[ 76.765717][ T910] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.1.112' (ED25519) to the list of known hosts.
2025/03/08 18:31:27 ignoring optional flag "sandboxArg"="0"
2025/03/08 18:31:27 ignoring optional flag "type"="gce"
2025/03/08 18:31:27 parsed 1 programs
2025/03/08 18:31:27 executed programs: 0
[ 80.322640][ T5138] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 80.331081][ T5138] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 80.339159][ T5138] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 80.347766][ T5138] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 80.355624][ T5138] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 80.362925][ T5138] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 80.454625][ T6126] chnl_net:caif_netlink_parms(): no params data found
[ 80.497093][ T6126] bridge0: port 1(bridge_slave_0) entered blocking state
[ 80.504439][ T6126] bridge0: port 1(bridge_slave_0) entered disabled state
[ 80.511562][ T6126] bridge_slave_0: entered allmulticast mode
[ 80.518346][ T6126] bridge_slave_0: entered promiscuous mode
[ 80.525984][ T6126] bridge0: port 2(bridge_slave_1) entered blocking state
[ 80.533636][ T6126] bridge0: port 2(bridge_slave_1) entered disabled state
[ 80.540770][ T6126] bridge_slave_1: entered allmulticast mode
[ 80.548051][ T6126] bridge_slave_1: entered promiscuous mode
[ 80.569860][ T6126] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 80.580618][ T6126] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 80.602805][ T6126] team0: Port device team_slave_0 added
[ 80.610377][ T6126] team0: Port device team_slave_1 added
[ 80.628316][ T6126] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 80.635368][ T6126] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 80.661672][ T6126] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 80.674209][ T6126] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 80.681166][ T6126] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 80.707592][ T6126] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 80.735912][ T6126] hsr_slave_0: entered promiscuous mode
[ 80.742036][ T6126] hsr_slave_1: entered promiscuous mode
[ 81.187178][ T6126] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 81.204560][ T6126] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 81.214872][ T6126] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 81.224435][ T6126] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 81.252227][ T6126] bridge0: port 2(bridge_slave_1) entered blocking state
[ 81.259412][ T6126] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 81.266949][ T6126] bridge0: port 1(bridge_slave_0) entered blocking state
[ 81.274199][ T6126] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 81.337213][ T6126] 8021q: adding VLAN 0 to HW filter on device bond0
[ 81.355900][ T36] bridge0: port 1(bridge_slave_0) entered disabled state
[ 81.367800][ T36] bridge0: port 2(bridge_slave_1) entered disabled state
[ 81.385356][ T6126] 8021q: adding VLAN 0 to HW filter on device team0
[ 81.401031][ T3517] bridge0: port 1(bridge_slave_0) entered blocking state
[ 81.408176][ T3517] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 81.423040][ T3517] bridge0: port 2(bridge_slave_1) entered blocking state
[ 81.430861][ T3517] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 81.469657][ T6126] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 81.480228][ T6126] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 81.637844][ T6126] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 81.680556][ T6126] veth0_vlan: entered promiscuous mode
[ 81.693311][ T6126] veth1_vlan: entered promiscuous mode
[ 81.721097][ T6126] veth0_macvtap: entered promiscuous mode
[ 81.731934][ T6126] veth1_macvtap: entered promiscuous mode
[ 81.748858][ T6126] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 81.760290][ T6126] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 81.774221][ T6126] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.782967][ T6126] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.792792][ T6126] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.801946][ T6126] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.878376][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 81.893578][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 81.924204][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 81.932062][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 82.026175][ T6191] FAULT_INJECTION: forcing a failure.
[ 82.026175][ T6191] name failslab, interval 1, probability 0, space 0, times 1
[ 82.040431][ T6191] CPU: 1 UID: 0 PID: 6191 Comm: syz-executor.0 Not tainted 6.14.0-rc5-syzkaller-00227-g2e51e0ac575c #0
[ 82.040454][ T6191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 82.040467][ T6191] Call Trace:
[ 82.040473][ T6191]
[ 82.040480][ T6191] dump_stack_lvl+0x241/0x360
[ 82.040525][ T6191] ? __pfx_dump_stack_lvl+0x10/0x10
[ 82.040542][ T6191] ? __pfx__printk+0x10/0x10
[ 82.040566][ T6191] ? __kmalloc_cache_noprof+0x48/0x390
[ 82.040585][ T6191] ? __pfx___might_resched+0x10/0x10
[ 82.040602][ T6191] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 82.040628][ T6191] should_fail_ex+0x40a/0x550
[ 82.040665][ T6191] should_failslab+0xac/0x100
[ 82.040691][ T6191] __kmalloc_cache_noprof+0x70/0x390
[ 82.040706][ T6191] ? dccp_feat_entry_new+0x173/0x3a0
[ 82.040731][ T6191] dccp_feat_entry_new+0x173/0x3a0
[ 82.040752][ T6191] dccp_feat_parse_options+0xeab/0x2b60
[ 82.040786][ T6191] ? __pfx_dccp_feat_parse_options+0x10/0x10
[ 82.040808][ T6191] ? __kmalloc_cache_noprof+0x243/0x390
[ 82.040823][ T6191] ? dccp_ackvec_parsed_add+0x5c/0x1d0
[ 82.040855][ T6191] dccp_parse_options+0x13bd/0x2670
[ 82.040893][ T6191] dccp_rcv_established+0x55/0x320
[ 82.040913][ T6191] dccp_v4_do_rcv+0xff/0x1f0
[ 82.040935][ T6191] ? __pfx_dccp_v4_do_rcv+0x10/0x10
[ 82.040952][ T6191] __release_sock+0x243/0x350
[ 82.040978][ T6191] release_sock+0x61/0x1f0
[ 82.041001][ T6191] dccp_sendmsg+0x4f0/0xb90
[ 82.041029][ T6191] ? __pfx_dccp_sendmsg+0x10/0x10
[ 82.041048][ T6191] ? sock_rps_record_flow+0x1a/0x400
[ 82.041073][ T6191] ? inet_sendmsg+0x330/0x390
[ 82.041099][ T6191] __sock_sendmsg+0x1a6/0x270
[ 82.041122][ T6191] ____sys_sendmsg+0x53a/0x860
[ 82.041146][ T6191] ? __pfx_____sys_sendmsg+0x10/0x10
[ 82.041160][ T6191] ? __fget_files+0x2a/0x410
[ 82.041180][ T6191] ? __fget_files+0x2a/0x410
[ 82.041206][ T6191] __sys_sendmmsg+0x36a/0x720
[ 82.041233][ T6191] ? __pfx___sys_sendmmsg+0x10/0x10
[ 82.041261][ T6191] ? __pfx_lock_release+0x10/0x10
[ 82.041280][ T6191] ? kstrtouint_from_user+0x128/0x190
[ 82.041319][ T6191] ? ksys_write+0x22a/0x2b0
[ 82.041339][ T6191] ? __pfx_lock_release+0x10/0x10
[ 82.041366][ T6191] ? sb_end_write+0xe9/0x1c0
[ 82.041383][ T6191] ? vfs_write+0x7fa/0xd10
[ 82.041404][ T6191] ? __mutex_unlock_slowpath+0x227/0x800
[ 82.041457][ T6191] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 82.041482][ T6191] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 82.041505][ T6191] ? do_syscall_64+0x100/0x230
[ 82.041530][ T6191] __x64_sys_sendmmsg+0xa0/0xb0
[ 82.041548][ T6191] do_syscall_64+0xf3/0x230
[ 82.041570][ T6191] ? clear_bhb_loop+0x35/0x90
[ 82.041594][ T6191] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 82.041619][ T6191] RIP: 0033:0x7efe8de7c859
[ 82.041637][ T6191] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 82.041656][ T6191] RSP: 002b:00007efe8d1fe0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 82.041674][ T6191] RAX: ffffffffffffffda RBX: 00007efe8df9bf80 RCX: 00007efe8de7c859
[ 82.041686][ T6191] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005
[ 82.041697][ T6191] RBP: 00007efe8d1fe120 R08: 0000000000000000 R09: 0000000000000000
[ 82.041707][ T6191] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 82.041716][ T6191] R13: 000000000000000b R14: 00007efe8df9bf80 R15: 00007ffc432d80e8
[ 82.041742][ T6191]
[ 82.041982][ T6191] dccp_parse_options: DCCP(ffff88805fdb2100): Option 32 (len=7) error=9
[ 82.395133][ T6191] ==================================================================
[ 82.403649][ T6191] BUG: KASAN: slab-use-after-free in ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 82.412255][ T6191] Read of size 1 at addr ffff88807cea1494 by task syz-executor.0/6191
[ 82.420409][ T6191]
[ 82.422746][ T6191] CPU: 0 UID: 0 PID: 6191 Comm: syz-executor.0 Not tainted 6.14.0-rc5-syzkaller-00227-g2e51e0ac575c #0
[ 82.422761][ T6191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 82.422769][ T6191] Call Trace:
[ 82.422774][ T6191]
[ 82.422780][ T6191] dump_stack_lvl+0x241/0x360
[ 82.422797][ T6191] ? __pfx_dump_stack_lvl+0x10/0x10
[ 82.422810][ T6191] ? __pfx__printk+0x10/0x10
[ 82.422827][ T6191] ? _printk+0xd5/0x120
[ 82.422843][ T6191] ? __virt_addr_valid+0x183/0x530
[ 82.422861][ T6191] ? __virt_addr_valid+0x183/0x530
[ 82.422878][ T6191] print_report+0x16e/0x5b0
[ 82.422896][ T6191] ? __virt_addr_valid+0x183/0x530
[ 82.422912][ T6191] ? __virt_addr_valid+0x183/0x530
[ 82.422928][ T6191] ? __virt_addr_valid+0x45f/0x530
[ 82.422944][ T6191] ? __phys_addr+0xba/0x170
[ 82.422960][ T6191] ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 82.422979][ T6191] kasan_report+0x143/0x180
[ 82.422996][ T6191] ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 82.423015][ T6191] ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 82.423039][ T6191] ? dccp_ackvec_input+0x1d5/0xf70
[ 82.423057][ T6191] ? ccid2_hc_rx_packet_recv+0x12e/0x1c0
[ 82.423073][ T6191] ? __pfx_ccid2_hc_tx_packet_recv+0x10/0x10
[ 82.423090][ T6191] dccp_rcv_established+0x295/0x320
[ 82.423104][ T6191] dccp_v4_do_rcv+0xff/0x1f0
[ 82.423119][ T6191] ? __pfx_dccp_v4_do_rcv+0x10/0x10
[ 82.423131][ T6191] __release_sock+0x243/0x350
[ 82.423148][ T6191] release_sock+0x61/0x1f0
[ 82.423164][ T6191] dccp_sendmsg+0x4f0/0xb90
[ 82.423182][ T6191] ? __pfx_dccp_sendmsg+0x10/0x10
[ 82.423196][ T6191] ? sock_rps_record_flow+0x1a/0x400
[ 82.423214][ T6191] ? inet_sendmsg+0x330/0x390
[ 82.423230][ T6191] __sock_sendmsg+0x1a6/0x270
[ 82.423246][ T6191] ____sys_sendmsg+0x53a/0x860
[ 82.423260][ T6191] ? __pfx_____sys_sendmsg+0x10/0x10
[ 82.423271][ T6191] ? __fget_files+0x2a/0x410
[ 82.423285][ T6191] ? __sys_sendmmsg+0x392/0x720
[ 82.423296][ T6191] ? __might_fault+0xaa/0x120
[ 82.423312][ T6191] __sys_sendmmsg+0x36a/0x720
[ 82.423340][ T6191] ? __pfx___sys_sendmmsg+0x10/0x10
[ 82.423361][ T6191] ? __pfx_lock_release+0x10/0x10
[ 82.423378][ T6191] ? kstrtouint_from_user+0x128/0x190
[ 82.423398][ T6191] ? ksys_write+0x22a/0x2b0
[ 82.423412][ T6191] ? __pfx_lock_release+0x10/0x10
[ 82.423431][ T6191] ? sb_end_write+0xe9/0x1c0
[ 82.423445][ T6191] ? vfs_write+0x7fa/0xd10
[ 82.423462][ T6191] ? __mutex_unlock_slowpath+0x227/0x800
[ 82.423492][ T6191] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 82.423509][ T6191] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 82.423525][ T6191] ? do_syscall_64+0x100/0x230
[ 82.423543][ T6191] __x64_sys_sendmmsg+0xa0/0xb0
[ 82.423556][ T6191] do_syscall_64+0xf3/0x230
[ 82.423572][ T6191] ? clear_bhb_loop+0x35/0x90
[ 82.423590][ T6191] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 82.423607][ T6191] RIP: 0033:0x7efe8de7c859
[ 82.423618][ T6191] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 82.423628][ T6191] RSP: 002b:00007efe8d1fe0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 82.423642][ T6191] RAX: ffffffffffffffda RBX: 00007efe8df9bf80 RCX: 00007efe8de7c859
[ 82.423652][ T6191] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005
[ 82.423660][ T6191] RBP: 00007efe8d1fe120 R08: 0000000000000000 R09: 0000000000000000
[ 82.423668][ T6191] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 82.423676][ T6191] R13: 000000000000000b R14: 00007efe8df9bf80 R15: 00007ffc432d80e8
[ 82.423689][ T6191]
[ 82.423693][ T6191]
[ 82.772894][ T6191] Allocated by task 6191:
[ 82.777209][ T6191] kasan_save_track+0x3f/0x80
[ 82.781880][ T6191] __kasan_kmalloc+0x98/0xb0
[ 82.786472][ T6191] __kmalloc_node_track_caller_noprof+0x28b/0x4c0
[ 82.792899][ T6191] kmalloc_reserve+0x111/0x2a0
[ 82.797669][ T6191] __alloc_skb+0x1f3/0x440
[ 82.802087][ T6191] dccp_send_ack+0xaa/0x310
[ 82.806601][ T6191] ccid2_hc_rx_packet_recv+0x10c/0x1c0
[ 82.812073][ T6191] dccp_rcv_established+0x1bb/0x320
[ 82.817300][ T6191] dccp_v4_do_rcv+0xff/0x1f0
[ 82.821893][ T6191] __sk_receive_skb+0x82b/0x8b0
[ 82.826738][ T6191] ip_protocol_deliver_rcu+0x2e9/0x440
[ 82.832186][ T6191] ip_local_deliver_finish+0x341/0x5f0
[ 82.837644][ T6191] NF_HOOK+0x3a4/0x450
[ 82.841710][ T6191] NF_HOOK+0x3a4/0x450
[ 82.845768][ T6191] __netif_receive_skb+0x2bf/0x650
[ 82.850881][ T6191] process_backlog+0x662/0x15b0
[ 82.855742][ T6191] __napi_poll+0xcb/0x490
[ 82.860062][ T6191] net_rx_action+0x89b/0x1240
[ 82.864737][ T6191] handle_softirqs+0x2d4/0x9b0
[ 82.869506][ T6191] do_softirq+0x11b/0x1e0
[ 82.873829][ T6191] __local_bh_enable_ip+0x1bb/0x200
[ 82.879027][ T6191] __dev_queue_xmit+0x1775/0x3f50
[ 82.884049][ T6191] ip_finish_output2+0xcd3/0x12e0
[ 82.889071][ T6191] __ip_queue_xmit+0x103f/0x1960
[ 82.894007][ T6191] dccp_transmit_skb+0xf37/0x16d0
[ 82.899120][ T6191] dccp_xmit_packet+0x376/0x610
[ 82.903964][ T6191] dccp_write_xmit+0x138/0x220
[ 82.908716][ T6191] dccp_sendmsg+0x76f/0xb90
[ 82.913292][ T6191] __sock_sendmsg+0x1a6/0x270
[ 82.917983][ T6191] ____sys_sendmsg+0x53a/0x860
[ 82.922735][ T6191] __sys_sendmmsg+0x36a/0x720
[ 82.927410][ T6191] __x64_sys_sendmmsg+0xa0/0xb0
[ 82.932250][ T6191] do_syscall_64+0xf3/0x230
[ 82.936744][ T6191] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 82.942715][ T6191]
[ 82.945030][ T6191] Freed by task 6191:
[ 82.949082][ T6191] kasan_save_track+0x3f/0x80
[ 82.953751][ T6191] kasan_save_free_info+0x40/0x50
[ 82.958762][ T6191] __kasan_slab_free+0x59/0x70
[ 82.963516][ T6191] kfree+0x196/0x430
[ 82.967493][ T6191] skb_release_data+0x6a0/0x8a0
[ 82.972359][ T6191] sk_skb_reason_drop+0x1c9/0x380
[ 82.977379][ T6191] dccp_v4_do_rcv+0x145/0x1f0
[ 82.982041][ T6191] __release_sock+0x243/0x350
[ 82.986703][ T6191] release_sock+0x61/0x1f0
[ 82.991110][ T6191] dccp_sendmsg+0x4f0/0xb90
[ 82.995606][ T6191] __sock_sendmsg+0x1a6/0x270
[ 83.000360][ T6191] ____sys_sendmsg+0x53a/0x860
[ 83.005196][ T6191] __sys_sendmmsg+0x36a/0x720
[ 83.009860][ T6191] __x64_sys_sendmmsg+0xa0/0xb0
[ 83.014693][ T6191] do_syscall_64+0xf3/0x230
[ 83.019269][ T6191] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 83.025157][ T6191]
[ 83.027465][ T6191] The buggy address belongs to the object at ffff88807cea1000
[ 83.027465][ T6191] which belongs to the cache kmalloc-2k of size 2048
[ 83.041501][ T6191] The buggy address is located 1172 bytes inside of
[ 83.041501][ T6191] freed 2048-byte region [ffff88807cea1000, ffff88807cea1800)
[ 83.055459][ T6191]
[ 83.057768][ T6191] The buggy address belongs to the physical page:
[ 83.064165][ T6191] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7cea0
[ 83.072915][ T6191] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 83.081400][ T6191] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 83.089371][ T6191] page_type: f5(slab)
[ 83.093344][ T6191] raw: 00fff00000000040 ffff88801b042000 0000000000000000 dead000000000001
[ 83.101914][ T6191] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[ 83.110486][ T6191] head: 00fff00000000040 ffff88801b042000 0000000000000000 dead000000000001
[ 83.119326][ T6191] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[ 83.127984][ T6191] head: 00fff00000000003 ffffea0001f3a801 ffffffffffffffff 0000000000000000
[ 83.136639][ T6191] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 83.145293][ T6191] page dumped because: kasan: bad access detected
[ 83.151706][ T6191] page_owner tracks the page as allocated
[ 83.157496][ T6191] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3517, tgid 3517 (kworker/u8:8), ts 60847313469, free_ts 60588082625
[ 83.178875][ T6191] post_alloc_hook+0x1f4/0x240
[ 83.183645][ T6191] get_page_from_freelist+0x3651/0x37a0
[ 83.189186][ T6191] __alloc_frozen_pages_noprof+0x292/0x710
[ 83.195005][ T6191] alloc_pages_mpol+0x311/0x660
[ 83.199856][ T6191] allocate_slab+0x8f/0x3a0
[ 83.204352][ T6191] ___slab_alloc+0xc27/0x14a0
[ 83.209018][ T6191] __slab_alloc+0x58/0xa0
[ 83.213337][ T6191] __kmalloc_node_track_caller_noprof+0x2e9/0x4c0
[ 83.219743][ T6191] kmalloc_reserve+0x111/0x2a0
[ 83.224498][ T6191] __alloc_skb+0x1f3/0x440
[ 83.228901][ T6191] mld_newpack+0x17c/0xc70
[ 83.233307][ T6191] add_grec+0x1492/0x19a0
[ 83.237719][ T6191] mld_send_initial_cr+0x228/0x4b0
[ 83.242824][ T6191] ipv6_mc_dad_complete+0x88/0x490
[ 83.247925][ T6191] addrconf_dad_completed+0x712/0xcd0
[ 83.253286][ T6191] addrconf_dad_work+0xdbc/0x16a0
[ 83.258298][ T6191] page last free pid 26 tgid 26 stack trace:
[ 83.264256][ T6191] free_frozen_pages+0xe04/0x10e0
[ 83.269267][ T6191] __slab_free+0x2c2/0x380
[ 83.273668][ T6191] qlist_free_all+0x9a/0x140
[ 83.278242][ T6191] kasan_quarantine_reduce+0x14f/0x170
[ 83.283685][ T6191] __kasan_slab_alloc+0x23/0x80
[ 83.288522][ T6191] kmem_cache_alloc_node_noprof+0x1d9/0x380
[ 83.294402][ T6191] __alloc_skb+0x1c3/0x440
[ 83.298808][ T6191] mld_newpack+0x17c/0xc70
[ 83.303217][ T6191] add_grec+0x1492/0x19a0
[ 83.307558][ T6191] mld_send_initial_cr+0x228/0x4b0
[ 83.312676][ T6191] mld_dad_work+0x44/0x500
[ 83.317083][ T6191] process_scheduled_works+0xabe/0x18e0
[ 83.322613][ T6191] worker_thread+0x870/0xd30
[ 83.327186][ T6191] kthread+0x7a9/0x920
[ 83.331329][ T6191] ret_from_fork+0x4b/0x80
[ 83.335732][ T6191] ret_from_fork_asm+0x1a/0x30
[ 83.340481][ T6191]
[ 83.342789][ T6191] Memory state around the buggy address:
[ 83.348403][ T6191] ffff88807cea1380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 83.356448][ T6191] ffff88807cea1400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 83.364491][ T6191] >ffff88807cea1480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 83.372531][ T6191] ^
[ 83.377098][ T6191] ffff88807cea1500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 83.385144][ T6191] ffff88807cea1580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 83.393185][ T6191] ==================================================================
[ 83.453899][ T6191] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 83.461128][ T6191] CPU: 1 UID: 0 PID: 6191 Comm: syz-executor.0 Not tainted 6.14.0-rc5-syzkaller-00227-g2e51e0ac575c #0
[ 83.472161][ T6191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 83.482230][ T6191] Call Trace:
[ 83.485528][ T6191]
[ 83.488479][ T6191] dump_stack_lvl+0x241/0x360
[ 83.493180][ T6191] ? __pfx_dump_stack_lvl+0x10/0x10
[ 83.498400][ T6191] ? __pfx__printk+0x10/0x10
[ 83.503010][ T6191] ? preempt_schedule+0xe1/0xf0
[ 83.507875][ T6191] ? vscnprintf+0x5d/0x90
[ 83.512198][ T6191] panic+0x349/0x880
[ 83.516094][ T6191] ? check_panic_on_warn+0x21/0xb0
[ 83.521206][ T6191] ? __pfx_panic+0x10/0x10
[ 83.525625][ T6191] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 83.531600][ T6191] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 83.537916][ T6191] ? print_report+0x519/0x5b0
[ 83.542585][ T6191] check_panic_on_warn+0x86/0xb0
[ 83.547526][ T6191] ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 83.553329][ T6191] end_report+0x77/0x160
[ 83.557566][ T6191] kasan_report+0x154/0x180
[ 83.562063][ T6191] ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 83.567864][ T6191] ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 83.573499][ T6191] ? dccp_ackvec_input+0x1d5/0xf70
[ 83.578604][ T6191] ? ccid2_hc_rx_packet_recv+0x12e/0x1c0
[ 83.584234][ T6191] ? __pfx_ccid2_hc_tx_packet_recv+0x10/0x10
[ 83.590206][ T6191] dccp_rcv_established+0x295/0x320
[ 83.595404][ T6191] dccp_v4_do_rcv+0xff/0x1f0
[ 83.599984][ T6191] ? __pfx_dccp_v4_do_rcv+0x10/0x10
[ 83.605167][ T6191] __release_sock+0x243/0x350
[ 83.609834][ T6191] release_sock+0x61/0x1f0
[ 83.614332][ T6191] dccp_sendmsg+0x4f0/0xb90
[ 83.619002][ T6191] ? __pfx_dccp_sendmsg+0x10/0x10
[ 83.624022][ T6191] ? sock_rps_record_flow+0x1a/0x400
[ 83.629300][ T6191] ? inet_sendmsg+0x330/0x390
[ 83.634072][ T6191] __sock_sendmsg+0x1a6/0x270
[ 83.638760][ T6191] ____sys_sendmsg+0x53a/0x860
[ 83.643531][ T6191] ? __pfx_____sys_sendmsg+0x10/0x10
[ 83.648812][ T6191] ? __fget_files+0x2a/0x410
[ 83.653403][ T6191] ? __sys_sendmmsg+0x392/0x720
[ 83.658249][ T6191] ? __might_fault+0xaa/0x120
[ 83.662924][ T6191] __sys_sendmmsg+0x36a/0x720
[ 83.667605][ T6191] ? __pfx___sys_sendmmsg+0x10/0x10
[ 83.672796][ T6191] ? __pfx_lock_release+0x10/0x10
[ 83.677816][ T6191] ? kstrtouint_from_user+0x128/0x190
[ 83.683188][ T6191] ? ksys_write+0x22a/0x2b0
[ 83.687694][ T6191] ? __pfx_lock_release+0x10/0x10
[ 83.692729][ T6191] ? sb_end_write+0xe9/0x1c0
[ 83.697321][ T6191] ? vfs_write+0x7fa/0xd10
[ 83.701737][ T6191] ? __mutex_unlock_slowpath+0x227/0x800
[ 83.707390][ T6191] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 83.713381][ T6191] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 83.719708][ T6191] ? do_syscall_64+0x100/0x230
[ 83.724477][ T6191] __x64_sys_sendmmsg+0xa0/0xb0
[ 83.729323][ T6191] do_syscall_64+0xf3/0x230
[ 83.733819][ T6191] ? clear_bhb_loop+0x35/0x90
[ 83.738489][ T6191] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 83.744378][ T6191] RIP: 0033:0x7efe8de7c859
[ 83.748782][ T6191] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 83.768472][ T6191] RSP: 002b:00007efe8d1fe0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 83.777001][ T6191] RAX: ffffffffffffffda RBX: 00007efe8df9bf80 RCX: 00007efe8de7c859
[ 83.784978][ T6191] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005
[ 83.792961][ T6191] RBP: 00007efe8d1fe120 R08: 0000000000000000 R09: 0000000000000000
[ 83.800950][ T6191] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 83.808919][ T6191] R13: 000000000000000b R14: 00007efe8df9bf80 R15: 00007ffc432d80e8
[ 83.816974][ T6191]
[ 83.822178][ T6191] Kernel Offset: disabled
[ 83.826499][ T6191] Rebooting in 86400 seconds..