Warning: Permanently added '10.128.1.172' (ED25519) to the list of known hosts.
2025/10/24 04:21:12 parsed 1 programs
[ 86.558562][ T5804] cgroup: Unknown subsys name 'net'
[ 86.840028][ T5804] cgroup: Unknown subsys name 'cpuset'
[ 86.877872][ T992] cfg80211: failed to load regulatory.db
[ 86.904894][ T5804] cgroup: Unknown subsys name 'rlimit'
[ 88.633436][ T5804] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 93.876541][ T5847] chnl_net:caif_netlink_parms(): no params data found
[ 94.375875][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state
[ 94.377163][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state
[ 94.377284][ T5847] bridge_slave_0: entered allmulticast mode
[ 94.378883][ T5847] bridge_slave_0: entered promiscuous mode
[ 94.383610][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state
[ 94.383735][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state
[ 94.383846][ T5847] bridge_slave_1: entered allmulticast mode
[ 94.387359][ T5847] bridge_slave_1: entered promiscuous mode
[ 94.638420][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 94.642522][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 94.866370][ T5847] team0: Port device team_slave_0 added
[ 94.886585][ T5847] team0: Port device team_slave_1 added
[ 95.157384][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 95.157401][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 95.157424][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 95.162625][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 95.162635][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 95.162649][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 95.393223][ T5847] hsr_slave_0: entered promiscuous mode
[ 95.395559][ T5847] hsr_slave_1: entered promiscuous mode
[ 95.732941][ T5847] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 95.751544][ T5847] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 95.788347][ T5847] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 95.839800][ T5847] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 96.026942][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0
[ 96.053723][ T5847] 8021q: adding VLAN 0 to HW filter on device team0
[ 96.066046][ T3563] bridge0: port 1(bridge_slave_0) entered blocking state
[ 96.066512][ T3563] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 96.094527][ T4813] bridge0: port 2(bridge_slave_1) entered blocking state
[ 96.094658][ T4813] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 96.301849][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 96.343841][ T5847] veth0_vlan: entered promiscuous mode
[ 96.356601][ T5847] veth1_vlan: entered promiscuous mode
[ 96.393915][ T5847] veth0_macvtap: entered promiscuous mode
[ 96.404085][ T5847] veth1_macvtap: entered promiscuous mode
[ 96.427783][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 96.437588][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 96.458260][ T4813] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 96.460417][ T4813] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 96.502528][ T4813] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 96.503971][ T4813] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 96.795666][ T5871] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 96.801281][ T5871] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 96.806591][ T5871] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 96.808426][ T5871] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 96.809231][ T5871] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 97.269596][ T1296] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 97.562040][ T1296] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 98.019046][ T4813] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 98.019070][ T4813] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 98.068281][ T3563] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 98.068301][ T3563] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 98.268540][ T1296] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 99.548479][ T1296] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 100.134514][ T1296] bridge_slave_1: left allmulticast mode
[ 100.135483][ T1296] bridge_slave_1: left promiscuous mode
[ 100.136978][ T1296] bridge0: port 2(bridge_slave_1) entered disabled state
[ 100.235415][ T1296] bridge_slave_0: left allmulticast mode
[ 100.235435][ T1296] bridge_slave_0: left promiscuous mode
[ 100.235591][ T1296] bridge0: port 1(bridge_slave_0) entered disabled state
[ 101.875004][ T1296] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 101.954930][ T1296] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 101.999003][ T1296] bond0 (unregistering): Released all slaves
[ 102.371311][ T1296] hsr_slave_0: left promiscuous mode
[ 102.420436][ T1296] hsr_slave_1: left promiscuous mode
[ 102.421679][ T1296] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 102.421767][ T1296] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 102.467696][ T1296] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 102.467724][ T1296] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 102.605690][ T1296] veth1_macvtap: left promiscuous mode
[ 102.606013][ T1296] veth0_macvtap: left promiscuous mode
[ 102.606306][ T1296] veth1_vlan: left promiscuous mode
[ 102.606619][ T1296] veth0_vlan: left promiscuous mode
[ 104.674940][ T1296] team0 (unregistering): Port device team_slave_1 removed
[ 104.854874][ T1296] team0 (unregistering): Port device team_slave_0 removed
2025/10/24 04:21:35 executed programs: 0
[ 107.716916][ T5871] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 107.720982][ T5871] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 107.725086][ T5871] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 107.734616][ T5871] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 107.736351][ T5871] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 108.575332][ T5943] chnl_net:caif_netlink_parms(): no params data found
[ 108.968943][ T5943] bridge0: port 1(bridge_slave_0) entered blocking state
[ 108.969175][ T5943] bridge0: port 1(bridge_slave_0) entered disabled state
[ 108.969340][ T5943] bridge_slave_0: entered allmulticast mode
[ 108.972163][ T5943] bridge_slave_0: entered promiscuous mode
[ 109.014987][ T5943] bridge0: port 2(bridge_slave_1) entered blocking state
[ 109.015103][ T5943] bridge0: port 2(bridge_slave_1) entered disabled state
[ 109.015280][ T5943] bridge_slave_1: entered allmulticast mode
[ 109.017871][ T5943] bridge_slave_1: entered promiscuous mode
[ 109.242928][ T5943] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 109.263512][ T5943] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 109.478558][ T5943] team0: Port device team_slave_0 added
[ 109.482018][ T5943] team0: Port device team_slave_1 added
[ 109.755643][ T5871] Bluetooth: hci0: command tx timeout
[ 110.037048][ T5943] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 110.037063][ T5943] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 110.037082][ T5943] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 110.046667][ T5943] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 110.046683][ T5943] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 110.046706][ T5943] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 110.680157][ T5943] hsr_slave_0: entered promiscuous mode
[ 110.681428][ T5943] hsr_slave_1: entered promiscuous mode
[ 111.834357][ T5871] Bluetooth: hci0: command tx timeout
[ 112.582762][ T5943] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 112.619090][ T5943] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 112.669397][ T5943] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 112.710650][ T5943] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 112.866109][ T5943] 8021q: adding VLAN 0 to HW filter on device bond0
[ 112.916595][ T5943] 8021q: adding VLAN 0 to HW filter on device team0
[ 112.938926][ T1296] bridge0: port 1(bridge_slave_0) entered blocking state
[ 112.939130][ T1296] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 112.969009][ T1296] bridge0: port 2(bridge_slave_1) entered blocking state
[ 112.969155][ T1296] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 113.278648][ T5943] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 113.337328][ T5943] veth0_vlan: entered promiscuous mode
[ 113.357139][ T5943] veth1_vlan: entered promiscuous mode
[ 113.409836][ T5943] veth0_macvtap: entered promiscuous mode
[ 113.421574][ T5943] veth1_macvtap: entered promiscuous mode
[ 113.452763][ T5943] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 113.471046][ T5943] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 113.486558][ T3563] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 113.488119][ T3563] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 113.488162][ T3563] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 113.488204][ T3563] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 113.711053][ T2306] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.711073][ T2306] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 113.774830][ T1296] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.774849][ T1296] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/10/24 04:21:41 executed programs: 2
[ 113.914454][ T5871] Bluetooth: hci0: command tx timeout
[ 114.378833][ T6058] loop0: detected capacity change from 0 to 32768
[ 114.518781][ T6058] MetaData crosses page boundary!!
[ 114.518794][ T6058] lblock = ffffffffff, size = -4096
[ 114.518828][ T6058] CPU: 1 UID: 0 PID: 6058 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
[ 114.518854][ T6058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 114.518871][ T6058] Call Trace:
[ 114.518881][ T6058]
[ 114.518888][ T6058] dump_stack_lvl+0x189/0x250
[ 114.518925][ T6058] ? __pfx_dump_stack_lvl+0x10/0x10
[ 114.518946][ T6058] ? __pfx__printk+0x10/0x10
[ 114.518976][ T6058] __get_metapage+0x9ea/0xde0
[ 114.519007][ T6058] dtSearch+0x591/0x21b0
[ 114.519039][ T6058] ? __kmalloc_noprof+0x254/0x7d0
[ 114.519080][ T6058] jfs_lookup+0x155/0x380
[ 114.519102][ T6058] ? __pfx_jfs_lookup+0x10/0x10
[ 114.519119][ T6058] ? d_alloc_parallel+0x14a9/0x1610
[ 114.519161][ T6058] ? __pfx_d_alloc_parallel+0x10/0x10
[ 114.519184][ T6058] ? __rt_spin_lock_init+0x3e/0x50
[ 114.519212][ T6058] path_openat+0x110d/0x3840
[ 114.519266][ T6058] ? __pfx_path_openat+0x10/0x10
[ 114.519299][ T6058] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 114.519322][ T6058] ? lockdep_hardirqs_on+0x9c/0x150
[ 114.519344][ T6058] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 114.519373][ T6058] do_filp_open+0x1fa/0x410
[ 114.519395][ T6058] ? __pfx_do_filp_open+0x10/0x10
[ 114.519411][ T6058] ? rt_mutex_slowunlock+0x493/0x8a0
[ 114.519453][ T6058] ? alloc_fd+0x64f/0x6c0
[ 114.519487][ T6058] do_sys_openat2+0x121/0x1c0
[ 114.519508][ T6058] ? __pfx_do_sys_openat2+0x10/0x10
[ 114.519531][ T6058] ? __pfx___se_sys_futex+0x10/0x10
[ 114.519558][ T6058] __x64_sys_openat+0x138/0x170
[ 114.519581][ T6058] do_syscall_64+0xfa/0xfa0
[ 114.519600][ T6058] ? lockdep_hardirqs_on+0x9c/0x150
[ 114.519620][ T6058] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 114.519637][ T6058] ? clear_bhb_loop+0x60/0xb0
[ 114.519658][ T6058] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 114.519674][ T6058] RIP: 0033:0x7fcd5c08efc9
[ 114.519695][ T6058] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 114.519709][ T6058] RSP: 002b:00007fff10491598 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 114.519729][ T6058] RAX: ffffffffffffffda RBX: 00007fcd5c2e5fa0 RCX: 00007fcd5c08efc9
[ 114.519741][ T6058] RDX: 0000000000000000 RSI: 0000200000000280 RDI: ffffffffffffff9c
[ 114.519753][ T6058] RBP: 00007fcd5c111f91 R08: 0000000000000000 R09: 0000000000000000
[ 114.519764][ T6058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 114.519774][ T6058] R13: 00007fcd5c2e5fa0 R14: 00007fcd5c2e5fa0 R15: 0000000000000004
[ 114.519805][ T6058]
[ 114.519812][ T6058] bread failed!
[ 114.519896][ T6058] jfs_lookup: dtSearch returned -5
[ 115.652240][ T6086] loop0: detected capacity change from 0 to 32768
[ 115.692757][ T6086] MetaData crosses page boundary!!
[ 115.692770][ T6086] lblock = ffffffffff, size = -4096
[ 115.692786][ T6086] CPU: 0 UID: 0 PID: 6086 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
[ 115.692803][ T6086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 115.692810][ T6086] Call Trace:
[ 115.692816][ T6086]
[ 115.692823][ T6086] dump_stack_lvl+0x189/0x250
[ 115.692851][ T6086] ? __pfx_dump_stack_lvl+0x10/0x10
[ 115.692871][ T6086] ? __pfx__printk+0x10/0x10
[ 115.692900][ T6086] __get_metapage+0x9ea/0xde0
[ 115.692922][ T6086] dtSearch+0x591/0x21b0
[ 115.692958][ T6086] ? __kmalloc_noprof+0x254/0x7d0
[ 115.692991][ T6086] jfs_lookup+0x155/0x380
[ 115.693010][ T6086] ? __pfx_jfs_lookup+0x10/0x10
[ 115.693025][ T6086] ? d_alloc_parallel+0x14a9/0x1610
[ 115.693057][ T6086] ? __pfx_d_alloc_parallel+0x10/0x10
[ 115.693074][ T6086] ? __rt_spin_lock_init+0x3e/0x50
[ 115.693097][ T6086] path_openat+0x110d/0x3840
[ 115.693143][ T6086] ? __pfx_path_openat+0x10/0x10
[ 115.693170][ T6086] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 115.693189][ T6086] ? lockdep_hardirqs_on+0x9c/0x150
[ 115.693208][ T6086] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 115.693232][ T6086] do_filp_open+0x1fa/0x410
[ 115.693250][ T6086] ? __pfx_do_filp_open+0x10/0x10
[ 115.693263][ T6086] ? rt_mutex_slowunlock+0x493/0x8a0
[ 115.693300][ T6086] ? alloc_fd+0x64f/0x6c0
[ 115.693328][ T6086] do_sys_openat2+0x121/0x1c0
[ 115.693347][ T6086] ? __pfx_do_sys_openat2+0x10/0x10
[ 115.693369][ T6086] ? __pfx___se_sys_futex+0x10/0x10
[ 115.693392][ T6086] __x64_sys_openat+0x138/0x170
[ 115.693412][ T6086] do_syscall_64+0xfa/0xfa0
[ 115.693429][ T6086] ? lockdep_hardirqs_on+0x9c/0x150
[ 115.693447][ T6086] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 115.693462][ T6086] ? clear_bhb_loop+0x60/0xb0
[ 115.693481][ T6086] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 115.693495][ T6086] RIP: 0033:0x7fcd5c08efc9
[ 115.693509][ T6086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 115.693519][ T6086] RSP: 002b:00007fff10491598 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 115.693534][ T6086] RAX: ffffffffffffffda RBX: 00007fcd5c2e5fa0 RCX: 00007fcd5c08efc9
[ 115.693544][ T6086] RDX: 0000000000000000 RSI: 0000200000000280 RDI: ffffffffffffff9c
[ 115.693553][ T6086] RBP: 00007fcd5c111f91 R08: 0000000000000000 R09: 0000000000000000
[ 115.693562][ T6086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 115.693570][ T6086] R13: 00007fcd5c2e5fa0 R14: 00007fcd5c2e5fa0 R15: 0000000000000004
[ 115.693596][ T6086]
[ 115.693602][ T6086] bread failed!
[ 115.693628][ T6086] jfs_lookup: dtSearch returned -5
[ 115.994401][ T5871] Bluetooth: hci0: command tx timeout
[ 116.832237][ T6102] loop0: detected capacity change from 0 to 32768
[ 116.869444][ T6102] ==================================================================
[ 116.869459][ T6102] BUG: KASAN: slab-use-after-free in dtSearch+0x1683/0x21b0
[ 116.869484][ T6102] Read of size 1 at addr ffff8880410f86c8 by task syz.0.19/6102
[ 116.869499][ T6102]
[ 116.869511][ T6102] CPU: 1 UID: 0 PID: 6102 Comm: syz.0.19 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
[ 116.869531][ T6102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 116.869542][ T6102] Call Trace:
[ 116.869549][ T6102]
[ 116.869556][ T6102] dump_stack_lvl+0x189/0x250
[ 116.869588][ T6102] ? __kasan_check_byte+0x12/0x40
[ 116.869610][ T6102] ? __pfx_dump_stack_lvl+0x10/0x10
[ 116.869632][ T6102] ? lock_release+0x4b/0x3e0
[ 116.869655][ T6102] ? __virt_addr_valid+0x4a5/0x5c0
[ 116.869678][ T6102] print_report+0xca/0x240
[ 116.869699][ T6102] ? dtSearch+0x1683/0x21b0
[ 116.869714][ T6102] kasan_report+0x118/0x150
[ 116.869736][ T6102] ? dtSearch+0x1683/0x21b0
[ 116.869756][ T6102] dtSearch+0x1683/0x21b0
[ 116.869779][ T6102] ? __kmalloc_noprof+0x254/0x7d0
[ 116.869806][ T6102] jfs_lookup+0x155/0x380
[ 116.869826][ T6102] ? __pfx_jfs_lookup+0x10/0x10
[ 116.869843][ T6102] ? d_alloc_parallel+0x14a9/0x1610
[ 116.869869][ T6102] ? __pfx_d_alloc_parallel+0x10/0x10
[ 116.869887][ T6102] ? __rt_spin_lock_init+0x3e/0x50
[ 116.869908][ T6102] path_openat+0x110d/0x3840
[ 116.869940][ T6102] ? __pfx_path_openat+0x10/0x10
[ 116.869963][ T6102] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 116.869985][ T6102] ? lockdep_hardirqs_on+0x9c/0x150
[ 116.870005][ T6102] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 116.870026][ T6102] do_filp_open+0x1fa/0x410
[ 116.870044][ T6102] ? __pfx_do_filp_open+0x10/0x10
[ 116.870061][ T6102] ? rt_mutex_slowunlock+0x493/0x8a0
[ 116.870087][ T6102] ? alloc_fd+0x64f/0x6c0
[ 116.870113][ T6102] do_sys_openat2+0x121/0x1c0
[ 116.870131][ T6102] ? __pfx_do_sys_openat2+0x10/0x10
[ 116.870150][ T6102] ? __pfx___se_sys_futex+0x10/0x10
[ 116.870173][ T6102] __x64_sys_openat+0x138/0x170
[ 116.870191][ T6102] do_syscall_64+0xfa/0xfa0
[ 116.870210][ T6102] ? lockdep_hardirqs_on+0x9c/0x150
[ 116.870228][ T6102] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 116.870246][ T6102] ? clear_bhb_loop+0x60/0xb0
[ 116.870263][ T6102] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 116.870279][ T6102] RIP: 0033:0x7fcd5c08efc9
[ 116.870294][ T6102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 116.870308][ T6102] RSP: 002b:00007fff10491598 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 116.870327][ T6102] RAX: ffffffffffffffda RBX: 00007fcd5c2e5fa0 RCX: 00007fcd5c08efc9
[ 116.870339][ T6102] RDX: 0000000000000000 RSI: 0000200000000280 RDI: ffffffffffffff9c
[ 116.870351][ T6102] RBP: 00007fcd5c111f91 R08: 0000000000000000 R09: 0000000000000000
[ 116.870362][ T6102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 116.870373][ T6102] R13: 00007fcd5c2e5fa0 R14: 00007fcd5c2e5fa0 R15: 0000000000000004
[ 116.870392][ T6102]
[ 116.870398][ T6102]
[ 116.870411][ T6102] Allocated by task 5943:
[ 116.870419][ T6102] kasan_save_track+0x3e/0x80
[ 116.870437][ T6102] __kasan_slab_alloc+0x6c/0x80
[ 116.870455][ T6102] kmem_cache_alloc_lru_noprof+0x188/0x6b0
[ 116.870473][ T6102] alloc_inode+0x6a/0x1b0
[ 116.870490][ T6102] new_inode+0x22/0x170
[ 116.870507][ T6102] __debugfs_create_file+0x14d/0x4f0
[ 116.870525][ T6102] debugfs_create_file_short+0x3f/0x60
[ 116.870542][ T6102] ieee80211_debugfs_recreate_netdev+0x3d2/0x1460
[ 116.870563][ T6102] ieee80211_if_add+0xc17/0x1390
[ 116.870593][ T6102] ieee80211_register_hw+0x35a5/0x40d0
[ 116.870606][ T6102] mac80211_hwsim_new_radio+0x2efe/0x5160
[ 116.870621][ T6102] hwsim_new_radio_nl+0xf5b/0x1bd0
[ 116.870635][ T6102] genl_family_rcv_msg_doit+0x215/0x300
[ 116.870654][ T6102] genl_rcv_msg+0x60e/0x790
[ 116.870670][ T6102] netlink_rcv_skb+0x208/0x470
[ 116.870683][ T6102] genl_rcv+0x28/0x40
[ 116.870699][ T6102] netlink_unicast+0x846/0xa10
[ 116.870719][ T6102] netlink_sendmsg+0x805/0xb30
[ 116.870733][ T6102] __sock_sendmsg+0x21c/0x270
[ 116.870752][ T6102] __sys_sendto+0x3c7/0x520
[ 116.870766][ T6102] __x64_sys_sendto+0xde/0x100
[ 116.870780][ T6102] do_syscall_64+0xfa/0xfa0
[ 116.870797][ T6102] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 116.870811][ T6102]
[ 116.870815][ T6102] Freed by task 20:
[ 116.870822][ T6102] kasan_save_track+0x3e/0x80
[ 116.870839][ T6102] __kasan_save_free_info+0x46/0x50
[ 116.870854][ T6102] __kasan_slab_free+0x5c/0x80
[ 116.870870][ T6102] kmem_cache_free+0x19a/0x910
[ 116.870887][ T6102] rcu_cpu_kthread+0xbf6/0x1b50
[ 116.870906][ T6102] smpboot_thread_fn+0x542/0xa60
[ 116.870923][ T6102] kthread+0x711/0x8a0
[ 116.870941][ T6102] ret_from_fork+0x4bc/0x870
[ 116.870958][ T6102] ret_from_fork_asm+0x1a/0x30
[ 116.870973][ T6102]
[ 116.870978][ T6102] Last potentially related work creation:
[ 116.870984][ T6102] kasan_save_stack+0x3e/0x60
[ 116.871000][ T6102] kasan_record_aux_stack+0xbd/0xd0
[ 116.871014][ T6102] call_rcu+0x157/0x9c0
[ 116.871027][ T6102] evict+0x847/0x9c0
[ 116.871041][ T6102] __dentry_kill+0x209/0x660
[ 116.871060][ T6102] dput+0x19f/0x2b0
[ 116.871077][ T6102] find_next_child+0x1e5/0x250
[ 116.871093][ T6102] __simple_recursive_removal+0x10b/0x510
[ 116.871110][ T6102] debugfs_remove+0x5b/0x70
[ 116.871126][ T6102] ieee80211_debugfs_remove_netdev+0x52/0xb0
[ 116.871144][ T6102] ieee80211_teardown_sdata+0x5a/0x140
[ 116.871161][ T6102] ieee80211_if_change_type+0x14c/0x990
[ 116.871179][ T6102] ieee80211_change_iface+0xd5/0x510
[ 116.871195][ T6102] cfg80211_change_iface+0x795/0xef0
[ 116.871209][ T6102] nl80211_set_interface+0x773/0xaa0
[ 116.871224][ T6102] genl_family_rcv_msg_doit+0x215/0x300
[ 116.871241][ T6102] genl_rcv_msg+0x60e/0x790
[ 116.871258][ T6102] netlink_rcv_skb+0x208/0x470
[ 116.871270][ T6102] genl_rcv+0x28/0x40
[ 116.871286][ T6102] netlink_unicast+0x846/0xa10
[ 116.871306][ T6102] netlink_sendmsg+0x805/0xb30
[ 116.871320][ T6102] __sock_sendmsg+0x21c/0x270
[ 116.871338][ T6102] __sys_sendto+0x3c7/0x520
[ 116.871352][ T6102] __x64_sys_sendto+0xde/0x100
[ 116.871366][ T6102] do_syscall_64+0xfa/0xfa0
[ 116.871384][ T6102] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 116.871398][ T6102]
[ 116.871402][ T6102] The buggy address belongs to the object at ffff8880410f8590
[ 116.871402][ T6102] which belongs to the cache debugfs_inode_cache of size 1296
[ 116.871417][ T6102] The buggy address is located 312 bytes inside of
[ 116.871417][ T6102] freed 1296-byte region [ffff8880410f8590, ffff8880410f8aa0)
[ 116.871434][ T6102]
[ 116.871439][ T6102] The buggy address belongs to the physical page:
[ 116.871459][ T6102] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880410fde90 pfn:0x410f8
[ 116.871477][ T6102] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 116.871490][ T6102] anon flags: 0x80000000000040(head|node=0|zone=1)
[ 116.871508][ T6102] page_type: f5(slab)
[ 116.871522][ T6102] raw: 0080000000000040 ffff88801cefb640 0000000000000000 0000000000000001
[ 116.871537][ T6102] raw: ffff8880410fde90 0000000000170015 00000000f5000000 0000000000000000
[ 116.871551][ T6102] head: 0080000000000040 ffff88801cefb640 0000000000000000 0000000000000001
[ 116.871565][ T6102] head: ffff8880410fde90 0000000000170015 00000000f5000000 0000000000000000
[ 116.871587][ T6102] head: 0080000000000003 ffffea0001043e01 00000000ffffffff 00000000ffffffff
[ 116.871600][ T6102] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[ 116.871609][ T6102] page dumped because: kasan: bad access detected
[ 116.871624][ T6102] page_owner tracks the page as allocated
[ 116.871630][ T6102] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5815, tgid 5815 (syz-executor), ts 91205558086, free_ts 0
[ 116.871660][ T6102] post_alloc_hook+0x240/0x2a0
[ 116.871680][ T6102] get_page_from_freelist+0x28c0/0x2960
[ 116.871701][ T6102] __alloc_frozen_pages_noprof+0x181/0x370
[ 116.871721][ T6102] alloc_pages_mpol+0xd1/0x380
[ 116.871740][ T6102] allocate_slab+0x96/0x3a0
[ 116.871755][ T6102] ___slab_alloc+0xb12/0x13f0
[ 116.871768][ T6102] __slab_alloc+0xc6/0x1f0
[ 116.871781][ T6102] kmem_cache_alloc_lru_noprof+0xf0/0x6b0
[ 116.871799][ T6102] alloc_inode+0x6a/0x1b0
[ 116.871815][ T6102] new_inode+0x22/0x170
[ 116.871832][ T6102] __debugfs_create_file+0x14d/0x4f0
[ 116.871848][ T6102] debugfs_create_file_full+0x3f/0x60
[ 116.871864][ T6102] ref_tracker_dir_debugfs+0x154/0x270
[ 116.871883][ T6102] preinit_net+0x3a4/0x770
[ 116.871903][ T6102] copy_net_ns+0x223/0x4e0
[ 116.871922][ T6102] create_new_namespaces+0x3f3/0x720
[ 116.871940][ T6102] page_owner free stack trace missing
[ 116.871946][ T6102]
[ 116.871950][ T6102] Memory state around the buggy address:
[ 116.871960][ T6102] ffff8880410f8580: fc fc fa fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 116.871971][ T6102] ffff8880410f8600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 116.871987][ T6102] >ffff8880410f8680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 116.871996][ T6102] ^
[ 116.872005][ T6102] ffff8880410f8700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 116.872015][ T6102] ffff8880410f8780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 116.872023][ T6102] ==================================================================
[ 116.872038][ T6102] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 116.872052][ T6102] CPU: 1 UID: 0 PID: 6102 Comm: syz.0.19 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
[ 116.872072][ T6102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 116.872081][ T6102] Call Trace:
[ 116.872088][ T6102]
[ 116.872096][ T6102] dump_stack_lvl+0x99/0x250
[ 116.872120][ T6102] ? __asan_memcpy+0x40/0x70
[ 116.872139][ T6102] ? __pfx_dump_stack_lvl+0x10/0x10
[ 116.872161][ T6102] ? __pfx__printk+0x10/0x10
[ 116.872186][ T6102] vpanic+0x237/0x6d0
[ 116.872202][ T6102] ? __pfx_vpanic+0x10/0x10
[ 116.872222][ T6102] panic+0xb9/0xc0
[ 116.872236][ T6102] ? __pfx_panic+0x10/0x10
[ 116.872249][ T6102] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 116.872272][ T6102] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 116.872294][ T6102] ? dtSearch+0x1683/0x21b0
[ 116.872311][ T6102] check_panic_on_warn+0x89/0xb0
[ 116.872327][ T6102] ? dtSearch+0x1683/0x21b0
[ 116.872343][ T6102] end_report+0x78/0x160
[ 116.872363][ T6102] kasan_report+0x129/0x150
[ 116.872385][ T6102] ? dtSearch+0x1683/0x21b0
[ 116.872406][ T6102] dtSearch+0x1683/0x21b0
[ 116.872430][ T6102] ? __kmalloc_noprof+0x254/0x7d0
[ 116.872458][ T6102] jfs_lookup+0x155/0x380
[ 116.872478][ T6102] ? __pfx_jfs_lookup+0x10/0x10
[ 116.872495][ T6102] ? d_alloc_parallel+0x14a9/0x1610
[ 116.872521][ T6102] ? __pfx_d_alloc_parallel+0x10/0x10
[ 116.872540][ T6102] ? __rt_spin_lock_init+0x3e/0x50
[ 116.872561][ T6102] path_openat+0x110d/0x3840
[ 116.872602][ T6102] ? __pfx_path_openat+0x10/0x10
[ 116.872625][ T6102] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 116.872645][ T6102] ? lockdep_hardirqs_on+0x9c/0x150
[ 116.872666][ T6102] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 116.872688][ T6102] do_filp_open+0x1fa/0x410
[ 116.872706][ T6102] ? __pfx_do_filp_open+0x10/0x10
[ 116.872722][ T6102] ? rt_mutex_slowunlock+0x493/0x8a0
[ 116.872748][ T6102] ? alloc_fd+0x64f/0x6c0
[ 116.872773][ T6102] do_sys_openat2+0x121/0x1c0
[ 116.872791][ T6102] ? __pfx_do_sys_openat2+0x10/0x10
[ 116.872810][ T6102] ? __pfx___se_sys_futex+0x10/0x10
[ 116.872832][ T6102] __x64_sys_openat+0x138/0x170
[ 116.872851][ T6102] do_syscall_64+0xfa/0xfa0
[ 116.872870][ T6102] ? lockdep_hardirqs_on+0x9c/0x150
[ 116.872889][ T6102] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 116.872905][ T6102] ? clear_bhb_loop+0x60/0xb0
[ 116.872923][ T6102] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 116.872939][ T6102] RIP: 0033:0x7fcd5c08efc9
[ 116.872953][ T6102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 116.872967][ T6102] RSP: 002b:00007fff10491598 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 116.872986][ T6102] RAX: ffffffffffffffda RBX: 00007fcd5c2e5fa0 RCX: 00007fcd5c08efc9
[ 116.872999][ T6102] RDX: 0000000000000000 RSI: 0000200000000280 RDI: ffffffffffffff9c
[ 116.873010][ T6102] RBP: 00007fcd5c111f91 R08: 0000000000000000 R09: 0000000000000000
[ 116.873020][ T6102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 116.873030][ T6102] R13: 00007fcd5c2e5fa0 R14: 00007fcd5c2e5fa0 R15: 0000000000000004
[ 116.873048][ T6102]
[ 116.873344][ T6102] Kernel Offset: disabled