Warning: Permanently added '10.128.1.180' (ED25519) to the list of known hosts. 2025/12/12 13:22:28 parsed 1 programs syzkaller login: [ 52.943761][ T4188] cgroup: Unknown subsys name 'net' [ 53.089721][ T4188] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 54.363401][ T4188] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 55.572147][ T1231] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.581891][ T1231] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.592091][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 55.604358][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.612256][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.621261][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 57.748324][ T154] ODEBUG: Out of memory. ODEBUG disabled [ 57.854791][ T4256] chnl_net:caif_netlink_parms(): no params data found [ 57.988662][ T4256] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.996419][ T4256] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.004330][ T4256] device bridge_slave_0 entered promiscuous mode [ 58.012716][ T4256] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.020815][ T4256] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.028564][ T4256] device bridge_slave_1 entered promiscuous mode [ 58.064906][ T4256] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.075993][ T4256] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.097306][ T4256] team0: Port device team_slave_0 added [ 58.105736][ T4256] team0: Port device team_slave_1 added [ 58.126803][ T4256] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.133741][ T4256] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.159921][ T4256] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.187959][ T4256] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.195060][ T4256] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.221125][ T4256] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.253527][ T4256] device hsr_slave_0 entered promiscuous mode [ 58.260185][ T4256] device hsr_slave_1 entered promiscuous mode [ 58.373249][ T4256] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 58.383200][ T4256] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 58.391822][ T4256] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 58.402774][ T4256] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 58.440145][ T4256] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.447310][ T4256] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.455024][ T4256] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.462082][ T4256] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.516930][ T4256] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.528320][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.537317][ T1231] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.547924][ T1231] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.555773][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 58.568627][ T4256] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.580121][ T557] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.588875][ T557] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.596069][ T557] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.634781][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.643191][ T1231] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.650273][ T1231] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.669399][ T557] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 58.679384][ T557] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 58.708878][ T557] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 58.720703][ T557] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 58.731542][ T557] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 58.741943][ T4256] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 58.840384][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 58.848312][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 58.862841][ T4256] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.884174][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 58.892835][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 58.912157][ T4256] device veth0_vlan entered promiscuous mode [ 58.919864][ T557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 58.930414][ T557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 58.940967][ T557] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 58.950217][ T557] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 58.962739][ T4256] device veth1_vlan entered promiscuous mode [ 58.985542][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 58.993689][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 59.002931][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 59.012853][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 59.024464][ T4256] device veth0_macvtap entered promiscuous mode [ 59.034451][ T4256] device veth1_macvtap entered promiscuous mode [ 59.051412][ T4256] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 59.059706][ T557] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 59.069534][ T557] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 59.077910][ T557] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 59.087979][ T557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 59.100394][ T4256] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.108280][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 59.118974][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 59.131811][ T4256] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.141208][ T4256] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.150170][ T4256] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.159101][ T4256] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.247970][ T4256] syz-executor (4256) used greatest stack depth: 21088 bytes left 2025/12/12 13:22:36 executed programs: 0 [ 59.713999][ T4304] chnl_net:caif_netlink_parms(): no params data found [ 59.772474][ T4304] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.781783][ T4304] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.790037][ T4304] device bridge_slave_0 entered promiscuous mode [ 59.800390][ T4304] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.807778][ T4304] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.819188][ T4304] device bridge_slave_1 entered promiscuous mode [ 59.843235][ T4304] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.855010][ T4304] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.881938][ T4304] team0: Port device team_slave_0 added [ 59.889678][ T4304] team0: Port device team_slave_1 added [ 59.908408][ T4304] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.915480][ T4304] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.941774][ T4304] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.954635][ T4304] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.961589][ T4304] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.988760][ T4304] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.028934][ T4304] device hsr_slave_0 entered promiscuous mode [ 60.035771][ T4304] device hsr_slave_1 entered promiscuous mode [ 60.042332][ T4304] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 60.051214][ T4304] Cannot create hsr debugfs directory [ 60.122694][ T4304] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.654856][ T13] Bluetooth: hci0: command 0x0409 tx timeout [ 62.648519][ T4304] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 63.744210][ T4279] Bluetooth: hci0: command 0x041b tx timeout [ 64.608686][ T4304] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.659836][ T4304] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.760008][ T4304] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 64.770390][ T4304] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 64.780472][ T4304] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 64.796466][ T4304] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 64.836108][ T4304] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.847839][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.855895][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.871241][ T4304] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.880853][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 64.889593][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.898304][ T1231] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.905489][ T1231] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.913159][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 64.928709][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 64.937297][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 64.945728][ T1231] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.952800][ T1231] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.971414][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 64.980182][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 64.991075][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 65.000034][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 65.017773][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 65.027066][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 65.036091][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 65.047315][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 65.055687][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 65.071734][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 65.080200][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 65.091596][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 65.151709][ T154] device hsr_slave_0 left promiscuous mode [ 65.158876][ T154] device hsr_slave_1 left promiscuous mode [ 65.165918][ T154] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 65.173449][ T154] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 65.181974][ T154] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 65.189614][ T154] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 65.197369][ T154] device bridge_slave_1 left promiscuous mode [ 65.204511][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.215949][ T154] device bridge_slave_0 left promiscuous mode [ 65.222095][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.236936][ T154] device veth1_macvtap left promiscuous mode [ 65.243063][ T154] device veth0_macvtap left promiscuous mode [ 65.250217][ T154] device veth1_vlan left promiscuous mode [ 65.256424][ T154] device veth0_vlan left promiscuous mode [ 65.358598][ T154] team0 (unregistering): Port device team_slave_1 removed [ 65.370175][ T154] team0 (unregistering): Port device team_slave_0 removed [ 65.382085][ T154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 65.395643][ T154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 65.437094][ T154] bond0 (unregistering): Released all slaves [ 65.473097][ T557] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 65.480603][ T557] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 65.492240][ T4304] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.509478][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 65.518676][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 65.537952][ T557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 65.555540][ T557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 65.564928][ T557] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 65.573365][ T557] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 65.582976][ T4304] device veth0_vlan entered promiscuous mode [ 65.592920][ T4304] device veth1_vlan entered promiscuous mode [ 65.615317][ T557] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 65.625291][ T557] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 65.633254][ T557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 65.641748][ T557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 65.651797][ T4304] device veth0_macvtap entered promiscuous mode [ 65.662143][ T4304] device veth1_macvtap entered promiscuous mode [ 65.678358][ T4304] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.687012][ T557] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 65.695250][ T557] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 65.703021][ T557] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 65.711699][ T557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 65.721682][ T4304] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.729933][ T557] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 65.738683][ T557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 65.750270][ T4304] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.759357][ T4304] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.768243][ T4304] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.777940][ T4304] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.822021][ T4280] Bluetooth: hci0: command 0x040f tx timeout [ 65.828558][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.854263][ T557] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.855334][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.862196][ T557] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.879043][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 65.891037][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 65.962136][ T4324] loop0: detected capacity change from 0 to 2048 [ 65.990207][ T4324] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 66.008497][ T4324] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 66.358807][ T4304] ================================================================== [ 66.367037][ T4304] BUG: KASAN: use-after-free in crc_itu_t+0x1ad/0x280 [ 66.373814][ T4304] Read of size 1 at addr ffff888073a26000 by task syz-executor/4304 [ 66.381817][ T4304] [ 66.384143][ T4304] CPU: 0 PID: 4304 Comm: syz-executor Not tainted syzkaller #0 [ 66.391686][ T4304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 66.401753][ T4304] Call Trace: [ 66.405030][ T4304] [ 66.407955][ T4304] dump_stack_lvl+0x168/0x230 [ 66.412635][ T4304] ? show_regs_print_info+0x20/0x20 [ 66.417831][ T4304] ? load_image+0x3b0/0x3b0 [ 66.422337][ T4304] ? _raw_spin_lock_irqsave+0xb0/0xf0 [ 66.427717][ T4304] print_address_description+0x60/0x2d0 [ 66.433261][ T4304] ? crc_itu_t+0x1ad/0x280 [ 66.437671][ T4304] kasan_report+0xdf/0x130 [ 66.442086][ T4304] ? crc_itu_t+0x1ad/0x280 [ 66.446499][ T4304] crc_itu_t+0x1ad/0x280 [ 66.450742][ T4304] udf_sync_fs+0x194/0x350 [ 66.455161][ T4304] ? udf_put_super+0x160/0x160 [ 66.460010][ T4304] ? cpumask_next+0xb3/0xd0 [ 66.464511][ T4304] ? get_nr_dirty_inodes+0x248/0x2d0 [ 66.469814][ T4304] sync_filesystem+0xe6/0x220 [ 66.474498][ T4304] generic_shutdown_super+0x6b/0x300 [ 66.479786][ T4304] kill_block_super+0x7c/0xe0 [ 66.484464][ T4304] deactivate_locked_super+0x93/0xf0 [ 66.489748][ T4304] cleanup_mnt+0x418/0x4d0 [ 66.494166][ T4304] ? lockdep_hardirqs_on+0x94/0x140 [ 66.499370][ T4304] task_work_run+0x125/0x1a0 [ 66.503963][ T4304] do_exit+0x61e/0x20a0 [ 66.508123][ T4304] ? put_task_struct+0x80/0x80 [ 66.512887][ T4304] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 66.518867][ T4304] ? lock_chain_count+0x20/0x20 [ 66.523721][ T4304] ? _raw_spin_lock_irq+0xab/0xe0 [ 66.528746][ T4304] do_group_exit+0x12e/0x300 [ 66.533337][ T4304] ? lockdep_hardirqs_on+0x94/0x140 [ 66.538538][ T4304] get_signal+0x6ca/0x12c0 [ 66.542979][ T4304] arch_do_signal_or_restart+0xc1/0x1300 [ 66.548616][ T4304] ? vfs_write+0x84d/0xd00 [ 66.553048][ T4304] ? file_end_write+0x250/0x250 [ 66.557902][ T4304] ? get_sigframe_size+0x10/0x10 [ 66.562861][ T4304] ? ksys_write+0x1e7/0x250 [ 66.567363][ T4304] ? exit_to_user_mode_loop+0x3b/0x130 [ 66.572834][ T4304] exit_to_user_mode_loop+0x9e/0x130 [ 66.578125][ T4304] exit_to_user_mode_prepare+0xee/0x180 [ 66.583672][ T4304] syscall_exit_to_user_mode+0x16/0x40 [ 66.589129][ T4304] do_syscall_64+0x58/0xa0 [ 66.593553][ T4304] ? clear_bhb_loop+0x30/0x80 [ 66.598240][ T4304] ? clear_bhb_loop+0x30/0x80 [ 66.602930][ T4304] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 66.608845][ T4304] RIP: 0033:0x7fd17908a1ff [ 66.613269][ T4304] Code: Unable to access opcode bytes at RIP 0x7fd17908a1d5. [ 66.620628][ T4304] RSP: 002b:00007ffc9e7084c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 66.629051][ T4304] RAX: 0000000000000004 RBX: 0000000000000003 RCX: 00007fd17908a1ff [ 66.637024][ T4304] RDX: 0000000000000004 RSI: 00007ffc9e708580 RDI: 00000000000000f8 [ 66.644996][ T4304] RBP: 00007ffc9e70852c R08: 0000000000000000 R09: 0000000000000000 [ 66.652968][ T4304] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 66.660950][ T4304] R13: 00000000000927c0 R14: 00000000000102f7 R15: 00007ffc9e708580 [ 66.668952][ T4304] [ 66.671976][ T4304] [ 66.674291][ T4304] Allocated by task 21: [ 66.678437][ T4304] __kasan_slab_alloc+0x9c/0xd0 [ 66.683290][ T4304] slab_post_alloc_hook+0x4c/0x380 [ 66.688397][ T4304] kmem_cache_alloc_node+0x12d/0x2d0 [ 66.693678][ T4304] __alloc_skb+0xf4/0x750 [ 66.698009][ T4304] nsim_dev_trap_report_work+0x2a1/0xb40 [ 66.703644][ T4304] process_one_work+0x863/0x1000 [ 66.708588][ T4304] worker_thread+0xaa8/0x12a0 [ 66.713266][ T4304] kthread+0x436/0x520 [ 66.717594][ T4304] ret_from_fork+0x1f/0x30 [ 66.722021][ T4304] [ 66.724340][ T4304] Freed by task 21: [ 66.728136][ T4304] kasan_set_track+0x4b/0x70 [ 66.732779][ T4304] kasan_set_free_info+0x1f/0x40 [ 66.737711][ T4304] ____kasan_slab_free+0xd5/0x110 [ 66.742731][ T4304] slab_free_freelist_hook+0xea/0x170 [ 66.748098][ T4304] kmem_cache_free+0x8f/0x210 [ 66.752813][ T4304] nsim_dev_trap_report_work+0x7cb/0xb40 [ 66.758444][ T4304] process_one_work+0x863/0x1000 [ 66.763379][ T4304] worker_thread+0xaa8/0x12a0 [ 66.768060][ T4304] kthread+0x436/0x520 [ 66.772305][ T4304] ret_from_fork+0x1f/0x30 [ 66.776718][ T4304] [ 66.779153][ T4304] The buggy address belongs to the object at ffff888073a26000 [ 66.779153][ T4304] which belongs to the cache skbuff_head_cache of size 232 [ 66.793734][ T4304] The buggy address is located 0 bytes inside of [ 66.793734][ T4304] 232-byte region [ffff888073a26000, ffff888073a260e8) [ 66.806848][ T4304] The buggy address belongs to the page: [ 66.812496][ T4304] page:ffffea0001ce8980 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x73a26 [ 66.822660][ T4304] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) [ 66.830236][ T4304] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff888144bf0140 [ 66.838832][ T4304] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000 [ 66.847530][ T4304] page dumped because: kasan: bad access detected [ 66.853956][ T4304] page_owner tracks the page as allocated [ 66.859675][ T4304] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 21, ts 65944486496, free_ts 65820324772 [ 66.876958][ T4304] get_page_from_freelist+0x1b77/0x1c60 [ 66.882513][ T4304] __alloc_pages+0x1e1/0x470 [ 66.887104][ T4304] new_slab+0xc0/0x4b0 [ 66.891173][ T4304] ___slab_alloc+0x81e/0xdf0 [ 66.895753][ T4304] kmem_cache_alloc_node+0x1c3/0x2d0 [ 66.901032][ T4304] __alloc_skb+0xf4/0x750 [ 66.905359][ T4304] nsim_dev_trap_report_work+0x2a1/0xb40 [ 66.910996][ T4304] process_one_work+0x863/0x1000 [ 66.916064][ T4304] worker_thread+0xaa8/0x12a0 [ 66.920749][ T4304] kthread+0x436/0x520 [ 66.924824][ T4304] ret_from_fork+0x1f/0x30 [ 66.929250][ T4304] page last free stack trace: [ 66.933914][ T4304] free_unref_page_prepare+0x637/0x6c0 [ 66.939375][ T4304] free_unref_page+0x94/0x280 [ 66.944059][ T4304] __unfreeze_partials+0x1a5/0x200 [ 66.949179][ T4304] put_cpu_partial+0x12d/0x190 [ 66.953936][ T4304] qlist_free_all+0x35/0x90 [ 66.958434][ T4304] kasan_quarantine_reduce+0x150/0x160 [ 66.963892][ T4304] __kasan_slab_alloc+0x2f/0xd0 [ 66.968739][ T4304] slab_post_alloc_hook+0x4c/0x380 [ 66.973862][ T4304] kmem_cache_alloc_node+0x12d/0x2d0 [ 66.979140][ T4304] __alloc_skb+0xf4/0x750 [ 66.983466][ T4304] inet_netconf_notify_devconf+0x16f/0x230 [ 66.989285][ T4304] __devinet_sysctl_register+0x321/0x380 [ 66.994925][ T4304] devinet_sysctl_register+0x17c/0x1f0 [ 67.000376][ T4304] inetdev_init+0x28c/0x4d0 [ 67.004877][ T4304] inetdev_event+0x280/0x1360 [ 67.009664][ T4304] raw_notifier_call_chain+0xcb/0x160 [ 67.015034][ T4304] [ 67.017358][ T4304] Memory state around the buggy address: [ 67.022983][ T4304] ffff888073a25f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 67.031036][ T4304] ffff888073a25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 67.039095][ T4304] >ffff888073a26000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.047149][ T4304] ^ [ 67.051211][ T4304] ffff888073a26080: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc [ 67.059351][ T4304] ffff888