Warning: Permanently added '10.128.1.112' (ED25519) to the list of known hosts.
2026/04/19 20:19:29 parsed 1 programs
syzkaller login: [   85.335644][ T5771] cgroup: Unknown subsys name 'net'
[   85.503532][ T5771] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   87.253916][ T5771] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   89.858317][  T128] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   89.868215][  T128] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   89.900070][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   89.908372][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.460395][ T5819] chnl_net:caif_netlink_parms(): no params data found
[   91.548881][ T5819] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.556409][ T5819] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.563869][ T5819] bridge_slave_0: entered allmulticast mode
[   91.572448][ T5819] bridge_slave_0: entered promiscuous mode
[   91.581213][ T5819] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.588883][ T5819] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.596289][ T5819] bridge_slave_1: entered allmulticast mode
[   91.603096][ T5819] bridge_slave_1: entered promiscuous mode
[   91.632831][ T5819] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   91.647766][ T5819] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   91.678469][ T5819] team0: Port device team_slave_0 added
[   91.689617][ T5819] team0: Port device team_slave_1 added
[   91.720506][ T5819] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.727714][ T5819] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.754897][ T5819] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.768868][ T5819] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.776056][ T5819] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.803881][ T5819] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   91.861376][ T5819] hsr_slave_0: entered promiscuous mode
[   91.868223][ T5819] hsr_slave_1: entered promiscuous mode
[   92.020828][ T5819] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   92.043057][ T5819] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   92.053126][ T5819] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   92.063900][ T5819] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   92.090281][ T5819] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.097563][ T5819] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.105702][ T5819] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.113111][ T5819] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.174970][ T5819] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.203367][  T128] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.211870][  T128] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.227346][ T5819] 8021q: adding VLAN 0 to HW filter on device team0
[   92.251117][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.258359][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.274065][  T128] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.281289][  T128] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.479888][ T5819] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.513441][  T968] cfg80211: failed to load regulatory.db
[   92.554073][ T5819] veth0_vlan: entered promiscuous mode
[   92.566358][ T5819] veth1_vlan: entered promiscuous mode
[   92.602120][ T5819] veth0_macvtap: entered promiscuous mode
[   92.612883][ T5819] veth1_macvtap: entered promiscuous mode
[   92.634906][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.654199][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.669084][ T5819] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.680939][ T5819] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.689810][ T5819] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.698749][ T5819] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.888202][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   92.897516][ T2949] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   92.911124][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   92.920915][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   92.929404][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   92.938179][   T51] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   92.945955][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2026/04/19 20:19:41 executed programs: 0
[   95.071241][ T5081] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   95.079342][ T5081] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   95.088935][ T5081] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   95.098329][ T5081] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   95.106566][ T5081] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   95.114483][ T5081] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   95.246759][ T5876] chnl_net:caif_netlink_parms(): no params data found
[   95.281090][ T2949] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.334544][ T5876] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.341840][ T5876] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.349360][ T5876] bridge_slave_0: entered allmulticast mode
[   95.356530][ T5876] bridge_slave_0: entered promiscuous mode
[   95.364695][ T5876] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.372257][ T5876] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.379683][ T5876] bridge_slave_1: entered allmulticast mode
[   95.387110][ T5876] bridge_slave_1: entered promiscuous mode
[   95.412978][ T5876] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   95.424489][ T5876] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   95.453887][ T5876] team0: Port device team_slave_0 added
[   95.461850][ T5876] team0: Port device team_slave_1 added
[   95.485151][ T5876] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.492301][ T5876] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.519503][ T5876] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   95.535581][ T5876] batman_adv: batadv0: Adding interface: batadv_slave_1
[   95.542617][ T5876] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.569201][ T5876] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.606656][ T5876] hsr_slave_0: entered promiscuous mode
[   95.613359][ T5876] hsr_slave_1: entered promiscuous mode
[   95.620724][ T5876] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   95.629167][ T5876] Cannot create hsr debugfs directory
[   97.146569][   T51] Bluetooth: hci0: command tx timeout
[   97.817866][ T2949] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.889086][ T2949] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.875570][ T2949] hsr_slave_0: left promiscuous mode
[   98.883646][ T2949] hsr_slave_1: left promiscuous mode
[   98.890619][ T2949] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   98.898369][ T2949] batman_adv: batadv0: Removing interface: batadv_slave_0
[   98.909173][ T2949] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   98.917349][ T2949] batman_adv: batadv0: Removing interface: batadv_slave_1
[   98.925782][ T2949] bridge_slave_1: left allmulticast mode
[   98.931570][ T2949] bridge_slave_1: left promiscuous mode
[   98.938848][ T2949] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.955052][ T2949] bridge_slave_0: left allmulticast mode
[   98.961470][ T2949] bridge_slave_0: left promiscuous mode
[   98.967397][ T2949] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.988961][ T2949] veth1_macvtap: left promiscuous mode
[   98.994790][ T2949] veth0_macvtap: left promiscuous mode
[   99.000585][ T2949] veth1_vlan: left promiscuous mode
[   99.006970][ T2949] veth0_vlan: left promiscuous mode
[   99.226270][   T51] Bluetooth: hci0: command tx timeout
[   99.450465][ T2949] team0 (unregistering): Port device team_slave_1 removed
[   99.492414][ T2949] team0 (unregistering): Port device team_slave_0 removed
[   99.527353][ T2949] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   99.563306][ T2949] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   99.813801][ T2949] bond0 (unregistering): Released all slaves
[   99.926948][ T5876] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   99.943557][ T5876] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   99.953053][ T5876] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   99.963137][ T5876] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  100.068572][ T5876] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.087617][ T5876] 8021q: adding VLAN 0 to HW filter on device team0
[  100.110950][  T128] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.118174][  T128] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.130656][  T128] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.137840][  T128] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.379450][ T5876] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.481008][ T5876] veth0_vlan: entered promiscuous mode
[  100.503230][ T5876] veth1_vlan: entered promiscuous mode
[  100.549643][ T5876] veth0_macvtap: entered promiscuous mode
[  100.585581][ T5876] veth1_macvtap: entered promiscuous mode
[  100.602058][ T5876] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.615010][ T5876] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.628412][ T5876] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.638213][ T5876] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.647682][ T5876] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.657024][ T5876] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.745522][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.755721][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.813647][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.822371][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.921829][ T5918] ==================================================================
[  100.930160][ T5918] BUG: KASAN: slab-out-of-bounds in __bpf_get_stackid+0x6bf/0x900
[  100.938198][ T5918] Write of size 72 at addr ffff888023928510 by task syz.0.17/5918
[  100.946023][ T5918] 
[  100.948454][ T5918] CPU: 0 PID: 5918 Comm: syz.0.17 Not tainted syzkaller #0
[  100.955664][ T5918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  100.965829][ T5918] Call Trace:
[  100.969205][ T5918]  <TASK>
[  100.972235][ T5918]  dump_stack_lvl+0x18c/0x250
[  100.977021][ T5918]  ? read_lock_is_recursive+0x20/0x20
[  100.982410][ T5918]  ? show_regs_print_info+0x20/0x20
[  100.987804][ T5918]  ? load_image+0x420/0x420
[  100.992408][ T5918]  ? _raw_spin_lock_irqsave+0xc0/0x100
[  100.997981][ T5918]  ? __virt_addr_valid+0x18c/0x540
[  101.003107][ T5918]  ? __virt_addr_valid+0x469/0x540
[  101.008323][ T5918]  print_report+0xa8/0x210
[  101.012954][ T5918]  ? __bpf_get_stackid+0x6bf/0x900
[  101.018076][ T5918]  kasan_report+0x117/0x150
[  101.022594][ T5918]  ? __bpf_get_stackid+0x6bf/0x900
[  101.027722][ T5918]  kasan_check_range+0x241/0x290
[  101.032675][ T5918]  ? __bpf_get_stackid+0x6bf/0x900
[  101.037796][ T5918]  __asan_memcpy+0x40/0x70
[  101.042228][ T5918]  __bpf_get_stackid+0x6bf/0x900
[  101.047190][ T5918]  bpf_get_stackid_pe+0x343/0x410
[  101.052233][ T5918]  bpf_prog_6611c23d801ea08d+0x29/0x3e
[  101.057793][ T5918]  bpf_overflow_handler+0x1fc/0x510
[  101.063009][ T5918]  ? bpf_overflow_handler+0xde/0x510
[  101.068747][ T5918]  ? tp_perf_event_destroy+0x20/0x20
[  101.074132][ T5918]  ? __perf_event_account_interrupt+0x187/0x280
[  101.080764][ T5918]  __perf_event_overflow+0x447/0x630
[  101.086100][ T5918]  ? __lock_acquire+0x1347/0x7d40
[  101.091142][ T5918]  perf_swevent_overflow+0x268/0x340
[  101.096531][ T5918]  ? perf_event_switch_output+0x790/0x790
[  101.102373][ T5918]  ? rcu_is_watching+0x15/0xb0
[  101.107257][ T5918]  perf_swevent_event+0x45c/0x570
[  101.112463][ T5918]  ? perf_tp_event+0x1520/0x1520
[  101.117421][ T5918]  ___perf_sw_event+0x4a7/0x730
[  101.122388][ T5918]  ? ___perf_sw_event+0x199/0x730
[  101.127840][ T5918]  ? perf_swevent_put_recursion_context+0xb0/0xb0
[  101.134277][ T5918]  ? __lock_acquire+0x1347/0x7d40
[  101.139418][ T5918]  ? verify_lock_unused+0x140/0x140
[  101.144640][ T5918]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  101.150638][ T5918]  ? lock_chain_count+0x20/0x20
[  101.155501][ T5918]  __perf_sw_event+0x139/0x270
[  101.160291][ T5918]  do_user_addr_fault+0x123e/0x12c0
[  101.165513][ T5918]  ? rcu_is_watching+0x15/0xb0
[  101.170294][ T5918]  exc_page_fault+0x64/0x100
[  101.174899][ T5918]  asm_exc_page_fault+0x26/0x30
[  101.179771][ T5918] RIP: 0010:rep_movs_alternative+0x33/0x90
[  101.185677][ T5918] Code: 40 83 f9 08 73 21 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb
[  101.205379][ T5918] RSP: 0018:ffffc9000477f910 EFLAGS: 00050246
[  101.211577][ T5918] RAX: 000000180001eb9f RBX: 0000000000000008 RCX: 0000000000000008
[  101.219674][ T5918] RDX: 0000000000000000 RSI: ffff8880306d5200 RDI: 0000000400000002
[  101.227753][ T5918] RBP: ffffc9000477fa30 R08: ffff8880306d5207 R09: 1ffff110060daa40
[  101.235839][ T5918] R10: dffffc0000000000 R11: ffffed10060daa41 R12: 000000040000000a
[  101.243995][ T5918] R13: 0000000000000008 R14: 0000000400000002 R15: ffff8880306d5200
[  101.252231][ T5918]  _copy_to_user+0x85/0xa0
[  101.256710][ T5918]  btf_get_info_by_fd+0x1e4/0x5d0
[  101.261948][ T5918]  ? btf_get_by_fd+0x160/0x160
[  101.266816][ T5918]  ? __fdget+0x14a/0x210
[  101.271256][ T5918]  bpf_obj_get_info_by_fd+0xc12/0x3080
[  101.276734][ T5918]  ? verify_lock_unused+0x140/0x140
[  101.281942][ T5918]  ? bpf_map_get_fd_by_id+0x310/0x310
[  101.287413][ T5918]  ? get_futex_key+0x7f0/0x1010
[  101.292376][ T5918]  ? fd_install+0x60/0x4e0
[  101.296852][ T5918]  ? rcu_read_lock_sched_held+0x8a/0x110
[  101.302505][ T5918]  ? __might_fault+0xaa/0x120
[  101.307304][ T5918]  ? __lock_acquire+0x7d40/0x7d40
[  101.312511][ T5918]  ? __might_fault+0xaa/0x120
[  101.317301][ T5918]  ? __might_fault+0xc6/0x120
[  101.322179][ T5918]  ? __might_fault+0xaa/0x120
[  101.326961][ T5918]  ? bpf_lsm_bpf+0x9/0x10
[  101.331334][ T5918]  ? security_bpf+0x7e/0xa0
[  101.335969][ T5918]  __sys_bpf+0x7eb/0x890
[  101.340330][ T5918]  ? bpf_link_show_fdinfo+0x390/0x390
[  101.345727][ T5918]  ? lock_chain_count+0x20/0x20
[  101.350596][ T5918]  __x64_sys_bpf+0x7c/0x90
[  101.355037][ T5918]  do_syscall_64+0x55/0xa0
[  101.359547][ T5918]  ? clear_bhb_loop+0x40/0x90
[  101.364351][ T5918]  ? clear_bhb_loop+0x40/0x90
[  101.369044][ T5918]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  101.374974][ T5918] RIP: 0033:0x7f02da39c819
[  101.379507][ T5918] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  101.399405][ T5918] RSP: 002b:00007fff68dbc888 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  101.408010][ T5918] RAX: ffffffffffffffda RBX: 00007f02da615fa0 RCX: 00007f02da39c819
[  101.415997][ T5918] RDX: 0000000000000010 RSI: 0000200000000080 RDI: 000000000000000f
[  101.424064][ T5918] RBP: 00007f02da432c91 R08: 0000000000000000 R09: 0000000000000000
[  101.432270][ T5918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  101.440268][ T5918] R13: 00007f02da615fac R14: 00007f02da615fa0 R15: 00007f02da615fa0
[  101.448268][ T5918]  </TASK>
[  101.451304][ T5918] 
[  101.453713][ T5918] Allocated by task 5918:
[  101.458136][ T5918]  kasan_set_track+0x4e/0x70
[  101.462842][ T5918]  __kasan_kmalloc+0x8f/0xa0
[  101.467445][ T5918]  __kmalloc_node+0xb4/0x230
[  101.472049][ T5918]  bpf_map_area_alloc+0x5e/0x110
[  101.477085][ T5918]  prealloc_elems_and_freelist+0x86/0x1c0
[  101.482813][ T5918]  stack_map_alloc+0x33a/0x4c0
[  101.487585][ T5918]  map_create+0x877/0x12f0
[  101.492299][ T5918]  __sys_bpf+0x651/0x890
[  101.496810][ T5918]  __x64_sys_bpf+0x7c/0x90
[  101.501324][ T5918]  do_syscall_64+0x55/0xa0
[  101.505841][ T5918]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  101.511764][ T5918] 
[  101.514177][ T5918] The buggy address belongs to the object at ffff888023928500
[  101.514177][ T5918]  which belongs to the cache kmalloc-cg-64 of size 64
[  101.528323][ T5918] The buggy address is located 16 bytes inside of
[  101.528323][ T5918]  allocated 40-byte region [ffff888023928500, ffff888023928528)
[  101.542497][ T5918] 
[  101.544847][ T5918] The buggy address belongs to the physical page:
[  101.551352][ T5918] page:ffffea00008e4a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x23928
[  101.561532][ T5918] memcg:ffff888077f9e801
[  101.565889][ T5918] flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff)
[  101.573764][ T5918] page_type: 0xffffffff()
[  101.578298][ T5918] raw: 00fff00000000800 ffff888017c4da00 dead000000000122 0000000000000000
[  101.587069][ T5918] raw: 0000000000000000 0000000080200020 00000001ffffffff ffff888077f9e801
[  101.595940][ T5918] page dumped because: kasan: bad access detected
[  101.602548][ T5918] page_owner tracks the page as allocated
[  101.608272][ T5918] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 5876, tgid 5876 (syz-executor), ts 100889137915, free_ts 100888629726
[  101.626953][ T5918]  post_alloc_hook+0x1c1/0x200
[  101.631741][ T5918]  get_page_from_freelist+0x1951/0x19e0
[  101.637377][ T5918]  __alloc_pages+0x1f0/0x460
[  101.641971][ T5918]  alloc_slab_page+0x5d/0x160
[  101.646916][ T5918]  new_slab+0x87/0x2d0
[  101.650991][ T5918]  ___slab_alloc+0xc5d/0x12f0
[  101.655686][ T5918]  __kmem_cache_alloc_node+0x19e/0x250
[  101.661158][ T5918]  __kmalloc_node+0xa4/0x230
[  101.665788][ T5918]  kvmalloc_node+0x70/0x180
[  101.670302][ T5918]  nf_hook_entries_grow+0x27d/0x6d0
[  101.675506][ T5918]  nf_hook_entries_insert_raw+0x4b/0x300
[  101.681240][ T5918]  nf_nat_register_fn+0x1d0/0x580
[  101.686384][ T5918]  iptable_nat_table_init+0xd4/0x2d0
[  101.691681][ T5918]  xt_find_table_lock+0x306/0x3e0
[  101.696829][ T5918]  xt_request_find_table_lock+0x26/0x100
[  101.702471][ T5918]  do_ipt_get_ctl+0x717/0x1200
[  101.707338][ T5918] page last free stack trace:
[  101.712011][ T5918]  free_unref_page_prepare+0x7b2/0x8c0
[  101.717492][ T5918]  free_unref_page+0x32/0x2e0
[  101.722269][ T5918]  vfree+0x1a6/0x320
[  101.726177][ T5918]  do_ipt_get_ctl+0xf15/0x1200
[  101.731044][ T5918]  nf_getsockopt+0x262/0x280
[  101.735654][ T5918]  ip_getsockopt+0x19f/0x230
[  101.740389][ T5918]  do_sock_getsockopt+0x379/0x450
[  101.745560][ T5918]  __x64_sys_getsockopt+0x1d6/0x280
[  101.750787][ T5918]  do_syscall_64+0x55/0xa0
[  101.755308][ T5918]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  101.761410][ T5918] 
[  101.763827][ T5918] Memory state around the buggy address:
[  101.769464][ T5918]  ffff888023928400: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[  101.777709][ T5918]  ffff888023928480: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[  101.785779][ T5918] >ffff888023928500: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[  101.793861][ T5918]                                   ^
[  101.799343][ T5918]  ffff888023928580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  101.807595][ T5918]  ffff888023928600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  101.815661][ T5918] ==================================================================
[  101.823723][ T5918] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  101.830918][ T5918] CPU: 0 PID: 5918 Comm: syz.0.17 Not tainted syzkaller #0
[  101.838227][ T5918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  101.848551][ T5918] Call Trace:
[  101.851839][ T5918]  <TASK>
[  101.854783][ T5918]  dump_stack_lvl+0x18c/0x250
[  101.859663][ T5918]  ? show_regs_print_info+0x20/0x20
[  101.864961][ T5918]  ? load_image+0x420/0x420
[  101.869485][ T5918]  panic+0x2dc/0x730
[  101.873395][ T5918]  ? __lock_acquire+0x7d40/0x7d40
[  101.878438][ T5918]  ? bpf_jit_dump+0xd0/0xd0
[  101.882956][ T5918]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  101.888860][ T5918]  ? _raw_spin_unlock+0x40/0x40
[  101.893724][ T5918]  ? __bpf_get_stackid+0x6bf/0x900
[  101.898937][ T5918]  check_panic_on_warn+0x84/0xa0
[  101.903900][ T5918]  ? __bpf_get_stackid+0x6bf/0x900
[  101.909028][ T5918]  end_report+0x6f/0x130
[  101.913278][ T5918]  kasan_report+0x128/0x150
[  101.917794][ T5918]  ? __bpf_get_stackid+0x6bf/0x900
[  101.922919][ T5918]  kasan_check_range+0x241/0x290
[  101.927866][ T5918]  ? __bpf_get_stackid+0x6bf/0x900
[  101.932986][ T5918]  __asan_memcpy+0x40/0x70
[  101.937423][ T5918]  __bpf_get_stackid+0x6bf/0x900
[  101.942382][ T5918]  bpf_get_stackid_pe+0x343/0x410
[  101.947596][ T5918]  bpf_prog_6611c23d801ea08d+0x29/0x3e
[  101.953242][ T5918]  bpf_overflow_handler+0x1fc/0x510
[  101.958485][ T5918]  ? bpf_overflow_handler+0xde/0x510
[  101.963874][ T5918]  ? tp_perf_event_destroy+0x20/0x20
[  101.969195][ T5918]  ? __perf_event_account_interrupt+0x187/0x280
[  101.975618][ T5918]  __perf_event_overflow+0x447/0x630
[  101.981026][ T5918]  ? __lock_acquire+0x1347/0x7d40
[  101.986064][ T5918]  perf_swevent_overflow+0x268/0x340
[  101.991359][ T5918]  ? perf_event_switch_output+0x790/0x790
[  101.997089][ T5918]  ? rcu_is_watching+0x15/0xb0
[  102.001957][ T5918]  perf_swevent_event+0x45c/0x570
[  102.006996][ T5918]  ? perf_tp_event+0x1520/0x1520
[  102.012055][ T5918]  ___perf_sw_event+0x4a7/0x730
[  102.016929][ T5918]  ? ___perf_sw_event+0x199/0x730
[  102.022051][ T5918]  ? perf_swevent_put_recursion_context+0xb0/0xb0
[  102.028574][ T5918]  ? __lock_acquire+0x1347/0x7d40
[  102.033703][ T5918]  ? verify_lock_unused+0x140/0x140
[  102.038920][ T5918]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  102.045014][ T5918]  ? lock_chain_count+0x20/0x20
[  102.050160][ T5918]  __perf_sw_event+0x139/0x270
[  102.055034][ T5918]  do_user_addr_fault+0x123e/0x12c0
[  102.060682][ T5918]  ? rcu_is_watching+0x15/0xb0
[  102.065487][ T5918]  exc_page_fault+0x64/0x100
[  102.070096][ T5918]  asm_exc_page_fault+0x26/0x30
[  102.074956][ T5918] RIP: 0010:rep_movs_alternative+0x33/0x90
[  102.080871][ T5918] Code: 40 83 f9 08 73 21 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb
[  102.101018][ T5918] RSP: 0018:ffffc9000477f910 EFLAGS: 00050246
[  102.107268][ T5918] RAX: 000000180001eb9f RBX: 0000000000000008 RCX: 0000000000000008
[  102.115245][ T5918] RDX: 0000000000000000 RSI: ffff8880306d5200 RDI: 0000000400000002
[  102.123308][ T5918] RBP: ffffc9000477fa30 R08: ffff8880306d5207 R09: 1ffff110060daa40
[  102.131375][ T5918] R10: dffffc0000000000 R11: ffffed10060daa41 R12: 000000040000000a
[  102.139537][ T5918] R13: 0000000000000008 R14: 0000000400000002 R15: ffff8880306d5200
[  102.147541][ T5918]  _copy_to_user+0x85/0xa0
[  102.152105][ T5918]  btf_get_info_by_fd+0x1e4/0x5d0
[  102.157158][ T5918]  ? btf_get_by_fd+0x160/0x160
[  102.162119][ T5918]  ? __fdget+0x14a/0x210
[  102.166557][ T5918]  bpf_obj_get_info_by_fd+0xc12/0x3080
[  102.172128][ T5918]  ? verify_lock_unused+0x140/0x140
[  102.177693][ T5918]  ? bpf_map_get_fd_by_id+0x310/0x310
[  102.183080][ T5918]  ? get_futex_key+0x7f0/0x1010
[  102.187937][ T5918]  ? fd_install+0x60/0x4e0
[  102.192556][ T5918]  ? rcu_read_lock_sched_held+0x8a/0x110
[  102.198378][ T5918]  ? __might_fault+0xaa/0x120
[  102.203325][ T5918]  ? __lock_acquire+0x7d40/0x7d40
[  102.208477][ T5918]  ? __might_fault+0xaa/0x120
[  102.213185][ T5918]  ? __might_fault+0xc6/0x120
[  102.217888][ T5918]  ? __might_fault+0xaa/0x120
[  102.222670][ T5918]  ? bpf_lsm_bpf+0x9/0x10
[  102.227014][ T5918]  ? security_bpf+0x7e/0xa0
[  102.231576][ T5918]  __sys_bpf+0x7eb/0x890
[  102.235885][ T5918]  ? bpf_link_show_fdinfo+0x390/0x390
[  102.241295][ T5918]  ? lock_chain_count+0x20/0x20
[  102.246258][ T5918]  __x64_sys_bpf+0x7c/0x90
[  102.250683][ T5918]  do_syscall_64+0x55/0xa0
[  102.255218][ T5918]  ? clear_bhb_loop+0x40/0x90
[  102.259934][ T5918]  ? clear_bhb_loop+0x40/0x90
[  102.264728][ T5918]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  102.270738][ T5918] RIP: 0033:0x7f02da39c819
[  102.275172][ T5918] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  102.295056][ T5918] RSP: 002b:00007fff68dbc888 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  102.303683][ T5918] RAX: ffffffffffffffda RBX: 00007f02da615fa0 RCX: 00007f02da39c819
[  102.311667][ T5918] RDX: 0000000000000010 RSI: 0000200000000080 RDI: 000000000000000f
[  102.319642][ T5918] RBP: 00007f02da432c91 R08: 0000000000000000 R09: 0000000000000000
[  102.327798][ T5918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  102.335878][ T5918] R13: 00007f02da615fac R14: 00007f02da615fa0 R15: 00007f02da615fa0
[  102.343882][ T5918]  </TASK>
[  102.347043][ T5918] Kernel Offset: disabled
[  102.351379][ T5918] Rebooting in 86400 seconds..