syzkaller login: [ 97.009334][ T9] cfg80211: failed to load regulatory.db
Warning: Permanently added '[localhost]:16367' (ED25519) to the list of known hosts.
2026/02/07 06:12:56 parsed 1 programs
[ 135.255771][ T5338] cgroup: Unknown subsys name 'net'
[ 135.323375][ T5338] cgroup: Unknown subsys name 'cpuset'
[ 135.330732][ T5338] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 137.255764][ T5338] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 141.136950][ T5347] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 143.087178][ T1316] ieee802154 phy0 wpan0: encryption failed: -22
[ 143.091339][ T1316] ieee802154 phy1 wpan1: encryption failed: -22
[ 145.928955][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 145.932936][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 145.990984][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 145.994525][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 146.786399][ T5400] chnl_net:caif_netlink_parms(): no params data found
[ 146.855312][ T5400] bridge0: port 1(bridge_slave_0) entered blocking state
[ 146.859513][ T5400] bridge0: port 1(bridge_slave_0) entered disabled state
[ 146.863227][ T5400] bridge_slave_0: entered allmulticast mode
[ 146.868130][ T5400] bridge_slave_0: entered promiscuous mode
[ 146.874853][ T5400] bridge0: port 2(bridge_slave_1) entered blocking state
[ 146.878267][ T5400] bridge0: port 2(bridge_slave_1) entered disabled state
[ 146.881914][ T5400] bridge_slave_1: entered allmulticast mode
[ 146.886867][ T5400] bridge_slave_1: entered promiscuous mode
[ 146.911985][ T5400] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 146.918529][ T5400] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 146.945515][ T5400] team0: Port device team_slave_0 added
[ 146.950804][ T5400] team0: Port device team_slave_1 added
[ 146.972234][ T5400] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 146.975015][ T5400] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 146.986252][ T5400] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 146.993565][ T5400] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 146.996746][ T5400] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 147.008542][ T5400] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 147.047421][ T5400] hsr_slave_0: entered promiscuous mode
[ 147.051965][ T5400] hsr_slave_1: entered promiscuous mode
[ 147.195322][ T5400] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 147.208023][ T5400] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 147.215234][ T5400] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 147.223092][ T5400] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 147.306863][ T5400] 8021q: adding VLAN 0 to HW filter on device bond0
[ 147.325363][ T5400] 8021q: adding VLAN 0 to HW filter on device team0
[ 147.336176][ T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 147.339526][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 147.351802][ T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 147.355169][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 147.550687][ T5400] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 147.588191][ T5400] veth0_vlan: entered promiscuous mode
[ 147.596982][ T5400] veth1_vlan: entered promiscuous mode
[ 147.624942][ T5400] veth0_macvtap: entered promiscuous mode
[ 147.631973][ T5400] veth1_macvtap: entered promiscuous mode
[ 147.646662][ T5400] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 147.657932][ T5400] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 147.670613][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 147.681947][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 147.685977][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 147.700963][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 147.903432][ T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 147.923681][ T5423] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 147.927710][ T5423] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 147.933520][ T5423] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 147.938244][ T5423] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 147.946699][ T5423] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 147.990623][ T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 148.060638][ T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 148.112342][ T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/02/07 06:13:14 executed programs: 0
[ 150.247350][ T4671] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 150.254874][ T4671] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 150.258550][ T4671] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 150.263503][ T4671] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 150.266873][ T4671] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 150.551106][ T5444] chnl_net:caif_netlink_parms(): no params data found
[ 150.595445][ T13] bridge_slave_1: left allmulticast mode
[ 150.598263][ T13] bridge_slave_1: left promiscuous mode
[ 150.610327][ T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 150.617965][ T13] bridge_slave_0: left allmulticast mode
[ 150.622036][ T13] bridge_slave_0: left promiscuous mode
[ 150.624866][ T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 151.016608][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 151.024424][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 151.028834][ T13] bond0 (unregistering): Released all slaves
[ 151.110071][ T13] hsr_slave_0: left promiscuous mode
[ 151.116917][ T13] hsr_slave_1: left promiscuous mode
[ 151.120190][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 151.123416][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 151.140427][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 151.143883][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 151.167067][ T13] veth1_macvtap: left promiscuous mode
[ 151.179792][ T13] veth0_macvtap: left promiscuous mode
[ 151.182453][ T13] veth1_vlan: left promiscuous mode
[ 151.185302][ T13] veth0_vlan: left promiscuous mode
[ 151.554662][ T13] team0 (unregistering): Port device team_slave_1 removed
[ 151.580501][ T13] team0 (unregistering): Port device team_slave_0 removed
[ 151.931995][ T5444] bridge0: port 1(bridge_slave_0) entered blocking state
[ 151.935515][ T5444] bridge0: port 1(bridge_slave_0) entered disabled state
[ 151.938811][ T5444] bridge_slave_0: entered allmulticast mode
[ 151.950834][ T5444] bridge_slave_0: entered promiscuous mode
[ 151.970110][ T5444] bridge0: port 2(bridge_slave_1) entered blocking state
[ 151.973149][ T5444] bridge0: port 2(bridge_slave_1) entered disabled state
[ 151.976399][ T5444] bridge_slave_1: entered allmulticast mode
[ 152.014325][ T5444] bridge_slave_1: entered promiscuous mode
[ 152.132033][ T5444] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 152.171246][ T5444] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 152.250505][ T5444] team0: Port device team_slave_0 added
[ 152.281404][ T4671] Bluetooth: hci0: command tx timeout
[ 152.582707][ T5444] team0: Port device team_slave_1 added
[ 152.674302][ T5444] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 152.683266][ T5444] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 152.702525][ T5444] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 152.735743][ T5444] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 152.738638][ T5444] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 152.769788][ T5444] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 152.894958][ T5444] hsr_slave_0: entered promiscuous mode
[ 152.901850][ T5444] hsr_slave_1: entered promiscuous mode
[ 153.581090][ T5444] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 153.598597][ T5444] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 153.612242][ T5444] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 153.631761][ T5444] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 153.754849][ T5444] 8021q: adding VLAN 0 to HW filter on device bond0
[ 153.777688][ T5444] 8021q: adding VLAN 0 to HW filter on device team0
[ 153.796905][ T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 153.800164][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 153.833079][ T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 153.836191][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 154.218026][ T5444] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 154.291123][ T5444] veth0_vlan: entered promiscuous mode
[ 154.313693][ T5444] veth1_vlan: entered promiscuous mode
[ 154.362648][ T4671] Bluetooth: hci0: command tx timeout
[ 154.367062][ T5444] veth0_macvtap: entered promiscuous mode
[ 154.385229][ T5444] veth1_macvtap: entered promiscuous mode
[ 154.410471][ T5444] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 154.431848][ T5444] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 154.477008][ T3067] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 154.483068][ T3067] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 154.487038][ T3067] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 154.514376][ T3067] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 154.567709][ T3067] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 154.577819][ T3067] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 154.608567][ T1040] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 154.613155][ T1040] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 154.737068][ T5500] ==================================================================
[ 154.740400][ T5500] BUG: KASAN: slab-out-of-bounds in fib6_add_rt2node+0x349c/0x3500
[ 154.744136][ T5500] Read of size 1 at addr ffff8880384ba6de by task syz.0.18/5500
[ 154.748509][ T5500]
[ 154.749622][ T5500] CPU: 0 UID: 0 PID: 5500 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT(full)
[ 154.749637][ T5500] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 154.749643][ T5500] Call Trace:
[ 154.749651][ T5500]
[ 154.749656][ T5500] dump_stack_lvl+0xe8/0x150
[ 154.749799][ T5500] print_report+0xba/0x230
[ 154.749813][ T5500] ? fib6_add_rt2node+0x349c/0x3500
[ 154.749826][ T5500] kasan_report+0x117/0x150
[ 154.749900][ T5500] ? stack_trace_save+0xa9/0x100
[ 154.749966][ T5500] ? fib6_add_rt2node+0x349c/0x3500
[ 154.749978][ T5500] fib6_add_rt2node+0x349c/0x3500
[ 154.749991][ T5500] ? __lock_acquire+0x6b5/0x2cf0
[ 154.750012][ T5500] ? __pfx_fib6_add_rt2node+0x10/0x10
[ 154.750024][ T5500] ? do_raw_spin_lock+0x12b/0x2f0
[ 154.750036][ T5500] ? fib6_add+0x84b/0x18c0
[ 154.750046][ T5500] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 154.750061][ T5500] fib6_add+0x910/0x18c0
[ 154.750082][ T5500] ? do_raw_spin_lock+0x12b/0x2f0
[ 154.750099][ T5500] ? __pfx_fib6_add+0x10/0x10
[ 154.750112][ T5500] ? ip6_route_add+0xc9/0x1b0
[ 154.750126][ T5500] ip6_route_add+0xde/0x1b0
[ 154.750139][ T5500] inet6_rtm_newroute+0x268/0x19e0
[ 154.750160][ T5500] ? kasan_quarantine_put+0xbb/0x1f0
[ 154.750175][ T5500] ? lockdep_hardirqs_on+0x7a/0x110
[ 154.750188][ T5500] ? __pfx_inet6_rtm_newroute+0x10/0x10
[ 154.750205][ T5500] ? kmem_cache_free+0x195/0x610
[ 154.750221][ T5500] ? nlmon_xmit+0xb0/0x100
[ 154.750362][ T5500] ? __lock_acquire+0x6b5/0x2cf0
[ 154.750386][ T5500] ? __local_bh_enable_ip+0xd0/0x130
[ 154.750398][ T5500] ? lockdep_hardirqs_on+0x7a/0x110
[ 154.750417][ T5500] ? __pfx_inet6_rtm_newroute+0x10/0x10
[ 154.750434][ T5500] rtnetlink_rcv_msg+0x7d5/0xbe0
[ 154.750484][ T5500] ? rtnetlink_rcv_msg+0x1b9/0xbe0
[ 154.750495][ T5500] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 154.750505][ T5500] ? ref_tracker_free+0x693/0x840
[ 154.750609][ T5500] ? __copy_skb_header+0xa3/0x4a0
[ 154.750623][ T5500] ? __pfx_ref_tracker_free+0x10/0x10
[ 154.750635][ T5500] ? __skb_clone+0x63/0x7a0
[ 154.750650][ T5500] netlink_rcv_skb+0x232/0x4b0
[ 154.750669][ T5500] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 154.750681][ T5500] ? __pfx_netlink_rcv_skb+0x10/0x10
[ 154.750700][ T5500] ? netlink_deliver_tap+0x2e/0x1b0
[ 154.750713][ T5500] netlink_unicast+0x80f/0x9b0
[ 154.750731][ T5500] ? __pfx_netlink_unicast+0x10/0x10
[ 154.750745][ T5500] ? __alloc_skb+0x193/0x390
[ 154.750757][ T5500] ? netlink_sendmsg+0x650/0xb40
[ 154.750767][ T5500] ? skb_put+0x11b/0x210
[ 154.750780][ T5500] netlink_sendmsg+0x813/0xb40
[ 154.750794][ T5500] ? __pfx_netlink_sendmsg+0x10/0x10
[ 154.750805][ T5500] ? lruvec_stat_mod_folio+0x70/0x4b0
[ 154.750818][ T5500] ? aa_sock_msg_perm+0xf1/0x1b0
[ 154.750852][ T5500] ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 154.750870][ T5500] ? __pfx_netlink_sendmsg+0x10/0x10
[ 154.750881][ T5500] ____sys_sendmsg+0xa68/0xad0
[ 154.750895][ T5500] ? __might_fault+0xaf/0x130
[ 154.750912][ T5500] ? __pfx_____sys_sendmsg+0x10/0x10
[ 154.750928][ T5500] ? import_iovec+0x73/0xa0
[ 154.750945][ T5500] ___sys_sendmsg+0x2a5/0x360
[ 154.750959][ T5500] ? __pfx____sys_sendmsg+0x10/0x10
[ 154.750974][ T5500] ? futex_hash_put+0x4b/0x60
[ 154.750988][ T5500] ? futex_wake+0x4ac/0x580
[ 154.751009][ T5500] __x64_sys_sendmsg+0x1bd/0x2a0
[ 154.751024][ T5500] ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 154.751043][ T5500] do_syscall_64+0xe2/0xf80
[ 154.751055][ T5500] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 154.751088][ T5500] ? trace_irq_disable+0x37/0x100
[ 154.751104][ T5500] ? clear_bhb_loop+0x60/0xb0
[ 154.751117][ T5500] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 154.751130][ T5500] RIP: 0033:0x7f9316b9aeb9
[ 154.751143][ T5500] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 154.751153][ T5500] RSP: 002b:00007ffd8809b678 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 154.751167][ T5500] RAX: ffffffffffffffda RBX: 00007f9316e15fa0 RCX: 00007f9316b9aeb9
[ 154.751176][ T5500] RDX: 0000000000000000 RSI: 0000200000004380 RDI: 0000000000000003
[ 154.751183][ T5500] RBP: 00007f9316c08c1f R08: 0000000000000000 R09: 0000000000000000
[ 154.751191][ T5500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 154.751198][ T5500] R13: 00007f9316e15fac R14: 00007f9316e15fa0 R15: 00007f9316e15fa0
[ 154.751210][ T5500]
[ 154.751215][ T5500]
[ 154.933141][ T5500] Allocated by task 5499:
[ 154.935032][ T5500] kasan_save_track+0x3e/0x80
[ 154.937075][ T5500] __kasan_kmalloc+0x93/0xb0
[ 154.939154][ T5500] __kmalloc_noprof+0x40c/0x7e0
[ 154.941357][ T5500] fib6_info_alloc+0x30/0xf0
[ 154.943672][ T5500] ip6_route_info_create+0x142/0x860
[ 154.946132][ T5500] ip6_route_add+0x49/0x1b0
[ 154.948140][ T5500] inet6_rtm_newroute+0x268/0x19e0
[ 154.950498][ T5500] rtnetlink_rcv_msg+0x7d5/0xbe0
[ 154.952739][ T5500] netlink_rcv_skb+0x232/0x4b0
[ 154.954927][ T5500] netlink_unicast+0x80f/0x9b0
[ 154.956923][ T5500] netlink_sendmsg+0x813/0xb40
[ 154.959059][ T5500] ____sys_sendmsg+0xa68/0xad0
[ 154.961085][ T5500] ___sys_sendmsg+0x2a5/0x360
[ 154.963130][ T5500] __x64_sys_sendmsg+0x1bd/0x2a0
[ 154.965326][ T5500] do_syscall_64+0xe2/0xf80
[ 154.967337][ T5500] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 154.969875][ T5500]
[ 154.970990][ T5500] The buggy address belongs to the object at ffff8880384ba600
[ 154.970990][ T5500] which belongs to the cache kmalloc-256 of size 256
[ 154.977199][ T5500] The buggy address is located 22 bytes to the right of
[ 154.977199][ T5500] allocated 200-byte region [ffff8880384ba600, ffff8880384ba6c8)
[ 154.983640][ T5500]
[ 154.984783][ T5500] The buggy address belongs to the physical page:
[ 154.987577][ T5500] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x384ba
[ 154.991226][ T5500] ksm flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 154.994592][ T5500] page_type: f5(slab)
[ 154.996427][ T5500] raw: 04fff00000000000 ffff88801a841b40 ffffea0000c2c780 dead000000000007
[ 155.000226][ T5500] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[ 155.004157][ T5500] page dumped because: kasan: bad access detected
[ 155.007543][ T5500] page_owner tracks the page as allocated
[ 155.010067][ T5500] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 27805093247, free_ts 22714174709
[ 155.018097][ T5500] post_alloc_hook+0x228/0x280
[ 155.020105][ T5500] get_page_from_freelist+0x24dc/0x2580
[ 155.022524][ T5500] __alloc_frozen_pages_noprof+0x18d/0x380
[ 155.024916][ T5500] alloc_pages_mpol+0x232/0x4a0
[ 155.027002][ T5500] allocate_slab+0x86/0x3a0
[ 155.028933][ T5500] ___slab_alloc+0xd82/0x1760
[ 155.030997][ T5500] __slab_alloc+0x65/0x100
[ 155.032954][ T5500] __kvmalloc_node_noprof+0x673/0x8d0
[ 155.035317][ T5500] v4l2_ctrl_new+0x9d5/0x1790
[ 155.037456][ T5500] v4l2_ctrl_new_std+0x24e/0x300
[ 155.039598][ T5500] handler_new_ref+0x153/0x9c0
[ 155.041731][ T5500] v4l2_ctrl_add_handler+0x19f/0x290
[ 155.044014][ T5500] vivid_create_controls+0x2fdc/0x3bd0
[ 155.046419][ T5500] vivid_probe+0x4261/0x72b0
[ 155.048446][ T5500] platform_probe+0xf9/0x190
[ 155.050502][ T5500] really_probe+0x267/0xaf0
[ 155.052456][ T5500] page last free pid 36 tgid 36 stack trace:
[ 155.055012][ T5500] __free_frozen_pages+0xbf8/0xd70
[ 155.057211][ T5500] vfree+0x25a/0x400
[ 155.058855][ T5500] delayed_vfree_work+0x55/0x80
[ 155.060697][ T5500] process_scheduled_works+0xaec/0x17a0
[ 155.062856][ T5500] worker_thread+0xda6/0x1360
[ 155.064718][ T5500] kthread+0x726/0x8b0
[ 155.066437][ T5500] ret_from_fork+0x51b/0xa40
[ 155.068298][ T5500] ret_from_fork_asm+0x1a/0x30
[ 155.070383][ T5500]
[ 155.071458][ T5500] Memory state around the buggy address:
[ 155.073915][ T5500] ffff8880384ba580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 155.077382][ T5500] ffff8880384ba600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 155.080778][ T5500] >ffff8880384ba680: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[ 155.084975][ T5500] ^
[ 155.088706][ T5500] ffff8880384ba700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 155.092993][ T5500] ffff8880384ba780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 155.096559][ T5500] ==================================================================
[ 155.100339][ T5500] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 155.103620][ T5500] CPU: 0 UID: 0 PID: 5500 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT(full)
[ 155.107609][ T5500] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 155.111991][ T5500] Call Trace:
[ 155.113570][ T5500]
[ 155.114960][ T5500] vpanic+0x1e0/0x670
[ 155.116797][ T5500] panic+0xc5/0xd0
[ 155.118518][ T5500] ? __pfx_panic+0x10/0x10
[ 155.120540][ T5500] ? fib6_add_rt2node+0x349c/0x3500
[ 155.122791][ T5500] ? fib6_add_rt2node+0x349c/0x3500
[ 155.124813][ T5500] check_panic_on_warn+0x89/0xb0
[ 155.126734][ T5500] ? fib6_add_rt2node+0x349c/0x3500
[ 155.128876][ T5500] end_report+0x6f/0x140
[ 155.130360][ T5500] kasan_report+0x128/0x150
[ 155.132238][ T5500] ? stack_trace_save+0xa9/0x100
[ 155.134188][ T5500] ? fib6_add_rt2node+0x349c/0x3500
[ 155.136350][ T5500] fib6_add_rt2node+0x349c/0x3500
[ 155.138768][ T5500] ? __lock_acquire+0x6b5/0x2cf0
[ 155.141429][ T5500] ? __pfx_fib6_add_rt2node+0x10/0x10
[ 155.143797][ T5500] ? do_raw_spin_lock+0x12b/0x2f0
[ 155.146009][ T5500] ? fib6_add+0x84b/0x18c0
[ 155.147875][ T5500] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 155.150166][ T5500] fib6_add+0x910/0x18c0
[ 155.151998][ T5500] ? do_raw_spin_lock+0x12b/0x2f0
[ 155.154099][ T5500] ? __pfx_fib6_add+0x10/0x10
[ 155.156200][ T5500] ? ip6_route_add+0xc9/0x1b0
[ 155.158240][ T5500] ip6_route_add+0xde/0x1b0
[ 155.160214][ T5500] inet6_rtm_newroute+0x268/0x19e0
[ 155.162431][ T5500] ? kasan_quarantine_put+0xbb/0x1f0
[ 155.164672][ T5500] ? lockdep_hardirqs_on+0x7a/0x110
[ 155.166973][ T5500] ? __pfx_inet6_rtm_newroute+0x10/0x10
[ 155.169314][ T5500] ? kmem_cache_free+0x195/0x610
[ 155.171343][ T5500] ? nlmon_xmit+0xb0/0x100
[ 155.173268][ T5500] ? __lock_acquire+0x6b5/0x2cf0
[ 155.175346][ T5500] ? __local_bh_enable_ip+0xd0/0x130
[ 155.177646][ T5500] ? lockdep_hardirqs_on+0x7a/0x110
[ 155.179877][ T5500] ? __pfx_inet6_rtm_newroute+0x10/0x10
[ 155.182330][ T5500] rtnetlink_rcv_msg+0x7d5/0xbe0
[ 155.184638][ T5500] ? rtnetlink_rcv_msg+0x1b9/0xbe0
[ 155.186925][ T5500] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 155.189383][ T5500] ? ref_tracker_free+0x693/0x840
[ 155.191554][ T5500] ? __copy_skb_header+0xa3/0x4a0
[ 155.193863][ T5500] ? __pfx_ref_tracker_free+0x10/0x10
[ 155.196299][ T5500] ? __skb_clone+0x63/0x7a0
[ 155.198397][ T5500] netlink_rcv_skb+0x232/0x4b0
[ 155.200480][ T5500] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 155.202810][ T5500] ? __pfx_netlink_rcv_skb+0x10/0x10
[ 155.205306][ T5500] ? netlink_deliver_tap+0x2e/0x1b0
[ 155.207928][ T5500] netlink_unicast+0x80f/0x9b0
[ 155.210138][ T5500] ? __pfx_netlink_unicast+0x10/0x10
[ 155.212644][ T5500] ? __alloc_skb+0x193/0x390
[ 155.214776][ T5500] ? netlink_sendmsg+0x650/0xb40
[ 155.217023][ T5500] ? skb_put+0x11b/0x210
[ 155.219128][ T5500] netlink_sendmsg+0x813/0xb40
[ 155.221466][ T5500] ? __pfx_netlink_sendmsg+0x10/0x10
[ 155.224070][ T5500] ? lruvec_stat_mod_folio+0x70/0x4b0
[ 155.226537][ T5500] ? aa_sock_msg_perm+0xf1/0x1b0
[ 155.228714][ T5500] ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 155.231062][ T5500] ? __pfx_netlink_sendmsg+0x10/0x10
[ 155.233508][ T5500] ____sys_sendmsg+0xa68/0xad0
[ 155.235641][ T5500] ? __might_fault+0xaf/0x130
[ 155.237561][ T5500] ? __pfx_____sys_sendmsg+0x10/0x10
[ 155.239774][ T5500] ? import_iovec+0x73/0xa0
[ 155.241730][ T5500] ___sys_sendmsg+0x2a5/0x360
[ 155.243640][ T5500] ? __pfx____sys_sendmsg+0x10/0x10
[ 155.245807][ T5500] ? futex_hash_put+0x4b/0x60
[ 155.247795][ T5500] ? futex_wake+0x4ac/0x580
[ 155.249815][ T5500] __x64_sys_sendmsg+0x1bd/0x2a0
[ 155.252002][ T5500] ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 155.254480][ T5500] do_syscall_64+0xe2/0xf80
[ 155.256451][ T5500] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 155.259110][ T5500] ? trace_irq_disable+0x37/0x100
[ 155.261497][ T5500] ? clear_bhb_loop+0x60/0xb0
[ 155.263563][ T5500] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 155.266149][ T5500] RIP: 0033:0x7f9316b9aeb9
[ 155.268202][ T5500] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 155.276678][ T5500] RSP: 002b:00007ffd8809b678 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 155.280330][ T5500] RAX: ffffffffffffffda RBX: 00007f9316e15fa0 RCX: 00007f9316b9aeb9
[ 155.283903][ T5500] RDX: 0000000000000000 RSI: 0000200000004380 RDI: 0000000000000003
[ 155.287337][ T5500] RBP: 00007f9316c08c1f R08: 0000000000000000 R09: 0000000000000000
[ 155.290795][ T5500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 155.294728][ T5500] R13: 00007f9316e15fac R14: 00007f9316e15fa0 R15: 00007f9316e15fa0
[ 155.298248][ T5500]
[ 155.300007][ T5500] Kernel Offset: disabled
[ 155.301900][ T5500] Rebooting in 86400 seconds..
VM DIAGNOSIS:
06:13:18 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000020 RBX=0000000000000020 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90002806870
R8 =ffff888034288237 R9 =1ffff11006851046 R10=dffffc0000000000 R11=ffffffff85336a70
R12=dffffc0000000000 R13=ffffffff9a02ea04 R14=ffffffff9a3436a0 R15=0000000000000000
RIP=ffffffff85336aec RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055557cfee500 ffffffff 00c00000
GS =0000 ffff88808cce8000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000004380 CR3=0000000011e52000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=000000000000003f Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7a79732f74656e2f 70756f7267637a79
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd8809bac6
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd8809bac6 00007ffd8809bacc
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9316c08704
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9316c08750
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9316c086c4
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9316c08742
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f6c667265766f20 6772612061746164 000a747261745374 6f687370616e5300
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000500060006
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000180
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000005 0000000000000000 0000000000000000 0000000000000180
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000