Warning: Permanently added '10.128.1.30' (ED25519) to the list of known hosts. 2026/06/30 18:13:27 parsed 1 programs 2026/06/30 18:13:27 serving rpc on tcp://39445 [ 85.749316][ T4287] cgroup: Unknown subsys name 'net' [ 85.851948][ T4287] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 87.615591][ T4287] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 90.222908][ T4318] chnl_net:caif_netlink_parms(): no params data found [ 90.294454][ T4318] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.302703][ T4318] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.315740][ T4318] device bridge_slave_0 entered promiscuous mode [ 90.330831][ T4318] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.338277][ T4318] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.347448][ T4318] device bridge_slave_1 entered promiscuous mode [ 90.369179][ T4318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.380724][ T4318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.408525][ T4318] team0: Port device team_slave_0 added [ 90.416424][ T4318] team0: Port device team_slave_1 added [ 90.440775][ T4318] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.447877][ T4318] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.474244][ T4318] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.488104][ T4318] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.495173][ T4318] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.522407][ T4318] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.564626][ T4318] device hsr_slave_0 entered promiscuous mode [ 90.571535][ T4318] device hsr_slave_1 entered promiscuous mode [ 90.694998][ T4318] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 90.706419][ T4318] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 90.722730][ T4318] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 90.732880][ T4318] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 90.766216][ T4318] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.773522][ T4318] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.781909][ T4318] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.789645][ T4318] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.844614][ T4318] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.861531][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 90.875070][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.886335][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.895244][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 90.917317][ T4318] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.929848][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 90.938808][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.946122][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.959718][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 90.971312][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.978611][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.009175][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 91.018653][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 91.045260][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 91.056740][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 91.066613][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 91.080024][ T4318] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 91.300855][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 91.310487][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 91.328027][ T4318] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.347876][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 91.357243][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 91.377275][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 91.386408][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 91.396904][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 91.405885][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 91.415407][ T4318] device veth0_vlan entered promiscuous mode [ 91.428440][ T4318] device veth1_vlan entered promiscuous mode [ 91.448550][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 91.458563][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 91.466912][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 91.476107][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 91.488794][ T4318] device veth0_macvtap entered promiscuous mode [ 91.499046][ T4318] device veth1_macvtap entered promiscuous mode [ 91.515820][ T4318] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.524627][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 91.534104][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 91.542555][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 91.552942][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 91.567222][ T4318] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.574945][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 91.585783][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 91.598398][ T4318] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.607535][ T4318] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.616780][ T4318] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.626602][ T4318] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.762515][ T45] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.025827][ T14] cfg80211: failed to load regulatory.db [ 92.461739][ T4350] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 92.472154][ T4350] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 92.480720][ T4350] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 92.489559][ T4350] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 92.497838][ T4350] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 92.506466][ T4350] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 92.761939][ T4327] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.771060][ T4327] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.781654][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 92.808435][ T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.818508][ T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.829252][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2026/06/30 18:13:37 executed programs: 0 [ 93.878198][ T4350] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 93.887784][ T4350] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 93.896672][ T4350] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 93.904726][ T4350] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 93.913155][ T4350] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 93.922211][ T4350] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 94.047763][ T4378] chnl_net:caif_netlink_parms(): no params data found [ 94.099694][ T4378] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.107041][ T4378] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.115643][ T4378] device bridge_slave_0 entered promiscuous mode [ 94.124920][ T4378] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.132266][ T4378] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.140777][ T4378] device bridge_slave_1 entered promiscuous mode [ 94.166313][ T4378] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.178612][ T4378] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.212581][ T45] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.229185][ T4378] team0: Port device team_slave_0 added [ 94.239201][ T4378] team0: Port device team_slave_1 added [ 94.261445][ T4378] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.268858][ T4378] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.295958][ T4378] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.308327][ T4378] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.315494][ T4378] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.341949][ T4378] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.374547][ T4378] device hsr_slave_0 entered promiscuous mode [ 94.382262][ T4378] device hsr_slave_1 entered promiscuous mode [ 94.389339][ T4378] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 94.397307][ T4378] Cannot create hsr debugfs directory [ 95.944061][ T47] Bluetooth: hci0: command 0x0409 tx timeout [ 96.356219][ T45] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.427612][ T45] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.264738][ T4378] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 97.275428][ T4378] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 97.293076][ T45] device hsr_slave_0 left promiscuous mode [ 97.300030][ T45] device hsr_slave_1 left promiscuous mode [ 97.309397][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 97.317322][ T45] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 97.328719][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 97.336680][ T45] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 97.347326][ T45] device bridge_slave_1 left promiscuous mode [ 97.355513][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.370350][ T45] device bridge_slave_0 left promiscuous mode [ 97.382624][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.416349][ T45] device veth1_macvtap left promiscuous mode [ 97.422874][ T45] device veth0_macvtap left promiscuous mode [ 97.430751][ T45] device veth1_vlan left promiscuous mode [ 97.438833][ T45] device veth0_vlan left promiscuous mode [ 97.933613][ T45] team0 (unregistering): Port device team_slave_1 removed [ 97.967897][ T45] team0 (unregistering): Port device team_slave_0 removed [ 97.998113][ T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 98.025507][ T47] Bluetooth: hci0: command 0x041b tx timeout [ 98.041243][ T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 98.252454][ T45] bond0 (unregistering): Released all slaves [ 98.323018][ T4378] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 98.333972][ T4378] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 98.414924][ T4378] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.438132][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 98.457860][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 98.469353][ T4378] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.479730][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 98.488895][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 98.497778][ T4327] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.505154][ T4327] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.513175][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 98.540974][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 98.550543][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 98.559625][ T4327] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.566945][ T4327] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.576708][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 98.600271][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 98.614701][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 98.624333][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 98.633078][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 98.651753][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 98.661286][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 98.677960][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 98.689359][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 98.702448][ T4378] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 98.715894][ T4378] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 98.725679][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 98.735506][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 98.985905][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 98.994409][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 99.020273][ T4378] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.040337][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 99.054601][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 99.089078][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 99.099032][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 99.108112][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 99.117585][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 99.128999][ T4378] device veth0_vlan entered promiscuous mode [ 99.152438][ T4378] device veth1_vlan entered promiscuous mode [ 99.189304][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 99.197951][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 99.209123][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 99.218197][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 99.229744][ T4378] device veth0_macvtap entered promiscuous mode [ 99.241044][ T4378] device veth1_macvtap entered promiscuous mode [ 99.257542][ T4378] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.266420][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 99.274984][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 99.285386][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 99.294452][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 99.308103][ T4378] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.317346][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 99.326613][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 99.338164][ T4378] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.348315][ T4378] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.357814][ T4378] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.367021][ T4378] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.420759][ T4413] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.433897][ T4413] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.445352][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready 2026/06/30 18:13:43 executed programs: 2 [ 99.470573][ T4327] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.479141][ T4327] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.488886][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 99.560595][ C1] hrtimer: interrupt took 30778 ns [ 100.115997][ T47] Bluetooth: hci0: command 0x040f tx timeout [ 100.201913][ C0] ================================================================== [ 100.210077][ C0] BUG: KASAN: slab-out-of-bounds in __bpf_get_stackid+0x6c9/0x920 [ 100.217996][ C0] Write of size 32 at addr ffff888076e06660 by task syz.0.29/4450 [ 100.225877][ C0] [ 100.228249][ C0] CPU: 0 PID: 4450 Comm: syz.0.29 Not tainted syzkaller #0 [ 100.235618][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 100.245817][ C0] Call Trace: [ 100.249597][ C0] [ 100.252567][ C0] dump_stack_lvl+0x188/0x24e [ 100.257289][ C0] ? __lock_acquire+0x7bd0/0x7bd0 [ 100.262417][ C0] ? show_regs_print_info+0x12/0x12 [ 100.267635][ C0] ? load_image+0x410/0x410 [ 100.272240][ C0] ? __virt_addr_valid+0x467/0x540 [ 100.277737][ C0] ? __bpf_get_stackid+0x6c9/0x920 [ 100.282908][ C0] print_report+0xa8/0x210 [ 100.287361][ C0] kasan_report+0x10b/0x140 [ 100.291987][ C0] ? __bpf_get_stackid+0x6c9/0x920 [ 100.297215][ C0] kasan_check_range+0x235/0x290 [ 100.302283][ C0] ? __bpf_get_stackid+0x6c9/0x920 [ 100.307432][ C0] memcpy+0x3c/0x60 [ 100.311365][ C0] __bpf_get_stackid+0x6c9/0x920 [ 100.316374][ C0] bpf_get_stackid_pe+0x2ec/0x400 [ 100.321529][ C0] bpf_prog_605fe31a3ae4ea37+0x2b/0x45 [ 100.327234][ C0] bpf_overflow_handler+0x50b/0x790 [ 100.332553][ C0] ? bpf_overflow_handler+0xd9/0x790 [ 100.337873][ C0] ? perf_swevent_overflow+0x230/0x230 [ 100.343371][ C0] ? sched_clock_cpu+0x6e/0x260 [ 100.348251][ C0] ? __perf_event_account_interrupt+0x187/0x280 [ 100.354736][ C0] __perf_event_overflow+0x457/0x630 [ 100.360182][ C0] perf_swevent_hrtimer+0x472/0x630 [ 100.365437][ C0] ? cpu_clock_event_read+0x50/0x50 [ 100.370681][ C0] ? do_raw_spin_unlock+0x11d/0x230 [ 100.375904][ C0] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 100.381829][ C0] ? _raw_spin_unlock+0x40/0x40 [ 100.386808][ C0] __hrtimer_run_queues+0x4e7/0xc90 [ 100.392029][ C0] ? ktime_get_update_offsets_now+0x95/0x3e0 [ 100.398052][ C0] ? cpu_clock_event_read+0x50/0x50 [ 100.403293][ C0] ? hrtimer_interrupt+0x980/0x980 [ 100.408517][ C0] ? ktime_get_update_offsets_now+0x3ce/0x3e0 [ 100.414610][ C0] hrtimer_interrupt+0x399/0x980 [ 100.419582][ C0] __sysvec_apic_timer_interrupt+0x153/0x5a0 [ 100.426224][ C0] sysvec_apic_timer_interrupt+0x4d/0xc0 [ 100.431898][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 100.437924][ C0] RIP: 0033:0x7fe39c06600f [ 100.442373][ C0] Code: 5a 66 2e 0f 1f 84 00 00 00 00 00 8b 78 24 45 31 c0 83 ff 3f 7f 18 ba 01 00 00 00 89 f9 45 31 c0 48 d3 e2 48 23 15 a9 f6 ed 00 <41> 0f 95 c0 48 8d b0 98 00 00 00 44 89 d1 44 89 ca e9 6b f5 ff ff [ 100.462360][ C0] RSP: 002b:00007ffed355a1a8 EFLAGS: 00000246 [ 100.468543][ C0] RAX: 00007fe39c415fa0 RBX: 0000000000000000 RCX: 0000000000000005 [ 100.476629][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000005 [ 100.484792][ C0] RBP: 00007fe39c415fb0 R08: 0000000000000000 R09: 0000000000000003 [ 100.492793][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: 00007fe39c415fa0 [ 100.500957][ C0] R13: 0000200000000000 R14: 00007ffed355a1b8 R15: 00007fe39c415fa0 [ 100.508982][ C0] [ 100.512022][ C0] [ 100.514365][ C0] Allocated by task 4450: [ 100.518801][ C0] kasan_set_track+0x4b/0x70 [ 100.523521][ C0] __kasan_kmalloc+0x8e/0xa0 [ 100.528225][ C0] __kmalloc_node+0xb2/0x240 [ 100.532838][ C0] bpf_map_area_alloc+0x47/0xe0 [ 100.537736][ C0] prealloc_elems_and_freelist+0x86/0x1c0 [ 100.543514][ C0] stack_map_alloc+0x386/0x510 [ 100.548385][ C0] map_create+0x524/0xff0 [ 100.552744][ C0] __sys_bpf+0x38b/0x780 [ 100.557022][ C0] __x64_sys_bpf+0x78/0x90 [ 100.561467][ C0] do_syscall_64+0x4c/0xa0 [ 100.565902][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 100.571933][ C0] [ 100.574274][ C0] The buggy address belongs to the object at ffff888076e06600 [ 100.574274][ C0] which belongs to the cache kmalloc-cg-128 of size 128 [ 100.588691][ C0] The buggy address is located 96 bytes inside of [ 100.588691][ C0] 128-byte region [ffff888076e06600, ffff888076e06680) [ 100.601985][ C0] [ 100.604329][ C0] The buggy address belongs to the physical page: [ 100.610856][ C0] page:ffffea0001db8180 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x76e06 [ 100.621126][ C0] memcg:ffff888029499201 [ 100.625384][ C0] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) [ 100.632962][ C0] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff888017442a00 [ 100.641563][ C0] raw: 0000000000000000 0000000080100010 00000001ffffffff ffff888029499201 [ 100.650248][ C0] page dumped because: kasan: bad access detected [ 100.656686][ C0] page_owner tracks the page as allocated [ 100.662504][ C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 4378, tgid 4378 (syz-executor), ts 99519628453, free_ts 99519503479 [ 100.681199][ C0] post_alloc_hook+0x173/0x1a0 [ 100.686009][ C0] get_page_from_freelist+0x206b/0x2180 [ 100.691590][ C0] __alloc_pages+0x1ec/0x4f0 [ 100.696207][ C0] alloc_slab_page+0x5d/0x180 [ 100.700910][ C0] new_slab+0x87/0x2d0 [ 100.705004][ C0] ___slab_alloc+0xbc5/0x1240 [ 100.709713][ C0] __kmem_cache_alloc_node+0x126/0x270 [ 100.715184][ C0] __kmalloc_node+0xa2/0x240 [ 100.719798][ C0] kvmalloc_node+0x6c/0x180 [ 100.724329][ C0] nf_hook_entries_grow+0x31a/0x760 [ 100.729552][ C0] __nf_register_net_hook+0x2c9/0x910 [ 100.734949][ C0] nf_register_net_hook+0xae/0x190 [ 100.740085][ C0] nf_register_net_hooks+0x40/0x1a0 [ 100.745314][ C0] ip6t_register_table+0x51c/0x7c0 [ 100.750451][ C0] ip6table_security_table_init+0x3d/0x60 [ 100.756192][ C0] xt_find_table_lock+0x220/0x360 [ 100.761281][ C0] page last free stack trace: [ 100.766064][ C0] free_unref_page_prepare+0x8e5/0x9e0 [ 100.771572][ C0] free_unref_page+0x2e/0x3f0 [ 100.776364][ C0] __vunmap+0x874/0xa40 [ 100.780723][ C0] do_ip6t_get_ctl+0xea2/0x11c0 [ 100.785765][ C0] nf_getsockopt+0x25e/0x280 [ 100.790465][ C0] ipv6_getsockopt+0x22f/0x2e0 [ 100.795345][ C0] __sys_getsockopt+0x1b0/0x230 [ 100.800219][ C0] __x64_sys_getsockopt+0xb1/0xc0 [ 100.805264][ C0] do_syscall_64+0x4c/0xa0 [ 100.809706][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 100.815891][ C0] [ 100.818227][ C0] Memory state around the buggy address: [ 100.824129][ C0] ffff888076e06500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 100.832207][ C0] ffff888076e06580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 100.840547][ C0] >ffff888076e06600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 100.848712][ C0] ^ [ 100.856790][ C0] ffff888076e06680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 100.864883][ C0] ffff888076e06700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 100.872956][ C0] ================================================================== [ 100.881137][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 100.888358][ C0] CPU: 0 PID: 4450 Comm: syz.0.29 Not tainted syzkaller #0 [ 100.895656][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 100.905733][ C0] Call Trace: [ 100.909030][ C0] [ 100.911986][ C0] dump_stack_lvl+0x188/0x24e [ 100.916705][ C0] ? memcpy+0x3c/0x60 [ 100.920709][ C0] ? show_regs_print_info+0x12/0x12 [ 100.926031][ C0] ? load_image+0x410/0x410 [ 100.930577][ C0] panic+0x2d3/0x710 [ 100.934597][ C0] ? bpf_jit_dump+0xd0/0xd0 [ 100.939128][ C0] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 100.945076][ C0] ? _raw_spin_unlock+0x40/0x40 [ 100.949971][ C0] ? print_memory_metadata+0x314/0x400 [ 100.955470][ C0] check_panic_on_warn+0x80/0xa0 [ 100.960819][ C0] ? __bpf_get_stackid+0x6c9/0x920 [ 100.966126][ C0] end_report+0x66/0x110 [ 100.970407][ C0] kasan_report+0x118/0x140 [ 100.974954][ C0] ? __bpf_get_stackid+0x6c9/0x920 [ 100.980267][ C0] kasan_check_range+0x235/0x290 [ 100.985233][ C0] ? __bpf_get_stackid+0x6c9/0x920 [ 100.990368][ C0] memcpy+0x3c/0x60 [ 100.994197][ C0] __bpf_get_stackid+0x6c9/0x920 [ 100.999156][ C0] bpf_get_stackid_pe+0x2ec/0x400 [ 101.004204][ C0] bpf_prog_605fe31a3ae4ea37+0x2b/0x45 [ 101.009680][ C0] bpf_overflow_handler+0x50b/0x790 [ 101.014899][ C0] ? bpf_overflow_handler+0xd9/0x790 [ 101.020202][ C0] ? perf_swevent_overflow+0x230/0x230 [ 101.025681][ C0] ? sched_clock_cpu+0x6e/0x260 [ 101.030554][ C0] ? __perf_event_account_interrupt+0x187/0x280 [ 101.036843][ C0] __perf_event_overflow+0x457/0x630 [ 101.042212][ C0] perf_swevent_hrtimer+0x472/0x630 [ 101.047566][ C0] ? cpu_clock_event_read+0x50/0x50 [ 101.052840][ C0] ? do_raw_spin_unlock+0x11d/0x230 [ 101.058067][ C0] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 101.063991][ C0] ? _raw_spin_unlock+0x40/0x40 [ 101.069068][ C0] __hrtimer_run_queues+0x4e7/0xc90 [ 101.074393][ C0] ? ktime_get_update_offsets_now+0x95/0x3e0 [ 101.080464][ C0] ? cpu_clock_event_read+0x50/0x50 [ 101.085766][ C0] ? hrtimer_interrupt+0x980/0x980 [ 101.090920][ C0] ? ktime_get_update_offsets_now+0x3ce/0x3e0 [ 101.097027][ C0] hrtimer_interrupt+0x399/0x980 [ 101.102003][ C0] __sysvec_apic_timer_interrupt+0x153/0x5a0 [ 101.108015][ C0] sysvec_apic_timer_interrupt+0x4d/0xc0 [ 101.113676][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 101.119791][ C0] RIP: 0033:0x7fe39c06600f [ 101.124240][ C0] Code: 5a 66 2e 0f 1f 84 00 00 00 00 00 8b 78 24 45 31 c0 83 ff 3f 7f 18 ba 01 00 00 00 89 f9 45 31 c0 48 d3 e2 48 23 15 a9 f6 ed 00 <41> 0f 95 c0 48 8d b0 98 00 00 00 44 89 d1 44 89 ca e9 6b f5 ff ff [ 101.143975][ C0] RSP: 002b:00007ffed355a1a8 EFLAGS: 00000246 [ 101.150061][ C0] RAX: 00007fe39c415fa0 RBX: 0000000000000000 RCX: 0000000000000005 [ 101.158054][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000005 [ 101.166057][ C0] RBP: 00007fe39c415fb0 R08: 0000000000000000 R09: 0000000000000003 [ 101.174135][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: 00007fe39c415fa0 [ 101.182137][ C0] R13: 0000200000000000 R14: 00007ffed355a1b8 R15: 00007fe39c415fa0 [ 101.190170][ C0] [ 101.193787][ C0] Kernel Offset: disabled [ 101.198209][ C0] Rebooting in 86400 seconds..