syzkaller login: [   92.005292][   T10] cfg80211: failed to load regulatory.db
Warning: Permanently added '[localhost]:39732' (ED25519) to the list of known hosts.
2025/11/04 12:19:36 parsed 1 programs
[  226.381087][ T5343] cgroup: Unknown subsys name 'net'
[  226.448989][ T5343] cgroup: Unknown subsys name 'cpuset'
[  226.456696][ T5343] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  228.191292][ T5343] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  231.979674][ T5351] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  234.425555][ T1083] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  234.440290][ T1083] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  234.469088][ T1039] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  234.472414][ T1039] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  235.492635][ T5405] chnl_net:caif_netlink_parms(): no params data found
[  235.557531][ T5405] bridge0: port 1(bridge_slave_0) entered blocking state
[  235.563251][ T5405] bridge0: port 1(bridge_slave_0) entered disabled state
[  235.568337][ T5405] bridge_slave_0: entered allmulticast mode
[  235.573337][ T5405] bridge_slave_0: entered promiscuous mode
[  235.580364][ T5405] bridge0: port 2(bridge_slave_1) entered blocking state
[  235.583541][ T5405] bridge0: port 2(bridge_slave_1) entered disabled state
[  235.587432][ T5405] bridge_slave_1: entered allmulticast mode
[  235.591321][ T5405] bridge_slave_1: entered promiscuous mode
[  235.616668][ T5405] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  235.626469][ T5405] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  235.651874][ T5405] team0: Port device team_slave_0 added
[  235.657011][ T5405] team0: Port device team_slave_1 added
[  235.681826][ T5405] batman_adv: batadv0: Adding interface: batadv_slave_0
[  235.685729][ T5405] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  235.696481][ T5405] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  235.703044][ T5405] batman_adv: batadv0: Adding interface: batadv_slave_1
[  235.706746][ T5405] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  235.718544][ T5405] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  235.755864][ T5405] hsr_slave_0: entered promiscuous mode
[  235.759090][ T5405] hsr_slave_1: entered promiscuous mode
[  235.906119][ T5405] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  235.915912][ T5405] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  235.924283][ T5405] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  235.930807][ T5405] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  235.959661][ T5405] bridge0: port 2(bridge_slave_1) entered blocking state
[  235.962890][ T5405] bridge0: port 2(bridge_slave_1) entered forwarding state
[  235.966960][ T5405] bridge0: port 1(bridge_slave_0) entered blocking state
[  235.970063][ T5405] bridge0: port 1(bridge_slave_0) entered forwarding state
[  236.037090][ T5405] 8021q: adding VLAN 0 to HW filter on device bond0
[  236.051789][ T1039] bridge0: port 1(bridge_slave_0) entered disabled state
[  236.057964][ T1039] bridge0: port 2(bridge_slave_1) entered disabled state
[  236.071864][ T5405] 8021q: adding VLAN 0 to HW filter on device team0
[  236.081169][ T1039] bridge0: port 1(bridge_slave_0) entered blocking state
[  236.084206][ T1039] bridge0: port 1(bridge_slave_0) entered forwarding state
[  236.093053][ T1083] bridge0: port 2(bridge_slave_1) entered blocking state
[  236.096463][ T1083] bridge0: port 2(bridge_slave_1) entered forwarding state
[  236.295570][ T5405] 8021q: adding VLAN 0 to HW filter on device batadv0
[  236.335635][ T5405] veth0_vlan: entered promiscuous mode
[  236.343123][ T5405] veth1_vlan: entered promiscuous mode
[  236.373000][ T5405] veth0_macvtap: entered promiscuous mode
[  236.380164][ T5405] veth1_macvtap: entered promiscuous mode
[  236.399054][ T5405] batman_adv: batadv0: Interface activated: batadv_slave_0
[  236.411215][ T5405] batman_adv: batadv0: Interface activated: batadv_slave_1
[  236.423815][ T1039] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  236.437159][ T1039] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  236.441075][ T1039] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  236.454011][ T1039] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  236.606872][ T1039] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  236.658219][ T1039] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  236.707467][ T1039] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  236.779428][ T1039] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  236.903544][ T5432] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  236.908938][ T5432] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  236.915709][ T5432] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  236.920018][ T5432] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  236.923593][ T5432] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/11/04 12:19:50 executed programs: 0
[  238.122120][ T4669] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  238.126512][ T4669] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  238.130053][ T4669] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  238.133810][ T4669] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  238.138261][ T4669] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  238.320843][ T5448] chnl_net:caif_netlink_parms(): no params data found
[  238.385229][ T5448] bridge0: port 1(bridge_slave_0) entered blocking state
[  238.388315][ T5448] bridge0: port 1(bridge_slave_0) entered disabled state
[  238.391680][ T5448] bridge_slave_0: entered allmulticast mode
[  238.396682][ T5448] bridge_slave_0: entered promiscuous mode
[  238.401054][ T5448] bridge0: port 2(bridge_slave_1) entered blocking state
[  238.404502][ T5448] bridge0: port 2(bridge_slave_1) entered disabled state
[  238.408426][ T5448] bridge_slave_1: entered allmulticast mode
[  238.412411][ T5448] bridge_slave_1: entered promiscuous mode
[  238.437952][ T5448] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  238.445160][ T5448] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  238.469232][ T5448] team0: Port device team_slave_0 added
[  238.475323][ T5448] team0: Port device team_slave_1 added
[  238.498029][ T5448] batman_adv: batadv0: Adding interface: batadv_slave_0
[  238.501046][ T5448] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  238.513077][ T5448] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  238.519539][ T5448] batman_adv: batadv0: Adding interface: batadv_slave_1
[  238.522646][ T5448] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  238.534875][ T5448] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  238.577157][ T5448] hsr_slave_0: entered promiscuous mode
[  238.580519][ T5448] hsr_slave_1: entered promiscuous mode
[  238.583560][ T5448] debugfs: 'hsr0' already exists in 'hsr'
[  238.586876][ T5448] Cannot create hsr debugfs directory
[  239.416517][ T1039] bridge_slave_1: left allmulticast mode
[  239.420802][ T1039] bridge_slave_1: left promiscuous mode
[  239.424992][ T1039] bridge0: port 2(bridge_slave_1) entered disabled state
[  239.456397][ T1039] bridge_slave_0: left allmulticast mode
[  239.458985][ T1039] bridge_slave_0: left promiscuous mode
[  239.461761][ T1039] bridge0: port 1(bridge_slave_0) entered disabled state
[  239.876296][ T1039] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  239.883110][ T1039] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  239.889781][ T1039] bond0 (unregistering): Released all slaves
[  240.024097][ T1039] hsr_slave_0: left promiscuous mode
[  240.040667][ T1039] hsr_slave_1: left promiscuous mode
[  240.043623][ T1039] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  240.054893][ T1039] batman_adv: batadv0: Removing interface: batadv_slave_0
[  240.066080][ T1039] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  240.069359][ T1039] batman_adv: batadv0: Removing interface: batadv_slave_1
[  240.099580][ T1039] veth1_macvtap: left promiscuous mode
[  240.102915][ T1039] veth0_macvtap: left promiscuous mode
[  240.117959][ T1039] veth1_vlan: left promiscuous mode
[  240.120623][ T1039] veth0_vlan: left promiscuous mode
[  240.157193][ T4669] Bluetooth: hci0: command tx timeout
[  240.543934][ T1039] team0 (unregistering): Port device team_slave_1 removed
[  240.570871][ T1039] team0 (unregistering): Port device team_slave_0 removed
[  241.077216][ T5448] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  241.106636][ T5448] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  241.116218][ T5448] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  241.130328][ T5448] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  241.745622][ T5448] 8021q: adding VLAN 0 to HW filter on device bond0
[  241.782864][ T5448] 8021q: adding VLAN 0 to HW filter on device team0
[  241.813738][   T69] bridge0: port 1(bridge_slave_0) entered blocking state
[  241.817038][   T69] bridge0: port 1(bridge_slave_0) entered forwarding state
[  241.838212][   T69] bridge0: port 2(bridge_slave_1) entered blocking state
[  241.842073][   T69] bridge0: port 2(bridge_slave_1) entered forwarding state
[  242.026441][ T5448] 8021q: adding VLAN 0 to HW filter on device batadv0
[  242.063304][ T5448] veth0_vlan: entered promiscuous mode
[  242.072540][ T5448] veth1_vlan: entered promiscuous mode
[  242.102035][ T5448] veth0_macvtap: entered promiscuous mode
[  242.108982][ T5448] veth1_macvtap: entered promiscuous mode
[  242.127243][ T5448] batman_adv: batadv0: Interface activated: batadv_slave_0
[  242.138636][ T5448] batman_adv: batadv0: Interface activated: batadv_slave_1
[  242.152090][   T69] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  242.170395][   T69] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  242.174175][   T69] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  242.190652][   T69] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  242.235551][ T4669] Bluetooth: hci0: command tx timeout
[  242.241370][   T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  242.251616][   T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  242.278290][ T3035] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  242.281978][ T3035] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/11/04 12:19:55 executed programs: 3
[  244.314790][ T4669] Bluetooth: hci0: command tx timeout
[  246.394970][ T4669] Bluetooth: hci0: command tx timeout
2025/11/04 12:20:00 executed programs: 9
2025/11/04 12:20:05 executed programs: 15
2025/11/04 12:20:10 executed programs: 21
[  260.957088][ T1315] ieee802154 phy0 wpan0: encryption failed: -22
[  260.960349][ T1315] ieee802154 phy1 wpan1: encryption failed: -22
2025/11/04 12:20:16 executed programs: 27
2025/11/04 12:20:21 executed programs: 33
[  274.312154][ T5600] ==================================================================
[  274.315798][ T5600] BUG: KASAN: slab-use-after-free in sk_skb_reason_drop+0x37/0x170
[  274.319117][ T5600] Write of size 4 at addr ffff8880596605e4 by task syz.0.54/5600
[  274.323525][ T5600] 
[  274.324607][ T5600] CPU: 0 UID: 0 PID: 5600 Comm: syz.0.54 Not tainted syzkaller #0 PREEMPT(full) 
[  274.324623][ T5600] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  274.324630][ T5600] Call Trace:
[  274.324637][ T5600]  <TASK>
[  274.324643][ T5600]  dump_stack_lvl+0x189/0x250
[  274.324663][ T5600]  ? __virt_addr_valid+0x1c8/0x5c0
[  274.324679][ T5600]  ? rcu_is_watching+0x15/0xb0
[  274.324690][ T5600]  ? __kasan_check_byte+0x12/0x40
[  274.324706][ T5600]  ? __pfx_dump_stack_lvl+0x10/0x10
[  274.324719][ T5600]  ? rcu_is_watching+0x15/0xb0
[  274.324731][ T5600]  ? lock_release+0x4b/0x3e0
[  274.324742][ T5600]  ? __virt_addr_valid+0x1c8/0x5c0
[  274.324756][ T5600]  ? __virt_addr_valid+0x4a5/0x5c0
[  274.324767][ T5600]  print_report+0xca/0x240
[  274.324776][ T5600]  ? sk_skb_reason_drop+0x37/0x170
[  274.324787][ T5600]  kasan_report+0x118/0x150
[  274.324797][ T5600]  ? sk_skb_reason_drop+0x37/0x170
[  274.324813][ T5600]  kasan_check_range+0x2b0/0x2c0
[  274.324828][ T5600]  sk_skb_reason_drop+0x37/0x170
[  274.324843][ T5600]  nr_transmit_buffer+0x11d/0x1b0
[  274.324855][ T5600]  nr_establish_data_link+0x62/0xb0
[  274.324866][ T5600]  nr_connect+0x6e6/0xde0
[  274.324882][ T5600]  ? __pfx_nr_connect+0x10/0x10
[  274.324902][ T5600]  ? tomoyo_socket_connect_permission+0x164/0x290
[  274.324970][ T5600]  ? bpf_lsm_socket_connect+0x9/0x20
[  274.324985][ T5600]  __sys_connect+0x316/0x440
[  274.325001][ T5600]  ? __pfx___sys_connect+0x10/0x10
[  274.325017][ T5600]  ? rcu_is_watching+0x15/0xb0
[  274.325030][ T5600]  __x64_sys_connect+0x7a/0x90
[  274.325044][ T5600]  do_syscall_64+0xfa/0xfa0
[  274.325058][ T5600]  ? lockdep_hardirqs_on+0x9c/0x150
[  274.325072][ T5600]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.325082][ T5600]  ? clear_bhb_loop+0x60/0xb0
[  274.325093][ T5600]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.325104][ T5600] RIP: 0033:0x7fe6a438f6c9
[  274.325115][ T5600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  274.325124][ T5600] RSP: 002b:00007fe6a5268038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  274.325137][ T5600] RAX: ffffffffffffffda RBX: 00007fe6a45e6090 RCX: 00007fe6a438f6c9
[  274.325145][ T5600] RDX: 0000000000000048 RSI: 0000200000000300 RDI: 0000000000000004
[  274.325152][ T5600] RBP: 00007fe6a4411f91 R08: 0000000000000000 R09: 0000000000000000
[  274.325158][ T5600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  274.325164][ T5600] R13: 00007fe6a45e6128 R14: 00007fe6a45e6090 R15: 00007ffdf569a138
[  274.325175][ T5600]  </TASK>
[  274.325179][ T5600] 
[  274.435363][ T5600] Allocated by task 5600:
[  274.437066][ T5600]  kasan_save_track+0x3e/0x80
[  274.439000][ T5600]  __kasan_slab_alloc+0x6c/0x80
[  274.440955][ T5600]  kmem_cache_alloc_node_noprof+0x433/0x710
[  274.443352][ T5600]  __alloc_skb+0x112/0x2d0
[  274.445240][ T5600]  nr_write_internal+0xe2/0xc60
[  274.447505][ T5600]  nr_establish_data_link+0x62/0xb0
[  274.449864][ T5600]  nr_connect+0x6e6/0xde0
[  274.451929][ T5600]  __sys_connect+0x316/0x440
[  274.454015][ T5600]  __x64_sys_connect+0x7a/0x90
[  274.456112][ T5600]  do_syscall_64+0xfa/0xfa0
[  274.457942][ T5600]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.460198][ T5600] 
[  274.461213][ T5600] Freed by task 5600:
[  274.462887][ T5600]  kasan_save_track+0x3e/0x80
[  274.464894][ T5600]  __kasan_save_free_info+0x46/0x50
[  274.467065][ T5600]  __kasan_slab_free+0x5c/0x80
[  274.469103][ T5600]  kmem_cache_free+0x19b/0x690
[  274.471127][ T5600]  nr_route_frame+0x467/0x7e0
[  274.473182][ T5600]  nr_transmit_buffer+0xe7/0x1b0
[  274.475307][ T5600]  nr_establish_data_link+0x62/0xb0
[  274.477674][ T5600]  nr_connect+0x6e6/0xde0
[  274.479732][ T5600]  __sys_connect+0x316/0x440
[  274.481698][ T5600]  __x64_sys_connect+0x7a/0x90
[  274.483777][ T5600]  do_syscall_64+0xfa/0xfa0
[  274.485757][ T5600]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.488309][ T5600] 
[  274.489347][ T5600] The buggy address belongs to the object at ffff888059660500
[  274.489347][ T5600]  which belongs to the cache skbuff_head_cache of size 240
[  274.495582][ T5600] The buggy address is located 228 bytes inside of
[  274.495582][ T5600]  freed 240-byte region [ffff888059660500, ffff8880596605f0)
[  274.501235][ T5600] 
[  274.502290][ T5600] The buggy address belongs to the physical page:
[  274.504982][ T5600] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x59660
[  274.508665][ T5600] ksm flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  274.511885][ T5600] page_type: f5(slab)
[  274.513641][ T5600] raw: 04fff00000000000 ffff8880304cfc80 ffffea00015cfa80 dead000000000003
[  274.517341][ T5600] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000
[  274.521097][ T5600] page dumped because: kasan: bad access detected
[  274.523835][ T5600] page_owner tracks the page as allocated
[  274.526226][ T5600] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 3035, tgid 3035 (kworker/u4:12), ts 243435803171, free_ts 243218050311
[  274.533883][ T5600]  post_alloc_hook+0x240/0x2a0
[  274.536049][ T5600]  get_page_from_freelist+0x2365/0x2440
[  274.538622][ T5600]  __alloc_frozen_pages_noprof+0x181/0x370
[  274.541282][ T5600]  alloc_pages_mpol+0x232/0x4a0
[  274.543422][ T5600]  allocate_slab+0x96/0x350
[  274.545424][ T5600]  ___slab_alloc+0xe94/0x18a0
[  274.547395][ T5600]  __slab_alloc+0x65/0x100
[  274.549342][ T5600]  kmem_cache_alloc_node_noprof+0x4c5/0x710
[  274.551895][ T5600]  __alloc_skb+0x112/0x2d0
[  274.553856][ T5600]  nsim_dev_trap_report_work+0x29a/0xb80
[  274.556335][ T5600]  process_scheduled_works+0xae1/0x17b0
[  274.559103][ T5600]  worker_thread+0x8a0/0xda0
[  274.561260][ T5600]  kthread+0x711/0x8a0
[  274.563022][ T5600]  ret_from_fork+0x4bc/0x870
[  274.564925][ T5600]  ret_from_fork_asm+0x1a/0x30
[  274.566932][ T5600] page last free pid 5492 tgid 5492 stack trace:
[  274.569550][ T5600]  __free_frozen_pages+0xbc4/0xd30
[  274.571485][ T5600]  __slab_free+0x2e7/0x390
[  274.573192][ T5600]  qlist_free_all+0x97/0x140
[  274.575105][ T5600]  kasan_quarantine_reduce+0x148/0x160
[  274.577378][ T5600]  __kasan_slab_alloc+0x22/0x80
[  274.579470][ T5600]  kmem_cache_alloc_noprof+0x367/0x6e0
[  274.581869][ T5600]  ptlock_alloc+0x20/0x70
[  274.583657][ T5600]  pte_alloc_one+0x7a/0x310
[  274.585585][ T5600]  __handle_mm_fault+0x2767/0x5400
[  274.587778][ T5600]  handle_mm_fault+0x40a/0x8e0
[  274.589820][ T5600]  do_user_addr_fault+0xa7c/0x1380
[  274.592073][ T5600]  exc_page_fault+0x82/0x100
[  274.594110][ T5600]  asm_exc_page_fault+0x26/0x30
[  274.596366][ T5600] 
[  274.597453][ T5600] Memory state around the buggy address:
[  274.599934][ T5600]  ffff888059660480: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[  274.603247][ T5600]  ffff888059660500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  274.606706][ T5600] >ffff888059660580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[  274.610096][ T5600]                                                        ^
[  274.613293][ T5600]  ffff888059660600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  274.616885][ T5600]  ffff888059660680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  274.620270][ T5600] ==================================================================
2025/11/04 12:20:26 executed programs: 39
[  274.632718][ T5600] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  274.636226][ T5600] CPU: 0 UID: 0 PID: 5600 Comm: syz.0.54 Not tainted syzkaller #0 PREEMPT(full) 
[  274.640377][ T5600] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  274.644973][ T5600] Call Trace:
[  274.646416][ T5600]  <TASK>
[  274.647738][ T5600]  dump_stack_lvl+0x99/0x250
[  274.649935][ T5600]  ? __asan_memcpy+0x40/0x70
[  274.652143][ T5600]  ? __pfx_dump_stack_lvl+0x10/0x10
[  274.654557][ T5600]  ? __pfx__printk+0x10/0x10
[  274.656691][ T5600]  vpanic+0x237/0x6d0
[  274.658501][ T5600]  ? __pfx_vpanic+0x10/0x10
[  274.660550][ T5600]  ? preempt_schedule_common+0x83/0xd0
[  274.662823][ T5600]  ? preempt_schedule+0xae/0xc0
[  274.665080][ T5600]  panic+0xb9/0xc0
[  274.666824][ T5600]  ? __pfx_panic+0x10/0x10
[  274.668867][ T5600]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  274.671842][ T5600]  ? sk_skb_reason_drop+0x37/0x170
[  274.674410][ T5600]  check_panic_on_warn+0x89/0xb0
[  274.677109][ T5600]  ? sk_skb_reason_drop+0x37/0x170
[  274.679885][ T5600]  end_report+0x78/0x160
[  274.682122][ T5600]  kasan_report+0x129/0x150
[  274.684749][ T5600]  ? sk_skb_reason_drop+0x37/0x170
[  274.687694][ T5600]  kasan_check_range+0x2b0/0x2c0
[  274.690304][ T5600]  sk_skb_reason_drop+0x37/0x170
[  274.693005][ T5600]  nr_transmit_buffer+0x11d/0x1b0
[  274.695286][ T5600]  nr_establish_data_link+0x62/0xb0
[  274.697624][ T5600]  nr_connect+0x6e6/0xde0
[  274.699496][ T5600]  ? __pfx_nr_connect+0x10/0x10
[  274.701596][ T5600]  ? tomoyo_socket_connect_permission+0x164/0x290
[  274.704376][ T5600]  ? bpf_lsm_socket_connect+0x9/0x20
[  274.706721][ T5600]  __sys_connect+0x316/0x440
[  274.708771][ T5600]  ? __pfx___sys_connect+0x10/0x10
[  274.711300][ T5600]  ? rcu_is_watching+0x15/0xb0
[  274.713368][ T5600]  __x64_sys_connect+0x7a/0x90
[  274.715459][ T5600]  do_syscall_64+0xfa/0xfa0
[  274.717327][ T5600]  ? lockdep_hardirqs_on+0x9c/0x150
[  274.719569][ T5600]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.722088][ T5600]  ? clear_bhb_loop+0x60/0xb0
[  274.724094][ T5600]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.726786][ T5600] RIP: 0033:0x7fe6a438f6c9
[  274.728692][ T5600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  274.737186][ T5600] RSP: 002b:00007fe6a5268038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  274.741433][ T5600] RAX: ffffffffffffffda RBX: 00007fe6a45e6090 RCX: 00007fe6a438f6c9
[  274.744873][ T5600] RDX: 0000000000000048 RSI: 0000200000000300 RDI: 0000000000000004
[  274.748331][ T5600] RBP: 00007fe6a4411f91 R08: 0000000000000000 R09: 0000000000000000
[  274.751871][ T5600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  274.755419][ T5600] R13: 00007fe6a45e6128 R14: 00007fe6a45e6090 R15: 00007ffdf569a138
[  274.758946][ T5600]  </TASK>
[  274.760600][ T5600] Kernel Offset: disabled
[  274.762539][ T5600] Rebooting in 86400 seconds..

VM DIAGNOSIS:
12:20:26  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000074 RBX=0000000000000074 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc9000cd1f4b0
R8 =ffff888033930237 R9 =1ffff11006726046 R10=dffffc0000000000 R11=ffffffff85166e60
R12=dffffc0000000000 R13=ffffffff997e2929 R14=ffffffff99af6320 R15=0000000000000000
RIP=ffffffff85166edc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fe6a52686c0 ffffffff 00c00000
GS =0000 ffff88808d732000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fe6a5267fc8 CR3=000000004da15000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=0000000000000014 Opmask02=000000000000003f Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe6a4413050
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe6a441305d
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe6a4413057
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe6a441306b
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe6a44130f1
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe6a44131cf
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe6a45b74a8 00007fe6a45b74a0 00007fe6a45b7498 00007fe6a45b7470
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe6a511d100 00007fe6a45b7460 00007fe6a45b7478 00007fe6a45b74c0
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe6a45b74b8 00007fe6a45b74b0 00007fe6a45b74a8 00007fe6a45b74a0
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000050
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000