[ 65.034461][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 65.043282][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 65.053135][ T35] veth1_macvtap: left promiscuous mode
[ 65.058862][ T35] veth0_macvtap: left promiscuous mode
[ 65.064660][ T35] veth1_vlan: left promiscuous mode
[ 65.070132][ T35] veth0_vlan: left promiscuous mode
[ 65.221153][ T35] team0 (unregistering): Port device team_slave_1 removed
[ 65.247038][ T35] team0 (unregistering): Port device team_slave_0 removed
[ 71.812643][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.819098][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
Warning: Permanently added '10.128.0.171' (ED25519) to the list of known hosts.
2025/01/26 23:57:40 ignoring optional flag "sandboxArg"="0"
2025/01/26 23:57:40 ignoring optional flag "type"="gce"
2025/01/26 23:57:41 parsed 1 programs
2025/01/26 23:57:41 executed programs: 0
[ 79.652470][ T5145] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 79.659902][ T5145] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 79.667205][ T5145] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 79.675002][ T5145] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 79.683359][ T5145] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 79.690872][ T5145] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 79.762185][ T6126] chnl_net:caif_netlink_parms(): no params data found
[ 79.795410][ T6126] bridge0: port 1(bridge_slave_0) entered blocking state
[ 79.802841][ T6126] bridge0: port 1(bridge_slave_0) entered disabled state
[ 79.809979][ T6126] bridge_slave_0: entered allmulticast mode
[ 79.817602][ T6126] bridge_slave_0: entered promiscuous mode
[ 79.824839][ T6126] bridge0: port 2(bridge_slave_1) entered blocking state
[ 79.832676][ T6126] bridge0: port 2(bridge_slave_1) entered disabled state
[ 79.839939][ T6126] bridge_slave_1: entered allmulticast mode
[ 79.846545][ T6126] bridge_slave_1: entered promiscuous mode
[ 79.862855][ T6126] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 79.873465][ T6126] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 79.892458][ T6126] team0: Port device team_slave_0 added
[ 79.899286][ T6126] team0: Port device team_slave_1 added
[ 79.913894][ T6126] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 79.921490][ T6126] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 79.947521][ T6126] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 79.958850][ T6126] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 79.965851][ T6126] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 79.991789][ T6126] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 80.015723][ T6126] hsr_slave_0: entered promiscuous mode
[ 80.022077][ T6126] hsr_slave_1: entered promiscuous mode
[ 80.346880][ T6126] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 80.364608][ T6126] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 80.373683][ T6126] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 80.383316][ T6126] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 80.404283][ T6126] bridge0: port 2(bridge_slave_1) entered blocking state
[ 80.411455][ T6126] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 80.418810][ T6126] bridge0: port 1(bridge_slave_0) entered blocking state
[ 80.426073][ T6126] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 80.475306][ T6126] 8021q: adding VLAN 0 to HW filter on device bond0
[ 80.487975][ T52] bridge0: port 1(bridge_slave_0) entered disabled state
[ 80.497191][ T52] bridge0: port 2(bridge_slave_1) entered disabled state
[ 80.509756][ T6126] 8021q: adding VLAN 0 to HW filter on device team0
[ 80.521003][ T1129] bridge0: port 1(bridge_slave_0) entered blocking state
[ 80.528203][ T1129] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 80.554181][ T1129] bridge0: port 2(bridge_slave_1) entered blocking state
[ 80.561392][ T1129] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 80.580169][ T6126] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 80.592524][ T6126] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 80.693476][ T6126] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 80.724921][ T6126] veth0_vlan: entered promiscuous mode
[ 80.737335][ T6126] veth1_vlan: entered promiscuous mode
[ 80.762715][ T6126] veth0_macvtap: entered promiscuous mode
[ 80.772458][ T6126] veth1_macvtap: entered promiscuous mode
[ 80.788723][ T6126] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 80.802727][ T6126] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 80.812837][ T6126] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 80.822564][ T6126] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 80.832090][ T6126] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 80.841341][ T6126] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 80.878720][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 80.898469][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 80.918258][ T1129] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 80.928161][ T1129] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 80.959173][ T6203] FAULT_INJECTION: forcing a failure.
[ 80.959173][ T6203] name failslab, interval 1, probability 0, space 0, times 1
[ 80.972893][ T6203] CPU: 1 UID: 0 PID: 6203 Comm: syz-executor.0 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0
[ 80.972915][ T6203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 80.972924][ T6203] Call Trace:
[ 80.972930][ T6203]
[ 80.972936][ T6203] dump_stack_lvl+0x241/0x360
[ 80.972963][ T6203] ? __pfx_dump_stack_lvl+0x10/0x10
[ 80.972983][ T6203] ? __pfx__printk+0x10/0x10
[ 80.973004][ T6203] ? __pfx___might_resched+0x10/0x10
[ 80.973022][ T6203] should_fail_ex+0x3b0/0x4e0
[ 80.973039][ T6203] should_failslab+0xac/0x100
[ 80.973060][ T6203] __kmalloc_cache_noprof+0x70/0x390
[ 80.973080][ T6203] ? dccp_feat_entry_new+0x173/0x3a0
[ 80.973104][ T6203] dccp_feat_entry_new+0x173/0x3a0
[ 80.973125][ T6203] dccp_feat_parse_options+0xeac/0x2c40
[ 80.973150][ T6203] ? __pfx_dccp_feat_parse_options+0x10/0x10
[ 80.973169][ T6203] ? __kmalloc_cache_noprof+0x243/0x390
[ 80.973189][ T6203] ? dccp_ackvec_parsed_add+0x5c/0x1d0
[ 80.973212][ T6203] dccp_parse_options+0x13bd/0x2670
[ 80.973234][ T6203] dccp_rcv_established+0x55/0x320
[ 80.973256][ T6203] dccp_v4_do_rcv+0xff/0x1f0
[ 80.973272][ T6203] ? __pfx_dccp_v4_do_rcv+0x10/0x10
[ 80.973286][ T6203] __release_sock+0x243/0x350
[ 80.973308][ T6203] release_sock+0x61/0x1f0
[ 80.973329][ T6203] dccp_sendmsg+0x4f0/0xb90
[ 80.973347][ T6203] ? __pfx_dccp_sendmsg+0x10/0x10
[ 80.973361][ T6203] ? sock_rps_record_flow+0x1a/0x400
[ 80.973390][ T6203] ? inet_sendmsg+0x330/0x390
[ 80.973407][ T6203] __sock_sendmsg+0x1a6/0x270
[ 80.973427][ T6203] ____sys_sendmsg+0x52a/0x7e0
[ 80.973446][ T6203] ? __pfx_____sys_sendmsg+0x10/0x10
[ 80.973462][ T6203] ? __fget_files+0x2a/0x410
[ 80.973483][ T6203] ? __fget_files+0x2a/0x410
[ 80.973502][ T6203] __sys_sendmmsg+0x36a/0x720
[ 80.973518][ T6203] ? __pfx___might_resched+0x10/0x10
[ 80.973536][ T6203] ? __pfx___sys_sendmmsg+0x10/0x10
[ 80.973552][ T6203] ? rcu_is_watching+0x15/0xb0
[ 80.973576][ T6203] ? __pfx_lock_release+0x10/0x10
[ 80.973591][ T6203] ? kstrtouint_from_user+0x128/0x190
[ 80.973612][ T6203] ? rcu_is_watching+0x15/0xb0
[ 80.973631][ T6203] ? lock_release+0xbf/0xa30
[ 80.973648][ T6203] ? __pfx_lock_release+0x10/0x10
[ 80.973664][ T6203] ? proc_fail_nth_write+0x24f/0x2d0
[ 80.973683][ T6203] ? common_file_perm+0x1a6/0x210
[ 80.973699][ T6203] ? __pfx_lock_release+0x10/0x10
[ 80.973716][ T6203] ? bpf_lsm_file_permission+0x9/0x10
[ 80.973729][ T6203] ? preempt_count_add+0x93/0x190
[ 80.973743][ T6203] ? sb_end_write+0xe9/0x1c0
[ 80.973763][ T6203] ? vfs_write+0x730/0xd30
[ 80.973779][ T6203] ? __mutex_unlock_slowpath+0x227/0x800
[ 80.973810][ T6203] ? ksys_write+0x251/0x2b0
[ 80.973825][ T6203] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 80.973843][ T6203] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 80.973862][ T6203] ? rcu_is_watching+0x15/0xb0
[ 80.973883][ T6203] __x64_sys_sendmmsg+0xa0/0xb0
[ 80.973898][ T6203] do_syscall_64+0xf3/0x230
[ 80.973911][ T6203] ? clear_bhb_loop+0x35/0x90
[ 80.973927][ T6203] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 80.973952][ T6203] RIP: 0033:0x7f6952c7ad39
[ 80.973969][ T6203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 80.973980][ T6203] RSP: 002b:00007f6953eba0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 80.973997][ T6203] RAX: ffffffffffffffda RBX: 00007f6952d9bf80 RCX: 00007f6952c7ad39
[ 80.974008][ T6203] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005
[ 80.974018][ T6203] RBP: 00007f6953eba120 R08: 0000000000000000 R09: 0000000000000000
[ 80.974028][ T6203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 80.974036][ T6203] R13: 000000000000000b R14: 00007f6952d9bf80 R15: 00007fff507740d8
[ 80.974051][ T6203]
[ 80.974061][ T6203] dccp_parse_options: DCCP(ffff8880341c8b00): Option 32 (len=7) error=9
[ 81.359229][ T6203] ==================================================================
[ 81.367330][ T6203] BUG: KASAN: slab-use-after-free in ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 81.375952][ T6203] Read of size 1 at addr ffff88807de4a494 by task syz-executor.0/6203
[ 81.384224][ T6203]
[ 81.386573][ T6203] CPU: 1 UID: 0 PID: 6203 Comm: syz-executor.0 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0
[ 81.386593][ T6203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 81.386602][ T6203] Call Trace:
[ 81.386608][ T6203]
[ 81.386615][ T6203] dump_stack_lvl+0x241/0x360
[ 81.386641][ T6203] ? __pfx_dump_stack_lvl+0x10/0x10
[ 81.386660][ T6203] ? __pfx__printk+0x10/0x10
[ 81.386677][ T6203] ? _printk+0xd5/0x120
[ 81.386695][ T6203] ? __virt_addr_valid+0x183/0x530
[ 81.386713][ T6203] ? __virt_addr_valid+0x183/0x530
[ 81.386730][ T6203] print_report+0x169/0x550
[ 81.386750][ T6203] ? __virt_addr_valid+0x183/0x530
[ 81.386767][ T6203] ? __virt_addr_valid+0x183/0x530
[ 81.386784][ T6203] ? __virt_addr_valid+0x45f/0x530
[ 81.386801][ T6203] ? __phys_addr+0xba/0x170
[ 81.386818][ T6203] ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 81.386837][ T6203] kasan_report+0x143/0x180
[ 81.386855][ T6203] ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 81.386876][ T6203] ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 81.386901][ T6203] ? dccp_ackvec_input+0x1d5/0xf60
[ 81.386921][ T6203] ? ccid2_hc_rx_packet_recv+0x12e/0x1c0
[ 81.386938][ T6203] ? __pfx_ccid2_hc_tx_packet_recv+0x10/0x10
[ 81.386958][ T6203] dccp_rcv_established+0x295/0x320
[ 81.386980][ T6203] dccp_v4_do_rcv+0xff/0x1f0
[ 81.386997][ T6203] ? __pfx_dccp_v4_do_rcv+0x10/0x10
[ 81.387011][ T6203] __release_sock+0x243/0x350
[ 81.387035][ T6203] release_sock+0x61/0x1f0
[ 81.387057][ T6203] dccp_sendmsg+0x4f0/0xb90
[ 81.387077][ T6203] ? __pfx_dccp_sendmsg+0x10/0x10
[ 81.387093][ T6203] ? sock_rps_record_flow+0x1a/0x400
[ 81.387112][ T6203] ? inet_sendmsg+0x330/0x390
[ 81.387131][ T6203] __sock_sendmsg+0x1a6/0x270
[ 81.387152][ T6203] ____sys_sendmsg+0x52a/0x7e0
[ 81.387171][ T6203] ? __pfx_____sys_sendmsg+0x10/0x10
[ 81.387187][ T6203] ? __fget_files+0x2a/0x410
[ 81.387207][ T6203] ? __sys_sendmmsg+0x392/0x720
[ 81.387222][ T6203] ? __might_fault+0xaa/0x120
[ 81.387250][ T6203] __sys_sendmmsg+0x36a/0x720
[ 81.387267][ T6203] ? __pfx___might_resched+0x10/0x10
[ 81.387288][ T6203] ? __pfx___sys_sendmmsg+0x10/0x10
[ 81.387304][ T6203] ? rcu_is_watching+0x15/0xb0
[ 81.387328][ T6203] ? __pfx_lock_release+0x10/0x10
[ 81.387344][ T6203] ? kstrtouint_from_user+0x128/0x190
[ 81.387364][ T6203] ? rcu_is_watching+0x15/0xb0
[ 81.387384][ T6203] ? lock_release+0xbf/0xa30
[ 81.387400][ T6203] ? __pfx_lock_release+0x10/0x10
[ 81.387417][ T6203] ? proc_fail_nth_write+0x24f/0x2d0
[ 81.387435][ T6203] ? common_file_perm+0x1a6/0x210
[ 81.387451][ T6203] ? __pfx_lock_release+0x10/0x10
[ 81.387469][ T6203] ? bpf_lsm_file_permission+0x9/0x10
[ 81.387484][ T6203] ? preempt_count_add+0x93/0x190
[ 81.387499][ T6203] ? sb_end_write+0xe9/0x1c0
[ 81.387519][ T6203] ? vfs_write+0x730/0xd30
[ 81.387536][ T6203] ? __mutex_unlock_slowpath+0x227/0x800
[ 81.387569][ T6203] ? ksys_write+0x251/0x2b0
[ 81.387583][ T6203] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 81.387603][ T6203] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 81.387621][ T6203] ? rcu_is_watching+0x15/0xb0
[ 81.387642][ T6203] __x64_sys_sendmmsg+0xa0/0xb0
[ 81.387659][ T6203] do_syscall_64+0xf3/0x230
[ 81.387673][ T6203] ? clear_bhb_loop+0x35/0x90
[ 81.387691][ T6203] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 81.387707][ T6203] RIP: 0033:0x7f6952c7ad39
[ 81.387721][ T6203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 81.387733][ T6203] RSP: 002b:00007f6953eba0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 81.387750][ T6203] RAX: ffffffffffffffda RBX: 00007f6952d9bf80 RCX: 00007f6952c7ad39
[ 81.387761][ T6203] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005
[ 81.387772][ T6203] RBP: 00007f6953eba120 R08: 0000000000000000 R09: 0000000000000000
[ 81.387782][ T6203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 81.387791][ T6203] R13: 000000000000000b R14: 00007f6952d9bf80 R15: 00007fff507740d8
[ 81.387807][ T6203]
[ 81.387812][ T6203]
[ 81.784177][ T6203] Allocated by task 6203:
[ 81.788498][ T6203] kasan_save_track+0x3f/0x80
[ 81.793181][ T6203] __kasan_kmalloc+0x98/0xb0
[ 81.797851][ T6203] __kmalloc_node_track_caller_noprof+0x28b/0x4c0
[ 81.804255][ T6203] kmalloc_reserve+0x111/0x2a0
[ 81.809012][ T6203] __alloc_skb+0x1f3/0x440
[ 81.813452][ T6203] dccp_send_ack+0xaa/0x310
[ 81.817953][ T6203] ccid2_hc_rx_packet_recv+0x10c/0x1c0
[ 81.823573][ T6203] dccp_rcv_established+0x1bb/0x320
[ 81.828768][ T6203] dccp_v4_do_rcv+0xff/0x1f0
[ 81.833427][ T6203] __sk_receive_skb+0x82b/0x8b0
[ 81.838341][ T6203] ip_protocol_deliver_rcu+0x2e9/0x440
[ 81.843794][ T6203] ip_local_deliver_finish+0x341/0x5f0
[ 81.849330][ T6203] NF_HOOK+0x3a4/0x450
[ 81.853392][ T6203] NF_HOOK+0x3a4/0x450
[ 81.857453][ T6203] __netif_receive_skb+0x2bf/0x650
[ 81.862657][ T6203] process_backlog+0x662/0x15b0
[ 81.867512][ T6203] __napi_poll+0xcb/0x490
[ 81.871924][ T6203] net_rx_action+0x89b/0x1240
[ 81.876595][ T6203] handle_softirqs+0x2d4/0x9b0
[ 81.881362][ T6203] do_softirq+0x11b/0x1e0
[ 81.885691][ T6203] __local_bh_enable_ip+0x1bb/0x200
[ 81.890886][ T6203] __dev_queue_xmit+0x1775/0x3f50
[ 81.896006][ T6203] ip_finish_output2+0xd76/0x12b0
[ 81.901110][ T6203] __ip_queue_xmit+0x1258/0x1d50
[ 81.906033][ T6203] dccp_transmit_skb+0xf65/0x16f0
[ 81.911146][ T6203] dccp_xmit_packet+0x376/0x610
[ 81.916020][ T6203] dccp_write_xmit+0x138/0x220
[ 81.920779][ T6203] dccp_sendmsg+0x76f/0xb90
[ 81.925276][ T6203] __sock_sendmsg+0x1a6/0x270
[ 81.930036][ T6203] ____sys_sendmsg+0x52a/0x7e0
[ 81.934880][ T6203] __sys_sendmmsg+0x36a/0x720
[ 81.939548][ T6203] __x64_sys_sendmmsg+0xa0/0xb0
[ 81.944498][ T6203] do_syscall_64+0xf3/0x230
[ 81.949073][ T6203] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 81.954957][ T6203]
[ 81.957269][ T6203] Freed by task 6203:
[ 81.961270][ T6203] kasan_save_track+0x3f/0x80
[ 81.966022][ T6203] kasan_save_free_info+0x40/0x50
[ 81.971036][ T6203] __kasan_slab_free+0x59/0x70
[ 81.975895][ T6203] kfree+0x196/0x430
[ 81.979782][ T6203] skb_release_data+0x6a0/0x8a0
[ 81.984628][ T6203] sk_skb_reason_drop+0x1c9/0x380
[ 81.989646][ T6203] dccp_v4_do_rcv+0x145/0x1f0
[ 81.994318][ T6203] __release_sock+0x243/0x350
[ 81.998983][ T6203] release_sock+0x61/0x1f0
[ 82.003388][ T6203] dccp_sendmsg+0x4f0/0xb90
[ 82.007879][ T6203] __sock_sendmsg+0x1a6/0x270
[ 82.012637][ T6203] ____sys_sendmsg+0x52a/0x7e0
[ 82.017407][ T6203] __sys_sendmmsg+0x36a/0x720
[ 82.022077][ T6203] __x64_sys_sendmmsg+0xa0/0xb0
[ 82.026920][ T6203] do_syscall_64+0xf3/0x230
[ 82.031428][ T6203] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 82.037316][ T6203]
[ 82.039628][ T6203] The buggy address belongs to the object at ffff88807de4a000
[ 82.039628][ T6203] which belongs to the cache kmalloc-2k of size 2048
[ 82.053667][ T6203] The buggy address is located 1172 bytes inside of
[ 82.053667][ T6203] freed 2048-byte region [ffff88807de4a000, ffff88807de4a800)
[ 82.068067][ T6203]
[ 82.070418][ T6203] The buggy address belongs to the physical page:
[ 82.077386][ T6203] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7de48
[ 82.086143][ T6203] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 82.094632][ T6203] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 82.102176][ T6203] page_type: f5(slab)
[ 82.106153][ T6203] raw: 00fff00000000040 ffff88801ac42000 ffffea0001f6ac00 dead000000000002
[ 82.114902][ T6203] raw: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000
[ 82.123472][ T6203] head: 00fff00000000040 ffff88801ac42000 ffffea0001f6ac00 dead000000000002
[ 82.132131][ T6203] head: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000
[ 82.140792][ T6203] head: 00fff00000000003 ffffea0001f79201 ffffffffffffffff 0000000000000000
[ 82.149449][ T6203] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 82.158102][ T6203] page dumped because: kasan: bad access detected
[ 82.164518][ T6203] page_owner tracks the page as allocated
[ 82.170224][ T6203] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 35, tgid 35 (kworker/u8:2), ts 63473856177, free_ts 62192316557
[ 82.191579][ T6203] post_alloc_hook+0x1f3/0x230
[ 82.196336][ T6203] get_page_from_freelist+0x365c/0x37a0
[ 82.201872][ T6203] __alloc_pages_noprof+0x292/0x710
[ 82.207059][ T6203] alloc_pages_mpol_noprof+0x3e1/0x780
[ 82.212608][ T6203] alloc_slab_page+0x6a/0x110
[ 82.217407][ T6203] allocate_slab+0x5a/0x2b0
[ 82.221905][ T6203] ___slab_alloc+0xc27/0x14a0
[ 82.226585][ T6203] __slab_alloc+0x58/0xa0
[ 82.231008][ T6203] __kmalloc_node_track_caller_noprof+0x2e9/0x4c0
[ 82.237509][ T6203] kmalloc_reserve+0x111/0x2a0
[ 82.242372][ T6203] pskb_expand_head+0x1f0/0x1380
[ 82.247298][ T6203] netlink_trim+0x1d6/0x2e0
[ 82.251783][ T6203] netlink_broadcast_filtered+0x76/0x12a0
[ 82.257489][ T6203] nlmsg_notify+0xfb/0x1c0
[ 82.261892][ T6203] dev_close_many+0x2e1/0x4c0
[ 82.266602][ T6203] unregister_netdevice_many_notify+0x52b/0x2030
[ 82.273125][ T6203] page last free pid 5845 tgid 5845 stack trace:
[ 82.279443][ T6203] free_unref_page+0xd3f/0x1010
[ 82.284280][ T6203] __put_partials+0x160/0x1c0
[ 82.288942][ T6203] put_cpu_partial+0x17c/0x250
[ 82.293694][ T6203] __slab_free+0x290/0x380
[ 82.298099][ T6203] qlist_free_all+0x9a/0x140
[ 82.302686][ T6203] kasan_quarantine_reduce+0x14f/0x170
[ 82.308217][ T6203] __kasan_slab_alloc+0x23/0x80
[ 82.313057][ T6203] __kmalloc_cache_noprof+0x1d9/0x390
[ 82.318426][ T6203] nsim_fib_event_work+0x19c5/0x4130
[ 82.323705][ T6203] process_scheduled_works+0xa66/0x1840
[ 82.329240][ T6203] worker_thread+0x870/0xd30
[ 82.333818][ T6203] kthread+0x7a9/0x920
[ 82.337874][ T6203] ret_from_fork+0x4b/0x80
[ 82.342275][ T6203] ret_from_fork_asm+0x1a/0x30
[ 82.347119][ T6203]
[ 82.349434][ T6203] Memory state around the buggy address:
[ 82.355083][ T6203] ffff88807de4a380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 82.363132][ T6203] ffff88807de4a400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 82.371361][ T6203] >ffff88807de4a480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 82.379496][ T6203] ^
[ 82.384159][ T6203] ffff88807de4a500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 82.392293][ T6203] ffff88807de4a580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 82.400367][ T6203] ==================================================================
[ 82.410237][ T5145] Bluetooth: hci0: command tx timeout
[ 82.416216][ T46] cfg80211: failed to load regulatory.db
[ 82.442129][ T6203] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 82.449375][ T6203] CPU: 0 UID: 0 PID: 6203 Comm: syz-executor.0 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0
[ 82.460236][ T6203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 82.470306][ T6203] Call Trace:
[ 82.473603][ T6203]
[ 82.476552][ T6203] dump_stack_lvl+0x241/0x360
[ 82.481265][ T6203] ? __pfx_dump_stack_lvl+0x10/0x10
[ 82.486575][ T6203] ? __pfx__printk+0x10/0x10
[ 82.491280][ T6203] ? rcu_is_watching+0x15/0xb0
[ 82.496072][ T6203] ? preempt_schedule+0xe1/0xf0
[ 82.500951][ T6203] ? vscnprintf+0x5d/0x90
[ 82.505481][ T6203] panic+0x349/0x880
[ 82.509406][ T6203] ? check_panic_on_warn+0x21/0xb0
[ 82.514538][ T6203] ? __pfx_panic+0x10/0x10
[ 82.519066][ T6203] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 82.525160][ T6203] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 82.531518][ T6203] ? print_report+0x502/0x550
[ 82.536274][ T6203] check_panic_on_warn+0x86/0xb0
[ 82.541582][ T6203] ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 82.547414][ T6203] end_report+0x77/0x160
[ 82.551691][ T6203] kasan_report+0x154/0x180
[ 82.556261][ T6203] ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 82.562135][ T6203] ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 82.567977][ T6203] ? dccp_ackvec_input+0x1d5/0xf60
[ 82.573189][ T6203] ? ccid2_hc_rx_packet_recv+0x12e/0x1c0
[ 82.578850][ T6203] ? __pfx_ccid2_hc_tx_packet_recv+0x10/0x10
[ 82.584866][ T6203] dccp_rcv_established+0x295/0x320
[ 82.590359][ T6203] dccp_v4_do_rcv+0xff/0x1f0
[ 82.594971][ T6203] ? __pfx_dccp_v4_do_rcv+0x10/0x10
[ 82.600278][ T6203] __release_sock+0x243/0x350
[ 82.604963][ T6203] release_sock+0x61/0x1f0
[ 82.609377][ T6203] dccp_sendmsg+0x4f0/0xb90
[ 82.613882][ T6203] ? __pfx_dccp_sendmsg+0x10/0x10
[ 82.618984][ T6203] ? sock_rps_record_flow+0x1a/0x400
[ 82.624698][ T6203] ? inet_sendmsg+0x330/0x390
[ 82.629367][ T6203] __sock_sendmsg+0x1a6/0x270
[ 82.634045][ T6203] ____sys_sendmsg+0x52a/0x7e0
[ 82.638803][ T6203] ? __pfx_____sys_sendmsg+0x10/0x10
[ 82.644078][ T6203] ? __fget_files+0x2a/0x410
[ 82.648747][ T6203] ? __sys_sendmmsg+0x392/0x720
[ 82.653585][ T6203] ? __might_fault+0xaa/0x120
[ 82.658251][ T6203] __sys_sendmmsg+0x36a/0x720
[ 82.662939][ T6203] ? __pfx___might_resched+0x10/0x10
[ 82.668220][ T6203] ? __pfx___sys_sendmmsg+0x10/0x10
[ 82.673408][ T6203] ? rcu_is_watching+0x15/0xb0
[ 82.678253][ T6203] ? __pfx_lock_release+0x10/0x10
[ 82.683354][ T6203] ? kstrtouint_from_user+0x128/0x190
[ 82.688744][ T6203] ? rcu_is_watching+0x15/0xb0
[ 82.693512][ T6203] ? lock_release+0xbf/0xa30
[ 82.698100][ T6203] ? __pfx_lock_release+0x10/0x10
[ 82.703135][ T6203] ? proc_fail_nth_write+0x24f/0x2d0
[ 82.708418][ T6203] ? common_file_perm+0x1a6/0x210
[ 82.713613][ T6203] ? __pfx_lock_release+0x10/0x10
[ 82.718733][ T6203] ? bpf_lsm_file_permission+0x9/0x10
[ 82.724098][ T6203] ? preempt_count_add+0x93/0x190
[ 82.729236][ T6203] ? sb_end_write+0xe9/0x1c0
[ 82.733954][ T6203] ? vfs_write+0x730/0xd30
[ 82.738485][ T6203] ? __mutex_unlock_slowpath+0x227/0x800
[ 82.744254][ T6203] ? ksys_write+0x251/0x2b0
[ 82.748837][ T6203] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 82.755246][ T6203] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 82.761756][ T6203] ? rcu_is_watching+0x15/0xb0
[ 82.766612][ T6203] __x64_sys_sendmmsg+0xa0/0xb0
[ 82.771633][ T6203] do_syscall_64+0xf3/0x230
[ 82.776216][ T6203] ? clear_bhb_loop+0x35/0x90
[ 82.780883][ T6203] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 82.786762][ T6203] RIP: 0033:0x7f6952c7ad39
[ 82.791185][ T6203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 82.811154][ T6203] RSP: 002b:00007f6953eba0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 82.819744][ T6203] RAX: ffffffffffffffda RBX: 00007f6952d9bf80 RCX: 00007f6952c7ad39
[ 82.827800][ T6203] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005
[ 82.835937][ T6203] RBP: 00007f6953eba120 R08: 0000000000000000 R09: 0000000000000000
[ 82.844067][ T6203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 82.852124][ T6203] R13: 000000000000000b R14: 00007f6952d9bf80 R15: 00007fff507740d8
[ 82.860528][ T6203]
[ 82.863975][ T6203] Kernel Offset: disabled
[ 82.868294][ T6203] Rebooting in 86400 seconds..