Warning: Permanently added '10.128.1.172' (ED25519) to the list of known hosts.
2025/07/20 08:17:26 ignoring optional flag "sandboxArg"="0"
2025/07/20 08:17:28 parsed 1 programs
[ 91.691687][ T5795] cgroup: Unknown subsys name 'net'
[ 91.830803][ T5795] cgroup: Unknown subsys name 'rlimit'
[ 92.451929][ T786] cfg80211: failed to load regulatory.db
[ 93.616671][ T5795] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 98.715106][ T5862] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 98.724512][ T5862] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 98.733145][ T5862] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 98.741860][ T5862] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 98.750570][ T5862] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 98.758149][ T5862] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 99.042329][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.050848][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 99.092321][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.100588][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 99.432850][ T5873] chnl_net:caif_netlink_parms(): no params data found
[ 99.541234][ T5873] bridge0: port 1(bridge_slave_0) entered blocking state
[ 99.548455][ T5873] bridge0: port 1(bridge_slave_0) entered disabled state
[ 99.557274][ T5873] bridge_slave_0: entered allmulticast mode
[ 99.566383][ T5873] bridge_slave_0: entered promiscuous mode
[ 99.587910][ T5873] bridge0: port 2(bridge_slave_1) entered blocking state
[ 99.595288][ T5873] bridge0: port 2(bridge_slave_1) entered disabled state
[ 99.602763][ T5873] bridge_slave_1: entered allmulticast mode
[ 99.609810][ T5873] bridge_slave_1: entered promiscuous mode
[ 99.658388][ T5873] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 99.671965][ T5873] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 99.709252][ T5873] team0: Port device team_slave_0 added
[ 99.730404][ T5873] team0: Port device team_slave_1 added
[ 99.781263][ T5873] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 99.788278][ T5873] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 99.815488][ T5873] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 99.842283][ T5873] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 99.849287][ T5873] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 99.875584][ T5873] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 99.931782][ T5873] hsr_slave_0: entered promiscuous mode
[ 99.938303][ T5873] hsr_slave_1: entered promiscuous mode
[ 100.176643][ T5873] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 100.188669][ T5873] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 100.198723][ T5873] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 100.212943][ T5873] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 100.361518][ T5873] 8021q: adding VLAN 0 to HW filter on device bond0
[ 100.402329][ T5873] 8021q: adding VLAN 0 to HW filter on device team0
[ 100.420292][ T11] bridge0: port 1(bridge_slave_0) entered blocking state
[ 100.427807][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 100.453536][ T11] bridge0: port 2(bridge_slave_1) entered blocking state
[ 100.460788][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 100.667731][ T5873] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 100.716964][ T5873] veth0_vlan: entered promiscuous mode
[ 100.732416][ T5873] veth1_vlan: entered promiscuous mode
[ 100.764983][ T5873] veth0_macvtap: entered promiscuous mode
[ 100.776497][ T5873] veth1_macvtap: entered promiscuous mode
[ 100.797999][ T5873] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 100.814824][ T5873] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 100.829829][ T5873] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 100.839703][ T5873] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 100.849711][ T5873] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 100.858664][ T5873] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 101.027748][ T1138] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/07/20 08:17:40 executed programs: 0
[ 101.608587][ T5862] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 101.618178][ T5862] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 101.627277][ T5862] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 101.637472][ T5862] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 101.647676][ T5862] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 101.655363][ T5862] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 101.824882][ T5898] chnl_net:caif_netlink_parms(): no params data found
[ 101.906224][ T5898] bridge0: port 1(bridge_slave_0) entered blocking state
[ 101.913550][ T5898] bridge0: port 1(bridge_slave_0) entered disabled state
[ 101.921871][ T5898] bridge_slave_0: entered allmulticast mode
[ 101.928939][ T5898] bridge_slave_0: entered promiscuous mode
[ 101.938690][ T5898] bridge0: port 2(bridge_slave_1) entered blocking state
[ 101.946223][ T5898] bridge0: port 2(bridge_slave_1) entered disabled state
[ 101.953626][ T5898] bridge_slave_1: entered allmulticast mode
[ 101.961039][ T5898] bridge_slave_1: entered promiscuous mode
[ 102.002705][ T5898] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 102.014844][ T5898] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 102.054771][ T5898] team0: Port device team_slave_0 added
[ 102.064558][ T5898] team0: Port device team_slave_1 added
[ 102.101416][ T5898] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 102.108430][ T5898] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 102.135298][ T5898] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 102.153733][ T5898] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 102.160978][ T5898] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 102.187080][ T5898] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 102.243555][ T5898] hsr_slave_0: entered promiscuous mode
[ 102.250945][ T5898] hsr_slave_1: entered promiscuous mode
[ 102.257562][ T5898] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 102.265826][ T5898] Cannot create hsr debugfs directory
[ 103.435058][ T1138] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 103.721136][ T5862] Bluetooth: hci0: command tx timeout
[ 105.724971][ T1138] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 105.804536][ T5862] Bluetooth: hci0: command tx timeout
[ 105.814969][ T1138] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 106.737190][ T1138] hsr_slave_0: left promiscuous mode
[ 106.745399][ T1138] hsr_slave_1: left promiscuous mode
[ 106.754072][ T1138] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 106.770093][ T1138] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 106.784284][ T1138] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 106.791931][ T1138] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 106.801116][ T1138] bridge_slave_1: left allmulticast mode
[ 106.806827][ T1138] bridge_slave_1: left promiscuous mode
[ 106.814007][ T1138] bridge0: port 2(bridge_slave_1) entered disabled state
[ 106.828002][ T1138] bridge_slave_0: left allmulticast mode
[ 106.835381][ T1138] bridge_slave_0: left promiscuous mode
[ 106.842023][ T1138] bridge0: port 1(bridge_slave_0) entered disabled state
[ 106.877693][ T1138] veth1_macvtap: left promiscuous mode
[ 106.885669][ T1138] veth0_macvtap: left promiscuous mode
[ 106.894318][ T1138] veth1_vlan: left promiscuous mode
[ 106.900339][ T1138] veth0_vlan: left promiscuous mode
[ 107.376603][ T1138] team0 (unregistering): Port device team_slave_1 removed
[ 107.414703][ T1138] team0 (unregistering): Port device team_slave_0 removed
[ 107.452196][ T1138] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 107.490546][ T1138] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 107.826237][ T1138] bond0 (unregistering): Released all slaves
[ 107.880341][ T5862] Bluetooth: hci0: command tx timeout
[ 107.937711][ T5898] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 107.948081][ T5898] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 107.959249][ T5898] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 107.972001][ T5898] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 108.082411][ T5898] 8021q: adding VLAN 0 to HW filter on device bond0
[ 108.119028][ T5898] 8021q: adding VLAN 0 to HW filter on device team0
[ 108.134662][ T11] bridge0: port 1(bridge_slave_0) entered blocking state
[ 108.142755][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 108.161919][ T11] bridge0: port 2(bridge_slave_1) entered blocking state
[ 108.169114][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 108.407926][ T5898] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 108.467062][ T5898] veth0_vlan: entered promiscuous mode
[ 108.479230][ T5898] veth1_vlan: entered promiscuous mode
[ 108.519114][ T5898] veth0_macvtap: entered promiscuous mode
[ 108.529682][ T5898] veth1_macvtap: entered promiscuous mode
[ 108.554068][ T5898] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 108.574217][ T5898] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 108.587167][ T5898] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 108.597380][ T5898] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 108.606608][ T5898] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 108.615724][ T5898] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 108.693839][ T3479] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.703248][ T3479] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/07/20 08:17:48 executed programs: 2
[ 108.742107][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.750199][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 109.960117][ T5862] Bluetooth: hci0: command tx timeout
2025/07/20 08:17:53 executed programs: 8
2025/07/20 08:17:58 executed programs: 14
2025/07/20 08:18:03 executed programs: 20
2025/07/20 08:18:08 executed programs: 26
[ 133.404599][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[ 133.411510][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
2025/07/20 08:18:13 executed programs: 32
2025/07/20 08:18:19 executed programs: 38
2025/07/20 08:18:24 executed programs: 44
2025/07/20 08:18:29 executed programs: 50
[ 150.112791][ T11] ==================================================================
[ 150.120951][ T11] BUG: KASAN: slab-use-after-free in __lock_acquire+0xff/0x7c80
[ 150.128618][ T11] Read of size 8 at addr ffff8880309ded70 by task kworker/u4:0/11
[ 150.136452][ T11]
[ 150.138820][ T11] CPU: 0 PID: 11 Comm: kworker/u4:0 Not tainted 6.6.99-syzkaller #0
[ 150.146824][ T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 150.156902][ T11] Workqueue: kkcmd kcm_tx_work
[ 150.161722][ T11] Call Trace:
[ 150.165022][ T11]
[ 150.167968][ T11] dump_stack_lvl+0x16c/0x230
[ 150.172676][ T11] ? __lock_acquire+0x7c80/0x7c80
[ 150.177743][ T11] ? show_regs_print_info+0x20/0x20
[ 150.182973][ T11] ? load_image+0x3b0/0x3b0
[ 150.187499][ T11] ? __virt_addr_valid+0x469/0x540
[ 150.192645][ T11] print_report+0xac/0x200
[ 150.197081][ T11] ? __lock_acquire+0xff/0x7c80
[ 150.201947][ T11] kasan_report+0x117/0x150
[ 150.206467][ T11] ? __lock_acquire+0xff/0x7c80
[ 150.211332][ T11] __lock_acquire+0xff/0x7c80
[ 150.216027][ T11] ? lockdep_hardirqs_on_prepare+0x400/0x760
[ 150.222026][ T11] ? finish_task_switch+0x265/0x920
[ 150.227270][ T11] ? lockdep_hardirqs_on+0x98/0x150
[ 150.232518][ T11] ? finish_task_switch+0x265/0x920
[ 150.237738][ T11] ? verify_lock_unused+0x140/0x140
[ 150.242995][ T11] ? __schedule+0x14ea/0x4580
[ 150.247698][ T11] lock_acquire+0x197/0x410
[ 150.252223][ T11] ? __lock_sock+0x156/0x2a0
[ 150.256848][ T11] ? asan.module_dtor+0x20/0x20
[ 150.261739][ T11] ? __local_bh_disable_ip+0xff/0x190
[ 150.267125][ T11] ? read_lock_is_recursive+0x20/0x20
[ 150.272522][ T11] ? kthread_data+0x4f/0xc0
[ 150.277066][ T11] ? kthread_data+0x4f/0xc0
[ 150.281612][ T11] ? __lock_sock+0x156/0x2a0
[ 150.286220][ T11] _raw_spin_lock_bh+0x36/0x50
[ 150.291110][ T11] ? __lock_sock+0x156/0x2a0
[ 150.295750][ T11] __lock_sock+0x156/0x2a0
[ 150.300199][ T11] ? sk_stream_moderate_sndbuf+0x220/0x220
[ 150.306060][ T11] ? do_raw_spin_lock+0x121/0x2c0
[ 150.311137][ T11] ? wake_bit_function+0x200/0x200
[ 150.316280][ T11] ? __rwlock_init+0x150/0x150
[ 150.321174][ T11] ? lockdep_hardirqs_on_prepare+0x400/0x760
[ 150.327191][ T11] ? lock_sock_nested+0x6a/0x100
[ 150.332156][ T11] lock_sock_nested+0x9f/0x100
[ 150.336962][ T11] kcm_tx_work+0x31/0x180
[ 150.341317][ T11] ? process_scheduled_works+0x957/0x15b0
[ 150.347062][ T11] process_scheduled_works+0xa45/0x15b0
[ 150.352751][ T11] ? assign_work+0x400/0x400
[ 150.357405][ T11] ? assign_work+0x39e/0x400
[ 150.362055][ T11] worker_thread+0xa55/0xfc0
[ 150.366679][ T11] kthread+0x2fa/0x390
[ 150.370762][ T11] ? pr_cont_work+0x560/0x560
[ 150.375471][ T11] ? kthread_blkcg+0xd0/0xd0
[ 150.380113][ T11] ret_from_fork+0x48/0x80
[ 150.384559][ T11] ? kthread_blkcg+0xd0/0xd0
[ 150.389178][ T11] ret_from_fork_asm+0x11/0x20
[ 150.393982][ T11]
[ 150.397020][ T11]
[ 150.399397][ T11] Allocated by task 6146:
[ 150.403749][ T11] kasan_set_track+0x4e/0x70
[ 150.408352][ T11] __kasan_slab_alloc+0x6c/0x80
[ 150.413224][ T11] slab_post_alloc_hook+0x6e/0x4d0
[ 150.418382][ T11] kmem_cache_alloc+0x11e/0x2e0
[ 150.423258][ T11] sk_prot_alloc+0x57/0x210
[ 150.427804][ T11] sk_alloc+0x3a/0x360
[ 150.431899][ T11] kcm_ioctl+0x215/0xff0
[ 150.436159][ T11] sock_do_ioctl+0xd7/0x2f0
[ 150.440689][ T11] sock_ioctl+0x623/0x7a0
[ 150.445055][ T11] __se_sys_ioctl+0xfd/0x170
[ 150.449683][ T11] do_syscall_64+0x55/0xb0
[ 150.454154][ T11] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 150.460080][ T11]
[ 150.462431][ T11] Freed by task 6147:
[ 150.466415][ T11] kasan_set_track+0x4e/0x70
[ 150.471039][ T11] kasan_save_free_info+0x2e/0x50
[ 150.476080][ T11] ____kasan_slab_free+0x126/0x1e0
[ 150.481227][ T11] slab_free_freelist_hook+0x130/0x1b0
[ 150.486710][ T11] kmem_cache_free+0xf8/0x280
[ 150.491425][ T11] __sk_destruct+0x485/0x620
[ 150.496044][ T11] kcm_release+0x524/0x5b0
[ 150.500498][ T11] sock_close+0xbd/0x230
[ 150.504767][ T11] __fput+0x234/0x970
[ 150.508945][ T11] __se_sys_close+0x15f/0x220
[ 150.513670][ T11] do_syscall_64+0x55/0xb0
[ 150.518101][ T11] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 150.524020][ T11]
[ 150.526351][ T11] Last potentially related work creation:
[ 150.532158][ T11] kasan_save_stack+0x3e/0x60
[ 150.536863][ T11] __kasan_record_aux_stack+0xaf/0xc0
[ 150.542250][ T11] insert_work+0x3d/0x310
[ 150.546589][ T11] __queue_work+0xc39/0x1020
[ 150.551188][ T11] queue_work_on+0x121/0x1e0
[ 150.555799][ T11] kcm_unattach+0x861/0xe80
[ 150.560346][ T11] kcm_ioctl+0x791/0xff0
[ 150.564625][ T11] sock_do_ioctl+0xd7/0x2f0
[ 150.569160][ T11] sock_ioctl+0x623/0x7a0
[ 150.573522][ T11] __se_sys_ioctl+0xfd/0x170
[ 150.578125][ T11] do_syscall_64+0x55/0xb0
[ 150.582553][ T11] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 150.588466][ T11]
[ 150.590797][ T11] Second to last potentially related work creation:
[ 150.597385][ T11] kasan_save_stack+0x3e/0x60
[ 150.602075][ T11] __kasan_record_aux_stack+0xaf/0xc0
[ 150.607464][ T11] insert_work+0x3d/0x310
[ 150.611810][ T11] __queue_work+0xc39/0x1020
[ 150.616410][ T11] queue_work_on+0x121/0x1e0
[ 150.621034][ T11] kcm_ioctl+0xe4f/0xff0
[ 150.625291][ T11] sock_do_ioctl+0xd7/0x2f0
[ 150.629835][ T11] sock_ioctl+0x623/0x7a0
[ 150.634274][ T11] __se_sys_ioctl+0xfd/0x170
[ 150.638882][ T11] do_syscall_64+0x55/0xb0
[ 150.643311][ T11] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 150.649242][ T11]
[ 150.651589][ T11] The buggy address belongs to the object at ffff8880309decc0
[ 150.651589][ T11] which belongs to the cache KCM of size 1720
[ 150.665058][ T11] The buggy address is located 176 bytes inside of
[ 150.665058][ T11] freed 1720-byte region [ffff8880309decc0, ffff8880309df378)
[ 150.678956][ T11]
[ 150.681316][ T11] The buggy address belongs to the physical page:
[ 150.687753][ T11] page:ffffea0000c27600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x309d8
[ 150.697922][ T11] head:ffffea0000c27600 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 150.706873][ T11] memcg:ffff88802572d501
[ 150.711127][ T11] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 150.719162][ T11] page_type: 0xffffffff()
[ 150.723526][ T11] raw: 00fff00000000840 ffff88802c6b0c80 dead000000000122 0000000000000000
[ 150.732127][ T11] raw: 0000000000000000 0000000080110011 00000001ffffffff ffff88802572d501
[ 150.740847][ T11] page dumped because: kasan: bad access detected
[ 150.747300][ T11] page_owner tracks the page as allocated
[ 150.753297][ T11] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 6085, tgid 6084 (syz.0.49), ts 137164214365, free_ts 133709240625
[ 150.776066][ T11] post_alloc_hook+0x1cd/0x210
[ 150.780861][ T11] get_page_from_freelist+0x195c/0x19f0
[ 150.786429][ T11] __alloc_pages+0x1e3/0x460
[ 150.791047][ T11] alloc_slab_page+0x5d/0x170
[ 150.795750][ T11] new_slab+0x87/0x2e0
[ 150.799841][ T11] ___slab_alloc+0xc6d/0x12f0
[ 150.804537][ T11] kmem_cache_alloc+0x1b7/0x2e0
[ 150.809400][ T11] sk_prot_alloc+0x57/0x210
[ 150.813924][ T11] sk_alloc+0x3a/0x360
[ 150.818062][ T11] kcm_create+0x100/0x570
[ 150.822436][ T11] __sock_create+0x4a6/0x940
[ 150.827073][ T11] __sys_socket+0xd7/0x1a0
[ 150.831513][ T11] __x64_sys_socket+0x7a/0x90
[ 150.836212][ T11] do_syscall_64+0x55/0xb0
[ 150.840646][ T11] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 150.846560][ T11] page last free stack trace:
[ 150.851238][ T11] free_unref_page_prepare+0x7ce/0x8e0
[ 150.856719][ T11] free_unref_page+0x32/0x2e0
[ 150.861414][ T11] __slab_free+0x35e/0x410
[ 150.865854][ T11] qlist_free_all+0x75/0xe0
[ 150.870373][ T11] kasan_quarantine_reduce+0x143/0x160
[ 150.875858][ T11] __kasan_slab_alloc+0x22/0x80
[ 150.880727][ T11] slab_post_alloc_hook+0x6e/0x4d0
[ 150.885867][ T11] kmem_cache_alloc+0x11e/0x2e0
[ 150.890777][ T11] getname_flags+0xbb/0x500
[ 150.895328][ T11] user_path_at_empty+0x2c/0x60
[ 150.900306][ T11] __x64_sys_umount+0xf5/0x170
[ 150.905112][ T11] do_syscall_64+0x55/0xb0
[ 150.909554][ T11] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 150.915507][ T11]
[ 150.917946][ T11] Memory state around the buggy address:
[ 150.923589][ T11] ffff8880309dec00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 150.931666][ T11] ffff8880309dec80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 150.939745][ T11] >ffff8880309ded00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 150.947824][ T11] ^
[ 150.955557][ T11] ffff8880309ded80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 150.963686][ T11] ffff8880309dee00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 150.971766][ T11] ==================================================================
[ 150.979860][ T11] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 150.987174][ T11] CPU: 0 PID: 11 Comm: kworker/u4:0 Not tainted 6.6.99-syzkaller #0
[ 150.995180][ T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 151.005259][ T11] Workqueue: kkcmd kcm_tx_work
[ 151.010057][ T11] Call Trace:
[ 151.013358][ T11]
[ 151.016308][ T11] dump_stack_lvl+0x16c/0x230
[ 151.021027][ T11] ? show_regs_print_info+0x20/0x20
[ 151.026337][ T11] ? load_image+0x3b0/0x3b0
[ 151.030875][ T11] panic+0x2c0/0x710
[ 151.034798][ T11] ? bpf_jit_dump+0xd0/0xd0
[ 151.039329][ T11] ? _raw_spin_unlock_irqrestore+0xae/0x110
[ 151.045254][ T11] ? _raw_spin_unlock+0x40/0x40
[ 151.050132][ T11] ? print_memory_metadata+0x314/0x400
[ 151.055625][ T11] ? __lock_acquire+0xff/0x7c80
[ 151.060500][ T11] check_panic_on_warn+0x84/0xa0
[ 151.065496][ T11] ? __lock_acquire+0xff/0x7c80
[ 151.070369][ T11] end_report+0x6f/0x140
[ 151.074637][ T11] kasan_report+0x128/0x150
[ 151.079182][ T11] ? __lock_acquire+0xff/0x7c80
[ 151.084069][ T11] __lock_acquire+0xff/0x7c80
[ 151.088772][ T11] ? lockdep_hardirqs_on_prepare+0x400/0x760
[ 151.094798][ T11] ? finish_task_switch+0x265/0x920
[ 151.100117][ T11] ? lockdep_hardirqs_on+0x98/0x150
[ 151.105347][ T11] ? finish_task_switch+0x265/0x920
[ 151.110560][ T11] ? verify_lock_unused+0x140/0x140
[ 151.115780][ T11] ? __schedule+0x14ea/0x4580
[ 151.120485][ T11] lock_acquire+0x197/0x410
[ 151.125073][ T11] ? __lock_sock+0x156/0x2a0
[ 151.129684][ T11] ? asan.module_dtor+0x20/0x20
[ 151.134556][ T11] ? __local_bh_disable_ip+0xff/0x190
[ 151.139947][ T11] ? read_lock_is_recursive+0x20/0x20
[ 151.145341][ T11] ? kthread_data+0x4f/0xc0
[ 151.149880][ T11] ? kthread_data+0x4f/0xc0
[ 151.154423][ T11] ? __lock_sock+0x156/0x2a0
[ 151.159040][ T11] _raw_spin_lock_bh+0x36/0x50
[ 151.163835][ T11] ? __lock_sock+0x156/0x2a0
[ 151.168528][ T11] __lock_sock+0x156/0x2a0
[ 151.172965][ T11] ? sk_stream_moderate_sndbuf+0x220/0x220
[ 151.178795][ T11] ? do_raw_spin_lock+0x121/0x2c0
[ 151.183845][ T11] ? wake_bit_function+0x200/0x200
[ 151.188978][ T11] ? __rwlock_init+0x150/0x150
[ 151.193771][ T11] ? lockdep_hardirqs_on_prepare+0x400/0x760
[ 151.199778][ T11] ? lock_sock_nested+0x6a/0x100
[ 151.204739][ T11] lock_sock_nested+0x9f/0x100
[ 151.209526][ T11] kcm_tx_work+0x31/0x180
[ 151.213877][ T11] ? process_scheduled_works+0x957/0x15b0
[ 151.219625][ T11] process_scheduled_works+0xa45/0x15b0
[ 151.225210][ T11] ? assign_work+0x400/0x400
[ 151.229828][ T11] ? assign_work+0x39e/0x400
[ 151.234439][ T11] worker_thread+0xa55/0xfc0
[ 151.239072][ T11] kthread+0x2fa/0x390
[ 151.243160][ T11] ? pr_cont_work+0x560/0x560
[ 151.247864][ T11] ? kthread_blkcg+0xd0/0xd0
[ 151.252477][ T11] ret_from_fork+0x48/0x80
[ 151.256919][ T11] ? kthread_blkcg+0xd0/0xd0
[ 151.261527][ T11] ret_from_fork_asm+0x11/0x20
[ 151.266326][ T11]
[ 151.269636][ T11] Kernel Offset: disabled
[ 151.274063][ T11] Rebooting in 86400 seconds..