Warning: Permanently added '10.128.0.5' (ED25519) to the list of known hosts.
2024/12/25 06:14:28 ignoring optional flag "sandboxArg"="0"
2024/12/25 06:14:28 ignoring optional flag "type"="gce"
2024/12/25 06:14:28 parsed 1 programs
2024/12/25 06:14:28 executed programs: 0
[ 81.475635][ T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 81.485311][ T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 81.493630][ T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 81.504055][ T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 81.513579][ T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 81.521373][ T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 81.616209][ T6129] chnl_net:caif_netlink_parms(): no params data found
[ 81.679191][ T6129] bridge0: port 1(bridge_slave_0) entered blocking state
[ 81.687030][ T6129] bridge0: port 1(bridge_slave_0) entered disabled state
[ 81.694720][ T6129] bridge_slave_0: entered allmulticast mode
[ 81.702669][ T6129] bridge_slave_0: entered promiscuous mode
[ 81.710866][ T6129] bridge0: port 2(bridge_slave_1) entered blocking state
[ 81.719014][ T6129] bridge0: port 2(bridge_slave_1) entered disabled state
[ 81.726762][ T6129] bridge_slave_1: entered allmulticast mode
[ 81.733955][ T6129] bridge_slave_1: entered promiscuous mode
[ 81.765824][ T6129] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 81.776943][ T6129] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 81.807686][ T6129] team0: Port device team_slave_0 added
[ 81.816586][ T6129] team0: Port device team_slave_1 added
[ 81.838854][ T6129] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 81.847592][ T6129] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 81.874517][ T6129] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 81.887846][ T6129] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 81.896141][ T6129] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 81.924388][ T6129] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 81.956046][ T6129] hsr_slave_0: entered promiscuous mode
[ 81.963647][ T6129] hsr_slave_1: entered promiscuous mode
[ 82.105505][ T25] cfg80211: failed to load regulatory.db
[ 82.580760][ T6129] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 82.591711][ T6129] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 82.614514][ T6129] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 82.634505][ T6129] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 82.770224][ T6129] 8021q: adding VLAN 0 to HW filter on device bond0
[ 82.806551][ T6129] 8021q: adding VLAN 0 to HW filter on device team0
[ 82.818959][ T61] bridge0: port 1(bridge_slave_0) entered blocking state
[ 82.826197][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 82.859984][ T61] bridge0: port 2(bridge_slave_1) entered blocking state
[ 82.867409][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 83.040208][ T6129] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 83.084581][ T6129] veth0_vlan: entered promiscuous mode
[ 83.096050][ T6129] veth1_vlan: entered promiscuous mode
[ 83.128072][ T6129] veth0_macvtap: entered promiscuous mode
[ 83.138315][ T6129] veth1_macvtap: entered promiscuous mode
[ 83.160010][ T6129] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 83.176028][ T6129] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 83.190402][ T6129] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.202707][ T6129] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.211470][ T6129] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.222758][ T6129] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.292864][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 83.301054][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 83.342458][ T2912] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 83.350592][ T2912] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 83.434225][ T6192] FAULT_INJECTION: forcing a failure.
[ 83.434225][ T6192] name failslab, interval 1, probability 0, space 0, times 1
[ 83.450003][ T6192] CPU: 0 UID: 0 PID: 6192 Comm: syz-executor.0 Not tainted 6.13.0-rc4-syzkaller-g9b2ffa6148b1 #0
[ 83.460576][ T6192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 83.470733][ T6192] Call Trace:
[ 83.474022][ T6192]
[ 83.476957][ T6192] dump_stack_lvl+0x241/0x360
[ 83.481678][ T6192] ? __pfx_dump_stack_lvl+0x10/0x10
[ 83.486964][ T6192] ? __pfx__printk+0x10/0x10
[ 83.491567][ T6192] ? __kmalloc_cache_noprof+0x48/0x390
[ 83.497042][ T6192] ? __pfx___might_resched+0x10/0x10
[ 83.502370][ T6192] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 83.508352][ T6192] should_fail_ex+0x3b0/0x4e0
[ 83.513250][ T6192] should_failslab+0xac/0x100
[ 83.517943][ T6192] __kmalloc_cache_noprof+0x70/0x390
[ 83.523490][ T6192] ? dccp_feat_entry_new+0x173/0x3a0
[ 83.528786][ T6192] dccp_feat_entry_new+0x173/0x3a0
[ 83.534000][ T6192] dccp_feat_parse_options+0xeac/0x2c40
[ 83.539556][ T6192] ? __pfx_dccp_feat_parse_options+0x10/0x10
[ 83.545622][ T6192] ? __kmalloc_cache_noprof+0x243/0x390
[ 83.551254][ T6192] ? dccp_ackvec_parsed_add+0x5c/0x1d0
[ 83.556719][ T6192] dccp_parse_options+0x13bd/0x2670
[ 83.562167][ T6192] dccp_rcv_established+0x55/0x320
[ 83.567390][ T6192] dccp_v4_do_rcv+0xff/0x1f0
[ 83.572203][ T6192] ? __pfx_dccp_v4_do_rcv+0x10/0x10
[ 83.577441][ T6192] __release_sock+0x243/0x350
[ 83.582153][ T6192] release_sock+0x61/0x1f0
[ 83.586854][ T6192] dccp_sendmsg+0x4f0/0xb90
[ 83.591577][ T6192] ? __pfx_dccp_sendmsg+0x10/0x10
[ 83.596630][ T6192] ? sock_rps_record_flow+0x1a/0x400
[ 83.602211][ T6192] ? inet_sendmsg+0x330/0x390
[ 83.606981][ T6192] __sock_sendmsg+0x1a6/0x270
[ 83.612023][ T6192] ____sys_sendmsg+0x52a/0x7e0
[ 83.616975][ T6192] ? __pfx_____sys_sendmsg+0x10/0x10
[ 83.622448][ T6192] ? __fget_files+0x2a/0x410
[ 83.627053][ T6192] ? __fget_files+0x2a/0x410
[ 83.631738][ T6192] __sys_sendmmsg+0x36a/0x720
[ 83.636594][ T6192] ? __pfx___sys_sendmmsg+0x10/0x10
[ 83.641806][ T6192] ? __pfx_lock_release+0x10/0x10
[ 83.647108][ T6192] ? kstrtouint_from_user+0x128/0x190
[ 83.652497][ T6192] ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 83.659285][ T6192] ? ksys_write+0x22a/0x2b0
[ 83.663874][ T6192] ? __pfx_lock_release+0x10/0x10
[ 83.668988][ T6192] ? vfs_write+0x730/0xd30
[ 83.673430][ T6192] ? __mutex_unlock_slowpath+0x21e/0x790
[ 83.679614][ T6192] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 83.685615][ T6192] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 83.692315][ T6192] ? do_syscall_64+0x100/0x230
[ 83.697399][ T6192] __x64_sys_sendmmsg+0xa0/0xb0
[ 83.702255][ T6192] do_syscall_64+0xf3/0x230
[ 83.706979][ T6192] ? clear_bhb_loop+0x35/0x90
[ 83.711926][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 83.717934][ T6192] RIP: 0033:0x7f489087ad39
[ 83.722468][ T6192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 83.742263][ T6192] RSP: 002b:00007f4891a2e0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 83.750948][ T6192] RAX: ffffffffffffffda RBX: 00007f489099bf80 RCX: 00007f489087ad39
[ 83.759009][ T6192] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005
[ 83.766984][ T6192] RBP: 00007f4891a2e120 R08: 0000000000000000 R09: 0000000000000000
[ 83.775040][ T6192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 83.783013][ T6192] R13: 000000000000000b R14: 00007f489099bf80 R15: 00007ffcbc5d3d78
[ 83.790996][ T6192]
[ 83.803049][ T6192] dccp_parse_options: DCCP(ffff888031481600): Option 32 (len=7) error=9
[ 83.811923][ T54] Bluetooth: hci0: command tx timeout
[ 83.821120][ T6192] ==================================================================
[ 83.829492][ T6192] BUG: KASAN: slab-use-after-free in ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 83.838512][ T6192] Read of size 1 at addr ffff888077269494 by task syz-executor.0/6192
[ 83.847029][ T6192]
[ 83.849366][ T6192] CPU: 1 UID: 0 PID: 6192 Comm: syz-executor.0 Not tainted 6.13.0-rc4-syzkaller-g9b2ffa6148b1 #0
[ 83.860121][ T6192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 83.870519][ T6192] Call Trace:
[ 83.873927][ T6192]
[ 83.876865][ T6192] dump_stack_lvl+0x241/0x360
[ 83.881576][ T6192] ? __pfx_dump_stack_lvl+0x10/0x10
[ 83.886872][ T6192] ? __pfx__printk+0x10/0x10
[ 83.891469][ T6192] ? _printk+0xd5/0x120
[ 83.895621][ T6192] ? __virt_addr_valid+0x183/0x530
[ 83.900731][ T6192] ? __virt_addr_valid+0x183/0x530
[ 83.906044][ T6192] print_report+0x169/0x550
[ 83.910552][ T6192] ? __virt_addr_valid+0x183/0x530
[ 83.915920][ T6192] ? __virt_addr_valid+0x183/0x530
[ 83.921118][ T6192] ? __virt_addr_valid+0x45f/0x530
[ 83.926872][ T6192] ? __phys_addr+0xba/0x170
[ 83.931369][ T6192] ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 83.937354][ T6192] kasan_report+0x143/0x180
[ 83.942130][ T6192] ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 83.948282][ T6192] ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 83.954121][ T6192] ? dccp_ackvec_input+0x1d5/0xf60
[ 83.959322][ T6192] ? ccid2_hc_rx_packet_recv+0x12e/0x1c0
[ 83.965042][ T6192] ? __pfx_ccid2_hc_tx_packet_recv+0x10/0x10
[ 83.971278][ T6192] dccp_rcv_established+0x295/0x320
[ 83.976673][ T6192] dccp_v4_do_rcv+0xff/0x1f0
[ 83.981719][ T6192] ? __pfx_dccp_v4_do_rcv+0x10/0x10
[ 83.987471][ T6192] __release_sock+0x243/0x350
[ 83.992357][ T6192] release_sock+0x61/0x1f0
[ 83.997111][ T6192] dccp_sendmsg+0x4f0/0xb90
[ 84.001744][ T6192] ? __pfx_dccp_sendmsg+0x10/0x10
[ 84.006953][ T6192] ? sock_rps_record_flow+0x1a/0x400
[ 84.012594][ T6192] ? inet_sendmsg+0x330/0x390
[ 84.017701][ T6192] __sock_sendmsg+0x1a6/0x270
[ 84.022487][ T6192] ____sys_sendmsg+0x52a/0x7e0
[ 84.027705][ T6192] ? __pfx_____sys_sendmsg+0x10/0x10
[ 84.033867][ T6192] ? __fget_files+0x2a/0x410
[ 84.038548][ T6192] ? __sys_sendmmsg+0x392/0x720
[ 84.043594][ T6192] ? __might_fault+0xaa/0x120
[ 84.048538][ T6192] __sys_sendmmsg+0x36a/0x720
[ 84.053509][ T6192] ? __pfx___sys_sendmmsg+0x10/0x10
[ 84.058710][ T6192] ? __pfx_lock_release+0x10/0x10
[ 84.064118][ T6192] ? kstrtouint_from_user+0x128/0x190
[ 84.069968][ T6192] ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 84.076048][ T6192] ? ksys_write+0x22a/0x2b0
[ 84.080924][ T6192] ? __pfx_lock_release+0x10/0x10
[ 84.086142][ T6192] ? vfs_write+0x730/0xd30
[ 84.090731][ T6192] ? __mutex_unlock_slowpath+0x21e/0x790
[ 84.096547][ T6192] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 84.102698][ T6192] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 84.109285][ T6192] ? do_syscall_64+0x100/0x230
[ 84.114076][ T6192] __x64_sys_sendmmsg+0xa0/0xb0
[ 84.119044][ T6192] do_syscall_64+0xf3/0x230
[ 84.123664][ T6192] ? clear_bhb_loop+0x35/0x90
[ 84.128607][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 84.134607][ T6192] RIP: 0033:0x7f489087ad39
[ 84.139104][ T6192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 84.158975][ T6192] RSP: 002b:00007f4891a2e0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 84.167652][ T6192] RAX: ffffffffffffffda RBX: 00007f489099bf80 RCX: 00007f489087ad39
[ 84.175967][ T6192] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005
[ 84.184404][ T6192] RBP: 00007f4891a2e120 R08: 0000000000000000 R09: 0000000000000000
[ 84.192628][ T6192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 84.200591][ T6192] R13: 000000000000000b R14: 00007f489099bf80 R15: 00007ffcbc5d3d78
[ 84.208649][ T6192]
[ 84.211933][ T6192]
[ 84.214249][ T6192] Allocated by task 6192:
[ 84.218833][ T6192] kasan_save_track+0x3f/0x80
[ 84.223684][ T6192] __kasan_kmalloc+0x98/0xb0
[ 84.228451][ T6192] __kmalloc_node_track_caller_noprof+0x28b/0x4c0
[ 84.235069][ T6192] kmalloc_reserve+0x111/0x2a0
[ 84.240104][ T6192] __alloc_skb+0x1f3/0x440
[ 84.244957][ T6192] dccp_send_ack+0xaa/0x310
[ 84.249459][ T6192] ccid2_hc_rx_packet_recv+0x10c/0x1c0
[ 84.255004][ T6192] dccp_rcv_established+0x1bb/0x320
[ 84.260208][ T6192] dccp_v4_do_rcv+0xff/0x1f0
[ 84.264885][ T6192] __sk_receive_skb+0x82b/0x8b0
[ 84.269734][ T6192] ip_protocol_deliver_rcu+0x2e9/0x440
[ 84.275420][ T6192] ip_local_deliver_finish+0x341/0x5f0
[ 84.280899][ T6192] NF_HOOK+0x3a4/0x450
[ 84.285336][ T6192] NF_HOOK+0x3a4/0x450
[ 84.289594][ T6192] __netif_receive_skb+0x2bf/0x650
[ 84.294877][ T6192] process_backlog+0x662/0x15b0
[ 84.299721][ T6192] __napi_poll+0xcb/0x490
[ 84.304313][ T6192] net_rx_action+0x89b/0x1240
[ 84.309002][ T6192] handle_softirqs+0x2d4/0x9b0
[ 84.313767][ T6192] do_softirq+0x11b/0x1e0
[ 84.318102][ T6192] __local_bh_enable_ip+0x1bb/0x200
[ 84.323468][ T6192] __dev_queue_xmit+0x1775/0x3f50
[ 84.328502][ T6192] ip_finish_output2+0xd41/0x1390
[ 84.333714][ T6192] __ip_queue_xmit+0x12ca/0x1ef0
[ 84.339016][ T6192] dccp_transmit_skb+0xf65/0x16f0
[ 84.344404][ T6192] dccp_xmit_packet+0x376/0x610
[ 84.349528][ T6192] dccp_write_xmit+0x138/0x220
[ 84.354553][ T6192] dccp_sendmsg+0x76f/0xb90
[ 84.359155][ T6192] __sock_sendmsg+0x1a6/0x270
[ 84.363930][ T6192] ____sys_sendmsg+0x52a/0x7e0
[ 84.368871][ T6192] __sys_sendmmsg+0x36a/0x720
[ 84.373626][ T6192] __x64_sys_sendmmsg+0xa0/0xb0
[ 84.378560][ T6192] do_syscall_64+0xf3/0x230
[ 84.383145][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 84.389153][ T6192]
[ 84.391468][ T6192] Freed by task 6192:
[ 84.395433][ T6192] kasan_save_track+0x3f/0x80
[ 84.400104][ T6192] kasan_save_free_info+0x40/0x50
[ 84.405127][ T6192] __kasan_slab_free+0x59/0x70
[ 84.409912][ T6192] kfree+0x196/0x430
[ 84.413810][ T6192] skb_release_data+0x6a0/0x8a0
[ 84.418658][ T6192] sk_skb_reason_drop+0x1c9/0x380
[ 84.423770][ T6192] dccp_v4_do_rcv+0x145/0x1f0
[ 84.428530][ T6192] __release_sock+0x243/0x350
[ 84.433631][ T6192] release_sock+0x61/0x1f0
[ 84.438152][ T6192] dccp_sendmsg+0x4f0/0xb90
[ 84.443007][ T6192] __sock_sendmsg+0x1a6/0x270
[ 84.447864][ T6192] ____sys_sendmsg+0x52a/0x7e0
[ 84.452795][ T6192] __sys_sendmmsg+0x36a/0x720
[ 84.457513][ T6192] __x64_sys_sendmmsg+0xa0/0xb0
[ 84.462444][ T6192] do_syscall_64+0xf3/0x230
[ 84.466944][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 84.472925][ T6192]
[ 84.475334][ T6192] The buggy address belongs to the object at ffff888077269000
[ 84.475334][ T6192] which belongs to the cache kmalloc-2k of size 2048
[ 84.489380][ T6192] The buggy address is located 1172 bytes inside of
[ 84.489380][ T6192] freed 2048-byte region [ffff888077269000, ffff888077269800)
[ 84.503607][ T6192]
[ 84.505921][ T6192] The buggy address belongs to the physical page:
[ 84.512506][ T6192] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x77268
[ 84.521867][ T6192] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 84.530560][ T6192] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 84.538238][ T6192] page_type: f5(slab)
[ 84.542217][ T6192] raw: 00fff00000000040 ffff88801ac42000 dead000000000100 dead000000000122
[ 84.550972][ T6192] raw: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000
[ 84.559550][ T6192] head: 00fff00000000040 ffff88801ac42000 dead000000000100 dead000000000122
[ 84.568662][ T6192] head: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000
[ 84.577584][ T6192] head: 00fff00000000003 ffffea0001dc9a01 ffffffffffffffff 0000000000000000
[ 84.586332][ T6192] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 84.595085][ T6192] page dumped because: kasan: bad access detected
[ 84.601673][ T6192] page_owner tracks the page as allocated
[ 84.607469][ T6192] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5849, tgid 5849 (kworker/0:3), ts 61372449480, free_ts 20064077321
[ 84.629287][ T6192] post_alloc_hook+0x1f3/0x230
[ 84.634070][ T6192] get_page_from_freelist+0x365c/0x37a0
[ 84.639611][ T6192] __alloc_pages_noprof+0x292/0x710
[ 84.644975][ T6192] alloc_pages_mpol_noprof+0x3e8/0x680
[ 84.650607][ T6192] alloc_slab_page+0x6a/0x110
[ 84.655456][ T6192] allocate_slab+0x5a/0x2b0
[ 84.659957][ T6192] ___slab_alloc+0xc27/0x14a0
[ 84.664636][ T6192] __slab_alloc+0x58/0xa0
[ 84.668963][ T6192] __kmalloc_node_track_caller_noprof+0x2e9/0x4c0
[ 84.675469][ T6192] kmalloc_reserve+0x111/0x2a0
[ 84.680247][ T6192] __alloc_skb+0x1f3/0x440
[ 84.684668][ T6192] alloc_skb_with_frags+0xc3/0x820
[ 84.689786][ T6192] sock_alloc_send_pskb+0x91a/0xa60
[ 84.694992][ T6192] mld_newpack+0x1c3/0xaf0
[ 84.699406][ T6192] add_grec+0x1492/0x19a0
[ 84.703815][ T6192] mld_send_initial_cr+0x228/0x4b0
[ 84.709107][ T6192] page last free pid 1 tgid 1 stack trace:
[ 84.714995][ T6192] free_unref_page+0xd3f/0x1010
[ 84.719951][ T6192] free_contig_range+0x14c/0x430
[ 84.724975][ T6192] destroy_args+0x92/0x910
[ 84.729574][ T6192] debug_vm_pgtable+0x4be/0x550
[ 84.734944][ T6192] do_one_initcall+0x248/0x870
[ 84.739707][ T6192] do_initcall_level+0x157/0x210
[ 84.744655][ T6192] do_initcalls+0x3f/0x80
[ 84.748980][ T6192] kernel_init_freeable+0x435/0x5d0
[ 84.754192][ T6192] kernel_init+0x1d/0x2b0
[ 84.758512][ T6192] ret_from_fork+0x4b/0x80
[ 84.763095][ T6192] ret_from_fork_asm+0x1a/0x30
[ 84.767854][ T6192]
[ 84.770183][ T6192] Memory state around the buggy address:
[ 84.775866][ T6192] ffff888077269380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 84.784366][ T6192] ffff888077269400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 84.792690][ T6192] >ffff888077269480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 84.800832][ T6192] ^
[ 84.805413][ T6192] ffff888077269500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 84.813633][ T6192] ffff888077269580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 84.821773][ T6192] ==================================================================
[ 84.839400][ T6192] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 84.846736][ T6192] CPU: 1 UID: 0 PID: 6192 Comm: syz-executor.0 Not tainted 6.13.0-rc4-syzkaller-g9b2ffa6148b1 #0
[ 84.857341][ T6192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 84.867520][ T6192] Call Trace:
[ 84.870819][ T6192]
[ 84.873957][ T6192] dump_stack_lvl+0x241/0x360
[ 84.878933][ T6192] ? __pfx_dump_stack_lvl+0x10/0x10
[ 84.884255][ T6192] ? __pfx__printk+0x10/0x10
[ 84.888879][ T6192] ? preempt_schedule+0xe1/0xf0
[ 84.893758][ T6192] ? vscnprintf+0x5d/0x90
[ 84.898293][ T6192] panic+0x349/0x880
[ 84.902264][ T6192] ? check_panic_on_warn+0x21/0xb0
[ 84.907712][ T6192] ? __pfx_panic+0x10/0x10
[ 84.912258][ T6192] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 84.918299][ T6192] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 84.924757][ T6192] ? print_report+0x502/0x550
[ 84.929644][ T6192] check_panic_on_warn+0x86/0xb0
[ 84.934797][ T6192] ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 84.941103][ T6192] end_report+0x77/0x160
[ 84.945738][ T6192] kasan_report+0x154/0x180
[ 84.950381][ T6192] ? ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 84.956583][ T6192] ccid2_hc_tx_packet_recv+0x1902/0x2070
[ 84.962694][ T6192] ? dccp_ackvec_input+0x1d5/0xf60
[ 84.967942][ T6192] ? ccid2_hc_rx_packet_recv+0x12e/0x1c0
[ 84.973614][ T6192] ? __pfx_ccid2_hc_tx_packet_recv+0x10/0x10
[ 84.979734][ T6192] dccp_rcv_established+0x295/0x320
[ 84.985284][ T6192] dccp_v4_do_rcv+0xff/0x1f0
[ 84.990060][ T6192] ? __pfx_dccp_v4_do_rcv+0x10/0x10
[ 84.995549][ T6192] __release_sock+0x243/0x350
[ 85.000442][ T6192] release_sock+0x61/0x1f0
[ 85.004913][ T6192] dccp_sendmsg+0x4f0/0xb90
[ 85.009576][ T6192] ? __pfx_dccp_sendmsg+0x10/0x10
[ 85.014892][ T6192] ? sock_rps_record_flow+0x1a/0x400
[ 85.020433][ T6192] ? inet_sendmsg+0x330/0x390
[ 85.025330][ T6192] __sock_sendmsg+0x1a6/0x270
[ 85.030224][ T6192] ____sys_sendmsg+0x52a/0x7e0
[ 85.035195][ T6192] ? __pfx_____sys_sendmsg+0x10/0x10
[ 85.040945][ T6192] ? __fget_files+0x2a/0x410
[ 85.045618][ T6192] ? __sys_sendmmsg+0x392/0x720
[ 85.050667][ T6192] ? __might_fault+0xaa/0x120
[ 85.055545][ T6192] __sys_sendmmsg+0x36a/0x720
[ 85.060435][ T6192] ? __pfx___sys_sendmmsg+0x10/0x10
[ 85.065849][ T6192] ? __pfx_lock_release+0x10/0x10
[ 85.070998][ T6192] ? kstrtouint_from_user+0x128/0x190
[ 85.076591][ T6192] ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 85.082521][ T6192] ? ksys_write+0x22a/0x2b0
[ 85.087057][ T6192] ? __pfx_lock_release+0x10/0x10
[ 85.092204][ T6192] ? vfs_write+0x730/0xd30
[ 85.096821][ T6192] ? __mutex_unlock_slowpath+0x21e/0x790
[ 85.102527][ T6192] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 85.108724][ T6192] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 85.115344][ T6192] ? do_syscall_64+0x100/0x230
[ 85.120239][ T6192] __x64_sys_sendmmsg+0xa0/0xb0
[ 85.125130][ T6192] do_syscall_64+0xf3/0x230
[ 85.129757][ T6192] ? clear_bhb_loop+0x35/0x90
[ 85.134638][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.140739][ T6192] RIP: 0033:0x7f489087ad39
[ 85.145180][ T6192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 85.165019][ T6192] RSP: 002b:00007f4891a2e0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 85.173555][ T6192] RAX: ffffffffffffffda RBX: 00007f489099bf80 RCX: 00007f489087ad39
[ 85.182001][ T6192] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005
[ 85.190447][ T6192] RBP: 00007f4891a2e120 R08: 0000000000000000 R09: 0000000000000000
[ 85.198628][ T6192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 85.206973][ T6192] R13: 000000000000000b R14: 00007f489099bf80 R15: 00007ffcbc5d3d78
[ 85.215498][ T6192]
[ 85.218917][ T6192] Kernel Offset: disabled
[ 85.223699][ T6192] Rebooting in 86400 seconds..