Warning: Permanently added '10.128.1.83' (ED25519) to the list of known hosts. 1970/01/01 00:01:27 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:28 parsed 1 programs [ 91.456671][ T7004] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 100.356385][ T7056] chnl_net:caif_netlink_parms(): no params data found [ 100.479957][ T7056] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.482009][ T7056] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.484091][ T7056] bridge_slave_0: entered allmulticast mode [ 100.486613][ T7056] bridge_slave_0: entered promiscuous mode [ 100.490974][ T7056] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.493012][ T7056] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.495053][ T7056] bridge_slave_1: entered allmulticast mode [ 100.497490][ T7056] bridge_slave_1: entered promiscuous mode [ 100.526092][ T7056] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.527615][ T7056] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.544578][ T7056] team0: Port device team_slave_0 added [ 100.546672][ T7056] team0: Port device team_slave_1 added [ 100.628380][ T7056] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.628437][ T7056] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.628480][ T7056] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.629570][ T7056] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.629595][ T7056] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.629624][ T7056] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.698643][ T7056] hsr_slave_0: entered promiscuous mode [ 100.699130][ T7056] hsr_slave_1: entered promiscuous mode [ 101.597344][ T7056] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 101.602101][ T7056] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 101.606999][ T7056] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 101.611641][ T7056] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 101.662886][ T7056] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.671839][ T7056] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.675017][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.675101][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.681918][ T14] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.682263][ T14] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.786505][ T7056] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.807818][ T7056] veth0_vlan: entered promiscuous mode [ 101.813250][ T7056] veth1_vlan: entered promiscuous mode [ 101.832050][ T7056] veth0_macvtap: entered promiscuous mode [ 101.834066][ T7056] veth1_macvtap: entered promiscuous mode [ 101.843912][ T7056] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.845699][ T7056] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.847111][ T7056] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.847156][ T7056] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.847186][ T7056] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.847215][ T7056] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.993061][ T6095] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 101.996112][ T6095] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 101.999955][ T6095] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 102.002877][ T6095] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 102.003805][ T6095] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 102.210084][ T95] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.315758][ T95] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.472096][ T95] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.564442][ T95] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.824285][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.824345][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.851761][ T14] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.854094][ T14] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 1970/01/01 00:01:44 executed programs: 0 [ 104.142382][ T6095] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 104.143144][ T6095] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 104.143568][ T6095] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 104.144158][ T6095] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 104.144778][ T6095] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 104.246369][ T7311] chnl_net:caif_netlink_parms(): no params data found [ 104.299238][ T7311] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.301506][ T7311] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.303758][ T7311] bridge_slave_0: entered allmulticast mode [ 104.306356][ T7311] bridge_slave_0: entered promiscuous mode [ 104.309637][ T7311] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.311812][ T7311] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.314065][ T7311] bridge_slave_1: entered allmulticast mode [ 104.316896][ T7311] bridge_slave_1: entered promiscuous mode [ 104.336838][ T7311] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.341665][ T7311] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.359722][ T7311] team0: Port device team_slave_0 added [ 104.362953][ T7311] team0: Port device team_slave_1 added [ 104.379775][ T7311] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.382050][ T7311] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.389860][ T7311] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.394154][ T7311] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.396302][ T7311] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.404071][ T7311] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.429134][ T7311] hsr_slave_0: entered promiscuous mode [ 104.431354][ T7311] hsr_slave_1: entered promiscuous mode [ 104.433511][ T7311] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 104.435824][ T7311] Cannot create hsr debugfs directory [ 104.997401][ T95] bridge_slave_1: left allmulticast mode [ 104.997482][ T95] bridge_slave_1: left promiscuous mode [ 104.997614][ T95] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.007395][ T95] bridge_slave_0: left allmulticast mode [ 105.009996][ T95] bridge_slave_0: left promiscuous mode [ 105.012049][ T95] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.178000][ T6095] Bluetooth: hci0: command tx timeout [ 106.600297][ T95] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 106.640309][ T95] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 106.699695][ T95] bond0 (unregistering): Released all slaves [ 106.784653][ T95] hsr_slave_0: left promiscuous mode [ 106.786856][ T95] hsr_slave_1: left promiscuous mode [ 106.790874][ T95] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 106.790957][ T95] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 106.795679][ T95] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 106.806323][ T95] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 106.819723][ T95] veth1_macvtap: left promiscuous mode [ 106.823167][ T95] veth0_macvtap: left promiscuous mode [ 106.824942][ T95] veth1_vlan: left promiscuous mode [ 106.826574][ T95] veth0_vlan: left promiscuous mode [ 108.248005][ T6095] Bluetooth: hci0: command tx timeout [ 108.669869][ T95] team0 (unregistering): Port device team_slave_1 removed [ 108.879650][ T95] team0 (unregistering): Port device team_slave_0 removed [ 110.327968][ T6095] Bluetooth: hci0: command tx timeout [ 111.433979][ T7311] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 111.444336][ T7311] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 111.449364][ T7311] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 111.479365][ T7311] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 111.545294][ T7311] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.814559][ T7311] 8021q: adding VLAN 0 to HW filter on device team0 [ 111.817493][ T346] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.817588][ T346] bridge0: port 1(bridge_slave_0) entered forwarding state [ 111.834698][ T4453] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.834777][ T4453] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.083021][ T7311] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 112.122123][ T7311] veth0_vlan: entered promiscuous mode [ 112.124967][ T7311] veth1_vlan: entered promiscuous mode [ 112.136664][ T7311] veth0_macvtap: entered promiscuous mode [ 112.139741][ T7311] veth1_macvtap: entered promiscuous mode [ 112.145997][ T7311] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 112.147786][ T7311] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 112.149962][ T7311] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.150002][ T7311] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.150033][ T7311] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.150063][ T7311] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.303588][ T346] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.303647][ T346] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.317416][ T4453] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.317491][ T4453] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 1970/01/01 00:01:52 executed programs: 2 [ 112.399771][ ** replaying previous printk message ** [ 112.399771][ T7479] ------------[ cut here ]------------ [ 112.399859][ T7479] ODEBUG: activate active (active state 1) object: 000000005aaa2dd7 object type: rcu_head hint: 0x0 [ 112.400240][ T7479] WARNING: CPU: 1 PID: 7479 at lib/debugobjects.c:615 debug_object_activate+0x344/0x460 [ 112.408630][ T7479] Modules linked in: [ 112.409793][ T7479] CPU: 1 UID: 0 PID: 7479 Comm: syz.0.17 Not tainted 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 112.413111][ T7479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 112.415913][ T7479] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 112.418095][ T7479] pc : debug_object_activate+0x344/0x460 [ 112.419678][ T7479] lr : debug_object_activate+0x344/0x460 [ 112.421256][ T7479] sp : ffff80009c5e76c0 [ 112.422436][ T7479] x29: ffff80009c5e76c0 x28: ffff8000976d8000 x27: dfff800000000000 [ 112.424728][ T7479] x26: ffff80008afc2440 x25: 0000000000000001 x24: ffff8000891ac638 [ 112.427040][ T7479] x23: 0000000000000003 x22: ffff80008b5399e0 x21: 0000000000000000 [ 112.429342][ T7479] x20: ffff80008afc2440 x19: ffff8000891ac638 x18: 0000000000000000 [ 112.431674][ T7479] x17: 6464326161613530 x16: ffff80008aefc690 x15: 0000000000000001 [ 112.433819][ T7479] x14: 1fffe000337d88e2 x13: 0000000000000000 x12: 0000000000000000 [ 112.436068][ T7479] x11: ffff6000337d88e3 x10: 0000000000ff0100 x9 : 598454906fc2c600 [ 112.438375][ T7479] x8 : 598454906fc2c600 x7 : 0000000000000001 x6 : 0000000000000001 [ 112.440652][ T7479] x5 : ffff80009c5e7018 x4 : ffff80008f766be0 x3 : ffff8000807bcfac [ 112.442999][ T7479] x2 : 0000000000000001 x1 : 0000000100000201 x0 : 0000000000000000 [ 112.445207][ T7479] Call trace: [ 112.446123][ T7479] debug_object_activate+0x344/0x460 (P) [ 112.447776][ T7479] kvfree_call_rcu+0x4c/0x3f0 [ 112.449105][ T7479] cipso_v4_sock_setattr+0x2f0/0x3f4 [ 112.450634][ T7479] netlbl_sock_setattr+0x240/0x334 [ 112.452077][ T7479] smack_netlbl_add+0xf8/0x280 [ 112.453509][ T7479] smack_inode_setsecurity+0x378/0x430 [ 112.455057][ T7479] security_inode_setsecurity+0x118/0x3c0 [ 112.456660][ T7479] __vfs_setxattr_noperm+0x174/0x5c4 [ 112.458086][ T7479] __vfs_setxattr_locked+0x1ec/0x218 [ 112.459650][ T7479] vfs_setxattr+0x158/0x2ac [ 112.460986][ T7479] file_setxattr+0x1b8/0x294 [ 112.462344][ T7479] path_setxattrat+0x2ac/0x320 [ 112.463803][ T7479] __arm64_sys_fsetxattr+0xc0/0xdc [ 112.465335][ T7479] invoke_syscall+0x98/0x2b8 [ 112.466643][ T7479] el0_svc_common+0x130/0x23c [ 112.467917][ T7479] do_el0_svc+0x48/0x58 [ 112.469130][ T7479] el0_svc+0x58/0x180 [ 112.470322][ T7479] el0t_64_sync_handler+0x84/0x12c [ 112.471779][ T7479] el0t_64_sync+0x198/0x19c [ 112.473105][ T7479] irq event stamp: 191 [ 112.474233][ T7479] hardirqs last enabled at (190): [] __console_unlock+0x70/0xc4 [ 112.476805][ T7479] hardirqs last disabled at (191): [] el1_brk64+0x1c/0x48 [ 112.479215][ T7479] softirqs last enabled at (146): [] local_bh_enable+0x10/0x34 [ 112.481922][ T7479] softirqs last disabled at (162): [] local_bh_disable+0x10/0x34 [ 112.484595][ T7479] ---[ end trace 0000000000000000 ]--- [ 112.486386][ T7479] ------------[ cut here ]------------ [ 112.486430][ T7479] ODEBUG: active_state active (active state 1) object: 000000005aaa2dd7 object type: rcu_head hint: 0x0 [ 112.486829][ T7479] WARNING: CPU: 1 PID: 7479 at lib/debugobjects.c:615 debug_object_active_state+0x28c/0x350 [ 112.494231][ T7479] Modules linked in: [ 112.495440][ T7479] CPU: 1 UID: 0 PID: 7479 Comm: syz.0.17 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 112.499522][ T7479] Tainted: [W]=WARN [ 112.500585][ T7479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 112.503243][ T7479] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 112.505480][ T7479] pc : debug_object_active_state+0x28c/0x350 [ 112.507076][ T7479] lr : debug_object_active_state+0x28c/0x350 [ 112.508719][ T7479] sp : ffff80009c5e76b0 [ 112.509850][ T7479] x29: ffff80009c5e76c0 x28: ffff80008f671000 x27: dfff800000000000 [ 112.512157][ T7479] x26: 0000000000000003 x25: 0000000000000000 x24: ffff0000d3aa8888 [ 112.514492][ T7479] x23: 0000000000000001 x22: ffff80008afc2440 x21: ffff80008b5399e0 [ 112.516732][ T7479] x20: 0000000000000000 x19: ffff8000891ac638 x18: 0000000000000000 [ 112.518910][ T7479] x17: 6161353030303030 x16: ffff80008ae63f48 x15: ffff700011ede144 [ 112.521250][ T7479] x14: 1ffff00011ede144 x13: 0000000000000004 x12: ffffffffffffffff [ 112.523498][ T7479] x11: ffff700011ede144 x10: 0000000000ff0100 x9 : 598454906fc2c600 [ 112.525755][ T7479] x8 : 598454906fc2c600 x7 : 0000000000000001 x6 : 0000000000000001 [ 112.527993][ T7479] x5 : ffff80009c5e6ff8 x4 : ffff80008f766be0 x3 : ffff80008054d314 [ 112.530230][ T7479] x2 : 0000000000000000 x1 : 0000000000000201 x0 : 0000000000000000 [ 112.532530][ T7479] Call trace: [ 112.533380][ T7479] debug_object_active_state+0x28c/0x350 (P) [ 112.535113][ T7479] kvfree_call_rcu+0x64/0x3f0 [ 112.536503][ T7479] cipso_v4_sock_setattr+0x2f0/0x3f4 [ 112.537933][ T7479] netlbl_sock_setattr+0x240/0x334 [ 112.539392][ T7479] smack_netlbl_add+0xf8/0x280 [ 112.540812][ T7479] smack_inode_setsecurity+0x378/0x430 [ 112.542389][ T7479] security_inode_setsecurity+0x118/0x3c0 [ 112.543965][ T7479] __vfs_setxattr_noperm+0x174/0x5c4 [ 112.545406][ T7479] __vfs_setxattr_locked+0x1ec/0x218 [ 112.546900][ T7479] vfs_setxattr+0x158/0x2ac [ 112.548182][ T7479] file_setxattr+0x1b8/0x294 [ 112.549545][ T7479] path_setxattrat+0x2ac/0x320 [ 112.550883][ T7479] __arm64_sys_fsetxattr+0xc0/0xdc [ 112.552366][ T7479] invoke_syscall+0x98/0x2b8 [ 112.553702][ T7479] el0_svc_common+0x130/0x23c [ 112.555036][ T7479] do_el0_svc+0x48/0x58 [ 112.556173][ T7479] el0_svc+0x58/0x180 [ 112.557303][ T7479] el0t_64_sync_handler+0x84/0x12c [ 112.558746][ T7479] el0t_64_sync+0x198/0x19c [ 112.560038][ T7479] irq event stamp: 219 [ 112.561173][ T7479] hardirqs last enabled at (218): [] __console_unlock+0x70/0xc4 [ 112.563810][ T7479] hardirqs last disabled at (219): [] el1_brk64+0x1c/0x48 [ 112.566251][ T7479] softirqs last enabled at (146): [] local_bh_enable+0x10/0x34 [ 112.568927][ T7479] softirqs last disabled at (162): [] local_bh_disable+0x10/0x34 [ 112.571602][ T7479] ---[ end trace 0000000000000000 ]--- [ 112.573243][ T7479] ------------[ cut here ]------------ [ 112.573292][ T7479] kvfree_call_rcu(): Double-freed call. rcu_head 000000005aaa2dd7 [ 112.573418][ T7479] WARNING: CPU: 1 PID: 7479 at mm/slab_common.c:1956 kvfree_call_rcu+0x94/0x3f0 [ 112.579603][ T7479] Modules linked in: [ 112.580643][ T7479] CPU: 1 UID: 0 PID: 7479 Comm: syz.0.17 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 112.584385][ T7479] Tainted: [W]=WARN [ 112.585410][ T7479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 112.588164][ T7479] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 112.590265][ T7479] pc : kvfree_call_rcu+0x94/0x3f0 [ 112.591615][ T7479] lr : kvfree_call_rcu+0x94/0x3f0 [ 112.593007][ T7479] sp : ffff80009c5e7720 [ 112.594147][ T7479] x29: ffff80009c5e7720 x28: 00000000fffffff5 x27: 1fffe00019c7bee3 [ 112.596442][ T7479] x26: dfff800000000000 x25: ffff0000ca2107ee x24: 0000000000000017 [ 112.598717][ T7479] x23: ffff8000891ac638 x22: 00000000ffffffea x21: ffff8000891ac638 [ 112.600952][ T7479] x20: ffff8000891ac638 x19: ffff80008afc2440 x18: 0000000000000000 [ 112.603230][ T7479] x17: 0000000000000000 x16: ffff80008ae63f48 x15: ffff700011ede144 [ 112.605461][ T7479] x14: 1ffff00011ede144 x13: 0000000000000004 x12: ffffffffffffffff [ 112.607684][ T7479] x11: ffff700011ede144 x10: 0000000000ff0100 x9 : 598454906fc2c600 [ 112.609980][ T7479] x8 : 598454906fc2c600 x7 : 0000000000000001 x6 : 0000000000000001 [ 112.612255][ T7479] x5 : ffff80009c5e7078 x4 : ffff80008f766be0 x3 : ffff80008054d314 [ 112.614407][ T7479] x2 : 0000000000000000 x1 : 0000000000000201 x0 : 0000000000000000 [ 112.616657][ T7479] Call trace: [ 112.617623][ T7479] kvfree_call_rcu+0x94/0x3f0 (P) [ 112.618953][ T7479] cipso_v4_sock_setattr+0x2f0/0x3f4 [ 112.620402][ T7479] netlbl_sock_setattr+0x240/0x334 [ 112.621842][ T7479] smack_netlbl_add+0xf8/0x280 [ 112.623209][ T7479] smack_inode_setsecurity+0x378/0x430 [ 112.624712][ T7479] security_inode_setsecurity+0x118/0x3c0 [ 112.626298][ T7479] __vfs_setxattr_noperm+0x174/0x5c4 [ 112.627696][ T7479] __vfs_setxattr_locked+0x1ec/0x218 [ 112.629207][ T7479] vfs_setxattr+0x158/0x2ac [ 112.630502][ T7479] file_setxattr+0x1b8/0x294 [ 112.631850][ T7479] path_setxattrat+0x2ac/0x320 [ 112.633175][ T7479] __arm64_sys_fsetxattr+0xc0/0xdc [ 112.634588][ T7479] invoke_syscall+0x98/0x2b8 [ 112.635827][ T7479] el0_svc_common+0x130/0x23c [ 112.637134][ T7479] do_el0_svc+0x48/0x58 [ 112.638321][ T7479] el0_svc+0x58/0x180 [ 112.639439][ T7479] el0t_64_sync_handler+0x84/0x12c [ 112.640797][ T7479] el0t_64_sync+0x198/0x19c [ 112.642114][ T7479] irq event stamp: 245 [ 112.643311][ T7479] hardirqs last enabled at (244): [] __console_unlock+0x70/0xc4 [ 112.645970][ T7479] hardirqs last disabled at (245): [] el1_brk64+0x1c/0x48 [ 112.648418][ T7479] softirqs last enabled at (146): [] local_bh_enable+0x10/0x34 [ 112.650987][ T7479] softirqs last disabled at (162): [] local_bh_disable+0x10/0x34 [ 112.653692][ T7479] ---[ end trace 0000000000000000 ]--- [ 112.663193][ T6095] Bluetooth: hci0: command tx timeout [ 112.676095][ ** replaying previous printk message ** [ 112.676095][ T7481] ------------[ cut here ]------------ [ 112.676153][ T7481] ODEBUG: activate active (active state 1) object: 000000005aaa2dd7 object type: rcu_head hint: 0x0 [ 112.676537][ T7481] WARNING: CPU: 1 PID: 7481 at lib/debugobjects.c:615 debug_object_activate+0x344/0x460 [ 112.685000][ T7481] Modules linked in: [ 112.686142][ T7481] CPU: 1 UID: 0 PID: 7481 Comm: syz.0.18 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 112.689954][ T7481] Tainted: [W]=WARN [ 112.691045][ T7481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 112.693866][ T7481] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 112.696124][ T7481] pc : debug_object_activate+0x344/0x460 [ 112.697757][ T7481] lr : debug_object_activate+0x344/0x460 [ 112.699312][ T7481] sp : ffff80009c5e76c0 [ 112.700504][ T7481] x29: ffff80009c5e76c0 x28: ffff8000976d8000 x27: dfff800000000000 [ 112.702765][ T7481] x26: ffff80008afc2440 x25: 0000000000000001 x24: ffff8000891ac638 [ 112.705046][ T7481] x23: 0000000000000003 x22: ffff80008b5399e0 x21: 0000000000000000 [ 112.707316][ T7481] x20: ffff80008afc2440 x19: ffff8000891ac638 x18: 0000000000000000 [ 112.709729][ T7481] x17: 6464326161613530 x16: ffff80008aefc690 x15: 0000000000000001 [ 112.711908][ T7481] x14: 1fffe000337d88e2 x13: 0000000000000000 x12: 0000000000000000 [ 112.714217][ T7481] x11: ffff6000337d88e3 x10: 0000000000ff0100 x9 : 088ea89685163e00 [ 112.716503][ T7481] x8 : 088ea89685163e00 x7 : 0000000000000001 x6 : 0000000000000001 [ 112.718854][ T7481] x5 : ffff80009c5e7018 x4 : ffff80008f766be0 x3 : ffff8000807bcfac [ 112.721100][ T7481] x2 : 0000000000000001 x1 : 0000000100000201 x0 : 0000000000000000 [ 112.723325][ T7481] Call trace: [ 112.724221][ T7481] debug_object_activate+0x344/0x460 (P) [ 112.725765][ T7481] kvfree_call_rcu+0x4c/0x3f0 [ 112.727089][ T7481] cipso_v4_sock_setattr+0x2f0/0x3f4 [ 112.728590][ T7481] netlbl_sock_setattr+0x240/0x334 [ 112.729964][ T7481] smack_netlbl_add+0xf8/0x280 [ 112.731338][ T7481] smack_inode_setsecurity+0x378/0x430 [ 112.732922][ T7481] security_inode_setsecurity+0x118/0x3c0 [ 112.734603][ T7481] __vfs_setxattr_noperm+0x174/0x5c4 [ 112.736088][ T7481] __vfs_setxattr_locked+0x1ec/0x218 [ 112.737587][ T7481] vfs_setxattr+0x158/0x2ac [ 112.738839][ T7481] file_setxattr+0x1b8/0x294 [ 112.740116][ T7481] path_setxattrat+0x2ac/0x320 [ 112.741439][ T7481] __arm64_sys_fsetxattr+0xc0/0xdc [ 112.743037][ T7481] invoke_syscall+0x98/0x2b8 [ 112.744355][ T7481] el0_svc_common+0x130/0x23c [ 112.745759][ T7481] do_el0_svc+0x48/0x58 [ 112.746953][ T7481] el0_svc+0x58/0x180 [ 112.748129][ T7481] el0t_64_sync_handler+0x84/0x12c [ 112.749631][ T7481] el0t_64_sync+0x198/0x19c [ 112.750961][ T7481] irq event stamp: 191 [ 112.752186][ T7481] hardirqs last enabled at (190): [] __console_unlock+0x70/0xc4 [ 112.754814][ T7481] hardirqs last disabled at (191): [] el1_brk64+0x1c/0x48 [ 112.757247][ T7481] softirqs last enabled at (150): [] local_bh_enable+0x10/0x34 [ 112.759835][ T7481] softirqs last disabled at (164): [] local_bh_disable+0x10/0x34 [ 112.762512][ T7481] ---[ end trace 0000000000000000 ]--- [ 112.764107][ T7481] ------------[ cut here ]------------ [ 112.764157][ T7481] ODEBUG: active_state active (active state 1) object: 000000005aaa2dd7 object type: rcu_head hint: 0x0 [ 112.764562][ T7481] WARNING: CPU: 1 PID: 7481 at lib/debugobjects.c:615 debug_object_active_state+0x28c/0x350 [ 112.772027][ T7481] Modules linked in: [ 112.773175][ T7481] CPU: 1 UID: 0 PID: 7481 Comm: syz.0.18 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 112.777142][ T7481] Tainted: [W]=WARN [ 112.778262][ T7481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 112.781264][ T7481] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 112.783485][ T7481] pc : debug_object_active_state+0x28c/0x350 [ 112.785262][ T7481] lr : debug_object_active_state+0x28c/0x350 [ 112.786886][ T7481] sp : ffff80009c5e76b0 [ 112.788049][ T7481] x29: ffff80009c5e76c0 x28: ffff80008f671000 x27: dfff800000000000 [ 112.790444][ T7481] x26: 0000000000000003 x25: 0000000000000000 x24: ffff0000d3aa8888 [ 112.792763][ T7481] x23: 0000000000000001 x22: ffff80008afc2440 x21: ffff80008b5399e0 [ 112.795086][ T7481] x20: 0000000000000000 x19: ffff8000891ac638 x18: 0000000000000000 [ 112.797489][ T7481] x17: 6161353030303030 x16: ffff80008ae63f48 x15: ffff700011ede144 [ 112.799746][ T7481] x14: 1ffff00011ede144 x13: 0000000000000004 x12: ffffffffffffffff [ 112.801944][ T7481] x11: ffff700011ede144 x10: 0000000000ff0100 x9 : 088ea89685163e00 [ 112.804213][ T7481] x8 : 088ea89685163e00 x7 : 0000000000000001 x6 : 0000000000000001 [ 112.806541][ T7481] x5 : ffff80009c5e6ff8 x4 : ffff80008f766be0 x3 : ffff80008054d314 [ 112.808886][ T7481] x2 : 0000000000000000 x1 : 0000000000000201 x0 : 0000000000000000 [ 112.811141][ T7481] Call trace: [ 112.812083][ T7481] debug_object_active_state+0x28c/0x350 (P) [ 112.813835][ T7481] kvfree_call_rcu+0x64/0x3f0 [ 112.815162][ T7481] cipso_v4_sock_setattr+0x2f0/0x3f4 [ 112.816658][ T7481] netlbl_sock_setattr+0x240/0x334 [ 112.818164][ T7481] smack_netlbl_add+0xf8/0x280 [ 112.819524][ T7481] smack_inode_setsecurity+0x378/0x430 [ 112.821069][ T7481] security_inode_setsecurity+0x118/0x3c0 [ 112.822753][ T7481] __vfs_setxattr_noperm+0x174/0x5c4 [ 112.824251][ T7481] __vfs_setxattr_locked+0x1ec/0x218 [ 112.825798][ T7481] vfs_setxattr+0x158/0x2ac [ 112.827073][ T7481] file_setxattr+0x1b8/0x294 [ 112.828400][ T7481] path_setxattrat+0x2ac/0x320 [ 112.829775][ T7481] __arm64_sys_fsetxattr+0xc0/0xdc [ 112.831221][ T7481] invoke_syscall+0x98/0x2b8 [ 112.832531][ T7481] el0_svc_common+0x130/0x23c [ 112.833822][ T7481] do_el0_svc+0x48/0x58 [ 112.835011][ T7481] el0_svc+0x58/0x180 [ 112.836150][ T7481] el0t_64_sync_handler+0x84/0x12c [ 112.837630][ T7481] el0t_64_sync+0x198/0x19c [ 112.838905][ T7481] irq event stamp: 219 [ 112.840053][ T7481] hardirqs last enabled at (218): [] __console_unlock+0x70/0xc4 [ 112.842729][ T7481] hardirqs last disabled at (219): [] el1_brk64+0x1c/0x48 [ 112.845248][ T7481] softirqs last enabled at (150): [] local_bh_enable+0x10/0x34 [ 112.847777][ T7481] softirqs last disabled at (164): [] local_bh_disable+0x10/0x34 [ 112.850308][ T7481] ---[ end trace 0000000000000000 ]--- [ 112.875676] ** replaying previous printk message ** [ 112.875676][ T7483] ------------[ cut here ]------------ [ 112.875729][ T7483] ODEBUG: activate active (active state 1) object: 000000005aaa2dd7 object type: rcu_head hint: 0x0 [ 112.876107][ T7483] WARNING: CPU: 1 PID: 7483 at lib/debugobjects.c:615 debug_object_activate+0x344/0x460 [ 112.884658][ T7483] Modules linked in: [ 112.885785][ T7483] CPU: 1 UID: 0 PID: 7483 Comm: syz.0.19 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 112.889539][ T7483] Tainted: [W]=WARN [ 112.890622][ T7483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 112.893349][ T7483] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 112.895641][ T7483] pc : debug_object_activate+0x344/0x460 [ 112.897215][ T7483] lr : debug_object_activate+0x344/0x460 [ 112.898818][ T7483] sp : ffff80009c5e76c0 [ 112.900154][ T7483] x29: ffff80009c5e76c0 x28: ffff8000976d8000 x27: dfff800000000000 [ 112.902406][ T7483] x26: ffff80008afc2440 x25: 0000000000000001 x24: ffff8000891ac638 [ 112.904707][ T7483] x23: 0000000000000003 x22: ffff80008b5399e0 x21: 0000000000000000 [ 112.906932][ T7483] x20: ffff80008afc2440 x19: ffff8000891ac638 x18: 0000000000000000 [ 112.909213][ T7483] x17: 6464326161613530 x16: ffff80008aefc690 x15: 0000000000000001 [ 112.911445][ T7483] x14: 1fffe000337d88e2 x13: 0000000000000000 x12: 0000000000000000 [ 112.913665][ T7483] x11: ffff6000337d88e3 x10: 0000000000ff0100 x9 : 29026662b78d6f00 [ 112.915852][ T7483] x8 : 29026662b78d6f00 x7 : 0000000000000001 x6 : 0000000000000001 [ 112.918037][ T7483] x5 : ffff80009c5e7018 x4 : ffff80008f766be0 x3 : ffff8000807bcfac [ 112.920382][ T7483] x2 : 0000000000000001 x1 : 0000000100000201 x0 : 0000000000000000 [ 112.922693][ T7483] Call trace: [ 112.923592][ T7483] debug_object_activate+0x344/0x460 (P) [ 112.925251][ T7483] kvfree_call_rcu+0x4c/0x3f0 [ 112.926587][ T7483] cipso_v4_sock_setattr+0x2f0/0x3f4 [ 112.928030][ T7483] netlbl_sock_setattr+0x240/0x334 [ 112.929488][ T7483] smack_netlbl_add+0xf8/0x280 [ 112.930772][ T7483] smack_inode_setsecurity+0x378/0x430 [ 112.932283][ T7483] security_inode_setsecurity+0x118/0x3c0 [ 112.933889][ T7483] __vfs_setxattr_noperm+0x174/0x5c4 [ 112.935409][ T7483] __vfs_setxattr_locked+0x1ec/0x218 [ 112.936936][ T7483] vfs_setxattr+0x158/0x2ac [ 112.938309][ T7483] file_setxattr+0x1b8/0x294 [ 112.939634][ T7483] path_setxattrat+0x2ac/0x320 [ 112.940999][ T7483] __arm64_sys_fsetxattr+0xc0/0xdc [ 112.942417][ T7483] invoke_syscall+0x98/0x2b8 [ 112.943773][ T7483] el0_svc_common+0x130/0x23c [ 112.945043][ T7483] do_el0_svc+0x48/0x58 [ 112.946235][ T7483] el0_svc+0x58/0x180 [ 112.947372][ T7483] el0t_64_sync_handler+0x84/0x12c [ 112.948878][ T7483] el0t_64_sync+0x198/0x19c [ 112.950149][ T7483] irq event stamp: 229 [ 112.951281][ T7483] hardirqs last enabled at (228): [] __console_unlock+0x70/0xc4 [ 112.953915][ T7483] hardirqs last disabled at (229): [] el1_brk64+0x1c/0x48 [ 112.956360][ T7483] softirqs last enabled at (190): [] local_bh_enable+0x10/0x34 [ 112.958944][ T7483] softirqs last disabled at (204): [] local_bh_disable+0x10/0x34 [ 112.961655][ T7483] ---[ end trace 0000000000000000 ]--- [ ** replaying previous printk message ** [ 113.268073][ T346] ------------[ cut here ]------------ [ 113.269614][ T346] Trying to vfree() bad address (000000005aaa2dd7) [ 113.269767][ T346] WARNING: CPU: 1 PID: 346 at mm/vmalloc.c:3274 remove_vm_area+0x268/0x270 [ 113.276451][ T346] Modules linked in: [ 113.277612][ T346] CPU: 1 UID: 0 PID: 346 Comm: kworker/u8:9 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 113.281639][ T346] Tainted: [W]=WARN [ 113.282723][ T346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 113.285625][ T346] Workqueue: kvfree_rcu_reclaim kfree_rcu_monitor [ 113.287493][ T346] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 113.289675][ T346] pc : remove_vm_area+0x268/0x270 [ 113.291105][ T346] lr : remove_vm_area+0x264/0x270 [ 113.292538][ T346] sp : ffff80009c2978e0 [ 113.293732][ T346] x29: ffff80009c2978f0 x28: ffff00019bed34d4 x27: ffff00019bed34c0 [ 113.296026][ T346] x26: ffff00019bed34b0 x25: dfff800000000000 x24: 0000000000000001 [ 113.298407][ T346] x23: ffff0000c2b25028 x22: 1fffe00018c6db71 x21: 0000000000000000 [ 113.300655][ T346] x20: 0000000000000000 x19: ffff8000891ac638 x18: 1fffe000337d8876 [ 113.302897][ T346] x17: 0000000000000000 x16: ffff80008ae63f48 x15: ffff700011ede144 [ 113.305172][ T346] x14: 1ffff00011ede144 x13: 0000000000000004 x12: ffffffffffffffff [ 113.307451][ T346] x11: ffff700011ede144 x10: 0000000000ff0100 x9 : 6a9eceb9016d7b00 [ 113.309703][ T346] x8 : 6a9eceb9016d7b00 x7 : 0000000000000001 x6 : 0000000000000001 [ 113.311978][ T346] x5 : ffff80009c297238 x4 : ffff80008f766be0 x3 : ffff80008054d314 [ 113.314295][ T346] x2 : 0000000000000000 x1 : 0000000100000000 x0 : 0000000000000000 [ 113.316606][ T346] Call trace: [ 113.317514][ T346] remove_vm_area+0x268/0x270 (P) [ 113.319000][ T346] vfree+0xac/0x3dc [ 113.320102][ T346] kvfree_rcu_bulk+0xc4/0x228 [ 113.321386][ T346] kfree_rcu_monitor+0x230/0x2b4 [ 113.322750][ T346] process_one_work+0x7e8/0x155c [ 113.324185][ T346] worker_thread+0x958/0xed8 [ 113.325476][ T346] kthread+0x5fc/0x75c [ 113.326674][ T346] ret_from_fork+0x10/0x20 [ 113.327930][ T346] irq event stamp: 1948818 [ 113.329217][ T346] hardirqs last enabled at (1948817): [] __console_unlock+0x70/0xc4 [ 113.331962][ T346] hardirqs last disabled at (1948818): [] el1_brk64+0x1c/0x48 [ 113.334623][ T346] softirqs last enabled at (1948800): [] handle_softirqs+0xaf8/0xc88 [ 113.337392][ T346] softirqs last disabled at (1947559): [] __do_softirq+0x14/0x20 [ 113.340048][ T346] ---[ end trace 0000000000000000 ]--- [ 113.347426][ T346] ------------[ cut here ]------------ [ 113.347475][ T346] Trying to vfree() nonexistent vm area (000000005aaa2dd7) [ 113.351347][ T346] WARNING: CPU: 0 PID: 346 at mm/vmalloc.c:3409 vfree+0x32c/0x3dc [ 113.353475][ T346] Modules linked in: [ 113.354490][ T346] CPU: 0 UID: 0 PID: 346 Comm: kworker/u8:9 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 113.358252][ T346] Tainted: [W]=WARN [ 113.359299][ T346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 113.362214][ T346] Workqueue: kvfree_rcu_reclaim kfree_rcu_monitor [ 113.364053][ T346] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 113.366213][ T346] pc : vfree+0x32c/0x3dc [ 113.367360][ T346] lr : vfree+0x32c/0x3dc [ 113.368593][ T346] sp : ffff80009c297950 [ 113.369753][ T346] x29: ffff80009c297960 x28: ffff00019bed34d4 x27: ffff00019bed34c0 [ 113.372020][ T346] x26: ffff00019bed34b0 x25: dfff800000000000 x24: 0000000000000001 [ 113.374299][ T346] x23: ffff0000c2b25028 x22: 1fffe00018c6db71 x21: 0000000000000000 [ 113.376580][ T346] x20: ffff8000891ac638 x19: 0000000000000000 x18: 1fffe000337d4076 [ 113.378927][ T346] x17: ffff80008f66e000 x16: ffff80008aefc690 x15: 0000000000000001 [ 113.381167][ T346] x14: 1fffe000337d6af0 x13: 0000000000000000 x12: 0000000000000000 [ 113.383385][ T346] x11: ffff800093163c08 x10: 0000000000000003 x9 : 6a9eceb9016d7b00 [ 113.385675][ T346] x8 : 6a9eceb9016d7b00 x7 : ffff800080488a2c x6 : 0000000000000000 [ 113.387995][ T346] x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000010 [ 113.390235][ T346] x2 : 0000000000000006 x1 : ffff80008b538ee0 x0 : 0000000000000001 [ 113.392379][ T346] Call trace: [ 113.393296][ T346] vfree+0x32c/0x3dc (P) [ 113.394482][ T346] kvfree_rcu_bulk+0xc4/0x228 [ 113.395873][ T346] kfree_rcu_monitor+0x230/0x2b4 [ 113.397301][ T346] process_one_work+0x7e8/0x155c [ 113.398717][ T346] worker_thread+0x958/0xed8 [ 113.400041][ T346] kthread+0x5fc/0x75c [ 113.401155][ T346] ret_from_fork+0x10/0x20 [ 113.402381][ T346] irq event stamp: 1949034 [ 113.403616][ T346] hardirqs last enabled at (1949033): [] finish_lock_switch+0xb0/0x1c0 [ 113.406529][ T346] hardirqs last disabled at (1949034): [] el1_brk64+0x1c/0x48 [ 113.409075][ T346] softirqs last enabled at (1949006): [] handle_softirqs+0xaf8/0xc88 [ 113.411949][ T346] softirqs last disabled at (1948823): [] __do_softirq+0x14/0x20 [ 113.414708][ T346] ---[ end trace 0000000000000000 ]--- [ 113.483236][ T260] ------------[ cut here ]------------ [ 113.483332][ T260] Trying to vfree() bad address (000000005aaa2dd7) [ 113.488461][ T260] WARNING: CPU: 0 PID: 260 at mm/vmalloc.c:3274 remove_vm_area+0x268/0x270 [ 113.491002][ T260] Modules linked in: [ 113.492105][ T260] CPU: 0 UID: 0 PID: 260 Comm: kworker/u8:8 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 113.495943][ T260] Tainted: [W]=WARN [ 113.497102][ T260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 113.499946][ T260] Workqueue: kvfree_rcu_reclaim kfree_rcu_work [ 113.501731][ T260] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 113.503959][ T260] pc : remove_vm_area+0x268/0x270 [ 113.505394][ T260] lr : remove_vm_area+0x264/0x270 [ 113.506810][ T260] sp : ffff80009bd578f0 [ 113.507968][ T260] x29: ffff80009bd57900 x28: 1ffff00011ece29b x27: dfff800000000000 [ 113.510255][ T260] x26: ffff0000c5372f18 x25: dfff800000000000 x24: 0000000000000001 [ 113.512498][ T260] x23: ffff0000c2b24028 x22: 1fffe00018becb71 x21: 0000000000000000 [ 113.514746][ T260] x20: 0000000000000000 x19: ffff8000891ac638 x18: 1fffe000337d4076 [ 113.517049][ T260] x17: ffff80008f66e000 x16: ffff80008aefc690 x15: 0000000000000001 [ 113.519292][ T260] x14: 1fffe000337d6af0 x13: 0000000000000000 x12: 0000000000000000 [ 113.521630][ T260] x11: ffff800093163c08 x10: 0000000000000003 x9 : 46f94c6284aa9e00 [ 113.523997][ T260] x8 : 46f94c6284aa9e00 x7 : ffff800080488a2c x6 : 0000000000000000 [ 113.526298][ T260] x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000010 [ 113.528585][ T260] x2 : 0000000000000006 x1 : ffff80008b538ee0 x0 : 0000000000000001 [ 113.530849][ T260] Call trace: [ 113.531807][ T260] remove_vm_area+0x268/0x270 (P) [ 113.533280][ T260] vfree+0xac/0x3dc [ 113.534299][ T260] kvfree_rcu_bulk+0xc4/0x228 [ 113.535668][ T260] kfree_rcu_work+0xe0/0x140 [ 113.536996][ T260] process_one_work+0x7e8/0x155c [ 113.538381][ T260] worker_thread+0x958/0xed8 [ 113.539672][ T260] kthread+0x5fc/0x75c [ 113.540818][ T260] ret_from_fork+0x10/0x20 [ 113.542034][ T260] irq event stamp: 573488 [ 113.543305][ T260] hardirqs last enabled at (573487): [] finish_lock_switch+0xb0/0x1c0 [ 113.546047][ T260] hardirqs last disabled at (573488): [] el1_brk64+0x1c/0x48 [ 113.548601][ T260] softirqs last enabled at (569728): [] handle_softirqs+0xaf8/0xc88 [ 113.551439][ T260] softirqs last disabled at (569611): [] __do_softirq+0x14/0x20 [ 113.554019][ T260] ---[ end trace 0000000000000000 ]--- [ 113.556460][ T260] ------------[ cut here ]------------ [ 113.556530][ T260] Trying to vfree() nonexistent vm area (000000005aaa2dd7) [ 113.560507][ T260] WARNING: CPU: 0 PID: 260 at mm/vmalloc.c:3409 vfree+0x32c/0x3dc [ 113.562682][ T260] Modules linked in: [ 113.563801][ T260] CPU: 0 UID: 0 PID: 260 Comm: kworker/u8:8 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 113.567533][ T260] Tainted: [W]=WARN [ 113.568657][ T260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 113.571692][ T260] Workqueue: kvfree_rcu_reclaim kfree_rcu_work [ 113.573398][ T260] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 113.575625][ T260] pc : vfree+0x32c/0x3dc [ 113.576734][ T260] lr : vfree+0x32c/0x3dc [ 113.577910][ T260] sp : ffff80009bd57960 [ 113.579059][ T260] x29: ffff80009bd57970 x28: 1ffff00011ece29b x27: dfff800000000000 [ 113.581269][ T260] x26: ffff0000c5372f18 x25: dfff800000000000 x24: 0000000000000001 [ 113.583482][ T260] x23: ffff0000c2b24028 x22: 1fffe00018becb71 x21: 0000000000000000 [ 113.585744][ T260] x20: ffff8000891ac638 x19: 0000000000000000 x18: 1fffe000337d4076 [ 113.587957][ T260] x17: ffff80008f66e000 x16: ffff80008aefc690 x15: 0000000000000001 [ 113.590161][ T260] x14: 1fffe000337d6af0 x13: 0000000000000000 x12: 0000000000000000 [ 113.592373][ T260] x11: ffff800093163c08 x10: 0000000000000003 x9 : 46f94c6284aa9e00 [ 113.594684][ T260] x8 : 46f94c6284aa9e00 x7 : ffff800080488a2c x6 : 0000000000000000 [ 113.596970][ T260] x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000010 [ 113.599143][ T260] x2 : 0000000000000006 x1 : ffff80008b538ee0 x0 : 0000000000000001 [ 113.601369][ T260] Call trace: [ 113.602300][ T260] vfree+0x32c/0x3dc (P) [ 113.603489][ T260] kvfree_rcu_bulk+0xc4/0x228 [ 113.604790][ T260] kfree_rcu_work+0xe0/0x140 [ 113.606131][ T260] process_one_work+0x7e8/0x155c [ 113.607582][ T260] worker_thread+0x958/0xed8 [ 113.608904][ T260] kthread+0x5fc/0x75c [ 113.610058][ T260] ret_from_fork+0x10/0x20 [ 113.611295][ T260] irq event stamp: 573564 [ 113.612543][ T260] hardirqs last enabled at (573563): [] finish_lock_switch+0xb0/0x1c0 [ 113.615229][ T260] hardirqs last disabled at (573564): [] el1_brk64+0x1c/0x48 [ 113.617764][ T260] softirqs last enabled at (573536): [] handle_softirqs+0xaf8/0xc88 [ 113.620447][ T260] softirqs last disabled at (573491): [] __do_softirq+0x14/0x20 [ 113.623038][ T260] ---[ end trace 0000000000000000 ]--- [ 114.858066][ T144] ------------[ cut here ]------------ [ 114.858115][ T144] Trying to vfree() bad address (000000005aaa2dd7) [ 114.858253][ T144] WARNING: CPU: 0 PID: 144 at mm/vmalloc.c:3274 remove_vm_area+0x268/0x270 [ 114.863817][ T144] Modules linked in: [ 114.864882][ T144] CPU: 0 UID: 0 PID: 144 Comm: kworker/u8:5 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 114.868591][ T144] Tainted: [W]=WARN [ 114.869642][ T144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 114.872479][ T144] Workqueue: kvfree_rcu_reclaim kfree_rcu_monitor [ 114.874261][ T144] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 114.876426][ T144] pc : remove_vm_area+0x268/0x270 [ 114.877806][ T144] lr : remove_vm_area+0x264/0x270 [ 114.879210][ T144] sp : ffff80009ba378e0 [ 114.880341][ T144] x29: ffff80009ba378f0 x28: ffff00019bed34d4 x27: ffff00019bed34c0 [ 114.882567][ T144] x26: ffff00019bed34b0 x25: dfff800000000000 x24: 0000000000000001 [ 114.884831][ T144] x23: ffff0000c2b27028 x22: 1fffe00018afdb71 x21: 0000000000000000 [ 114.887014][ T144] x20: 0000000000000000 x19: ffff8000891ac638 x18: 0000000000000000 [ 114.889175][ T144] x17: 0000000000000000 x16: ffff80008ae63f48 x15: ffff700011ede144 [ 114.891420][ T144] x14: 1ffff00011ede144 x13: 0000000000000004 x12: ffffffffffffffff [ 114.893688][ T144] x11: ffff700011ede144 x10: 0000000000ff0100 x9 : c803c2a165447e00 [ 114.895965][ T144] x8 : c803c2a165447e00 x7 : 0000000000000001 x6 : 0000000000000001 [ 114.898274][ T144] x5 : ffff80009ba37238 x4 : ffff80008f766be0 x3 : ffff80008054d314 [ 114.900585][ T144] x2 : 0000000000000000 x1 : 0000000100000000 x0 : 0000000000000000 [ 114.902841][ T144] Call trace: [ 114.903721][ T144] remove_vm_area+0x268/0x270 (P) [ 114.905172][ T144] vfree+0xac/0x3dc [ 114.906253][ T144] kvfree_rcu_bulk+0xc4/0x228 [ 114.907531][ T144] kfree_rcu_monitor+0x230/0x2b4 [ 114.908920][ T144] process_one_work+0x7e8/0x155c [ 114.910345][ T144] worker_thread+0x958/0xed8 [ 114.911662][ T144] kthread+0x5fc/0x75c [ 114.912868][ T144] ret_from_fork+0x10/0x20 [ 114.914176][ T144] irq event stamp: 1110674 [ 114.915432][ T144] hardirqs last enabled at (1110673): [] __console_unlock+0x70/0xc4 [ 114.918104][ T144] hardirqs last disabled at (1110674): [] el1_brk64+0x1c/0x48 [ 114.920571][ T144] softirqs last enabled at (1110582): [] batadv_nc_purge_paths+0x2f4/0x37c [ 114.923410][ T144] softirqs last disabled at (1110580): [] batadv_nc_purge_paths+0xd0/0x37c [ 114.926288][ T144] ---[ end trace 0000000000000000 ]--- [ 1 ** replaying previous printk message ** [ 114.931681][ T144] ------------[ cut here ]------------ [ 114.931730][ T144] Trying to vfree() nonexistent vm area (000000005aaa2dd7) [ 114.931855][ T144] WARNING: CPU: 0 PID: 144 at mm/vmalloc.c:3409 vfree+0x32c/0x3dc [ 114.938498][ T144] Modules linked in: [ 114.939587][ T144] CPU: 0 UID: 0 PID: 144 Comm: kworker/u8:5 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 114.943313][ T144] Tainted: [W]=WARN [ 114.944342][ T144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 114.947394][ T144] Workqueue: kvfree_rcu_reclaim kfree_rcu_monitor [ 114.949322][ T144] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 114.951569][ T144] pc : vfree+0x32c/0x3dc [ 114.952784][ T144] lr : vfree+0x32c/0x3dc [ 114.953949][ T144] sp : ffff80009ba37950 [ 114.955123][ T144] x29: ffff80009ba37960 x28: ffff00019bed34d4 x27: ffff00019bed34c0 [ 114.957313][ T144] x26: ffff00019bed34b0 x25: dfff800000000000 x24: 0000000000000001 [ 114.959590][ T144] x23: ffff0000c2b27028 x22: 1fffe00018afdb71 x21: 0000000000000000 [ 114.961843][ T144] x20: ffff8000891ac638 x19: 0000000000000000 x18: 0000000000000000 [ 114.964208][ T144] x17: 0000000000000000 x16: ffff80008aefc690 x15: 0000000000000001 [ 114.966428][ T144] x14: 1fffe000337d40e2 x13: 0000000000000000 x12: 0000000000000000 [ 114.968682][ T144] x11: ffff6000337d40e3 x10: 0000000000ff0100 x9 : c803c2a165447e00 [ 114.970961][ T144] x8 : c803c2a165447e00 x7 : 0000000000000001 x6 : 0000000000000001 [ 114.973148][ T144] x5 : ffff80009ba37298 x4 : ffff80008f766be0 x3 : ffff8000807bcfac [ 114.975446][ T144] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 114.977743][ T144] Call trace: [ 114.978649][ T144] vfree+0x32c/0x3dc (P) [ 114.979892][ T144] kvfree_rcu_bulk+0xc4/0x228 [ 114.981232][ T144] kfree_rcu_monitor+0x230/0x2b4 [ 114.982636][ T144] process_one_work+0x7e8/0x155c [ 114.984036][ T144] worker_thread+0x958/0xed8 [ 114.985372][ T144] kthread+0x5fc/0x75c [ 114.986496][ T144] ret_from_fork+0x10/0x20 [ 114.987724][ T144] irq event stamp: 1110820 [ 114.988939][ T144] hardirqs last enabled at (1110819): [] __console_unlock+0x70/0xc4 [ 114.991710][ T144] hardirqs last disabled at (1110820): [] el1_brk64+0x1c/0x48 [ 114.994217][ T144] softirqs last enabled at (1110796): [] handle_softirqs+0xaf8/0xc88 [ 114.996957][ T144] softirqs last disabled at (1110679): [] __do_softirq+0x14/0x20 [ 114.999687][ T144] ---[ end trace 0000000000000000 ]--- [ 11 ** replaying previous printk message ** [ 115.032562][ T95] ------------[ cut here ]------------ [ 115.032623][ T95] Trying to vfree() bad address (000000005aaa2dd7) [ 115.032744][ T95] WARNING: CPU: 0 PID: 95 at mm/vmalloc.c:3274 remove_vm_area+0x268/0x270 [ 115.039475][ T95] Modules linked in: [ 115.040654][ T95] CPU: 0 UID: 0 PID: 95 Comm: kworker/u8:4 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 115.044530][ T95] Tainted: [W]=WARN [ 115.045579][ T95] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 115.048351][ T95] Workqueue: kvfree_rcu_reclaim kfree_rcu_work [ 115.050107][ T95] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 115.052261][ T95] pc : remove_vm_area+0x268/0x270 [ 115.053641][ T95] lr : remove_vm_area+0x264/0x270 [ 115.055195][ T95] sp : ffff80009b0f78f0 [ 115.056355][ T95] x29: ffff80009b0f7900 x28: 1ffff00011ece29b x27: dfff800000000000 [ 115.058610][ T95] x26: ffff0000c4571218 x25: dfff800000000000 x24: 0000000000000001 [ 115.060830][ T95] x23: ffff0000c2b26028 x22: 1fffe000188b63d1 x21: 0000000000000000 [ 115.063086][ T95] x20: 0000000000000000 x19: ffff8000891ac638 x18: 1fffe000337d4076 [ 115.065330][ T95] x17: 0000000000000000 x16: ffff80008aefc690 x15: 0000000000000001 [ 115.067613][ T95] x14: 1fffe000337d40e2 x13: 0000000000000000 x12: 0000000000000000 [ 115.069894][ T95] x11: ffff6000337d40e3 x10: 0000000000ff0100 x9 : e3add8d9d51b8f00 [ 115.072126][ T95] x8 : e3add8d9d51b8f00 x7 : 0000000000000001 x6 : 0000000000000001 [ 115.074367][ T95] x5 : ffff80009b0f7238 x4 : ffff80008f766be0 x3 : ffff8000807bcfac [ 115.076653][ T95] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 115.079048][ T95] Call trace: [ 115.079965][ T95] remove_vm_area+0x268/0x270 (P) [ 115.081430][ T95] vfree+0xac/0x3dc [ 115.082499][ T95] kvfree_rcu_bulk+0xc4/0x228 [ 115.083828][ T95] kfree_rcu_work+0xe0/0x140 [ 115.085191][ T95] process_one_work+0x7e8/0x155c [ 115.086590][ T95] worker_thread+0x958/0xed8 [ 115.087913][ T95] kthread+0x5fc/0x75c [ 115.089056][ T95] ret_from_fork+0x10/0x20 [ 115.090322][ T95] irq event stamp: 1058734 [ 115.091591][ T95] hardirqs last enabled at (1058733): [] __console_unlock+0x70/0xc4 [ 115.094310][ T95] hardirqs last disabled at (1058734): [] el1_brk64+0x1c/0x48 [ 115.096820][ T95] softirqs last enabled at (1054308): [] batadv_nc_purge_paths+0x2f4/0x37c [ 115.099718][ T95] softirqs last disabled at (1054306): [] batadv_nc_purge_paths+0xd0/0x37c [ 115.102605][ T95] ---[ end trace 0000000000000000 ]--- [ 115.109268][ T95] ------------[ cut here ]------------ [ 115.109311][ T95] Trying to vfree() nonexistent vm area (000000005aaa2dd7) [ 115.113764][ T95] WARNING: CPU: 1 PID: 95 at mm/vmalloc.c:3409 vfree+0x32c/0x3dc [ 115.115882][ T95] Modules linked in: [ 115.116992][ T95] CPU: 1 UID: 0 PID: 95 Comm: kworker/u8:4 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 115.120885][ T95] Tainted: [W]=WARN [ 115.121941][ T95] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 115.124745][ T95] Workqueue: kvfree_rcu_reclaim kfree_rcu_work [ 115.126403][ T95] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 115.128662][ T95] pc : vfree+0x32c/0x3dc [ 115.129862][ T95] lr : vfree+0x32c/0x3dc [ 115.131064][ T95] sp : ffff80009b0f7960 [ 115.132229][ T95] x29: ffff80009b0f7970 x28: 1ffff00011ece29b x27: dfff800000000000 [ 115.134482][ T95] x26: ffff0000c4571218 x25: dfff800000000000 x24: 0000000000000001 [ 115.136756][ T95] x23: ffff0000c2b26028 x22: 1fffe000188b63d1 x21: 0000000000000000 [ 115.139111][ T95] x20: ffff8000891ac638 x19: 0000000000000000 x18: 1fffe000337d8876 [ 115.141309][ T95] x17: ffff80008f66e000 x16: ffff80008aefc690 x15: 0000000000000001 [ 115.143492][ T95] x14: 1fffe000337db2f0 x13: 0000000000000000 x12: 0000000000000000 [ 115.145693][ T95] x11: ffff800093163c08 x10: 0000000000000003 x9 : e3add8d9d51b8f00 [ 115.148061][ T95] x8 : e3add8d9d51b8f00 x7 : ffff800080488a2c x6 : 0000000000000000 [ 115.150344][ T95] x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000010 [ 115.152677][ T95] x2 : 0000000000000006 x1 : ffff80008b538ee0 x0 : 0000000000000001 [ 115.154922][ T95] Call trace: [ 115.155837][ T95] vfree+0x32c/0x3dc (P) [ 115.157082][ T95] kvfree_rcu_bulk+0xc4/0x228 [ 115.158420][ T95] kfree_rcu_work+0xe0/0x140 [ 115.159771][ T95] process_one_work+0x7e8/0x155c [ 115.161144][ T95] worker_thread+0x958/0xed8 [ 115.162434][ T95] kthread+0x5fc/0x75c [ 115.163624][ T95] ret_from_fork+0x10/0x20 [ 115.164861][ T95] irq event stamp: 1058876 [ 115.166046][ T95] hardirqs last enabled at (1058875): [] finish_lock_switch+0xb0/0x1c0 [ 115.168789][ T95] hardirqs last disabled at (1058876): [] el1_brk64+0x1c/0x48 [ 115.171297][ T95] softirqs last enabled at (1058848): [] handle_softirqs+0xaf8/0xc88 [ 115.174210][ T95] softirqs last disabled at (1058737): [] __do_softirq+0x14/0x20 [ 115.176766][ T95] ---[ end trace 0000000000000000 ]--- 1970/01/01 00:01:57 executed programs: 228 [ 12 ** replaying previous printk message ** [ 120.011563][ T14] ------------[ cut here ]------------ [ 120.011617][ T14] Trying to vfree() bad address (000000005aaa2dd7) [ 120.011756][ T14] WARNING: CPU: 0 PID: 14 at mm/vmalloc.c:3274 remove_vm_area+0x268/0x270 [ 120.018551][ T14] Modules linked in: [ 120.019616][ T14] CPU: 0 UID: 0 PID: 14 Comm: kworker/u8:1 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 120.023337][ T14] Tainted: [W]=WARN [ 120.024392][ T14] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 120.027240][ T14] Workqueue: kvfree_rcu_reclaim kfree_rcu_monitor [ 120.029063][ T14] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 120.031310][ T14] pc : remove_vm_area+0x268/0x270 [ 120.032706][ T14] lr : remove_vm_area+0x264/0x270 [ 120.034093][ T14] sp : ffff800097aa78e0 [ 120.035209][ T14] x29: ffff800097aa78f0 x28: ffff00019bed34d4 x27: ffff00019bed34c0 [ 120.037449][ T14] x26: ffff00019bed34b0 x25: dfff800000000000 x24: 0000000000000001 [ 120.039662][ T14] x23: ffff0000c2b25028 x22: 1fffe0001833f3d1 x21: 0000000000000000 [ 120.041856][ T14] x20: 0000000000000000 x19: ffff8000891ac638 x18: 1fffe000337d4076 [ 120.044073][ T14] x17: 0000000000000000 x16: ffff80008ae63f48 x15: ffff700011ede144 [ 120.046378][ T14] x14: 1ffff00011ede144 x13: 0000000000000004 x12: ffffffffffffffff [ 120.048652][ T14] x11: ffff700011ede144 x10: 0000000000ff0100 x9 : db7ea06ec0247200 [ 120.050885][ T14] x8 : db7ea06ec0247200 x7 : 0000000000000001 x6 : 0000000000000001 [ 120.053110][ T14] x5 : ffff800097aa7238 x4 : ffff80008f766be0 x3 : ffff80008054d314 [ 120.055328][ T14] x2 : 0000000000000000 x1 : 0000000100000000 x0 : 0000000000000000 [ 120.057548][ T14] Call trace: [ 120.058465][ T14] remove_vm_area+0x268/0x270 (P) [ 120.059905][ T14] vfree+0xac/0x3dc [ 120.060985][ T14] kvfree_rcu_bulk+0xc4/0x228 [ 120.062318][ T14] kfree_rcu_monitor+0x230/0x2b4 [ 120.063738][ T14] process_one_work+0x7e8/0x155c [ 120.065153][ T14] worker_thread+0x958/0xed8 [ 120.066424][ T14] kthread+0x5fc/0x75c [ 120.067588][ T14] ret_from_fork+0x10/0x20 [ 120.068859][ T14] irq event stamp: 935596 [ 120.070014][ T14] hardirqs last enabled at (935595): [] __console_unlock+0x70/0xc4 [ 120.072634][ T14] hardirqs last disabled at (935596): [] el1_brk64+0x1c/0x48 [ 120.075158][ T14] softirqs last enabled at (932474): [] batadv_nc_purge_paths+0x2f4/0x37c [ 120.078026][ T14] softirqs last disabled at (932472): [] batadv_nc_purge_paths+0xd0/0x37c [ 120.080763][ T14] ---[ end trace 0000000000000000 ]--- [ 12 ** replaying previous printk message ** [ 120.084533][ T14] ------------[ cut here ]------------ [ 120.084581][ T14] Trying to vfree() nonexistent vm area (000000005aaa2dd7) [ 120.084701][ T14] WARNING: CPU: 0 PID: 14 at mm/vmalloc.c:3409 vfree+0x32c/0x3dc [ 120.091308][ T14] Modules linked in: [ 120.092378][ T14] CPU: 0 UID: 0 PID: 14 Comm: kworker/u8:1 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 120.096189][ T14] Tainted: [W]=WARN [ 120.097205][ T14] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 120.100030][ T14] Workqueue: kvfree_rcu_reclaim kfree_rcu_monitor [ 120.101778][ T14] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 120.103941][ T14] pc : vfree+0x32c/0x3dc [ 120.105131][ T14] lr : vfree+0x32c/0x3dc [ 120.106331][ T14] sp : ffff800097aa7950 [ 120.107476][ T14] x29: ffff800097aa7960 x28: ffff00019bed34d4 x27: ffff00019bed34c0 [ 120.109780][ T14] x26: ffff00019bed34b0 x25: dfff800000000000 x24: 0000000000000001 [ 120.112008][ T14] x23: ffff0000c2b25028 x22: 1fffe0001833f3d1 x21: 0000000000000000 [ 120.114219][ T14] x20: ffff8000891ac638 x19: 0000000000000000 x18: 1fffe000337d4076 [ 120.116440][ T14] x17: 0000000000000000 x16: ffff80008ae63f48 x15: ffff700011ede144 [ 120.118714][ T14] x14: 1ffff00011ede144 x13: 0000000000000004 x12: ffffffffffffffff [ 120.120985][ T14] x11: ffff700011ede144 x10: 0000000000ff0100 x9 : db7ea06ec0247200 [ 120.123269][ T14] x8 : db7ea06ec0247200 x7 : 0000000000000001 x6 : 0000000000000001 [ 120.125606][ T14] x5 : ffff800097aa7298 x4 : ffff80008f766be0 x3 : ffff80008054d314 [ 120.127847][ T14] x2 : 0000000000000000 x1 : 0000000100000000 x0 : 0000000000000000 [ 120.130100][ T14] Call trace: [ 120.131008][ T14] vfree+0x32c/0x3dc (P) [ 120.132198][ T14] kvfree_rcu_bulk+0xc4/0x228 [ 120.133464][ T14] kfree_rcu_monitor+0x230/0x2b4 [ 120.134844][ T14] process_one_work+0x7e8/0x155c [ 120.136197][ T14] worker_thread+0x958/0xed8 [ 120.137441][ T14] kthread+0x5fc/0x75c [ 120.138630][ T14] ret_from_fork+0x10/0x20 [ 120.139882][ T14] irq event stamp: 935916 [ 120.141103][ T14] hardirqs last enabled at (935915): [] __console_unlock+0x70/0xc4 [ 120.143807][ T14] hardirqs last disabled at (935916): [] el1_brk64+0x1c/0x48 [ 120.146261][ T14] softirqs last enabled at (935892): [] handle_softirqs+0xaf8/0xc88 [ 120.148924][ T14] softirqs last disabled at (935599): [] __do_softirq+0x14/0x20 [ 120.151543][ T14] ---[ end trace 0000000000000000 ]--- [ 120.210423][ T14] ------------[ cut here ]------------ [ 120.210488][ T14] Trying to vfree() bad address (000000005aaa2dd7) [ 120.210629][ T14] WARNING: CPU: 0 PID: 14 at mm/vmalloc.c:3274 remove_vm_area+0x268/0x270 [ 120.216341][ T14] Modules linked in: [ 120.217413][ T14] CPU: 0 UID: 0 PID: 14 Comm: kworker/u8:1 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 120.221260][ T14] Tainted: [W]=WARN [ 120.222278][ T14] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 120.225040][ T14] Workqueue: kvfree_rcu_reclaim kfree_rcu_work [ 120.226732][ T14] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 120.228943][ T14] pc : remove_vm_area+0x268/0x270 [ 120.230402][ T14] lr : remove_vm_area+0x264/0x270 [ 120.232023][ T14] sp : ffff800097aa78f0 [ 120.233151][ T14] x29: ffff800097aa7900 x28: 1ffff00011ece29b x27: dfff800000000000 [ 120.235568][ T14] x26: ffff0000c1a1ec18 x25: dfff800000000000 x24: 0000000000000001 [ 120.237921][ T14] x23: ffff0000c2b26028 x22: 1fffe0001833f3d1 x21: 0000000000000000 [ 120.240273][ T14] x20: 0000000000000000 x19: ffff8000891ac638 x18: 1fffe000337d4076 [ 120.242584][ T14] x17: 0000000000000000 x16: ffff80008ae63f48 x15: ffff700011ede144 [ 120.244882][ T14] x14: 1ffff00011ede144 x13: 0000000000000004 x12: ffffffffffffffff [ 120.247163][ T14] x11: ffff700011ede144 x10: 0000000000ff0100 x9 : db7ea06ec0247200 [ 120.249429][ T14] x8 : db7ea06ec0247200 x7 : 0000000000000001 x6 : 0000000000000001 [ 120.251755][ T14] x5 : ffff800097aa7238 x4 : ffff80008f766be0 x3 : ffff80008054d314 [ 120.254121][ T14] x2 : 0000000000000000 x1 : 0000000100000000 x0 : 0000000000000000 [ 120.256440][ T14] Call trace: [ 120.257404][ T14] remove_vm_area+0x268/0x270 (P) [ 120.258818][ T14] vfree+0xac/0x3dc [ 120.259854][ T14] kvfree_rcu_bulk+0xc4/0x228 [ 120.261209][ T14] kfree_rcu_work+0xe0/0x140 [ 120.262528][ T14] process_one_work+0x7e8/0x155c [ 120.264010][ T14] worker_thread+0x958/0xed8 [ 120.265268][ T14] kthread+0x5fc/0x75c [ 120.266412][ T14] ret_from_fork+0x10/0x20 [ 120.267634][ T14] irq event stamp: 938384 [ 120.268812][ T14] hardirqs last enabled at (938383): [] __console_unlock+0x70/0xc4 [ 120.271508][ T14] hardirqs last disabled at (938384): [] el1_brk64+0x1c/0x48 [ 120.274062][ T14] softirqs last enabled at (938314): [] batadv_nc_purge_paths+0x2f4/0x37c [ 120.277072][ T14] softirqs last disabled at (938312): [] batadv_nc_purge_paths+0xd0/0x37c [ 120.279906][ T14] ---[ end trace 0000000000000000 ]--- [ 1 ** replaying previous printk message ** [ 120.282906][ T14] ------------[ cut here ]------------ [ 120.282953][ T14] Trying to vfree() nonexistent vm area (000000005aaa2dd7) [ 120.283073][ T14] WARNING: CPU: 0 PID: 14 at mm/vmalloc.c:3409 vfree+0x32c/0x3dc [ 120.289775][ T14] Modules linked in: [ 120.290898][ T14] CPU: 0 UID: 0 PID: 14 Comm: kworker/u8:1 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 120.294699][ T14] Tainted: [W]=WARN [ 120.295848][ T14] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 120.298781][ T14] Workqueue: kvfree_rcu_reclaim kfree_rcu_work [ 120.300576][ T14] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 120.302718][ T14] pc : vfree+0x32c/0x3dc [ 120.303946][ T14] lr : vfree+0x32c/0x3dc [ 120.305073][ T14] sp : ffff800097aa7960 [ 120.306260][ T14] x29: ffff800097aa7970 x28: 1ffff00011ece29b x27: dfff800000000000 [ 120.308652][ T14] x26: ffff0000c1a1ec18 x25: dfff800000000000 x24: 0000000000000001 [ 120.311025][ T14] x23: ffff0000c2b26028 x22: 1fffe0001833f3d1 x21: 0000000000000000 [ 120.313377][ T14] x20: ffff8000891ac638 x19: 0000000000000000 x18: 1fffe000337d4076 [ 120.315633][ T14] x17: 0000000000000000 x16: ffff80008ae63f48 x15: ffff700011ede144 [ 120.317811][ T14] x14: 1ffff00011ede144 x13: 0000000000000004 x12: ffffffffffffffff [ 120.320161][ T14] x11: ffff700011ede144 x10: 0000000000ff0100 x9 : db7ea06ec0247200 [ 120.322561][ T14] x8 : db7ea06ec0247200 x7 : 0000000000000001 x6 : 0000000000000001 [ 120.324943][ T14] x5 : ffff800097aa72b8 x4 : ffff80008f766be0 x3 : ffff80008054d314 [ 120.327197][ T14] x2 : 0000000000000000 x1 : 0000000100000000 x0 : 0000000000000000 [ 120.329447][ T14] Call trace: [ 120.330319][ T14] vfree+0x32c/0x3dc (P) [ 120.331521][ T14] kvfree_rcu_bulk+0xc4/0x228 [ 120.332859][ T14] kfree_rcu_work+0xe0/0x140 [ 120.334176][ T14] process_one_work+0x7e8/0x155c [ 120.335526][ T14] worker_thread+0x958/0xed8 [ 120.336845][ T14] kthread+0x5fc/0x75c [ 120.337921][ T14] ret_from_fork+0x10/0x20 [ 120.339220][ T14] irq event stamp: 938562 [ 120.340419][ T14] hardirqs last enabled at (938561): [] __console_unlock+0x70/0xc4 [ 120.343080][ T14] hardirqs last disabled at (938562): [] el1_brk64+0x1c/0x48 [ 120.345618][ T14] softirqs last enabled at (938538): [] handle_softirqs+0xaf8/0xc88 [ 120.348344][ T14] softirqs last disabled at (938387): [] __do_softirq+0x14/0x20 [ 120.350931][ T14] ---[ end trace 0000000000000000 ]--- 1970/01/01 00:02:02 executed programs: 510