last executing test programs: 7.331254152s ago: executing program 0 (id=45): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket(0x2, 0x3, 0x100000001) setsockopt(r0, 0xff, 0xfffffffd, 0x0, 0x0) 7.221446596s ago: executing program 0 (id=47): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000001, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x4a, 0x0, &(0x7f0000000080)=0xe) 7.051707848s ago: executing program 0 (id=48): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x3, &(0x7f0000000000)=0x1, 0x4) bind$inet6(r1, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000080)=0x40, 0x4) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c) sendmmsg$inet6(r1, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000003640)=[{&(0x7f0000000680)="4137a29b582bd471798f15f967e7f8118e1abf61ebd7d146a12a42f6ffd2340daaa8dcf6da818cc0efac75e8c35abbde7a18e0226b424f5557c71db5d327baccef203377178ddb12221cdaf45711a2535ae87e6ab62ecba71b6f2ac0f6c9ead0ec52116d305204537900daaad0d6e4dd9d3ad654711b72964f28b8b5d231d709bf3cd4a0477ef446e7da5eaa15cc39e9c57d89217e33a93e080000000000000086448a8e871cf560229a3cc36317ac47bae1596458badc9ebde2c707dea2e18f859e20f7595cce0a88485e5223b2c8fc383e37cbbfe8353e2a8eb6dc65d76746a31d8f206f3152176a502d3e582a31933e40cff645d93afca045741f99af1cba5b3b6dd6c2edd5e6c4505ae594aa23cbc8a143512180028d9b3984a2517ac9a15154460ff0f654df3f8cf1c13455cb5f440a67de7a6dad269c76e2625c35222985a47aa3b920d97dea05c43bc937361d33781f8057097ca11a9d90eea3d8ae56f0e57f3a6f32f8786e165305301a3d86367337d2651a27b8c222f349491648ba165a6ed9a1e5e5397a1ee963651c2d9c79d6d5b34941375b6b53abcc7882c4e57a63de2e32c30e41030f24ae6efee9e3446eab3b5407cc20f581095dde95241e3853c4864ea7ecd07888956d9375b9ef74be4454d7693b53ed6bd0644cd93945b2eb35a6ac7c34aa11facf27ca4463e2bb1eef7126a982f0de190da6ca5b992c9fecf37053894f4b8001fa9902cb9544f8394c96faa2767c0af169cf7c3e0c49d962d47061f788999120bc2144d3bdd4cd8dc5c6f00b10958416318ef9ea9b4f2e2f92ad6ce8f2f0a6022a753acf1b3247", 0x251}], 0x1}}], 0x1, 0x4000001) r2 = dup(r1) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000002, 0x4012831, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), r2) syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r2) sendmsg$nl_route(r0, 0x0, 0x8000) 6.090530361s ago: executing program 0 (id=49): mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000340)={0xfffff2d4, 0x200ffffe, 0x7, 0xffffffff, 0x0, "4d6b5ccb00"}) socket$alg(0x26, 0x5, 0x0) pselect6(0x40, &(0x7f0000000100)={0x2, 0x0, 0xfffffffffffffff8, 0x0, 0x4, 0x10}, 0x0, &(0x7f0000000240)={0x1f, 0xc, 0x715, 0x8000000000000000, 0x0, 0x80000000000000, 0x800, 0x20000}, 0x0, 0x0) 4.408966116s ago: executing program 1 (id=52): unshare(0x26020480) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512\x00'}, 0x58) 4.310049209s ago: executing program 1 (id=53): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() socket$nl_generic(0x10, 0x3, 0x10) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd606414a60200000000000000000000000000000000000012000000000000000000000000000000012f000109000000"], 0x0) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000240)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0xffffffffffffff6b, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48) 3.538660468s ago: executing program 0 (id=54): r0 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r0, &(0x7f0000000040), 0x10) listen(r0, 0x0) r1 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r1, &(0x7f0000000080), 0x10) sendmmsg$inet6(r1, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000280)='i', 0x1}], 0x1, &(0x7f00000005c0)=ANY=[], 0x200}}], 0x1, 0x4000006) r2 = accept4$unix(r0, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) recvfrom$unix(r2, &(0x7f0000000300)=""/279, 0x117, 0x0, 0x0, 0x0) 3.410848744s ago: executing program 0 (id=55): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x2, 0x96, 0xd1, 0xca, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0xd, 0x0, 0x6}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f00000003c0)={0x0, 0x17, 0x4, "abe763a8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000740)={0x44, &(0x7f0000000180)=ANY=[@ANYBLOB="601004000000cf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000300)={0x1c, &(0x7f0000001480)=ANY=[@ANYBLOB="200104"], 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000013c0)={0x44, &(0x7f00000011c0)={0x20, 0x14, 0x4, "0426fd98"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000fc0)={0x84, &(0x7f0000000c80)={0x20, 0x0, 0x4, "f670e000"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, &(0x7f0000000f00)={0x0, 0x14, 0x4, "42467af9"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 453.419492ms ago: executing program 1 (id=56): r0 = syz_clone(0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) mount(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000000)='proc\x00', 0x800000, 0x0) capset(&(0x7f0000a31000)={0x20080522}, &(0x7f0000000080)) r2 = syz_open_procfs(r0, &(0x7f0000000100)='stack\x00') pread64(r2, &(0x7f0000000400)=""/15, 0xf, 0x2) 311.89027ms ago: executing program 1 (id=57): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4008af25, &(0x7f0000000280)=0x1) 170.075118ms ago: executing program 1 (id=58): bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0xa, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000711839000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 0s ago: executing program 1 (id=59): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3000001, 0x11, r0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, 0x0, 0x0, 0x405, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25}, 0x94) mount$fuse(0x0, 0x0, &(0x7f00000020c0), 0x413, &(0x7f0000000340)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYRESDEC=0x0, @ANYRESDEC=0x0]) bpf$PROG_LOAD(0x5, &(0x7f0000004200)={0x12, 0x4, 0x0, &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:15397' (ED25519) to the list of known hosts. syzkaller login: [ 82.917746][ T3312] cgroup: Unknown subsys name 'net' [ 83.244001][ T3312] cgroup: Unknown subsys name 'cpuset' [ 83.271120][ T3312] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.724084][ T3312] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 90.526383][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.578670][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.697569][ T3318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.714783][ T3318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.444813][ T3317] hsr_slave_0: entered promiscuous mode [ 91.450426][ T3317] hsr_slave_1: entered promiscuous mode [ 91.944323][ T3318] hsr_slave_0: entered promiscuous mode [ 91.947638][ T3318] hsr_slave_1: entered promiscuous mode [ 91.953974][ T3318] debugfs: 'hsr0' already exists in 'hsr' [ 91.954674][ T3318] Cannot create hsr debugfs directory [ 92.350072][ T3317] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 92.382062][ T3317] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 92.405937][ T3317] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 92.437841][ T3317] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 92.725501][ T3318] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 92.757745][ T3318] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 92.779090][ T3318] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 92.807689][ T3318] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 93.363330][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.565673][ T3318] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.534849][ T3317] veth0_vlan: entered promiscuous mode [ 95.594769][ T3317] veth1_vlan: entered promiscuous mode [ 95.786542][ T3317] veth0_macvtap: entered promiscuous mode [ 95.819092][ T3317] veth1_macvtap: entered promiscuous mode [ 95.959315][ T803] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.960014][ T803] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.960211][ T803] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.960339][ T803] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.335146][ T3317] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 96.806093][ T3465] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 96.899824][ T3318] veth0_vlan: entered promiscuous mode [ 96.930397][ T3318] veth1_vlan: entered promiscuous mode [ 97.117572][ T3318] veth0_macvtap: entered promiscuous mode [ 97.157591][ T3318] veth1_macvtap: entered promiscuous mode [ 97.325862][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.326753][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.327200][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.327342][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.036215][ T3521] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 104.341826][ T3521] xt_connbytes: Forcing CT accounting to be enabled [ 104.344794][ T3521] xt_CT: You must specify a L4 protocol and not use inversions on it [ 110.431159][ T3567] syz.0.42 uses obsolete (PF_INET,SOCK_PACKET) [ 116.493195][ T3587] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 116.497762][ T3587] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 119.148185][ T10] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 120.273716][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 120.305875][ T10] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 120.310160][ T10] usb 1-1: config 0 has no interface number 0 [ 120.318498][ T10] usb 1-1: config 0 interface 184 has no altsetting 0 [ 120.360205][ T10] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 120.363095][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.369326][ T10] usb 1-1: Product: syz [ 120.373746][ T10] usb 1-1: Manufacturer: syz [ 120.376314][ T10] usb 1-1: SerialNumber: syz [ 120.396365][ T10] usb 1-1: config 0 descriptor?? [ 120.454456][ T10] smsc75xx v1.0.0 [ 120.896756][ T10] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32 [ 120.900416][ T10] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32 [ 120.904356][ T10] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 120.908678][ T10] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -32 [ 121.200890][ T113] ================================================================== [ 121.205357][ T113] BUG: KASAN: slab-use-after-free in defer_free+0x3c/0xbc [ 121.207634][ T113] Write at addr f4f00000086fe360 by task kworker/u8:4/113 [ 121.208142][ T113] Pointer tag: [f4], memory tag: [fe] [ 121.208226][ T113] [ 121.209120][ T113] CPU: 0 UID: 0 PID: 113 Comm: kworker/u8:4 Not tainted syzkaller #0 PREEMPT [ 121.209491][ T113] Hardware name: linux,dummy-virt (DT) [ 121.209959][ T113] Workqueue: events_unbound bpf_map_free_deferred [ 121.211164][ T113] Call trace: [ 121.211664][ T113] show_stack+0x18/0x24 (C) [ 121.211995][ T113] dump_stack_lvl+0x78/0x90 [ 121.212116][ T113] print_report+0x108/0x61c [ 121.212172][ T113] kasan_report+0x88/0xac [ 121.212218][ T113] __do_kernel_fault+0x170/0x1c8 [ 121.212272][ T113] do_bad_area+0x68/0x78 [ 121.212320][ T113] do_tag_check_fault+0x34/0x44 [ 121.212368][ T113] do_mem_abort+0x44/0x94 [ 121.212417][ T113] el1_abort+0x44/0x68 [ 121.212467][ T113] el1h_64_sync_handler+0x50/0xac [ 121.212543][ T113] el1h_64_sync+0x6c/0x70 [ 121.212707][ T113] defer_free+0x3c/0xbc (P) [ 121.212767][ T113] kfree_nolock+0x1a0/0x1d4 [ 121.212816][ T113] range_tree_destroy+0x74/0x90 [ 121.212867][ T113] arena_map_free+0x64/0x90 [ 121.212914][ T113] bpf_map_free_deferred+0x70/0x180 [ 121.212963][ T113] process_one_work+0x178/0x2cc [ 121.213027][ T113] worker_thread+0x24c/0x354 [ 121.213075][ T113] kthread+0x130/0x1fc [ 121.213121][ T113] ret_from_fork+0x10/0x20 [ 121.213359][ T113] [ 121.213425][ T113] Allocated by task 3609: [ 121.213619][ T113] kasan_save_stack+0x3c/0x64 [ 121.213892][ T113] save_stack_info+0x40/0x158 [ 121.213935][ T113] kasan_save_alloc_info+0x14/0x20 [ 121.213970][ T113] __kasan_kmalloc+0xb4/0xb8 [ 121.214014][ T113] kmalloc_nolock_noprof+0x1dc/0x4fc [ 121.214053][ T113] range_tree_clear+0x3a4/0x6a8 [ 121.214090][ T113] arena_vm_fault+0xf0/0x1a8 [ 121.214126][ T113] __do_fault+0x3c/0x234 [ 121.214168][ T113] do_fault+0x314/0x680 [ 121.214207][ T113] __handle_mm_fault+0x440/0xc2c [ 121.214242][ T113] handle_mm_fault+0x15c/0x30c [ 121.214277][ T113] do_page_fault+0x194/0x680 [ 121.214315][ T113] do_translation_fault+0x60/0x6c [ 121.214354][ T113] do_mem_abort+0x44/0x94 [ 121.214391][ T113] el1_abort+0x44/0x68 [ 121.214427][ T113] el1h_64_sync_handler+0x50/0xac [ 121.214464][ T113] el1h_64_sync+0x6c/0x70 [ 121.214498][ T113] __arch_copy_from_user+0x14/0x23c [ 121.214540][ T113] __sys_bpf+0xe0/0x1a88 [ 121.214574][ T113] __arm64_sys_bpf+0x24/0x34 [ 121.214611][ T113] invoke_syscall+0x48/0x110 [ 121.214650][ T113] el0_svc_common.constprop.0+0x40/0xe0 [ 121.214689][ T113] do_el0_svc+0x1c/0x28 [ 121.214728][ T113] el0_svc+0x34/0x128 [ 121.214765][ T113] el0t_64_sync_handler+0xa0/0xe4 [ 121.214803][ T113] el0t_64_sync+0x1a4/0x1a8 [ 121.214875][ T113] [ 121.214921][ T113] Freed by task 113: [ 121.214968][ T113] kasan_save_stack+0x3c/0x64 [ 121.215017][ T113] save_stack_info+0x40/0x158 [ 121.215055][ T113] kasan_save_free_info+0x18/0x24 [ 121.215090][ T113] __kasan_slab_free+0x7c/0x8c [ 121.215124][ T113] kfree_nolock+0xcc/0x1d4 [ 121.215161][ T113] range_tree_destroy+0x74/0x90 [ 121.215198][ T113] arena_map_free+0x64/0x90 [ 121.215234][ T113] bpf_map_free_deferred+0x70/0x180 [ 121.215273][ T113] process_one_work+0x178/0x2cc [ 121.215310][ T113] worker_thread+0x24c/0x354 [ 121.215346][ T113] kthread+0x130/0x1fc [ 121.215381][ T113] ret_from_fork+0x10/0x20 [ 121.215426][ T113] [ 121.215466][ T113] The buggy address belongs to the object at fff00000086fe340 [ 121.215466][ T113] which belongs to the cache kmalloc-64 of size 64 [ 121.215571][ T113] The buggy address is located 32 bytes inside of [ 121.215571][ T113] 64-byte region [fff00000086fe340, fff00000086fe380) [ 121.215620][ T113] [ 121.215835][ T113] The buggy address belongs to the physical page: [ 121.216355][ T113] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfbf00000086fe180 pfn:0x486fe [ 121.216849][ T113] flags: 0x1ffc00000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x0) [ 121.217306][ T113] page_type: f5(slab) [ 121.217865][ T113] raw: 01ffc00000000000 fbf0000003001600 dead000000000122 0000000000000000 [ 121.217926][ T113] raw: fbf00000086fe180 000000008040003f 00000000f5000000 0000000000000000 [ 121.218064][ T113] page dumped because: kasan: bad access detected [ 121.218111][ T113] [ 121.218146][ T113] Memory state around the buggy address: [ 121.218421][ T113] fff00000086fe100: f3 f3 f3 f3 f3 f3 f3 f3 fe fe fe fe fe fe fe fe [ 121.218518][ T113] fff00000086fe200: f3 f3 f3 fe f5 f5 f5 fe f9 f9 f9 fe fa fa fa fa [ 121.218578][ T113] >fff00000086fe300: f6 f6 f6 fe fe fe fe fe fe fe fe fe fa fa fa fe [ 121.218639][ T113] ^ [ 121.218761][ T113] fff00000086fe400: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 121.218791][ T113] fff00000086fe500: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 121.218861][ T113] ================================================================== [ 121.219797][ T113] Disabling lock debugging due to kernel taint SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 121.814416][ T40] usb 1-1: USB disconnect, device number 2 [ 122.082022][ T113] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.208931][ T113] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.280041][ T113] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.359577][ T113] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.946164][ T113] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 122.992905][ T113] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 123.039920][ T113] bond0 (unregistering): Released all slaves [ 123.130798][ T113] hsr_slave_0: left promiscuous mode [ 123.136361][ T113] hsr_slave_1: left promiscuous mode [ 123.152786][ T113] veth1_macvtap: left promiscuous mode [ 123.153236][ T113] veth0_macvtap: left promiscuous mode [ 123.153697][ T113] veth1_vlan: left promiscuous mode [ 123.154081][ T113] veth0_vlan: left promiscuous mode [ 124.340068][ T113] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.402588][ T113] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.503083][ T113] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.560483][ T113] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.169505][ T113] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 125.213376][ T113] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 125.258471][ T113] bond0 (unregistering): Released all slaves [ 125.396005][ T113] hsr_slave_0: left promiscuous mode [ 125.399230][ T113] hsr_slave_1: left promiscuous mode [ 125.419785][ T113] veth1_macvtap: left promiscuous mode [ 125.420313][ T113] veth0_macvtap: left promiscuous mode [ 125.420783][ T113] veth1_vlan: left promiscuous mode [ 125.421274][ T113] veth0_vlan: left promiscuous mode VM DIAGNOSIS: 14:08:41 Registers: info registers vcpu 0 CPU#0 PC=ffff8000800f74e4 X00=00000000000000c0 X01=0000000000000000 X02=0000000000000001 X03=f9f0000003199080 X04=0000000000000000 X05=f0f0000003400000 X06=0000000000000000 X07=0000000000000000 X08=f0f0000003400028 X09=ffff800082a29bc8 X10=ffff800082a29bd0 X11=0000000000000040 X12=003c0a6b9dc61d45 X13=00000efdd9eaaf74 X14=00000000000002a5 X15=ffff800085b13c88 X16=ffff800082de8000 X17=fff07ffffcef4000 X18=0000000000000000 X19=f9f0000004946300 X20=0000000000000003 X21=f2f0000003024000 X22=0000000000000008 X23=f9f0000004946ba4 X24=f2f0000003024028 X25=0000000000000000 X26=f2f0000003024000 X27=ffff8000829f8a00 X28=ffff800082debec8 X29=ffff800082debd00 X30=ffff8000800f74e4 SP=ffff800082debd00 PSTATE=204020c9 --C- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000001 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0101a01000188004:141000060101ca00 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:08080019800303ff:ffffff0418f00303 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:060101ca00080019:9003000800198803 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:18e00300080018d8:0300080018d0030c Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0303ffffffff0418:f00303ffffffff04 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:f6044439b1905c16:a72e8fe856d27dea Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:37b640b5a4383c87:9f20c0e3d27f0000 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000001f40000000a Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffe5786c50:0000ffffe5786c50 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffe5786c20 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 info registers vcpu 1 CPU#1 PC=ffff80008092de40 X00=0000000000000002 X01=0000000000000018 X02=ffff800082e15018 X03=ffff800082baded0 X04=f4f0000003b81080 X05=0000000000000031 X06=0000000000000020 X07=0000000000000000 X08=7f7f7f7f7f7f7f7f X09=ffff800082badf00 X10=0000000000000001 X11=ffff8000831ebe20 X12=ffff800082adf208 X13=ffff8000831ebb8d X14=ffff8000831ebb98 X15=ffff8000831eba00 X16=0000000000000000 X17=0000000000000000 X18=00000000ffffffff X19=f1f0000003248004 X20=ffff80008092dfe4 X21=f4f0000003b81080 X22=f1f0000003248004 X23=ffff80008092dfe4 X24=0000000000000063 X25=f7f00000031ae300 X26=0000000000000001 X27=0000000000000000 X28=0000000000000000 X29=ffff8000831ebca0 X30=ffff80008092e00c SP=ffff8000831ebca0 PSTATE=814020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00524f5252450040:0000000000000000 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00524f5252450040:0000000000000000 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6edc4d3a2914b135:d8e9c869e2695c88 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffd97bff90:0000ffffd97bff90 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffd97bff60 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000