Warning: Permanently added '[localhost]:11815' (ED25519) to the list of known hosts.
2026/02/23 15:09:15 parsed 1 programs
[ 89.651290][ T5306] cgroup: Unknown subsys name 'net'
[ 89.695974][ T5306] cgroup: Unknown subsys name 'cpuset'
[ 89.701279][ T5306] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 91.774099][ T5306] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 91.928300][ T1352] cfg80211: failed to load regulatory.db
[ 95.510466][ T5323] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 97.213270][ T1070] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 97.216517][ T1070] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 97.275403][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 97.278759][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 97.860915][ T5350] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 97.871592][ T5350] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 97.875243][ T5350] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 97.878815][ T5350] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 97.882473][ T5350] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 101.113339][ T5376] chnl_net:caif_netlink_parms(): no params data found
[ 101.185330][ T5376] bridge0: port 1(bridge_slave_0) entered blocking state
[ 101.188838][ T5376] bridge0: port 1(bridge_slave_0) entered disabled state
[ 101.192070][ T5376] bridge_slave_0: entered allmulticast mode
[ 101.197102][ T5376] bridge_slave_0: entered promiscuous mode
[ 101.203227][ T5376] bridge0: port 2(bridge_slave_1) entered blocking state
[ 101.206237][ T5376] bridge0: port 2(bridge_slave_1) entered disabled state
[ 101.209306][ T5376] bridge_slave_1: entered allmulticast mode
[ 101.226014][ T5376] bridge_slave_1: entered promiscuous mode
[ 101.258862][ T5376] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 101.265441][ T5376] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 101.293956][ T5376] team0: Port device team_slave_0 added
[ 101.298968][ T5376] team0: Port device team_slave_1 added
[ 101.320568][ T5376] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 101.323690][ T5376] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 101.335603][ T5376] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 101.342084][ T5376] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 101.345497][ T5376] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 101.357244][ T5376] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 101.398026][ T5376] hsr_slave_0: entered promiscuous mode
[ 101.401302][ T5376] hsr_slave_1: entered promiscuous mode
[ 101.550818][ T5376] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 101.561018][ T5376] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 101.566982][ T5376] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 101.573335][ T5376] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 101.619298][ T5376] bridge0: port 2(bridge_slave_1) entered blocking state
[ 101.622297][ T5376] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 101.625772][ T5376] bridge0: port 1(bridge_slave_0) entered blocking state
[ 101.628899][ T5376] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 101.685891][ T5376] 8021q: adding VLAN 0 to HW filter on device bond0
[ 101.699116][ T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 101.703775][ T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 101.713933][ T5376] 8021q: adding VLAN 0 to HW filter on device team0
[ 101.721927][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 101.725083][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 101.739001][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 101.741865][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 101.941141][ T5376] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 101.978944][ T5376] veth0_vlan: entered promiscuous mode
[ 101.987955][ T5376] veth1_vlan: entered promiscuous mode
[ 102.013900][ T5376] veth0_macvtap: entered promiscuous mode
[ 102.019088][ T5376] veth1_macvtap: entered promiscuous mode
[ 102.031886][ T5376] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 102.043713][ T5376] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 102.057050][ T37] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.065218][ T37] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.074090][ T37] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.078686][ T37] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.268037][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 102.333901][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 102.390439][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 102.464346][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/02/23 15:09:31 executed programs: 0
[ 103.504093][ T4663] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 103.508610][ T4663] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 103.512150][ T4663] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 103.527833][ T4663] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 103.531112][ T4663] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 103.678342][ T5415] chnl_net:caif_netlink_parms(): no params data found
[ 103.746437][ T5415] bridge0: port 1(bridge_slave_0) entered blocking state
[ 103.750110][ T5415] bridge0: port 1(bridge_slave_0) entered disabled state
[ 103.754158][ T5415] bridge_slave_0: entered allmulticast mode
[ 103.758970][ T5415] bridge_slave_0: entered promiscuous mode
[ 103.766080][ T5415] bridge0: port 2(bridge_slave_1) entered blocking state
[ 103.769184][ T5415] bridge0: port 2(bridge_slave_1) entered disabled state
[ 103.773119][ T5415] bridge_slave_1: entered allmulticast mode
[ 103.776780][ T5415] bridge_slave_1: entered promiscuous mode
[ 103.801121][ T5415] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 103.807607][ T5415] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 103.842374][ T5415] team0: Port device team_slave_0 added
[ 103.847856][ T5415] team0: Port device team_slave_1 added
[ 103.871997][ T5415] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 103.875437][ T5415] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 103.887639][ T5415] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 103.896012][ T5415] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 103.898936][ T5415] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 103.910377][ T5415] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 103.954125][ T5415] hsr_slave_0: entered promiscuous mode
[ 103.957114][ T5415] hsr_slave_1: entered promiscuous mode
[ 103.959858][ T5415] debugfs: 'hsr0' already exists in 'hsr'
[ 103.962336][ T5415] Cannot create hsr debugfs directory
[ 104.958063][ T12] bridge_slave_1: left allmulticast mode
[ 104.960532][ T12] bridge_slave_1: left promiscuous mode
[ 104.967940][ T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 104.975905][ T12] bridge_slave_0: left allmulticast mode
[ 104.978332][ T12] bridge_slave_0: left promiscuous mode
[ 104.980950][ T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 105.114617][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 105.120404][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 105.126296][ T12] bond0 (unregistering): Released all slaves
[ 105.188262][ T12] hsr_slave_0: left promiscuous mode
[ 105.195322][ T12] hsr_slave_1: left promiscuous mode
[ 105.198364][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 105.201358][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 105.206886][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 105.210159][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 105.220128][ T12] veth1_macvtap: left promiscuous mode
[ 105.223055][ T12] veth0_macvtap: left promiscuous mode
[ 105.225663][ T12] veth1_vlan: left promiscuous mode
[ 105.227975][ T12] veth0_vlan: left promiscuous mode
[ 105.417729][ T12] team0 (unregistering): Port device team_slave_1 removed
[ 105.428286][ T12] team0 (unregistering): Port device team_slave_0 removed
[ 105.593568][ T4663] Bluetooth: hci0: command tx timeout
[ 105.858543][ T5415] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 106.037536][ T5415] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 106.058640][ T5415] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 106.086846][ T5415] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 106.387654][ T5415] 8021q: adding VLAN 0 to HW filter on device bond0
[ 106.414789][ T5415] 8021q: adding VLAN 0 to HW filter on device team0
[ 106.437205][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 106.440292][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 106.475235][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 106.479254][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 106.666713][ T5415] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 106.700256][ T5415] veth0_vlan: entered promiscuous mode
[ 106.708802][ T5415] veth1_vlan: entered promiscuous mode
[ 106.730298][ T5415] veth0_macvtap: entered promiscuous mode
[ 106.737003][ T5415] veth1_macvtap: entered promiscuous mode
[ 106.750997][ T5415] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 106.760636][ T5415] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 106.771589][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 106.787933][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 106.791760][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 106.800620][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 106.849996][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.857425][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.885740][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.889246][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.674160][ T4663] Bluetooth: hci0: command tx timeout
2026/02/23 15:09:36 executed programs: 9
[ 109.752563][ T4663] Bluetooth: hci0: command tx timeout
[ 111.835972][ T4663] Bluetooth: hci0: command tx timeout
2026/02/23 15:09:41 executed programs: 33
2026/02/23 15:09:46 executed programs: 59
2026/02/23 15:09:51 executed programs: 86
2026/02/23 15:09:57 executed programs: 112
2026/02/23 15:10:02 executed programs: 138
2026/02/23 15:10:07 executed programs: 164
[ 143.115943][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[ 143.119030][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
2026/02/23 15:10:12 executed programs: 191
2026/02/23 15:10:17 executed programs: 217
2026/02/23 15:10:22 executed programs: 244
2026/02/23 15:10:27 executed programs: 271
2026/02/23 15:10:32 executed programs: 297
2026/02/23 15:10:37 executed programs: 323
2026/02/23 15:10:42 executed programs: 351
[ 175.209726][ T5308] ==================================================================
[ 175.213194][ T5308] BUG: KASAN: slab-use-after-free in sock_def_readable+0x1cb/0x580
[ 175.216716][ T5308] Read of size 8 at addr ffff888047cb0c00 by task kworker/0:4/5308
[ 175.221331][ T5308]
[ 175.222385][ T5308] CPU: 0 UID: 0 PID: 5308 Comm: kworker/0:4 Not tainted syzkaller #0 PREEMPT(full)
[ 175.222418][ T5308] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 175.222424][ T5308] Workqueue: mld mld_ifc_work
[ 175.222438][ T5308] Call Trace:
[ 175.222479][ T5308]
[ 175.222499][ T5308] dump_stack_lvl+0xe8/0x150
[ 175.222673][ T5308] print_report+0xba/0x230
[ 175.222685][ T5308] ? sock_def_readable+0x1cb/0x580
[ 175.222716][ T5308] kasan_report+0x117/0x150
[ 175.222815][ T5308] ? lock_acquire+0xf0/0x2e0
[ 175.222872][ T5308] ? sock_def_readable+0x1cb/0x580
[ 175.222887][ T5308] sock_def_readable+0x1cb/0x580
[ 175.222900][ T5308] ? sock_def_readable+0xae/0x580
[ 175.222919][ T5308] send_to_lecd+0x322/0x600
[ 175.222934][ T5308] ? make_entry+0x200/0x2f0
[ 175.222945][ T5308] lec_start_xmit+0xec0/0x2660
[ 175.222960][ T5308] dev_hard_start_xmit+0x2d8/0x870
[ 175.222974][ T5308] sch_direct_xmit+0x251/0x4c0
[ 175.222985][ T5308] ? __pfx_sch_direct_xmit+0x10/0x10
[ 175.222995][ T5308] __dev_queue_xmit+0x1538/0x38a0
[ 175.223011][ T5308] ? __dev_queue_xmit+0x274/0x38a0
[ 175.223023][ T5308] ? ___neigh_create+0x1c5f/0x2280
[ 175.223033][ T5308] ? __local_bh_enable_ip+0xd0/0x130
[ 175.223064][ T5308] ? lockdep_hardirqs_on+0x7a/0x110
[ 175.223073][ T5308] ? __pfx___dev_queue_xmit+0x10/0x10
[ 175.223081][ T5308] ? neigh_resolve_output+0x438/0x750
[ 175.223088][ T5308] ? eth_header+0x11b/0x200
[ 175.223095][ T5308] ? __asan_memcpy+0x40/0x70
[ 175.223104][ T5308] ? eth_header+0x11b/0x200
[ 175.223111][ T5308] ? __pfx_eth_header+0x10/0x10
[ 175.223119][ T5308] ? neigh_resolve_output+0x624/0x750
[ 175.223128][ T5308] ip6_finish_output+0x25c/0x610
[ 175.223137][ T5308] ? ip6_output+0x126/0x550
[ 175.223145][ T5308] ip6_output+0x340/0x550
[ 175.223156][ T5308] NF_HOOK+0xa2/0x3a0
[ 175.223166][ T5308] ? NF_HOOK+0xf9/0x3a0
[ 175.223176][ T5308] ? __pfx_NF_HOOK+0x10/0x10
[ 175.223186][ T5308] ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[ 175.223195][ T5308] ? __local_bh_enable_ip+0xd0/0x130
[ 175.223205][ T5308] ? lockdep_hardirqs_on+0x7a/0x110
[ 175.223217][ T5308] ? __local_bh_enable_ip+0xd0/0x130
[ 175.223228][ T5308] ? icmp6_dst_alloc+0x3a6/0x440
[ 175.223240][ T5308] mld_sendpack+0x8b4/0xe40
[ 175.223252][ T5308] ? look_up_lock_class+0x57/0x110
[ 175.223268][ T5308] ? mld_sendpack+0x213/0xe40
[ 175.223279][ T5308] ? __pfx_mld_sendpack+0x10/0x10
[ 175.223289][ T5308] mld_ifc_work+0x835/0xe70
[ 175.223301][ T5308] ? process_scheduled_works+0xa25/0x1830
[ 175.223313][ T5308] process_scheduled_works+0xb02/0x1830
[ 175.223329][ T5308] ? __pfx_process_scheduled_works+0x10/0x10
[ 175.223342][ T5308] ? assign_work+0x3d5/0x5e0
[ 175.223354][ T5308] worker_thread+0xa50/0xfc0
[ 175.223372][ T5308] kthread+0x388/0x470
[ 175.223414][ T5308] ? __pfx_worker_thread+0x10/0x10
[ 175.223426][ T5308] ? __pfx_kthread+0x10/0x10
[ 175.223435][ T5308] ret_from_fork+0x51e/0xb90
[ 175.223480][ T5308] ? __pfx_ret_from_fork+0x10/0x10
[ 175.223491][ T5308] ? __switch_to+0xc7d/0x1450
[ 175.223504][ T5308] ? __pfx_kthread+0x10/0x10
[ 175.223513][ T5308] ret_from_fork_asm+0x1a/0x30
[ 175.223532][ T5308]
[ 175.223559][ T5308]
[ 175.347846][ T5308] Allocated by task 6850:
[ 175.349715][ T5308] kasan_save_track+0x3e/0x80
[ 175.351613][ T5308] __kasan_slab_alloc+0x6c/0x80
[ 175.353725][ T5308] kmem_cache_alloc_lru_noprof+0x2b8/0x640
[ 175.356254][ T5308] sock_alloc_inode+0x28/0xc0
[ 175.358166][ T5308] alloc_inode+0x6a/0x1b0
[ 175.360068][ T5308] __sock_create+0x12d/0x9d0
[ 175.361848][ T5308] __sys_socket+0xd6/0x1b0
[ 175.363740][ T5308] __x64_sys_socket+0x7a/0x90
[ 175.365791][ T5308] do_syscall_64+0x14d/0xf80
[ 175.367779][ T5308] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 175.370091][ T5308]
[ 175.371026][ T5308] Freed by task 6859:
[ 175.372614][ T5308] kasan_save_track+0x3e/0x80
[ 175.374548][ T5308] kasan_save_free_info+0x46/0x50
[ 175.376576][ T5308] __kasan_slab_free+0x5c/0x80
[ 175.378927][ T5308] kmem_cache_free+0x187/0x630
[ 175.380934][ T5308] rcu_core+0x7cd/0x1070
[ 175.382595][ T5308] handle_softirqs+0x22a/0x870
[ 175.384613][ T5308] __irq_exit_rcu+0x5f/0x150
[ 175.386493][ T5308] irq_exit_rcu+0x9/0x30
[ 175.388466][ T5308] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 175.390792][ T5308] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 175.393278][ T5308]
[ 175.394303][ T5308] Last potentially related work creation:
[ 175.396753][ T5308] kasan_save_stack+0x3e/0x60
[ 175.398701][ T5308] kasan_record_aux_stack+0xbd/0xd0
[ 175.400919][ T5308] call_rcu+0xee/0x890
[ 175.402654][ T5308] evict+0x95b/0xb10
[ 175.404399][ T5308] __dentry_kill+0x1a2/0x5e0
[ 175.406329][ T5308] finish_dput+0xc9/0x480
[ 175.408190][ T5308] __fput+0x691/0xa70
[ 175.409922][ T5308] task_work_run+0x1d9/0x270
[ 175.411912][ T5308] exit_to_user_mode_loop+0xed/0x480
[ 175.414050][ T5308] do_syscall_64+0x32d/0xf80
[ 175.416057][ T5308] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 175.418324][ T5308]
[ 175.419229][ T5308] The buggy address belongs to the object at ffff888047cb0b80
[ 175.419229][ T5308] which belongs to the cache sock_inode_cache of size 1344
[ 175.424835][ T5308] The buggy address is located 128 bytes inside of
[ 175.424835][ T5308] freed 1344-byte region [ffff888047cb0b80, ffff888047cb10c0)
[ 175.430190][ T5308]
[ 175.431279][ T5308] The buggy address belongs to the physical page:
[ 175.433879][ T5308] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x47cb0
[ 175.437193][ T5308] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 175.440697][ T5308] memcg:ffff888038584a01
[ 175.442457][ T5308] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[ 175.445492][ T5308] page_type: f5(slab)
[ 175.447203][ T5308] raw: 04fff00000000040 ffff888030419c80 dead000000000100 dead000000000122
[ 175.450747][ T5308] raw: 0000000000000000 00000008000b000b 00000000f5000000 ffff888038584a01
[ 175.454254][ T5308] head: 04fff00000000040 ffff888030419c80 dead000000000100 dead000000000122
[ 175.457842][ T5308] head: 0000000000000000 00000008000b000b 00000000f5000000 ffff888038584a01
[ 175.461344][ T5308] head: 04fff00000000002 ffffea00011f2c01 00000000ffffffff 00000000ffffffff
[ 175.465257][ T5308] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[ 175.468821][ T5308] page dumped because: kasan: bad access detected
[ 175.471480][ T5308] page_owner tracks the page as allocated
[ 175.473543][ T5308] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5295, tgid 5295 (syz-execprog), ts 87351971632, free_ts 76295178870
[ 175.482230][ T5308] post_alloc_hook+0x231/0x280
[ 175.484320][ T5308] get_page_from_freelist+0x24dc/0x2580
[ 175.486658][ T5308] __alloc_frozen_pages_noprof+0x18d/0x380
[ 175.489164][ T5308] allocate_slab+0x77/0x660
[ 175.490957][ T5308] refill_objects+0x331/0x3c0
[ 175.493098][ T5308] __pcs_replace_empty_main+0x2b9/0x620
[ 175.495520][ T5308] kmem_cache_alloc_lru_noprof+0x37c/0x640
[ 175.498179][ T5308] sock_alloc_inode+0x28/0xc0
[ 175.500447][ T5308] alloc_inode+0x6a/0x1b0
[ 175.502226][ T5308] __sock_create+0x12d/0x9d0
[ 175.504188][ T5308] mptcp_subflow_create_socket+0xfb/0x800
[ 175.506533][ T5308] __mptcp_nmpc_sk+0x155/0x790
[ 175.508694][ T5308] mptcp_setsockopt+0xe4a/0x36a0
[ 175.510871][ T5308] do_sock_setsockopt+0x270/0x400
[ 175.513072][ T5308] __x64_sys_setsockopt+0x18a/0x210
[ 175.515245][ T5308] do_syscall_64+0x14d/0xf80
[ 175.517006][ T5308] page last free pid 5281 tgid 5281 stack trace:
[ 175.519508][ T5308] __free_frozen_pages+0xc2b/0xdb0
[ 175.521514][ T5308] __slab_free+0x263/0x2b0
[ 175.523301][ T5308] qlist_free_all+0x97/0x100
[ 175.525149][ T5308] kasan_quarantine_reduce+0x148/0x160
[ 175.528085][ T5308] __kasan_slab_alloc+0x22/0x80
[ 175.530699][ T5308] __kmalloc_cache_noprof+0x2ba/0x660
[ 175.533543][ T5308] tomoyo_init_log+0x195/0x1fb0
[ 175.535806][ T5308] tomoyo_supervisor+0x353/0x1570
[ 175.537839][ T5308] tomoyo_env_perm+0x151/0x1f0
[ 175.539736][ T5308] tomoyo_find_next_domain+0x15cb/0x1aa0
[ 175.542085][ T5308] tomoyo_bprm_check_security+0x11b/0x180
[ 175.544494][ T5308] security_bprm_check+0x85/0x240
[ 175.546607][ T5308] bprm_execve+0x896/0x1460
[ 175.548225][ T5308] do_execveat_common+0x50d/0x690
[ 175.550344][ T5308] __x64_sys_execve+0x97/0xc0
[ 175.552373][ T5308] do_syscall_64+0x14d/0xf80
[ 175.554399][ T5308]
[ 175.555406][ T5308] Memory state around the buggy address:
[ 175.557621][ T5308] ffff888047cb0b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 175.560845][ T5308] ffff888047cb0b80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 175.564265][ T5308] >ffff888047cb0c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 175.567543][ T5308] ^
[ 175.569246][ T5308] ffff888047cb0c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 175.572504][ T5308] ffff888047cb0d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 175.576039][ T5308] ==================================================================
[ 175.579447][ T5308] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 175.582522][ T5308] CPU: 0 UID: 0 PID: 5308 Comm: kworker/0:4 Not tainted syzkaller #0 PREEMPT(full)
[ 175.586501][ T5308] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 175.590914][ T5308] Workqueue: mld mld_ifc_work
[ 175.593035][ T5308] Call Trace:
[ 175.594570][ T5308]
[ 175.595922][ T5308] vpanic+0x56c/0xa60
[ 175.597705][ T5308] ? __pfx_vpanic+0x10/0x10
[ 175.599711][ T5308] panic+0xc5/0xd0
[ 175.601345][ T5308] ? __pfx_panic+0x10/0x10
[ 175.603299][ T5308] ? sock_def_readable+0x1cb/0x580
[ 175.605581][ T5308] ? sock_def_readable+0x1cb/0x580
[ 175.607907][ T5308] ? sock_def_readable+0x1cb/0x580
[ 175.610031][ T5308] check_panic_on_warn+0x89/0xb0
[ 175.612189][ T5308] ? sock_def_readable+0x1cb/0x580
[ 175.614498][ T5308] end_report+0x73/0x180
[ 175.616458][ T5308] ? sock_def_readable+0x1cb/0x580
[ 175.618744][ T5308] kasan_report+0x128/0x150
[ 175.620787][ T5308] ? lock_acquire+0xf0/0x2e0
[ 175.622866][ T5308] ? sock_def_readable+0x1cb/0x580
[ 175.625104][ T5308] sock_def_readable+0x1cb/0x580
[ 175.627277][ T5308] ? sock_def_readable+0xae/0x580
[ 175.629488][ T5308] send_to_lecd+0x322/0x600
[ 175.631470][ T5308] ? make_entry+0x200/0x2f0
[ 175.633479][ T5308] lec_start_xmit+0xec0/0x2660
[ 175.635521][ T5308] dev_hard_start_xmit+0x2d8/0x870
[ 175.637808][ T5308] sch_direct_xmit+0x251/0x4c0
[ 175.639976][ T5308] ? __pfx_sch_direct_xmit+0x10/0x10
[ 175.642324][ T5308] __dev_queue_xmit+0x1538/0x38a0
[ 175.644613][ T5308] ? __dev_queue_xmit+0x274/0x38a0
[ 175.646908][ T5308] ? ___neigh_create+0x1c5f/0x2280
[ 175.649074][ T5308] ? __local_bh_enable_ip+0xd0/0x130
[ 175.651369][ T5308] ? lockdep_hardirqs_on+0x7a/0x110
[ 175.653598][ T5308] ? __pfx___dev_queue_xmit+0x10/0x10
[ 175.655782][ T5308] ? neigh_resolve_output+0x438/0x750
[ 175.657848][ T5308] ? eth_header+0x11b/0x200
[ 175.659832][ T5308] ? __asan_memcpy+0x40/0x70
[ 175.661826][ T5308] ? eth_header+0x11b/0x200
[ 175.663849][ T5308] ? __pfx_eth_header+0x10/0x10
[ 175.666103][ T5308] ? neigh_resolve_output+0x624/0x750
[ 175.668423][ T5308] ip6_finish_output+0x25c/0x610
[ 175.670446][ T5308] ? ip6_output+0x126/0x550
[ 175.672368][ T5308] ip6_output+0x340/0x550
[ 175.674294][ T5308] NF_HOOK+0xa2/0x3a0
[ 175.675982][ T5308] ? NF_HOOK+0xf9/0x3a0
[ 175.677719][ T5308] ? __pfx_NF_HOOK+0x10/0x10
[ 175.679702][ T5308] ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[ 175.682136][ T5308] ? __local_bh_enable_ip+0xd0/0x130
[ 175.684493][ T5308] ? lockdep_hardirqs_on+0x7a/0x110
[ 175.686788][ T5308] ? __local_bh_enable_ip+0xd0/0x130
[ 175.688847][ T5308] ? icmp6_dst_alloc+0x3a6/0x440
[ 175.690838][ T5308] mld_sendpack+0x8b4/0xe40
[ 175.692676][ T5308] ? look_up_lock_class+0x57/0x110
[ 175.694701][ T5308] ? mld_sendpack+0x213/0xe40
[ 175.696619][ T5308] ? __pfx_mld_sendpack+0x10/0x10
[ 175.698688][ T5308] mld_ifc_work+0x835/0xe70
[ 175.700683][ T5308] ? process_scheduled_works+0xa25/0x1830
[ 175.703018][ T5308] process_scheduled_works+0xb02/0x1830
[ 175.705452][ T5308] ? __pfx_process_scheduled_works+0x10/0x10
[ 175.708065][ T5308] ? assign_work+0x3d5/0x5e0
[ 175.709909][ T5308] worker_thread+0xa50/0xfc0
[ 175.711753][ T5308] kthread+0x388/0x470
[ 175.713457][ T5308] ? __pfx_worker_thread+0x10/0x10
[ 175.715769][ T5308] ? __pfx_kthread+0x10/0x10
[ 175.717543][ T5308] ret_from_fork+0x51e/0xb90
[ 175.719543][ T5308] ? __pfx_ret_from_fork+0x10/0x10
[ 175.721778][ T5308] ? __switch_to+0xc7d/0x1450
[ 175.723895][ T5308] ? __pfx_kthread+0x10/0x10
[ 175.725974][ T5308] ret_from_fork_asm+0x1a/0x30
[ 175.728131][ T5308]
[ 175.729902][ T5308] Kernel Offset: disabled
[ 175.731860][ T5308] Rebooting in 86400 seconds..
VM DIAGNOSIS:
15:10:43 Registers:
info registers vcpu 0
CPU#0
RAX=1ffffffff34ba760 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=0000000000000000 RDI=0000000000000020 RBP=ffffffff9a5d3ef0 RSP=ffffc9000e27eb10
R8 =ffff888034cd8237 R9 =1ffff1100699b046 R10=dffffc0000000000 R11=ffffffff85417a20
R12=dffffc0000000000 R13=0000000000000000 R14=ffffffff9a5d3c60 R15=0000000000000000
RIP=ffffffff85417a97 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88808ca5b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffebb693e50 CR3=0000000044479000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 0000000000000088
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000033e8 00000000001cdc18
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000001da0 0000000000033260
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000