program: r0 = syz_open_dev$MSR(0x0, 0x6c6c9c9e, 0x0) read$msr(r0, 0x0, 0x0) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x38, 0x1403, 0xc23, 0x70bd2a, 0x25dfdbff, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'syz_tun\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x48845}, 0x4000) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000540)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4e7, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xa0, 0x0, [{{0x9, 0x4, 0x0, 0xfc, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0xffff, 0xfd, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x3, 0x0, 0xfd}}}}}]}}]}}, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x80000000000000, &(0x7f0000000040), 0x13f, 0x5}}, 0x20) (async) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x80000000000000, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f0000000180)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e25, 0xee6, @empty, 0xb}, r3}}, 0x30) (async) write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f0000000180)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e25, 0xee6, @empty, 0xb}, r3}}, 0x30) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r4, &(0x7f0000000180)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e25, 0x10001, @local, 0xb}, r5}}, 0x30) (async) write$RDMA_USER_CM_CMD_BIND_IP(r4, &(0x7f0000000180)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e25, 0x10001, @local, 0xb}, r5}}, 0x30) sendmsg$alg(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0xcb, 0x0) (async) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0xcb, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x54, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x54}}, 0x0) write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15) (async) write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15) write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) (async) write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) syz_usb_connect(0x3, 0x0, 0x0, 0x0) r7 = socket$netlink(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r8, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) (async) sendmsg$DEVLINK_CMD_RATE_NEW(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r8, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) [ 150.146629][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 150.149528][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 150.163156][ T47] Bluetooth: hci0: command tx timeout [ 150.452845][ T5337] infiniband syz1: set active [ 150.456361][ T5337] infiniband syz1: added syz_tun [ 150.501188][ T5337] RDS/IB: syz1: added [ 150.505489][ T5337] smc: adding ib device syz1 with port count 1 [ 150.508396][ T5337] smc: ib device syz1 port 1 has no pnetid [ 150.513772][ T5335] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 150.663407][ T5335] usb 5-1: Using ep0 maxpacket: 8 [ 150.676244][ T5335] usb 5-1: config 0 interface 0 has no altsetting 0 [ 150.679294][ T5335] usb 5-1: New USB device found, idVendor=04e7, idProduct=0009, bcdDevice= 0.00 [ 150.692303][ T5335] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 150.724217][ T5335] usb 5-1: config 0 descriptor?? [ 150.971777][ T5337] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.183949][ T47] Bluetooth: hci0: command tx timeout [ 152.371459][ T5337] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.429764][ T5337] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.482723][ T5337] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.577679][ T1042] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.608577][ T12] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.629907][ T12] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.645773][ T12] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.654331][ T5338] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.677021][ T12] ================================================================== [ 152.680457][ T12] BUG: KASAN: slab-use-after-free in __mutex_lock+0x147/0x1350 [ 152.683628][ T12] Read of size 8 at addr ffff8880110612b0 by task kworker/u4:0/12 [ 152.686546][ T12] [ 152.687603][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u4:0 Not tainted syzkaller #0 PREEMPT(full) [ 152.687617][ T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 152.687624][ T12] Workqueue: udp_tunnel_nic udp_tunnel_nic_device_sync_work [ 152.687675][ T12] Call Trace: [ 152.687683][ T12] [ 152.687688][ T12] dump_stack_lvl+0x189/0x250 [ 152.687701][ T12] ? __kasan_check_byte+0x12/0x40 [ 152.687743][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 152.687753][ T12] ? lock_release+0x4b/0x3e0 [ 152.687764][ T12] ? __virt_addr_valid+0x4a5/0x5c0 [ 152.687778][ T12] print_report+0xca/0x240 [ 152.687790][ T12] ? __mutex_lock+0x147/0x1350 [ 152.687802][ T12] kasan_report+0x118/0x150 [ 152.687814][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 152.687826][ T12] ? __mutex_lock+0x147/0x1350 [ 152.687838][ T12] __mutex_lock+0x147/0x1350 [ 152.687850][ T12] ? __mutex_lock+0x5bb/0x1350 [ 152.687862][ T12] ? udp_tunnel_nic_device_sync_work+0x39/0xa50 [ 152.687873][ T12] ? __pfx___mutex_lock+0x10/0x10 [ 152.687886][ T12] ? __lock_acquire+0xab9/0xd20 [ 152.687898][ T12] udp_tunnel_nic_device_sync_work+0x39/0xa50 [ 152.687909][ T12] ? process_scheduled_works+0x9ef/0x17b0 [ 152.687919][ T12] ? process_scheduled_works+0x9ef/0x17b0 [ 152.687929][ T12] process_scheduled_works+0xae1/0x17b0 [ 152.687945][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 152.687970][ T12] worker_thread+0x8a0/0xda0 [ 152.687985][ T12] kthread+0x711/0x8a0 [ 152.687999][ T12] ? __pfx_worker_thread+0x10/0x10 [ 152.688009][ T12] ? __pfx_kthread+0x10/0x10 [ 152.688022][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 152.688031][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 152.688056][ T12] ? __pfx_kthread+0x10/0x10 [ 152.688068][ T12] ret_from_fork+0x4bc/0x870 [ 152.688079][ T12] ? __pfx_ret_from_fork+0x10/0x10 [ 152.688091][ T12] ? __pfx_kthread+0x10/0x10 [ 152.688103][ T12] ret_from_fork_asm+0x1a/0x30 [ 152.688118][ T12] [ 152.688122][ T12] [ 152.766571][ T12] Allocated by task 5337: [ 152.768541][ T12] kasan_save_track+0x3e/0x80 [ 152.770609][ T12] __kasan_kmalloc+0x93/0xb0 [ 152.772557][ T12] __kmalloc_noprof+0x411/0x7f0 [ 152.774305][ T12] udp_tunnel_nic_netdevice_event+0x4c3/0x1810 [ 152.776596][ T12] notifier_call_chain+0x1b6/0x3e0 [ 152.778619][ T12] register_netdevice+0x1608/0x1ae0 [ 152.780714][ T12] nsim_create+0xae8/0xf10 [ 152.782489][ T12] __nsim_dev_port_add+0x6b6/0xb10 [ 152.784463][ T12] nsim_dev_port_add_all+0x37/0xf0 [ 152.786472][ T12] nsim_dev_reload_up+0x451/0x780 [ 152.788530][ T12] devlink_reload+0x4ec/0x8d0 [ 152.790341][ T12] devlink_nl_reload_doit+0xb35/0xd50 [ 152.792636][ T12] genl_family_rcv_msg_doit+0x212/0x300 [ 152.794951][ T12] genl_rcv_msg+0x60e/0x790 [ 152.797028][ T12] netlink_rcv_skb+0x205/0x470 [ 152.799104][ T12] genl_rcv+0x28/0x40 [ 152.800919][ T12] netlink_unicast+0x82c/0x9e0 [ 152.803163][ T12] netlink_sendmsg+0x805/0xb30 [ 152.805340][ T12] __sock_sendmsg+0x21c/0x270 [ 152.807482][ T12] ____sys_sendmsg+0x505/0x830 [ 152.809725][ T12] ___sys_sendmsg+0x21f/0x2a0 [ 152.811693][ T12] __x64_sys_sendmsg+0x19b/0x260 [ 152.814041][ T12] do_syscall_64+0xfa/0xfa0 [ 152.816142][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.818597][ T12] [ 152.819518][ T12] Freed by task 5338: [ 152.821066][ T12] kasan_save_track+0x3e/0x80 [ 152.822983][ T12] __kasan_save_free_info+0x46/0x50 [ 152.825100][ T12] __kasan_slab_free+0x5c/0x80 [ 152.826782][ T12] kfree+0x19a/0x6d0 [ 152.828232][ T12] udp_tunnel_nic_netdevice_event+0x11ab/0x1810 [ 152.830589][ T12] notifier_call_chain+0x1b6/0x3e0 [ 152.832513][ T12] unregister_netdevice_many_notify+0x14d7/0x1ff0 [ 152.834898][ T12] unregister_netdevice_queue+0x33c/0x380 [ 152.837096][ T12] nsim_destroy+0x1dd/0x670 [ 152.838766][ T12] __nsim_dev_port_del+0x14d/0x1b0 [ 152.841187][ T12] nsim_dev_reload_destroy+0x288/0x490 [ 152.843667][ T12] nsim_dev_reload_down+0x8a/0xc0 [ 152.845688][ T12] devlink_reload+0x1b3/0x8d0 [ 152.847708][ T12] devlink_nl_reload_doit+0xb35/0xd50 [ 152.850001][ T12] genl_family_rcv_msg_doit+0x212/0x300 [ 152.852461][ T12] genl_rcv_msg+0x60e/0x790 [ 152.854374][ T12] netlink_rcv_skb+0x205/0x470 [ 152.856452][ T12] genl_rcv+0x28/0x40 [ 152.858650][ T12] netlink_unicast+0x82c/0x9e0 [ 152.861559][ T12] netlink_sendmsg+0x805/0xb30 [ 152.863794][ T12] __sock_sendmsg+0x21c/0x270 [ 152.865986][ T12] ____sys_sendmsg+0x505/0x830 [ 152.868172][ T12] ___sys_sendmsg+0x21f/0x2a0 [ 152.870353][ T12] __x64_sys_sendmsg+0x19b/0x260 [ 152.872554][ T12] do_syscall_64+0xfa/0xfa0 [ 152.874467][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.876807][ T12] [ 152.877820][ T12] Last potentially related work creation: [ 152.879954][ T12] kasan_save_stack+0x3e/0x60 [ 152.881824][ T12] kasan_record_aux_stack+0xbd/0xd0 [ 152.883904][ T12] insert_work+0x3d/0x330 [ 152.885710][ T12] __queue_work+0xbaf/0xfb0 [ 152.887624][ T12] queue_work_on+0x181/0x270 [ 152.889685][ T12] __udp_tunnel_nic_add_port+0xb71/0xd60 [ 152.892009][ T12] udp_tunnel_push_rx_port+0x17d/0x200 [ 152.894405][ T12] geneve_offload_rx_ports+0xd7/0x160 [ 152.896695][ T12] geneve_netdevice_event+0x6a/0x80 [ 152.898592][ T12] notifier_call_chain+0x1b6/0x3e0 [ 152.900777][ T12] call_netdevice_notifiers+0x88/0xc0 [ 152.903065][ T12] udp_tunnel_nic_netdevice_event+0xdff/0x1810 [ 152.905714][ T12] notifier_call_chain+0x1b6/0x3e0 [ 152.907886][ T12] register_netdevice+0x1608/0x1ae0 [ 152.910068][ T12] nsim_create+0xae8/0xf10 [ 152.912037][ T12] __nsim_dev_port_add+0x6b6/0xb10 [ 152.914305][ T12] nsim_dev_port_add_all+0x37/0xf0 [ 152.916492][ T12] nsim_dev_reload_up+0x451/0x780 [ 152.918712][ T12] devlink_reload+0x4ec/0x8d0 [ 152.920857][ T12] devlink_nl_reload_doit+0xb35/0xd50 [ 152.923223][ T12] genl_family_rcv_msg_doit+0x212/0x300 [ 152.925681][ T12] genl_rcv_msg+0x60e/0x790 [ 152.927817][ T12] netlink_rcv_skb+0x205/0x470 [ 152.930033][ T12] genl_rcv+0x28/0x40 [ 152.931727][ T12] netlink_unicast+0x82c/0x9e0 [ 152.933733][ T12] netlink_sendmsg+0x805/0xb30 [ 152.935748][ T12] __sock_sendmsg+0x21c/0x270 [ 152.937845][ T12] ____sys_sendmsg+0x505/0x830 [ 152.939885][ T12] ___sys_sendmsg+0x21f/0x2a0 [ 152.941996][ T12] __x64_sys_sendmsg+0x19b/0x260 [ 152.944053][ T12] do_syscall_64+0xfa/0xfa0 [ 152.945981][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.948588][ T12] [ 152.949597][ T12] Second to last potentially related work creation: [ 152.952218][ T12] kasan_save_stack+0x3e/0x60 [ 152.954133][ T12] kasan_record_aux_stack+0xbd/0xd0 [ 152.956339][ T12] insert_work+0x3d/0x330 [ 152.958239][ T12] __queue_work+0xcd2/0xfb0 [ 152.960601][ T12] queue_work_on+0x181/0x270 [ 152.963034][ T12] __udp_tunnel_nic_add_port+0xb71/0xd60 [ 152.966174][ T12] udp_tunnel_push_rx_port+0x17d/0x200 [ 152.969192][ T12] geneve_offload_rx_ports+0xd7/0x160 [ 152.972005][ T12] geneve_netdevice_event+0x6a/0x80 [ 152.974755][ T12] notifier_call_chain+0x1b6/0x3e0 [ 152.977041][ T12] call_netdevice_notifiers+0x88/0xc0 [ 152.979158][ T12] udp_tunnel_nic_netdevice_event+0xdff/0x1810 [ 152.981651][ T12] notifier_call_chain+0x1b6/0x3e0 [ 152.984250][ T12] register_netdevice+0x1608/0x1ae0 [ 152.986829][ T12] nsim_create+0xae8/0xf10 [ 152.988947][ T12] __nsim_dev_port_add+0x6b6/0xb10 [ 152.991164][ T12] nsim_dev_port_add_all+0x37/0xf0 [ 152.993297][ T12] nsim_dev_reload_up+0x451/0x780 [ 152.995141][ T12] devlink_reload+0x4ec/0x8d0 [ 152.997053][ T12] devlink_nl_reload_doit+0xb35/0xd50 [ 152.999398][ T12] genl_family_rcv_msg_doit+0x212/0x300 [ 153.002081][ T12] genl_rcv_msg+0x60e/0x790 [ 153.004433][ T12] netlink_rcv_skb+0x205/0x470 [ 153.006879][ T12] genl_rcv+0x28/0x40 [ 153.008926][ T12] netlink_unicast+0x82c/0x9e0 [ 153.011487][ T12] netlink_sendmsg+0x805/0xb30 [ 153.013909][ T12] __sock_sendmsg+0x21c/0x270 [ 153.016200][ T12] ____sys_sendmsg+0x505/0x830 [ 153.018593][ T12] ___sys_sendmsg+0x21f/0x2a0 [ 153.020829][ T12] __x64_sys_sendmsg+0x19b/0x260 [ 153.023000][ T12] do_syscall_64+0xfa/0xfa0 [ 153.025032][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.027703][ T12] [ 153.028785][ T12] The buggy address belongs to the object at ffff888011061200 [ 153.028785][ T12] which belongs to the cache kmalloc-256 of size 256 [ 153.034660][ T12] The buggy address is located 176 bytes inside of [ 153.034660][ T12] freed 256-byte region [ffff888011061200, ffff888011061300) [ 153.040320][ T12] [ 153.041374][ T12] The buggy address belongs to the physical page: [ 153.044009][ T12] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11061 [ 153.047478][ T12] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 153.050342][ T12] page_type: f5(slab) [ 153.052041][ T12] raw: 00fff00000000000 ffff88801a441b40 dead000000000122 0000000000000000 [ 153.055523][ T12] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 153.058883][ T12] page dumped because: kasan: bad access detected [ 153.061532][ T12] page_owner tracks the page as allocated [ 153.063810][ T12] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5337, tgid 5336 (syz.0.0), ts 152629352505, free_ts 150722644554 [ 153.071858][ T12] post_alloc_hook+0x240/0x2a0 [ 153.074040][ T12] get_page_from_freelist+0x2365/0x2440 [ 153.076500][ T12] __alloc_frozen_pages_noprof+0x181/0x370 [ 153.079083][ T12] alloc_pages_mpol+0x232/0x4a0 [ 153.081218][ T12] allocate_slab+0x96/0x3a0 [ 153.083139][ T12] ___slab_alloc+0xe94/0x18a0 [ 153.085227][ T12] __slab_alloc+0x65/0x100 [ 153.087151][ T12] __kmalloc_noprof+0x471/0x7f0 [ 153.089239][ T12] udp_tunnel_nic_netdevice_event+0x4c3/0x1810 [ 153.091723][ T12] notifier_call_chain+0x1b6/0x3e0 [ 153.093862][ T12] register_netdevice+0x1608/0x1ae0 [ 153.095997][ T12] nsim_create+0xae8/0xf10 [ 153.097862][ T12] __nsim_dev_port_add+0x6b6/0xb10 [ 153.100027][ T12] nsim_dev_port_add_all+0x37/0xf0 [ 153.102258][ T12] nsim_dev_reload_up+0x451/0x780 [ 153.104356][ T12] devlink_reload+0x4ec/0x8d0 [ 153.106360][ T12] page last free pid 78 tgid 78 stack trace: [ 153.108904][ T12] free_unref_folios+0xdb3/0x14f0 [ 153.110964][ T12] shrink_folio_list+0x44ab/0x4c70 [ 153.113063][ T12] evict_folios+0x471e/0x57c0 [ 153.115036][ T12] try_to_shrink_lruvec+0x8a3/0xb50 [ 153.117216][ T12] shrink_one+0x21b/0x7c0 [ 153.119035][ T12] shrink_node+0x315d/0x3780 [ 153.121024][ T12] kswapd+0x147c/0x2800 [ 153.122805][ T12] kthread+0x711/0x8a0 [ 153.124626][ T12] ret_from_fork+0x4bc/0x870 [ 153.126597][ T12] ret_from_fork_asm+0x1a/0x30 [ 153.128656][ T12] [ 153.129690][ T12] Memory state around the buggy address: [ 153.132078][ T12] ffff888011061180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 153.135367][ T12] ffff888011061200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 153.138578][ T12] >ffff888011061280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 153.141957][ T12] ^ [ 153.144276][ T12] ffff888011061300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 153.147578][ T12] ffff888011061380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 153.150940][ T12] ================================================================== [ 153.207560][ T12] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 153.210707][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u4:0 Not tainted syzkaller #0 PREEMPT(full) [ 153.214535][ T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 153.218983][ T12] Workqueue: udp_tunnel_nic udp_tunnel_nic_device_sync_work [ 153.222079][ T12] Call Trace: [ 153.223513][ T12] [ 153.224740][ T12] dump_stack_lvl+0x99/0x250 [ 153.226648][ T12] ? __asan_memcpy+0x40/0x70 [ 153.228644][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 153.230859][ T12] ? __pfx__printk+0x10/0x10 [ 153.232906][ T12] vpanic+0x237/0x6d0 [ 153.234650][ T12] ? __pfx_vpanic+0x10/0x10 [ 153.236594][ T12] ? preempt_schedule+0xae/0xc0 [ 153.238612][ T12] ? __pfx_preempt_schedule+0x10/0x10 [ 153.240934][ T12] panic+0xb9/0xc0 [ 153.242541][ T12] ? __pfx_panic+0x10/0x10 [ 153.244456][ T12] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 153.247008][ T12] ? __mutex_lock+0x147/0x1350 [ 153.249040][ T12] check_panic_on_warn+0x89/0xb0 [ 153.251115][ T12] ? __mutex_lock+0x147/0x1350 [ 153.253154][ T12] end_report+0x78/0x160 [ 153.254940][ T12] kasan_report+0x129/0x150 [ 153.256850][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 153.259271][ T12] ? __mutex_lock+0x147/0x1350 [ 153.261293][ T12] __mutex_lock+0x147/0x1350 [ 153.263262][ T12] ? __mutex_lock+0x5bb/0x1350 [ 153.265266][ T12] ? udp_tunnel_nic_device_sync_work+0x39/0xa50 [ 153.267773][ T12] ? __pfx___mutex_lock+0x10/0x10 [ 153.269807][ T12] ? __lock_acquire+0xab9/0xd20 [ 153.271779][ T12] udp_tunnel_nic_device_sync_work+0x39/0xa50 [ 153.274389][ T12] ? process_scheduled_works+0x9ef/0x17b0 [ 153.276799][ T12] ? process_scheduled_works+0x9ef/0x17b0 [ 153.279196][ T12] process_scheduled_works+0xae1/0x17b0 [ 153.281535][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 153.283972][ T12] worker_thread+0x8a0/0xda0 [ 153.286035][ T12] kthread+0x711/0x8a0 [ 153.287813][ T12] ? __pfx_worker_thread+0x10/0x10 [ 153.290020][ T12] ? __pfx_kthread+0x10/0x10 [ 153.291969][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 153.294123][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 153.296332][ T12] ? __pfx_kthread+0x10/0x10 [ 153.298304][ T12] ret_from_fork+0x4bc/0x870 [ 153.300324][ T12] ? __pfx_ret_from_fork+0x10/0x10 [ 153.302749][ T12] ? __pfx_kthread+0x10/0x10 [ 153.304826][ T12] ret_from_fork_asm+0x1a/0x30 [ 153.306887][ T12] [ 153.308660][ T12] Kernel Offset: disabled [ 153.310658][ T12] Rebooting in 86400 seconds..