[ 1161.697329][ T7137] ==================================================================
[ 1161.698086][ T7137] BUG: KASAN: use-after-free in ___bpf_prog_run+0x7f35/0x8fd0
[ 1161.698646][ T7137] Read of size 4 at addr ffff88801f1f2000 by task a.out/7137
[ 1161.699163][ T7137] 
[ 1161.699284][ T7137] CPU: 3 PID: 7137 Comm: a.out Not tainted 6.1.0-rc8-02212-gef3911a3e4d6-dirty #137
[ 1161.699730][ T7137] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.1-1-1 04/01/2014
[ 1161.700201][ T7137] Call Trace:
[ 1161.700359][ T7137]  <TASK>
[ 1161.700500][ T7137]  dump_stack_lvl+0x100/0x178
[ 1161.700736][ T7137]  print_report+0x167/0x46c
[ 1161.700954][ T7137]  ? __virt_addr_valid+0x5e/0x2d0
[ 1161.701303][ T7137]  ? __phys_addr+0xc6/0x140
[ 1161.701538][ T7137]  ? ___bpf_prog_run+0x7f35/0x8fd0
[ 1161.701785][ T7137]  ? ___bpf_prog_run+0x7f35/0x8fd0
[ 1161.702030][ T7137]  kasan_report+0xbf/0x1e0
[ 1161.702243][ T7137]  ? ___bpf_prog_run+0x7f35/0x8fd0
[ 1161.702519][ T7137]  ___bpf_prog_run+0x7f35/0x8fd0
[ 1161.702875][ T7137]  __bpf_prog_run32+0x9d/0xe0
[ 1161.703210][ T7137]  ? __bpf_prog_run64+0xe0/0xe0
[ 1161.703588][ T7137]  ? bpf_prog_test_run_skb+0x33e/0x1dc0
[ 1161.704026][ T7137]  bpf_test_run+0x38e/0x980
[ 1161.704386][ T7137]  ? bpf_test_timer_continue+0x3d0/0x3d0
[ 1161.704832][ T7137]  ? map_id_range_down+0x297/0x340
[ 1161.705231][ T7137]  ? eth_type_trans+0x2ab/0x640
[ 1161.705615][ T7137]  ? memset+0x23/0x40
[ 1161.705939][ T7137]  bpf_prog_test_run_skb+0xb67/0x1dc0
[ 1161.706362][ T7137]  ? bpf_prog_test_run_raw_tp+0x690/0x690
[ 1161.706808][ T7137]  ? __fget_light+0x205/0x270
[ 1161.707186][ T7137]  ? bpf_prog_test_run_raw_tp+0x690/0x690
[ 1161.707603][ T7137]  __sys_bpf+0x1293/0x5840
[ 1161.707953][ T7137]  ? bpf_perf_link_attach+0x520/0x520
[ 1161.708313][ T7137]  ? reacquire_held_locks+0x4a0/0x4a0
[ 1161.708606][ T7137]  ? folio_flags.constprop.0+0x56/0x150
[ 1161.708878][ T7137]  ? folio_add_lru+0x34a/0x690
[ 1161.709128][ T7137]  ? do_raw_spin_unlock+0x173/0x230
[ 1161.709383][ T7137]  ? _raw_spin_unlock+0x28/0x40
[ 1161.709646][ T7137]  ? __handle_mm_fault+0x467/0x3990
[ 1161.709895][ T7137]  ? vm_iomap_memory+0x170/0x170
[ 1161.710163][ T7137]  ? find_held_lock+0x2d/0x110
[ 1161.710397][ T7137]  __x64_sys_bpf+0x78/0xc0
[ 1161.710646][ T7137]  ? syscall_enter_from_user_mode+0x26/0xb0
[ 1161.710938][ T7137]  do_syscall_64+0x38/0xb0
[ 1161.711234][ T7137]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1161.711673][ T7137] RIP: 0033:0x7fb8adae4469
[ 1161.712002][ T7137] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ff 49 2b 00 f7 d8 64 89 01 48
[ 1161.713012][ T7137] RSP: 002b:00007fff514ad148 EFLAGS: 00000203 ORIG_RAX: 0000000000000141
[ 1161.713401][ T7137] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb8adae4469
[ 1161.713769][ T7137] RDX: 0000000000000025 RSI: 0000000020000200 RDI: 000000000000000a
[ 1161.714135][ T7137] RBP: 00007fff514ae2f0 R08: 00007fb8adb2dd70 R09: 00000b4100000218
[ 1161.714509][ T7137] R10: e67c061720b91d86 R11: 0000000000000203 R12: 000055ed87c00760
[ 1161.714898][ T7137] R13: 00007fff514ae3d0 R14: 0000000000000000 R15: 0000000000000000
[ 1161.715269][ T7137]  </TASK>
[ 1161.715415][ T7137] 
[ 1161.715528][ T7137] Allocated by task 7128:
[ 1161.715732][ T7137]  kasan_save_stack+0x20/0x40
[ 1161.715959][ T7137]  kasan_set_track+0x25/0x30
[ 1161.716210][ T7137]  __kasan_slab_alloc+0x84/0x90
[ 1161.716445][ T7137]  kmem_cache_alloc_node+0x166/0x410
[ 1161.716696][ T7137]  copy_process+0x5db/0x6f40
[ 1161.716914][ T7137]  kernel_clone+0xe8/0x980
[ 1161.717140][ T7137]  __do_sys_clone+0xc0/0x100
[ 1161.717369][ T7137]  do_syscall_64+0x38/0xb0
[ 1161.717583][ T7137]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1161.717870][ T7137] 
[ 1161.717983][ T7137] Freed by task 0:
[ 1161.718159][ T7137]  kasan_save_stack+0x20/0x40
[ 1161.718412][ T7137]  kasan_set_track+0x25/0x30
[ 1161.718635][ T7137]  kasan_save_free_info+0x2e/0x40
[ 1161.718871][ T7137]  ____kasan_slab_free+0x15e/0x1b0
[ 1161.719113][ T7137]  slab_free_freelist_hook+0x10b/0x1e0
[ 1161.719395][ T7137]  kmem_cache_free+0xee/0x5b0
[ 1161.719620][ T7137]  delayed_put_task_struct+0x274/0x3e0
[ 1161.719879][ T7137]  rcu_core+0x835/0x1980
[ 1161.720082][ T7137]  __do_softirq+0x1f7/0xaf6
[ 1161.720308][ T7137] 
[ 1161.720463][ T7137] Last potentially related work creation:
[ 1161.720840][ T7137]  kasan_save_stack+0x20/0x40
[ 1161.721132][ T7137]  __kasan_record_aux_stack+0xbf/0xd0
[ 1161.721526][ T7137]  call_rcu+0x9e/0x790
[ 1161.721831][ T7137]  put_task_struct_rcu_user+0x83/0xc0
[ 1161.722095][ T7137]  release_task+0xe9e/0x1ae0
[ 1161.722317][ T7137]  wait_consider_task+0x17d8/0x3e70
[ 1161.722565][ T7137]  do_wait+0x75f/0xdc0
[ 1161.722762][ T7137]  kernel_wait4+0x153/0x260
[ 1161.722979][ T7137]  __do_sys_wait4+0x147/0x160
[ 1161.723203][ T7137]  do_syscall_64+0x38/0xb0
[ 1161.723416][ T7137]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1161.723695][ T7137] 
[ 1161.723808][ T7137] Second to last potentially related work creation:
[ 1161.724113][ T7137]  kasan_save_stack+0x20/0x40
[ 1161.724346][ T7137]  __kasan_record_aux_stack+0xbf/0xd0
[ 1161.724608][ T7137]  call_rcu+0x9e/0x790
[ 1161.724804][ T7137]  put_task_struct_rcu_user+0x83/0xc0
[ 1161.725196][ T7137]  release_task+0xe9e/0x1ae0
[ 1161.725460][ T7137]  wait_consider_task+0x17d8/0x3e70
[ 1161.725709][ T7137]  do_wait+0x75f/0xdc0
[ 1161.725906][ T7137]  kernel_wait4+0x153/0x260
[ 1161.726123][ T7137]  __do_sys_wait4+0x147/0x160
[ 1161.726349][ T7137]  do_syscall_64+0x38/0xb0
[ 1161.726563][ T7137]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1161.726843][ T7137] 
[ 1161.726955][ T7137] The buggy address belongs to the object at ffff88801f1f1d80
[ 1161.726955][ T7137]  which belongs to the cache task_struct of size 7240
[ 1161.727596][ T7137] The buggy address is located 640 bytes inside of
[ 1161.727596][ T7137]  7240-byte region [ffff88801f1f1d80, ffff88801f1f39c8)
[ 1161.728210][ T7137] 
[ 1161.728324][ T7137] The buggy address belongs to the physical page:
[ 1161.728620][ T7137] page:ffffea00007c7c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1f1f0
[ 1161.728628][ T7137] head:ffffea00007c7c00 order:3 compound_mapcount:0 compound_pincount:0
[ 1161.728633][ T7137] memcg:ffff888013b2c081
[ 1161.728635][ T7137] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 1161.728647][ T7137] raw: 00fff00000010200 ffffea00005e4200 dead000000000002 ffff88801322a000
[ 1161.728653][ T7137] raw: 0000000000000000 0000000080040004 00000001ffffffff ffff888013b2c081
[ 1161.728656][ T7137] page dumped because: kasan: bad access detected
[ 1161.728659][ T7137] page_owner tracks the page as allocated
[ 1161.731686][ T7137] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 16, tgid 16 (kworker/u17:1), ts 3731671201, free_ts 0
[ 1161.732601][ T7137]  get_page_from_freelist+0x10ce/0x2db0
[ 1161.732863][ T7137]  __alloc_pages+0x1c8/0x5c0
[ 1161.733082][ T7137]  alloc_pages+0x1a9/0x270
[ 1161.733293][ T7137]  allocate_slab+0x24e/0x340
[ 1161.733514][ T7137]  ___slab_alloc+0x89a/0x1400
[ 1161.733739][ T7137]  __slab_alloc.constprop.0+0x56/0xa0
[ 1161.733994][ T7137]  kmem_cache_alloc_node+0x12e/0x410
[ 1161.734245][ T7137]  copy_process+0x5db/0x6f40
[ 1161.734499][ T7137]  kernel_clone+0xe8/0x980
[ 1161.734712][ T7137]  user_mode_thread+0xb4/0xf0
[ 1161.734947][ T7137]  call_usermodehelper_exec_work+0xcb/0x170
[ 1161.735245][ T7137]  process_one_work+0xa33/0x1720
[ 1161.735557][ T7137]  worker_thread+0x67d/0x10e0
[ 1161.735845][ T7137]  kthread+0x2e4/0x3a0
[ 1161.736167][ T7137]  ret_from_fork+0x1f/0x30
[ 1161.736514][ T7137] page_owner free stack trace missing
[ 1161.736838][ T7137] 
[ 1161.736952][ T7137] Memory state around the buggy address:
[ 1161.737213][ T7137]  ffff88801f1f1f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1161.737584][ T7137]  ffff88801f1f1f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1161.737962][ T7137] >ffff88801f1f2000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1161.738331][ T7137]                    ^
[ 1161.738523][ T7137]  ffff88801f1f2080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1161.738903][ T7137]  ffff88801f1f2100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1161.739281][ T7137] ==================================================================
[ 1161.739696][ T7137] Kernel panic - not syncing: panic_on_warn set ...
[ 1161.740035][ T7137] CPU: 3 PID: 7137 Comm: a.out Not tainted 6.1.0-rc8-02212-gef3911a3e4d6-dirty #137
[ 1161.740518][ T7137] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.1-1-1 04/01/2014
[ 1161.741151][ T7137] Call Trace:
[ 1161.741390][ T7137]  <TASK>
[ 1161.741607][ T7137]  dump_stack_lvl+0x100/0x178
[ 1161.741929][ T7137]  panic+0x2c4/0x60f
[ 1161.742266][ T7137]  ? panic_print_sys_info.part.0+0x110/0x110
[ 1161.742550][ T7137]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1161.742858][ T7137]  ? ___bpf_prog_run+0x7f35/0x8fd0
[ 1161.743106][ T7137]  ? ___bpf_prog_run+0x7f35/0x8fd0
[ 1161.743360][ T7137]  end_report.part.0+0x3f/0x7c
[ 1161.743590][ T7137]  kasan_report.cold+0xa/0xf
[ 1161.743811][ T7137]  ? ___bpf_prog_run+0x7f35/0x8fd0
[ 1161.744059][ T7137]  ___bpf_prog_run+0x7f35/0x8fd0
[ 1161.744299][ T7137]  __bpf_prog_run32+0x9d/0xe0
[ 1161.744559][ T7137]  ? __bpf_prog_run64+0xe0/0xe0
[ 1161.744794][ T7137]  ? bpf_prog_test_run_skb+0x33e/0x1dc0
[ 1161.745108][ T7137]  bpf_test_run+0x38e/0x980
[ 1161.745358][ T7137]  ? bpf_test_timer_continue+0x3d0/0x3d0
[ 1161.745659][ T7137]  ? map_id_range_down+0x297/0x340
[ 1161.745971][ T7137]  ? eth_type_trans+0x2ab/0x640
[ 1161.746292][ T7137]  ? memset+0x23/0x40
[ 1161.746562][ T7137]  bpf_prog_test_run_skb+0xb67/0x1dc0
[ 1161.746948][ T7137]  ? bpf_prog_test_run_raw_tp+0x690/0x690
[ 1161.747292][ T7137]  ? __fget_light+0x205/0x270
[ 1161.747521][ T7137]  ? bpf_prog_test_run_raw_tp+0x690/0x690
[ 1161.747798][ T7137]  __sys_bpf+0x1293/0x5840
[ 1161.748012][ T7137]  ? bpf_perf_link_attach+0x520/0x520
[ 1161.748265][ T7137]  ? reacquire_held_locks+0x4a0/0x4a0
[ 1161.748524][ T7137]  ? folio_flags.constprop.0+0x56/0x150
[ 1161.748816][ T7137]  ? folio_add_lru+0x34a/0x690
[ 1161.749046][ T7137]  ? do_raw_spin_unlock+0x173/0x230
[ 1161.749327][ T7137]  ? _raw_spin_unlock+0x28/0x40
[ 1161.749590][ T7137]  ? __handle_mm_fault+0x467/0x3990
[ 1161.749849][ T7137]  ? vm_iomap_memory+0x170/0x170
[ 1161.750088][ T7137]  ? find_held_lock+0x2d/0x110
[ 1161.750324][ T7137]  __x64_sys_bpf+0x78/0xc0
[ 1161.750620][ T7137]  ? syscall_enter_from_user_mode+0x26/0xb0
[ 1161.751061][ T7137]  do_syscall_64+0x38/0xb0
[ 1161.751421][ T7137]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1161.751883][ T7137] RIP: 0033:0x7fb8adae4469
[ 1161.752229][ T7137] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ff 49 2b 00 f7 d8 64 89 01 48
[ 1161.753646][ T7137] RSP: 002b:00007fff514ad148 EFLAGS: 00000203 ORIG_RAX: 0000000000000141
[ 1161.754251][ T7137] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb8adae4469
[ 1161.754851][ T7137] RDX: 0000000000000025 RSI: 0000000020000200 RDI: 000000000000000a
[ 1161.755436][ T7137] RBP: 00007fff514ae2f0 R08: 00007fb8adb2dd70 R09: 00000b4100000218
[ 1161.755981][ T7137] R10: e67c061720b91d86 R11: 0000000000000203 R12: 000055ed87c00760
[ 1161.756545][ T7137] R13: 00007fff514ae3d0 R14: 0000000000000000 R15: 0000000000000000
[ 1161.757040][ T7137]  </TASK>
[ 1161.757265][ T7137] Kernel Offset: disabled
[ 1161.757477][ T7137] Rebooting in 86400 seconds..