Warning: Permanently added '10.128.0.223' (ECDSA) to the list of known hosts.
2021/08/08 06:50:23 parsed 1 programs
2021/08/08 06:50:23 executed programs: 0
syzkaller login: [ 1581.659560][ T8550] chnl_net:caif_netlink_parms(): no params data found
[ 1581.727757][ T8550] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1581.736219][ T8550] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1581.746620][ T8550] device bridge_slave_0 entered promiscuous mode
[ 1581.756690][ T8550] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1581.764252][ T8550] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1581.771981][ T8550] device bridge_slave_1 entered promiscuous mode
[ 1581.805313][ T8550] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1581.817234][ T8550] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1581.851407][ T8550] team0: Port device team_slave_0 added
[ 1581.858692][ T8550] team0: Port device team_slave_1 added
[ 1581.885921][ T8550] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1581.892896][ T8550] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1581.918850][ T8550] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1581.931478][ T8550] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1581.938515][ T8550] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1581.964864][ T8550] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1582.001090][ T8550] device hsr_slave_0 entered promiscuous mode
[ 1582.008586][ T8550] device hsr_slave_1 entered promiscuous mode
[ 1582.131426][ T8550] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1582.141902][ T8550] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1582.152312][ T8550] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1582.162640][ T8550] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1582.190813][ T8550] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1582.198031][ T8550] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1582.205889][ T8550] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1582.212959][ T8550] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1582.257267][ T8550] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1582.271052][ T8883] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1582.283063][ T8883] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1582.291861][ T8883] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1582.300462][ T8883] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 1582.313299][ T8550] 8021q: adding VLAN 0 to HW filter on device team0
[ 1582.325413][ T8523] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1582.336293][ T8523] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1582.343364][ T8523] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1582.355942][ T8883] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1582.365289][ T8883] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1582.372387][ T8883] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1582.395124][ T8883] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1582.404562][ T8883] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1582.414625][ T8883] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1582.425661][ T8523] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1582.440660][ T8550] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1582.452400][ T8550] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1582.461990][ T8883] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1582.485254][ T8550] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1582.492699][ T8884] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1582.500746][ T8884] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1582.525913][ T8883] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1582.539855][ T8715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1582.551169][ T8715] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1582.559701][ T8715] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1582.571633][ T8550] device veth0_vlan entered promiscuous mode
[ 1582.583316][ T8550] device veth1_vlan entered promiscuous mode
[ 1582.606418][ T8884] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1582.614850][ T8884] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1582.623537][ T8884] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1582.637138][ T8550] device veth0_macvtap entered promiscuous mode
[ 1582.649918][ T8550] device veth1_macvtap entered promiscuous mode
[ 1582.667270][ T8550] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1582.676801][ T8715] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1582.687034][ T8715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1582.699746][ T8550] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1582.708028][ T8523] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1582.716740][ T8523] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1582.729009][ T8550] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1582.738297][ T8550] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1582.747154][ T8550] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1582.756735][ T8550] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1582.859044][   T31] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1582.872059][   T31] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1582.896446][  T252] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1582.907514][  T252] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1582.908833][ T8886] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 1582.938303][ T8886] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 1583.474945][ T8883] Bluetooth: hci0: command 0x0409 tx timeout
2021/08/08 06:50:28 executed programs: 65
[ 1585.554232][ T8714] Bluetooth: hci0: command 0x041b tx timeout
[ 1587.634261][ T8883] Bluetooth: hci0: command 0x040f tx timeout
[ 1589.713577][ T8883] Bluetooth: hci0: command 0x0419 tx timeout
2021/08/08 06:50:33 executed programs: 203
2021/08/08 06:50:38 executed programs: 340
2021/08/08 06:50:43 executed programs: 483
2021/08/08 06:50:48 executed programs: 621
[ 1607.003829][ T3264] ieee802154 phy0 wpan0: encryption failed: -22
[ 1607.010486][ T3264] ieee802154 phy1 wpan1: encryption failed: -22
2021/08/08 06:50:53 executed programs: 761
2021/08/08 06:50:58 executed programs: 900
2021/08/08 06:51:03 executed programs: 1035
2021/08/08 06:51:08 executed programs: 1175
2021/08/08 06:51:13 executed programs: 1315
2021/08/08 06:51:18 executed programs: 1449
2021/08/08 06:51:23 executed programs: 1588
2021/08/08 06:51:28 executed programs: 1724
2021/08/08 06:51:33 executed programs: 1857
2021/08/08 06:51:38 executed programs: 1993
2021/08/08 06:51:43 executed programs: 2131
2021/08/08 06:51:48 executed programs: 2269
[ 1668.430447][ T3264] ieee802154 phy0 wpan0: encryption failed: -22
[ 1668.436780][ T3264] ieee802154 phy1 wpan1: encryption failed: -22
2021/08/08 06:51:53 executed programs: 2408
2021/08/08 06:51:58 executed programs: 2547
2021/08/08 06:52:03 executed programs: 2688
2021/08/08 06:52:08 executed programs: 2823
2021/08/08 06:52:13 executed programs: 2953
2021/08/08 06:52:19 executed programs: 3089
2021/08/08 06:52:24 executed programs: 3225
2021/08/08 06:52:29 executed programs: 3364
[ 1706.347522][ T8883] Bluetooth: hci0: command 0x0406 tx timeout
2021/08/08 06:52:34 executed programs: 3501
2021/08/08 06:52:39 executed programs: 3639
2021/08/08 06:52:44 executed programs: 3780
2021/08/08 06:52:49 executed programs: 3998
[ 1729.877840][ T3264] ieee802154 phy0 wpan0: encryption failed: -22
[ 1729.884618][ T3264] ieee802154 phy1 wpan1: encryption failed: -22
2021/08/08 06:52:54 executed programs: 4273
2021/08/08 06:52:59 executed programs: 4547
2021/08/08 06:53:04 executed programs: 4820
2021/08/08 06:53:09 executed programs: 5107
[ 1747.264296][T26444] ==================================================================
[ 1747.272576][T26444] BUG: KASAN: use-after-free in nf_tables_dump_sets+0xadf/0xaf0
[ 1747.280279][T26444] Read of size 8 at addr ffff8880166ab580 by task syz-executor.0/26444
[ 1747.288541][T26444] 
[ 1747.290851][T26444] CPU: 0 PID: 26444 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0
[ 1747.299594][T26444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1747.309638][T26444] Call Trace:
[ 1747.312908][T26444]  dump_stack_lvl+0xcd/0x134
[ 1747.317620][T26444]  print_address_description.constprop.0.cold+0x6c/0x309
[ 1747.324736][T26444]  ? nf_tables_dump_sets+0xadf/0xaf0
[ 1747.330012][T26444]  ? nf_tables_dump_sets+0xadf/0xaf0
[ 1747.335320][T26444]  kasan_report.cold+0x83/0xdf
[ 1747.340095][T26444]  ? nf_tables_dump_sets+0xadf/0xaf0
[ 1747.345367][T26444]  nf_tables_dump_sets+0xadf/0xaf0
[ 1747.350576][T26444]  ? nf_tables_getset+0x860/0x860
[ 1747.355608][T26444]  ? memset+0x20/0x40
[ 1747.359729][T26444]  ? __build_skb_around+0x23e/0x2f0
[ 1747.364956][T26444]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1747.371244][T26444]  netlink_dump+0x4b9/0xb70
[ 1747.375821][T26444]  ? netlink_insert+0x1690/0x1690
[ 1747.380852][T26444]  ? __mutex_unlock_slowpath+0xe2/0x610
[ 1747.386429][T26444]  ? rcu_read_lock_sched_held+0x3a/0x70
[ 1747.392024][T26444]  ? memcpy+0x39/0x60
[ 1747.396004][T26444]  ? kmemdup+0x43/0x50
[ 1747.400134][T26444]  __netlink_dump_start+0x642/0x900
[ 1747.405339][T26444]  ? nft_netdev_hook_alloc+0x1a0/0x1a0
[ 1747.410848][T26444]  nft_netlink_dump_start_rcu+0x83/0x1c0
[ 1747.416492][T26444]  nf_tables_getset+0x71d/0x860
[ 1747.421354][T26444]  ? nf_tables_fill_set+0x1680/0x1680
[ 1747.426744][T26444]  ? nfnetlink_rcv_msg+0x3fe/0x13f0
[ 1747.432023][T26444]  ? nft_netdev_hook_alloc+0x1a0/0x1a0
[ 1747.437484][T26444]  ? nf_tables_getset+0x860/0x860
[ 1747.442508][T26444]  ? nf_tables_dump_obj_done+0x80/0x80
[ 1747.447979][T26444]  ? __nla_parse+0x3d/0x50
[ 1747.452457][T26444]  ? nf_tables_fill_set+0x1680/0x1680
[ 1747.457846][T26444]  nfnetlink_rcv_msg+0x659/0x13f0
[ 1747.462896][T26444]  ? nfnetlink_net_init+0x380/0x380
[ 1747.468119][T26444]  ? rcu_read_lock_sched_held+0x3a/0x70
[ 1747.473686][T26444]  ? __dev_queue_xmit+0x1b8e/0x3710
[ 1747.478970][T26444]  ? lock_downgrade+0x6e0/0x6e0
[ 1747.483965][T26444]  ? __local_bh_enable_ip+0xa0/0x120
[ 1747.489300][T26444]  ? lockdep_hardirqs_on+0x79/0x100
[ 1747.494517][T26444]  ? __dev_queue_xmit+0x1b8e/0x3710
[ 1747.499726][T26444]  ? __local_bh_enable_ip+0xa0/0x120
[ 1747.505029][T26444]  ? __dev_queue_xmit+0xa5f/0x3710
[ 1747.510175][T26444]  netlink_rcv_skb+0x153/0x420
[ 1747.514947][T26444]  ? nfnetlink_net_init+0x380/0x380
[ 1747.520594][T26444]  ? netlink_ack+0xa60/0xa60
[ 1747.525197][T26444]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1747.531441][T26444]  ? ns_capable+0xd9/0x100
[ 1747.535863][T26444]  nfnetlink_rcv+0x1ac/0x420
[ 1747.540452][T26444]  ? nfnetlink_rcv_batch+0x25f0/0x25f0
[ 1747.545918][T26444]  ? netlink_deliver_tap+0x1b1/0xc30
[ 1747.551236][T26444]  netlink_unicast+0x533/0x7d0
[ 1747.556010][T26444]  ? netlink_attachskb+0x890/0x890
[ 1747.561127][T26444]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1747.567369][T26444]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1747.573610][T26444]  ? __phys_addr_symbol+0x2c/0x70
[ 1747.578668][T26444]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1747.584395][T26444]  ? __check_object_size+0x16e/0x3f0
[ 1747.589752][T26444]  netlink_sendmsg+0x86d/0xdb0
[ 1747.594531][T26444]  ? netlink_unicast+0x7d0/0x7d0
[ 1747.599484][T26444]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1747.605823][T26444]  ? netlink_unicast+0x7d0/0x7d0
[ 1747.610863][T26444]  sock_sendmsg+0xcf/0x120
[ 1747.615334][T26444]  ____sys_sendmsg+0x6e8/0x810
[ 1747.620106][T26444]  ? kernel_sendmsg+0x50/0x50
[ 1747.624795][T26444]  ? do_recvmmsg+0x6d0/0x6d0
[ 1747.629409][T26444]  ? lock_chain_count+0x20/0x20
[ 1747.634265][T26444]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 1747.640264][T26444]  ___sys_sendmsg+0xf3/0x170
[ 1747.644864][T26444]  ? sendmsg_copy_msghdr+0x160/0x160
[ 1747.650159][T26444]  ? __fget_files+0x21b/0x3e0
[ 1747.654937][T26444]  ? lock_downgrade+0x6e0/0x6e0
[ 1747.659826][T26444]  ? __fget_files+0x23d/0x3e0
[ 1747.664531][T26444]  ? __fget_light+0xea/0x280
[ 1747.669129][T26444]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1747.675375][T26444]  __sys_sendmsg+0xe5/0x1b0
[ 1747.679899][T26444]  ? __sys_sendmsg_sock+0x30/0x30
[ 1747.684962][T26444]  ? syscall_enter_from_user_mode+0x21/0x70
[ 1747.690867][T26444]  do_syscall_64+0x35/0xb0
[ 1747.695288][T26444]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1747.701271][T26444] RIP: 0033:0x4665e9
[ 1747.705182][T26444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1747.724800][T26444] RSP: 002b:00007f2c24718188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1747.733310][T26444] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[ 1747.741291][T26444] RDX: 0000000000000000 RSI: 0000000020000d80 RDI: 0000000000000004
[ 1747.749269][T26444] RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000
[ 1747.757244][T26444] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80
[ 1747.765212][T26444] R13: 00007fffb1c1ca2f R14: 00007f2c24718300 R15: 0000000000022000
[ 1747.773200][T26444] 
[ 1747.775528][T26444] Allocated by task 26444:
[ 1747.779946][T26444]  kasan_save_stack+0x1b/0x40
[ 1747.784634][T26444]  __kasan_kmalloc+0x9b/0xd0
[ 1747.789663][T26444]  nf_tables_newtable+0xe3e/0x1b40
[ 1747.794774][T26444]  nfnetlink_rcv_batch+0x1710/0x25f0
[ 1747.800055][T26444]  nfnetlink_rcv+0x3af/0x420
[ 1747.804646][T26444]  netlink_unicast+0x533/0x7d0
[ 1747.809412][T26444]  netlink_sendmsg+0x86d/0xdb0
[ 1747.814189][T26444]  sock_sendmsg+0xcf/0x120
[ 1747.818601][T26444]  ____sys_sendmsg+0x6e8/0x810
[ 1747.823362][T26444]  ___sys_sendmsg+0xf3/0x170
[ 1747.827949][T26444]  __sys_sendmsg+0xe5/0x1b0
[ 1747.832465][T26444]  do_syscall_64+0x35/0xb0
[ 1747.836887][T26444]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1747.842780][T26444] 
[ 1747.845095][T26444] Freed by task 26443:
[ 1747.849158][T26444]  kasan_save_stack+0x1b/0x40
[ 1747.853850][T26444]  kasan_set_track+0x1c/0x30
[ 1747.858439][T26444]  kasan_set_free_info+0x20/0x30
[ 1747.863387][T26444]  __kasan_slab_free+0xfb/0x130
[ 1747.868240][T26444]  slab_free_freelist_hook+0xdf/0x240
[ 1747.873611][T26444]  kfree+0xe4/0x530
[ 1747.877413][T26444]  nf_tables_table_destroy+0x13f/0x1b0
[ 1747.882888][T26444]  __nft_release_table+0xabc/0xe30
[ 1747.888014][T26444]  nft_rcv_nl_event+0x4af/0x590
[ 1747.892873][T26444]  notifier_call_chain+0xb5/0x200
[ 1747.898406][T26444]  blocking_notifier_call_chain+0x67/0x90
[ 1747.904164][T26444]  netlink_release+0xcb8/0x1dd0
[ 1747.909031][T26444]  __sock_release+0xcd/0x280
[ 1747.913627][T26444]  sock_close+0x18/0x20
[ 1747.917776][T26444]  __fput+0x288/0x920
[ 1747.921758][T26444]  task_work_run+0xdd/0x1a0
[ 1747.926265][T26444]  exit_to_user_mode_prepare+0x27e/0x290
[ 1747.931942][T26444]  syscall_exit_to_user_mode+0x19/0x60
[ 1747.937409][T26444]  do_syscall_64+0x42/0xb0
[ 1747.941829][T26444]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1747.947724][T26444] 
[ 1747.950039][T26444] The buggy address belongs to the object at ffff8880166ab400
[ 1747.950039][T26444]  which belongs to the cache kmalloc-512 of size 512
[ 1747.964181][T26444] The buggy address is located 384 bytes inside of
[ 1747.964181][T26444]  512-byte region [ffff8880166ab400, ffff8880166ab600)
[ 1747.977451][T26444] The buggy address belongs to the page:
[ 1747.983067][T26444] page:ffffea000059aa00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x166a8
[ 1747.993212][T26444] head:ffffea000059aa00 order:2 compound_mapcount:0 compound_pincount:0
[ 1748.001529][T26444] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 1748.009528][T26444] raw: 00fff00000010200 ffffea00009eb300 0000000400000004 ffff888010841c80
[ 1748.018108][T26444] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[ 1748.026690][T26444] page dumped because: kasan: bad access detected
[ 1748.033105][T26444] page_owner tracks the page as allocated
[ 1748.038809][T26444] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 23643, ts 1730415746365, free_ts 1727523669671
[ 1748.059384][T26444]  get_page_from_freelist+0xa72/0x2f80
[ 1748.064877][T26444]  __alloc_pages+0x1b2/0x500
[ 1748.069462][T26444]  alloc_pages+0x18c/0x2a0
[ 1748.073921][T26444]  allocate_slab+0x32e/0x4b0
[ 1748.078508][T26444]  ___slab_alloc+0x4ba/0x820
[ 1748.083099][T26444]  __slab_alloc.constprop.0+0xa7/0xf0
[ 1748.088520][T26444]  __kmalloc_node_track_caller+0x2e3/0x360
[ 1748.094326][T26444]  pskb_expand_head+0x15e/0x1060
[ 1748.099269][T26444]  netlink_trim+0x1ea/0x240
[ 1748.103771][T26444]  netlink_unicast+0xb9/0x7d0
[ 1748.108461][T26444]  nlmsg_notify+0x106/0x290
[ 1748.112996][T26444]  nf_tables_commit+0x1c1e/0x47f0
[ 1748.118019][T26444]  nfnetlink_rcv_batch+0xbac/0x25f0
[ 1748.123233][T26444]  nfnetlink_rcv+0x3af/0x420
[ 1748.127820][T26444]  netlink_unicast+0x533/0x7d0
[ 1748.132595][T26444]  netlink_sendmsg+0x86d/0xdb0
[ 1748.137361][T26444] page last free stack trace:
[ 1748.142031][T26444]  free_pcp_prepare+0x2c5/0x780
[ 1748.146943][T26444]  free_unref_page+0x19/0x690
[ 1748.151879][T26444]  qlist_free_all+0x5a/0xc0
[ 1748.156385][T26444]  kasan_quarantine_reduce+0x180/0x200
[ 1748.161838][T26444]  __kasan_slab_alloc+0x8e/0xa0
[ 1748.166689][T26444]  kmem_cache_alloc+0x285/0x4a0
[ 1748.171551][T26444]  getname_flags.part.0+0x50/0x4f0
[ 1748.176749][T26444]  __x64_sys_unlink+0xb1/0x100
[ 1748.181511][T26444]  do_syscall_64+0x35/0xb0
[ 1748.185926][T26444]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1748.191822][T26444] 
[ 1748.194142][T26444] Memory state around the buggy address:
[ 1748.199761][T26444]  ffff8880166ab480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1748.207814][T26444]  ffff8880166ab500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1748.215865][T26444] >ffff8880166ab580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1748.223913][T26444]                    ^
[ 1748.227986][T26444]  ffff8880166ab600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1748.236217][T26444]  ffff8880166ab680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1748.244265][T26444] ==================================================================
[ 1748.252317][T26444] Disabling lock debugging due to kernel taint
[ 1748.261524][T26444] Kernel panic - not syncing: panic_on_warn set ...
[ 1748.268127][T26444] CPU: 1 PID: 26444 Comm: syz-executor.0 Tainted: G    B             5.14.0-rc4-syzkaller #0
[ 1748.278285][T26444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1748.288346][T26444] Call Trace:
[ 1748.291628][T26444]  dump_stack_lvl+0xcd/0x134
[ 1748.296232][T26444]  panic+0x306/0x73d
[ 1748.300199][T26444]  ? __warn_printk+0xf3/0xf3
[ 1748.304834][T26444]  ? preempt_schedule_common+0x59/0xc0
[ 1748.310305][T26444]  ? nf_tables_dump_sets+0xadf/0xaf0
[ 1748.315614][T26444]  ? preempt_schedule_thunk+0x16/0x18
[ 1748.321042][T26444]  ? trace_hardirqs_on+0x38/0x1c0
[ 1748.326243][T26444]  ? trace_hardirqs_on+0x51/0x1c0
[ 1748.331277][T26444]  ? nf_tables_dump_sets+0xadf/0xaf0
[ 1748.336556][T26444]  ? nf_tables_dump_sets+0xadf/0xaf0
[ 1748.341856][T26444]  end_report.cold+0x5a/0x5a
[ 1748.346444][T26444]  kasan_report.cold+0x71/0xdf
[ 1748.351203][T26444]  ? nf_tables_dump_sets+0xadf/0xaf0
[ 1748.356485][T26444]  nf_tables_dump_sets+0xadf/0xaf0
[ 1748.361614][T26444]  ? nf_tables_getset+0x860/0x860
[ 1748.366633][T26444]  ? memset+0x20/0x40
[ 1748.370621][T26444]  ? __build_skb_around+0x23e/0x2f0
[ 1748.375815][T26444]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1748.382054][T26444]  netlink_dump+0x4b9/0xb70
[ 1748.386567][T26444]  ? netlink_insert+0x1690/0x1690
[ 1748.391593][T26444]  ? __mutex_unlock_slowpath+0xe2/0x610
[ 1748.397137][T26444]  ? rcu_read_lock_sched_held+0x3a/0x70
[ 1748.402688][T26444]  ? memcpy+0x39/0x60
[ 1748.406660][T26444]  ? kmemdup+0x43/0x50
[ 1748.410738][T26444]  __netlink_dump_start+0x642/0x900
[ 1748.415935][T26444]  ? nft_netdev_hook_alloc+0x1a0/0x1a0
[ 1748.421393][T26444]  nft_netlink_dump_start_rcu+0x83/0x1c0
[ 1748.427026][T26444]  nf_tables_getset+0x71d/0x860
[ 1748.431883][T26444]  ? nf_tables_fill_set+0x1680/0x1680
[ 1748.437348][T26444]  ? nfnetlink_rcv_msg+0x3fe/0x13f0
[ 1748.442540][T26444]  ? nft_netdev_hook_alloc+0x1a0/0x1a0
[ 1748.447998][T26444]  ? nf_tables_getset+0x860/0x860
[ 1748.453015][T26444]  ? nf_tables_dump_obj_done+0x80/0x80
[ 1748.458472][T26444]  ? __nla_parse+0x3d/0x50
[ 1748.462880][T26444]  ? nf_tables_fill_set+0x1680/0x1680
[ 1748.468256][T26444]  nfnetlink_rcv_msg+0x659/0x13f0
[ 1748.473278][T26444]  ? nfnetlink_net_init+0x380/0x380
[ 1748.478472][T26444]  ? rcu_read_lock_sched_held+0x3a/0x70
[ 1748.484027][T26444]  ? __dev_queue_xmit+0x1b8e/0x3710
[ 1748.489218][T26444]  ? lock_downgrade+0x6e0/0x6e0
[ 1748.494065][T26444]  ? __local_bh_enable_ip+0xa0/0x120
[ 1748.499369][T26444]  ? lockdep_hardirqs_on+0x79/0x100
[ 1748.504564][T26444]  ? __dev_queue_xmit+0x1b8e/0x3710
[ 1748.509761][T26444]  ? __local_bh_enable_ip+0xa0/0x120
[ 1748.515041][T26444]  ? __dev_queue_xmit+0xa5f/0x3710
[ 1748.520146][T26444]  netlink_rcv_skb+0x153/0x420
[ 1748.524911][T26444]  ? nfnetlink_net_init+0x380/0x380
[ 1748.530103][T26444]  ? netlink_ack+0xa60/0xa60
[ 1748.534693][T26444]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1748.540930][T26444]  ? ns_capable+0xd9/0x100
[ 1748.545340][T26444]  nfnetlink_rcv+0x1ac/0x420
[ 1748.549925][T26444]  ? nfnetlink_rcv_batch+0x25f0/0x25f0
[ 1748.555466][T26444]  ? netlink_deliver_tap+0x1b1/0xc30
[ 1748.560752][T26444]  netlink_unicast+0x533/0x7d0
[ 1748.565517][T26444]  ? netlink_attachskb+0x890/0x890
[ 1748.570639][T26444]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1748.576877][T26444]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1748.583120][T26444]  ? __phys_addr_symbol+0x2c/0x70
[ 1748.588137][T26444]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1748.593850][T26444]  ? __check_object_size+0x16e/0x3f0
[ 1748.599133][T26444]  netlink_sendmsg+0x86d/0xdb0
[ 1748.603897][T26444]  ? netlink_unicast+0x7d0/0x7d0
[ 1748.608837][T26444]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1748.615084][T26444]  ? netlink_unicast+0x7d0/0x7d0
[ 1748.620059][T26444]  sock_sendmsg+0xcf/0x120
[ 1748.624485][T26444]  ____sys_sendmsg+0x6e8/0x810
[ 1748.629256][T26444]  ? kernel_sendmsg+0x50/0x50
[ 1748.633932][T26444]  ? do_recvmmsg+0x6d0/0x6d0
[ 1748.638523][T26444]  ? lock_chain_count+0x20/0x20
[ 1748.643375][T26444]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 1748.649351][T26444]  ___sys_sendmsg+0xf3/0x170
[ 1748.653937][T26444]  ? sendmsg_copy_msghdr+0x160/0x160
[ 1748.659237][T26444]  ? __fget_files+0x21b/0x3e0
[ 1748.663913][T26444]  ? lock_downgrade+0x6e0/0x6e0
[ 1748.668762][T26444]  ? __fget_files+0x23d/0x3e0
[ 1748.673442][T26444]  ? __fget_light+0xea/0x280
[ 1748.678037][T26444]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1748.684277][T26444]  __sys_sendmsg+0xe5/0x1b0
[ 1748.688777][T26444]  ? __sys_sendmsg_sock+0x30/0x30
[ 1748.693809][T26444]  ? syscall_enter_from_user_mode+0x21/0x70
[ 1748.699711][T26444]  do_syscall_64+0x35/0xb0
[ 1748.704120][T26444]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1748.710219][T26444] RIP: 0033:0x4665e9
[ 1748.714118][T26444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1748.733717][T26444] RSP: 002b:00007f2c24718188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1748.742136][T26444] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
[ 1748.750096][T26444] RDX: 0000000000000000 RSI: 0000000020000d80 RDI: 0000000000000004
[ 1748.758058][T26444] RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000
[ 1748.766029][T26444] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80
[ 1748.774000][T26444] R13: 00007fffb1c1ca2f R14: 00007f2c24718300 R15: 0000000000022000
[ 1748.783681][T26444] Kernel Offset: disabled
[ 1748.788015][T26444] Rebooting in 86400 seconds..