syzkaller login: [ 91.904241][ T54] cfg80211: failed to load regulatory.db
Warning: Permanently added '[localhost]:18253' (ED25519) to the list of known hosts.
2025/09/04 12:36:37 parsed 1 programs
[ 103.385013][ T5359] cgroup: Unknown subsys name 'net'
[ 103.456295][ T5359] cgroup: Unknown subsys name 'cpuset'
[ 103.463589][ T5359] cgroup: Unknown subsys name 'rlimit'
[ 105.114568][ T5359] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 109.114611][ T5368] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 112.117310][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 112.120602][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 112.172281][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 112.175925][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 112.757877][ T5423] chnl_net:caif_netlink_parms(): no params data found
[ 112.829685][ T5423] bridge0: port 1(bridge_slave_0) entered blocking state
[ 112.833526][ T5423] bridge0: port 1(bridge_slave_0) entered disabled state
[ 112.836756][ T5423] bridge_slave_0: entered allmulticast mode
[ 112.840715][ T5423] bridge_slave_0: entered promiscuous mode
[ 112.846832][ T5423] bridge0: port 2(bridge_slave_1) entered blocking state
[ 112.849995][ T5423] bridge0: port 2(bridge_slave_1) entered disabled state
[ 112.853907][ T5423] bridge_slave_1: entered allmulticast mode
[ 112.857748][ T5423] bridge_slave_1: entered promiscuous mode
[ 112.881350][ T5423] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 112.888125][ T5423] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 112.911366][ T5423] team0: Port device team_slave_0 added
[ 112.917132][ T5423] team0: Port device team_slave_1 added
[ 112.944972][ T5423] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 112.947885][ T5423] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 112.958986][ T5423] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 112.965853][ T5423] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 112.968711][ T5423] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 112.979363][ T5423] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 113.012447][ T5423] hsr_slave_0: entered promiscuous mode
[ 113.017436][ T5423] hsr_slave_1: entered promiscuous mode
[ 113.159722][ T5423] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 113.169229][ T5423] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 113.175711][ T5423] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 113.187833][ T5423] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 113.275510][ T5423] 8021q: adding VLAN 0 to HW filter on device bond0
[ 113.297473][ T5423] 8021q: adding VLAN 0 to HW filter on device team0
[ 113.309305][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 113.313344][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 113.336088][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 113.338950][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 113.518974][ T5423] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 113.566640][ T5423] veth0_vlan: entered promiscuous mode
[ 113.577042][ T5423] veth1_vlan: entered promiscuous mode
[ 113.609750][ T5423] veth0_macvtap: entered promiscuous mode
[ 113.616436][ T5423] veth1_macvtap: entered promiscuous mode
[ 113.635612][ T5423] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 113.646677][ T5423] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 113.658407][ T76] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 113.663842][ T76] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 113.667617][ T76] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 113.671347][ T76] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 113.843879][ T76] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 113.871215][ T5445] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 113.875399][ T5445] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 113.879339][ T45] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 113.884493][ T45] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 113.887863][ T45] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 113.930285][ T76] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 113.985872][ T76] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 114.074040][ T76] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/09/04 12:36:51 executed programs: 0
[ 114.835182][ T4707] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 114.839315][ T4707] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 114.846951][ T4707] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 114.850384][ T4707] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 114.854700][ T4707] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 115.036531][ T5460] chnl_net:caif_netlink_parms(): no params data found
[ 115.108904][ T5460] bridge0: port 1(bridge_slave_0) entered blocking state
[ 115.112223][ T5460] bridge0: port 1(bridge_slave_0) entered disabled state
[ 115.115346][ T5460] bridge_slave_0: entered allmulticast mode
[ 115.119844][ T5460] bridge_slave_0: entered promiscuous mode
[ 115.126342][ T5460] bridge0: port 2(bridge_slave_1) entered blocking state
[ 115.129464][ T5460] bridge0: port 2(bridge_slave_1) entered disabled state
[ 115.133075][ T5460] bridge_slave_1: entered allmulticast mode
[ 115.136970][ T5460] bridge_slave_1: entered promiscuous mode
[ 115.168404][ T5460] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 115.176060][ T5460] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 115.208430][ T5460] team0: Port device team_slave_0 added
[ 115.214324][ T5460] team0: Port device team_slave_1 added
[ 115.248201][ T5460] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 115.251314][ T5460] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 115.264951][ T5460] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 115.275171][ T5460] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 115.278120][ T5460] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 115.290859][ T5460] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 115.331404][ T5460] hsr_slave_0: entered promiscuous mode
[ 115.334777][ T5460] hsr_slave_1: entered promiscuous mode
[ 115.337573][ T5460] debugfs: 'hsr0' already exists in 'hsr'
[ 115.339971][ T5460] Cannot create hsr debugfs directory
[ 116.195330][ T76] bridge_slave_1: left allmulticast mode
[ 116.197800][ T76] bridge_slave_1: left promiscuous mode
[ 116.200708][ T76] bridge0: port 2(bridge_slave_1) entered disabled state
[ 116.225362][ T76] bridge_slave_0: left allmulticast mode
[ 116.227892][ T76] bridge_slave_0: left promiscuous mode
[ 116.230320][ T76] bridge0: port 1(bridge_slave_0) entered disabled state
[ 116.610904][ T76] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 116.617091][ T76] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 116.623768][ T76] bond0 (unregistering): Released all slaves
[ 116.736061][ T76] hsr_slave_0: left promiscuous mode
[ 116.738851][ T76] hsr_slave_1: left promiscuous mode
[ 116.753005][ T76] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 116.756260][ T76] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 116.768508][ T76] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 116.775455][ T76] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 116.809601][ T76] veth1_macvtap: left promiscuous mode
[ 116.813393][ T76] veth0_macvtap: left promiscuous mode
[ 116.815928][ T76] veth1_vlan: left promiscuous mode
[ 116.818274][ T76] veth0_vlan: left promiscuous mode
[ 116.952148][ T4707] Bluetooth: hci0: command tx timeout
[ 117.325035][ T76] team0 (unregistering): Port device team_slave_1 removed
[ 117.357110][ T76] team0 (unregistering): Port device team_slave_0 removed
[ 117.908535][ T5460] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 117.939855][ T5460] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 117.956529][ T5460] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 117.988157][ T5460] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 118.434917][ T5460] 8021q: adding VLAN 0 to HW filter on device bond0
[ 118.492740][ T5460] 8021q: adding VLAN 0 to HW filter on device team0
[ 118.540449][ T1097] bridge0: port 1(bridge_slave_0) entered blocking state
[ 118.543693][ T1097] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 118.566445][ T1097] bridge0: port 2(bridge_slave_1) entered blocking state
[ 118.569394][ T1097] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 118.661029][ T5460] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 118.886027][ T5460] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 118.926794][ T5460] veth0_vlan: entered promiscuous mode
[ 118.936737][ T5460] veth1_vlan: entered promiscuous mode
[ 118.970921][ T5460] veth0_macvtap: entered promiscuous mode
[ 118.978903][ T5460] veth1_macvtap: entered promiscuous mode
[ 118.995841][ T5460] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 119.007324][ T5460] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 119.019165][ T1097] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 119.023088][ T4707] Bluetooth: hci0: command tx timeout
[ 119.028372][ T1097] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 119.037853][ T1097] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 119.048012][ T1097] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 119.105540][ T1097] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 119.109190][ T1097] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 119.144532][ T1041] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 119.148561][ T1041] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 119.350674][ T5502] infiniband syz2: set down
[ 119.354952][ T5502] infiniband syz2: added ipvlan1
[ 119.405504][ T5502] RDS/IB: syz2: added
[ 119.407801][ T5502] smc: adding ib device syz2 with port count 1
[ 119.411332][ T5502] smc: ib device syz2 port 1 has pnetid
[ 119.606155][ T5504] syz2: rxe_newlink: already configured on ipvlan1
[ 119.637710][ T5505] syz2: rxe_newlink: already configured on ipvlan1
[ 119.676155][ T5506] syz2: rxe_newlink: already configured on ipvlan1
[ 119.715838][ T5507] syz2: rxe_newlink: already configured on ipvlan1
[ 119.749384][ T5508] syz2: rxe_newlink: already configured on ipvlan1
[ 119.790395][ T5509] syz2: rxe_newlink: already configured on ipvlan1
2025/09/04 12:36:56 executed programs: 8
[ 119.843155][ T5510] syz2: rxe_newlink: already configured on ipvlan1
[ 119.874073][ T5511] syz2: rxe_newlink: already configured on ipvlan1
[ 119.909105][ T5512] syz2: rxe_newlink: already configured on ipvlan1
[ 119.958468][ T5513] syz2: rxe_newlink: already configured on ipvlan1
[ 121.103677][ T4707] Bluetooth: hci0: command tx timeout
[ 123.184675][ T4707] Bluetooth: hci0: command tx timeout
[ 124.612482][ T5664] rxe_newlink: 143 callbacks suppressed
[ 124.612553][ T5664] syz2: rxe_newlink: already configured on ipvlan1
[ 124.648317][ T5665] syz2: rxe_newlink: already configured on ipvlan1
[ 124.662152][ T5666] syz2: rxe_newlink: already configured on ipvlan1
[ 124.674573][ T5667] syz2: rxe_newlink: already configured on ipvlan1
[ 124.708221][ T5668] syz2: rxe_newlink: already configured on ipvlan1
[ 124.727017][ T5669] syz2: rxe_newlink: already configured on ipvlan1
[ 124.740637][ T5670] syz2: rxe_newlink: already configured on ipvlan1
[ 124.769031][ T5671] syz2: rxe_newlink: already configured on ipvlan1
[ 124.786199][ T5672] syz2: rxe_newlink: already configured on ipvlan1
[ 124.799265][ T5673] syz2: rxe_newlink: already configured on ipvlan1
2025/09/04 12:37:01 executed programs: 164
[ 129.640568][ T5907] rxe_newlink: 233 callbacks suppressed
[ 129.640636][ T5907] syz2: rxe_newlink: already configured on ipvlan1
[ 129.658933][ T5908] syz2: rxe_newlink: already configured on ipvlan1
[ 129.675725][ T5909] syz2: rxe_newlink: already configured on ipvlan1
[ 129.702346][ T5910] syz2: rxe_newlink: already configured on ipvlan1
[ 129.715648][ T5911] syz2: rxe_newlink: already configured on ipvlan1
[ 129.755066][ T5912] syz2: rxe_newlink: already configured on ipvlan1
[ 129.779641][ T5913] syz2: rxe_newlink: already configured on ipvlan1
[ 129.818401][ T5914] syz2: rxe_newlink: already configured on ipvlan1
[ 129.865648][ T5915] syz2: rxe_newlink: already configured on ipvlan1
2025/09/04 12:37:06 executed programs: 407
[ 129.905250][ T5916] syz2: rxe_newlink: already configured on ipvlan1
[ 134.057496][ T45] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 134.061825][ T45] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 134.065557][ T45] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 134.069665][ T45] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 134.076958][ T45] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 134.196198][ T1097] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 134.264025][ T1097] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 134.325648][ T1097] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 134.364624][ T1097] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 134.557612][ T1097] bridge_slave_1: left allmulticast mode
[ 134.560146][ T1097] bridge_slave_1: left promiscuous mode
[ 134.573419][ T1097] bridge0: port 2(bridge_slave_1) entered disabled state
[ 134.584254][ T1097] bridge_slave_0: left allmulticast mode
[ 134.586802][ T1097] bridge_slave_0: left promiscuous mode
[ 134.589255][ T1097] bridge0: port 1(bridge_slave_0) entered disabled state
[ 134.993017][ T1097] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 134.998381][ T1097] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 135.003557][ T1097] bond0 (unregistering): Released all slaves
[ 135.158783][ T6113] chnl_net:caif_netlink_parms(): no params data found
[ 135.566203][ T1097] hsr_slave_0: left promiscuous mode
[ 135.573570][ T1097] hsr_slave_1: left promiscuous mode
[ 135.584768][ T1097] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 135.588200][ T1097] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 135.595524][ T1097] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 135.598606][ T1097] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 135.609852][ T1097] veth1_macvtap: left promiscuous mode
[ 135.612883][ T1097] veth0_macvtap: left promiscuous mode
[ 135.615237][ T1097] veth1_vlan: left promiscuous mode
[ 135.617815][ T1097] veth0_vlan: left promiscuous mode
[ 135.750581][ T1041] smc: removing ib device syz2
[ 135.914965][ T1097] team0 (unregistering): Port device team_slave_1 removed
[ 135.934232][ T1097] team0 (unregistering): Port device team_slave_0 removed
[ 136.142486][ T45] Bluetooth: hci0: command tx timeout
[ 136.178739][ T6113] bridge0: port 1(bridge_slave_0) entered blocking state
[ 136.184962][ T6113] bridge0: port 1(bridge_slave_0) entered disabled state
[ 136.187949][ T6113] bridge_slave_0: entered allmulticast mode
[ 136.204582][ T6113] bridge_slave_0: entered promiscuous mode
[ 136.210058][ T6113] bridge0: port 2(bridge_slave_1) entered blocking state
[ 136.217976][ T6113] bridge0: port 2(bridge_slave_1) entered disabled state
[ 136.220867][ T6113] bridge_slave_1: entered allmulticast mode
[ 136.227002][ T6113] bridge_slave_1: entered promiscuous mode
[ 136.231298][ T54] ==================================================================
[ 136.234991][ T54] BUG: KASAN: slab-use-after-free in __ethtool_get_link_ksettings+0x6e/0x190
[ 136.239213][ T54] Read of size 8 at addr ffff8880330c62e8 by task kworker/0:2/54
[ 136.243642][ T54]
[ 136.244730][ T54] CPU: 0 UID: 0 PID: 54 Comm: kworker/0:2 Not tainted syzkaller #0 PREEMPT(full)
[ 136.244746][ T54] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 136.244755][ T54] Workqueue: events smc_ib_port_event_work
[ 136.244838][ T54] Call Trace:
[ 136.244847][ T54]
[ 136.244853][ T54] dump_stack_lvl+0x189/0x250
[ 136.244871][ T54] ? rcu_is_watching+0x15/0xb0
[ 136.244921][ T54] ? __kasan_check_byte+0x12/0x40
[ 136.244936][ T54] ? __pfx_dump_stack_lvl+0x10/0x10
[ 136.244947][ T54] ? rcu_is_watching+0x15/0xb0
[ 136.244958][ T54] ? lock_release+0x4b/0x3e0
[ 136.244977][ T54] ? __virt_addr_valid+0x1c8/0x5c0
[ 136.244991][ T54] ? __virt_addr_valid+0x4a5/0x5c0
[ 136.245005][ T54] print_report+0xca/0x240
[ 136.245017][ T54] ? __ethtool_get_link_ksettings+0x6e/0x190
[ 136.245026][ T54] kasan_report+0x118/0x150
[ 136.245040][ T54] ? __ethtool_get_link_ksettings+0x6e/0x190
[ 136.245051][ T54] __ethtool_get_link_ksettings+0x6e/0x190
[ 136.245063][ T54] ib_get_eth_speed+0x15e/0x7b0
[ 136.245085][ T54] ? __pfx_ib_get_eth_speed+0x10/0x10
[ 136.245097][ T54] ? do_raw_spin_unlock+0x4d/0x240
[ 136.245112][ T54] rxe_query_port+0x93/0x3b0
[ 136.245126][ T54] ib_query_port+0x170/0x830
[ 136.245138][ T54] smc_ib_port_event_work+0x15a/0x940
[ 136.245153][ T54] ? _raw_spin_unlock_irq+0x23/0x50
[ 136.245169][ T54] ? process_scheduled_works+0x9ef/0x17b0
[ 136.245180][ T54] ? process_scheduled_works+0x9ef/0x17b0
[ 136.245190][ T54] process_scheduled_works+0xae1/0x17b0
[ 136.245206][ T54] ? __pfx_process_scheduled_works+0x10/0x10
[ 136.245220][ T54] worker_thread+0x8a0/0xda0
[ 136.245232][ T54] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 136.245246][ T54] ? __kthread_parkme+0x7b/0x200
[ 136.245260][ T54] kthread+0x70e/0x8a0
[ 136.245273][ T54] ? __pfx_worker_thread+0x10/0x10
[ 136.245283][ T54] ? __pfx_kthread+0x10/0x10
[ 136.245296][ T54] ? _raw_spin_unlock_irq+0x23/0x50
[ 136.245308][ T54] ? lockdep_hardirqs_on+0x9c/0x150
[ 136.245322][ T54] ? __pfx_kthread+0x10/0x10
[ 136.245335][ T54] ret_from_fork+0x3fc/0x770
[ 136.245348][ T54] ? __pfx_ret_from_fork+0x10/0x10
[ 136.245360][ T54] ? __pfx_kthread+0x10/0x10
[ 136.245372][ T54] ret_from_fork_asm+0x1a/0x30
[ 136.245390][ T54]
[ 136.245394][ T54]
[ 136.340023][ T54] Allocated by task 5460:
[ 136.341849][ T54] kasan_save_track+0x3e/0x80
[ 136.343873][ T54] __kasan_kmalloc+0x93/0xb0
[ 136.345851][ T54] __kvmalloc_node_noprof+0x30d/0x5f0
[ 136.348088][ T54] alloc_netdev_mqs+0xa3/0x11b0
[ 136.349993][ T54] rtnl_create_link+0x31f/0xd10
[ 136.351989][ T54] rtnl_newlink_create+0x25c/0xb00
[ 136.354071][ T54] rtnl_newlink+0x16d6/0x1c70
[ 136.355958][ T54] rtnetlink_rcv_msg+0x7cf/0xb70
[ 136.358105][ T54] netlink_rcv_skb+0x208/0x470
[ 136.360022][ T54] netlink_unicast+0x82c/0x9e0
[ 136.362079][ T54] netlink_sendmsg+0x805/0xb30
[ 136.363957][ T54] __sock_sendmsg+0x21c/0x270
[ 136.365819][ T54] __sys_sendto+0x3bd/0x520
[ 136.367640][ T54] __x64_sys_sendto+0xde/0x100
[ 136.369672][ T54] do_syscall_64+0xfa/0x3b0
[ 136.371610][ T54] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 136.374072][ T54]
[ 136.375086][ T54] Freed by task 1097:
[ 136.376622][ T54] kasan_save_track+0x3e/0x80
[ 136.378545][ T54] kasan_save_free_info+0x46/0x50
[ 136.380434][ T54] __kasan_slab_free+0x5b/0x80
[ 136.382281][ T54] kfree+0x18e/0x440
[ 136.383966][ T54] device_release+0x99/0x1c0
[ 136.385991][ T54] kobject_put+0x22b/0x480
[ 136.387907][ T54] netdev_run_todo+0xd2e/0xea0
[ 136.389895][ T54] default_device_exit_batch+0x81e/0x890
[ 136.392146][ T54] ops_undo_list+0x522/0x990
[ 136.394065][ T54] cleanup_net+0x4c5/0x800
[ 136.395814][ T54] process_scheduled_works+0xae1/0x17b0
[ 136.398080][ T54] worker_thread+0x8a0/0xda0
[ 136.399801][ T54] kthread+0x70e/0x8a0
[ 136.401456][ T54] ret_from_fork+0x3fc/0x770
[ 136.403326][ T54] ret_from_fork_asm+0x1a/0x30
[ 136.405152][ T54]
[ 136.406173][ T54] The buggy address belongs to the object at ffff8880330c6000
[ 136.406173][ T54] which belongs to the cache kmalloc-cg-4k of size 4096
[ 136.411999][ T54] The buggy address is located 744 bytes inside of
[ 136.411999][ T54] freed 4096-byte region [ffff8880330c6000, ffff8880330c7000)
[ 136.417451][ T54]
[ 136.418489][ T54] The buggy address belongs to the physical page:
[ 136.421200][ T54] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x330c0
[ 136.424731][ T54] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 136.428143][ T54] memcg:ffff888042f0b701
[ 136.430011][ T54] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[ 136.433061][ T54] page_type: f5(slab)
[ 136.434697][ T54] raw: 04fff00000000040 ffff88801a44b500 dead000000000122 0000000000000000
[ 136.438092][ T54] raw: 0000000000000000 0000000000040004 00000000f5000000 ffff888042f0b701
[ 136.441649][ T54] head: 04fff00000000040 ffff88801a44b500 dead000000000122 0000000000000000
[ 136.445309][ T54] head: 0000000000000000 0000000000040004 00000000f5000000 ffff888042f0b701
[ 136.448835][ T54] head: 04fff00000000003 ffffea0000cc3001 00000000ffffffff 00000000ffffffff
[ 136.452480][ T54] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 136.455939][ T54] page dumped because: kasan: bad access detected
[ 136.458543][ T54] page_owner tracks the page as allocated
[ 136.460888][ T54] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5460, tgid 5460 (syz-executor), ts 115363741590, free_ts 115320109491
[ 136.469407][ T54] post_alloc_hook+0x240/0x2a0
[ 136.471407][ T54] get_page_from_freelist+0x21e4/0x22c0
[ 136.473706][ T54] __alloc_frozen_pages_noprof+0x181/0x370
[ 136.476055][ T54] alloc_pages_mpol+0x232/0x4a0
[ 136.478072][ T54] allocate_slab+0x8a/0x370
[ 136.479948][ T54] ___slab_alloc+0xbeb/0x1410
[ 136.481945][ T54] __kmalloc_cache_noprof+0x296/0x3d0
[ 136.484098][ T54] ipv6_add_dev+0x6ca/0x1370
[ 136.485962][ T54] addrconf_notify+0x794/0x1010
[ 136.487912][ T54] notifier_call_chain+0x1b3/0x3e0
[ 136.490009][ T54] register_netdevice+0x1608/0x1ae0
[ 136.492146][ T54] virt_wifi_newlink+0x428/0x860
[ 136.494174][ T54] rtnl_newlink_create+0x310/0xb00
[ 136.496221][ T54] rtnl_newlink+0x16d6/0x1c70
[ 136.498100][ T54] rtnetlink_rcv_msg+0x7cf/0xb70
[ 136.500046][ T54] netlink_rcv_skb+0x208/0x470
[ 136.501933][ T54] page last free pid 5460 tgid 5460 stack trace:
[ 136.504473][ T54] __free_frozen_pages+0xbc4/0xd30
[ 136.506607][ T54] __put_partials+0x156/0x1a0
[ 136.508636][ T54] put_cpu_partial+0x17c/0x250
[ 136.510708][ T54] __slab_free+0x2d5/0x3c0
[ 136.512583][ T54] qlist_free_all+0x97/0x140
[ 136.514522][ T54] kasan_quarantine_reduce+0x148/0x160
[ 136.516745][ T54] __kasan_slab_alloc+0x22/0x80
[ 136.518808][ T54] __kmalloc_cache_noprof+0x1be/0x3d0
[ 136.521031][ T54] register_netdevice+0x58b/0x1ae0
[ 136.523237][ T54] veth_newlink+0x5cc/0xa50
[ 136.525120][ T54] rtnl_newlink_create+0x310/0xb00
[ 136.527287][ T54] rtnl_newlink+0x16d6/0x1c70
[ 136.529265][ T54] rtnetlink_rcv_msg+0x7cf/0xb70
[ 136.531427][ T54] netlink_rcv_skb+0x208/0x470
[ 136.533495][ T54] netlink_unicast+0x82c/0x9e0
[ 136.535537][ T54] netlink_sendmsg+0x805/0xb30
[ 136.537596][ T54]
[ 136.538678][ T54] Memory state around the buggy address:
[ 136.541066][ T54] ffff8880330c6180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 136.544603][ T54] ffff8880330c6200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 136.548090][ T54] >ffff8880330c6280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 136.551680][ T54] ^
[ 136.554835][ T54] ffff8880330c6300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 136.558210][ T54] ffff8880330c6380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 136.561561][ T54] ==================================================================
[ 136.579316][ T54] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 136.582466][ T54] CPU: 0 UID: 0 PID: 54 Comm: kworker/0:2 Not tainted syzkaller #0 PREEMPT(full)
[ 136.586400][ T54] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 136.590948][ T54] Workqueue: events smc_ib_port_event_work
[ 136.593341][ T54] Call Trace:
[ 136.594803][ T54]
[ 136.596059][ T54] dump_stack_lvl+0x99/0x250
[ 136.598023][ T54] ? __asan_memcpy+0x40/0x70
[ 136.600020][ T54] ? __pfx_dump_stack_lvl+0x10/0x10
[ 136.602141][ T54] ? __pfx__printk+0x10/0x10
[ 136.604169][ T54] vpanic+0x281/0x750
[ 136.605882][ T54] ? preempt_schedule+0xae/0xc0
[ 136.608006][ T54] ? __pfx_vpanic+0x10/0x10
[ 136.610048][ T54] ? preempt_schedule_common+0x83/0xd0
[ 136.612352][ T54] ? preempt_schedule+0xae/0xc0
[ 136.614478][ T54] ? __pfx_preempt_schedule+0x10/0x10
[ 136.616776][ T54] panic+0xb9/0xc0
[ 136.618450][ T54] ? __pfx_panic+0x10/0x10
[ 136.620397][ T54] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 136.622918][ T54] ? __ethtool_get_link_ksettings+0x6e/0x190
[ 136.625471][ T54] check_panic_on_warn+0x89/0xb0
[ 136.627670][ T54] ? __ethtool_get_link_ksettings+0x6e/0x190
[ 136.630379][ T54] end_report+0x78/0x160
[ 136.632277][ T54] kasan_report+0x129/0x150
[ 136.634273][ T54] ? __ethtool_get_link_ksettings+0x6e/0x190
[ 136.636831][ T54] __ethtool_get_link_ksettings+0x6e/0x190
[ 136.639235][ T54] ib_get_eth_speed+0x15e/0x7b0
[ 136.641304][ T54] ? __pfx_ib_get_eth_speed+0x10/0x10
[ 136.643652][ T54] ? do_raw_spin_unlock+0x4d/0x240
[ 136.645821][ T54] rxe_query_port+0x93/0x3b0
[ 136.647819][ T54] ib_query_port+0x170/0x830
[ 136.649932][ T54] smc_ib_port_event_work+0x15a/0x940
[ 136.652218][ T54] ? _raw_spin_unlock_irq+0x23/0x50
[ 136.654445][ T54] ? process_scheduled_works+0x9ef/0x17b0
[ 136.656835][ T54] ? process_scheduled_works+0x9ef/0x17b0
[ 136.659450][ T54] process_scheduled_works+0xae1/0x17b0
[ 136.661901][ T54] ? __pfx_process_scheduled_works+0x10/0x10
[ 136.664589][ T54] worker_thread+0x8a0/0xda0
[ 136.666505][ T54] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 136.668801][ T54] ? __kthread_parkme+0x7b/0x200
[ 136.670448][ T54] kthread+0x70e/0x8a0
[ 136.671807][ T54] ? __pfx_worker_thread+0x10/0x10
[ 136.673452][ T54] ? __pfx_kthread+0x10/0x10
[ 136.675292][ T54] ? _raw_spin_unlock_irq+0x23/0x50
[ 136.677262][ T54] ? lockdep_hardirqs_on+0x9c/0x150
[ 136.679102][ T54] ? __pfx_kthread+0x10/0x10
[ 136.680755][ T54] ret_from_fork+0x3fc/0x770
[ 136.682668][ T54] ? __pfx_ret_from_fork+0x10/0x10
[ 136.684784][ T54] ? __pfx_kthread+0x10/0x10
[ 136.686790][ T54] ret_from_fork_asm+0x1a/0x30
[ 136.688772][ T54]
[ 136.690506][ T54] Kernel Offset: disabled
[ 136.692312][ T54] Rebooting in 86400 seconds..
VM DIAGNOSIS:
12:37:13 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000069 RBX=0000000000000069 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc9000100f0b0
R8 =ffff888033e88237 R9 =1ffff110067d1046 R10=dffffc0000000000 R11=ffffffff8550d3c0
R12=dffffc0000000000 R13=ffffffff99b088e1 R14=ffffffff99dfd820 R15=0000000000000000
RIP=ffffffff8550d43c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88808d20d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000557194ec8138 CR3=0000000042dca000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000f8000000 Opmask01=000000000007ffff Opmask02=000000000007ffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 006b636f732e7669 72706e752f646370
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7834302578302074 6e65766520646574 63657078656e7520 3a7325006b636f73
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5d1115005d150551 4b40534005414051 4640555d404b5005 1f5600004e464a56
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0016000000000003 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555b6fa8ab60
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000200000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000555b6fa8aa20 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 205f20635f64200a 336d203935206169 5f6663620a203631 205f642020333500
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 bfbfbfbfbfbfbfbf bfbfbfbfbfbfbfbf bfbfbfbfbfbfbfbf bfbff52532232d20
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 262821df2e2e33df 3228df3232202b22 df312e232d2435bf 2324353124322431
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000