Warning: Permanently added '10.128.0.57' (ED25519) to the list of known hosts.
2026/06/22 10:57:54 parsed 1 programs
2026/06/22 10:57:54 serving rpc on tcp://40879
[ 62.093642][ T5630] cgroup: Unknown subsys name 'net'
[ 62.224436][ T5630] cgroup: Unknown subsys name 'cpuset'
[ 62.231974][ T5630] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 63.423820][ T5630] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 65.582673][ T5638] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 66.303342][ T5656] bridge0: port 1(bridge_slave_0) entered blocking state
[ 66.310509][ T5656] bridge0: port 1(bridge_slave_0) entered disabled state
[ 66.317747][ T5656] bridge_slave_0: entered allmulticast mode
[ 66.324550][ T5656] bridge_slave_0: entered promiscuous mode
[ 66.331804][ T5656] bridge0: port 2(bridge_slave_1) entered blocking state
[ 66.339010][ T5656] bridge0: port 2(bridge_slave_1) entered disabled state
[ 66.346230][ T5656] bridge_slave_1: entered allmulticast mode
[ 66.353175][ T5656] bridge_slave_1: entered promiscuous mode
[ 66.371096][ T5656] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 66.381876][ T5656] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 66.403326][ T5656] team0: Port device team_slave_0 added
[ 66.410318][ T5656] team0: Port device team_slave_1 added
[ 66.426127][ T5656] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 66.433125][ T5656] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 66.459033][ T5656] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 66.470523][ T5656] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 66.477512][ T5656] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 66.503465][ T5656] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 66.530673][ T5656] hsr_slave_0: entered promiscuous mode
[ 66.536949][ T5656] hsr_slave_1: entered promiscuous mode
[ 66.610197][ T5656] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 66.619124][ T5656] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 66.626996][ T5656] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 66.635660][ T5656] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 66.643346][ T5656] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 66.651811][ T5656] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 66.659699][ T5656] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 66.668141][ T5656] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 66.686864][ T5656] bridge0: port 2(bridge_slave_1) entered blocking state
[ 66.693992][ T5656] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 66.701281][ T5656] bridge0: port 1(bridge_slave_0) entered blocking state
[ 66.708409][ T5656] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 66.740506][ T5656] 8021q: adding VLAN 0 to HW filter on device bond0
[ 66.753353][ T3312] bridge0: port 1(bridge_slave_0) entered disabled state
[ 66.760900][ T3312] bridge0: port 2(bridge_slave_1) entered disabled state
[ 66.775100][ T5656] 8021q: adding VLAN 0 to HW filter on device team0
[ 66.785504][ T112] bridge0: port 1(bridge_slave_0) entered blocking state
[ 66.792626][ T112] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 66.803923][ T3312] bridge0: port 2(bridge_slave_1) entered blocking state
[ 66.811017][ T3312] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 67.020640][ T5656] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 67.052863][ T5656] veth0_vlan: entered promiscuous mode
[ 67.061883][ T5656] veth1_vlan: entered promiscuous mode
[ 67.080998][ T5656] veth0_macvtap: entered promiscuous mode
[ 67.089681][ T5656] veth1_macvtap: entered promiscuous mode
[ 67.103998][ T5656] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 67.115121][ T5656] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 67.126166][ T3312] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 67.135359][ T3312] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 67.147122][ T3312] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 67.156557][ T3312] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 67.248031][ T57] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 67.313787][ T57] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 67.367350][ T57] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 67.422731][ T57] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 67.693890][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 67.704349][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 67.720886][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 67.729614][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 68.301481][ T4938] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 68.311370][ T4938] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 68.318644][ T4938] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 68.326214][ T4938] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 68.333990][ T4938] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2026/06/22 10:58:04 executed programs: 0
[ 68.824467][ T4938] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 68.831777][ T4938] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 68.839374][ T4938] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 68.847916][ T4938] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 68.856722][ T4938] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 69.130346][ T5753] bridge0: port 1(bridge_slave_0) entered blocking state
[ 69.137476][ T5753] bridge0: port 1(bridge_slave_0) entered disabled state
[ 69.144851][ T5753] bridge_slave_0: entered allmulticast mode
[ 69.151487][ T5753] bridge_slave_0: entered promiscuous mode
[ 69.159574][ T5753] bridge0: port 2(bridge_slave_1) entered blocking state
[ 69.167165][ T5753] bridge0: port 2(bridge_slave_1) entered disabled state
[ 69.174492][ T5753] bridge_slave_1: entered allmulticast mode
[ 69.181243][ T5753] bridge_slave_1: entered promiscuous mode
[ 69.200293][ T5753] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 69.211486][ T5753] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 69.232178][ T5753] team0: Port device team_slave_0 added
[ 69.239312][ T5753] team0: Port device team_slave_1 added
[ 69.255468][ T5753] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 69.263114][ T5753] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 69.289109][ T5753] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 69.300927][ T5753] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 69.307916][ T5753] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 69.334120][ T5753] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 69.362743][ T5753] hsr_slave_0: entered promiscuous mode
[ 69.368783][ T5753] hsr_slave_1: entered promiscuous mode
[ 69.374808][ T5753] debugfs: 'hsr0' already exists in 'hsr'
[ 69.380542][ T5753] Cannot create hsr debugfs directory
[ 70.273497][ T57] bridge_slave_1: left allmulticast mode
[ 70.279729][ T57] bridge_slave_1: left promiscuous mode
[ 70.287399][ T57] bridge0: port 2(bridge_slave_1) entered disabled state
[ 70.296753][ T57] bridge_slave_0: left allmulticast mode
[ 70.303631][ T57] bridge_slave_0: left promiscuous mode
[ 70.309371][ T57] bridge0: port 1(bridge_slave_0) entered disabled state
[ 70.375142][ T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 70.385469][ T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 70.395127][ T57] bond0 (unregistering): Released all slaves
[ 70.459097][ T57] hsr_slave_0: left promiscuous mode
[ 70.466828][ T57] hsr_slave_1: left promiscuous mode
[ 70.472900][ T57] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 70.480561][ T57] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 70.488627][ T57] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 70.496261][ T57] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 70.506866][ T57] veth1_macvtap: left promiscuous mode
[ 70.512618][ T57] veth0_macvtap: left promiscuous mode
[ 70.518190][ T57] veth1_vlan: left promiscuous mode
[ 70.523890][ T57] veth0_vlan: left promiscuous mode
[ 70.647318][ T57] team0 (unregistering): Port device team_slave_1 removed
[ 70.667325][ T57] team0 (unregistering): Port device team_slave_0 removed
[ 70.769810][ T5283] 8021q: adding VLAN 0 to HW filter on device eth1
[ 70.922419][ T50] Bluetooth: hci0: command tx timeout
[ 70.968556][ T5753] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 70.981017][ T5753] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 70.988885][ T5753] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 71.004837][ T5753] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 71.015256][ T5753] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 71.024626][ T5753] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 71.035405][ T5753] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 71.045129][ T5753] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 71.119273][ T5753] 8021q: adding VLAN 0 to HW filter on device bond0
[ 71.163356][ T1325] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.171307][ T1325] ieee802154 phy1 wpan1: encryption failed: -22
[ 71.308494][ T5753] 8021q: adding VLAN 0 to HW filter on device team0
[ 71.336793][ T3312] bridge0: port 1(bridge_slave_0) entered blocking state
[ 71.343952][ T3312] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 71.365400][ T3312] bridge0: port 2(bridge_slave_1) entered blocking state
[ 71.372576][ T3312] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 71.397855][ T5753] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 71.409855][ T5753] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 71.788792][ T5753] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 71.835299][ T5753] veth0_vlan: entered promiscuous mode
[ 71.847418][ T5753] veth1_vlan: entered promiscuous mode
[ 71.870508][ T5753] veth0_macvtap: entered promiscuous mode
[ 71.879224][ T5753] veth1_macvtap: entered promiscuous mode
[ 71.896009][ T5753] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 71.909903][ T5753] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 71.929298][ T1154] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 71.940595][ T1154] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 71.957213][ T1154] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 71.966367][ T1154] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 72.009549][ T112] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 72.026098][ T112] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 72.049365][ T112] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 72.058143][ T112] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 72.531851][ T5868] ==================================================================
[ 72.539967][ T5868] BUG: KASAN: slab-use-after-free in __sk_msg_recvmsg+0x19b/0xf30
[ 72.547823][ T5868] Read of size 8 at addr ffff888035aadab0 by task syz.0.18/5868
[ 72.555469][ T5868]
[ 72.557840][ T5868] CPU: 0 UID: 0 PID: 5868 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT(full)
[ 72.557864][ T5868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 72.557884][ T5868] Call Trace:
[ 72.557896][ T5868]
[ 72.557903][ T5868] dump_stack_lvl+0xe8/0x150
[ 72.557929][ T5868] print_address_description+0x55/0x1e0
[ 72.557949][ T5868] ? __sk_msg_recvmsg+0x19b/0xf30
[ 72.557976][ T5868] print_report+0x58/0x70
[ 72.557993][ T5868] kasan_report+0x117/0x150
[ 72.558023][ T5868] ? __sk_msg_recvmsg+0x19b/0xf30
[ 72.558054][ T5868] __sk_msg_recvmsg+0x19b/0xf30
[ 72.558081][ T5868] ? __pfx_aa_label_sk_perm+0x10/0x10
[ 72.558112][ T5868] ? sk_psock_get+0x7a/0x440
[ 72.558137][ T5868] ? sk_psock_get+0x392/0x440
[ 72.558160][ T5868] ? sk_psock_get+0x7a/0x440
[ 72.558186][ T5868] ? __kmalloc_noprof+0x358/0x750
[ 72.558266][ T5868] udp_bpf_recvmsg+0x18b/0xa90
[ 72.558290][ T5868] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 72.558316][ T5868] ? aa_sk_perm+0x6d5/0x900
[ 72.558349][ T5868] ? __pfx_udp_bpf_recvmsg+0x10/0x10
[ 72.558376][ T5868] ? sock_rps_record_flow+0x19/0x350
[ 72.558401][ T5868] ? inet_recvmsg+0x101/0x120
[ 72.558424][ T5868] ? __pfx_inet_recvmsg+0x10/0x10
[ 72.558448][ T5868] sock_recvmsg+0x155/0x1b0
[ 72.558472][ T5868] ____sys_recvmsg+0x1e6/0x4a0
[ 72.558506][ T5868] ? __pfx_____sys_recvmsg+0x10/0x10
[ 72.558552][ T5868] ? import_iovec+0x73/0xa0
[ 72.558578][ T5868] ___sys_recvmsg+0x213/0x5a0
[ 72.558607][ T5868] ? __pfx____sys_recvmsg+0x10/0x10
[ 72.558647][ T5868] ? __fget_files+0x2a/0x420
[ 72.558665][ T5868] ? rcu_is_watching+0x15/0xb0
[ 72.558707][ T5868] ? __fget_files+0x3a2/0x420
[ 72.558732][ T5868] do_recvmmsg+0x31a/0x7f0
[ 72.558762][ T5868] ? __pfx_do_recvmmsg+0x10/0x10
[ 72.558795][ T5868] ? rcu_is_watching+0x15/0xb0
[ 72.558813][ T5868] ? trace_irq_enable+0x3b/0x140
[ 72.558842][ T5868] __x64_sys_recvmmsg+0x198/0x250
[ 72.558871][ T5868] ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 72.558901][ T5868] ? rcu_is_watching+0x15/0xb0
[ 72.558920][ T5868] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 72.558949][ T5868] do_syscall_64+0x174/0x580
[ 72.558971][ T5868] ? trace_irq_disable+0x3b/0x140
[ 72.558993][ T5868] ? clear_bhb_loop+0x40/0x90
[ 72.559012][ T5868] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 72.559029][ T5868] RIP: 0033:0x7fd0d999ce59
[ 72.559055][ T5868] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 72.559069][ T5868] RSP: 002b:00007fd0da8b9028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 72.559089][ T5868] RAX: ffffffffffffffda RBX: 00007fd0d9c16180 RCX: 00007fd0d999ce59
[ 72.559101][ T5868] RDX: 0000000000000012 RSI: 0000200000000400 RDI: 0000000000000007
[ 72.559112][ T5868] RBP: 00007fd0d9a32e6f R08: 0000000000000000 R09: 0000000000000000
[ 72.559129][ T5868] R10: 0000000040000021 R11: 0000000000000246 R12: 0000000000000000
[ 72.559139][ T5868] R13: 00007fd0d9c16218 R14: 00007fd0d9c16180 R15: 00007ffe668bfc58
[ 72.559159][ T5868]
[ 72.559166][ T5868]
[ 72.859072][ T5868] Allocated by task 5865:
[ 72.863405][ T5868] kasan_save_track+0x3e/0x80
[ 72.868118][ T5868] __kasan_kmalloc+0x93/0xb0
[ 72.872714][ T5868] __kmalloc_cache_noprof+0x318/0x660
[ 72.878094][ T5868] sk_psock_skb_ingress_self+0x5e/0x320
[ 72.883657][ T5868] sk_psock_verdict_recv+0xca9/0xeb0
[ 72.888955][ T5868] udp_read_skb+0x5f4/0x6d0
[ 72.893463][ T5868] sk_psock_verdict_data_ready+0x25f/0x690
[ 72.899270][ T5868] __udp_enqueue_schedule_skb+0xc26/0x12d0
[ 72.905088][ T5868] udp_queue_rcv_one_skb+0x750/0x10e0
[ 72.910463][ T5868] __udp4_lib_mcast_deliver+0xace/0xb60
[ 72.916017][ T5868] udp_rcv+0xd3e/0x1db0
[ 72.920193][ T5868] ip_protocol_deliver_rcu+0x27e/0x440
[ 72.925646][ T5868] ip_local_deliver_finish+0x3bb/0x6f0
[ 72.931104][ T5868] NF_HOOK+0x336/0x3c0
[ 72.935176][ T5868] ip_sublist_rcv_finish+0x1f0/0x240
[ 72.940478][ T5868] ip_sublist_rcv+0x5cc/0xa70
[ 72.945153][ T5868] ip_list_rcv+0x3ec/0x440
[ 72.949581][ T5868] __netif_receive_skb_list_core+0x804/0x830
[ 72.955565][ T5868] netif_receive_skb_list_internal+0x995/0xcf0
[ 72.961731][ T5868] netif_receive_skb_list+0x55/0x450
[ 72.967018][ T5868] bpf_test_run_xdp_live+0x1875/0x1c20
[ 72.972500][ T5868] bpf_prog_test_run_xdp+0x7d8/0x11d0
[ 72.977888][ T5868] bpf_prog_test_run+0x2c5/0x340
[ 72.982834][ T5868] __sys_bpf+0x643/0x950
[ 72.987084][ T5868] __x64_sys_bpf+0x7c/0x90
[ 72.991518][ T5868] do_syscall_64+0x174/0x580
[ 72.996114][ T5868] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.002006][ T5868]
[ 73.004335][ T5868] Freed by task 5866:
[ 73.008317][ T5868] kasan_save_track+0x3e/0x80
[ 73.012999][ T5868] kasan_save_free_info+0x40/0x50
[ 73.018021][ T5868] __kasan_slab_free+0x5c/0x80
[ 73.022796][ T5868] kfree+0x1c5/0x640
[ 73.026690][ T5868] __sk_msg_recvmsg+0xd2d/0xf30
[ 73.031546][ T5868] udp_bpf_recvmsg+0x18b/0xa90
[ 73.036310][ T5868] sock_recvmsg+0x155/0x1b0
[ 73.040824][ T5868] ____sys_recvmsg+0x1e6/0x4a0
[ 73.045598][ T5868] ___sys_recvmsg+0x213/0x5a0
[ 73.050286][ T5868] do_recvmmsg+0x31a/0x7f0
[ 73.054720][ T5868] __x64_sys_recvmmsg+0x198/0x250
[ 73.059754][ T5868] do_syscall_64+0x174/0x580
[ 73.064352][ T5868] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.070245][ T5868]
[ 73.072565][ T5868] The buggy address belongs to the object at ffff888035aad800
[ 73.072565][ T5868] which belongs to the cache kmalloc-1k of size 1024
[ 73.086616][ T5868] The buggy address is located 688 bytes inside of
[ 73.086616][ T5868] freed 1024-byte region [ffff888035aad800, ffff888035aadc00)
[ 73.100499][ T5868]
[ 73.102830][ T5868] The buggy address belongs to the physical page:
[ 73.109277][ T5868] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x35aa8
[ 73.118038][ T5868] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 73.126628][ T5868] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 73.134181][ T5868] page_type: f5(slab)
[ 73.138163][ T5868] raw: 00fff00000000040 ffff88813fe1bdc0 dead000000000100 dead000000000122
[ 73.146745][ T5868] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
[ 73.155335][ T5868] head: 00fff00000000040 ffff88813fe1bdc0 dead000000000100 dead000000000122
[ 73.164003][ T5868] head: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
[ 73.172697][ T5868] head: 00fff00000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff
[ 73.181366][ T5868] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 73.190031][ T5868] page dumped because: kasan: bad access detected
[ 73.196462][ T5868] page_owner tracks the page as allocated
[ 73.202175][ T5868] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5525, tgid 5525 (dhcpcd-run-hook), ts 51491423581, free_ts 51485207041
[ 73.223799][ T5868] post_alloc_hook+0x22d/0x280
[ 73.228581][ T5868] get_page_from_freelist+0x24ae/0x2530
[ 73.234141][ T5868] __alloc_frozen_pages_noprof+0x18d/0x380
[ 73.239957][ T5868] allocate_slab+0x74/0x5d0
[ 73.244462][ T5868] refill_objects+0x328/0x3c0
[ 73.249142][ T5868] __pcs_replace_empty_main+0x2e0/0x6b0
[ 73.254689][ T5868] __kmalloc_noprof+0x464/0x750
[ 73.259556][ T5868] load_elf_phdrs+0x13e/0x240
[ 73.264241][ T5868] load_elf_binary+0xa28/0x2950
[ 73.269178][ T5868] bprm_execve+0x9c7/0x1630
[ 73.273684][ T5868] do_execveat_common+0x4f4/0x670
[ 73.278707][ T5868] __x64_sys_execve+0x97/0xc0
[ 73.283386][ T5868] do_syscall_64+0x174/0x580
[ 73.287985][ T5868] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.293877][ T5868] page last free pid 5520 tgid 5520 stack trace:
[ 73.300198][ T5868] __free_frozen_pages+0xc0d/0xd20
[ 73.305325][ T5868] __slab_free+0x274/0x2c0
[ 73.309745][ T5868] qlist_free_all+0x99/0x100
[ 73.314350][ T5868] kasan_quarantine_reduce+0x148/0x160
[ 73.319820][ T5868] __kasan_slab_alloc+0x22/0x80
[ 73.324707][ T5868] kmem_cache_alloc_lru_noprof+0x2b4/0x640
[ 73.330523][ T5868] alloc_inode+0xb8/0x1b0
[ 73.334868][ T5868] create_pipe_files+0x52/0x7c0
[ 73.339734][ T5868] __do_pipe_flags+0x46/0x1f0
[ 73.344421][ T5868] do_pipe2+0xaa/0x190
[ 73.348509][ T5868] __x64_sys_pipe2+0x5a/0x70
[ 73.353118][ T5868] do_syscall_64+0x174/0x580
[ 73.357713][ T5868] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.363608][ T5868]
[ 73.365927][ T5868] Memory state around the buggy address:
[ 73.371551][ T5868] ffff888035aad980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 73.379612][ T5868] ffff888035aada00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 73.387670][ T5868] >ffff888035aada80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 73.395730][ T5868] ^
[ 73.401380][ T5868] ffff888035aadb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 73.409451][ T5868] ffff888035aadb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 73.417516][ T5868] ==================================================================
[ 73.456262][ T50] Bluetooth: hci0: command tx timeout
[ 73.463313][ T5868] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 73.470581][ T5868] CPU: 0 UID: 0 PID: 5868 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT(full)
[ 73.479715][ T5868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 73.489800][ T5868] Call Trace:
[ 73.493091][ T5868]
[ 73.496042][ T5868] vpanic+0x56c/0xa60
[ 73.500047][ T5868] ? __pfx_vpanic+0x10/0x10
[ 73.504584][ T5868] ? rcu_is_watching+0x15/0xb0
[ 73.509375][ T5868] panic+0xc5/0xd0
[ 73.513109][ T5868] ? __pfx_panic+0x10/0x10
[ 73.517543][ T5868] ? preempt_schedule_thunk+0x16/0x40
[ 73.522934][ T5868] ? preempt_schedule_thunk+0x16/0x40
[ 73.528324][ T5868] ? __sk_msg_recvmsg+0x19b/0xf30
[ 73.533364][ T5868] check_panic_on_warn+0x89/0xb0
[ 73.538305][ T5868] ? __sk_msg_recvmsg+0x19b/0xf30
[ 73.543366][ T5868] end_report+0x73/0x170
[ 73.547620][ T5868] ? __sk_msg_recvmsg+0x19b/0xf30
[ 73.552646][ T5868] kasan_report+0x128/0x150
[ 73.557158][ T5868] ? __sk_msg_recvmsg+0x19b/0xf30
[ 73.562217][ T5868] __sk_msg_recvmsg+0x19b/0xf30
[ 73.567081][ T5868] ? __pfx_aa_label_sk_perm+0x10/0x10
[ 73.572467][ T5868] ? sk_psock_get+0x7a/0x440
[ 73.577065][ T5868] ? sk_psock_get+0x392/0x440
[ 73.581751][ T5868] ? sk_psock_get+0x7a/0x440
[ 73.586364][ T5868] ? __kmalloc_noprof+0x358/0x750
[ 73.591396][ T5868] udp_bpf_recvmsg+0x18b/0xa90
[ 73.596165][ T5868] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.602244][ T5868] ? aa_sk_perm+0x6d5/0x900
[ 73.606764][ T5868] ? __pfx_udp_bpf_recvmsg+0x10/0x10
[ 73.612054][ T5868] ? sock_rps_record_flow+0x19/0x350
[ 73.617342][ T5868] ? inet_recvmsg+0x101/0x120
[ 73.622036][ T5868] ? __pfx_inet_recvmsg+0x10/0x10
[ 73.627064][ T5868] sock_recvmsg+0x155/0x1b0
[ 73.631576][ T5868] ____sys_recvmsg+0x1e6/0x4a0
[ 73.636357][ T5868] ? __pfx_____sys_recvmsg+0x10/0x10
[ 73.641658][ T5868] ? import_iovec+0x73/0xa0
[ 73.646175][ T5868] ___sys_recvmsg+0x213/0x5a0
[ 73.650865][ T5868] ? __pfx____sys_recvmsg+0x10/0x10
[ 73.656120][ T5868] ? __fget_files+0x2a/0x420
[ 73.660715][ T5868] ? rcu_is_watching+0x15/0xb0
[ 73.665487][ T5868] ? __fget_files+0x3a2/0x420
[ 73.670182][ T5868] do_recvmmsg+0x31a/0x7f0
[ 73.674612][ T5868] ? __pfx_do_recvmmsg+0x10/0x10
[ 73.679564][ T5868] ? rcu_is_watching+0x15/0xb0
[ 73.684329][ T5868] ? trace_irq_enable+0x3b/0x140
[ 73.689287][ T5868] __x64_sys_recvmmsg+0x198/0x250
[ 73.694331][ T5868] ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 73.699898][ T5868] ? rcu_is_watching+0x15/0xb0
[ 73.704668][ T5868] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.710735][ T5868] do_syscall_64+0x174/0x580
[ 73.715332][ T5868] ? trace_irq_disable+0x3b/0x140
[ 73.720362][ T5868] ? clear_bhb_loop+0x40/0x90
[ 73.725046][ T5868] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.730941][ T5868] RIP: 0033:0x7fd0d999ce59
[ 73.735374][ T5868] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 73.754996][ T5868] RSP: 002b:00007fd0da8b9028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 73.763417][ T5868] RAX: ffffffffffffffda RBX: 00007fd0d9c16180 RCX: 00007fd0d999ce59
[ 73.771386][ T5868] RDX: 0000000000000012 RSI: 0000200000000400 RDI: 0000000000000007
[ 73.779360][ T5868] RBP: 00007fd0d9a32e6f R08: 0000000000000000 R09: 0000000000000000
[ 73.787356][ T5868] R10: 0000000040000021 R11: 0000000000000246 R12: 0000000000000000
[ 73.795322][ T5868] R13: 00007fd0d9c16218 R14: 00007fd0d9c16180 R15: 00007ffe668bfc58
[ 73.803307][ T5868]
[ 73.806928][ T5868] Kernel Offset: disabled
[ 73.811253][ T5868] Rebooting in 86400 seconds..