[ 62.310609][ T5035] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 62.317990][ T5035] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 62.333580][ T5035] veth1_macvtap: left promiscuous mode
[ 62.339243][ T5035] veth0_macvtap: left promiscuous mode
[ 62.345265][ T5035] veth1_vlan: left promiscuous mode
[ 62.350600][ T5035] veth0_vlan: left promiscuous mode
[ 62.584094][ T5035] team0 (unregistering): Port device team_slave_1 removed
[ 62.603614][ T5035] team0 (unregistering): Port device team_slave_0 removed
[ 71.000225][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.007930][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[ 76.090627][ T968] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.1.152' (ED25519) to the list of known hosts.
2025/03/27 21:17:01 ignoring optional flag "sandboxArg"="0"
2025/03/27 21:17:02 parsed 1 programs
[ 81.711644][ T29] kauditd_printk_skb: 7 callbacks suppressed
[ 81.711658][ T29] audit: type=1400 audit(1743110223.972:140): avc: denied { unlink } for pid=6289 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 82.768273][ T6289] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 84.651486][ T6306] chnl_net:caif_netlink_parms(): no params data found
[ 84.684092][ T6306] bridge0: port 1(bridge_slave_0) entered blocking state
[ 84.691322][ T6306] bridge0: port 1(bridge_slave_0) entered disabled state
[ 84.698360][ T6306] bridge_slave_0: entered allmulticast mode
[ 84.704882][ T6306] bridge_slave_0: entered promiscuous mode
[ 84.712374][ T6306] bridge0: port 2(bridge_slave_1) entered blocking state
[ 84.719516][ T6306] bridge0: port 2(bridge_slave_1) entered disabled state
[ 84.726566][ T6306] bridge_slave_1: entered allmulticast mode
[ 84.733850][ T6306] bridge_slave_1: entered promiscuous mode
[ 84.750302][ T6306] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 84.761071][ T6306] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 84.781386][ T6306] team0: Port device team_slave_0 added
[ 84.787873][ T6306] team0: Port device team_slave_1 added
[ 84.801449][ T6306] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 84.808374][ T6306] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 84.834630][ T6306] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 84.845977][ T6306] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 84.852940][ T6306] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 84.878866][ T6306] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 84.901065][ T6306] hsr_slave_0: entered promiscuous mode
[ 84.906953][ T6306] hsr_slave_1: entered promiscuous mode
[ 85.240100][ T6306] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 85.252633][ T6306] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 85.262757][ T6306] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 85.272375][ T6306] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 85.295996][ T6306] bridge0: port 2(bridge_slave_1) entered blocking state
[ 85.303139][ T6306] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 85.310516][ T6306] bridge0: port 1(bridge_slave_0) entered blocking state
[ 85.317918][ T6306] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 85.364137][ T6306] 8021q: adding VLAN 0 to HW filter on device bond0
[ 85.377631][ T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 85.386872][ T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 85.403136][ T6306] 8021q: adding VLAN 0 to HW filter on device team0
[ 85.415117][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 85.422224][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 85.453499][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 85.460597][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 85.576182][ T6306] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 85.612887][ T6306] veth0_vlan: entered promiscuous mode
[ 85.623290][ T6306] veth1_vlan: entered promiscuous mode
[ 85.645205][ T6306] veth0_macvtap: entered promiscuous mode
[ 85.653628][ T6306] veth1_macvtap: entered promiscuous mode
[ 85.667926][ T6306] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 85.681497][ T6306] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 85.702576][ T6306] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 85.711740][ T6306] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 85.721790][ T6306] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 85.731135][ T6306] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 85.886390][ T5133] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 85.896236][ T5133] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 85.905102][ T5133] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 85.913915][ T5133] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 85.922260][ T5133] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 85.930200][ T5133] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 85.942210][ T5035] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 86.005510][ T5035] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 86.141952][ T5035] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 86.204821][ T5035] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 86.942521][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 86.952568][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 86.983793][ T3514] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 86.992156][ T3514] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 88.113309][ T29] audit: type=1401 audit(1743110230.372:141): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
2025/03/27 21:17:11 executed programs: 0
[ 89.016225][ T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 89.024638][ T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 89.034095][ T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 89.041841][ T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 89.041974][ T5035] bridge_slave_1: left allmulticast mode
[ 89.049065][ T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 89.061962][ T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 89.068242][ T5035] bridge_slave_1: left promiscuous mode
[ 89.078351][ T5035] bridge0: port 2(bridge_slave_1) entered disabled state
[ 89.089273][ T5035] bridge_slave_0: left allmulticast mode
[ 89.095739][ T5035] bridge_slave_0: left promiscuous mode
[ 89.101443][ T5035] bridge0: port 1(bridge_slave_0) entered disabled state
[ 89.311051][ T5035] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 89.321916][ T5035] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 89.332011][ T5035] bond0 (unregistering): Released all slaves
[ 89.427529][ T5035] hsr_slave_0: left promiscuous mode
[ 89.448412][ T5035] hsr_slave_1: left promiscuous mode
[ 89.455126][ T5035] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 89.463563][ T5035] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 89.472509][ T5035] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 89.480931][ T5035] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 89.495833][ T5035] veth1_macvtap: left promiscuous mode
[ 89.502370][ T5035] veth0_macvtap: left promiscuous mode
[ 89.507926][ T5035] veth1_vlan: left promiscuous mode
[ 89.513697][ T5035] veth0_vlan: left promiscuous mode
[ 89.779600][ T5035] team0 (unregistering): Port device team_slave_1 removed
[ 89.814285][ T5035] team0 (unregistering): Port device team_slave_0 removed
[ 90.051999][ T6595] chnl_net:caif_netlink_parms(): no params data found
[ 90.125646][ T6595] bridge0: port 1(bridge_slave_0) entered blocking state
[ 90.135292][ T6595] bridge0: port 1(bridge_slave_0) entered disabled state
[ 90.142743][ T6595] bridge_slave_0: entered allmulticast mode
[ 90.151495][ T6595] bridge_slave_0: entered promiscuous mode
[ 90.162484][ T6595] bridge0: port 2(bridge_slave_1) entered blocking state
[ 90.173341][ T6595] bridge0: port 2(bridge_slave_1) entered disabled state
[ 90.182850][ T6595] bridge_slave_1: entered allmulticast mode
[ 90.189867][ T6595] bridge_slave_1: entered promiscuous mode
[ 90.213677][ T6595] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 90.224524][ T6595] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 90.259383][ T6595] team0: Port device team_slave_0 added
[ 90.266910][ T6595] team0: Port device team_slave_1 added
[ 90.300374][ T6595] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 90.307342][ T6595] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 90.334918][ T6595] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 90.359847][ T6595] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 90.366783][ T6595] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 90.393971][ T6595] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 90.436928][ T6595] hsr_slave_0: entered promiscuous mode
[ 90.444648][ T6595] hsr_slave_1: entered promiscuous mode
[ 91.093097][ T6595] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 91.129638][ T5133] Bluetooth: hci0: command tx timeout
[ 91.146995][ T6595] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 91.163005][ T6595] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 91.172700][ T6595] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 91.241773][ T6595] 8021q: adding VLAN 0 to HW filter on device bond0
[ 91.263602][ T6595] 8021q: adding VLAN 0 to HW filter on device team0
[ 91.284436][ T35] bridge0: port 1(bridge_slave_0) entered blocking state
[ 91.291537][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 91.309374][ T35] bridge0: port 2(bridge_slave_1) entered blocking state
[ 91.316477][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 91.495571][ T6595] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 91.527149][ T6595] veth0_vlan: entered promiscuous mode
[ 91.536844][ T6595] veth1_vlan: entered promiscuous mode
[ 91.559351][ T6595] veth0_macvtap: entered promiscuous mode
[ 91.570886][ T6595] veth1_macvtap: entered promiscuous mode
[ 91.587423][ T6595] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 91.601130][ T6595] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 91.611839][ T6595] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 91.622397][ T6595] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 91.631610][ T6595] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 91.640911][ T6595] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 91.688858][ T3514] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 91.704997][ T3514] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 91.725224][ T3418] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 91.734125][ T3418] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 91.802494][ T29] audit: type=1400 audit(1743110234.062:142): avc: denied { mounton } for pid=6751 comm="syz.0.17" path="/file0" dev="tmpfs" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 91.825112][ T29] audit: type=1400 audit(1743110234.072:143): avc: denied { mount } for pid=6751 comm="syz.0.17" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[ 91.847390][ T29] audit: type=1400 audit(1743110234.072:144): avc: denied { setattr } for pid=6751 comm="syz.0.17" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 91.872659][ T29] audit: type=1400 audit(1743110234.072:145): avc: denied { write } for pid=6751 comm="syz.0.17" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 91.893389][ T29] audit: type=1400 audit(1743110234.072:146): avc: denied { open } for pid=6751 comm="syz.0.17" path="/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 91.915443][ T29] audit: type=1400 audit(1743110234.102:147): avc: denied { mounton } for pid=6753 comm="syz.0.18" path="/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 93.209541][ T5133] Bluetooth: hci0: command tx timeout
2025/03/27 21:17:16 executed programs: 97
[ 95.299776][ T5133] Bluetooth: hci0: command tx timeout
[ 97.370635][ T5133] Bluetooth: hci0: command tx timeout
2025/03/27 21:17:21 executed programs: 324
2025/03/27 21:17:26 executed programs: 543
[ 105.559794][ T6595] ==================================================================
[ 105.567876][ T6595] BUG: KASAN: slab-use-after-free in p9_conn_cancel+0x900/0x910
[ 105.575495][ T6595] Read of size 8 at addr ffff88807b19ea50 by task syz-executor/6595
[ 105.580817][ T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 105.583449][ T6595]
[ 105.583458][ T6595] CPU: 0 UID: 0 PID: 6595 Comm: syz-executor Not tainted 6.13.0-rc1-syzkaller-00017-gaaec5a95d596-dirty #0
[ 105.592255][ T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 105.592726][ T6595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 105.604598][ T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 105.610948][ T6595] Call Trace:
[ 105.610955][ T6595]
[ 105.610961][ T6595] dump_stack_lvl+0x116/0x1f0
[ 105.610989][ T6595] print_report+0xc3/0x620
[ 105.611007][ T6595] ? __virt_addr_valid+0x5e/0x590
[ 105.611028][ T6595] ? __phys_addr+0xc6/0x150
[ 105.611050][ T6595] kasan_report+0xd9/0x110
[ 105.611065][ T6595] ? p9_conn_cancel+0x900/0x910
[ 105.622514][ T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 105.627995][ T6595] ? p9_conn_cancel+0x900/0x910
[ 105.631668][ T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 105.634160][ T6595] p9_conn_cancel+0x900/0x910
[ 105.638954][ T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 105.643178][ T6595] ? kmem_cache_free+0x31d/0x4c0
[ 105.643197][ T6595] ? __pfx_p9_conn_cancel+0x10/0x10
[ 105.643224][ T6595] p9_fd_close+0x3c5/0x590
[ 105.643244][ T6595] p9_client_destroy+0xce/0x480
[ 105.711485][ T6595] ? __pfx_p9_client_destroy+0x10/0x10
[ 105.716953][ T6595] ? __pfx_ida_free+0x10/0x10
[ 105.721630][ T6595] ? do_raw_spin_unlock+0x172/0x230
[ 105.726801][ T6595] v9fs_session_close+0x49/0x2d0
[ 105.731720][ T6595] v9fs_kill_super+0x4d/0xa0
[ 105.736317][ T6595] deactivate_locked_super+0xbe/0x1a0
[ 105.741697][ T6595] deactivate_super+0xde/0x100
[ 105.746465][ T6595] cleanup_mnt+0x222/0x450
[ 105.750888][ T6595] task_work_run+0x14e/0x250
[ 105.755481][ T6595] ? __pfx_task_work_run+0x10/0x10
[ 105.760589][ T6595] do_exit+0xadd/0x2d70
[ 105.762705][ T7963] chnl_net:caif_netlink_parms(): no params data found
[ 105.764731][ T6595] ? get_signal+0x8f7/0x26c0
[ 105.776041][ T6595] ? __pfx_do_exit+0x10/0x10
[ 105.780630][ T6595] ? do_raw_spin_lock+0x12d/0x2c0
[ 105.785652][ T6595] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 105.791016][ T6595] do_group_exit+0xd3/0x2a0
[ 105.795494][ T6595] get_signal+0x24ed/0x26c0
[ 105.799986][ T6595] ? __pfx_get_signal+0x10/0x10
[ 105.804823][ T6595] ? __pfx_vfs_read+0x10/0x10
[ 105.809487][ T6595] arch_do_signal_or_restart+0x90/0x7e0
[ 105.815027][ T6595] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 105.821155][ T6595] ? ksys_read+0x1ba/0x250
[ 105.825544][ T6595] ? __pfx_ksys_read+0x10/0x10
[ 105.830284][ T6595] syscall_exit_to_user_mode+0x150/0x2a0
[ 105.835891][ T6595] do_syscall_64+0xda/0x250
[ 105.840367][ T6595] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 105.846229][ T6595] RIP: 0033:0x7fa1f978bb7c
[ 105.850613][ T6595] Code: Unable to access opcode bytes at 0x7fa1f978bb52.
[ 105.857597][ T6595] RSP: 002b:00007ffd5c5893b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 105.865996][ T6595] RAX: fffffffffffffe00 RBX: 0000000000000003 RCX: 00007fa1f978bb7c
[ 105.873942][ T6595] RDX: 0000000000000030 RSI: 00007ffd5c589470 RDI: 00000000000000f9
[ 105.881884][ T6595] RBP: 00007ffd5c58941c R08: 0000000000000000 R09: 0079746972756365
[ 105.889833][ T6595] R10: 00007ffd5c588d70 R11: 0000000000000246 R12: 0000000000000258
[ 105.897796][ T6595] R13: 00000000000927c0 R14: 0000000000019c1d R15: 00007ffd5c589470
[ 105.905744][ T6595]
[ 105.908746][ T6595]
[ 105.911041][ T6595] Allocated by task 52:
[ 105.915171][ T6595] kasan_save_stack+0x33/0x60
[ 105.919837][ T6595] kasan_save_track+0x14/0x30
[ 105.924497][ T6595] __kasan_slab_alloc+0x89/0x90
[ 105.929316][ T6595] kmem_cache_alloc_noprof+0x226/0x3d0
[ 105.934748][ T6595] p9_tag_alloc+0x9c/0x870
[ 105.939137][ T6595] p9_client_prepare_req+0x19f/0x4d0
[ 105.944394][ T6595] p9_client_rpc+0x1c3/0xc10
[ 105.948955][ T6595] p9_client_write+0x31f/0x680
[ 105.953688][ T6595] v9fs_issue_write+0xe2/0x180
[ 105.958432][ T6595] netfs_do_issue_write+0x92/0x110
[ 105.963518][ T6595] netfs_write_collection_worker+0x3e10/0x47d0
[ 105.969653][ T6595] process_one_work+0x9c5/0x1ba0
[ 105.974571][ T6595] worker_thread+0x6c8/0xf00
[ 105.979133][ T6595] kthread+0x2c1/0x3a0
[ 105.983181][ T6595] ret_from_fork+0x45/0x80
[ 105.987570][ T6595] ret_from_fork_asm+0x1a/0x30
[ 105.992306][ T6595]
[ 105.994599][ T6595] Freed by task 5192:
[ 105.998543][ T6595] kasan_save_stack+0x33/0x60
[ 106.003206][ T6595] kasan_save_track+0x14/0x30
[ 106.007851][ T6595] kasan_save_free_info+0x3b/0x60
[ 106.012848][ T6595] __kasan_slab_free+0x51/0x70
[ 106.017579][ T6595] slab_free_after_rcu_debug+0x115/0x340
[ 106.023180][ T6595] rcu_core+0x79d/0x14d0
[ 106.027395][ T6595] handle_softirqs+0x213/0x8f0
[ 106.032130][ T6595] __irq_exit_rcu+0x109/0x170
[ 106.036787][ T6595] irq_exit_rcu+0x9/0x30
[ 106.041000][ T6595] sysvec_apic_timer_interrupt+0xa4/0xc0
[ 106.046606][ T6595] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 106.052555][ T6595]
[ 106.054849][ T6595] Last potentially related work creation:
[ 106.060532][ T6595] kasan_save_stack+0x33/0x60
[ 106.065185][ T6595] __kasan_record_aux_stack+0xba/0xd0
[ 106.070533][ T6595] kmem_cache_free+0x305/0x4c0
[ 106.075264][ T6595] p9_req_put+0x1c6/0x250
[ 106.079575][ T6595] p9_client_rpc+0x591/0xc10
[ 106.084154][ T6595] p9_client_write+0x31f/0x680
[ 106.088886][ T6595] v9fs_issue_write+0xe2/0x180
[ 106.093619][ T6595] netfs_do_issue_write+0x92/0x110
[ 106.098703][ T6595] netfs_write_collection_worker+0x3e10/0x47d0
[ 106.104831][ T6595] process_one_work+0x9c5/0x1ba0
[ 106.109746][ T6595] worker_thread+0x6c8/0xf00
[ 106.114328][ T6595] kthread+0x2c1/0x3a0
[ 106.118376][ T6595] ret_from_fork+0x45/0x80
[ 106.122761][ T6595] ret_from_fork_asm+0x1a/0x30
[ 106.127498][ T6595]
[ 106.129800][ T6595] The buggy address belongs to the object at ffff88807b19e990
[ 106.129800][ T6595] which belongs to the cache p9_req_t of size 208
[ 106.143573][ T6595] The buggy address is located 192 bytes inside of
[ 106.143573][ T6595] freed 208-byte region [ffff88807b19e990, ffff88807b19ea60)
[ 106.157335][ T6595]
[ 106.159637][ T6595] The buggy address belongs to the physical page:
[ 106.166031][ T6595] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b19e
[ 106.174768][ T6595] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 106.181857][ T6595] page_type: f5(slab)
[ 106.185828][ T6595] raw: 00fff00000000000 ffff88814c7a0140 ffffea0001dd70c0 0000000000000006
[ 106.194381][ T6595] raw: 0000000000000000 00000000000f000f 00000001f5000000 0000000000000000
[ 106.202933][ T6595] page dumped because: kasan: bad access detected
[ 106.209311][ T6595] page_owner tracks the page as allocated
[ 106.214992][ T6595] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6752, tgid 6751 (syz.0.17), ts 91802565462, free_ts 91788017536
[ 106.233712][ T6595] post_alloc_hook+0x2d1/0x350
[ 106.238451][ T6595] get_page_from_freelist+0xfce/0x2f80
[ 106.243894][ T6595] __alloc_pages_noprof+0x221/0x2470
[ 106.249160][ T6595] alloc_pages_mpol_noprof+0x2c9/0x610
[ 106.254593][ T6595] new_slab+0x2c9/0x410
[ 106.258729][ T6595] ___slab_alloc+0xda4/0x1880
[ 106.263394][ T6595] __slab_alloc.constprop.0+0x56/0xb0
[ 106.268740][ T6595] kmem_cache_alloc_noprof+0xfa/0x3d0
[ 106.274094][ T6595] p9_tag_alloc+0x9c/0x870
[ 106.278487][ T6595] p9_client_prepare_req+0x19f/0x4d0
[ 106.283746][ T6595] p9_client_rpc+0x1c3/0xc10
[ 106.288337][ T6595] p9_client_create+0xc65/0x1200
[ 106.293264][ T6595] v9fs_session_init+0x1f8/0x1a80
[ 106.298274][ T6595] v9fs_mount+0xc6/0xa30
[ 106.302496][ T6595] legacy_get_tree+0x109/0x220
[ 106.307239][ T6595] vfs_get_tree+0x8f/0x380
[ 106.311641][ T6595] page last free pid 6750 tgid 6748 stack trace:
[ 106.317943][ T6595] free_unref_folios+0xa7b/0x14f0
[ 106.322952][ T6595] folios_put_refs+0x587/0x7b0
[ 106.327698][ T6595] free_pages_and_swap_cache+0x45f/0x510
[ 106.333311][ T6595] __tlb_batch_free_encoded_pages+0xf9/0x290
[ 106.339262][ T6595] tlb_finish_mmu+0x168/0x7b0
[ 106.343910][ T6595] exit_mmap+0x3df/0xb20
[ 106.348135][ T6595] __mmput+0x12a/0x4c0
[ 106.352177][ T6595] mmput+0x62/0x70
[ 106.355872][ T6595] do_exit+0x9bf/0x2d70
[ 106.360006][ T6595] do_group_exit+0xd3/0x2a0
[ 106.364498][ T6595] get_signal+0x24ed/0x26c0
[ 106.368975][ T6595] arch_do_signal_or_restart+0x90/0x7e0
[ 106.374499][ T6595] syscall_exit_to_user_mode+0x150/0x2a0
[ 106.380116][ T6595] do_syscall_64+0xda/0x250
[ 106.384596][ T6595] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 106.390461][ T6595]
[ 106.392756][ T6595] Memory state around the buggy address:
[ 106.398353][ T6595] ffff88807b19e900: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
[ 106.406383][ T6595] ffff88807b19e980: fc fc fa fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 106.414413][ T6595] >ffff88807b19ea00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 106.422456][ T6595] ^
[ 106.429110][ T6595] ffff88807b19ea80: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00
[ 106.437158][ T6595] ffff88807b19eb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
[ 106.445189][ T6595] ==================================================================
[ 106.454460][ T6595] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 106.461658][ T6595] CPU: 0 UID: 0 PID: 6595 Comm: syz-executor Not tainted 6.13.0-rc1-syzkaller-00017-gaaec5a95d596-dirty #0
[ 106.473017][ T6595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 106.483048][ T6595] Call Trace:
[ 106.486300][ T6595]
[ 106.489206][ T6595] dump_stack_lvl+0x3d/0x1f0
[ 106.493779][ T6595] panic+0x71d/0x800
[ 106.497661][ T6595] ? __pfx_panic+0x10/0x10
[ 106.502065][ T6595] ? check_panic_on_warn+0x1f/0xb0
[ 106.507164][ T6595] check_panic_on_warn+0xab/0xb0
[ 106.512079][ T6595] end_report+0x117/0x180
[ 106.516384][ T6595] kasan_report+0xe9/0x110
[ 106.520773][ T6595] ? p9_conn_cancel+0x900/0x910
[ 106.525598][ T6595] ? p9_conn_cancel+0x900/0x910
[ 106.530433][ T6595] p9_conn_cancel+0x900/0x910
[ 106.535082][ T6595] ? kmem_cache_free+0x31d/0x4c0
[ 106.540089][ T6595] ? __pfx_p9_conn_cancel+0x10/0x10
[ 106.545288][ T6595] p9_fd_close+0x3c5/0x590
[ 106.549687][ T6595] p9_client_destroy+0xce/0x480
[ 106.554531][ T6595] ? __pfx_p9_client_destroy+0x10/0x10
[ 106.559971][ T6595] ? __pfx_ida_free+0x10/0x10
[ 106.564646][ T6595] ? do_raw_spin_unlock+0x172/0x230
[ 106.569829][ T6595] v9fs_session_close+0x49/0x2d0
[ 106.574751][ T6595] v9fs_kill_super+0x4d/0xa0
[ 106.579323][ T6595] deactivate_locked_super+0xbe/0x1a0
[ 106.584682][ T6595] deactivate_super+0xde/0x100
[ 106.589430][ T6595] cleanup_mnt+0x222/0x450
[ 106.593833][ T6595] task_work_run+0x14e/0x250
[ 106.598401][ T6595] ? __pfx_task_work_run+0x10/0x10
[ 106.603498][ T6595] do_exit+0xadd/0x2d70
[ 106.607639][ T6595] ? get_signal+0x8f7/0x26c0
[ 106.612212][ T6595] ? __pfx_do_exit+0x10/0x10
[ 106.616791][ T6595] ? do_raw_spin_lock+0x12d/0x2c0
[ 106.621812][ T6595] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 106.627166][ T6595] do_group_exit+0xd3/0x2a0
[ 106.631668][ T6595] get_signal+0x24ed/0x26c0
[ 106.636157][ T6595] ? __pfx_get_signal+0x10/0x10
[ 106.640989][ T6595] ? __pfx_vfs_read+0x10/0x10
[ 106.645651][ T6595] arch_do_signal_or_restart+0x90/0x7e0
[ 106.651185][ T6595] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 106.657329][ T6595] ? ksys_read+0x1ba/0x250
[ 106.661732][ T6595] ? __pfx_ksys_read+0x10/0x10
[ 106.666481][ T6595] syscall_exit_to_user_mode+0x150/0x2a0
[ 106.672110][ T6595] do_syscall_64+0xda/0x250
[ 106.676593][ T6595] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 106.682467][ T6595] RIP: 0033:0x7fa1f978bb7c
[ 106.686861][ T6595] Code: Unable to access opcode bytes at 0x7fa1f978bb52.
[ 106.694114][ T6595] RSP: 002b:00007ffd5c5893b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 106.702510][ T6595] RAX: fffffffffffffe00 RBX: 0000000000000003 RCX: 00007fa1f978bb7c
[ 106.710461][ T6595] RDX: 0000000000000030 RSI: 00007ffd5c589470 RDI: 00000000000000f9
[ 106.718411][ T6595] RBP: 00007ffd5c58941c R08: 0000000000000000 R09: 0079746972756365
[ 106.726360][ T6595] R10: 00007ffd5c588d70 R11: 0000000000000246 R12: 0000000000000258
[ 106.734398][ T6595] R13: 00000000000927c0 R14: 0000000000019c1d R15: 00007ffd5c589470
[ 106.742352][ T6595]
[ 106.745531][ T6595] Kernel Offset: disabled
[ 106.749828][ T6595] Rebooting in 86400 seconds..