Warning: Permanently added '[localhost]:32155' (ED25519) to the list of known hosts.
2026/03/08 07:35:14 parsed 1 programs
syzkaller login: [ 62.922908][ T5810] cgroup: Unknown subsys name 'net'
[ 63.050086][ T5810] cgroup: Unknown subsys name 'cpuset'
[ 63.055959][ T5810] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 64.374117][ T5810] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 66.018081][ T5819] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 67.645773][ T5878] chnl_net:caif_netlink_parms(): no params data found
[ 67.697299][ T5878] bridge0: port 1(bridge_slave_0) entered blocking state
[ 67.699567][ T5878] bridge0: port 1(bridge_slave_0) entered disabled state
[ 67.701784][ T5878] bridge_slave_0: entered allmulticast mode
[ 67.705212][ T5878] bridge_slave_0: entered promiscuous mode
[ 67.708933][ T5878] bridge0: port 2(bridge_slave_1) entered blocking state
[ 67.711437][ T5878] bridge0: port 2(bridge_slave_1) entered disabled state
[ 67.713783][ T5878] bridge_slave_1: entered allmulticast mode
[ 67.716330][ T5878] bridge_slave_1: entered promiscuous mode
[ 67.731697][ T5878] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 67.736397][ T5878] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 67.774378][ T5878] team0: Port device team_slave_0 added
[ 67.777369][ T5878] team0: Port device team_slave_1 added
[ 67.791032][ T5878] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 67.793424][ T5878] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 67.801231][ T5878] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 67.805875][ T5878] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 67.808063][ T5878] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 67.816617][ T5878] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 67.841671][ T5878] hsr_slave_0: entered promiscuous mode
[ 67.844242][ T5878] hsr_slave_1: entered promiscuous mode
[ 67.936060][ T5878] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 67.943015][ T5878] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 67.947001][ T5878] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 67.951803][ T5878] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 67.996446][ T5878] 8021q: adding VLAN 0 to HW filter on device bond0
[ 68.010647][ T5878] 8021q: adding VLAN 0 to HW filter on device team0
[ 68.017878][ T1095] bridge0: port 1(bridge_slave_0) entered blocking state
[ 68.020334][ T1095] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 68.029251][ T1095] bridge0: port 2(bridge_slave_1) entered blocking state
[ 68.031591][ T1095] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 68.131092][ T5878] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 68.160670][ T5878] veth0_vlan: entered promiscuous mode
[ 68.170689][ T5878] veth1_vlan: entered promiscuous mode
[ 68.189149][ T5878] veth0_macvtap: entered promiscuous mode
[ 68.194653][ T5878] veth1_macvtap: entered promiscuous mode
[ 68.206044][ T5878] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 68.213158][ T5878] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 68.221432][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.225875][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.229631][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.233463][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.358641][ T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 68.368873][ T5902] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 68.372059][ T5902] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 68.375158][ T5902] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 68.379184][ T5902] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 68.383499][ T5902] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 68.425536][ T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 68.479971][ T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 68.559717][ T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 68.628835][ T32] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 68.632041][ T32] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 68.654216][ T480] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 68.656795][ T480] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2026/03/08 07:35:22 executed programs: 0
[ 69.062798][ T56] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 69.066934][ T56] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 69.070453][ T56] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 69.074028][ T56] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 69.076645][ T56] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 69.172878][ T5916] chnl_net:caif_netlink_parms(): no params data found
[ 69.220399][ T5916] bridge0: port 1(bridge_slave_0) entered blocking state
[ 69.222921][ T5916] bridge0: port 1(bridge_slave_0) entered disabled state
[ 69.226361][ T5916] bridge_slave_0: entered allmulticast mode
[ 69.230039][ T5916] bridge_slave_0: entered promiscuous mode
[ 69.235114][ T5916] bridge0: port 2(bridge_slave_1) entered blocking state
[ 69.238139][ T5916] bridge0: port 2(bridge_slave_1) entered disabled state
[ 69.240832][ T5916] bridge_slave_1: entered allmulticast mode
[ 69.244987][ T5916] bridge_slave_1: entered promiscuous mode
[ 69.271437][ T5916] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 69.276862][ T5916] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 69.294774][ T5916] team0: Port device team_slave_0 added
[ 69.298657][ T5916] team0: Port device team_slave_1 added
[ 69.328071][ T5916] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 69.330689][ T5916] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 69.340476][ T5916] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 69.345226][ T5916] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 69.347514][ T5916] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 69.355994][ T5916] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 69.390047][ T5916] hsr_slave_0: entered promiscuous mode
[ 69.393586][ T5916] hsr_slave_1: entered promiscuous mode
[ 69.396517][ T5916] debugfs: 'hsr0' already exists in 'hsr'
[ 69.398854][ T5916] Cannot create hsr debugfs directory
[ 71.084787][ T5902] Bluetooth: hci0: command tx timeout
[ 71.611393][ T13] bridge_slave_1: left allmulticast mode
[ 71.618356][ T13] bridge_slave_1: left promiscuous mode
[ 71.621419][ T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 71.629187][ T13] bridge_slave_0: left allmulticast mode
[ 71.631552][ T13] bridge_slave_0: left promiscuous mode
[ 71.635123][ T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 71.794313][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 71.800438][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 71.805868][ T13] bond0 (unregistering): Released all slaves
[ 71.913111][ T13] hsr_slave_0: left promiscuous mode
[ 71.915992][ T13] hsr_slave_1: left promiscuous mode
[ 71.918784][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 71.921707][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 71.926412][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 71.928782][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 71.953868][ T13] veth1_macvtap: left promiscuous mode
[ 71.955685][ T13] veth0_macvtap: left promiscuous mode
[ 71.957654][ T13] veth1_vlan: left promiscuous mode
[ 71.959369][ T13] veth0_vlan: left promiscuous mode
[ 72.141891][ T13] team0 (unregistering): Port device team_slave_1 removed
[ 72.158030][ T13] team0 (unregistering): Port device team_slave_0 removed
[ 72.475848][ T5916] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 72.483850][ T5916] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 72.489885][ T5916] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 72.498837][ T5916] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 72.587626][ T5916] 8021q: adding VLAN 0 to HW filter on device bond0
[ 72.596408][ T5916] 8021q: adding VLAN 0 to HW filter on device team0
[ 72.608078][ T83] bridge0: port 1(bridge_slave_0) entered blocking state
[ 72.610717][ T83] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 72.624815][ T83] bridge0: port 2(bridge_slave_1) entered blocking state
[ 72.627282][ T83] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 72.824527][ T5916] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 72.855978][ T5916] veth0_vlan: entered promiscuous mode
[ 72.872786][ T5916] veth1_vlan: entered promiscuous mode
[ 72.885495][ T5916] veth0_macvtap: entered promiscuous mode
[ 72.889169][ T5916] veth1_macvtap: entered promiscuous mode
[ 72.897159][ T5916] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 72.905527][ T5916] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 72.924817][ T5924] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 72.927581][ T5924] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 72.931741][ T5924] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 72.938627][ T5924] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 72.978814][ T83] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 72.983360][ T83] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 73.007755][ T32] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 73.011283][ T32] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 73.038742][ T5954] ==================================================================
[ 73.041594][ T5954] BUG: KASAN: slab-out-of-bounds in devlink_nl_dumpit+0x2a4/0x410
[ 73.044172][ T5954] Read of size 8 at addr ffff88810a48eab0 by task syz.0.17/5954
[ 73.047437][ T5954]
[ 73.048300][ T5954] CPU: 0 UID: 0 PID: 5954 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 73.048317][ T5954] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 73.048322][ T5954] Call Trace:
[ 73.048326][ T5954]
[ 73.048330][ T5954] dump_stack_lvl+0xe8/0x150
[ 73.048343][ T5954] print_report+0xba/0x230
[ 73.048351][ T5954] ? devlink_nl_dumpit+0x2a4/0x410
[ 73.048364][ T5954] kasan_report+0x117/0x150
[ 73.048375][ T5954] ? devlink_nl_dumpit+0x2a4/0x410
[ 73.048385][ T5954] devlink_nl_dumpit+0x2a4/0x410
[ 73.048395][ T5954] ? __pfx_devlink_nl_selftests_get_dump_one+0x10/0x10
[ 73.048404][ T5954] genl_dumpit+0x10b/0x1b0
[ 73.048413][ T5954] netlink_dump+0x722/0xe80
[ 73.048424][ T5954] ? __pfx_netlink_dump+0x10/0x10
[ 73.048437][ T5954] ? genl_start+0x499/0x6c0
[ 73.048444][ T5954] __netlink_dump_start+0x5cb/0x7e0
[ 73.048454][ T5954] genl_family_rcv_msg_dumpit+0x213/0x310
[ 73.048462][ T5954] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[ 73.048469][ T5954] ? genl_get_cmd+0x523/0x9b0
[ 73.048476][ T5954] ? __pfx_genl_start+0x10/0x10
[ 73.048482][ T5954] ? __pfx_genl_dumpit+0x10/0x10
[ 73.048488][ T5954] ? __pfx_genl_done+0x10/0x10
[ 73.048496][ T5954] genl_rcv_msg+0x5e8/0x7a0
[ 73.048504][ T5954] ? __pfx_genl_rcv_msg+0x10/0x10
[ 73.048510][ T5954] ? __pfx_devlink_nl_selftests_get_dumpit+0x10/0x10
[ 73.048517][ T5954] ? __lock_acquire+0x6b5/0x2cf0
[ 73.048528][ T5954] netlink_rcv_skb+0x232/0x4b0
[ 73.048536][ T5954] ? __pfx_genl_rcv_msg+0x10/0x10
[ 73.048543][ T5954] ? __pfx_netlink_rcv_skb+0x10/0x10
[ 73.048554][ T5954] ? down_read+0x272/0x2e0
[ 73.048561][ T5954] ? genl_rcv+0xd/0x40
[ 73.048567][ T5954] genl_rcv+0x28/0x40
[ 73.048573][ T5954] netlink_unicast+0x80f/0x9b0
[ 73.048583][ T5954] ? __pfx_netlink_unicast+0x10/0x10
[ 73.048591][ T5954] ? netlink_sendmsg+0x650/0xb40
[ 73.048599][ T5954] ? skb_put+0x11b/0x210
[ 73.048609][ T5954] netlink_sendmsg+0x813/0xb40
[ 73.048620][ T5954] ? __pfx_netlink_sendmsg+0x10/0x10
[ 73.048629][ T5954] ? aa_sock_msg_perm+0xf1/0x1b0
[ 73.048638][ T5954] ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 73.048647][ T5954] ____sys_sendmsg+0x972/0x9f0
[ 73.048655][ T5954] ? __pfx_____sys_sendmsg+0x10/0x10
[ 73.048662][ T5954] ? import_iovec+0x73/0xa0
[ 73.048673][ T5954] ___sys_sendmsg+0x2a5/0x360
[ 73.048684][ T5954] ? __pfx____sys_sendmsg+0x10/0x10
[ 73.048695][ T5954] ? futex_hash_put+0x4b/0x60
[ 73.048706][ T5954] ? futex_wake+0x4ac/0x580
[ 73.048731][ T5954] __x64_sys_sendmsg+0x1bd/0x2a0
[ 73.048743][ T5954] ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 73.048758][ T5954] do_syscall_64+0x14d/0xf80
[ 73.048771][ T5954] ? trace_irq_disable+0x3b/0x150
[ 73.048787][ T5954] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.048802][ T5954] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.048813][ T5954] RIP: 0033:0x7f6bf799c799
[ 73.048824][ T5954] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 73.048834][ T5954] RSP: 002b:00007fff4b3c0b38 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 73.048843][ T5954] RAX: ffffffffffffffda RBX: 00007f6bf7c15fa0 RCX: 00007f6bf799c799
[ 73.048849][ T5954] RDX: 0000000000000000 RSI: 0000200000001780 RDI: 0000000000000003
[ 73.048853][ T5954] RBP: 00007f6bf7a32bd9 R08: 0000000000000000 R09: 0000000000000000
[ 73.048857][ T5954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 73.048862][ T5954] R13: 00007f6bf7c15fac R14: 00007f6bf7c15fa0 R15: 00007f6bf7c15fa0
[ 73.048869][ T5954]
[ 73.048872][ T5954]
[ 73.168555][ T5954] Allocated by task 5954:
[ 73.170044][ T5954] kasan_save_track+0x3e/0x80
[ 73.171594][ T5954] __kasan_kmalloc+0x93/0xb0
[ 73.173063][ T5954] __kmalloc_noprof+0x35c/0x760
[ 73.174525][ T5954] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[ 73.176456][ T5954] genl_start+0x180/0x6c0
[ 73.177853][ T5954] __netlink_dump_start+0x469/0x7e0
[ 73.179477][ T5954] genl_family_rcv_msg_dumpit+0x213/0x310
[ 73.181360][ T5954] genl_rcv_msg+0x5e8/0x7a0
[ 73.183095][ T5954] netlink_rcv_skb+0x232/0x4b0
[ 73.184638][ T5954] genl_rcv+0x28/0x40
[ 73.185999][ T5954] netlink_unicast+0x80f/0x9b0
[ 73.187678][ T5954] netlink_sendmsg+0x813/0xb40
[ 73.189283][ T5954] ____sys_sendmsg+0x972/0x9f0
[ 73.191165][ T5954] ___sys_sendmsg+0x2a5/0x360
[ 73.192948][ T5902] Bluetooth: hci0: command tx timeout
[ 73.193114][ T5954] __x64_sys_sendmsg+0x1bd/0x2a0
[ 73.197063][ T5954] do_syscall_64+0x14d/0xf80
[ 73.199003][ T5954] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.201422][ T5954]
[ 73.202428][ T5954] The buggy address belongs to the object at ffff88810a48eaa0
[ 73.202428][ T5954] which belongs to the cache kmalloc-16 of size 16
[ 73.207726][ T5954] The buggy address is located 0 bytes to the right of
[ 73.207726][ T5954] allocated 16-byte region [ffff88810a48eaa0, ffff88810a48eab0)
[ 73.213405][ T5954]
[ 73.214434][ T5954] The buggy address belongs to the physical page:
[ 73.216731][ T5954] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10a48e
[ 73.219849][ T5954] flags: 0x17ff00000000000(node=0|zone=2|lastcpupid=0x7ff)
[ 73.222587][ T5954] page_type: f5(slab)
[ 73.224253][ T5954] raw: 017ff00000000000 ffff888100041640 dead000000000100 dead000000000122
[ 73.227611][ T5954] raw: 0000000000000000 0000000800800080 00000000f5000000 0000000000000000
[ 73.230938][ T5954] page dumped because: kasan: bad access detected
[ 73.233557][ T5954] page_owner tracks the page as allocated
[ 73.235910][ T5954] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 11308983860, free_ts 11289885463
[ 73.243605][ T5954] register_dummy_stack+0x98/0x100
[ 73.245747][ T5954] init_page_owner+0x2e/0x600
[ 73.247704][ T5954] page_ext_init+0x500/0x540
[ 73.249529][ T5954] mm_core_init+0x51/0x70
[ 73.251281][ T5954] page last free pid 1 tgid 1 stack trace:
[ 73.253618][ T5954] __free_frozen_pages+0xc2b/0xdb0
[ 73.255734][ T5954] __kasan_populate_vmalloc+0x137/0x1d0
[ 73.257916][ T5954] alloc_vmap_area+0xd73/0x14b0
[ 73.259901][ T5954] __get_vm_area_node+0x1f8/0x300
[ 73.261993][ T5954] get_vm_area_caller+0x82/0xb0
[ 73.263996][ T5954] __ioremap_caller+0x3d7/0x620
[ 73.266006][ T5954] pcim_iomap+0xde/0x2b0
[ 73.267786][ T5954] ahci_init_one+0x99e/0x34b0
[ 73.269267][ T5954] pci_device_probe+0x41a/0xc70
[ 73.270835][ T5954] really_probe+0x267/0xaf0
[ 73.272323][ T5954] __driver_probe_device+0x18c/0x320
[ 73.274186][ T5954] driver_probe_device+0x4f/0x240
[ 73.275852][ T5954] __driver_attach+0x3e7/0x710
[ 73.277374][ T5954] bus_for_each_dev+0x23b/0x2c0
[ 73.279075][ T5954] bus_add_driver+0x345/0x670
[ 73.280709][ T5954] driver_register+0x23a/0x320
[ 73.282351][ T5954]
[ 73.283270][ T5954] Memory state around the buggy address:
[ 73.285010][ T5954] ffff88810a48e980: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc
[ 73.287673][ T5954] ffff88810a48ea00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 73.290122][ T5954] >ffff88810a48ea80: fa fb fc fc 00 00 fc fc 00 06 fc fc 00 00 fc fc
[ 73.292534][ T5954] ^
[ 73.294263][ T5954] ffff88810a48eb00: fa fb fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc
[ 73.296679][ T5954] ffff88810a48eb80: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 73.299364][ T5954] ==================================================================
[ 73.316612][ T5954] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 73.318904][ T5954] CPU: 0 UID: 0 PID: 5954 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 73.321863][ T5954] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 73.325055][ T5954] Call Trace:
[ 73.326087][ T5954]
[ 73.327012][ T5954] vpanic+0x56c/0xa60
[ 73.328247][ T5954] ? __pfx_vpanic+0x10/0x10
[ 73.329614][ T5954] panic+0xc5/0xd0
[ 73.330730][ T5954] ? __pfx_panic+0x10/0x10
[ 73.332080][ T5954] ? preempt_schedule_thunk+0x16/0x30
[ 73.333717][ T5954] ? preempt_schedule_thunk+0x16/0x30
[ 73.335313][ T5954] ? devlink_nl_dumpit+0x2a4/0x410
[ 73.336832][ T5954] check_panic_on_warn+0x89/0xb0
[ 73.338406][ T5954] ? devlink_nl_dumpit+0x2a4/0x410
[ 73.340130][ T5954] end_report+0x73/0x180
[ 73.341648][ T5954] ? devlink_nl_dumpit+0x2a4/0x410
[ 73.343342][ T5954] kasan_report+0x128/0x150
[ 73.344970][ T5954] ? devlink_nl_dumpit+0x2a4/0x410
[ 73.346714][ T5954] devlink_nl_dumpit+0x2a4/0x410
[ 73.348425][ T5954] ? __pfx_devlink_nl_selftests_get_dump_one+0x10/0x10
[ 73.350672][ T5954] genl_dumpit+0x10b/0x1b0
[ 73.352083][ T5954] netlink_dump+0x722/0xe80
[ 73.353565][ T5954] ? __pfx_netlink_dump+0x10/0x10
[ 73.355152][ T5954] ? genl_start+0x499/0x6c0
[ 73.356655][ T5954] __netlink_dump_start+0x5cb/0x7e0
[ 73.358483][ T5954] genl_family_rcv_msg_dumpit+0x213/0x310
[ 73.360654][ T5954] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[ 73.363118][ T5954] ? genl_get_cmd+0x523/0x9b0
[ 73.364781][ T5954] ? __pfx_genl_start+0x10/0x10
[ 73.366533][ T5954] ? __pfx_genl_dumpit+0x10/0x10
[ 73.368422][ T5954] ? __pfx_genl_done+0x10/0x10
[ 73.370135][ T5954] genl_rcv_msg+0x5e8/0x7a0
[ 73.371946][ T5954] ? __pfx_genl_rcv_msg+0x10/0x10
[ 73.373786][ T5954] ? __pfx_devlink_nl_selftests_get_dumpit+0x10/0x10
[ 73.376301][ T5954] ? __lock_acquire+0x6b5/0x2cf0
[ 73.378306][ T5954] netlink_rcv_skb+0x232/0x4b0
[ 73.380250][ T5954] ? __pfx_genl_rcv_msg+0x10/0x10
[ 73.382250][ T5954] ? __pfx_netlink_rcv_skb+0x10/0x10
[ 73.384278][ T5954] ? down_read+0x272/0x2e0
[ 73.385999][ T5954] ? genl_rcv+0xd/0x40
[ 73.387604][ T5954] genl_rcv+0x28/0x40
[ 73.389155][ T5954] netlink_unicast+0x80f/0x9b0
[ 73.391063][ T5954] ? __pfx_netlink_unicast+0x10/0x10
[ 73.393138][ T5954] ? netlink_sendmsg+0x650/0xb40
[ 73.395086][ T5954] ? skb_put+0x11b/0x210
[ 73.396750][ T5954] netlink_sendmsg+0x813/0xb40
[ 73.398350][ T5954] ? __pfx_netlink_sendmsg+0x10/0x10
[ 73.400060][ T5954] ? aa_sock_msg_perm+0xf1/0x1b0
[ 73.401594][ T5954] ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 73.403194][ T5954] ____sys_sendmsg+0x972/0x9f0
[ 73.404731][ T5954] ? __pfx_____sys_sendmsg+0x10/0x10
[ 73.406437][ T5954] ? import_iovec+0x73/0xa0
[ 73.407879][ T5954] ___sys_sendmsg+0x2a5/0x360
[ 73.409384][ T5954] ? __pfx____sys_sendmsg+0x10/0x10
[ 73.411011][ T5954] ? futex_hash_put+0x4b/0x60
[ 73.412506][ T5954] ? futex_wake+0x4ac/0x580
[ 73.413920][ T5954] __x64_sys_sendmsg+0x1bd/0x2a0
[ 73.415448][ T5954] ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 73.417110][ T5954] do_syscall_64+0x14d/0xf80
[ 73.418570][ T5954] ? trace_irq_disable+0x3b/0x150
[ 73.420106][ T5954] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.421938][ T5954] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.423755][ T5954] RIP: 0033:0x7f6bf799c799
[ 73.425151][ T5954] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 73.431862][ T5954] RSP: 002b:00007fff4b3c0b38 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 73.434403][ T5954] RAX: ffffffffffffffda RBX: 00007f6bf7c15fa0 RCX: 00007f6bf799c799
[ 73.436908][ T5954] RDX: 0000000000000000 RSI: 0000200000001780 RDI: 0000000000000003
[ 73.439628][ T5954] RBP: 00007f6bf7a32bd9 R08: 0000000000000000 R09: 0000000000000000
[ 73.442160][ T5954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 73.444710][ T5954] R13: 00007f6bf7c15fac R14: 00007f6bf7c15fa0 R15: 00007f6bf7c15fa0
[ 73.447205][ T5954]
[ 73.448947][ T5954] Kernel Offset: disabled
[ 73.450330][ T5954] Rebooting in 86400 seconds..
VM DIAGNOSIS:
07:35:27 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000065 RBX=0000000000000065 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc900041b6ab0
R8 =ffff88816b098237 R9 =1ffff1102d613046 R10=dffffc0000000000 R11=ffffffff85404920
R12=dffffc0000000000 R13=ffffffff9a2b1a63 R14=ffffffff9a5c98e0 R15=0000000000000000
RIP=ffffffff8540499c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000555568455500 ffffffff 00c00000
GS =0000 ffff88818de65000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000000140 CR3=0000000111c0a000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffffffffffff ffffffffffffffff
XMM02=ffffffffffffffff ffffffffffffffff XMM03=ffffffffffffffff ffffffffffffffff
XMM04=ff00000000000000 00000000000000ff XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 000000524f525245 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1
CPU#1
RAX=0000000000043571 RBX=ffffffff819a88ed RCX=0000000080000001 RDX=0000000000000001
RSI=ffffffff8def7e4e RDI=ffffffff8c27b200 RBP=ffffc90000197f10 RSP=ffffc90000197e20
R8 =ffff88823c63395b R9 =1ffff110478c672b R10=dffffc0000000000 R11=ffffed10478c672c
R12=ffffffff901141b0 R13=1ffff1102c096000 R14=0000000000000001 R15=0000000000000001
RIP=ffffffff8baeae9f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8882a9465000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00005623f54ebcf8 CR3=000000016beaa000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=ffffffffffffffff ffff00ff00000000 XMM05=0000000000000036 0000000000003030
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=ffffffffffffff00 ffffffffffff0000 XMM09=6c6c696b66722f36 7968702f31313230
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000