[ 143.388053][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[ 143.392325][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
qemu-system-x86_64: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0xe9000)
[ 150.100560][ T1009] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1
[ 150.103699][ T1009] ata1: failed to read log page 10h (errno=-5)
[ 150.106543][ T1009] ata1.00: exception Emask 0x1 SAct 0x40000001 SErr 0x0 action 0x0
[ 150.122140][ T1009] ata1.00: irq_stat 0x41000000
[ 150.125322][ T1009] ata1.00: failed command: WRITE FPDMA QUEUED
[ 150.128537][ T1009] ata1.00: cmd 61/68:00:9e:a7:04/06:00:00:00:00/40 tag 0 ncq dma 839680 out
[ 150.128537][ T1009] res 50/00:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[ 150.160525][ T1009] ata1.00: status: { DRDY }
[ 150.162881][ T1009] ata1.00: failed command: WRITE FPDMA QUEUED
[ 150.165837][ T1009] ata1.00: cmd 61/48:f0:56:a0:04/07:00:00:00:00/40 tag 30 ncq dma 954368 out
[ 150.165837][ T1009] res 50/00:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[ 150.199825][ T1009] ata1.00: status: { DRDY }
[ 150.210520][ T1009] ata1.00: configured for UDMA/100
[ 150.214148][ T1009] ata1: EH complete
Warning: Permanently added '[localhost]:44197' (ED25519) to the list of known hosts.
2026/03/12 02:43:24 parsed 1 programs
Setting up swapspace version 1, size = 127995904 bytes
[ 159.369334][ T5615] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 167.424683][ T5445] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 167.445914][ T5445] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 167.452163][ T5445] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 167.456723][ T5445] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 167.462846][ T5445] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 168.200502][ T1039] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 168.204756][ T1039] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 168.272227][ T1046] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 168.276997][ T1046] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 170.587126][ T5690] chnl_net:caif_netlink_parms(): no params data found
[ 170.812432][ T5690] bridge0: port 1(bridge_slave_0) entered blocking state
[ 170.816154][ T5690] bridge0: port 1(bridge_slave_0) entered disabled state
[ 170.830676][ T5690] bridge_slave_0: entered allmulticast mode
[ 170.840001][ T5690] bridge_slave_0: entered promiscuous mode
[ 170.851654][ T5690] bridge0: port 2(bridge_slave_1) entered blocking state
[ 170.855364][ T5690] bridge0: port 2(bridge_slave_1) entered disabled state
[ 170.859184][ T5690] bridge_slave_1: entered allmulticast mode
[ 170.871857][ T5690] bridge_slave_1: entered promiscuous mode
[ 170.920234][ T5690] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 170.929049][ T5690] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 170.963429][ T5690] team0: Port device team_slave_0 added
[ 170.970560][ T5690] team0: Port device team_slave_1 added
[ 170.995639][ T5690] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 171.000199][ T5690] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 171.018595][ T5690] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 171.028242][ T5690] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 171.033309][ T5690] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 171.047710][ T5690] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 171.096789][ T5690] hsr_slave_0: entered promiscuous mode
[ 171.101704][ T5690] hsr_slave_1: entered promiscuous mode
[ 171.691697][ T5690] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 171.711764][ T5690] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 171.718884][ T5690] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 171.734473][ T5690] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 171.903722][ T5690] 8021q: adding VLAN 0 to HW filter on device bond0
[ 171.950507][ T5690] 8021q: adding VLAN 0 to HW filter on device team0
[ 171.982257][ T1046] bridge0: port 1(bridge_slave_0) entered blocking state
[ 171.987131][ T1046] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 172.017141][ T1046] bridge0: port 2(bridge_slave_1) entered blocking state
[ 172.021665][ T1046] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 172.116056][ T5690] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 172.456247][ T5690] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 172.558363][ T5690] veth0_vlan: entered promiscuous mode
[ 172.586132][ T5690] veth1_vlan: entered promiscuous mode
[ 172.646353][ T5690] veth0_macvtap: entered promiscuous mode
[ 172.668235][ T5690] veth1_macvtap: entered promiscuous mode
[ 172.708146][ T5690] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 172.728398][ T5690] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 172.766403][ T1046] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 172.780959][ T1046] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 172.785255][ T1046] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 172.789348][ T1046] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 173.094171][ T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 173.181918][ T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 174.023399][ T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/03/12 02:43:44 executed programs: 0
[ 174.417117][ T4669] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 174.425324][ T4669] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 174.430533][ T4669] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 174.435115][ T4669] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 174.437876][ T4669] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 174.839728][ T5752] chnl_net:caif_netlink_parms(): no params data found
[ 174.942525][ T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 175.044976][ T5752] bridge0: port 1(bridge_slave_0) entered blocking state
[ 175.063091][ T5752] bridge0: port 1(bridge_slave_0) entered disabled state
[ 175.066869][ T5752] bridge_slave_0: entered allmulticast mode
[ 175.081161][ T5752] bridge_slave_0: entered promiscuous mode
[ 175.086407][ T5752] bridge0: port 2(bridge_slave_1) entered blocking state
[ 175.099979][ T5752] bridge0: port 2(bridge_slave_1) entered disabled state
[ 175.104469][ T5752] bridge_slave_1: entered allmulticast mode
[ 175.116875][ T5752] bridge_slave_1: entered promiscuous mode
[ 175.191206][ T5752] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 175.222730][ T5752] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 175.266428][ T5752] team0: Port device team_slave_0 added
[ 175.293545][ T5752] team0: Port device team_slave_1 added
[ 175.363110][ T5752] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 175.367101][ T5752] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 175.405020][ T5752] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 175.455229][ T5752] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 175.470557][ T5752] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 175.510199][ T5752] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 175.672834][ T13] bridge_slave_1: left allmulticast mode
[ 175.675653][ T13] bridge_slave_1: left promiscuous mode
[ 175.678677][ T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 175.695753][ T13] bridge_slave_0: left allmulticast mode
[ 175.708219][ T13] bridge_slave_0: left promiscuous mode
[ 175.720754][ T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 175.974145][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 176.000239][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 176.011517][ T13] bond0 (unregistering): Released all slaves
[ 176.035010][ T5752] hsr_slave_0: entered promiscuous mode
[ 176.051209][ T5752] hsr_slave_1: entered promiscuous mode
[ 176.070019][ T5752] debugfs: 'hsr0' already exists in 'hsr'
[ 176.072877][ T5752] Cannot create hsr debugfs directory
[ 176.094488][ T13] hsr_slave_0: left promiscuous mode
[ 176.118748][ T13] hsr_slave_1: left promiscuous mode
[ 176.134252][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 176.138295][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 176.164510][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 176.170405][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 176.191937][ T13] veth1_macvtap: left promiscuous mode
[ 176.195061][ T13] veth0_macvtap: left promiscuous mode
[ 176.198532][ T13] veth1_vlan: left promiscuous mode
[ 176.216357][ T13] veth0_vlan: left promiscuous mode
[ 176.503155][ T4669] Bluetooth: hci0: command tx timeout
[ 176.584562][ T13] team0 (unregistering): Port device team_slave_1 removed
[ 176.600778][ T13] team0 (unregistering): Port device team_slave_0 removed
[ 177.557614][ T5752] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 177.578626][ T5752] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 177.607528][ T5752] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 177.623505][ T5752] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 177.788576][ T5752] 8021q: adding VLAN 0 to HW filter on device bond0
[ 177.813907][ T5752] 8021q: adding VLAN 0 to HW filter on device team0
[ 177.824569][ T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 177.828855][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 177.854633][ T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 177.860014][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 177.895059][ T5752] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 178.064785][ T5752] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 178.103414][ T5752] veth0_vlan: entered promiscuous mode
[ 178.116718][ T5752] veth1_vlan: entered promiscuous mode
[ 178.145471][ T5752] veth0_macvtap: entered promiscuous mode
[ 178.154535][ T5752] veth1_macvtap: entered promiscuous mode
[ 178.173569][ T5752] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 178.190815][ T5752] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 178.203177][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 178.207469][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 178.220972][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 178.225377][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 178.321342][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 178.325759][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 178.373466][ T1039] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 178.377277][ T1039] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 178.582852][ T4669] Bluetooth: hci0: command tx timeout
[ 179.500192][ T1105] ==================================================================
[ 179.504357][ T1105] BUG: KASAN: slab-use-after-free in sock_def_readable+0x1cb/0x580
[ 179.509239][ T1105] Read of size 8 at addr ffff88804a44dd40 by task kworker/0:3/1105
[ 179.514447][ T1105]
[ 179.515927][ T1105] CPU: 0 UID: 0 PID: 1105 Comm: kworker/0:3 Not tainted syzkaller #0 PREEMPT(full)
[ 179.515975][ T1105] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 179.515984][ T1105] Workqueue: mld mld_ifc_work
[ 179.516017][ T1105] Call Trace:
[ 179.516054][ T1105]
[ 179.516092][ T1105] dump_stack_lvl+0xe8/0x150
[ 179.516111][ T1105] print_report+0xba/0x230
[ 179.516126][ T1105] ? sock_def_readable+0x1cb/0x580
[ 179.516139][ T1105] kasan_report+0x117/0x150
[ 179.516153][ T1105] ? lock_acquire+0xf0/0x2e0
[ 179.516167][ T1105] ? sock_def_readable+0x1cb/0x580
[ 179.516179][ T1105] sock_def_readable+0x1cb/0x580
[ 179.516188][ T1105] ? sock_def_readable+0xae/0x580
[ 179.516200][ T1105] send_to_lecd+0x322/0x600
[ 179.516215][ T1105] ? make_entry+0x200/0x2f0
[ 179.516229][ T1105] lec_start_xmit+0xec0/0x2660
[ 179.516245][ T1105] dev_hard_start_xmit+0x2d8/0x870
[ 179.516264][ T1105] sch_direct_xmit+0x251/0x4c0
[ 179.516276][ T1105] ? __pfx_sch_direct_xmit+0x10/0x10
[ 179.516288][ T1105] __dev_queue_xmit+0x1550/0x3890
[ 179.516336][ T1105] ? __lock_acquire+0x6b5/0x2cf0
[ 179.516351][ T1105] ? __dev_queue_xmit+0x277/0x3890
[ 179.516366][ T1105] ? ___neigh_create+0x1c5f/0x2280
[ 179.516378][ T1105] ? lockdep_hardirqs_on+0x7a/0x110
[ 179.516392][ T1105] ? __pfx___dev_queue_xmit+0x10/0x10
[ 179.516402][ T1105] ? neigh_resolve_output+0x438/0x750
[ 179.516409][ T1105] ? eth_header+0x11b/0x200
[ 179.516420][ T1105] ? __asan_memcpy+0x40/0x70
[ 179.516430][ T1105] ? eth_header+0x11b/0x200
[ 179.516443][ T1105] ? __pfx_eth_header+0x10/0x10
[ 179.516453][ T1105] ? neigh_resolve_output+0x624/0x750
[ 179.516468][ T1105] ip6_finish_output+0x2e5/0x740
[ 179.516483][ T1105] ? ip6_output+0x126/0x550
[ 179.516494][ T1105] ip6_output+0x340/0x550
[ 179.516506][ T1105] ? __pfx_ip6_output+0x10/0x10
[ 179.516517][ T1105] NF_HOOK+0x177/0x4f0
[ 179.516538][ T1105] ? __pfx_NF_HOOK+0x10/0x10
[ 179.516550][ T1105] ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[ 179.516563][ T1105] ? __local_bh_enable_ip+0xd0/0x130
[ 179.516578][ T1105] ? lockdep_hardirqs_on+0x7a/0x110
[ 179.516591][ T1105] ? __local_bh_enable_ip+0xd0/0x130
[ 179.516602][ T1105] ? icmp6_dst_alloc+0x3a6/0x440
[ 179.516617][ T1105] mld_sendpack+0x8b4/0xe40
[ 179.516631][ T1105] ? look_up_lock_class+0x57/0x110
[ 179.516648][ T1105] ? mld_sendpack+0x213/0xe40
[ 179.516661][ T1105] ? __pfx_mld_sendpack+0x10/0x10
[ 179.516676][ T1105] mld_ifc_work+0x835/0xe70
[ 179.516689][ T1105] ? process_scheduled_works+0xa25/0x1830
[ 179.516703][ T1105] process_scheduled_works+0xb02/0x1830
[ 179.516723][ T1105] ? __pfx_process_scheduled_works+0x10/0x10
[ 179.516737][ T1105] ? assign_work+0x3d5/0x5e0
[ 179.516750][ T1105] worker_thread+0xa50/0xfc0
[ 179.516766][ T1105] kthread+0x388/0x470
[ 179.516775][ T1105] ? __pfx_worker_thread+0x10/0x10
[ 179.516786][ T1105] ? __pfx_kthread+0x10/0x10
[ 179.516794][ T1105] ret_from_fork+0x51e/0xb90
[ 179.516808][ T1105] ? __pfx_ret_from_fork+0x10/0x10
[ 179.516820][ T1105] ? __switch_to+0xc7d/0x1450
[ 179.516833][ T1105] ? __pfx_kthread+0x10/0x10
[ 179.516843][ T1105] ret_from_fork_asm+0x1a/0x30
[ 179.516861][ T1105]
[ 179.516867][ T1105]
[ 179.673807][ T1105] Allocated by task 5809:
[ 179.675862][ T1105] kasan_save_track+0x3e/0x80
[ 179.678483][ T1105] __kasan_slab_alloc+0x6c/0x80
[ 179.681089][ T1105] kmem_cache_alloc_lru_noprof+0x2b8/0x640
[ 179.683893][ T1105] sock_alloc_inode+0x28/0xc0
[ 179.686269][ T1105] alloc_inode+0x6a/0x1b0
[ 179.688732][ T1105] __sock_create+0x12d/0x9d0
[ 179.691104][ T1105] __sys_socket+0xd6/0x1b0
[ 179.693231][ T1105] __x64_sys_socket+0x7a/0x90
[ 179.695514][ T1105] do_syscall_64+0x14d/0xf80
[ 179.697773][ T1105] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 179.700646][ T1105]
[ 179.701814][ T1105] Freed by task 5818:
[ 179.703758][ T1105] kasan_save_track+0x3e/0x80
[ 179.706324][ T1105] kasan_save_free_info+0x46/0x50
[ 179.709273][ T1105] __kasan_slab_free+0x5c/0x80
[ 179.712001][ T1105] kmem_cache_free+0x187/0x630
[ 179.714121][ T1105] rcu_core+0x7cd/0x1070
[ 179.716014][ T1105] handle_softirqs+0x22a/0x870
[ 179.718301][ T1105] __irq_exit_rcu+0x5f/0x150
[ 179.720550][ T1105] irq_exit_rcu+0x9/0x30
[ 179.722771][ T1105] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 179.726317][ T1105] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 179.729113][ T1105]
[ 179.731074][ T1105] Last potentially related work creation:
[ 179.733738][ T1105] kasan_save_stack+0x3e/0x60
[ 179.735768][ T1105] kasan_record_aux_stack+0xbd/0xd0
[ 179.738215][ T1105] call_rcu+0xee/0x890
[ 179.739956][ T1105] evict+0x95b/0xb10
[ 179.741601][ T1105] __dentry_kill+0x1a2/0x5e0
[ 179.743531][ T1105] finish_dput+0xc9/0x480
[ 179.745531][ T1105] __fput+0x691/0xa70
[ 179.747447][ T1105] task_work_run+0x1d9/0x270
[ 179.750170][ T1105] exit_to_user_mode_loop+0xed/0x480
[ 179.753655][ T1105] do_syscall_64+0x32d/0xf80
[ 179.756170][ T1105] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 179.759541][ T1105]
[ 179.760756][ T1105] The buggy address belongs to the object at ffff88804a44dcc0
[ 179.760756][ T1105] which belongs to the cache sock_inode_cache of size 1344
[ 179.768235][ T1105] The buggy address is located 128 bytes inside of
[ 179.768235][ T1105] freed 1344-byte region [ffff88804a44dcc0, ffff88804a44e200)
[ 179.775876][ T1105]
[ 179.777123][ T1105] The buggy address belongs to the physical page:
[ 179.780007][ T1105] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4a44c
[ 179.784237][ T1105] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 179.788391][ T1105] memcg:ffff88804a44ff41
[ 179.790438][ T1105] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[ 179.794000][ T1105] page_type: f5(slab)
[ 179.795893][ T1105] raw: 04fff00000000040 ffff888030465500 dead000000000122 0000000000000000
[ 179.799788][ T1105] raw: 0000000000000000 00000008000b000b 00000000f5000000 ffff88804a44ff41
[ 179.803594][ T1105] head: 04fff00000000040 ffff888030465500 dead000000000122 0000000000000000
[ 179.807632][ T1105] head: 0000000000000000 00000008000b000b 00000000f5000000 ffff88804a44ff41
[ 179.811254][ T1105] head: 04fff00000000002 ffffea0001291301 00000000ffffffff 00000000ffffffff
[ 179.815513][ T1105] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[ 179.819956][ T1105] page dumped because: kasan: bad access detected
[ 179.822953][ T1105] page_owner tracks the page as allocated
[ 179.825686][ T1105] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5752, tgid 5752 (syz-executor), ts 178422438569, free_ts 113142646262
[ 179.836364][ T1105] post_alloc_hook+0x231/0x280
[ 179.838688][ T1105] get_page_from_freelist+0x24dc/0x2580
[ 179.841491][ T1105] __alloc_frozen_pages_noprof+0x18d/0x380
[ 179.844530][ T1105] allocate_slab+0x77/0x660
[ 179.846629][ T1105] refill_objects+0x331/0x3c0
[ 179.848936][ T1105] __pcs_replace_empty_main+0x2f9/0x5e0
[ 179.851296][ T1105] kmem_cache_alloc_lru_noprof+0x37c/0x640
[ 179.853945][ T1105] sock_alloc_inode+0x28/0xc0
[ 179.856181][ T1105] alloc_inode+0x6a/0x1b0
[ 179.858292][ T1105] __sock_create+0x12d/0x9d0
[ 179.860575][ T1105] __sys_socket+0xd6/0x1b0
[ 179.862952][ T1105] __x64_sys_socket+0x7a/0x90
[ 179.865649][ T1105] do_syscall_64+0x14d/0xf80
[ 179.868354][ T1105] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 179.871308][ T1105] page last free pid 4707 tgid 4707 stack trace:
[ 179.874261][ T1105] __free_frozen_pages+0xc2b/0xdb0
[ 179.876462][ T1105] __slab_free+0x263/0x2b0
[ 179.878465][ T1105] qlist_free_all+0x97/0x100
[ 179.880426][ T1105] kasan_quarantine_reduce+0x148/0x160
[ 179.882652][ T1105] __kasan_slab_alloc+0x22/0x80
[ 179.884694][ T1105] kmem_cache_alloc_node_noprof+0x384/0x690
[ 179.887262][ T1105] __alloc_skb+0x1d0/0x7d0
[ 179.889365][ T1105] alloc_skb_with_frags+0xca/0x890
[ 179.891578][ T1105] sock_alloc_send_pskb+0x878/0x990
[ 179.894399][ T1105] unix_dgram_sendmsg+0x4fb/0x18d0
[ 179.897092][ T1105] __sys_sendto+0x672/0x710
[ 179.899722][ T1105] __x64_sys_sendto+0xde/0x100
[ 179.902481][ T1105] do_syscall_64+0x14d/0xf80
[ 179.904470][ T1105] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 179.907133][ T1105]
[ 179.908422][ T1105] Memory state around the buggy address:
[ 179.911113][ T1105] ffff88804a44dc00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 179.915501][ T1105] ffff88804a44dc80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 179.922315][ T1105] >ffff88804a44dd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 179.926491][ T1105] ^
[ 179.930305][ T1105] ffff88804a44dd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 179.935721][ T1105] ffff88804a44de00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 179.941511][ T1105] ==================================================================
[ 179.946293][ T1105] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 179.951983][ T1105] CPU: 0 UID: 0 PID: 1105 Comm: kworker/0:3 Not tainted syzkaller #0 PREEMPT(full)
[ 179.960427][ T1105] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 179.967237][ T1105] Workqueue: mld mld_ifc_work
[ 179.971866][ T1105] Call Trace:
[ 179.974590][ T1105]
[ 179.976559][ T1105] vpanic+0x56c/0xa60
[ 179.979114][ T1105] ? __pfx_vpanic+0x10/0x10
[ 179.982752][ T1105] panic+0xc5/0xd0
[ 179.985790][ T1105] ? __pfx_panic+0x10/0x10
[ 179.990110][ T1105] ? sock_def_readable+0x1cb/0x580
[ 179.994813][ T1105] ? sock_def_readable+0x1cb/0x580
[ 179.999055][ T1105] ? sock_def_readable+0x1cb/0x580
[ 180.002835][ T1105] check_panic_on_warn+0x89/0xb0
[ 180.006186][ T1105] ? sock_def_readable+0x1cb/0x580
[ 180.010589][ T1105] end_report+0x73/0x180
[ 180.014723][ T1105] ? sock_def_readable+0x1cb/0x580
[ 180.018780][ T1105] kasan_report+0x128/0x150
[ 180.022391][ T1105] ? lock_acquire+0xf0/0x2e0
[ 180.026303][ T1105] ? sock_def_readable+0x1cb/0x580
[ 180.031739][ T1105] sock_def_readable+0x1cb/0x580
[ 180.035545][ T1105] ? sock_def_readable+0xae/0x580
[ 180.039166][ T1105] send_to_lecd+0x322/0x600
[ 180.042967][ T1105] ? make_entry+0x200/0x2f0
[ 180.047190][ T1105] lec_start_xmit+0xec0/0x2660
[ 180.051310][ T1105] dev_hard_start_xmit+0x2d8/0x870
[ 180.055224][ T1105] sch_direct_xmit+0x251/0x4c0
[ 180.059493][ T1105] ? __pfx_sch_direct_xmit+0x10/0x10
[ 180.064159][ T1105] __dev_queue_xmit+0x1550/0x3890
[ 180.068633][ T1105] ? __lock_acquire+0x6b5/0x2cf0
[ 180.073482][ T1105] ? __dev_queue_xmit+0x277/0x3890
[ 180.078600][ T1105] ? ___neigh_create+0x1c5f/0x2280
[ 180.082268][ T1105] ? lockdep_hardirqs_on+0x7a/0x110
[ 180.085595][ T1105] ? __pfx___dev_queue_xmit+0x10/0x10
[ 180.089086][ T1105] ? neigh_resolve_output+0x438/0x750
[ 180.091598][ T1105] ? eth_header+0x11b/0x200
[ 180.095081][ T1105] ? __asan_memcpy+0x40/0x70
[ 180.097606][ T1105] ? eth_header+0x11b/0x200
[ 180.100068][ T1105] ? __pfx_eth_header+0x10/0x10
[ 180.102485][ T1105] ? neigh_resolve_output+0x624/0x750
[ 180.105148][ T1105] ip6_finish_output+0x2e5/0x740
[ 180.107478][ T1105] ? ip6_output+0x126/0x550
[ 180.110285][ T1105] ip6_output+0x340/0x550
[ 180.112770][ T1105] ? __pfx_ip6_output+0x10/0x10
[ 180.115511][ T1105] NF_HOOK+0x177/0x4f0
[ 180.117681][ T1105] ? __pfx_NF_HOOK+0x10/0x10
[ 180.119830][ T1105] ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[ 180.122561][ T1105] ? __local_bh_enable_ip+0xd0/0x130
[ 180.125121][ T1105] ? lockdep_hardirqs_on+0x7a/0x110
[ 180.128614][ T1105] ? __local_bh_enable_ip+0xd0/0x130
[ 180.131870][ T1105] ? icmp6_dst_alloc+0x3a6/0x440
[ 180.134016][ T1105] mld_sendpack+0x8b4/0xe40
[ 180.135913][ T1105] ? look_up_lock_class+0x57/0x110
[ 180.138402][ T1105] ? mld_sendpack+0x213/0xe40
[ 180.140527][ T1105] ? __pfx_mld_sendpack+0x10/0x10
[ 180.142570][ T1105] mld_ifc_work+0x835/0xe70
[ 180.144443][ T1105] ? process_scheduled_works+0xa25/0x1830
[ 180.147144][ T1105] process_scheduled_works+0xb02/0x1830
[ 180.150309][ T1105] ? __pfx_process_scheduled_works+0x10/0x10
[ 180.153515][ T1105] ? assign_work+0x3d5/0x5e0
[ 180.155601][ T1105] worker_thread+0xa50/0xfc0
[ 180.157638][ T1105] kthread+0x388/0x470
[ 180.159447][ T1105] ? __pfx_worker_thread+0x10/0x10
[ 180.161603][ T1105] ? __pfx_kthread+0x10/0x10
[ 180.163623][ T1105] ret_from_fork+0x51e/0xb90
[ 180.166046][ T1105] ? __pfx_ret_from_fork+0x10/0x10
[ 180.169168][ T1105] ? __switch_to+0xc7d/0x1450
[ 180.171457][ T1105] ? __pfx_kthread+0x10/0x10
[ 180.174277][ T1105] ret_from_fork_asm+0x1a/0x30
[ 180.176607][ T1105]
[ 180.178668][ T1105] Kernel Offset: disabled
[ 180.181440][ T1105] Rebooting in 86400 seconds..