Warning: Permanently added '10.128.0.207' (ED25519) to the list of known hosts.
2024/11/26 13:57:17 ignoring optional flag "sandboxArg"="0"
2024/11/26 13:57:17 ignoring optional flag "type"="gce"
2024/11/26 13:57:17 parsed 1 programs
2024/11/26 13:57:17 executed programs: 0
[ 81.587917][ T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 81.597610][ T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 81.605940][ T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 81.614444][ T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 81.622763][ T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 81.630271][ T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 81.722952][ T6138] chnl_net:caif_netlink_parms(): no params data found
[ 81.776224][ T6138] bridge0: port 1(bridge_slave_0) entered blocking state
[ 81.784655][ T6138] bridge0: port 1(bridge_slave_0) entered disabled state
[ 81.792598][ T6138] bridge_slave_0: entered allmulticast mode
[ 81.799375][ T6138] bridge_slave_0: entered promiscuous mode
[ 81.807445][ T6138] bridge0: port 2(bridge_slave_1) entered blocking state
[ 81.814825][ T6138] bridge0: port 2(bridge_slave_1) entered disabled state
[ 81.822131][ T6138] bridge_slave_1: entered allmulticast mode
[ 81.828798][ T6138] bridge_slave_1: entered promiscuous mode
[ 81.850537][ T6138] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 81.862315][ T6138] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 81.886068][ T6138] team0: Port device team_slave_0 added
[ 81.894651][ T6138] team0: Port device team_slave_1 added
[ 81.914556][ T6138] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 81.922658][ T6138] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 81.949162][ T6138] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 81.961074][ T6138] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 81.968327][ T6138] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 81.994655][ T6138] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 82.013252][ T8] cfg80211: failed to load regulatory.db
[ 82.036197][ T6138] hsr_slave_0: entered promiscuous mode
[ 82.042871][ T6138] hsr_slave_1: entered promiscuous mode
[ 82.656388][ T6138] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 82.666708][ T6138] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 82.676685][ T6138] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 82.687055][ T6138] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 82.710159][ T6138] bridge0: port 2(bridge_slave_1) entered blocking state
[ 82.717571][ T6138] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 82.725067][ T6138] bridge0: port 1(bridge_slave_0) entered blocking state
[ 82.732261][ T6138] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 82.744236][ T35] bridge0: port 1(bridge_slave_0) entered disabled state
[ 82.753201][ T35] bridge0: port 2(bridge_slave_1) entered disabled state
[ 82.824556][ T6138] 8021q: adding VLAN 0 to HW filter on device bond0
[ 82.844381][ T6138] 8021q: adding VLAN 0 to HW filter on device team0
[ 82.857493][ T35] bridge0: port 1(bridge_slave_0) entered blocking state
[ 82.864670][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 82.879387][ T35] bridge0: port 2(bridge_slave_1) entered blocking state
[ 82.886758][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 83.070660][ T6138] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 83.115124][ T6138] veth0_vlan: entered promiscuous mode
[ 83.130632][ T6138] veth1_vlan: entered promiscuous mode
[ 83.163000][ T6138] veth0_macvtap: entered promiscuous mode
[ 83.177201][ T6138] veth1_macvtap: entered promiscuous mode
[ 83.195652][ T6138] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 83.208807][ T6138] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 83.224629][ T6138] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.236588][ T6138] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.246775][ T6138] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.257638][ T6138] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.337273][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 83.357550][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 83.383540][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 83.391967][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 83.462156][ T6205] FAULT_INJECTION: forcing a failure.
[ 83.462156][ T6205] name failslab, interval 1, probability 0, space 0, times 1
[ 83.476778][ T6205] CPU: 1 UID: 0 PID: 6205 Comm: syz-executor.0 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0
[ 83.487685][ T6205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 83.497888][ T6205] Call Trace:
[ 83.501199][ T6205]
[ 83.504345][ T6205] dump_stack_lvl+0x241/0x360
[ 83.509114][ T6205] ? __pfx_dump_stack_lvl+0x10/0x10
[ 83.514360][ T6205] ? __pfx__printk+0x10/0x10
[ 83.518990][ T6205] ? __kmalloc_cache_noprof+0x48/0x390
[ 83.524504][ T6205] ? __pfx___might_resched+0x10/0x10
[ 83.529869][ T6205] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 83.535886][ T6205] should_fail_ex+0x3b0/0x4e0
[ 83.540634][ T6205] should_failslab+0xac/0x100
[ 83.545352][ T6205] __kmalloc_cache_noprof+0x70/0x390
[ 83.550674][ T6205] ? dccp_feat_entry_new+0x173/0x3a0
[ 83.556034][ T6205] dccp_feat_entry_new+0x173/0x3a0
[ 83.561213][ T6205] dccp_feat_parse_options+0xeac/0x2c30
[ 83.566906][ T6205] ? __pfx_dccp_feat_parse_options+0x10/0x10
[ 83.572946][ T6205] ? __kmalloc_cache_noprof+0x243/0x390
[ 83.578614][ T6205] ? dccp_ackvec_parsed_add+0x5c/0x1d0
[ 83.584206][ T6205] dccp_parse_options+0x13bd/0x2670
[ 83.589578][ T6205] dccp_rcv_established+0x55/0x320
[ 83.594917][ T6205] dccp_v4_do_rcv+0xff/0x1f0
[ 83.599684][ T6205] ? __pfx_dccp_v4_do_rcv+0x10/0x10
[ 83.605032][ T6205] __release_sock+0x243/0x350
[ 83.609791][ T6205] release_sock+0x61/0x1f0
[ 83.614268][ T6205] dccp_sendmsg+0x4f0/0xba0
[ 83.618826][ T6205] ? __pfx_dccp_sendmsg+0x10/0x10
[ 83.623977][ T6205] ? sock_rps_record_flow+0x1a/0x400
[ 83.629307][ T6205] ? inet_sendmsg+0x330/0x390
[ 83.634040][ T6205] __sock_sendmsg+0x1a6/0x270
[ 83.639200][ T6205] ____sys_sendmsg+0x52a/0x7e0
[ 83.644192][ T6205] ? __pfx_____sys_sendmsg+0x10/0x10
[ 83.649883][ T6205] ? __fget_files+0x2a/0x410
[ 83.654521][ T6205] ? __fget_files+0x2a/0x410
[ 83.659425][ T6205] __sys_sendmmsg+0x36a/0x720
[ 83.664163][ T6205] ? __pfx___sys_sendmmsg+0x10/0x10
[ 83.669424][ T6205] ? __pfx_lock_release+0x10/0x10
[ 83.674496][ T6205] ? kstrtouint_from_user+0x128/0x190
[ 83.680022][ T6205] ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 83.686065][ T6205] ? ksys_write+0x22a/0x2b0
[ 83.690616][ T6205] ? __pfx_lock_release+0x10/0x10
[ 83.695691][ T6205] ? vfs_write+0x730/0xd30
[ 83.700247][ T6205] ? __mutex_unlock_slowpath+0x21e/0x790
[ 83.705947][ T6205] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 83.711981][ T6205] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 83.718361][ T6205] ? do_syscall_64+0x100/0x230
[ 83.723192][ T6205] __x64_sys_sendmmsg+0xa0/0xb0
[ 83.728090][ T6205] do_syscall_64+0xf3/0x230
[ 83.732641][ T6205] ? clear_bhb_loop+0x35/0x90
[ 83.737373][ T6205] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 83.743330][ T6205] RIP: 0033:0x7fe22447c859
[ 83.747845][ T6205] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 83.767670][ T6205] RSP: 002b:00007fe2252020c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 83.776924][ T6205] RAX: ffffffffffffffda RBX: 00007fe22459bf80 RCX: 00007fe22447c859
[ 83.785021][ T6205] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005
[ 83.793035][ T6205] RBP: 00007fe225202120 R08: 0000000000000000 R09: 0000000000000000
[ 83.801243][ T6205] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 83.809316][ T6205] R13: 000000000000000b R14: 00007fe22459bf80 R15: 00007ffe03394d38
[ 83.817338][ T6205]
[ 83.829353][ T5153] Bluetooth: hci0: command tx timeout
[ 83.837230][ T6205] dccp_parse_options: DCCP(ffff8880318f9600): Option 32 (len=7) error=9
[ 83.847929][ T6205] ==================================================================
[ 83.856050][ T6205] BUG: KASAN: slab-use-after-free in ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 83.864705][ T6205] Read of size 1 at addr ffff8880779bd494 by task syz-executor.0/6205
[ 83.872972][ T6205]
[ 83.875310][ T6205] CPU: 1 UID: 0 PID: 6205 Comm: syz-executor.0 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0
[ 83.886272][ T6205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 83.896348][ T6205] Call Trace:
[ 83.899656][ T6205]
[ 83.902610][ T6205] dump_stack_lvl+0x241/0x360
[ 83.907317][ T6205] ? __pfx_dump_stack_lvl+0x10/0x10
[ 83.912545][ T6205] ? __pfx__printk+0x10/0x10
[ 83.917250][ T6205] ? _printk+0xd5/0x120
[ 83.921429][ T6205] ? __virt_addr_valid+0x183/0x530
[ 83.926576][ T6205] ? __virt_addr_valid+0x183/0x530
[ 83.931722][ T6205] print_report+0x169/0x550
[ 83.936238][ T6205] ? __virt_addr_valid+0x183/0x530
[ 83.941542][ T6205] ? __virt_addr_valid+0x183/0x530
[ 83.946659][ T6205] ? __virt_addr_valid+0x45f/0x530
[ 83.951765][ T6205] ? __phys_addr+0xba/0x170
[ 83.956265][ T6205] ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 83.962076][ T6205] kasan_report+0x143/0x180
[ 83.966576][ T6205] ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 83.972382][ T6205] ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 83.978017][ T6205] ? dccp_ackvec_input+0x1d5/0xf60
[ 83.983121][ T6205] ? ccid2_hc_rx_packet_recv+0x12e/0x1c0
[ 83.988898][ T6205] ? __pfx_ccid2_hc_tx_packet_recv+0x10/0x10
[ 83.994902][ T6205] dccp_rcv_established+0x295/0x320
[ 84.000212][ T6205] dccp_v4_do_rcv+0xff/0x1f0
[ 84.004803][ T6205] ? __pfx_dccp_v4_do_rcv+0x10/0x10
[ 84.010010][ T6205] __release_sock+0x243/0x350
[ 84.015203][ T6205] release_sock+0x61/0x1f0
[ 84.019625][ T6205] dccp_sendmsg+0x4f0/0xba0
[ 84.024122][ T6205] ? __pfx_dccp_sendmsg+0x10/0x10
[ 84.029137][ T6205] ? sock_rps_record_flow+0x1a/0x400
[ 84.034769][ T6205] ? inet_sendmsg+0x330/0x390
[ 84.039444][ T6205] __sock_sendmsg+0x1a6/0x270
[ 84.044200][ T6205] ____sys_sendmsg+0x52a/0x7e0
[ 84.048964][ T6205] ? __pfx_____sys_sendmsg+0x10/0x10
[ 84.054252][ T6205] ? __fget_files+0x2a/0x410
[ 84.059283][ T6205] ? __sys_sendmmsg+0x392/0x720
[ 84.064148][ T6205] ? __might_fault+0xaa/0x120
[ 84.068829][ T6205] __sys_sendmmsg+0x36a/0x720
[ 84.073509][ T6205] ? __pfx___sys_sendmmsg+0x10/0x10
[ 84.078703][ T6205] ? __pfx_lock_release+0x10/0x10
[ 84.083821][ T6205] ? kstrtouint_from_user+0x128/0x190
[ 84.089395][ T6205] ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 84.095398][ T6205] ? ksys_write+0x22a/0x2b0
[ 84.099915][ T6205] ? __pfx_lock_release+0x10/0x10
[ 84.104934][ T6205] ? vfs_write+0x730/0xd30
[ 84.109352][ T6205] ? __mutex_unlock_slowpath+0x21e/0x790
[ 84.114991][ T6205] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 84.120980][ T6205] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 84.127303][ T6205] ? do_syscall_64+0x100/0x230
[ 84.132063][ T6205] __x64_sys_sendmmsg+0xa0/0xb0
[ 84.136919][ T6205] do_syscall_64+0xf3/0x230
[ 84.141439][ T6205] ? clear_bhb_loop+0x35/0x90
[ 84.146112][ T6205] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 84.152003][ T6205] RIP: 0033:0x7fe22447c859
[ 84.156406][ T6205] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 84.176094][ T6205] RSP: 002b:00007fe2252020c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 84.184555][ T6205] RAX: ffffffffffffffda RBX: 00007fe22459bf80 RCX: 00007fe22447c859
[ 84.192626][ T6205] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005
[ 84.200684][ T6205] RBP: 00007fe225202120 R08: 0000000000000000 R09: 0000000000000000
[ 84.208669][ T6205] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 84.216636][ T6205] R13: 000000000000000b R14: 00007fe22459bf80 R15: 00007ffe03394d38
[ 84.224788][ T6205]
[ 84.227803][ T6205]
[ 84.230126][ T6205] Allocated by task 6205:
[ 84.234450][ T6205] kasan_save_track+0x3f/0x80
[ 84.239147][ T6205] __kasan_kmalloc+0x98/0xb0
[ 84.243771][ T6205] __kmalloc_node_track_caller_noprof+0x28b/0x4c0
[ 84.250188][ T6205] kmalloc_reserve+0x111/0x2a0
[ 84.254959][ T6205] __alloc_skb+0x1f3/0x440
[ 84.259387][ T6205] dccp_send_ack+0xaa/0x310
[ 84.263878][ T6205] ccid2_hc_rx_packet_recv+0x10c/0x1c0
[ 84.269330][ T6205] dccp_rcv_established+0x1bb/0x320
[ 84.274523][ T6205] dccp_v4_do_rcv+0xff/0x1f0
[ 84.279134][ T6205] __sk_receive_skb+0x82b/0x8b0
[ 84.283975][ T6205] ip_protocol_deliver_rcu+0x2e9/0x440
[ 84.289422][ T6205] ip_local_deliver_finish+0x341/0x5f0
[ 84.294867][ T6205] NF_HOOK+0x3a4/0x450
[ 84.298924][ T6205] NF_HOOK+0x3a4/0x450
[ 84.303014][ T6205] __netif_receive_skb+0x2bf/0x650
[ 84.308112][ T6205] process_backlog+0x662/0x15b0
[ 84.313038][ T6205] __napi_poll+0xcb/0x490
[ 84.317353][ T6205] net_rx_action+0x89b/0x1240
[ 84.322026][ T6205] handle_softirqs+0x2c5/0x980
[ 84.326798][ T6205] do_softirq+0x11b/0x1e0
[ 84.331121][ T6205] __local_bh_enable_ip+0x1bb/0x200
[ 84.336311][ T6205] __dev_queue_xmit+0x1775/0x3f50
[ 84.341333][ T6205] ip_finish_output2+0xd41/0x1390
[ 84.346350][ T6205] __ip_queue_xmit+0x12ca/0x1ef0
[ 84.351283][ T6205] dccp_transmit_skb+0xf65/0x16f0
[ 84.356302][ T6205] dccp_xmit_packet+0x376/0x610
[ 84.361152][ T6205] dccp_write_xmit+0x138/0x220
[ 84.366347][ T6205] dccp_sendmsg+0x76f/0xba0
[ 84.370838][ T6205] __sock_sendmsg+0x1a6/0x270
[ 84.375509][ T6205] ____sys_sendmsg+0x52a/0x7e0
[ 84.380263][ T6205] __sys_sendmmsg+0x36a/0x720
[ 84.384934][ T6205] __x64_sys_sendmmsg+0xa0/0xb0
[ 84.389957][ T6205] do_syscall_64+0xf3/0x230
[ 84.394456][ T6205] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 84.400352][ T6205]
[ 84.402691][ T6205] Freed by task 6205:
[ 84.406759][ T6205] kasan_save_track+0x3f/0x80
[ 84.411518][ T6205] kasan_save_free_info+0x40/0x50
[ 84.416533][ T6205] __kasan_slab_free+0x59/0x70
[ 84.421300][ T6205] kfree+0x196/0x420
[ 84.425378][ T6205] skb_release_data+0x6a0/0x8a0
[ 84.430226][ T6205] sk_skb_reason_drop+0x1c9/0x380
[ 84.435246][ T6205] dccp_v4_do_rcv+0x145/0x1f0
[ 84.440001][ T6205] __release_sock+0x243/0x350
[ 84.444838][ T6205] release_sock+0x61/0x1f0
[ 84.449334][ T6205] dccp_sendmsg+0x4f0/0xba0
[ 84.453892][ T6205] __sock_sendmsg+0x1a6/0x270
[ 84.458668][ T6205] ____sys_sendmsg+0x52a/0x7e0
[ 84.463464][ T6205] __sys_sendmmsg+0x36a/0x720
[ 84.468144][ T6205] __x64_sys_sendmmsg+0xa0/0xb0
[ 84.473158][ T6205] do_syscall_64+0xf3/0x230
[ 84.477829][ T6205] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 84.483718][ T6205]
[ 84.486031][ T6205] The buggy address belongs to the object at ffff8880779bd000
[ 84.486031][ T6205] which belongs to the cache kmalloc-2k of size 2048
[ 84.500248][ T6205] The buggy address is located 1172 bytes inside of
[ 84.500248][ T6205] freed 2048-byte region [ffff8880779bd000, ffff8880779bd800)
[ 84.514219][ T6205]
[ 84.516531][ T6205] The buggy address belongs to the physical page:
[ 84.522941][ T6205] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x779b8
[ 84.531790][ T6205] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 84.540372][ T6205] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 84.547916][ T6205] page_type: f5(slab)
[ 84.552009][ T6205] raw: 00fff00000000040 ffff88801ac42000 dead000000000100 dead000000000122
[ 84.560579][ T6205] raw: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000
[ 84.569155][ T6205] head: 00fff00000000040 ffff88801ac42000 dead000000000100 dead000000000122
[ 84.578014][ T6205] head: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000
[ 84.586760][ T6205] head: 00fff00000000003 ffffea0001de6e01 ffffffffffffffff 0000000000000000
[ 84.595425][ T6205] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 84.604076][ T6205] page dumped because: kasan: bad access detected
[ 84.610485][ T6205] page_owner tracks the page as allocated
[ 84.616190][ T6205] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 12, tgid 12 (kworker/u8:1), ts 62574859287, free_ts 61681892512
[ 84.637624][ T6205] post_alloc_hook+0x1f3/0x230
[ 84.642385][ T6205] get_page_from_freelist+0x363e/0x3790
[ 84.647931][ T6205] __alloc_pages_noprof+0x292/0x710
[ 84.653142][ T6205] alloc_pages_mpol_noprof+0x3e8/0x680
[ 84.658594][ T6205] alloc_slab_page+0x6a/0x140
[ 84.663263][ T6205] allocate_slab+0x5a/0x2f0
[ 84.667779][ T6205] ___slab_alloc+0xcd1/0x14b0
[ 84.672443][ T6205] __slab_alloc+0x58/0xa0
[ 84.676778][ T6205] __kmalloc_node_track_caller_noprof+0x2e9/0x4c0
[ 84.683180][ T6205] kmalloc_reserve+0x111/0x2a0
[ 84.687940][ T6205] __alloc_skb+0x1f3/0x440
[ 84.692349][ T6205] alloc_skb_with_frags+0xc3/0x820
[ 84.697624][ T6205] sock_alloc_send_pskb+0x91a/0xa60
[ 84.702902][ T6205] mld_newpack+0x1c3/0xaf0
[ 84.707315][ T6205] add_grec+0x1492/0x19a0
[ 84.711633][ T6205] mld_send_initial_cr+0x228/0x4b0
[ 84.716736][ T6205] page last free pid 5859 tgid 5859 stack trace:
[ 84.723218][ T6205] free_unref_folios+0xf21/0x1a10
[ 84.728235][ T6205] folios_put_refs+0x76c/0x860
[ 84.732993][ T6205] free_pages_and_swap_cache+0x5c8/0x690
[ 84.738625][ T6205] tlb_flush_mmu+0x3a3/0x680
[ 84.743216][ T6205] tlb_finish_mmu+0xd4/0x200
[ 84.747797][ T6205] exit_mmap+0x496/0xc40
[ 84.752168][ T6205] __mmput+0x115/0x380
[ 84.756266][ T6205] exit_mm+0x220/0x310
[ 84.760429][ T6205] do_exit+0x9b2/0x28e0
[ 84.764584][ T6205] do_group_exit+0x207/0x2c0
[ 84.769188][ T6205] __x64_sys_exit_group+0x3f/0x40
[ 84.774485][ T6205] x64_sys_call+0x26a8/0x26b0
[ 84.779268][ T6205] do_syscall_64+0xf3/0x230
[ 84.783773][ T6205] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 84.789767][ T6205]
[ 84.792080][ T6205] Memory state around the buggy address:
[ 84.797798][ T6205] ffff8880779bd380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 84.805869][ T6205] ffff8880779bd400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 84.813926][ T6205] >ffff8880779bd480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 84.821977][ T6205] ^
[ 84.826550][ T6205] ffff8880779bd500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 84.834882][ T6205] ffff8880779bd580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 84.843102][ T6205] ==================================================================
[ 84.854328][ T6205] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 84.861834][ T6205] CPU: 0 UID: 0 PID: 6205 Comm: syz-executor.0 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0
[ 84.872620][ T6205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 84.882697][ T6205] Call Trace:
[ 84.886005][ T6205]
[ 84.888966][ T6205] dump_stack_lvl+0x241/0x360
[ 84.893693][ T6205] ? __pfx_dump_stack_lvl+0x10/0x10
[ 84.898938][ T6205] ? __pfx__printk+0x10/0x10
[ 84.903573][ T6205] ? preempt_schedule+0xe1/0xf0
[ 84.908545][ T6205] ? vscnprintf+0x5d/0x90
[ 84.912910][ T6205] panic+0x349/0x880
[ 84.917137][ T6205] ? check_panic_on_warn+0x21/0xb0
[ 84.922272][ T6205] ? __pfx_panic+0x10/0x10
[ 84.926720][ T6205] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 84.932770][ T6205] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 84.939216][ T6205] ? print_report+0x502/0x550
[ 84.944006][ T6205] check_panic_on_warn+0x86/0xb0
[ 84.948991][ T6205] ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 84.955004][ T6205] end_report+0x77/0x160
[ 84.959546][ T6205] kasan_report+0x154/0x180
[ 84.964109][ T6205] ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 84.969954][ T6205] ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 84.975631][ T6205] ? dccp_ackvec_input+0x1d5/0xf60
[ 84.980791][ T6205] ? ccid2_hc_rx_packet_recv+0x12e/0x1c0
[ 84.986464][ T6205] ? __pfx_ccid2_hc_tx_packet_recv+0x10/0x10
[ 84.992475][ T6205] dccp_rcv_established+0x295/0x320
[ 84.997754][ T6205] dccp_v4_do_rcv+0xff/0x1f0
[ 85.002383][ T6205] ? __pfx_dccp_v4_do_rcv+0x10/0x10
[ 85.007891][ T6205] __release_sock+0x243/0x350
[ 85.012778][ T6205] release_sock+0x61/0x1f0
[ 85.017323][ T6205] dccp_sendmsg+0x4f0/0xba0
[ 85.022119][ T6205] ? __pfx_dccp_sendmsg+0x10/0x10
[ 85.027260][ T6205] ? sock_rps_record_flow+0x1a/0x400
[ 85.032759][ T6205] ? inet_sendmsg+0x330/0x390
[ 85.037481][ T6205] __sock_sendmsg+0x1a6/0x270
[ 85.042205][ T6205] ____sys_sendmsg+0x52a/0x7e0
[ 85.047025][ T6205] ? __pfx_____sys_sendmsg+0x10/0x10
[ 85.052347][ T6205] ? __fget_files+0x2a/0x410
[ 85.057072][ T6205] ? __sys_sendmmsg+0x392/0x720
[ 85.061958][ T6205] ? __might_fault+0xaa/0x120
[ 85.066846][ T6205] __sys_sendmmsg+0x36a/0x720
[ 85.071585][ T6205] ? __pfx___sys_sendmmsg+0x10/0x10
[ 85.076827][ T6205] ? __pfx_lock_release+0x10/0x10
[ 85.082063][ T6205] ? kstrtouint_from_user+0x128/0x190
[ 85.087773][ T6205] ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 85.093702][ T6205] ? ksys_write+0x22a/0x2b0
[ 85.098325][ T6205] ? __pfx_lock_release+0x10/0x10
[ 85.103474][ T6205] ? vfs_write+0x730/0xd30
[ 85.107922][ T6205] ? __mutex_unlock_slowpath+0x21e/0x790
[ 85.113594][ T6205] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 85.119617][ T6205] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 85.126068][ T6205] ? do_syscall_64+0x100/0x230
[ 85.130875][ T6205] __x64_sys_sendmmsg+0xa0/0xb0
[ 85.135762][ T6205] do_syscall_64+0xf3/0x230
[ 85.140301][ T6205] ? clear_bhb_loop+0x35/0x90
[ 85.145016][ T6205] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.150945][ T6205] RIP: 0033:0x7fe22447c859
[ 85.155383][ T6205] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 85.175011][ T6205] RSP: 002b:00007fe2252020c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 85.183604][ T6205] RAX: ffffffffffffffda RBX: 00007fe22459bf80 RCX: 00007fe22447c859
[ 85.191614][ T6205] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005
[ 85.199621][ T6205] RBP: 00007fe225202120 R08: 0000000000000000 R09: 0000000000000000
[ 85.207626][ T6205] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 85.215717][ T6205] R13: 000000000000000b R14: 00007fe22459bf80 R15: 00007ffe03394d38
[ 85.223732][ T6205]
[ 85.227266][ T6205] Kernel Offset: disabled
[ 85.231765][ T6205] Rebooting in 86400 seconds..