Warning: Permanently added '10.128.0.16' (ED25519) to the list of known hosts.
2025/12/24 18:56:32 parsed 1 programs
[ 63.302914][ T4192] cgroup: Unknown subsys name 'net'
[ 63.440921][ T4192] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 64.667073][ T4192] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 66.755925][ T4226] chnl_net:caif_netlink_parms(): no params data found
[ 66.815240][ T4226] bridge0: port 1(bridge_slave_0) entered blocking state
[ 66.822904][ T4226] bridge0: port 1(bridge_slave_0) entered disabled state
[ 66.831340][ T4226] device bridge_slave_0 entered promiscuous mode
[ 66.841022][ T4226] bridge0: port 2(bridge_slave_1) entered blocking state
[ 66.848407][ T4226] bridge0: port 2(bridge_slave_1) entered disabled state
[ 66.856562][ T4226] device bridge_slave_1 entered promiscuous mode
[ 66.882431][ T4226] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 66.893830][ T4226] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 66.922057][ T4226] team0: Port device team_slave_0 added
[ 66.929870][ T4226] team0: Port device team_slave_1 added
[ 66.952540][ T4226] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 66.959611][ T4226] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 66.985797][ T4226] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 66.998935][ T4226] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 67.006081][ T4226] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 67.032232][ T4226] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 67.070392][ T4226] device hsr_slave_0 entered promiscuous mode
[ 67.077291][ T4226] device hsr_slave_1 entered promiscuous mode
[ 67.197674][ T4226] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 67.210210][ T4226] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 67.220625][ T4226] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 67.230563][ T4226] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 67.260746][ T4226] bridge0: port 2(bridge_slave_1) entered blocking state
[ 67.267975][ T4226] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 67.276104][ T4226] bridge0: port 1(bridge_slave_0) entered blocking state
[ 67.283185][ T4226] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 67.340294][ T4226] 8021q: adding VLAN 0 to HW filter on device bond0
[ 67.354817][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 67.370219][ T144] bridge0: port 1(bridge_slave_0) entered disabled state
[ 67.378688][ T144] bridge0: port 2(bridge_slave_1) entered disabled state
[ 67.387905][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 67.400100][ T4226] 8021q: adding VLAN 0 to HW filter on device team0
[ 67.419995][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 67.428601][ T144] bridge0: port 1(bridge_slave_0) entered blocking state
[ 67.435645][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 67.443477][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 67.452838][ T144] bridge0: port 2(bridge_slave_1) entered blocking state
[ 67.460112][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 67.479128][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 67.489436][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 67.501577][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 67.518399][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 67.532370][ T4226] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 67.545602][ T4226] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 67.556367][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 67.661863][ T4226] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 67.673960][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 67.681641][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 67.709321][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 67.733514][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 67.742790][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 67.751431][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 67.759491][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 67.769081][ T4226] device veth0_vlan entered promiscuous mode
[ 67.779353][ T4226] device veth1_vlan entered promiscuous mode
[ 67.795529][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 67.803887][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 67.814438][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 67.823000][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 67.833341][ T4226] device veth0_macvtap entered promiscuous mode
[ 67.843669][ T4226] device veth1_macvtap entered promiscuous mode
[ 67.857041][ T4226] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 67.864547][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 67.873113][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 67.881825][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 67.890420][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 67.902143][ T4226] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 67.919237][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 67.928300][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 67.938247][ T4226] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 67.947136][ T4226] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 67.955998][ T4226] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 67.964694][ T4226] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.061930][ T4226] syz-executor (4226) used greatest stack depth: 20288 bytes left
[ 68.202409][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 68.212673][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 68.222851][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 68.235498][ T4260] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 68.244215][ T4260] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 68.265031][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2025/12/24 18:56:39 executed programs: 0
[ 69.677916][ T4289] chnl_net:caif_netlink_parms(): no params data found
[ 69.733784][ T4289] bridge0: port 1(bridge_slave_0) entered blocking state
[ 69.741121][ T4289] bridge0: port 1(bridge_slave_0) entered disabled state
[ 69.749517][ T4289] device bridge_slave_0 entered promiscuous mode
[ 69.758470][ T4289] bridge0: port 2(bridge_slave_1) entered blocking state
[ 69.765549][ T4289] bridge0: port 2(bridge_slave_1) entered disabled state
[ 69.774006][ T4289] device bridge_slave_1 entered promiscuous mode
[ 69.797123][ T4289] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 69.809143][ T4289] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 69.849305][ T4289] team0: Port device team_slave_0 added
[ 69.857018][ T4289] team0: Port device team_slave_1 added
[ 69.880783][ T4289] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 69.893793][ T4289] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 69.919817][ T4289] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 69.932046][ T4289] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 69.939220][ T4289] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 69.965210][ T4289] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 69.995523][ T4289] device hsr_slave_0 entered promiscuous mode
[ 70.003228][ T4289] device hsr_slave_1 entered promiscuous mode
[ 70.010229][ T4289] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 70.020181][ T4289] Cannot create hsr debugfs directory
[ 70.052483][ T1160] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 71.248956][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.255340][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[ 71.566624][ T1107] Bluetooth: hci0: command 0x0409 tx timeout
[ 73.561071][ T1160] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 73.610214][ T1160] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 73.645972][ T3519] Bluetooth: hci0: command 0x041b tx timeout
[ 73.662372][ T1160] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 74.538651][ T4289] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 74.548846][ T4289] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 74.558197][ T4289] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 74.568460][ T4289] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 74.627027][ T4289] 8021q: adding VLAN 0 to HW filter on device bond0
[ 74.648544][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 74.657008][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 74.667590][ T4289] 8021q: adding VLAN 0 to HW filter on device team0
[ 74.689571][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 74.698359][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 74.707415][ T4260] bridge0: port 1(bridge_slave_0) entered blocking state
[ 74.714462][ T4260] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 74.722770][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 74.734234][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 74.743172][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 74.751715][ T144] bridge0: port 2(bridge_slave_1) entered blocking state
[ 74.758801][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 74.789823][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 74.800819][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 74.812326][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 74.822470][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 74.833535][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 74.844506][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 74.853605][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 74.881655][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 74.890512][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 74.900548][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 74.909581][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 74.921482][ T4289] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 75.015552][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 75.023557][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 75.034978][ T4289] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 75.067563][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 75.076993][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 75.095385][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 75.103613][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 75.111987][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 75.120539][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 75.132172][ T4289] device veth0_vlan entered promiscuous mode
[ 75.150384][ T4289] device veth1_vlan entered promiscuous mode
[ 75.177331][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 75.185472][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 75.193891][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 75.202741][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 75.217544][ T4289] device veth0_macvtap entered promiscuous mode
[ 75.229424][ T1160] device hsr_slave_0 left promiscuous mode
[ 75.236715][ T1160] device hsr_slave_1 left promiscuous mode
[ 75.244104][ T1160] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 75.251739][ T1160] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 75.261001][ T1160] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 75.268703][ T1160] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 75.276636][ T1160] device bridge_slave_1 left promiscuous mode
[ 75.283484][ T1160] bridge0: port 2(bridge_slave_1) entered disabled state
[ 75.297373][ T1160] device bridge_slave_0 left promiscuous mode
[ 75.303655][ T1160] bridge0: port 1(bridge_slave_0) entered disabled state
[ 75.319296][ T1160] device veth1_macvtap left promiscuous mode
[ 75.325530][ T1160] device veth0_macvtap left promiscuous mode
[ 75.331774][ T1160] device veth1_vlan left promiscuous mode
[ 75.337723][ T1160] device veth0_vlan left promiscuous mode
[ 75.468953][ T1160] team0 (unregistering): Port device team_slave_1 removed
[ 75.482507][ T1160] team0 (unregistering): Port device team_slave_0 removed
[ 75.494230][ T1160] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 75.507620][ T1160] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 75.559109][ T1160] bond0 (unregistering): Released all slaves
[ 75.610757][ T4289] device veth1_macvtap entered promiscuous mode
[ 75.628441][ T4289] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 75.637902][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 75.646486][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 75.654522][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 75.664349][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 75.674776][ T4289] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 75.684719][ T4289] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.696569][ T4289] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.705279][ T4289] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.714312][ T4289] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.724278][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 75.732377][ T4314] Bluetooth: hci0: command 0x040f tx timeout
[ 75.737484][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 75.800929][ T4260] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 75.812950][ T4260] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 75.822862][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 75.842427][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 75.854054][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 75.863376][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 75.899298][ T4360] ==================================================================
[ 75.907557][ T4360] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x5df/0x690
[ 75.916777][ T4360] Read of size 1 at addr ffff8880761ec608 by task syz.0.17/4360
[ 75.924401][ T4360]
[ 75.926722][ T4360] CPU: 0 PID: 4360 Comm: syz.0.17 Not tainted syzkaller #0
[ 75.933895][ T4360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 75.943945][ T4360] Call Trace:
[ 75.947209][ T4360]
[ 75.950125][ T4360] dump_stack_lvl+0x168/0x230
[ 75.954785][ T4360] ? show_regs_print_info+0x20/0x20
[ 75.959963][ T4360] ? load_image+0x3b0/0x3b0
[ 75.964461][ T4360] ? _raw_spin_lock_irqsave+0xb0/0xf0
[ 75.969814][ T4360] ? xfrm_pol_bin_obj+0x140/0x140
[ 75.974838][ T4360] print_address_description+0x60/0x2d0
[ 75.980373][ T4360] ? xfrm_policy_inexact_list_reinsert+0x5df/0x690
[ 75.986857][ T4360] kasan_report+0xdf/0x130
[ 75.991255][ T4360] ? xfrm_policy_inexact_list_reinsert+0x5df/0x690
[ 75.997745][ T4360] xfrm_policy_inexact_list_reinsert+0x5df/0x690
[ 76.004077][ T4360] xfrm_policy_inexact_insert_node+0x950/0xb60
[ 76.010211][ T4360] ? xfrm_policy_alloc+0x75/0x2b0
[ 76.015219][ T4360] xfrm_policy_inexact_alloc_chain+0x7cf/0xea0
[ 76.021352][ T4360] ? xfrm_policy_inexact_insert+0xe0/0x1460
[ 76.027228][ T4360] xfrm_policy_inexact_insert+0xe0/0x1460
[ 76.032931][ T4360] ? __get_hash_thresh+0x105/0x410
[ 76.038032][ T4360] ? policy_hash_bysel+0x10a/0x570
[ 76.043144][ T4360] xfrm_policy_insert+0x112/0x930
[ 76.048156][ T4360] xfrm_add_policy+0x4d6/0x860
[ 76.052909][ T4360] ? xfrm_dump_sa_done+0xc0/0xc0
[ 76.057828][ T4360] ? apparmor_capable+0x12c/0x190
[ 76.062840][ T4360] ? __nla_parse+0x3c/0x50
[ 76.067242][ T4360] xfrm_user_rcv_msg+0x58d/0x860
[ 76.072159][ T4360] ? xfrm_netlink_rcv+0x90/0x90
[ 76.077015][ T4360] ? xfrm_netlink_rcv+0x66/0x90
[ 76.081861][ T4360] ? xfrm_netlink_rcv+0x66/0x90
[ 76.086691][ T4360] ? xfrm_netlink_rcv+0x66/0x90
[ 76.091519][ T4360] ? __mutex_lock_common+0x431/0x2390
[ 76.096879][ T4360] ? __copy_skb_header+0x417/0x5a0
[ 76.101987][ T4360] ? __skb_clone+0x480/0x790
[ 76.106562][ T4360] netlink_rcv_skb+0x1e0/0x430
[ 76.111311][ T4360] ? xfrm_netlink_rcv+0x90/0x90
[ 76.116152][ T4360] ? netlink_ack+0xb60/0xb60
[ 76.120741][ T4360] ? __lock_acquire+0x7c60/0x7c60
[ 76.125756][ T4360] xfrm_netlink_rcv+0x75/0x90
[ 76.130430][ T4360] netlink_unicast+0x774/0x920
[ 76.135199][ T4360] netlink_sendmsg+0x8ab/0xbc0
[ 76.139949][ T4360] ? netlink_getsockopt+0x560/0x560
[ 76.145125][ T4360] ? slab_post_alloc_hook+0x4c/0x380
[ 76.150392][ T4360] ? aa_sock_msg_perm+0x94/0x150
[ 76.155321][ T4360] ? bpf_lsm_socket_sendmsg+0x5/0x10
[ 76.160591][ T4360] ? security_socket_sendmsg+0x7c/0xa0
[ 76.166036][ T4360] ? netlink_getsockopt+0x560/0x560
[ 76.171227][ T4360] ____sys_sendmsg+0x5a2/0x8c0
[ 76.175977][ T4360] ? memset+0x1e/0x40
[ 76.179954][ T4360] ? __sys_sendmsg_sock+0x30/0x30
[ 76.184964][ T4360] ? import_iovec+0x6f/0xa0
[ 76.189449][ T4360] ___sys_sendmsg+0x1f0/0x260
[ 76.194108][ T4360] ? __sys_sendmsg+0x250/0x250
[ 76.198852][ T4360] ? percpu_counter_add_batch+0x13b/0x160
[ 76.204566][ T4360] ? __context_tracking_exit+0x4c/0x80
[ 76.210007][ T4360] ? __fdget+0x150/0x210
[ 76.214240][ T4360] __se_sys_sendmsg+0x190/0x250
[ 76.219072][ T4360] ? __x64_sys_sendmsg+0x80/0x80
[ 76.223987][ T4360] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 76.229954][ T4360] ? lockdep_hardirqs_on+0x94/0x140
[ 76.235132][ T4360] do_syscall_64+0x4c/0xa0
[ 76.239524][ T4360] ? clear_bhb_loop+0x30/0x80
[ 76.244180][ T4360] ? clear_bhb_loop+0x30/0x80
[ 76.248831][ T4360] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 76.254709][ T4360] RIP: 0033:0x7f6970502749
[ 76.259106][ T4360] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 76.278692][ T4360] RSP: 002b:00007fffb877b668 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 76.287088][ T4360] RAX: ffffffffffffffda RBX: 00007f6970758fa0 RCX: 00007f6970502749
[ 76.295054][ T4360] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000007
[ 76.303022][ T4360] RBP: 00007f6970586f91 R08: 0000000000000000 R09: 0000000000000000
[ 76.310980][ T4360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 76.318938][ T4360] R13: 00007f6970758fa0 R14: 00007f6970758fa0 R15: 0000000000000003
[ 76.326912][ T4360]
[ 76.329917][ T4360]
[ 76.332216][ T4360] Allocated by task 4360:
[ 76.336520][ T4360] __kasan_kmalloc+0xb5/0xf0
[ 76.341106][ T4360] sk_prot_alloc+0xe7/0x210
[ 76.345590][ T4360] sk_alloc+0x2f/0x310
[ 76.349642][ T4360] pfkey_create+0xd8/0x560
[ 76.354033][ T4360] __sock_create+0x47b/0x900
[ 76.358599][ T4360] __sys_socket+0xe2/0x170
[ 76.362995][ T4360] __x64_sys_socket+0x76/0x80
[ 76.367658][ T4360] do_syscall_64+0x4c/0xa0
[ 76.368466][ T23] cfg80211: failed to load regulatory.db
[ 76.372074][ T4360] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 76.383583][ T4360]
[ 76.385909][ T4360] The buggy address belongs to the object at ffff8880761ec000
[ 76.385909][ T4360] which belongs to the cache kmalloc-2k of size 2048
[ 76.399964][ T4360] The buggy address is located 1544 bytes inside of
[ 76.399964][ T4360] 2048-byte region [ffff8880761ec000, ffff8880761ec800)
[ 76.413415][ T4360] The buggy address belongs to the page:
[ 76.419052][ T4360] page:ffffea0001d87a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x761e8
[ 76.429212][ T4360] head:ffffea0001d87a00 order:3 compound_mapcount:0 compound_pincount:0
[ 76.437530][ T4360] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 76.445528][ T4360] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888016842000
[ 76.454107][ T4360] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[ 76.462684][ T4360] page dumped because: kasan: bad access detected
[ 76.469102][ T4360] page_owner tracks the page as allocated
[ 76.474809][ T4360] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 4289, ts 75835698733, free_ts 75789270016
[ 76.495302][ T4360] get_page_from_freelist+0x1b77/0x1c60
[ 76.500869][ T4360] __alloc_pages+0x1e1/0x470
[ 76.505470][ T4360] new_slab+0xc0/0x4b0
[ 76.509531][ T4360] ___slab_alloc+0x81e/0xdf0
[ 76.514119][ T4360] __kmalloc_node+0x200/0x3b0
[ 76.518789][ T4360] qdisc_alloc+0x8d/0xb10
[ 76.523116][ T4360] qdisc_create_dflt+0x5f/0x430
[ 76.527962][ T4360] mq_init+0x2e0/0x660
[ 76.532026][ T4360] qdisc_create_dflt+0x11a/0x430
[ 76.536956][ T4360] dev_activate+0x192/0x12b0
[ 76.541540][ T4360] __dev_open+0x32c/0x420
[ 76.545871][ T4360] __dev_change_flags+0x20a/0x6a0
[ 76.550895][ T4360] dev_change_flags+0x82/0x1a0
[ 76.555653][ T4360] devinet_ioctl+0x8dc/0x1a70
[ 76.560324][ T4360] inet_ioctl+0x2c9/0x400
[ 76.564657][ T4360] sock_do_ioctl+0xd3/0x2f0
[ 76.569155][ T4360] page last free stack trace:
[ 76.573819][ T4360] free_unref_page_prepare+0x637/0x6c0
[ 76.579274][ T4360] free_unref_page+0x94/0x280
[ 76.583945][ T4360] __unfreeze_partials+0x1a5/0x200
[ 76.589050][ T4360] put_cpu_partial+0x12d/0x190
[ 76.593806][ T4360] qlist_free_all+0x35/0x90
[ 76.598303][ T4360] kasan_quarantine_reduce+0x150/0x160
[ 76.603759][ T4360] __kasan_slab_alloc+0x2f/0xd0
[ 76.608604][ T4360] slab_post_alloc_hook+0x4c/0x380
[ 76.613713][ T4360] kmem_cache_alloc+0x100/0x290
[ 76.618557][ T4360] new_inode_pseudo+0x77/0x210
[ 76.623326][ T4360] new_inode+0x25/0x1c0
[ 76.627475][ T4360] __debugfs_create_file+0x148/0x510
[ 76.632757][ T4360] debugfs_hw_add+0x12b/0x420
[ 76.637427][ T4360] ieee80211_register_hw+0x29d1/0x39d0
[ 76.642885][ T4360] mac80211_hwsim_new_radio+0x20d3/0x4080
[ 76.648602][ T4360] hwsim_new_radio_nl+0xa6f/0xc40
[ 76.653620][ T4360]
[ 76.655937][ T4360] Memory state around the buggy address:
[ 76.661566][ T4360] ffff8880761ec500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 76.669709][ T4360] ffff8880761ec580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 76.677762][ T4360] >ffff8880761ec600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 76.685810][ T4360] ^
[ 76.690131][ T4360] ffff8880761ec680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 76.698183][ T4360] ffff8880761ec700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 76.706239][ T4360] ==================================================================
[ 76.714289][ T4360] Disabling lock debugging due to kernel taint
[ 76.720564][ T4360] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 76.727766][ T4360] CPU: 0 PID: 4360 Comm: syz.0.17 Tainted: G B syzkaller #0
[ 76.736348][ T4360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 76.746399][ T4360] Call Trace:
[ 76.749678][ T4360]
[ 76.752599][ T4360] dump_stack_lvl+0x168/0x230
[ 76.757276][ T4360] ? show_regs_print_info+0x20/0x20
[ 76.762491][ T4360] ? load_image+0x3b0/0x3b0
[ 76.766986][ T4360] panic+0x2c9/0x7f0
[ 76.770862][ T4360] ? bpf_jit_dump+0xd0/0xd0
[ 76.775340][ T4360] ? _raw_spin_unlock_irqrestore+0xa5/0x100
[ 76.781215][ T4360] ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 76.787101][ T4360] ? _raw_spin_unlock+0x40/0x40
[ 76.791952][ T4360] ? xfrm_policy_inexact_list_reinsert+0x5df/0x690
[ 76.798443][ T4360] check_panic_on_warn+0x80/0xa0
[ 76.803366][ T4360] ? xfrm_policy_inexact_list_reinsert+0x5df/0x690
[ 76.809849][ T4360] end_report+0x6d/0xf0
[ 76.813986][ T4360] kasan_report+0x102/0x130
[ 76.818465][ T4360] ? xfrm_policy_inexact_list_reinsert+0x5df/0x690
[ 76.824948][ T4360] xfrm_policy_inexact_list_reinsert+0x5df/0x690
[ 76.831257][ T4360] xfrm_policy_inexact_insert_node+0x950/0xb60
[ 76.837392][ T4360] ? xfrm_policy_alloc+0x75/0x2b0
[ 76.842397][ T4360] xfrm_policy_inexact_alloc_chain+0x7cf/0xea0
[ 76.848533][ T4360] ? xfrm_policy_inexact_insert+0xe0/0x1460
[ 76.854415][ T4360] xfrm_policy_inexact_insert+0xe0/0x1460
[ 76.860119][ T4360] ? __get_hash_thresh+0x105/0x410
[ 76.865214][ T4360] ? policy_hash_bysel+0x10a/0x570
[ 76.870304][ T4360] xfrm_policy_insert+0x112/0x930
[ 76.875310][ T4360] xfrm_add_policy+0x4d6/0x860
[ 76.880057][ T4360] ? xfrm_dump_sa_done+0xc0/0xc0
[ 76.884983][ T4360] ? apparmor_capable+0x12c/0x190
[ 76.889987][ T4360] ? __nla_parse+0x3c/0x50
[ 76.894384][ T4360] xfrm_user_rcv_msg+0x58d/0x860
[ 76.899306][ T4360] ? xfrm_netlink_rcv+0x90/0x90
[ 76.904144][ T4360] ? xfrm_netlink_rcv+0x66/0x90
[ 76.908970][ T4360] ? xfrm_netlink_rcv+0x66/0x90
[ 76.913797][ T4360] ? xfrm_netlink_rcv+0x66/0x90
[ 76.918638][ T4360] ? __mutex_lock_common+0x431/0x2390
[ 76.923998][ T4360] ? __copy_skb_header+0x417/0x5a0
[ 76.929092][ T4360] ? __skb_clone+0x480/0x790
[ 76.933669][ T4360] netlink_rcv_skb+0x1e0/0x430
[ 76.938412][ T4360] ? xfrm_netlink_rcv+0x90/0x90
[ 76.943242][ T4360] ? netlink_ack+0xb60/0xb60
[ 76.947814][ T4360] ? __lock_acquire+0x7c60/0x7c60
[ 76.952818][ T4360] xfrm_netlink_rcv+0x75/0x90
[ 76.957471][ T4360] netlink_unicast+0x774/0x920
[ 76.962215][ T4360] netlink_sendmsg+0x8ab/0xbc0
[ 76.966958][ T4360] ? netlink_getsockopt+0x560/0x560
[ 76.972133][ T4360] ? slab_post_alloc_hook+0x4c/0x380
[ 76.977393][ T4360] ? aa_sock_msg_perm+0x94/0x150
[ 76.982306][ T4360] ? bpf_lsm_socket_sendmsg+0x5/0x10
[ 76.987565][ T4360] ? security_socket_sendmsg+0x7c/0xa0
[ 76.992999][ T4360] ? netlink_getsockopt+0x560/0x560
[ 76.998177][ T4360] ____sys_sendmsg+0x5a2/0x8c0
[ 77.002920][ T4360] ? memset+0x1e/0x40
[ 77.006882][ T4360] ? __sys_sendmsg_sock+0x30/0x30
[ 77.011902][ T4360] ? import_iovec+0x6f/0xa0
[ 77.016389][ T4360] ___sys_sendmsg+0x1f0/0x260
[ 77.021070][ T4360] ? __sys_sendmsg+0x250/0x250
[ 77.025818][ T4360] ? percpu_counter_add_batch+0x13b/0x160
[ 77.031519][ T4360] ? __context_tracking_exit+0x4c/0x80
[ 77.036959][ T4360] ? __fdget+0x150/0x210
[ 77.041181][ T4360] __se_sys_sendmsg+0x190/0x250
[ 77.046007][ T4360] ? __x64_sys_sendmsg+0x80/0x80
[ 77.050919][ T4360] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 77.056876][ T4360] ? lockdep_hardirqs_on+0x94/0x140
[ 77.062058][ T4360] do_syscall_64+0x4c/0xa0
[ 77.066455][ T4360] ? clear_bhb_loop+0x30/0x80
[ 77.071114][ T4360] ? clear_bhb_loop+0x30/0x80
[ 77.075771][ T4360] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 77.081653][ T4360] RIP: 0033:0x7f6970502749
[ 77.086050][ T4360] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 77.105645][ T4360] RSP: 002b:00007fffb877b668 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 77.114041][ T4360] RAX: ffffffffffffffda RBX: 00007f6970758fa0 RCX: 00007f6970502749
[ 77.122025][ T4360] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000007
[ 77.130078][ T4360] RBP: 00007f6970586f91 R08: 0000000000000000 R09: 0000000000000000
[ 77.138030][ T4360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 77.145982][ T4360] R13: 00007f6970758fa0 R14: 00007f6970758fa0 R15: 0000000000000003
[ 77.153937][ T4360]
[ 77.157234][ T4360] Kernel Offset: disabled
[ 77.161562][ T4360] Rebooting in 86400 seconds..