forked to background, child pid 5497
[ 56.017284][ T5495] dhcpcd (5495) used greatest stack depth: 20912 bytes left
[ 56.030619][ T5498] 8021q: adding VLAN 0 to HW filter on device bond0
[ 56.040803][ T5498] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.191' (ED25519) to the list of known hosts.
syzkaller login: [ 83.883248][ T5835] chnl_net:caif_netlink_parms(): no params data found
[ 83.960260][ T5831] chnl_net:caif_netlink_parms(): no params data found
[ 84.023552][ T5830] chnl_net:caif_netlink_parms(): no params data found
[ 84.040537][ T5834] chnl_net:caif_netlink_parms(): no params data found
[ 84.050846][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state
[ 84.058790][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state
[ 84.066306][ T5835] bridge_slave_0: entered allmulticast mode
[ 84.073614][ T5835] bridge_slave_0: entered promiscuous mode
[ 84.109087][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state
[ 84.116347][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state
[ 84.123764][ T5835] bridge_slave_1: entered allmulticast mode
[ 84.130632][ T5835] bridge_slave_1: entered promiscuous mode
[ 84.205204][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 84.218686][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state
[ 84.225981][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state
[ 84.233602][ T5831] bridge_slave_0: entered allmulticast mode
[ 84.240355][ T5831] bridge_slave_0: entered promiscuous mode
[ 84.248478][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state
[ 84.255757][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state
[ 84.263035][ T5831] bridge_slave_1: entered allmulticast mode
[ 84.269816][ T5831] bridge_slave_1: entered promiscuous mode
[ 84.281901][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 84.381957][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 84.397853][ T5835] team0: Port device team_slave_0 added
[ 84.432535][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 84.444038][ T5835] team0: Port device team_slave_1 added
[ 84.450638][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state
[ 84.457881][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state
[ 84.467032][ T5830] bridge_slave_0: entered allmulticast mode
[ 84.474995][ T5830] bridge_slave_0: entered promiscuous mode
[ 84.483777][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state
[ 84.490878][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state
[ 84.498850][ T5830] bridge_slave_1: entered allmulticast mode
[ 84.505910][ T5830] bridge_slave_1: entered promiscuous mode
[ 84.512895][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state
[ 84.520002][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state
[ 84.527361][ T5834] bridge_slave_0: entered allmulticast mode
[ 84.534335][ T5834] bridge_slave_0: entered promiscuous mode
[ 84.543154][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state
[ 84.550284][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state
[ 84.557582][ T5834] bridge_slave_1: entered allmulticast mode
[ 84.564554][ T5834] bridge_slave_1: entered promiscuous mode
[ 84.629166][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 84.636338][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 84.662419][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 84.685950][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 84.699611][ T5831] team0: Port device team_slave_0 added
[ 84.708291][ T5831] team0: Port device team_slave_1 added
[ 84.714876][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 84.722177][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 84.748251][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 84.761858][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 84.773036][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 84.806714][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 84.834236][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 84.841603][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 84.867862][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 84.902210][ T5834] team0: Port device team_slave_0 added
[ 84.919931][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 84.927095][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 84.953756][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 84.988552][ T5834] team0: Port device team_slave_1 added
[ 84.998970][ T5835] hsr_slave_0: entered promiscuous mode
[ 85.009268][ T5835] hsr_slave_1: entered promiscuous mode
[ 85.018894][ T5830] team0: Port device team_slave_0 added
[ 85.028177][ T5830] team0: Port device team_slave_1 added
[ 85.069610][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 85.076813][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 85.103452][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 85.141167][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 85.148319][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 85.174527][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 85.197446][ T5831] hsr_slave_0: entered promiscuous mode
[ 85.205434][ T5831] hsr_slave_1: entered promiscuous mode
[ 85.211925][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 85.219679][ T5831] Cannot create hsr debugfs directory
[ 85.226167][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 85.233253][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 85.259377][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 85.287185][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 85.294379][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 85.320455][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 85.362287][ T5834] hsr_slave_0: entered promiscuous mode
[ 85.368578][ T5834] hsr_slave_1: entered promiscuous mode
[ 85.375442][ T5834] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 85.383153][ T5834] Cannot create hsr debugfs directory
[ 85.489339][ T5830] hsr_slave_0: entered promiscuous mode
[ 85.496688][ T5830] hsr_slave_1: entered promiscuous mode
[ 85.503301][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 85.510897][ T5830] Cannot create hsr debugfs directory
[ 85.715947][ T5835] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 85.727659][ T5835] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 85.757920][ T5835] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 85.778046][ T5835] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 85.813296][ T5831] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 85.828912][ T5831] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 85.864696][ T5831] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 85.885054][ T5831] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 85.920181][ T5834] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 85.940771][ T5834] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 85.969907][ T5834] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 85.984255][ T5834] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 86.040565][ T5830] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 86.058494][ T5830] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 86.075155][ T5830] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 86.085245][ T5830] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 86.171138][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0
[ 86.227433][ T5835] 8021q: adding VLAN 0 to HW filter on device team0
[ 86.256309][ T82] bridge0: port 1(bridge_slave_0) entered blocking state
[ 86.263641][ T82] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 86.280660][ T82] bridge0: port 2(bridge_slave_1) entered blocking state
[ 86.287829][ T82] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 86.319320][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0
[ 86.388599][ T5831] 8021q: adding VLAN 0 to HW filter on device team0
[ 86.400590][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0
[ 86.420467][ T5835] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 86.446938][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0
[ 86.459401][ T3533] bridge0: port 1(bridge_slave_0) entered blocking state
[ 86.466724][ T3533] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 86.493012][ T3533] bridge0: port 2(bridge_slave_1) entered blocking state
[ 86.500125][ T3533] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 86.521557][ T5834] 8021q: adding VLAN 0 to HW filter on device team0
[ 86.544830][ T3533] bridge0: port 1(bridge_slave_0) entered blocking state
[ 86.552040][ T3533] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 86.562476][ T3533] bridge0: port 2(bridge_slave_1) entered blocking state
[ 86.569610][ T3533] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 86.590008][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 86.618597][ T5830] 8021q: adding VLAN 0 to HW filter on device team0
[ 86.643281][ T35] bridge0: port 1(bridge_slave_0) entered blocking state
[ 86.650426][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 86.676767][ T11] bridge0: port 2(bridge_slave_1) entered blocking state
[ 86.684000][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 86.787298][ T5835] veth0_vlan: entered promiscuous mode
[ 86.820541][ T5835] veth1_vlan: entered promiscuous mode
[ 86.838068][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 86.861732][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 86.919472][ T5835] veth0_macvtap: entered promiscuous mode
[ 86.957093][ T5835] veth1_macvtap: entered promiscuous mode
[ 86.977503][ T5831] veth0_vlan: entered promiscuous mode
[ 86.996536][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 87.011099][ T5831] veth1_vlan: entered promiscuous mode
[ 87.050633][ T5834] veth0_vlan: entered promiscuous mode
[ 87.062672][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 87.079858][ T5831] veth0_macvtap: entered promiscuous mode
[ 87.092416][ T5834] veth1_vlan: entered promiscuous mode
[ 87.102781][ T5831] veth1_macvtap: entered promiscuous mode
[ 87.110380][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 87.137489][ T5835] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 87.147345][ T5835] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 87.156408][ T5835] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 87.165440][ T5835] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 87.196225][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[ 87.208129][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 87.219359][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 87.234865][ T5830] veth0_vlan: entered promiscuous mode
[ 87.251042][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[ 87.262513][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 87.274927][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 87.302845][ T5830] veth1_vlan: entered promiscuous mode
[ 87.331692][ T5831] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
executing program
[ 87.350579][ T5831] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 87.360133][ T5831] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 87.369693][ T5831] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 87.389402][ T5834] veth0_macvtap: entered promiscuous mode
[ 87.401209][ T5863]
executing program
[ 87.403669][ T5863] ================================================
[ 87.410180][ T5863] WARNING: lock held when returning to user space!
[ 87.416707][ T5863] 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 Not tainted
[ 87.423822][ T5863] ------------------------------------------------
[ 87.430312][ T5863] syz-executor336/5863 is leaving the kernel with locks still held!
[ 87.438299][ T5863] 1 lock held by syz-executor336/5863:
[ 87.443765][ T5863] #0: ffffffff8fabfb08 (rtnl_mutex){+.+.}-{4:4}, at: nsim_pp_hold_write+0x105/0x4d0
[ 87.941890][ T748] ==================================================================
[ 87.950004][ T748] BUG: KASAN: slab-use-after-free in mutex_can_spin_on_owner+0x1d9/0x210
[ 87.958433][ T748] Read of size 4 at addr ffff88802d3b1e34 by task kworker/u8:5/748
[ 87.966349][ T748]
[ 87.968705][ T748] CPU: 0 UID: 0 PID: 748 Comm: kworker/u8:5 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0
[ 87.979496][ T748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[ 87.989561][ T748] Workqueue: events_unbound linkwatch_event
[ 87.995500][ T748] Call Trace:
[ 87.998800][ T748] <TASK>
[ 88.001744][ T748] dump_stack_lvl+0x116/0x1f0
[ 88.006491][ T748] print_report+0xc3/0x620
[ 88.010926][ T748] ? __virt_addr_valid+0x5e/0x590
[ 88.015965][ T748] ? __phys_addr+0xc6/0x150
[ 88.020484][ T748] kasan_report+0xd9/0x110
[ 88.024937][ T748] ? mutex_can_spin_on_owner+0x1d9/0x210
[ 88.030576][ T748] ? mutex_can_spin_on_owner+0x1d9/0x210
[ 88.036244][ T748] mutex_can_spin_on_owner+0x1d9/0x210
[ 88.041799][ T748] __mutex_lock+0x23d/0xa60
[ 88.046315][ T748] ? linkwatch_event+0x51/0xc0
[ 88.051095][ T748] ? lock_acquire+0x2f/0xb0
[ 88.055632][ T748] ? try_to_wake_up+0xb6/0x1490
[ 88.060490][ T748] ? __pfx___mutex_lock+0x10/0x10
[ 88.065534][ T748] ? do_raw_spin_unlock+0x172/0x230
[ 88.070758][ T748] ? lock_release+0x4e2/0x6f0
[ 88.075452][ T748] ? process_one_work+0x7b5/0x1b30
[ 88.080571][ T748] ? rcu_is_watching+0x12/0xc0
[ 88.085349][ T748] ? linkwatch_event+0x51/0xc0
[ 88.090135][ T748] linkwatch_event+0x51/0xc0
[ 88.094743][ T748] ? __pfx_linkwatch_event+0x10/0x10
[ 88.100040][ T748] ? rcu_is_watching+0x12/0xc0
[ 88.104817][ T748] process_one_work+0x958/0x1b30
[ 88.109797][ T748] ? __pfx_batadv_nc_worker+0x10/0x10
[ 88.115191][ T748] ? __pfx_process_one_work+0x10/0x10
[ 88.120585][ T748] ? rcu_is_watching+0x12/0xc0
[ 88.125357][ T748] ? assign_work+0x1a0/0x250
[ 88.129965][ T748] worker_thread+0x6c8/0xf00
[ 88.134563][ T748] ? __kthread_parkme+0x148/0x220
[ 88.139619][ T748] ? __pfx_worker_thread+0x10/0x10
[ 88.144736][ T748] kthread+0x2c1/0x3a0
[ 88.148816][ T748] ? _raw_spin_unlock_irq+0x23/0x50
[ 88.154029][ T748] ? __pfx_kthread+0x10/0x10
[ 88.158633][ T748] ret_from_fork+0x45/0x80
[ 88.163070][ T748] ? __pfx_kthread+0x10/0x10
[ 88.167684][ T748] ret_from_fork_asm+0x1a/0x30
[ 88.172469][ T748] </TASK>
[ 88.175489][ T748]
[ 88.177812][ T748] Allocated by task 5835:
[ 88.182136][ T748] kasan_save_stack+0x33/0x60
[ 88.186830][ T748] kasan_save_track+0x14/0x30
[ 88.191516][ T748] __kasan_slab_alloc+0x89/0x90
[ 88.196379][ T748] kmem_cache_alloc_node_noprof+0x1ca/0x3b0
[ 88.202290][ T748] copy_process+0x49c/0x6f20
[ 88.206917][ T748] kernel_clone+0xfd/0x960
[ 88.211342][ T748] __do_sys_clone+0xba/0x100
[ 88.215944][ T748] do_syscall_64+0xcd/0x250
[ 88.220473][ T748] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 88.226380][ T748]
[ 88.228701][ T748] Freed by task 0:
[ 88.232430][ T748] kasan_save_stack+0x33/0x60
[ 88.237117][ T748] kasan_save_track+0x14/0x30
[ 88.241802][ T748] kasan_save_free_info+0x3b/0x60
[ 88.246832][ T748] __kasan_slab_free+0x51/0x70
[ 88.251612][ T748] kmem_cache_free+0x152/0x4c0
[ 88.256405][ T748] delayed_put_task_struct+0x119/0x2f0
[ 88.261879][ T748] rcu_core+0x79d/0x14d0
[ 88.266128][ T748] handle_softirqs+0x213/0x8f0
[ 88.270899][ T748] __irq_exit_rcu+0x109/0x170
[ 88.275582][ T748] irq_exit_rcu+0x9/0x30
[ 88.279832][ T748] sysvec_apic_timer_interrupt+0xa4/0xc0
[ 88.285475][ T748] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 88.291467][ T748]
[ 88.293789][ T748] Last potentially related work creation:
[ 88.299502][ T748] kasan_save_stack+0x33/0x60
[ 88.304217][ T748] __kasan_record_aux_stack+0xba/0xd0
[ 88.309600][ T748] __call_rcu_common.constprop.0+0x99/0x7a0
[ 88.315504][ T748] put_task_struct_rcu_user+0x75/0xc0
[ 88.320884][ T748] release_task+0xe75/0x1b00
[ 88.325485][ T748] wait_consider_task+0x1812/0x4100
[ 88.330697][ T748] __do_wait+0x1e2/0x890
[ 88.334953][ T748] do_wait+0x217/0x570
[ 88.339054][ T748] kernel_wait4+0x16c/0x280
[ 88.343577][ T748] __do_sys_wait4+0x15f/0x170
[ 88.348267][ T748] do_syscall_64+0xcd/0x250
[ 88.352792][ T748] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 88.358724][ T748]
[ 88.361064][ T748] The buggy address belongs to the object at ffff88802d3b1e00
[ 88.361064][ T748] which belongs to the cache task_struct of size 7424
[ 88.375203][ T748] The buggy address is located 52 bytes inside of
[ 88.375203][ T748] freed 7424-byte region [ffff88802d3b1e00, ffff88802d3b3b00)
[ 88.389006][ T748]
[ 88.391329][ T748] The buggy address belongs to the physical page:
[ 88.397751][ T748] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2d3b0
[ 88.406522][ T748] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 88.415046][ T748] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 88.422608][ T748] page_type: f5(slab)
[ 88.426594][ T748] raw: 00fff00000000040 ffff888140409500 ffffea0000a46400 dead000000000002
[ 88.435183][ T748] raw: 0000000000000000 0000000080040004 00000001f5000000 0000000000000000
[ 88.443787][ T748] head: 00fff00000000040 ffff888140409500 ffffea0000a46400 dead000000000002
[ 88.452498][ T748] head: 0000000000000000 0000000080040004 00000001f5000000 0000000000000000
[ 88.461215][ T748] head: 00fff00000000003 ffffea0000b4ec01 ffffffffffffffff 0000000000000000
[ 88.469908][ T748] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 88.478600][ T748] page dumped because: kasan: bad access detected
[ 88.485046][ T748] page_owner tracks the page as allocated
[ 88.490763][ T748] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2, tgid 2 (kthreadd), ts 24543565853, free_ts 0
[ 88.510438][ T748] post_alloc_hook+0x2d1/0x350
[ 88.515229][ T748] get_page_from_freelist+0xfce/0x2f80
[ 88.520697][ T748] __alloc_pages_noprof+0x223/0x25b0
[ 88.526005][ T748] alloc_pages_mpol_noprof+0x2c9/0x610
[ 88.531487][ T748] new_slab+0x2c9/0x410
[ 88.535649][ T748] ___slab_alloc+0xce2/0x1650
[ 88.540350][ T748] __slab_alloc.constprop.0+0x56/0xb0
[ 88.545743][ T748] kmem_cache_alloc_node_noprof+0xf2/0x3b0
[ 88.551574][ T748] copy_process+0x49c/0x6f20
[ 88.556202][ T748] kernel_clone+0xfd/0x960
[ 88.560629][ T748] kernel_thread+0xc0/0x100
[ 88.565144][ T748] kthreadd+0x4ef/0x7d0
[ 88.569333][ T748] ret_from_fork+0x45/0x80
[ 88.573756][ T748] ret_from_fork_asm+0x1a/0x30
[ 88.578550][ T748] page_owner free stack trace missing
[ 88.583907][ T748]
[ 88.586233][ T748] Memory state around the buggy address:
[ 88.591859][ T748] ffff88802d3b1d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 88.599924][ T748] ffff88802d3b1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 88.607994][ T748] >ffff88802d3b1e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 88.616063][ T748] ^
[ 88.621704][ T748] ffff88802d3b1e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 88.629770][ T748] ffff88802d3b1f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 88.637842][ T748] ==================================================================
[ 88.646650][ T748] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 88.653866][ T748] CPU: 0 UID: 0 PID: 748 Comm: kworker/u8:5 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0
[ 88.664640][ T748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[ 88.674707][ T748] Workqueue: events_unbound linkwatch_event
[ 88.680639][ T748] Call Trace:
[ 88.683927][ T748] <TASK>
[ 88.686867][ T748] dump_stack_lvl+0x3d/0x1f0
[ 88.691480][ T748] panic+0x71d/0x800
[ 88.695426][ T748] ? __pfx_panic+0x10/0x10
[ 88.699866][ T748] ? trace_irq_enable.constprop.0+0xea/0x140
[ 88.705875][ T748] ? check_panic_on_warn+0x1f/0xb0
[ 88.711015][ T748] check_panic_on_warn+0xab/0xb0
[ 88.715975][ T748] end_report+0x117/0x180
[ 88.720328][ T748] kasan_report+0xe9/0x110
[ 88.724769][ T748] ? mutex_can_spin_on_owner+0x1d9/0x210
[ 88.730416][ T748] ? mutex_can_spin_on_owner+0x1d9/0x210
[ 88.736064][ T748] mutex_can_spin_on_owner+0x1d9/0x210
[ 88.741539][ T748] __mutex_lock+0x23d/0xa60
[ 88.746061][ T748] ? linkwatch_event+0x51/0xc0
[ 88.750846][ T748] ? lock_acquire+0x2f/0xb0
[ 88.755363][ T748] ? try_to_wake_up+0xb6/0x1490
[ 88.760236][ T748] ? __pfx___mutex_lock+0x10/0x10
[ 88.765288][ T748] ? do_raw_spin_unlock+0x172/0x230
[ 88.770507][ T748] ? lock_release+0x4e2/0x6f0
[ 88.775197][ T748] ? process_one_work+0x7b5/0x1b30
[ 88.780321][ T748] ? rcu_is_watching+0x12/0xc0
[ 88.785106][ T748] ? linkwatch_event+0x51/0xc0
[ 88.789900][ T748] linkwatch_event+0x51/0xc0
[ 88.794522][ T748] ? __pfx_linkwatch_event+0x10/0x10
[ 88.799836][ T748] ? rcu_is_watching+0x12/0xc0
[ 88.804624][ T748] process_one_work+0x958/0x1b30
[ 88.809585][ T748] ? __pfx_batadv_nc_worker+0x10/0x10
[ 88.815006][ T748] ? __pfx_process_one_work+0x10/0x10
[ 88.820421][ T748] ? rcu_is_watching+0x12/0xc0
[ 88.825244][ T748] ? assign_work+0x1a0/0x250
[ 88.829884][ T748] worker_thread+0x6c8/0xf00
[ 88.834503][ T748] ? __kthread_parkme+0x148/0x220
[ 88.839557][ T748] ? __pfx_worker_thread+0x10/0x10
[ 88.844702][ T748] kthread+0x2c1/0x3a0
[ 88.848795][ T748] ? _raw_spin_unlock_irq+0x23/0x50
[ 88.854030][ T748] ? __pfx_kthread+0x10/0x10
[ 88.858644][ T748] ret_from_fork+0x45/0x80
[ 88.863074][ T748] ? __pfx_kthread+0x10/0x10
[ 88.867681][ T748] ret_from_fork_asm+0x1a/0x30
[ 88.872477][ T748] </TASK>
[ 88.875830][ T748] Kernel Offset: disabled
[ 88.880158][ T748] Rebooting in 86400 seconds..