Warning: Permanently added '[localhost]:36335' (ED25519) to the list of known hosts.
2025/10/14 19:15:04 parsed 1 programs
syzkaller login: [ 60.980316][ T5817] cgroup: Unknown subsys name 'net'
[ 61.121998][ T5817] cgroup: Unknown subsys name 'cpuset'
[ 61.127374][ T5817] cgroup: Unknown subsys name 'rlimit'
[ 63.108311][ T5817] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 66.245567][ T5827] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 66.265468][ T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 66.270137][ T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 66.314719][ T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 66.318851][ T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 67.448540][ T5203] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 67.452561][ T5203] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 67.463099][ T5203] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 67.466636][ T5203] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 67.471205][ T5203] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 67.580866][ T5868] chnl_net:caif_netlink_parms(): no params data found
[ 67.836746][ T5868] bridge0: port 1(bridge_slave_0) entered blocking state
[ 67.843933][ T5868] bridge0: port 1(bridge_slave_0) entered disabled state
[ 67.846687][ T5868] bridge_slave_0: entered allmulticast mode
[ 67.850425][ T5868] bridge_slave_0: entered promiscuous mode
[ 67.881768][ T5868] bridge0: port 2(bridge_slave_1) entered blocking state
[ 67.884143][ T5868] bridge0: port 2(bridge_slave_1) entered disabled state
[ 67.886915][ T5868] bridge_slave_1: entered allmulticast mode
[ 67.897816][ T5868] bridge_slave_1: entered promiscuous mode
[ 68.009694][ T5868] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 68.016423][ T5868] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 68.085533][ T5868] team0: Port device team_slave_0 added
[ 68.099524][ T5868] team0: Port device team_slave_1 added
[ 68.138547][ T5868] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 68.140614][ T5868] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 68.169481][ T5868] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 68.173889][ T5868] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 68.187617][ T5868] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 68.197989][ T5868] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 68.272432][ T5868] hsr_slave_0: entered promiscuous mode
[ 68.275036][ T5868] hsr_slave_1: entered promiscuous mode
[ 68.610060][ T5868] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 68.621399][ T5868] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 68.626418][ T5868] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 68.631117][ T5868] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 68.744070][ T5868] 8021q: adding VLAN 0 to HW filter on device bond0
[ 68.757278][ T5868] 8021q: adding VLAN 0 to HW filter on device team0
[ 68.763476][ T40] bridge0: port 1(bridge_slave_0) entered blocking state
[ 68.765771][ T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 68.803081][ T40] bridge0: port 2(bridge_slave_1) entered blocking state
[ 68.805205][ T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 68.829544][ T5868] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 68.924681][ T5868] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 68.951600][ T5868] veth0_vlan: entered promiscuous mode
[ 68.960853][ T5868] veth1_vlan: entered promiscuous mode
[ 68.980743][ T5868] veth0_macvtap: entered promiscuous mode
[ 68.985032][ T5868] veth1_macvtap: entered promiscuous mode
[ 68.996087][ T5868] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 69.005178][ T5868] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 69.013390][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 69.016901][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 69.020962][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 69.024618][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2025/10/14 19:15:14 executed programs: 0
[ 69.123320][ T57] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 69.126067][ T57] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 69.130680][ T57] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 69.133219][ T57] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 69.135600][ T57] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 69.165577][ T5203] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 69.168635][ T5203] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 69.171369][ T5203] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 69.173980][ T5203] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 69.176340][ T5203] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 69.201033][ T57] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 69.203830][ T57] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 69.209395][ T57] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 69.213351][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 69.228487][ T57] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 69.231338][ T57] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 69.346985][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 69.413804][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 69.532427][ T5924] chnl_net:caif_netlink_parms(): no params data found
[ 69.594930][ T5927] chnl_net:caif_netlink_parms(): no params data found
[ 69.614213][ T5924] bridge0: port 1(bridge_slave_0) entered blocking state
[ 69.617132][ T5924] bridge0: port 1(bridge_slave_0) entered disabled state
[ 69.623415][ T5924] bridge_slave_0: entered allmulticast mode
[ 69.627177][ T5924] bridge_slave_0: entered promiscuous mode
[ 69.639177][ T5929] chnl_net:caif_netlink_parms(): no params data found
[ 69.653725][ T5924] bridge0: port 2(bridge_slave_1) entered blocking state
[ 69.655988][ T5924] bridge0: port 2(bridge_slave_1) entered disabled state
[ 69.658605][ T5924] bridge_slave_1: entered allmulticast mode
[ 69.661217][ T5924] bridge_slave_1: entered promiscuous mode
[ 69.704160][ T5924] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 69.712070][ T5924] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 69.748096][ T5927] bridge0: port 1(bridge_slave_0) entered blocking state
[ 69.750421][ T5927] bridge0: port 1(bridge_slave_0) entered disabled state
[ 69.752701][ T5927] bridge_slave_0: entered allmulticast mode
[ 69.755422][ T5927] bridge_slave_0: entered promiscuous mode
[ 69.760092][ T5927] bridge0: port 2(bridge_slave_1) entered blocking state
[ 69.762494][ T5927] bridge0: port 2(bridge_slave_1) entered disabled state
[ 69.764687][ T5927] bridge_slave_1: entered allmulticast mode
[ 69.767441][ T5927] bridge_slave_1: entered promiscuous mode
[ 69.783839][ T5924] team0: Port device team_slave_0 added
[ 69.809020][ T5924] team0: Port device team_slave_1 added
[ 69.811580][ T5929] bridge0: port 1(bridge_slave_0) entered blocking state
[ 69.814591][ T5929] bridge0: port 1(bridge_slave_0) entered disabled state
[ 69.817709][ T5929] bridge_slave_0: entered allmulticast mode
[ 69.821595][ T5929] bridge_slave_0: entered promiscuous mode
[ 69.856629][ T5929] bridge0: port 2(bridge_slave_1) entered blocking state
[ 69.859926][ T5929] bridge0: port 2(bridge_slave_1) entered disabled state
[ 69.862113][ T5929] bridge_slave_1: entered allmulticast mode
[ 69.864988][ T5929] bridge_slave_1: entered promiscuous mode
[ 69.877285][ T5927] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 69.880650][ T5924] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 69.883505][ T5924] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 69.894257][ T5924] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 69.900768][ T5924] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 69.903510][ T5924] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 69.913440][ T5924] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 69.928536][ T5927] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 69.940033][ T5929] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 69.944974][ T5929] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 69.984909][ T5927] team0: Port device team_slave_0 added
[ 70.001996][ T5929] team0: Port device team_slave_0 added
[ 70.005231][ T5927] team0: Port device team_slave_1 added
[ 70.020906][ T5929] team0: Port device team_slave_1 added
[ 70.027443][ T5924] hsr_slave_0: entered promiscuous mode
[ 70.030974][ T5924] hsr_slave_1: entered promiscuous mode
[ 70.033246][ T5924] debugfs: 'hsr0' already exists in 'hsr'
[ 70.035028][ T5924] Cannot create hsr debugfs directory
[ 70.062374][ T5927] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 70.064529][ T5927] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 70.073322][ T5927] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 70.087392][ T5929] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 70.090632][ T5929] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 70.099395][ T5929] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 70.103286][ T5927] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 70.105510][ T5927] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 70.114540][ T5927] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 70.132217][ T5929] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 70.134285][ T5929] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 70.142833][ T5929] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 70.182823][ T5927] hsr_slave_0: entered promiscuous mode
[ 70.185667][ T5927] hsr_slave_1: entered promiscuous mode
[ 70.187705][ T5927] debugfs: 'hsr0' already exists in 'hsr'
[ 70.189718][ T5927] Cannot create hsr debugfs directory
[ 70.223834][ T5929] hsr_slave_0: entered promiscuous mode
[ 70.226474][ T5929] hsr_slave_1: entered promiscuous mode
[ 70.229300][ T5929] debugfs: 'hsr0' already exists in 'hsr'
[ 70.230989][ T5929] Cannot create hsr debugfs directory
[ 70.435678][ T5924] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 70.439932][ T5924] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 70.444274][ T5924] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 70.449523][ T5924] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 70.497156][ T5924] 8021q: adding VLAN 0 to HW filter on device bond0
[ 70.508772][ T5924] 8021q: adding VLAN 0 to HW filter on device team0
[ 70.515268][ T1092] bridge0: port 1(bridge_slave_0) entered blocking state
[ 70.517893][ T1092] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 70.527581][ T40] bridge0: port 2(bridge_slave_1) entered blocking state
[ 70.530462][ T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 70.657477][ T5924] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 70.681899][ T5924] veth0_vlan: entered promiscuous mode
[ 70.686773][ T5924] veth1_vlan: entered promiscuous mode
[ 70.705661][ T5924] veth0_macvtap: entered promiscuous mode
[ 70.711078][ T5924] veth1_macvtap: entered promiscuous mode
[ 70.724183][ T5924] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 70.730896][ T5924] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 70.736963][ T5949] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 70.740909][ T5949] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 70.747461][ T5949] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 70.750981][ T5949] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 70.784541][ T55] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 70.786972][ T55] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 70.805966][ T55] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 70.809660][ T55] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 70.832465][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 71.218799][ T57] Bluetooth: hci1: command tx timeout
[ 71.218854][ T5203] Bluetooth: hci0: command tx timeout
[ 71.235023][ T5965] ==================================================================
[ 71.238072][ T5965] BUG: KASAN: use-after-free in pmd_set_huge+0xd8/0x340
[ 71.240766][ T5965] Read of size 8 at addr ffff888100efa960 by task syz.0.20/5965
[ 71.244533][ T5965]
[ 71.245495][ T5965] CPU: 1 UID: 0 PID: 5965 Comm: syz.0.20 Not tainted syzkaller #0 PREEMPT(full)
[ 71.245509][ T5965] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 71.245515][ T5965] Call Trace:
[ 71.245521][ T5965]
[ 71.245526][ T5965] dump_stack_lvl+0x189/0x250
[ 71.245541][ T5965] ? __kasan_check_byte+0x12/0x40
[ 71.245555][ T5965] ? __pfx_dump_stack_lvl+0x10/0x10
[ 71.245567][ T5965] ? lock_release+0x4b/0x3e0
[ 71.245577][ T5965] ? __virt_addr_valid+0x4a5/0x5c0
[ 71.245590][ T5965] print_report+0xca/0x240
[ 71.245603][ T5965] ? pmd_set_huge+0xd8/0x340
[ 71.245613][ T5965] kasan_report+0x118/0x150
[ 71.245624][ T5965] ? pmd_set_huge+0xd8/0x340
[ 71.245637][ T5965] pmd_set_huge+0xd8/0x340
[ 71.245649][ T5965] ? __pfx_pmd_set_huge+0x10/0x10
[ 71.245664][ T5965] ? pmd_free_pte_page+0xa1/0xc0
[ 71.245675][ T5965] vmap_range_noflush+0x7b3/0xf80
[ 71.245692][ T5965] ? preempt_schedule_thunk+0x16/0x30
[ 71.245707][ T5965] __vmap_pages_range_noflush+0xd31/0xf30
[ 71.245723][ T5965] ? mod_memcg_page_state+0x28/0x5c0
[ 71.245735][ T5965] ? mod_memcg_page_state+0x28/0x5c0
[ 71.245749][ T5965] ? mod_memcg_page_state+0x343/0x5c0
[ 71.245761][ T5965] __vmalloc_node_range_noprof+0xe8c/0x12d0
[ 71.245781][ T5965] ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 71.245794][ T5965] ? nf_tables_newset+0x1330/0x2540
[ 71.245808][ T5965] ? rcu_is_watching+0x15/0xb0
[ 71.245819][ T5965] ? nf_tables_newset+0x1330/0x2540
[ 71.245851][ T5965] __kvmalloc_node_noprof+0x674/0x910
[ 71.245866][ T5965] ? nf_tables_newset+0x1330/0x2540
[ 71.245877][ T5965] ? nft_set_lookup+0x128/0x150
[ 71.245891][ T5965] ? nft_hash_privsize+0x9f/0xf0
[ 71.245902][ T5965] nf_tables_newset+0x1330/0x2540
[ 71.245917][ T5965] ? __pfx_nf_tables_newset+0x10/0x10
[ 71.245933][ T5965] ? __nla_parse+0x40/0x60
[ 71.245947][ T5965] nfnetlink_rcv+0x11d9/0x2590
[ 71.245968][ T5965] ? __pfx_nfnetlink_rcv+0x10/0x10
[ 71.245986][ T5965] ? ref_tracker_free+0x63a/0x7d0
[ 71.246003][ T5965] ? __netlink_deliver_tap+0x807/0x850
[ 71.246015][ T5965] ? netlink_deliver_tap+0x2e/0x1b0
[ 71.246028][ T5965] netlink_unicast+0x82f/0x9e0
[ 71.246044][ T5965] ? __pfx_netlink_unicast+0x10/0x10
[ 71.246058][ T5965] ? netlink_sendmsg+0x642/0xb30
[ 71.246068][ T5965] ? skb_put+0x11b/0x210
[ 71.246079][ T5965] netlink_sendmsg+0x805/0xb30
[ 71.246091][ T5965] ? __pfx_netlink_sendmsg+0x10/0x10
[ 71.246103][ T5965] ? aa_sock_msg_perm+0xf1/0x1d0
[ 71.246122][ T5965] ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 71.246133][ T5965] ? __pfx_netlink_sendmsg+0x10/0x10
[ 71.246143][ T5965] __sock_sendmsg+0x21c/0x270
[ 71.246157][ T5965] ____sys_sendmsg+0x505/0x830
[ 71.246170][ T5965] ? __pfx_____sys_sendmsg+0x10/0x10
[ 71.246182][ T5965] ? import_iovec+0x74/0xa0
[ 71.246194][ T5965] ___sys_sendmsg+0x21f/0x2a0
[ 71.246205][ T5965] ? __pfx____sys_sendmsg+0x10/0x10
[ 71.246223][ T5965] ? __fget_files+0x2a/0x420
[ 71.246232][ T5965] ? __fget_files+0x3a0/0x420
[ 71.246242][ T5965] __x64_sys_sendmsg+0x19b/0x260
[ 71.246255][ T5965] ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 71.246269][ T5965] ? do_syscall_64+0xbe/0xfa0
[ 71.246282][ T5965] do_syscall_64+0xfa/0xfa0
[ 71.246294][ T5965] ? lockdep_hardirqs_on+0x9c/0x150
[ 71.246304][ T5965] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 71.246315][ T5965] ? exc_page_fault+0xab/0x100
[ 71.246326][ T5965] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 71.246335][ T5965] RIP: 0033:0x7fc5fff8eec9
[ 71.246346][ T5965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 71.246354][ T5965] RSP: 002b:00007fc600ecb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 71.246365][ T5965] RAX: ffffffffffffffda RBX: 00007fc6001e5fa0 RCX: 00007fc5fff8eec9
[ 71.246374][ T5965] RDX: 0000000004008100 RSI: 00002000000000c0 RDI: 0000000000000003
[ 71.246380][ T5965] RBP: 00007fc600011f91 R08: 0000000000000000 R09: 0000000000000000
[ 71.246386][ T5965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 71.246392][ T5965] R13: 00007fc6001e6038 R14: 00007fc6001e5fa0 R15: 00007ffed63a0428
[ 71.246403][ T5965]
[ 71.246407][ T5965]
[ 71.401941][ T5965] The buggy address belongs to the physical page:
[ 71.404379][ T5965] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100efa
[ 71.407639][ T5965] flags: 0x17ff00000000000(node=0|zone=2|lastcpupid=0x7ff)
[ 71.410392][ T5965] raw: 017ff00000000000 ffffea0004772f88 ffff88823c6403a0 0000000000000000
[ 71.413750][ T5965] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 71.417041][ T5965] page dumped because: kasan: bad access detected
[ 71.419546][ T5965] page_owner tracks the page as freed
[ 71.421666][ T5965] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40100(__GFP_ZERO|__GFP_COMP), pid 0, tgid 0 (swapper/0), ts 1659724794, free_ts 71235002142
[ 71.427736][ T5965] post_alloc_hook+0x240/0x2a0
[ 71.429589][ T5965] get_page_from_freelist+0x2365/0x2440
[ 71.431774][ T5965] __alloc_frozen_pages_noprof+0x181/0x370
[ 71.434096][ T5965] alloc_pages_mpol+0x232/0x4a0
[ 71.436009][ T5965] alloc_pages_noprof+0xa9/0x190
[ 71.437961][ T5965] __pmd_alloc+0x3a/0x5d0
[ 71.439668][ T5965] __vmap_pages_range_noflush+0x9cc/0xf30
[ 71.441940][ T5965] vmap+0x1ca/0x310
[ 71.443400][ T5965] irq_init_percpu_irqstack+0x342/0x4a0
[ 71.445519][ T5965] init_IRQ+0x15c/0x1c0
[ 71.447169][ T5965] start_kernel+0x1cd/0x410
[ 71.448982][ T5965] x86_64_start_reservations+0x24/0x30
[ 71.451074][ T5965] x86_64_start_kernel+0x143/0x1c0
[ 71.453077][ T5965] common_startup_64+0x13e/0x147
[ 71.455059][ T5965] page last free pid 5965 tgid 5964 stack trace:
[ 71.457511][ T5965] __free_frozen_pages+0xbc4/0xd30
[ 71.459535][ T5965] pmd_free_pte_page+0xa1/0xc0
[ 71.461325][ T5965] vmap_range_noflush+0x774/0xf80
[ 71.463214][ T5965] __vmap_pages_range_noflush+0xd31/0xf30
[ 71.465412][ T5965] __vmalloc_node_range_noprof+0xe8c/0x12d0
[ 71.467705][ T5965] __kvmalloc_node_noprof+0x674/0x910
[ 71.469753][ T5965] nf_tables_newset+0x1330/0x2540
[ 71.471727][ T5965] nfnetlink_rcv+0x11d9/0x2590
[ 71.473601][ T5965] netlink_unicast+0x82f/0x9e0
[ 71.475445][ T5965] netlink_sendmsg+0x805/0xb30
[ 71.477324][ T5965] __sock_sendmsg+0x21c/0x270
[ 71.479190][ T5965] ____sys_sendmsg+0x505/0x830
[ 71.480990][ T5965] ___sys_sendmsg+0x21f/0x2a0
[ 71.482785][ T5965] __x64_sys_sendmsg+0x19b/0x260
[ 71.484725][ T5965] do_syscall_64+0xfa/0xfa0
[ 71.486497][ T5965] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 71.488753][ T5965]
[ 71.489709][ T5965] Memory state around the buggy address:
[ 71.491906][ T5965] ffff888100efa800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 71.494764][ T5965] ffff888100efa880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 71.497802][ T5965] >ffff888100efa900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 71.500763][ T5965] ^
[ 71.503487][ T5965] ffff888100efa980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 71.506585][ T5965] ffff888100efaa00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 71.509627][ T5965] ==================================================================
[ 71.513865][ T5838] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100efa
[ 71.517477][ T5838] flags: 0x17ff00000000000(node=0|zone=2|lastcpupid=0x7ff)
[ 71.520514][ T5838] raw: 017ff00000000000 ffffc900047d79e0 ffffc900047d79e0 0000000000000000
[ 71.524382][ T5838] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 71.527785][ T5838] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)
[ 71.530955][ T5838] page_owner tracks the page as freed
[ 71.533143][ T5838] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40100(__GFP_ZERO|__GFP_COMP), pid 0, tgid 0 (swapper/0), ts 1659724794, free_ts 71235002142
[ 71.539943][ T5838] post_alloc_hook+0x240/0x2a0
[ 71.541783][ T5838] get_page_from_freelist+0x2365/0x2440
[ 71.544035][ T5838] __alloc_frozen_pages_noprof+0x181/0x370
[ 71.544183][ T5965] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 71.544195][ T5965] CPU: 0 UID: 0 PID: 5965 Comm: syz.0.20 Not tainted syzkaller #0 PREEMPT(full)
[ 71.544207][ T5965] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 71.544213][ T5965] Call Trace:
[ 71.544232][ T5965]
[ 71.544238][ T5965] dump_stack_lvl+0x99/0x250
[ 71.544251][ T5965] ? __asan_memcpy+0x40/0x70
[ 71.544264][ T5965] ? __pfx_dump_stack_lvl+0x10/0x10
[ 71.544273][ T5965] ? __pfx__printk+0x10/0x10
[ 71.544285][ T5965] vpanic+0x237/0x6d0
[ 71.544297][ T5965] ? __pfx_vpanic+0x10/0x10
[ 71.544308][ T5965] ? preempt_schedule+0xae/0xc0
[ 71.544319][ T5965] ? __pfx_preempt_schedule+0x10/0x10
[ 71.544330][ T5965] panic+0xb9/0xc0
[ 71.544341][ T5965] ? __pfx_panic+0x10/0x10
[ 71.544353][ T5965] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 71.544366][ T5965] ? pmd_set_huge+0xd8/0x340
[ 71.544377][ T5965] check_panic_on_warn+0x89/0xb0
[ 71.544389][ T5965] ? pmd_set_huge+0xd8/0x340
[ 71.544400][ T5965] end_report+0x78/0x160
[ 71.544408][ T5965] kasan_report+0x129/0x150
[ 71.544417][ T5965] ? pmd_set_huge+0xd8/0x340
[ 71.544429][ T5965] pmd_set_huge+0xd8/0x340
[ 71.544441][ T5965] ? __pfx_pmd_set_huge+0x10/0x10
[ 71.544453][ T5965] ? pmd_free_pte_page+0xa1/0xc0
[ 71.544465][ T5965] vmap_range_noflush+0x7b3/0xf80
[ 71.544479][ T5965] ? preempt_schedule_thunk+0x16/0x30
[ 71.544493][ T5965] __vmap_pages_range_noflush+0xd31/0xf30
[ 71.544507][ T5965] ? mod_memcg_page_state+0x28/0x5c0
[ 71.544519][ T5965] ? mod_memcg_page_state+0x28/0x5c0
[ 71.544531][ T5965] ? mod_memcg_page_state+0x343/0x5c0
[ 71.544543][ T5965] __vmalloc_node_range_noprof+0xe8c/0x12d0
[ 71.544561][ T5965] ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 71.544573][ T5965] ? nf_tables_newset+0x1330/0x2540
[ 71.544586][ T5965] ? rcu_is_watching+0x15/0xb0
[ 71.544596][ T5965] ? nf_tables_newset+0x1330/0x2540
[ 71.544607][ T5965] __kvmalloc_node_noprof+0x674/0x910
[ 71.544620][ T5965] ? nf_tables_newset+0x1330/0x2540
[ 71.544632][ T5965] ? nft_set_lookup+0x128/0x150
[ 71.544644][ T5965] ? nft_hash_privsize+0x9f/0xf0
[ 71.544655][ T5965] nf_tables_newset+0x1330/0x2540
[ 71.544668][ T5965] ? __pfx_nf_tables_newset+0x10/0x10
[ 71.544684][ T5965] ? __nla_parse+0x40/0x60
[ 71.544697][ T5965] nfnetlink_rcv+0x11d9/0x2590
[ 71.544718][ T5965] ? __pfx_nfnetlink_rcv+0x10/0x10
[ 71.544733][ T5965] ? ref_tracker_free+0x63a/0x7d0
[ 71.544751][ T5965] ? __netlink_deliver_tap+0x807/0x850
[ 71.544762][ T5965] ? netlink_deliver_tap+0x2e/0x1b0
[ 71.544774][ T5965] netlink_unicast+0x82f/0x9e0
[ 71.544789][ T5965] ? __pfx_netlink_unicast+0x10/0x10
[ 71.544802][ T5965] ? netlink_sendmsg+0x642/0xb30
[ 71.544811][ T5965] ? skb_put+0x11b/0x210
[ 71.544844][ T5965] netlink_sendmsg+0x805/0xb30
[ 71.544857][ T5965] ? __pfx_netlink_sendmsg+0x10/0x10
[ 71.544867][ T5965] ? aa_sock_msg_perm+0xf1/0x1d0
[ 71.544880][ T5965] ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 71.544890][ T5965] ? __pfx_netlink_sendmsg+0x10/0x10
[ 71.544899][ T5965] __sock_sendmsg+0x21c/0x270
[ 71.544913][ T5965] ____sys_sendmsg+0x505/0x830
[ 71.544925][ T5965] ? __pfx_____sys_sendmsg+0x10/0x10
[ 71.544937][ T5965] ? import_iovec+0x74/0xa0
[ 71.544947][ T5965] ___sys_sendmsg+0x21f/0x2a0
[ 71.544957][ T5965] ? __pfx____sys_sendmsg+0x10/0x10
[ 71.544974][ T5965] ? __fget_files+0x2a/0x420
[ 71.544983][ T5965] ? __fget_files+0x3a0/0x420
[ 71.544993][ T5965] __x64_sys_sendmsg+0x19b/0x260
[ 71.545004][ T5965] ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 71.545018][ T5965] ? do_syscall_64+0xbe/0xfa0
[ 71.545029][ T5965] do_syscall_64+0xfa/0xfa0
[ 71.545039][ T5965] ? lockdep_hardirqs_on+0x9c/0x150
[ 71.545050][ T5965] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 71.545059][ T5965] ? exc_page_fault+0xab/0x100
[ 71.545069][ T5965] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 71.545084][ T5965] RIP: 0033:0x7fc5fff8eec9
[ 71.545093][ T5965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 71.545101][ T5965] RSP: 002b:00007fc600ecb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 71.545113][ T5965] RAX: ffffffffffffffda RBX: 00007fc6001e5fa0 RCX: 00007fc5fff8eec9
[ 71.545120][ T5965] RDX: 0000000004008100 RSI: 00002000000000c0 RDI: 0000000000000003
[ 71.545127][ T5965] RBP: 00007fc600011f91 R08: 0000000000000000 R09: 0000000000000000
[ 71.545133][ T5965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 71.545139][ T5965] R13: 00007fc6001e6038 R14: 00007fc6001e5fa0 R15: 00007ffed63a0428
[ 71.545149][ T5965]
[ 71.546947][ T5965] Kernel Offset: disabled
VM DIAGNOSIS:
19:15:16 Registers:
info registers vcpu 0
CPU#0
RAX=ffffffff8192df06 RBX=ffffc90003bd7b3c RCX=0000000000000002 RDX=0000000000000000
RSI=0000000000000000 RDI=ffffffff8e13d320 RBP=dffffc0000000000 RSP=ffffc90003bd77e8
R8 =0000000000000000 R9 =0000000000000000 R10=dffffc0000000000 R11=fffffbfff1f3c232
R12=ffff88812103a040 R13=ffffc90003bd7b30 R14=ffff88812103ae70 R15=ffffc90003bd7b38
RIP=ffffffff819ce365 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00005555777f8500 ffffffff 00c00000
GS =0000 ffff88818e70f000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=000000c0042e1000 CR3=00000001612e0000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=696d696c6e6e6f63 0001000e80110020
XMM02=0000000040010008 8002000c00000074 XMM03=0002000900000000 307a797300010009
XMM04=1f00000040050008 00000000327a7973 XMM05=3700400100088009 000c1f0000004005
XMM06=000800000000327a 7973000200090000 XMM07=0000307a79730001 0009000000004001
XMM08=00088002000c0000 0074696d696c6e6e XMM09=0000000000000000 00007fc60001313d
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1
CPU#1
RAX=0000000000000030 RBX=0000000000000030 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc900035c64d0
R8 =ffff8881697c0237 R9 =1ffff1102d2f8046 R10=dffffc0000000000 R11=ffffffff851b3410
R12=dffffc0000000000 R13=ffffffff99a05917 R14=ffffffff99d18fe0 R15=0000000000000000
RIP=ffffffff851b348c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fc600ecb6c0 ffffffff 00c00000
GS =0000 ffff8882a9d0f000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00005555777f8808 CR3=00000001612e0000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffffffffff00 ffffffffffffff00
XMM02=ffffffffffffffff ffffffffffffffff XMM03=ffffffffffffff00 ffffffffffffff00
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 000000524f525245 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007fc60001313d
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000