Warning: Permanently added '10.128.10.46' (ED25519) to the list of known hosts.
2025/03/08 19:15:40 ignoring optional flag "sandboxArg"="0"
2025/03/08 19:15:40 ignoring optional flag "type"="gce"
2025/03/08 19:15:41 parsed 1 programs
[   98.973391][ T6273] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  101.689922][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  101.699235][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  101.709709][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  101.718320][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  101.729063][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  101.747041][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  103.126149][ T6345] chnl_net:caif_netlink_parms(): no params data found
[  103.169834][ T6345] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.177118][ T6345] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.184294][ T6345] bridge_slave_0: entered allmulticast mode
[  103.191264][ T6345] bridge_slave_0: entered promiscuous mode
[  103.199365][ T6345] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.206525][ T6345] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.213850][ T6345] bridge_slave_1: entered allmulticast mode
[  103.221927][ T6345] bridge_slave_1: entered promiscuous mode
[  103.248720][ T6345] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.260600][ T6345] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.284297][ T6345] team0: Port device team_slave_0 added
[  103.291537][ T6345] team0: Port device team_slave_1 added
[  103.310191][ T6345] batman_adv: batadv0: Adding interface: batadv_slave_0
[  103.317643][ T6345] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.343992][ T6345] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  103.374519][ T6345] batman_adv: batadv0: Adding interface: batadv_slave_1
[  103.381652][ T6345] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.407712][ T6345] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  103.443675][ T6345] hsr_slave_0: entered promiscuous mode
[  103.450745][ T6345] hsr_slave_1: entered promiscuous mode
[  103.936123][ T6345] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  103.947866][ T6345] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  103.960082][ T6345] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  103.970027][ T6345] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  104.033995][ T6345] 8021q: adding VLAN 0 to HW filter on device bond0
[  104.051004][ T6345] 8021q: adding VLAN 0 to HW filter on device team0
[  104.069072][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.076181][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  104.086579][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.093754][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  104.133308][ T6345] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  104.280870][ T6345] 8021q: adding VLAN 0 to HW filter on device batadv0
[  104.325384][ T6345] veth0_vlan: entered promiscuous mode
[  104.342591][ T6345] veth1_vlan: entered promiscuous mode
[  104.381070][ T6345] veth0_macvtap: entered promiscuous mode
[  104.390439][ T6345] veth1_macvtap: entered promiscuous mode
[  104.413349][ T6345] batman_adv: batadv0: Interface activated: batadv_slave_0
[  104.434439][ T6345] batman_adv: batadv0: Interface activated: batadv_slave_1
[  104.450211][ T6345] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  104.461666][ T6345] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  104.470896][ T6345] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  104.481669][ T6345] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  104.643017][   T63] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.713062][   T63] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.793628][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.814769][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.823719][   T63] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.873057][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.883439][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.938587][   T63] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/03/08 19:15:51 executed programs: 0
[  105.513327][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  105.524591][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  105.533396][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  105.549060][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  105.558853][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  105.566247][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  105.746245][ T6458] chnl_net:caif_netlink_parms(): no params data found
[  105.834288][ T6458] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.844699][ T6458] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.853288][ T6458] bridge_slave_0: entered allmulticast mode
[  105.863992][ T6458] bridge_slave_0: entered promiscuous mode
[  105.875603][ T6458] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.885508][ T6458] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.893572][ T6458] bridge_slave_1: entered allmulticast mode
[  105.903511][ T6458] bridge_slave_1: entered promiscuous mode
[  105.940106][ T6458] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  105.954605][ T6458] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  105.992263][ T6458] team0: Port device team_slave_0 added
[  106.002708][ T6458] team0: Port device team_slave_1 added
[  106.036084][ T6458] batman_adv: batadv0: Adding interface: batadv_slave_0
[  106.045527][ T6458] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  106.075366][ T6458] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  106.092123][ T6458] batman_adv: batadv0: Adding interface: batadv_slave_1
[  106.099922][ T6458] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  106.129075][ T6458] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  106.176357][ T6458] hsr_slave_0: entered promiscuous mode
[  106.184042][ T6458] hsr_slave_1: entered promiscuous mode
[  106.191007][ T6458] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  106.202189][ T6458] Cannot create hsr debugfs directory
[  107.470034][   T63] bridge_slave_1: left allmulticast mode
[  107.475763][   T63] bridge_slave_1: left promiscuous mode
[  107.485460][   T63] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.497927][   T63] bridge_slave_0: left allmulticast mode
[  107.503623][   T63] bridge_slave_0: left promiscuous mode
[  107.511047][   T63] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.617714][   T54] Bluetooth: hci0: command tx timeout
[  107.819711][   T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  107.830908][   T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  107.844238][   T63] bond0 (unregistering): Released all slaves
[  107.945651][   T63] hsr_slave_0: left promiscuous mode
[  107.952797][   T63] hsr_slave_1: left promiscuous mode
[  107.959263][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  107.969312][   T63] batman_adv: batadv0: Removing interface: batadv_slave_0
[  107.977560][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  107.985045][   T63] batman_adv: batadv0: Removing interface: batadv_slave_1
[  108.004749][   T63] veth1_macvtap: left promiscuous mode
[  108.010891][   T63] veth0_macvtap: left promiscuous mode
[  108.016603][   T63] veth1_vlan: left promiscuous mode
[  108.024722][   T63] veth0_vlan: left promiscuous mode
[  108.434386][   T63] team0 (unregistering): Port device team_slave_1 removed
[  108.464109][   T63] team0 (unregistering): Port device team_slave_0 removed
[  109.026420][ T6458] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  109.047728][ T6458] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  109.066164][ T6458] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  109.083139][ T6458] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  109.320013][ T6458] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.356198][ T6458] 8021q: adding VLAN 0 to HW filter on device team0
[  109.429866][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.437087][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  109.456726][ T1127] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.463875][ T1127] bridge0: port 2(bridge_slave_1) entered forwarding state
[  109.697003][   T54] Bluetooth: hci0: command tx timeout
[  109.747970][ T6458] 8021q: adding VLAN 0 to HW filter on device batadv0
[  109.803821][ T6458] veth0_vlan: entered promiscuous mode
[  109.819674][ T6458] veth1_vlan: entered promiscuous mode
[  109.853216][ T6458] veth0_macvtap: entered promiscuous mode
[  109.863740][ T6458] veth1_macvtap: entered promiscuous mode
[  109.885157][ T6458] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.902445][ T6458] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.917905][ T6458] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  109.929332][ T6458] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  109.939994][ T6458] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  109.950334][ T6458] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  110.022793][ T1127] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.034933][ T1127] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.063420][ T1127] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.075223][ T1127] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.184584][ T6675] FAULT_INJECTION: forcing a failure.
[  110.184584][ T6675] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  110.200170][ T6675] CPU: 1 UID: 0 PID: 6675 Comm: syz.0.15 Not tainted 6.14.0-rc5-syzkaller-g2e51e0ac575c #0
[  110.200194][ T6675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  110.200208][ T6675] Call Trace:
[  110.200214][ T6675]  <TASK>
[  110.200221][ T6675]  dump_stack_lvl+0x241/0x360
[  110.200253][ T6675]  ? __pfx_dump_stack_lvl+0x10/0x10
[  110.200271][ T6675]  ? __pfx__printk+0x10/0x10
[  110.200289][ T6675]  ? __pfx_lock_release+0x10/0x10
[  110.200324][ T6675]  should_fail_ex+0x40a/0x550
[  110.200348][ T6675]  _copy_from_user+0x2d/0xb0
[  110.200367][ T6675]  copy_msghdr_from_user+0xae/0x680
[  110.200386][ T6675]  ? __pfx___might_resched+0x10/0x10
[  110.200409][ T6675]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  110.200427][ T6675]  ? __fget_files+0x2a/0x410
[  110.200453][ T6675]  ? __sys_sendmmsg+0x392/0x720
[  110.200470][ T6675]  ? __might_fault+0xaa/0x120
[  110.200488][ T6675]  __sys_sendmmsg+0x32b/0x720
[  110.200515][ T6675]  ? __pfx___sys_sendmmsg+0x10/0x10
[  110.200542][ T6675]  ? __pfx_lock_release+0x10/0x10
[  110.200562][ T6675]  ? kstrtouint_from_user+0x128/0x190
[  110.200601][ T6675]  ? ksys_write+0x22a/0x2b0
[  110.200618][ T6675]  ? __pfx_lock_release+0x10/0x10
[  110.200645][ T6675]  ? sb_end_write+0xe9/0x1c0
[  110.200672][ T6675]  ? vfs_write+0x7fa/0xd10
[  110.200690][ T6675]  ? __mutex_unlock_slowpath+0x227/0x800
[  110.200735][ T6675]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  110.200760][ T6675]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  110.200783][ T6675]  ? do_syscall_64+0x100/0x230
[  110.200807][ T6675]  __x64_sys_sendmmsg+0xa0/0xb0
[  110.200825][ T6675]  do_syscall_64+0xf3/0x230
[  110.200846][ T6675]  ? clear_bhb_loop+0x35/0x90
[  110.200870][ T6675]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.200894][ T6675] RIP: 0033:0x7f5c08775bd9
[  110.200911][ T6675] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  110.200923][ T6675] RSP: 002b:00007f5c095cf048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  110.200941][ T6675] RAX: ffffffffffffffda RBX: 00007f5c08903f60 RCX: 00007f5c08775bd9
[  110.200952][ T6675] RDX: 0000000000000500 RSI: 00000000200001c0 RDI: 0000000000000005
[  110.200961][ T6675] RBP: 00007f5c095cf0a0 R08: 0000000000000000 R09: 0000000000000000
[  110.200970][ T6675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  110.200979][ T6675] R13: 000000000000000b R14: 00007f5c08903f60 R15: 00007ffc5cfa8758
[  110.201001][ T6675]  </TASK>
2025/03/08 19:15:56 executed programs: 3
[  110.524889][ T6691] FAULT_INJECTION: forcing a failure.
[  110.524889][ T6691] name failslab, interval 1, probability 0, space 0, times 1
[  110.539253][ T6691] CPU: 0 UID: 0 PID: 6691 Comm: syz.0.16 Not tainted 6.14.0-rc5-syzkaller-g2e51e0ac575c #0
[  110.539276][ T6691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  110.539286][ T6691] Call Trace:
[  110.539292][ T6691]  <TASK>
[  110.539299][ T6691]  dump_stack_lvl+0x241/0x360
[  110.539325][ T6691]  ? __pfx_dump_stack_lvl+0x10/0x10
[  110.539343][ T6691]  ? __pfx__printk+0x10/0x10
[  110.539362][ T6691]  ? __kmalloc_cache_noprof+0x48/0x390
[  110.539385][ T6691]  ? __pfx___might_resched+0x10/0x10
[  110.539403][ T6691]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.539429][ T6691]  should_fail_ex+0x40a/0x550
[  110.539456][ T6691]  should_failslab+0xac/0x100
[  110.539488][ T6691]  __kmalloc_cache_noprof+0x70/0x390
[  110.539507][ T6691]  ? dccp_feat_entry_new+0x173/0x3a0
[  110.539529][ T6691]  dccp_feat_entry_new+0x173/0x3a0
[  110.539551][ T6691]  dccp_feat_parse_options+0xeab/0x2b60
[  110.539576][ T6691]  ? __pfx_dccp_feat_parse_options+0x10/0x10
[  110.539591][ T6691]  ? __kmalloc_cache_noprof+0x243/0x390
[  110.539611][ T6691]  ? dccp_ackvec_parsed_add+0x5c/0x1d0
[  110.539643][ T6691]  dccp_parse_options+0x13bd/0x2670
[  110.539680][ T6691]  dccp_rcv_established+0x55/0x320
[  110.539701][ T6691]  dccp_v6_do_rcv+0x2c9/0xb80
[  110.539726][ T6691]  ? __pfx_dccp_v6_do_rcv+0x10/0x10
[  110.539744][ T6691]  __release_sock+0x243/0x350
[  110.539770][ T6691]  release_sock+0x61/0x1f0
[  110.539793][ T6691]  dccp_sendmsg+0x4f0/0xb90
[  110.539822][ T6691]  ? __pfx_dccp_sendmsg+0x10/0x10
[  110.539841][ T6691]  ? sock_rps_record_flow+0x1a/0x400
[  110.539865][ T6691]  ? inet_sendmsg+0x330/0x390
[  110.539889][ T6691]  __sock_sendmsg+0x1a6/0x270
[  110.539910][ T6691]  ____sys_sendmsg+0x53a/0x860
[  110.539932][ T6691]  ? __pfx_____sys_sendmsg+0x10/0x10
[  110.539946][ T6691]  ? __fget_files+0x2a/0x410
[  110.539970][ T6691]  ? __sys_sendmmsg+0x392/0x720
[  110.539985][ T6691]  ? __might_fault+0xaa/0x120
[  110.540005][ T6691]  __sys_sendmmsg+0x36a/0x720
[  110.540029][ T6691]  ? __pfx___sys_sendmmsg+0x10/0x10
[  110.540055][ T6691]  ? __pfx_lock_release+0x10/0x10
[  110.540075][ T6691]  ? kstrtouint_from_user+0x128/0x190
[  110.540114][ T6691]  ? ksys_write+0x22a/0x2b0
[  110.540130][ T6691]  ? __pfx_lock_release+0x10/0x10
[  110.540158][ T6691]  ? sb_end_write+0xe9/0x1c0
[  110.540180][ T6691]  ? vfs_write+0x7fa/0xd10
[  110.540198][ T6691]  ? __mutex_unlock_slowpath+0x227/0x800
[  110.540247][ T6691]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  110.540272][ T6691]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  110.540296][ T6691]  ? do_syscall_64+0x100/0x230
[  110.540321][ T6691]  __x64_sys_sendmmsg+0xa0/0xb0
[  110.540340][ T6691]  do_syscall_64+0xf3/0x230
[  110.540360][ T6691]  ? clear_bhb_loop+0x35/0x90
[  110.540384][ T6691]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.540403][ T6691] RIP: 0033:0x7f5c08775bd9
[  110.540419][ T6691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  110.540432][ T6691] RSP: 002b:00007f5c095cf048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  110.540450][ T6691] RAX: ffffffffffffffda RBX: 00007f5c08903f60 RCX: 00007f5c08775bd9
[  110.540462][ T6691] RDX: 0000000000000500 RSI: 00000000200001c0 RDI: 0000000000000005
[  110.540481][ T6691] RBP: 00007f5c095cf0a0 R08: 0000000000000000 R09: 0000000000000000
[  110.540491][ T6691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  110.540500][ T6691] R13: 000000000000000b R14: 00007f5c08903f60 R15: 00007ffc5cfa8758
[  110.540526][ T6691]  </TASK>
[  110.540702][ T6691] dccp_parse_options: DCCP(ffff888064773700): Option 32 (len=7) error=9
[  110.895400][ T6691] ==================================================================
[  110.903501][ T6691] BUG: KASAN: slab-use-after-free in ccid2_hc_tx_packet_recv+0x1902/0x2070
[  110.912196][ T6691] Read of size 1 at addr ffff888065be34a2 by task syz.0.16/6691
[  110.919817][ T6691] 
[  110.922130][ T6691] CPU: 0 UID: 0 PID: 6691 Comm: syz.0.16 Not tainted 6.14.0-rc5-syzkaller-g2e51e0ac575c #0
[  110.922144][ T6691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  110.922152][ T6691] Call Trace:
[  110.922157][ T6691]  <TASK>
[  110.922162][ T6691]  dump_stack_lvl+0x241/0x360
[  110.922180][ T6691]  ? __pfx_dump_stack_lvl+0x10/0x10
[  110.922193][ T6691]  ? __pfx__printk+0x10/0x10
[  110.922222][ T6691]  ? _printk+0xd5/0x120
[  110.922233][ T6691]  ? __virt_addr_valid+0x183/0x530
[  110.922246][ T6691]  ? __virt_addr_valid+0x183/0x530
[  110.922258][ T6691]  print_report+0x16e/0x5b0
[  110.922274][ T6691]  ? __virt_addr_valid+0x183/0x530
[  110.922285][ T6691]  ? __virt_addr_valid+0x183/0x530
[  110.922295][ T6691]  ? __virt_addr_valid+0x45f/0x530
[  110.922306][ T6691]  ? __phys_addr+0xba/0x170
[  110.922317][ T6691]  ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[  110.922337][ T6691]  kasan_report+0x143/0x180
[  110.922352][ T6691]  ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[  110.922372][ T6691]  ccid2_hc_tx_packet_recv+0x1902/0x2070
[  110.922396][ T6691]  ? dccp_ackvec_input+0x1d5/0xf70
[  110.922415][ T6691]  ? ccid2_hc_rx_packet_recv+0x12e/0x1c0
[  110.922431][ T6691]  ? __pfx_ccid2_hc_tx_packet_recv+0x10/0x10
[  110.922455][ T6691]  dccp_rcv_established+0x295/0x320
[  110.922469][ T6691]  dccp_v6_do_rcv+0x2c9/0xb80
[  110.922487][ T6691]  ? __pfx_dccp_v6_do_rcv+0x10/0x10
[  110.922502][ T6691]  __release_sock+0x243/0x350
[  110.922519][ T6691]  release_sock+0x61/0x1f0
[  110.922536][ T6691]  dccp_sendmsg+0x4f0/0xb90
[  110.922554][ T6691]  ? __pfx_dccp_sendmsg+0x10/0x10
[  110.922569][ T6691]  ? sock_rps_record_flow+0x1a/0x400
[  110.922587][ T6691]  ? inet_sendmsg+0x330/0x390
[  110.922604][ T6691]  __sock_sendmsg+0x1a6/0x270
[  110.922621][ T6691]  ____sys_sendmsg+0x53a/0x860
[  110.922636][ T6691]  ? __pfx_____sys_sendmsg+0x10/0x10
[  110.922647][ T6691]  ? __fget_files+0x2a/0x410
[  110.922665][ T6691]  ? __sys_sendmmsg+0x392/0x720
[  110.922677][ T6691]  ? __might_fault+0xaa/0x120
[  110.922691][ T6691]  __sys_sendmmsg+0x36a/0x720
[  110.922707][ T6691]  ? __pfx___sys_sendmmsg+0x10/0x10
[  110.922723][ T6691]  ? __pfx_lock_release+0x10/0x10
[  110.922739][ T6691]  ? kstrtouint_from_user+0x128/0x190
[  110.922760][ T6691]  ? ksys_write+0x22a/0x2b0
[  110.922772][ T6691]  ? __pfx_lock_release+0x10/0x10
[  110.922791][ T6691]  ? sb_end_write+0xe9/0x1c0
[  110.922807][ T6691]  ? vfs_write+0x7fa/0xd10
[  110.922820][ T6691]  ? __mutex_unlock_slowpath+0x227/0x800
[  110.922846][ T6691]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  110.922864][ T6691]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  110.922882][ T6691]  ? do_syscall_64+0x100/0x230
[  110.922900][ T6691]  __x64_sys_sendmmsg+0xa0/0xb0
[  110.922913][ T6691]  do_syscall_64+0xf3/0x230
[  110.922929][ T6691]  ? clear_bhb_loop+0x35/0x90
[  110.922948][ T6691]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.922964][ T6691] RIP: 0033:0x7f5c08775bd9
[  110.922976][ T6691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  110.922986][ T6691] RSP: 002b:00007f5c095cf048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  110.923000][ T6691] RAX: ffffffffffffffda RBX: 00007f5c08903f60 RCX: 00007f5c08775bd9
[  110.923010][ T6691] RDX: 0000000000000500 RSI: 00000000200001c0 RDI: 0000000000000005
[  110.923018][ T6691] RBP: 00007f5c095cf0a0 R08: 0000000000000000 R09: 0000000000000000
[  110.923026][ T6691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  110.923033][ T6691] R13: 000000000000000b R14: 00007f5c08903f60 R15: 00007ffc5cfa8758
[  110.923046][ T6691]  </TASK>
[  110.923051][ T6691] 
[  111.271626][ T6691] Allocated by task 6691:
[  111.275976][ T6691]  kasan_save_track+0x3f/0x80
[  111.280667][ T6691]  __kasan_kmalloc+0x98/0xb0
[  111.285346][ T6691]  __kmalloc_node_track_caller_noprof+0x28b/0x4c0
[  111.291762][ T6691]  kmalloc_reserve+0x111/0x2a0
[  111.296530][ T6691]  __alloc_skb+0x1f3/0x440
[  111.300937][ T6691]  dccp_send_ack+0xaa/0x310
[  111.305430][ T6691]  ccid2_hc_rx_packet_recv+0x10c/0x1c0
[  111.310880][ T6691]  dccp_rcv_established+0x1bb/0x320
[  111.316151][ T6691]  dccp_v6_do_rcv+0x2c9/0xb80
[  111.320817][ T6691]  __sk_receive_skb+0x82b/0x8b0
[  111.325659][ T6691]  dccp_v6_rcv+0x1189/0x1640
[  111.330240][ T6691]  ip6_protocol_deliver_rcu+0x105b/0x1580
[  111.335944][ T6691]  ip6_input_finish+0xdd/0x190
[  111.340696][ T6691]  NF_HOOK+0x3a4/0x450
[  111.344748][ T6691]  ip6_input+0x169/0x270
[  111.348975][ T6691]  NF_HOOK+0x3a4/0x450
[  111.353115][ T6691]  __netif_receive_skb+0x1ea/0x650
[  111.358217][ T6691]  process_backlog+0x662/0x15b0
[  111.363057][ T6691]  __napi_poll+0xcb/0x490
[  111.367379][ T6691]  net_rx_action+0x89b/0x1240
[  111.372046][ T6691]  handle_softirqs+0x2d4/0x9b0
[  111.376796][ T6691]  do_softirq+0x11b/0x1e0
[  111.381156][ T6691]  __local_bh_enable_ip+0x1bb/0x200
[  111.386361][ T6691]  __dev_queue_xmit+0x1775/0x3f50
[  111.391406][ T6691]  ip6_finish_output2+0x127d/0x17c0
[  111.396620][ T6691]  ip6_finish_output+0x41e/0x840
[  111.401561][ T6691]  ip6_xmit+0x1108/0x1a20
[  111.405891][ T6691]  inet6_csk_xmit+0x468/0x710
[  111.410563][ T6691]  dccp_transmit_skb+0xf37/0x16d0
[  111.415587][ T6691]  dccp_xmit_packet+0x376/0x610
[  111.420425][ T6691]  dccp_write_xmit+0x138/0x220
[  111.425178][ T6691]  dccp_sendmsg+0x76f/0xb90
[  111.429674][ T6691]  __sock_sendmsg+0x1a6/0x270
[  111.434340][ T6691]  ____sys_sendmsg+0x53a/0x860
[  111.439116][ T6691]  __sys_sendmmsg+0x36a/0x720
[  111.443781][ T6691]  __x64_sys_sendmmsg+0xa0/0xb0
[  111.448615][ T6691]  do_syscall_64+0xf3/0x230
[  111.453111][ T6691]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.458999][ T6691] 
[  111.461310][ T6691] Freed by task 6691:
[  111.465293][ T6691]  kasan_save_track+0x3f/0x80
[  111.470038][ T6691]  kasan_save_free_info+0x40/0x50
[  111.475059][ T6691]  __kasan_slab_free+0x59/0x70
[  111.479818][ T6691]  kfree+0x196/0x430
[  111.483706][ T6691]  skb_release_data+0x6a0/0x8a0
[  111.488554][ T6691]  sk_skb_reason_drop+0x1c9/0x380
[  111.493564][ T6691]  dccp_v6_do_rcv+0x149/0xb80
[  111.498231][ T6691]  __release_sock+0x243/0x350
[  111.502896][ T6691]  release_sock+0x61/0x1f0
[  111.507302][ T6691]  dccp_sendmsg+0x4f0/0xb90
[  111.511795][ T6691]  __sock_sendmsg+0x1a6/0x270
[  111.516477][ T6691]  ____sys_sendmsg+0x53a/0x860
[  111.521338][ T6691]  __sys_sendmmsg+0x36a/0x720
[  111.526014][ T6691]  __x64_sys_sendmmsg+0xa0/0xb0
[  111.530866][ T6691]  do_syscall_64+0xf3/0x230
[  111.535366][ T6691]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.541254][ T6691] 
[  111.543566][ T6691] The buggy address belongs to the object at ffff888065be3000
[  111.543566][ T6691]  which belongs to the cache kmalloc-2k of size 2048
[  111.557609][ T6691] The buggy address is located 1186 bytes inside of
[  111.557609][ T6691]  freed 2048-byte region [ffff888065be3000, ffff888065be3800)
[  111.571580][ T6691] 
[  111.573896][ T6691] The buggy address belongs to the physical page:
[  111.580314][ T6691] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x65be0
[  111.589079][ T6691] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  111.597574][ T6691] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  111.605110][ T6691] page_type: f5(slab)
[  111.609081][ T6691] raw: 00fff00000000040 ffff88801b042000 ffffea0001ee8c00 dead000000000002
[  111.617650][ T6691] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  111.626218][ T6691] head: 00fff00000000040 ffff88801b042000 ffffea0001ee8c00 dead000000000002
[  111.634875][ T6691] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  111.643532][ T6691] head: 00fff00000000003 ffffea000196f801 ffffffffffffffff 0000000000000000
[  111.652195][ T6691] head: 0000000700000008 0000000000000000 00000000ffffffff 0000000000000000
[  111.660858][ T6691] page dumped because: kasan: bad access detected
[  111.667285][ T6691] page_owner tracks the page as allocated
[  111.672988][ T6691] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5862, tgid 5862 (syz-executor), ts 65630285730, free_ts 63776353462
[  111.694170][ T6691]  post_alloc_hook+0x1f4/0x240
[  111.698935][ T6691]  get_page_from_freelist+0x365c/0x37a0
[  111.704471][ T6691]  __alloc_frozen_pages_noprof+0x292/0x710
[  111.710268][ T6691]  alloc_pages_mpol+0x311/0x660
[  111.715119][ T6691]  allocate_slab+0x8f/0x3a0
[  111.719608][ T6691]  ___slab_alloc+0xc27/0x14a0
[  111.724276][ T6691]  __slab_alloc+0x58/0xa0
[  111.728601][ T6691]  __kmalloc_node_track_caller_noprof+0x2e9/0x4c0
[  111.735005][ T6691]  kmalloc_reserve+0x111/0x2a0
[  111.739759][ T6691]  pskb_expand_head+0x1ee/0x1440
[  111.744682][ T6691]  netlink_trim+0x1d6/0x2e0
[  111.749175][ T6691]  netlink_broadcast_filtered+0x76/0x12a0
[  111.754878][ T6691]  nlmsg_notify+0xfb/0x1c0
[  111.759277][ T6691]  register_netdevice+0x17aa/0x1b60
[  111.764466][ T6691]  register_netdev+0x40/0x50
[  111.769042][ T6691]  loopback_net_init+0x73/0x150
[  111.773879][ T6691] page last free pid 5831 tgid 5831 stack trace:
[  111.780184][ T6691]  free_unref_folios+0xe40/0x18b0
[  111.785199][ T6691]  folios_put_refs+0x76c/0x860
[  111.789945][ T6691]  free_pages_and_swap_cache+0x2e5/0x690
[  111.795566][ T6691]  tlb_flush_mmu+0x3a3/0x680
[  111.800144][ T6691]  tlb_finish_mmu+0xd4/0x200
[  111.804720][ T6691]  vms_clear_ptes+0x432/0x530
[  111.809386][ T6691]  vms_complete_munmap_vmas+0x210/0x8f0
[  111.814916][ T6691]  do_vmi_align_munmap+0x5ef/0x6f0
[  111.820014][ T6691]  do_vmi_munmap+0x24e/0x2d0
[  111.824592][ T6691]  __vm_munmap+0x372/0x510
[  111.829003][ T6691]  __x64_sys_munmap+0x60/0x70
[  111.833662][ T6691]  do_syscall_64+0xf3/0x230
[  111.838155][ T6691]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.844040][ T6691] 
[  111.846349][ T6691] Memory state around the buggy address:
[  111.851981][ T6691]  ffff888065be3380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  111.860042][ T6691]  ffff888065be3400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  111.868101][ T6691] >ffff888065be3480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  111.876238][ T6691]                                ^
[  111.881338][ T6691]  ffff888065be3500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  111.889391][ T6691]  ffff888065be3580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  111.897442][ T6691] ==================================================================
[  111.926778][   T54] Bluetooth: hci0: command tx timeout
[  111.941198][ T6691] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  111.948430][ T6691] CPU: 0 UID: 0 PID: 6691 Comm: syz.0.16 Not tainted 6.14.0-rc5-syzkaller-g2e51e0ac575c #0
[  111.958401][ T6691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  111.968535][ T6691] Call Trace:
[  111.971803][ T6691]  <TASK>
[  111.974774][ T6691]  dump_stack_lvl+0x241/0x360
[  111.979532][ T6691]  ? __pfx_dump_stack_lvl+0x10/0x10
[  111.984719][ T6691]  ? __pfx__printk+0x10/0x10
[  111.989295][ T6691]  ? preempt_schedule+0xe1/0xf0
[  111.994146][ T6691]  ? vscnprintf+0x5d/0x90
[  111.998465][ T6691]  panic+0x349/0x880
[  112.002353][ T6691]  ? check_panic_on_warn+0x21/0xb0
[  112.007462][ T6691]  ? __pfx_panic+0x10/0x10
[  112.011869][ T6691]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  112.017838][ T6691]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  112.024156][ T6691]  ? print_report+0x519/0x5b0
[  112.028824][ T6691]  check_panic_on_warn+0x86/0xb0
[  112.033757][ T6691]  ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[  112.039555][ T6691]  end_report+0x77/0x160
[  112.043796][ T6691]  kasan_report+0x154/0x180
[  112.048298][ T6691]  ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[  112.054105][ T6691]  ccid2_hc_tx_packet_recv+0x1902/0x2070
[  112.059739][ T6691]  ? dccp_ackvec_input+0x1d5/0xf70
[  112.064847][ T6691]  ? ccid2_hc_rx_packet_recv+0x12e/0x1c0
[  112.070479][ T6691]  ? __pfx_ccid2_hc_tx_packet_recv+0x10/0x10
[  112.076467][ T6691]  dccp_rcv_established+0x295/0x320
[  112.081654][ T6691]  dccp_v6_do_rcv+0x2c9/0xb80
[  112.086329][ T6691]  ? __pfx_dccp_v6_do_rcv+0x10/0x10
[  112.091518][ T6691]  __release_sock+0x243/0x350
[  112.096198][ T6691]  release_sock+0x61/0x1f0
[  112.100610][ T6691]  dccp_sendmsg+0x4f0/0xb90
[  112.105114][ T6691]  ? __pfx_dccp_sendmsg+0x10/0x10
[  112.110147][ T6691]  ? sock_rps_record_flow+0x1a/0x400
[  112.115429][ T6691]  ? inet_sendmsg+0x330/0x390
[  112.120100][ T6691]  __sock_sendmsg+0x1a6/0x270
[  112.124770][ T6691]  ____sys_sendmsg+0x53a/0x860
[  112.129527][ T6691]  ? __pfx_____sys_sendmsg+0x10/0x10
[  112.134798][ T6691]  ? __fget_files+0x2a/0x410
[  112.139385][ T6691]  ? __sys_sendmmsg+0x392/0x720
[  112.144223][ T6691]  ? __might_fault+0xaa/0x120
[  112.148888][ T6691]  __sys_sendmmsg+0x36a/0x720
[  112.153556][ T6691]  ? __pfx___sys_sendmmsg+0x10/0x10
[  112.158751][ T6691]  ? __pfx_lock_release+0x10/0x10
[  112.163778][ T6691]  ? kstrtouint_from_user+0x128/0x190
[  112.169200][ T6691]  ? ksys_write+0x22a/0x2b0
[  112.173690][ T6691]  ? __pfx_lock_release+0x10/0x10
[  112.178804][ T6691]  ? sb_end_write+0xe9/0x1c0
[  112.183388][ T6691]  ? vfs_write+0x7fa/0xd10
[  112.187803][ T6691]  ? __mutex_unlock_slowpath+0x227/0x800
[  112.193435][ T6691]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  112.199407][ T6691]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  112.205734][ T6691]  ? do_syscall_64+0x100/0x230
[  112.210493][ T6691]  __x64_sys_sendmmsg+0xa0/0xb0
[  112.215333][ T6691]  do_syscall_64+0xf3/0x230
[  112.219846][ T6691]  ? clear_bhb_loop+0x35/0x90
[  112.224547][ T6691]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.230450][ T6691] RIP: 0033:0x7f5c08775bd9
[  112.234856][ T6691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  112.254457][ T6691] RSP: 002b:00007f5c095cf048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  112.262874][ T6691] RAX: ffffffffffffffda RBX: 00007f5c08903f60 RCX: 00007f5c08775bd9
[  112.270836][ T6691] RDX: 0000000000000500 RSI: 00000000200001c0 RDI: 0000000000000005
[  112.278810][ T6691] RBP: 00007f5c095cf0a0 R08: 0000000000000000 R09: 0000000000000000
[  112.286789][ T6691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  112.294760][ T6691] R13: 000000000000000b R14: 00007f5c08903f60 R15: 00007ffc5cfa8758
[  112.302729][ T6691]  </TASK>
[  112.305977][ T6691] Kernel Offset: disabled
[  112.310288][ T6691] Rebooting in 86400 seconds..