Warning: Permanently added '[localhost]:61666' (ED25519) to the list of known hosts.
2026/04/24 00:41:57 parsed 1 programs
syzkaller login: [   56.331391][ T5811] cgroup: Unknown subsys name 'net'
[   56.453970][ T5811] cgroup: Unknown subsys name 'cpuset'
[   56.457930][ T5811] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   58.167815][ T5811] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   60.610150][ T5819] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   61.036166][   T74] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.038676][   T74] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.081088][   T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.083593][   T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.496684][ T5876] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   62.499931][ T5876] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   62.503506][ T5876] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   62.506277][ T5876] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   62.508939][ T5876] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   62.848271][ T5886] chnl_net:caif_netlink_parms(): no params data found
[   62.920229][ T5886] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.923634][ T5886] bridge0: port 1(bridge_slave_0) entered disabled state
[   62.926506][ T5886] bridge_slave_0: entered allmulticast mode
[   62.929243][ T5886] bridge_slave_0: entered promiscuous mode
[   62.935669][ T5886] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.938234][ T5886] bridge0: port 2(bridge_slave_1) entered disabled state
[   62.940574][ T5886] bridge_slave_1: entered allmulticast mode
[   62.944400][ T5886] bridge_slave_1: entered promiscuous mode
[   62.971151][ T5886] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   62.977431][ T5886] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   63.000128][ T5886] team0: Port device team_slave_0 added
[   63.005546][ T5886] team0: Port device team_slave_1 added
[   63.025194][ T5886] batman_adv: batadv0: Adding interface: batadv_slave_0
[   63.027446][ T5886] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   63.036590][ T5886] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   63.064716][ T5886] batman_adv: batadv0: Adding interface: batadv_slave_1
[   63.066899][ T5886] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   63.074902][ T5886] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   63.102757][ T5886] hsr_slave_0: entered promiscuous mode
[   63.105608][ T5886] hsr_slave_1: entered promiscuous mode
[   63.218535][ T5886] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   63.226455][ T5886] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   63.230580][ T5886] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   63.235963][ T5886] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   63.290561][ T5886] 8021q: adding VLAN 0 to HW filter on device bond0
[   63.307404][ T5886] 8021q: adding VLAN 0 to HW filter on device team0
[   63.314688][   T74] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.317102][   T74] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.333879][   T74] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.336161][   T74] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.429199][ T5886] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.460051][ T5886] veth0_vlan: entered promiscuous mode
[   63.468005][ T5886] veth1_vlan: entered promiscuous mode
[   63.484755][ T5886] veth0_macvtap: entered promiscuous mode
[   63.489299][ T5886] veth1_macvtap: entered promiscuous mode
[   63.499857][ T5886] batman_adv: batadv0: Interface activated: batadv_slave_0
[   63.507907][ T5886] batman_adv: batadv0: Interface activated: batadv_slave_1
[   63.516284][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   63.520583][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   63.526872][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.530709][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   63.633708][ T5844] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   63.723493][ T5844] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   63.770408][ T5844] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   63.847411][ T5844] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/04/24 00:42:07 executed programs: 0
[   63.981023][ T5876] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   63.985615][ T5876] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   63.989404][ T5876] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   63.998593][ T5876] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   64.002810][ T5876] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   64.101159][ T5916] chnl_net:caif_netlink_parms(): no params data found
[   64.153906][ T5916] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.156852][ T5916] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.159118][ T5916] bridge_slave_0: entered allmulticast mode
[   64.162552][ T5916] bridge_slave_0: entered promiscuous mode
[   64.165752][ T5916] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.167982][ T5916] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.170256][ T5916] bridge_slave_1: entered allmulticast mode
[   64.173303][ T5916] bridge_slave_1: entered promiscuous mode
[   64.189964][ T5916] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.195723][ T5916] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.212487][ T5916] team0: Port device team_slave_0 added
[   64.215766][ T5916] team0: Port device team_slave_1 added
[   64.230473][ T5916] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.234559][ T5916] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   64.242590][ T5916] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.247463][ T5916] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.249647][ T5916] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   64.258290][ T5916] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.283458][ T5916] hsr_slave_0: entered promiscuous mode
[   64.285896][ T5916] hsr_slave_1: entered promiscuous mode
[   64.288046][ T5916] debugfs: 'hsr0' already exists in 'hsr'
[   64.289914][ T5916] Cannot create hsr debugfs directory
[   66.035686][   T55] Bluetooth: hci0: command tx timeout
[   66.748004][ T5844] bridge_slave_1: left allmulticast mode
[   66.750129][ T5844] bridge_slave_1: left promiscuous mode
[   66.753213][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.758873][ T5844] bridge_slave_0: left allmulticast mode
[   66.760643][ T5844] bridge_slave_0: left promiscuous mode
[   66.764593][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.886426][ T5844] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   66.891596][ T5844] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   66.895130][ T5844] bond0 (unregistering): Released all slaves
[   66.985426][ T5844] hsr_slave_0: left promiscuous mode
[   66.988690][ T5844] hsr_slave_1: left promiscuous mode
[   66.994604][ T5844] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   66.997063][ T5844] batman_adv: batadv0: Removing interface: batadv_slave_0
[   67.000574][ T5844] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   67.004133][ T5844] batman_adv: batadv0: Removing interface: batadv_slave_1
[   67.012047][ T5844] veth1_macvtap: left promiscuous mode
[   67.013978][ T5844] veth0_macvtap: left promiscuous mode
[   67.015753][ T5844] veth1_vlan: left promiscuous mode
[   67.019191][ T5844] veth0_vlan: left promiscuous mode
[   67.167851][ T5844] team0 (unregistering): Port device team_slave_1 removed
[   67.175090][ T5844] team0 (unregistering): Port device team_slave_0 removed
[   67.414815][ T5916] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   67.420801][ T5916] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   67.426734][ T5916] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   67.432285][ T5916] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   67.478781][ T5916] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.487485][ T5916] 8021q: adding VLAN 0 to HW filter on device team0
[   67.493979][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.496278][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.501744][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.504019][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.658805][ T5916] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.680116][ T5916] veth0_vlan: entered promiscuous mode
[   67.685590][ T5916] veth1_vlan: entered promiscuous mode
[   67.705206][ T5916] veth0_macvtap: entered promiscuous mode
[   67.709776][ T5916] veth1_macvtap: entered promiscuous mode
[   67.718094][ T5916] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.724762][ T5916] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.738890][ T5654] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.743189][ T5654] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.745885][ T5654] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.748508][ T5654] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.784375][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.786901][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.802749][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.805817][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.111531][   T55] Bluetooth: hci0: command tx timeout
2026/04/24 00:42:12 executed programs: 19
[   70.193189][   T55] Bluetooth: hci0: command tx timeout
[   72.274786][   T55] Bluetooth: hci0: command tx timeout
2026/04/24 00:42:17 executed programs: 93
[   76.594163][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[   76.596479][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
2026/04/24 00:42:22 executed programs: 171
2026/04/24 00:42:27 executed programs: 248
[   85.091632][ T6738] ==================================================================
[   85.094241][ T6738] BUG: KASAN: slab-use-after-free in netlink_dump_done+0x54d/0x890
[   85.096728][ T6738] Read of size 4 at addr ffff8881bb35b9b4 by task syz.0.279/6738
[   85.099666][ T6738] 
[   85.100457][ T6738] CPU: 0 UID: 0 PID: 6738 Comm: syz.0.279 Not tainted syzkaller #0 PREEMPT(full) 
[   85.100467][ T6738] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   85.100471][ T6738] Call Trace:
[   85.100476][ T6738]  <TASK>
[   85.100480][ T6738]  dump_stack_lvl+0xe8/0x150
[   85.100494][ T6738]  print_address_description+0x55/0x1e0
[   85.100504][ T6738]  ? netlink_dump_done+0x54d/0x890
[   85.100513][ T6738]  print_report+0x58/0x70
[   85.100521][ T6738]  kasan_report+0x117/0x150
[   85.100531][ T6738]  ? netlink_dump_done+0x54d/0x890
[   85.100541][ T6738]  netlink_dump_done+0x54d/0x890
[   85.100551][ T6738]  ? __alloc_skb+0x4e5/0x7d0
[   85.100561][ T6738]  netlink_dump+0xacb/0xf40
[   85.100571][ T6738]  ? __pfx_netlink_dump+0x10/0x10
[   85.100581][ T6738]  ? kmem_cache_free+0x189/0x630
[   85.100589][ T6738]  ? netlink_recvmsg+0x5d6/0xa50
[   85.100598][ T6738]  netlink_recvmsg+0x690/0xa50
[   85.100608][ T6738]  ? __pfx_netlink_recvmsg+0x10/0x10
[   85.100617][ T6738]  ? __pfx___futex_wait+0x10/0x10
[   85.100627][ T6738]  ? aa_sock_msg_perm+0xf1/0x1b0
[   85.100637][ T6738]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[   85.100645][ T6738]  ? security_socket_recvmsg+0x7e/0x2c0
[   85.100652][ T6738]  ? __pfx_netlink_recvmsg+0x10/0x10
[   85.100660][ T6738]  sock_recvmsg+0x172/0x1b0
[   85.100669][ T6738]  sock_read_iter+0x251/0x320
[   85.100677][ T6738]  ? __pfx_sock_read_iter+0x10/0x10
[   85.100685][ T6738]  ? bpf_lsm_file_permission+0x9/0x20
[   85.100694][ T6738]  ? security_file_permission+0x75/0x260
[   85.100703][ T6738]  vfs_read+0x582/0xa70
[   85.100713][ T6738]  ? __pfx_vfs_read+0x10/0x10
[   85.100723][ T6738]  ? __fget_files+0x2a/0x420
[   85.100731][ T6738]  ksys_read+0x150/0x270
[   85.100739][ T6738]  ? __pfx_ksys_read+0x10/0x10
[   85.100748][ T6738]  do_syscall_64+0x14d/0xf80
[   85.100758][ T6738]  ? trace_irq_disable+0x3b/0x150
[   85.100769][ T6738]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.100776][ T6738]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.100783][ T6738] RIP: 0033:0x7fb5eaf9c819
[   85.100792][ T6738] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.100798][ T6738] RSP: 002b:00007fb5ebe08028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   85.100807][ T6738] RAX: ffffffffffffffda RBX: 00007fb5eb215fa0 RCX: 00007fb5eaf9c819
[   85.100812][ T6738] RDX: 000000000000009b RSI: 00002000000003c0 RDI: 0000000000000004
[   85.100816][ T6738] RBP: 00007fb5eb032c91 R08: 0000000000000000 R09: 0000000000000000
[   85.100821][ T6738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.100825][ T6738] R13: 00007fb5eb216038 R14: 00007fb5eb215fa0 R15: 00007ffc181c9c68
[   85.100832][ T6738]  </TASK>
[   85.100835][ T6738] 
[   85.191224][ T6738] Allocated by task 6739:
[   85.192623][ T6738]  kasan_save_track+0x3e/0x80
[   85.194103][ T6738]  __kasan_slab_alloc+0x6c/0x80
[   85.195632][ T6738]  kmem_cache_alloc_node_noprof+0x384/0x690
[   85.197416][ T6738]  __alloc_skb+0x1d0/0x7d0
[   85.198800][ T6738]  netlink_sendmsg+0x5d4/0xb40
[   85.200289][ T6738]  ____sys_sendmsg+0x972/0x9f0
[   85.201789][ T6738]  ___sys_sendmsg+0x2a5/0x360
[   85.203297][ T6738]  __x64_sys_sendmsg+0x1bd/0x2a0
[   85.204815][ T6738]  do_syscall_64+0x14d/0xf80
[   85.206257][ T6738]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.208316][ T6738] 
[   85.209240][ T6738] Freed by task 6739:
[   85.210466][ T6738]  kasan_save_track+0x3e/0x80
[   85.211974][ T6738]  kasan_save_free_info+0x46/0x50
[   85.213517][ T6738]  __kasan_slab_free+0x5c/0x80
[   85.214994][ T6738]  kmem_cache_free+0x189/0x630
[   85.216765][ T6738]  netlink_unicast+0x817/0x9b0
[   85.218558][ T6738]  netlink_sendmsg+0x813/0xb40
[   85.220165][ T6738]  ____sys_sendmsg+0x972/0x9f0
[   85.221622][ T6738]  ___sys_sendmsg+0x2a5/0x360
[   85.223081][ T6738]  __x64_sys_sendmsg+0x1bd/0x2a0
[   85.224610][ T6738]  do_syscall_64+0x14d/0xf80
[   85.226030][ T6738]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.227848][ T6738] 
[   85.228588][ T6738] The buggy address belongs to the object at ffff8881bb35b980
[   85.228588][ T6738]  which belongs to the cache skbuff_head_cache of size 240
[   85.233204][ T6738] The buggy address is located 52 bytes inside of
[   85.233204][ T6738]  freed 240-byte region [ffff8881bb35b980, ffff8881bb35ba70)
[   85.237230][ T6738] 
[   85.237954][ T6738] The buggy address belongs to the physical page:
[   85.239952][ T6738] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8881bb35b200 pfn:0x1bb35a
[   85.243528][ T6738] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   85.246302][ T6738] flags: 0x57ff00000000240(workingset|head|node=1|zone=2|lastcpupid=0x7ff)
[   85.249172][ T6738] page_type: f5(slab)
[   85.250426][ T6738] raw: 057ff00000000240 ffff888160417a00 ffff88816041db88 ffffea0005cae210
[   85.253202][ T6738] raw: ffff8881bb35b200 000000080015000f 00000000f5000000 0000000000000000
[   85.255871][ T6738] head: 057ff00000000240 ffff888160417a00 ffff88816041db88 ffffea0005cae210
[   85.258560][ T6738] head: ffff8881bb35b200 000000080015000f 00000000f5000000 0000000000000000
[   85.261552][ T6738] head: 057ff00000000001 ffffffffffffff81 00000000ffffffff 00000000ffffffff
[   85.264204][ T6738] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   85.266848][ T6738] page dumped because: kasan: bad access detected
[   85.268862][ T6738] page_owner tracks the page as allocated
[   85.270634][ T6738] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5552, tgid 5552 (dhcpcd), ts 37959428622, free_ts 37819349212
[   85.276890][ T6738]  post_alloc_hook+0x231/0x280
[   85.278380][ T6738]  get_page_from_freelist+0x24ba/0x2540
[   85.280039][ T6738]  __alloc_frozen_pages_noprof+0x18d/0x380
[   85.281836][ T6738]  allocate_slab+0x77/0x660
[   85.283294][ T6738]  refill_objects+0x331/0x3c0
[   85.284720][ T6738]  __pcs_replace_empty_main+0x2e6/0x730
[   85.286408][ T6738]  kmem_cache_alloc_node_noprof+0x441/0x690
[   85.288199][ T6738]  __alloc_skb+0x1d0/0x7d0
[   85.289552][ T6738]  alloc_skb_with_frags+0xc8/0x760
[   85.291092][ T6738]  sock_alloc_send_pskb+0x878/0x990
[   85.292721][ T6738]  unix_dgram_sendmsg+0x460/0x18e0
[   85.294305][ T6738]  sock_write_iter+0x49b/0x4f0
[   85.295757][ T6738]  do_iter_readv_writev+0x619/0x8c0
[   85.297354][ T6738]  vfs_writev+0x33c/0x990
[   85.298883][ T6738]  do_writev+0x154/0x2e0
[   85.300381][ T6738]  do_syscall_64+0x14d/0xf80
[   85.301898][ T6738] page last free pid 5552 tgid 5552 stack trace:
[   85.303829][ T6738]  __free_frozen_pages+0xbc7/0xd30
[   85.305498][ T6738]  __mmdrop+0xb5/0x750
[   85.306735][ T6738]  finish_task_switch+0x449/0x920
[   85.308293][ T6738]  __schedule+0x15e5/0x52d0
[   85.309704][ T6738]  schedule+0x164/0x360
[   85.310967][ T6738]  schedule_hrtimeout_range_clock+0x1e7/0x320
[   85.312900][ T6738]  poll_schedule_timeout+0xd0/0x1a0
[   85.314533][ T6738]  do_sys_poll+0x7e8/0x1120
[   85.315932][ T6738]  __se_sys_ppoll+0x209/0x2b0
[   85.317356][ T6738]  do_syscall_64+0x14d/0xf80
[   85.318770][ T6738]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.320643][ T6738] 
[   85.321477][ T6738] Memory state around the buggy address:
[   85.323336][ T6738]  ffff8881bb35b880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[   85.325863][ T6738]  ffff8881bb35b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   85.328326][ T6738] >ffff8881bb35b980: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   85.330913][ T6738]                                      ^
[   85.332774][ T6738]  ffff8881bb35ba00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[   85.335432][ T6738]  ffff8881bb35ba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   85.338167][ T6738] ==================================================================
[   85.341861][ T6738] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   85.344147][ T6738] CPU: 0 UID: 0 PID: 6738 Comm: syz.0.279 Not tainted syzkaller #0 PREEMPT(full) 
[   85.347362][ T6738] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   85.350836][ T6738] Call Trace:
[   85.351964][ T6738]  <TASK>
[   85.352916][ T6738]  vpanic+0x56c/0xa60
[   85.354283][ T6738]  ? __pfx_vpanic+0x10/0x10
[   85.355761][ T6738]  panic+0xc5/0xd0
[   85.356924][ T6738]  ? __pfx_panic+0x10/0x10
[   85.358353][ T6738]  ? preempt_schedule_thunk+0x16/0x30
[   85.359981][ T6738]  ? preempt_schedule_thunk+0x16/0x30
[   85.361660][ T6738]  ? netlink_dump_done+0x54d/0x890
[   85.363311][ T6738]  check_panic_on_warn+0x89/0xb0
[   85.364852][ T6738]  ? netlink_dump_done+0x54d/0x890
[   85.366599][ T6738]  end_report+0x73/0x180
[   85.368148][ T6738]  ? netlink_dump_done+0x54d/0x890
[   85.369747][ T6738]  kasan_report+0x128/0x150
[   85.371463][ T6738]  ? netlink_dump_done+0x54d/0x890
[   85.373210][ T6738]  netlink_dump_done+0x54d/0x890
[   85.374819][ T6738]  ? __alloc_skb+0x4e5/0x7d0
[   85.376250][ T6738]  netlink_dump+0xacb/0xf40
[   85.377623][ T6738]  ? __pfx_netlink_dump+0x10/0x10
[   85.379159][ T6738]  ? kmem_cache_free+0x189/0x630
[   85.380627][ T6738]  ? netlink_recvmsg+0x5d6/0xa50
[   85.382167][ T6738]  netlink_recvmsg+0x690/0xa50
[   85.383624][ T6738]  ? __pfx_netlink_recvmsg+0x10/0x10
[   85.385272][ T6738]  ? __pfx___futex_wait+0x10/0x10
[   85.386796][ T6738]  ? aa_sock_msg_perm+0xf1/0x1b0
[   85.388308][ T6738]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[   85.389891][ T6738]  ? security_socket_recvmsg+0x7e/0x2c0
[   85.391648][ T6738]  ? __pfx_netlink_recvmsg+0x10/0x10
[   85.393436][ T6738]  sock_recvmsg+0x172/0x1b0
[   85.394833][ T6738]  sock_read_iter+0x251/0x320
[   85.396297][ T6738]  ? __pfx_sock_read_iter+0x10/0x10
[   85.397872][ T6738]  ? bpf_lsm_file_permission+0x9/0x20
[   85.399510][ T6738]  ? security_file_permission+0x75/0x260
[   85.401249][ T6738]  vfs_read+0x582/0xa70
[   85.402510][ T6738]  ? __pfx_vfs_read+0x10/0x10
[   85.403979][ T6738]  ? __fget_files+0x2a/0x420
[   85.405423][ T6738]  ksys_read+0x150/0x270
[   85.406709][ T6738]  ? __pfx_ksys_read+0x10/0x10
[   85.408192][ T6738]  do_syscall_64+0x14d/0xf80
[   85.409606][ T6738]  ? trace_irq_disable+0x3b/0x150
[   85.411301][ T6738]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.413180][ T6738]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.415018][ T6738] RIP: 0033:0x7fb5eaf9c819
[   85.416445][ T6738] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.422326][ T6738] RSP: 002b:00007fb5ebe08028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   85.424912][ T6738] RAX: ffffffffffffffda RBX: 00007fb5eb215fa0 RCX: 00007fb5eaf9c819
[   85.427528][ T6738] RDX: 000000000000009b RSI: 00002000000003c0 RDI: 0000000000000004
[   85.430300][ T6738] RBP: 00007fb5eb032c91 R08: 0000000000000000 R09: 0000000000000000
[   85.432716][ T6738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.435083][ T6738] R13: 00007fb5eb216038 R14: 00007fb5eb215fa0 R15: 00007ffc181c9c68
[   85.437517][ T6738]  </TASK>
[   85.439147][ T6738] Kernel Offset: disabled
[   85.440432][ T6738] Rebooting in 86400 seconds..

VM DIAGNOSIS:
00:42:28  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000062 RBX=0000000000000062 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc9000697f170
R8 =ffff88810a538237 R9 =1ffff110214a7046 R10=dffffc0000000000 R11=ffffffff853ecc90
R12=dffffc0000000000 R13=ffffffff9a2b4a7d R14=ffffffff9a5cc900 R15=0000000000000000
RIP=ffffffff853ecd0c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fb5ebe086c0 ffffffff 00c00000
GS =0000 ffff88818de62000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fb5ebde7d58 CR3=000000016eea4000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 00007fb5ebd4d560
XMM02=00007fb5eb1ec5e8 00007fb5eb1ec618 XMM03=00007fb5eb1ec600 00007fb5eb1ec5e0
XMM04=00007fb5ebd4d020 00007fb5eb1ec5c0 XMM05=00007fb5eb1ec5d0 00007fb5eb1ec610
XMM06=00007fb5eb1ec5f8 00007fb5eb1ec5c8 XMM07=00007fb5eb1ec600 00007fb5eb1ec5e0
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=00000000000704cf RBX=ffffffff819a857a RCX=0000000080000001 RDX=0000000000000001
RSI=ffffffff8defca20 RDI=ffffffff8c27f880 RBP=ffffc90000197f10 RSP=ffffc90000197e20
R8 =ffff88823c63399b R9 =1ffff110478c6733 R10=dffffc0000000000 R11=ffffed10478c6734
R12=0000000000000001 R13=1ffff1102c155000 R14=0000000000000001 R15=1ffff1102c155000
RIP=ffffffff8bac3e9f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8882a9462000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fb5ebde6ff8 CR3=000000010e264000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffffffffffff ffffffffffffffff
XMM02=0000000000000000 0000000000000000 XMM03=ffffffffffffffff ffffffffffffffff
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000