ T7323] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.155424][ T7323] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.157617][ T7323] bridge_slave_1: entered allmulticast mode [ 117.161266][ T7323] bridge_slave_1: entered promiscuous mode [ 117.179414][ T7323] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 117.181144][ T7323] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 117.196911][ T7323] team0: Port device team_slave_0 added [ 117.199307][ T7323] team0: Port device team_slave_1 added [ 117.222232][ T7323] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 117.222288][ T7323] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 117.222346][ T7323] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 117.237909][ T7323] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 117.239986][ T7323] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 117.247401][ T7323] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 117.277761][ T7323] hsr_slave_0: entered promiscuous mode [ 117.279996][ T7323] hsr_slave_1: entered promiscuous mode [ 117.282046][ T7323] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 117.284325][ T7323] Cannot create hsr debugfs directory [ 117.636173][ T165] bridge_slave_1: left allmulticast mode [ 117.636237][ T165] bridge_slave_1: left promiscuous mode [ 117.636528][ T165] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.644620][ T165] bridge_slave_0: left allmulticast mode [ 117.644686][ T165] bridge_slave_0: left promiscuous mode [ 117.644796][ T165] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.053682][ T6093] Bluetooth: hci0: command tx timeout [ 119.085691][ T165] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 119.147530][ T165] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 119.205013][ T165] bond0 (unregistering): Released all slaves [ 119.331144][ T165] hsr_slave_0: left promiscuous mode [ 119.335064][ T165] hsr_slave_1: left promiscuous mode [ 119.337057][ T165] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 119.339463][ T165] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 119.343469][ T165] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 119.344752][ T165] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 119.360606][ T165] veth1_macvtap: left promiscuous mode [ 119.362377][ T165] veth0_macvtap: left promiscuous mode [ 119.364136][ T165] veth1_vlan: left promiscuous mode [ 119.365765][ T165] veth0_vlan: left promiscuous mode [ 121.133395][ T6093] Bluetooth: hci0: command tx timeout [ 121.235587][ T165] team0 (unregistering): Port device team_slave_1 removed [ 121.434951][ T165] team0 (unregistering): Port device team_slave_0 removed [ 123.213337][ T6093] Bluetooth: hci0: command tx timeout [ 124.051012][ T7323] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 124.058231][ T7323] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 124.061801][ T7323] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 124.070776][ T7323] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 124.176641][ T7323] 8021q: adding VLAN 0 to HW filter on device bond0 [ 124.186038][ T7323] 8021q: adding VLAN 0 to HW filter on device team0 [ 124.194276][ T2216] bridge0: port 1(bridge_slave_0) entered blocking state [ 124.194385][ T2216] bridge0: port 1(bridge_slave_0) entered forwarding state [ 124.195352][ T2216] bridge0: port 2(bridge_slave_1) entered blocking state [ 124.195409][ T2216] bridge0: port 2(bridge_slave_1) entered forwarding state [ 124.219428][ T7323] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 124.219497][ T7323] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 124.641482][ T7323] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 124.666839][ T7323] veth0_vlan: entered promiscuous mode [ 124.674479][ T7323] veth1_vlan: entered promiscuous mode [ 124.707032][ T7323] veth0_macvtap: entered promiscuous mode [ 124.710659][ T7323] veth1_macvtap: entered promiscuous mode [ 124.718249][ T7323] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 124.723877][ T7323] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 124.728338][ T7323] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.730969][ T7323] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.733821][ T7323] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.736533][ T7323] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.925855][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.925914][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.978460][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.978522][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 1970/01/01 00:02:05 executed programs: 2 [ 125.051078 ** replaying previous printk message ** [ 125.051078][ T7491] ------------[ cut here ]------------ [ 125.051159][ T7491] ODEBUG: activate active (active state 1) object: 000000002053ae6c object type: rcu_head hint: 0x0 [ 125.051533][ T7491] WARNING: CPU: 0 PID: 7491 at lib/debugobjects.c:615 debug_object_activate+0x344/0x460 [ 125.060022][ T7491] Modules linked in: [ 125.061124][ T7491] CPU: 0 UID: 0 PID: 7491 Comm: syz.0.17 Not tainted 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 125.064404][ T7491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 125.067329][ T7491] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 125.069574][ T7491] pc : debug_object_activate+0x344/0x460 [ 125.071180][ T7491] lr : debug_object_activate+0x344/0x460 [ 125.072776][ T7491] sp : ffff8000a0cd76d0 [ 125.073986][ T7491] x29: ffff8000a0cd76d0 x28: ffff8000976d8000 x27: dfff800000000000 [ 125.076262][ T7491] x26: ffff80008afc2440 x25: 0000000000000001 x24: ffff8000891ac400 [ 125.078512][ T7491] x23: 0000000000000003 x22: ffff80008b5399e0 x21: 0000000000000000 [ 125.080804][ T7491] x20: ffff80008afc2440 x19: ffff8000891ac400 x18: 0000000000000000 [ 125.083113][ T7491] x17: 3665613335303230 x16: ffff80008aefc4e0 x15: 0000000000000001 [ 125.085396][ T7491] x14: 1fffe000337d40e2 x13: 0000000000000000 x12: 0000000000000000 [ 125.087615][ T7491] x11: ffff6000337d40e3 x10: 0000000000ff0100 x9 : 3a9c2e14942ed200 [ 125.089881][ T7491] x8 : 3a9c2e14942ed200 x7 : 0000000000000001 x6 : 0000000000000001 [ 125.092220][ T7491] x5 : ffff8000a0cd7018 x4 : ffff80008f766be0 x3 : ffff8000807bcfac [ 125.094409][ T7491] x2 : 0000000000000001 x1 : 0000000100000202 x0 : 0000000000000000 [ 125.096603][ T7491] Call trace: [ 125.097491][ T7491] debug_object_activate+0x344/0x460 (P) [ 125.099174][ T7491] kvfree_call_rcu+0x4c/0x3f0 [ 125.100530][ T7491] cipso_v4_sock_setattr+0x2fc/0x40c [ 125.102055][ T7491] netlbl_sock_setattr+0x240/0x334 [ 125.103540][ T7491] smack_netlbl_add+0xa8/0x158 [ 125.104863][ T7491] smack_inode_setsecurity+0x378/0x430 [ 125.106435][ T7491] security_inode_setsecurity+0x118/0x3c0 [ 125.107990][ T7491] __vfs_setxattr_noperm+0x174/0x5c4 [ 125.109572][ T7491] __vfs_setxattr_locked+0x1ec/0x218 [ 125.111107][ T7491] vfs_setxattr+0x158/0x2ac [ 125.112396][ T7491] file_setxattr+0x1b8/0x294 [ 125.113652][ T7491] path_setxattrat+0x2ac/0x320 [ 125.114981][ T7491] __arm64_sys_fsetxattr+0xc0/0xdc [ 125.116425][ T7491] invoke_syscall+0x98/0x2b8 [ 125.117691][ T7491] el0_svc_common+0x130/0x23c [ 125.119062][ T7491] do_el0_svc+0x48/0x58 [ 125.120292][ T7491] el0_svc+0x58/0x180 [ 125.121523][ T7491] el0t_64_sync_handler+0x84/0x12c [ 125.122973][ T7491] el0t_64_sync+0x198/0x19c [ 125.124179][ T7491] irq event stamp: 189 [ 125.125260][ T7491] hardirqs last enabled at (188): [] __console_unlock+0x70/0xc4 [ 125.127900][ T7491] hardirqs last disabled at (189): [] el1_brk64+0x1c/0x48 [ 125.130402][ T7491] softirqs last enabled at (136): [] release_sock+0x14c/0x1ac [ 125.132944][ T7491] softirqs last disabled at (164): [] local_bh_disable+0x10/0x34 [ 125.135627][ T7491] ---[ end trace 0000000000000000 ]--- [ 125. ** replaying previous printk message ** [ 125.137320][ T7491] ------------[ cut here ]------------ [ 125.137357][ T7491] ODEBUG: active_state active (active state 1) object: 000000002053ae6c object type: rcu_head hint: 0x0 [ 125.137735][ T7491] WARNING: CPU: 0 PID: 7491 at lib/debugobjects.c:615 debug_object_active_state+0x28c/0x350 [ 125.146077][ T7491] Modules linked in: [ 125.147263][ T7491] CPU: 0 UID: 0 PID: 7491 Comm: syz.0.17 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 125.151033][ T7491] Tainted: [W]=WARN [ 125.152135][ T7491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 125.155015][ T7491] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 125.157232][ T7491] pc : debug_object_active_state+0x28c/0x350 [ 125.158915][ T7491] lr : debug_object_active_state+0x28c/0x350 [ 125.160609][ T7491] sp : ffff8000a0cd76c0 [ 125.161876][ T7491] x29: ffff8000a0cd76d0 x28: ffff80008f671000 x27: dfff800000000000 [ 125.164317][ T7491] x26: 0000000000000003 x25: 0000000000000000 x24: ffff0000d12b1150 [ 125.166883][ T7491] x23: 0000000000000001 x22: ffff80008afc2440 x21: ffff80008b5399e0 [ 125.169287][ T7491] x20: 0000000000000000 x19: ffff8000891ac400 x18: 0000000000000000 [ 125.171772][ T7491] x17: 3530323030303030 x16: ffff80008ae63d88 x15: ffff700011ede144 [ 125.174100][ T7491] x14: 1ffff00011ede144 x13: 0000000000000004 x12: ffffffffffffffff [ 125.176527][ T7491] x11: ffff700011ede144 x10: 0000000000ff0100 x9 : 3a9c2e14942ed200 [ 125.178901][ T7491] x8 : 3a9c2e14942ed200 x7 : 0000000000000001 x6 : 0000000000000001 [ 125.181262][ T7491] x5 : ffff8000a0cd7018 x4 : ffff80008f766be0 x3 : ffff80008054d314 [ 125.183508][ T7491] x2 : 0000000000000000 x1 : 0000000000000202 x0 : 0000000000000000 [ 125.185803][ T7491] Call trace: [ 125.186770][ T7491] debug_object_active_state+0x28c/0x350 (P) [ 125.188485][ T7491] kvfree_call_rcu+0x64/0x3f0 [ 125.189781][ T7491] cipso_v4_sock_setattr+0x2fc/0x40c [ 125.191273][ T7491] netlbl_sock_setattr+0x240/0x334 [ 125.192756][ T7491] smack_netlbl_add+0xa8/0x158 [ 125.194077][ T7491] smack_inode_setsecurity+0x378/0x430 [ 125.195667][ T7491] security_inode_setsecurity+0x118/0x3c0 [ 125.197245][ T7491] __vfs_setxattr_noperm+0x174/0x5c4 [ 125.198738][ T7491] __vfs_setxattr_locked+0x1ec/0x218 [ 125.200324][ T7491] vfs_setxattr+0x158/0x2ac [ 125.201595][ T7491] file_setxattr+0x1b8/0x294 [ 125.202910][ T7491] path_setxattrat+0x2ac/0x320 [ 125.204334][ T7491] __arm64_sys_fsetxattr+0xc0/0xdc [ 125.205751][ T7491] invoke_syscall+0x98/0x2b8 [ 125.207054][ T7491] el0_svc_common+0x130/0x23c [ 125.208384][ T7491] do_el0_svc+0x48/0x58 [ 125.209590][ T7491] el0_svc+0x58/0x180 [ 125.210703][ T7491] el0t_64_sync_handler+0x84/0x12c [ 125.212167][ T7491] el0t_64_sync+0x198/0x19c [ 125.213503][ T7491] irq event stamp: 217 [ 125.214696][ T7491] hardirqs last enabled at (216): [] __console_unlock+0x70/0xc4 [ 125.217433][ T7491] hardirqs last disabled at (217): [] el1_brk64+0x1c/0x48 [ 125.219959][ T7491] softirqs last enabled at (136): [] release_sock+0x14c/0x1ac [ 125.222540][ T7491] softirqs last disabled at (164): [] local_bh_disable+0x10/0x34 [ 125.225164][ T7491] ---[ end trace 0000000000000000 ]--- [ 125.226828][ T7491] ------------[ cut here ]------------ [ 125.226878][ T7491] kvfree_call_rcu(): Double-freed call. rcu_head 000000002053ae6c [ 125.226993][ T7491] WARNING: CPU: 0 PID: 7491 at mm/slab_common.c:1956 kvfree_call_rcu+0x94/0x3f0 [ 125.233368][ T7491] Modules linked in: [ 125.234515][ T7491] CPU: 0 UID: 0 PID: 7491 Comm: syz.0.17 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 125.238384][ T7491] Tainted: [W]=WARN [ 125.239512][ T7491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 125.242419][ T7491] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 125.244684][ T7491] pc : kvfree_call_rcu+0x94/0x3f0 [ 125.246153][ T7491] lr : kvfree_call_rcu+0x94/0x3f0 [ 125.247584][ T7491] sp : ffff8000a0cd7730 [ 125.248776][ T7491] x29: ffff8000a0cd7730 x28: 00000000fffffff5 x27: 1fffe00018f30aa3 [ 125.251072][ T7491] x26: dfff800000000000 x25: ffff0000c798551e x24: ffff0000ebecec00 [ 125.253422][ T7491] x23: ffff8000891ac400 x22: 00000000ffffffea x21: ffff8000891ac400 [ 125.255693][ T7491] x20: ffff8000891ac400 x19: ffff80008afc2440 x18: 0000000000000000 [ 125.257971][ T7491] x17: 0000000000000000 x16: ffff80008ae63d88 x15: ffff700011ede144 [ 125.260242][ T7491] x14: 1ffff00011ede144 x13: 0000000000000004 x12: ffffffffffffffff [ 125.262420][ T7491] x11: ffff700011ede144 x10: 0000000000ff0100 x9 : 3a9c2e14942ed200 [ 125.264736][ T7491] x8 : 3a9c2e14942ed200 x7 : 0000000000000001 x6 : 0000000000000001 [ 125.266951][ T7491] x5 : ffff8000a0cd7078 x4 : ffff80008f766be0 x3 : ffff80008054d314 [ 125.269241][ T7491] x2 : 0000000000000000 x1 : 0000000000000202 x0 : 0000000000000000 [ 125.271453][ T7491] Call trace: [ 125.272359][ T7491] kvfree_call_rcu+0x94/0x3f0 (P) [ 125.273767][ T7491] cipso_v4_sock_setattr+0x2fc/0x40c [ 125.275283][ T7491] netlbl_sock_setattr+0x240/0x334 [ 125.276682][ T7491] smack_netlbl_add+0xa8/0x158 [ 125.278074][ T7491] smack_inode_setsecurity+0x378/0x430 [ 125.279594][ T7491] security_inode_setsecurity+0x118/0x3c0 [ 125.281278][ T7491] __vfs_setxattr_noperm+0x174/0x5c4 [ 125.282860][ T7491] __vfs_setxattr_locked+0x1ec/0x218 [ 125.284344][ T7491] vfs_setxattr+0x158/0x2ac [ 125.285691][ T7491] file_setxattr+0x1b8/0x294 [ 125.286970][ T7491] path_setxattrat+0x2ac/0x320 [ 125.288414][ T7491] __arm64_sys_fsetxattr+0xc0/0xdc [ 125.289906][ T7491] invoke_syscall+0x98/0x2b8 [ 125.291262][ T7491] el0_svc_common+0x130/0x23c [ 125.292637][ T7491] do_el0_svc+0x48/0x58 [ 125.293823][ T7491] el0_svc+0x58/0x180 [ 125.295012][ T7491] el0t_64_sync_handler+0x84/0x12c [ 125.296470][ T7491] el0t_64_sync+0x198/0x19c [ 125.297721][ T7491] irq event stamp: 243 [ 125.298885][ T7491] hardirqs last enabled at (242): [] __console_unlock+0x70/0xc4 [ 125.301479][ T7491] hardirqs last disabled at (243): [] el1_brk64+0x1c/0x48 [ 125.303889][ T7491] softirqs last enabled at (136): [] release_sock+0x14c/0x1ac [ 125.306490][ T7491] softirqs last disabled at (164): [] local_bh_disable+0x10/0x34 [ 125.309289][ T7491] ---[ end trace 0000000000000000 ]--- [ 125.313683][ T6093] Bluetooth: hci0: command tx timeout [ 125.329548 ** replaying previous printk message ** [ 125.329548][ T7493] ------------[ cut here ]------------ [ 125.329589][ T7493] ODEBUG: activate active (active state 1) object: 000000002053ae6c object type: rcu_head hint: 0x0 [ 125.329976][ T7493] WARNING: CPU: 1 PID: 7493 at lib/debugobjects.c:615 debug_object_activate+0x344/0x460 [ 125.338386][ T7493] Modules linked in: [ 125.339516][ T7493] CPU: 1 UID: 0 PID: 7493 Comm: syz.0.18 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 125.343344][ T7493] Tainted: [W]=WARN [ 125.344533][ T7493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 125.347357][ T7493] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 125.349797][ T7493] pc : debug_object_activate+0x344/0x460 [ 125.351473][ T7493] lr : debug_object_activate+0x344/0x460 [ 125.353281][ T7493] sp : ffff80009dbb76d0 [ 125.354544][ T7493] x29: ffff80009dbb76d0 x28: ffff8000976d8000 x27: dfff800000000000 [ 125.357046][ T7493] x26: ffff80008afc2440 x25: 0000000000000001 x24: ffff8000891ac400 [ 125.359514][ T7493] x23: 0000000000000003 x22: ffff80008b5399e0 x21: 0000000000000000 [ 125.361914][ T7493] x20: ffff80008afc2440 x19: ffff8000891ac400 x18: 0000000000000000 [ 125.364514][ T7493] x17: 3665613335303230 x16: ffff80008aefc4e0 x15: 0000000000000001 [ 125.367008][ T7493] x14: 1fffe000337d88e2 x13: 0000000000000000 x12: 0000000000000000 [ 125.369578][ T7493] x11: ffff6000337d88e3 x10: 0000000000ff0100 x9 : 7b923b026914ad00 [ 125.371879][ T7493] x8 : 7b923b026914ad00 x7 : 0000000000000001 x6 : 0000000000000001 [ 125.374121][ T7493] x5 : ffff80009dbb7018 x4 : ffff80008f766be0 x3 : ffff8000807bcfac [ 125.376397][ T7493] x2 : 0000000000000001 x1 : 0000000100000202 x0 : 0000000000000000 [ 125.378615][ T7493] Call trace: [ 125.379479][ T7493] debug_object_activate+0x344/0x460 (P) [ 125.381123][ T7493] kvfree_call_rcu+0x4c/0x3f0 [ 125.382414][ T7493] cipso_v4_sock_setattr+0x2fc/0x40c [ 125.383919][ T7493] netlbl_sock_setattr+0x240/0x334 [ 125.385437][ T7493] smack_netlbl_add+0xa8/0x158 [ 125.386796][ T7493] smack_inode_setsecurity+0x378/0x430 [ 125.388310][ T7493] security_inode_setsecurity+0x118/0x3c0 [ 125.390039][ T7493] __vfs_setxattr_noperm+0x174/0x5c4 [ 125.391541][ T7493] __vfs_setxattr_locked+0x1ec/0x218 [ 125.393083][ T7493] vfs_setxattr+0x158/0x2ac [ 125.394392][ T7493] file_setxattr+0x1b8/0x294 [ 125.395718][ T7493] path_setxattrat+0x2ac/0x320 [ 125.397122][ T7493] __arm64_sys_fsetxattr+0xc0/0xdc [ 125.398613][ T7493] invoke_syscall+0x98/0x2b8 [ 125.399994][ T7493] el0_svc_common+0x130/0x23c [ 125.401319][ T7493] do_el0_svc+0x48/0x58 [ 125.402483][ T7493] el0_svc+0x58/0x180 [ 125.403634][ T7493] el0t_64_sync_handler+0x84/0x12c [ 125.405199][ T7493] el0t_64_sync+0x198/0x19c [ 125.406484][ T7493] irq event stamp: 173 [ 125.407617][ T7493] hardirqs last enabled at (172): [] __console_unlock+0x70/0xc4 [ 125.410203][ T7493] hardirqs last disabled at (173): [] el1_brk64+0x1c/0x48 [ 125.412644][ T7493] softirqs last enabled at (122): [] release_sock+0x14c/0x1ac [ 125.415219][ T7493] softirqs last disabled at (148): [] local_bh_disable+0x10/0x34 [ 125.417855][ T7493] ---[ end trace 0000000000000000 ]--- [ 125.419446][ ** replaying previous printk message ** [ 125.419446][ T7493] ------------[ cut here ]------------ [ 125.419484][ T7493] ODEBUG: active_state active (active state 1) object: 000000002053ae6c object type: rcu_head hint: 0x0 [ 125.419865][ T7493] WARNING: CPU: 1 PID: 7493 at lib/debugobjects.c:615 debug_object_active_state+0x28c/0x350 [ 125.428843][ T7493] Modules linked in: [ 125.430155][ T7493] CPU: 1 UID: 0 PID: 7493 Comm: syz.0.18 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 125.434162][ T7493] Tainted: [W]=WARN [ 125.435317][ T7493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 125.438424][ T7493] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 125.440767][ T7493] pc : debug_object_active_state+0x28c/0x350 [ 125.442491][ T7493] lr : debug_object_active_state+0x28c/0x350 [ 125.444194][ T7493] sp : ffff80009dbb76c0 [ 125.445407][ T7493] x29: ffff80009dbb76d0 x28: ffff80008f671000 x27: dfff800000000000 [ 125.447759][ T7493] x26: 0000000000000003 x25: 0000000000000000 x24: ffff0000d12b1150 [ 125.450009][ T7493] x23: 0000000000000001 x22: ffff80008afc2440 x21: ffff80008b5399e0 [ 125.452347][ T7493] x20: 0000000000000000 x19: ffff8000891ac400 x18: 0000000000000000 [ 125.454643][ T7493] x17: 3530323030303030 x16: ffff80008ae63d88 x15: ffff700011ede144 [ 125.456914][ T7493] x14: 1ffff00011ede144 x13: 0000000000000004 x12: ffffffffffffffff [ 125.459255][ T7493] x11: ffff700011ede144 x10: 0000000000ff0100 x9 : 7b923b026914ad00 [ 125.461555][ T7493] x8 : 7b923b026914ad00 x7 : 0000000000000001 x6 : 0000000000000001 [ 125.463786][ T7493] x5 : ffff80009dbb7018 x4 : ffff80008f766be0 x3 : ffff80008054d314 [ 125.466047][ T7493] x2 : 0000000000000000 x1 : 0000000100000202 x0 : 0000000000000000 [ 125.468387][ T7493] Call trace: [ 125.469352][ T7493] debug_object_active_state+0x28c/0x350 (P) [ 125.471044][ T7493] kvfree_call_rcu+0x64/0x3f0 [ 125.472366][ T7493] cipso_v4_sock_setattr+0x2fc/0x40c [ 125.473871][ T7493] netlbl_sock_setattr+0x240/0x334 [ 125.475249][ T7493] smack_netlbl_add+0xa8/0x158 [ 125.476583][ T7493] smack_inode_setsecurity+0x378/0x430 [ 125.478149][ T7493] security_inode_setsecurity+0x118/0x3c0 [ 125.479721][ T7493] __vfs_setxattr_noperm+0x174/0x5c4 [ 125.481273][ T7493] __vfs_setxattr_locked+0x1ec/0x218 [ 125.482776][ T7493] vfs_setxattr+0x158/0x2ac [ 125.484102][ T7493] file_setxattr+0x1b8/0x294 [ 125.485354][ T7493] path_setxattrat+0x2ac/0x320 [ 125.486706][ T7493] __arm64_sys_fsetxattr+0xc0/0xdc [ 125.488160][ T7493] invoke_syscall+0x98/0x2b8 [ 125.489473][ T7493] el0_svc_common+0x130/0x23c [ 125.490823][ T7493] do_el0_svc+0x48/0x58 [ 125.492005][ T7493] el0_svc+0x58/0x180 [ 125.493159][ T7493] el0t_64_sync_handler+0x84/0x12c [ 125.494527][ T7493] el0t_64_sync+0x198/0x19c [ 125.495985][ T7493] irq event stamp: 197 [ 125.497237][ T7493] hardirqs last enabled at (196): [] __console_unlock+0x70/0xc4 [ 125.500218][ T7493] hardirqs last disabled at (197): [] el1_brk64+0x1c/0x48 [ 125.502738][ T7493] softirqs last enabled at (122): [] release_sock+0x14c/0x1ac [ 125.505311][ T7493] softirqs last disabled at (148): [] local_bh_disable+0x10/0x34 [ 125.507971][ T7493] ---[ end trace 0000000000000000 ]--- [ ** replaying previous printk message ** [ 125.527367][ T7495] ------------[ cut here ]------------ [ 125.527414][ T7495] ODEBUG: activate active (active state 1) object: 000000002053ae6c object type: rcu_head hint: 0x0 [ 125.527806][ T7495] WARNING: CPU: 0 PID: 7495 at lib/debugobjects.c:615 debug_object_activate+0x344/0x460 [ 125.536033][ T7495] Modules linked in: [ 125.537209][ T7495] CPU: 0 UID: 0 PID: 7495 Comm: syz.0.19 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 125.540943][ T7495] Tainted: [W]=WARN [ 125.541974][ T7495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 125.544788][ T7495] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 125.547097][ T7495] pc : debug_object_activate+0x344/0x460 [ 125.548655][ T7495] lr : debug_object_activate+0x344/0x460 [ 125.550243][ T7495] sp : ffff80009dbb76d0 [ 125.551434][ T7495] x29: ffff80009dbb76d0 x28: ffff8000976d8000 x27: dfff800000000000 [ 125.553665][ T7495] x26: ffff80008afc2440 x25: 0000000000000001 x24: ffff8000891ac400 [ 125.555780][ T7495] x23: 0000000000000003 x22: ffff80008b5399e0 x21: 0000000000000000 [ 125.558131][ T7495] x20: ffff80008afc2440 x19: ffff8000891ac400 x18: 0000000000000000 [ 125.560395][ T7495] x17: 3665613335303230 x16: ffff80008ae63d88 x15: ffff700011ede144 [ 125.562727][ T7495] x14: 1ffff00011ede144 x13: 0000000000000004 x12: ffffffffffffffff [ 125.565005][ T7495] x11: ffff700011ede144 x10: 0000000000ff0100 x9 : cc0d2be2b1b20200 [ 125.567252][ T7495] x8 : cc0d2be2b1b20200 x7 : 0000000000000001 x6 : 0000000000000001 [ 125.569534][ T7495] x5 : ffff80009dbb7018 x4 : ffff80008f766be0 x3 : ffff80008054d314 [ 125.571790][ T7495] x2 : 0000000000000000 x1 : 0000000000000202 x0 : 0000000000000000 [ 125.573990][ T7495] Call trace: [ 125.574950][ T7495] debug_object_activate+0x344/0x460 (P) [ 125.576535][ T7495] kvfree_call_rcu+0x4c/0x3f0 [ 125.577905][ T7495] cipso_v4_sock_setattr+0x2fc/0x40c [ 125.579334][ T7495] netlbl_sock_setattr+0x240/0x334 [ 125.580798][ T7495] smack_netlbl_add+0xa8/0x158 [ 125.582041][ T7495] smack_inode_setsecurity+0x378/0x430 [ 125.583509][ T7495] security_inode_setsecurity+0x118/0x3c0 [ 125.585146][ T7495] __vfs_setxattr_noperm+0x174/0x5c4 [ 125.586606][ T7495] __vfs_setxattr_locked+0x1ec/0x218 [ 125.588139][ T7495] vfs_setxattr+0x158/0x2ac [ 125.589390][ T7495] file_setxattr+0x1b8/0x294 [ 125.590642][ T7495] path_setxattrat+0x2ac/0x320 [ 125.592138][ T7495] __arm64_sys_fsetxattr+0xc0/0xdc [ 125.593584][ T7495] invoke_syscall+0x98/0x2b8 [ 125.594918][ T7495] el0_svc_common+0x130/0x23c [ 125.596103][ T7495] do_el0_svc+0x48/0x58 [ 125.597357][ T7495] el0_svc+0x58/0x180 [ 125.598507][ T7495] el0t_64_sync_handler+0x84/0x12c [ 125.600001][ T7495] el0t_64_sync+0x198/0x19c [ 125.601289][ T7495] irq event stamp: 171 [ 125.602422][ T7495] hardirqs last enabled at (170): [] __console_unlock+0x70/0xc4 [ 125.605027][ T7495] hardirqs last disabled at (171): [] el1_brk64+0x1c/0x48 [ 125.607557][ T7495] softirqs last enabled at (118): [] release_sock+0x14c/0x1ac [ 125.610141][ T7495] softirqs last disabled at (144): [] local_bh_disable+0x10/0x34 [ 125.612981][ T7495] ---[ end trace 0000000000000000 ]--- [ 125.935708][ T2406] ieee802154 phy0 wpan0: encryption failed: -22 [ 125.937642][ T2406] ieee802154 phy1 wpan1: encryption failed: -22 [ 129.454179][ T165] ------------[ cut here ]------------ [ 129.454288][ T165] Trying to vfree() bad address (000000002053ae6c) [ 129.458112][ T165] WARNING: CPU: 1 PID: 165 at mm/vmalloc.c:3274 remove_vm_area+0x268/0x270 [ 129.460388][ T165] Modules linked in: [ 129.461528][ T165] CPU: 1 UID: 0 PID: 165 Comm: kworker/u8:5 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 129.465244][ T165] Tainted: [W]=WARN [ 129.466267][ T165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 129.468991][ T165] Workqueue: kvfree_rcu_reclaim kfree_rcu_monitor [ 129.470704][ T165] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 129.472748][ T165] pc : remove_vm_area+0x268/0x270 [ 129.474103][ T165] lr : remove_vm_area+0x264/0x270 [ 129.475433][ T165] sp : ffff80009bb078e0 [ 129.476564][ T165] x29: ffff80009bb078f0 x28: ffff00019bed34d4 x27: ffff00019bed34c0 [ 129.478751][ T165] x26: ffff00019bed34b0 x25: dfff800000000000 x24: 0000000000000001 [ 129.480937][ T165] x23: ffff0000c2b27028 x22: 1fffe00018b0b3d1 x21: 0000000000000000 [ 129.483099][ T165] x20: 0000000000000000 x19: ffff8000891ac400 x18: 1fffe000337d8876 [ 129.485353][ T165] x17: ffff80008f66e000 x16: ffff80008aefc4e0 x15: 0000000000000001 [ 129.487469][ T165] x14: 1fffe000337db2f0 x13: 0000000000000000 x12: 0000000000000000 [ 129.489605][ T165] x11: ffff800093163c08 x10: 0000000000000003 x9 : f98082ddbede3200 [ 129.491761][ T165] x8 : f98082ddbede3200 x7 : ffff800080488a2c x6 : 0000000000000000 [ 129.493998][ T165] x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000010 [ 129.496054][ T165] x2 : 0000000000000006 x1 : ffff80008b538ee0 x0 : 0000000000000001 [ 129.498356][ T165] Call trace: [ 129.499246][ T165] remove_vm_area+0x268/0x270 (P) [ 129.500583][ T165] vfree+0xac/0x3dc [ 129.501608][ T165] kvfree_rcu_bulk+0xc4/0x228 [ 129.502891][ T165] kfree_rcu_monitor+0x230/0x2b4 [ 129.504271][ T165] process_one_work+0x7e8/0x155c [ 129.505623][ T165] worker_thread+0x958/0xed8 [ 129.506858][ T165] kthread+0x5fc/0x75c [ 129.507925][ T165] ret_from_fork+0x10/0x20 [ 129.509067][ T165] irq event stamp: 1423862 [ 129.510233][ T165] hardirqs last enabled at (1423861): [] finish_lock_switch+0xb0/0x1c0 [ 129.512914][ T165] hardirqs last disabled at (1423862): [] el1_brk64+0x1c/0x48 [ 129.515330][ T165] softirqs last enabled at (1423828): [] batadv_nc_purge_paths+0x2f4/0x37c [ 129.518185][ T165] softirqs last disabled at (1423826): [] batadv_nc_purge_paths+0xd0/0x37c [ 129.520909][ T165] ---[ end trace 0000000000000000 ]--- [ 1 ** replaying previous printk message ** [ 129.524831][ T165] ------------[ cut here ]------------ [ 129.524879][ T165] Trying to vfree() nonexistent vm area (000000002053ae6c) [ 129.525000][ T165] WARNING: CPU: 0 PID: 165 at mm/vmalloc.c:3409 vfree+0x32c/0x3dc [ 129.531493][ T165] Modules linked in: [ 129.532547][ T165] CPU: 0 UID: 0 PID: 165 Comm: kworker/u8:5 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 129.536361][ T165] Tainted: [W]=WARN [ 129.537499][ T165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 129.540336][ T165] Workqueue: kvfree_rcu_reclaim kfree_rcu_monitor [ 129.542156][ T165] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 129.544218][ T165] pc : vfree+0x32c/0x3dc [ 129.545403][ T165] lr : vfree+0x32c/0x3dc [ 129.546559][ T165] sp : ffff80009bb07950 [ 129.547712][ T165] x29: ffff80009bb07960 x28: ffff00019bed34d4 x27: ffff00019bed34c0 [ 129.549929][ T165] x26: ffff00019bed34b0 x25: dfff800000000000 x24: 0000000000000001 [ 129.552083][ T165] x23: ffff0000c2b27028 x22: 1fffe00018b0b3d1 x21: 0000000000000000 [ 129.554322][ T165] x20: ffff8000891ac400 x19: 0000000000000000 x18: 1fffe000337d8876 [ 129.556586][ T165] x17: 0000000000000000 x16: ffff80008aefc4e0 x15: 0000000000000001 [ 129.558811][ T165] x14: 1fffe000337d40e2 x13: 0000000000000000 x12: 0000000000000000 [ 129.560981][ T165] x11: ffff6000337d40e3 x10: 0000000000ff0100 x9 : f98082ddbede3200 [ 129.563201][ T165] x8 : f98082ddbede3200 x7 : 0000000000000001 x6 : 0000000000000001 [ 129.565496][ T165] x5 : ffff80009bb07298 x4 : ffff80008f766be0 x3 : ffff8000807bcfac [ 129.567723][ T165] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 129.569954][ T165] Call trace: [ 129.570799][ T165] vfree+0x32c/0x3dc (P) [ 129.571980][ T165] kvfree_rcu_bulk+0xc4/0x228 [ 129.573222][ T165] kfree_rcu_monitor+0x230/0x2b4 [ 129.574614][ T165] process_one_work+0x7e8/0x155c [ 129.576056][ T165] worker_thread+0x958/0xed8 [ 129.577412][ T165] kthread+0x5fc/0x75c [ 129.578580][ T165] ret_from_fork+0x10/0x20 [ 129.579745][ T165] irq event stamp: 1424174 [ 129.580886][ T165] hardirqs last enabled at (1424173): [] __console_unlock+0x70/0xc4 [ 129.583616][ T165] hardirqs last disabled at (1424174): [] el1_brk64+0x1c/0x48 [ 129.586127][ T165] softirqs last enabled at (1424150): [] handle_softirqs+0xaf8/0xc88 [ 129.588933][ T165] softirqs last disabled at (1423865): [] __do_softirq+0x14/0x20 [ 129.591591][ T165] ---[ end trace 0000000000000000 ]--- [ 129.658084][ T12] ------------[ cut here ]------------ [ 129.658203][ T12] Trying to vfree() bad address (000000002053ae6c) [ 129.658835][ T12] WARNING: CPU: 0 PID: 12 at mm/vmalloc.c:3274 remove_vm_area+0x268/0x270 [ 129.664464][ T12] Modules linked in: [ 129.665572][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 129.669356][ T12] Tainted: [W]=WARN [ 129.670428][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 129.673115][ T12] Workqueue: kvfree_rcu_reclaim kfree_rcu_work [ 129.674864][ T12] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 129.676983][ T12] pc : remove_vm_area+0x268/0x270 [ 129.678400][ T12] lr : remove_vm_area+0x264/0x270 [ 129.679824][ T12] sp : ffff800097a878f0 [ 129.680960][ T12] x29: ffff800097a87900 x28: 1ffff00011ece29b x27: dfff800000000000 [ 129.683128][ T12] x26: ffff0000c1a1ea18 x25: dfff800000000000 x24: 0000000000000001 [ 129.685411][ T12] x23: ffff0000c2b25028 x22: 1fffe0001833eb71 x21: 0000000000000000 [ 129.687561][ T12] x20: 0000000000000000 x19: ffff8000891ac400 x18: 1fffe000337d4076 [ 129.689835][ T12] x17: ffff80008f66e000 x16: ffff80008aefc4e0 x15: 0000000000000001 [ 129.692077][ T12] x14: 1fffe000337d6af0 x13: 0000000000000000 x12: 0000000000000000 [ 129.694232][ T12] x11: ffff800093163c08 x10: 0000000000000003 x9 : 46b3b56397c6f900 [ 129.696465][ T12] x8 : 46b3b56397c6f900 x7 : ffff800080488a2c x6 : 0000000000000000 [ 129.698705][ T12] x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000010 [ 129.700976][ T12] x2 : 0000000000000006 x1 : ffff80008b538ee0 x0 : 0000000000000001 [ 129.703233][ T12] Call trace: [ 129.704166][ T12] remove_vm_area+0x268/0x270 (P) [ 129.705567][ T12] vfree+0xac/0x3dc [ 129.706601][ T12] kvfree_rcu_bulk+0xc4/0x228 [ 129.707924][ T12] kfree_rcu_work+0xe0/0x140 [ 129.709193][ T12] process_one_work+0x7e8/0x155c [ 129.710553][ T12] worker_thread+0x958/0xed8 [ 129.711857][ T12] kthread+0x5fc/0x75c [ 129.712992][ T12] ret_from_fork+0x10/0x20 [ 129.714231][ T12] irq event stamp: 1204344 [ 129.715460][ T12] hardirqs last enabled at (1204343): [] finish_lock_switch+0xb0/0x1c0 [ 129.718297][ T12] hardirqs last disabled at (1204344): [] el1_brk64+0x1c/0x48 [ 129.720883][ T12] softirqs last enabled at (1200588): [] ieee80211_ibss_work+0x294/0xd50 [ 129.723698][ T12] softirqs last disabled at (1200586): [] ieee80211_ibss_work+0xc0/0xd50 [ 129.726543][ T12] ---[ end trace 0000000000000000 ]--- [ ** replaying previous printk message ** [ 129.731823][ T12] ------------[ cut here ]------------ [ 129.731874][ T12] Trying to vfree() nonexistent vm area (000000002053ae6c) [ 129.731994][ T12] WARNING: CPU: 0 PID: 12 at mm/vmalloc.c:3409 vfree+0x32c/0x3dc [ 129.738563][ T12] Modules linked in: [ 129.739695][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 129.743458][ T12] Tainted: [W]=WARN [ 129.744523][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 129.747269][ T12] Workqueue: kvfree_rcu_reclaim kfree_rcu_work [ 129.748998][ T12] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 129.751279][ T12] pc : vfree+0x32c/0x3dc [ 129.752408][ T12] lr : vfree+0x32c/0x3dc [ 129.753637][ T12] sp : ffff800097a87960 [ 129.754779][ T12] x29: ffff800097a87970 x28: 1ffff00011ece29b x27: dfff800000000000 [ 129.757053][ T12] x26: ffff0000c1a1ea18 x25: dfff800000000000 x24: 0000000000000001 [ 129.759353][ T12] x23: ffff0000c2b25028 x22: 1fffe0001833eb71 x21: 0000000000000000 [ 129.761643][ T12] x20: ffff8000891ac400 x19: 0000000000000000 x18: 1fffe000337d4076 [ 129.763955][ T12] x17: 0000000000000000 x16: ffff80008aefc4e0 x15: 0000000000000001 [ 129.766216][ T12] x14: 1fffe000337d40e2 x13: 0000000000000000 x12: 0000000000000000 [ 129.768451][ T12] x11: ffff6000337d40e3 x10: 0000000000ff0100 x9 : 46b3b56397c6f900 [ 129.770683][ T12] x8 : 46b3b56397c6f900 x7 : 0000000000000001 x6 : 0000000000000001 [ 129.772837][ T12] x5 : ffff800097a872b8 x4 : ffff80008f766be0 x3 : ffff8000807bcfac [ 129.775118][ T12] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 129.777299][ T12] Call trace: [ 129.778259][ T12] vfree+0x32c/0x3dc (P) [ 129.779389][ T12] kvfree_rcu_bulk+0xc4/0x228 [ 129.780826][ T12] kfree_rcu_work+0xe0/0x140 [ 129.782176][ T12] process_one_work+0x7e8/0x155c [ 129.783542][ T12] worker_thread+0x958/0xed8 [ 129.784826][ T12] kthread+0x5fc/0x75c [ 129.785955][ T12] ret_from_fork+0x10/0x20 [ 129.787115][ T12] irq event stamp: 1204532 [ 129.788296][ T12] hardirqs last enabled at (1204531): [] __console_unlock+0x70/0xc4 [ 129.790940][ T12] hardirqs last disabled at (1204532): [] el1_brk64+0x1c/0x48 [ 129.793478][ T12] softirqs last enabled at (1204508): [] handle_softirqs+0xaf8/0xc88 [ 129.796211][ T12] softirqs last disabled at (1204347): [] __do_softirq+0x14/0x20 [ 129.798780][ T12] ---[ end trace 0000000000000000 ]--- 1970/01/01 00:02:10 executed programs: 243 [ 134.573309][ T60] ------------[ cut here ]------------ [ 134.573366][ T60] Trying to vfree() bad address (000000002053ae6c) [ 134.577163][ T60] WARNING: CPU: 1 PID: 60 at mm/vmalloc.c:3274 remove_vm_area+0x268/0x270 [ 134.579481][ T60] Modules linked in: [ 134.580564][ T60] CPU: 1 UID: 0 PID: 60 Comm: kworker/u8:4 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 134.584253][ T60] Tainted: [W]=WARN [ 134.585282][ T60] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 134.588104][ T60] Workqueue: kvfree_rcu_reclaim kfree_rcu_monitor [ 134.589936][ T60] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 134.592024][ T60] pc : remove_vm_area+0x268/0x270 [ 134.593375][ T60] lr : remove_vm_area+0x264/0x270 [ 134.594844][ T60] sp : ffff800099b778e0 [ 134.595970][ T60] x29: ffff800099b778f0 x28: ffff00019bed34d4 x27: ffff00019bed34c0 [ 134.598225][ T60] x26: ffff00019bed34b0 x25: dfff800000000000 x24: 0000000000000001 [ 134.600468][ T60] x23: ffff0000c2b26028 x22: 1fffe000187a9001 x21: 0000000000000000 [ 134.602717][ T60] x20: 0000000000000000 x19: ffff8000891ac400 x18: 1fffe000337d8876 [ 134.604945][ T60] x17: ffff80008f66e000 x16: ffff80008aefc4e0 x15: 0000000000000001 [ 134.607156][ T60] x14: 1fffe000337db2f0 x13: 0000000000000000 x12: 0000000000000000 [ 134.609440][ T60] x11: ffff800093163c08 x10: 0000000000000003 x9 : f8f3304391a8fb00 [ 134.611915][ T60] x8 : f8f3304391a8fb00 x7 : ffff800080488a2c x6 : 0000000000000000 [ 134.614152][ T60] x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000010 [ 134.616366][ T60] x2 : 0000000000000006 x1 : ffff80008b538ee0 x0 : 0000000000000001 [ 134.618562][ T60] Call trace: [ 134.619456][ T60] remove_vm_area+0x268/0x270 (P) [ 134.620864][ T60] vfree+0xac/0x3dc [ 134.621981][ T60] kvfree_rcu_bulk+0xc4/0x228 [ 134.623270][ T60] kfree_rcu_monitor+0x230/0x2b4 [ 134.624595][ T60] process_one_work+0x7e8/0x155c [ 134.625990][ T60] worker_thread+0x958/0xed8 [ 134.627278][ T60] kthread+0x5fc/0x75c [ 134.628410][ T60] ret_from_fork+0x10/0x20 [ 134.629709][ T60] irq event stamp: 1548688 [ 134.630917][ T60] hardirqs last enabled at (1548687): [] finish_lock_switch+0xb0/0x1c0 [ 134.633591][ T60] hardirqs last disabled at (1548688): [] el1_brk64+0x1c/0x48 [ 134.636076][ T60] softirqs last enabled at (1548650): [] ieee80211_ibss_work+0x294/0xd50 [ 134.638821][ T60] softirqs last disabled at (1548648): [] ieee80211_ibss_work+0xc0/0xd50 [ 134.641636][ T60] ---[ end trace 0000000000000000 ]--- [ 134.645292][ T60] ------------[ cut here ]------------ [ 134.645341][ T60] Trying to vfree() nonexistent vm area (000000002053ae6c) [ 134.649160][ T60] WARNING: CPU: 1 PID: 60 at mm/vmalloc.c:3409 vfree+0x32c/0x3dc [ 134.651276][ T60] Modules linked in: [ 134.652328][ T60] CPU: 1 UID: 0 PID: 60 Comm: kworker/u8:4 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 134.656195][ T60] Tainted: [W]=WARN [ 134.657294][ T60] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 134.660057][ T60] Workqueue: kvfree_rcu_reclaim kfree_rcu_monitor [ 134.661863][ T60] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 134.664109][ T60] pc : vfree+0x32c/0x3dc [ 134.665306][ T60] lr : vfree+0x32c/0x3dc [ 134.666482][ T60] sp : ffff800099b77950 [ 134.667631][ T60] x29: ffff800099b77960 x28: ffff00019bed34d4 x27: ffff00019bed34c0 [ 134.669916][ T60] x26: ffff00019bed34b0 x25: dfff800000000000 x24: 0000000000000001 [ 134.672119][ T60] x23: ffff0000c2b26028 x22: 1fffe000187a9001 x21: 0000000000000000 [ 134.674324][ T60] x20: ffff8000891ac400 x19: 0000000000000000 x18: 1fffe000337d8876 [ 134.676519][ T60] x17: ffff80008f66e000 x16: ffff80008aefc4e0 x15: 0000000000000001 [ 134.678779][ T60] x14: 1fffe000337db2f0 x13: 0000000000000000 x12: 0000000000000000 [ 134.681025][ T60] x11: ffff800093163c08 x10: 0000000000000003 x9 : f8f3304391a8fb00 [ 134.683295][ T60] x8 : f8f3304391a8fb00 x7 : ffff800080488a2c x6 : 0000000000000000 [ 134.685531][ T60] x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000010 [ 134.687739][ T60] x2 : 0000000000000006 x1 : ffff80008b538ee0 x0 : 0000000000000001 [ 134.689960][ T60] Call trace: [ 134.690862][ T60] vfree+0x32c/0x3dc (P) [ 134.692047][ T60] kvfree_rcu_bulk+0xc4/0x228 [ 134.693364][ T60] kfree_rcu_monitor+0x230/0x2b4 [ 134.694733][ T60] process_one_work+0x7e8/0x155c [ 134.696118][ T60] worker_thread+0x958/0xed8 [ 134.697368][ T60] kthread+0x5fc/0x75c [ 134.698504][ T60] ret_from_fork+0x10/0x20 [ 134.699701][ T60] irq event stamp: 1548750 [ 134.700874][ T60] hardirqs last enabled at (1548749): [] finish_lock_switch+0xb0/0x1c0 [ 134.703574][ T60] hardirqs last disabled at (1548750): [] el1_brk64+0x1c/0x48 [ 134.706054][ T60] softirqs last enabled at (1548722): [] handle_softirqs+0xaf8/0xc88 [ 134.708691][ T60] softirqs last disabled at (1548691): [] __do_softirq+0x14/0x20 [ 134.711317][ T60] ---[ end trace 0000000000000000 ]--- 1970/01/01 00:02:15 executed programs: 523