Warning: Permanently added '10.128.1.5' (ED25519) to the list of known hosts.
2024/04/17 05:16:51 ignoring optional flag "sandboxArg"="0"
2024/04/17 05:16:51 parsed 1 programs
2024/04/17 05:16:51 executed programs: 0
[ 83.748537][ T4485] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 83.756247][ T4485] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 83.764218][ T4485] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 83.772663][ T4485] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 83.781489][ T4485] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 83.789438][ T4485] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 83.908794][ T5438] chnl_net:caif_netlink_parms(): no params data found
[ 83.962022][ T5438] bridge0: port 1(bridge_slave_0) entered blocking state
[ 83.969724][ T5438] bridge0: port 1(bridge_slave_0) entered disabled state
[ 83.976885][ T5438] bridge_slave_0: entered allmulticast mode
[ 83.983702][ T5438] bridge_slave_0: entered promiscuous mode
[ 83.991879][ T5438] bridge0: port 2(bridge_slave_1) entered blocking state
[ 83.999496][ T5438] bridge0: port 2(bridge_slave_1) entered disabled state
[ 84.006662][ T5438] bridge_slave_1: entered allmulticast mode
[ 84.014051][ T5438] bridge_slave_1: entered promiscuous mode
[ 84.038162][ T5438] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 84.050569][ T5438] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 84.078257][ T5438] team0: Port device team_slave_0 added
[ 84.086272][ T5438] team0: Port device team_slave_1 added
[ 84.108686][ T5438] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 84.115673][ T5438] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 84.142513][ T5438] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 84.155528][ T5438] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 84.162590][ T5438] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 84.188708][ T5438] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 84.224087][ T5438] hsr_slave_0: entered promiscuous mode
[ 84.231249][ T5438] hsr_slave_1: entered promiscuous mode
[ 84.882947][ T5438] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 84.894586][ T5438] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 84.911219][ T5438] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 84.924233][ T5438] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 85.035608][ T5438] 8021q: adding VLAN 0 to HW filter on device bond0
[ 85.061781][ T5438] 8021q: adding VLAN 0 to HW filter on device team0
[ 85.076970][ T25] bridge0: port 1(bridge_slave_0) entered blocking state
[ 85.084298][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 85.114908][ T25] bridge0: port 2(bridge_slave_1) entered blocking state
[ 85.122133][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 85.171310][ T5438] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 85.333428][ T5438] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 85.382131][ T5438] veth0_vlan: entered promiscuous mode
[ 85.400007][ T5438] veth1_vlan: entered promiscuous mode
[ 85.433769][ T5438] veth0_macvtap: entered promiscuous mode
[ 85.445326][ T5438] veth1_macvtap: entered promiscuous mode
[ 85.467246][ T5438] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 85.484494][ T5438] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 85.500917][ T5438] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 85.510573][ T5438] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 85.520656][ T5438] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 85.529720][ T5438] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 85.619172][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 85.627047][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 85.665942][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 85.674582][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 85.762952][ T5511] FAULT_INJECTION: forcing a failure.
[ 85.762952][ T5511] name failslab, interval 1, probability 0, space 0, times 1
[ 85.777743][ T5511] CPU: 0 PID: 5511 Comm: syz-executor.0 Not tainted 6.9.0-rc4-next-20240416-syzkaller-06520-g66e4190e92ce #0
[ 85.789324][ T5511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 85.799404][ T5511] Call Trace:
[ 85.802711][ T5511]
[ 85.805661][ T5511] dump_stack_lvl+0x241/0x360
[ 85.810368][ T5511] ? __pfx_dump_stack_lvl+0x10/0x10
[ 85.815591][ T5511] ? __pfx__printk+0x10/0x10
[ 85.820214][ T5511] ? __pfx___might_resched+0x10/0x10
[ 85.825525][ T5511] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 85.831536][ T5511] should_fail_ex+0x3b0/0x4e0
[ 85.836244][ T5511] ? dccp_feat_entry_new+0x173/0x3a0
[ 85.841555][ T5511] should_failslab+0x9/0x20
[ 85.846086][ T5511] kmalloc_trace_noprof+0x6c/0x2b0
[ 85.851231][ T5511] dccp_feat_entry_new+0x173/0x3a0
[ 85.856377][ T5511] dccp_feat_parse_options+0xeac/0x2c30
[ 85.861958][ T5511] ? __pfx_dccp_feat_parse_options+0x10/0x10
[ 85.867965][ T5511] ? kmalloc_trace_noprof+0x19c/0x2b0
[ 85.873381][ T5511] dccp_parse_options+0x13bd/0x2670
[ 85.878626][ T5511] dccp_rcv_established+0x55/0x320
[ 85.883768][ T5511] dccp_v4_do_rcv+0xff/0x1f0
[ 85.888390][ T5511] ? __pfx_dccp_v4_do_rcv+0x10/0x10
[ 85.893613][ T5511] __release_sock+0x243/0x350
[ 85.898329][ T5511] release_sock+0x61/0x1f0
[ 85.902780][ T5511] dccp_sendmsg+0x4ee/0xba0
[ 85.907324][ T5511] ? __pfx_dccp_sendmsg+0x10/0x10
[ 85.912380][ T5511] ? sock_rps_record_flow+0x1a/0x400
[ 85.917699][ T5511] ? inet_sendmsg+0x330/0x390
[ 85.922395][ T5511] ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 85.927702][ T5511] ? security_socket_sendmsg+0x87/0xb0
[ 85.933190][ T5511] __sock_sendmsg+0x1a6/0x270
[ 85.937898][ T5511] ____sys_sendmsg+0x525/0x7d0
[ 85.942694][ T5511] ? __pfx_____sys_sendmsg+0x10/0x10
[ 85.948020][ T5511] __sys_sendmmsg+0x3b2/0x740
[ 85.952777][ T5511] ? __pfx___sys_sendmmsg+0x10/0x10
[ 85.958122][ T5511] ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 85.964040][ T5511] ? ksys_write+0x23e/0x2c0
[ 85.968570][ T5511] ? __pfx_lock_release+0x10/0x10
[ 85.973625][ T5511] ? vfs_write+0x7c4/0xc90
[ 85.978080][ T5511] ? __mutex_unlock_slowpath+0x21d/0x750
[ 85.983745][ T5511] ? __pfx_vfs_write+0x10/0x10
[ 85.988567][ T5511] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 85.994575][ T5511] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 86.001020][ T5511] ? do_syscall_64+0x102/0x240
[ 86.005808][ T5511] __x64_sys_sendmmsg+0xa0/0xb0
[ 86.010688][ T5511] do_syscall_64+0xf5/0x240
[ 86.015221][ T5511] ? clear_bhb_loop+0x35/0x90
[ 86.019925][ T5511] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.025843][ T5511] RIP: 0033:0x7f41c607bdb9
[ 86.030276][ T5511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 86.049918][ T5511] RSP: 002b:00007f41c6d230c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 86.058368][ T5511] RAX: ffffffffffffffda RBX: 00007f41c619bf80 RCX: 00007f41c607bdb9
[ 86.066364][ T5511] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005
[ 86.074359][ T5511] RBP: 00007f41c6d23120 R08: 0000000000000000 R09: 0000000000000000
[ 86.082350][ T5511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 86.090438][ T5511] R13: 000000000000000b R14: 00007f41c619bf80 R15: 00007fffe3d307c8
[ 86.098446][ T5511]
[ 86.105616][ T4485] Bluetooth: hci0: command tx timeout
[ 86.116512][ T5511] dccp_parse_options: DCCP(ffff888026989580): Option 32 (len=7) error=9
[ 86.135385][ T5511] ==================================================================
[ 86.143653][ T5511] BUG: KASAN: slab-use-after-free in ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 86.152431][ T5511] Read of size 1 at addr ffff88802e6a2494 by task syz-executor.0/5511
[ 86.160596][ T5511]
[ 86.162931][ T5511] CPU: 0 PID: 5511 Comm: syz-executor.0 Not tainted 6.9.0-rc4-next-20240416-syzkaller-06520-g66e4190e92ce #0
[ 86.174484][ T5511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 86.184556][ T5511] Call Trace:
[ 86.187860][ T5511]
[ 86.190811][ T5511] dump_stack_lvl+0x241/0x360
[ 86.195512][ T5511] ? __pfx_dump_stack_lvl+0x10/0x10
[ 86.200749][ T5511] ? __pfx__printk+0x10/0x10
[ 86.205366][ T5511] ? _printk+0xd5/0x120
[ 86.209547][ T5511] ? __virt_addr_valid+0x183/0x520
[ 86.214681][ T5511] ? __virt_addr_valid+0x183/0x520
[ 86.219813][ T5511] print_report+0x169/0x550
[ 86.224338][ T5511] ? __virt_addr_valid+0x183/0x520
[ 86.229466][ T5511] ? __virt_addr_valid+0x183/0x520
[ 86.234612][ T5511] ? __virt_addr_valid+0x44e/0x520
[ 86.239737][ T5511] ? __phys_addr+0xba/0x170
[ 86.244236][ T5511] ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 86.250045][ T5511] kasan_report+0x143/0x180
[ 86.254569][ T5511] ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 86.260375][ T5511] ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 86.266031][ T5511] ? lockdep_hardirqs_on+0x99/0x150
[ 86.271248][ T5511] ? dccp_ackvec_clear_state+0x5dd/0x8b0
[ 86.276885][ T5511] ? dccp_ackvec_input+0x1d5/0xf60
[ 86.281996][ T5511] ? ccid2_hc_rx_packet_recv+0x12e/0x1c0
[ 86.287621][ T5511] ? __pfx_ccid2_hc_tx_packet_recv+0x10/0x10
[ 86.293595][ T5511] dccp_rcv_established+0x295/0x320
[ 86.298805][ T5511] dccp_v4_do_rcv+0xff/0x1f0
[ 86.303398][ T5511] ? __pfx_dccp_v4_do_rcv+0x10/0x10
[ 86.308593][ T5511] __release_sock+0x243/0x350
[ 86.313289][ T5511] release_sock+0x61/0x1f0
[ 86.317720][ T5511] dccp_sendmsg+0x4ee/0xba0
[ 86.322231][ T5511] ? __pfx_dccp_sendmsg+0x10/0x10
[ 86.327252][ T5511] ? sock_rps_record_flow+0x1a/0x400
[ 86.332531][ T5511] ? inet_sendmsg+0x330/0x390
[ 86.337197][ T5511] ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 86.342490][ T5511] ? security_socket_sendmsg+0x87/0xb0
[ 86.347957][ T5511] __sock_sendmsg+0x1a6/0x270
[ 86.352641][ T5511] ____sys_sendmsg+0x525/0x7d0
[ 86.357404][ T5511] ? __pfx_____sys_sendmsg+0x10/0x10
[ 86.362689][ T5511] ? __might_fault+0xaa/0x120
[ 86.367368][ T5511] __sys_sendmmsg+0x3b2/0x740
[ 86.372042][ T5511] ? __pfx___sys_sendmmsg+0x10/0x10
[ 86.377242][ T5511] ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 86.383130][ T5511] ? ksys_write+0x23e/0x2c0
[ 86.387626][ T5511] ? __pfx_lock_release+0x10/0x10
[ 86.392641][ T5511] ? vfs_write+0x7c4/0xc90
[ 86.397141][ T5511] ? __mutex_unlock_slowpath+0x21d/0x750
[ 86.402764][ T5511] ? __pfx_vfs_write+0x10/0x10
[ 86.407533][ T5511] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 86.413502][ T5511] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 86.419819][ T5511] ? do_syscall_64+0x102/0x240
[ 86.424583][ T5511] __x64_sys_sendmmsg+0xa0/0xb0
[ 86.429428][ T5511] do_syscall_64+0xf5/0x240
[ 86.433923][ T5511] ? clear_bhb_loop+0x35/0x90
[ 86.438611][ T5511] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.444501][ T5511] RIP: 0033:0x7f41c607bdb9
[ 86.448913][ T5511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 86.468601][ T5511] RSP: 002b:00007f41c6d230c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 86.477030][ T5511] RAX: ffffffffffffffda RBX: 00007f41c619bf80 RCX: 00007f41c607bdb9
[ 86.485000][ T5511] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005
[ 86.493050][ T5511] RBP: 00007f41c6d23120 R08: 0000000000000000 R09: 0000000000000000
[ 86.501015][ T5511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 86.508974][ T5511] R13: 000000000000000b R14: 00007f41c619bf80 R15: 00007fffe3d307c8
[ 86.516942][ T5511]
[ 86.519952][ T5511]
[ 86.522263][ T5511] Allocated by task 5511:
[ 86.526580][ T5511] kasan_save_track+0x3f/0x80
[ 86.531260][ T5511] __kasan_kmalloc+0x98/0xb0
[ 86.535842][ T5511] kmalloc_node_track_caller_noprof+0x22a/0x440
[ 86.542082][ T5511] kmalloc_reserve+0x111/0x2a0
[ 86.546839][ T5511] __alloc_skb+0x1f3/0x440
[ 86.551243][ T5511] dccp_send_ack+0xaa/0x310
[ 86.555831][ T5511] ccid2_hc_rx_packet_recv+0x10c/0x1c0
[ 86.561280][ T5511] dccp_rcv_established+0x1bb/0x320
[ 86.566465][ T5511] dccp_v4_do_rcv+0xff/0x1f0
[ 86.571044][ T5511] __sk_receive_skb+0x823/0x8a0
[ 86.575882][ T5511] ip_protocol_deliver_rcu+0x2e0/0x430
[ 86.581324][ T5511] ip_local_deliver_finish+0x33f/0x5f0
[ 86.586767][ T5511] NF_HOOK+0x3a4/0x450
[ 86.590819][ T5511] NF_HOOK+0x3a4/0x450
[ 86.594871][ T5511] __netif_receive_skb+0x2bf/0x650
[ 86.599968][ T5511] process_backlog+0x391/0x7d0
[ 86.604719][ T5511] __napi_poll+0xcb/0x490
[ 86.609038][ T5511] net_rx_action+0x7bb/0x10a0
[ 86.613700][ T5511] __do_softirq+0x2c6/0x980
[ 86.618188][ T5511]
[ 86.620498][ T5511] Freed by task 5511:
[ 86.624475][ T5511] kasan_save_track+0x3f/0x80
[ 86.629150][ T5511] kasan_save_free_info+0x40/0x50
[ 86.634162][ T5511] poison_slab_object+0xe0/0x150
[ 86.639089][ T5511] __kasan_slab_free+0x37/0x60
[ 86.643842][ T5511] kfree+0x149/0x350
[ 86.647745][ T5511] skb_release_data+0x690/0x890
[ 86.652596][ T5511] kfree_skb_reason+0x1a3/0x3b0
[ 86.657447][ T5511] dccp_v4_do_rcv+0x143/0x1f0
[ 86.662385][ T5511] __release_sock+0x243/0x350
[ 86.667051][ T5511] release_sock+0x61/0x1f0
[ 86.671457][ T5511] dccp_sendmsg+0x4ee/0xba0
[ 86.675950][ T5511] __sock_sendmsg+0x1a6/0x270
[ 86.680630][ T5511] ____sys_sendmsg+0x525/0x7d0
[ 86.685414][ T5511] __sys_sendmmsg+0x3b2/0x740
[ 86.690086][ T5511] __x64_sys_sendmmsg+0xa0/0xb0
[ 86.694933][ T5511] do_syscall_64+0xf5/0x240
[ 86.699432][ T5511] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.705333][ T5511]
[ 86.707648][ T5511] The buggy address belongs to the object at ffff88802e6a2000
[ 86.707648][ T5511] which belongs to the cache kmalloc-2k of size 2048
[ 86.722053][ T5511] The buggy address is located 1172 bytes inside of
[ 86.722053][ T5511] freed 2048-byte region [ffff88802e6a2000, ffff88802e6a2800)
[ 86.736011][ T5511]
[ 86.738326][ T5511] The buggy address belongs to the physical page:
[ 86.744746][ T5511] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2e6a0
[ 86.753490][ T5511] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 86.761972][ T5511] flags: 0xfff80000000040(head|node=0|zone=1|lastcpupid=0xfff)
[ 86.769500][ T5511] page_type: 0xffffefff(slab)
[ 86.774167][ T5511] raw: 00fff80000000040 ffff888015042000 ffffea0000b98200 dead000000000002
[ 86.782741][ T5511] raw: 0000000000000000 0000000000080008 00000001ffffefff 0000000000000000
[ 86.791338][ T5511] head: 00fff80000000040 ffff888015042000 ffffea0000b98200 dead000000000002
[ 86.800012][ T5511] head: 0000000000000000 0000000000080008 00000001ffffefff 0000000000000000
[ 86.808731][ T5511] head: 00fff80000000003 ffffea0000b9a801 ffffffffffffffff 0000000000000000
[ 86.817394][ T5511] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 86.826138][ T5511] page dumped because: kasan: bad access detected
[ 86.832534][ T5511] page_owner tracks the page as allocated
[ 86.838231][ T5511] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 1032, tgid 1797468944 (kworker/u8:5), ts 1032, free_ts 61884747530
[ 86.860884][ T5511] post_alloc_hook+0x1f3/0x230
[ 86.865657][ T5511] get_page_from_freelist+0x2ce2/0x2d90
[ 86.871277][ T5511] __alloc_pages_noprof+0x256/0x6c0
[ 86.876556][ T5511] alloc_slab_page+0x5f/0x120
[ 86.881235][ T5511] allocate_slab+0x5a/0x2e0
[ 86.885741][ T5511] ___slab_alloc+0xcd1/0x14b0
[ 86.890406][ T5511] __slab_alloc+0x58/0xa0
[ 86.894725][ T5511] kmalloc_node_track_caller_noprof+0x286/0x440
[ 86.900952][ T5511] kmalloc_reserve+0x111/0x2a0
[ 86.905704][ T5511] pskb_expand_head+0x1f0/0x13d0
[ 86.910632][ T5511] netlink_trim+0x183/0x220
[ 86.915145][ T5511] netlink_broadcast_filtered+0x76/0x1290
[ 86.920863][ T5511] nlmsg_notify+0xfb/0x1c0
[ 86.925262][ T5511] rtnetlink_event+0x21d/0x260
[ 86.930023][ T5511] notifier_call_chain+0x19f/0x3e0
[ 86.935229][ T5511] __netdev_upper_dev_unlink+0x2ba/0x8e0
[ 86.940853][ T5511] page last free pid 5172 tgid 5172 stack trace:
[ 86.947160][ T5511] free_unref_page+0xd22/0xea0
[ 86.951920][ T5511] __put_partials+0xeb/0x130
[ 86.956501][ T5511] put_cpu_partial+0x17c/0x250
[ 86.961249][ T5511] __slab_free+0x2ea/0x3d0
[ 86.965654][ T5511] qlist_free_all+0x9e/0x140
[ 86.970236][ T5511] kasan_quarantine_reduce+0x14f/0x170
[ 86.975694][ T5511] __kasan_slab_alloc+0x23/0x80
[ 86.980531][ T5511] kmem_cache_alloc_noprof+0x135/0x290
[ 86.985976][ T5511] vm_area_alloc+0x24/0x1d0
[ 86.990557][ T5511] mmap_region+0xc47/0x2060
[ 86.995051][ T5511] do_mmap+0x8ad/0xfa0
[ 86.999113][ T5511] vm_mmap_pgoff+0x1dd/0x3d0
[ 87.003692][ T5511] ksys_mmap_pgoff+0x4f1/0x720
[ 87.008443][ T5511] do_syscall_64+0xf5/0x240
[ 87.012934][ T5511] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.018815][ T5511]
[ 87.021123][ T5511] Memory state around the buggy address:
[ 87.026738][ T5511] ffff88802e6a2380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 87.034785][ T5511] ffff88802e6a2400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 87.042939][ T5511] >ffff88802e6a2480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 87.051049][ T5511] ^
[ 87.055620][ T5511] ffff88802e6a2500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 87.063670][ T5511] ffff88802e6a2580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 87.071800][ T5511] ==================================================================
[ 87.083185][ T5511] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 87.090407][ T5511] CPU: 1 PID: 5511 Comm: syz-executor.0 Not tainted 6.9.0-rc4-next-20240416-syzkaller-06520-g66e4190e92ce #0
[ 87.101960][ T5511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 87.112031][ T5511] Call Trace:
[ 87.115322][ T5511]
[ 87.118262][ T5511] dump_stack_lvl+0x241/0x360
[ 87.122960][ T5511] ? __pfx_dump_stack_lvl+0x10/0x10
[ 87.128269][ T5511] ? __pfx__printk+0x10/0x10
[ 87.132882][ T5511] ? preempt_schedule+0xe1/0xf0
[ 87.137756][ T5511] ? vscnprintf+0x5d/0x90
[ 87.142101][ T5511] panic+0x349/0x860
[ 87.146082][ T5511] ? check_panic_on_warn+0x21/0xb0
[ 87.151186][ T5511] ? __pfx_panic+0x10/0x10
[ 87.155715][ T5511] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 87.161687][ T5511] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 87.168002][ T5511] ? print_report+0x502/0x550
[ 87.172668][ T5511] check_panic_on_warn+0x86/0xb0
[ 87.177595][ T5511] ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 87.183990][ T5511] end_report+0x77/0x160
[ 87.188219][ T5511] kasan_report+0x154/0x180
[ 87.192711][ T5511] ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 87.198505][ T5511] ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 87.204126][ T5511] ? lockdep_hardirqs_on+0x99/0x150
[ 87.209318][ T5511] ? dccp_ackvec_clear_state+0x5dd/0x8b0
[ 87.214936][ T5511] ? dccp_ackvec_input+0x1d5/0xf60
[ 87.220033][ T5511] ? ccid2_hc_rx_packet_recv+0x12e/0x1c0
[ 87.225674][ T5511] ? __pfx_ccid2_hc_tx_packet_recv+0x10/0x10
[ 87.231641][ T5511] dccp_rcv_established+0x295/0x320
[ 87.236827][ T5511] dccp_v4_do_rcv+0xff/0x1f0
[ 87.241408][ T5511] ? __pfx_dccp_v4_do_rcv+0x10/0x10
[ 87.246593][ T5511] __release_sock+0x243/0x350
[ 87.251266][ T5511] release_sock+0x61/0x1f0
[ 87.255725][ T5511] dccp_sendmsg+0x4ee/0xba0
[ 87.260246][ T5511] ? __pfx_dccp_sendmsg+0x10/0x10
[ 87.265305][ T5511] ? sock_rps_record_flow+0x1a/0x400
[ 87.270606][ T5511] ? inet_sendmsg+0x330/0x390
[ 87.275283][ T5511] ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 87.280564][ T5511] ? security_socket_sendmsg+0x87/0xb0
[ 87.286022][ T5511] __sock_sendmsg+0x1a6/0x270
[ 87.290695][ T5511] ____sys_sendmsg+0x525/0x7d0
[ 87.295448][ T5511] ? __pfx_____sys_sendmsg+0x10/0x10
[ 87.300750][ T5511] ? __might_fault+0xaa/0x120
[ 87.305418][ T5511] __sys_sendmmsg+0x3b2/0x740
[ 87.310088][ T5511] ? __pfx___sys_sendmmsg+0x10/0x10
[ 87.315284][ T5511] ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 87.321193][ T5511] ? ksys_write+0x23e/0x2c0
[ 87.325709][ T5511] ? __pfx_lock_release+0x10/0x10
[ 87.330729][ T5511] ? vfs_write+0x7c4/0xc90
[ 87.335147][ T5511] ? __mutex_unlock_slowpath+0x21d/0x750
[ 87.340784][ T5511] ? __pfx_vfs_write+0x10/0x10
[ 87.345579][ T5511] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 87.351552][ T5511] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 87.357866][ T5511] ? do_syscall_64+0x102/0x240
[ 87.362616][ T5511] __x64_sys_sendmmsg+0xa0/0xb0
[ 87.367475][ T5511] do_syscall_64+0xf5/0x240
[ 87.371985][ T5511] ? clear_bhb_loop+0x35/0x90
[ 87.376664][ T5511] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.382559][ T5511] RIP: 0033:0x7f41c607bdb9
[ 87.386971][ T5511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 87.406669][ T5511] RSP: 002b:00007f41c6d230c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 87.415080][ T5511] RAX: ffffffffffffffda RBX: 00007f41c619bf80 RCX: 00007f41c607bdb9
[ 87.423040][ T5511] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005
[ 87.430998][ T5511] RBP: 00007f41c6d23120 R08: 0000000000000000 R09: 0000000000000000
[ 87.438954][ T5511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 87.446911][ T5511] R13: 000000000000000b R14: 00007f41c619bf80 R15: 00007fffe3d307c8
[ 87.454872][ T5511]
[ 87.458088][ T5511] Kernel Offset: disabled
[ 87.462411][ T5511] Rebooting in 86400 seconds..