Warning: Permanently added '[localhost]:9449' (ED25519) to the list of known hosts.
2025/12/01 17:33:50 parsed 1 programs
syzkaller login: [ 70.529275][ T5812] cgroup: Unknown subsys name 'net'
[ 70.660188][ T5812] cgroup: Unknown subsys name 'cpuset'
[ 70.665508][ T5812] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 71.620715][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.623282][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[ 72.555045][ T5812] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 74.909231][ T5820] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 75.409378][ T5199] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 75.412244][ T5199] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 75.415504][ T5199] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 75.419897][ T5199] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 75.423616][ T5199] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 76.227902][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 76.230545][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 76.231185][ T5873] chnl_net:caif_netlink_parms(): no params data found
[ 76.463350][ T1092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 76.470256][ T1092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 76.576578][ T5873] bridge0: port 1(bridge_slave_0) entered blocking state
[ 76.586943][ T5873] bridge0: port 1(bridge_slave_0) entered disabled state
[ 76.589889][ T5873] bridge_slave_0: entered allmulticast mode
[ 76.593698][ T5873] bridge_slave_0: entered promiscuous mode
[ 76.608499][ T5873] bridge0: port 2(bridge_slave_1) entered blocking state
[ 76.611820][ T5873] bridge0: port 2(bridge_slave_1) entered disabled state
[ 76.614664][ T5873] bridge_slave_1: entered allmulticast mode
[ 76.624674][ T5873] bridge_slave_1: entered promiscuous mode
[ 76.689939][ T5873] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 76.695112][ T5873] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 76.747396][ T5873] team0: Port device team_slave_0 added
[ 76.750872][ T5873] team0: Port device team_slave_1 added
[ 76.781364][ T5873] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 76.784557][ T5873] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 76.794663][ T5873] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 76.825980][ T5873] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 76.828479][ T5873] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 76.845880][ T5873] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 76.927801][ T5873] hsr_slave_0: entered promiscuous mode
[ 76.930918][ T5873] hsr_slave_1: entered promiscuous mode
[ 77.318744][ T5873] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 77.331839][ T5873] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 77.338371][ T5873] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 77.348430][ T5873] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 77.466481][ T5873] 8021q: adding VLAN 0 to HW filter on device bond0
[ 77.483696][ T5873] 8021q: adding VLAN 0 to HW filter on device team0
[ 77.497032][ T28] bridge0: port 1(bridge_slave_0) entered blocking state
[ 77.500775][ T28] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 77.516859][ T28] bridge0: port 2(bridge_slave_1) entered blocking state
[ 77.520214][ T28] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 77.683619][ T5873] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 77.711243][ T5873] veth0_vlan: entered promiscuous mode
[ 77.721168][ T5873] veth1_vlan: entered promiscuous mode
[ 77.745115][ T5873] veth0_macvtap: entered promiscuous mode
[ 77.750292][ T5873] veth1_macvtap: entered promiscuous mode
[ 77.760356][ T5873] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 77.768393][ T5873] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 77.780727][ T5829] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 77.784895][ T5829] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 77.790328][ T5829] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 77.794886][ T5829] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2025/12/01 17:34:00 executed programs: 0
[ 77.955223][ T5853] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 77.963430][ T5922] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 77.970760][ T5922] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 77.976363][ T5922] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 77.981648][ T5922] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 77.984503][ T5922] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 77.988796][ T5922] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 77.991508][ T5922] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 77.993865][ T5927] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 77.997940][ T5199] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 78.007239][ T5927] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 78.010969][ T5927] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 78.014867][ T5927] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 78.020388][ T5927] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 78.023993][ T5927] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 78.323563][ T5829] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 78.357988][ T5920] chnl_net:caif_netlink_parms(): no params data found
[ 78.408854][ T5829] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 78.515466][ T5921] chnl_net:caif_netlink_parms(): no params data found
[ 78.587208][ T5925] chnl_net:caif_netlink_parms(): no params data found
[ 78.603906][ T5920] bridge0: port 1(bridge_slave_0) entered blocking state
[ 78.607848][ T5920] bridge0: port 1(bridge_slave_0) entered disabled state
[ 78.611224][ T5920] bridge_slave_0: entered allmulticast mode
[ 78.614944][ T5920] bridge_slave_0: entered promiscuous mode
[ 78.620374][ T5920] bridge0: port 2(bridge_slave_1) entered blocking state
[ 78.622635][ T5920] bridge0: port 2(bridge_slave_1) entered disabled state
[ 78.625115][ T5920] bridge_slave_1: entered allmulticast mode
[ 78.628682][ T5920] bridge_slave_1: entered promiscuous mode
[ 78.713368][ T5920] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 78.721990][ T5921] bridge0: port 1(bridge_slave_0) entered blocking state
[ 78.724355][ T5921] bridge0: port 1(bridge_slave_0) entered disabled state
[ 78.727386][ T5921] bridge_slave_0: entered allmulticast mode
[ 78.730210][ T5921] bridge_slave_0: entered promiscuous mode
[ 78.736570][ T5920] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 78.768299][ T5921] bridge0: port 2(bridge_slave_1) entered blocking state
[ 78.770887][ T5921] bridge0: port 2(bridge_slave_1) entered disabled state
[ 78.773356][ T5921] bridge_slave_1: entered allmulticast mode
[ 78.776453][ T5921] bridge_slave_1: entered promiscuous mode
[ 78.802869][ T5920] team0: Port device team_slave_0 added
[ 78.805676][ T5925] bridge0: port 1(bridge_slave_0) entered blocking state
[ 78.808904][ T5925] bridge0: port 1(bridge_slave_0) entered disabled state
[ 78.811635][ T5925] bridge_slave_0: entered allmulticast mode
[ 78.814611][ T5925] bridge_slave_0: entered promiscuous mode
[ 78.829070][ T5920] team0: Port device team_slave_1 added
[ 78.832794][ T5921] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 78.837980][ T5925] bridge0: port 2(bridge_slave_1) entered blocking state
[ 78.840448][ T5925] bridge0: port 2(bridge_slave_1) entered disabled state
[ 78.843116][ T5925] bridge_slave_1: entered allmulticast mode
[ 78.846678][ T5925] bridge_slave_1: entered promiscuous mode
[ 78.864380][ T5921] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 78.885517][ T5925] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 78.893162][ T5925] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 78.953892][ T5920] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 78.956904][ T5920] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 78.965703][ T5920] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 78.971482][ T5920] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 78.973732][ T5920] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 78.981819][ T5920] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 78.993389][ T5921] team0: Port device team_slave_0 added
[ 79.012632][ T5925] team0: Port device team_slave_0 added
[ 79.018548][ T5921] team0: Port device team_slave_1 added
[ 79.023232][ T5925] team0: Port device team_slave_1 added
[ 79.077356][ T5925] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 79.079517][ T5925] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 79.089146][ T5925] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 79.109309][ T5921] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 79.111760][ T5921] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 79.120691][ T5921] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 79.129016][ T5920] hsr_slave_0: entered promiscuous mode
[ 79.132052][ T5920] hsr_slave_1: entered promiscuous mode
[ 79.134615][ T5920] debugfs: 'hsr0' already exists in 'hsr'
[ 79.136979][ T5920] Cannot create hsr debugfs directory
[ 79.148476][ T5925] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 79.150858][ T5925] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 79.159290][ T5925] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 79.168111][ T5921] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 79.170944][ T5921] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 79.179163][ T5921] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 79.260733][ T5925] hsr_slave_0: entered promiscuous mode
[ 79.263817][ T5925] hsr_slave_1: entered promiscuous mode
[ 79.267313][ T5925] debugfs: 'hsr0' already exists in 'hsr'
[ 79.269930][ T5925] Cannot create hsr debugfs directory
[ 79.287757][ T5921] hsr_slave_0: entered promiscuous mode
[ 79.290909][ T5921] hsr_slave_1: entered promiscuous mode
[ 79.293292][ T5921] debugfs: 'hsr0' already exists in 'hsr'
[ 79.295061][ T5921] Cannot create hsr debugfs directory
[ 79.529381][ T5920] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 79.534938][ T5920] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 79.543757][ T5920] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 79.549458][ T5920] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 79.607058][ T5920] 8021q: adding VLAN 0 to HW filter on device bond0
[ 79.622314][ T5920] 8021q: adding VLAN 0 to HW filter on device team0
[ 79.628989][ T1092] bridge0: port 1(bridge_slave_0) entered blocking state
[ 79.631482][ T1092] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 79.641778][ T1092] bridge0: port 2(bridge_slave_1) entered blocking state
[ 79.644417][ T1092] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 79.724349][ T5829] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 79.775749][ T5920] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 79.799432][ T5920] veth0_vlan: entered promiscuous mode
[ 79.805056][ T5920] veth1_vlan: entered promiscuous mode
[ 79.822893][ T5920] veth0_macvtap: entered promiscuous mode
[ 79.827641][ T5920] veth1_macvtap: entered promiscuous mode
[ 79.837771][ T5920] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 79.845192][ T5920] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 79.852698][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 79.857658][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 79.860863][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 79.864157][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 79.915295][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 79.919015][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 79.936712][ T1092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 79.939323][ T1092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 79.972704][ T5961] syz.0.17 uses obsolete (PF_INET,SOCK_PACKET)
[ 79.977605][ T5961] netlink: 8 bytes leftover after parsing attributes in process `syz.0.17'.
[ 80.016677][ T5853] Bluetooth: hci0: command tx timeout
[ 80.096214][ T5853] Bluetooth: hci2: command tx timeout
[ 80.098258][ T5927] Bluetooth: hci1: command tx timeout
[ 81.381611][ T5829] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 81.518620][ T5829] bridge_slave_1: left allmulticast mode
[ 81.521162][ T5829] bridge_slave_1: left promiscuous mode
[ 81.524944][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state
[ 81.532541][ T5829] bridge_slave_0: left allmulticast mode
[ 81.534802][ T5829] bridge_slave_0: left promiscuous mode
[ 81.542908][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state
[ 81.808060][ T5829] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 81.815177][ T5829] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 81.820882][ T5829] bond0 (unregistering): Released all slaves
[ 81.921295][ T5969] netlink: 8 bytes leftover after parsing attributes in process `syz.0.20'.
[ 81.962310][ T5829] hsr_slave_0: left promiscuous mode
[ 81.967978][ T5829] hsr_slave_1: left promiscuous mode
[ 81.973408][ T5829] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 81.976591][ T5970] ==================================================================
[ 81.979750][ T5829] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 81.980521][ T5970] BUG: KASAN: slab-use-after-free in nf_flow_skb_encap_protocol+0x1336/0x14e0
[ 81.986838][ T5970] Read of size 2 at addr ffff888115de92b6 by task syz.0.20/5970
[ 81.990645][ T5970]
[ 81.991602][ T5970] CPU: 0 UID: 0 PID: 5970 Comm: syz.0.20 Not tainted syzkaller #0 PREEMPT(full)
[ 81.991617][ T5970] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 81.991625][ T5970] Call Trace:
[ 81.991631][ T5970]
[ 81.991636][ T5970] dump_stack_lvl+0x189/0x250
[ 81.991656][ T5970] ? __kasan_check_byte+0x12/0x40
[ 81.991669][ T5970] ? __pfx_dump_stack_lvl+0x10/0x10
[ 81.991683][ T5970] ? lock_release+0x4b/0x3e0
[ 81.991696][ T5970] ? __virt_addr_valid+0x4a5/0x5c0
[ 81.991712][ T5970] print_report+0xca/0x240
[ 81.991726][ T5970] ? nf_flow_skb_encap_protocol+0x1336/0x14e0
[ 81.991742][ T5970] kasan_report+0x118/0x150
[ 81.991754][ T5970] ? nf_flow_skb_encap_protocol+0x1336/0x14e0
[ 81.991771][ T5970] nf_flow_skb_encap_protocol+0x1336/0x14e0
[ 81.991791][ T5970] nf_flow_offload_ipv6_hook+0x131/0x3380
[ 81.991806][ T5970] ? __lock_acquire+0xab9/0xd20
[ 81.991823][ T5970] ? __pfx_nf_flow_offload_ipv6_hook+0x10/0x10
[ 81.991839][ T5970] ? page_table_check_set+0x18d/0x730
[ 81.991859][ T5970] ? __lock_acquire+0xab9/0xd20
[ 81.991871][ T5970] ? skb_copy_bits+0x420/0x8f0
[ 81.991884][ T5970] ? __asan_memcpy+0x40/0x70
[ 81.991899][ T5970] ? skb_copy_bits+0x7e6/0x8f0
[ 81.991918][ T5970] ? nf_flow_offload_inet_hook+0x3b4/0x630
[ 81.991934][ T5970] ? __netif_receive_skb_core+0x2171/0x2f90
[ 81.991946][ T5970] ? __pfx_nf_flow_offload_inet_hook+0x10/0x10
[ 81.991962][ T5970] nf_hook_slow+0xc5/0x220
[ 81.991979][ T5970] __netif_receive_skb_core+0x241c/0x2f90
[ 81.991991][ T5970] ? __netif_receive_skb_core+0x2171/0x2f90
[ 81.992001][ T5970] ? __pfx___skb_flow_dissect+0x10/0x10
[ 81.992016][ T5970] ? __pfx___up_read+0x10/0x10
[ 81.992030][ T5970] ? do_user_addr_fault+0xbbc/0x1380
[ 81.992043][ T5970] ? do_user_addr_fault+0xc85/0x1380
[ 81.992055][ T5970] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 81.992067][ T5970] ? lockdep_hardirqs_on+0x9c/0x150
[ 81.992085][ T5970] ? netif_receive_skb+0x115/0x790
[ 81.992101][ T5970] ? netif_receive_skb+0x115/0x790
[ 81.992118][ T5970] __netif_receive_skb+0x72/0x380
[ 81.992130][ T5970] ? netif_receive_skb+0x115/0x790
[ 81.992146][ T5970] netif_receive_skb+0x1cb/0x790
[ 81.992163][ T5970] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 81.992175][ T5970] ? __pfx_netif_receive_skb+0x10/0x10
[ 81.992219][ T5970] ? tun_rx_batched+0x160/0x730
[ 81.992236][ T5970] tun_rx_batched+0x1b9/0x730
[ 81.992250][ T5970] ? __lock_acquire+0xab9/0xd20
[ 81.992262][ T5970] ? __pfx_tun_rx_batched+0x10/0x10
[ 81.992276][ T5970] ? tun_get_user+0x272f/0x3e90
[ 81.992293][ T5970] tun_get_user+0x2b65/0x3e90
[ 81.992310][ T5970] ? tun_get_user+0x272f/0x3e90
[ 81.992324][ T5970] ? aa_file_perm+0x44d/0x1550
[ 81.992335][ T5970] ? __pfx_tun_get_user+0x10/0x10
[ 81.992353][ T5970] ? ref_tracker_alloc+0x318/0x460
[ 81.992364][ T5970] ? __lock_acquire+0xab9/0xd20
[ 81.992382][ T5970] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 81.992395][ T5970] ? tun_get+0x1c/0x2f0
[ 81.992410][ T5970] ? tun_get+0x1c/0x2f0
[ 81.992423][ T5970] ? tun_get+0x1c/0x2f0
[ 81.992437][ T5970] tun_chr_write_iter+0x113/0x200
[ 81.992451][ T5970] vfs_write+0x5c9/0xb30
[ 81.992468][ T5970] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 81.992482][ T5970] ? __pfx_vfs_write+0x10/0x10
[ 81.992499][ T5970] ? __fget_files+0x2a/0x420
[ 81.992513][ T5970] ksys_write+0x145/0x250
[ 81.992529][ T5970] ? __pfx_ksys_write+0x10/0x10
[ 81.992544][ T5970] ? do_syscall_64+0xbe/0xfa0
[ 81.992559][ T5970] do_syscall_64+0xfa/0xfa0
[ 81.992572][ T5970] ? lockdep_hardirqs_on+0x9c/0x150
[ 81.992585][ T5970] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 81.992596][ T5970] ? exc_page_fault+0xab/0x100
[ 81.992609][ T5970] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 81.992621][ T5970] RIP: 0033:0x7f8b24f8f7c9
[ 81.992632][ T5970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 81.992642][ T5970] RSP: 002b:00007f8b25e26038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 81.992657][ T5970] RAX: ffffffffffffffda RBX: 00007f8b251e6090 RCX: 00007f8b24f8f7c9
[ 81.992666][ T5970] RDX: 000000000000fdef RSI: 0000200000000440 RDI: 0000000000000003
[ 81.992674][ T5970] RBP: 00007f8b24ff297f R08: 0000000000000000 R09: 0000000000000000
[ 81.992681][ T5970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 81.992689][ T5970] R13: 00007f8b251e6128 R14: 00007f8b251e6090 R15: 00007ffe014b8a38
[ 81.992703][ T5970]
[ 81.992707][ T5970]
[ 82.158873][ T5970] Allocated by task 5970:
[ 82.160747][ T5970] kasan_save_track+0x3e/0x80
[ 82.162413][ T5970] __kasan_slab_alloc+0x6c/0x80
[ 82.163916][ T5970] kmem_cache_alloc_node_noprof+0x433/0x710
[ 82.165867][ T5970] __alloc_skb+0x255/0x430
[ 82.167514][ T5970] alloc_skb_with_frags+0xca/0x890
[ 82.169438][ T5970] sock_alloc_send_pskb+0x84d/0x980
[ 82.171550][ T5970] tun_get_user+0xa43/0x3e90
[ 82.173535][ T5970] tun_chr_write_iter+0x113/0x200
[ 82.175698][ T5970] vfs_write+0x5c9/0xb30
[ 82.177080][ T5970] ksys_write+0x145/0x250
[ 82.178460][ T5970] do_syscall_64+0xfa/0xfa0
[ 82.179860][ T5970] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 82.181690][ T5970]
[ 82.182469][ T5970] Freed by task 5970:
[ 82.183695][ T5970] kasan_save_track+0x3e/0x80
[ 82.185242][ T5970] __kasan_save_free_info+0x46/0x50
[ 82.187185][ T5970] __kasan_slab_free+0x5c/0x80
[ 82.188871][ T5970] kmem_cache_free+0x19b/0x690
[ 82.190474][ T5970] ipv6_rthdr_rcv+0x150e/0x2020
[ 82.192095][ T5970] nf_flow_skb_encap_protocol+0x9b5/0x14e0
[ 82.194057][ T5970] nf_flow_offload_ipv6_hook+0x131/0x3380
[ 82.195907][ T5970] nf_hook_slow+0xc5/0x220
[ 82.197415][ T5970] __netif_receive_skb_core+0x241c/0x2f90
[ 82.199530][ T5970] __netif_receive_skb+0x72/0x380
[ 82.201520][ T5970] netif_receive_skb+0x1cb/0x790
[ 82.203512][ T5970] tun_rx_batched+0x1b9/0x730
[ 82.205351][ T5970] tun_get_user+0x2b65/0x3e90
[ 82.207253][ T5970] tun_chr_write_iter+0x113/0x200
[ 82.209327][ T5970] vfs_write+0x5c9/0xb30
[ 82.211116][ T5970] ksys_write+0x145/0x250
[ 82.212960][ T5970] do_syscall_64+0xfa/0xfa0
[ 82.214902][ T5970] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 82.216908][ T5970]
[ 82.217766][ T5970] The buggy address belongs to the object at ffff888115de9200
[ 82.217766][ T5970] which belongs to the cache skbuff_head_cache of size 240
[ 82.222463][ T5970] The buggy address is located 182 bytes inside of
[ 82.222463][ T5970] freed 240-byte region [ffff888115de9200, ffff888115de92f0)
[ 82.226971][ T5970]
[ 82.227822][ T5970] The buggy address belongs to the physical page:
[ 82.229882][ T5970] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x115de8
[ 82.232928][ T5970] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 82.236529][ T5970] flags: 0x17ff00000000040(head|node=0|zone=2|lastcpupid=0x7ff)
[ 82.239343][ T5970] page_type: f5(slab)
[ 82.240718][ T5970] raw: 017ff00000000040 ffff8881036ba8c0 ffffea0004280a80 dead000000000002
[ 82.243511][ T5970] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[ 82.246584][ T5970] head: 017ff00000000040 ffff8881036ba8c0 ffffea0004280a80 dead000000000002
[ 82.249430][ T5970] head: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000
[ 82.252461][ T5970] head: 017ff00000000001 ffffea0004577a01 00000000ffffffff 00000000ffffffff
[ 82.255592][ T5970] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[ 82.259017][ T5970] page dumped because: kasan: bad access detected
[ 82.261504][ T5970] page_owner tracks the page as allocated
[ 82.263516][ T5970] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5555, tgid 5555 (dhcpcd), ts 36767395595, free_ts 35122573404
[ 82.270155][ T5970] post_alloc_hook+0x234/0x290
[ 82.272026][ T5970] get_page_from_freelist+0x2365/0x2440
[ 82.274140][ T5970] __alloc_frozen_pages_noprof+0x181/0x370
[ 82.276032][ T5970] alloc_pages_mpol+0x232/0x4a0
[ 82.277590][ T5970] allocate_slab+0x96/0x350
[ 82.279071][ T5970] ___slab_alloc+0xf56/0x1990
[ 82.280690][ T5970] __slab_alloc+0x65/0x100
[ 82.282274][ T5970] kmem_cache_alloc_node_noprof+0x4c5/0x710
[ 82.284122][ T5970] __alloc_skb+0x255/0x430
[ 82.285540][ T5970] alloc_skb_with_frags+0xca/0x890
[ 82.287182][ T5970] sock_alloc_send_pskb+0x84d/0x980
[ 82.289060][ T5970] unix_dgram_sendmsg+0x454/0x1840
[ 82.291135][ T5970] __sock_sendmsg+0x21c/0x270
[ 82.293157][ T5970] sock_write_iter+0x279/0x360
[ 82.294881][ T5970] do_iter_readv_writev+0x623/0x8c0
[ 82.296617][ T5970] vfs_writev+0x31a/0x960
[ 82.298027][ T5970] page last free pid 5262 tgid 5262 stack trace:
[ 82.300216][ T5970] __free_frozen_pages+0xbc4/0xd30
[ 82.302095][ T5970] __slab_free+0x2e7/0x390
[ 82.303553][ T5970] qlist_free_all+0x97/0x140
[ 82.305006][ T5970] kasan_quarantine_reduce+0x148/0x160
[ 82.306707][ T5970] __kasan_slab_alloc+0x22/0x80
[ 82.308235][ T5970] kmem_cache_alloc_noprof+0x367/0x6e0
[ 82.309998][ T5970] getname_flags+0xb8/0x540
[ 82.311726][ T5970] do_sys_openat2+0xbc/0x1c0
[ 82.313498][ T5970] __x64_sys_openat+0x138/0x170
[ 82.315784][ T5970] do_syscall_64+0xfa/0xfa0
[ 82.317522][ T5970] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 82.319493][ T5970]
[ 82.320314][ T5970] Memory state around the buggy address:
[ 82.322213][ T5970] ffff888115de9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 82.324747][ T5970] ffff888115de9200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 82.327742][ T5970] >ffff888115de9280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 82.330848][ T5970] ^
[ 82.333057][ T5970] ffff888115de9300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 82.336180][ T5970] ffff888115de9380: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 82.339331][ T5970] ==================================================================
[ 82.342498][ T5970] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 82.345255][ T5970] CPU: 0 UID: 0 PID: 5970 Comm: syz.0.20 Not tainted syzkaller #0 PREEMPT(full)
[ 82.348732][ T5970] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 82.352495][ T5970] Call Trace:
[ 82.353802][ T5970]
[ 82.354976][ T5970] dump_stack_lvl+0x99/0x250
[ 82.356891][ T5970] ? __asan_memcpy+0x40/0x70
[ 82.358759][ T5970] ? __pfx_dump_stack_lvl+0x10/0x10
[ 82.360855][ T5970] ? __pfx__printk+0x10/0x10
[ 82.362710][ T5970] vpanic+0x237/0x6d0
[ 82.364301][ T5970] ? __pfx_vpanic+0x10/0x10
[ 82.366107][ T5970] panic+0xb9/0xc0
[ 82.367587][ T5970] ? __pfx_panic+0x10/0x10
[ 82.369343][ T5970] ? _raw_spin_unlock_irqrestore+0xa8/0x110
[ 82.371630][ T5970] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 82.373926][ T5970] ? nf_flow_skb_encap_protocol+0x1336/0x14e0
[ 82.376226][ T5970] check_panic_on_warn+0x89/0xb0
[ 82.378261][ T5970] ? nf_flow_skb_encap_protocol+0x1336/0x14e0
[ 82.380913][ T5970] end_report+0x78/0x160
[ 82.382761][ T5970] kasan_report+0x129/0x150
[ 82.384597][ T5970] ? nf_flow_skb_encap_protocol+0x1336/0x14e0
[ 82.387034][ T5970] nf_flow_skb_encap_protocol+0x1336/0x14e0
[ 82.389447][ T5970] nf_flow_offload_ipv6_hook+0x131/0x3380
[ 82.391747][ T5970] ? __lock_acquire+0xab9/0xd20
[ 82.393916][ T5970] ? __pfx_nf_flow_offload_ipv6_hook+0x10/0x10
[ 82.396605][ T5970] ? page_table_check_set+0x18d/0x730
[ 82.398832][ T5970] ? __lock_acquire+0xab9/0xd20
[ 82.400722][ T5970] ? skb_copy_bits+0x420/0x8f0
[ 82.402614][ T5970] ? __asan_memcpy+0x40/0x70
[ 82.404511][ T5970] ? skb_copy_bits+0x7e6/0x8f0
[ 82.406454][ T5970] ? nf_flow_offload_inet_hook+0x3b4/0x630
[ 82.408773][ T5970] ? __netif_receive_skb_core+0x2171/0x2f90
[ 82.411176][ T5970] ? __pfx_nf_flow_offload_inet_hook+0x10/0x10
[ 82.413763][ T5970] nf_hook_slow+0xc5/0x220
[ 82.415706][ T5970] __netif_receive_skb_core+0x241c/0x2f90
[ 82.418302][ T5970] ? __netif_receive_skb_core+0x2171/0x2f90
[ 82.420762][ T5970] ? __pfx___skb_flow_dissect+0x10/0x10
[ 82.423000][ T5970] ? __pfx___up_read+0x10/0x10
[ 82.424984][ T5970] ? do_user_addr_fault+0xbbc/0x1380
[ 82.427146][ T5970] ? do_user_addr_fault+0xc85/0x1380
[ 82.429373][ T5970] ? __pfx___netif_receive_skb_core+0x10/0x10
[ 82.431860][ T5970] ? lockdep_hardirqs_on+0x9c/0x150
[ 82.434165][ T5970] ? netif_receive_skb+0x115/0x790
[ 82.436299][ T5970] ? netif_receive_skb+0x115/0x790
[ 82.438437][ T5970] __netif_receive_skb+0x72/0x380
[ 82.440577][ T5970] ? netif_receive_skb+0x115/0x790
[ 82.442693][ T5970] netif_receive_skb+0x1cb/0x790
[ 82.444845][ T5970] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 82.447590][ T5970] ? __pfx_netif_receive_skb+0x10/0x10
[ 82.450178][ T5970] ? tun_rx_batched+0x160/0x730
[ 82.452219][ T5970] tun_rx_batched+0x1b9/0x730
[ 82.454070][ T5970] ? __lock_acquire+0xab9/0xd20
[ 82.456002][ T5970] ? __pfx_tun_rx_batched+0x10/0x10
[ 82.458091][ T5970] ? tun_get_user+0x272f/0x3e90
[ 82.459963][ T5970] tun_get_user+0x2b65/0x3e90
[ 82.461810][ T5970] ? tun_get_user+0x272f/0x3e90
[ 82.463679][ T5970] ? aa_file_perm+0x44d/0x1550
[ 82.465476][ T5970] ? __pfx_tun_get_user+0x10/0x10
[ 82.467499][ T5970] ? ref_tracker_alloc+0x318/0x460
[ 82.469727][ T5970] ? __lock_acquire+0xab9/0xd20
[ 82.471793][ T5970] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 82.474224][ T5970] ? tun_get+0x1c/0x2f0
[ 82.476075][ T5970] ? tun_get+0x1c/0x2f0
[ 82.477822][ T5970] ? tun_get+0x1c/0x2f0
[ 82.479549][ T5970] tun_chr_write_iter+0x113/0x200
[ 82.481699][ T5970] vfs_write+0x5c9/0xb30
[ 82.483745][ T5970] ? __pfx_tun_chr_write_iter+0x10/0x10
[ 82.486468][ T5970] ? __pfx_vfs_write+0x10/0x10
[ 82.488751][ T5970] ? __fget_files+0x2a/0x420
[ 82.490831][ T5970] ksys_write+0x145/0x250
[ 82.492724][ T5970] ? __pfx_ksys_write+0x10/0x10
[ 82.494698][ T5970] ? do_syscall_64+0xbe/0xfa0
[ 82.496606][ T5970] do_syscall_64+0xfa/0xfa0
[ 82.498436][ T5970] ? lockdep_hardirqs_on+0x9c/0x150
[ 82.500689][ T5970] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 82.503273][ T5970] ? exc_page_fault+0xab/0x100
[ 82.505267][ T5970] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 82.507892][ T5970] RIP: 0033:0x7f8b24f8f7c9
[ 82.510008][ T5970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 82.517973][ T5970] RSP: 002b:00007f8b25e26038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 82.521353][ T5970] RAX: ffffffffffffffda RBX: 00007f8b251e6090 RCX: 00007f8b24f8f7c9
[ 82.524570][ T5970] RDX: 000000000000fdef RSI: 0000200000000440 RDI: 0000000000000003
[ 82.528408][ T5970] RBP: 00007f8b24ff297f R08: 0000000000000000 R09: 0000000000000000
[ 82.532268][ T5970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 82.535582][ T5970] R13: 00007f8b251e6128 R14: 00007f8b251e6090 R15: 00007ffe014b8a38
[ 82.538645][ T5970]
[ 82.540577][ T5970] Kernel Offset: disabled
[ 82.542127][ T5970] Rebooting in 86400 seconds..
VM DIAGNOSIS:
17:34:04 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000065 RBX=0000000000000065 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc900040b6830
R8 =ffff888169b18237 R9 =1ffff1102d363046 R10=dffffc0000000000 R11=ffffffff8514faf0
R12=dffffc0000000000 R13=ffffffff997e6923 R14=ffffffff99af9f40 R15=0000000000000000
RIP=ffffffff8514fb6c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f8b25e266c0 ffffffff 00c00000
GS =0000 ffff88818eb2e000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000010000 CR3=000000010cf40000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f8b251ba498 00007f8b251ba470 XMM03=00007f8b251ba4a8 00007f8b251ba4a0
XMM04=00007f8b25d1d100 00007f8b251ba460 XMM05=00007f8b251ba478 00007f8b251ba4c0
XMM06=00007f8b251ba4b8 00007f8b251ba4b0 XMM07=00007f8b251ba4a8 00007f8b251ba4a0
XMM08=160000005c000000 0000000000000000 XMM09=0000000000000000 00007f8b24ff2424
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1
CPU#1
RAX=0d2c32e89030ad00 RBX=ffffffff81967b47 RCX=0d2c32e89030ad00 RDX=0000000000000001
RSI=ffffffff8d7142d0 RDI=ffffffff8bbf08e0 RBP=ffffc90000197f10 RSP=ffffc90000197de0
R8 =ffff88823c632fdb R9 =1ffff110478c65fb R10=dffffc0000000000 R11=ffffed10478c65fc
R12=ffffffff8f7d1e70 R13=0000000000000001 R14=0000000000000001 R15=1ffff1102c1d1000
RIP=ffffffff8b488dd3 RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8882a9f2e000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f8b25e26d58 CR3=000000010cf40000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffffffffffff ffffffffffffffff
XMM02=ffffffffffffffff ffffffffffffffff XMM03=ffffffffffffff00 ffffffffffffffff
XMM04=0000000000000000 000000ffffffffff XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 00007f8b24ff2424
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000