Warning: Permanently added '[localhost]:38686' (ED25519) to the list of known hosts.
2026/01/22 17:06:48 parsed 1 programs
syzkaller login: [ 61.965664][ T5836] cgroup: Unknown subsys name 'net'
[ 62.067957][ T5836] cgroup: Unknown subsys name 'cpuset'
[ 62.072156][ T5836] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 63.731169][ T5836] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 66.405586][ T5844] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 67.332232][ T4233] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 67.334589][ T4233] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 67.355073][ T4159] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 67.358360][ T4159] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 67.514283][ T5886] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 67.517095][ T5886] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 67.519492][ T5886] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 67.522255][ T5886] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 67.524651][ T5886] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 68.120392][ T5903] chnl_net:caif_netlink_parms(): no params data found
[ 68.232317][ T5903] bridge0: port 1(bridge_slave_0) entered blocking state
[ 68.236025][ T5903] bridge0: port 1(bridge_slave_0) entered disabled state
[ 68.238816][ T5903] bridge_slave_0: entered allmulticast mode
[ 68.242487][ T5903] bridge_slave_0: entered promiscuous mode
[ 68.247160][ T5903] bridge0: port 2(bridge_slave_1) entered blocking state
[ 68.249282][ T5903] bridge0: port 2(bridge_slave_1) entered disabled state
[ 68.252180][ T5903] bridge_slave_1: entered allmulticast mode
[ 68.254659][ T5903] bridge_slave_1: entered promiscuous mode
[ 68.298898][ T5903] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 68.303305][ T5903] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 68.319956][ T5903] team0: Port device team_slave_0 added
[ 68.323097][ T5903] team0: Port device team_slave_1 added
[ 68.339194][ T5903] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 68.341311][ T5903] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 68.348797][ T5903] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 68.353882][ T5903] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 68.356207][ T5903] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 68.363512][ T5903] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 68.393697][ T5903] hsr_slave_0: entered promiscuous mode
[ 68.396207][ T5903] hsr_slave_1: entered promiscuous mode
[ 68.502238][ T5903] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 68.508303][ T5903] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 68.513740][ T5903] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 68.518302][ T5903] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 68.539289][ T5903] bridge0: port 2(bridge_slave_1) entered blocking state
[ 68.541641][ T5903] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 68.544321][ T5903] bridge0: port 1(bridge_slave_0) entered blocking state
[ 68.546475][ T5903] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 68.579906][ T5903] 8021q: adding VLAN 0 to HW filter on device bond0
[ 68.591192][ T4159] bridge0: port 1(bridge_slave_0) entered disabled state
[ 68.594371][ T4159] bridge0: port 2(bridge_slave_1) entered disabled state
[ 68.604963][ T5903] 8021q: adding VLAN 0 to HW filter on device team0
[ 68.612315][ T4159] bridge0: port 1(bridge_slave_0) entered blocking state
[ 68.614476][ T4159] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 68.626013][ T4159] bridge0: port 2(bridge_slave_1) entered blocking state
[ 68.628102][ T4159] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 68.721684][ T5903] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 68.746837][ T5903] veth0_vlan: entered promiscuous mode
[ 68.752142][ T5903] veth1_vlan: entered promiscuous mode
[ 68.770208][ T5903] veth0_macvtap: entered promiscuous mode
[ 68.774134][ T5903] veth1_macvtap: entered promiscuous mode
[ 68.784325][ T5903] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 68.791302][ T5903] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 68.799523][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.802233][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.804754][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.809102][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.881930][ T5903] syz-executor (5903) used greatest stack depth: 19784 bytes left
[ 68.896149][ T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 68.950886][ T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 69.038598][ T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 69.129334][ T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/01/22 17:06:58 executed programs: 0
[ 69.697584][ T5886] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 69.700287][ T5886] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 69.703112][ T5886] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 69.706538][ T5886] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 69.709868][ T5886] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 69.821809][ T5944] chnl_net:caif_netlink_parms(): no params data found
[ 69.922486][ T5944] bridge0: port 1(bridge_slave_0) entered blocking state
[ 69.925329][ T5944] bridge0: port 1(bridge_slave_0) entered disabled state
[ 69.927560][ T5944] bridge_slave_0: entered allmulticast mode
[ 69.930619][ T5944] bridge_slave_0: entered promiscuous mode
[ 69.934031][ T5944] bridge0: port 2(bridge_slave_1) entered blocking state
[ 69.936690][ T5944] bridge0: port 2(bridge_slave_1) entered disabled state
[ 69.938839][ T5944] bridge_slave_1: entered allmulticast mode
[ 69.941389][ T5944] bridge_slave_1: entered promiscuous mode
[ 69.958933][ T5944] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 69.963721][ T5944] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 69.984814][ T5944] team0: Port device team_slave_0 added
[ 69.988805][ T5944] team0: Port device team_slave_1 added
[ 70.004239][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 70.006589][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 70.013786][ T5944] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 70.018166][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 70.020134][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 70.027653][ T5944] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 70.053028][ T5944] hsr_slave_0: entered promiscuous mode
[ 70.055419][ T5944] hsr_slave_1: entered promiscuous mode
[ 70.057464][ T5944] debugfs: 'hsr0' already exists in 'hsr'
[ 70.059179][ T5944] Cannot create hsr debugfs directory
[ 71.726238][ T5886] Bluetooth: hci0: command tx timeout
[ 72.151300][ T13] bridge_slave_1: left allmulticast mode
[ 72.155339][ T13] bridge_slave_1: left promiscuous mode
[ 72.157418][ T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 72.167702][ T13] bridge_slave_0: left allmulticast mode
[ 72.169366][ T13] bridge_slave_0: left promiscuous mode
[ 72.171218][ T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 72.378235][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 72.382720][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 72.386586][ T13] bond0 (unregistering): Released all slaves
[ 72.473506][ T13] hsr_slave_0: left promiscuous mode
[ 72.480308][ T13] hsr_slave_1: left promiscuous mode
[ 72.482350][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 72.484643][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 72.496670][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 72.499440][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 72.523192][ T13] veth1_macvtap: left promiscuous mode
[ 72.527017][ T13] veth0_macvtap: left promiscuous mode
[ 72.529393][ T13] veth1_vlan: left promiscuous mode
[ 72.531480][ T13] veth0_vlan: left promiscuous mode
[ 72.777266][ T13] team0 (unregistering): Port device team_slave_1 removed
[ 72.793989][ T13] team0 (unregistering): Port device team_slave_0 removed
[ 73.124855][ T5944] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 73.131697][ T5944] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 73.139969][ T5944] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 73.146151][ T5944] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 73.220692][ T5944] 8021q: adding VLAN 0 to HW filter on device bond0
[ 73.238970][ T5944] 8021q: adding VLAN 0 to HW filter on device team0
[ 73.243877][ T4599] bridge0: port 1(bridge_slave_0) entered blocking state
[ 73.245983][ T4599] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 73.256569][ T4599] bridge0: port 2(bridge_slave_1) entered blocking state
[ 73.258690][ T4599] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 73.487915][ T5944] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 73.523975][ T5944] veth0_vlan: entered promiscuous mode
[ 73.539109][ T5944] veth1_vlan: entered promiscuous mode
[ 73.573213][ T5944] veth0_macvtap: entered promiscuous mode
[ 73.578070][ T5944] veth1_macvtap: entered promiscuous mode
[ 73.593162][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 73.600313][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 73.609078][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 73.616845][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 73.622015][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 73.627951][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 73.674036][ T4599] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 73.680885][ T4599] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 73.699193][ T4599] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 73.701430][ T4599] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 73.741189][ T5989] ==================================================================
[ 73.743541][ T5989] BUG: KASAN: invalid-free in mptcp_pm_nl_flush_addrs_doit+0x9a8/0xaa0
[ 73.745872][ T5989] Free of addr ffff88810b305b40 by task syz.0.17/5989
[ 73.747850][ T5989]
[ 73.748901][ T5989] CPU: 0 UID: 0 PID: 5989 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 73.748912][ T5989] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 73.748918][ T5989] Call Trace:
[ 73.748922][ T5989]
[ 73.748926][ T5989] dump_stack_lvl+0xe8/0x150
[ 73.748939][ T5989] print_report+0xba/0x230
[ 73.748949][ T5989] ? mptcp_pm_nl_flush_addrs_doit+0x9a8/0xaa0
[ 73.748960][ T5989] kasan_report_invalid_free+0xea/0x110
[ 73.748972][ T5989] ? mptcp_pm_nl_flush_addrs_doit+0x9a8/0xaa0
[ 73.748983][ T5989] ? mptcp_pm_nl_flush_addrs_doit+0x9a8/0xaa0
[ 73.748993][ T5989] check_slab_allocation+0xd5/0xf0
[ 73.749001][ T5989] ? mptcp_pm_nl_flush_addrs_doit+0x9a8/0xaa0
[ 73.749011][ T5989] kfree+0x16c/0x650
[ 73.749023][ T5989] mptcp_pm_nl_flush_addrs_doit+0x9a8/0xaa0
[ 73.749035][ T5989] ? __pfx_mptcp_pm_nl_flush_addrs_doit+0x10/0x10
[ 73.749045][ T5989] ? rcu_is_watching+0x15/0xb0
[ 73.749056][ T5989] ? __nla_parse+0x40/0x60
[ 73.749064][ T5989] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[ 73.749076][ T5989] genl_family_rcv_msg_doit+0x22a/0x330
[ 73.749087][ T5989] ? __asan_memcpy+0x40/0x70
[ 73.749099][ T5989] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 73.749112][ T5989] ? bpf_lsm_capable+0x9/0x20
[ 73.749122][ T5989] ? security_capable+0x7e/0x2c0
[ 73.749133][ T5989] genl_rcv_msg+0x61c/0x7a0
[ 73.749144][ T5989] ? __pfx_genl_rcv_msg+0x10/0x10
[ 73.749153][ T5989] ? __pfx_mptcp_pm_nl_flush_addrs_doit+0x10/0x10
[ 73.749164][ T5989] ? __pfx_ref_tracker_free+0x10/0x10
[ 73.749175][ T5989] ? __skb_clone+0x63/0x7a0
[ 73.749184][ T5989] netlink_rcv_skb+0x232/0x4b0
[ 73.749192][ T5989] ? __pfx_genl_rcv_msg+0x10/0x10
[ 73.749202][ T5989] ? __pfx_netlink_rcv_skb+0x10/0x10
[ 73.749208][ T5989] ? genl_rcv+0x19/0x40
[ 73.749220][ T5989] ? down_read+0x272/0x2e0
[ 73.749232][ T5989] ? genl_rcv+0xd/0x40
[ 73.749241][ T5989] genl_rcv+0x28/0x40
[ 73.749250][ T5989] netlink_unicast+0x80f/0x9b0
[ 73.749263][ T5989] ? __pfx_netlink_unicast+0x10/0x10
[ 73.749274][ T5989] ? __alloc_skb+0x193/0x390
[ 73.749285][ T5989] ? netlink_sendmsg+0x650/0xb40
[ 73.749292][ T5989] ? skb_put+0x11b/0x210
[ 73.749303][ T5989] netlink_sendmsg+0x813/0xb40
[ 73.749312][ T5989] ? __pfx_netlink_sendmsg+0x10/0x10
[ 73.749321][ T5989] ? aa_sock_msg_perm+0xf1/0x1b0
[ 73.749331][ T5989] ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 73.749338][ T5989] ? __pfx_netlink_sendmsg+0x10/0x10
[ 73.749346][ T5989] __sock_sendmsg+0x21c/0x270
[ 73.749356][ T5989] ____sys_sendmsg+0x4d7/0x810
[ 73.749368][ T5989] ? __might_fault+0xaf/0x130
[ 73.749381][ T5989] ? __pfx_____sys_sendmsg+0x10/0x10
[ 73.749394][ T5989] ? import_iovec+0x73/0xa0
[ 73.749403][ T5989] ___sys_sendmsg+0x2a5/0x360
[ 73.749415][ T5989] ? __pfx____sys_sendmsg+0x10/0x10
[ 73.749428][ T5989] ? futex_hash_put+0x4b/0x60
[ 73.749441][ T5989] ? futex_wake+0x4ac/0x580
[ 73.749457][ T5989] __x64_sys_sendmsg+0x1bd/0x2a0
[ 73.749469][ T5989] ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 73.749485][ T5989] do_syscall_64+0xe2/0xf80
[ 73.749496][ T5989] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.749504][ T5989] ? trace_irq_disable+0x37/0x100
[ 73.749516][ T5989] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.749523][ T5989] RIP: 0033:0x7f2488d9acb9
[ 73.749531][ T5989] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 73.749538][ T5989] RSP: 002b:00007ffc593deda8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 73.749548][ T5989] RAX: ffffffffffffffda RBX: 00007f2489015fa0 RCX: 00007f2488d9acb9
[ 73.749554][ T5989] RDX: 0000000000000800 RSI: 0000200000000200 RDI: 0000000000000003
[ 73.749559][ T5989] RBP: 00007f2488e08bf7 R08: 0000000000000000 R09: 0000000000000000
[ 73.749564][ T5989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 73.749569][ T5989] R13: 00007f2489015fac R14: 00007f2489015fa0 R15: 00007f2489015fa0
[ 73.749577][ T5989]
[ 73.749580][ T5989]
[ 73.805279][ T5886] Bluetooth: hci0: command tx timeout
[ 73.805493][ T5989] Allocated by task 5944:
[ 73.864684][ T5989] kasan_save_track+0x3e/0x80
[ 73.866010][ T5989] __kasan_kmalloc+0x93/0xb0
[ 73.867302][ T5989] __kmalloc_noprof+0x40c/0x7e0
[ 73.868696][ T5989] ops_init+0x7b/0x5c0
[ 73.869847][ T5989] setup_net+0x118/0x340
[ 73.871037][ T5989] copy_net_ns+0x3e2/0x570
[ 73.872330][ T5989] create_new_namespaces+0x3e7/0x6a0
[ 73.873790][ T5989] unshare_nsproxy_namespaces+0x11a/0x160
[ 73.875346][ T5989] ksys_unshare+0x4f4/0x900
[ 73.876623][ T5989] __x64_sys_unshare+0x38/0x50
[ 73.877961][ T5989] do_syscall_64+0xe2/0xf80
[ 73.879250][ T5989] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.880907][ T5989]
[ 73.881600][ T5989] The buggy address belongs to the object at ffff88810b305b00
[ 73.881600][ T5989] which belongs to the cache kmalloc-128 of size 128
[ 73.885447][ T5989] The buggy address is located 64 bytes inside of
[ 73.885447][ T5989] 120-byte region [ffff88810b305b00, ffff88810b305b78)
[ 73.889156][ T5989]
[ 73.889839][ T5989] The buggy address belongs to the physical page:
[ 73.891757][ T5989] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10b305
[ 73.894318][ T5989] anon flags: 0x17ff00000000000(node=0|zone=2|lastcpupid=0x7ff)
[ 73.896794][ T5989] page_type: f5(slab)
[ 73.898080][ T5989] raw: 017ff00000000000 ffff888100041a00 ffffea00044a5a80 0000000000000005
[ 73.900770][ T5989] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 73.903210][ T5989] page dumped because: kasan: bad access detected
[ 73.905272][ T5989] page_owner tracks the page as allocated
[ 73.907195][ T5989] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5279, tgid 5279 (udevd), ts 37034162370, free_ts 37027298103
[ 73.913236][ T5989] post_alloc_hook+0x228/0x280
[ 73.914908][ T5989] get_page_from_freelist+0x24dc/0x2580
[ 73.916595][ T5989] __alloc_frozen_pages_noprof+0x18d/0x380
[ 73.918229][ T5989] alloc_pages_mpol+0x232/0x4a0
[ 73.919626][ T5989] allocate_slab+0x86/0x3a0
[ 73.920967][ T5989] ___slab_alloc+0xd82/0x1760
[ 73.922353][ T5989] __slab_alloc+0x65/0x100
[ 73.923652][ T5989] __kmalloc_cache_noprof+0x40d/0x6e0
[ 73.925163][ T5989] kernfs_fop_open+0x7b5/0xca0
[ 73.926515][ T5989] do_dentry_open+0x7ce/0x1420
[ 73.927905][ T5989] vfs_open+0x3b/0x340
[ 73.929090][ T5989] path_openat+0x3486/0x3e20
[ 73.930432][ T5989] do_filp_open+0x22d/0x490
[ 73.931792][ T5989] do_sys_openat2+0x12f/0x220
[ 73.933190][ T5989] __x64_sys_openat+0x138/0x170
[ 73.934576][ T5989] do_syscall_64+0xe2/0xf80
[ 73.935910][ T5989] page last free pid 5285 tgid 5285 stack trace:
[ 73.937747][ T5989] __free_frozen_pages+0xbb0/0xd10
[ 73.939237][ T5989] __slab_free+0x2ce/0x320
[ 73.940544][ T5989] qlist_free_all+0x97/0x100
[ 73.941912][ T5989] kasan_quarantine_reduce+0x148/0x160
[ 73.943490][ T5989] __kasan_slab_alloc+0x22/0x80
[ 73.944928][ T5989] kmem_cache_alloc_noprof+0x370/0x6e0
[ 73.946499][ T5989] getname_flags+0xb7/0x540
[ 73.947799][ T5989] __x64_sys_unlink+0x3a/0x50
[ 73.949110][ T5989] do_syscall_64+0xe2/0xf80
[ 73.950372][ T5989] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.952020][ T5989]
[ 73.952705][ T5989] Memory state around the buggy address:
[ 73.954288][ T5989] ffff88810b305a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 73.956573][ T5989] ffff88810b305a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 73.958810][ T5989] >ffff88810b305b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 73.961027][ T5989] ^
[ 73.962744][ T5989] ffff88810b305b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 73.964991][ T5989] ffff88810b305c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 73.967243][ T5989] ==================================================================
[ 73.976136][ T5989] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 73.978202][ T5989] CPU: 0 UID: 0 PID: 5989 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 73.980729][ T5989] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 73.983514][ T5989] Call Trace:
[ 73.984487][ T5989]
[ 73.985336][ T5989] vpanic+0x1e0/0x670
[ 73.986452][ T5989] panic+0xc5/0xd0
[ 73.987523][ T5989] ? __pfx_panic+0x10/0x10
[ 73.988809][ T5989] ? preempt_schedule_thunk+0x16/0x30
[ 73.990288][ T5989] ? preempt_schedule_thunk+0x16/0x30
[ 73.991816][ T5989] check_panic_on_warn+0x89/0xb0
[ 73.993200][ T5989] end_report+0x6f/0x140
[ 73.994400][ T5989] ? mptcp_pm_nl_flush_addrs_doit+0x9a8/0xaa0
[ 73.996137][ T5989] kasan_report_invalid_free+0xfa/0x110
[ 73.997699][ T5989] ? mptcp_pm_nl_flush_addrs_doit+0x9a8/0xaa0
[ 73.999421][ T5989] ? mptcp_pm_nl_flush_addrs_doit+0x9a8/0xaa0
[ 74.001110][ T5989] check_slab_allocation+0xd5/0xf0
[ 74.002579][ T5989] ? mptcp_pm_nl_flush_addrs_doit+0x9a8/0xaa0
[ 74.004275][ T5989] kfree+0x16c/0x650
[ 74.005390][ T5989] mptcp_pm_nl_flush_addrs_doit+0x9a8/0xaa0
[ 74.007052][ T5989] ? __pfx_mptcp_pm_nl_flush_addrs_doit+0x10/0x10
[ 74.008860][ T5989] ? rcu_is_watching+0x15/0xb0
[ 74.010196][ T5989] ? __nla_parse+0x40/0x60
[ 74.011468][ T5989] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[ 74.013455][ T5989] genl_family_rcv_msg_doit+0x22a/0x330
[ 74.015478][ T5989] ? __asan_memcpy+0x40/0x70
[ 74.017197][ T5989] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 74.019428][ T5989] ? bpf_lsm_capable+0x9/0x20
[ 74.021139][ T5989] ? security_capable+0x7e/0x2c0
[ 74.022961][ T5989] genl_rcv_msg+0x61c/0x7a0
[ 74.024614][ T5989] ? __pfx_genl_rcv_msg+0x10/0x10
[ 74.026457][ T5989] ? __pfx_mptcp_pm_nl_flush_addrs_doit+0x10/0x10
[ 74.028748][ T5989] ? __pfx_ref_tracker_free+0x10/0x10
[ 74.030732][ T5989] ? __skb_clone+0x63/0x7a0
[ 74.032358][ T5989] netlink_rcv_skb+0x232/0x4b0
[ 74.034087][ T5989] ? __pfx_genl_rcv_msg+0x10/0x10
[ 74.035965][ T5989] ? __pfx_netlink_rcv_skb+0x10/0x10
[ 74.037899][ T5989] ? genl_rcv+0x19/0x40
[ 74.039445][ T5989] ? down_read+0x272/0x2e0
[ 74.041032][ T5989] ? genl_rcv+0xd/0x40
[ 74.042222][ T5989] genl_rcv+0x28/0x40
[ 74.043359][ T5989] netlink_unicast+0x80f/0x9b0
[ 74.044747][ T5989] ? __pfx_netlink_unicast+0x10/0x10
[ 74.046272][ T5989] ? __alloc_skb+0x193/0x390
[ 74.047587][ T5989] ? netlink_sendmsg+0x650/0xb40
[ 74.049003][ T5989] ? skb_put+0x11b/0x210
[ 74.050471][ T5989] netlink_sendmsg+0x813/0xb40
[ 74.052228][ T5989] ? __pfx_netlink_sendmsg+0x10/0x10
[ 74.054129][ T5989] ? aa_sock_msg_perm+0xf1/0x1b0
[ 74.055919][ T5989] ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 74.057675][ T5989] ? __pfx_netlink_sendmsg+0x10/0x10
[ 74.059367][ T5989] __sock_sendmsg+0x21c/0x270
[ 74.060830][ T5989] ____sys_sendmsg+0x4d7/0x810
[ 74.062456][ T5989] ? __might_fault+0xaf/0x130
[ 74.064185][ T5989] ? __pfx_____sys_sendmsg+0x10/0x10
[ 74.066075][ T5989] ? import_iovec+0x73/0xa0
[ 74.067731][ T5989] ___sys_sendmsg+0x2a5/0x360
[ 74.069432][ T5989] ? __pfx____sys_sendmsg+0x10/0x10
[ 74.071201][ T5989] ? futex_hash_put+0x4b/0x60
[ 74.072613][ T5989] ? futex_wake+0x4ac/0x580
[ 74.074083][ T5989] __x64_sys_sendmsg+0x1bd/0x2a0
[ 74.075591][ T5989] ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 74.077553][ T5989] do_syscall_64+0xe2/0xf80
[ 74.079198][ T5989] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 74.081164][ T5989] ? trace_irq_disable+0x37/0x100
[ 74.082768][ T5989] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 74.084430][ T5989] RIP: 0033:0x7f2488d9acb9
[ 74.085743][ T5989] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 74.091230][ T5989] RSP: 002b:00007ffc593deda8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 74.093925][ T5989] RAX: ffffffffffffffda RBX: 00007f2489015fa0 RCX: 00007f2488d9acb9
[ 74.096137][ T5989] RDX: 0000000000000800 RSI: 0000200000000200 RDI: 0000000000000003
[ 74.098568][ T5989] RBP: 00007f2488e08bf7 R08: 0000000000000000 R09: 0000000000000000
[ 74.101168][ T5989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 74.103393][ T5989] R13: 00007f2489015fac R14: 00007f2489015fa0 R15: 00007f2489015fa0
[ 74.105661][ T5989]
[ 74.107179][ T5989] Kernel Offset: disabled
[ 74.108434][ T5989] Rebooting in 86400 seconds..
VM DIAGNOSIS:
17:07:02 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000054 RBX=0000000000000054 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90003a36b90
R8 =ffff888106b68237 R9 =1ffff11020d6d046 R10=dffffc0000000000 R11=ffffffff852523c0
R12=dffffc0000000000 R13=ffffffff99dea9f1 R14=ffffffff9a0ff2a0 R15=0000000000000000
RIP=ffffffff8525243c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000555575b83500 ffffffff 00c00000
GS =0000 ffff88818e32a000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f2488c706c0 CR3=00000001bc412000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffffffffffff ffffffffffffffff
XMM02=ffffffffffffffff ffffffffffffffff XMM03=ffffffffffffffff ffffffffffffffff
XMM04=ff00000000000000 00000000000000ff XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 000000524f525245 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1
CPU#1
RAX=1ffff1102d71f2a4 RBX=ffffffff8b76bf25 RCX=ffffffff99daa400 RDX=0000000000000031
RSI=ffffffff8be73860 RDI=ffffffff8b76bf25 RBP=0000000000000001 RSP=ffffc900076b7890
R8 =ffff88823c642d17 R9 =1ffff110478c85a2 R10=dffffc0000000000 R11=ffffffff8b76bec0
R12=0000000000000001 R13=00000000000003e5 R14=ffff88816b8f9520 R15=dffffc0000000000
RIP=ffffffff8191cb99 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8882a992a000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007fff5decfc28 CR3=0000000112268000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=ffffffffffffffff ffff00ff00000000 XMM05=0000000000014610 0000000000003031
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=ffffffffff000000 ffffffffffff0000 XMM09=00000000000146c1 0000000000003031
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000