program: syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000240)='./file0\x00', 0x2000084c, &(0x7f0000000400)=ANY=[@ANYBLOB='iocharset=ascii,discard,dmask=00000000000000000000007,uid=', @ANYRESDEC=0x0, @ANYBLOB=',discard,\x00', @ANYRESHEX, @ANYRESOCT=0x0, @ANYRESOCT, @ANYBLOB="0002001100000000303030303030303030303030303030303030303135322c796f636884c178f94be4ee34617273657439697300926f38", @ANYBLOB="51060c4f1adb6e795b70e7edcdc5cd30e197ceacee351e08a6e2ee4650101fb28229b16aecf828a55c8aa0efd840e40fef6612e7b389eb304c41e39360e1f5cb6f78bd7100bd30bbd42aa24b2dc9171d068e92ac848e65c9", @ANYRES64, @ANYRESDEC], 0x81, 0x151a, &(0x7f0000002a80)="$eJzs3AuYjtX6MPB1r7UexjTpbZLDsO51P7xpsEyS5JCQQ5IkSZJTQtIkSUJiyClpSEKOk+QwhOQwjUnjfD7knDTZ0iRJSEiyvku7/2fvr713//3V9/m+Pffvuhbrnue97/d+3nuueZ/nva6Zb3qOqteifu1mRCT+EPjrfylCiBghxDAhxDVCiEAIUSm+Uvyl4wUUpPyxJ2F/rgfTr3QH7Eri+edtPP+8jeeft/H88zaef97G88/beP55G8+fsbxs+5xi1/LKu+sKf/7v4Y89K/tD+P3/P0hu+clfbCx/fa9/I4Xnn7fx/PM2nn/exvPP23j+eRvP/z9frX9xjOeft/H8GcvLrvTnz/8frZhfX7Ir3cefuq7wtx9jjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMsTzinL9MCyH+a3+l+2KMMcYYY4wxxtifx+e/0h0wxhhjjDHGGGPs/zwQUiihRSDyifwiRhQQseIqESeuFgXFNSIirhXx4jpRSFwvCosioqgoJhJEcVFCGIHCChKhKClKiai4QZQWN4pEUUaUFeWEE+VFkrhJVBA3i4riFlFJ3Coqi9tEFVFVVBPVxe2ihrhD1BS1RG1xp6gj6op6or64SzQQd4uG4h7RSNwrGov7RBNxv2gqHhDNxIOiuXhItBAPi5biEdFKtBZtRFvR7n8r/wXRV7wo+on+IkUMEAPFS2KQGCyGiKFimHhZDBeviBHiVZEqRopR4jUxWrwuxog3xFgxTowXb4oJYqKYJCaLKWKqSBNviWnibTFdvCNmiJlilpgt0sUcMVe8K+aJ+WKBeE8sFO+LRWKxWCKWigzxgcgUy0SW+FAsFx+JbLFCrBSrxGqxRqwV68R6sUFsFJvEZrFFbBXbxHbxsdghdopdYrfYI/aKfeITsV98Kg6Iz0SO+PzfzD/7v+T3AgECJEjQoCEf5IMYiIFYiIU4iIOCUBAiEIF4iIdCUAgKQ2EoCkUhARKgBJQABAQCgpJQEqIQhdJQGhIhEcpCWXDgIAmSoALcDBWhIlSCSlAZKkMVqApVoTpUhxpQA2pCTagNtaEO1IF6UA/ugrvgbmgIDaERNILG0BiaQBNoCk2hGTSD5tAcWkALaAktoRW0gjbQBtpBO2gP7aEDdIBO0Ak6Q2foAl0gGZKhK3SFbtANukN36AE9oCf0hF7QG3rDC/ACvAgvQn+oIwfAQBgIg2AQDIGhMBRehuHwCrwCr0IqjIRR8Bq8Bq/DGDgDY2EcjIfxUENOhEkwGUhOhTRIg2kwDabDdJgBM2EmzIZ0mANzYS7Mg/kwH96DhfD+ufdhMSyGpZABGZAJyyALsmA5nIVsWAErYRWshjWwGtbBelgHG2ETbIQtsAW2wTb4GD6GnbATdsNu2At74RP4BD6FTyEVciAHDsJBOASH4DAchlzIhSNwBI7CUTgGx+A4HIcTcBJOwUk4DafhDJyFc3AOzsN5uADPJXzVfG+ZDalCXqKllvlkPhkjY2SsjJVxMk4WlAVlREZkvIyXhWQhWVgWlkVlUZkgE2QJWUKiREkylCVlSRmVUVlalpaJMlGWlWWlk04mySRZQVaQFWVFWUneKivL22QVWVV2dNVldVlDdnI1ZS1ZW9aWdWRdWU/Wl/VlA9lANpQNZSPZSDaWjWUTeb9sKgfAEHhQXppMCzkSWspR0Eq2lm1kW/k6PCrbyzHQQXaUneTjchyMhS6yvUuWT8muchJ0k8/IyfCs7CGnQk/5vOwle8s+8gXZV3Zw/WR/OQMGyIFyNgySg+UQOVTOg7ry0sTqyVdlqhwpR8nX5FJ4XY6Rb8ixcpwcL9+UE+REOUlOllPkVJkm35LT5NtyunxHzpAz5Sw5W6bLOXKufFfOk/PlAvmeXCjfl4vkYrlELpUZ8gOZKZfJLPmhXC4/ktlyhVwpV8nVco1cK9fJ9XKD3Cg3yc1yi9wqt8nt8mO5Q+6Uu+RuuUfulfvkJ3K//FQekJ/JHPm5PCj/Ig/JL+Rh+aXMlV/JI/JreVR+I4/Jb+Vx+Z08IU/KU/J7eVr+IM/Is/Kc/FGelz/JC/JneVF6KRQoqZTSKlD5VH4VowqoWHWVilNXq4LqGhVR16p4dZ0qpK5XhVURVVQVUwmquCqhjEJlFalQlVSlVFTdoEqrG1WiKqPKqnLKqfIqSd2kKqibVUV1i6qkblWV1W2qiqqqqqnq6nZVQ92haqpaqra6U9VRdVU9VV/dpRqou1VDdY9qpO5VjdV9qom6XzVVD6hm6kHVXD2kWqiHVUv1iGqlWqs2qq1qpx5V7dVjqoPqqDqpx1Vn9YTqop5Uyeop1VU9rbqpZ1R39azqoZ5TPdXzqpfqrfqon9VF5VU/1V+lqAFqoHpJDVKD1RA1VA1TL6vh6hU1Qr2qUtVINUq9pkar19UY9YYaq8ap8epNNUFNVJPUZDVFTVVp6i01Tb2tpqt31Aw1U81Ss1W6mqOG/FppwX8j/+1/kD/il2ffprarj9UOtVPtUrvVHrVX7VP71H61Xx1QB1SOylEH1UF1SB1Sh9Vhlaty1RF1RB1VR9UxdUwdV8fVCXVS/ai+V6fVD+qMOqvOqh/VeXVeXfj1NRAatNRKax3ofDq/jtEFdKy+Ssfpq3VBfY2O6Gt1vL5OF9LX68K6iC6qi+kEXVyX0Eajtpp0qEvqUjqqb9Cl9Y06UZfRZXU57XR5naRv+sP5v9dfO91Ot9ftdQfdQXfSnXRn3Vl30V10sk7WXXVX3U130911d91D99A9dU/dS/fSfXQf3Vf31f10P52iU/RA/ZIepAfrIXqoHqZf1sP1cD1Cj9CpOlWP0qP0aD1aj9Fj9Fg9Vo/X4/UEPUFP0pP0FD1Fp+k0PU1P09P1dD1Dz9Cz9CydrtP1XD1Xz9Pz9AK9QC/UC/UivUgv0Ut0hs7QmTpTZ+ksvVwv19l6hV6hV+lVeo1eo9fpdXqD3qA36U16i96is/V2vV3v0Dv0Lr1L79F79D69T+/X+/UBfUDn6Bx9UB/Uh/QhfVgf1rk6Vx/RR/RRfVQf08f0cX1cn9An9Cl9Sp/Wp/UZfUaf0+f0eX1eX9AX9EV98dJlXyADGehAB/mCfEFMEBPEBrFBXBAXFAwKBpEgEsQH8UGh4PqgcFAkKBoUCxKC4kGJwAQY2ICCMCgZlAqiwQ1B6eDGIDEoE5QNygUuKB8kBTcFFYKbg4rBLUGl4NagcnBbUCWoGlQLqge3BzWCO4KaQa2gdnBnUCeoG9QL6gdVJ/71mvSeoFFwb9A4uC9oEtwfNA0eCJoFDwbNg4eCFsHDQcvgkaBV0DpoE7QN2v1b9e8KGgR3Bw2Df1bf+zNFHnP9TH+TYgaYgeYlM8gMNkPMUDPMvGyGm1fMCPOqSTUjzSjzmhltXjdjzBtmrBlnxps3zQQz0Uwyk80UM9WkmbfMNPO2mW7eMTPMTDPLzDbpZo6Za94188x8s8C8Zxaa980is9gsMUtNhvnAZJplJst8aJabj0y2WWFWmlVmtVlj1pp1Zr3ZYDaaTWaz2WK2mm1mu/nY7DA7zS6z2+wxe80+84nZbz41B8xnJsd8bg6av5hD5gtz2Hxpcs1X5oj52hw135hj5ltz3HxnTpiT5pT53pw2P5gz5qw5Z340581P5oL52Vw0/tLF/aW3d9SoMR/mwxiMwViMxTiMw4JYECMYwXiMx0JYCAtjYSyKRTEBE7AElsBLCAlLYkmMYhRLY2lMxEQsi2XRocMkTMIKWAErYkWshJWwMlbGKlgFq2E1vB1vxzvwDqyFtfBOvBPrYl2sj/WxATbAhtgQG2EjbIyNsQk2wabYFJthM2yOzbEFtsCW2BJbYStsg22wHbbD9tgeO2AH7ISdsDN2xi7YBZMxGbtiV+yG3bA7dsce2AN7Yk/shb2wD/bBvtgX+2E/TMEUHIgDcRAOwiE4BIfhMByOw3EEjsBUTMVROApH42gcg2NwLI7D8fgmTsCJOAkn4xScimmYhtNwGk7H6TgDZ+AsnIXpmI5zcS7Ow3m4ABfgQlyIi3ARLsElmIEZmImZmIVZuByXYzZm40pciatxNa7Ftbge1+NG3IibcTNuxa24HbfjDtyBu3AX7sE9uA/34X7cjwfwAOZgDh7Eg3gID+FhPIy5mItH8AgexaN4DI/hcTyOJ/AEnsJTeBpP4xk8g+fwHJ7Hn/AC/owX0WOMlSLWXmXj7NW2oL3GxtgC9m/joraYTbDFbQlrbGFb5O9itNYm2jK2rC1nnS1vk+xNv4mr2Kq2mq1ub7c17B225m/iBvZu29DeYxvZe219e9ffxY3tfbaJfdg2tY/YZra1bW7b2hb2YdvSPmJb2da2jW1rO9snbBf7pE22T9mu9unfxJl2mV1vN9iNdpPdbz+15+yP9qj9xp63P9l+tr8dZl+2w+0rdoR91abakb+Jx9s37QQ70U6yk+0UO/U38Sw726bbOXaufdfOs/N/E2fYD+xCm2UX2cV2iV36S3yppyz7oV1uP7LZdoVdaVfZ1XaNXWvX/c9eV9ktdqvdZvfZT+wOu9PusrvtHrv3l/jSeRywn9kc+7k9Yr+2h+wX9rA9ZnPtV7/El87vmP3WHrff2RP2pD1lv7en7Q/2jD37y/lfOvfv7c/2ovVWEJAkRZoCykf5KYYKUCxdRXF0NRWkayhC11I8XUeF6HoqTEWoKBWjBCpOJcgQkiWikEpSKYrSDVSabqREKkNlqRw5Kk9JdBNVoJupIt1ClehWqky3URWqStWoOt1ONegOqkm1qDbdSXWoLtWj+nQXNaC7qSHdQ43oXmpM91ETup+a0gPUjB6k5vQQtaCHqSU9Qq2oNbWhttSOHqX29Bh1oI7UiR6nzvQEdaEnKZmeoq70NHWjZ6g7PUs96DnqSc9TL+pNfegF6ksvUj/qTyk0gAbSSzSIBtMQGkrD6GUaTq/QCHqVUmkkjaLXaDS9TmPoDRpL42g8vUkTaCJNosk0haZSGr1F0+htmk7v0AyaSbNoNqXTHJpL79I8mk8L6D1aSO/TIlpMS2gpZdAHlEnLKIs+pOX0EWXTClpJq2g1raG1tI7W0wbaSJtoM22hrbSNttPHtIN20i7aTXtoL+2jT2g/fUoH6DPKoc/pIP2FDtEXdJi+pFz6io7Q13SUvqFj9C0dp+/oBJ2kU/Q9naYf6AydpXP0I52nn+gC/UwXyZMIIZShCnUYhPnC/GFMWCCMDa8K48Krw4LhNWEkvDaMD68LC4XXh4XDImHRsFiYEBYPS4QmxNCGFIZhybBUGA1vCEuHN4aJYZmwbFgudGH5MCm8KawQ3hxWDG8JK4W3hpXD28IqYdXw4Xurh7eHNcI7wpphrbB2eGdYJ6wb1gvrh3eFDcK7w4bhPWGj8N6wYnhf2CS8P2waPhA2Cx8Mm4cPhS3Ch8OW4SNhq7B12CZsG7YLHw3bh4+FHcKOYafw8bBz+ETYJXwyTA6fCruGT//u8ZRwQDgwfCl8KfT+HrUkujSaEf0gmhldFs2KfhhdHv0omh1dEV0ZXRVdHV0TXRtdF10f3RDdGN0U3RzdEt0a3Rb1vn5+4cBJp5x2gcvn8rsYV8DFuqtcnLvaFXTXuIi71sW761whd70r7Iq4oq6YS3DFXQlnHDrryIWupCvlou4GV9rd6BJdGVfWlXPOlXdJrq1r59q59u4x18F1dJ3c4+5x94R7wj3pnnRPua7uadfNPeO6u2ddD/ece84973q53q6Pe8H1dS+6fq6/S3EpbqAb6Aa5QW6IG+KGuWFuuBvuRrgRLtWlulFulBvtRrsxbowb68a68W68m+AmuElukpviprg0l+amuWluupvuZrgZbpab5dJdupvr5rp5bp5b4Ba4hYkL3SK3yC1xS1yGy3CZLtNluSy33C132S7brXQr3Wq32q11a916t95tdBvdZrfZbXVb3Xa33e1wO9wut8vtcXvcPrfP7Xf73QF3wOW4HHfQHXSH3CF32H3pct1X7oj72h1137hj7lt33H3nTriT7pT73p12P7gz7qw75350591P7oL72V103qVF3opMi7wdmR55JzIjMjMyKzI7kh6ZE5kbeTcyLzI/siDyXmRh5P3IosjiyJLI0khG5INIZmRZJCvyYWR55KNIdmRFZGVkVWR1ZE3E++I7Ql/Sl/JRf4Mv7W/0ib6ML+vLeefL+yR/k6/gb/YV/S2+kr/VV/a3+Sq+qq/mH/GtfGvfxrf17fyjvr1/zHfwHX0n/7jv7J/wXfyTPtk/5bv6p303/4zv7p/1Pfxzvqd/3vfyvX0f/4Lv61/0/Xx/n+IH+IH+JT/ID/ZD/FA/zL/sh/tX/Aj/qk/1I/0o/5of7V/3Y/wbfqwf58f7N/0EP9FP8pP9FD/Vp/m3/DT/tp/u3/Ez/Ew/y8/26X6On+vf9fP8fL/Av+cX+vf9Ir/YL/FLfYb/wGf6ZT7Lf+iX+498tl/hV/pVfrVf49f6dX693+A3+k1+s9/it/ptfrv/2O/wO/0uv9vv8Xv9Pv+J3+8/9Qf8Zz7Hf+4P+r/4Q/4Lf9h/6XP9V/6I/9of9d/4Y/5bf9x/50/4k/6U/96f9j/4M/6sP+d/9Of9T/6C/9lf5N9ZY4wxxhj7b9la+F8fH/APviZ/XZcMFEJcvbNY7t8eV0KIzb/WHSwTOkeEEE/17/ngf606dVJSUn59bLYSQanFQojI5fx84nK84pd/k0VHUeEf9jdY9j5Pv1M/eqsQsX+TEyMuxytEJ/HEL/Vv/if1H318fGbl8Fz8v6i/WIjEUpdzCojL8eX6Ff9J/SLtf6f/Al+kCdHhb3LixOX4cv0k8Zh4WiT/3SMZY4wxxhhjjLG/Giyrdf+9++dL9+cJ+nJOfnE5vnz/+Y/vzxljjDHGGGOMMXblPdu7z5OPJid37M6bP7wB+H+iDd7w5k/YXOmfTIwxxhhjjLE/2+WL/ivdCWOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxlnf93/hzYlf6HBljjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjLEr7X8EAAD//7MxObU=") r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) (async) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000100)={0x18, 0x0, {0x1, @broadcast, 'vlan0\x00'}}, 0x1e) sendmmsg$sock(r2, &(0x7f0000001dc0), 0x40000a6, 0x48850) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'ipvlan0\x00', &(0x7f0000000000)=@ethtool_channels={0x3c, 0x26, 0x8, 0x400, 0x2, 0x6, 0x3, 0x7}}) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) (async) r3 = socket$nl_route(0x10, 0x3, 0x0) (async) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x0) (async, rerun: 64) sendmsg$nl_route(r3, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv6_newrule={0x2c, 0x18, 0x409, 0x0, 0x0, {}, [@FIB_RULE_POLICY=@FRA_GOTO={0x8, 0x1e, 0x1}, @FIB_RULE_POLICY=@FRA_SPORT_RANGE={0x8, 0x17, {0x4e21, 0x4e24}}]}, 0x2c}}, 0x0) (rerun: 64) r5 = socket$nl_route(0x10, 0x3, 0x0) (async) r6 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x20, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x74, r7, 0x0, 0x11203}}, 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x0) r8 = fsmount(r1, 0x0, 0x0) r9 = openat$cgroup_procs(r8, &(0x7f00000000c0)='cgroup.procs\x00', 0x2, 0x0) sendfile(r0, r9, 0x0, 0x401) (async, rerun: 64) preadv(r9, &(0x7f0000000180)=[{&(0x7f0000000380)=""/132, 0x84}], 0x1, 0x101, 0x100) (async, rerun: 64) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) [ 85.040480][ T5297] Bluetooth: hci0: command tx timeout [ 85.164850][ T5318] loop0: detected capacity change from 0 to 256 [ 85.177901][ T5318] ======================================================= [ 85.177901][ T5318] WARNING: The mand mount option has been deprecated and [ 85.177901][ T5318] and is ignored by this kernel. Remove the mand [ 85.177901][ T5318] option from the mount to silence this warning. [ 85.177901][ T5318] ======================================================= [ 85.214751][ T5318] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d) [ 85.241624][ T5318] ================================================================== [ 85.245281][ T5318] BUG: KASAN: slab-out-of-bounds in fib6_add_rt2node+0x349c/0x3500 [ 85.249016][ T5318] Read of size 1 at addr ffff888042ba88de by task syz.0.0/5318 [ 85.252342][ T5318] [ 85.253597][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.253657][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.253664][ T5318] Call Trace: [ 85.253733][ T5318] [ 85.253769][ T5318] dump_stack_lvl+0xe8/0x150 [ 85.253828][ T5318] print_report+0xba/0x230 [ 85.253853][ T5318] ? fib6_add_rt2node+0x349c/0x3500 [ 85.253865][ T5318] kasan_report+0x117/0x150 [ 85.253882][ T5318] ? fib6_add_rt2node+0x349c/0x3500 [ 85.253894][ T5318] fib6_add_rt2node+0x349c/0x3500 [ 85.253908][ T5318] ? __lock_acquire+0x6b5/0x2cf0 [ 85.253924][ T5318] ? __pfx_fib6_add_rt2node+0x10/0x10 [ 85.253941][ T5318] ? do_raw_spin_lock+0x12b/0x2f0 [ 85.253952][ T5318] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 85.253965][ T5318] fib6_add+0x910/0x18c0 [ 85.253983][ T5318] ? do_raw_spin_lock+0x12b/0x2f0 [ 85.253992][ T5318] ? __pfx_fib6_add+0x10/0x10 [ 85.254010][ T5318] ? ip6_route_add+0xc9/0x1b0 [ 85.254021][ T5318] ip6_route_add+0xde/0x1b0 [ 85.254031][ T5318] inet6_rtm_newroute+0x268/0x19e0 [ 85.254048][ T5318] ? kasan_quarantine_put+0xbb/0x1f0 [ 85.254062][ T5318] ? lockdep_hardirqs_on+0x7a/0x110 [ 85.254076][ T5318] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 85.254090][ T5318] ? kmem_cache_free+0x187/0x630 [ 85.254106][ T5318] ? nlmon_xmit+0xb0/0x100 [ 85.254162][ T5318] ? __lock_acquire+0x6b5/0x2cf0 [ 85.254176][ T5318] ? __local_bh_enable_ip+0xd0/0x130 [ 85.254190][ T5318] ? lockdep_hardirqs_on+0x7a/0x110 [ 85.254207][ T5318] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 85.254221][ T5318] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 85.254239][ T5318] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 85.254253][ T5318] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 85.254267][ T5318] ? ref_tracker_free+0x693/0x840 [ 85.254284][ T5318] ? __copy_skb_header+0xa3/0x4a0 [ 85.254296][ T5318] ? __pfx_ref_tracker_free+0x10/0x10 [ 85.254311][ T5318] ? __skb_clone+0x63/0x7a0 [ 85.254323][ T5318] netlink_rcv_skb+0x232/0x4b0 [ 85.254339][ T5318] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 85.254353][ T5318] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 85.254369][ T5318] ? netlink_deliver_tap+0x2e/0x1b0 [ 85.254385][ T5318] netlink_unicast+0x80f/0x9b0 [ 85.254400][ T5318] ? __pfx_netlink_unicast+0x10/0x10 [ 85.254413][ T5318] ? netlink_sendmsg+0x650/0xb40 [ 85.254427][ T5318] ? skb_put+0x11b/0x210 [ 85.254444][ T5318] netlink_sendmsg+0x813/0xb40 [ 85.254461][ T5318] ? __pfx_netlink_sendmsg+0x10/0x10 [ 85.254476][ T5318] ? aa_sock_msg_perm+0xf1/0x1b0 [ 85.254492][ T5318] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 85.254508][ T5318] ? __pfx_netlink_sendmsg+0x10/0x10 [ 85.254522][ T5318] ____sys_sendmsg+0xa68/0xad0 [ 85.254532][ T5318] ? futex_unqueue+0x211/0x240 [ 85.254545][ T5318] ? __pfx_____sys_sendmsg+0x10/0x10 [ 85.254558][ T5318] ? import_iovec+0x73/0xa0 [ 85.254570][ T5318] ___sys_sendmsg+0x2a5/0x360 [ 85.254582][ T5318] ? __pfx____sys_sendmsg+0x10/0x10 [ 85.254593][ T5318] ? futex_wait+0x29a/0x380 [ 85.254613][ T5318] ? __fget_files+0x2a/0x420 [ 85.254626][ T5318] ? __fget_files+0x3a0/0x420 [ 85.254639][ T5318] __x64_sys_sendmsg+0x1bd/0x2a0 [ 85.254649][ T5318] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 85.254662][ T5318] ? rcu_is_watching+0x15/0xb0 [ 85.254680][ T5318] do_syscall_64+0x14d/0xf80 [ 85.254694][ T5318] ? trace_irq_disable+0x3b/0x150 [ 85.254708][ T5318] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.254719][ T5318] ? clear_bhb_loop+0x40/0x90 [ 85.254731][ T5318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.254742][ T5318] RIP: 0033:0x7fc3fbb9bf79 [ 85.254772][ T5318] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.254782][ T5318] RSP: 002b:00007fc3fca82028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 85.254807][ T5318] RAX: ffffffffffffffda RBX: 00007fc3fbe15fa0 RCX: 00007fc3fbb9bf79 [ 85.254816][ T5318] RDX: 0000000000000000 RSI: 0000200000004380 RDI: 0000000000000007 [ 85.254822][ T5318] RBP: 00007fc3fbc327e0 R08: 0000000000000000 R09: 0000000000000000 [ 85.254829][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.254835][ T5318] R13: 00007fc3fbe16038 R14: 00007fc3fbe15fa0 R15: 00007ffc59bfce28 [ 85.254854][ T5318] [ 85.254858][ T5318] [ 85.430413][ T5318] Allocated by task 5318: [ 85.432191][ T5318] kasan_save_track+0x3e/0x80 [ 85.434242][ T5318] __kasan_kmalloc+0x93/0xb0 [ 85.436189][ T5318] __kmalloc_noprof+0x35c/0x760 [ 85.438213][ T5318] fib6_info_alloc+0x30/0xf0 [ 85.439839][ T5318] ip6_route_info_create+0x142/0x860 [ 85.442181][ T5318] ip6_route_add+0x49/0x1b0 [ 85.444166][ T5318] inet6_rtm_newroute+0x268/0x19e0 [ 85.446382][ T5318] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 85.448479][ T5318] netlink_rcv_skb+0x232/0x4b0 [ 85.450576][ T5318] netlink_unicast+0x80f/0x9b0 [ 85.452581][ T5318] netlink_sendmsg+0x813/0xb40 [ 85.454820][ T5318] ____sys_sendmsg+0xa68/0xad0 [ 85.456855][ T5318] ___sys_sendmsg+0x2a5/0x360 [ 85.458800][ T5318] __x64_sys_sendmsg+0x1bd/0x2a0 [ 85.461128][ T5318] do_syscall_64+0x14d/0xf80 [ 85.463277][ T5318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.466037][ T5318] [ 85.467006][ T5318] The buggy address belongs to the object at ffff888042ba8800 [ 85.467006][ T5318] which belongs to the cache kmalloc-256 of size 256 [ 85.473337][ T5318] The buggy address is located 22 bytes to the right of [ 85.473337][ T5318] allocated 200-byte region [ffff888042ba8800, ffff888042ba88c8) [ 85.479209][ T5318] [ 85.480314][ T5318] The buggy address belongs to the physical page: [ 85.483270][ T5318] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x42ba8 [ 85.487053][ T5318] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 85.490261][ T5318] page_type: f5(slab) [ 85.492004][ T5318] raw: 04fff00000000000 ffff88801a841b40 dead000000000100 dead000000000122 [ 85.495852][ T5318] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 85.499741][ T5318] page dumped because: kasan: bad access detected [ 85.502622][ T5318] page_owner tracks the page as allocated [ 85.505233][ T5318] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5296, tgid 5296 (syz-executor), ts 82674000876, free_ts 82671006179 [ 85.514093][ T5318] post_alloc_hook+0x231/0x280 [ 85.516213][ T5318] get_page_from_freelist+0x24dc/0x2580 [ 85.518688][ T5318] __alloc_frozen_pages_noprof+0x18d/0x380 [ 85.521162][ T5318] allocate_slab+0x77/0x660 [ 85.523238][ T5318] refill_objects+0x331/0x3c0 [ 85.525361][ T5318] __pcs_replace_empty_main+0x2b9/0x620 [ 85.527734][ T5318] __kmalloc_noprof+0x474/0x760 [ 85.530003][ T5318] fib_create_info+0x171d/0x31f0 [ 85.532174][ T5318] fib_table_insert+0xc8/0x1b50 [ 85.534374][ T5318] fib_magic+0x434/0x510 [ 85.536157][ T5318] fib_add_ifaddr+0x144/0x5f0 [ 85.538059][ T5318] fib_netdev_event+0x382/0x490 [ 85.540173][ T5318] notifier_call_chain+0x1be/0x400 [ 85.542321][ T5318] __dev_notify_flags+0x1a9/0x310 [ 85.544549][ T5318] netif_change_flags+0xe8/0x1a0 [ 85.546650][ T5318] do_setlink+0xf82/0x4590 [ 85.548582][ T5318] page last free pid 15 tgid 15 stack trace: [ 85.551217][ T5318] __free_frozen_pages+0xc00/0xd90 [ 85.553335][ T5318] rcu_core+0x7cd/0x1070 [ 85.555126][ T5318] handle_softirqs+0x22a/0x870 [ 85.557341][ T5318] run_ksoftirqd+0x36/0x60 [ 85.559193][ T5318] smpboot_thread_fn+0x541/0xa50 [ 85.561130][ T5318] kthread+0x388/0x470 [ 85.562990][ T5318] ret_from_fork+0x51e/0xb90 [ 85.564992][ T5318] ret_from_fork_asm+0x1a/0x30 [ 85.567146][ T5318] [ 85.568205][ T5318] Memory state around the buggy address: [ 85.570669][ T5318] ffff888042ba8780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 85.574132][ T5318] ffff888042ba8800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 85.577291][ T5318] >ffff888042ba8880: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 85.580709][ T5318] ^ [ 85.583682][ T5318] ffff888042ba8900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 85.587144][ T5318] ffff888042ba8980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 85.590830][ T5318] ================================================================== [ 85.594558][ T5318] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 85.597748][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.601517][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.605822][ T5318] Call Trace: [ 85.607326][ T5318] [ 85.608752][ T5318] vpanic+0x56c/0xa60 [ 85.610494][ T5318] ? __pfx_vpanic+0x10/0x10 [ 85.612484][ T5318] panic+0xc5/0xd0 [ 85.614348][ T5318] ? __pfx_panic+0x10/0x10 [ 85.616220][ T5318] ? fib6_add_rt2node+0x349c/0x3500 [ 85.618439][ T5318] ? fib6_add_rt2node+0x349c/0x3500 [ 85.620654][ T5318] check_panic_on_warn+0x89/0xb0 [ 85.622592][ T5318] ? fib6_add_rt2node+0x349c/0x3500 [ 85.624617][ T5318] end_report+0x73/0x180 [ 85.626274][ T5318] ? fib6_add_rt2node+0x349c/0x3500 [ 85.628489][ T5318] kasan_report+0x128/0x150 [ 85.630436][ T5318] ? fib6_add_rt2node+0x349c/0x3500 [ 85.632666][ T5318] fib6_add_rt2node+0x349c/0x3500 [ 85.634950][ T5318] ? __lock_acquire+0x6b5/0x2cf0 [ 85.637020][ T5318] ? __pfx_fib6_add_rt2node+0x10/0x10 [ 85.638937][ T5318] ? do_raw_spin_lock+0x12b/0x2f0 [ 85.640940][ T5318] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 85.642946][ T5318] fib6_add+0x910/0x18c0 [ 85.644659][ T5318] ? do_raw_spin_lock+0x12b/0x2f0 [ 85.646688][ T5318] ? __pfx_fib6_add+0x10/0x10 [ 85.648624][ T5318] ? ip6_route_add+0xc9/0x1b0 [ 85.650385][ T5318] ip6_route_add+0xde/0x1b0 [ 85.652126][ T5318] inet6_rtm_newroute+0x268/0x19e0 [ 85.654360][ T5318] ? kasan_quarantine_put+0xbb/0x1f0 [ 85.656610][ T5318] ? lockdep_hardirqs_on+0x7a/0x110 [ 85.658781][ T5318] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 85.661137][ T5318] ? kmem_cache_free+0x187/0x630 [ 85.663198][ T5318] ? nlmon_xmit+0xb0/0x100 [ 85.665068][ T5318] ? __lock_acquire+0x6b5/0x2cf0 [ 85.667162][ T5318] ? __local_bh_enable_ip+0xd0/0x130 [ 85.669419][ T5318] ? lockdep_hardirqs_on+0x7a/0x110 [ 85.671597][ T5318] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 85.673900][ T5318] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 85.675986][ T5318] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 85.678173][ T5318] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 85.680449][ T5318] ? ref_tracker_free+0x693/0x840 [ 85.682630][ T5318] ? __copy_skb_header+0xa3/0x4a0 [ 85.684861][ T5318] ? __pfx_ref_tracker_free+0x10/0x10 [ 85.687231][ T5318] ? __skb_clone+0x63/0x7a0 [ 85.689259][ T5318] netlink_rcv_skb+0x232/0x4b0 [ 85.691130][ T5318] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 85.693407][ T5318] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 85.695704][ T5318] ? netlink_deliver_tap+0x2e/0x1b0 [ 85.697880][ T5318] netlink_unicast+0x80f/0x9b0 [ 85.699953][ T5318] ? __pfx_netlink_unicast+0x10/0x10 [ 85.702387][ T5318] ? netlink_sendmsg+0x650/0xb40 [ 85.704650][ T5318] ? skb_put+0x11b/0x210 [ 85.706607][ T5318] netlink_sendmsg+0x813/0xb40 [ 85.708836][ T5318] ? __pfx_netlink_sendmsg+0x10/0x10 [ 85.711076][ T5318] ? aa_sock_msg_perm+0xf1/0x1b0 [ 85.713331][ T5318] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 85.715717][ T5318] ? __pfx_netlink_sendmsg+0x10/0x10 [ 85.718091][ T5318] ____sys_sendmsg+0xa68/0xad0 [ 85.720130][ T5318] ? futex_unqueue+0x211/0x240 [ 85.722085][ T5318] ? __pfx_____sys_sendmsg+0x10/0x10 [ 85.724303][ T5318] ? import_iovec+0x73/0xa0 [ 85.726174][ T5318] ___sys_sendmsg+0x2a5/0x360 [ 85.728088][ T5318] ? __pfx____sys_sendmsg+0x10/0x10 [ 85.730227][ T5318] ? futex_wait+0x29a/0x380 [ 85.732068][ T5318] ? __fget_files+0x2a/0x420 [ 85.734031][ T5318] ? __fget_files+0x3a0/0x420 [ 85.735945][ T5318] __x64_sys_sendmsg+0x1bd/0x2a0 [ 85.738122][ T5318] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 85.740598][ T5318] ? rcu_is_watching+0x15/0xb0 [ 85.742758][ T5318] do_syscall_64+0x14d/0xf80 [ 85.744916][ T5318] ? trace_irq_disable+0x3b/0x150 [ 85.747175][ T5318] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.749901][ T5318] ? clear_bhb_loop+0x40/0x90 [ 85.752041][ T5318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.754696][ T5318] RIP: 0033:0x7fc3fbb9bf79 [ 85.756264][ T5318] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.764613][ T5318] RSP: 002b:00007fc3fca82028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 85.768087][ T5318] RAX: ffffffffffffffda RBX: 00007fc3fbe15fa0 RCX: 00007fc3fbb9bf79 [ 85.771470][ T5318] RDX: 0000000000000000 RSI: 0000200000004380 RDI: 0000000000000007 [ 85.774938][ T5318] RBP: 00007fc3fbc327e0 R08: 0000000000000000 R09: 0000000000000000 [ 85.778428][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.781872][ T5318] R13: 00007fc3fbe16038 R14: 00007fc3fbe15fa0 R15: 00007ffc59bfce28 [ 85.785291][ T5318] [ 85.787125][ T5318] Kernel Offset: disabled [ 85.789046][ T5318] Rebooting in 86400 seconds..