Warning: Permanently added '10.128.0.202' (ED25519) to the list of known hosts.
2025/07/18 09:34:38 ignoring optional flag "sandboxArg"="0"
2025/07/18 09:34:39 parsed 1 programs
[   71.481068][ T5793] cgroup: Unknown subsys name 'net'
[   71.632890][ T5793] cgroup: Unknown subsys name 'rlimit'
[   73.089194][ T5793] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   75.062137][ T5819] chnl_net:caif_netlink_parms(): no params data found
[   75.123427][ T5819] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.130906][ T5819] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.138470][ T5819] bridge_slave_0: entered allmulticast mode
[   75.146459][ T5819] bridge_slave_0: entered promiscuous mode
[   75.159358][ T5819] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.166557][ T5819] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.173677][ T5819] bridge_slave_1: entered allmulticast mode
[   75.180620][ T5819] bridge_slave_1: entered promiscuous mode
[   75.211637][ T5819] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   75.223151][ T5819] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   75.251555][ T5819] team0: Port device team_slave_0 added
[   75.259313][ T5819] team0: Port device team_slave_1 added
[   75.281040][ T5819] batman_adv: batadv0: Adding interface: batadv_slave_0
[   75.289382][ T5819] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   75.315336][ T5819] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   75.331002][ T5819] batman_adv: batadv0: Adding interface: batadv_slave_1
[   75.338306][ T5819] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   75.364746][ T5819] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   75.401144][ T5819] hsr_slave_0: entered promiscuous mode
[   75.409069][ T5819] hsr_slave_1: entered promiscuous mode
[   75.544980][ T5819] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   75.557202][ T5819] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   75.567008][ T5819] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   75.577025][ T5819] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   75.631057][ T5819] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.638335][ T5819] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.646420][ T5819] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.653502][ T5819] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.710695][ T5819] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.737571][ T1147] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.751639][ T1147] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.771375][ T5819] 8021q: adding VLAN 0 to HW filter on device team0
[   75.785009][ T1147] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.792614][ T1147] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.809959][ T1147] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.817117][ T1147] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.999925][ T5819] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.048353][ T5819] veth0_vlan: entered promiscuous mode
[   76.064842][ T5819] veth1_vlan: entered promiscuous mode
[   76.091916][ T5819] veth0_macvtap: entered promiscuous mode
[   76.105657][ T5819] veth1_macvtap: entered promiscuous mode
[   76.122821][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.151049][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.167181][ T5819] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.177902][ T5819] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.187689][ T5819] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.196802][ T5819] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.349871][   T42] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.494500][ T5848] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   76.505125][ T5848] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   76.513234][ T5848] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   76.522259][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   76.530202][ T5848] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   76.537728][ T5848] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   78.873283][   T42] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.969631][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.978336][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.005092][ T1147] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.013343][ T1147] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/07/18 09:34:49 executed programs: 0
[   79.386151][ T5848] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   79.394242][ T5848] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   79.404257][ T5848] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   79.412619][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   79.420808][ T5848] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   79.428915][ T5848] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   79.552642][ T5899] chnl_net:caif_netlink_parms(): no params data found
[   79.608809][ T5899] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.616015][ T5899] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.623202][ T5899] bridge_slave_0: entered allmulticast mode
[   79.630580][ T5899] bridge_slave_0: entered promiscuous mode
[   79.638084][ T5899] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.645159][ T5899] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.653228][ T5899] bridge_slave_1: entered allmulticast mode
[   79.660170][ T5899] bridge_slave_1: entered promiscuous mode
[   79.685729][ T5899] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   79.697890][ T5899] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   79.727084][ T5899] team0: Port device team_slave_0 added
[   79.734695][ T5899] team0: Port device team_slave_1 added
[   79.761007][ T5899] batman_adv: batadv0: Adding interface: batadv_slave_0
[   79.768057][ T5899] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.795006][ T5899] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   79.807897][ T5899] batman_adv: batadv0: Adding interface: batadv_slave_1
[   79.814867][ T5899] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.841199][ T5899] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   79.878459][ T5899] hsr_slave_0: entered promiscuous mode
[   79.884893][ T5899] hsr_slave_1: entered promiscuous mode
[   79.891677][ T5899] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   79.900208][ T5899] Cannot create hsr debugfs directory
[   81.335993][   T42] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.388678][   T42] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.496699][ T5848] Bluetooth: hci0: command tx timeout
[   81.817543][  T788] cfg80211: failed to load regulatory.db
[   82.268006][ T5899] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   82.278814][ T5899] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   82.289941][ T5899] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   82.301450][ T5899] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   82.363045][   T42] hsr_slave_0: left promiscuous mode
[   82.371379][   T42] hsr_slave_1: left promiscuous mode
[   82.379221][   T42] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   82.387669][   T42] batman_adv: batadv0: Removing interface: batadv_slave_0
[   82.395990][   T42] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   82.403386][   T42] batman_adv: batadv0: Removing interface: batadv_slave_1
[   82.412742][   T42] bridge_slave_1: left allmulticast mode
[   82.418635][   T42] bridge_slave_1: left promiscuous mode
[   82.424973][   T42] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.435995][   T42] bridge_slave_0: left allmulticast mode
[   82.441756][   T42] bridge_slave_0: left promiscuous mode
[   82.449115][   T42] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.471562][   T42] veth1_macvtap: left promiscuous mode
[   82.477368][   T42] veth0_macvtap: left promiscuous mode
[   82.483032][   T42] veth1_vlan: left promiscuous mode
[   82.488733][   T42] veth0_vlan: left promiscuous mode
[   82.843160][   T42] team0 (unregistering): Port device team_slave_1 removed
[   82.876807][   T42] team0 (unregistering): Port device team_slave_0 removed
[   82.906232][   T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   82.937980][   T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   83.203618][   T42] bond0 (unregistering): Released all slaves
[   83.326950][ T5899] 8021q: adding VLAN 0 to HW filter on device bond0
[   83.344655][ T5899] 8021q: adding VLAN 0 to HW filter on device team0
[   83.359062][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.366353][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[   83.390822][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.398242][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[   83.575420][ T5848] Bluetooth: hci0: command tx timeout
[   83.611753][ T5899] 8021q: adding VLAN 0 to HW filter on device batadv0
[   83.650501][ T5899] veth0_vlan: entered promiscuous mode
[   83.665199][ T5899] veth1_vlan: entered promiscuous mode
[   83.703216][ T5899] veth0_macvtap: entered promiscuous mode
[   83.714588][ T5899] veth1_macvtap: entered promiscuous mode
[   83.757471][ T5899] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.777563][ T5899] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.794519][ T5899] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.803574][ T5899] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.813791][ T5899] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.824844][ T5899] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.968034][   T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.980339][   T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.023166][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.032056][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/07/18 09:34:55 executed programs: 3
[   85.655560][ T5848] Bluetooth: hci0: command tx timeout
[   87.735446][ T5848] Bluetooth: hci0: command tx timeout
2025/07/18 09:35:00 executed programs: 9
2025/07/18 09:35:05 executed programs: 15
2025/07/18 09:35:10 executed programs: 21
2025/07/18 09:35:15 executed programs: 27
2025/07/18 09:35:20 executed programs: 33
2025/07/18 09:35:25 executed programs: 39
2025/07/18 09:35:30 executed programs: 45
2025/07/18 09:35:36 executed programs: 51
2025/07/18 09:35:41 executed programs: 57
[  133.019220][ T1283] ieee802154 phy0 wpan0: encryption failed: -22
[  133.026052][ T1283] ieee802154 phy1 wpan1: encryption failed: -22
2025/07/18 09:35:46 executed programs: 63
2025/07/18 09:35:51 executed programs: 69
2025/07/18 09:35:56 executed programs: 75
2025/07/18 09:36:01 executed programs: 81
2025/07/18 09:36:06 executed programs: 87
2025/07/18 09:36:11 executed programs: 93
2025/07/18 09:36:17 executed programs: 99
2025/07/18 09:36:22 executed programs: 105
[  174.672172][   T48] ==================================================================
[  174.680275][   T48] BUG: KASAN: slab-use-after-free in __lock_acquire+0xff/0x7c80
[  174.687909][   T48] Read of size 8 at addr ffff88807d0e9db0 by task kworker/u4:3/48
[  174.695702][   T48] 
[  174.698038][   T48] CPU: 1 PID: 48 Comm: kworker/u4:3 Not tainted 6.6.99-syzkaller #0
[  174.706009][   T48] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  174.716067][   T48] Workqueue: kkcmd kcm_tx_work
[  174.720874][   T48] Call Trace:
[  174.724143][   T48]  <TASK>
[  174.727079][   T48]  dump_stack_lvl+0x16c/0x230
[  174.731754][   T48]  ? __lock_acquire+0x7c80/0x7c80
[  174.736779][   T48]  ? show_regs_print_info+0x20/0x20
[  174.741970][   T48]  ? load_image+0x3b0/0x3b0
[  174.746482][   T48]  ? __virt_addr_valid+0x469/0x540
[  174.751606][   T48]  print_report+0xac/0x200
[  174.756023][   T48]  ? __lock_acquire+0xff/0x7c80
[  174.760874][   T48]  kasan_report+0x117/0x150
[  174.765366][   T48]  ? __lock_acquire+0xff/0x7c80
[  174.770205][   T48]  __lock_acquire+0xff/0x7c80
[  174.774872][   T48]  ? sock_def_write_space+0x22/0x320
[  174.780146][   T48]  ? verify_lock_unused+0x140/0x140
[  174.785349][   T48]  ? sock_def_write_space+0x22/0x320
[  174.790618][   T48]  ? sock_def_write_space+0x293/0x320
[  174.795986][   T48]  ? kcm_write_msgs+0x13b6/0x14e0
[  174.801008][   T48]  ? mark_lock+0x94/0x320
[  174.805329][   T48]  lock_acquire+0x197/0x410
[  174.809827][   T48]  ? release_sock+0x2f/0x1c0
[  174.814399][   T48]  ? read_lock_is_recursive+0x20/0x20
[  174.819756][   T48]  ? __local_bh_disable_ip+0xff/0x190
[  174.825120][   T48]  ? __bpf_trace_tasklet+0x140/0x140
[  174.830386][   T48]  ? __local_bh_enable_ip+0x12e/0x1c0
[  174.835754][   T48]  ? _local_bh_enable+0xa0/0xa0
[  174.840612][   T48]  ? release_sock+0x2f/0x1c0
[  174.845196][   T48]  _raw_spin_lock_bh+0x36/0x50
[  174.849966][   T48]  ? release_sock+0x2f/0x1c0
[  174.854536][   T48]  release_sock+0x2f/0x1c0
[  174.858937][   T48]  ? process_scheduled_works+0x957/0x15b0
[  174.864651][   T48]  process_scheduled_works+0xa45/0x15b0
[  174.870190][   T48]  ? assign_work+0x400/0x400
[  174.874814][   T48]  ? assign_work+0x39e/0x400
[  174.879389][   T48]  worker_thread+0xa55/0xfc0
[  174.883971][   T48]  kthread+0x2fa/0x390
[  174.888020][   T48]  ? pr_cont_work+0x560/0x560
[  174.892680][   T48]  ? kthread_blkcg+0xd0/0xd0
[  174.897253][   T48]  ret_from_fork+0x48/0x80
[  174.901651][   T48]  ? kthread_blkcg+0xd0/0xd0
[  174.906222][   T48]  ret_from_fork_asm+0x11/0x20
[  174.910977][   T48]  </TASK>
[  174.913978][   T48] 
[  174.916302][   T48] Allocated by task 6383:
[  174.920622][   T48]  kasan_set_track+0x4e/0x70
[  174.925198][   T48]  __kasan_slab_alloc+0x6c/0x80
[  174.930053][   T48]  slab_post_alloc_hook+0x6e/0x4d0
[  174.935161][   T48]  kmem_cache_alloc+0x11e/0x2e0
[  174.940010][   T48]  sk_prot_alloc+0x57/0x210
[  174.944500][   T48]  sk_alloc+0x3a/0x360
[  174.948561][   T48]  kcm_ioctl+0x215/0xff0
[  174.952787][   T48]  sock_do_ioctl+0xd7/0x2f0
[  174.957276][   T48]  sock_ioctl+0x623/0x7a0
[  174.961594][   T48]  __se_sys_ioctl+0xfd/0x170
[  174.966182][   T48]  do_syscall_64+0x55/0xb0
[  174.970588][   T48]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  174.976477][   T48] 
[  174.978793][   T48] Freed by task 6384:
[  174.982750][   T48]  kasan_set_track+0x4e/0x70
[  174.987355][   T48]  kasan_save_free_info+0x2e/0x50
[  174.992381][   T48]  ____kasan_slab_free+0x126/0x1e0
[  174.997482][   T48]  slab_free_freelist_hook+0x130/0x1b0
[  175.002953][   T48]  kmem_cache_free+0xf8/0x280
[  175.007630][   T48]  __sk_destruct+0x485/0x620
[  175.012238][   T48]  kcm_release+0x524/0x5b0
[  175.016673][   T48]  sock_close+0xbd/0x230
[  175.020909][   T48]  __fput+0x234/0x970
[  175.024879][   T48]  __se_sys_close+0x15f/0x220
[  175.029553][   T48]  do_syscall_64+0x55/0xb0
[  175.033965][   T48]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  175.039851][   T48] 
[  175.042161][   T48] Last potentially related work creation:
[  175.047859][   T48]  kasan_save_stack+0x3e/0x60
[  175.052544][   T48]  __kasan_record_aux_stack+0xaf/0xc0
[  175.057908][   T48]  insert_work+0x3d/0x310
[  175.062222][   T48]  __queue_work+0xc39/0x1020
[  175.066802][   T48]  queue_work_on+0x121/0x1e0
[  175.071380][   T48]  kcm_unattach+0x861/0xe80
[  175.075889][   T48]  kcm_ioctl+0x791/0xff0
[  175.080162][   T48]  sock_do_ioctl+0xd7/0x2f0
[  175.084673][   T48]  sock_ioctl+0x623/0x7a0
[  175.088999][   T48]  __se_sys_ioctl+0xfd/0x170
[  175.093576][   T48]  do_syscall_64+0x55/0xb0
[  175.097983][   T48]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  175.103895][   T48] 
[  175.106204][   T48] Second to last potentially related work creation:
[  175.112767][   T48]  kasan_save_stack+0x3e/0x60
[  175.117430][   T48]  __kasan_record_aux_stack+0xaf/0xc0
[  175.122786][   T48]  insert_work+0x3d/0x310
[  175.127104][   T48]  __queue_work+0xc39/0x1020
[  175.131680][   T48]  queue_work_on+0x121/0x1e0
[  175.136260][   T48]  kcm_ioctl+0xe4f/0xff0
[  175.140503][   T48]  sock_do_ioctl+0xd7/0x2f0
[  175.144991][   T48]  sock_ioctl+0x623/0x7a0
[  175.149305][   T48]  __se_sys_ioctl+0xfd/0x170
[  175.153878][   T48]  do_syscall_64+0x55/0xb0
[  175.158278][   T48]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  175.164172][   T48] 
[  175.166479][   T48] The buggy address belongs to the object at ffff88807d0e9d00
[  175.166479][   T48]  which belongs to the cache KCM of size 1720
[  175.180088][   T48] The buggy address is located 176 bytes inside of
[  175.180088][   T48]  freed 1720-byte region [ffff88807d0e9d00, ffff88807d0ea3b8)
[  175.193974][   T48] 
[  175.196291][   T48] The buggy address belongs to the physical page:
[  175.202720][   T48] page:ffffea0001f43a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7d0e8
[  175.212878][   T48] head:ffffea0001f43a00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  175.221805][   T48] memcg:ffff888024196201
[  175.226034][   T48] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  175.234008][   T48] page_type: 0xffffffff()
[  175.238335][   T48] raw: 00fff00000000840 ffff88802c39d280 dead000000000122 0000000000000000
[  175.246901][   T48] raw: 0000000000000000 0000000080110011 00000001ffffffff ffff888024196201
[  175.255469][   T48] page dumped because: kasan: bad access detected
[  175.261880][   T48] page_owner tracks the page as allocated
[  175.267584][   T48] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 6370, tgid 6369 (syz.0.119), ts 172058472506, free_ts 172056728285
[  175.290239][   T48]  post_alloc_hook+0x1cd/0x210
[  175.295001][   T48]  get_page_from_freelist+0x195c/0x19f0
[  175.300546][   T48]  __alloc_pages+0x1e3/0x460
[  175.305126][   T48]  alloc_slab_page+0x5d/0x170
[  175.309798][   T48]  new_slab+0x87/0x2e0
[  175.313856][   T48]  ___slab_alloc+0xc6d/0x12f0
[  175.318524][   T48]  kmem_cache_alloc+0x1b7/0x2e0
[  175.323362][   T48]  sk_prot_alloc+0x57/0x210
[  175.327850][   T48]  sk_alloc+0x3a/0x360
[  175.331902][   T48]  kcm_create+0x100/0x570
[  175.336247][   T48]  __sock_create+0x4a6/0x940
[  175.340835][   T48]  __sys_socket+0xd7/0x1a0
[  175.345254][   T48]  __x64_sys_socket+0x7a/0x90
[  175.349923][   T48]  do_syscall_64+0x55/0xb0
[  175.354317][   T48]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  175.360195][   T48] page last free stack trace:
[  175.364845][   T48]  free_unref_page_prepare+0x7ce/0x8e0
[  175.370289][   T48]  free_unref_page+0x32/0x2e0
[  175.374948][   T48]  __unfreeze_partials+0x1cf/0x210
[  175.380044][   T48]  put_cpu_partial+0x17c/0x250
[  175.384793][   T48]  __slab_free+0x31d/0x410
[  175.389192][   T48]  qlist_free_all+0x75/0xe0
[  175.393683][   T48]  kasan_quarantine_reduce+0x143/0x160
[  175.399129][   T48]  __kasan_slab_alloc+0x22/0x80
[  175.403964][   T48]  slab_post_alloc_hook+0x6e/0x4d0
[  175.409060][   T48]  kmem_cache_alloc+0x11e/0x2e0
[  175.413899][   T48]  __pmd_alloc+0x116/0x880
[  175.418302][   T48]  handle_mm_fault+0xb3d/0x4920
[  175.423228][   T48]  do_user_addr_fault+0xad0/0x12e0
[  175.428323][   T48]  exc_page_fault+0x67/0x110
[  175.432901][   T48]  asm_exc_page_fault+0x26/0x30
[  175.437739][   T48] 
[  175.440044][   T48] Memory state around the buggy address:
[  175.445657][   T48]  ffff88807d0e9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  175.453715][   T48]  ffff88807d0e9d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  175.461803][   T48] >ffff88807d0e9d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  175.469847][   T48]                                      ^
[  175.475461][   T48]  ffff88807d0e9e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  175.483505][   T48]  ffff88807d0e9e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  175.491562][   T48] ==================================================================
[  175.499628][   T48] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  175.506810][   T48] CPU: 1 PID: 48 Comm: kworker/u4:3 Not tainted 6.6.99-syzkaller #0
[  175.514773][   T48] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  175.524819][   T48] Workqueue: kkcmd kcm_tx_work
[  175.529579][   T48] Call Trace:
[  175.532842][   T48]  <TASK>
[  175.535763][   T48]  dump_stack_lvl+0x16c/0x230
[  175.540437][   T48]  ? show_regs_print_info+0x20/0x20
[  175.545622][   T48]  ? load_image+0x3b0/0x3b0
[  175.550118][   T48]  panic+0x2c0/0x710
[  175.554004][   T48]  ? bpf_jit_dump+0xd0/0xd0
[  175.558495][   T48]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  175.564378][   T48]  ? _raw_spin_unlock+0x40/0x40
[  175.569214][   T48]  ? print_memory_metadata+0x314/0x400
[  175.574657][   T48]  ? __lock_acquire+0xff/0x7c80
[  175.579494][   T48]  check_panic_on_warn+0x84/0xa0
[  175.584417][   T48]  ? __lock_acquire+0xff/0x7c80
[  175.589255][   T48]  end_report+0x6f/0x140
[  175.593487][   T48]  kasan_report+0x128/0x150
[  175.597977][   T48]  ? __lock_acquire+0xff/0x7c80
[  175.602821][   T48]  __lock_acquire+0xff/0x7c80
[  175.607492][   T48]  ? sock_def_write_space+0x22/0x320
[  175.612769][   T48]  ? verify_lock_unused+0x140/0x140
[  175.617953][   T48]  ? sock_def_write_space+0x22/0x320
[  175.623224][   T48]  ? sock_def_write_space+0x293/0x320
[  175.628582][   T48]  ? kcm_write_msgs+0x13b6/0x14e0
[  175.633595][   T48]  ? mark_lock+0x94/0x320
[  175.637914][   T48]  lock_acquire+0x197/0x410
[  175.642405][   T48]  ? release_sock+0x2f/0x1c0
[  175.646984][   T48]  ? read_lock_is_recursive+0x20/0x20
[  175.652346][   T48]  ? __local_bh_disable_ip+0xff/0x190
[  175.657704][   T48]  ? __bpf_trace_tasklet+0x140/0x140
[  175.662970][   T48]  ? __local_bh_enable_ip+0x12e/0x1c0
[  175.668323][   T48]  ? _local_bh_enable+0xa0/0xa0
[  175.673157][   T48]  ? release_sock+0x2f/0x1c0
[  175.677735][   T48]  _raw_spin_lock_bh+0x36/0x50
[  175.682488][   T48]  ? release_sock+0x2f/0x1c0
[  175.687060][   T48]  release_sock+0x2f/0x1c0
[  175.691457][   T48]  ? process_scheduled_works+0x957/0x15b0
[  175.697163][   T48]  process_scheduled_works+0xa45/0x15b0
[  175.702709][   T48]  ? assign_work+0x400/0x400
[  175.707287][   T48]  ? assign_work+0x39e/0x400
[  175.711864][   T48]  worker_thread+0xa55/0xfc0
[  175.716446][   T48]  kthread+0x2fa/0x390
[  175.720517][   T48]  ? pr_cont_work+0x560/0x560
[  175.725176][   T48]  ? kthread_blkcg+0xd0/0xd0
[  175.729750][   T48]  ret_from_fork+0x48/0x80
[  175.734150][   T48]  ? kthread_blkcg+0xd0/0xd0
[  175.738721][   T48]  ret_from_fork_asm+0x11/0x20
[  175.743484][   T48]  </TASK>
[  175.746753][   T48] Kernel Offset: disabled
[  175.751058][   T48] Rebooting in 86400 seconds..