Warning: Permanently added '10.128.1.194' (ED25519) to the list of known hosts.
2025/07/18 18:41:29 ignoring optional flag "sandboxArg"="0"
2025/07/18 18:41:30 parsed 1 programs
[  330.352084][ T5834] cgroup: Unknown subsys name 'net'
[  330.492023][ T5834] cgroup: Unknown subsys name 'rlimit'
[  332.288183][ T5834] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  334.923250][ T5848] chnl_net:caif_netlink_parms(): no params data found
[  335.022051][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state
[  335.029591][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state
[  335.037916][ T5848] bridge_slave_0: entered allmulticast mode
[  335.045399][ T5848] bridge_slave_0: entered promiscuous mode
[  335.055795][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state
[  335.063187][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state
[  335.070540][ T5848] bridge_slave_1: entered allmulticast mode
[  335.077852][ T5848] bridge_slave_1: entered promiscuous mode
[  335.115902][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  335.134546][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  335.171943][ T5848] team0: Port device team_slave_0 added
[  335.185604][ T5848] team0: Port device team_slave_1 added
[  335.216103][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0
[  335.224751][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  335.250933][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  335.267294][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1
[  335.274432][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  335.300863][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  335.350760][ T5848] hsr_slave_0: entered promiscuous mode
[  335.358065][ T5848] hsr_slave_1: entered promiscuous mode
[  335.526474][ T5848] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  335.540847][ T5848] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  335.551731][ T5848] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  335.570766][ T5848] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  335.611324][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state
[  335.619896][ T5848] bridge0: port 2(bridge_slave_1) entered forwarding state
[  335.629675][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state
[  335.637003][ T5848] bridge0: port 1(bridge_slave_0) entered forwarding state
[  335.734291][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0
[  335.756975][ T5856] bridge0: port 1(bridge_slave_0) entered disabled state
[  335.766624][ T5856] bridge0: port 2(bridge_slave_1) entered disabled state
[  335.785941][ T5848] 8021q: adding VLAN 0 to HW filter on device team0
[  335.800899][ T5856] bridge0: port 1(bridge_slave_0) entered blocking state
[  335.808855][ T5856] bridge0: port 1(bridge_slave_0) entered forwarding state
[  335.826679][ T5856] bridge0: port 2(bridge_slave_1) entered blocking state
[  335.834390][ T5856] bridge0: port 2(bridge_slave_1) entered forwarding state
[  336.062158][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0
[  336.113977][ T5848] veth0_vlan: entered promiscuous mode
[  336.127457][ T5848] veth1_vlan: entered promiscuous mode
[  336.164817][ T5848] veth0_macvtap: entered promiscuous mode
[  336.177370][ T5848] veth1_macvtap: entered promiscuous mode
[  336.199631][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0
[  336.217510][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1
[  336.231317][ T5848] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  336.240748][ T5848] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  336.250580][ T5848] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  336.260587][ T5848] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  336.431638][ T1144] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  336.590470][   T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  336.600441][   T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  336.609116][   T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  336.618454][   T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  336.628197][   T50] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  336.636409][   T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  338.565513][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  338.573649][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  338.609956][ T5886] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  338.619848][ T5886] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  338.991652][ T1144] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/07/18 18:41:42 executed programs: 0
[  339.897116][   T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  339.909876][   T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  339.918249][   T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  339.927345][   T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  339.936809][   T50] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  339.945207][   T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  340.131769][ T5939] chnl_net:caif_netlink_parms(): no params data found
[  340.217204][ T5939] bridge0: port 1(bridge_slave_0) entered blocking state
[  340.224501][ T5939] bridge0: port 1(bridge_slave_0) entered disabled state
[  340.231734][ T5939] bridge_slave_0: entered allmulticast mode
[  340.239108][ T5939] bridge_slave_0: entered promiscuous mode
[  340.247756][ T5939] bridge0: port 2(bridge_slave_1) entered blocking state
[  340.255143][ T5939] bridge0: port 2(bridge_slave_1) entered disabled state
[  340.262851][ T5939] bridge_slave_1: entered allmulticast mode
[  340.270389][ T5939] bridge_slave_1: entered promiscuous mode
[  340.304718][ T5939] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  340.319591][ T5939] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  340.358747][ T5939] team0: Port device team_slave_0 added
[  340.368460][ T5939] team0: Port device team_slave_1 added
[  340.401499][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_0
[  340.409284][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  340.436028][ T5939] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  340.448846][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_1
[  340.458578][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  340.486337][ T5939] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  340.535513][ T5939] hsr_slave_0: entered promiscuous mode
[  340.542269][ T5939] hsr_slave_1: entered promiscuous mode
[  340.549218][ T5939] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  340.557855][ T5939] Cannot create hsr debugfs directory
[  341.337299][ T1144] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  341.420875][ T1144] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  341.974059][   T50] Bluetooth: hci0: command tx timeout
[  342.370796][ T5939] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  342.385701][ T5939] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  342.400462][ T5939] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  342.431026][ T1144] hsr_slave_0: left promiscuous mode
[  342.438107][ T1144] hsr_slave_1: left promiscuous mode
[  342.448085][ T1144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  342.455900][ T1144] batman_adv: batadv0: Removing interface: batadv_slave_0
[  342.472258][ T1144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  342.480335][ T1144] batman_adv: batadv0: Removing interface: batadv_slave_1
[  342.494794][ T1144] bridge_slave_1: left allmulticast mode
[  342.500732][ T1144] bridge_slave_1: left promiscuous mode
[  342.510746][ T1144] bridge0: port 2(bridge_slave_1) entered disabled state
[  342.529934][ T1144] bridge_slave_0: left allmulticast mode
[  342.536479][ T1144] bridge_slave_0: left promiscuous mode
[  342.546059][ T1144] bridge0: port 1(bridge_slave_0) entered disabled state
[  342.580968][ T1144] veth1_macvtap: left promiscuous mode
[  342.590868][ T1144] veth0_macvtap: left promiscuous mode
[  342.597475][ T1144] veth1_vlan: left promiscuous mode
[  342.605535][ T1144] veth0_vlan: left promiscuous mode
[  343.101277][ T1144] team0 (unregistering): Port device team_slave_1 removed
[  343.140137][ T1144] team0 (unregistering): Port device team_slave_0 removed
[  343.178465][ T1144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  343.216138][ T1144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  343.579375][ T1144] bond0 (unregistering): Released all slaves
[  343.674434][ T5939] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  343.805773][ T5939] 8021q: adding VLAN 0 to HW filter on device bond0
[  343.849892][ T5939] 8021q: adding VLAN 0 to HW filter on device team0
[  343.864012][   T61] bridge0: port 1(bridge_slave_0) entered blocking state
[  343.871202][   T61] bridge0: port 1(bridge_slave_0) entered forwarding state
[  343.895381][   T61] bridge0: port 2(bridge_slave_1) entered blocking state
[  343.902708][   T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[  344.053090][   T50] Bluetooth: hci0: command tx timeout
[  344.213307][ T5939] 8021q: adding VLAN 0 to HW filter on device batadv0
[  344.274279][ T5939] veth0_vlan: entered promiscuous mode
[  344.297087][ T5939] veth1_vlan: entered promiscuous mode
[  344.370540][ T5939] veth0_macvtap: entered promiscuous mode
[  344.405410][ T5939] veth1_macvtap: entered promiscuous mode
[  344.437380][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_0
[  344.452508][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_1
[  344.467471][ T5939] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  344.477033][ T5939] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  344.486043][ T5939] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  344.495676][ T5939] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  344.564526][ T5919] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  344.579768][ T5919] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  344.609419][   T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  344.619843][   T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/07/18 18:41:48 executed programs: 3
[  346.132738][   T50] Bluetooth: hci0: command tx timeout
[  348.213026][   T50] Bluetooth: hci0: command tx timeout
2025/07/18 18:41:53 executed programs: 9
2025/07/18 18:41:58 executed programs: 15
[  360.186692][ T5919] ==================================================================
[  360.195011][ T5919] BUG: KASAN: slab-use-after-free in __lock_acquire+0xff/0x7c80
[  360.202682][ T5919] Read of size 8 at addr ffff888026d4e630 by task kworker/u4:3/5919
[  360.210686][ T5919] 
[  360.213069][ T5919] CPU: 0 PID: 5919 Comm: kworker/u4:3 Not tainted 6.6.99-syzkaller #0
[  360.221258][ T5919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  360.231328][ T5919] Workqueue: kkcmd kcm_tx_work
[  360.236154][ T5919] Call Trace:
[  360.239556][ T5919]  <TASK>
[  360.242540][ T5919]  dump_stack_lvl+0x16c/0x230
[  360.247268][ T5919]  ? __lock_acquire+0x7c80/0x7c80
[  360.252310][ T5919]  ? show_regs_print_info+0x20/0x20
[  360.257541][ T5919]  ? load_image+0x3b0/0x3b0
[  360.262066][ T5919]  ? __virt_addr_valid+0x469/0x540
[  360.267195][ T5919]  print_report+0xac/0x200
[  360.271627][ T5919]  ? __lock_acquire+0xff/0x7c80
[  360.276592][ T5919]  kasan_report+0x117/0x150
[  360.281113][ T5919]  ? __lock_acquire+0xff/0x7c80
[  360.286019][ T5919]  __lock_acquire+0xff/0x7c80
[  360.290827][ T5919]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  360.296918][ T5919]  ? finish_task_switch+0x265/0x920
[  360.302130][ T5919]  ? lockdep_hardirqs_on+0x98/0x150
[  360.307358][ T5919]  ? finish_task_switch+0x265/0x920
[  360.312567][ T5919]  ? verify_lock_unused+0x140/0x140
[  360.317783][ T5919]  ? __schedule+0x14ea/0x4580
[  360.322483][ T5919]  lock_acquire+0x197/0x410
[  360.327008][ T5919]  ? __lock_sock+0x156/0x2a0
[  360.331653][ T5919]  ? asan.module_dtor+0x20/0x20
[  360.336546][ T5919]  ? __local_bh_disable_ip+0xff/0x190
[  360.341938][ T5919]  ? read_lock_is_recursive+0x20/0x20
[  360.347350][ T5919]  ? kthread_data+0x4f/0xc0
[  360.351982][ T5919]  ? kthread_data+0x4f/0xc0
[  360.356577][ T5919]  ? __lock_sock+0x156/0x2a0
[  360.361209][ T5919]  _raw_spin_lock_bh+0x36/0x50
[  360.366005][ T5919]  ? __lock_sock+0x156/0x2a0
[  360.370690][ T5919]  __lock_sock+0x156/0x2a0
[  360.375175][ T5919]  ? sk_stream_moderate_sndbuf+0x220/0x220
[  360.381017][ T5919]  ? do_raw_spin_lock+0x121/0x2c0
[  360.386085][ T5919]  ? wake_bit_function+0x200/0x200
[  360.391397][ T5919]  ? __rwlock_init+0x150/0x150
[  360.396185][ T5919]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  360.402200][ T5919]  ? lock_sock_nested+0x6a/0x100
[  360.407181][ T5919]  lock_sock_nested+0x9f/0x100
[  360.411986][ T5919]  kcm_tx_work+0x31/0x180
[  360.416339][ T5919]  ? process_scheduled_works+0x957/0x15b0
[  360.422080][ T5919]  process_scheduled_works+0xa45/0x15b0
[  360.427913][ T5919]  ? assign_work+0x400/0x400
[  360.432524][ T5919]  ? assign_work+0x39e/0x400
[  360.437131][ T5919]  worker_thread+0xa55/0xfc0
[  360.441758][ T5919]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  360.447767][ T5919]  ? _raw_spin_unlock+0x40/0x40
[  360.452648][ T5919]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  360.458659][ T5919]  kthread+0x2fa/0x390
[  360.462742][ T5919]  ? pr_cont_work+0x560/0x560
[  360.467537][ T5919]  ? kthread_blkcg+0xd0/0xd0
[  360.472188][ T5919]  ret_from_fork+0x48/0x80
[  360.476628][ T5919]  ? kthread_blkcg+0xd0/0xd0
[  360.481406][ T5919]  ret_from_fork_asm+0x11/0x20
[  360.486198][ T5919]  </TASK>
[  360.489227][ T5919] 
[  360.491569][ T5919] Allocated by task 6060:
[  360.495997][ T5919]  kasan_set_track+0x4e/0x70
[  360.500623][ T5919]  __kasan_slab_alloc+0x6c/0x80
[  360.505512][ T5919]  slab_post_alloc_hook+0x6e/0x4d0
[  360.510647][ T5919]  kmem_cache_alloc+0x11e/0x2e0
[  360.515528][ T5919]  sk_prot_alloc+0x57/0x210
[  360.520046][ T5919]  sk_alloc+0x3a/0x360
[  360.524121][ T5919]  kcm_ioctl+0x215/0xff0
[  360.528381][ T5919]  sock_do_ioctl+0xd7/0x2f0
[  360.532900][ T5919]  sock_ioctl+0x623/0x7a0
[  360.537247][ T5919]  __se_sys_ioctl+0xfd/0x170
[  360.541853][ T5919]  do_syscall_64+0x55/0xb0
[  360.546285][ T5919]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  360.552334][ T5919] 
[  360.554831][ T5919] Freed by task 6061:
[  360.558824][ T5919]  kasan_set_track+0x4e/0x70
[  360.563522][ T5919]  kasan_save_free_info+0x2e/0x50
[  360.568563][ T5919]  ____kasan_slab_free+0x126/0x1e0
[  360.573713][ T5919]  slab_free_freelist_hook+0x130/0x1b0
[  360.579267][ T5919]  kmem_cache_free+0xf8/0x280
[  360.583959][ T5919]  __sk_destruct+0x485/0x620
[  360.588573][ T5919]  kcm_release+0x524/0x5b0
[  360.593002][ T5919]  sock_close+0xbd/0x230
[  360.597367][ T5919]  __fput+0x234/0x970
[  360.601459][ T5919]  __se_sys_close+0x15f/0x220
[  360.606152][ T5919]  do_syscall_64+0x55/0xb0
[  360.610574][ T5919]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  360.616575][ T5919] 
[  360.618909][ T5919] Last potentially related work creation:
[  360.624625][ T5919]  kasan_save_stack+0x3e/0x60
[  360.629376][ T5919]  __kasan_record_aux_stack+0xaf/0xc0
[  360.634762][ T5919]  insert_work+0x3d/0x310
[  360.639142][ T5919]  __queue_work+0xc39/0x1020
[  360.643765][ T5919]  queue_work_on+0x121/0x1e0
[  360.648402][ T5919]  kcm_unattach+0x861/0xe80
[  360.652982][ T5919]  kcm_ioctl+0x791/0xff0
[  360.657325][ T5919]  sock_do_ioctl+0xd7/0x2f0
[  360.661938][ T5919]  sock_ioctl+0x623/0x7a0
[  360.666288][ T5919]  __se_sys_ioctl+0xfd/0x170
[  360.670986][ T5919]  do_syscall_64+0x55/0xb0
[  360.675419][ T5919]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  360.681354][ T5919] 
[  360.683687][ T5919] Second to last potentially related work creation:
[  360.690370][ T5919]  kasan_save_stack+0x3e/0x60
[  360.695079][ T5919]  __kasan_record_aux_stack+0xaf/0xc0
[  360.700587][ T5919]  insert_work+0x3d/0x310
[  360.705016][ T5919]  __queue_work+0xc39/0x1020
[  360.709713][ T5919]  queue_work_on+0x121/0x1e0
[  360.714311][ T5919]  kcm_ioctl+0xe4f/0xff0
[  360.718834][ T5919]  sock_do_ioctl+0xd7/0x2f0
[  360.723355][ T5919]  sock_ioctl+0x623/0x7a0
[  360.727704][ T5919]  __se_sys_ioctl+0xfd/0x170
[  360.732330][ T5919]  do_syscall_64+0x55/0xb0
[  360.737056][ T5919]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  360.742987][ T5919] 
[  360.745372][ T5919] The buggy address belongs to the object at ffff888026d4e580
[  360.745372][ T5919]  which belongs to the cache KCM of size 1720
[  360.758915][ T5919] The buggy address is located 176 bytes inside of
[  360.758915][ T5919]  freed 1720-byte region [ffff888026d4e580, ffff888026d4ec38)
[  360.772822][ T5919] 
[  360.775166][ T5919] The buggy address belongs to the physical page:
[  360.781597][ T5919] page:ffffea00009b5200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26d48
[  360.791764][ T5919] head:ffffea00009b5200 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  360.800798][ T5919] memcg:ffff888077a50701
[  360.805152][ T5919] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  360.813248][ T5919] page_type: 0xffffffff()
[  360.817616][ T5919] raw: 00fff00000000840 ffff88802ca6e280 dead000000000122 0000000000000000
[  360.826213][ T5919] raw: 0000000000000000 0000000080110011 00000001ffffffff ffff888077a50701
[  360.834801][ T5919] page dumped because: kasan: bad access detected
[  360.841333][ T5919] page_owner tracks the page as allocated
[  360.847154][ T5919] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5987, tgid 5986 (syz.0.16), ts 344670827672, free_ts 344113590525
[  360.869928][ T5919]  post_alloc_hook+0x1cd/0x210
[  360.874720][ T5919]  get_page_from_freelist+0x195c/0x19f0
[  360.880282][ T5919]  __alloc_pages+0x1e3/0x460
[  360.884964][ T5919]  alloc_slab_page+0x5d/0x170
[  360.889921][ T5919]  new_slab+0x87/0x2e0
[  360.894011][ T5919]  ___slab_alloc+0xc6d/0x12f0
[  360.898704][ T5919]  kmem_cache_alloc+0x1b7/0x2e0
[  360.903566][ T5919]  sk_prot_alloc+0x57/0x210
[  360.908200][ T5919]  sk_alloc+0x3a/0x360
[  360.912389][ T5919]  kcm_create+0x100/0x570
[  360.916837][ T5919]  __sock_create+0x4a6/0x940
[  360.921464][ T5919]  __sys_socket+0xd7/0x1a0
[  360.925896][ T5919]  __x64_sys_socket+0x7a/0x90
[  360.930786][ T5919]  do_syscall_64+0x55/0xb0
[  360.935364][ T5919]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  360.941274][ T5919] page last free stack trace:
[  360.945958][ T5919]  free_unref_page_prepare+0x7ce/0x8e0
[  360.951482][ T5919]  free_unref_page+0x32/0x2e0
[  360.956265][ T5919]  __unfreeze_partials+0x1cf/0x210
[  360.961508][ T5919]  put_cpu_partial+0x17c/0x250
[  360.966299][ T5919]  __slab_free+0x31d/0x410
[  360.970733][ T5919]  qlist_free_all+0x75/0xe0
[  360.975360][ T5919]  kasan_quarantine_reduce+0x143/0x160
[  360.981119][ T5919]  __kasan_slab_alloc+0x22/0x80
[  360.986018][ T5919]  slab_post_alloc_hook+0x6e/0x4d0
[  360.991430][ T5919]  kmem_cache_alloc_node+0x150/0x330
[  360.996836][ T5919]  __alloc_skb+0x108/0x2c0
[  361.001279][ T5919]  mld_newpack+0x143/0xbf0
[  361.005704][ T5919]  add_grhead+0x5a/0x2a0
[  361.009968][ T5919]  add_grec+0x13ad/0x1660
[  361.014316][ T5919]  mld_ifc_work+0x6e6/0xb40
[  361.018925][ T5919]  process_scheduled_works+0xa45/0x15b0
[  361.024486][ T5919] 
[  361.026819][ T5919] Memory state around the buggy address:
[  361.032453][ T5919]  ffff888026d4e500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  361.040519][ T5919]  ffff888026d4e580: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  361.048784][ T5919] >ffff888026d4e600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  361.056891][ T5919]                                      ^
[  361.062536][ T5919]  ffff888026d4e680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  361.070782][ T5919]  ffff888026d4e700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  361.079367][ T5919] ==================================================================
[  361.087622][ T5919] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  361.094836][ T5919] CPU: 0 PID: 5919 Comm: kworker/u4:3 Not tainted 6.6.99-syzkaller #0
[  361.103086][ T5919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  361.113244][ T5919] Workqueue: kkcmd kcm_tx_work
[  361.118034][ T5919] Call Trace:
[  361.121323][ T5919]  <TASK>
[  361.124270][ T5919]  dump_stack_lvl+0x16c/0x230
[  361.129010][ T5919]  ? show_regs_print_info+0x20/0x20
[  361.134220][ T5919]  ? load_image+0x3b0/0x3b0
[  361.138781][ T5919]  panic+0x2c0/0x710
[  361.142719][ T5919]  ? bpf_jit_dump+0xd0/0xd0
[  361.147262][ T5919]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  361.153202][ T5919]  ? _raw_spin_unlock+0x40/0x40
[  361.158107][ T5919]  ? print_memory_metadata+0x314/0x400
[  361.163597][ T5919]  ? __lock_acquire+0xff/0x7c80
[  361.168462][ T5919]  check_panic_on_warn+0x84/0xa0
[  361.173425][ T5919]  ? __lock_acquire+0xff/0x7c80
[  361.178397][ T5919]  end_report+0x6f/0x140
[  361.182784][ T5919]  kasan_report+0x128/0x150
[  361.187322][ T5919]  ? __lock_acquire+0xff/0x7c80
[  361.192284][ T5919]  __lock_acquire+0xff/0x7c80
[  361.197092][ T5919]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  361.203283][ T5919]  ? finish_task_switch+0x265/0x920
[  361.208613][ T5919]  ? lockdep_hardirqs_on+0x98/0x150
[  361.213938][ T5919]  ? finish_task_switch+0x265/0x920
[  361.219156][ T5919]  ? verify_lock_unused+0x140/0x140
[  361.224373][ T5919]  ? __schedule+0x14ea/0x4580
[  361.229070][ T5919]  lock_acquire+0x197/0x410
[  361.233586][ T5919]  ? __lock_sock+0x156/0x2a0
[  361.238193][ T5919]  ? asan.module_dtor+0x20/0x20
[  361.243065][ T5919]  ? __local_bh_disable_ip+0xff/0x190
[  361.248451][ T5919]  ? read_lock_is_recursive+0x20/0x20
[  361.253929][ T5919]  ? kthread_data+0x4f/0xc0
[  361.258540][ T5919]  ? kthread_data+0x4f/0xc0
[  361.263099][ T5919]  ? __lock_sock+0x156/0x2a0
[  361.267707][ T5919]  _raw_spin_lock_bh+0x36/0x50
[  361.272514][ T5919]  ? __lock_sock+0x156/0x2a0
[  361.277113][ T5919]  __lock_sock+0x156/0x2a0
[  361.281551][ T5919]  ? sk_stream_moderate_sndbuf+0x220/0x220
[  361.287369][ T5919]  ? do_raw_spin_lock+0x121/0x2c0
[  361.292442][ T5919]  ? wake_bit_function+0x200/0x200
[  361.297675][ T5919]  ? __rwlock_init+0x150/0x150
[  361.302621][ T5919]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  361.308657][ T5919]  ? lock_sock_nested+0x6a/0x100
[  361.313878][ T5919]  lock_sock_nested+0x9f/0x100
[  361.319007][ T5919]  kcm_tx_work+0x31/0x180
[  361.323461][ T5919]  ? process_scheduled_works+0x957/0x15b0
[  361.329228][ T5919]  process_scheduled_works+0xa45/0x15b0
[  361.335010][ T5919]  ? assign_work+0x400/0x400
[  361.339742][ T5919]  ? assign_work+0x39e/0x400
[  361.344372][ T5919]  worker_thread+0xa55/0xfc0
[  361.349010][ T5919]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  361.355037][ T5919]  ? _raw_spin_unlock+0x40/0x40
[  361.360000][ T5919]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  361.365947][ T5919]  kthread+0x2fa/0x390
[  361.370045][ T5919]  ? pr_cont_work+0x560/0x560
[  361.374737][ T5919]  ? kthread_blkcg+0xd0/0xd0
[  361.379373][ T5919]  ret_from_fork+0x48/0x80
[  361.383821][ T5919]  ? kthread_blkcg+0xd0/0xd0
[  361.388942][ T5919]  ret_from_fork_asm+0x11/0x20
[  361.393741][ T5919]  </TASK>
[  361.397074][ T5919] Kernel Offset: disabled
[  361.401427][ T5919] Rebooting in 86400 seconds..