Warning: Permanently added '10.128.0.146' (ED25519) to the list of known hosts. 1970/01/01 00:01:23 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:24 parsed 1 programs [ 87.844423][ T6897] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 99.261960][ T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 99.264200][ T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 99.264578][ T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 99.265344][ T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 99.265777][ T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 101.185066][ T7045] chnl_net:caif_netlink_parms(): no params data found [ 101.222149][ T7045] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.222233][ T7045] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.222326][ T7045] bridge_slave_0: entered allmulticast mode [ 101.223149][ T7045] bridge_slave_0: entered promiscuous mode [ 101.224164][ T7045] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.224208][ T7045] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.224296][ T7045] bridge_slave_1: entered allmulticast mode [ 101.225052][ T7045] bridge_slave_1: entered promiscuous mode [ 101.273988][ T7045] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.275511][ T7045] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.293367][ T7045] team0: Port device team_slave_0 added [ 101.295154][ T7045] team0: Port device team_slave_1 added [ 101.308245][ T7045] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 101.308290][ T7045] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.308323][ T7045] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 101.309562][ T7045] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.309588][ T7045] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.309618][ T7045] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 101.339908][ T7045] hsr_slave_0: entered promiscuous mode [ 101.341471][ T7045] hsr_slave_1: entered promiscuous mode [ 102.208010][ T7045] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 102.211820][ T7045] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 102.215845][ T7045] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 102.221388][ T7045] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 102.275499][ T7045] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.285806][ T7045] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.289900][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.289977][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.298214][ T14] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.298293][ T14] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.402119][ T7045] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.431471][ T7045] veth0_vlan: entered promiscuous mode [ 102.438489][ T7045] veth1_vlan: entered promiscuous mode [ 102.451617][ T7045] veth0_macvtap: entered promiscuous mode [ 102.458262][ T7045] veth1_macvtap: entered promiscuous mode [ 102.464073][ T7045] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.466141][ T7045] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.467939][ T7045] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.467980][ T7045] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.468012][ T7045] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.468056][ T7045] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.822363][ T14] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.921976][ T14] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.029413][ T14] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.064960][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.065025][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.130869][ T14] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.135316][ T844] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.135388][ T844] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 1970/01/01 00:01:43 executed programs: 0 [ 103.632393][ T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 103.640373][ T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 103.642828][ T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 103.645519][ T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 103.650515][ T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 103.812734][ T7214] chnl_net:caif_netlink_parms(): no params data found [ 103.864617][ T7214] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.864741][ T7214] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.865149][ T7214] bridge_slave_0: entered allmulticast mode [ 103.866805][ T7214] bridge_slave_0: entered promiscuous mode [ 103.872555][ T7214] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.872625][ T7214] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.872735][ T7214] bridge_slave_1: entered allmulticast mode [ 103.873597][ T7214] bridge_slave_1: entered promiscuous mode [ 103.895432][ T7214] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 103.899970][ T7214] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 103.919132][ T7214] team0: Port device team_slave_0 added [ 103.922179][ T7214] team0: Port device team_slave_1 added [ 103.936439][ T7214] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.938591][ T7214] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.945796][ T7214] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 103.950135][ T7214] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 103.952161][ T7214] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.960409][ T7214] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 103.988748][ T7214] hsr_slave_0: entered promiscuous mode [ 103.990899][ T7214] hsr_slave_1: entered promiscuous mode [ 103.992860][ T7214] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 103.995078][ T7214] Cannot create hsr debugfs directory [ 105.717224][ T52] Bluetooth: hci0: command tx timeout [ 105.823065][ T14] bridge_slave_1: left allmulticast mode [ 105.824901][ T14] bridge_slave_1: left promiscuous mode [ 105.826607][ T14] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.846555][ T14] bridge_slave_0: left allmulticast mode [ 105.846615][ T14] bridge_slave_0: left promiscuous mode [ 105.846752][ T14] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.409402][ T14] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 107.471487][ T14] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 107.518898][ T14] bond0 (unregistering): Released all slaves [ 107.616714][ T14] hsr_slave_0: left promiscuous mode [ 107.618487][ T14] hsr_slave_1: left promiscuous mode [ 107.620452][ T14] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 107.622425][ T14] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 107.623301][ T14] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 107.623334][ T14] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 107.635725][ T14] veth1_macvtap: left promiscuous mode [ 107.636808][ T14] veth0_macvtap: left promiscuous mode [ 107.636913][ T14] veth1_vlan: left promiscuous mode [ 107.637303][ T14] veth0_vlan: left promiscuous mode [ 107.787280][ T52] Bluetooth: hci0: command tx timeout [ 109.479081][ T14] team0 (unregistering): Port device team_slave_1 removed [ 109.658803][ T14] team0 (unregistering): Port device team_slave_0 removed [ 109.867261][ T52] Bluetooth: hci0: command tx timeout [ 111.957297][ T52] Bluetooth: hci0: command tx timeout [ 112.394765][ T7214] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 112.401935][ T7214] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 112.406457][ T7214] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 112.410723][ T7214] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 112.555689][ T7214] 8021q: adding VLAN 0 to HW filter on device bond0 [ 112.563786][ T7214] 8021q: adding VLAN 0 to HW filter on device team0 [ 112.566578][ T844] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.566660][ T844] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.569699][ T825] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.569767][ T825] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.794824][ T7214] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 112.813219][ T7214] veth0_vlan: entered promiscuous mode [ 112.816298][ T7214] veth1_vlan: entered promiscuous mode [ 112.830313][ T7214] veth0_macvtap: entered promiscuous mode [ 112.832224][ T7214] veth1_macvtap: entered promiscuous mode [ 112.840065][ T7214] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 112.841813][ T7214] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 112.843221][ T7214] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.843261][ T7214] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.843291][ T7214] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.843321][ T7214] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.921658][ T825] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.921717][ T825] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.935980][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.936046][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 1970/01/01 00:01:52 executed programs: 2 [ 113.014470][ T ** replaying previous printk message ** [ 113.014470][ T7470] ------------[ cut here ]------------ [ 113.014550][ T7470] ODEBUG: activate active (active state 1) object: 00000000c37e5253 object type: rcu_head hint: 0x0 [ 113.014925][ T7470] WARNING: CPU: 1 PID: 7470 at lib/debugobjects.c:615 debug_object_activate+0x344/0x460 [ 113.023702][ T7470] Modules linked in: [ 113.024867][ T7470] CPU: 1 UID: 0 PID: 7470 Comm: syz.0.17 Not tainted 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 113.028220][ T7470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 113.031096][ T7470] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 113.033303][ T7470] pc : debug_object_activate+0x344/0x460 [ 113.035037][ T7470] lr : debug_object_activate+0x344/0x460 [ 113.036644][ T7470] sp : ffff80009c7b76d0 [ 113.037885][ T7470] x29: ffff80009c7b76d0 x28: ffff8000976d8000 x27: dfff800000000000 [ 113.040321][ T7470] x26: ffff80008afc2440 x25: 0000000000000001 x24: ffff8000891ac400 [ 113.042752][ T7470] x23: 0000000000000003 x22: ffff80008b5399e0 x21: 0000000000000000 [ 113.045187][ T7470] x20: ffff80008afc2440 x19: ffff8000891ac400 x18: 0000000000000000 [ 113.047529][ T7470] x17: 3532356537336330 x16: ffff80008aefc498 x15: 0000000000000001 [ 113.049902][ T7470] x14: 1fffe000337d88e2 x13: 0000000000000000 x12: 0000000000000000 [ 113.052181][ T7470] x11: ffff6000337d88e3 x10: 0000000000ff0100 x9 : 6dd603b02563fa00 [ 113.054455][ T7470] x8 : 6dd603b02563fa00 x7 : 0000000000000001 x6 : 0000000000000001 [ 113.056701][ T7470] x5 : ffff80009c7b7018 x4 : ffff80008f766be0 x3 : ffff8000807bcfac [ 113.059000][ T7470] x2 : 0000000000000001 x1 : 0000000100000201 x0 : 0000000000000000 [ 113.061381][ T7470] Call trace: [ 113.062300][ T7470] debug_object_activate+0x344/0x460 (P) [ 113.063955][ T7470] kvfree_call_rcu+0x4c/0x3f0 [ 113.065239][ T7470] cipso_v4_sock_setattr+0x2f0/0x3f4 [ 113.066731][ T7470] netlbl_sock_setattr+0x240/0x334 [ 113.068141][ T7470] smack_netlbl_add+0xa8/0x158 [ 113.069527][ T7470] smack_inode_setsecurity+0x378/0x430 [ 113.071082][ T7470] security_inode_setsecurity+0x118/0x3c0 [ 113.072752][ T7470] __vfs_setxattr_noperm+0x174/0x5c4 [ 113.074289][ T7470] __vfs_setxattr_locked+0x1ec/0x218 [ 113.075797][ T7470] vfs_setxattr+0x158/0x2ac [ 113.077056][ T7470] file_setxattr+0x1b8/0x294 [ 113.078388][ T7470] path_setxattrat+0x2ac/0x320 [ 113.079812][ T7470] __arm64_sys_fsetxattr+0xc0/0xdc [ 113.081250][ T7470] invoke_syscall+0x98/0x2b8 [ 113.082748][ T7470] el0_svc_common+0x130/0x23c [ 113.084121][ T7470] do_el0_svc+0x48/0x58 [ 113.085328][ T7470] el0_svc+0x58/0x180 [ 113.086539][ T7470] el0t_64_sync_handler+0x84/0x12c [ 113.087949][ T7470] el0t_64_sync+0x198/0x19c [ 113.089279][ T7470] irq event stamp: 179 [ 113.090390][ T7470] hardirqs last enabled at (178): [] __console_unlock+0x70/0xc4 [ 113.093145][ T7470] hardirqs last disabled at (179): [] el1_brk64+0x1c/0x48 [ 113.095710][ T7470] softirqs last enabled at (126): [] release_sock+0x14c/0x1ac [ 113.098292][ T7470] softirqs last disabled at (154): [] local_bh_disable+0x10/0x34 [ 113.100969][ T7470] ---[ end trace 0000000000000000 ]--- [ 113. ** replaying previous printk message ** [ 113.102691][ T7470] ------------[ cut here ]------------ [ 113.102729][ T7470] ODEBUG: active_state active (active state 1) object: 00000000c37e5253 object type: rcu_head hint: 0x0 [ 113.103138][ T7470] WARNING: CPU: 1 PID: 7470 at lib/debugobjects.c:615 debug_object_active_state+0x28c/0x350 [ 113.111804][ T7470] Modules linked in: [ 113.112905][ T7470] CPU: 1 UID: 0 PID: 7470 Comm: syz.0.17 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 113.116722][ T7470] Tainted: [W]=WARN [ 113.117768][ T7470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 113.120690][ T7470] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 113.122911][ T7470] pc : debug_object_active_state+0x28c/0x350 [ 113.124823][ T7470] lr : debug_object_active_state+0x28c/0x350 [ 113.126552][ T7470] sp : ffff80009c7b76c0 [ 113.127726][ T7470] x29: ffff80009c7b76d0 x28: ffff80008f671000 x27: dfff800000000000 [ 113.130136][ T7470] x26: 0000000000000003 x25: 0000000000000000 x24: ffff0000efd288f8 [ 113.132458][ T7470] x23: 0000000000000001 x22: ffff80008afc2440 x21: ffff80008b5399e0 [ 113.134844][ T7470] x20: 0000000000000000 x19: ffff8000891ac400 x18: 0000000000000000 [ 113.137150][ T7470] x17: 3733633030303030 x16: ffff80008ae63d48 x15: ffff700011ede144 [ 113.139558][ T7470] x14: 1ffff00011ede144 x13: 0000000000000004 x12: ffffffffffffffff [ 113.141958][ T7470] x11: ffff700011ede144 x10: 0000000000ff0100 x9 : 6dd603b02563fa00 [ 113.144430][ T7470] x8 : 6dd603b02563fa00 x7 : 0000000000000001 x6 : 0000000000000001 [ 113.146794][ T7470] x5 : ffff80009c7b7018 x4 : ffff80008f766be0 x3 : ffff80008054d314 [ 113.149123][ T7470] x2 : 0000000000000000 x1 : 0000000100000201 x0 : 0000000000000000 [ 113.151465][ T7470] Call trace: [ 113.152417][ T7470] debug_object_active_state+0x28c/0x350 (P) [ 113.154120][ T7470] kvfree_call_rcu+0x64/0x3f0 [ 113.155461][ T7470] cipso_v4_sock_setattr+0x2f0/0x3f4 [ 113.156971][ T7470] netlbl_sock_setattr+0x240/0x334 [ 113.158438][ T7470] smack_netlbl_add+0xa8/0x158 [ 113.159833][ T7470] smack_inode_setsecurity+0x378/0x430 [ 113.161396][ T7470] security_inode_setsecurity+0x118/0x3c0 [ 113.163043][ T7470] __vfs_setxattr_noperm+0x174/0x5c4 [ 113.164554][ T7470] __vfs_setxattr_locked+0x1ec/0x218 [ 113.166072][ T7470] vfs_setxattr+0x158/0x2ac [ 113.167438][ T7470] file_setxattr+0x1b8/0x294 [ 113.168749][ T7470] path_setxattrat+0x2ac/0x320 [ 113.170268][ T7470] __arm64_sys_fsetxattr+0xc0/0xdc [ 113.171736][ T7470] invoke_syscall+0x98/0x2b8 [ 113.173120][ T7470] el0_svc_common+0x130/0x23c [ 113.174458][ T7470] do_el0_svc+0x48/0x58 [ 113.175660][ T7470] el0_svc+0x58/0x180 [ 113.176801][ T7470] el0t_64_sync_handler+0x84/0x12c [ 113.178349][ T7470] el0t_64_sync+0x198/0x19c [ 113.179705][ T7470] irq event stamp: 205 [ 113.180904][ T7470] hardirqs last enabled at (204): [] __console_unlock+0x70/0xc4 [ 113.183626][ T7470] hardirqs last disabled at (205): [] el1_brk64+0x1c/0x48 [ 113.186134][ T7470] softirqs last enabled at (126): [] release_sock+0x14c/0x1ac [ 113.188813][ T7470] softirqs last disabled at (154): [] local_bh_disable+0x10/0x34 [ 113.191412][ T7470] ---[ end trace 0000000000000000 ]--- [ 11 ** replaying previous printk message ** [ 113.193073][ T7470] ------------[ cut here ]------------ [ 113.193134][ T7470] kvfree_call_rcu(): Double-freed call. rcu_head 00000000c37e5253 [ 113.193240][ T7470] WARNING: CPU: 1 PID: 7470 at mm/slab_common.c:1956 kvfree_call_rcu+0x94/0x3f0 [ 113.200686][ T7470] Modules linked in: [ 113.201792][ T7470] CPU: 1 UID: 0 PID: 7470 Comm: syz.0.17 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 113.205634][ T7470] Tainted: [W]=WARN [ 113.206757][ T7470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 113.209651][ T7470] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 113.211816][ T7470] pc : kvfree_call_rcu+0x94/0x3f0 [ 113.213244][ T7470] lr : kvfree_call_rcu+0x94/0x3f0 [ 113.214718][ T7470] sp : ffff80009c7b7730 [ 113.215865][ T7470] x29: ffff80009c7b7730 x28: 00000000fffffff5 x27: 1fffe00018c336a3 [ 113.218214][ T7470] x26: dfff800000000000 x25: ffff0000d49487ee x24: 0000000000000017 [ 113.220518][ T7470] x23: ffff8000891ac400 x22: 00000000ffffffea x21: ffff8000891ac400 [ 113.222809][ T7470] x20: ffff8000891ac400 x19: ffff80008afc2440 x18: 0000000000000000 [ 113.225127][ T7470] x17: 0000000000000000 x16: ffff80008ae63d48 x15: ffff700011ede144 [ 113.227535][ T7470] x14: 1ffff00011ede144 x13: 0000000000000004 x12: ffffffffffffffff [ 113.229754][ T7470] x11: ffff700011ede144 x10: 0000000000ff0100 x9 : 6dd603b02563fa00 [ 113.232015][ T7470] x8 : 6dd603b02563fa00 x7 : 0000000000000001 x6 : 0000000000000001 [ 113.234503][ T7470] x5 : ffff80009c7b7078 x4 : ffff80008f766be0 x3 : ffff80008054d314 [ 113.236752][ T7470] x2 : 0000000000000000 x1 : 0000000000000201 x0 : 0000000000000000 [ 113.239144][ T7470] Call trace: [ 113.240168][ T7470] kvfree_call_rcu+0x94/0x3f0 (P) [ 113.241580][ T7470] cipso_v4_sock_setattr+0x2f0/0x3f4 [ 113.243143][ T7470] netlbl_sock_setattr+0x240/0x334 [ 113.244601][ T7470] smack_netlbl_add+0xa8/0x158 [ 113.245898][ T7470] smack_inode_setsecurity+0x378/0x430 [ 113.247412][ T7470] security_inode_setsecurity+0x118/0x3c0 [ 113.249043][ T7470] __vfs_setxattr_noperm+0x174/0x5c4 [ 113.250474][ T7470] __vfs_setxattr_locked+0x1ec/0x218 [ 113.252000][ T7470] vfs_setxattr+0x158/0x2ac [ 113.253199][ T7470] file_setxattr+0x1b8/0x294 [ 113.254461][ T7470] path_setxattrat+0x2ac/0x320 [ 113.255794][ T7470] __arm64_sys_fsetxattr+0xc0/0xdc [ 113.257209][ T7470] invoke_syscall+0x98/0x2b8 [ 113.258514][ T7470] el0_svc_common+0x130/0x23c [ 113.259838][ T7470] do_el0_svc+0x48/0x58 [ 113.261023][ T7470] el0_svc+0x58/0x180 [ 113.262163][ T7470] el0t_64_sync_handler+0x84/0x12c [ 113.263595][ T7470] el0t_64_sync+0x198/0x19c [ 113.264858][ T7470] irq event stamp: 229 [ 113.265961][ T7470] hardirqs last enabled at (228): [] __console_unlock+0x70/0xc4 [ 113.268518][ T7470] hardirqs last disabled at (229): [] el1_brk64+0x1c/0x48 [ 113.270916][ T7470] softirqs last enabled at (126): [] release_sock+0x14c/0x1ac [ 113.273407][ T7470] softirqs last disabled at (154): [] local_bh_disable+0x10/0x34 [ 113.276010][ T7470] ---[ end trace 0000000000000000 ]--- [ 113.2917 ** replaying previous printk message ** [ 113.291787][ T7472] ------------[ cut here ]------------ [ 113.291833][ T7472] ODEBUG: activate active (active state 1) object: 00000000c37e5253 object type: rcu_head hint: 0x0 [ 113.292215][ T7472] WARNING: CPU: 0 PID: 7472 at lib/debugobjects.c:615 debug_object_activate+0x344/0x460 [ 113.300765][ T7472] Modules linked in: [ 113.301892][ T7472] CPU: 0 UID: 0 PID: 7472 Comm: syz.0.18 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 113.305855][ T7472] Tainted: [W]=WARN [ 113.306931][ T7472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 113.309958][ T7472] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 113.312152][ T7472] pc : debug_object_activate+0x344/0x460 [ 113.313813][ T7472] lr : debug_object_activate+0x344/0x460 [ 113.315382][ T7472] sp : ffff80009c7b76d0 [ 113.316573][ T7472] x29: ffff80009c7b76d0 x28: ffff8000976d8000 x27: dfff800000000000 [ 113.318857][ T7472] x26: ffff80008afc2440 x25: 0000000000000001 x24: ffff8000891ac400 [ 113.321169][ T7472] x23: 0000000000000003 x22: ffff80008b5399e0 x21: 0000000000000000 [ 113.323477][ T7472] x20: ffff80008afc2440 x19: ffff8000891ac400 x18: 0000000000000000 [ 113.325735][ T7472] x17: 3532356537336330 x16: ffff80008aefc498 x15: 0000000000000001 [ 113.328127][ T7472] x14: 1fffe000337d40e2 x13: 0000000000000000 x12: 0000000000000000 [ 113.330472][ T7472] x11: ffff6000337d40e3 x10: 0000000000ff0100 x9 : 26e01b5683d37900 [ 113.332800][ T7472] x8 : 26e01b5683d37900 x7 : 0000000000000001 x6 : 0000000000000001 [ 113.335070][ T7472] x5 : ffff80009c7b7018 x4 : ffff80008f766be0 x3 : ffff8000807bcfac [ 113.337296][ T7472] x2 : 0000000000000001 x1 : 0000000100000201 x0 : 0000000000000000 [ 113.339582][ T7472] Call trace: [ 113.340461][ T7472] debug_object_activate+0x344/0x460 (P) [ 113.342085][ T7472] kvfree_call_rcu+0x4c/0x3f0 [ 113.343522][ T7472] cipso_v4_sock_setattr+0x2f0/0x3f4 [ 113.345176][ T7472] netlbl_sock_setattr+0x240/0x334 [ 113.346629][ T7472] smack_netlbl_add+0xa8/0x158 [ 113.347962][ T7472] smack_inode_setsecurity+0x378/0x430 [ 113.349531][ T7472] security_inode_setsecurity+0x118/0x3c0 [ 113.351165][ T7472] __vfs_setxattr_noperm+0x174/0x5c4 [ 113.352636][ T7472] __vfs_setxattr_locked+0x1ec/0x218 [ 113.354123][ T7472] vfs_setxattr+0x158/0x2ac [ 113.355476][ T7472] file_setxattr+0x1b8/0x294 [ 113.356844][ T7472] path_setxattrat+0x2ac/0x320 [ 113.358222][ T7472] __arm64_sys_fsetxattr+0xc0/0xdc [ 113.359763][ T7472] invoke_syscall+0x98/0x2b8 [ 113.361137][ T7472] el0_svc_common+0x130/0x23c [ 113.362530][ T7472] do_el0_svc+0x48/0x58 [ 113.363769][ T7472] el0_svc+0x58/0x180 [ 113.364935][ T7472] el0t_64_sync_handler+0x84/0x12c [ 113.366381][ T7472] el0t_64_sync+0x198/0x19c [ 113.367669][ T7472] irq event stamp: 169 [ 113.368899][ T7472] hardirqs last enabled at (168): [] __console_unlock+0x70/0xc4 [ 113.371690][ T7472] hardirqs last disabled at (169): [] el1_brk64+0x1c/0x48 [ 113.374038][ T7472] softirqs last enabled at (118): [] release_sock+0x14c/0x1ac [ 113.376691][ T7472] softirqs last disabled at (144): [] local_bh_disable+0x10/0x34 [ 113.379398][ T7472] ---[ end trace 0000000000000000 ]--- [ 113.381158] ** replaying previous printk message ** [ 113.381158][ T7472] ------------[ cut here ]------------ [ 113.381198][ T7472] ODEBUG: active_state active (active state 1) object: 00000000c37e5253 object type: rcu_head hint: 0x0 [ 113.381570][ T7472] WARNING: CPU: 0 PID: 7472 at lib/debugobjects.c:615 debug_object_active_state+0x28c/0x350 [ 113.390616][ T7472] Modules linked in: [ 113.391838][ T7472] CPU: 0 UID: 0 PID: 7472 Comm: syz.0.18 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 113.395886][ T7472] Tainted: [W]=WARN [ 113.397014][ T7472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 113.399938][ T7472] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 113.402263][ T7472] pc : debug_object_active_state+0x28c/0x350 [ 113.404025][ T7472] lr : debug_object_active_state+0x28c/0x350 [ 113.405732][ T7472] sp : ffff80009c7b76c0 [ 113.406943][ T7472] x29: ffff80009c7b76d0 x28: ffff80008f671000 x27: dfff800000000000 [ 113.409371][ T7472] x26: 0000000000000003 x25: 0000000000000000 x24: ffff0000efd288f8 [ 113.411690][ T7472] x23: 0000000000000001 x22: ffff80008afc2440 x21: ffff80008b5399e0 [ 113.414161][ T7472] x20: 0000000000000000 x19: ffff8000891ac400 x18: 0000000000000000 [ 113.416708][ T7472] x17: 3733633030303030 x16: ffff80008ae63d48 x15: ffff700011ede144 [ 113.419208][ T7472] x14: 1ffff00011ede144 x13: 0000000000000004 x12: ffffffffffffffff [ 113.421623][ T7472] x11: ffff700011ede144 x10: 0000000000ff0100 x9 : 26e01b5683d37900 [ 113.424074][ T7472] x8 : 26e01b5683d37900 x7 : 0000000000000001 x6 : 0000000000000001 [ 113.426295][ T7472] x5 : ffff80009c7b7018 x4 : ffff80008f766be0 x3 : ffff80008054d314 [ 113.428641][ T7472] x2 : 0000000000000000 x1 : 0000000100000201 x0 : 0000000000000000 [ 113.430907][ T7472] Call trace: [ 113.431808][ T7472] debug_object_active_state+0x28c/0x350 (P) [ 113.433571][ T7472] kvfree_call_rcu+0x64/0x3f0 [ 113.434955][ T7472] cipso_v4_sock_setattr+0x2f0/0x3f4 [ 113.436499][ T7472] netlbl_sock_setattr+0x240/0x334 [ 113.437922][ T7472] smack_netlbl_add+0xa8/0x158 [ 113.439351][ T7472] smack_inode_setsecurity+0x378/0x430 [ 113.440924][ T7472] security_inode_setsecurity+0x118/0x3c0 [ 113.442598][ T7472] __vfs_setxattr_noperm+0x174/0x5c4 [ 113.444143][ T7472] __vfs_setxattr_locked+0x1ec/0x218 [ 113.445738][ T7472] vfs_setxattr+0x158/0x2ac [ 113.447038][ T7472] file_setxattr+0x1b8/0x294 [ 113.448437][ T7472] path_setxattrat+0x2ac/0x320 [ 113.449860][ T7472] __arm64_sys_fsetxattr+0xc0/0xdc [ 113.451400][ T7472] invoke_syscall+0x98/0x2b8 [ 113.452661][ T7472] el0_svc_common+0x130/0x23c [ 113.454069][ T7472] do_el0_svc+0x48/0x58 [ 113.455320][ T7472] el0_svc+0x58/0x180 [ 113.456459][ T7472] el0t_64_sync_handler+0x84/0x12c [ 113.457907][ T7472] el0t_64_sync+0x198/0x19c [ 113.459292][ T7472] irq event stamp: 195 [ 113.460445][ T7472] hardirqs last enabled at (194): [] __console_unlock+0x70/0xc4 [ 113.463054][ T7472] hardirqs last disabled at (195): [] el1_brk64+0x1c/0x48 [ 113.465544][ T7472] softirqs last enabled at (118): [] release_sock+0x14c/0x1ac [ 113.468217][ T7472] softirqs last disabled at (144): [] local_bh_disable+0x10/0x34 [ 113.470936][ T7472] ---[ end trace 0000000000000000 ]--- [ 113.4 ** replaying previous printk message ** [ 113.489871][ T7474] ------------[ cut here ]------------ [ 113.489918][ T7474] ODEBUG: activate active (active state 1) object: 00000000c37e5253 object type: rcu_head hint: 0x0 [ 113.490304][ T7474] WARNING: CPU: 0 PID: 7474 at lib/debugobjects.c:615 debug_object_activate+0x344/0x460 [ 113.498730][ T7474] Modules linked in: [ 113.499868][ T7474] CPU: 0 UID: 0 PID: 7474 Comm: syz.0.19 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 113.503750][ T7474] Tainted: [W]=WARN [ 113.504913][ T7474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 113.507744][ T7474] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 113.510048][ T7474] pc : debug_object_activate+0x344/0x460 [ 113.511727][ T7474] lr : debug_object_activate+0x344/0x460 [ 113.513332][ T7474] sp : ffff80009c7b76d0 [ 113.514533][ T7474] x29: ffff80009c7b76d0 x28: ffff8000976d8000 x27: dfff800000000000 [ 113.516870][ T7474] x26: ffff80008afc2440 x25: 0000000000000001 x24: ffff8000891ac400 [ 113.519126][ T7474] x23: 0000000000000003 x22: ffff80008b5399e0 x21: 0000000000000000 [ 113.521471][ T7474] x20: ffff80008afc2440 x19: ffff8000891ac400 x18: 0000000000000000 [ 113.523769][ T7474] x17: 3532356537336330 x16: ffff80008aefc498 x15: 0000000000000001 [ 113.526047][ T7474] x14: 1fffe000337d40e2 x13: 0000000000000000 x12: 0000000000000000 [ 113.528467][ T7474] x11: ffff6000337d40e3 x10: 0000000000ff0100 x9 : e27ad83ffe038000 [ 113.530791][ T7474] x8 : e27ad83ffe038000 x7 : 0000000000000001 x6 : 0000000000000001 [ 113.533153][ T7474] x5 : ffff80009c7b7018 x4 : ffff80008f766be0 x3 : ffff8000807bcfac [ 113.535496][ T7474] x2 : 0000000000000001 x1 : 0000000100000201 x0 : 0000000000000000 [ 113.537814][ T7474] Call trace: [ 113.538754][ T7474] debug_object_activate+0x344/0x460 (P) [ 113.540436][ T7474] kvfree_call_rcu+0x4c/0x3f0 [ 113.541738][ T7474] cipso_v4_sock_setattr+0x2f0/0x3f4 [ 113.543292][ T7474] netlbl_sock_setattr+0x240/0x334 [ 113.544812][ T7474] smack_netlbl_add+0xa8/0x158 [ 113.546163][ T7474] smack_inode_setsecurity+0x378/0x430 [ 113.547784][ T7474] security_inode_setsecurity+0x118/0x3c0 [ 113.549427][ T7474] __vfs_setxattr_noperm+0x174/0x5c4 [ 113.550908][ T7474] __vfs_setxattr_locked+0x1ec/0x218 [ 113.552466][ T7474] vfs_setxattr+0x158/0x2ac [ 113.553820][ T7474] file_setxattr+0x1b8/0x294 [ 113.555163][ T7474] path_setxattrat+0x2ac/0x320 [ 113.556615][ T7474] __arm64_sys_fsetxattr+0xc0/0xdc [ 113.558056][ T7474] invoke_syscall+0x98/0x2b8 [ 113.559398][ T7474] el0_svc_common+0x130/0x23c [ 113.560719][ T7474] do_el0_svc+0x48/0x58 [ 113.561930][ T7474] el0_svc+0x58/0x180 [ 113.563090][ T7474] el0t_64_sync_handler+0x84/0x12c [ 113.564642][ T7474] el0t_64_sync+0x198/0x19c [ 113.565908][ T7474] irq event stamp: 175 [ 113.567107][ T7474] hardirqs last enabled at (174): [] __console_unlock+0x70/0xc4 [ 113.569739][ T7474] hardirqs last disabled at (175): [] el1_brk64+0x1c/0x48 [ 113.572263][ T7474] softirqs last enabled at (124): [] release_sock+0x14c/0x1ac [ 113.574830][ T7474] softirqs last disabled at (150): [] local_bh_disable+0x10/0x34 [ 113.577545][ T7474] ---[ end trace 0000000000000000 ]--- [ 113.711541][ T63] ** replaying previous printk message ** [ 113.711541][ T63] ------------[ cut here ]------------ [ 113.712448][ T63] Trying to vfree() bad address (00000000c37e5253) [ 113.712569][ T63] WARNING: CPU: 0 PID: 63 at mm/vmalloc.c:3274 remove_vm_area+0x268/0x270 [ 113.720010][ T63] Modules linked in: [ 113.721265][ T63] CPU: 0 UID: 0 PID: 63 Comm: kworker/u8:4 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 113.725420][ T63] Tainted: [W]=WARN [ 113.726606][ T63] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 113.729655][ T63] Workqueue: kvfree_rcu_reclaim kfree_rcu_monitor [ 113.731579][ T63] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 113.733877][ T63] pc : remove_vm_area+0x268/0x270 [ 113.735342][ T63] lr : remove_vm_area+0x264/0x270 [ 113.736753][ T63] sp : ffff800099b978e0 [ 113.737992][ T63] x29: ffff800099b978f0 x28: ffff00019beaf4d4 x27: ffff00019beaf4c0 [ 113.740343][ T63] x26: ffff00019beaf4b0 x25: dfff800000000000 x24: 0000000000000001 [ 113.742615][ T63] x23: ffff0000c45f1028 x22: 1fffe000186177a1 x21: 0000000000000000 [ 113.744962][ T63] x20: 0000000000000000 x19: ffff8000891ac400 x18: 1fffe000337d4076 [ 113.747397][ T63] x17: 0000000000000000 x16: ffff80008aefc498 x15: 0000000000000001 [ 113.749715][ T63] x14: 1fffe000337d40e2 x13: 0000000000000000 x12: 0000000000000000 [ 113.752045][ T63] x11: ffff6000337d40e3 x10: 0000000000ff0100 x9 : 93e459d52e930100 [ 113.754434][ T63] x8 : 93e459d52e930100 x7 : 0000000000000001 x6 : 0000000000000001 [ 113.756797][ T63] x5 : ffff800099b97238 x4 : ffff80008f766be0 x3 : ffff8000807bcfac [ 113.759114][ T63] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 113.761598][ T63] Call trace: [ 113.762590][ T63] remove_vm_area+0x268/0x270 (P) [ 113.764101][ T63] vfree+0xac/0x3dc [ 113.765224][ T63] kvfree_rcu_bulk+0xc4/0x228 [ 113.766573][ T63] kfree_rcu_monitor+0x230/0x2b4 [ 113.768038][ T63] process_one_work+0x7e8/0x155c [ 113.769480][ T63] worker_thread+0x958/0xed8 [ 113.770807][ T63] kthread+0x5fc/0x75c [ 113.771923][ T63] ret_from_fork+0x10/0x20 [ 113.773255][ T63] irq event stamp: 1611120 [ 113.774624][ T63] hardirqs last enabled at (1611119): [] __console_unlock+0x70/0xc4 [ 113.777388][ T63] hardirqs last disabled at (1611120): [] el1_brk64+0x1c/0x48 [ 113.780015][ T63] softirqs last enabled at (1611104): [] handle_softirqs+0xaf8/0xc88 [ 113.782877][ T63] softirqs last disabled at (1610233): [] __do_softirq+0x14/0x20 [ 113.785432][ T63] ---[ end trace 0000000000000000 ]--- [ 1 ** replaying previous printk message ** [ 113.791878][ T63] ------------[ cut here ]------------ [ 113.791932][ T63] Trying to vfree() nonexistent vm area (00000000c37e5253) [ 113.792063][ T63] WARNING: CPU: 0 PID: 63 at mm/vmalloc.c:3409 vfree+0x32c/0x3dc [ 113.798983][ T63] Modules linked in: [ 113.800152][ T63] CPU: 0 UID: 0 PID: 63 Comm: kworker/u8:4 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 113.803991][ T63] Tainted: [W]=WARN [ 113.805090][ T63] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 113.808064][ T63] Workqueue: kvfree_rcu_reclaim kfree_rcu_monitor [ 113.809923][ T63] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 113.812203][ T63] pc : vfree+0x32c/0x3dc [ 113.813454][ T63] lr : vfree+0x32c/0x3dc [ 113.814659][ T63] sp : ffff800099b97950 [ 113.815817][ T63] x29: ffff800099b97960 x28: ffff00019beaf4d4 x27: ffff00019beaf4c0 [ 113.818073][ T63] x26: ffff00019beaf4b0 x25: dfff800000000000 x24: 0000000000000001 [ 113.820464][ T63] x23: ffff0000c45f1028 x22: 1fffe000186177a1 x21: 0000000000000000 [ 113.822829][ T63] x20: ffff8000891ac400 x19: 0000000000000000 x18: 1fffe000337d4076 [ 113.825152][ T63] x17: 0000000000000000 x16: ffff80008ae63d48 x15: ffff700011ede144 [ 113.827515][ T63] x14: 1ffff00011ede144 x13: 0000000000000004 x12: ffffffffffffffff [ 113.829865][ T63] x11: ffff700011ede144 x10: 0000000000ff0100 x9 : 93e459d52e930100 [ 113.832215][ T63] x8 : 93e459d52e930100 x7 : 0000000000000001 x6 : 0000000000000001 [ 113.834631][ T63] x5 : ffff800099b97298 x4 : ffff80008f766be0 x3 : ffff80008054d314 [ 113.837062][ T63] x2 : 0000000000000000 x1 : 0000000100000000 x0 : 0000000000000000 [ 113.839402][ T63] Call trace: [ 113.840393][ T63] vfree+0x32c/0x3dc (P) [ 113.841677][ T63] kvfree_rcu_bulk+0xc4/0x228 [ 113.843001][ T63] kfree_rcu_monitor+0x230/0x2b4 [ 113.844440][ T63] process_one_work+0x7e8/0x155c [ 113.845922][ T63] worker_thread+0x958/0xed8 [ 113.847316][ T63] kthread+0x5fc/0x75c [ 113.848475][ T63] ret_from_fork+0x10/0x20 [ 113.849808][ T63] irq event stamp: 1611330 [ 113.851046][ T63] hardirqs last enabled at (1611329): [] __console_unlock+0x70/0xc4 [ 113.853981][ T63] hardirqs last disabled at (1611330): [] el1_brk64+0x1c/0x48 [ 113.856623][ T63] softirqs last enabled at (1611306): [] handle_softirqs+0xaf8/0xc88 [ 113.859451][ T63] softirqs last disabled at (1611123): [] __do_softirq+0x14/0x20 [ 113.862192][ T63] ---[ end trace 0000000000000000 ]--- [ 117.638488][ T14] ------------[ cut here ]------------ [ 117.638545][ T14] Trying to vfree() bad address (00000000c37e5253) [ 117.638685][ T14] WARNING: CPU: 1 PID: 14 at mm/vmalloc.c:3274 remove_vm_area+0x268/0x270 [ 117.644677][ T14] Modules linked in: [ 117.645839][ T14] CPU: 1 UID: 0 PID: 14 Comm: kworker/u8:1 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 117.649773][ T14] Tainted: [W]=WARN [ 117.650887][ T14] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 117.653827][ T14] Workqueue: kvfree_rcu_reclaim kfree_rcu_monitor [ 117.655713][ T14] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 117.658219][ T14] pc : remove_vm_area+0x268/0x270 [ 117.659738][ T14] lr : remove_vm_area+0x264/0x270 [ 117.661277][ T14] sp : ffff800097aa78e0 [ 117.662461][ T14] x29: ffff800097aa78f0 x28: ffff00019bed34d4 x27: ffff00019bed34c0 [ 117.664885][ T14] x26: ffff00019bed34b0 x25: dfff800000000000 x24: 0000000000000001 [ 117.667308][ T14] x23: ffff0000c3224028 x22: 1fffe0001833f3d1 x21: 0000000000000000 [ 117.669631][ T14] x20: 0000000000000000 x19: ffff8000891ac400 x18: 1fffe000337d8876 [ 117.672067][ T14] x17: 0000000000000000 x16: ffff80008ae63d48 x15: ffff700011ede144 [ 117.674730][ T14] x14: 1ffff00011ede144 x13: 0000000000000004 x12: ffffffffffffffff [ 117.677109][ T14] x11: ffff700011ede144 x10: 0000000000ff0100 x9 : 676f3ea4f30dbf00 [ 117.679647][ T14] x8 : 676f3ea4f30dbf00 x7 : 0000000000000001 x6 : 0000000000000001 [ 117.682180][ T14] x5 : ffff800097aa7238 x4 : ffff80008f766be0 x3 : ffff80008054d314 [ 117.684725][ T14] x2 : 0000000000000000 x1 : 0000000100000000 x0 : 0000000000000000 [ 117.687106][ T14] Call trace: [ 117.688075][ T14] remove_vm_area+0x268/0x270 (P) [ 117.689618][ T14] vfree+0xac/0x3dc [ 117.690903][ T14] kvfree_rcu_bulk+0xc4/0x228 [ 117.692375][ T14] kfree_rcu_monitor+0x230/0x2b4 [ 117.693824][ T14] process_one_work+0x7e8/0x155c [ 117.695275][ T14] worker_thread+0x958/0xed8 [ 117.696543][ T14] kthread+0x5fc/0x75c [ 117.697732][ T14] ret_from_fork+0x10/0x20 [ 117.698992][ T14] irq event stamp: 808054 [ 117.700272][ T14] hardirqs last enabled at (808053): [] __console_unlock+0x70/0xc4 [ 117.703046][ T14] hardirqs last disabled at (808054): [] el1_brk64+0x1c/0x48 [ 117.705638][ T14] softirqs last enabled at (808010): [] batadv_forw_packet_steal+0x11c/0x13c [ 117.708842][ T14] softirqs last disabled at (808008): [] batadv_forw_packet_steal+0x38/0x13c [ 117.711897][ T14] ---[ end trace 0000000000000000 ]--- [ 117.715191][ T14] ------------[ cut here ]------------ [ 117.71 ** replaying previous printk message ** [ 117.715232][ T14] Trying to vfree() nonexistent vm area (00000000c37e5253) [ 117.717003][ T14] WARNING: CPU: 1 PID: 14 at mm/vmalloc.c:3409 vfree+0x32c/0x3dc [ 117.722624][ T14] Modules linked in: [ 117.723750][ T14] CPU: 1 UID: 0 PID: 14 Comm: kworker/u8:1 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 117.727646][ T14] Tainted: [W]=WARN [ 117.728850][ T14] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 117.731836][ T14] Workqueue: kvfree_rcu_reclaim kfree_rcu_monitor [ 117.733664][ T14] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 117.735952][ T14] pc : vfree+0x32c/0x3dc [ 117.737223][ T14] lr : vfree+0x32c/0x3dc [ 117.738422][ T14] sp : ffff800097aa7950 [ 117.739607][ T14] x29: ffff800097aa7960 x28: ffff00019bed34d4 x27: ffff00019bed34c0 [ 117.741905][ T14] x26: ffff00019bed34b0 x25: dfff800000000000 x24: 0000000000000001 [ 117.744203][ T14] x23: ffff0000c3224028 x22: 1fffe0001833f3d1 x21: 0000000000000000 [ 117.746592][ T14] x20: ffff8000891ac400 x19: 0000000000000000 x18: 1fffe000337d8876 [ 117.748943][ T14] x17: ffff80008f66e000 x16: ffff80008aefc498 x15: 0000000000000001 [ 117.751232][ T14] x14: 1fffe000337db2f0 x13: 0000000000000000 x12: 0000000000000000 [ 117.753566][ T14] x11: ffff800093163c08 x10: 0000000000000003 x9 : 676f3ea4f30dbf00 [ 117.755820][ T14] x8 : 676f3ea4f30dbf00 x7 : ffff800080488a2c x6 : 0000000000000000 [ 117.758126][ T14] x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000010 [ 117.760403][ T14] x2 : 0000000000000006 x1 : ffff80008b538ee0 x0 : 0000000000000001 [ 117.762692][ T14] Call trace: [ 117.763609][ T14] vfree+0x32c/0x3dc (P) [ 117.764798][ T14] kvfree_rcu_bulk+0xc4/0x228 [ 117.766112][ T14] kfree_rcu_monitor+0x230/0x2b4 [ 117.767573][ T14] process_one_work+0x7e8/0x155c [ 117.768987][ T14] worker_thread+0x958/0xed8 [ 117.770378][ T14] kthread+0x5fc/0x75c [ 117.771567][ T14] ret_from_fork+0x10/0x20 [ 117.772881][ T14] irq event stamp: 808160 [ 117.774173][ T14] hardirqs last enabled at (808159): [] finish_lock_switch+0xb0/0x1c0 [ 117.777016][ T14] hardirqs last disabled at (808160): [] el1_brk64+0x1c/0x48 [ 117.779646][ T14] softirqs last enabled at (808132): [] handle_softirqs+0xaf8/0xc88 [ 117.782475][ T14] softirqs last disabled at (808057): [] __do_softirq+0x14/0x20 [ 117.785212][ T14] ---[ end trace 0000000000000000 ]--- 1970/01/01 00:01:57 executed programs: 252 [ 118.830822][ ** replaying previous printk message ** [ 118.830822][ T14] ------------[ cut here ]------------ [ 118.830884][ T14] Trying to vfree() bad address (00000000c37e5253) [ 118.831322][ T14] WARNING: CPU: 1 PID: 14 at mm/vmalloc.c:3274 remove_vm_area+0x268/0x270 [ 118.838243][ T14] Modules linked in: [ 118.839412][ T14] CPU: 1 UID: 0 PID: 14 Comm: kworker/u8:1 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 118.843330][ T14] Tainted: [W]=WARN [ 118.844406][ T14] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 118.847184][ T14] Workqueue: kvfree_rcu_reclaim kfree_rcu_monitor [ 118.848972][ T14] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 118.851187][ T14] pc : remove_vm_area+0x268/0x270 [ 118.852617][ T14] lr : remove_vm_area+0x264/0x270 [ 118.853994][ T14] sp : ffff800097aa78e0 [ 118.855137][ T14] x29: ffff800097aa78f0 x28: ffff00019beaf4d4 x27: ffff00019beaf4c0 [ 118.857333][ T14] x26: ffff00019beaf4b0 x25: dfff800000000000 x24: 0000000000000001 [ 118.859527][ T14] x23: ffff0000c45f1028 x22: 1fffe0001833f3d1 x21: 0000000000000000 [ 118.861756][ T14] x20: 0000000000000000 x19: ffff8000891ac400 x18: 1fffe000337d8876 [ 118.864005][ T14] x17: ffff80008f66e000 x16: ffff80008aefc498 x15: 0000000000000001 [ 118.866351][ T14] x14: 1fffe000337db2f0 x13: 0000000000000000 x12: 0000000000000000 [ 118.868575][ T14] x11: ffff800093163c08 x10: 0000000000000003 x9 : 676f3ea4f30dbf00 [ 118.870899][ T14] x8 : 676f3ea4f30dbf00 x7 : ffff800080488a2c x6 : 0000000000000000 [ 118.873204][ T14] x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000010 [ 118.875451][ T14] x2 : 0000000000000006 x1 : ffff80008b538ee0 x0 : 0000000000000001 [ 118.877779][ T14] Call trace: [ 118.878723][ T14] remove_vm_area+0x268/0x270 (P) [ 118.880130][ T14] vfree+0xac/0x3dc [ 118.881190][ T14] kvfree_rcu_bulk+0xc4/0x228 [ 118.882500][ T14] kfree_rcu_monitor+0x230/0x2b4 [ 118.883869][ T14] process_one_work+0x7e8/0x155c [ 118.885268][ T14] worker_thread+0x958/0xed8 [ 118.886572][ T14] kthread+0x5fc/0x75c [ 118.887668][ T14] ret_from_fork+0x10/0x20 [ 118.888889][ T14] irq event stamp: 842684 [ 118.890110][ T14] hardirqs last enabled at (842683): [] finish_lock_switch+0xb0/0x1c0 [ 118.892880][ T14] hardirqs last disabled at (842684): [] el1_brk64+0x1c/0x48 [ 118.895342][ T14] softirqs last enabled at (840536): [] batadv_nc_purge_paths+0x2f4/0x37c [ 118.898154][ T14] softirqs last disabled at (840534): [] batadv_nc_purge_paths+0xd0/0x37c [ 118.901054][ T14] ---[ end trace 0000000000000000 ]--- [ 118.904461][ T14] ------------[ cut here ]------------ [ 118.904503][ T14] Trying to vfree() nonexistent vm area (00000000c37e5253) [ 118.915414][ T14] WARNING: CPU: 0 PID: 14 at mm/vmalloc.c:3409 vfree+0x32c/0x3dc [ 118.917577][ T14] Modules linked in: [ 118.918674][ T14] CPU: 0 UID: 0 PID: 14 Comm: kworker/u8:1 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 118.922468][ T14] Tainted: [W]=WARN [ 118.923495][ T14] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 118.926222][ T14] Workqueue: kvfree_rcu_reclaim kfree_rcu_monitor [ 118.928047][ T14] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 118.930198][ T14] pc : vfree+0x32c/0x3dc [ 118.931407][ T14] lr : vfree+0x32c/0x3dc [ 118.932603][ T14] sp : ffff800097aa7950 [ 118.933769][ T14] x29: ffff800097aa7960 x28: ffff00019beaf4d4 x27: ffff00019beaf4c0 [ 118.935967][ T14] x26: ffff00019beaf4b0 x25: dfff800000000000 x24: 0000000000000001 [ 118.938201][ T14] x23: ffff0000c45f1028 x22: 1fffe0001833f3d1 x21: 0000000000000000 [ 118.940518][ T14] x20: ffff8000891ac400 x19: 0000000000000000 x18: 1fffe000337d4076 [ 118.942751][ T14] x17: ffff80008f66e000 x16: ffff80008aefc498 x15: 0000000000000001 [ 118.944899][ T14] x14: 1fffe000337d6af0 x13: 0000000000000000 x12: 0000000000000000 [ 118.947202][ T14] x11: ffff800093163c08 x10: 0000000000000003 x9 : 676f3ea4f30dbf00 [ 118.949403][ T14] x8 : 676f3ea4f30dbf00 x7 : ffff800080488a2c x6 : 0000000000000000 [ 118.951571][ T14] x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000010 [ 118.953758][ T14] x2 : 0000000000000006 x1 : ffff80008b538ee0 x0 : 0000000000000001 [ 118.955926][ T14] Call trace: [ 118.956832][ T14] vfree+0x32c/0x3dc (P) [ 118.958008][ T14] kvfree_rcu_bulk+0xc4/0x228 [ 118.959373][ T14] kfree_rcu_monitor+0x230/0x2b4 [ 118.960684][ T14] process_one_work+0x7e8/0x155c [ 118.962101][ T14] worker_thread+0x958/0xed8 [ 118.963391][ T14] kthread+0x5fc/0x75c [ 118.964488][ T14] ret_from_fork+0x10/0x20 [ 118.965723][ T14] irq event stamp: 842752 [ 118.966898][ T14] hardirqs last enabled at (842751): [] finish_lock_switch+0xb0/0x1c0 [ 118.969676][ T14] hardirqs last disabled at (842752): [] el1_brk64+0x1c/0x48 [ 118.972067][ T14] softirqs last enabled at (842724): [] handle_softirqs+0xaf8/0xc88 [ 118.974605][ T14] softirqs last disabled at (842687): [] __do_softirq+0x14/0x20 [ 118.977163][ T14] ---[ end trace 0000000000000000 ]--- [ ** replaying previous printk message ** [ 122.828506][ T42] ------------[ cut here ]------------ [ 122.828563][ T42] Trying to vfree() bad address (00000000c37e5253) [ 122.828684][ T42] WARNING: CPU: 1 PID: 42 at mm/vmalloc.c:3274 remove_vm_area+0x268/0x270 [ 122.835537][ T42] Modules linked in: [ 122.836654][ T42] CPU: 1 UID: 0 PID: 42 Comm: kworker/u8:3 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 122.840428][ T42] Tainted: [W]=WARN [ 122.841538][ T42] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 122.844435][ T42] Workqueue: kvfree_rcu_reclaim kfree_rcu_monitor [ 122.846269][ T42] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 122.848528][ T42] pc : remove_vm_area+0x268/0x270 [ 122.849927][ T42] lr : remove_vm_area+0x264/0x270 [ 122.851336][ T42] sp : ffff8000990f78e0 [ 122.852505][ T42] x29: ffff8000990f78f0 x28: ffff00019bed34d4 x27: ffff00019bed34c0 [ 122.854765][ T42] x26: ffff00019bed34b0 x25: dfff800000000000 x24: 0000000000000001 [ 122.857010][ T42] x23: ffff0000c3222028 x22: 1fffe000184b93d1 x21: 0000000000000000 [ 122.859256][ T42] x20: 0000000000000000 x19: ffff8000891ac400 x18: 00000000ffffffff [ 122.861531][ T42] x17: 0000000000000000 x16: ffff80008aefc498 x15: 0000000000000001 [ 122.863789][ T42] x14: 1fffe000337d88e2 x13: 0000000000000000 x12: 0000000000000000 [ 122.866111][ T42] x11: ffff6000337d88e3 x10: 0000000000ff0100 x9 : 1e51cc8fa2bfe800 [ 122.868428][ T42] x8 : 1e51cc8fa2bfe800 x7 : 0000000000000001 x6 : 0000000000000001 [ 122.870647][ T42] x5 : ffff8000990f7238 x4 : ffff80008f766be0 x3 : ffff8000807bcfac [ 122.872894][ T42] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 122.875226][ T42] Call trace: [ 122.876144][ T42] remove_vm_area+0x268/0x270 (P) [ 122.877539][ T42] vfree+0xac/0x3dc [ 122.878621][ T42] kvfree_rcu_bulk+0xc4/0x228 [ 122.879905][ T42] kfree_rcu_monitor+0x230/0x2b4 [ 122.881326][ T42] process_one_work+0x7e8/0x155c [ 122.882676][ T42] worker_thread+0x958/0xed8 [ 122.884195][ T42] kthread+0x5fc/0x75c [ 122.885363][ T42] ret_from_fork+0x10/0x20 [ 122.886573][ T42] irq event stamp: 737994 [ 122.887744][ T42] hardirqs last enabled at (737993): [] __console_unlock+0x70/0xc4 [ 122.890412][ T42] hardirqs last disabled at (737994): [] el1_brk64+0x1c/0x48 [ 122.892872][ T42] softirqs last enabled at (737456): [] batadv_nc_purge_paths+0x2f4/0x37c [ 122.895577][ T42] softirqs last disabled at (737454): [] batadv_nc_purge_paths+0xd0/0x37c [ 122.898337][ T42] ---[ end trace 0000000000000000 ]--- [ 122.902923][ T42] ------------[ cut here ]------------ [ 122.902969][ T42] Trying to vfree() nonexistent vm area (00000000c37e5253) [ 122.906886][ T42] WARNING: CPU: 0 PID: 42 at mm/vmalloc.c:3409 vfree+0x32c/0x3dc [ 122.908993][ T42] Modules linked in: [ 122.910156][ T42] CPU: 0 UID: 0 PID: 42 Comm: kworker/u8:3 Tainted: G W 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 122.913834][ T42] Tainted: [W]=WARN [ 122.914861][ T42] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 122.917700][ T42] Workqueue: kvfree_rcu_reclaim kfree_rcu_monitor [ 122.919537][ T42] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 122.921717][ T42] pc : vfree+0x32c/0x3dc [ 122.922896][ T42] lr : vfree+0x32c/0x3dc [ 122.924075][ T42] sp : ffff8000990f7950 [ 122.925214][ T42] x29: ffff8000990f7960 x28: ffff00019bed34d4 x27: ffff00019bed34c0 [ 122.927495][ T42] x26: ffff00019bed34b0 x25: dfff800000000000 x24: 0000000000000001 [ 122.929753][ T42] x23: ffff0000c3222028 x22: 1fffe000184b93d1 x21: 0000000000000000 [ 122.931958][ T42] x20: ffff8000891ac400 x19: 0000000000000000 x18: 1fffe000337d4076 [ 122.934206][ T42] x17: ffff80008f66e000 x16: ffff80008aefc498 x15: 0000000000000001 [ 122.936501][ T42] x14: 1fffe000337d6af0 x13: 0000000000000000 x12: 0000000000000000 [ 122.938731][ T42] x11: ffff800093163c08 x10: 0000000000000003 x9 : 1e51cc8fa2bfe800 [ 122.940984][ T42] x8 : 1e51cc8fa2bfe800 x7 : ffff800080488a2c x6 : 0000000000000000 [ 122.943307][ T42] x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000010 [ 122.945506][ T42] x2 : 0000000000000006 x1 : ffff80008b538ee0 x0 : 0000000000000001 [ 122.947816][ T42] Call trace: [ 122.948679][ T42] vfree+0x32c/0x3dc (P) [ 122.949816][ T42] kvfree_rcu_bulk+0xc4/0x228 [ 122.951220][ T42] kfree_rcu_monitor+0x230/0x2b4 [ 122.952592][ T42] process_one_work+0x7e8/0x155c [ 122.953988][ T42] worker_thread+0x958/0xed8 [ 122.955274][ T42] kthread+0x5fc/0x75c [ 122.956436][ T42] ret_from_fork+0x10/0x20 [ 122.957687][ T42] irq event stamp: 738140 [ 122.958888][ T42] hardirqs last enabled at (738139): [] finish_lock_switch+0xb0/0x1c0 [ 122.961637][ T42] hardirqs last disabled at (738140): [] el1_brk64+0x1c/0x48 [ 122.964215][ T42] softirqs last enabled at (738112): [] handle_softirqs+0xaf8/0xc88 [ 122.966914][ T42] softirqs last disabled at (737997): [] __do_softirq+0x14/0x20 [ 122.969528][ T42] ---[ end trace 0000000000000000 ]--- [ 123.01 ** replaying previous printk message ** [ 123.017389][ T14] ------------[ cut here ]------------ [ 123.017526][ T14] Trying to vfree() bad address (00000000c37e5253) [ 123.017646][ T14] WARNING: CPU: 1 PID: 14 at mm/vmalloc.c:3274 remove_vm_area+0x268/0x270