Warning: Permanently added '[localhost]:35315' (ED25519) to the list of known hosts.
2025/10/02 00:32:06 parsed 1 programs
syzkaller login: [ 44.810208][ T5844] cgroup: Unknown subsys name 'net'
[ 44.915920][ T5844] cgroup: Unknown subsys name 'cpuset'
[ 44.919723][ T5844] cgroup: Unknown subsys name 'rlimit'
[ 46.463155][ T5844] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 48.359645][ T1236] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 48.362253][ T1236] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 48.382602][ T74] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 48.385887][ T74] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 48.418533][ T5858] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 49.318278][ T5240] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 49.321196][ T5240] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 49.324657][ T5240] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 49.327991][ T5240] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 49.330979][ T5240] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 50.503609][ T5926] chnl_net:caif_netlink_parms(): no params data found
[ 50.570750][ T5926] bridge0: port 1(bridge_slave_0) entered blocking state
[ 50.574244][ T5926] bridge0: port 1(bridge_slave_0) entered disabled state
[ 50.576992][ T5926] bridge_slave_0: entered allmulticast mode
[ 50.581109][ T5926] bridge_slave_0: entered promiscuous mode
[ 50.586193][ T5926] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.588967][ T5926] bridge0: port 2(bridge_slave_1) entered disabled state
[ 50.591537][ T5926] bridge_slave_1: entered allmulticast mode
[ 50.594702][ T5926] bridge_slave_1: entered promiscuous mode
[ 50.612026][ T5926] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 50.616659][ T5926] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 50.634248][ T5926] team0: Port device team_slave_0 added
[ 50.637762][ T5926] team0: Port device team_slave_1 added
[ 50.652580][ T5926] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 50.655278][ T5926] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 50.663847][ T5926] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 50.668497][ T5926] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 50.670724][ T5926] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 50.681190][ T5926] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 50.705342][ T5926] hsr_slave_0: entered promiscuous mode
[ 50.708247][ T5926] hsr_slave_1: entered promiscuous mode
[ 50.796557][ T5926] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 50.802028][ T5926] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 50.806183][ T5926] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 50.810551][ T5926] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 50.827736][ T5926] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.830120][ T5926] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 50.832754][ T5926] bridge0: port 1(bridge_slave_0) entered blocking state
[ 50.835105][ T5926] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 50.866319][ T5926] 8021q: adding VLAN 0 to HW filter on device bond0
[ 50.877530][ T1089] bridge0: port 1(bridge_slave_0) entered disabled state
[ 50.880663][ T1089] bridge0: port 2(bridge_slave_1) entered disabled state
[ 50.888888][ T5926] 8021q: adding VLAN 0 to HW filter on device team0
[ 50.897308][ T1089] bridge0: port 1(bridge_slave_0) entered blocking state
[ 50.900257][ T1089] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 50.908188][ T1089] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.911216][ T1089] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 51.018331][ T5926] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 51.045337][ T5926] veth0_vlan: entered promiscuous mode
[ 51.050304][ T5926] veth1_vlan: entered promiscuous mode
[ 51.066373][ T5926] veth0_macvtap: entered promiscuous mode
[ 51.070240][ T5926] veth1_macvtap: entered promiscuous mode
[ 51.079926][ T5926] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 51.086715][ T5926] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 51.094808][ T5870] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 51.100191][ T5870] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 51.105043][ T5870] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 51.107781][ T5870] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 51.184987][ T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 51.226203][ T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 51.291190][ T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 51.359516][ T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/10/02 00:32:14 executed programs: 0
[ 51.621623][ T5240] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 51.624556][ T5240] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 51.627470][ T5240] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 51.630357][ T5240] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 51.633674][ T5240] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 51.751664][ T5957] chnl_net:caif_netlink_parms(): no params data found
[ 51.814625][ T5957] bridge0: port 1(bridge_slave_0) entered blocking state
[ 51.817685][ T5957] bridge0: port 1(bridge_slave_0) entered disabled state
[ 51.820095][ T5957] bridge_slave_0: entered allmulticast mode
[ 51.822898][ T5957] bridge_slave_0: entered promiscuous mode
[ 51.827303][ T5957] bridge0: port 2(bridge_slave_1) entered blocking state
[ 51.829679][ T5957] bridge0: port 2(bridge_slave_1) entered disabled state
[ 51.832041][ T5957] bridge_slave_1: entered allmulticast mode
[ 51.835755][ T5957] bridge_slave_1: entered promiscuous mode
[ 51.857377][ T5957] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 51.862565][ T5957] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 51.880078][ T5957] team0: Port device team_slave_0 added
[ 51.884493][ T5957] team0: Port device team_slave_1 added
[ 51.901487][ T5957] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 51.904105][ T5957] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 51.915268][ T5957] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 51.919652][ T5957] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 51.921901][ T5957] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 51.930364][ T5957] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 51.959266][ T5957] hsr_slave_0: entered promiscuous mode
[ 51.961654][ T5957] hsr_slave_1: entered promiscuous mode
[ 51.964442][ T5957] debugfs: 'hsr0' already exists in 'hsr'
[ 51.966353][ T5957] Cannot create hsr debugfs directory
[ 53.675175][ T5240] Bluetooth: hci0: command tx timeout
[ 54.597508][ T13] bridge_slave_1: left allmulticast mode
[ 54.599791][ T13] bridge_slave_1: left promiscuous mode
[ 54.602122][ T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 54.610153][ T13] bridge_slave_0: left allmulticast mode
[ 54.612243][ T13] bridge_slave_0: left promiscuous mode
[ 54.617548][ T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 54.810386][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 54.816211][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 54.820372][ T13] bond0 (unregistering): Released all slaves
[ 54.922835][ T13] hsr_slave_0: left promiscuous mode
[ 54.928080][ T13] hsr_slave_1: left promiscuous mode
[ 54.930186][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 54.932648][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 54.945325][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 54.947935][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 54.956906][ T13] veth1_macvtap: left promiscuous mode
[ 54.959208][ T13] veth0_macvtap: left promiscuous mode
[ 54.961137][ T13] veth1_vlan: left promiscuous mode
[ 54.962894][ T13] veth0_vlan: left promiscuous mode
[ 55.154747][ T13] team0 (unregistering): Port device team_slave_1 removed
[ 55.169471][ T13] team0 (unregistering): Port device team_slave_0 removed
[ 55.585750][ T5957] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 55.592924][ T5957] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 55.599602][ T5957] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 55.606011][ T5957] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 55.730382][ T5957] 8021q: adding VLAN 0 to HW filter on device bond0
[ 55.745290][ T5957] 8021q: adding VLAN 0 to HW filter on device team0
[ 55.750801][ T1089] bridge0: port 1(bridge_slave_0) entered blocking state
[ 55.753644][ T1089] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 55.764536][ T5240] Bluetooth: hci0: command tx timeout
[ 55.775062][ T52] bridge0: port 2(bridge_slave_1) entered blocking state
[ 55.777929][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 55.906473][ T5957] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 55.929103][ T5957] veth0_vlan: entered promiscuous mode
[ 55.934895][ T5957] veth1_vlan: entered promiscuous mode
[ 55.950972][ T5957] veth0_macvtap: entered promiscuous mode
[ 55.956883][ T5957] veth1_macvtap: entered promiscuous mode
[ 55.969933][ T5957] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 55.979287][ T5957] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 55.986707][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 55.990828][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 55.994952][ T5944] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 55.997911][ T5944] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 56.034067][ T1236] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 56.037233][ T1236] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 56.055936][ T1236] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 56.058827][ T1236] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 56.217887][ T5995] ==================================================================
[ 56.220386][ T5995] BUG: KASAN: double-free in bpf_prog_test_run_skb+0x568/0x1bd0
[ 56.222759][ T5995] Free of addr ffff88810f002c00 by task syz.0.17/5995
[ 56.224988][ T5995]
[ 56.226436][ T5995] CPU: 1 UID: 0 PID: 5995 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 56.226445][ T5995] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 56.226450][ T5995] Call Trace:
[ 56.226454][ T5995]
[ 56.226457][ T5995] dump_stack_lvl+0x189/0x250
[ 56.226467][ T5995] ? __virt_addr_valid+0x1c8/0x5c0
[ 56.226476][ T5995] ? rcu_is_watching+0x15/0xb0
[ 56.226482][ T5995] ? __pfx_dump_stack_lvl+0x10/0x10
[ 56.226489][ T5995] ? rcu_is_watching+0x15/0xb0
[ 56.226495][ T5995] ? lock_release+0x4b/0x3e0
[ 56.226504][ T5995] ? _raw_spin_lock_irqsave+0xb3/0xf0
[ 56.226512][ T5995] ? __virt_addr_valid+0x1c8/0x5c0
[ 56.226519][ T5995] ? __virt_addr_valid+0x4a5/0x5c0
[ 56.226527][ T5995] print_report+0xca/0x240
[ 56.226533][ T5995] ? bpf_prog_test_run_skb+0x568/0x1bd0
[ 56.226540][ T5995] kasan_report_invalid_free+0xea/0x110
[ 56.226549][ T5995] ? bpf_prog_test_run_skb+0x568/0x1bd0
[ 56.226556][ T5995] ? bpf_prog_test_run_skb+0x568/0x1bd0
[ 56.226563][ T5995] check_slab_allocation+0xe1/0x130
[ 56.226569][ T5995] ? bpf_prog_test_run_skb+0x568/0x1bd0
[ 56.226576][ T5995] kfree+0x13f/0x440
[ 56.226586][ T5995] bpf_prog_test_run_skb+0x568/0x1bd0
[ 56.226597][ T5995] ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[ 56.226605][ T5995] bpf_prog_test_run+0x2c7/0x340
[ 56.226615][ T5995] __sys_bpf+0x562/0x860
[ 56.226623][ T5995] ? __pfx___sys_bpf+0x10/0x10
[ 56.226633][ T5995] ? __pfx___se_sys_futex+0x10/0x10
[ 56.226642][ T5995] __x64_sys_bpf+0x7c/0x90
[ 56.226649][ T5995] do_syscall_64+0xfa/0x3b0
[ 56.226658][ T5995] ? lockdep_hardirqs_on+0x9c/0x150
[ 56.226665][ T5995] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 56.226671][ T5995] ? exc_page_fault+0x9f/0xf0
[ 56.226678][ T5995] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 56.226684][ T5995] RIP: 0033:0x7fba7578ec29
[ 56.226691][ T5995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 56.226696][ T5995] RSP: 002b:00007ffd3f323258 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 56.226704][ T5995] RAX: ffffffffffffffda RBX: 00007fba759d5fa0 RCX: 00007fba7578ec29
[ 56.226709][ T5995] RDX: 0000000000000050 RSI: 0000200000002300 RDI: 000000000000000a
[ 56.226713][ T5995] RBP: 00007fba75811e41 R08: 0000000000000000 R09: 0000000000000000
[ 56.226717][ T5995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 56.226721][ T5995] R13: 00007fba759d5fa0 R14: 00007fba759d5fa0 R15: 0000000000000003
[ 56.226728][ T5995]
[ 56.226730][ T5995]
[ 56.312672][ T5995] Allocated by task 5995:
[ 56.314135][ T5995] kasan_save_track+0x3e/0x80
[ 56.315874][ T5995] __kasan_krealloc+0xe7/0x140
[ 56.317818][ T5995] krealloc_noprof+0x1b8/0x340
[ 56.319712][ T5995] slab_build_skb+0x8b/0x3e0
[ 56.321309][ T5995] bpf_prog_test_run_skb+0x41b/0x1bd0
[ 56.323155][ T5995] bpf_prog_test_run+0x2c7/0x340
[ 56.324889][ T5995] __sys_bpf+0x562/0x860
[ 56.326393][ T5995] __x64_sys_bpf+0x7c/0x90
[ 56.327985][ T5995] do_syscall_64+0xfa/0x3b0
[ 56.329625][ T5995] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 56.331843][ T5995]
[ 56.332683][ T5995] Freed by task 5995:
[ 56.334084][ T5995] kasan_save_track+0x3e/0x80
[ 56.335736][ T5995] kasan_save_free_info+0x46/0x50
[ 56.337690][ T5995] __kasan_slab_free+0x5b/0x80
[ 56.339469][ T5995] kfree+0x18e/0x440
[ 56.340755][ T5995] skb_release_data+0x62d/0x7c0
[ 56.342349][ T5995] sk_skb_reason_drop+0x127/0x170
[ 56.344249][ T5995] vti_tunnel_xmit+0xf5a/0x18b0
[ 56.346083][ T5995] dev_hard_start_xmit+0x2d7/0x830
[ 56.347989][ T5995] __dev_queue_xmit+0x1b8d/0x3b50
[ 56.350111][ T5995] __bpf_tx_skb+0x18e/0x260
[ 56.352054][ T5995] bpf_clone_redirect+0x272/0x3d0
[ 56.354213][ T5995] bpf_prog_69c2527fbc57d46b+0x5f/0x68
[ 56.356477][ T5995] bpf_test_run+0x318/0x7b0
[ 56.358405][ T5995] bpf_prog_test_run_skb+0xd42/0x1bd0
[ 56.360663][ T5995] bpf_prog_test_run+0x2c7/0x340
[ 56.362730][ T5995] __sys_bpf+0x562/0x860
[ 56.364526][ T5995] __x64_sys_bpf+0x7c/0x90
[ 56.366356][ T5995] do_syscall_64+0xfa/0x3b0
[ 56.368254][ T5995] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 56.370677][ T5995]
[ 56.371683][ T5995] The buggy address belongs to the object at ffff88810f002c00
[ 56.371683][ T5995] which belongs to the cache kmalloc-512 of size 512
[ 56.377355][ T5995] The buggy address is located 0 bytes inside of
[ 56.377355][ T5995] 512-byte region [ffff88810f002c00, ffff88810f002e00)
[ 56.382662][ T5995]
[ 56.383698][ T5995] The buggy address belongs to the physical page:
[ 56.386341][ T5995] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10f000
[ 56.389934][ T5995] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 56.393460][ T5995] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[ 56.396586][ T5995] page_type: f5(slab)
[ 56.398310][ T5995] raw: 057ff00000000040 ffff88801a441c80 dead000000000122 0000000000000000
[ 56.401786][ T5995] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[ 56.405272][ T5995] head: 057ff00000000040 ffff88801a441c80 dead000000000122 0000000000000000
[ 56.408760][ T5995] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[ 56.412250][ T5995] head: 057ff00000000002 ffffea00043c0001 00000000ffffffff 00000000ffffffff
[ 56.415819][ T5995] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[ 56.419311][ T5995] page dumped because: kasan: bad access detected
[ 56.421968][ T5995] page_owner tracks the page as allocated
[ 56.424368][ T5995] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5965, tgid 5965 (udevd), ts 56045734118, free_ts 55352678471
[ 56.432667][ T5995] post_alloc_hook+0x240/0x2a0
[ 56.434638][ T5995] get_page_from_freelist+0x21e4/0x22c0
[ 56.436952][ T5995] __alloc_frozen_pages_noprof+0x181/0x370
[ 56.439351][ T5995] alloc_pages_mpol+0x232/0x4a0
[ 56.441360][ T5995] allocate_slab+0x8a/0x370
[ 56.443239][ T5995] ___slab_alloc+0xbeb/0x1420
[ 56.445171][ T5995] __kmalloc_cache_noprof+0x296/0x3d0
[ 56.447396][ T5995] kernfs_fop_open+0x397/0xca0
[ 56.449363][ T5995] do_dentry_open+0x953/0x13f0
[ 56.451397][ T5995] vfs_open+0x3b/0x340
[ 56.453129][ T5995] path_openat+0x2ee5/0x3830
[ 56.455051][ T5995] do_filp_open+0x1fa/0x410
[ 56.456926][ T5995] do_sys_openat2+0x121/0x1c0
[ 56.458866][ T5995] __x64_sys_openat+0x138/0x170
[ 56.460635][ T5995] do_syscall_64+0xfa/0x3b0
[ 56.462543][ T5995] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 56.465059][ T5995] page last free pid 5594 tgid 5594 stack trace:
[ 56.467631][ T5995] __free_frozen_pages+0xbc4/0xd30
[ 56.469738][ T5995] __put_partials+0x156/0x1a0
[ 56.471698][ T5995] put_cpu_partial+0x17c/0x250
[ 56.473694][ T5995] __slab_free+0x2d5/0x3c0
[ 56.475545][ T5995] qlist_free_all+0x97/0x140
[ 56.477511][ T5995] kasan_quarantine_reduce+0x148/0x160
[ 56.479797][ T5995] __kasan_slab_alloc+0x22/0x80
[ 56.481850][ T5995] kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[ 56.484298][ T5995] __alloc_skb+0x112/0x2d0
[ 56.486155][ T5995] netlink_sendmsg+0x5c6/0xb30
[ 56.488117][ T5995] __sock_sendmsg+0x21c/0x270
[ 56.490094][ T5995] __sys_sendto+0x3bd/0x520
[ 56.491983][ T5995] __x64_sys_sendto+0xde/0x100
[ 56.494005][ T5995] do_syscall_64+0xfa/0x3b0
[ 56.495891][ T5995] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 56.498392][ T5995]
[ 56.499420][ T5995] Memory state around the buggy address:
[ 56.501797][ T5995] ffff88810f002b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 56.504833][ T5995] ffff88810f002b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 56.507714][ T5995] >ffff88810f002c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 56.510299][ T5995] ^
[ 56.511879][ T5995] ffff88810f002c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 56.514747][ T5995] ffff88810f002d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 56.517630][ T5995] ==================================================================
[ 56.522081][ T5995] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 56.524557][ T5995] CPU: 1 UID: 0 PID: 5995 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 56.527861][ T5995] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 56.531064][ T5995] Call Trace:
[ 56.532208][ T5995]
[ 56.533438][ T5995] dump_stack_lvl+0x99/0x250
[ 56.535305][ T5995] ? __asan_memcpy+0x40/0x70
[ 56.536949][ T5995] ? __pfx_dump_stack_lvl+0x10/0x10
[ 56.538953][ T5995] ? __pfx__printk+0x10/0x10
[ 56.540615][ T5995] vpanic+0x281/0x750
[ 56.542324][ T5995] ? preempt_schedule+0xae/0xc0
[ 56.544052][ T5995] ? __pfx_vpanic+0x10/0x10
[ 56.545757][ T5995] ? preempt_schedule_common+0x83/0xd0
[ 56.548017][ T5995] ? preempt_schedule+0xae/0xc0
[ 56.549579][ T5995] ? __pfx_preempt_schedule+0x10/0x10
[ 56.551259][ T5995] panic+0xb9/0xc0
[ 56.552461][ T5995] ? __pfx_panic+0x10/0x10
[ 56.553873][ T5995] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 56.555765][ T5995] ? is_module_address+0x17/0xf0
[ 56.557461][ T5995] check_panic_on_warn+0x89/0xb0
[ 56.559053][ T5995] end_report+0x78/0x160
[ 56.560403][ T5995] ? bpf_prog_test_run_skb+0x568/0x1bd0
[ 56.562117][ T5995] kasan_report_invalid_free+0xfa/0x110
[ 56.563951][ T5995] ? bpf_prog_test_run_skb+0x568/0x1bd0
[ 56.565885][ T5995] ? bpf_prog_test_run_skb+0x568/0x1bd0
[ 56.567731][ T5995] check_slab_allocation+0xe1/0x130
[ 56.569542][ T5995] ? bpf_prog_test_run_skb+0x568/0x1bd0
[ 56.571340][ T5995] kfree+0x13f/0x440
[ 56.572649][ T5995] bpf_prog_test_run_skb+0x568/0x1bd0
[ 56.574531][ T5995] ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[ 56.576615][ T5995] bpf_prog_test_run+0x2c7/0x340
[ 56.578351][ T5995] __sys_bpf+0x562/0x860
[ 56.579682][ T5995] ? __pfx___sys_bpf+0x10/0x10
[ 56.581221][ T5995] ? __pfx___se_sys_futex+0x10/0x10
[ 56.583057][ T5995] __x64_sys_bpf+0x7c/0x90
[ 56.584747][ T5995] do_syscall_64+0xfa/0x3b0
[ 56.586408][ T5995] ? lockdep_hardirqs_on+0x9c/0x150
[ 56.588209][ T5995] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 56.590348][ T5995] ? exc_page_fault+0x9f/0xf0
[ 56.592172][ T5995] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 56.594336][ T5995] RIP: 0033:0x7fba7578ec29
[ 56.595865][ T5995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 56.602548][ T5995] RSP: 002b:00007ffd3f323258 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 56.605642][ T5995] RAX: ffffffffffffffda RBX: 00007fba759d5fa0 RCX: 00007fba7578ec29
[ 56.608208][ T5995] RDX: 0000000000000050 RSI: 0000200000002300 RDI: 000000000000000a
[ 56.610747][ T5995] RBP: 00007fba75811e41 R08: 0000000000000000 R09: 0000000000000000
[ 56.613318][ T5995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 56.616191][ T5995] R13: 00007fba759d5fa0 R14: 00007fba759d5fa0 R15: 0000000000000003
[ 56.618702][ T5995]
[ 56.620450][ T5995] Kernel Offset: disabled
[ 56.621882][ T5995] Rebooting in 86400 seconds..
VM DIAGNOSIS:
00:32:19 Registers:
info registers vcpu 0
CPU#0
RAX=4df88a5bb7bed800 RBX=ffffffff81969a38 RCX=4df88a5bb7bed800 RDX=0000000000000001
RSI=ffffffff8d9baf55 RDI=ffffffff8be34480 RBP=ffffffff8de07eb8 RSP=ffffffff8de07d80
R8 =ffff88804b032f9b R9 =1ffff110096065f3 R10=dffffc0000000000 R11=ffffed10096065f4
R12=ffffffff8fa3b530 R13=0000000000000000 R14=0000000000000000 R15=1ffffffff1bd2a20
RIP=ffffffff8b7b13f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8611000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00005555714ac808 CR3=000000010f7ce000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 00007fba75812e7b
XMM06=0000000000000000 00007fba75812e75 XMM07=0000000000000000 00007fba75812e89
XMM08=0000000000000000 00007fba75812f0f XMM09=0000000000000000 00007fba75812fed
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1
CPU#1
RAX=0000000000000039 RBX=0000000000000039 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90002a3f430
R8 =ffff888021850237 R9 =1ffff1100430a046 R10=dffffc0000000000 R11=ffffffff85504ac0
R12=dffffc0000000000 R13=ffffffff99b048d4 R14=ffffffff99df9420 R15=0000000000000000
RIP=ffffffff85504b3c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00005555714ac500 ffffffff 00c00000
GS =0000 ffff8881a3c11000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b31063fff CR3=00000000284de000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=7fe4fcd07fe4fcd0 7fe4fcd07fe4fcd0 XMM01=44414b0d44414b0d 44414b0d44414b0d
XMM02=a3d30ec2a3d30ec2 a3d30ec2a3d30ec2 XMM03=69b9e59669b9e596 69b9e59669b9e596
XMM04=b0b4a98f8618060a afafb1630034932b XMM05=890e8464d25433c7 1f061332bacbc2e9
XMM06=9882689889c671eb ba74f3e089a3c4f7 XMM07=3236ece90dd57cde c36a62b6c91d6a37
XMM08=77dfb7fa30550141 494237c13ec4960b XMM09=c9cc2510199cb33f 4ccccc272f073bd9
XMM10=769e3139292aabda dd5bc9ce08b29ec1 XMM11=4cc375fa59bc4d30 4d18205fb6ab92b3
XMM12=96b308ad96b308ad 96b308ad96b308ad XMM13=d6cb3397d6cb3397 d6cb3397d6cb3397
XMM14=2012bc4b2012bc4b 2012bc4b2012bc4b XMM15=0000000000000000 0000000000000000