program: prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@private1, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xff}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@mcast2, 0x0, 0x32}, 0x0, @in=@multicast1}}, 0xe8) socket$inet_smc(0x2b, 0x1, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0x0, [{0xfffffffc}, {}, {0x0, 0x3}]}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$sock_inet6_udp_SIOCOUTQ(r0, 0x5411, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000380)={"f9bef8d1aaeadafa287efdb9450ae3e2d260489591c42ab93a0c7bca18e9a19fa8e6cd61e9f62f91123f1311f81f85b4044554cb6e3ca1b6d1fc011bd71bdda82f37ccfa5b87dd5dcd311dbbb67f240dc02c53b7eabf3651660ce801e3878538da8bb24e1dbc480dae36207bf6b7b946c7a8ec08468f9a75ec797b8c11807655272833a7c70ccfc9a8259e7a148eca4d16b6ff519973a20b65f91a7261cdd2440a5a0566d843fa334b0280f0aacc3b417322b9b56098dd842c44139da4bd1e2212a40ba043bd72b995b172b26b71d434e9f3bf74b4ed480b264e0e9d6f628732534db36bfb92ee6419fb244db44abf0cd9357755ce9c4c9a584e5eb89ffd10c8a6c3c6115265f25f798570751917cd7cfc2ca71729e268c3b30c05b3dfdb18cbbfd3036a889f5fefb0f9d56bf970bdbf2524f8e435b721c809e73a5fdafbf1594088ad1974908bf5fc752d564c1a4989a7d1e59564567d9b437442c5c1cfec93526395d18b1ecb18dedd713ced403a00a2cd27b2dc857808287ea88157b3c19075eb33f7cc60a6161a88ad37fb04d0ce0fda24176406391a5ac521299143bdf59a474a17272105e55e9870cec2942a6705993e821e54441c877a64450e739b1321ad17e1ed552e65654bbfcc8ebd1d64fc4e888609a90410f780fe5031c27737f2de05a7ddf00129eb746a2e990438d9bf6a3211779707d615d79111b3fe71c26433482306ce7563c11cdf6f8da283ae147311465af80ba5350e6d65438cd5a20ec155d78227e5336d504f8f1145f4b942180f7ba6e5c9a070d4e31289d4845229780e53713090e782a75b32729c10da28c1f2702dad57a37416fc138040064347a0a290803f51a619402d88d0a4b2bef39bf92696b6d7052459a78a258edfe2e66f2e10a80b168b483c90a1a1dd67c6d6c9b7a2336d1678131ca38552d9acff05dcd57f9f4164064b7781d8a8b5507e21edfe35d65d726bf24799535648cd04f3b7e85c3f6762f353a8f65afdc7ba63bc0eb65d7188cb1adee1d8d14c0413458d2ff65093d972ac3696fa12defc0f8dedf2309e1b80fc672205e6ccfc6b494233c4d00b5471cb52d896c73cddee40e5e51ee8a9bbe453a1a7d5b9832cacc5965220145504ccb2a157a7c1d9d718c0bf96cd350ac5ca330c827bedbff299774707f5840a0d954ae39c9421975d48e05d87a1ceddefbecae936e15ffb308364b69eefd345d6200cd128e48c162a4ebd026fefb7cc73e80204b21ff30d63e8707292f60682c6f6a587fff9c5a0fae24e0406df5363c7c9d31f72829b6a9d9237a84e83e22c33bf6313ee4072f09f9c6254d0eb7239d51cdda77b8e3d42a89449a3e1b6be8953a27651486383879490486fd11b6ac4e1b86f8a71fc294e0ebf572f4ef00582be189ee5a38c18d4d51cd3221fb1475a56cdf3cc7258bf8c559bf1a9"}) r5 = dup(r4) ioctl$KVM_SET_CPUID2(r5, 0x4008ae90, &(0x7f0000000540)=ANY=[@ANYBLOB="010000000000000001000080"]) ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0xc0010140}]}) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000009feffff720a00fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed030407000000c00000001d440000000000006b0a00fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) setregid(0x0, 0x0) sendmsg$IEEE802154_ADD_IFACE(0xffffffffffffffff, 0x0, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=@newtaction={0x6c, 0x30, 0xffff, 0x0, 0x0, {}, [{0x58, 0x1, [@m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}, @TCA_IFE_METALST={0xc, 0x6, [@IFE_META_SKBMARK={0x8}]}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000000380)=""/231, 0xe7) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) [ 58.759869][ T24] audit: type=1326 audit(1732413955.463:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5335 comm="syz.0.0" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7cd7e819 code=0x7ffc0000 [ 58.780078][ T24] audit: type=1326 audit(1732413955.463:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5335 comm="syz.0.0" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7cd7e819 code=0x7ffc0000 [ 58.958875][ T4692] Bluetooth: hci0: command tx timeout [ 60.449674][ T5336] ================================================================== [ 60.452793][ T5336] BUG: KASAN: vmalloc-out-of-bounds in vrealloc_noprof+0x340/0x3a0 [ 60.456173][ T5336] Write of size 4064 at addr ffffc9000d491020 by task syz.0.0/5336 [ 60.459812][ T5336] [ 60.460954][ T5336] CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 60.464626][ T5336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 60.468621][ T5336] Call Trace: [ 60.469995][ T5336] [ 60.471151][ T5336] dump_stack_lvl+0x241/0x360 [ 60.473090][ T5336] ? __pfx_dump_stack_lvl+0x10/0x10 [ 60.475075][ T5336] ? __pfx__printk+0x10/0x10 [ 60.476832][ T5336] ? _printk+0xd5/0x120 [ 60.478476][ T5336] print_report+0x169/0x550 [ 60.480264][ T5336] ? __virt_addr_valid+0xbd/0x530 [ 60.482265][ T5336] ? vrealloc_noprof+0x340/0x3a0 [ 60.484252][ T5336] kasan_report+0x143/0x180 [ 60.486113][ T5336] ? vrealloc_noprof+0x340/0x3a0 [ 60.488130][ T5336] kasan_check_range+0x282/0x290 [ 60.490007][ T5336] __asan_memset+0x23/0x50 [ 60.491736][ T5336] vrealloc_noprof+0x340/0x3a0 [ 60.493601][ T5336] push_insn_history+0x16c/0x6a0 [ 60.495668][ T5336] do_check+0x692f/0xfcd0 [ 60.497684][ T5336] ? __pfx_do_check+0x10/0x10 [ 60.499854][ T5336] ? mark_reg_not_init+0xd4/0x4b0 [ 60.502162][ T5336] ? __asan_memcpy+0x40/0x70 [ 60.504283][ T5336] ? mark_reg_not_init+0xd4/0x4b0 [ 60.506678][ T5336] do_check_common+0x1564/0x2010 [ 60.509065][ T5336] bpf_check+0x19380/0x1f1b0 [ 60.511118][ T5336] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 60.513703][ T5336] ? validate_chain+0x11e/0x5920 [ 60.515963][ T5336] ? page_ext_get+0x20/0x2a0 [ 60.518020][ T5336] ? post_alloc_hook+0x206/0x230 [ 60.520084][ T5336] ? __pfx_validate_chain+0x10/0x10 [ 60.521902][ T5336] ? validate_chain+0x11e/0x5920 [ 60.523755][ T5336] ? validate_chain+0x11e/0x5920 [ 60.525697][ T5336] ? mark_lock+0x9a/0x360 [ 60.527437][ T5336] ? __pfx___might_resched+0x10/0x10 [ 60.529467][ T5336] ? validate_chain+0x11e/0x5920 [ 60.531312][ T5336] ? validate_chain+0x11e/0x5920 [ 60.533166][ T5336] ? __pfx_validate_chain+0x10/0x10 [ 60.535071][ T5336] ? validate_chain+0x11e/0x5920 [ 60.537047][ T5336] ? validate_chain+0x11e/0x5920 [ 60.538781][ T5336] ? validate_chain+0x11e/0x5920 [ 60.540568][ T5336] ? __pfx_validate_chain+0x10/0x10 [ 60.542269][ T5336] ? __pfx_validate_chain+0x10/0x10 [ 60.544134][ T5336] ? __pfx_bpf_check+0x10/0x10 [ 60.545916][ T5336] ? __pfx_validate_chain+0x10/0x10 [ 60.547782][ T5336] ? mark_lock+0x9a/0x360 [ 60.549299][ T5336] ? mark_lock+0x9a/0x360 [ 60.550810][ T5336] ? __lock_acquire+0x1397/0x2100 [ 60.552861][ T5336] ? mark_lock+0x9a/0x360 [ 60.554529][ T5336] ? __lock_acquire+0x1397/0x2100 [ 60.556405][ T5336] ? __pfx_lock_acquire+0x10/0x10 [ 60.558351][ T5336] ? ktime_get_with_offset+0x8c/0x290 [ 60.560378][ T5336] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 60.562578][ T5336] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 60.565141][ T5336] ? ktime_get_with_offset+0x8c/0x290 [ 60.567378][ T5336] ? seqcount_lockdep_reader_access+0x157/0x220 [ 60.569810][ T5336] ? lockdep_hardirqs_on+0x99/0x150 [ 60.571859][ T5336] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 60.574194][ T5336] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 60.576700][ T5336] ? _raw_spin_unlock+0x28/0x50 [ 60.578595][ T5336] ? __asan_memset+0x23/0x50 [ 60.580313][ T5336] ? bpf_obj_name_cpy+0x18a/0x1d0 [ 60.582252][ T5336] bpf_prog_load+0x1667/0x20f0 [ 60.584101][ T5336] ? __pfx_bpf_prog_load+0x10/0x10 [ 60.586369][ T5336] ? __pfx___might_resched+0x10/0x10 [ 60.588522][ T5336] ? __might_fault+0xc6/0x120 [ 60.590259][ T5336] __sys_bpf+0x4ee/0x810 [ 60.591816][ T5336] ? __pfx___sys_bpf+0x10/0x10 [ 60.593578][ T5336] ? __rseq_handle_notify_resume+0x34d/0x14d0 [ 60.595824][ T5336] ? __secure_computing+0x125/0x370 [ 60.597746][ T5336] __x64_sys_bpf+0x7c/0x90 [ 60.599392][ T5336] do_syscall_64+0xf3/0x230 [ 60.601158][ T5336] ? clear_bhb_loop+0x35/0x90 [ 60.603351][ T5336] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.605639][ T5336] RIP: 0033:0x7fdf7cd7e819 [ 60.607466][ T5336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.614631][ T5336] RSP: 002b:00007fdf7c7f8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 60.617884][ T5336] RAX: ffffffffffffffda RBX: 00007fdf7cf35fa0 RCX: 00007fdf7cd7e819 [ 60.621007][ T5336] RDX: 0000000000000048 RSI: 00000000200017c0 RDI: 0000000000000005 [ 60.624268][ T5336] RBP: 00007fdf7cdf175e R08: 0000000000000000 R09: 0000000000000000 [ 60.627231][ T5336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.630443][ T5336] R13: 0000000000000000 R14: 00007fdf7cf35fa0 R15: 00007ffef1958798 [ 60.633460][ T5336] [ 60.634638][ T5336] [ 60.635549][ T5336] The buggy address belongs to the virtual mapping at [ 60.635549][ T5336] [ffffc9000d471000, ffffc9000d493000) created by: [ 60.635549][ T5336] kvrealloc_noprof+0xc7/0x120 [ 60.641830][ T5336] [ 60.642753][ T5336] The buggy address belongs to the physical page: [ 60.645131][ T5336] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x246d pfn:0x479a2 [ 60.648605][ T5336] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 60.651409][ T5336] raw: 04fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 60.654731][ T5336] raw: 000000000000246d 0000000000000000 00000001ffffffff 0000000000000000 [ 60.657974][ T5336] page dumped because: kasan: bad access detected [ 60.660330][ T5336] page_owner tracks the page as allocated [ 60.662462][ T5336] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102cc2(GFP_HIGHUSER|__GFP_NOWARN), pid 5336, tgid 5335 (syz.0.0), ts 60448462206, free_ts 60431895126 [ 60.668988][ T5336] post_alloc_hook+0x1f3/0x230 [ 60.671266][ T5336] get_page_from_freelist+0x3649/0x3790 [ 60.673550][ T5336] __alloc_pages_slowpath+0x414/0x1020 [ 60.675623][ T5336] __alloc_pages_noprof+0x493/0x710 [ 60.677638][ T5336] alloc_pages_mpol_noprof+0x3e8/0x680 [ 60.679745][ T5336] __vmalloc_node_range_noprof+0x9c9/0x1380 [ 60.682103][ T5336] __kvmalloc_node_noprof+0x142/0x190 [ 60.684211][ T5336] kvrealloc_noprof+0xc7/0x120 [ 60.686114][ T5336] push_insn_history+0x16c/0x6a0 [ 60.687988][ T5336] do_check+0x692f/0xfcd0 [ 60.689721][ T5336] do_check_common+0x1564/0x2010 [ 60.691547][ T5336] bpf_check+0x19380/0x1f1b0 [ 60.693320][ T5336] bpf_prog_load+0x1667/0x20f0 [ 60.695101][ T5336] __sys_bpf+0x4ee/0x810 [ 60.696668][ T5336] __x64_sys_bpf+0x7c/0x90 [ 60.698409][ T5336] do_syscall_64+0xf3/0x230 [ 60.700151][ T5336] page last free pid 5336 tgid 5335 stack trace: [ 60.702638][ T5336] free_unref_folios+0xf37/0x1a20 [ 60.704510][ T5336] shrink_folio_list+0x2d3d/0x8cc0 [ 60.706400][ T5336] evict_folios+0x5568/0x7be0 [ 60.708164][ T5336] try_to_shrink_lruvec+0x9a6/0xc70 [ 60.710060][ T5336] shrink_one+0x3b9/0x850 [ 60.711687][ T5336] shrink_node+0x37c5/0x3e50 [ 60.713485][ T5336] do_try_to_free_pages+0x78c/0x1cf0 [ 60.715427][ T5336] try_to_free_pages+0x47c/0x1080 [ 60.717251][ T5336] __alloc_pages_direct_reclaim+0x178/0x3c0 [ 60.719484][ T5336] __alloc_pages_slowpath+0x764/0x1020 [ 60.721597][ T5336] __alloc_pages_noprof+0x493/0x710 [ 60.723615][ T5336] alloc_pages_mpol_noprof+0x3e8/0x680 [ 60.725717][ T5336] alloc_slab_page+0x6a/0x140 [ 60.727512][ T5336] allocate_slab+0x1c0/0x2f0 [ 60.729271][ T5336] ___slab_alloc+0xcd1/0x14b0 [ 60.731123][ T5336] __slab_alloc+0x58/0xa0 [ 60.732783][ T5336] [ 60.733732][ T5336] Memory state around the buggy address: [ 60.735865][ T5336] ffffc9000d490f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.738803][ T5336] ffffc9000d490f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.741769][ T5336] >ffffc9000d491000: 00 00 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 60.744695][ T5336] ^ [ 60.746635][ T5336] ffffc9000d491080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 60.749824][ T5336] ffffc9000d491100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 60.752754][ T5336] ================================================================== [ 60.808171][ T5336] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 60.810928][ T5336] CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 60.814712][ T5336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 60.818727][ T5336] Call Trace: [ 60.820001][ T5336] [ 60.821188][ T5336] dump_stack_lvl+0x241/0x360 [ 60.823086][ T5336] ? __pfx_dump_stack_lvl+0x10/0x10 [ 60.825178][ T5336] ? __pfx__printk+0x10/0x10 [ 60.827074][ T5336] ? preempt_schedule+0xe1/0xf0 [ 60.829060][ T5336] ? vscnprintf+0x5d/0x90 [ 60.830779][ T5336] panic+0x349/0x880 [ 60.832281][ T5336] ? check_panic_on_warn+0x21/0xb0 [ 60.834161][ T5336] ? __pfx_panic+0x10/0x10 [ 60.835819][ T5336] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 60.838148][ T5336] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 60.840736][ T5336] ? print_report+0x502/0x550 [ 60.842692][ T5336] check_panic_on_warn+0x86/0xb0 [ 60.844865][ T5336] ? vrealloc_noprof+0x340/0x3a0 [ 60.846943][ T5336] end_report+0x77/0x160 [ 60.848738][ T5336] kasan_report+0x154/0x180 [ 60.850514][ T5336] ? vrealloc_noprof+0x340/0x3a0 [ 60.852480][ T5336] kasan_check_range+0x282/0x290 [ 60.854497][ T5336] __asan_memset+0x23/0x50 [ 60.856281][ T5336] vrealloc_noprof+0x340/0x3a0 [ 60.858194][ T5336] push_insn_history+0x16c/0x6a0 [ 60.860019][ T5336] do_check+0x692f/0xfcd0 [ 60.861684][ T5336] ? __pfx_do_check+0x10/0x10 [ 60.863564][ T5336] ? mark_reg_not_init+0xd4/0x4b0 [ 60.865512][ T5336] ? __asan_memcpy+0x40/0x70 [ 60.867307][ T5336] ? mark_reg_not_init+0xd4/0x4b0 [ 60.869203][ T5336] do_check_common+0x1564/0x2010 [ 60.871208][ T5336] bpf_check+0x19380/0x1f1b0 [ 60.873041][ T5336] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 60.875238][ T5336] ? validate_chain+0x11e/0x5920 [ 60.877122][ T5336] ? page_ext_get+0x20/0x2a0 [ 60.878830][ T5336] ? post_alloc_hook+0x206/0x230 [ 60.880649][ T5336] ? __pfx_validate_chain+0x10/0x10 [ 60.882755][ T5336] ? validate_chain+0x11e/0x5920 [ 60.884689][ T5336] ? validate_chain+0x11e/0x5920 [ 60.886640][ T5336] ? mark_lock+0x9a/0x360 [ 60.888298][ T5336] ? __pfx___might_resched+0x10/0x10 [ 60.890368][ T5336] ? validate_chain+0x11e/0x5920 [ 60.892341][ T5336] ? validate_chain+0x11e/0x5920 [ 60.894288][ T5336] ? __pfx_validate_chain+0x10/0x10 [ 60.896281][ T5336] ? validate_chain+0x11e/0x5920 [ 60.898396][ T5336] ? validate_chain+0x11e/0x5920 [ 60.900501][ T5336] ? validate_chain+0x11e/0x5920 [ 60.902486][ T5336] ? __pfx_validate_chain+0x10/0x10 [ 60.904513][ T5336] ? __pfx_validate_chain+0x10/0x10 [ 60.906591][ T5336] ? __pfx_bpf_check+0x10/0x10 [ 60.908664][ T5336] ? __pfx_validate_chain+0x10/0x10 [ 60.910914][ T5336] ? mark_lock+0x9a/0x360 [ 60.912619][ T5336] ? mark_lock+0x9a/0x360 [ 60.914270][ T5336] ? __lock_acquire+0x1397/0x2100 [ 60.916235][ T5336] ? mark_lock+0x9a/0x360 [ 60.917921][ T5336] ? __lock_acquire+0x1397/0x2100 [ 60.919982][ T5336] ? __pfx_lock_acquire+0x10/0x10 [ 60.922030][ T5336] ? ktime_get_with_offset+0x8c/0x290 [ 60.924154][ T5336] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 60.926631][ T5336] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 60.929283][ T5336] ? ktime_get_with_offset+0x8c/0x290 [ 60.931470][ T5336] ? seqcount_lockdep_reader_access+0x157/0x220 [ 60.934059][ T5336] ? lockdep_hardirqs_on+0x99/0x150 [ 60.936160][ T5336] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 60.938672][ T5336] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 60.941246][ T5336] ? _raw_spin_unlock+0x28/0x50 [ 60.943063][ T5336] ? __asan_memset+0x23/0x50 [ 60.944782][ T5336] ? bpf_obj_name_cpy+0x18a/0x1d0 [ 60.946741][ T5336] bpf_prog_load+0x1667/0x20f0 [ 60.948500][ T5336] ? __pfx_bpf_prog_load+0x10/0x10 [ 60.950436][ T5336] ? __pfx___might_resched+0x10/0x10 [ 60.952425][ T5336] ? __might_fault+0xc6/0x120 [ 60.954341][ T5336] __sys_bpf+0x4ee/0x810 [ 60.956027][ T5336] ? __pfx___sys_bpf+0x10/0x10 [ 60.957879][ T5336] ? __rseq_handle_notify_resume+0x34d/0x14d0 [ 60.960188][ T5336] ? __secure_computing+0x125/0x370 [ 60.962176][ T5336] __x64_sys_bpf+0x7c/0x90 [ 60.963952][ T5336] do_syscall_64+0xf3/0x230 [ 60.965796][ T5336] ? clear_bhb_loop+0x35/0x90 [ 60.967630][ T5336] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.969933][ T5336] RIP: 0033:0x7fdf7cd7e819 [ 60.971756][ T5336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.978707][ T5336] RSP: 002b:00007fdf7c7f8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 60.981934][ T5336] RAX: ffffffffffffffda RBX: 00007fdf7cf35fa0 RCX: 00007fdf7cd7e819 [ 60.985124][ T5336] RDX: 0000000000000048 RSI: 00000000200017c0 RDI: 0000000000000005 [ 60.988362][ T5336] RBP: 00007fdf7cdf175e R08: 0000000000000000 R09: 0000000000000000 [ 60.991404][ T5336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.994379][ T5336] R13: 0000000000000000 R14: 00007fdf7cf35fa0 R15: 00007ffef1958798 [ 60.997462][ T5336] [ 60.998971][ T5336] Kernel Offset: disabled [ 61.000681][ T5336] Rebooting in 86400 seconds..