[ 76.791353][ T1199] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.1.183' (ED25519) to the list of known hosts.
2024/11/07 00:18:38 ignoring optional flag "sandboxArg"="0"
2024/11/07 00:18:38 ignoring optional flag "type"="gce"
2024/11/07 00:18:38 parsed 1 programs
2024/11/07 00:18:38 executed programs: 0
[ 82.795374][ T5153] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 82.803707][ T5153] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 82.811907][ T5153] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 82.820395][ T5153] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 82.827985][ T5153] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 82.835855][ T5153] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 82.922747][ T6144] chnl_net:caif_netlink_parms(): no params data found
[ 82.963637][ T6144] bridge0: port 1(bridge_slave_0) entered blocking state
[ 82.971059][ T6144] bridge0: port 1(bridge_slave_0) entered disabled state
[ 82.978202][ T6144] bridge_slave_0: entered allmulticast mode
[ 82.984998][ T6144] bridge_slave_0: entered promiscuous mode
[ 82.992615][ T6144] bridge0: port 2(bridge_slave_1) entered blocking state
[ 83.000052][ T6144] bridge0: port 2(bridge_slave_1) entered disabled state
[ 83.007187][ T6144] bridge_slave_1: entered allmulticast mode
[ 83.013861][ T6144] bridge_slave_1: entered promiscuous mode
[ 83.035055][ T6144] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 83.046320][ T6144] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 83.070035][ T6144] team0: Port device team_slave_0 added
[ 83.077034][ T6144] team0: Port device team_slave_1 added
[ 83.095126][ T6144] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 83.102492][ T6144] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 83.128552][ T6144] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 83.140431][ T6144] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 83.147393][ T6144] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 83.174600][ T6144] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 83.205642][ T6144] hsr_slave_0: entered promiscuous mode
[ 83.212060][ T6144] hsr_slave_1: entered promiscuous mode
[ 83.693098][ T6144] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 83.703596][ T6144] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 83.713143][ T6144] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 83.722513][ T6144] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 83.751957][ T6144] bridge0: port 2(bridge_slave_1) entered blocking state
[ 83.759157][ T6144] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 83.766566][ T6144] bridge0: port 1(bridge_slave_0) entered blocking state
[ 83.773790][ T6144] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 83.833447][ T6144] 8021q: adding VLAN 0 to HW filter on device bond0
[ 83.853322][ T35] bridge0: port 1(bridge_slave_0) entered disabled state
[ 83.862729][ T35] bridge0: port 2(bridge_slave_1) entered disabled state
[ 83.878979][ T6144] 8021q: adding VLAN 0 to HW filter on device team0
[ 83.894065][ T3463] bridge0: port 1(bridge_slave_0) entered blocking state
[ 83.901314][ T3463] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 83.917325][ T3463] bridge0: port 2(bridge_slave_1) entered blocking state
[ 83.924518][ T3463] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 84.113326][ T6144] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 84.153871][ T6144] veth0_vlan: entered promiscuous mode
[ 84.166927][ T6144] veth1_vlan: entered promiscuous mode
[ 84.204372][ T6144] veth0_macvtap: entered promiscuous mode
[ 84.216537][ T6144] veth1_macvtap: entered promiscuous mode
[ 84.237757][ T6144] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 84.252463][ T6144] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 84.264508][ T6144] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 84.274962][ T6144] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 84.284375][ T6144] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 84.295023][ T6144] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 84.370704][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 84.378832][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 84.420009][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 84.427898][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 84.498886][ T6211] FAULT_INJECTION: forcing a failure.
[ 84.498886][ T6211] name failslab, interval 1, probability 0, space 0, times 1
[ 84.512576][ T6211] CPU: 1 UID: 0 PID: 6211 Comm: syz-executor.0 Not tainted 6.12.0-rc5-syzkaller-01187-ga84e8c05f583 #0
[ 84.523654][ T6211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 84.533722][ T6211] Call Trace:
[ 84.537000][ T6211]
[ 84.539938][ T6211] dump_stack_lvl+0x241/0x360
[ 84.544661][ T6211] ? __pfx_dump_stack_lvl+0x10/0x10
[ 84.549868][ T6211] ? __pfx__printk+0x10/0x10
[ 84.554466][ T6211] ? __kmalloc_cache_noprof+0x44/0x2c0
[ 84.559926][ T6211] ? __pfx___might_resched+0x10/0x10
[ 84.565217][ T6211] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 84.571206][ T6211] should_fail_ex+0x3b0/0x4e0
[ 84.575922][ T6211] should_failslab+0xac/0x100
[ 84.580607][ T6211] ? dccp_feat_entry_new+0x173/0x3a0
[ 84.585892][ T6211] __kmalloc_cache_noprof+0x6c/0x2c0
[ 84.591182][ T6211] dccp_feat_entry_new+0x173/0x3a0
[ 84.596296][ T6211] dccp_feat_parse_options+0xeac/0x2c30
[ 84.601854][ T6211] ? __pfx_dccp_feat_parse_options+0x10/0x10
[ 84.607830][ T6211] ? __kmalloc_cache_noprof+0x19c/0x2c0
[ 84.613384][ T6211] dccp_parse_options+0x13bd/0x2670
[ 84.618599][ T6211] dccp_rcv_established+0x55/0x320
[ 84.623991][ T6211] dccp_v4_do_rcv+0xff/0x1f0
[ 84.628594][ T6211] ? __pfx_dccp_v4_do_rcv+0x10/0x10
[ 84.633789][ T6211] __release_sock+0x243/0x350
[ 84.638476][ T6211] release_sock+0x61/0x1f0
[ 84.642899][ T6211] dccp_sendmsg+0x4f0/0xba0
[ 84.647433][ T6211] ? __pfx_dccp_sendmsg+0x10/0x10
[ 84.652462][ T6211] ? sock_rps_record_flow+0x1a/0x400
[ 84.657750][ T6211] ? inet_sendmsg+0x330/0x390
[ 84.662450][ T6211] __sock_sendmsg+0x1a6/0x270
[ 84.667127][ T6211] ____sys_sendmsg+0x52a/0x7e0
[ 84.671897][ T6211] ? __pfx_____sys_sendmsg+0x10/0x10
[ 84.677195][ T6211] __sys_sendmmsg+0x3ab/0x730
[ 84.681879][ T6211] ? __pfx___sys_sendmmsg+0x10/0x10
[ 84.687201][ T6211] ? __pfx___might_resched+0x10/0x10
[ 84.692489][ T6211] ? __might_fault+0xaa/0x120
[ 84.697171][ T6211] ? vfs_write+0x730/0xd30
[ 84.701634][ T6211] ? __pfx_lock_release+0x10/0x10
[ 84.706663][ T6211] ? __mutex_unlock_slowpath+0x21d/0x750
[ 84.712311][ T6211] ? __rseq_handle_notify_resume+0x34d/0x14d0
[ 84.718383][ T6211] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 84.724368][ T6211] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 84.730730][ T6211] ? do_syscall_64+0x100/0x230
[ 84.735499][ T6211] __x64_sys_sendmmsg+0xa0/0xb0
[ 84.740353][ T6211] do_syscall_64+0xf3/0x230
[ 84.744849][ T6211] ? clear_bhb_loop+0x35/0x90
[ 84.749525][ T6211] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 84.755433][ T6211] RIP: 0033:0x7ff483e7ad39
[ 84.759851][ T6211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 84.779454][ T6211] RSP: 002b:00007ff4850450c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 84.787867][ T6211] RAX: ffffffffffffffda RBX: 00007ff483f9bf80 RCX: 00007ff483e7ad39
[ 84.795836][ T6211] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005
[ 84.803898][ T6211] RBP: 00007ff485045120 R08: 0000000000000000 R09: 0000000000000000
[ 84.811865][ T6211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 84.819829][ T6211] R13: 000000000000000b R14: 00007ff483f9bf80 R15: 00007ffe3bac4158
[ 84.827827][ T6211]
[ 84.842262][ T6211] dccp_parse_options: DCCP(ffff888030eea100): Option 32 (len=7) error=9
[ 84.853872][ T6211] ==================================================================
[ 84.861965][ T6211] BUG: KASAN: slab-use-after-free in ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 84.870571][ T6211] Read of size 1 at addr ffff888075eac494 by task syz-executor.0/6211
[ 84.878713][ T6211]
[ 84.881030][ T6211] CPU: 0 UID: 0 PID: 6211 Comm: syz-executor.0 Not tainted 6.12.0-rc5-syzkaller-01187-ga84e8c05f583 #0
[ 84.892041][ T6211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 84.902087][ T6211] Call Trace:
[ 84.905355][ T6211]
[ 84.908315][ T6211] dump_stack_lvl+0x241/0x360
[ 84.912998][ T6211] ? __pfx_dump_stack_lvl+0x10/0x10
[ 84.918195][ T6211] ? __pfx__printk+0x10/0x10
[ 84.922776][ T6211] ? _printk+0xd5/0x120
[ 84.926927][ T6211] ? __virt_addr_valid+0x183/0x530
[ 84.932044][ T6211] ? __virt_addr_valid+0x183/0x530
[ 84.937167][ T6211] print_report+0x169/0x550
[ 84.941677][ T6211] ? __virt_addr_valid+0x183/0x530
[ 84.946786][ T6211] ? __virt_addr_valid+0x183/0x530
[ 84.951890][ T6211] ? __virt_addr_valid+0x45f/0x530
[ 84.956990][ T6211] ? __phys_addr+0xba/0x170
[ 84.961491][ T6211] ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 84.967297][ T6211] kasan_report+0x143/0x180
[ 84.971795][ T6211] ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 84.977594][ T6211] ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 84.983220][ T6211] ? lockdep_hardirqs_on+0x99/0x150
[ 84.988421][ T6211] ? dccp_ackvec_clear_state+0x5dd/0x8b0
[ 84.994044][ T6211] ? dccp_ackvec_input+0x1d5/0xf60
[ 84.999146][ T6211] ? ccid2_hc_rx_packet_recv+0x12e/0x1c0
[ 85.004773][ T6211] ? __pfx_ccid2_hc_tx_packet_recv+0x10/0x10
[ 85.010755][ T6211] dccp_rcv_established+0x295/0x320
[ 85.015946][ T6211] dccp_v4_do_rcv+0xff/0x1f0
[ 85.020532][ T6211] ? __pfx_dccp_v4_do_rcv+0x10/0x10
[ 85.025718][ T6211] __release_sock+0x243/0x350
[ 85.030395][ T6211] release_sock+0x61/0x1f0
[ 85.034803][ T6211] dccp_sendmsg+0x4f0/0xba0
[ 85.039301][ T6211] ? __pfx_dccp_sendmsg+0x10/0x10
[ 85.044316][ T6211] ? sock_rps_record_flow+0x1a/0x400
[ 85.049595][ T6211] ? inet_sendmsg+0x330/0x390
[ 85.054270][ T6211] __sock_sendmsg+0x1a6/0x270
[ 85.058941][ T6211] ____sys_sendmsg+0x52a/0x7e0
[ 85.063703][ T6211] ? __pfx_____sys_sendmsg+0x10/0x10
[ 85.068983][ T6211] ? rcu_is_watching+0x15/0xb0
[ 85.073737][ T6211] ? __might_fault+0xaa/0x120
[ 85.078408][ T6211] __sys_sendmmsg+0x3ab/0x730
[ 85.083082][ T6211] ? __pfx___sys_sendmmsg+0x10/0x10
[ 85.088292][ T6211] ? __pfx___might_resched+0x10/0x10
[ 85.093571][ T6211] ? __might_fault+0xaa/0x120
[ 85.098240][ T6211] ? vfs_write+0x730/0xd30
[ 85.102662][ T6211] ? __pfx_lock_release+0x10/0x10
[ 85.107686][ T6211] ? __mutex_unlock_slowpath+0x21d/0x750
[ 85.113330][ T6211] ? __rseq_handle_notify_resume+0x34d/0x14d0
[ 85.119402][ T6211] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 85.125378][ T6211] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 85.131700][ T6211] ? do_syscall_64+0x100/0x230
[ 85.136478][ T6211] __x64_sys_sendmmsg+0xa0/0xb0
[ 85.141350][ T6211] do_syscall_64+0xf3/0x230
[ 85.145883][ T6211] ? clear_bhb_loop+0x35/0x90
[ 85.150567][ T6211] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.156464][ T6211] RIP: 0033:0x7ff483e7ad39
[ 85.160876][ T6211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 85.180484][ T6211] RSP: 002b:00007ff4850450c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 85.188942][ T6211] RAX: ffffffffffffffda RBX: 00007ff483f9bf80 RCX: 00007ff483e7ad39
[ 85.196940][ T6211] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005
[ 85.204932][ T6211] RBP: 00007ff485045120 R08: 0000000000000000 R09: 0000000000000000
[ 85.212988][ T6211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 85.220956][ T6211] R13: 000000000000000b R14: 00007ff483f9bf80 R15: 00007ffe3bac4158
[ 85.228967][ T6211]
[ 85.231977][ T6211]
[ 85.234288][ T6211] Allocated by task 6211:
[ 85.238612][ T6211] kasan_save_track+0x3f/0x80
[ 85.243283][ T6211] __kasan_kmalloc+0x98/0xb0
[ 85.247864][ T6211] __kmalloc_node_track_caller_noprof+0x225/0x440
[ 85.254280][ T6211] kmalloc_reserve+0x111/0x2a0
[ 85.259044][ T6211] __alloc_skb+0x1f3/0x440
[ 85.263452][ T6211] dccp_send_ack+0xaa/0x310
[ 85.267944][ T6211] ccid2_hc_rx_packet_recv+0x10c/0x1c0
[ 85.273454][ T6211] dccp_rcv_established+0x1bb/0x320
[ 85.278656][ T6211] dccp_v4_do_rcv+0xff/0x1f0
[ 85.283250][ T6211] __sk_receive_skb+0x82b/0x8b0
[ 85.288103][ T6211] ip_protocol_deliver_rcu+0x2e9/0x440
[ 85.293581][ T6211] ip_local_deliver_finish+0x341/0x5f0
[ 85.299052][ T6211] NF_HOOK+0x3a4/0x450
[ 85.303124][ T6211] NF_HOOK+0x3a4/0x450
[ 85.307192][ T6211] __netif_receive_skb+0x2bf/0x650
[ 85.312325][ T6211] process_backlog+0x662/0x15b0
[ 85.317208][ T6211] __napi_poll+0xcb/0x490
[ 85.321539][ T6211] net_rx_action+0x89b/0x1240
[ 85.326221][ T6211] handle_softirqs+0x2c5/0x980
[ 85.331250][ T6211] do_softirq+0x11b/0x1e0
[ 85.335662][ T6211] __local_bh_enable_ip+0x1bb/0x200
[ 85.340856][ T6211] __dev_queue_xmit+0x1758/0x3f30
[ 85.345907][ T6211] ip_finish_output2+0xd41/0x1390
[ 85.350924][ T6211] __ip_queue_xmit+0x118c/0x1b80
[ 85.355849][ T6211] dccp_transmit_skb+0xf41/0x16a0
[ 85.360869][ T6211] dccp_xmit_packet+0x376/0x610
[ 85.365710][ T6211] dccp_write_xmit+0x138/0x220
[ 85.370468][ T6211] dccp_sendmsg+0x76f/0xba0
[ 85.374964][ T6211] __sock_sendmsg+0x1a6/0x270
[ 85.379813][ T6211] ____sys_sendmsg+0x52a/0x7e0
[ 85.384568][ T6211] __sys_sendmmsg+0x3ab/0x730
[ 85.389240][ T6211] __x64_sys_sendmmsg+0xa0/0xb0
[ 85.394081][ T6211] do_syscall_64+0xf3/0x230
[ 85.398575][ T6211] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.404461][ T6211]
[ 85.406773][ T6211] Freed by task 6211:
[ 85.410737][ T6211] kasan_save_track+0x3f/0x80
[ 85.415408][ T6211] kasan_save_free_info+0x40/0x50
[ 85.420426][ T6211] __kasan_slab_free+0x59/0x70
[ 85.425181][ T6211] kfree+0x1a0/0x440
[ 85.429085][ T6211] skb_release_data+0x6a0/0x8a0
[ 85.433929][ T6211] sk_skb_reason_drop+0x1c9/0x380
[ 85.438964][ T6211] dccp_v4_do_rcv+0x145/0x1f0
[ 85.443633][ T6211] __release_sock+0x243/0x350
[ 85.448386][ T6211] release_sock+0x61/0x1f0
[ 85.452794][ T6211] dccp_sendmsg+0x4f0/0xba0
[ 85.457294][ T6211] __sock_sendmsg+0x1a6/0x270
[ 85.461969][ T6211] ____sys_sendmsg+0x52a/0x7e0
[ 85.466731][ T6211] __sys_sendmmsg+0x3ab/0x730
[ 85.471400][ T6211] __x64_sys_sendmmsg+0xa0/0xb0
[ 85.476245][ T6211] do_syscall_64+0xf3/0x230
[ 85.480739][ T6211] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.486722][ T6211]
[ 85.489036][ T6211] The buggy address belongs to the object at ffff888075eac000
[ 85.489036][ T6211] which belongs to the cache kmalloc-2k of size 2048
[ 85.503164][ T6211] The buggy address is located 1172 bytes inside of
[ 85.503164][ T6211] freed 2048-byte region [ffff888075eac000, ffff888075eac800)
[ 85.517145][ T6211]
[ 85.519461][ T6211] The buggy address belongs to the physical page:
[ 85.525866][ T6211] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75ea8
[ 85.534614][ T6211] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 85.543101][ T6211] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 85.551074][ T6211] page_type: f5(slab)
[ 85.555045][ T6211] raw: 00fff00000000040 ffff88801ac42000 0000000000000000 dead000000000001
[ 85.563618][ T6211] raw: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000
[ 85.572191][ T6211] head: 00fff00000000040 ffff88801ac42000 0000000000000000 dead000000000001
[ 85.580847][ T6211] head: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000
[ 85.589503][ T6211] head: 00fff00000000003 ffffea0001d7aa01 ffffffffffffffff 0000000000000000
[ 85.598191][ T6211] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 85.606865][ T6211] page dumped because: kasan: bad access detected
[ 85.613279][ T6211] page_owner tracks the page as allocated
[ 85.618979][ T6211] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5845, tgid 5845 (syz-executor.0), ts 60165352466, free_ts 15619504693
[ 85.639926][ T6211] post_alloc_hook+0x1f3/0x230
[ 85.644693][ T6211] get_page_from_freelist+0x303f/0x3190
[ 85.650228][ T6211] __alloc_pages_noprof+0x292/0x710
[ 85.655501][ T6211] alloc_pages_mpol_noprof+0x3e8/0x680
[ 85.661006][ T6211] alloc_slab_page+0x6a/0x120
[ 85.665673][ T6211] allocate_slab+0x5a/0x2f0
[ 85.670262][ T6211] ___slab_alloc+0xcd1/0x14b0
[ 85.674953][ T6211] __slab_alloc+0x58/0xa0
[ 85.679295][ T6211] __kmalloc_node_track_caller_noprof+0x281/0x440
[ 85.685928][ T6211] kmalloc_reserve+0x111/0x2a0
[ 85.690690][ T6211] pskb_expand_head+0x1f0/0x1380
[ 85.695710][ T6211] netlink_trim+0x183/0x220
[ 85.700207][ T6211] netlink_broadcast_filtered+0x76/0x12a0
[ 85.705919][ T6211] nlmsg_notify+0xfb/0x1c0
[ 85.710328][ T6211] __dev_notify_flags+0xf7/0x400
[ 85.715263][ T6211] dev_change_flags+0xf0/0x1a0
[ 85.720026][ T6211] page last free pid 1 tgid 1 stack trace:
[ 85.725908][ T6211] free_unref_page+0xcfb/0xf20
[ 85.730668][ T6211] free_contig_range+0x152/0x550
[ 85.735681][ T6211] destroy_args+0x8a/0x840
[ 85.740086][ T6211] debug_vm_pgtable+0x4be/0x550
[ 85.744930][ T6211] do_one_initcall+0x248/0x880
[ 85.749686][ T6211] do_initcall_level+0x157/0x210
[ 85.754611][ T6211] do_initcalls+0x3f/0x80
[ 85.758927][ T6211] kernel_init_freeable+0x435/0x5d0
[ 85.764114][ T6211] kernel_init+0x1d/0x2b0
[ 85.768433][ T6211] ret_from_fork+0x4b/0x80
[ 85.772847][ T6211] ret_from_fork_asm+0x1a/0x30
[ 85.777609][ T6211]
[ 85.779928][ T6211] Memory state around the buggy address:
[ 85.785542][ T6211] ffff888075eac380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 85.793595][ T6211] ffff888075eac400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 85.801644][ T6211] >ffff888075eac480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 85.809691][ T6211] ^
[ 85.814260][ T6211] ffff888075eac500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 85.822321][ T6211] ffff888075eac580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 85.830369][ T6211] ==================================================================
[ 85.858729][ T55] Bluetooth: hci0: command tx timeout
[ 85.884981][ T6211] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 85.892221][ T6211] CPU: 0 UID: 0 PID: 6211 Comm: syz-executor.0 Not tainted 6.12.0-rc5-syzkaller-01187-ga84e8c05f583 #0
[ 85.903278][ T6211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 85.913521][ T6211] Call Trace:
[ 85.916816][ T6211]
[ 85.919762][ T6211] dump_stack_lvl+0x241/0x360
[ 85.924465][ T6211] ? __pfx_dump_stack_lvl+0x10/0x10
[ 85.929772][ T6211] ? __pfx__printk+0x10/0x10
[ 85.934381][ T6211] ? preempt_schedule+0xe1/0xf0
[ 85.939257][ T6211] ? vscnprintf+0x5d/0x90
[ 85.943610][ T6211] panic+0x349/0x880
[ 85.947527][ T6211] ? check_panic_on_warn+0x21/0xb0
[ 85.952743][ T6211] ? __pfx_panic+0x10/0x10
[ 85.957180][ T6211] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 85.963194][ T6211] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 85.969548][ T6211] ? print_report+0x502/0x550
[ 85.974245][ T6211] check_panic_on_warn+0x86/0xb0
[ 85.979205][ T6211] ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 85.985036][ T6211] end_report+0x77/0x160
[ 85.989300][ T6211] kasan_report+0x154/0x180
[ 85.993824][ T6211] ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 85.999655][ T6211] ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 86.005313][ T6211] ? lockdep_hardirqs_on+0x99/0x150
[ 86.010622][ T6211] ? dccp_ackvec_clear_state+0x5dd/0x8b0
[ 86.016282][ T6211] ? dccp_ackvec_input+0x1d5/0xf60
[ 86.021588][ T6211] ? ccid2_hc_rx_packet_recv+0x12e/0x1c0
[ 86.027262][ T6211] ? __pfx_ccid2_hc_tx_packet_recv+0x10/0x10
[ 86.033274][ T6211] dccp_rcv_established+0x295/0x320
[ 86.038492][ T6211] dccp_v4_do_rcv+0xff/0x1f0
[ 86.043101][ T6211] ? __pfx_dccp_v4_do_rcv+0x10/0x10
[ 86.048316][ T6211] __release_sock+0x243/0x350
[ 86.053453][ T6211] release_sock+0x61/0x1f0
[ 86.057904][ T6211] dccp_sendmsg+0x4f0/0xba0
[ 86.062439][ T6211] ? __pfx_dccp_sendmsg+0x10/0x10
[ 86.067485][ T6211] ? sock_rps_record_flow+0x1a/0x400
[ 86.072792][ T6211] ? inet_sendmsg+0x330/0x390
[ 86.077494][ T6211] __sock_sendmsg+0x1a6/0x270
[ 86.082193][ T6211] ____sys_sendmsg+0x52a/0x7e0
[ 86.086996][ T6211] ? __pfx_____sys_sendmsg+0x10/0x10
[ 86.092311][ T6211] ? rcu_is_watching+0x15/0xb0
[ 86.097102][ T6211] ? __might_fault+0xaa/0x120
[ 86.101804][ T6211] __sys_sendmmsg+0x3ab/0x730
[ 86.106507][ T6211] ? __pfx___sys_sendmmsg+0x10/0x10
[ 86.111752][ T6211] ? __pfx___might_resched+0x10/0x10
[ 86.117100][ T6211] ? __might_fault+0xaa/0x120
[ 86.121798][ T6211] ? vfs_write+0x730/0xd30
[ 86.126237][ T6211] ? __pfx_lock_release+0x10/0x10
[ 86.131290][ T6211] ? __mutex_unlock_slowpath+0x21d/0x750
[ 86.136942][ T6211] ? __rseq_handle_notify_resume+0x34d/0x14d0
[ 86.143117][ T6211] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 86.149126][ T6211] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 86.155480][ T6211] ? do_syscall_64+0x100/0x230
[ 86.160271][ T6211] __x64_sys_sendmmsg+0xa0/0xb0
[ 86.165185][ T6211] do_syscall_64+0xf3/0x230
[ 86.169705][ T6211] ? clear_bhb_loop+0x35/0x90
[ 86.174401][ T6211] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.180317][ T6211] RIP: 0033:0x7ff483e7ad39
[ 86.184750][ T6211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 86.204462][ T6211] RSP: 002b:00007ff4850450c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 86.212941][ T6211] RAX: ffffffffffffffda RBX: 00007ff483f9bf80 RCX: 00007ff483e7ad39
[ 86.220931][ T6211] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005
[ 86.228927][ T6211] RBP: 00007ff485045120 R08: 0000000000000000 R09: 0000000000000000
[ 86.236920][ T6211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 86.244907][ T6211] R13: 000000000000000b R14: 00007ff483f9bf80 R15: 00007ffe3bac4158
[ 86.252904][ T6211]
[ 86.256211][ T6211] Kernel Offset: disabled
[ 86.260541][ T6211] Rebooting in 86400 seconds..