Warning: Permanently added '10.128.1.165' (ED25519) to the list of known hosts.
2025/06/30 23:39:09 ignoring optional flag "sandboxArg"="0"
2025/06/30 23:39:10 parsed 1 programs
[ 121.832664][ T6333] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 125.721637][ T5150] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 125.734334][ T5150] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 125.743802][ T5150] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 125.768336][ T5150] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 125.776728][ T5150] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 127.249834][ T6391] chnl_net:caif_netlink_parms(): no params data found
[ 127.332600][ T6391] bridge0: port 1(bridge_slave_0) entered blocking state
[ 127.340288][ T6391] bridge0: port 1(bridge_slave_0) entered disabled state
[ 127.348993][ T6391] bridge_slave_0: entered allmulticast mode
[ 127.357928][ T6391] bridge_slave_0: entered promiscuous mode
[ 127.398071][ T6391] bridge0: port 2(bridge_slave_1) entered blocking state
[ 127.405533][ T6391] bridge0: port 2(bridge_slave_1) entered disabled state
[ 127.413291][ T6391] bridge_slave_1: entered allmulticast mode
[ 127.428016][ T6391] bridge_slave_1: entered promiscuous mode
[ 127.480293][ T6391] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 127.492070][ T6391] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 127.523014][ T6391] team0: Port device team_slave_0 added
[ 127.530884][ T6391] team0: Port device team_slave_1 added
[ 127.574478][ T6391] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 127.582905][ T6391] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 127.611205][ T6391] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 127.623785][ T6391] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 127.631623][ T6391] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 127.660058][ T6391] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 127.704317][ T6391] hsr_slave_0: entered promiscuous mode
[ 127.710943][ T6391] hsr_slave_1: entered promiscuous mode
[ 128.337901][ T6391] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 128.356685][ T6391] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 128.368337][ T6391] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 128.382150][ T6391] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 128.480540][ T6391] 8021q: adding VLAN 0 to HW filter on device bond0
[ 128.505283][ T6391] 8021q: adding VLAN 0 to HW filter on device team0
[ 128.520680][ T1156] bridge0: port 1(bridge_slave_0) entered blocking state
[ 128.528247][ T1156] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 128.547692][ T1156] bridge0: port 2(bridge_slave_1) entered blocking state
[ 128.555220][ T1156] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 128.842106][ T6391] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 128.909232][ T6391] veth0_vlan: entered promiscuous mode
[ 128.924641][ T6391] veth1_vlan: entered promiscuous mode
[ 128.968700][ T6391] veth0_macvtap: entered promiscuous mode
[ 128.982473][ T6391] veth1_macvtap: entered promiscuous mode
[ 129.008326][ T6391] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 129.029277][ T6391] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 129.049691][ T49] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 129.070220][ T49] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 129.091999][ T49] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 129.132042][ T49] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 129.296722][ T1156] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 129.399812][ T1156] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 129.488690][ T1156] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 129.588858][ T1156] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 129.923134][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 129.939985][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 129.975083][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 129.983849][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/06/30 23:39:23 executed programs: 0
[ 130.849435][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 130.859248][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 130.867606][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 130.880361][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 130.888575][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 131.147798][ T6505] chnl_net:caif_netlink_parms(): no params data found
[ 131.265000][ T6505] bridge0: port 1(bridge_slave_0) entered blocking state
[ 131.272767][ T6505] bridge0: port 1(bridge_slave_0) entered disabled state
[ 131.282365][ T6505] bridge_slave_0: entered allmulticast mode
[ 131.290504][ T6505] bridge_slave_0: entered promiscuous mode
[ 131.301182][ T6505] bridge0: port 2(bridge_slave_1) entered blocking state
[ 131.309195][ T6505] bridge0: port 2(bridge_slave_1) entered disabled state
[ 131.316518][ T6505] bridge_slave_1: entered allmulticast mode
[ 131.324485][ T6505] bridge_slave_1: entered promiscuous mode
[ 131.370879][ T6505] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 131.384699][ T6505] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 131.434499][ T6505] team0: Port device team_slave_0 added
[ 131.444964][ T6505] team0: Port device team_slave_1 added
[ 131.491352][ T6505] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 131.499263][ T6505] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 131.526185][ T6505] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 131.538971][ T6505] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 131.547162][ T6505] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 131.575387][ T6505] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 131.652632][ T6505] hsr_slave_0: entered promiscuous mode
[ 131.660414][ T6505] hsr_slave_1: entered promiscuous mode
[ 131.667366][ T6505] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 131.675482][ T6505] Cannot create hsr debugfs directory
[ 131.869747][ T1156] bridge_slave_1: left allmulticast mode
[ 131.875714][ T1156] bridge_slave_1: left promiscuous mode
[ 131.884411][ T1156] bridge0: port 2(bridge_slave_1) entered disabled state
[ 131.894697][ T1156] bridge_slave_0: left allmulticast mode
[ 131.900867][ T1156] bridge_slave_0: left promiscuous mode
[ 131.907137][ T1156] bridge0: port 1(bridge_slave_0) entered disabled state
[ 132.231828][ T1156] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 132.243888][ T1156] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 132.254729][ T1156] bond0 (unregistering): Released all slaves
[ 132.370677][ T1156] hsr_slave_0: left promiscuous mode
[ 132.378045][ T1156] hsr_slave_1: left promiscuous mode
[ 132.384441][ T1156] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 132.394311][ T1156] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 132.404538][ T1156] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 132.417627][ T1156] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 132.442828][ T1156] veth1_macvtap: left promiscuous mode
[ 132.449832][ T1156] veth0_macvtap: left promiscuous mode
[ 132.455559][ T1156] veth1_vlan: left promiscuous mode
[ 132.463452][ T1156] veth0_vlan: left promiscuous mode
[ 132.956369][ T1156] team0 (unregistering): Port device team_slave_1 removed
[ 132.976340][ T5150] Bluetooth: hci0: command tx timeout
[ 132.987311][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 132.993845][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 133.011571][ T1156] team0 (unregistering): Port device team_slave_0 removed
[ 133.748217][ T6505] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 133.773707][ T6505] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 133.790470][ T6505] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 133.804526][ T6505] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 134.077666][ T6505] 8021q: adding VLAN 0 to HW filter on device bond0
[ 134.114584][ T6505] 8021q: adding VLAN 0 to HW filter on device team0
[ 134.121557][ C0] ==================================================================
[ 134.121575][ C0] BUG: KASAN: slab-use-after-free in flush_tlb_func+0x23d/0x6c0
[ 134.121605][ C0] Write of size 8 at addr ffff888029d23500 by task syz-executor/6505
[ 134.121619][ C0]
[ 134.121636][ C0] CPU: 0 UID: 0 PID: 6505 Comm: syz-executor Not tainted 6.16.0-rc4-next-20250630-syzkaller-g1343433ed389 #0 PREEMPT(full)
[ 134.121655][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 134.121670][ C0] Call Trace:
[ 134.121676][ C0]
[ 134.121683][ C0] dump_stack_lvl+0x189/0x250
[ 134.121707][ C0] ? __virt_addr_valid+0x1c8/0x5c0
[ 134.121721][ C0] ? rcu_is_watching+0x15/0xb0
[ 134.121739][ C0] ? __pfx_dump_stack_lvl+0x10/0x10
[ 134.121759][ C0] ? rcu_is_watching+0x15/0xb0
[ 134.121778][ C0] ? lock_release+0x4b/0x3e0
[ 134.121798][ C0] ? __virt_addr_valid+0x1c8/0x5c0
[ 134.121813][ C0] ? __virt_addr_valid+0x4a5/0x5c0
[ 134.121827][ C0] print_report+0xd2/0x2b0
[ 134.121845][ C0] ? flush_tlb_func+0x23d/0x6c0
[ 134.121858][ C0] kasan_report+0x118/0x150
[ 134.121873][ C0] ? flush_tlb_func+0x23d/0x6c0
[ 134.121889][ C0] kasan_check_range+0x2b0/0x2c0
[ 134.121904][ C0] flush_tlb_func+0x23d/0x6c0
[ 134.121924][ C0] ? __pfx_flush_tlb_func+0x10/0x10
[ 134.121937][ C0] ? sched_clock_cpu+0x74/0x430
[ 134.121956][ C0] ? rcu_is_watching+0x15/0xb0
[ 134.121974][ C0] ? __pfx_flush_tlb_func+0x10/0x10
[ 134.121988][ C0] __flush_smp_call_function_queue+0x370/0xaa0
[ 134.122008][ C0] ? __pfx_flush_tlb_func+0x10/0x10
[ 134.122022][ C0] __sysvec_call_function_single+0xa8/0x3d0
[ 134.122039][ C0] sysvec_call_function_single+0x9e/0xc0
[ 134.122059][ C0]
[ 134.122065][ C0]
[ 134.122072][ C0] asm_sysvec_call_function_single+0x1a/0x20
[ 134.122091][ C0] RIP: 0010:console_flush_all+0x7f7/0xc40
[ 134.122108][ C0] Code: 48 21 c3 0f 85 e9 01 00 00 e8 65 2d 1f 00 48 8b 5c 24 20 4d 85 f6 75 07 e8 56 2d 1f 00 eb 06 e8 4f 2d 1f 00 fb 48 8b 44 24 28 <42> 80 3c 20 00 74 08 48 89 df e8 3a 41 83 00 48 8b 1b 48 8b 44 24
[ 134.122120][ C0] RSP: 0018:ffffc900030267c0 EFLAGS: 00000293
[ 134.122144][ C0] RAX: 1ffffffff1d36a63 RBX: ffffffff8e9b5318 RCX: ffff8880618f8000
[ 134.122155][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 134.122163][ C0] RBP: ffffc90003026910 R08: ffffffff8fa17437 R09: 1ffffffff1f42e86
[ 134.122174][ C0] R10: dffffc0000000000 R11: fffffbfff1f42e87 R12: dffffc0000000000
[ 134.122185][ C0] R13: 0000000000000001 R14: 0000000000000200 R15: ffffffff8e9b52c0
[ 134.122203][ C0] ? console_flush_all+0x13a/0xc40
[ 134.122220][ C0] ? __pfx_console_flush_all+0x10/0x10
[ 134.122238][ C0] ? is_printk_cpu_sync_owner+0x32/0x40
[ 134.122256][ C0] console_unlock+0xc4/0x270
[ 134.122277][ C0] ? __pfx_console_unlock+0x10/0x10
[ 134.122299][ C0] ? is_printk_cpu_sync_owner+0x32/0x40
[ 134.122326][ C0] vprintk_emit+0x5b7/0x7a0
[ 134.122344][ C0] ? __pfx_vprintk_emit+0x10/0x10
[ 134.122363][ C0] ? __local_bh_enable_ip+0x12d/0x1c0
[ 134.122381][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 134.122400][ C0] ? addrconf_permanent_addr+0x917/0x9d0
[ 134.122422][ C0] _printk+0xcf/0x120
[ 134.122440][ C0] ? __pfx__printk+0x10/0x10
[ 134.122458][ C0] ? rose_device_event+0x5e7/0x6a0
[ 134.122476][ C0] vlan_device_event+0x1bf4/0x1d00
[ 134.122493][ C0] ? packet_notifier+0xc63/0xcb0
[ 134.122508][ C0] ? __pfx_phonet_device_notify+0x10/0x10
[ 134.122523][ C0] ? __pfx_vlan_device_event+0x10/0x10
[ 134.122538][ C0] ? isotp_notifier+0xa3/0x6b0
[ 134.122558][ C0] ? cgw_notifier+0xde/0x3b0
[ 134.122581][ C0] notifier_call_chain+0x1b3/0x3e0
[ 134.122606][ C0] __dev_notify_flags+0x18d/0x2e0
[ 134.122624][ C0] ? __pfx___dev_notify_flags+0x10/0x10
[ 134.122639][ C0] ? __dev_change_flags+0x4cc/0x6d0
[ 134.122656][ C0] ? __pfx___dev_change_flags+0x10/0x10
[ 134.122675][ C0] ? do_setlink+0x8ce/0x41c0
[ 134.122693][ C0] netif_change_flags+0xe8/0x1a0
[ 134.122711][ C0] do_setlink+0xc55/0x41c0
[ 134.122729][ C0] ? __kernel_text_address+0xd/0x40
[ 134.122746][ C0] ? arch_stack_walk+0xfc/0x150
[ 134.122768][ C0] ? __pfx_do_setlink+0x10/0x10
[ 134.122792][ C0] ? __lock_acquire+0xab9/0xd20
[ 134.122814][ C0] ? __pfx___mutex_trylock_common+0x10/0x10
[ 134.122837][ C0] ? rcu_is_watching+0x15/0xb0
[ 134.122856][ C0] ? trace_contention_end+0x39/0x120
[ 134.122878][ C0] ? __mutex_lock+0x330/0xe80
[ 134.122894][ C0] ? __pfx_aa_get_newest_label+0x10/0x10
[ 134.122916][ C0] ? rtnl_newlink+0x8db/0x1c70
[ 134.122930][ C0] ? rcu_is_watching+0x15/0xb0
[ 134.122949][ C0] ? __pfx___mutex_lock+0x10/0x10
[ 134.122968][ C0] ? ns_capable+0x8a/0xf0
[ 134.122988][ C0] ? rtnl_link_get_net_capable+0x16a/0x350
[ 134.123006][ C0] rtnl_newlink+0x160b/0x1c70
[ 134.123020][ C0] ? __lock_acquire+0xab9/0xd20
[ 134.123042][ C0] ? __pfx_rtnl_newlink+0x10/0x10
[ 134.123056][ C0] ? __lock_acquire+0xab9/0xd20
[ 134.123077][ C0] ? __lock_acquire+0xab9/0xd20
[ 134.123099][ C0] ? __lock_acquire+0xab9/0xd20
[ 134.123124][ C0] ? is_bpf_text_address+0x26/0x2b0
[ 134.123145][ C0] ? is_bpf_text_address+0x292/0x2b0
[ 134.123164][ C0] ? is_bpf_text_address+0x26/0x2b0
[ 134.123184][ C0] ? kernel_text_address+0xa5/0xe0
[ 134.123200][ C0] ? __kernel_text_address+0xd/0x40
[ 134.123216][ C0] ? unwind_get_return_address+0x4d/0x90
[ 134.123239][ C0] ? __lock_acquire+0xab9/0xd20
[ 134.123267][ C0] ? __pfx_rtnl_newlink+0x10/0x10
[ 134.123281][ C0] rtnetlink_rcv_msg+0x7cf/0xb70
[ 134.123298][ C0] ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 134.123319][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 134.123340][ C0] netlink_rcv_skb+0x205/0x470
[ 134.123356][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 134.123371][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10
[ 134.123399][ C0] ? netlink_deliver_tap+0x2e/0x1b0
[ 134.123414][ C0] ? netlink_deliver_tap+0x2e/0x1b0
[ 134.123431][ C0] netlink_unicast+0x758/0x8d0
[ 134.123457][ C0] netlink_sendmsg+0x805/0xb30
[ 134.123476][ C0] ? __pfx_netlink_sendmsg+0x10/0x10
[ 134.123492][ C0] ? aa_sock_msg_perm+0xf1/0x1d0
[ 134.123512][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 134.123530][ C0] ? __pfx_netlink_sendmsg+0x10/0x10
[ 134.123546][ C0] __sock_sendmsg+0x21c/0x270
[ 134.123568][ C0] __sys_sendto+0x3bd/0x520
[ 134.123585][ C0] ? __pfx___sys_sendto+0x10/0x10
[ 134.123606][ C0] ? fput_close_sync+0x119/0x200
[ 134.123629][ C0] ? __pfx_fput_close_sync+0x10/0x10
[ 134.123650][ C0] __x64_sys_sendto+0xde/0x100
[ 134.123667][ C0] do_syscall_64+0xfa/0x3b0
[ 134.123683][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.123699][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 134.123715][ C0] ? clear_bhb_loop+0x60/0xb0
[ 134.123732][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.123748][ C0] RIP: 0033:0x7f4dbf1907bc
[ 134.123771][ C0] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b
[ 134.123784][ C0] RSP: 002b:00007ffd7f598dd0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 134.123802][ C0] RAX: ffffffffffffffda RBX: 00007f4dbfee4620 RCX: 00007f4dbf1907bc
[ 134.123814][ C0] RDX: 000000000000002c RSI: 00007f4dbfee4670 RDI: 0000000000000003
[ 134.123825][ C0] RBP: 0000000000000000 R08: 00007ffd7f598e24 R09: 000000000000000c
[ 134.123835][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[ 134.123845][ C0] R13: 0000000000000000 R14: 00007f4dbfee4670 R15: 0000000000000000
[ 134.123863][ C0]
[ 134.123869][ C0]
[ 134.123875][ C0] Allocated by task 6588:
[ 134.123884][ C0] kasan_save_track+0x3e/0x80
[ 134.123905][ C0] __kasan_slab_alloc+0x6c/0x80
[ 134.123925][ C0] kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 134.123946][ C0] copy_mm+0xdb/0x4b0
[ 134.123965][ C0] copy_process+0x1706/0x3c00
[ 134.123984][ C0] kernel_clone+0x21e/0x870
[ 134.124004][ C0] __x64_sys_clone+0x18b/0x1e0
[ 134.124017][ C0] do_syscall_64+0xfa/0x3b0
[ 134.124031][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.124046][ C0]
[ 134.124051][ C0] Freed by task 6589:
[ 134.124059][ C0] kasan_save_track+0x3e/0x80
[ 134.124078][ C0] kasan_save_free_info+0x46/0x50
[ 134.124094][ C0] __kasan_slab_free+0x62/0x70
[ 134.124114][ C0] kmem_cache_free+0x18f/0x400
[ 134.124134][ C0] exit_mm+0x1da/0x2c0
[ 134.124147][ C0] do_exit+0x648/0x2300
[ 134.124160][ C0] do_group_exit+0x21c/0x2d0
[ 134.124174][ C0] __x64_sys_exit_group+0x3f/0x40
[ 134.124189][ C0] x64_sys_call+0x21ba/0x21c0
[ 134.124204][ C0] do_syscall_64+0xfa/0x3b0
[ 134.124218][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.124233][ C0]
[ 134.124238][ C0] The buggy address belongs to the object at ffff888029d22b00
[ 134.124238][ C0] which belongs to the cache mm_struct of size 2584
[ 134.124252][ C0] The buggy address is located 2560 bytes inside of
[ 134.124252][ C0] freed 2584-byte region [ffff888029d22b00, ffff888029d23518)
[ 134.124270][ C0]
[ 134.124275][ C0] The buggy address belongs to the physical page:
[ 134.124288][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29d20
[ 134.124314][ C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 134.124327][ C0] memcg:ffff88805c79a401
[ 134.124336][ C0] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 134.124358][ C0] page_type: f5(slab)
[ 134.124374][ C0] raw: 00fff00000000040 ffff88801a44bb40 ffffea0000a83200 0000000000000003
[ 134.124388][ C0] raw: 0000000000000000 00000000800b000b 00000000f5000000 ffff88805c79a401
[ 134.124403][ C0] head: 00fff00000000040 ffff88801a44bb40 ffffea0000a83200 0000000000000003
[ 134.124418][ C0] head: 0000000000000000 00000000800b000b 00000000f5000000 ffff88805c79a401
[ 134.124433][ C0] head: 00fff00000000003 ffffea0000a74801 00000000ffffffff 00000000ffffffff
[ 134.124447][ C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 134.124456][ C0] page dumped because: kasan: bad access detected
[ 134.124470][ C0] page_owner tracks the page as allocated
[ 134.124477][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6296, tgid 6296 (dhcpcd-run-hook), ts 112078998041, free_ts 111959144565
[ 134.124505][ C0] post_alloc_hook+0x240/0x2a0
[ 134.124527][ C0] get_page_from_freelist+0x21e4/0x22c0
[ 134.124543][ C0] __alloc_frozen_pages_noprof+0x181/0x370
[ 134.124559][ C0] alloc_pages_mpol+0x232/0x4a0
[ 134.124579][ C0] allocate_slab+0x8a/0x370
[ 134.124595][ C0] ___slab_alloc+0xbeb/0x1410
[ 134.124609][ C0] kmem_cache_alloc_noprof+0x283/0x3c0
[ 134.124628][ C0] copy_mm+0xdb/0x4b0
[ 134.124646][ C0] copy_process+0x1706/0x3c00
[ 134.124665][ C0] kernel_clone+0x21e/0x870
[ 134.124684][ C0] __x64_sys_clone+0x18b/0x1e0
[ 134.124697][ C0] do_syscall_64+0xfa/0x3b0
[ 134.124711][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.124726][ C0] page last free pid 6301 tgid 6301 stack trace:
[ 134.124736][ C0] __free_frozen_pages+0xb80/0xd80
[ 134.124750][ C0] __slab_free+0x303/0x3c0
[ 134.124765][ C0] qlist_free_all+0x97/0x140
[ 134.124783][ C0] kasan_quarantine_reduce+0x148/0x160
[ 134.124802][ C0] __kasan_slab_alloc+0x22/0x80
[ 134.124821][ C0] __kmalloc_noprof+0x224/0x4f0
[ 134.124841][ C0] tomoyo_realpath_from_path+0xe3/0x5d0
[ 134.124861][ C0] tomoyo_path_perm+0x213/0x4b0
[ 134.124877][ C0] security_inode_getattr+0x12f/0x330
[ 134.124899][ C0] __x64_sys_newfstat+0xfc/0x200
[ 134.124915][ C0] do_syscall_64+0xfa/0x3b0
[ 134.124928][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.124943][ C0]
[ 134.124948][ C0] Memory state around the buggy address:
[ 134.124958][ C0] ffff888029d23400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 134.124970][ C0] ffff888029d23480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 134.124981][ C0] >ffff888029d23500: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 134.124990][ C0] ^
[ 134.124999][ C0] ffff888029d23580: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[ 134.125010][ C0] ffff888029d23600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 134.125019][ C0] ==================================================================
[ 134.125036][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 134.125049][ C0] CPU: 0 UID: 0 PID: 6505 Comm: syz-executor Not tainted 6.16.0-rc4-next-20250630-syzkaller-g1343433ed389 #0 PREEMPT(full)
[ 134.125070][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 134.125080][ C0] Call Trace:
[ 134.125087][ C0]
[ 134.125094][ C0] dump_stack_lvl+0x99/0x250
[ 134.125117][ C0] ? __asan_memcpy+0x40/0x70
[ 134.125137][ C0] ? __pfx_dump_stack_lvl+0x10/0x10
[ 134.125158][ C0] ? __pfx__printk+0x10/0x10
[ 134.125180][ C0] panic+0x2db/0x790
[ 134.125204][ C0] ? __pfx_panic+0x10/0x10
[ 134.125228][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 134.125249][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 134.125270][ C0] ? print_memory_metadata+0x314/0x400
[ 134.125292][ C0] ? flush_tlb_func+0x23d/0x6c0
[ 134.125314][ C0] check_panic_on_warn+0x89/0xb0
[ 134.125332][ C0] ? flush_tlb_func+0x23d/0x6c0
[ 134.125348][ C0] end_report+0x78/0x160
[ 134.125370][ C0] kasan_report+0x129/0x150
[ 134.125386][ C0] ? flush_tlb_func+0x23d/0x6c0
[ 134.125405][ C0] kasan_check_range+0x2b0/0x2c0
[ 134.125422][ C0] flush_tlb_func+0x23d/0x6c0
[ 134.125442][ C0] ? __pfx_flush_tlb_func+0x10/0x10
[ 134.125457][ C0] ? sched_clock_cpu+0x74/0x430
[ 134.125478][ C0] ? rcu_is_watching+0x15/0xb0
[ 134.125495][ C0] ? __pfx_flush_tlb_func+0x10/0x10
[ 134.125509][ C0] __flush_smp_call_function_queue+0x370/0xaa0
[ 134.125529][ C0] ? __pfx_flush_tlb_func+0x10/0x10
[ 134.125544][ C0] __sysvec_call_function_single+0xa8/0x3d0
[ 134.125560][ C0] sysvec_call_function_single+0x9e/0xc0
[ 134.125578][ C0]
[ 134.125583][ C0]
[ 134.125588][ C0] asm_sysvec_call_function_single+0x1a/0x20
[ 134.125603][ C0] RIP: 0010:console_flush_all+0x7f7/0xc40
[ 134.125619][ C0] Code: 48 21 c3 0f 85 e9 01 00 00 e8 65 2d 1f 00 48 8b 5c 24 20 4d 85 f6 75 07 e8 56 2d 1f 00 eb 06 e8 4f 2d 1f 00 fb 48 8b 44 24 28 <42> 80 3c 20 00 74 08 48 89 df e8 3a 41 83 00 48 8b 1b 48 8b 44 24
[ 134.125631][ C0] RSP: 0018:ffffc900030267c0 EFLAGS: 00000293
[ 134.125646][ C0] RAX: 1ffffffff1d36a63 RBX: ffffffff8e9b5318 RCX: ffff8880618f8000
[ 134.125657][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 134.125666][ C0] RBP: ffffc90003026910 R08: ffffffff8fa17437 R09: 1ffffffff1f42e86
[ 134.125678][ C0] R10: dffffc0000000000 R11: fffffbfff1f42e87 R12: dffffc0000000000
[ 134.125690][ C0] R13: 0000000000000001 R14: 0000000000000200 R15: ffffffff8e9b52c0
[ 134.125710][ C0] ? console_flush_all+0x13a/0xc40
[ 134.125726][ C0] ? __pfx_console_flush_all+0x10/0x10
[ 134.125743][ C0] ? is_printk_cpu_sync_owner+0x32/0x40
[ 134.125758][ C0] console_unlock+0xc4/0x270
[ 134.125777][ C0] ? __pfx_console_unlock+0x10/0x10
[ 134.125795][ C0] ? is_printk_cpu_sync_owner+0x32/0x40
[ 134.125812][ C0] vprintk_emit+0x5b7/0x7a0
[ 134.125833][ C0] ? __pfx_vprintk_emit+0x10/0x10
[ 134.125852][ C0] ? __local_bh_enable_ip+0x12d/0x1c0
[ 134.125871][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 134.125890][ C0] ? addrconf_permanent_addr+0x917/0x9d0
[ 134.125911][ C0] _printk+0xcf/0x120
[ 134.125930][ C0] ? __pfx__printk+0x10/0x10
[ 134.125948][ C0] ? rose_device_event+0x5e7/0x6a0
[ 134.125966][ C0] vlan_device_event+0x1bf4/0x1d00
[ 134.125984][ C0] ? packet_notifier+0xc63/0xcb0
[ 134.126000][ C0] ? __pfx_phonet_device_notify+0x10/0x10
[ 134.126015][ C0] ? __pfx_vlan_device_event+0x10/0x10
[ 134.126029][ C0] ? isotp_notifier+0xa3/0x6b0
[ 134.126046][ C0] ? cgw_notifier+0xde/0x3b0
[ 134.126064][ C0] notifier_call_chain+0x1b3/0x3e0
[ 134.126078][ C0] __dev_notify_flags+0x18d/0x2e0
[ 134.126090][ C0] ? __pfx___dev_notify_flags+0x10/0x10
[ 134.126098][ C0] ? __dev_change_flags+0x4cc/0x6d0
[ 134.126109][ C0] ? __pfx___dev_change_flags+0x10/0x10
[ 134.126119][ C0] ? do_setlink+0x8ce/0x41c0
[ 134.126129][ C0] netif_change_flags+0xe8/0x1a0
[ 134.126140][ C0] do_setlink+0xc55/0x41c0
[ 134.126150][ C0] ? __kernel_text_address+0xd/0x40
[ 134.126160][ C0] ? arch_stack_walk+0xfc/0x150
[ 134.126174][ C0] ? __pfx_do_setlink+0x10/0x10
[ 134.126186][ C0] ? __lock_acquire+0xab9/0xd20
[ 134.126199][ C0] ? __pfx___mutex_trylock_common+0x10/0x10
[ 134.126213][ C0] ? rcu_is_watching+0x15/0xb0
[ 134.126224][ C0] ? trace_contention_end+0x39/0x120
[ 134.126236][ C0] ? __mutex_lock+0x330/0xe80
[ 134.126245][ C0] ? __pfx_aa_get_newest_label+0x10/0x10
[ 134.126257][ C0] ? rtnl_newlink+0x8db/0x1c70
[ 134.126265][ C0] ? rcu_is_watching+0x15/0xb0
[ 134.126276][ C0] ? __pfx___mutex_lock+0x10/0x10
[ 134.126286][ C0] ? ns_capable+0x8a/0xf0
[ 134.126298][ C0] ? rtnl_link_get_net_capable+0x16a/0x350
[ 134.126317][ C0] rtnl_newlink+0x160b/0x1c70
[ 134.126326][ C0] ? __lock_acquire+0xab9/0xd20
[ 134.126338][ C0] ? __pfx_rtnl_newlink+0x10/0x10
[ 134.126345][ C0] ? __lock_acquire+0xab9/0xd20
[ 134.126357][ C0] ? __lock_acquire+0xab9/0xd20
[ 134.126368][ C0] ? __lock_acquire+0xab9/0xd20
[ 134.126382][ C0] ? is_bpf_text_address+0x26/0x2b0
[ 134.126394][ C0] ? is_bpf_text_address+0x292/0x2b0
[ 134.126405][ C0] ? is_bpf_text_address+0x26/0x2b0
[ 134.126415][ C0] ? kernel_text_address+0xa5/0xe0
[ 134.126425][ C0] ? __kernel_text_address+0xd/0x40
[ 134.126434][ C0] ? unwind_get_return_address+0x4d/0x90
[ 134.126447][ C0] ? __lock_acquire+0xab9/0xd20
[ 134.126461][ C0] ? __pfx_rtnl_newlink+0x10/0x10
[ 134.126469][ C0] rtnetlink_rcv_msg+0x7cf/0xb70
[ 134.126479][ C0] ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 134.126486][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 134.126498][ C0] netlink_rcv_skb+0x205/0x470
[ 134.126506][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 134.126515][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10
[ 134.126530][ C0] ? netlink_deliver_tap+0x2e/0x1b0
[ 134.126538][ C0] ? netlink_deliver_tap+0x2e/0x1b0
[ 134.126547][ C0] netlink_unicast+0x758/0x8d0
[ 134.126563][ C0] netlink_sendmsg+0x805/0xb30
[ 134.126574][ C0] ? __pfx_netlink_sendmsg+0x10/0x10
[ 134.126583][ C0] ? aa_sock_msg_perm+0xf1/0x1d0
[ 134.126594][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 134.126605][ C0] ? __pfx_netlink_sendmsg+0x10/0x10
[ 134.126613][ C0] __sock_sendmsg+0x21c/0x270
[ 134.126626][ C0] __sys_sendto+0x3bd/0x520
[ 134.126635][ C0] ? __pfx___sys_sendto+0x10/0x10
[ 134.126647][ C0] ? fput_close_sync+0x119/0x200
[ 134.126660][ C0] ? __pfx_fput_close_sync+0x10/0x10
[ 134.126672][ C0] __x64_sys_sendto+0xde/0x100
[ 134.126681][ C0] do_syscall_64+0xfa/0x3b0
[ 134.126690][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.126699][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 134.126708][ C0] ? clear_bhb_loop+0x60/0xb0
[ 134.126717][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.126726][ C0] RIP: 0033:0x7f4dbf1907bc
[ 134.126735][ C0] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b
[ 134.126742][ C0] RSP: 002b:00007ffd7f598dd0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 134.126752][ C0] RAX: ffffffffffffffda RBX: 00007f4dbfee4620 RCX: 00007f4dbf1907bc
[ 134.126759][ C0] RDX: 000000000000002c RSI: 00007f4dbfee4670 RDI: 0000000000000003
[ 134.126765][ C0] RBP: 0000000000000000 R08: 00007ffd7f598e24 R09: 000000000000000c
[ 134.126771][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[ 134.126776][ C0] R13: 0000000000000000 R14: 00007f4dbfee4670 R15: 0000000000000000
[ 134.126785][ C0]
[ 134.127153][ C0] Kernel Offset: disabled