program: r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) (async) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000e40)={0x60, r4, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_STA_WME={0x24, 0x81, [@NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x7}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x2}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0xa}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0xf}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_AIRTIME_WEIGHT={0x6, 0x112, 0x2}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x1f9}]}, 0x60}}, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000dc0), 0x28200, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000e00)={'nicvf0\x00', 0x8000}) (async) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) sendmmsg(r7, &(0x7f0000000d00)=[{{&(0x7f0000000280)=@tipc=@id={0x1e, 0x3, 0x2, {0x4e22, 0x2}}, 0x80, &(0x7f0000000740)=[{&(0x7f0000000380)="2d04e18207da674d6ec9846ec5ceac6a7882c36e2991f28099abdfb3416c394781547e4db66b15583492b2ce073cc911a615356c2db7585a43f3b168397e09bf68b54cad26c6534002c96bab615fc2840fae95c4c9680f1039edad5957e33b83b34634366b33fcc8296f10b3e7d622020ad5871d7628e6d627b9ce35de72dbca8bcbc5b85c3f53dd2aa9b4caf197af0f060b4e69e2b6e6e475404a18998e23d1fbb9ed391f6abc0d62c153ac07e19e5113f1c16a3e8eae544b3dd5e8ba", 0xbd}, {&(0x7f0000000440)="09a955796cd00aabfaf10768e2b95bdbda1f4b3c840929d264079f0a5619bffa97d153886f39b5f18471d4e07306fb0615dfaf9078119a55e724cb98cd0c29fd80846293d6baa773818abd7b08952ac8d3058cf6cd04bcbf7dd3b07e87800b2e202715214a3eecdec2535cf0664c59ebf5ef836adf3f43a700b8705f8cf5c5f73fca9b84c856e2959c983049ca3551", 0x8f}, {&(0x7f0000000500)="b1d6c4bb66a9a6fbedce6dd0b8bce2ed7643f42ee68f6aece1a496eda9e370210d0a1d273f7d4de4a53a4acdf6ff385c1eea9c08f054bc7aea5fd295a49f030dfa54a566be664d36b9c856a6236665c72121806554e0112bd1ac659f6972e5e9ab17a0e3cacf8f34bf0f8c88fafbdb39d9e196c1daf9b6bfe1602804a7e769576f975136a2d38607b463d3f626f097401977934cefb2e7bb060b85aeee1aa2d5760f64ac4c32d869ca89f928835b8644ce9bf3742e3525d723d9e5228dd763e4f5e47d267b921e", 0xc7}, {&(0x7f0000000600)="990aadef0723fa8397aa4d673d125d1391cece7d0b12daf9017a7cda9efdc57338237a12c8d304bc1d2ba714316c527649de27ee0fe38973d6b3e74de40ad027a1e7f37f7c004ab9b12b08d5722b69b29c1a3b", 0x91}, {&(0x7f0000000680)="5b9fd5e7af803a49a02210cf342a37ef6ec475327f741000b2ac7614df9d156dc94ca2f46233486ee223dddc540c554fbb201af9a6c030b9e21b27182b3314fb8ceb8a8f758ecdbf84288fa1231cb81a1f174a9cacf33f9fe7a6e5ae8a05d063574f0a7d9702b385f4bfd303ce33b32e10cbd7a514cc7c3bd1a6fa83052dfbe5aafb2e7a3165f332d3a099a87fead4900e957920baaef42b16d26a9779964d47af0d2aa2c879", 0xa6}], 0x5, &(0x7f00000007c0)=[{0xc8, 0x10d, 0x6, "88d175842590960df4e6870e525f7f8cc07cb26fdd1db32d50c9654f5f9a4933b66b014c73de387a342990f278647dcdb7818e39fc051f8272dba8737177602e7d2669d8a186d9bcccafc78408f717bd6deb85a822a9f133a7485c5854c7a6dec1c571d4973a066f6aba2a1abb5a4e04b8da802c815f3fa13b0c1f68b1f292a3848affcc78b7ac592f5373d406257fdb81a24dbb1e8850ebdfd50d208a3e8119711fdf7bae631b153884943ec6243d3f8a1afad7e4"}, {0xd8, 0x14, 0x3, "5477a3d141ad82b632950c62033603274c1dea6bf41c072a60825a4390c5de3940031b64d380a7ae7944f049e2b33aa25a659355d0262946ce049b7f38535be7e275ae1beef04faf99575c587d39884c8c33e47dc827c9f3cc7c73636d75e8a2621b6b6b3ac56ffef57fe8446b16fcd761fd90b0d5c11357f1fbeca6655dd5ea420f4a3f8c6956f586a91044918bf51fe369bbb6ea7f8c8ec10ad4299805363bc00125546e154dc8205b9c636f990b7329e97c83fd1f777779abcd0bec7ff7a91dc9291b03f124"}, {0xa8, 0x101, 0x7, "4daed0741ebfd6abe357157925d1246a271114b37c2a1468c8f15a291bd174ea4a63bc83ad8b9a6fbefe2afa8a9150465379c4302b3aefe8ba2e1ac9efe36f64d48dd520fcce9dadd8563c1ce6512b3f7851ff66810891bad611280215ed6ddb631fd47ff298f24b253830e93d472051e46a63b8277633c366074f042d132eebb0a86149ffbb2754ad23d8934edf83e79260df63"}], 0x248}}, {{&(0x7f0000000a40)=@x25, 0x80, &(0x7f0000000c00)=[{&(0x7f0000000ac0)="4be1053ffb495be91faf2edc6f81e8676eda93ddf784ce3df9ba745fa1243ba4b1f3a7caf7eacb0b7e581f946922210213caf1c90949fe184f3ebd4306b5b9638b896775b4087c807e8c5ce8d74dd285a7537a6efc619c442efb390608f19e791cf9729d8d7a5152466cf4a91090765c25441433d86b367d449669ff37221704ccb2", 0x82}, {&(0x7f0000000b80)="7a2209d52e3ac6f1642140dea5747d78ddfb8f53493e2bac59c9338b5273e17523bddd7472b9fb92790d1bf2f71b58fe467ba91f5226115aa4363d0a1585718aa5022102d9b68cd6663003a660f75e9ba32fd77d651f1014c3fccefc00a7cc52061bce2e94b984ed", 0x68}], 0x2}}, {{&(0x7f0000000c40)=@rc={0x1f, @any, 0x6}, 0x80, &(0x7f0000000cc0)}}], 0x3, 0x4000001) (async) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) (async) ioctl$sock_netdev_private(r7, 0x8914, &(0x7f0000000000)) (async) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000cc0)={'veth1_macvtap\x00'}) (async) ioctl$sock_netrom_SIOCADDRT(r1, 0x890b, &(0x7f00000001c0)={0x1, @default, @bpq0, 0x2, 'syz1\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5, 0x0, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) connect$netrom(r1, &(0x7f0000000300)={{0x6, @default}, [@null, @default, @default, @default, @bcast, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x48) (async) ioctl$sock_ifreq(r0, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'}) syz_mount_image$udf(&(0x7f00000005c0), &(0x7f0000000600)='./file0\x00', 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="005bdefa8134"], 0x1, 0x5bd, &(0x7f0000000680)="$eJzs3U9sHFcdB/Dfm3jtdRonmzR1CwR1paoqCiKKHdomNhKYGFeIqLFwHBFOmHgTlvpPZCfIqQD1BgckxIEDBySEhBSBQIgj4kBPcEDcgXt74OIDEhIHhGZ21ruxt8Sqs3Fdfz5SvLNvfvPmzRwifffNvg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOLzX5g6P5b2exQAAABAP70+9+Xz4/I/AAAAfKhdM/8PAAAAAAAAAAddiiy+Fym+NLmZjhXvW6pXmiv3NuanZ3ofNpyKI48U9fm/6tj4hU+//MqrF9uv///4x+0jcXXu2lT98urynbXG+npjsT6/0ry5utjYdQ97PX67s8UNqC+/cW/x1q31+vi5Cw/t3qi9M/TUaG3y4sSNWrt2fnpmZq6rZqDyvs++gyc8AAAADrfByOL1SPH2n3+TRiIii71n4Ud8dtBvw1HL83dxEfPTM8WFLDUXVu7mO2fbQbhWXmtpsJ2Rn0AW35OfRZzKxzoo0QMAALB7lSIFp3jtd5vpeEQcaefgTxYLA773gfUnOMge8nGeiYgX4gBkdgAAANhnQ5HFTyPF8olqnMgz834PCAAAAHjsBiKLVyPFvyY3U614HiAizs5Pz9SvXK9/ceXWalftbCpn1A/69wOeJM8mAAAA8AFQjSxGiif+N9PJ/R4MAAAA0BfDkcVfI8XHnv9Wsa5cFOvSn5i8NDg+1r3C3LOP6CevPRcRz+zyO/mVcq3B2TSbUvb4rwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDDZShl8d9I8Z3r9U5jLUUWkdpvq/mf2fS54/szRAAAAAAAAADgUVIWP44UP6lspiwiNmrvDD01Wpu8OHGjdiSOFA8BpO76q3PXpuqXV5fvrDXW1xuL9fmV5s3VxcZuT1e90ly5tzE/PdOXi3mk4T6Pf7h6efXO/bXm7W/c7bn/aHXq6+t31xZu9t4dw1GPONLdcrYY8Pz0TDHopebCSnHobNrtiAEAACCikrL4T6R4sf4gbeXO1vP/A603nTT6i89E3l6obs+fxecGx4vPDVrbJyYvVcZf6t7uGVnPFoE6D7gzc13NA5Wdpfk5U8piKlK8O/FcMbIUR2NHZo5W3Uik+OFXz5R12WDUItrd1lo93mouNc7ntT+KFKdvtGujqK2WtU93asfy2qG832sP1w6Xtac7teN57Uyk+MdrvWuf6dReyGs3IsWDB/V27dG8dqSsHe3Unru5urTY61YCAAAAAAAAcHhVUha/ihR//EM9tefGB1rzzzvn/7/d+S7AW9s7eo85/73O/9e62t4q5/V/kI/im88Vc/nF/H+t9/z/VKT4y9UzZV1r7n2w3H+y+NuZ/78eKd5efbh2qKw91akd2/WNBQAAgA+QPP+fiRTf/9PvB9rZuMz/ZQLvnf8/OrCtoz7l/5Ndbfk51++/+cbC0lJjzYYNGza2Nvb+fyEAAHzY5fm/ESl+/re/b813l/n/WOtdJ///+7ud/D+xvaM+5f9TXW0T5VqElYGI6t3lO5XRiOr6/Tc/1VxeuN243VgZu/TK+MXx82MvVwbbc/udrT3fKgAAADiw8vw/Fyl+/c9fbq13t5v5/6PbO+pT/n+6qy0/Z2fSb8+XDgAAAIdGnv8vRYqvPP/brXXpH87/ndSe5//2+v+feKH12vnNgP7k/9NdbbXyvDs+ewAAAAAAAAAAAAAAAAAAAIADrpKyeClSvPjuQBop23az/t/i9o769P3/0a62xXgyv/+355sKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcSllk0YwUH392M302b/haxLHuVwAAAODA+18AAAD//0qnGWg=") (async) r8 = open(&(0x7f0000000080)='./bus\x00', 0x62142, 0x0) (async) setrlimit(0x1, &(0x7f0000000000)={0x38, 0xffffffffffffffff}) pwrite64(r8, &(0x7f0000000300)='_', 0x1, 0x10000000005) (async) r9 = open(&(0x7f0000000040)='./bus\x00', 0x10007e, 0x0) sendfile(r9, r9, 0x0, 0x100000000) (async) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@ipv4_getroute={0x1c, 0x1a, 0x2, 0x70bd2b, 0x25dfdbfe, {0x2, 0x20, 0x14, 0xff, 0xfd, 0x4, 0xfd, 0x9, 0x2600}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20008000}, 0x4000000) [ 85.407177][ T45] Bluetooth: hci0: command tx timeout [ 85.543027][ T5341] ================================================================== [ 85.546629][ T5341] BUG: KASAN: slab-use-after-free in sk_skb_reason_drop+0x37/0x170 [ 85.550440][ T5341] Write of size 4 at addr ffff888052e6f864 by task syz.0.0/5341 [ 85.555143][ T5341] [ 85.556370][ T5341] CPU: 0 UID: 0 PID: 5341 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 85.556387][ T5341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.556396][ T5341] Call Trace: [ 85.556404][ T5341] [ 85.556411][ T5341] dump_stack_lvl+0x189/0x250 [ 85.556431][ T5341] ? __virt_addr_valid+0x1c8/0x5c0 [ 85.556448][ T5341] ? rcu_is_watching+0x15/0xb0 [ 85.556508][ T5341] ? __kasan_check_byte+0x12/0x40 [ 85.556523][ T5341] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.556537][ T5341] ? rcu_is_watching+0x15/0xb0 [ 85.556550][ T5341] ? lock_release+0x4b/0x3e0 [ 85.556565][ T5341] ? __virt_addr_valid+0x1c8/0x5c0 [ 85.556581][ T5341] ? __virt_addr_valid+0x4a5/0x5c0 [ 85.556597][ T5341] print_report+0xca/0x230 [ 85.556608][ T5341] ? sk_skb_reason_drop+0x37/0x170 [ 85.556627][ T5341] kasan_report+0x118/0x150 [ 85.556640][ T5341] ? sk_skb_reason_drop+0x37/0x170 [ 85.556656][ T5341] kasan_check_range+0x2b0/0x2c0 [ 85.556670][ T5341] sk_skb_reason_drop+0x37/0x170 [ 85.556684][ T5341] nr_transmit_buffer+0x11d/0x1b0 [ 85.556697][ T5341] nr_establish_data_link+0x62/0xb0 [ 85.556708][ T5341] nr_connect+0x6e6/0xde0 [ 85.556724][ T5341] ? __pfx_nr_connect+0x10/0x10 [ 85.556739][ T5341] ? tomoyo_socket_connect_permission+0x164/0x290 [ 85.556754][ T5341] ? bpf_lsm_socket_connect+0x9/0x20 [ 85.556772][ T5341] __sys_connect+0x313/0x440 [ 85.556785][ T5341] ? __rseq_handle_notify_resume+0x37e/0x11f0 [ 85.556820][ T5341] ? __pfx___sys_connect+0x10/0x10 [ 85.556834][ T5341] ? rcu_is_watching+0x15/0xb0 [ 85.556847][ T5341] __x64_sys_connect+0x7a/0x90 [ 85.556858][ T5341] do_syscall_64+0xfa/0x3b0 [ 85.556904][ T5341] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.556921][ T5341] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.556932][ T5341] ? clear_bhb_loop+0x60/0xb0 [ 85.556944][ T5341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.556955][ T5341] RIP: 0033:0x7f89e358e929 [ 85.556969][ T5341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.556978][ T5341] RSP: 002b:00007f89e431b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 85.556992][ T5341] RAX: ffffffffffffffda RBX: 00007f89e37b6080 RCX: 00007f89e358e929 [ 85.557000][ T5341] RDX: 0000000000000048 RSI: 0000200000000300 RDI: 0000000000000005 [ 85.557007][ T5341] RBP: 00007f89e3610ca1 R08: 0000000000000000 R09: 0000000000000000 [ 85.557013][ T5341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.557020][ T5341] R13: 0000000000000000 R14: 00007f89e37b6080 R15: 00007ffcc6edfca8 [ 85.557032][ T5341] [ 85.557036][ T5341] [ 85.681430][ T5341] Allocated by task 5341: [ 85.683426][ T5341] kasan_save_track+0x3e/0x80 [ 85.685350][ T5341] __kasan_slab_alloc+0x6c/0x80 [ 85.687423][ T5341] kmem_cache_alloc_node_noprof+0x1bb/0x3c0 [ 85.690020][ T5341] __alloc_skb+0x112/0x2d0 [ 85.692116][ T5341] nr_write_internal+0xe2/0xc60 [ 85.694277][ T5341] nr_establish_data_link+0x62/0xb0 [ 85.696562][ T5341] nr_connect+0x6e6/0xde0 [ 85.698469][ T5341] __sys_connect+0x313/0x440 [ 85.700487][ T5341] __x64_sys_connect+0x7a/0x90 [ 85.702493][ T5341] do_syscall_64+0xfa/0x3b0 [ 85.704609][ T5341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.707971][ T5341] [ 85.709145][ T5341] Freed by task 5341: [ 85.710917][ T5341] kasan_save_track+0x3e/0x80 [ 85.712925][ T5341] kasan_save_free_info+0x46/0x50 [ 85.715063][ T5341] __kasan_slab_free+0x62/0x70 [ 85.717194][ T5341] kmem_cache_free+0x18f/0x400 [ 85.719391][ T5341] nr_route_frame+0x467/0x7e0 [ 85.721699][ T5341] nr_transmit_buffer+0xe7/0x1b0 [ 85.723947][ T5341] nr_establish_data_link+0x62/0xb0 [ 85.726351][ T5341] nr_connect+0x6e6/0xde0 [ 85.728175][ T5341] __sys_connect+0x313/0x440 [ 85.730211][ T5341] __x64_sys_connect+0x7a/0x90 [ 85.732385][ T5341] do_syscall_64+0xfa/0x3b0 [ 85.734545][ T5341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.737521][ T5341] [ 85.738891][ T5341] The buggy address belongs to the object at ffff888052e6f780 [ 85.738891][ T5341] which belongs to the cache skbuff_head_cache of size 240 [ 85.745356][ T5341] The buggy address is located 228 bytes inside of [ 85.745356][ T5341] freed 240-byte region [ffff888052e6f780, ffff888052e6f870) [ 85.751113][ T5341] [ 85.752220][ T5341] The buggy address belongs to the physical page: [ 85.755160][ T5341] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x52e6f [ 85.759295][ T5341] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 85.762394][ T5341] page_type: f5(slab) [ 85.764013][ T5341] raw: 04fff00000000000 ffff88801bef7b40 dead000000000122 0000000000000000 [ 85.767636][ T5341] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 85.771427][ T5341] page dumped because: kasan: bad access detected [ 85.774399][ T5341] page_owner tracks the page as allocated [ 85.777044][ T5341] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 12, tgid 12 (kworker/u4:0), ts 85532196665, free_ts 0 [ 85.784339][ T5341] post_alloc_hook+0x240/0x2a0 [ 85.786465][ T5341] get_page_from_freelist+0x21e4/0x22c0 [ 85.789242][ T5341] __alloc_frozen_pages_noprof+0x181/0x370 [ 85.792319][ T5341] alloc_pages_mpol+0x232/0x4a0 [ 85.794468][ T5341] allocate_slab+0x8a/0x3b0 [ 85.796379][ T5341] ___slab_alloc+0xbfc/0x1480 [ 85.798408][ T5341] kmem_cache_alloc_node_noprof+0x280/0x3c0 [ 85.800883][ T5341] __alloc_skb+0x112/0x2d0 [ 85.802839][ T5341] nsim_dev_trap_report_work+0x29a/0xb80 [ 85.805185][ T5341] process_scheduled_works+0xae1/0x17b0 [ 85.807532][ T5341] worker_thread+0x8a0/0xda0 [ 85.809605][ T5341] kthread+0x70e/0x8a0 [ 85.811815][ T5341] ret_from_fork+0x3fc/0x770 [ 85.814170][ T5341] ret_from_fork_asm+0x1a/0x30 [ 85.816261][ T5341] page_owner free stack trace missing [ 85.818548][ T5341] [ 85.819568][ T5341] Memory state around the buggy address: [ 85.822028][ T5341] ffff888052e6f700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 85.825551][ T5341] ffff888052e6f780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 85.829224][ T5341] >ffff888052e6f800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 85.832971][ T5341] ^ [ 85.836054][ T5341] ffff888052e6f880: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 85.839559][ T5341] ffff888052e6f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 85.843488][ T5341] ================================================================== [ 85.931255][ T5341] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 85.934292][ T5341] CPU: 0 UID: 0 PID: 5341 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) [ 85.939824][ T5341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.945712][ T5341] Call Trace: [ 85.947171][ T5341] [ 85.948457][ T5341] dump_stack_lvl+0x99/0x250 [ 85.950444][ T5341] ? __asan_memcpy+0x40/0x70 [ 85.952624][ T5341] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.954903][ T5341] ? __pfx__printk+0x10/0x10 [ 85.957377][ T5341] panic+0x2db/0x790 [ 85.959685][ T5341] ? __pfx_preempt_schedule+0x10/0x10 [ 85.962483][ T5341] ? __pfx_panic+0x10/0x10 [ 85.964420][ T5341] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 85.966924][ T5341] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 85.969334][ T5341] ? sk_skb_reason_drop+0x37/0x170 [ 85.971465][ T5341] check_panic_on_warn+0x89/0xb0 [ 85.973540][ T5341] ? sk_skb_reason_drop+0x37/0x170 [ 85.975705][ T5341] end_report+0x78/0x160 [ 85.977593][ T5341] kasan_report+0x129/0x150 [ 85.980110][ T5341] ? sk_skb_reason_drop+0x37/0x170 [ 85.983233][ T5341] kasan_check_range+0x2b0/0x2c0 [ 85.985522][ T5341] sk_skb_reason_drop+0x37/0x170 [ 85.987712][ T5341] nr_transmit_buffer+0x11d/0x1b0 [ 85.989899][ T5341] nr_establish_data_link+0x62/0xb0 [ 85.992314][ T5341] nr_connect+0x6e6/0xde0 [ 85.994299][ T5341] ? __pfx_nr_connect+0x10/0x10 [ 85.996637][ T5341] ? tomoyo_socket_connect_permission+0x164/0x290 [ 86.000191][ T5341] ? bpf_lsm_socket_connect+0x9/0x20 [ 86.002431][ T5341] __sys_connect+0x313/0x440 [ 86.004523][ T5341] ? __rseq_handle_notify_resume+0x37e/0x11f0 [ 86.007459][ T5341] ? __pfx___sys_connect+0x10/0x10 [ 86.009811][ T5341] ? rcu_is_watching+0x15/0xb0 [ 86.012352][ T5341] __x64_sys_connect+0x7a/0x90 [ 86.014802][ T5341] do_syscall_64+0xfa/0x3b0 [ 86.016955][ T5341] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.019175][ T5341] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.021696][ T5341] ? clear_bhb_loop+0x60/0xb0 [ 86.023786][ T5341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.026456][ T5341] RIP: 0033:0x7f89e358e929 [ 86.028895][ T5341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.037665][ T5341] RSP: 002b:00007f89e431b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 86.041392][ T5341] RAX: ffffffffffffffda RBX: 00007f89e37b6080 RCX: 00007f89e358e929 [ 86.045168][ T5341] RDX: 0000000000000048 RSI: 0000200000000300 RDI: 0000000000000005 [ 86.048861][ T5341] RBP: 00007f89e3610ca1 R08: 0000000000000000 R09: 0000000000000000 [ 86.052219][ T5341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.055600][ T5341] R13: 0000000000000000 R14: 00007f89e37b6080 R15: 00007ffcc6edfca8 [ 86.058912][ T5341] [ 86.060957][ T5341] Kernel Offset: disabled [ 86.063518][ T5341] Rebooting in 86400 seconds..