Warning: Permanently added '[localhost]:48104' (ED25519) to the list of known hosts.
2024/07/22 11:59:16 ignoring optional flag "sandboxArg"="0"
2024/07/22 11:59:16 parsed 1 programs
[  108.823107][   T39] audit: type=1400 audit(1721649559.835:140): avc:  denied  { unlink } for  pid=5463 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  110.726234][ T5463] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  114.009788][   T39] audit: type=1401 audit(1721649565.015:141): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[  114.238302][   T66] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  114.248956][   T66] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  114.253816][   T66] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  114.257875][   T66] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  114.262105][   T66] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  114.266929][   T66] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  114.556053][   T76] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.559941][   T76] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.610184][   T76] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.613329][   T76] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.322152][ T5547] chnl_net:caif_netlink_parms(): no params data found
[  115.518749][ T5547] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.522522][ T5547] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.526190][ T5547] bridge_slave_0: entered allmulticast mode
[  115.530658][ T5547] bridge_slave_0: entered promiscuous mode
[  115.536402][ T5547] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.539334][ T5547] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.543040][ T5547] bridge_slave_1: entered allmulticast mode
[  115.546486][ T5547] bridge_slave_1: entered promiscuous mode
[  115.604954][ T5547] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  115.614579][ T5547] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  115.689147][ T5547] team0: Port device team_slave_0 added
[  115.713470][ T5547] team0: Port device team_slave_1 added
[  115.825387][ T5547] batman_adv: batadv0: Adding interface: batadv_slave_0
[  115.829179][ T5547] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  115.864745][ T5547] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  115.887608][ T5547] batman_adv: batadv0: Adding interface: batadv_slave_1
[  115.892594][ T5547] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  115.919532][ T5547] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  116.112432][ T5547] hsr_slave_0: entered promiscuous mode
[  116.132861][ T5547] hsr_slave_1: entered promiscuous mode
[  117.325443][ T5547] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  117.377807][ T5547] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  117.404486][ T5547] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  117.415596][ T5547] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  117.526280][ T5547] 8021q: adding VLAN 0 to HW filter on device bond0
[  117.544894][ T5547] 8021q: adding VLAN 0 to HW filter on device team0
[  117.561587][   T56] bridge0: port 1(bridge_slave_0) entered blocking state
[  117.577569][   T56] bridge0: port 1(bridge_slave_0) entered forwarding state
[  117.589277][   T30] bridge0: port 2(bridge_slave_1) entered blocking state
[  117.593454][   T30] bridge0: port 2(bridge_slave_1) entered forwarding state
[  117.830704][ T5547] 8021q: adding VLAN 0 to HW filter on device batadv0
[  117.872257][ T5547] veth0_vlan: entered promiscuous mode
[  117.883910][ T5547] veth1_vlan: entered promiscuous mode
[  117.917126][ T5547] veth0_macvtap: entered promiscuous mode
[  117.923725][ T5547] veth1_macvtap: entered promiscuous mode
[  117.939610][ T5547] batman_adv: batadv0: Interface activated: batadv_slave_0
[  117.954279][ T5547] batman_adv: batadv0: Interface activated: batadv_slave_1
[  117.978703][ T5547] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  117.982193][ T5547] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  117.985666][ T5547] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  117.989364][ T5547] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  118.454315][   T76] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.613629][   T76] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.751795][   T76] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2024/07/22 11:59:30 executed programs: 0
[  119.447813][   T66] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  119.462789][   T66] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  119.467076][   T66] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  119.476482][   T66] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  119.480793][   T66] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  119.485130][   T66] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  119.692854][ T5656] chnl_net:caif_netlink_parms(): no params data found
[  119.922302][ T5656] bridge0: port 1(bridge_slave_0) entered blocking state
[  119.926724][ T5656] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.930291][ T5656] bridge_slave_0: entered allmulticast mode
[  119.934096][ T5656] bridge_slave_0: entered promiscuous mode
[  119.939936][ T5656] bridge0: port 2(bridge_slave_1) entered blocking state
[  119.944398][ T5656] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.947910][ T5656] bridge_slave_1: entered allmulticast mode
[  119.952512][ T5656] bridge_slave_1: entered promiscuous mode
[  120.088948][ T5656] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  120.096531][ T5656] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  120.252622][ T5656] team0: Port device team_slave_0 added
[  120.265120][ T5656] team0: Port device team_slave_1 added
[  120.357775][ T5656] batman_adv: batadv0: Adding interface: batadv_slave_0
[  120.363799][ T5656] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  120.394117][ T5656] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  120.413964][ T5656] batman_adv: batadv0: Adding interface: batadv_slave_1
[  120.417309][ T5656] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  120.427270][ T5656] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  120.523678][ T5656] hsr_slave_0: entered promiscuous mode
[  120.539383][ T5656] hsr_slave_1: entered promiscuous mode
[  120.544804][ T5656] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  120.548608][ T5656] Cannot create hsr debugfs directory
[  121.522284][ T4644] Bluetooth: hci0: command tx timeout
[  121.558176][   T76] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  123.590541][ T4644] Bluetooth: hci0: command tx timeout
[  124.074693][   T76] bridge_slave_1: left allmulticast mode
[  124.077039][   T76] bridge_slave_1: left promiscuous mode
[  124.079559][   T76] bridge0: port 2(bridge_slave_1) entered disabled state
[  124.087006][   T76] bridge_slave_0: left allmulticast mode
[  124.091776][   T76] bridge_slave_0: left promiscuous mode
[  124.094814][   T76] bridge0: port 1(bridge_slave_0) entered disabled state
[  124.412055][   T76] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  124.424895][   T76] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  124.432053][   T76] bond0 (unregistering): Released all slaves
[  124.709920][   T76] hsr_slave_0: left promiscuous mode
[  124.742682][   T76] hsr_slave_1: left promiscuous mode
[  124.752527][   T76] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  124.756303][   T76] batman_adv: batadv0: Removing interface: batadv_slave_0
[  124.762720][   T76] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  124.765933][   T76] batman_adv: batadv0: Removing interface: batadv_slave_1
[  124.793553][   T76] veth1_macvtap: left promiscuous mode
[  124.797081][   T76] veth0_macvtap: left promiscuous mode
[  124.800359][   T76] veth1_vlan: left promiscuous mode
[  124.802916][   T76] veth0_vlan: left promiscuous mode
[  125.629083][   T76] team0 (unregistering): Port device team_slave_1 removed
[  125.670564][ T4644] Bluetooth: hci0: command tx timeout
[  125.733410][   T76] team0 (unregistering): Port device team_slave_0 removed
[  126.677317][ T5656] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  126.734040][ T5656] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  126.757202][ T5656] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  126.764963][ T5656] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  126.981300][ T5656] 8021q: adding VLAN 0 to HW filter on device bond0
[  127.028503][ T5656] 8021q: adding VLAN 0 to HW filter on device team0
[  127.058047][ T5581] bridge0: port 1(bridge_slave_0) entered blocking state
[  127.061577][ T5581] bridge0: port 1(bridge_slave_0) entered forwarding state
[  127.066615][ T5581] bridge0: port 2(bridge_slave_1) entered blocking state
[  127.069455][ T5581] bridge0: port 2(bridge_slave_1) entered forwarding state
[  127.143531][ T5656] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  127.445286][ T5656] 8021q: adding VLAN 0 to HW filter on device batadv0
[  127.504023][ T5656] veth0_vlan: entered promiscuous mode
[  127.524881][ T5656] veth1_vlan: entered promiscuous mode
[  127.583211][ T5656] veth0_macvtap: entered promiscuous mode
[  127.601786][ T5656] veth1_macvtap: entered promiscuous mode
[  127.624381][ T5656] batman_adv: batadv0: Interface activated: batadv_slave_0
[  127.633706][ T5656] batman_adv: batadv0: Interface activated: batadv_slave_1
[  127.645674][ T5656] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  127.649573][ T5656] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  127.655417][ T5656] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  127.659051][ T5656] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  127.761031][ T4644] Bluetooth: hci0: command tx timeout
[  127.762969][ T1093] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.767957][ T1093] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.783400][  T669] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.786183][  T669] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2024/07/22 11:59:38 executed programs: 2
[  127.841697][   T39] audit: type=1400 audit(1721649578.855:142): avc:  denied  { prog_load } for  pid=5751 comm="syz.0.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  127.849190][   T39] audit: type=1400 audit(1721649578.855:143): avc:  denied  { bpf } for  pid=5751 comm="syz.0.15" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  127.859291][   T39] audit: type=1400 audit(1721649578.855:144): avc:  denied  { perfmon } for  pid=5751 comm="syz.0.15" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  127.881212][   T39] audit: type=1400 audit(1721649578.895:145): avc:  denied  { prog_run } for  pid=5751 comm="syz.0.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  127.888007][   T39] audit: type=1400 audit(1721649578.895:146): avc:  denied  { create } for  pid=5751 comm="syz.0.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  127.896136][   T39] audit: type=1400 audit(1721649578.895:147): avc:  denied  { ioctl } for  pid=5751 comm="syz.0.15" path="socket:[8866]" dev="sockfs" ino=8866 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  130.270860][    C1] ==================================================================
[  130.276928][    C1] BUG: KASAN: stack-out-of-bounds in xdp_do_check_flushed+0x355/0x3f0
[  130.281733][    C1] Read of size 4 at addr ffffc9000336fa50 by task syz.0.70/5863
[  130.287534][    C1] 
[  130.288628][    C1] CPU: 1 PID: 5863 Comm: syz.0.70 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4-dirty #0
[  130.295090][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  130.299978][    C1] Call Trace:
[  130.301635][    C1]  <IRQ>
[  130.303541][    C1]  dump_stack_lvl+0x116/0x1f0
[  130.306148][    C1]  print_report+0xc3/0x620
[  130.308824][    C1]  ? __virt_addr_valid+0x5e/0x590
[  130.311196][    C1]  kasan_report+0xd9/0x110
[  130.313567][    C1]  ? xdp_do_check_flushed+0x355/0x3f0
[  130.316685][    C1]  ? xdp_do_check_flushed+0x355/0x3f0
[  130.319545][    C1]  xdp_do_check_flushed+0x355/0x3f0
[  130.321985][    C1]  __napi_poll.constprop.0+0xd1/0x550
[  130.324548][    C1]  net_rx_action+0xa92/0x1010
[  130.326670][    C1]  ? __pfx_net_rx_action+0x10/0x10
[  130.329608][    C1]  ? rcu_qs+0xe0/0xe0
[  130.332235][    C1]  ? trace_rcu_utilization+0x100/0x160
[  130.335246][    C1]  handle_softirqs+0x216/0x8f0
[  130.337603][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  130.340219][    C1]  irq_exit_rcu+0xbb/0x120
[  130.342531][    C1]  sysvec_apic_timer_interrupt+0x95/0xb0
[  130.345393][    C1]  </IRQ>
[  130.346805][    C1]  <TASK>
[  130.348442][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  130.351390][    C1] RIP: 0010:__schedule+0xe3f/0x5490
[  130.353886][    C1] Code: fa 48 c1 ea 03 80 3c 02 00 0f 85 ba 3f 00 00 48 8b bd 10 ff ff ff 4d 89 77 10 4c 89 f6 e8 b9 6e 0f f6 48 89 c7 e8 71 e8 69 f6 <48> 8b 8d a0 fe ff ff 48 b8 00 00 00 00 00 fc ff df 48 01 c1 48 c7
[  130.362415][    C1] RSP: 0018:ffffc9000336f980 EFLAGS: 00000206
[  130.365178][    C1] RAX: 000000000000018b RBX: ffff8880256b0000 RCX: 1ffffffff1fce461
[  130.368775][    C1] RDX: 0000000000000000 RSI: ffffffff8b2cbac0 RDI: ffffffff8b909e40
[  130.372127][    C1] RBP: ffffc9000336fb10 R08: 0000000000000001 R09: 0000000000000001
[  130.376192][    C1] R10: ffffffff8fe7675f R11: 0000000000000001 R12: ffff88806b13f788
[  130.380308][    C1] R13: 0000000000000000 R14: ffff8880256b0000 R15: ffff88806b13ec80
[  130.384582][    C1]  ? select_task_rq_fair+0x4af/0x44b0
[  130.387983][    C1]  ? __pfx_lock_release+0x10/0x10
[  130.391129][    C1]  ? __pfx___schedule+0x10/0x10
[  130.394131][    C1]  ? irqentry_exit+0x3b/0x90
[  130.396773][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[  130.399386][    C1]  ? preempt_schedule_thunk+0x1a/0x30
[  130.402008][    C1]  preempt_schedule_common+0x44/0xc0
[  130.404575][    C1]  preempt_schedule_thunk+0x1a/0x30
[  130.406833][    C1]  ? select_task_rq_fair+0x360/0x44b0
[  130.409684][    C1]  try_to_wake_up+0xc08/0x13e0
[  130.411754][    C1]  ? __pfx_try_to_wake_up+0x10/0x10
[  130.413991][    C1]  ? __pfx_lock_release+0x10/0x10
[  130.416078][    C1]  ? plist_check_head+0x9e/0x140
[  130.418117][    C1]  wake_up_q+0x91/0x140
[  130.420502][    C1]  ? do_raw_spin_unlock+0x172/0x230
[  130.423004][    C1]  futex_wake+0x43e/0x4e0
[  130.425148][    C1]  ? __pfx_futex_wake+0x10/0x10
[  130.427833][    C1]  ? vfs_write+0x917/0x1140
[  130.430710][    C1]  ? vfs_write+0x14d/0x1140
[  130.433493][    C1]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  130.436366][    C1]  do_futex+0x1e5/0x350
[  130.438661][    C1]  ? __pfx_do_futex+0x10/0x10
[  130.441308][    C1]  ? __fget_files+0x256/0x400
[  130.443775][    C1]  __x64_sys_futex+0x1e1/0x4c0
[  130.445953][    C1]  ? fput+0x32/0x390
[  130.447899][    C1]  ? __pfx___x64_sys_futex+0x10/0x10
[  130.450534][    C1]  ? ksys_write+0x1ab/0x260
[  130.452929][    C1]  ? __pfx_ksys_write+0x10/0x10
[  130.455792][    C1]  do_syscall_64+0xcd/0x250
[  130.458131][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  130.460872][    C1] RIP: 0033:0x7fc830f75b59
[  130.463318][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  130.473551][    C1] RSP: 002b:00007fc831d8e0f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  130.477153][    C1] RAX: ffffffffffffffda RBX: 00007fc831105f68 RCX: 00007fc830f75b59
[  130.480654][    C1] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc831105f6c
[  130.484896][    C1] RBP: 00007fc831105f60 R08: 00007fc831d8f080 R09: 00007fc831d8e6c0
[  130.489047][    C1] R10: 0000000000000e80 R11: 0000000000000246 R12: 00007fc831105f6c
[  130.493159][    C1] R13: 000000000000000b R14: 00007ffea9d2b330 R15: 00007ffea9d2b418
[  130.497759][    C1]  </TASK>
[  130.499480][    C1] 
[  130.500711][    C1] The buggy address belongs to stack of task syz.0.70/5863
[  130.503861][    C1]  and is located at offset 40 in frame:
[  130.506423][    C1]  __schedule+0x0/0x5490
[  130.508234][    C1] 
[  130.509366][    C1] This frame has 3 objects:
[  130.512133][    C1]  [48, 52) 'cid'
[  130.512142][    C1]  [64, 80) 'rf'
[  130.514346][    C1]  [96, 120) 'ac'
[  130.516176][    C1] 
[  130.519243][    C1] The buggy address belongs to the virtual mapping at
[  130.519243][    C1]  [ffffc90003368000, ffffc90003371000) created by:
[  130.519243][    C1]  kernel_clone+0xfd/0x980
[  130.527739][    C1] 
[  130.528917][    C1] The buggy address belongs to the physical page:
[  130.532234][    C1] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802b714360 pfn:0x2b714
[  130.537206][    C1] memcg:ffff888021296f02
[  130.539369][    C1] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  130.542680][    C1] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  130.546677][    C1] raw: ffff88802b714360 0000000000000000 00000001ffffffff ffff888021296f02
[  130.550167][    C1] page dumped because: kasan: bad access detected
[  130.552759][    C1] page_owner tracks the page as allocated
[  130.555271][    C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 5862, tgid 5862 (syz.0.70), ts 130256428069, free_ts 129532353425
[  130.565301][    C1]  post_alloc_hook+0x2d1/0x350
[  130.568298][    C1]  get_page_from_freelist+0x1353/0x2e50
[  130.571726][    C1]  __alloc_pages_noprof+0x22b/0x2460
[  130.574540][    C1]  alloc_pages_mpol_noprof+0x275/0x610
[  130.577147][    C1]  __vmalloc_node_range_noprof+0xa6a/0x1520
[  130.579715][    C1]  copy_process+0x2f3b/0x8de0
[  130.581814][    C1]  kernel_clone+0xfd/0x980
[  130.583837][    C1]  __do_sys_clone3+0x1f5/0x270
[  130.585796][    C1]  do_syscall_64+0xcd/0x250
[  130.588430][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  130.591483][    C1] page last free pid 5829 tgid 5828 stack trace:
[  130.595076][    C1]  free_unref_page+0x64a/0xe40
[  130.597459][    C1]  tlb_finish_mmu+0x237/0x7b0
[  130.599710][    C1]  exit_mmap+0x3d1/0xb20
[  130.601623][    C1]  __mmput+0x12a/0x480
[  130.603949][    C1]  mmput+0x62/0x70
[  130.606373][    C1]  do_exit+0x9bf/0x2bb0
[  130.609071][    C1]  do_group_exit+0xd3/0x2a0
[  130.611605][    C1]  get_signal+0x25fb/0x2770
[  130.613775][    C1]  arch_do_signal_or_restart+0x90/0x7e0
[  130.616392][    C1]  syscall_exit_to_user_mode+0x150/0x2a0
[  130.619487][    C1]  do_syscall_64+0xda/0x250
[  130.622161][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  130.626011][    C1] 
[  130.627375][    C1] Memory state around the buggy address:
[  130.630302][    C1]  ffffc9000336f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  130.634391][    C1]  ffffc9000336f980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  130.638405][    C1] >ffffc9000336fa00: 00 00 00 00 00 f1 f1 f1 f1 f1 f1 04 f2 00 00 f2
[  130.642879][    C1]                                                  ^
[  130.646717][    C1]  ffffc9000336fa80: f2 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00
[  130.650594][    C1]  ffffc9000336fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  130.655232][    C1] ==================================================================
[  130.671306][    C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  130.675001][    C1] CPU: 1 PID: 5863 Comm: syz.0.70 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4-dirty #0
[  130.681070][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  130.687137][    C1] Call Trace:
[  130.689171][    C1]  <IRQ>
[  130.691041][    C1]  dump_stack_lvl+0x3d/0x1f0
[  130.693533][    C1]  panic+0x6f5/0x7a0
[  130.695526][    C1]  ? __pfx_panic+0x10/0x10
[  130.697817][    C1]  ? check_panic_on_warn+0x1f/0xb0
[  130.700406][    C1]  check_panic_on_warn+0xab/0xb0
[  130.702699][    C1]  end_report+0x117/0x180
[  130.704848][    C1]  kasan_report+0xe9/0x110
[  130.706970][    C1]  ? xdp_do_check_flushed+0x355/0x3f0
[  130.709699][    C1]  ? xdp_do_check_flushed+0x355/0x3f0
[  130.712366][    C1]  xdp_do_check_flushed+0x355/0x3f0
[  130.715264][    C1]  __napi_poll.constprop.0+0xd1/0x550
[  130.717972][    C1]  net_rx_action+0xa92/0x1010
[  130.720703][    C1]  ? __pfx_net_rx_action+0x10/0x10
[  130.723166][    C1]  ? rcu_qs+0xe0/0xe0
[  130.725146][    C1]  ? trace_rcu_utilization+0x100/0x160
[  130.727602][    C1]  handle_softirqs+0x216/0x8f0
[  130.730654][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  130.733351][    C1]  irq_exit_rcu+0xbb/0x120
[  130.735237][    C1]  sysvec_apic_timer_interrupt+0x95/0xb0
[  130.737525][    C1]  </IRQ>
[  130.738813][    C1]  <TASK>
[  130.740108][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  130.742688][    C1] RIP: 0010:__schedule+0xe3f/0x5490
[  130.744929][    C1] Code: fa 48 c1 ea 03 80 3c 02 00 0f 85 ba 3f 00 00 48 8b bd 10 ff ff ff 4d 89 77 10 4c 89 f6 e8 b9 6e 0f f6 48 89 c7 e8 71 e8 69 f6 <48> 8b 8d a0 fe ff ff 48 b8 00 00 00 00 00 fc ff df 48 01 c1 48 c7
[  130.754308][    C1] RSP: 0018:ffffc9000336f980 EFLAGS: 00000206
[  130.758031][    C1] RAX: 000000000000018b RBX: ffff8880256b0000 RCX: 1ffffffff1fce461
[  130.762060][    C1] RDX: 0000000000000000 RSI: ffffffff8b2cbac0 RDI: ffffffff8b909e40
[  130.765885][    C1] RBP: ffffc9000336fb10 R08: 0000000000000001 R09: 0000000000000001
[  130.769534][    C1] R10: ffffffff8fe7675f R11: 0000000000000001 R12: ffff88806b13f788
[  130.773140][    C1] R13: 0000000000000000 R14: ffff8880256b0000 R15: ffff88806b13ec80
[  130.777046][    C1]  ? select_task_rq_fair+0x4af/0x44b0
[  130.779775][    C1]  ? __pfx_lock_release+0x10/0x10
[  130.782003][    C1]  ? __pfx___schedule+0x10/0x10
[  130.784889][    C1]  ? irqentry_exit+0x3b/0x90
[  130.787514][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[  130.790277][    C1]  ? preempt_schedule_thunk+0x1a/0x30
[  130.793053][    C1]  preempt_schedule_common+0x44/0xc0
[  130.795673][    C1]  preempt_schedule_thunk+0x1a/0x30
[  130.798182][    C1]  ? select_task_rq_fair+0x360/0x44b0
[  130.801006][    C1]  try_to_wake_up+0xc08/0x13e0
[  130.803904][    C1]  ? __pfx_try_to_wake_up+0x10/0x10
[  130.807128][    C1]  ? __pfx_lock_release+0x10/0x10
[  130.810288][    C1]  ? plist_check_head+0x9e/0x140
[  130.812942][    C1]  wake_up_q+0x91/0x140
[  130.815195][    C1]  ? do_raw_spin_unlock+0x172/0x230
[  130.817710][    C1]  futex_wake+0x43e/0x4e0
[  130.819909][    C1]  ? __pfx_futex_wake+0x10/0x10
[  130.822354][    C1]  ? vfs_write+0x917/0x1140
[  130.824633][    C1]  ? vfs_write+0x14d/0x1140
[  130.826883][    C1]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  130.829391][    C1]  do_futex+0x1e5/0x350
[  130.831479][    C1]  ? __pfx_do_futex+0x10/0x10
[  130.833753][    C1]  ? __fget_files+0x256/0x400
[  130.836007][    C1]  __x64_sys_futex+0x1e1/0x4c0
[  130.838575][    C1]  ? fput+0x32/0x390
[  130.841036][    C1]  ? __pfx___x64_sys_futex+0x10/0x10
[  130.843547][    C1]  ? ksys_write+0x1ab/0x260
[  130.845708][    C1]  ? __pfx_ksys_write+0x10/0x10
[  130.848432][    C1]  do_syscall_64+0xcd/0x250
[  130.850694][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  130.853466][    C1] RIP: 0033:0x7fc830f75b59
[  130.855791][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  130.865141][    C1] RSP: 002b:00007fc831d8e0f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  130.868632][    C1] RAX: ffffffffffffffda RBX: 00007fc831105f68 RCX: 00007fc830f75b59
[  130.871835][    C1] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc831105f6c
[  130.874989][    C1] RBP: 00007fc831105f60 R08: 00007fc831d8f080 R09: 00007fc831d8e6c0
[  130.878556][    C1] R10: 0000000000000e80 R11: 0000000000000246 R12: 00007fc831105f6c
[  130.882515][    C1] R13: 000000000000000b R14: 00007ffea9d2b330 R15: 00007ffea9d2b418
[  130.886601][    C1]  </TASK>
[  130.889291][    C1] Kernel Offset: disabled
[  130.891426][    C1] Rebooting in 86400 seconds..