program: r0 = syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000000)='./file0\x00', 0x5, &(0x7f0000000180)={[{@discard}, {@discard}, {@discard}, {@snapshot={'cp', 0x3d, 0xfffffffffffffffd}}, {@norecovery}, {@snapshot={'cp', 0x3d, 0x3}}, {@discard}, {@order_relaxed}, {@nodiscard}]}, 0x1, 0xa0d, &(0x7f0000000a80)="$eJzs3U1sXEcdAPB5a6/TfJRsSkJNGtqEQls+ajeOCR8RNFVzIWoqbpUqLlGalog0IFIJWvWQ5MSNVlW48iFOvVSAkOgFRT1xqUQjcempcOBAFKRKHKCQGMWeWa//2eXtOonX6/39pPHsvJndmbd++/bte29mEjC2Got/5+enq5Quvv3Gkb8/9LfNN5Y83i7RWvw72ZFqppSqnJ4Mr/fBxFJ87cNXT3SLqzS3+Lek09NX28/dmlI6l/amS6mVdl+8/Pq7c08dO3/0wr733jx05c6sPQAAjJdvXTo0v+svf7pvx0dv3X84bWovL8fnrZzelo/7D+cD/3L830gr01VH6DQVyk3m0AjlJrqU66ynGcpN9qh/Krxus0e5TTX1T3Qs67beMMrKdtxKVWNmRbrRmJlZ+k2eFn/XT1UzZ06dfv7skBoK3Hb/fCCltFcQhHEMC9uHvQcCWBKvF97kXDyzcGvarzbZX/1Xn2h0fz7cBmu9/S+pzg23/mXq///1/+q8PQ63z0bdmsp6lc/RtpyO1xHi/UuDfv7L68XrEc0+29nrOsKoXF/o1c6JNW7HavVqf9wuNqqv57i8D98I+Z2fn/g/HZX/MdDdv5z/F4SxDQvD3gEB61a8b24hK/nxvr6Yv6km/66a/M01+Vtq8rfW5MM4++1LP0mvVcu/8+Nv+kHPh5XzbHfn+GMDtieejxy0/njf76Butf54PzGsZ78//szJrzz37OWl+/+r9vZ/PW/ve3O6lT9bl3KBcr4wnldv3/vfWllPo0e5e0J77u5SfvHxzpXlqp3Lr5M69jM3tWN65fO29yq3Z2W5Vii3OYe7Qnvj8cmW8Lxy/FH2q+X9mgzr2wzrMRXaUfYrO3Ic2wGrUbbHXvf/l+1zOjWr50+dPvlYTpft9I8TzU03lu9f43YDt67f/j/TaWX/n23t5c1G535h+/LyqnO/0ArL53osP5DT5XvuOxObF5fPnPje6edu98rDmDv78ivfPX769MkfeOCBBx60Hwx7zwTcabMvvfj92bMvv/LoqRePv3DyhZNnDhw8eGBu7uBXD8zPLh7Xz3Ye3QMbyfKX/rBbAgAAAAAAAAAAAPTrh0ePXP7zO19+f6n//3L/v9L/v9z5W/r//zj0/4/95Es/+NIPcEeX/MUyYYDVqVCumcPHQ3t3hnp2hed9Isftefxy//9SXRzXtbTn3rA8jt9byoXhBG4aL2UqjEES5wv8dI4v5PiXCYao2tx9cY7rxrcu23oZn8K4FKOp/N/K1lDGMSn9v3uN61T2/zvWoI3cfmvRnXDY6wh09w/jfwvC2IaFBbN4AOvDsOf/LOc9S3zmD9+860Yoxa4+sXJ/GccvhVux3uefVP/Gmv+zPf9d3/u/MGNea3X1/vtnV97vqDbt7rf+uP5lHOidg9X/Ua6/rM3Dqb/6F34R6o8XhPr0n1D/lj7rv2n996yu/v/m+svb9siD/da/1OKqsbId8bxxuf4XzxsX18L6l7E9B17/VU7UeD3XD+NsVOaZHdSozP/bS7wP40s5XXaE5T6HON/JoO0v91eU74Fd4fWrmu838/+Otq/luO7zUOb/Ldtjq0u60ZFudnlvN+q+BkbVB67/CcLYhoWFhTt7QqvGUCtn6O//sH8nDLv+Yb//deL8v/EYPs7/G/Pj/L8xP87/G/Pj/HoxP87/G9/POP9vzL83vG6cH3i6Jv+TNfm7a/Lvq8nfU5P/qZr8fTX599fkP1CTf09N/oM1+Z+pyf9sTf5DNfmP1OR/riZ/oyv9UcZ1/WGcxf55Pv8wPsr1n16f/501+cDo+ulb+5989jffbi31/59qnw8p1/EO53Qz/3b+UU7H696pI30j752c/mvIX+/nO2CcxPEz4vf7wzX5wOgq93n5fMMYqrqP2NPvuFW9jvMZLZ/P8Rdy/MUcP5rjmRzP5nh/jufWqH3cGU/++neHXquWf+9vD/n93k8e+wPFcaIO9NmeeH5g0PvZ4zh+g7rV+lfZHQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBoGot/5+enq5Quvv3GkWeOnZq9seTxdonW4t/JjlSz/byUHsvxRI5/nh9c+/DVE53x9RxXaS5VqWovT09fbde0NaV0Lu1Nl1Ir7b54+fV35546dv7ohX3vvXnoyp17BwAAAGDj+18AAAD//8xlDh4=") (async, rerun: 64) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) (rerun: 64) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18) (async, rerun: 64) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000d00)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946e06bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112b0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01ac69398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ef6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b27663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b6214912a517810200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3800000000000000009c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488a0200000000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e4a59414329a7c7f2fad6bc871f5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561fe589e0d12969bc982ff3f0000006c0c6c747d9a1cc500bb89283a16ff10feea20bdac0000000000000000ca06f256a55591019465f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ee40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734837ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a6d072034cecc457776c5fa1f33b0203c07052c6bc314b0ac5c63bc2083c9cda0b7480e0b17854ffcc76176ce266bc698f7921b8afe798a7a5ed33ab0374455ee368fda99a0e681bf9426831b193395cb01a7332a50aac841cb7d48a1768a7640a9820631ba775a3dc4e97f7fda840bcdd3afaa0d7c3c229de4f0f4ac4d04f1a4e52e38325ca2e5f1f9caaa7234053eca09ec3c8c16940bc3edfb2e016f355391c0e7"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) (rerun: 64) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f008004be0ffff00124000632f77fbac141416ac14141604089f034d2f87e5440c05ab845013f2325f1a39018603038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) remap_file_pages(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x9, 0x800) (async) ioctl$F2FS_IOC_MOVE_RANGE(r5, 0x541b, &(0x7f0000000040)={0xffffffffffffffff}) close_range(r6, 0xffffffffffffffff, 0x0) (async) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') socket(0x400000000010, 0x3, 0x0) r7 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x24}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r7, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) (async) r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00') read$eventfd(r8, &(0x7f0000000340), 0x8) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0xb, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xd}, [@ldst={0x2, 0x2, 0x4, 0x9, 0x8, 0xfffffffffffffffc, 0xffffffffffffffff}, @initr0={0x18, 0x0, 0x0, 0x0, 0xfc000000, 0x0, 0x0, 0x0, 0x3ff}, @ldst={0x1, 0x1, 0x3, 0x3, 0x6, 0x0, 0x1}, @cb_func={0x18, 0xb, 0x4, 0x0, 0xfffffffffffffffc}, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xa4a}]}, &(0x7f0000000380)='syzkaller\x00', 0x74c10f9b, 0x1000, &(0x7f0000001680)=""/4096, 0x41000, 0x1, '\x00', 0x0, 0x25, r4, 0x8, &(0x7f0000000400)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000440)={0x0, 0xc, 0x5}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) (async, rerun: 64) r9 = socket$inet_smc(0x2b, 0x1, 0x0) (rerun: 64) ioctl$sock_inet_tcp_SIOCATMARK(r9, 0x8905, &(0x7f0000000040)) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$RTC_UIE_OFF(r10, 0x7004) [ 74.469222][ T5294] Bluetooth: hci0: command tx timeout [ 74.632091][ T5314] loop0: detected capacity change from 0 to 2048 [ 74.973039][ T5288] ================================================================== [ 74.976120][ T5288] BUG: KASAN: slab-use-after-free in bpf_trace_run3+0xdd/0x850 [ 74.980540][ T5288] Read of size 8 at addr ffff888038e6b818 by task udevd/5288 [ 74.983453][ T5288] [ 74.984468][ T5288] CPU: 0 UID: 0 PID: 5288 Comm: udevd Not tainted syzkaller #0 PREEMPT(full) [ 74.984483][ T5288] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 74.984490][ T5288] Call Trace: [ 74.984498][ T5288] [ 74.984503][ T5288] dump_stack_lvl+0xe8/0x150 [ 74.984523][ T5288] print_report+0xba/0x230 [ 74.984536][ T5288] ? bpf_trace_run3+0xdd/0x850 [ 74.984552][ T5288] kasan_report+0x117/0x150 [ 74.984563][ T5288] ? preempt_schedule_thunk+0x16/0x30 [ 74.984576][ T5288] ? bpf_trace_run3+0xdd/0x850 [ 74.984592][ T5288] bpf_trace_run3+0xdd/0x850 [ 74.984608][ T5288] ? bpf_trace_run3+0x1f0/0x850 [ 74.984623][ T5288] ? __pfx_bpf_trace_run3+0x10/0x10 [ 74.984638][ T5288] ? unlink_anon_vmas+0x368/0x730 [ 74.984656][ T5288] ? unlink_anon_vmas+0x368/0x730 [ 74.984669][ T5288] __traceiter_kmem_cache_free+0x38/0x60 [ 74.984682][ T5288] kmem_cache_free+0x5ac/0x630 [ 74.984698][ T5288] ? unlink_anon_vmas+0x368/0x730 [ 74.984713][ T5288] unlink_anon_vmas+0x368/0x730 [ 74.984729][ T5288] free_pgtables+0x663/0xb70 [ 74.984748][ T5288] ? __pfx_free_pgtables+0x10/0x10 [ 74.984767][ T5288] ? __mas_set_range+0x12f/0x3c0 [ 74.984779][ T5288] ? tlb_gather_mmu+0x233/0x300 [ 74.984795][ T5288] unmap_region+0x29d/0x330 [ 74.984806][ T5288] ? vms_complete_munmap_vmas+0x247/0xc60 [ 74.984818][ T5288] ? __pfx_unmap_region+0x10/0x10 [ 74.984831][ T5288] ? __mas_set_range+0x12f/0x3c0 [ 74.984844][ T5288] vms_complete_munmap_vmas+0x493/0xc60 [ 74.984857][ T5288] ? __pfx_vms_complete_munmap_vmas+0x10/0x10 [ 74.984868][ T5288] ? vma_modify_flags+0x27a/0x330 [ 74.984881][ T5288] ? __mas_set_range+0x12f/0x3c0 [ 74.984894][ T5288] do_vmi_align_munmap+0x3b7/0x4b0 [ 74.984909][ T5288] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 74.984928][ T5288] do_vmi_munmap+0x252/0x2d0 [ 74.984940][ T5288] __vm_munmap+0x22c/0x3d0 [ 74.984953][ T5288] ? __pfx___vm_munmap+0x10/0x10 [ 74.984974][ T5288] ? rcu_is_watching+0x15/0xb0 [ 74.985008][ T5288] __x64_sys_munmap+0x60/0x70 [ 74.985022][ T5288] do_syscall_64+0x14d/0xf80 [ 74.985129][ T5288] ? trace_irq_disable+0x3b/0x150 [ 74.985145][ T5288] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.985156][ T5288] ? clear_bhb_loop+0x40/0x90 [ 74.985168][ T5288] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.985180][ T5288] RIP: 0033:0x7f376af1e097 [ 74.985192][ T5288] Code: 73 01 c3 48 8b 0d 61 2d 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 31 2d 0d 00 f7 d8 64 89 01 48 [ 74.985202][ T5288] RSP: 002b:00007ffdd3212ab8 EFLAGS: 00000246 ORIG_RAX: 000000000000000b [ 74.985215][ T5288] RAX: ffffffffffffffda RBX: 00005610156e7bd0 RCX: 00007f376af1e097 [ 74.985223][ T5288] RDX: 00005610156e7c18 RSI: 0000000000000600 RDI: 00007f376b586000 [ 74.985230][ T5288] RBP: 000000000000000d R08: 0000000000000040 R09: 0000000000000003 [ 74.985236][ T5288] R10: 0000000000000040 R11: 0000000000000246 R12: 00005610156e41e0 [ 74.985242][ T5288] R13: 00007f376b65e39c R14: 0000000000002600 R15: 0000000000000009 [ 74.985254][ T5288] [ 74.985258][ T5288] [ 75.110573][ T5288] Allocated by task 5315: [ 75.112416][ T5288] kasan_save_track+0x3e/0x80 [ 75.114473][ T5288] __kasan_kmalloc+0x93/0xb0 [ 75.116541][ T5288] __kmalloc_cache_noprof+0x31c/0x660 [ 75.118703][ T5288] bpf_raw_tp_link_attach+0x278/0x700 [ 75.120972][ T5288] bpf_raw_tracepoint_open+0x1b2/0x220 [ 75.123297][ T5288] __sys_bpf+0x846/0x950 [ 75.125169][ T5288] __x64_sys_bpf+0x7c/0x90 [ 75.127133][ T5288] do_syscall_64+0x14d/0xf80 [ 75.129111][ T5288] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.131649][ T5288] [ 75.132708][ T5288] Freed by task 15: [ 75.134370][ T5288] kasan_save_track+0x3e/0x80 [ 75.136445][ T5288] kasan_save_free_info+0x46/0x50 [ 75.138828][ T5288] __kasan_slab_free+0x5c/0x80 [ 75.140889][ T5288] kfree+0x1c1/0x630 [ 75.142426][ T5288] rcu_core+0x7cd/0x1070 [ 75.144255][ T5288] handle_softirqs+0x22a/0x870 [ 75.146561][ T5288] run_ksoftirqd+0x36/0x60 [ 75.148449][ T5288] smpboot_thread_fn+0x541/0xa50 [ 75.150589][ T5288] kthread+0x388/0x470 [ 75.152350][ T5288] ret_from_fork+0x51e/0xb90 [ 75.154315][ T5288] ret_from_fork_asm+0x1a/0x30 [ 75.156398][ T5288] [ 75.157478][ T5288] Last potentially related work creation: [ 75.159960][ T5288] kasan_save_stack+0x3e/0x60 [ 75.162027][ T5288] kasan_record_aux_stack+0xbd/0xd0 [ 75.164102][ T5288] call_rcu+0xee/0x890 [ 75.166034][ T5288] bpf_link_release+0x6b/0x80 [ 75.168196][ T5288] __fput+0x44f/0xa70 [ 75.170015][ T5288] task_work_run+0x1d9/0x270 [ 75.172009][ T5288] do_exit+0x69b/0x2320 [ 75.173790][ T5288] do_group_exit+0x21b/0x2d0 [ 75.175828][ T5288] get_signal+0x1284/0x1330 [ 75.177748][ T5288] arch_do_signal_or_restart+0xbc/0x830 [ 75.180053][ T5288] exit_to_user_mode_loop+0x86/0x480 [ 75.182409][ T5288] do_syscall_64+0x32d/0xf80 [ 75.184493][ T5288] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.187250][ T5288] [ 75.188321][ T5288] The buggy address belongs to the object at ffff888038e6b800 [ 75.188321][ T5288] which belongs to the cache kmalloc-192 of size 192 [ 75.194111][ T5288] The buggy address is located 24 bytes inside of [ 75.194111][ T5288] freed 192-byte region [ffff888038e6b800, ffff888038e6b8c0) [ 75.199879][ T5288] [ 75.200953][ T5288] The buggy address belongs to the physical page: [ 75.203845][ T5288] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x38e6b [ 75.207818][ T5288] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 75.210903][ T5288] page_type: f5(slab) [ 75.212681][ T5288] raw: 04fff00000000000 ffff88801ac413c0 dead000000000100 dead000000000122 [ 75.216413][ T5288] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 75.219994][ T5288] page dumped because: kasan: bad access detected [ 75.222691][ T5288] page_owner tracks the page as allocated [ 75.224889][ T5288] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 20397124099, free_ts 20392442427 [ 75.233406][ T5288] post_alloc_hook+0x231/0x280 [ 75.235631][ T5288] get_page_from_freelist+0x24dc/0x2580 [ 75.238114][ T5288] __alloc_frozen_pages_noprof+0x18d/0x380 [ 75.240565][ T5288] allocate_slab+0x77/0x660 [ 75.242505][ T5288] refill_objects+0x331/0x3c0 [ 75.244463][ T5288] __pcs_replace_empty_main+0x2b9/0x620 [ 75.246922][ T5288] __kmalloc_cache_noprof+0x392/0x660 [ 75.249289][ T5288] mon_bus_init+0x50/0x2a0 [ 75.251393][ T5288] mon_notify+0x112/0x3f0 [ 75.253277][ T5288] notifier_call_chain+0x1be/0x400 [ 75.255579][ T5288] blocking_notifier_call_chain+0x6a/0x90 [ 75.258091][ T5288] usb_register_bus+0xcf/0x150 [ 75.260311][ T5288] usb_add_hcd+0x451/0x10b0 [ 75.262407][ T5288] vhci_hcd_probe+0x141/0x3e0 [ 75.264505][ T5288] platform_probe+0xf9/0x190 [ 75.266611][ T5288] really_probe+0x267/0xaf0 [ 75.268740][ T5288] page last free pid 166 tgid 166 stack trace: [ 75.271958][ T5288] __free_frozen_pages+0xc2b/0xdb0 [ 75.274837][ T5288] __kasan_populate_vmalloc+0x137/0x1d0 [ 75.277167][ T5288] alloc_vmap_area+0xd73/0x14b0 [ 75.279326][ T5288] __get_vm_area_node+0x1f8/0x300 [ 75.281295][ T5288] __vmalloc_node_range_noprof+0x372/0x1730 [ 75.283593][ T5288] __vmalloc_node_noprof+0xc2/0x100 [ 75.285695][ T5288] dup_task_struct+0x228/0x9a0 [ 75.287848][ T5288] copy_process+0x508/0x3cf0 [ 75.289835][ T5288] kernel_clone+0x248/0x8e0 [ 75.291827][ T5288] user_mode_thread+0x110/0x180 [ 75.294245][ T5288] call_usermodehelper_exec_work+0x5c/0x230 [ 75.296863][ T5288] process_scheduled_works+0xb02/0x1830 [ 75.299340][ T5288] worker_thread+0xa50/0xfc0 [ 75.301401][ T5288] kthread+0x388/0x470 [ 75.303252][ T5288] ret_from_fork+0x51e/0xb90 [ 75.305410][ T5288] ret_from_fork_asm+0x1a/0x30 [ 75.307630][ T5288] [ 75.308708][ T5288] Memory state around the buggy address: [ 75.311103][ T5288] ffff888038e6b700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.314629][ T5288] ffff888038e6b780: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc [ 75.318096][ T5288] >ffff888038e6b800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.321635][ T5288] ^ [ 75.323814][ T5288] ffff888038e6b880: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 75.327370][ T5288] ffff888038e6b900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.330873][ T5288] ==================================================================