Warning: Permanently added '10.128.1.101' (ED25519) to the list of known hosts.
2025/01/04 00:35:43 ignoring optional flag "sandboxArg"="0"
2025/01/04 00:35:43 parsed 1 programs
syzkaller login: [   72.962946][ T4252] cgroup: Unknown subsys name 'net'
[   73.075906][ T4252] cgroup: Unknown subsys name 'rlimit'
[   74.613332][ T4252] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   76.252494][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.267329][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.283819][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   76.296832][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.305486][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.313981][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   77.870256][ T4302] chnl_net:caif_netlink_parms(): no params data found
[   77.922132][ T4302] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.929686][ T4302] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.937582][ T4302] device bridge_slave_0 entered promiscuous mode
[   77.947727][ T4302] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.955177][ T4302] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.963162][ T4302] device bridge_slave_1 entered promiscuous mode
[   77.987061][ T4302] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   77.998183][ T4302] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.036125][ T4302] team0: Port device team_slave_0 added
[   78.044388][ T4302] team0: Port device team_slave_1 added
[   78.077369][ T4302] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.085499][ T4302] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.111473][ T4302] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.124542][ T4302] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.131591][ T4302] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.157662][ T4302] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.204960][ T4302] device hsr_slave_0 entered promiscuous mode
[   78.213901][ T4302] device hsr_slave_1 entered promiscuous mode
[   78.356369][ T4302] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   78.366584][ T4302] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   78.375873][ T4302] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   78.398664][ T4302] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   78.472996][ T4302] 8021q: adding VLAN 0 to HW filter on device bond0
[   78.485927][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   78.495491][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   78.517176][ T4302] 8021q: adding VLAN 0 to HW filter on device team0
[   78.528641][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   78.538268][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   78.548316][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.555657][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   78.566839][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   78.578729][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   78.587522][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   78.596010][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.603152][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   78.628548][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   78.641318][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   78.652362][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   78.661705][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   78.672810][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   78.685034][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   78.694169][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   78.706253][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   78.714910][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   78.728523][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   78.737206][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   78.762714][ T4302] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   78.944594][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   78.953123][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   78.968760][ T4302] 8021q: adding VLAN 0 to HW filter on device batadv0
[   78.987382][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   78.996764][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   79.015805][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   79.024644][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   79.034667][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   79.042792][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   79.052749][ T4302] device veth0_vlan entered promiscuous mode
[   79.064560][ T4302] device veth1_vlan entered promiscuous mode
[   79.086018][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   79.094469][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   79.103854][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   79.113156][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   79.125388][ T4302] device veth0_macvtap entered promiscuous mode
[   79.134910][ T4302] device veth1_macvtap entered promiscuous mode
[   79.151610][ T4302] batman_adv: batadv0: Interface activated: batadv_slave_0
[   79.159384][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   79.169225][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   79.178548][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   79.191109][ T4302] batman_adv: batadv0: Interface activated: batadv_slave_1
[   79.198414][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   79.207402][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   79.221091][ T4302] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   79.230159][ T4302] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   79.238840][ T4302] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   79.248277][ T4302] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   79.358420][    T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.486425][ T4331] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   79.495931][ T4331] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   79.503983][ T4331] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   79.513025][ T4331] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   79.521665][ T4331] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   79.528822][ T4331] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/01/04 00:35:53 executed programs: 0
[   80.457621][   T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   80.466034][   T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   80.473854][   T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   80.483126][   T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   80.491932][   T48] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   80.499206][   T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   80.629451][ T4344] chnl_net:caif_netlink_parms(): no params data found
[   80.677643][ T4344] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.685448][ T4344] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.693555][ T4344] device bridge_slave_0 entered promiscuous mode
[   80.703476][ T4344] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.710867][ T4344] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.718787][ T4344] device bridge_slave_1 entered promiscuous mode
[   80.743191][ T4344] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   80.754684][ T4344] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   80.785462][ T4344] team0: Port device team_slave_0 added
[   80.793509][ T4344] team0: Port device team_slave_1 added
[   80.814408][ T4344] batman_adv: batadv0: Adding interface: batadv_slave_0
[   80.821487][ T4344] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.848218][ T4344] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   80.861362][ T4344] batman_adv: batadv0: Adding interface: batadv_slave_1
[   80.868324][ T4344] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.894497][ T4344] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   80.931563][ T4344] device hsr_slave_0 entered promiscuous mode
[   80.938254][ T4344] device hsr_slave_1 entered promiscuous mode
[   80.945145][ T4344] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   80.953253][ T4344] Cannot create hsr debugfs directory
[   82.010718][    T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   82.520641][ T4331] Bluetooth: hci0: command 0x0409 tx timeout
[   84.312793][    T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   84.373030][    T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   84.600033][   T48] Bluetooth: hci0: command 0x041b tx timeout
[   85.199070][    T9] device hsr_slave_0 left promiscuous mode
[   85.227595][    T9] device hsr_slave_1 left promiscuous mode
[   85.235365][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   85.244295][    T9] batman_adv: batadv0: Removing interface: batadv_slave_0
[   85.253271][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   85.261060][    T9] batman_adv: batadv0: Removing interface: batadv_slave_1
[   85.268936][    T9] device bridge_slave_1 left promiscuous mode
[   85.276560][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.289145][    T9] device bridge_slave_0 left promiscuous mode
[   85.296410][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.318454][    T9] device veth1_macvtap left promiscuous mode
[   85.324892][    T9] device veth0_macvtap left promiscuous mode
[   85.331227][    T9] device veth1_vlan left promiscuous mode
[   85.337169][    T9] device veth0_vlan left promiscuous mode
[   85.648555][    T9] team0 (unregistering): Port device team_slave_1 removed
[   85.680277][    T9] team0 (unregistering): Port device team_slave_0 removed
[   85.713477][    T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   85.743440][    T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   86.002274][    T9] bond0 (unregistering): Released all slaves
[   86.088783][ T4344] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   86.098419][ T4344] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   86.108125][ T4344] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   86.118355][ T4344] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   86.188294][ T4344] 8021q: adding VLAN 0 to HW filter on device bond0
[   86.212324][ T4344] 8021q: adding VLAN 0 to HW filter on device team0
[   86.220719][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   86.228895][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   86.251346][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   86.260662][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   86.269215][ T2914] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.276532][ T2914] bridge0: port 1(bridge_slave_0) entered forwarding state
[   86.287534][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   86.297155][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   86.305774][ T2914] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.312935][ T2914] bridge0: port 2(bridge_slave_1) entered forwarding state
[   86.323162][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   86.332008][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   86.348788][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   86.367191][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   86.377743][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   86.386943][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   86.398593][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   86.409455][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   86.421728][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   86.431069][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   86.454541][ T4344] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   86.468140][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   86.476577][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   86.486743][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   86.601494][   T14] cfg80211: failed to load regulatory.db
[   86.679680][   T48] Bluetooth: hci0: command 0x040f tx timeout
[   86.702545][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   86.710626][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   86.724572][ T4344] 8021q: adding VLAN 0 to HW filter on device batadv0
[   86.743562][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   86.752543][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   86.773887][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   86.782672][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   86.803921][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   86.812369][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   86.822883][ T4344] device veth0_vlan entered promiscuous mode
[   86.844349][ T4344] device veth1_vlan entered promiscuous mode
[   86.865071][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   86.873339][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   86.881997][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   86.891331][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   86.902691][ T4344] device veth0_macvtap entered promiscuous mode
[   86.925256][ T4344] device veth1_macvtap entered promiscuous mode
[   86.942489][ T4344] batman_adv: batadv0: Interface activated: batadv_slave_0
[   86.961298][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   86.970193][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   86.978246][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   86.987573][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   87.000626][ T4344] batman_adv: batadv0: Interface activated: batadv_slave_1
[   87.008047][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   87.017077][ T2914] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   87.036381][ T4344] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   87.045803][ T4344] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   87.055278][ T4344] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   87.064278][ T4344] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   87.140902][ T2914] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   87.149034][ T2914] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   87.162181][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
2025/01/04 00:36:00 executed programs: 2
[   87.189546][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   87.197504][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   87.207439][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   88.761730][   T48] Bluetooth: hci0: command 0x0419 tx timeout
[   89.809677][ T4600] ==================================================================
[   89.817777][ T4600] BUG: KASAN: use-after-free in cpu_map_enqueue+0xb6/0x370
[   89.824989][ T4600] Read of size 8 at addr ffff888019255e08 by task syz.0.86/4600
[   89.832611][ T4600] 
[   89.834937][ T4600] CPU: 0 PID: 4600 Comm: syz.0.86 Not tainted 6.1.123-syzkaller #0
[   89.842819][ T4600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   89.852870][ T4600] Call Trace:
[   89.856141][ T4600]  <TASK>
[   89.859086][ T4600]  dump_stack_lvl+0x1e3/0x2cb
[   89.863800][ T4600]  ? nf_tcp_handle_invalid+0x642/0x642
[   89.869361][ T4600]  ? panic+0x764/0x764
[   89.873444][ T4600]  ? _printk+0xd1/0x111
[   89.877610][ T4600]  ? __virt_addr_valid+0x17f/0x530
[   89.882730][ T4600]  ? __virt_addr_valid+0x17f/0x530
[   89.887858][ T4600]  print_report+0x15f/0x4f0
[   89.892367][ T4600]  ? __virt_addr_valid+0x17f/0x530
[   89.897508][ T4600]  ? __virt_addr_valid+0x17f/0x530
[   89.902626][ T4600]  ? __virt_addr_valid+0x45b/0x530
[   89.907753][ T4600]  ? __phys_addr+0xb6/0x170
[   89.912267][ T4600]  ? cpu_map_enqueue+0xb6/0x370
[   89.917123][ T4600]  kasan_report+0x136/0x160
[   89.921630][ T4600]  ? cpu_map_enqueue+0xb6/0x370
[   89.926526][ T4600]  cpu_map_enqueue+0xb6/0x370
[   89.931224][ T4600]  xdp_do_redirect_frame+0x2f0/0x660
[   89.936618][ T4600]  bpf_test_run_xdp_live+0xbf4/0x1ea0
[   89.942015][ T4600]  ? __mutex_unlock_slowpath+0x218/0x750
[   89.947665][ T4600]  ? 0xffffffffa00038c0
[   89.951833][ T4600]  ? bpf_test_run_xdp_live+0x75c/0x1ea0
[   89.957393][ T4600]  ? xdp_convert_md_to_buff+0x330/0x330
[   89.962942][ T4600]  ? bpf_dispatcher_change_prog+0xdf5/0xf80
[   89.968842][ T4600]  ? 0xffffffffa00038c0
[   89.973005][ T4600]  ? trace_raw_output_bpf_test_finish+0xd0/0xd0
[   89.979256][ T4600]  ? __might_fault+0xbd/0x110
[   89.983943][ T4600]  ? _copy_from_user+0x109/0x170
[   89.988893][ T4600]  ? bpf_test_init+0x15a/0x180
[   89.993661][ T4600]  ? xdp_convert_md_to_buff+0x5b/0x330
[   89.999146][ T4600]  bpf_prog_test_run_xdp+0x7d1/0x1130
[   90.004529][ T4600]  ? dev_put+0x80/0x80
[   90.008608][ T4600]  ? dev_put+0x80/0x80
[   90.012684][ T4600]  bpf_prog_test_run+0x32f/0x3a0
[   90.017635][ T4600]  __sys_bpf+0x3eb/0x6c0
[   90.021891][ T4600]  ? bpf_link_show_fdinfo+0x300/0x300
[   90.027276][ T4600]  ? print_irqtrace_events+0x210/0x210
[   90.032761][ T4600]  ? print_irqtrace_events+0x210/0x210
[   90.038232][ T4600]  ? syscall_enter_from_user_mode+0x2e/0x230
[   90.044234][ T4600]  ? lockdep_hardirqs_on+0x94/0x130
[   90.050410][ T4600]  __x64_sys_bpf+0x78/0x90
[   90.054851][ T4600]  do_syscall_64+0x3b/0xb0
[   90.059283][ T4600]  ? clear_bhb_loop+0x45/0xa0
[   90.063977][ T4600]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   90.069887][ T4600] RIP: 0033:0x7f49bc985d29
[   90.074418][ T4600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   90.094238][ T4600] RSP: 002b:00007f49bd801038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   90.102668][ T4600] RAX: ffffffffffffffda RBX: 00007f49bcb75fa0 RCX: 00007f49bc985d29
[   90.110660][ T4600] RDX: 0000000000000050 RSI: 00000000200000c0 RDI: 000000000000000a
[   90.118661][ T4600] RBP: 00007f49bca01b08 R08: 0000000000000000 R09: 0000000000000000
[   90.126653][ T4600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   90.134631][ T4600] R13: 0000000000000000 R14: 00007f49bcb75fa0 R15: 00007ffca94f4b28
[   90.142617][ T4600]  </TASK>
[   90.145635][ T4600] 
[   90.147958][ T4600] Allocated by task 4588:
[   90.152281][ T4600]  kasan_set_track+0x4b/0x70
[   90.156876][ T4600]  __kasan_kmalloc+0x97/0xb0
[   90.161483][ T4600]  __kmalloc_node+0xb3/0x230
[   90.166100][ T4600]  bpf_map_kmalloc_node+0xce/0x1c0
[   90.171232][ T4600]  cpu_map_update_elem+0x277/0xf60
[   90.176362][ T4600]  map_update_elem+0x503/0x680
[   90.181149][ T4600]  __sys_bpf+0x337/0x6c0
[   90.185402][ T4600]  __x64_sys_bpf+0x78/0x90
[   90.189841][ T4600]  do_syscall_64+0x3b/0xb0
[   90.194272][ T4600]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   90.200206][ T4600] 
[   90.202536][ T4600] Freed by task 4589:
[   90.206510][ T4600]  kasan_set_track+0x4b/0x70
[   90.211119][ T4600]  kasan_save_free_info+0x27/0x40
[   90.216144][ T4600]  ____kasan_slab_free+0xd6/0x120
[   90.221339][ T4600]  __kmem_cache_free+0x25c/0x3c0
[   90.226282][ T4600]  put_cpu_map_entry+0x6eb/0x760
[   90.231218][ T4600]  cpu_map_kthread_run+0x2887/0x2940
[   90.236507][ T4600]  kthread+0x28d/0x320
[   90.240576][ T4600]  ret_from_fork+0x1f/0x30
[   90.245519][ T4600] 
[   90.247839][ T4600] Last potentially related work creation:
[   90.253567][ T4600]  kasan_save_stack+0x3b/0x60
[   90.258279][ T4600]  __kasan_record_aux_stack+0xb0/0xc0
[   90.263661][ T4600]  insert_work+0x54/0x3d0
[   90.267998][ T4600]  __queue_work+0xb4b/0xf90
[   90.272501][ T4600]  queue_work_on+0x14b/0x250
[   90.277094][ T4600]  cpu_map_free+0xd7/0x1b0
[   90.281514][ T4600]  process_one_work+0x8a9/0x11d0
[   90.286452][ T4600]  worker_thread+0xa47/0x1200
[   90.291145][ T4600]  kthread+0x28d/0x320
[   90.295212][ T4600]  ret_from_fork+0x1f/0x30
[   90.299652][ T4600] 
[   90.302084][ T4600] Second to last potentially related work creation:
[   90.308769][ T4600]  kasan_save_stack+0x3b/0x60
[   90.313561][ T4600]  __kasan_record_aux_stack+0xb0/0xc0
[   90.318942][ T4600]  call_rcu+0x163/0xa10
[   90.323100][ T4600]  __cpu_map_entry_replace+0x74/0x170
[   90.328481][ T4600]  cpu_map_free+0xd7/0x1b0
[   90.332900][ T4600]  process_one_work+0x8a9/0x11d0
[   90.337846][ T4600]  worker_thread+0xa47/0x1200
[   90.342549][ T4600]  kthread+0x28d/0x320
[   90.346706][ T4600]  ret_from_fork+0x1f/0x30
[   90.351130][ T4600] 
[   90.353450][ T4600] The buggy address belongs to the object at ffff888019255e00
[   90.353450][ T4600]  which belongs to the cache kmalloc-cg-256 of size 256
[   90.367774][ T4600] The buggy address is located 8 bytes inside of
[   90.367774][ T4600]  256-byte region [ffff888019255e00, ffff888019255f00)
[   90.380968][ T4600] 
[   90.383293][ T4600] The buggy address belongs to the physical page:
[   90.389797][ T4600] page:ffffea0000649500 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x19254
[   90.399962][ T4600] head:ffffea0000649500 order:1 compound_mapcount:0 compound_pincount:0
[   90.408284][ T4600] memcg:ffff88802119c801
[   90.412521][ T4600] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   90.420546][ T4600] raw: 00fff00000010200 ffffea0001dcb000 dead000000000003 ffff888017c42c80
[   90.429220][ T4600] raw: 0000000000000000 0000000080100010 00000001ffffffff ffff88802119c801
[   90.437827][ T4600] page dumped because: kasan: bad access detected
[   90.444267][ T4600] page_owner tracks the page as allocated
[   90.450009][ T4600] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 24, tgid 24 (kdevtmpfs), ts 2172967823, free_ts 0
[   90.469814][ T4600]  post_alloc_hook+0x18d/0x1b0
[   90.474581][ T4600]  get_page_from_freelist+0x3731/0x38d0
[   90.480128][ T4600]  __alloc_pages+0x28d/0x770
[   90.484717][ T4600]  alloc_slab_page+0x6a/0x150
[   90.489399][ T4600]  new_slab+0x84/0x2d0
[   90.493478][ T4600]  ___slab_alloc+0xc20/0x1270
[   90.498157][ T4600]  __kmem_cache_alloc_node+0x19f/0x260
[   90.503621][ T4600]  kmalloc_trace+0x26/0xe0
[   90.508040][ T4600]  alloc_mnt_ns+0xaf/0x3b0
[   90.512562][ T4600]  copy_mnt_ns+0xcb/0x9a0
[   90.516897][ T4600]  create_new_namespaces+0xd3/0x7a0
[   90.522099][ T4600]  unshare_nsproxy_namespaces+0x11e/0x170
[   90.527818][ T4600]  ksys_unshare+0x531/0xa40
[   90.532323][ T4600]  devtmpfs_setup+0x16/0xbe
[   90.536840][ T4600]  devtmpfsd+0x11/0x50
[   90.540912][ T4600]  kthread+0x28d/0x320
[   90.544977][ T4600] page_owner free stack trace missing
[   90.550334][ T4600] 
[   90.552654][ T4600] Memory state around the buggy address:
[   90.558279][ T4600]  ffff888019255d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   90.566356][ T4600]  ffff888019255d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   90.574419][ T4600] >ffff888019255e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   90.582476][ T4600]                       ^
[   90.586795][ T4600]  ffff888019255e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   90.594850][ T4600]  ffff888019255f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   90.602906][ T4600] ==================================================================
[   90.611112][ T4600] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   90.618434][ T4600] CPU: 0 PID: 4600 Comm: syz.0.86 Not tainted 6.1.123-syzkaller #0
[   90.626880][ T4600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   90.636945][ T4600] Call Trace:
[   90.640268][ T4600]  <TASK>
[   90.643212][ T4600]  dump_stack_lvl+0x1e3/0x2cb
[   90.647919][ T4600]  ? nf_tcp_handle_invalid+0x642/0x642
[   90.653435][ T4600]  ? panic+0x764/0x764
[   90.657520][ T4600]  ? rcu_is_watching+0x11/0xb0
[   90.662298][ T4600]  ? vscnprintf+0x59/0x80
[   90.666641][ T4600]  panic+0x318/0x764
[   90.670544][ T4600]  ? check_panic_on_warn+0x1d/0xa0
[   90.675664][ T4600]  ? memcpy_page_flushcache+0xfc/0xfc
[   90.681041][ T4600]  ? _raw_spin_unlock_irqrestore+0xd4/0x130
[   90.686944][ T4600]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   90.692860][ T4600]  ? _raw_spin_unlock+0x40/0x40
[   90.697740][ T4600]  ? print_report+0x4a3/0x4f0
[   90.702437][ T4600]  check_panic_on_warn+0x7e/0xa0
[   90.707391][ T4600]  ? cpu_map_enqueue+0xb6/0x370
[   90.712260][ T4600]  end_report+0x66/0x110
[   90.718710][ T4600]  kasan_report+0x143/0x160
[   90.723234][ T4600]  ? cpu_map_enqueue+0xb6/0x370
[   90.728103][ T4600]  cpu_map_enqueue+0xb6/0x370
[   90.732793][ T4600]  xdp_do_redirect_frame+0x2f0/0x660
[   90.738090][ T4600]  bpf_test_run_xdp_live+0xbf4/0x1ea0
[   90.743484][ T4600]  ? __mutex_unlock_slowpath+0x218/0x750
[   90.749124][ T4600]  ? 0xffffffffa00038c0
[   90.753275][ T4600]  ? bpf_test_run_xdp_live+0x75c/0x1ea0
[   90.758844][ T4600]  ? xdp_convert_md_to_buff+0x330/0x330
[   90.764411][ T4600]  ? bpf_dispatcher_change_prog+0xdf5/0xf80
[   90.770313][ T4600]  ? 0xffffffffa00038c0
[   90.774480][ T4600]  ? trace_raw_output_bpf_test_finish+0xd0/0xd0
[   90.780734][ T4600]  ? __might_fault+0xbd/0x110
[   90.785420][ T4600]  ? _copy_from_user+0x109/0x170
[   90.790405][ T4600]  ? bpf_test_init+0x15a/0x180
[   90.795171][ T4600]  ? xdp_convert_md_to_buff+0x5b/0x330
[   90.800636][ T4600]  bpf_prog_test_run_xdp+0x7d1/0x1130
[   90.806191][ T4600]  ? dev_put+0x80/0x80
[   90.810265][ T4600]  ? dev_put+0x80/0x80
[   90.814337][ T4600]  bpf_prog_test_run+0x32f/0x3a0
[   90.819286][ T4600]  __sys_bpf+0x3eb/0x6c0
[   90.823541][ T4600]  ? bpf_link_show_fdinfo+0x300/0x300
[   90.828924][ T4600]  ? print_irqtrace_events+0x210/0x210
[   90.834388][ T4600]  ? print_irqtrace_events+0x210/0x210
[   90.839871][ T4600]  ? syscall_enter_from_user_mode+0x2e/0x230
[   90.845857][ T4600]  ? lockdep_hardirqs_on+0x94/0x130
[   90.851057][ T4600]  __x64_sys_bpf+0x78/0x90
[   90.855482][ T4600]  do_syscall_64+0x3b/0xb0
[   90.859906][ T4600]  ? clear_bhb_loop+0x45/0xa0
[   90.864584][ T4600]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   90.870493][ T4600] RIP: 0033:0x7f49bc985d29
[   90.874925][ T4600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   90.894544][ T4600] RSP: 002b:00007f49bd801038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   90.902982][ T4600] RAX: ffffffffffffffda RBX: 00007f49bcb75fa0 RCX: 00007f49bc985d29
[   90.910999][ T4600] RDX: 0000000000000050 RSI: 00000000200000c0 RDI: 000000000000000a
[   90.918978][ T4600] RBP: 00007f49bca01b08 R08: 0000000000000000 R09: 0000000000000000
[   90.926962][ T4600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   90.934946][ T4600] R13: 0000000000000000 R14: 00007f49bcb75fa0 R15: 00007ffca94f4b28
[   90.942939][ T4600]  </TASK>
[   90.946318][ T4600] Kernel Offset: disabled
[   90.950666][ T4600] Rebooting in 86400 seconds..