Warning: Permanently added '10.128.0.76' (ED25519) to the list of known hosts.
executing program
[   37.834279][ T4289] FAULT_INJECTION: forcing a failure.
[   37.834279][ T4289] name failslab, interval 1, probability 0, space 0, times 1
[   37.836842][ T4289] CPU: 1 PID: 4289 Comm: syz-executor122 Not tainted 6.1.115-syzkaller #0
[   37.838438][ T4289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   37.840362][ T4289] Call trace:
[   37.840998][ T4289]  dump_backtrace+0x1c8/0x1f4
[   37.841954][ T4289]  show_stack+0x2c/0x3c
[   37.842787][ T4289]  dump_stack_lvl+0x108/0x170
[   37.843725][ T4289]  dump_stack+0x1c/0x58
[   37.844507][ T4289]  should_fail_ex+0x3c0/0x51c
[   37.845422][ T4289]  __should_failslab+0xc8/0x128
[   37.846399][ T4289]  should_failslab+0x10/0x28
[   37.847305][ T4289]  __kmem_cache_alloc_node+0x80/0x388
[   37.848369][ T4289]  kmalloc_trace+0x48/0x94
[   37.849236][ T4289]  dccp_feat_entry_new+0x188/0x38c
[   37.850223][ T4289]  dccp_feat_parse_options+0xd5c/0x2380
[   37.851303][ T4289]  dccp_parse_options+0xb54/0x192c
[   37.852312][ T4289]  dccp_rcv_established+0x68/0x2d8
[   37.853292][ T4289]  dccp_v6_do_rcv+0x248/0x938
[   37.854187][ T4289]  __release_sock+0x1a8/0x408
[   37.855087][ T4289]  release_sock+0x68/0x1cc
[   37.855940][ T4289]  dccp_sendmsg+0x46c/0xb80
[   37.856821][ T4289]  inet_sendmsg+0x15c/0x290
[   37.857679][ T4289]  ____sys_sendmsg+0x55c/0x848
[   37.858583][ T4289]  __sys_sendmmsg+0x318/0x7d8
[   37.859473][ T4289]  __arm64_sys_sendmmsg+0xa0/0xbc
[   37.860471][ T4289]  invoke_syscall+0x98/0x2c0
[   37.861419][ T4289]  el0_svc_common+0x138/0x258
[   37.862323][ T4289]  do_el0_svc+0x64/0x218
[   37.863180][ T4289]  el0_svc+0x58/0x168
[   37.863969][ T4289]  el0t_64_sync_handler+0x84/0xf0
[   37.864941][ T4289]  el0t_64_sync+0x18c/0x190
[   37.866075][ T4289] dccp_parse_options: DCCP(00000000403ed58e): Option 32 (len=7) error=9
[   37.868448][ T4289] ==================================================================
[   37.870034][ T4289] BUG: KASAN: use-after-free in ccid2_hc_tx_packet_recv+0x1498/0x1af0
[   37.871668][ T4289] Read of size 1 at addr ffff0000d5996494 by task syz-executor122/4289
[   37.873258][ T4289] 
[   37.873726][ T4289] CPU: 0 PID: 4289 Comm: syz-executor122 Not tainted 6.1.115-syzkaller #0
[   37.875332][ T4289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   37.877315][ T4289] Call trace:
[   37.877938][ T4289]  dump_backtrace+0x1c8/0x1f4
[   37.878903][ T4289]  show_stack+0x2c/0x3c
[   37.879716][ T4289]  dump_stack_lvl+0x108/0x170
[   37.880623][ T4289]  print_report+0x174/0x4c0
[   37.881493][ T4289]  kasan_report+0xd4/0x130
[   37.882342][ T4289]  __asan_report_load1_noabort+0x2c/0x38
[   37.883428][ T4289]  ccid2_hc_tx_packet_recv+0x1498/0x1af0
[   37.884518][ T4289]  dccp_rcv_established+0x26c/0x2d8
[   37.885506][ T4289]  dccp_v6_do_rcv+0x248/0x938
[   37.886432][ T4289]  __release_sock+0x1a8/0x408
[   37.887327][ T4289]  release_sock+0x68/0x1cc
[   37.888179][ T4289]  dccp_sendmsg+0x46c/0xb80
[   37.889047][ T4289]  inet_sendmsg+0x15c/0x290
[   37.889907][ T4289]  ____sys_sendmsg+0x55c/0x848
[   37.890821][ T4289]  __sys_sendmmsg+0x318/0x7d8
[   37.891733][ T4289]  __arm64_sys_sendmmsg+0xa0/0xbc
[   37.892716][ T4289]  invoke_syscall+0x98/0x2c0
[   37.893649][ T4289]  el0_svc_common+0x138/0x258
[   37.894532][ T4289]  do_el0_svc+0x64/0x218
[   37.895350][ T4289]  el0_svc+0x58/0x168
[   37.896105][ T4289]  el0t_64_sync_handler+0x84/0xf0
[   37.897063][ T4289]  el0t_64_sync+0x18c/0x190
[   37.897951][ T4289] 
[   37.898393][ T4289] Allocated by task 4289:
[   37.899236][ T4289]  kasan_set_track+0x4c/0x80
[   37.900119][ T4289]  kasan_save_alloc_info+0x24/0x30
[   37.901159][ T4289]  __kasan_kmalloc+0xac/0xc4
[   37.902038][ T4289]  __kmalloc_node_track_caller+0xd0/0x1c0
[   37.903136][ T4289]  __alloc_skb+0x180/0x580
[   37.903982][ T4289]  dccp_send_ack+0xa4/0x2bc
[   37.904870][ T4289]  ccid2_hc_rx_packet_recv+0x114/0x1b8
[   37.905930][ T4289]  dccp_rcv_established+0x1ac/0x2d8
[   37.906935][ T4289]  dccp_v6_do_rcv+0x248/0x938
[   37.907839][ T4289]  __sk_receive_skb+0x3f8/0x900
[   37.908806][ T4289]  dccp_v6_rcv+0xbac/0x10b8
[   37.909665][ T4289]  ip6_protocol_deliver_rcu+0x958/0x1214
[   37.910729][ T4289]  ip6_input_finish+0x164/0x298
[   37.911656][ T4289]  NF_HOOK+0x328/0x3d4
[   37.912424][ T4289]  ip6_input+0x70/0x84
[   37.913202][ T4289]  ip6_rcv_finish+0x1f4/0x220
[   37.914115][ T4289]  NF_HOOK+0x328/0x3d4
[   37.914893][ T4289]  ipv6_rcv+0x98/0xb8
[   37.915659][ T4289]  __netif_receive_skb+0x18c/0x400
[   37.916632][ T4289]  process_backlog+0x410/0x784
[   37.917573][ T4289]  __napi_poll+0xb4/0x3f0
[   37.918408][ T4289]  net_rx_action+0x5cc/0xd3c
[   37.919303][ T4289]  handle_softirqs+0x318/0xd58
[   37.920265][ T4289]  __do_softirq+0x14/0x20
[   37.921092][ T4289] 
[   37.921526][ T4289] Freed by task 4289:
[   37.922297][ T4289]  kasan_set_track+0x4c/0x80
[   37.923207][ T4289]  kasan_save_free_info+0x38/0x5c
[   37.924161][ T4289]  ____kasan_slab_free+0x144/0x1c0
[   37.925129][ T4289]  __kasan_slab_free+0x18/0x28
[   37.926044][ T4289]  __kmem_cache_free+0x2c0/0x4b4
[   37.927029][ T4289]  kfree+0xcc/0x1b8
[   37.927793][ T4289]  skb_release_data+0x488/0x6b0
[   37.928740][ T4289]  kfree_skb_reason+0x1a4/0x47c
[   37.929663][ T4289]  dccp_v6_do_rcv+0x12c/0x938
[   37.930577][ T4289]  __release_sock+0x1a8/0x408
[   37.931476][ T4289]  release_sock+0x68/0x1cc
[   37.932395][ T4289]  dccp_sendmsg+0x46c/0xb80
[   37.933293][ T4289]  inet_sendmsg+0x15c/0x290
[   37.934160][ T4289]  ____sys_sendmsg+0x55c/0x848
[   37.935060][ T4289]  __sys_sendmmsg+0x318/0x7d8
[   37.935943][ T4289]  __arm64_sys_sendmmsg+0xa0/0xbc
[   37.936951][ T4289]  invoke_syscall+0x98/0x2c0
[   37.937841][ T4289]  el0_svc_common+0x138/0x258
[   37.938764][ T4289]  do_el0_svc+0x64/0x218
[   37.939623][ T4289]  el0_svc+0x58/0x168
[   37.940381][ T4289]  el0t_64_sync_handler+0x84/0xf0
[   37.941345][ T4289]  el0t_64_sync+0x18c/0x190
[   37.942255][ T4289] 
[   37.942699][ T4289] The buggy address belongs to the object at ffff0000d5996000
[   37.942699][ T4289]  which belongs to the cache kmalloc-2k of size 2048
[   37.945422][ T4289] The buggy address is located 1172 bytes inside of
[   37.945422][ T4289]  2048-byte region [ffff0000d5996000, ffff0000d5996800)
[   37.947999][ T4289] 
[   37.948432][ T4289] The buggy address belongs to the physical page:
[   37.949648][ T4289] page:000000002f2dee18 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x115990
[   37.951587][ T4289] head:000000002f2dee18 order:3 compound_mapcount:0 compound_pincount:0
[   37.953202][ T4289] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   37.954762][ T4289] raw: 05ffc00000010200 fffffc0003590000 dead000000000002 ffff0000c0002900
[   37.956390][ T4289] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[   37.958047][ T4289] page dumped because: kasan: bad access detected
[   37.959255][ T4289] 
[   37.959721][ T4289] Memory state around the buggy address:
[   37.960855][ T4289]  ffff0000d5996380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   37.962381][ T4289]  ffff0000d5996400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   37.964041][ T4289] >ffff0000d5996480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   37.965626][ T4289]                          ^
[   37.966507][ T4289]  ffff0000d5996500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   37.968019][ T4289]  ffff0000d5996580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   37.969543][ T4289] ==================================================================
[   37.971355][ T4289] Disabling lock debugging due to kernel taint