Warning: Permanently added '10.128.1.200' (ED25519) to the list of known hosts.
2025/10/05 03:32:46 parsed 1 programs
[ 113.943635][ T30] audit: type=1400 audit(1759635168.741:116): avc: denied { unlink } for pid=6147 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 115.250676][ T6147] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 117.117740][ T30] audit: type=1400 audit(1759635171.911:117): avc: denied { mount } for pid=6154 comm="syz-executor" name="/" dev="gadgetfs" ino=7838 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[ 118.379910][ T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 118.391746][ T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 118.399559][ T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 118.412865][ T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 118.420381][ T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 118.827522][ T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.835448][ T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 118.861471][ T3631] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 118.869409][ T3631] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 119.049175][ T6202] chnl_net:caif_netlink_parms(): no params data found
[ 119.124070][ T6202] bridge0: port 1(bridge_slave_0) entered blocking state
[ 119.131176][ T6202] bridge0: port 1(bridge_slave_0) entered disabled state
[ 119.138401][ T6202] bridge_slave_0: entered allmulticast mode
[ 119.145135][ T6202] bridge_slave_0: entered promiscuous mode
[ 119.154783][ T6202] bridge0: port 2(bridge_slave_1) entered blocking state
[ 119.162020][ T6202] bridge0: port 2(bridge_slave_1) entered disabled state
[ 119.169146][ T6202] bridge_slave_1: entered allmulticast mode
[ 119.177539][ T6202] bridge_slave_1: entered promiscuous mode
[ 119.214161][ T6202] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 119.227086][ T6202] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 119.264445][ T6202] team0: Port device team_slave_0 added
[ 119.272280][ T6202] team0: Port device team_slave_1 added
[ 119.296312][ T6202] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 119.303314][ T6202] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 119.329319][ T6202] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 119.343047][ T6202] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 119.350005][ T6202] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 119.376352][ T6202] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 119.411354][ T6202] hsr_slave_0: entered promiscuous mode
[ 119.417558][ T6202] hsr_slave_1: entered promiscuous mode
[ 119.883918][ T6202] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 119.894112][ T6202] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 119.904240][ T6202] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 119.918384][ T6202] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 120.015369][ T6202] 8021q: adding VLAN 0 to HW filter on device bond0
[ 120.035410][ T6202] 8021q: adding VLAN 0 to HW filter on device team0
[ 120.047923][ T3493] bridge0: port 1(bridge_slave_0) entered blocking state
[ 120.055095][ T3493] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 120.069755][ T1133] bridge0: port 2(bridge_slave_1) entered blocking state
[ 120.076906][ T1133] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 120.286741][ T6202] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 120.344596][ T6202] veth0_vlan: entered promiscuous mode
[ 120.356737][ T6202] veth1_vlan: entered promiscuous mode
[ 120.393630][ T6202] veth0_macvtap: entered promiscuous mode
[ 120.403391][ T6202] veth1_macvtap: entered promiscuous mode
[ 120.426418][ T6202] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 120.440857][ T6202] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 120.456557][ T3527] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 120.465625][ T3527] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 120.483835][ T3527] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 120.521597][ T3631] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 120.595465][ T1133] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 120.683954][ T1133] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 120.783099][ T1133] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 120.866478][ T1133] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 121.548125][ T30] audit: type=1401 audit(1759635176.341:118): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
2025/10/05 03:32:57 executed programs: 0
[ 122.270249][ T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 122.281298][ T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 122.290770][ T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 122.298780][ T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 122.312385][ T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 122.524279][ T6337] chnl_net:caif_netlink_parms(): no params data found
[ 122.610357][ T6337] bridge0: port 1(bridge_slave_0) entered blocking state
[ 122.619528][ T6337] bridge0: port 1(bridge_slave_0) entered disabled state
[ 122.627410][ T6337] bridge_slave_0: entered allmulticast mode
[ 122.635579][ T6337] bridge_slave_0: entered promiscuous mode
[ 122.645178][ T6337] bridge0: port 2(bridge_slave_1) entered blocking state
[ 122.652813][ T6337] bridge0: port 2(bridge_slave_1) entered disabled state
[ 122.660104][ T6337] bridge_slave_1: entered allmulticast mode
[ 122.668244][ T6337] bridge_slave_1: entered promiscuous mode
[ 122.704300][ T6337] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 122.716469][ T6337] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 122.753295][ T6337] team0: Port device team_slave_0 added
[ 122.762109][ T6337] team0: Port device team_slave_1 added
[ 122.794718][ T6337] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 122.802348][ T6337] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 122.828852][ T6337] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 122.843757][ T6337] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 122.850694][ T6337] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 122.877178][ T6337] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 122.933105][ T6337] hsr_slave_0: entered promiscuous mode
[ 122.939563][ T6337] hsr_slave_1: entered promiscuous mode
[ 122.946375][ T6337] debugfs: 'hsr0' already exists in 'hsr'
[ 122.952843][ T6337] Cannot create hsr debugfs directory
[ 123.432928][ T1133] bridge_slave_1: left allmulticast mode
[ 123.438601][ T1133] bridge_slave_1: left promiscuous mode
[ 123.444669][ T1133] bridge0: port 2(bridge_slave_1) entered disabled state
[ 123.455376][ T1133] bridge_slave_0: left allmulticast mode
[ 123.461013][ T1133] bridge_slave_0: left promiscuous mode
[ 123.466957][ T1133] bridge0: port 1(bridge_slave_0) entered disabled state
[ 123.637130][ T1133] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 123.647462][ T1133] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 123.657704][ T1133] bond0 (unregistering): Released all slaves
[ 123.778940][ T1133] hsr_slave_0: left promiscuous mode
[ 123.784946][ T1133] hsr_slave_1: left promiscuous mode
[ 123.790855][ T1133] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 123.801627][ T1133] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 123.809457][ T1133] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 123.817901][ T1133] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 123.842438][ T1133] veth1_macvtap: left promiscuous mode
[ 123.847974][ T1133] veth0_macvtap: left promiscuous mode
[ 123.853708][ T1133] veth1_vlan: left promiscuous mode
[ 123.859555][ T1133] veth0_vlan: left promiscuous mode
[ 124.208922][ T1133] team0 (unregistering): Port device team_slave_1 removed
[ 124.249632][ T1133] team0 (unregistering): Port device team_slave_0 removed
[ 124.339211][ T5150] Bluetooth: hci0: command tx timeout
[ 124.791468][ T6337] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 124.800820][ T6337] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 124.810173][ T6337] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 124.823836][ T6337] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 125.017598][ T6337] 8021q: adding VLAN 0 to HW filter on device bond0
[ 125.034772][ T6337] 8021q: adding VLAN 0 to HW filter on device team0
[ 125.051155][ T3493] bridge0: port 1(bridge_slave_0) entered blocking state
[ 125.058251][ T3493] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 125.069083][ T3493] bridge0: port 2(bridge_slave_1) entered blocking state
[ 125.076287][ T3493] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 125.266599][ T6337] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 125.313827][ T6337] veth0_vlan: entered promiscuous mode
[ 125.328539][ T6337] veth1_vlan: entered promiscuous mode
[ 125.356404][ T6337] veth0_macvtap: entered promiscuous mode
[ 125.368391][ T6337] veth1_macvtap: entered promiscuous mode
[ 125.389566][ T6337] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 125.402745][ T6337] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 125.417751][ T66] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 125.427638][ T66] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 125.436552][ T66] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 125.446388][ T66] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 125.493210][ T3527] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 125.501034][ T3527] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 125.525079][ T3527] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 125.533508][ T3527] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 125.593682][ T30] audit: type=1400 audit(1759635180.391:119): avc: denied { unmount } for pid=6337 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[ 126.411946][ T5150] Bluetooth: hci0: command tx timeout
2025/10/05 03:33:02 executed programs: 81
[ 128.495724][ T5150] Bluetooth: hci0: command tx timeout
[ 130.573193][ T5150] Bluetooth: hci0: command tx timeout
2025/10/05 03:33:07 executed programs: 324
[ 132.575004][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 132.581418][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[ 133.550615][ T7214] ==================================================================
[ 133.558688][ T7214] BUG: KASAN: slab-use-after-free in afs_dynroot_readdir+0x106f/0x12e0
[ 133.566908][ T7214] Read of size 4 at addr ffff88803504a148 by task syz.0.404/7214
[ 133.574593][ T7214]
[ 133.576935][ T7214] CPU: 1 UID: 0 PID: 7214 Comm: syz.0.404 Not tainted syzkaller #0 PREEMPT(full)
[ 133.576949][ T7214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 133.576958][ T7214] Call Trace:
[ 133.576963][ T7214]
[ 133.576968][ T7214] dump_stack_lvl+0x116/0x1f0
[ 133.576992][ T7214] print_report+0xcd/0x630
[ 133.577006][ T7214] ? __virt_addr_valid+0x81/0x610
[ 133.577023][ T7214] ? __phys_addr+0xe8/0x180
[ 133.577038][ T7214] ? afs_dynroot_readdir+0x106f/0x12e0
[ 133.577054][ T7214] kasan_report+0xe0/0x110
[ 133.577067][ T7214] ? afs_dynroot_readdir+0x106f/0x12e0
[ 133.577082][ T7214] ? __pfx_filldir64+0x10/0x10
[ 133.577104][ T7214] afs_dynroot_readdir+0x106f/0x12e0
[ 133.577118][ T7214] ? __pfx___might_resched+0x10/0x10
[ 133.577134][ T7214] ? afs_dynroot_readdir+0x690/0x12e0
[ 133.577149][ T7214] ? __pfx_afs_dynroot_readdir+0x10/0x10
[ 133.577164][ T7214] ? avc_policy_seqno+0x9/0x20
[ 133.577179][ T7214] ? selinux_file_permission+0x126/0x660
[ 133.577191][ T7214] iterate_dir+0x293/0xaf0
[ 133.577208][ T7214] __x64_sys_getdents64+0x13c/0x2c0
[ 133.577224][ T7214] ? __x64_sys_futex+0x1e9/0x4c0
[ 133.577236][ T7214] ? __pfx___x64_sys_getdents64+0x10/0x10
[ 133.577252][ T7214] ? __x64_sys_openat+0x174/0x210
[ 133.577268][ T7214] ? __pfx_filldir64+0x10/0x10
[ 133.577285][ T7214] do_syscall_64+0xcd/0x4e0
[ 133.577296][ T7214] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 133.577307][ T7214] RIP: 0033:0x7f820038eec9
[ 133.577319][ T7214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 133.577330][ T7214] RSP: 002b:00007f820115a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 133.577341][ T7214] RAX: ffffffffffffffda RBX: 00007f82005e5fa0 RCX: 00007f820038eec9
[ 133.577348][ T7214] RDX: 0000000000000055 RSI: 00002000000007c0 RDI: 0000000000000003
[ 133.577355][ T7214] RBP: 00007f8200411f91 R08: 0000000000000000 R09: 0000000000000000
[ 133.577361][ T7214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 133.577368][ T7214] R13: 00007f82005e6038 R14: 00007f82005e5fa0 R15: 00007ffd74cb1208
[ 133.577378][ T7214]
[ 133.577382][ T7214]
[ 133.791054][ T7214] Allocated by task 7208:
[ 133.795351][ T7214] kasan_save_stack+0x33/0x60
[ 133.800002][ T7214] kasan_save_track+0x14/0x30
[ 133.804664][ T7214] __kasan_kmalloc+0xaa/0xb0
[ 133.809231][ T7214] afs_lookup_cell+0x61d/0x1680
[ 133.814069][ T7214] afs_dynroot_lookup+0x3d8/0xd60
[ 133.819132][ T7214] __lookup_slow+0x251/0x460
[ 133.823696][ T7214] walk_component+0x353/0x5b0
[ 133.828519][ T7214] path_lookupat+0x142/0x6d0
[ 133.833097][ T7214] filename_lookup+0x224/0x5f0
[ 133.837834][ T7214] do_linkat+0x14c/0x5a0
[ 133.842066][ T7214] __x64_sys_link+0x7d/0xa0
[ 133.846548][ T7214] do_syscall_64+0xcd/0x4e0
[ 133.851022][ T7214] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 133.856889][ T7214]
[ 133.859185][ T7214] Freed by task 0:
[ 133.862869][ T7214] kasan_save_stack+0x33/0x60
[ 133.867518][ T7214] kasan_save_track+0x14/0x30
[ 133.872165][ T7214] __kasan_save_free_info+0x3b/0x60
[ 133.877368][ T7214] __kasan_slab_free+0x5f/0x80
[ 133.882114][ T7214] kfree+0x2b8/0x6d0
[ 133.885983][ T7214] afs_cell_destroy+0x1e2/0x2c0
[ 133.890808][ T7214] rcu_core+0x799/0x1530
[ 133.895027][ T7214] handle_softirqs+0x219/0x8e0
[ 133.899769][ T7214] __irq_exit_rcu+0x109/0x170
[ 133.904417][ T7214] irq_exit_rcu+0x9/0x30
[ 133.908697][ T7214] sysvec_apic_timer_interrupt+0xa4/0xc0
[ 133.914312][ T7214] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 133.920265][ T7214]
[ 133.922562][ T7214] Last potentially related work creation:
[ 133.928244][ T7214] kasan_save_stack+0x33/0x60
[ 133.932910][ T7214] kasan_record_aux_stack+0xa7/0xc0
[ 133.938090][ T7214] __call_rcu_common.constprop.0+0xa5/0xa10
[ 133.943966][ T7214] process_one_work+0x9cc/0x1b70
[ 133.948878][ T7214] worker_thread+0x6c8/0xf10
[ 133.953439][ T7214] kthread+0x3c5/0x780
[ 133.957490][ T7214] ret_from_fork+0x56d/0x730
[ 133.962048][ T7214] ret_from_fork_asm+0x1a/0x30
[ 133.966785][ T7214]
[ 133.969080][ T7214] Second to last potentially related work creation:
[ 133.975634][ T7214] kasan_save_stack+0x33/0x60
[ 133.980290][ T7214] kasan_record_aux_stack+0xa7/0xc0
[ 133.985461][ T7214] insert_work+0x36/0x230
[ 133.989764][ T7214] __queue_work+0x97e/0x1160
[ 133.994328][ T7214] queue_work_on+0x1a4/0x1f0
[ 133.998891][ T7214] afs_unuse_cell+0x259/0x2e0
[ 134.003544][ T7214] __dentry_kill+0x23e/0x600
[ 134.008112][ T7214] dput.part.0+0x4b1/0x9b0
[ 134.012513][ T7214] dput+0x1f/0x30
[ 134.016120][ T7214] do_linkat+0x320/0x5a0
[ 134.020335][ T7214] __x64_sys_link+0x7d/0xa0
[ 134.024825][ T7214] do_syscall_64+0xcd/0x4e0
[ 134.029302][ T7214] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.035167][ T7214]
[ 134.037461][ T7214] The buggy address belongs to the object at ffff88803504a000
[ 134.037461][ T7214] which belongs to the cache kmalloc-1k of size 1024
[ 134.053309][ T7214] The buggy address is located 328 bytes inside of
[ 134.053309][ T7214] freed 1024-byte region [ffff88803504a000, ffff88803504a400)
[ 134.067171][ T7214]
[ 134.069469][ T7214] The buggy address belongs to the physical page:
[ 134.075857][ T7214] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x35048
[ 134.084582][ T7214] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 134.093049][ T7214] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 134.101017][ T7214] page_type: f5(slab)
[ 134.104970][ T7214] raw: 00fff00000000040 ffff88801b026dc0 0000000000000000 dead000000000001
[ 134.113534][ T7214] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[ 134.122087][ T7214] head: 00fff00000000040 ffff88801b026dc0 0000000000000000 dead000000000001
[ 134.130725][ T7214] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[ 134.139364][ T7214] head: 00fff00000000003 ffffea0000d41201 00000000ffffffff 00000000ffffffff
[ 134.148032][ T7214] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 134.156685][ T7214] page dumped because: kasan: bad access detected
[ 134.163081][ T7214] page_owner tracks the page as allocated
[ 134.168767][ T7214] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 3527, tgid 3527 (kworker/u8:9), ts 87582678068, free_ts 87538643162
[ 134.188205][ T7214] post_alloc_hook+0x1c0/0x230
[ 134.193029][ T7214] get_page_from_freelist+0x10a3/0x3a30
[ 134.198557][ T7214] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 134.204429][ T7214] alloc_pages_mpol+0x1fb/0x550
[ 134.209310][ T7214] new_slab+0x24a/0x360
[ 134.213452][ T7214] ___slab_alloc+0xdc4/0x1ae0
[ 134.218112][ T7214] __slab_alloc.constprop.0+0x63/0x110
[ 134.223550][ T7214] __kmalloc_noprof+0x501/0x880
[ 134.228404][ T7214] ___neigh_create+0x14e6/0x28c0
[ 134.233337][ T7214] ip6_finish_output2+0x11aa/0x1cf0
[ 134.238531][ T7214] __ip6_finish_output+0x3cd/0x1010
[ 134.243720][ T7214] ip6_output+0x253/0x710
[ 134.248029][ T7214] ndisc_send_skb+0xa85/0x1f50
[ 134.252787][ T7214] ndisc_send_ns+0xc6/0x140
[ 134.257369][ T7214] addrconf_dad_work+0xbc9/0x14e0
[ 134.262376][ T7214] process_one_work+0x9cc/0x1b70
[ 134.267290][ T7214] page last free pid 5935 tgid 5935 stack trace:
[ 134.273593][ T7214] __free_frozen_pages+0x7df/0x1160
[ 134.278777][ T7214] __put_partials+0x130/0x170
[ 134.283452][ T7214] qlist_free_all+0x4d/0x120
[ 134.288016][ T7214] kasan_quarantine_reduce+0x195/0x1e0
[ 134.293447][ T7214] __kasan_slab_alloc+0x69/0x90
[ 134.298284][ T7214] kmem_cache_alloc_node_noprof+0x28a/0x770
[ 134.304158][ T7214] __alloc_skb+0x2b2/0x380
[ 134.308566][ T7214] netlink_alloc_large_skb+0x69/0x140
[ 134.313911][ T7214] netlink_sendmsg+0x698/0xdd0
[ 134.318663][ T7214] __sys_sendto+0x4a0/0x520
[ 134.323150][ T7214] __x64_sys_sendto+0xe0/0x1c0
[ 134.327884][ T7214] do_syscall_64+0xcd/0x4e0
[ 134.332376][ T7214] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.338271][ T7214]
[ 134.340571][ T7214] Memory state around the buggy address:
[ 134.346180][ T7214] ffff88803504a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 134.354236][ T7214] ffff88803504a080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 134.362269][ T7214] >ffff88803504a100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 134.370320][ T7214] ^
[ 134.376702][ T7214] ffff88803504a180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 134.384755][ T7214] ffff88803504a200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 134.392792][ T7214] ==================================================================
[ 134.406488][ T7214] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 134.413695][ T7214] CPU: 1 UID: 0 PID: 7214 Comm: syz.0.404 Not tainted syzkaller #0 PREEMPT(full)
[ 134.422884][ T7214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 134.432925][ T7214] Call Trace:
[ 134.436182][ T7214]
[ 134.439089][ T7214] dump_stack_lvl+0x3d/0x1f0
[ 134.443670][ T7214] vpanic+0x640/0x6f0
[ 134.447631][ T7214] panic+0xca/0xd0
[ 134.451332][ T7214] ? __pfx_panic+0x10/0x10
[ 134.455723][ T7214] ? afs_dynroot_readdir+0x106f/0x12e0
[ 134.461158][ T7214] ? preempt_schedule_common+0x44/0xc0
[ 134.466594][ T7214] ? preempt_schedule_thunk+0x16/0x30
[ 134.471948][ T7214] ? check_panic_on_warn+0x1f/0xb0
[ 134.477055][ T7214] check_panic_on_warn+0xab/0xb0
[ 134.481972][ T7214] end_report+0x107/0x170
[ 134.486283][ T7214] kasan_report+0xee/0x110
[ 134.490691][ T7214] ? afs_dynroot_readdir+0x106f/0x12e0
[ 134.496132][ T7214] ? __pfx_filldir64+0x10/0x10
[ 134.500883][ T7214] afs_dynroot_readdir+0x106f/0x12e0
[ 134.506154][ T7214] ? __pfx___might_resched+0x10/0x10
[ 134.511431][ T7214] ? afs_dynroot_readdir+0x690/0x12e0
[ 134.516791][ T7214] ? __pfx_afs_dynroot_readdir+0x10/0x10
[ 134.522414][ T7214] ? avc_policy_seqno+0x9/0x20
[ 134.527162][ T7214] ? selinux_file_permission+0x126/0x660
[ 134.532781][ T7214] iterate_dir+0x293/0xaf0
[ 134.537190][ T7214] __x64_sys_getdents64+0x13c/0x2c0
[ 134.542377][ T7214] ? __x64_sys_futex+0x1e9/0x4c0
[ 134.547298][ T7214] ? __pfx___x64_sys_getdents64+0x10/0x10
[ 134.553010][ T7214] ? __x64_sys_openat+0x174/0x210
[ 134.558021][ T7214] ? __pfx_filldir64+0x10/0x10
[ 134.562775][ T7214] do_syscall_64+0xcd/0x4e0
[ 134.567262][ T7214] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.573138][ T7214] RIP: 0033:0x7f820038eec9
[ 134.577538][ T7214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 134.597127][ T7214] RSP: 002b:00007f820115a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 134.605697][ T7214] RAX: ffffffffffffffda RBX: 00007f82005e5fa0 RCX: 00007f820038eec9
[ 134.613647][ T7214] RDX: 0000000000000055 RSI: 00002000000007c0 RDI: 0000000000000003
[ 134.621594][ T7214] RBP: 00007f8200411f91 R08: 0000000000000000 R09: 0000000000000000
[ 134.629545][ T7214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 134.637492][ T7214] R13: 00007f82005e6038 R14: 00007f82005e5fa0 R15: 00007ffd74cb1208
[ 134.645450][ T7214]
[ 134.648672][ T7214] Kernel Offset: disabled
[ 134.652973][ T7214] Rebooting in 86400 seconds..