Warning: Permanently added '10.128.0.185' (ED25519) to the list of known hosts. 2026/03/16 02:18:29 parsed 1 programs Setting up swapspace version 1, size = 127995904 bytes [ 113.827695][ T6171] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 117.947960][ T6213] chnl_net:caif_netlink_parms(): no params data found [ 118.056680][ T6213] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.064084][ T6213] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.072060][ T6213] bridge_slave_0: entered allmulticast mode [ 118.079545][ T6213] bridge_slave_0: entered promiscuous mode [ 118.088858][ T6213] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.096131][ T6213] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.103535][ T6213] bridge_slave_1: entered allmulticast mode [ 118.110927][ T6213] bridge_slave_1: entered promiscuous mode [ 118.144192][ T6213] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 118.158528][ T6213] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 118.198740][ T6213] team0: Port device team_slave_0 added [ 118.207704][ T6213] team0: Port device team_slave_1 added [ 118.233771][ T6213] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 118.241181][ T6213] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 118.267495][ T6213] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 118.280445][ T6213] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 118.287640][ T6213] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 118.313583][ T6213] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 118.357882][ T6213] hsr_slave_0: entered promiscuous mode [ 118.365057][ T6213] hsr_slave_1: entered promiscuous mode [ 118.871430][ T6213] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 118.885804][ T6213] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 118.899779][ T6213] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 118.913783][ T6213] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 119.034613][ T6213] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.068440][ T6213] 8021q: adding VLAN 0 to HW filter on device team0 [ 119.087762][ T637] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.094989][ T637] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.114626][ T637] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.121868][ T637] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.409107][ T6213] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 119.496288][ T6213] veth0_vlan: entered promiscuous mode [ 119.515552][ T6213] veth1_vlan: entered promiscuous mode [ 119.576136][ T6213] veth0_macvtap: entered promiscuous mode [ 119.592475][ T6213] veth1_macvtap: entered promiscuous mode [ 119.629420][ T6213] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 119.653456][ T6213] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 119.679135][ T64] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.701088][ T64] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.723811][ T64] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.750402][ T64] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.913932][ T64] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.013554][ T64] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.123121][ T64] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.149925][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.175586][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.218327][ T64] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.265610][ T3454] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.280926][ T3454] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.984038][ T5150] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 122.001304][ T5150] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 122.009678][ T5150] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 122.024732][ T5150] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 122.038997][ T5150] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 122.660658][ T64] bridge_slave_1: left allmulticast mode [ 122.680130][ T64] bridge_slave_1: left promiscuous mode [ 122.696698][ T64] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.713604][ T64] bridge_slave_0: left allmulticast mode [ 122.728085][ T64] bridge_slave_0: left promiscuous mode [ 122.744161][ T64] bridge0: port 1(bridge_slave_0) entered disabled state 2026/03/16 02:18:43 executed programs: 0 [ 123.073089][ T5852] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 123.084650][ T5852] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 123.093158][ T5852] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 123.104714][ T5852] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 123.114730][ T5852] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 123.135927][ T64] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 123.151467][ T64] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 123.162448][ T64] bond0 (unregistering): Released all slaves [ 123.295261][ T64] hsr_slave_0: left promiscuous mode [ 123.301654][ T64] hsr_slave_1: left promiscuous mode [ 123.310328][ T64] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 123.318217][ T64] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 123.327417][ T64] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 123.335019][ T64] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 123.351087][ T64] veth1_macvtap: left promiscuous mode [ 123.357019][ T64] veth0_macvtap: left promiscuous mode [ 123.362653][ T64] veth1_vlan: left promiscuous mode [ 123.368117][ T64] veth0_vlan: left promiscuous mode [ 123.673773][ T64] team0 (unregistering): Port device team_slave_1 removed [ 123.689700][ T64] team0 (unregistering): Port device team_slave_0 removed [ 123.977305][ T6392] chnl_net:caif_netlink_parms(): no params data found [ 124.213088][ T6392] bridge0: port 1(bridge_slave_0) entered blocking state [ 124.221736][ T6392] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.229502][ T6392] bridge_slave_0: entered allmulticast mode [ 124.238846][ T6392] bridge_slave_0: entered promiscuous mode [ 124.255479][ T6392] bridge0: port 2(bridge_slave_1) entered blocking state [ 124.262928][ T6392] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.270839][ T6392] bridge_slave_1: entered allmulticast mode [ 124.279786][ T6392] bridge_slave_1: entered promiscuous mode [ 124.784134][ T6392] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 124.801089][ T6392] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 124.950097][ T6392] team0: Port device team_slave_0 added [ 125.048493][ T6392] team0: Port device team_slave_1 added [ 125.126935][ T5852] Bluetooth: hci0: command tx timeout [ 125.219011][ T6392] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 125.226072][ T6392] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 125.252586][ T6392] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 125.266649][ T6392] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 125.273815][ T6392] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 125.300848][ T6392] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 125.350343][ T6392] hsr_slave_0: entered promiscuous mode [ 125.357906][ T6392] hsr_slave_1: entered promiscuous mode [ 126.039514][ T6392] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 126.057752][ T6392] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 126.070409][ T6392] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 126.083170][ T6392] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 126.200508][ T6392] 8021q: adding VLAN 0 to HW filter on device bond0 [ 126.236998][ T6392] 8021q: adding VLAN 0 to HW filter on device team0 [ 126.258782][ T3454] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.265997][ T3454] bridge0: port 1(bridge_slave_0) entered forwarding state [ 126.288563][ T3454] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.295780][ T3454] bridge0: port 2(bridge_slave_1) entered forwarding state [ 126.494469][ T6392] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 126.549986][ T6392] veth0_vlan: entered promiscuous mode [ 126.562972][ T6392] veth1_vlan: entered promiscuous mode [ 126.599428][ T6392] veth0_macvtap: entered promiscuous mode [ 126.610219][ T6392] veth1_macvtap: entered promiscuous mode [ 126.637832][ T6392] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 126.654369][ T6392] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 126.671683][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.681772][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.693044][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.703634][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.771025][ T3454] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.779289][ T3454] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.811420][ T3454] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.819548][ T3454] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.855736][ T6492] [ 126.858085][ T6492] ===================================== [ 126.863608][ T6492] WARNING: bad unlock balance detected! [ 126.869143][ T6492] syzkaller #0 Not tainted [ 126.873535][ T6492] ------------------------------------- [ 126.879055][ T6492] syz.0.17/6492 is trying to release lock (&mm->mmap_lock) at: [ 126.886594][ T6492] [] mfill_get_vma+0x1ee/0x560 [ 126.892923][ T6492] but there are no more locks to release! [ 126.898615][ T6492] [ 126.898615][ T6492] other info that might help us debug this: [ 126.906738][ T6492] 1 lock held by syz.0.17/6492: [ 126.911567][ T6492] #0: ffff888077c73948 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x1d1/0x500 [ 126.920782][ T6492] [ 126.920782][ T6492] stack backtrace: [ 126.926678][ T6492] CPU: 1 UID: 0 PID: 6492 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) [ 126.926699][ T6492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 126.926711][ T6492] Call Trace: [ 126.926717][ T6492] [ 126.926723][ T6492] dump_stack_lvl+0xe8/0x150 [ 126.926743][ T6492] ? mfill_get_vma+0x1ee/0x560 [ 126.926754][ T6492] print_unlock_imbalance_bug+0xdc/0xf0 [ 126.926766][ T6492] lock_release+0x248/0x3d0 [ 126.926782][ T6492] ? mfill_get_vma+0x1ee/0x560 [ 126.926792][ T6492] up_read+0x16/0x20 [ 126.926803][ T6492] mfill_get_vma+0x1ee/0x560 [ 126.926814][ T6492] mfill_atomic_continue+0x189/0x12b0 [ 126.926823][ T6492] ? unwind_get_return_address+0x4d/0x90 [ 126.926833][ T6492] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 126.926846][ T6492] ? arch_stack_walk+0xfb/0x150 [ 126.926858][ T6492] ? __pfx_mfill_atomic_continue+0x10/0x10 [ 126.926869][ T6492] userfaultfd_ioctl+0x232d/0x4c70 [ 126.926883][ T6492] ? __kasan_slab_free+0x5c/0x80 [ 126.926892][ T6492] ? kfree+0x1c5/0x650 [ 126.926914][ T6492] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 126.926932][ T6492] ? kasan_quarantine_put+0xbb/0x1f0 [ 126.926948][ T6492] ? tomoyo_path_number_perm+0x219/0x630 [ 126.926962][ T6492] ? tomoyo_path_number_perm+0x219/0x630 [ 126.926974][ T6492] ? do_vfs_ioctl+0x1166/0x1530 [ 126.926984][ T6492] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 126.926995][ T6492] ? do_futex+0x333/0x420 [ 126.927007][ T6492] ? __fget_files+0x2a/0x420 [ 126.927020][ T6492] ? __fget_files+0x2a/0x420 [ 126.927032][ T6492] ? __fget_files+0x3a0/0x420 [ 126.927044][ T6492] ? __fget_files+0x2a/0x420 [ 126.927057][ T6492] ? bpf_lsm_file_ioctl+0x9/0x20 [ 126.927067][ T6492] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 126.927080][ T6492] __se_sys_ioctl+0xfc/0x170 [ 126.927090][ T6492] do_syscall_64+0x14d/0xf80 [ 126.927098][ T6492] ? trace_irq_disable+0x3b/0x150 [ 126.927110][ T6492] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.927120][ T6492] ? clear_bhb_loop+0x40/0x90 [ 126.927130][ T6492] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.927140][ T6492] RIP: 0033:0x7f2ea8f9c799 [ 126.927154][ T6492] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 126.927162][ T6492] RSP: 002b:00007f2ea9e4f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 126.927174][ T6492] RAX: ffffffffffffffda RBX: 00007f2ea9215fa0 RCX: 00007f2ea8f9c799 [ 126.927181][ T6492] RDX: 0000200000000080 RSI: 00000000c020aa07 RDI: 0000000000000003 [ 126.927187][ T6492] RBP: 00007f2ea9032c99 R08: 0000000000000000 R09: 0000000000000000 [ 126.927193][ T6492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 126.927199][ T6492] R13: 00007f2ea9216038 R14: 00007f2ea9215fa0 R15: 00007ffc924a90f8 [ 126.927208][ T6492] [ 127.201303][ T6492] ------------[ cut here ]------------ [ 127.206872][ T6492] DEBUG_RWSEMS_WARN_ON(!is_rwsem_reader_owned(sem)): count = 0x0, magic = 0xffff888034691bd0, owner = 0x0, curr 0xffff888035dfdb80, list not empty [ 127.207979][ T5852] Bluetooth: hci0: command tx timeout [ 127.221981][ T6492] WARNING: kernel/locking/rwsem.c:1384 at __up_read+0x52e/0x6b0, CPU#1: syz.0.17/6492 [ 127.237128][ T6492] Modules linked in: [ 127.241029][ T6492] CPU: 1 UID: 0 PID: 6492 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) [ 127.250155][ T6492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 127.260514][ T6492] RIP: 0010:__up_read+0x614/0x6b0 [ 127.265654][ T6492] Code: f4 ec 8b 49 c7 c2 e0 f3 ec 8b 4c 0f 44 d0 48 8b 7c 24 28 48 c7 c6 a0 f3 ec 8b 48 89 da 48 8b 4c 24 20 4d 89 f0 4d 89 f9 41 52 <67> 48 0f b9 3a 48 83 c4 08 e8 5e 1f 15 03 4c 8b 7c 24 18 e9 38 fb [ 127.286061][ T6492] RSP: 0018:ffffc90003127698 EFLAGS: 00010246 [ 127.292647][ T6492] RAX: ffffffff8becf400 RBX: 0000000000000000 RCX: ffff888034691bd0 [ 127.300916][ T6492] RDX: 0000000000000000 RSI: ffffffff8becf3a0 RDI: ffffffff90579f30 [ 127.309533][ T6492] RBP: ffffc90003127768 R08: 0000000000000000 R09: ffff888035dfdb80 [ 127.317817][ T6492] R10: ffffffff8becf400 R11: ffffed10068d237c R12: ffff888034691c28 [ 127.325889][ T6492] R13: 1ffff92000624edc R14: 0000000000000000 R15: ffff888035dfdb80 [ 127.334178][ T6492] FS: 00007f2ea9e4f6c0(0000) GS:ffff888124ee0000(0000) knlGS:0000000000000000 [ 127.343350][ T6492] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 127.350061][ T6492] CR2: 00007f2ea904eddd CR3: 0000000079298000 CR4: 00000000003526f0 [ 127.358072][ T6492] Call Trace: [ 127.361373][ T6492] [ 127.364308][ T6492] ? __pfx___up_read+0x10/0x10 [ 127.369284][ T6492] ? lock_release+0x2d7/0x3d0 [ 127.373987][ T6492] mfill_get_vma+0x1ee/0x560 [ 127.378703][ T6492] mfill_atomic_continue+0x189/0x12b0 [ 127.384288][ T6492] ? unwind_get_return_address+0x4d/0x90 [ 127.390210][ T6492] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 127.396438][ T6492] ? arch_stack_walk+0xfb/0x150 [ 127.401304][ T6492] ? __pfx_mfill_atomic_continue+0x10/0x10 [ 127.407205][ T6492] userfaultfd_ioctl+0x232d/0x4c70 [ 127.412328][ T6492] ? __kasan_slab_free+0x5c/0x80 [ 127.417306][ T6492] ? kfree+0x1c5/0x650 [ 127.421565][ T6492] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 127.427065][ T6492] ? kasan_quarantine_put+0xbb/0x1f0 [ 127.432367][ T6492] ? tomoyo_path_number_perm+0x219/0x630 [ 127.438219][ T6492] ? tomoyo_path_number_perm+0x219/0x630 [ 127.443867][ T6492] ? do_vfs_ioctl+0x1166/0x1530 [ 127.448804][ T6492] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 127.453839][ T6492] ? do_futex+0x333/0x420 [ 127.458206][ T6492] ? __fget_files+0x2a/0x420 [ 127.463108][ T6492] ? __fget_files+0x2a/0x420 [ 127.467857][ T6492] ? __fget_files+0x3a0/0x420 [ 127.472659][ T6492] ? __fget_files+0x2a/0x420 [ 127.477330][ T6492] ? bpf_lsm_file_ioctl+0x9/0x20 [ 127.482361][ T6492] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 127.488118][ T6492] __se_sys_ioctl+0xfc/0x170 [ 127.492723][ T6492] do_syscall_64+0x14d/0xf80 [ 127.497539][ T6492] ? trace_irq_disable+0x3b/0x150 [ 127.502589][ T6492] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.508790][ T6492] ? clear_bhb_loop+0x40/0x90 [ 127.513488][ T6492] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.519566][ T6492] RIP: 0033:0x7f2ea8f9c799 [ 127.524057][ T6492] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 127.544143][ T6492] RSP: 002b:00007f2ea9e4f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 127.552601][ T6492] RAX: ffffffffffffffda RBX: 00007f2ea9215fa0 RCX: 00007f2ea8f9c799 [ 127.560621][ T6492] RDX: 0000200000000080 RSI: 00000000c020aa07 RDI: 0000000000000003 [ 127.568858][ T6492] RBP: 00007f2ea9032c99 R08: 0000000000000000 R09: 0000000000000000 [ 127.576948][ T6492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 127.584925][ T6492] R13: 00007f2ea9216038 R14: 00007f2ea9215fa0 R15: 00007ffc924a90f8 [ 127.593256][ T6492] [ 127.596702][ T6492] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 127.603995][ T6492] CPU: 1 UID: 0 PID: 6492 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) [ 127.613371][ T6492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 127.623872][ T6492] Call Trace: [ 127.627180][ T6492] [ 127.630103][ T6492] vpanic+0x56c/0xa60 [ 127.634166][ T6492] ? __pfx__printk+0x10/0x10 [ 127.638747][ T6492] ? __pfx_vpanic+0x10/0x10 [ 127.643245][ T6492] ? is_bpf_text_address+0x292/0x2b0 [ 127.648545][ T6492] ? is_bpf_text_address+0x26/0x2b0 [ 127.653765][ T6492] panic+0xc5/0xd0 [ 127.657483][ T6492] ? __pfx_panic+0x10/0x10 [ 127.661917][ T6492] __warn+0x315/0x4f0 [ 127.665890][ T6492] ? __up_read+0x52e/0x6b0 [ 127.670510][ T6492] ? __up_read+0x52e/0x6b0 [ 127.674933][ T6492] __report_bug+0x29a/0x540 [ 127.679556][ T6492] ? __up_read+0x52e/0x6b0 [ 127.683964][ T6492] ? __pfx___report_bug+0x10/0x10 [ 127.688984][ T6492] ? irqentry_exit+0x61a/0x700 [ 127.693755][ T6492] ? trace_irq_disable+0x3b/0x150 [ 127.698770][ T6492] ? __pfx___schedule+0x10/0x10 [ 127.703652][ T6492] report_bug_entry+0x19a/0x290 [ 127.708788][ T6492] ? __up_read+0x614/0x6b0 [ 127.713380][ T6492] ? __up_read+0x619/0x6b0 [ 127.717820][ T6492] handle_bug+0xce/0x200 [ 127.722075][ T6492] exc_invalid_op+0x1a/0x50 [ 127.726745][ T6492] asm_exc_invalid_op+0x1a/0x20 [ 127.731804][ T6492] RIP: 0010:__up_read+0x614/0x6b0 [ 127.736863][ T6492] Code: f4 ec 8b 49 c7 c2 e0 f3 ec 8b 4c 0f 44 d0 48 8b 7c 24 28 48 c7 c6 a0 f3 ec 8b 48 89 da 48 8b 4c 24 20 4d 89 f0 4d 89 f9 41 52 <67> 48 0f b9 3a 48 83 c4 08 e8 5e 1f 15 03 4c 8b 7c 24 18 e9 38 fb [ 127.756979][ T6492] RSP: 0018:ffffc90003127698 EFLAGS: 00010246 [ 127.763136][ T6492] RAX: ffffffff8becf400 RBX: 0000000000000000 RCX: ffff888034691bd0 [ 127.771399][ T6492] RDX: 0000000000000000 RSI: ffffffff8becf3a0 RDI: ffffffff90579f30 [ 127.779380][ T6492] RBP: ffffc90003127768 R08: 0000000000000000 R09: ffff888035dfdb80 [ 127.787370][ T6492] R10: ffffffff8becf400 R11: ffffed10068d237c R12: ffff888034691c28 [ 127.795326][ T6492] R13: 1ffff92000624edc R14: 0000000000000000 R15: ffff888035dfdb80 [ 127.803299][ T6492] ? __pfx___up_read+0x10/0x10 [ 127.808061][ T6492] ? lock_release+0x2d7/0x3d0 [ 127.812746][ T6492] mfill_get_vma+0x1ee/0x560 [ 127.817347][ T6492] mfill_atomic_continue+0x189/0x12b0 [ 127.822792][ T6492] ? unwind_get_return_address+0x4d/0x90 [ 127.828500][ T6492] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 127.834645][ T6492] ? arch_stack_walk+0xfb/0x150 [ 127.839492][ T6492] ? __pfx_mfill_atomic_continue+0x10/0x10 [ 127.845460][ T6492] userfaultfd_ioctl+0x232d/0x4c70 [ 127.850562][ T6492] ? __kasan_slab_free+0x5c/0x80 [ 127.855486][ T6492] ? kfree+0x1c5/0x650 [ 127.859583][ T6492] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 127.865040][ T6492] ? kasan_quarantine_put+0xbb/0x1f0 [ 127.870331][ T6492] ? tomoyo_path_number_perm+0x219/0x630 [ 127.875958][ T6492] ? tomoyo_path_number_perm+0x219/0x630 [ 127.881587][ T6492] ? do_vfs_ioctl+0x1166/0x1530 [ 127.886433][ T6492] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 127.891451][ T6492] ? do_futex+0x333/0x420 [ 127.895773][ T6492] ? __fget_files+0x2a/0x420 [ 127.900357][ T6492] ? __fget_files+0x2a/0x420 [ 127.904940][ T6492] ? __fget_files+0x3a0/0x420 [ 127.909608][ T6492] ? __fget_files+0x2a/0x420 [ 127.914191][ T6492] ? bpf_lsm_file_ioctl+0x9/0x20 [ 127.919117][ T6492] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 127.924572][ T6492] __se_sys_ioctl+0xfc/0x170 [ 127.929157][ T6492] do_syscall_64+0x14d/0xf80 [ 127.933741][ T6492] ? trace_irq_disable+0x3b/0x150 [ 127.938847][ T6492] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.944903][ T6492] ? clear_bhb_loop+0x40/0x90 [ 127.949566][ T6492] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.955447][ T6492] RIP: 0033:0x7f2ea8f9c799 [ 127.959852][ T6492] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 127.979448][ T6492] RSP: 002b:00007f2ea9e4f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 127.987851][ T6492] RAX: ffffffffffffffda RBX: 00007f2ea9215fa0 RCX: 00007f2ea8f9c799 [ 127.995812][ T6492] RDX: 0000200000000080 RSI: 00000000c020aa07 RDI: 0000000000000003 [ 128.003800][ T6492] RBP: 00007f2ea9032c99 R08: 0000000000000000 R09: 0000000000000000 [ 128.011758][ T6492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 128.019726][ T6492] R13: 00007f2ea9216038 R14: 00007f2ea9215fa0 R15: 00007ffc924a90f8 [ 128.027817][ T6492] [ 128.031283][ T6492] Kernel Offset: disabled [ 128.035597][ T6492] Rebooting in 86400 seconds..