Warning: Permanently added '10.128.1.27' (ED25519) to the list of known hosts.
2025/08/25 14:10:09 parsed 1 programs
[ 180.020075][ T6208] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 182.206199][ T5942] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 182.213527][ T5942] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 182.220859][ T5942] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 182.228939][ T5942] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 182.236509][ T5942] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 182.571346][ T6234] chnl_net:caif_netlink_parms(): no params data found
[ 182.609275][ T6234] bridge0: port 1(bridge_slave_0) entered blocking state
[ 182.616576][ T6234] bridge0: port 1(bridge_slave_0) entered disabled state
[ 182.623766][ T6234] bridge_slave_0: entered allmulticast mode
[ 182.630727][ T6234] bridge_slave_0: entered promiscuous mode
[ 182.639290][ T6234] bridge0: port 2(bridge_slave_1) entered blocking state
[ 182.646661][ T6234] bridge0: port 2(bridge_slave_1) entered disabled state
[ 182.653855][ T6234] bridge_slave_1: entered allmulticast mode
[ 182.660494][ T6234] bridge_slave_1: entered promiscuous mode
[ 182.681418][ T6234] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 182.693055][ T6234] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 182.714738][ T6234] team0: Port device team_slave_0 added
[ 182.721715][ T6234] team0: Port device team_slave_1 added
[ 182.737539][ T6234] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 182.744534][ T6234] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 182.771595][ T6234] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 182.794349][ T6234] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 182.801429][ T6234] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 182.827884][ T6234] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 182.860917][ T6234] hsr_slave_0: entered promiscuous mode
[ 182.867076][ T6234] hsr_slave_1: entered promiscuous mode
[ 183.213514][ T6234] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 183.224837][ T6234] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 183.234724][ T6234] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 183.244540][ T6234] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 183.271091][ T6234] bridge0: port 2(bridge_slave_1) entered blocking state
[ 183.278341][ T6234] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 183.285751][ T6234] bridge0: port 1(bridge_slave_0) entered blocking state
[ 183.292880][ T6234] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 183.341551][ T6234] 8021q: adding VLAN 0 to HW filter on device bond0
[ 183.356799][ T3491] bridge0: port 1(bridge_slave_0) entered disabled state
[ 183.364463][ T3491] bridge0: port 2(bridge_slave_1) entered disabled state
[ 183.378223][ T6234] 8021q: adding VLAN 0 to HW filter on device team0
[ 183.389264][ T3552] bridge0: port 1(bridge_slave_0) entered blocking state
[ 183.396460][ T3552] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 183.412203][ T3491] bridge0: port 2(bridge_slave_1) entered blocking state
[ 183.419372][ T3491] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 183.585003][ T6234] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 183.628460][ T6234] veth0_vlan: entered promiscuous mode
[ 183.639694][ T6234] veth1_vlan: entered promiscuous mode
[ 183.665022][ T6234] veth0_macvtap: entered promiscuous mode
[ 183.675386][ T6234] veth1_macvtap: entered promiscuous mode
[ 183.698965][ T6234] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 183.712464][ T6234] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 183.727131][ T3491] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 183.736154][ T3491] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 183.754875][ T3491] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 183.764260][ T3491] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 183.853974][ T3552] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 183.911162][ T3552] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 183.961932][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 183.977780][ T3552] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 183.978088][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 184.013144][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 184.021313][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 184.045034][ T3552] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/08/25 14:10:18 executed programs: 0
[ 186.213521][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 186.224562][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 186.232150][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 186.241759][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 186.253787][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 186.392201][ T6439] chnl_net:caif_netlink_parms(): no params data found
[ 186.461684][ T6439] bridge0: port 1(bridge_slave_0) entered blocking state
[ 186.469333][ T6439] bridge0: port 1(bridge_slave_0) entered disabled state
[ 186.477227][ T6439] bridge_slave_0: entered allmulticast mode
[ 186.484108][ T6439] bridge_slave_0: entered promiscuous mode
[ 186.493229][ T6439] bridge0: port 2(bridge_slave_1) entered blocking state
[ 186.501188][ T6439] bridge0: port 2(bridge_slave_1) entered disabled state
[ 186.509013][ T6439] bridge_slave_1: entered allmulticast mode
[ 186.515949][ T6439] bridge_slave_1: entered promiscuous mode
[ 186.544102][ T6439] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 186.556175][ T6439] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 186.585739][ T6439] team0: Port device team_slave_0 added
[ 186.593695][ T6439] team0: Port device team_slave_1 added
[ 186.654169][ T6439] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 186.662377][ T6439] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 186.690322][ T6439] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 186.702302][ T6439] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 186.712074][ T6439] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 186.741192][ T6439] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 186.760176][ T3552] bridge_slave_1: left allmulticast mode
[ 186.765857][ T3552] bridge_slave_1: left promiscuous mode
[ 186.772347][ T3552] bridge0: port 2(bridge_slave_1) entered disabled state
[ 186.781747][ T3552] bridge_slave_0: left allmulticast mode
[ 186.787603][ T3552] bridge_slave_0: left promiscuous mode
[ 186.793356][ T3552] bridge0: port 1(bridge_slave_0) entered disabled state
[ 186.905752][ T3552] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 186.920445][ T3552] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 186.930129][ T3552] bond0 (unregistering): Released all slaves
[ 186.970256][ T6439] hsr_slave_0: entered promiscuous mode
[ 186.984586][ T6439] hsr_slave_1: entered promiscuous mode
[ 186.991771][ T6439] debugfs: 'hsr0' already exists in 'hsr'
[ 186.998530][ T6439] Cannot create hsr debugfs directory
[ 187.023310][ T3552] hsr_slave_0: left promiscuous mode
[ 187.029172][ T3552] hsr_slave_1: left promiscuous mode
[ 187.034976][ T3552] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 187.043700][ T3552] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 187.051867][ T3552] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 187.060412][ T3552] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 187.071370][ T3552] veth1_macvtap: left promiscuous mode
[ 187.077783][ T3552] veth0_macvtap: left promiscuous mode
[ 187.083400][ T3552] veth1_vlan: left promiscuous mode
[ 187.090256][ T3552] veth0_vlan: left promiscuous mode
[ 187.174204][ T3552] team0 (unregistering): Port device team_slave_1 removed
[ 187.189545][ T3552] team0 (unregistering): Port device team_slave_0 removed
[ 187.600405][ T6439] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 187.610068][ T6439] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 187.623332][ T6439] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 187.632978][ T6439] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 187.873175][ T6439] 8021q: adding VLAN 0 to HW filter on device bond0
[ 187.890835][ T6439] 8021q: adding VLAN 0 to HW filter on device team0
[ 187.914783][ T49] bridge0: port 1(bridge_slave_0) entered blocking state
[ 187.921920][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 187.931970][ T49] bridge0: port 2(bridge_slave_1) entered blocking state
[ 187.939083][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 188.072636][ T6439] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 188.103330][ T6439] veth0_vlan: entered promiscuous mode
[ 188.113520][ T6439] veth1_vlan: entered promiscuous mode
[ 188.135028][ T6439] veth0_macvtap: entered promiscuous mode
[ 188.145774][ T6439] veth1_macvtap: entered promiscuous mode
[ 188.161373][ T6439] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 188.179962][ T6439] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 188.201082][ T3491] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 188.212148][ T3491] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 188.222775][ T3491] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 188.233350][ T3491] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 188.271661][ T3491] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 188.279937][ T3491] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 188.295134][ T3552] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 188.303922][ T3552] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 188.328624][ T6521] netlink: 40 bytes leftover after parsing attributes in process `syz.0.17'.
[ 188.337744][ T51] Bluetooth: hci0: command tx timeout
[ 188.352699][ T6523] netlink: 40 bytes leftover after parsing attributes in process `syz.0.18'.
[ 188.378832][ T6525] netlink: 40 bytes leftover after parsing attributes in process `syz.0.19'.
[ 188.398119][ T6527] netlink: 40 bytes leftover after parsing attributes in process `syz.0.20'.
[ 188.416342][ T6529] netlink: 40 bytes leftover after parsing attributes in process `syz.0.21'.
[ 188.453437][ T6531] netlink: 40 bytes leftover after parsing attributes in process `syz.0.22'.
[ 188.473030][ T6533] netlink: 40 bytes leftover after parsing attributes in process `syz.0.23'.
[ 188.491264][ T6535] netlink: 40 bytes leftover after parsing attributes in process `syz.0.24'.
[ 188.513965][ T6537] netlink: 40 bytes leftover after parsing attributes in process `syz.0.25'.
[ 188.532273][ T6539] netlink: 40 bytes leftover after parsing attributes in process `syz.0.26'.
[ 190.416802][ T51] Bluetooth: hci0: command tx timeout
2025/08/25 14:10:23 executed programs: 161
[ 192.497482][ T51] Bluetooth: hci0: command tx timeout
[ 193.360910][ T7101] __nla_validate_parse: 280 callbacks suppressed
[ 193.360923][ T7101] netlink: 40 bytes leftover after parsing attributes in process `syz.0.307'.
[ 193.386190][ T7103] netlink: 40 bytes leftover after parsing attributes in process `syz.0.308'.
[ 193.403310][ T7105] netlink: 40 bytes leftover after parsing attributes in process `syz.0.309'.
[ 193.431134][ T7107] netlink: 40 bytes leftover after parsing attributes in process `syz.0.310'.
[ 193.448863][ T7109] netlink: 40 bytes leftover after parsing attributes in process `syz.0.311'.
[ 193.467200][ T7111] netlink: 40 bytes leftover after parsing attributes in process `syz.0.312'.
[ 193.500889][ T7113] netlink: 40 bytes leftover after parsing attributes in process `syz.0.313'.
[ 193.518266][ T7115] netlink: 40 bytes leftover after parsing attributes in process `syz.0.314'.
[ 193.534802][ T7117] netlink: 40 bytes leftover after parsing attributes in process `syz.0.315'.
[ 193.570980][ T7119] netlink: 40 bytes leftover after parsing attributes in process `syz.0.316'.
[ 194.417813][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 194.424641][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 194.576565][ T51] Bluetooth: hci0: command tx timeout
2025/08/25 14:10:28 executed programs: 458
[ 198.370364][ T7687] __nla_validate_parse: 283 callbacks suppressed
[ 198.370377][ T7687] netlink: 40 bytes leftover after parsing attributes in process `syz.0.600'.
[ 198.411603][ T7689] netlink: 40 bytes leftover after parsing attributes in process `syz.0.601'.
[ 198.430679][ T7691] netlink: 40 bytes leftover after parsing attributes in process `syz.0.602'.
[ 198.448760][ T7693] netlink: 40 bytes leftover after parsing attributes in process `syz.0.603'.
[ 198.470907][ T7695] netlink: 40 bytes leftover after parsing attributes in process `syz.0.604'.
[ 198.489521][ T7697] netlink: 40 bytes leftover after parsing attributes in process `syz.0.605'.
[ 198.507305][ T7699] netlink: 40 bytes leftover after parsing attributes in process `syz.0.606'.
[ 198.531160][ T7701] netlink: 40 bytes leftover after parsing attributes in process `syz.0.607'.
[ 198.550398][ T7703] netlink: 40 bytes leftover after parsing attributes in process `syz.0.608'.
[ 198.567899][ T7705] netlink: 40 bytes leftover after parsing attributes in process `syz.0.609'.
[ 198.727941][ T5942] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 198.735252][ T5942] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 198.743030][ T5942] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 198.757137][ T5942] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 198.766782][ T5942] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 198.842436][ T7721] chnl_net:caif_netlink_parms(): no params data found
[ 198.878010][ T7721] bridge0: port 1(bridge_slave_0) entered blocking state
[ 198.885084][ T7721] bridge0: port 1(bridge_slave_0) entered disabled state
[ 198.892430][ T7721] bridge_slave_0: entered allmulticast mode
[ 198.899510][ T7721] bridge_slave_0: entered promiscuous mode
[ 198.906978][ T7721] bridge0: port 2(bridge_slave_1) entered blocking state
[ 198.914205][ T7721] bridge0: port 2(bridge_slave_1) entered disabled state
[ 198.921716][ T7721] bridge_slave_1: entered allmulticast mode
[ 198.928527][ T7721] bridge_slave_1: entered promiscuous mode
[ 198.950515][ T49] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 198.963861][ T7721] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 198.974425][ T7721] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 198.992187][ T49] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 199.010152][ T7721] team0: Port device team_slave_0 added
[ 199.017416][ T7721] team0: Port device team_slave_1 added
[ 199.033384][ T7721] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 199.040624][ T7721] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 199.066976][ T7721] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 199.080378][ T49] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 199.092327][ T7721] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 199.099336][ T7721] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 199.125576][ T7721] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 199.153287][ T49] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 199.167160][ T7721] hsr_slave_0: entered promiscuous mode
[ 199.173214][ T7721] hsr_slave_1: entered promiscuous mode
[ 199.263715][ T49] bridge_slave_1: left allmulticast mode
[ 199.269823][ T49] bridge_slave_1: left promiscuous mode
[ 199.275472][ T49] bridge0: port 2(bridge_slave_1) entered disabled state
[ 199.284106][ T49] bridge_slave_0: left allmulticast mode
[ 199.290533][ T49] bridge_slave_0: left promiscuous mode
[ 199.296395][ T49] bridge0: port 1(bridge_slave_0) entered disabled state
[ 199.370767][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 199.380745][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 199.390129][ T49] bond0 (unregistering): Released all slaves
[ 199.626673][ T49] hsr_slave_0: left promiscuous mode
[ 199.639781][ T49] hsr_slave_1: left promiscuous mode
[ 199.645668][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 199.666412][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 199.685657][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 199.693174][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 199.704986][ T49] veth1_macvtap: left promiscuous mode
[ 199.713474][ T49] veth0_macvtap: left promiscuous mode
[ 199.719438][ T49] veth1_vlan: left promiscuous mode
[ 199.724756][ T49] veth0_vlan: left promiscuous mode
[ 199.815771][ T49] team0 (unregistering): Port device team_slave_1 removed
[ 199.825936][ T49] team0 (unregistering): Port device team_slave_0 removed
[ 199.906296][ T7721] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 199.915544][ T7721] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 199.924658][ T7721] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 199.937888][ T7721] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 199.995429][ T7721] 8021q: adding VLAN 0 to HW filter on device bond0
[ 200.012579][ T7721] 8021q: adding VLAN 0 to HW filter on device team0
[ 200.023860][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 200.030988][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 200.045513][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 200.052676][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 200.126889][ T49] ==================================================================
[ 200.135102][ T49] BUG: KASAN: slab-use-after-free in __xfrm_state_delete+0x5ff/0xc80
[ 200.143191][ T49] Write of size 8 at addr ffff888077c659a8 by task kworker/u8:3/49
[ 200.151167][ T49]
[ 200.153493][ T49] CPU: 1 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(full)
[ 200.153509][ T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 200.153520][ T49] Workqueue: netns cleanup_net
[ 200.153540][ T49] Call Trace:
[ 200.153548][ T49]
[ 200.153555][ T49] dump_stack_lvl+0x189/0x250
[ 200.153572][ T49] ? rcu_is_watching+0x15/0xb0
[ 200.153586][ T49] ? __pfx_dump_stack_lvl+0x10/0x10
[ 200.153600][ T49] ? rcu_is_watching+0x15/0xb0
[ 200.153612][ T49] ? lock_release+0x4b/0x3e0
[ 200.153631][ T49] ? __virt_addr_valid+0x1c8/0x5c0
[ 200.153647][ T49] ? __virt_addr_valid+0x4a5/0x5c0
[ 200.153663][ T49] print_report+0xca/0x240
[ 200.153676][ T49] ? __xfrm_state_delete+0x5ff/0xc80
[ 200.153689][ T49] kasan_report+0x118/0x150
[ 200.153708][ T49] ? __xfrm_state_delete+0x5ff/0xc80
[ 200.153722][ T49] __xfrm_state_delete+0x5ff/0xc80
[ 200.153738][ T49] xfrm_state_flush+0x45f/0x770
[ 200.153754][ T49] xfrm6_tunnel_net_exit+0x3c/0x100
[ 200.153769][ T49] ops_undo_list+0x497/0x990
[ 200.153782][ T49] ? __pfx_ops_undo_list+0x10/0x10
[ 200.153795][ T49] ? do_raw_spin_unlock+0x122/0x240
[ 200.153811][ T49] cleanup_net+0x4c5/0x800
[ 200.153823][ T49] ? __pfx_cleanup_net+0x10/0x10
[ 200.153835][ T49] ? rcu_is_watching+0x15/0xb0
[ 200.153846][ T49] ? process_scheduled_works+0x9ef/0x17b0
[ 200.153859][ T49] ? process_scheduled_works+0x9ef/0x17b0
[ 200.153872][ T49] process_scheduled_works+0xae1/0x17b0
[ 200.153892][ T49] ? __pfx_process_scheduled_works+0x10/0x10
[ 200.153909][ T49] worker_thread+0x8a0/0xda0
[ 200.153930][ T49] kthread+0x70e/0x8a0
[ 200.153946][ T49] ? __pfx_worker_thread+0x10/0x10
[ 200.153958][ T49] ? __pfx_kthread+0x10/0x10
[ 200.153974][ T49] ? _raw_spin_unlock_irq+0x23/0x50
[ 200.153991][ T49] ? lockdep_hardirqs_on+0x9c/0x150
[ 200.154009][ T49] ? __pfx_kthread+0x10/0x10
[ 200.154024][ T49] ret_from_fork+0x3f9/0x770
[ 200.154038][ T49] ? __pfx_ret_from_fork+0x10/0x10
[ 200.154052][ T49] ? __switch_to_asm+0x39/0x70
[ 200.154068][ T49] ? __switch_to_asm+0x33/0x70
[ 200.154083][ T49] ? __pfx_kthread+0x10/0x10
[ 200.154098][ T49] ret_from_fork_asm+0x1a/0x30
[ 200.154119][ T49]
[ 200.154124][ T49]
[ 200.372420][ T49] Allocated by task 7549:
[ 200.376731][ T49] kasan_save_track+0x3e/0x80
[ 200.381399][ T49] __kasan_slab_alloc+0x6c/0x80
[ 200.386233][ T49] kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 200.391674][ T49] xfrm_state_alloc+0x24/0x2f0
[ 200.396424][ T49] __find_acq_core+0x8a7/0x1c00
[ 200.401256][ T49] xfrm_find_acq+0x78/0xa0
[ 200.405654][ T49] xfrm_alloc_userspi+0x6b3/0xc90
[ 200.410664][ T49] xfrm_user_rcv_msg+0x7a0/0xab0
[ 200.415585][ T49] netlink_rcv_skb+0x205/0x470
[ 200.420347][ T49] xfrm_netlink_rcv+0x79/0x90
[ 200.425007][ T49] netlink_unicast+0x82c/0x9e0
[ 200.429760][ T49] netlink_sendmsg+0x805/0xb30
[ 200.434503][ T49] __sock_sendmsg+0x21c/0x270
[ 200.439250][ T49] ____sys_sendmsg+0x505/0x830
[ 200.444360][ T49] ___sys_sendmsg+0x21f/0x2a0
[ 200.449017][ T49] __x64_sys_sendmsg+0x19b/0x260
[ 200.453942][ T49] do_syscall_64+0xfa/0x3b0
[ 200.458446][ T49] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 200.464407][ T49]
[ 200.466716][ T49] Freed by task 6519:
[ 200.470673][ T49] kasan_save_track+0x3e/0x80
[ 200.475350][ T49] kasan_save_free_info+0x46/0x50
[ 200.480356][ T49] __kasan_slab_free+0x5b/0x80
[ 200.485203][ T49] kmem_cache_free+0x18f/0x400
[ 200.490063][ T49] xfrm_state_gc_task+0x566/0x700
[ 200.495083][ T49] process_scheduled_works+0xae1/0x17b0
[ 200.500645][ T49] worker_thread+0x8a0/0xda0
[ 200.505218][ T49] kthread+0x70e/0x8a0
[ 200.509357][ T49] ret_from_fork+0x3f9/0x770
[ 200.513943][ T49] ret_from_fork_asm+0x1a/0x30
[ 200.518732][ T49]
[ 200.521040][ T49] The buggy address belongs to the object at ffff888077c65980
[ 200.521040][ T49] which belongs to the cache xfrm_state of size 928
[ 200.535004][ T49] The buggy address is located 40 bytes inside of
[ 200.535004][ T49] freed 928-byte region [ffff888077c65980, ffff888077c65d20)
[ 200.548704][ T49]
[ 200.551022][ T49] The buggy address belongs to the physical page:
[ 200.557426][ T49] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x77c64
[ 200.566266][ T49] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 200.574753][ T49] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 200.582329][ T49] page_type: f5(slab)
[ 200.586294][ T49] raw: 00fff00000000040 ffff88801b381280 dead000000000122 0000000000000000
[ 200.594873][ T49] raw: 0000000000000000 00000000000f000f 00000000f5000000 0000000000000000
[ 200.603441][ T49] head: 00fff00000000040 ffff88801b381280 dead000000000122 0000000000000000
[ 200.612097][ T49] head: 0000000000000000 00000000000f000f 00000000f5000000 0000000000000000
[ 200.620752][ T49] head: 00fff00000000002 ffffea0001df1901 00000000ffffffff 00000000ffffffff
[ 200.629414][ T49] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[ 200.638062][ T49] page dumped because: kasan: bad access detected
[ 200.644553][ T49] page_owner tracks the page as allocated
[ 200.650248][ T49] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 7529, tgid 7528 (syz.0.521), ts 196999276626, free_ts 191028336513
[ 200.669518][ T49] post_alloc_hook+0x240/0x2a0
[ 200.674294][ T49] get_page_from_freelist+0x21e4/0x22c0
[ 200.679945][ T49] __alloc_frozen_pages_noprof+0x181/0x370
[ 200.685768][ T49] alloc_pages_mpol+0x232/0x4a0
[ 200.690635][ T49] allocate_slab+0x8a/0x370
[ 200.695152][ T49] ___slab_alloc+0xbeb/0x1410
[ 200.699844][ T49] kmem_cache_alloc_noprof+0x283/0x3c0
[ 200.705297][ T49] xfrm_state_alloc+0x24/0x2f0
[ 200.710141][ T49] __find_acq_core+0x8a7/0x1c00
[ 200.715117][ T49] xfrm_find_acq+0x78/0xa0
[ 200.719533][ T49] xfrm_alloc_userspi+0x6b3/0xc90
[ 200.724559][ T49] xfrm_user_rcv_msg+0x7a0/0xab0
[ 200.729578][ T49] netlink_rcv_skb+0x205/0x470
[ 200.734519][ T49] xfrm_netlink_rcv+0x79/0x90
[ 200.739192][ T49] netlink_unicast+0x82c/0x9e0
[ 200.744074][ T49] netlink_sendmsg+0x805/0xb30
[ 200.748819][ T49] page last free pid 6212 tgid 6212 stack trace:
[ 200.755126][ T49] __free_frozen_pages+0xbc4/0xd30
[ 200.760244][ T49] __slab_free+0x303/0x3c0
[ 200.764757][ T49] qlist_free_all+0x97/0x140
[ 200.769349][ T49] kasan_quarantine_reduce+0x148/0x160
[ 200.774801][ T49] __kasan_slab_alloc+0x22/0x80
[ 200.779739][ T49] kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 200.785307][ T49] getname_flags+0xb8/0x540
[ 200.789796][ T49] vfs_fstatat+0x43/0x170
[ 200.794110][ T49] __x64_sys_newfstatat+0x116/0x190
[ 200.799293][ T49] do_syscall_64+0xfa/0x3b0
[ 200.803836][ T49] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 200.809729][ T49]
[ 200.812044][ T49] Memory state around the buggy address:
[ 200.817670][ T49] ffff888077c65880: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[ 200.825718][ T49] ffff888077c65900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 200.833764][ T49] >ffff888077c65980: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 200.841808][ T49] ^
[ 200.847247][ T49] ffff888077c65a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 200.855288][ T49] ffff888077c65a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 200.863331][ T49] ==================================================================
[ 200.871551][ T49] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 200.878766][ T49] CPU: 1 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(full)
[ 200.888051][ T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 200.898218][ T49] Workqueue: netns cleanup_net
[ 200.902976][ T49] Call Trace:
[ 200.906236][ T49]
[ 200.909160][ T49] dump_stack_lvl+0x99/0x250
[ 200.913741][ T49] ? __asan_memcpy+0x40/0x70
[ 200.918327][ T49] ? __pfx_dump_stack_lvl+0x10/0x10
[ 200.923523][ T49] ? __pfx__printk+0x10/0x10
[ 200.928105][ T49] vpanic+0x281/0x750
[ 200.932070][ T49] ? __pfx_vpanic+0x10/0x10
[ 200.936555][ T49] ? rcu_is_watching+0x15/0xb0
[ 200.941307][ T49] panic+0xb9/0xc0
[ 200.945014][ T49] ? __pfx_panic+0x10/0x10
[ 200.949412][ T49] ? _raw_spin_unlock_irqrestore+0xa8/0x110
[ 200.955293][ T49] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 200.961184][ T49] ? __xfrm_state_delete+0x5ff/0xc80
[ 200.966537][ T49] check_panic_on_warn+0x89/0xb0
[ 200.971462][ T49] ? __xfrm_state_delete+0x5ff/0xc80
[ 200.976747][ T49] end_report+0x78/0x160
[ 200.980978][ T49] kasan_report+0x129/0x150
[ 200.985469][ T49] ? __xfrm_state_delete+0x5ff/0xc80
[ 200.990742][ T49] __xfrm_state_delete+0x5ff/0xc80
[ 200.995858][ T49] xfrm_state_flush+0x45f/0x770
[ 201.000708][ T49] xfrm6_tunnel_net_exit+0x3c/0x100
[ 201.005979][ T49] ops_undo_list+0x497/0x990
[ 201.010554][ T49] ? __pfx_ops_undo_list+0x10/0x10
[ 201.015645][ T49] ? do_raw_spin_unlock+0x122/0x240
[ 201.020834][ T49] cleanup_net+0x4c5/0x800
[ 201.025242][ T49] ? __pfx_cleanup_net+0x10/0x10
[ 201.030164][ T49] ? rcu_is_watching+0x15/0xb0
[ 201.035435][ T49] ? process_scheduled_works+0x9ef/0x17b0
[ 201.041135][ T49] ? process_scheduled_works+0x9ef/0x17b0
[ 201.046841][ T49] process_scheduled_works+0xae1/0x17b0
[ 201.052399][ T49] ? __pfx_process_scheduled_works+0x10/0x10
[ 201.058366][ T49] worker_thread+0x8a0/0xda0
[ 201.062945][ T49] kthread+0x70e/0x8a0
[ 201.067011][ T49] ? __pfx_worker_thread+0x10/0x10
[ 201.072191][ T49] ? __pfx_kthread+0x10/0x10
[ 201.076788][ T49] ? _raw_spin_unlock_irq+0x23/0x50
[ 201.081979][ T49] ? lockdep_hardirqs_on+0x9c/0x150
[ 201.087169][ T49] ? __pfx_kthread+0x10/0x10
[ 201.091770][ T49] ret_from_fork+0x3f9/0x770
[ 201.096365][ T49] ? __pfx_ret_from_fork+0x10/0x10
[ 201.101458][ T49] ? __switch_to_asm+0x39/0x70
[ 201.106210][ T49] ? __switch_to_asm+0x33/0x70
[ 201.110964][ T49] ? __pfx_kthread+0x10/0x10
[ 201.115539][ T49] ret_from_fork_asm+0x1a/0x30
[ 201.120294][ T49]
[ 201.123610][ T49] Kernel Offset: disabled
[ 201.127943][ T49] Rebooting in 86400 seconds..