Warning: Permanently added '10.128.0.209' (ED25519) to the list of known hosts.
2026/01/29 04:04:00 parsed 1 programs
syzkaller login: [   71.099746][ T5829] cgroup: Unknown subsys name 'net'
[   71.208194][ T5829] cgroup: Unknown subsys name 'cpuset'
[   71.216356][ T5829] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   72.612298][ T5829] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   75.054949][ T5839] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   76.848902][ T5885] chnl_net:caif_netlink_parms(): no params data found
[   76.923346][ T5885] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.931080][ T5885] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.938445][ T5885] bridge_slave_0: entered allmulticast mode
[   76.945810][ T5885] bridge_slave_0: entered promiscuous mode
[   76.957356][ T5885] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.964470][ T5885] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.971655][ T5885] bridge_slave_1: entered allmulticast mode
[   76.978613][ T5885] bridge_slave_1: entered promiscuous mode
[   77.002004][ T5885] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   77.014712][ T5885] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   77.049578][ T5885] team0: Port device team_slave_0 added
[   77.056987][ T5885] team0: Port device team_slave_1 added
[   77.077376][ T5885] batman_adv: batadv0: Adding interface: batadv_slave_0
[   77.084319][ T5885] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   77.110224][ T5885] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   77.123141][ T5885] batman_adv: batadv0: Adding interface: batadv_slave_1
[   77.130245][ T5885] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   77.156643][ T5885] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   77.198530][ T5885] hsr_slave_0: entered promiscuous mode
[   77.204735][ T5885] hsr_slave_1: entered promiscuous mode
[   77.322260][ T5885] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   77.334850][ T5885] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   77.344577][ T5885] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   77.354556][ T5885] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   77.380763][ T5885] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.387949][ T5885] bridge0: port 2(bridge_slave_1) entered forwarding state
[   77.396538][ T5885] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.403697][ T5885] bridge0: port 1(bridge_slave_0) entered forwarding state
[   77.451306][ T5885] 8021q: adding VLAN 0 to HW filter on device bond0
[   77.468322][ T3576] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.477242][ T3576] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.492449][ T5885] 8021q: adding VLAN 0 to HW filter on device team0
[   77.504815][ T3902] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.511951][ T3902] bridge0: port 1(bridge_slave_0) entered forwarding state
[   77.525429][ T3576] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.532595][ T3576] bridge0: port 2(bridge_slave_1) entered forwarding state
[   77.680976][ T5885] 8021q: adding VLAN 0 to HW filter on device batadv0
[   77.714555][ T5885] veth0_vlan: entered promiscuous mode
[   77.726060][ T5885] veth1_vlan: entered promiscuous mode
[   77.751712][ T5885] veth0_macvtap: entered promiscuous mode
[   77.761504][ T5885] veth1_macvtap: entered promiscuous mode
[   77.779698][ T5885] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.794582][ T5885] batman_adv: batadv0: Interface activated: batadv_slave_1
[   77.808624][ T3576] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.818001][ T3576] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.829686][ T3576] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.838737][ T3576] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.976684][ T3576] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.037909][ T3576] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.101723][ T3576] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.188980][ T3576] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.557108][ T5152] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   78.564828][ T5152] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   78.574252][ T5152] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   78.582569][ T5152] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   78.590604][ T5152] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   78.818203][ T3902] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.839126][   T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.839612][ T3902] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.847022][   T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2026/01/29 04:04:11 executed programs: 0
[   79.557341][ T5152] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   79.565053][ T5152] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   79.573978][ T5152] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   79.582810][ T5152] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   79.591001][ T5152] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   79.718120][ T5943] chnl_net:caif_netlink_parms(): no params data found
[   79.778650][ T5943] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.785888][ T5943] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.792994][ T5943] bridge_slave_0: entered allmulticast mode
[   79.800035][ T5943] bridge_slave_0: entered promiscuous mode
[   79.807875][ T5943] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.815034][ T5943] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.822543][ T5943] bridge_slave_1: entered allmulticast mode
[   79.829536][ T5943] bridge_slave_1: entered promiscuous mode
[   79.853556][ T5943] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   79.865871][ T5943] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   79.892710][ T5943] team0: Port device team_slave_0 added
[   79.900338][ T5943] team0: Port device team_slave_1 added
[   79.922234][ T5943] batman_adv: batadv0: Adding interface: batadv_slave_0
[   79.929848][ T5943] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   79.956036][ T5943] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   79.968129][ T5943] batman_adv: batadv0: Adding interface: batadv_slave_1
[   79.975070][ T5943] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   80.001126][ T5943] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   80.040561][ T5943] hsr_slave_0: entered promiscuous mode
[   80.046834][ T5943] hsr_slave_1: entered promiscuous mode
[   80.052831][ T5943] debugfs: 'hsr0' already exists in 'hsr'
[   80.059080][ T5943] Cannot create hsr debugfs directory
[   80.766897][ T3576] bridge_slave_1: left allmulticast mode
[   80.772652][ T3576] bridge_slave_1: left promiscuous mode
[   80.781582][ T3576] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.792372][ T3576] bridge_slave_0: left allmulticast mode
[   80.798853][ T3576] bridge_slave_0: left promiscuous mode
[   80.804521][ T3576] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.984606][ T3576] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   80.995291][ T3576] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   81.004872][ T3576] bond0 (unregistering): Released all slaves
[   81.103502][ T3576] hsr_slave_0: left promiscuous mode
[   81.109811][ T3576] hsr_slave_1: left promiscuous mode
[   81.118853][ T3576] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   81.126430][ T3576] batman_adv: batadv0: Removing interface: batadv_slave_0
[   81.134797][ T3576] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   81.146021][ T3576] batman_adv: batadv0: Removing interface: batadv_slave_1
[   81.169881][ T3576] veth1_macvtap: left promiscuous mode
[   81.175737][ T3576] veth0_macvtap: left promiscuous mode
[   81.181413][ T3576] veth1_vlan: left promiscuous mode
[   81.187298][ T3576] veth0_vlan: left promiscuous mode
[   81.609412][   T52] Bluetooth: hci0: command tx timeout
[   81.672702][ T3576] team0 (unregistering): Port device team_slave_1 removed
[   81.710268][ T3576] team0 (unregistering): Port device team_slave_0 removed
[   82.207466][ T5943] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   82.220123][ T5943] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   82.241164][ T5943] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   82.253755][ T5943] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   82.359296][ T5943] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.633781][ T5943] 8021q: adding VLAN 0 to HW filter on device team0
[   82.645220][ T1339] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.652353][ T1339] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.676079][   T60] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.683214][   T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.949538][ T5943] 8021q: adding VLAN 0 to HW filter on device batadv0
[   83.016402][ T5943] veth0_vlan: entered promiscuous mode
[   83.027598][ T5943] veth1_vlan: entered promiscuous mode
[   83.063452][ T5943] veth0_macvtap: entered promiscuous mode
[   83.074310][ T5943] veth1_macvtap: entered promiscuous mode
[   83.098871][ T5943] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.114657][ T5943] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.145727][ T2138] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.155077][ T2138] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.164215][ T2138] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.174153][ T2138] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.241572][ T3576] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.254403][ T3576] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.274549][ T1339] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.284111][ T1339] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.690358][   T52] Bluetooth: hci0: command tx timeout
2026/01/29 04:04:16 executed programs: 7
[   85.454712][ T6020] ==================================================================
[   85.462813][ T6020] BUG: KASAN: slab-use-after-free in sk_msg_recvmsg+0xb54/0xc30
[   85.470467][ T6020] Read of size 4 at addr ffff88814cdcf000 by task syz.0.24/6020
[   85.478093][ T6020] 
[   85.480437][ T6020] CPU: 1 UID: 0 PID: 6020 Comm: syz.0.24 Not tainted syzkaller #0 PREEMPT(full) 
[   85.480458][ T6020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[   85.480476][ T6020] Call Trace:
[   85.480483][ T6020]  <TASK>
[   85.480491][ T6020]  dump_stack_lvl+0xe8/0x150
[   85.480518][ T6020]  print_report+0xba/0x230
[   85.480537][ T6020]  ? sk_msg_recvmsg+0xb54/0xc30
[   85.480556][ T6020]  kasan_report+0x117/0x150
[   85.480577][ T6020]  ? sk_msg_recvmsg+0xb54/0xc30
[   85.480599][ T6020]  sk_msg_recvmsg+0xb54/0xc30
[   85.480629][ T6020]  udp_bpf_recvmsg+0x4bd/0xe00
[   85.480658][ T6020]  ? udp_bpf_recvmsg+0xe8/0xe00
[   85.480689][ T6020]  ? __pfx_udp_bpf_recvmsg+0x10/0x10
[   85.480711][ T6020]  ? aa_sk_perm+0x15a/0x960
[   85.480733][ T6020]  ? aa_sk_perm+0x82d/0x960
[   85.480753][ T6020]  ? sock_rps_record_flow+0x19/0x400
[   85.480777][ T6020]  ? __pfx_udp_bpf_recvmsg+0x10/0x10
[   85.480799][ T6020]  inet_recvmsg+0x260/0x270
[   85.480821][ T6020]  ? trace_sched_exit_tp+0x36/0xf0
[   85.480845][ T6020]  ? __pfx_inet_recvmsg+0x10/0x10
[   85.480866][ T6020]  ? __lock_acquire+0x6b5/0x2cf0
[   85.480891][ T6020]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[   85.480913][ T6020]  ? security_socket_recvmsg+0x7e/0x2c0
[   85.480939][ T6020]  sock_recvmsg+0x1a8/0x270
[   85.480958][ T6020]  ____sys_recvmsg+0x1e6/0x4a0
[   85.480984][ T6020]  ? __pfx_____sys_recvmsg+0x10/0x10
[   85.481013][ T6020]  ? import_iovec+0x73/0xa0
[   85.481039][ T6020]  ___sys_recvmsg+0x215/0x590
[   85.481063][ T6020]  ? __pfx____sys_recvmsg+0x10/0x10
[   85.481088][ T6020]  ? __fget_files+0x2a/0x420
[   85.481114][ T6020]  ? __fget_files+0x3a0/0x420
[   85.481138][ T6020]  do_recvmmsg+0x334/0x800
[   85.481164][ T6020]  ? __pfx_do_recvmmsg+0x10/0x10
[   85.481192][ T6020]  ? __pfx_do_futex+0x10/0x10
[   85.481222][ T6020]  __x64_sys_recvmmsg+0x198/0x250
[   85.481246][ T6020]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[   85.481274][ T6020]  do_syscall_64+0xe2/0xf80
[   85.481292][ T6020]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.481309][ T6020]  ? trace_irq_disable+0x37/0x100
[   85.481326][ T6020]  ? clear_bhb_loop+0x60/0xb0
[   85.481345][ T6020]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.481362][ T6020] RIP: 0033:0x7fb319f9aeb9
[   85.481383][ T6020] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.481398][ T6020] RSP: 002b:00007fb31ad97028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[   85.481418][ T6020] RAX: ffffffffffffffda RBX: 00007fb31a216090 RCX: 00007fb319f9aeb9
[   85.481431][ T6020] RDX: 0000000000000001 RSI: 0000200000000400 RDI: 0000000000000004
[   85.481442][ T6020] RBP: 00007fb31a008c1f R08: 0000000000000000 R09: 0000000000000000
[   85.481454][ T6020] R10: 0000000040000021 R11: 0000000000000246 R12: 0000000000000000
[   85.481465][ T6020] R13: 00007fb31a216128 R14: 00007fb31a216090 R15: 00007ffe21dd0a98
[   85.481486][ T6020]  </TASK>
[   85.481492][ T6020] 
[   85.764842][ T6020] Allocated by task 6019:
[   85.769152][ T6020]  kasan_save_track+0x3e/0x80
[   85.773820][ T6020]  __kasan_kmalloc+0x93/0xb0
[   85.778393][ T6020]  __kmalloc_cache_noprof+0x3d1/0x6e0
[   85.783747][ T6020]  sk_psock_skb_ingress_self+0x60/0x350
[   85.789278][ T6020]  sk_psock_verdict_recv+0x7d9/0x8d0
[   85.794545][ T6020]  udp_read_skb+0x73e/0x7e0
[   85.799035][ T6020]  sk_psock_verdict_data_ready+0x12d/0x550
[   85.804832][ T6020]  __udp_enqueue_schedule_skb+0xc54/0x10b0
[   85.810635][ T6020]  udp_queue_rcv_one_skb+0xac5/0x19c0
[   85.815993][ T6020]  __udp4_lib_mcast_deliver+0xc06/0xcf0
[   85.821526][ T6020]  __udp4_lib_rcv+0x10f6/0x2620
[   85.826363][ T6020]  ip_protocol_deliver_rcu+0x282/0x440
[   85.831811][ T6020]  ip_local_deliver_finish+0x3bb/0x6f0
[   85.837261][ T6020]  NF_HOOK+0x336/0x3c0
[   85.841313][ T6020]  ip_sublist_rcv_finish+0x221/0x2a0
[   85.846577][ T6020]  ip_sublist_rcv+0x5c6/0xa70
[   85.851245][ T6020]  ip_list_rcv+0x3f1/0x450
[   85.855651][ T6020]  __netif_receive_skb_list_core+0x7e5/0x810
[   85.861613][ T6020]  netif_receive_skb_list_internal+0x995/0xcf0
[   85.867764][ T6020]  netif_receive_skb_list+0x54/0x410
[   85.873035][ T6020]  bpf_test_run_xdp_live+0x1946/0x1cf0
[   85.878474][ T6020]  bpf_prog_test_run_xdp+0x81c/0x1160
[   85.883827][ T6020]  bpf_prog_test_run+0x2c7/0x340
[   85.888749][ T6020]  __sys_bpf+0x5cb/0x920
[   85.892970][ T6020]  __x64_sys_bpf+0x7c/0x90
[   85.897379][ T6020]  do_syscall_64+0xe2/0xf80
[   85.901865][ T6020]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.907738][ T6020] 
[   85.910043][ T6020] Freed by task 6021:
[   85.913999][ T6020]  kasan_save_track+0x3e/0x80
[   85.918656][ T6020]  kasan_save_free_info+0x46/0x50
[   85.923665][ T6020]  __kasan_slab_free+0x5c/0x80
[   85.928406][ T6020]  kfree+0x1be/0x650
[   85.932287][ T6020]  sk_msg_recvmsg+0xaa8/0xc30
[   85.936944][ T6020]  udp_bpf_recvmsg+0x4bd/0xe00
[   85.941692][ T6020]  inet_recvmsg+0x260/0x270
[   85.946180][ T6020]  sock_recvmsg+0x1a8/0x270
[   85.950663][ T6020]  ____sys_recvmsg+0x1e6/0x4a0
[   85.955497][ T6020]  ___sys_recvmsg+0x215/0x590
[   85.960159][ T6020]  do_recvmmsg+0x334/0x800
[   85.964559][ T6020]  __x64_sys_recvmmsg+0x198/0x250
[   85.969569][ T6020]  do_syscall_64+0xe2/0xf80
[   85.974053][ T6020]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.979938][ T6020] 
[   85.982257][ T6020] The buggy address belongs to the object at ffff88814cdcf000
[   85.982257][ T6020]  which belongs to the cache kmalloc-1k of size 1024
[   85.996304][ T6020] The buggy address is located 0 bytes inside of
[   85.996304][ T6020]  freed 1024-byte region [ffff88814cdcf000, ffff88814cdcf400)
[   86.010007][ T6020] 
[   86.012316][ T6020] The buggy address belongs to the physical page:
[   86.018735][ T6020] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14cdc8
[   86.027569][ T6020] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   86.036046][ T6020] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[   86.043671][ T6020] page_type: f5(slab)
[   86.047649][ T6020] raw: 057ff00000000040 ffff88813fe26dc0 ffffea000509f800 dead000000000002
[   86.056212][ T6020] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   86.064778][ T6020] head: 057ff00000000040 ffff88813fe26dc0 ffffea000509f800 dead000000000002
[   86.073426][ T6020] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   86.082078][ T6020] head: 057ff00000000003 ffffea0005337201 00000000ffffffff 00000000ffffffff
[   86.090727][ T6020] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   86.099386][ T6020] page dumped because: kasan: bad access detected
[   86.105796][ T6020] page_owner tracks the page as allocated
[   86.111491][ T6020] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 17135672743, free_ts 0
[   86.131188][ T6020]  post_alloc_hook+0x228/0x280
[   86.135937][ T6020]  get_page_from_freelist+0x24dc/0x2580
[   86.141466][ T6020]  __alloc_frozen_pages_noprof+0x18d/0x380
[   86.147256][ T6020]  alloc_pages_mpol+0x232/0x4a0
[   86.152108][ T6020]  allocate_slab+0x86/0x3a0
[   86.156595][ T6020]  ___slab_alloc+0xd82/0x1760
[   86.161350][ T6020]  __slab_alloc+0x65/0x100
[   86.165751][ T6020]  __kmalloc_cache_noprof+0x40d/0x6e0
[   86.171104][ T6020]  init_srcu_struct_fields+0x7f/0xa20
[   86.176460][ T6020]  rtnl_link_register+0x141/0x2f0
[   86.181473][ T6020]  ipgre_init+0x64/0x110
[   86.185706][ T6020]  do_one_initcall+0x250/0x840
[   86.190470][ T6020]  do_initcall_level+0x104/0x190
[   86.195409][ T6020]  do_initcalls+0x59/0xa0
[   86.199731][ T6020]  kernel_init_freeable+0x2a6/0x3d0
[   86.204914][ T6020]  kernel_init+0x1d/0x1d0
[   86.209229][ T6020] page_owner free stack trace missing
[   86.214578][ T6020] 
[   86.216882][ T6020] Memory state around the buggy address:
[   86.222502][ T6020]  ffff88814cdcef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   86.230541][ T6020]  ffff88814cdcef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   86.238594][ T6020] >ffff88814cdcf000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   86.246646][ T6020]                    ^
[   86.250703][ T6020]  ffff88814cdcf080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   86.258751][ T6020]  ffff88814cdcf100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   86.266795][ T6020] ==================================================================
[   86.290344][   T52] Bluetooth: hci0: command tx timeout
[   86.301178][ T6020] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   86.308411][ T6020] CPU: 1 UID: 0 PID: 6020 Comm: syz.0.24 Not tainted syzkaller #0 PREEMPT(full) 
[   86.317535][ T6020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[   86.327596][ T6020] Call Trace:
[   86.330879][ T6020]  <TASK>
[   86.333812][ T6020]  vpanic+0x1e0/0x670
[   86.337805][ T6020]  panic+0xc5/0xd0
[   86.341527][ T6020]  ? __pfx_panic+0x10/0x10
[   86.345930][ T6020]  ? preempt_schedule_common+0x82/0xd0
[   86.351372][ T6020]  ? sk_msg_recvmsg+0xb54/0xc30
[   86.356209][ T6020]  check_panic_on_warn+0x89/0xb0
[   86.361136][ T6020]  ? sk_msg_recvmsg+0xb54/0xc30
[   86.365973][ T6020]  end_report+0x6f/0x140
[   86.370201][ T6020]  kasan_report+0x128/0x150
[   86.374685][ T6020]  ? sk_msg_recvmsg+0xb54/0xc30
[   86.379527][ T6020]  sk_msg_recvmsg+0xb54/0xc30
[   86.384197][ T6020]  udp_bpf_recvmsg+0x4bd/0xe00
[   86.388949][ T6020]  ? udp_bpf_recvmsg+0xe8/0xe00
[   86.393796][ T6020]  ? __pfx_udp_bpf_recvmsg+0x10/0x10
[   86.399064][ T6020]  ? aa_sk_perm+0x15a/0x960
[   86.403552][ T6020]  ? aa_sk_perm+0x82d/0x960
[   86.408038][ T6020]  ? sock_rps_record_flow+0x19/0x400
[   86.413320][ T6020]  ? __pfx_udp_bpf_recvmsg+0x10/0x10
[   86.418592][ T6020]  inet_recvmsg+0x260/0x270
[   86.423090][ T6020]  ? trace_sched_exit_tp+0x36/0xf0
[   86.428194][ T6020]  ? __pfx_inet_recvmsg+0x10/0x10
[   86.433202][ T6020]  ? __lock_acquire+0x6b5/0x2cf0
[   86.438127][ T6020]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[   86.443393][ T6020]  ? security_socket_recvmsg+0x7e/0x2c0
[   86.448926][ T6020]  sock_recvmsg+0x1a8/0x270
[   86.453411][ T6020]  ____sys_recvmsg+0x1e6/0x4a0
[   86.458166][ T6020]  ? __pfx_____sys_recvmsg+0x10/0x10
[   86.463454][ T6020]  ? import_iovec+0x73/0xa0
[   86.467947][ T6020]  ___sys_recvmsg+0x215/0x590
[   86.472618][ T6020]  ? __pfx____sys_recvmsg+0x10/0x10
[   86.477891][ T6020]  ? __fget_files+0x2a/0x420
[   86.482482][ T6020]  ? __fget_files+0x3a0/0x420
[   86.487152][ T6020]  do_recvmmsg+0x334/0x800
[   86.491562][ T6020]  ? __pfx_do_recvmmsg+0x10/0x10
[   86.496511][ T6020]  ? __pfx_do_futex+0x10/0x10
[   86.501270][ T6020]  __x64_sys_recvmmsg+0x198/0x250
[   86.506290][ T6020]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[   86.511843][ T6020]  do_syscall_64+0xe2/0xf80
[   86.516334][ T6020]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.522395][ T6020]  ? trace_irq_disable+0x37/0x100
[   86.527402][ T6020]  ? clear_bhb_loop+0x60/0xb0
[   86.532062][ T6020]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.537936][ T6020] RIP: 0033:0x7fb319f9aeb9
[   86.542334][ T6020] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   86.561922][ T6020] RSP: 002b:00007fb31ad97028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[   86.570321][ T6020] RAX: ffffffffffffffda RBX: 00007fb31a216090 RCX: 00007fb319f9aeb9
[   86.578276][ T6020] RDX: 0000000000000001 RSI: 0000200000000400 RDI: 0000000000000004
[   86.586227][ T6020] RBP: 00007fb31a008c1f R08: 0000000000000000 R09: 0000000000000000
[   86.594176][ T6020] R10: 0000000040000021 R11: 0000000000000246 R12: 0000000000000000
[   86.602126][ T6020] R13: 00007fb31a216128 R14: 00007fb31a216090 R15: 00007ffe21dd0a98
[   86.610101][ T6020]  </TASK>
[   86.613579][ T6020] Kernel Offset: disabled
[   86.617906][ T6020] Rebooting in 86400 seconds..