Warning: Permanently added '10.128.1.37' (ED25519) to the list of known hosts.
2025/08/27 09:29:35 parsed 1 programs
[   91.633290][ T6186] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   94.049542][ T6214] chnl_net:caif_netlink_parms(): no params data found
[   94.094820][ T6214] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.102123][ T6214] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.109290][ T6214] bridge_slave_0: entered allmulticast mode
[   94.115877][ T6214] bridge_slave_0: entered promiscuous mode
[   94.122721][ T6214] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.129856][ T6214] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.137192][ T6214] bridge_slave_1: entered allmulticast mode
[   94.143627][ T6214] bridge_slave_1: entered promiscuous mode
[   94.164139][ T6214] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.175402][ T6214] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.202375][ T6214] team0: Port device team_slave_0 added
[   94.210513][ T6214] team0: Port device team_slave_1 added
[   94.227627][ T6214] batman_adv: batadv0: Adding interface: batadv_slave_0
[   94.234584][ T6214] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.260774][ T6214] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   94.273393][ T6214] batman_adv: batadv0: Adding interface: batadv_slave_1
[   94.280683][ T6214] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.306848][ T6214] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   94.331323][ T6214] hsr_slave_0: entered promiscuous mode
[   94.337464][ T6214] hsr_slave_1: entered promiscuous mode
[   94.611159][ T6214] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   94.620752][ T6214] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   94.631921][ T6214] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   94.642052][ T6214] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   94.667367][ T6214] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.674480][ T6214] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.682058][ T6214] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.689187][ T6214] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.731881][ T6214] 8021q: adding VLAN 0 to HW filter on device bond0
[   94.755241][ T3971] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.762796][ T3971] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.779117][ T6214] 8021q: adding VLAN 0 to HW filter on device team0
[   94.791050][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.798188][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.809991][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.817116][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.976976][ T6214] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.011299][ T6214] veth0_vlan: entered promiscuous mode
[   95.023136][ T6214] veth1_vlan: entered promiscuous mode
[   95.051753][ T6214] veth0_macvtap: entered promiscuous mode
[   95.061155][ T6214] veth1_macvtap: entered promiscuous mode
[   95.080007][ T6214] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.093163][ T6214] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.108349][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.120304][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.133720][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.152537][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.244507][   T59] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.264068][ T5939] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   95.272371][ T5939] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   95.280656][ T5939] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   95.288662][ T5939] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   95.296142][ T5939] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   95.351706][   T59] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.393576][   T59] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.493984][   T59] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.552584][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.562745][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.588453][ T3971] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.596375][ T3971] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.713957][   T59] bridge_slave_1: left allmulticast mode
[   97.735553][   T59] bridge_slave_1: left promiscuous mode
[   97.741268][   T59] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.751162][   T59] bridge_slave_0: left allmulticast mode
[   97.772171][   T59] bridge_slave_0: left promiscuous mode
[   97.778305][   T59] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.916224][   T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   97.936697][   T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   97.950585][   T59] bond0 (unregistering): Released all slaves
2025/08/27 09:29:45 executed programs: 0
[   98.077974][   T59] hsr_slave_0: left promiscuous mode
[   98.093298][   T59] hsr_slave_1: left promiscuous mode
[   98.103568][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   98.114642][   T59] batman_adv: batadv0: Removing interface: batadv_slave_0
[   98.117661][ T5939] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   98.129476][ T5939] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   98.129821][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   98.144427][ T5939] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   98.144679][   T59] batman_adv: batadv0: Removing interface: batadv_slave_1
[   98.160594][ T5939] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   98.168119][   T59] veth1_macvtap: left promiscuous mode
[   98.173743][   T59] veth0_macvtap: left promiscuous mode
[   98.173835][ T5939] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   98.185235][   T59] veth1_vlan: left promiscuous mode
[   98.191749][   T59] veth0_vlan: left promiscuous mode
[   98.342203][   T59] team0 (unregistering): Port device team_slave_1 removed
[   98.369166][   T59] team0 (unregistering): Port device team_slave_0 removed
[   98.578875][ T6427] chnl_net:caif_netlink_parms(): no params data found
[   98.649967][ T6427] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.661188][ T6427] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.668822][ T6427] bridge_slave_0: entered allmulticast mode
[   98.678478][ T6427] bridge_slave_0: entered promiscuous mode
[   98.687424][ T6427] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.695559][ T6427] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.702715][ T6427] bridge_slave_1: entered allmulticast mode
[   98.710082][ T6427] bridge_slave_1: entered promiscuous mode
[   98.741098][ T6427] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   98.753700][ T6427] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.005383][ T6427] team0: Port device team_slave_0 added
[   99.012579][ T6427] team0: Port device team_slave_1 added
[   99.031473][ T6427] batman_adv: batadv0: Adding interface: batadv_slave_0
[   99.038884][ T6427] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.065509][ T6427] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   99.078160][ T6427] batman_adv: batadv0: Adding interface: batadv_slave_1
[   99.086594][ T6427] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.113674][ T6427] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   99.160103][ T6427] hsr_slave_0: entered promiscuous mode
[   99.166774][ T6427] hsr_slave_1: entered promiscuous mode
[   99.509263][ T6427] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   99.522245][ T6427] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   99.532211][ T6427] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   99.542042][ T6427] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   99.616896][ T6427] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.634217][ T6427] 8021q: adding VLAN 0 to HW filter on device team0
[   99.646616][ T3971] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.653727][ T3971] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.681278][ T3971] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.688445][ T3971] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.794722][ T6427] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.819064][ T6427] veth0_vlan: entered promiscuous mode
[   99.830809][ T6427] veth1_vlan: entered promiscuous mode
[   99.848814][ T6427] veth0_macvtap: entered promiscuous mode
[   99.857292][ T6427] veth1_macvtap: entered promiscuous mode
[   99.869466][ T6427] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.881294][ T6427] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.892911][ T3971] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.902689][ T3971] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.912119][ T3971] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.922364][ T3971] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.953417][ T3971] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.961549][ T3971] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.977558][ T2858] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.985943][ T2858] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.009595][ T6506] netlink: 40 bytes leftover after parsing attributes in process `syz.0.17'.
[  100.035749][ T6508] netlink: 40 bytes leftover after parsing attributes in process `syz.0.18'.
[  100.054058][ T6510] netlink: 40 bytes leftover after parsing attributes in process `syz.0.19'.
[  100.076132][ T6512] netlink: 40 bytes leftover after parsing attributes in process `syz.0.20'.
[  100.104262][ T6514] netlink: 40 bytes leftover after parsing attributes in process `syz.0.21'.
[  100.130785][ T6516] netlink: 40 bytes leftover after parsing attributes in process `syz.0.22'.
[  100.149966][ T6518] netlink: 40 bytes leftover after parsing attributes in process `syz.0.23'.
[  100.178585][ T6520] netlink: 40 bytes leftover after parsing attributes in process `syz.0.24'.
[  100.199046][ T6522] netlink: 40 bytes leftover after parsing attributes in process `syz.0.25'.
[  100.216890][ T6524] netlink: 40 bytes leftover after parsing attributes in process `syz.0.26'.
[  100.275145][ T5939] Bluetooth: hci0: command tx timeout
[  102.358518][ T5939] Bluetooth: hci0: command tx timeout
2025/08/27 09:29:50 executed programs: 177
[  104.436582][ T5939] Bluetooth: hci0: command tx timeout
[  105.029326][ T7088] __nla_validate_parse: 281 callbacks suppressed
[  105.029339][ T7088] netlink: 40 bytes leftover after parsing attributes in process `syz.0.308'.
[  105.054316][ T7090] netlink: 40 bytes leftover after parsing attributes in process `syz.0.309'.
[  105.071147][ T7092] netlink: 40 bytes leftover after parsing attributes in process `syz.0.310'.
[  105.099509][ T7094] netlink: 40 bytes leftover after parsing attributes in process `syz.0.311'.
[  105.118363][ T7096] netlink: 40 bytes leftover after parsing attributes in process `syz.0.312'.
[  105.135694][ T7098] netlink: 40 bytes leftover after parsing attributes in process `syz.0.313'.
[  105.160057][ T7100] netlink: 40 bytes leftover after parsing attributes in process `syz.0.314'.
[  105.176826][ T7102] netlink: 40 bytes leftover after parsing attributes in process `syz.0.315'.
[  105.194154][ T7104] netlink: 40 bytes leftover after parsing attributes in process `syz.0.316'.
[  105.219995][ T7106] netlink: 40 bytes leftover after parsing attributes in process `syz.0.317'.
[  106.515206][ T5939] Bluetooth: hci0: command tx timeout
2025/08/27 09:29:55 executed programs: 468
[  110.060212][ T7671] __nla_validate_parse: 281 callbacks suppressed
[  110.060226][ T7671] netlink: 40 bytes leftover after parsing attributes in process `syz.0.599'.
[  110.085531][ T7673] netlink: 40 bytes leftover after parsing attributes in process `syz.0.600'.
[  110.103045][ T7675] netlink: 40 bytes leftover after parsing attributes in process `syz.0.601'.
[  110.130048][ T7677] netlink: 40 bytes leftover after parsing attributes in process `syz.0.602'.
[  110.148336][ T7679] netlink: 40 bytes leftover after parsing attributes in process `syz.0.603'.
[  110.167157][ T7681] netlink: 40 bytes leftover after parsing attributes in process `syz.0.604'.
[  110.189839][ T7683] netlink: 40 bytes leftover after parsing attributes in process `syz.0.605'.
[  110.207961][ T7685] netlink: 40 bytes leftover after parsing attributes in process `syz.0.606'.
[  110.226281][ T7687] netlink: 40 bytes leftover after parsing attributes in process `syz.0.607'.
[  110.249149][ T7689] netlink: 40 bytes leftover after parsing attributes in process `syz.0.608'.
[  110.427368][   T50] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  110.434700][   T50] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  110.442347][   T50] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  110.454123][   T50] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  110.461734][   T50] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  110.536781][ T7707] chnl_net:caif_netlink_parms(): no params data found
[  110.573993][ T7707] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.581145][ T7707] bridge0: port 1(bridge_slave_0) entered disabled state
[  110.588622][ T7707] bridge_slave_0: entered allmulticast mode
[  110.595464][ T7707] bridge_slave_0: entered promiscuous mode
[  110.603674][ T7707] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.610910][ T7707] bridge0: port 2(bridge_slave_1) entered disabled state
[  110.618581][ T7707] bridge_slave_1: entered allmulticast mode
[  110.625278][ T7707] bridge_slave_1: entered promiscuous mode
[  110.633745][   T59] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.657063][ T7707] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  110.667678][ T7707] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  110.688924][ T7707] team0: Port device team_slave_0 added
[  110.697407][ T7707] team0: Port device team_slave_1 added
[  110.705867][   T59] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.728226][ T7707] batman_adv: batadv0: Adding interface: batadv_slave_0
[  110.735257][ T7707] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.761341][ T7707] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  110.773175][ T7707] batman_adv: batadv0: Adding interface: batadv_slave_1
[  110.780489][ T7707] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.807154][ T7707] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  110.820046][   T59] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.847193][ T7707] hsr_slave_0: entered promiscuous mode
[  110.853276][ T7707] hsr_slave_1: entered promiscuous mode
[  110.859420][ T7707] debugfs: 'hsr0' already exists in 'hsr'
[  110.865181][ T7707] Cannot create hsr debugfs directory
[  110.902908][   T59] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.981437][   T59] bridge_slave_1: left allmulticast mode
[  110.987714][   T59] bridge_slave_1: left promiscuous mode
[  110.993487][   T59] bridge0: port 2(bridge_slave_1) entered disabled state
[  111.002241][   T59] bridge_slave_0: left allmulticast mode
[  111.008275][   T59] bridge_slave_0: left promiscuous mode
[  111.013962][   T59] bridge0: port 1(bridge_slave_0) entered disabled state
[  111.084471][   T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  111.095922][   T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  111.105514][   T59] bond0 (unregistering): Released all slaves
[  111.348520][   T59] hsr_slave_0: left promiscuous mode
[  111.354305][   T59] hsr_slave_1: left promiscuous mode
[  111.360676][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  111.369820][   T59] batman_adv: batadv0: Removing interface: batadv_slave_0
[  111.377734][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  111.386621][   T59] batman_adv: batadv0: Removing interface: batadv_slave_1
[  111.396277][   T59] veth1_macvtap: left promiscuous mode
[  111.401760][   T59] veth0_macvtap: left promiscuous mode
[  111.407549][   T59] veth1_vlan: left promiscuous mode
[  111.412790][   T59] veth0_vlan: left promiscuous mode
[  111.483573][   T59] team0 (unregistering): Port device team_slave_1 removed
[  111.502121][   T59] team0 (unregistering): Port device team_slave_0 removed
[  111.595827][ T7707] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  111.606068][ T7707] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  111.617349][ T7707] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  111.632618][ T7707] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  111.698181][ T7707] 8021q: adding VLAN 0 to HW filter on device bond0
[  111.720193][ T7707] 8021q: adding VLAN 0 to HW filter on device team0
[  111.730733][ T2858] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.737885][ T2858] bridge0: port 1(bridge_slave_0) entered forwarding state
[  111.767372][ T2858] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.774494][ T2858] bridge0: port 2(bridge_slave_1) entered forwarding state
[  111.801564][   T59] ==================================================================
[  111.809669][   T59] BUG: KASAN: slab-use-after-free in xfrm_state_flush+0x2e8/0x770
[  111.817486][   T59] Read of size 4 at addr ffff88805b356418 by task kworker/u8:4/59
[  111.825296][   T59] 
[  111.827627][   T59] CPU: 0 UID: 0 PID: 59 Comm: kworker/u8:4 Not tainted syzkaller #0 PREEMPT(full) 
[  111.827648][   T59] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  111.827659][   T59] Workqueue: netns cleanup_net
[  111.827680][   T59] Call Trace:
[  111.827687][   T59]  <TASK>
[  111.827695][   T59]  dump_stack_lvl+0x189/0x250
[  111.827718][   T59]  ? __pfx_dump_stack_lvl+0x10/0x10
[  111.827737][   T59]  ? lock_release+0x4b/0x3e0
[  111.827762][   T59]  ? __virt_addr_valid+0x4a5/0x5c0
[  111.827785][   T59]  print_report+0xca/0x240
[  111.827801][   T59]  ? xfrm_state_flush+0x2e8/0x770
[  111.827817][   T59]  kasan_report+0x118/0x150
[  111.827840][   T59]  ? xfrm_state_flush+0x2e8/0x770
[  111.827858][   T59]  kasan_check_range+0x2b0/0x2c0
[  111.827882][   T59]  xfrm_state_flush+0x2e8/0x770
[  111.827902][   T59]  xfrm6_tunnel_net_exit+0x3c/0x100
[  111.827922][   T59]  ops_undo_list+0x49a/0x990
[  111.827940][   T59]  ? __pfx_ops_undo_list+0x10/0x10
[  111.827956][   T59]  ? do_raw_spin_unlock+0x122/0x240
[  111.827978][   T59]  cleanup_net+0x4c5/0x800
[  111.827994][   T59]  ? __pfx_cleanup_net+0x10/0x10
[  111.828010][   T59]  ? rcu_is_watching+0x15/0xb0
[  111.828026][   T59]  ? process_scheduled_works+0x9ef/0x17b0
[  111.828043][   T59]  ? process_scheduled_works+0x9ef/0x17b0
[  111.828060][   T59]  process_scheduled_works+0xae1/0x17b0
[  111.828087][   T59]  ? __pfx_process_scheduled_works+0x10/0x10
[  111.828116][   T59]  worker_thread+0x8a0/0xda0
[  111.828143][   T59]  kthread+0x70e/0x8a0
[  111.828162][   T59]  ? __pfx_worker_thread+0x10/0x10
[  111.828178][   T59]  ? __pfx_kthread+0x10/0x10
[  111.828198][   T59]  ? _raw_spin_unlock_irq+0x23/0x50
[  111.828218][   T59]  ? lockdep_hardirqs_on+0x9c/0x150
[  111.828238][   T59]  ? __pfx_kthread+0x10/0x10
[  111.828256][   T59]  ret_from_fork+0x3f9/0x770
[  111.828272][   T59]  ? __pfx_ret_from_fork+0x10/0x10
[  111.828288][   T59]  ? __switch_to_asm+0x39/0x70
[  111.828306][   T59]  ? __switch_to_asm+0x33/0x70
[  111.828324][   T59]  ? __pfx_kthread+0x10/0x10
[  111.828342][   T59]  ret_from_fork_asm+0x1a/0x30
[  111.828368][   T59]  </TASK>
[  111.828374][   T59] 
[  112.000554][ T7707] 8021q: adding VLAN 0 to HW filter on device batadv0
[  112.002571][   T59] Allocated by task 7705:
[  112.033598][ T7707] veth0_vlan: entered promiscuous mode
[  112.038729][   T59]  kasan_save_track+0x3e/0x80
[  112.038754][   T59]  __kasan_slab_alloc+0x6c/0x80
[  112.038773][   T59]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  112.050939][ T7707] veth1_vlan: entered promiscuous mode
[  112.053158][   T59]  xfrm_state_alloc+0x24/0x2f0
[  112.073621][   T59]  __find_acq_core+0x8a7/0x1c00
[  112.075562][ T7707] veth0_macvtap: entered promiscuous mode
[  112.078478][   T59]  xfrm_find_acq+0x78/0xa0
[  112.087068][ T7707] veth1_macvtap: entered promiscuous mode
[  112.088578][   T59]  xfrm_alloc_userspi+0x6b3/0xc90
[  112.099283][   T59]  xfrm_user_rcv_msg+0x7a0/0xab0
[  112.104237][   T59]  netlink_rcv_skb+0x208/0x470
[  112.104571][ T7707] batman_adv: batadv0: Interface activated: batadv_slave_0
[  112.109005][   T59]  xfrm_netlink_rcv+0x79/0x90
[  112.109023][   T59]  netlink_unicast+0x82f/0x9e0
[  112.109041][   T59]  netlink_sendmsg+0x805/0xb30
[  112.121734][ T7707] batman_adv: batadv0: Interface activated: batadv_slave_1
[  112.125601][   T59]  __sock_sendmsg+0x219/0x270
[  112.125625][   T59]  ____sys_sendmsg+0x505/0x830
[  112.125640][   T59]  ___sys_sendmsg+0x21f/0x2a0
[  112.151590][   T59]  __x64_sys_sendmsg+0x19b/0x260
[  112.156526][   T59]  do_syscall_64+0xfa/0x3b0
[  112.161014][   T59]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.166987][   T59] 
[  112.169291][   T59] Freed by task 10:
[  112.173076][   T59]  kasan_save_track+0x3e/0x80
[  112.177739][   T59]  kasan_save_free_info+0x46/0x50
[  112.182740][   T59]  __kasan_slab_free+0x5b/0x80
[  112.187487][   T59]  kmem_cache_free+0x18f/0x400
[  112.192241][   T59]  xfrm_state_gc_task+0x549/0x6d0
[  112.197253][   T59]  process_scheduled_works+0xae1/0x17b0
[  112.202791][   T59]  worker_thread+0x8a0/0xda0
[  112.207361][   T59]  kthread+0x70e/0x8a0
[  112.211410][   T59]  ret_from_fork+0x3f9/0x770
[  112.215997][   T59]  ret_from_fork_asm+0x1a/0x30
[  112.220754][   T59] 
[  112.223067][   T59] The buggy address belongs to the object at ffff88805b356200
[  112.223067][   T59]  which belongs to the cache xfrm_state of size 936
[  112.237016][   T59] The buggy address is located 536 bytes inside of
[  112.237016][   T59]  freed 936-byte region [ffff88805b356200, ffff88805b3565a8)
[  112.250792][   T59] 
[  112.253110][   T59] The buggy address belongs to the physical page:
[  112.259517][   T59] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5b354
[  112.268267][   T59] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  112.276748][   T59] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  112.284277][   T59] page_type: f5(slab)
[  112.288240][   T59] raw: 00fff00000000040 ffff888144e94500 dead000000000122 0000000000000000
[  112.297149][   T59] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[  112.305714][   T59] head: 00fff00000000040 ffff888144e94500 dead000000000122 0000000000000000
[  112.314366][   T59] head: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[  112.323024][   T59] head: 00fff00000000002 ffffea00016cd501 00000000ffffffff 00000000ffffffff
[  112.331702][   T59] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  112.340364][   T59] page dumped because: kasan: bad access detected
[  112.346783][   T59] page_owner tracks the page as allocated
[  112.352485][   T59] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 7675, tgid 7674 (syz.0.601), ts 110112755349, free_ts 102648833516
[  112.371832][   T59]  post_alloc_hook+0x240/0x2a0
[  112.376588][   T59]  get_page_from_freelist+0x21e4/0x22c0
[  112.382129][   T59]  __alloc_frozen_pages_noprof+0x181/0x370
[  112.387935][   T59]  alloc_pages_mpol+0x232/0x4a0
[  112.392782][   T59]  allocate_slab+0x8a/0x370
[  112.397266][   T59]  ___slab_alloc+0xbeb/0x1410
[  112.402089][   T59]  kmem_cache_alloc_noprof+0x283/0x3c0
[  112.407550][   T59]  xfrm_state_alloc+0x24/0x2f0
[  112.412329][   T59]  __find_acq_core+0x8a7/0x1c00
[  112.417161][   T59]  xfrm_find_acq+0x78/0xa0
[  112.421560][   T59]  xfrm_alloc_userspi+0x6b3/0xc90
[  112.426569][   T59]  xfrm_user_rcv_msg+0x7a0/0xab0
[  112.431489][   T59]  netlink_rcv_skb+0x208/0x470
[  112.436238][   T59]  xfrm_netlink_rcv+0x79/0x90
[  112.440896][   T59]  netlink_unicast+0x82f/0x9e0
[  112.445639][   T59]  netlink_sendmsg+0x805/0xb30
[  112.450389][   T59] page last free pid 6809 tgid 6809 stack trace:
[  112.456692][   T59]  __free_frozen_pages+0xbc4/0xd30
[  112.461788][   T59]  __put_partials+0x156/0x1a0
[  112.466443][   T59]  put_cpu_partial+0x17c/0x250
[  112.471189][   T59]  __slab_free+0x2d5/0x3c0
[  112.475585][   T59]  qlist_free_all+0x97/0x140
[  112.480154][   T59]  kasan_quarantine_reduce+0x148/0x160
[  112.485593][   T59]  __kasan_slab_alloc+0x22/0x80
[  112.490428][   T59]  __kmalloc_noprof+0x224/0x4f0
[  112.495261][   T59]  security_inode_init_security+0x107/0x3f0
[  112.501137][   T59]  shmem_symlink+0xd9/0x510
[  112.505620][   T59]  vfs_symlink+0x143/0x2f0
[  112.510016][   T59]  do_symlinkat+0x1b1/0x3f0
[  112.514500][   T59]  __x64_sys_symlinkat+0x95/0xb0
[  112.519416][   T59]  do_syscall_64+0xfa/0x3b0
[  112.523984][   T59]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.529855][   T59] 
[  112.532161][   T59] Memory state around the buggy address:
[  112.537766][   T59]  ffff88805b356300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  112.545806][   T59]  ffff88805b356380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  112.553855][   T59] >ffff88805b356400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  112.561896][   T59]                             ^
[  112.566727][   T59]  ffff88805b356480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  112.574771][   T59]  ffff88805b356500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  112.582806][   T59] ==================================================================
[  112.590929][   T59] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  112.598123][   T59] CPU: 0 UID: 0 PID: 59 Comm: kworker/u8:4 Not tainted syzkaller #0 PREEMPT(full) 
[  112.607387][   T59] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  112.617421][   T59] Workqueue: netns cleanup_net
[  112.622169][   T59] Call Trace:
[  112.625430][   T59]  <TASK>
[  112.628435][   T59]  dump_stack_lvl+0x99/0x250
[  112.633008][   T59]  ? __asan_memcpy+0x40/0x70
[  112.637577][   T59]  ? __pfx_dump_stack_lvl+0x10/0x10
[  112.642783][   T59]  ? __pfx__printk+0x10/0x10
[  112.647372][   T59]  vpanic+0x281/0x750
[  112.651339][   T59]  ? __pfx_vpanic+0x10/0x10
[  112.655828][   T59]  ? rcu_is_watching+0x15/0xb0
[  112.660577][   T59]  panic+0xb9/0xc0
[  112.664283][   T59]  ? __pfx_panic+0x10/0x10
[  112.668682][   T59]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  112.674560][   T59]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  112.680436][   T59]  ? xfrm_state_flush+0x2e8/0x770
[  112.685439][   T59]  check_panic_on_warn+0x89/0xb0
[  112.690361][   T59]  ? xfrm_state_flush+0x2e8/0x770
[  112.695365][   T59]  end_report+0x78/0x160
[  112.699598][   T59]  kasan_report+0x129/0x150
[  112.704086][   T59]  ? xfrm_state_flush+0x2e8/0x770
[  112.709102][   T59]  kasan_check_range+0x2b0/0x2c0
[  112.714028][   T59]  xfrm_state_flush+0x2e8/0x770
[  112.718862][   T59]  xfrm6_tunnel_net_exit+0x3c/0x100
[  112.724045][   T59]  ops_undo_list+0x49a/0x990
[  112.728628][   T59]  ? __pfx_ops_undo_list+0x10/0x10
[  112.733724][   T59]  ? do_raw_spin_unlock+0x122/0x240
[  112.738910][   T59]  cleanup_net+0x4c5/0x800
[  112.743307][   T59]  ? __pfx_cleanup_net+0x10/0x10
[  112.748224][   T59]  ? rcu_is_watching+0x15/0xb0
[  112.752970][   T59]  ? process_scheduled_works+0x9ef/0x17b0
[  112.758755][   T59]  ? process_scheduled_works+0x9ef/0x17b0
[  112.764455][   T59]  process_scheduled_works+0xae1/0x17b0
[  112.769987][   T59]  ? __pfx_process_scheduled_works+0x10/0x10
[  112.775953][   T59]  worker_thread+0x8a0/0xda0
[  112.780529][   T59]  kthread+0x70e/0x8a0
[  112.784582][   T59]  ? __pfx_worker_thread+0x10/0x10
[  112.789678][   T59]  ? __pfx_kthread+0x10/0x10
[  112.794253][   T59]  ? _raw_spin_unlock_irq+0x23/0x50
[  112.799433][   T59]  ? lockdep_hardirqs_on+0x9c/0x150
[  112.804616][   T59]  ? __pfx_kthread+0x10/0x10
[  112.809191][   T59]  ret_from_fork+0x3f9/0x770
[  112.813764][   T59]  ? __pfx_ret_from_fork+0x10/0x10
[  112.818857][   T59]  ? __switch_to_asm+0x39/0x70
[  112.823606][   T59]  ? __switch_to_asm+0x33/0x70
[  112.828354][   T59]  ? __pfx_kthread+0x10/0x10
[  112.832928][   T59]  ret_from_fork_asm+0x1a/0x30
[  112.837689][   T59]  </TASK>
[  112.840828][   T59] Kernel Offset: disabled
[  112.845130][   T59] Rebooting in 86400 seconds..