Warning: Permanently added '10.128.0.10' (ED25519) to the list of known hosts.
2025/07/20 19:48:50 ignoring optional flag "sandboxArg"="0"
2025/07/20 19:48:51 parsed 1 programs
[ 184.429630][ T5875] cgroup: Unknown subsys name 'net'
[ 184.578042][ T5875] cgroup: Unknown subsys name 'cpuset'
[ 184.587359][ T5875] cgroup: Unknown subsys name 'rlimit'
[ 186.355983][ T5875] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 189.658047][ T5887] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 191.673738][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 191.682107][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 191.713856][ T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 191.722021][ T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 191.832116][ T5927] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 191.840780][ T5927] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 191.851044][ T5927] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 191.859726][ T5927] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 191.867928][ T5927] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 192.256256][ T5933] chnl_net:caif_netlink_parms(): no params data found
[ 192.371099][ T5933] bridge0: port 1(bridge_slave_0) entered blocking state
[ 192.379227][ T5933] bridge0: port 1(bridge_slave_0) entered disabled state
[ 192.386863][ T5933] bridge_slave_0: entered allmulticast mode
[ 192.395041][ T5933] bridge_slave_0: entered promiscuous mode
[ 192.407455][ T5933] bridge0: port 2(bridge_slave_1) entered blocking state
[ 192.415501][ T5933] bridge0: port 2(bridge_slave_1) entered disabled state
[ 192.422673][ T5933] bridge_slave_1: entered allmulticast mode
[ 192.430133][ T5933] bridge_slave_1: entered promiscuous mode
[ 192.469855][ T5933] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 192.482645][ T5933] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 192.527496][ T5933] team0: Port device team_slave_0 added
[ 192.541984][ T5933] team0: Port device team_slave_1 added
[ 192.574733][ T5933] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 192.581710][ T5933] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 192.607770][ T5933] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 192.622724][ T5933] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 192.630035][ T5933] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 192.656109][ T5933] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 192.749112][ T5933] hsr_slave_0: entered promiscuous mode
[ 192.756059][ T5933] hsr_slave_1: entered promiscuous mode
[ 192.922477][ T5933] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 192.935698][ T5933] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 192.946471][ T5933] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 192.957780][ T5933] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 193.036281][ T5933] 8021q: adding VLAN 0 to HW filter on device bond0
[ 193.060524][ T5933] 8021q: adding VLAN 0 to HW filter on device team0
[ 193.074112][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 193.081394][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 193.098411][ T64] bridge0: port 2(bridge_slave_1) entered blocking state
[ 193.105661][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 193.292259][ T5933] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 193.343206][ T5933] veth0_vlan: entered promiscuous mode
[ 193.356414][ T5933] veth1_vlan: entered promiscuous mode
[ 193.385984][ T5933] veth0_macvtap: entered promiscuous mode
[ 193.396694][ T5933] veth1_macvtap: entered promiscuous mode
[ 193.415002][ T5933] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 193.431494][ T5933] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 193.443848][ T5933] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 193.452874][ T5933] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 193.462720][ T5933] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 193.473275][ T5933] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 193.602011][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 193.676245][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 193.749837][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 193.830808][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 194.383068][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 194.391266][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
2025/07/20 19:49:04 executed programs: 0
[ 194.850710][ T5927] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 194.861349][ T5927] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 194.870033][ T5927] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 194.879791][ T5927] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 194.888187][ T5927] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 195.063673][ T5977] chnl_net:caif_netlink_parms(): no params data found
[ 195.139994][ T5977] bridge0: port 1(bridge_slave_0) entered blocking state
[ 195.147591][ T5977] bridge0: port 1(bridge_slave_0) entered disabled state
[ 195.155450][ T5977] bridge_slave_0: entered allmulticast mode
[ 195.162589][ T5977] bridge_slave_0: entered promiscuous mode
[ 195.171968][ T5977] bridge0: port 2(bridge_slave_1) entered blocking state
[ 195.179369][ T5977] bridge0: port 2(bridge_slave_1) entered disabled state
[ 195.186877][ T5977] bridge_slave_1: entered allmulticast mode
[ 195.194002][ T5977] bridge_slave_1: entered promiscuous mode
[ 195.231613][ T5977] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 195.243361][ T5977] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 195.279348][ T5977] team0: Port device team_slave_0 added
[ 195.290163][ T5977] team0: Port device team_slave_1 added
[ 195.323776][ T5977] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 195.330912][ T5977] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 195.357428][ T5977] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 195.371452][ T5977] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 195.378482][ T5977] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 195.405072][ T5977] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 195.454799][ T5977] hsr_slave_0: entered promiscuous mode
[ 195.461161][ T5977] hsr_slave_1: entered promiscuous mode
[ 195.467670][ T5977] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 195.475573][ T5977] Cannot create hsr debugfs directory
[ 196.768098][ T12] bridge_slave_1: left allmulticast mode
[ 196.775761][ T12] bridge_slave_1: left promiscuous mode
[ 196.782515][ T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 196.801029][ T12] bridge_slave_0: left allmulticast mode
[ 196.807516][ T12] bridge_slave_0: left promiscuous mode
[ 196.813378][ T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 196.945806][ T5167] Bluetooth: hci0: command tx timeout
[ 197.186270][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 197.201247][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 197.212217][ T12] bond0 (unregistering): Released all slaves
[ 197.329688][ T12] hsr_slave_0: left promiscuous mode
[ 197.356695][ T12] hsr_slave_1: left promiscuous mode
[ 197.367223][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 197.374771][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 197.383398][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 197.394080][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 197.418231][ T12] veth1_macvtap: left promiscuous mode
[ 197.426420][ T12] veth0_macvtap: left promiscuous mode
[ 197.432124][ T12] veth1_vlan: left promiscuous mode
[ 197.437958][ T12] veth0_vlan: left promiscuous mode
[ 197.910755][ T12] team0 (unregistering): Port device team_slave_1 removed
[ 197.940805][ T12] team0 (unregistering): Port device team_slave_0 removed
[ 198.491626][ T5977] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 198.505065][ T5977] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 198.517377][ T5977] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 198.544802][ T5977] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 199.017397][ T5167] Bluetooth: hci0: command tx timeout
[ 199.087100][ T5977] 8021q: adding VLAN 0 to HW filter on device bond0
[ 199.117487][ T5977] 8021q: adding VLAN 0 to HW filter on device team0
[ 199.132867][ T64] bridge0: port 1(bridge_slave_0) entered blocking state
[ 199.140470][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 199.156595][ T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 199.163770][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 199.387730][ T5977] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 199.429823][ T5977] veth0_vlan: entered promiscuous mode
[ 199.441554][ T5977] veth1_vlan: entered promiscuous mode
[ 199.469812][ T5977] veth0_macvtap: entered promiscuous mode
[ 199.479608][ T5977] veth1_macvtap: entered promiscuous mode
[ 199.499851][ T5977] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 199.515219][ T5977] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 199.529207][ T5977] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 199.538406][ T5977] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 199.547721][ T5977] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 199.556642][ T5977] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 199.626206][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 199.634157][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 199.667726][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 199.676651][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/07/20 19:49:10 executed programs: 3
[ 201.094616][ T5167] Bluetooth: hci0: command tx timeout
[ 203.174541][ T5167] Bluetooth: hci0: command tx timeout
2025/07/20 19:49:15 executed programs: 9
2025/07/20 19:49:20 executed programs: 15
2025/07/20 19:49:26 executed programs: 21
2025/07/20 19:49:31 executed programs: 27
2025/07/20 19:49:36 executed programs: 33
2025/07/20 19:49:41 executed programs: 39
2025/07/20 19:49:46 executed programs: 45
2025/07/20 19:49:51 executed programs: 51
2025/07/20 19:49:56 executed programs: 57
[ 247.419833][ T3496] ==================================================================
[ 247.428096][ T3496] BUG: KASAN: slab-use-after-free in _raw_spin_lock_bh+0x36/0x50
[ 247.435833][ T3496] Read of size 1 at addr ffff88807f9ff9d8 by task kworker/u8:8/3496
[ 247.443813][ T3496]
[ 247.446167][ T3496] CPU: 0 UID: 0 PID: 3496 Comm: kworker/u8:8 Not tainted 6.16.0-rc6-syzkaller-g7abc678e3084 #0 PREEMPT(full)
[ 247.446184][ T3496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 247.446193][ T3496] Workqueue: kkcmd kcm_tx_work
[ 247.446210][ T3496] Call Trace:
[ 247.446218][ T3496]
[ 247.446225][ T3496] dump_stack_lvl+0x189/0x250
[ 247.446240][ T3496] ? __virt_addr_valid+0x1c8/0x5c0
[ 247.446254][ T3496] ? rcu_is_watching+0x15/0xb0
[ 247.446267][ T3496] ? __kasan_check_byte+0x12/0x40
[ 247.446283][ T3496] ? __pfx_dump_stack_lvl+0x10/0x10
[ 247.446296][ T3496] ? rcu_is_watching+0x15/0xb0
[ 247.446308][ T3496] ? lock_release+0x4b/0x3e0
[ 247.446321][ T3496] ? __virt_addr_valid+0x1c8/0x5c0
[ 247.446335][ T3496] ? __virt_addr_valid+0x4a5/0x5c0
[ 247.446349][ T3496] print_report+0xca/0x230
[ 247.446360][ T3496] ? _raw_spin_lock_bh+0x36/0x50
[ 247.446376][ T3496] kasan_report+0x118/0x150
[ 247.446392][ T3496] ? _raw_spin_lock_bh+0x36/0x50
[ 247.446409][ T3496] ? __lock_sock+0x156/0x2b0
[ 247.446420][ T3496] __kasan_check_byte+0x2a/0x40
[ 247.446435][ T3496] lock_acquire+0x8d/0x360
[ 247.446447][ T3496] ? schedule+0x91/0x360
[ 247.446457][ T3496] ? kthread_data+0x4f/0xc0
[ 247.446470][ T3496] ? __lock_sock+0x156/0x2b0
[ 247.446481][ T3496] _raw_spin_lock_bh+0x36/0x50
[ 247.446497][ T3496] ? __lock_sock+0x156/0x2b0
[ 247.446507][ T3496] __lock_sock+0x156/0x2b0
[ 247.446519][ T3496] ? __pfx___lock_sock+0x10/0x10
[ 247.446529][ T3496] ? do_raw_spin_lock+0x121/0x290
[ 247.446544][ T3496] ? __pfx_autoremove_wake_function+0x10/0x10
[ 247.446560][ T3496] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 247.446577][ T3496] ? lock_sock_nested+0x6a/0x100
[ 247.446590][ T3496] lock_sock_nested+0x9f/0x100
[ 247.446603][ T3496] kcm_tx_work+0x31/0x180
[ 247.446615][ T3496] ? process_scheduled_works+0x9ef/0x17b0
[ 247.446628][ T3496] process_scheduled_works+0xae1/0x17b0
[ 247.446648][ T3496] ? __pfx_process_scheduled_works+0x10/0x10
[ 247.446664][ T3496] worker_thread+0x8a0/0xda0
[ 247.446678][ T3496] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 247.446697][ T3496] ? __kthread_parkme+0x7b/0x200
[ 247.446712][ T3496] kthread+0x70e/0x8a0
[ 247.446728][ T3496] ? __pfx_worker_thread+0x10/0x10
[ 247.446740][ T3496] ? __pfx_kthread+0x10/0x10
[ 247.446755][ T3496] ? _raw_spin_unlock_irq+0x23/0x50
[ 247.446770][ T3496] ? lockdep_hardirqs_on+0x9c/0x150
[ 247.446789][ T3496] ? __pfx_kthread+0x10/0x10
[ 247.446828][ T3496] ret_from_fork+0x3fc/0x770
[ 247.446851][ T3496] ? __pfx_ret_from_fork+0x10/0x10
[ 247.446872][ T3496] ? __switch_to_asm+0x39/0x70
[ 247.446886][ T3496] ? __switch_to_asm+0x33/0x70
[ 247.446899][ T3496] ? __pfx_kthread+0x10/0x10
[ 247.446914][ T3496] ret_from_fork_asm+0x1a/0x30
[ 247.446932][ T3496]
[ 247.446937][ T3496]
[ 247.714963][ T3496] Allocated by task 6252:
[ 247.719311][ T3496] kasan_save_track+0x3e/0x80
[ 247.724023][ T3496] __kasan_slab_alloc+0x6c/0x80
[ 247.728888][ T3496] kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 247.734448][ T3496] sk_prot_alloc+0x57/0x220
[ 247.739051][ T3496] sk_alloc+0x3a/0x370
[ 247.743134][ T3496] kcm_ioctl+0x214/0xff0
[ 247.747387][ T3496] sock_do_ioctl+0xd9/0x300
[ 247.751898][ T3496] sock_ioctl+0x576/0x790
[ 247.756339][ T3496] __se_sys_ioctl+0xf9/0x170
[ 247.760973][ T3496] do_syscall_64+0xfa/0x3b0
[ 247.765503][ T3496] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 247.771412][ T3496]
[ 247.773747][ T3496] Freed by task 6253:
[ 247.777740][ T3496] kasan_save_track+0x3e/0x80
[ 247.782519][ T3496] kasan_save_free_info+0x46/0x50
[ 247.787589][ T3496] __kasan_slab_free+0x62/0x70
[ 247.792371][ T3496] kmem_cache_free+0x18f/0x400
[ 247.797153][ T3496] __sk_destruct+0x4d2/0x660
[ 247.801757][ T3496] kcm_release+0x528/0x5c0
[ 247.806182][ T3496] sock_close+0xc0/0x240
[ 247.810434][ T3496] __fput+0x44c/0xa70
[ 247.814422][ T3496] fput_close_sync+0x119/0x200
[ 247.819191][ T3496] __x64_sys_close+0x7f/0x110
[ 247.823975][ T3496] do_syscall_64+0xfa/0x3b0
[ 247.828487][ T3496] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 247.834393][ T3496]
[ 247.836726][ T3496] Last potentially related work creation:
[ 247.842445][ T3496] kasan_save_stack+0x3e/0x60
[ 247.847133][ T3496] kasan_record_aux_stack+0xbd/0xd0
[ 247.852338][ T3496] insert_work+0x3d/0x330
[ 247.856696][ T3496] __queue_work+0xcfc/0xfe0
[ 247.861225][ T3496] queue_work_on+0x181/0x270
[ 247.865833][ T3496] kcm_unattach+0x863/0xe90
[ 247.870346][ T3496] kcm_ioctl+0x794/0xff0
[ 247.874598][ T3496] sock_do_ioctl+0xd9/0x300
[ 247.879109][ T3496] sock_ioctl+0x576/0x790
[ 247.883446][ T3496] __se_sys_ioctl+0xf9/0x170
[ 247.888133][ T3496] do_syscall_64+0xfa/0x3b0
[ 247.892647][ T3496] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 247.898554][ T3496]
[ 247.900886][ T3496] Second to last potentially related work creation:
[ 247.907477][ T3496] kasan_save_stack+0x3e/0x60
[ 247.912168][ T3496] kasan_record_aux_stack+0xbd/0xd0
[ 247.917383][ T3496] insert_work+0x3d/0x330
[ 247.921827][ T3496] __queue_work+0xcfc/0xfe0
[ 247.926780][ T3496] queue_work_on+0x181/0x270
[ 247.931379][ T3496] kcm_ioctl+0xe52/0xff0
[ 247.935630][ T3496] sock_do_ioctl+0xd9/0x300
[ 247.940139][ T3496] sock_ioctl+0x576/0x790
[ 247.944494][ T3496] __se_sys_ioctl+0xf9/0x170
[ 247.949116][ T3496] do_syscall_64+0xfa/0x3b0
[ 247.953638][ T3496] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 247.959540][ T3496]
[ 247.961955][ T3496] The buggy address belongs to the object at ffff88807f9ff800
[ 247.961955][ T3496] which belongs to the cache KCM of size 1792
[ 247.975407][ T3496] The buggy address is located 472 bytes inside of
[ 247.975407][ T3496] freed 1792-byte region [ffff88807f9ff800, ffff88807f9fff00)
[ 247.989297][ T3496]
[ 247.991626][ T3496] The buggy address belongs to the physical page:
[ 247.998039][ T3496] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7f9f8
[ 248.006899][ T3496] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 248.015403][ T3496] memcg:ffff888024dbdc01
[ 248.019642][ T3496] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 248.027190][ T3496] page_type: f5(slab)
[ 248.031183][ T3496] raw: 00fff00000000040 ffff8880308ba3c0 dead000000000122 0000000000000000
[ 248.039770][ T3496] raw: 0000000000000000 0000000080110011 00000000f5000000 ffff888024dbdc01
[ 248.048357][ T3496] head: 00fff00000000040 ffff8880308ba3c0 dead000000000122 0000000000000000
[ 248.057066][ T3496] head: 0000000000000000 0000000080110011 00000000f5000000 ffff888024dbdc01
[ 248.065836][ T3496] head: 00fff00000000003 ffffea0001fe7e01 00000000ffffffff 00000000ffffffff
[ 248.074525][ T3496] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 248.083230][ T3496] page dumped because: kasan: bad access detected
[ 248.089642][ T3496] page_owner tracks the page as allocated
[ 248.095360][ T3496] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6176, tgid 6174 (syz.0.53), ts 231233235204, free_ts 231218812986
[ 248.116569][ T3496] post_alloc_hook+0x240/0x2a0
[ 248.121352][ T3496] get_page_from_freelist+0x21e4/0x22c0
[ 248.126905][ T3496] __alloc_frozen_pages_noprof+0x181/0x370
[ 248.132717][ T3496] alloc_pages_mpol+0x232/0x4a0
[ 248.137586][ T3496] allocate_slab+0x8a/0x3b0
[ 248.142099][ T3496] ___slab_alloc+0xbfc/0x1480
[ 248.146778][ T3496] kmem_cache_alloc_noprof+0x283/0x3c0
[ 248.152248][ T3496] sk_prot_alloc+0x57/0x220
[ 248.156764][ T3496] sk_alloc+0x3a/0x370
[ 248.160842][ T3496] kcm_ioctl+0x214/0xff0
[ 248.165088][ T3496] sock_do_ioctl+0xd9/0x300
[ 248.169696][ T3496] sock_ioctl+0x576/0x790
[ 248.174032][ T3496] __se_sys_ioctl+0xf9/0x170
[ 248.178639][ T3496] do_syscall_64+0xfa/0x3b0
[ 248.183147][ T3496] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 248.189047][ T3496] page last free pid 49 tgid 49 stack trace:
[ 248.195027][ T3496] __free_frozen_pages+0xc71/0xe70
[ 248.200154][ T3496] __folio_put+0x21b/0x2c0
[ 248.204577][ T3496] page_to_skb+0x738/0x930
[ 248.209002][ T3496] receive_buf+0x45f/0x15e0
[ 248.213513][ T3496] virtnet_poll+0x1fde/0x2da0
[ 248.218329][ T3496] __napi_poll+0xc7/0x480
[ 248.222688][ T3496] net_rx_action+0x707/0xe30
[ 248.227307][ T3496] handle_softirqs+0x286/0x870
[ 248.232085][ T3496] __irq_exit_rcu+0xca/0x1f0
[ 248.236773][ T3496] irq_exit_rcu+0x9/0x30
[ 248.241035][ T3496] common_interrupt+0xbb/0xe0
[ 248.245724][ T3496] asm_common_interrupt+0x26/0x40
[ 248.250808][ T3496]
[ 248.253142][ T3496] Memory state around the buggy address:
[ 248.258866][ T3496] ffff88807f9ff880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 248.266937][ T3496] ffff88807f9ff900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 248.275102][ T3496] >ffff88807f9ff980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 248.283165][ T3496] ^
[ 248.290113][ T3496] ffff88807f9ffa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 248.298181][ T3496] ffff88807f9ffa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 248.306250][ T3496] ==================================================================
[ 248.314484][ T3496] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 248.321836][ T3496] CPU: 0 UID: 0 PID: 3496 Comm: kworker/u8:8 Not tainted 6.16.0-rc6-syzkaller-g7abc678e3084 #0 PREEMPT(full)
[ 248.333496][ T3496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 248.343589][ T3496] Workqueue: kkcmd kcm_tx_work
[ 248.348381][ T3496] Call Trace:
[ 248.351671][ T3496]
[ 248.354615][ T3496] dump_stack_lvl+0x99/0x250
[ 248.359236][ T3496] ? __asan_memcpy+0x40/0x70
[ 248.363839][ T3496] ? __pfx_dump_stack_lvl+0x10/0x10
[ 248.369058][ T3496] ? __pfx__printk+0x10/0x10
[ 248.373665][ T3496] panic+0x2db/0x790
[ 248.377616][ T3496] ? lockdep_hardirqs_on+0x9c/0x150
[ 248.382829][ T3496] ? __pfx_panic+0x10/0x10
[ 248.387257][ T3496] ? _raw_spin_unlock_irqrestore+0xa8/0x110
[ 248.393160][ T3496] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 248.399059][ T3496] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 248.405407][ T3496] ? _raw_spin_lock_bh+0x36/0x50
[ 248.410364][ T3496] check_panic_on_warn+0x89/0xb0
[ 248.415413][ T3496] ? _raw_spin_lock_bh+0x36/0x50
[ 248.420371][ T3496] end_report+0x78/0x160
[ 248.424637][ T3496] kasan_report+0x129/0x150
[ 248.429157][ T3496] ? _raw_spin_lock_bh+0x36/0x50
[ 248.434109][ T3496] ? __lock_sock+0x156/0x2b0
[ 248.438813][ T3496] __kasan_check_byte+0x2a/0x40
[ 248.443682][ T3496] lock_acquire+0x8d/0x360
[ 248.448149][ T3496] ? schedule+0x91/0x360
[ 248.452399][ T3496] ? kthread_data+0x4f/0xc0
[ 248.456930][ T3496] ? __lock_sock+0x156/0x2b0
[ 248.461526][ T3496] _raw_spin_lock_bh+0x36/0x50
[ 248.466325][ T3496] ? __lock_sock+0x156/0x2b0
[ 248.470951][ T3496] __lock_sock+0x156/0x2b0
[ 248.475404][ T3496] ? __pfx___lock_sock+0x10/0x10
[ 248.480354][ T3496] ? do_raw_spin_lock+0x121/0x290
[ 248.485400][ T3496] ? __pfx_autoremove_wake_function+0x10/0x10
[ 248.491484][ T3496] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 248.496874][ T3496] ? lock_sock_nested+0x6a/0x100
[ 248.501870][ T3496] lock_sock_nested+0x9f/0x100
[ 248.506647][ T3496] kcm_tx_work+0x31/0x180
[ 248.510995][ T3496] ? process_scheduled_works+0x9ef/0x17b0
[ 248.516732][ T3496] process_scheduled_works+0xae1/0x17b0
[ 248.522307][ T3496] ? __pfx_process_scheduled_works+0x10/0x10
[ 248.528302][ T3496] worker_thread+0x8a0/0xda0
[ 248.532908][ T3496] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 248.539259][ T3496] ? __kthread_parkme+0x7b/0x200
[ 248.544241][ T3496] kthread+0x70e/0x8a0
[ 248.548328][ T3496] ? __pfx_worker_thread+0x10/0x10
[ 248.553454][ T3496] ? __pfx_kthread+0x10/0x10
[ 248.558061][ T3496] ? _raw_spin_unlock_irq+0x23/0x50
[ 248.563264][ T3496] ? lockdep_hardirqs_on+0x9c/0x150
[ 248.568479][ T3496] ? __pfx_kthread+0x10/0x10
[ 248.573361][ T3496] ret_from_fork+0x3fc/0x770
[ 248.577989][ T3496] ? __pfx_ret_from_fork+0x10/0x10
[ 248.583127][ T3496] ? __switch_to_asm+0x39/0x70
[ 248.587911][ T3496] ? __switch_to_asm+0x33/0x70
[ 248.593120][ T3496] ? __pfx_kthread+0x10/0x10
[ 248.597738][ T3496] ret_from_fork_asm+0x1a/0x30
[ 248.602522][ T3496]
[ 248.605848][ T3496] Kernel Offset: disabled
[ 248.610172][ T3496] Rebooting in 86400 seconds..