[   81.959010][    T9] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.1.16' (ED25519) to the list of known hosts.
2025/03/08 18:45:55 parsed 1 programs
2025/03/08 18:45:57 executed programs: 0
[   89.294811][ T6059] cgroup: Unknown subsys name 'cpuset'
[   89.318561][ T6060] cgroup: Unknown subsys name 'cpuset'
[   89.365522][ T6062] cgroup: Unknown subsys name 'cpuset'
[   89.373643][ T6063] cgroup: Unknown subsys name 'cpuset'
[   89.411096][ T6067] cgroup: Unknown subsys name 'cpuset'
[   89.433683][ T6068] cgroup: Unknown subsys name 'cpuset'
[   89.455147][ T6070] cgroup: Unknown subsys name 'cpuset'
[   89.458857][ T6071] cgroup: Unknown subsys name 'cpuset'
[   91.677679][ T6149] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.684827][ T6149] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.717208][ T6149] bridge_slave_0: entered allmulticast mode
[   91.730358][ T6149] bridge_slave_0: entered promiscuous mode
[   91.748074][ T6150] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.755287][ T6150] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.762998][ T6150] bridge_slave_0: entered allmulticast mode
[   91.770923][ T6150] bridge_slave_0: entered promiscuous mode
[   91.807020][ T6153] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.814228][ T6153] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.821568][ T6153] bridge_slave_0: entered allmulticast mode
[   91.829991][ T6153] bridge_slave_0: entered promiscuous mode
[   91.838151][ T6152] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.845278][ T6152] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.867148][ T6152] bridge_slave_0: entered allmulticast mode
[   91.874230][ T6152] bridge_slave_0: entered promiscuous mode
[   91.937693][ T6156] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.944895][ T6156] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.969172][ T6156] bridge_slave_1: entered allmulticast mode
[   91.988367][ T6156] bridge_slave_1: entered promiscuous mode
[   92.017646][ T6157] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.024836][ T6157] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.046613][ T6157] bridge_slave_1: entered allmulticast mode
[   92.053761][ T6157] bridge_slave_1: entered promiscuous mode
[   92.060467][ T6158] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.069843][ T6158] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.087437][ T6158] bridge_slave_0: entered allmulticast mode
[   92.094553][ T6158] bridge_slave_0: entered promiscuous mode
[   92.127088][ T6159] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.134257][ T6159] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.157214][ T6159] bridge_slave_1: entered allmulticast mode
[   92.164255][ T6159] bridge_slave_1: entered promiscuous mode
[   92.179659][ T6160] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.190308][ T6160] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.199247][ T6160] bridge_slave_1: entered allmulticast mode
[   92.226319][ T6160] bridge_slave_1: entered promiscuous mode
[   92.242736][ T6161] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.267027][ T6161] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.274273][ T6161] bridge_slave_0: entered allmulticast mode
[   92.298028][ T6161] bridge_slave_0: entered promiscuous mode
[   92.307786][ T6162] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.314919][ T6162] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.367215][ T6162] bridge_slave_0: entered allmulticast mode
[   92.374281][ T6162] bridge_slave_0: entered promiscuous mode
[   92.442438][ T6168] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.465762][ T6168] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.517107][ T6168] bridge_slave_1: entered allmulticast mode
[   92.546225][ T6168] bridge_slave_1: entered promiscuous mode
[   92.582256][ T6180] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.619202][ T6180] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.626458][ T6180] bridge_slave_1: entered allmulticast mode
[   92.657996][ T6180] bridge_slave_1: entered promiscuous mode
[   92.677797][ T6175] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.684937][ T6175] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.718454][ T6175] bridge_slave_1: entered allmulticast mode
[   92.725593][ T6175] bridge_slave_1: entered promiscuous mode
[   92.745578][ T6183] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.775412][ T6183] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.807188][ T6183] bridge_slave_0: entered allmulticast mode
[   92.814312][ T6183] bridge_slave_0: entered promiscuous mode
[   93.109404][ T6201] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.116555][ T6201] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.174812][ T6201] bridge_slave_1: entered allmulticast mode
[   93.184259][ T6201] bridge_slave_1: entered promiscuous mode
[   93.538102][ T6220] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   93.599405][ T6222] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   93.641300][ T6223] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   93.794691][ T6231] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   93.830462][ T6230] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   93.859395][ T6232] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   93.949555][ T6233] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.046036][ T6237] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.096682][ T6238] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.138842][ T6241] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.204783][ T6243] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.281555][ T6250] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.326325][ T6253] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.509604][ T6257] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.687688][ T6267] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.978735][ T6282] team0: Port device team_slave_0 added
[   94.986554][ T6281] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   95.271184][ T6296] team0: Port device team_slave_1 added
[   95.526729][ T6305] team0: Port device team_slave_0 added
[   95.750229][ T6313] team0: Port device team_slave_0 added
[   95.782138][ T6315] team0: Port device team_slave_0 added
[   95.800391][ T6317] team0: Port device team_slave_1 added
[   95.809598][ T6319] team0: Port device team_slave_0 added
[   95.984602][ T6327] team0: Port device team_slave_1 added
[   96.041402][ T6325] team0: Port device team_slave_0 added
[   96.077596][ T6326] team0: Port device team_slave_1 added
[   96.106028][ T6331] team0: Port device team_slave_0 added
[   96.143950][ T6329] team0: Port device team_slave_1 added
[   96.333845][ T6336] team0: Port device team_slave_1 added
[   96.389675][ T6339] team0: Port device team_slave_1 added
[   96.527445][ T6348] team0: Port device team_slave_0 added
[   96.768129][ T6359] team0: Port device team_slave_1 added
[  108.840960][ T6826] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.069336][ T6828] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.095896][ T6831] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.543761][ T6849] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.598534][ T6851] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.727883][ T6853] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.778276][ T6857] 8021q: adding VLAN 0 to HW filter on device bond0
[  110.425622][ T6879] 8021q: adding VLAN 0 to HW filter on device bond0
[  111.569365][ T6924] 8021q: adding VLAN 0 to HW filter on device team0
[  111.728925][ T6926] 8021q: adding VLAN 0 to HW filter on device team0
[  111.831281][ T6931] 8021q: adding VLAN 0 to HW filter on device team0
[  112.297482][ T6948] 8021q: adding VLAN 0 to HW filter on device team0
[  112.334397][ T6954] 8021q: adding VLAN 0 to HW filter on device team0
[  112.387568][ T6950] 8021q: adding VLAN 0 to HW filter on device team0
[  112.438177][ T6957] 8021q: adding VLAN 0 to HW filter on device team0
[  113.030176][ T6986] 8021q: adding VLAN 0 to HW filter on device team0
[  121.739360][ T7488] FAULT_INJECTION: forcing a failure.
[  121.739360][ T7488] name failslab, interval 1, probability 0, space 0, times 1
[  121.789431][ T7488] CPU: 0 UID: 0 PID: 7488 Comm: syz-executor Not tainted 6.14.0-rc5-syzkaller-g2e51e0ac575c #0
[  121.789459][ T7488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  121.789473][ T7488] Call Trace:
[  121.789479][ T7488]  <TASK>
[  121.789486][ T7488]  dump_stack_lvl+0x241/0x360
[  121.789535][ T7488]  ? __pfx_dump_stack_lvl+0x10/0x10
[  121.789554][ T7488]  ? __pfx__printk+0x10/0x10
[  121.789572][ T7488]  ? __kmalloc_cache_noprof+0x48/0x390
[  121.789595][ T7488]  ? __pfx___might_resched+0x10/0x10
[  121.789613][ T7488]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.789639][ T7488]  should_fail_ex+0x40a/0x550
[  121.789671][ T7488]  should_failslab+0xac/0x100
[  121.789693][ T7488]  __kmalloc_cache_noprof+0x70/0x390
[  121.789712][ T7488]  ? dccp_feat_entry_new+0x173/0x3a0
[  121.789737][ T7488]  dccp_feat_entry_new+0x173/0x3a0
[  121.789758][ T7488]  dccp_feat_parse_options+0xeab/0x2b60
[  121.789782][ T7488]  ? __pfx_dccp_feat_parse_options+0x10/0x10
[  121.789796][ T7488]  ? __kmalloc_cache_noprof+0x243/0x390
[  121.789814][ T7488]  ? dccp_ackvec_parsed_add+0x5c/0x1d0
[  121.789845][ T7488]  dccp_parse_options+0x13bd/0x2670
[  121.789882][ T7488]  dccp_rcv_established+0x55/0x320
[  121.789903][ T7488]  dccp_v4_do_rcv+0xff/0x1f0
[  121.789924][ T7488]  ? __pfx_dccp_v4_do_rcv+0x10/0x10
[  121.789941][ T7488]  __release_sock+0x243/0x350
[  121.789968][ T7488]  release_sock+0x61/0x1f0
[  121.789992][ T7488]  dccp_sendmsg+0x4f0/0xb90
[  121.790020][ T7488]  ? __pfx_dccp_sendmsg+0x10/0x10
[  121.790039][ T7488]  ? sock_rps_record_flow+0x1a/0x400
[  121.790061][ T7488]  ? inet_sendmsg+0x330/0x390
[  121.790084][ T7488]  __sock_sendmsg+0x1a6/0x270
[  121.790105][ T7488]  ____sys_sendmsg+0x53a/0x860
[  121.790126][ T7488]  ? __pfx_____sys_sendmsg+0x10/0x10
[  121.790139][ T7488]  ? __fget_files+0x2a/0x410
[  121.790163][ T7488]  ? __sys_sendmmsg+0x392/0x720
[  121.790178][ T7488]  ? __might_fault+0xaa/0x120
[  121.790260][ T7488]  __sys_sendmmsg+0x36a/0x720
[  121.790288][ T7488]  ? __pfx___sys_sendmmsg+0x10/0x10
[  121.790315][ T7488]  ? __pfx_lock_release+0x10/0x10
[  121.790335][ T7488]  ? kstrtouint_from_user+0x128/0x190
[  121.790369][ T7488]  ? ksys_write+0x22a/0x2b0
[  121.790385][ T7488]  ? __pfx_lock_release+0x10/0x10
[  121.790415][ T7488]  ? sb_end_write+0xe9/0x1c0
[  121.790436][ T7488]  ? vfs_write+0x7fa/0xd10
[  121.790454][ T7488]  ? __mutex_unlock_slowpath+0x227/0x800
[  121.790497][ T7488]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  121.790521][ T7488]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  121.790544][ T7488]  ? do_syscall_64+0x100/0x230
[  121.790570][ T7488]  __x64_sys_sendmmsg+0xa0/0xb0
[  121.790588][ T7488]  do_syscall_64+0xf3/0x230
[  121.790610][ T7488]  ? clear_bhb_loop+0x35/0x90
[  121.790633][ T7488]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.790660][ T7488] RIP: 0033:0x44db49
[  121.790679][ T7488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b4 ff ff ff f7 d8 64 89 01 48
[  121.790692][ T7488] RSP: 002b:00007fccbcb2e0f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  121.790711][ T7488] RAX: ffffffffffffffda RBX: 000000000050bea0 RCX: 000000000044db49
[  121.790722][ T7488] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005
[  121.790733][ T7488] RBP: 000000000000057a R08: 0000000000000000 R09: 0000000000000000
[  121.790742][ T7488] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fccbcb2e674
[  121.790752][ T7488] R13: 00000000004d5100 R14: 0000000000000000 R15: 0000000000000000
[  121.790778][ T7488]  </TASK>
[  121.793801][ T7488] dccp_parse_options: DCCP(ffff88807012b700): Option 32 (len=7) error=9
[  122.196135][ T7488] ==================================================================
[  122.204249][ T7488] BUG: KASAN: slab-use-after-free in ccid2_hc_tx_packet_recv+0x1902/0x2070
[  122.212887][ T7488] Read of size 1 at addr ffff888028057494 by task syz-executor/7488
[  122.220885][ T7488] 
[  122.223237][ T7488] CPU: 0 UID: 0 PID: 7488 Comm: syz-executor Not tainted 6.14.0-rc5-syzkaller-g2e51e0ac575c #0
[  122.223257][ T7488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  122.223267][ T7488] Call Trace:
[  122.223274][ T7488]  <TASK>
[  122.223280][ T7488]  dump_stack_lvl+0x241/0x360
[  122.223303][ T7488]  ? __pfx_dump_stack_lvl+0x10/0x10
[  122.223327][ T7488]  ? __pfx__printk+0x10/0x10
[  122.223341][ T7488]  ? _printk+0xd5/0x120
[  122.223356][ T7488]  ? __virt_addr_valid+0x183/0x530
[  122.223372][ T7488]  ? __virt_addr_valid+0x183/0x530
[  122.223387][ T7488]  print_report+0x16e/0x5b0
[  122.223406][ T7488]  ? __virt_addr_valid+0x183/0x530
[  122.223420][ T7488]  ? __virt_addr_valid+0x183/0x530
[  122.223434][ T7488]  ? __virt_addr_valid+0x45f/0x530
[  122.223448][ T7488]  ? __phys_addr+0xba/0x170
[  122.223463][ T7488]  ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[  122.223486][ T7488]  kasan_report+0x143/0x180
[  122.223505][ T7488]  ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[  122.223530][ T7488]  ccid2_hc_tx_packet_recv+0x1902/0x2070
[  122.223561][ T7488]  ? dccp_ackvec_input+0x1d5/0xf70
[  122.223584][ T7488]  ? ccid2_hc_rx_packet_recv+0x12e/0x1c0
[  122.223605][ T7488]  ? __pfx_ccid2_hc_tx_packet_recv+0x10/0x10
[  122.223627][ T7488]  dccp_rcv_established+0x295/0x320
[  122.223645][ T7488]  dccp_v4_do_rcv+0xff/0x1f0
[  122.223663][ T7488]  ? __pfx_dccp_v4_do_rcv+0x10/0x10
[  122.223678][ T7488]  __release_sock+0x243/0x350
[  122.223699][ T7488]  release_sock+0x61/0x1f0
[  122.223720][ T7488]  dccp_sendmsg+0x4f0/0xb90
[  122.223742][ T7488]  ? __pfx_dccp_sendmsg+0x10/0x10
[  122.223761][ T7488]  ? sock_rps_record_flow+0x1a/0x400
[  122.223783][ T7488]  ? inet_sendmsg+0x330/0x390
[  122.223804][ T7488]  __sock_sendmsg+0x1a6/0x270
[  122.223822][ T7488]  ____sys_sendmsg+0x53a/0x860
[  122.223840][ T7488]  ? __pfx_____sys_sendmsg+0x10/0x10
[  122.223855][ T7488]  ? __fget_files+0x2a/0x410
[  122.223876][ T7488]  ? __sys_sendmmsg+0x392/0x720
[  122.223890][ T7488]  ? __might_fault+0xaa/0x120
[  122.223907][ T7488]  __sys_sendmmsg+0x36a/0x720
[  122.223926][ T7488]  ? __pfx___sys_sendmmsg+0x10/0x10
[  122.223945][ T7488]  ? __pfx_lock_release+0x10/0x10
[  122.223966][ T7488]  ? kstrtouint_from_user+0x128/0x190
[  122.223991][ T7488]  ? ksys_write+0x22a/0x2b0
[  122.224005][ T7488]  ? __pfx_lock_release+0x10/0x10
[  122.224025][ T7488]  ? sb_end_write+0xe9/0x1c0
[  122.224044][ T7488]  ? vfs_write+0x7fa/0xd10
[  122.224059][ T7488]  ? __mutex_unlock_slowpath+0x227/0x800
[  122.224089][ T7488]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  122.224110][ T7488]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  122.224129][ T7488]  ? do_syscall_64+0x100/0x230
[  122.224148][ T7488]  __x64_sys_sendmmsg+0xa0/0xb0
[  122.224165][ T7488]  do_syscall_64+0xf3/0x230
[  122.224186][ T7488]  ? clear_bhb_loop+0x35/0x90
[  122.224207][ T7488]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.224226][ T7488] RIP: 0033:0x44db49
[  122.224238][ T7488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b4 ff ff ff f7 d8 64 89 01 48
[  122.224250][ T7488] RSP: 002b:00007fccbcb2e0f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  122.224265][ T7488] RAX: ffffffffffffffda RBX: 000000000050bea0 RCX: 000000000044db49
[  122.224276][ T7488] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005
[  122.224286][ T7488] RBP: 000000000000057a R08: 0000000000000000 R09: 0000000000000000
[  122.224295][ T7488] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fccbcb2e674
[  122.224304][ T7488] R13: 00000000004d5100 R14: 0000000000000000 R15: 0000000000000000
[  122.224325][ T7488]  </TASK>
[  122.224331][ T7488] 
[  122.573986][ T7488] Allocated by task 7488:
[  122.578300][ T7488]  kasan_save_track+0x3f/0x80
[  122.582989][ T7488]  __kasan_kmalloc+0x98/0xb0
[  122.587586][ T7488]  __kmalloc_node_track_caller_noprof+0x28b/0x4c0
[  122.594004][ T7488]  kmalloc_reserve+0x111/0x2a0
[  122.598767][ T7488]  __alloc_skb+0x1f3/0x440
[  122.603177][ T7488]  dccp_send_ack+0xaa/0x310
[  122.607667][ T7488]  ccid2_hc_rx_packet_recv+0x10c/0x1c0
[  122.613128][ T7488]  dccp_rcv_established+0x1bb/0x320
[  122.618316][ T7488]  dccp_v4_do_rcv+0xff/0x1f0
[  122.622893][ T7488]  __sk_receive_skb+0x82b/0x8b0
[  122.627731][ T7488]  ip_protocol_deliver_rcu+0x2e9/0x440
[  122.633173][ T7488]  ip_local_deliver_finish+0x341/0x5f0
[  122.638618][ T7488]  NF_HOOK+0x3a4/0x450
[  122.642671][ T7488]  NF_HOOK+0x3a4/0x450
[  122.646723][ T7488]  __netif_receive_skb+0x2bf/0x650
[  122.651821][ T7488]  process_backlog+0x662/0x15b0
[  122.656659][ T7488]  __napi_poll+0xcb/0x490
[  122.660978][ T7488]  net_rx_action+0x89b/0x1240
[  122.665644][ T7488]  handle_softirqs+0x2d4/0x9b0
[  122.670403][ T7488]  do_softirq+0x11b/0x1e0
[  122.674721][ T7488]  __local_bh_enable_ip+0x1bb/0x200
[  122.679911][ T7488]  __dev_queue_xmit+0x1775/0x3f50
[  122.684919][ T7488]  ip_finish_output2+0xcd3/0x12e0
[  122.690028][ T7488]  __ip_queue_xmit+0x103f/0x1960
[  122.694951][ T7488]  dccp_transmit_skb+0xf37/0x16d0
[  122.699975][ T7488]  dccp_xmit_packet+0x376/0x610
[  122.704810][ T7488]  dccp_write_xmit+0x138/0x220
[  122.709566][ T7488]  dccp_sendmsg+0x76f/0xb90
[  122.714055][ T7488]  __sock_sendmsg+0x1a6/0x270
[  122.718719][ T7488]  ____sys_sendmsg+0x53a/0x860
[  122.723476][ T7488]  __sys_sendmmsg+0x36a/0x720
[  122.728139][ T7488]  __x64_sys_sendmmsg+0xa0/0xb0
[  122.732984][ T7488]  do_syscall_64+0xf3/0x230
[  122.737482][ T7488]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.743365][ T7488] 
[  122.745675][ T7488] Freed by task 7488:
[  122.749642][ T7488]  kasan_save_track+0x3f/0x80
[  122.754311][ T7488]  kasan_save_free_info+0x40/0x50
[  122.759328][ T7488]  __kasan_slab_free+0x59/0x70
[  122.764081][ T7488]  kfree+0x196/0x430
[  122.767967][ T7488]  skb_release_data+0x6a0/0x8a0
[  122.772802][ T7488]  sk_skb_reason_drop+0x1c9/0x380
[  122.777814][ T7488]  dccp_v4_do_rcv+0x145/0x1f0
[  122.782639][ T7488]  __release_sock+0x243/0x350
[  122.787303][ T7488]  release_sock+0x61/0x1f0
[  122.791882][ T7488]  dccp_sendmsg+0x4f0/0xb90
[  122.796377][ T7488]  __sock_sendmsg+0x1a6/0x270
[  122.801118][ T7488]  ____sys_sendmsg+0x53a/0x860
[  122.805927][ T7488]  __sys_sendmmsg+0x36a/0x720
[  122.810612][ T7488]  __x64_sys_sendmmsg+0xa0/0xb0
[  122.815454][ T7488]  do_syscall_64+0xf3/0x230
[  122.819950][ T7488]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.825852][ T7488] 
[  122.828189][ T7488] The buggy address belongs to the object at ffff888028057000
[  122.828189][ T7488]  which belongs to the cache kmalloc-2k of size 2048
[  122.842320][ T7488] The buggy address is located 1172 bytes inside of
[  122.842320][ T7488]  freed 2048-byte region [ffff888028057000, ffff888028057800)
[  122.856275][ T7488] 
[  122.858584][ T7488] The buggy address belongs to the physical page:
[  122.864975][ T7488] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28050
[  122.873863][ T7488] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  122.882351][ T7488] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  122.890324][ T7488] page_type: f5(slab)
[  122.894391][ T7488] raw: 00fff00000000040 ffff88801b042000 0000000000000000 dead000000000001
[  122.902980][ T7488] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  122.911565][ T7488] head: 00fff00000000040 ffff88801b042000 0000000000000000 dead000000000001
[  122.920226][ T7488] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  122.928878][ T7488] head: 00fff00000000003 ffffea0000a01401 ffffffffffffffff 0000000000000000
[  122.937537][ T7488] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  122.946186][ T7488] page dumped because: kasan: bad access detected
[  122.952607][ T7488] page_owner tracks the page as allocated
[  122.958312][ T7488] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 7738582170, free_ts 0
[  122.978024][ T7488]  post_alloc_hook+0x1f4/0x240
[  122.982913][ T7488]  get_page_from_freelist+0x365c/0x37a0
[  122.988563][ T7488]  __alloc_frozen_pages_noprof+0x292/0x710
[  122.994360][ T7488]  alloc_pages_mpol+0x311/0x660
[  122.999200][ T7488]  allocate_slab+0x8f/0x3a0
[  123.003687][ T7488]  ___slab_alloc+0xc27/0x14a0
[  123.008357][ T7488]  __slab_alloc+0x58/0xa0
[  123.012768][ T7488]  __kmalloc_noprof+0x2e6/0x4c0
[  123.017727][ T7488]  rfkill_alloc+0xb0/0x2e0
[  123.022132][ T7488]  wiphy_new_nm+0x1084/0x19a0
[  123.027146][ T7488]  virt_wifi_init_module+0x68/0x3c0
[  123.032349][ T7488]  do_one_initcall+0x248/0x930
[  123.037119][ T7488]  do_initcall_level+0x157/0x210
[  123.042045][ T7488]  do_initcalls+0x71/0xd0
[  123.046359][ T7488]  kernel_init_freeable+0x435/0x5d0
[  123.051543][ T7488]  kernel_init+0x1d/0x2b0
[  123.055876][ T7488] page_owner free stack trace missing
[  123.061230][ T7488] 
[  123.063538][ T7488] Memory state around the buggy address:
[  123.069155][ T7488]  ffff888028057380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  123.077804][ T7488]  ffff888028057400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  123.085942][ T7488] >ffff888028057480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  123.093981][ T7488]                          ^
[  123.098553][ T7488]  ffff888028057500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  123.106593][ T7488]  ffff888028057580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  123.114633][ T7488] ==================================================================
[  123.226349][ T7517] FAULT_INJECTION: forcing a failure.
[  123.226349][ T7517] name failslab, interval 1, probability 0, space 0, times 0
[  123.228623][ T7518] FAULT_INJECTION: forcing a failure.
[  123.228623][ T7518] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  123.257028][ T7488] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  123.264262][ T7488] CPU: 1 UID: 0 PID: 7488 Comm: syz-executor Not tainted 6.14.0-rc5-syzkaller-g2e51e0ac575c #0
[  123.274600][ T7488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  123.284774][ T7488] Call Trace:
[  123.288072][ T7488]  <TASK>
[  123.291025][ T7488]  dump_stack_lvl+0x241/0x360
[  123.295818][ T7488]  ? __pfx_dump_stack_lvl+0x10/0x10
[  123.301157][ T7488]  ? __pfx__printk+0x10/0x10
[  123.305768][ T7488]  ? preempt_schedule+0xe1/0xf0
[  123.310652][ T7488]  ? vscnprintf+0x5d/0x90
[  123.315015][ T7488]  panic+0x349/0x880
[  123.319109][ T7488]  ? check_panic_on_warn+0x21/0xb0
[  123.324247][ T7488]  ? __pfx_panic+0x10/0x10
[  123.328778][ T7488]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  123.334783][ T7488]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  123.341171][ T7488]  ? print_report+0x519/0x5b0
[  123.345897][ T7488]  check_panic_on_warn+0x86/0xb0
[  123.350863][ T7488]  ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[  123.356746][ T7488]  end_report+0x77/0x160
[  123.361019][ T7488]  kasan_report+0x154/0x180
[  123.365542][ T7488]  ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[  123.371441][ T7488]  ccid2_hc_tx_packet_recv+0x1902/0x2070
[  123.377088][ T7488]  ? dccp_ackvec_input+0x1d5/0xf70
[  123.382238][ T7488]  ? ccid2_hc_rx_packet_recv+0x12e/0x1c0
[  123.387937][ T7488]  ? __pfx_ccid2_hc_tx_packet_recv+0x10/0x10
[  123.393933][ T7488]  dccp_rcv_established+0x295/0x320
[  123.399178][ T7488]  dccp_v4_do_rcv+0xff/0x1f0
[  123.403760][ T7488]  ? __pfx_dccp_v4_do_rcv+0x10/0x10
[  123.409052][ T7488]  __release_sock+0x243/0x350
[  123.413730][ T7488]  release_sock+0x61/0x1f0
[  123.418162][ T7488]  dccp_sendmsg+0x4f0/0xb90
[  123.422683][ T7488]  ? __pfx_dccp_sendmsg+0x10/0x10
[  123.427699][ T7488]  ? sock_rps_record_flow+0x1a/0x400
[  123.432982][ T7488]  ? inet_sendmsg+0x330/0x390
[  123.437651][ T7488]  __sock_sendmsg+0x1a6/0x270
[  123.442321][ T7488]  ____sys_sendmsg+0x53a/0x860
[  123.447096][ T7488]  ? __pfx_____sys_sendmsg+0x10/0x10
[  123.452395][ T7488]  ? __fget_files+0x2a/0x410
[  123.457003][ T7488]  ? __sys_sendmmsg+0x392/0x720
[  123.461953][ T7488]  ? __might_fault+0xaa/0x120
[  123.466977][ T7488]  __sys_sendmmsg+0x36a/0x720
[  123.471661][ T7488]  ? __pfx___sys_sendmmsg+0x10/0x10
[  123.476852][ T7488]  ? __pfx_lock_release+0x10/0x10
[  123.481877][ T7488]  ? kstrtouint_from_user+0x128/0x190
[  123.487251][ T7488]  ? ksys_write+0x22a/0x2b0
[  123.491747][ T7488]  ? __pfx_lock_release+0x10/0x10
[  123.496772][ T7488]  ? sb_end_write+0xe9/0x1c0
[  123.501352][ T7488]  ? vfs_write+0x7fa/0xd10
[  123.505754][ T7488]  ? __mutex_unlock_slowpath+0x227/0x800
[  123.511389][ T7488]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  123.517364][ T7488]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  123.523683][ T7488]  ? do_syscall_64+0x100/0x230
[  123.528443][ T7488]  __x64_sys_sendmmsg+0xa0/0xb0
[  123.533303][ T7488]  do_syscall_64+0xf3/0x230
[  123.537861][ T7488]  ? clear_bhb_loop+0x35/0x90
[  123.542543][ T7488]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.548455][ T7488] RIP: 0033:0x44db49
[  123.552337][ T7488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b4 ff ff ff f7 d8 64 89 01 48
[  123.571940][ T7488] RSP: 002b:00007fccbcb2e0f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  123.580446][ T7488] RAX: ffffffffffffffda RBX: 000000000050bea0 RCX: 000000000044db49
[  123.588426][ T7488] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005
[  123.596422][ T7488] RBP: 000000000000057a R08: 0000000000000000 R09: 0000000000000000
[  123.604587][ T7488] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fccbcb2e674
[  123.612566][ T7488] R13: 00000000004d5100 R14: 0000000000000000 R15: 0000000000000000
[  123.620716][ T7488]  </TASK>
[  123.624062][ T7488] Kernel Offset: disabled
[  123.628373][ T7488] Rebooting in 86400 seconds..