Warning: Permanently added '10.128.1.222' (ED25519) to the list of known hosts.
2025/08/26 11:32:03 parsed 1 programs
[ 94.214715][ T6187] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 97.343756][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 97.353975][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 97.363438][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 97.377960][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 97.385405][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 97.552590][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 97.562914][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 97.579493][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 97.587347][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 97.802346][ T6258] chnl_net:caif_netlink_parms(): no params data found
[ 97.849689][ T6258] bridge0: port 1(bridge_slave_0) entered blocking state
[ 97.856747][ T6258] bridge0: port 1(bridge_slave_0) entered disabled state
[ 97.864563][ T6258] bridge_slave_0: entered allmulticast mode
[ 97.871640][ T6258] bridge_slave_0: entered promiscuous mode
[ 97.879244][ T6258] bridge0: port 2(bridge_slave_1) entered blocking state
[ 97.886313][ T6258] bridge0: port 2(bridge_slave_1) entered disabled state
[ 97.893861][ T6258] bridge_slave_1: entered allmulticast mode
[ 97.900453][ T6258] bridge_slave_1: entered promiscuous mode
[ 97.922245][ T6258] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 97.932771][ T6258] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 97.952107][ T6258] team0: Port device team_slave_0 added
[ 97.958922][ T6258] team0: Port device team_slave_1 added
[ 97.977623][ T6258] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 97.984578][ T6258] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 98.010831][ T6258] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 98.022500][ T6258] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 98.029504][ T6258] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 98.055442][ T6258] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 98.084373][ T6258] hsr_slave_0: entered promiscuous mode
[ 98.090617][ T6258] hsr_slave_1: entered promiscuous mode
[ 98.399341][ T6258] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 98.411366][ T6258] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 98.421133][ T6258] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 98.434048][ T6258] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 98.500538][ T6258] 8021q: adding VLAN 0 to HW filter on device bond0
[ 98.520915][ T6258] 8021q: adding VLAN 0 to HW filter on device team0
[ 98.531201][ T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 98.538328][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 98.556375][ T74] bridge0: port 2(bridge_slave_1) entered blocking state
[ 98.563536][ T74] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 98.595883][ T6258] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 98.606395][ T6258] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 98.741808][ T6258] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 98.774074][ T6258] veth0_vlan: entered promiscuous mode
[ 98.784877][ T6258] veth1_vlan: entered promiscuous mode
[ 98.815058][ T6258] veth0_macvtap: entered promiscuous mode
[ 98.824922][ T6258] veth1_macvtap: entered promiscuous mode
[ 98.843235][ T6258] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 98.858339][ T6258] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 98.870649][ T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.888440][ T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.903400][ T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.912826][ T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 99.005253][ T36] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 99.084073][ T36] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 99.143672][ T36] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 99.203009][ T36] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/08/26 11:32:12 executed programs: 0
[ 99.909858][ T5884] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 99.917242][ T5884] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 99.925868][ T5884] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 99.933487][ T5884] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 99.941333][ T5884] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 100.075719][ T6366] chnl_net:caif_netlink_parms(): no params data found
[ 100.135182][ T6366] bridge0: port 1(bridge_slave_0) entered blocking state
[ 100.142828][ T6366] bridge0: port 1(bridge_slave_0) entered disabled state
[ 100.150711][ T6366] bridge_slave_0: entered allmulticast mode
[ 100.158148][ T6366] bridge_slave_0: entered promiscuous mode
[ 100.165846][ T6366] bridge0: port 2(bridge_slave_1) entered blocking state
[ 100.173288][ T6366] bridge0: port 2(bridge_slave_1) entered disabled state
[ 100.180779][ T6366] bridge_slave_1: entered allmulticast mode
[ 100.187885][ T6366] bridge_slave_1: entered promiscuous mode
[ 100.215129][ T6366] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 100.226803][ T6366] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 100.254382][ T6366] team0: Port device team_slave_0 added
[ 100.261993][ T6366] team0: Port device team_slave_1 added
[ 100.285175][ T6366] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 100.292900][ T6366] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 100.319286][ T6366] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 100.335453][ T6366] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 100.344161][ T6366] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 100.370487][ T6366] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 100.405532][ T6366] hsr_slave_0: entered promiscuous mode
[ 100.412500][ T6366] hsr_slave_1: entered promiscuous mode
[ 100.418695][ T6366] debugfs: 'hsr0' already exists in 'hsr'
[ 100.424424][ T6366] Cannot create hsr debugfs directory
[ 101.957769][ T5884] Bluetooth: hci0: command tx timeout
[ 102.251498][ T36] bridge_slave_1: left allmulticast mode
[ 102.257163][ T36] bridge_slave_1: left promiscuous mode
[ 102.263122][ T36] bridge0: port 2(bridge_slave_1) entered disabled state
[ 102.272965][ T36] bridge_slave_0: left allmulticast mode
[ 102.279256][ T36] bridge_slave_0: left promiscuous mode
[ 102.284947][ T36] bridge0: port 1(bridge_slave_0) entered disabled state
[ 102.352419][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 102.362198][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 102.371641][ T36] bond0 (unregistering): Released all slaves
[ 102.472344][ T36] hsr_slave_0: left promiscuous mode
[ 102.478796][ T36] hsr_slave_1: left promiscuous mode
[ 102.484524][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 102.496051][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 102.504634][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 102.512132][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 102.522825][ T36] veth1_macvtap: left promiscuous mode
[ 102.531729][ T36] veth0_macvtap: left promiscuous mode
[ 102.537323][ T36] veth1_vlan: left promiscuous mode
[ 102.543615][ T36] veth0_vlan: left promiscuous mode
[ 102.681741][ T36] team0 (unregistering): Port device team_slave_1 removed
[ 102.701029][ T36] team0 (unregistering): Port device team_slave_0 removed
[ 102.875465][ T6366] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 102.885680][ T6366] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 102.899314][ T6366] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 102.910508][ T6366] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 102.987090][ T6366] 8021q: adding VLAN 0 to HW filter on device bond0
[ 103.015350][ T6366] 8021q: adding VLAN 0 to HW filter on device team0
[ 103.028792][ T74] bridge0: port 1(bridge_slave_0) entered blocking state
[ 103.035949][ T74] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 103.059154][ T74] bridge0: port 2(bridge_slave_1) entered blocking state
[ 103.066219][ T74] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 103.209263][ T6366] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 103.233629][ T6366] veth0_vlan: entered promiscuous mode
[ 103.243874][ T6366] veth1_vlan: entered promiscuous mode
[ 103.265998][ T6366] veth0_macvtap: entered promiscuous mode
[ 103.274759][ T6366] veth1_macvtap: entered promiscuous mode
[ 103.288043][ T6366] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 103.302325][ T6366] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 103.313887][ T74] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.323469][ T74] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.333319][ T74] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.342633][ T74] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.372812][ T74] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 103.383488][ T74] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 103.400728][ T74] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 103.409232][ T74] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 103.431653][ T6508] netlink: 40 bytes leftover after parsing attributes in process `syz.0.17'.
[ 103.450857][ T6510] netlink: 40 bytes leftover after parsing attributes in process `syz.0.18'.
[ 103.475527][ T6512] netlink: 40 bytes leftover after parsing attributes in process `syz.0.19'.
[ 103.496287][ T6514] netlink: 40 bytes leftover after parsing attributes in process `syz.0.20'.
[ 103.523196][ T6516] netlink: 40 bytes leftover after parsing attributes in process `syz.0.21'.
[ 103.542297][ T6518] netlink: 40 bytes leftover after parsing attributes in process `syz.0.22'.
[ 103.568306][ T6520] netlink: 40 bytes leftover after parsing attributes in process `syz.0.23'.
[ 103.587309][ T6522] netlink: 40 bytes leftover after parsing attributes in process `syz.0.24'.
[ 103.613605][ T6524] netlink: 40 bytes leftover after parsing attributes in process `syz.0.25'.
[ 103.634668][ T6526] netlink: 40 bytes leftover after parsing attributes in process `syz.0.26'.
[ 104.037505][ T5884] Bluetooth: hci0: command tx timeout
2025/08/26 11:32:17 executed programs: 81
[ 106.117458][ T5884] Bluetooth: hci0: command tx timeout
[ 108.197983][ T5884] Bluetooth: hci0: command tx timeout
[ 108.440156][ T7092] __nla_validate_parse: 282 callbacks suppressed
[ 108.440169][ T7092] netlink: 40 bytes leftover after parsing attributes in process `syz.0.309'.
[ 108.463342][ T7094] netlink: 40 bytes leftover after parsing attributes in process `syz.0.310'.
[ 108.483498][ T7096] netlink: 40 bytes leftover after parsing attributes in process `syz.0.311'.
[ 108.502391][ T7098] netlink: 40 bytes leftover after parsing attributes in process `syz.0.312'.
[ 108.520173][ T7100] netlink: 40 bytes leftover after parsing attributes in process `syz.0.313'.
[ 108.542254][ T7103] netlink: 40 bytes leftover after parsing attributes in process `syz.0.314'.
[ 108.560803][ T7105] netlink: 40 bytes leftover after parsing attributes in process `syz.0.315'.
[ 108.578183][ T7107] netlink: 40 bytes leftover after parsing attributes in process `syz.0.316'.
[ 108.602751][ T7109] netlink: 40 bytes leftover after parsing attributes in process `syz.0.317'.
[ 108.620570][ T7111] netlink: 40 bytes leftover after parsing attributes in process `syz.0.318'.
2025/08/26 11:32:22 executed programs: 376
[ 113.453287][ T7685] __nla_validate_parse: 286 callbacks suppressed
[ 113.453300][ T7685] netlink: 40 bytes leftover after parsing attributes in process `syz.0.605'.
[ 113.478158][ T7687] netlink: 40 bytes leftover after parsing attributes in process `syz.0.606'.
[ 113.495583][ T7689] netlink: 40 bytes leftover after parsing attributes in process `syz.0.607'.
[ 113.522388][ T7691] netlink: 40 bytes leftover after parsing attributes in process `syz.0.608'.
[ 113.541334][ T7693] netlink: 40 bytes leftover after parsing attributes in process `syz.0.609'.
[ 113.559093][ T7695] netlink: 40 bytes leftover after parsing attributes in process `syz.0.610'.
[ 113.581645][ T7697] netlink: 40 bytes leftover after parsing attributes in process `syz.0.611'.
[ 113.600204][ T7699] netlink: 40 bytes leftover after parsing attributes in process `syz.0.612'.
[ 113.619063][ T7701] netlink: 40 bytes leftover after parsing attributes in process `syz.0.613'.
[ 113.642848][ T7703] netlink: 40 bytes leftover after parsing attributes in process `syz.0.614'.
[ 113.723162][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 113.731967][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 113.739864][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 113.747758][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 113.755211][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 113.830860][ T7710] chnl_net:caif_netlink_parms(): no params data found
[ 113.866144][ T7710] bridge0: port 1(bridge_slave_0) entered blocking state
[ 113.873598][ T7710] bridge0: port 1(bridge_slave_0) entered disabled state
[ 113.881711][ T7710] bridge_slave_0: entered allmulticast mode
[ 113.888885][ T7710] bridge_slave_0: entered promiscuous mode
[ 113.896163][ T7710] bridge0: port 2(bridge_slave_1) entered blocking state
[ 113.903600][ T7710] bridge0: port 2(bridge_slave_1) entered disabled state
[ 113.910813][ T7710] bridge_slave_1: entered allmulticast mode
[ 113.917260][ T7710] bridge_slave_1: entered promiscuous mode
[ 113.925776][ T74] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 113.949115][ T7710] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 113.959804][ T7710] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 113.982716][ T74] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 113.995574][ T7710] team0: Port device team_slave_0 added
[ 114.003367][ T7710] team0: Port device team_slave_1 added
[ 114.018814][ T7710] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 114.025761][ T7710] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 114.051732][ T7710] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 114.065385][ T74] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 114.077810][ T7710] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 114.085177][ T7710] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 114.111226][ T7710] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 114.137038][ T7710] hsr_slave_0: entered promiscuous mode
[ 114.144240][ T7710] hsr_slave_1: entered promiscuous mode
[ 114.154068][ T74] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 114.251351][ T74] bridge_slave_1: left allmulticast mode
[ 114.257041][ T74] bridge_slave_1: left promiscuous mode
[ 114.263087][ T74] bridge0: port 2(bridge_slave_1) entered disabled state
[ 114.271315][ T74] bridge_slave_0: left allmulticast mode
[ 114.277033][ T74] bridge_slave_0: left promiscuous mode
[ 114.284146][ T74] bridge0: port 1(bridge_slave_0) entered disabled state
[ 114.360863][ T74] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 114.370888][ T74] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 114.380350][ T74] bond0 (unregistering): Released all slaves
[ 114.582908][ T74] hsr_slave_0: left promiscuous mode
[ 114.590486][ T74] hsr_slave_1: left promiscuous mode
[ 114.596244][ T74] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 114.603764][ T74] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 114.612487][ T74] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 114.619978][ T74] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 114.630811][ T74] veth1_macvtap: left promiscuous mode
[ 114.636349][ T74] veth0_macvtap: left promiscuous mode
[ 114.642627][ T74] veth1_vlan: left promiscuous mode
[ 114.648209][ T74] veth0_vlan: left promiscuous mode
[ 114.731213][ T74] team0 (unregistering): Port device team_slave_1 removed
[ 114.744955][ T74] team0 (unregistering): Port device team_slave_0 removed
[ 114.820800][ T7710] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 114.835186][ T7710] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 114.848861][ T7710] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 114.858924][ T7710] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 114.933078][ T7710] 8021q: adding VLAN 0 to HW filter on device bond0
[ 114.952025][ T7710] 8021q: adding VLAN 0 to HW filter on device team0
[ 114.963219][ T36] bridge0: port 1(bridge_slave_0) entered blocking state
[ 114.970448][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 114.982553][ T36] bridge0: port 2(bridge_slave_1) entered blocking state
[ 114.989686][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 115.040529][ T74] ==================================================================
[ 115.048628][ T74] BUG: KASAN: slab-use-after-free in __xfrm_state_delete+0x666/0xca0
[ 115.056689][ T74] Write of size 8 at addr ffff888042050ce8 by task kworker/u8:4/74
[ 115.064618][ T74]
[ 115.066933][ T74] CPU: 1 UID: 0 PID: 74 Comm: kworker/u8:4 Not tainted syzkaller #0 PREEMPT(full)
[ 115.066949][ T74] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 115.066958][ T74] Workqueue: netns cleanup_net
[ 115.066975][ T74] Call Trace:
[ 115.066983][ T74]
[ 115.066990][ T74] dump_stack_lvl+0x189/0x250
[ 115.067007][ T74] ? rcu_is_watching+0x15/0xb0
[ 115.067021][ T74] ? __pfx_dump_stack_lvl+0x10/0x10
[ 115.067035][ T74] ? rcu_is_watching+0x15/0xb0
[ 115.067047][ T74] ? lock_release+0x4b/0x3e0
[ 115.067065][ T74] ? __virt_addr_valid+0x1c8/0x5c0
[ 115.067082][ T74] ? __virt_addr_valid+0x4a5/0x5c0
[ 115.067098][ T74] print_report+0xca/0x240
[ 115.067110][ T74] ? __xfrm_state_delete+0x666/0xca0
[ 115.067122][ T74] kasan_report+0x118/0x150
[ 115.067140][ T74] ? __xfrm_state_delete+0x666/0xca0
[ 115.067154][ T74] __xfrm_state_delete+0x666/0xca0
[ 115.067169][ T74] xfrm_state_flush+0x497/0x7d0
[ 115.067185][ T74] xfrm6_tunnel_net_exit+0x3c/0x100
[ 115.067200][ T74] ops_undo_list+0x49a/0x990
[ 115.067213][ T74] ? __pfx_ops_undo_list+0x10/0x10
[ 115.067226][ T74] ? do_raw_spin_unlock+0x122/0x240
[ 115.067242][ T74] cleanup_net+0x4c5/0x800
[ 115.067254][ T74] ? __pfx_cleanup_net+0x10/0x10
[ 115.067265][ T74] ? preempt_schedule_thunk+0x16/0x30
[ 115.067284][ T74] ? process_scheduled_works+0x9ef/0x17b0
[ 115.067297][ T74] ? process_scheduled_works+0x9ef/0x17b0
[ 115.067310][ T74] process_scheduled_works+0xae1/0x17b0
[ 115.067330][ T74] ? __pfx_process_scheduled_works+0x10/0x10
[ 115.067347][ T74] worker_thread+0x8a0/0xda0
[ 115.067368][ T74] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 115.067390][ T74] ? __kthread_parkme+0x7b/0x200
[ 115.067408][ T74] kthread+0x70e/0x8a0
[ 115.067425][ T74] ? __pfx_worker_thread+0x10/0x10
[ 115.067437][ T74] ? __pfx_kthread+0x10/0x10
[ 115.067452][ T74] ? _raw_spin_unlock_irq+0x23/0x50
[ 115.067468][ T74] ? lockdep_hardirqs_on+0x9c/0x150
[ 115.067486][ T74] ? __pfx_kthread+0x10/0x10
[ 115.067501][ T74] ret_from_fork+0x3f9/0x770
[ 115.067514][ T74] ? __pfx_ret_from_fork+0x10/0x10
[ 115.067528][ T74] ? __switch_to_asm+0x39/0x70
[ 115.067544][ T74] ? __switch_to_asm+0x33/0x70
[ 115.067560][ T74] ? __pfx_kthread+0x10/0x10
[ 115.067574][ T74] ret_from_fork_asm+0x1a/0x30
[ 115.067595][ T74]
[ 115.067600][ T74]
[ 115.297708][ T74] Allocated by task 7535:
[ 115.302275][ T74] kasan_save_track+0x3e/0x80
[ 115.306948][ T74] __kasan_slab_alloc+0x6c/0x80
[ 115.311881][ T74] kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 115.317323][ T74] xfrm_state_alloc+0x24/0x2f0
[ 115.322075][ T74] __find_acq_core+0x8a7/0x1c00
[ 115.326908][ T74] xfrm_find_acq+0x78/0xa0
[ 115.331744][ T74] xfrm_alloc_userspi+0x6b3/0xc90
[ 115.336752][ T74] xfrm_user_rcv_msg+0x7a3/0xab0
[ 115.341671][ T74] netlink_rcv_skb+0x208/0x470
[ 115.346437][ T74] xfrm_netlink_rcv+0x79/0x90
[ 115.351107][ T74] netlink_unicast+0x82f/0x9e0
[ 115.355858][ T74] netlink_sendmsg+0x805/0xb30
[ 115.360688][ T74] __sock_sendmsg+0x219/0x270
[ 115.365351][ T74] ____sys_sendmsg+0x505/0x830
[ 115.370092][ T74] ___sys_sendmsg+0x21f/0x2a0
[ 115.374749][ T74] __x64_sys_sendmsg+0x19b/0x260
[ 115.379751][ T74] do_syscall_64+0xfa/0x3b0
[ 115.384231][ T74] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 115.390104][ T74]
[ 115.392436][ T74] Freed by task 9:
[ 115.396129][ T74] kasan_save_track+0x3e/0x80
[ 115.400791][ T74] kasan_save_free_info+0x46/0x50
[ 115.405796][ T74] __kasan_slab_free+0x5b/0x80
[ 115.410630][ T74] kmem_cache_free+0x18f/0x400
[ 115.415378][ T74] xfrm_state_gc_task+0x52d/0x6b0
[ 115.420384][ T74] process_scheduled_works+0xae1/0x17b0
[ 115.425917][ T74] worker_thread+0x8a0/0xda0
[ 115.430507][ T74] kthread+0x70e/0x8a0
[ 115.434556][ T74] ret_from_fork+0x3f9/0x770
[ 115.439125][ T74] ret_from_fork_asm+0x1a/0x30
[ 115.443874][ T74]
[ 115.446177][ T74] The buggy address belongs to the object at ffff888042050cc0
[ 115.446177][ T74] which belongs to the cache xfrm_state of size 928
[ 115.460122][ T74] The buggy address is located 40 bytes inside of
[ 115.460122][ T74] freed 928-byte region [ffff888042050cc0, ffff888042051060)
[ 115.473812][ T74]
[ 115.476117][ T74] The buggy address belongs to the physical page:
[ 115.482532][ T74] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x42050
[ 115.491277][ T74] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 115.499777][ T74] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 115.507311][ T74] page_type: f5(slab)
[ 115.511362][ T74] raw: 00fff00000000040 ffff88802229adc0 dead000000000122 0000000000000000
[ 115.520022][ T74] raw: 0000000000000000 00000000000f000f 00000000f5000000 0000000000000000
[ 115.528596][ T74] head: 00fff00000000040 ffff88802229adc0 dead000000000122 0000000000000000
[ 115.537250][ T74] head: 0000000000000000 00000000000f000f 00000000f5000000 0000000000000000
[ 115.545903][ T74] head: 00fff00000000002 ffffea0001081401 00000000ffffffff 00000000ffffffff
[ 115.554640][ T74] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[ 115.563287][ T74] page dumped because: kasan: bad access detected
[ 115.569692][ T74] page_owner tracks the page as allocated
[ 115.575391][ T74] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 7523, tgid 7522 (syz.0.524), ts 112083797676, free_ts 111991511473
[ 115.594653][ T74] post_alloc_hook+0x240/0x2a0
[ 115.599421][ T74] get_page_from_freelist+0x21e4/0x22c0
[ 115.604956][ T74] __alloc_frozen_pages_noprof+0x181/0x370
[ 115.610744][ T74] alloc_pages_mpol+0x232/0x4a0
[ 115.615590][ T74] allocate_slab+0x8a/0x370
[ 115.620073][ T74] ___slab_alloc+0xbeb/0x1410
[ 115.624762][ T74] kmem_cache_alloc_noprof+0x283/0x3c0
[ 115.630206][ T74] xfrm_state_alloc+0x24/0x2f0
[ 115.634957][ T74] __find_acq_core+0x8a7/0x1c00
[ 115.639874][ T74] xfrm_find_acq+0x78/0xa0
[ 115.644270][ T74] xfrm_alloc_userspi+0x6b3/0xc90
[ 115.649275][ T74] xfrm_user_rcv_msg+0x7a3/0xab0
[ 115.654193][ T74] netlink_rcv_skb+0x208/0x470
[ 115.658950][ T74] xfrm_netlink_rcv+0x79/0x90
[ 115.663625][ T74] netlink_unicast+0x82f/0x9e0
[ 115.668374][ T74] netlink_sendmsg+0x805/0xb30
[ 115.673117][ T74] page last free pid 49 tgid 49 stack trace:
[ 115.679073][ T74] __free_frozen_pages+0xbc4/0xd30
[ 115.684171][ T74] stack_depot_save_flags+0x436/0x860
[ 115.689612][ T74] kasan_save_track+0x4f/0x80
[ 115.694275][ T74] __kasan_slab_alloc+0x6c/0x80
[ 115.699144][ T74] kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 115.704609][ T74] mempool_alloc_noprof+0x1a4/0x510
[ 115.709798][ T74] bio_alloc_bioset+0x241/0x1110
[ 115.714735][ T74] bio_split+0x110/0x4a0
[ 115.718972][ T74] bio_submit_split+0x96/0x5e0
[ 115.723723][ T74] blk_mq_submit_bio+0x166a/0x2520
[ 115.728838][ T74] __submit_bio+0x207/0x5a0
[ 115.733322][ T74] submit_bio_noacct_nocheck+0x505/0xb50
[ 115.738940][ T74] ext4_io_submit+0xe0/0x150
[ 115.743514][ T74] ext4_do_writepages+0xbba/0x4610
[ 115.748611][ T74] ext4_writepages+0x205/0x350
[ 115.753379][ T74] do_writepages+0x32e/0x550
[ 115.757957][ T74]
[ 115.760264][ T74] Memory state around the buggy address:
[ 115.765870][ T74] ffff888042050b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 115.774012][ T74] ffff888042050c00: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[ 115.782070][ T74] >ffff888042050c80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 115.790120][ T74] ^
[ 115.797560][ T74] ffff888042050d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 115.805696][ T74] ffff888042050d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 115.813732][ T74] ==================================================================
[ 115.821874][ T74] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 115.829080][ T74] CPU: 1 UID: 0 PID: 74 Comm: kworker/u8:4 Not tainted syzkaller #0 PREEMPT(full)
[ 115.838367][ T74] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 115.848428][ T74] Workqueue: netns cleanup_net
[ 115.853244][ T74] Call Trace:
[ 115.856537][ T74]
[ 115.859471][ T74] dump_stack_lvl+0x99/0x250
[ 115.864079][ T74] ? __asan_memcpy+0x40/0x70
[ 115.868681][ T74] ? __pfx_dump_stack_lvl+0x10/0x10
[ 115.873889][ T74] ? __pfx__printk+0x10/0x10
[ 115.878481][ T74] vpanic+0x281/0x750
[ 115.882457][ T74] ? __pfx_vpanic+0x10/0x10
[ 115.886946][ T74] ? rcu_is_watching+0x15/0xb0
[ 115.891700][ T74] panic+0xb9/0xc0
[ 115.895405][ T74] ? __pfx_panic+0x10/0x10
[ 115.899804][ T74] ? _raw_spin_unlock_irqrestore+0xa8/0x110
[ 115.905685][ T74] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 115.911659][ T74] ? __xfrm_state_delete+0x666/0xca0
[ 115.916925][ T74] check_panic_on_warn+0x89/0xb0
[ 115.921850][ T74] ? __xfrm_state_delete+0x666/0xca0
[ 115.927119][ T74] end_report+0x78/0x160
[ 115.931348][ T74] kasan_report+0x129/0x150
[ 115.935930][ T74] ? __xfrm_state_delete+0x666/0xca0
[ 115.941228][ T74] __xfrm_state_delete+0x666/0xca0
[ 115.946330][ T74] xfrm_state_flush+0x497/0x7d0
[ 115.951172][ T74] xfrm6_tunnel_net_exit+0x3c/0x100
[ 115.956499][ T74] ops_undo_list+0x49a/0x990
[ 115.961081][ T74] ? __pfx_ops_undo_list+0x10/0x10
[ 115.966180][ T74] ? do_raw_spin_unlock+0x122/0x240
[ 115.971382][ T74] cleanup_net+0x4c5/0x800
[ 115.975782][ T74] ? __pfx_cleanup_net+0x10/0x10
[ 115.980699][ T74] ? preempt_schedule_thunk+0x16/0x30
[ 115.986062][ T74] ? process_scheduled_works+0x9ef/0x17b0
[ 115.991762][ T74] ? process_scheduled_works+0x9ef/0x17b0
[ 115.997463][ T74] process_scheduled_works+0xae1/0x17b0
[ 116.003010][ T74] ? __pfx_process_scheduled_works+0x10/0x10
[ 116.008977][ T74] worker_thread+0x8a0/0xda0
[ 116.013553][ T74] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 116.019871][ T74] ? __kthread_parkme+0x7b/0x200
[ 116.024796][ T74] kthread+0x70e/0x8a0
[ 116.028857][ T74] ? __pfx_worker_thread+0x10/0x10
[ 116.033949][ T74] ? __pfx_kthread+0x10/0x10
[ 116.038529][ T74] ? _raw_spin_unlock_irq+0x23/0x50
[ 116.043730][ T74] ? lockdep_hardirqs_on+0x9c/0x150
[ 116.048922][ T74] ? __pfx_kthread+0x10/0x10
[ 116.053503][ T74] ret_from_fork+0x3f9/0x770
[ 116.058080][ T74] ? __pfx_ret_from_fork+0x10/0x10
[ 116.063267][ T74] ? __switch_to_asm+0x39/0x70
[ 116.068020][ T74] ? __switch_to_asm+0x33/0x70
[ 116.072774][ T74] ? __pfx_kthread+0x10/0x10
[ 116.077357][ T74] ret_from_fork_asm+0x1a/0x30
[ 116.082118][ T74]
[ 116.085454][ T74] Kernel Offset: disabled
[ 116.089782][ T74] Rebooting in 86400 seconds..