Warning: Permanently added '10.128.1.49' (ED25519) to the list of known hosts.
2026/04/01 01:05:33 parsed 1 programs
[   89.609271][ T5833] cgroup: Unknown subsys name 'net'
[   89.742506][ T5833] cgroup: Unknown subsys name 'cpuset'
[   89.752436][ T5833] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   91.399282][ T5833] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   91.961657][   T42] cfg80211: failed to load regulatory.db
[   94.347058][ T5845] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   95.002041][ T5855] chnl_net:caif_netlink_parms(): no params data found
[   95.092605][ T5855] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.100376][ T5855] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.107571][ T5855] bridge_slave_0: entered allmulticast mode
[   95.115453][ T5855] bridge_slave_0: entered promiscuous mode
[   95.124834][ T5855] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.136443][ T5855] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.143881][ T5855] bridge_slave_1: entered allmulticast mode
[   95.151407][ T5855] bridge_slave_1: entered promiscuous mode
[   95.185243][ T5855] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   95.197116][ T5855] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   95.229692][ T5855] team0: Port device team_slave_0 added
[   95.237638][ T5855] team0: Port device team_slave_1 added
[   95.264156][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.271536][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   95.297680][ T5855] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   95.310695][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_1
[   95.317664][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   95.343832][ T5855] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.390481][ T5855] hsr_slave_0: entered promiscuous mode
[   95.397050][ T5855] hsr_slave_1: entered promiscuous mode
[   95.554425][ T5855] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   95.567345][ T5855] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   95.579192][ T5855] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   95.591028][ T5855] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   95.626071][ T5855] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.633351][ T5855] bridge0: port 2(bridge_slave_1) entered forwarding state
[   95.641381][ T5855] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.648585][ T5855] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.707651][ T5855] 8021q: adding VLAN 0 to HW filter on device bond0
[   95.728044][ T1155] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.738467][ T1155] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.753852][ T5855] 8021q: adding VLAN 0 to HW filter on device team0
[   95.766999][ T1155] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.774212][ T1155] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.787682][ T1155] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.794869][ T1155] bridge0: port 2(bridge_slave_1) entered forwarding state
[   95.982825][ T5855] 8021q: adding VLAN 0 to HW filter on device batadv0
[   96.028008][ T5855] veth0_vlan: entered promiscuous mode
[   96.041139][ T5855] veth1_vlan: entered promiscuous mode
[   96.072228][ T5855] veth0_macvtap: entered promiscuous mode
[   96.083751][ T5855] veth1_macvtap: entered promiscuous mode
[   96.102105][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_0
[   96.116567][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_1
[   96.136649][ T1155] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   96.149028][ T1155] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   96.158192][ T1155] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   96.170049][ T1155] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   96.309315][   T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.381201][   T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.445546][   T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.528332][   T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.635607][ T4184] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.649096][ T4184] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.678693][ T1155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.686805][ T1155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.664146][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   98.673432][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   98.681422][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   98.689957][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   98.697755][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   98.963509][   T35] bridge_slave_1: left allmulticast mode
[   98.969611][   T35] bridge_slave_1: left promiscuous mode
[   98.976225][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.987841][   T35] bridge_slave_0: left allmulticast mode
[   98.995822][   T35] bridge_slave_0: left promiscuous mode
[   99.001899][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.144352][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   99.156306][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   99.167020][   T35] bond0 (unregistering): Released all slaves
[   99.290543][   T35] hsr_slave_0: left promiscuous mode
[   99.296831][   T35] hsr_slave_1: left promiscuous mode
[   99.305043][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   99.314289][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[   99.323908][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   99.331762][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[   99.349067][   T35] veth1_macvtap: left promiscuous mode
[   99.354826][   T35] veth0_macvtap: left promiscuous mode
[   99.362260][   T35] veth1_vlan: left promiscuous mode
[   99.367673][   T35] veth0_vlan: left promiscuous mode
[   99.704120][   T35] team0 (unregistering): Port device team_slave_1 removed
[   99.745561][   T35] team0 (unregistering): Port device team_slave_0 removed
2026/04/01 01:05:47 executed programs: 0
[   99.955331][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   99.965091][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   99.976045][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   99.985927][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   99.995456][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  100.297223][ T5941] chnl_net:caif_netlink_parms(): no params data found
[  100.424456][ T5941] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.432118][ T5941] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.439751][ T5941] bridge_slave_0: entered allmulticast mode
[  100.447578][ T5941] bridge_slave_0: entered promiscuous mode
[  100.456746][ T5941] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.464295][ T5941] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.472111][ T5941] bridge_slave_1: entered allmulticast mode
[  100.480288][ T5941] bridge_slave_1: entered promiscuous mode
[  100.519637][ T5941] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  100.532304][ T5941] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.572887][ T5941] team0: Port device team_slave_0 added
[  100.582716][ T5941] team0: Port device team_slave_1 added
[  100.620108][ T5941] batman_adv: batadv0: Adding interface: batadv_slave_0
[  100.627118][ T5941] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  100.655394][ T5941] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  101.095371][ T5941] batman_adv: batadv0: Adding interface: batadv_slave_1
[  101.102570][ T5941] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  101.129744][ T5941] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  101.216061][ T5941] hsr_slave_0: entered promiscuous mode
[  101.224244][ T5941] hsr_slave_1: entered promiscuous mode
[  102.039572][ T5146] Bluetooth: hci0: command tx timeout
[  102.150715][ T5941] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  102.162770][ T5941] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  102.177721][ T5941] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  102.191109][ T5941] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  102.298017][ T5941] 8021q: adding VLAN 0 to HW filter on device bond0
[  102.321733][ T5941] 8021q: adding VLAN 0 to HW filter on device team0
[  102.340494][ T1155] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.347678][ T1155] bridge0: port 1(bridge_slave_0) entered forwarding state
[  102.376499][ T4184] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.383675][ T4184] bridge0: port 2(bridge_slave_1) entered forwarding state
[  102.707923][ T5941] 8021q: adding VLAN 0 to HW filter on device batadv0
[  102.774019][ T5941] veth0_vlan: entered promiscuous mode
[  102.790440][ T5941] veth1_vlan: entered promiscuous mode
[  102.830078][ T5941] veth0_macvtap: entered promiscuous mode
[  102.844153][ T5941] veth1_macvtap: entered promiscuous mode
[  102.874081][ T5941] batman_adv: batadv0: Interface activated: batadv_slave_0
[  102.891881][ T5941] batman_adv: batadv0: Interface activated: batadv_slave_1
[  102.910172][   T35] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  102.932063][   T35] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  102.951912][   T35] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  102.976564][   T35] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  103.034930][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.050510][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.089055][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.096974][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.118609][ T5146] Bluetooth: hci0: command tx timeout
2026/04/01 01:05:52 executed programs: 7
[  106.199607][ T5146] Bluetooth: hci0: command tx timeout
[  108.288582][ T5146] Bluetooth: hci0: command tx timeout
[  108.965123][ T6071] ==================================================================
[  108.973269][ T6071] BUG: KASAN: slab-use-after-free in __sk_msg_recvmsg+0x19b/0xe70
[  108.981135][ T6071] Read of size 8 at addr ffff88807eeac2b0 by task syz.0.31/6071
[  108.988801][ T6071] 
[  108.991187][ T6071] CPU: 0 UID: 0 PID: 6071 Comm: syz.0.31 Not tainted syzkaller #0 PREEMPT(full) 
[  108.991212][ T6071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  108.991232][ T6071] Call Trace:
[  108.991241][ T6071]  <TASK>
[  108.991249][ T6071]  dump_stack_lvl+0xe8/0x150
[  108.991283][ T6071]  print_report+0xba/0x230
[  108.991317][ T6071]  ? __sk_msg_recvmsg+0x19b/0xe70
[  108.991339][ T6071]  kasan_report+0x117/0x150
[  108.991366][ T6071]  ? __sk_msg_recvmsg+0x19b/0xe70
[  108.991393][ T6071]  __sk_msg_recvmsg+0x19b/0xe70
[  108.991419][ T6071]  ? sk_psock_get+0x387/0x440
[  108.991446][ T6071]  ? __pfx_sk_psock_get+0x10/0x10
[  108.991472][ T6071]  ? __page_table_check_zero+0x6a/0x3e0
[  108.991499][ T6071]  udp_bpf_recvmsg+0x196/0xac0
[  108.991530][ T6071]  ? aa_sk_perm+0x6d5/0x900
[  108.991563][ T6071]  ? __pfx_udp_bpf_recvmsg+0x10/0x10
[  108.991592][ T6071]  ? sock_rps_record_flow+0x19/0x350
[  108.991620][ T6071]  ? inet_recvmsg+0x101/0x120
[  108.991645][ T6071]  ? __pfx_inet_recvmsg+0x10/0x10
[  108.991671][ T6071]  sock_recvmsg+0x155/0x1b0
[  108.991693][ T6071]  ____sys_recvmsg+0x1e6/0x4a0
[  108.991726][ T6071]  ? __pfx_____sys_recvmsg+0x10/0x10
[  108.991763][ T6071]  ? import_iovec+0x73/0xa0
[  108.991788][ T6071]  ___sys_recvmsg+0x215/0x590
[  108.991819][ T6071]  ? __pfx____sys_recvmsg+0x10/0x10
[  108.991862][ T6071]  ? __fget_files+0x3a0/0x420
[  108.991900][ T6071]  do_recvmmsg+0x334/0x800
[  108.991931][ T6071]  ? do_raw_spin_lock+0x12b/0x2f0
[  108.991953][ T6071]  ? __pfx_do_recvmmsg+0x10/0x10
[  108.991981][ T6071]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  108.992013][ T6071]  ? lockdep_hardirqs_on+0x7a/0x110
[  108.992048][ T6071]  __x64_sys_recvmmsg+0x198/0x250
[  108.992079][ T6071]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  108.992115][ T6071]  do_syscall_64+0x14d/0xf80
[  108.992144][ T6071]  ? trace_irq_disable+0x3b/0x150
[  108.992162][ T6071]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.992183][ T6071]  ? clear_bhb_loop+0x40/0x90
[  108.992207][ T6071]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.992228][ T6071] RIP: 0033:0x7f4a3579c819
[  108.992254][ T6071] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  108.992271][ T6071] RSP: 002b:00007f4a365f2028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  108.992307][ T6071] RAX: ffffffffffffffda RBX: 00007f4a35a16180 RCX: 00007f4a3579c819
[  108.992323][ T6071] RDX: 0000000000000012 RSI: 0000200000000400 RDI: 0000000000000003
[  108.992337][ T6071] RBP: 00007f4a35832c91 R08: 0000000000000000 R09: 0000000000000000
[  108.992350][ T6071] R10: 0000000040000021 R11: 0000000000000246 R12: 0000000000000000
[  108.992363][ T6071] R13: 00007f4a35a16218 R14: 00007f4a35a16180 R15: 00007ffda3b0e6c8
[  108.992389][ T6071]  </TASK>
[  108.992396][ T6071] 
[  109.266317][ T6071] Allocated by task 6069:
[  109.270684][ T6071]  kasan_save_track+0x3e/0x80
[  109.275396][ T6071]  __kasan_kmalloc+0x93/0xb0
[  109.280072][ T6071]  __kmalloc_cache_noprof+0x31c/0x660
[  109.285584][ T6071]  sk_psock_skb_ingress_self+0x5e/0x370
[  109.291264][ T6071]  sk_psock_verdict_recv+0x7d9/0x8d0
[  109.296611][ T6071]  udp_read_skb+0x5d9/0x6b0
[  109.301259][ T6071]  sk_psock_verdict_data_ready+0x12d/0x590
[  109.307113][ T6071]  __udp_enqueue_schedule_skb+0xc4b/0x12e0
[  109.313059][ T6071]  udp_queue_rcv_one_skb+0x831/0x1230
[  109.318477][ T6071]  __udp4_lib_mcast_deliver+0xad7/0xb70
[  109.324076][ T6071]  udp_rcv+0xcc2/0x24c0
[  109.328321][ T6071]  ip_protocol_deliver_rcu+0x282/0x440
[  109.333830][ T6071]  ip_local_deliver_finish+0x3bb/0x6f0
[  109.339511][ T6071]  NF_HOOK+0x336/0x3c0
[  109.343624][ T6071]  ip_sublist_rcv_finish+0x1f0/0x240
[  109.348976][ T6071]  ip_sublist_rcv+0x5c6/0xa70
[  109.353683][ T6071]  ip_list_rcv+0x3f1/0x450
[  109.358238][ T6071]  __netif_receive_skb_list_core+0x7e5/0x810
[  109.364350][ T6071]  netif_receive_skb_list_internal+0x995/0xcf0
[  109.370555][ T6071]  netif_receive_skb_list+0x55/0x4b0
[  109.375918][ T6071]  bpf_test_run_xdp_live+0x1946/0x1cf0
[  109.381419][ T6071]  bpf_prog_test_run_xdp+0x81c/0x1160
[  109.386845][ T6071]  bpf_prog_test_run+0x2c7/0x340
[  109.391815][ T6071]  __sys_bpf+0x643/0x950
[  109.396102][ T6071]  __x64_sys_bpf+0x7c/0x90
[  109.400565][ T6071]  do_syscall_64+0x14d/0xf80
[  109.405555][ T6071]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.411519][ T6071] 
[  109.413874][ T6071] Freed by task 6070:
[  109.417886][ T6071]  kasan_save_track+0x3e/0x80
[  109.422698][ T6071]  kasan_save_free_info+0x46/0x50
[  109.427775][ T6071]  __kasan_slab_free+0x5c/0x80
[  109.432569][ T6071]  kfree+0x1c1/0x630
[  109.436494][ T6071]  __sk_msg_recvmsg+0xc7e/0xe70
[  109.441473][ T6071]  udp_bpf_recvmsg+0x196/0xac0
[  109.446277][ T6071]  sock_recvmsg+0x155/0x1b0
[  109.450817][ T6071]  ____sys_recvmsg+0x1e6/0x4a0
[  109.455625][ T6071]  ___sys_recvmsg+0x215/0x590
[  109.460352][ T6071]  do_recvmmsg+0x334/0x800
[  109.464812][ T6071]  __x64_sys_recvmmsg+0x198/0x250
[  109.469873][ T6071]  do_syscall_64+0x14d/0xf80
[  109.474513][ T6071]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.480481][ T6071] 
[  109.482835][ T6071] The buggy address belongs to the object at ffff88807eeac000
[  109.482835][ T6071]  which belongs to the cache kmalloc-1k of size 1024
[  109.496918][ T6071] The buggy address is located 688 bytes inside of
[  109.496918][ T6071]  freed 1024-byte region [ffff88807eeac000, ffff88807eeac400)
[  109.510841][ T6071] 
[  109.513195][ T6071] The buggy address belongs to the physical page:
[  109.519639][ T6071] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7eea8
[  109.528441][ T6071] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  109.536976][ T6071] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  109.544565][ T6071] page_type: f5(slab)
[  109.548603][ T6071] raw: 00fff00000000040 ffff88813fea6dc0 dead000000000100 dead000000000122
[  109.557660][ T6071] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
[  109.566284][ T6071] head: 00fff00000000040 ffff88813fea6dc0 dead000000000100 dead000000000122
[  109.574999][ T6071] head: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
[  109.584352][ T6071] head: 00fff00000000003 ffffea0001fbaa01 00000000ffffffff 00000000ffffffff
[  109.593151][ T6071] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  109.601954][ T6071] page dumped because: kasan: bad access detected
[  109.608760][ T6071] page_owner tracks the page as allocated
[  109.614697][ T6071] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 176, tgid 176 (kworker/u8:7), ts 108779589894, free_ts 108254079914
[  109.635588][ T6071]  post_alloc_hook+0x231/0x280
[  109.640502][ T6071]  get_page_from_freelist+0x24dc/0x2580
[  109.646094][ T6071]  __alloc_frozen_pages_noprof+0x18d/0x380
[  109.651939][ T6071]  allocate_slab+0x77/0x660
[  109.656483][ T6071]  refill_objects+0x331/0x3c0
[  109.661638][ T6071]  __pcs_replace_empty_main+0x2e6/0x730
[  109.667228][ T6071]  __kmalloc_noprof+0x474/0x760
[  109.672221][ T6071]  ieee802_11_parse_elems_full+0x159/0x2ab0
[  109.678159][ T6071]  ieee80211_ibss_rx_queued_mgmt+0x4ca/0x2ce0
[  109.684260][ T6071]  ieee80211_iface_work+0x845/0x1380
[  109.689582][ T6071]  cfg80211_wiphy_work+0x2ab/0x4a0
[  109.694776][ T6071]  process_scheduled_works+0xb6e/0x18c0
[  109.700366][ T6071]  worker_thread+0xa53/0xfc0
[  109.705113][ T6071]  kthread+0x388/0x470
[  109.709211][ T6071]  ret_from_fork+0x51e/0xb90
[  109.713878][ T6071]  ret_from_fork_asm+0x1a/0x30
[  109.718687][ T6071] page last free pid 6064 tgid 6061 stack trace:
[  109.725043][ T6071]  __free_frozen_pages+0xc2b/0xdb0
[  109.730190][ T6071]  __slab_free+0x263/0x2b0
[  109.734812][ T6071]  qlist_free_all+0x97/0x100
[  109.739526][ T6071]  kasan_quarantine_reduce+0x148/0x160
[  109.745036][ T6071]  __kasan_slab_alloc+0x22/0x80
[  109.749918][ T6071]  __kmalloc_noprof+0x316/0x760
[  109.755060][ T6071]  iovec_from_user+0x87/0x250
[  109.759768][ T6071]  __import_iovec+0x163/0x7e0
[  109.764593][ T6071]  import_iovec+0x73/0xa0
[  109.768971][ T6071]  ___sys_recvmsg+0x4bd/0x590
[  109.773867][ T6071]  do_recvmmsg+0x334/0x800
[  109.778314][ T6071]  __x64_sys_recvmmsg+0x198/0x250
[  109.783384][ T6071]  do_syscall_64+0x14d/0xf80
[  109.788103][ T6071]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.794015][ T6071] 
[  109.796354][ T6071] Memory state around the buggy address:
[  109.802016][ T6071]  ffff88807eeac180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  109.810110][ T6071]  ffff88807eeac200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  109.818211][ T6071] >ffff88807eeac280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  109.826298][ T6071]                                      ^
[  109.831950][ T6071]  ffff88807eeac300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  109.840203][ T6071]  ffff88807eeac380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  109.848365][ T6071] ==================================================================
[  109.870711][ T6071] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  109.877988][ T6071] CPU: 1 UID: 0 PID: 6071 Comm: syz.0.31 Not tainted syzkaller #0 PREEMPT(full) 
[  109.887132][ T6071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  109.897244][ T6071] Call Trace:
[  109.900561][ T6071]  <TASK>
[  109.903522][ T6071]  vpanic+0x56c/0xa60
[  109.907558][ T6071]  ? __pfx_vpanic+0x10/0x10
[  109.912110][ T6071]  panic+0xc5/0xd0
[  109.915964][ T6071]  ? __pfx_panic+0x10/0x10
[  109.920426][ T6071]  ? preempt_schedule_thunk+0x16/0x30
[  109.925839][ T6071]  ? preempt_schedule_thunk+0x16/0x30
[  109.931266][ T6071]  ? __sk_msg_recvmsg+0x19b/0xe70
[  109.936356][ T6071]  check_panic_on_warn+0x89/0xb0
[  109.941613][ T6071]  ? __sk_msg_recvmsg+0x19b/0xe70
[  109.946677][ T6071]  end_report+0x73/0x180
[  109.950952][ T6071]  ? __sk_msg_recvmsg+0x19b/0xe70
[  109.956032][ T6071]  kasan_report+0x128/0x150
[  109.960594][ T6071]  ? __sk_msg_recvmsg+0x19b/0xe70
[  109.965671][ T6071]  __sk_msg_recvmsg+0x19b/0xe70
[  109.970544][ T6071]  ? sk_psock_get+0x387/0x440
[  109.975246][ T6071]  ? __pfx_sk_psock_get+0x10/0x10
[  109.980303][ T6071]  ? __page_table_check_zero+0x6a/0x3e0
[  109.985915][ T6071]  udp_bpf_recvmsg+0x196/0xac0
[  109.990813][ T6071]  ? aa_sk_perm+0x6d5/0x900
[  109.995370][ T6071]  ? __pfx_udp_bpf_recvmsg+0x10/0x10
[  110.000803][ T6071]  ? sock_rps_record_flow+0x19/0x350
[  110.006140][ T6071]  ? inet_recvmsg+0x101/0x120
[  110.010967][ T6071]  ? __pfx_inet_recvmsg+0x10/0x10
[  110.016039][ T6071]  sock_recvmsg+0x155/0x1b0
[  110.020670][ T6071]  ____sys_recvmsg+0x1e6/0x4a0
[  110.025488][ T6071]  ? __pfx_____sys_recvmsg+0x10/0x10
[  110.030928][ T6071]  ? import_iovec+0x73/0xa0
[  110.035570][ T6071]  ___sys_recvmsg+0x215/0x590
[  110.040306][ T6071]  ? __pfx____sys_recvmsg+0x10/0x10
[  110.045589][ T6071]  ? __fget_files+0x3a0/0x420
[  110.050529][ T6071]  do_recvmmsg+0x334/0x800
[  110.054981][ T6071]  ? do_raw_spin_lock+0x12b/0x2f0
[  110.060034][ T6071]  ? __pfx_do_recvmmsg+0x10/0x10
[  110.064993][ T6071]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  110.070505][ T6071]  ? lockdep_hardirqs_on+0x7a/0x110
[  110.075732][ T6071]  __x64_sys_recvmmsg+0x198/0x250
[  110.081305][ T6071]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  110.086885][ T6071]  do_syscall_64+0x14d/0xf80
[  110.091558][ T6071]  ? trace_irq_disable+0x3b/0x150
[  110.096617][ T6071]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.102708][ T6071]  ? clear_bhb_loop+0x40/0x90
[  110.107410][ T6071]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.113489][ T6071] RIP: 0033:0x7f4a3579c819
[  110.118187][ T6071] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  110.137806][ T6071] RSP: 002b:00007f4a365f2028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  110.146234][ T6071] RAX: ffffffffffffffda RBX: 00007f4a35a16180 RCX: 00007f4a3579c819
[  110.154238][ T6071] RDX: 0000000000000012 RSI: 0000200000000400 RDI: 0000000000000003
[  110.162230][ T6071] RBP: 00007f4a35832c91 R08: 0000000000000000 R09: 0000000000000000
[  110.170222][ T6071] R10: 0000000040000021 R11: 0000000000000246 R12: 0000000000000000
[  110.178214][ T6071] R13: 00007f4a35a16218 R14: 00007f4a35a16180 R15: 00007ffda3b0e6c8
[  110.186503][ T6071]  </TASK>
[  110.190211][ T6071] Kernel Offset: disabled
[  110.194567][ T6071] Rebooting in 86400 seconds..