Warning: Permanently added '10.128.1.246' (ED25519) to the list of known hosts.
2025/07/21 17:01:33 ignoring optional flag "sandboxArg"="0"
2025/07/21 17:01:34 parsed 1 programs
[  329.284680][ T5894] cgroup: Unknown subsys name 'net'
[  329.380722][ T5894] cgroup: Unknown subsys name 'cpuset'
[  329.390438][ T5894] cgroup: Unknown subsys name 'rlimit'
[  331.140864][ T5894] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  334.640820][ T5900] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  336.608279][ T5937] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  336.616463][ T5937] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  336.624338][ T5937] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  336.633092][ T5937] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  336.643701][ T5937] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  337.127517][ T5942] chnl_net:caif_netlink_parms(): no params data found
[  337.206327][ T5942] bridge0: port 1(bridge_slave_0) entered blocking state
[  337.214060][ T5942] bridge0: port 1(bridge_slave_0) entered disabled state
[  337.221746][ T5942] bridge_slave_0: entered allmulticast mode
[  337.229926][ T5942] bridge_slave_0: entered promiscuous mode
[  337.238879][ T5942] bridge0: port 2(bridge_slave_1) entered blocking state
[  337.246425][ T5942] bridge0: port 2(bridge_slave_1) entered disabled state
[  337.253555][ T5942] bridge_slave_1: entered allmulticast mode
[  337.261050][ T5942] bridge_slave_1: entered promiscuous mode
[  337.294300][ T5942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  337.306346][ T5942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  337.341594][ T5942] team0: Port device team_slave_0 added
[  337.350128][ T5942] team0: Port device team_slave_1 added
[  337.380753][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_0
[  337.388288][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  337.414259][ T5942] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  337.427157][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_1
[  337.434117][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  337.460098][ T5942] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  337.505486][ T5942] hsr_slave_0: entered promiscuous mode
[  337.512484][ T5942] hsr_slave_1: entered promiscuous mode
[  337.666208][ T5942] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  337.680029][ T5942] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  337.690970][ T5942] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  337.701602][ T5942] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  337.737643][ T5942] bridge0: port 2(bridge_slave_1) entered blocking state
[  337.744819][ T5942] bridge0: port 2(bridge_slave_1) entered forwarding state
[  337.752721][ T5942] bridge0: port 1(bridge_slave_0) entered blocking state
[  337.759861][ T5942] bridge0: port 1(bridge_slave_0) entered forwarding state
[  337.816480][ T5942] 8021q: adding VLAN 0 to HW filter on device bond0
[  337.832877][ T5916] bridge0: port 1(bridge_slave_0) entered disabled state
[  337.843395][ T5916] bridge0: port 2(bridge_slave_1) entered disabled state
[  337.866752][ T5942] 8021q: adding VLAN 0 to HW filter on device team0
[  337.881849][ T5916] bridge0: port 1(bridge_slave_0) entered blocking state
[  337.889021][ T5916] bridge0: port 1(bridge_slave_0) entered forwarding state
[  337.903948][ T3438] bridge0: port 2(bridge_slave_1) entered blocking state
[  337.911173][ T3438] bridge0: port 2(bridge_slave_1) entered forwarding state
[  338.103388][ T5942] 8021q: adding VLAN 0 to HW filter on device batadv0
[  338.153589][ T5942] veth0_vlan: entered promiscuous mode
[  338.166195][ T5942] veth1_vlan: entered promiscuous mode
[  338.201201][ T5942] veth0_macvtap: entered promiscuous mode
[  338.210709][ T5942] veth1_macvtap: entered promiscuous mode
[  338.231297][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_0
[  338.249407][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_1
[  338.263364][ T5942] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  338.272757][ T5942] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  338.283635][ T5942] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  338.292561][ T5942] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  338.448325][ T3438] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  338.515387][ T3438] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  338.607951][ T3438] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  338.708058][ T3438] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  338.965319][ T5916] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  338.973332][ T5916] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  339.002809][ T5916] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  339.011548][ T5916] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/07/21 17:01:48 executed programs: 0
[  340.119400][ T5168] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  340.129108][ T5168] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  340.138182][ T5168] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  340.146972][ T5168] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  340.155132][ T5168] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  340.325010][ T5994] chnl_net:caif_netlink_parms(): no params data found
[  340.400452][ T5994] bridge0: port 1(bridge_slave_0) entered blocking state
[  340.407831][ T5994] bridge0: port 1(bridge_slave_0) entered disabled state
[  340.415141][ T5994] bridge_slave_0: entered allmulticast mode
[  340.423128][ T5994] bridge_slave_0: entered promiscuous mode
[  340.432743][ T5994] bridge0: port 2(bridge_slave_1) entered blocking state
[  340.440753][ T5994] bridge0: port 2(bridge_slave_1) entered disabled state
[  340.449655][ T5994] bridge_slave_1: entered allmulticast mode
[  340.457480][ T5994] bridge_slave_1: entered promiscuous mode
[  340.493189][ T5994] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  340.507570][ T5994] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  340.544527][ T5994] team0: Port device team_slave_0 added
[  340.552324][ T5994] team0: Port device team_slave_1 added
[  340.581697][ T5994] batman_adv: batadv0: Adding interface: batadv_slave_0
[  340.590472][ T5994] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  340.617340][ T5994] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  340.629687][ T5994] batman_adv: batadv0: Adding interface: batadv_slave_1
[  340.636825][ T5994] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  340.663442][ T5994] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  340.709362][ T5994] hsr_slave_0: entered promiscuous mode
[  340.715667][ T5994] hsr_slave_1: entered promiscuous mode
[  340.722212][ T5994] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  340.730113][ T5994] Cannot create hsr debugfs directory
[  340.990983][ T3438] bridge_slave_1: left allmulticast mode
[  340.997401][ T3438] bridge_slave_1: left promiscuous mode
[  341.003492][ T3438] bridge0: port 2(bridge_slave_1) entered disabled state
[  341.026849][ T3438] bridge_slave_0: left allmulticast mode
[  341.032535][ T3438] bridge_slave_0: left promiscuous mode
[  341.038588][ T3438] bridge0: port 1(bridge_slave_0) entered disabled state
[  341.267931][ T3438] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  341.279497][ T3438] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  341.290167][ T3438] bond0 (unregistering): Released all slaves
[  341.439292][ T3438] hsr_slave_0: left promiscuous mode
[  341.445599][ T3438] hsr_slave_1: left promiscuous mode
[  341.454184][ T3438] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  341.464907][ T3438] batman_adv: batadv0: Removing interface: batadv_slave_0
[  341.481027][ T3438] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  341.493248][ T3438] batman_adv: batadv0: Removing interface: batadv_slave_1
[  341.513723][ T3438] veth1_macvtap: left promiscuous mode
[  341.519656][ T3438] veth0_macvtap: left promiscuous mode
[  341.526423][ T3438] veth1_vlan: left promiscuous mode
[  341.531873][ T3438] veth0_vlan: left promiscuous mode
[  342.177470][ T5168] Bluetooth: hci0: command tx timeout
[  342.189194][ T3438] team0 (unregistering): Port device team_slave_1 removed
[  342.228308][ T3438] team0 (unregistering): Port device team_slave_0 removed
[  342.732506][ T5994] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  342.747600][ T5994] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  342.760548][ T5994] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  342.774042][ T5994] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  343.239957][ T5994] 8021q: adding VLAN 0 to HW filter on device bond0
[  343.266906][ T5994] 8021q: adding VLAN 0 to HW filter on device team0
[  343.288351][ T3535] bridge0: port 1(bridge_slave_0) entered blocking state
[  343.295557][ T3535] bridge0: port 1(bridge_slave_0) entered forwarding state
[  343.312422][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  343.319649][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  343.664215][ T5994] 8021q: adding VLAN 0 to HW filter on device batadv0
[  343.714552][ T5994] veth0_vlan: entered promiscuous mode
[  343.735442][ T5994] veth1_vlan: entered promiscuous mode
[  343.777539][ T5994] veth0_macvtap: entered promiscuous mode
[  343.790183][ T5994] veth1_macvtap: entered promiscuous mode
[  343.813911][ T5994] batman_adv: batadv0: Interface activated: batadv_slave_0
[  343.835460][ T5994] batman_adv: batadv0: Interface activated: batadv_slave_1
[  343.851321][ T5994] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  343.862311][ T5994] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  343.871878][ T5994] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  343.880919][ T5994] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  343.951931][ T6036] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  343.969354][ T6036] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  343.996592][ T3438] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  344.005261][ T3438] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  344.265975][ T5168] Bluetooth: hci0: command tx timeout
2025/07/21 17:01:53 executed programs: 4
[  346.336630][ T5168] Bluetooth: hci0: command tx timeout
[  348.416123][ T5168] Bluetooth: hci0: command tx timeout
2025/07/21 17:01:58 executed programs: 10
2025/07/21 17:02:04 executed programs: 16
2025/07/21 17:02:09 executed programs: 22
2025/07/21 17:02:14 executed programs: 28
[  368.131565][   T36] ==================================================================
[  368.139688][   T36] BUG: KASAN: slab-use-after-free in _raw_spin_lock_bh+0x36/0x50
[  368.147420][   T36] Read of size 1 at addr ffff88806b0db658 by task kworker/u8:2/36
[  368.155237][   T36] 
[  368.157582][   T36] CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted 6.16.0-rc6-syzkaller-g7abc678e3084 #0 PREEMPT(full) 
[  368.157599][   T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  368.157607][   T36] Workqueue: kkcmd kcm_tx_work
[  368.157623][   T36] Call Trace:
[  368.157629][   T36]  <TASK>
[  368.157634][   T36]  dump_stack_lvl+0x189/0x250
[  368.157649][   T36]  ? __virt_addr_valid+0x1c8/0x5c0
[  368.157664][   T36]  ? rcu_is_watching+0x15/0xb0
[  368.157677][   T36]  ? __kasan_check_byte+0x12/0x40
[  368.157693][   T36]  ? __pfx_dump_stack_lvl+0x10/0x10
[  368.157706][   T36]  ? rcu_is_watching+0x15/0xb0
[  368.157721][   T36]  ? lock_release+0x4b/0x3e0
[  368.157734][   T36]  ? __virt_addr_valid+0x1c8/0x5c0
[  368.157748][   T36]  ? __virt_addr_valid+0x4a5/0x5c0
[  368.157762][   T36]  print_report+0xca/0x230
[  368.157773][   T36]  ? _raw_spin_lock_bh+0x36/0x50
[  368.157789][   T36]  kasan_report+0x118/0x150
[  368.157805][   T36]  ? _raw_spin_lock_bh+0x36/0x50
[  368.157823][   T36]  ? __lock_sock+0x156/0x2b0
[  368.157834][   T36]  __kasan_check_byte+0x2a/0x40
[  368.157849][   T36]  lock_acquire+0x8d/0x360
[  368.157861][   T36]  ? schedule+0x91/0x360
[  368.157871][   T36]  ? kthread_data+0x4f/0xc0
[  368.157885][   T36]  ? __lock_sock+0x156/0x2b0
[  368.157895][   T36]  _raw_spin_lock_bh+0x36/0x50
[  368.157911][   T36]  ? __lock_sock+0x156/0x2b0
[  368.157922][   T36]  __lock_sock+0x156/0x2b0
[  368.157933][   T36]  ? __pfx___lock_sock+0x10/0x10
[  368.157943][   T36]  ? do_raw_spin_lock+0x121/0x290
[  368.157958][   T36]  ? __pfx_autoremove_wake_function+0x10/0x10
[  368.157974][   T36]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  368.157991][   T36]  ? lock_sock_nested+0x6a/0x100
[  368.158004][   T36]  lock_sock_nested+0x9f/0x100
[  368.158017][   T36]  kcm_tx_work+0x31/0x180
[  368.158028][   T36]  ? process_scheduled_works+0x9ef/0x17b0
[  368.158042][   T36]  process_scheduled_works+0xae1/0x17b0
[  368.158061][   T36]  ? __pfx_process_scheduled_works+0x10/0x10
[  368.158085][   T36]  worker_thread+0x8a0/0xda0
[  368.158104][   T36]  kthread+0x70e/0x8a0
[  368.158120][   T36]  ? __pfx_worker_thread+0x10/0x10
[  368.158132][   T36]  ? __pfx_kthread+0x10/0x10
[  368.158147][   T36]  ? _raw_spin_unlock_irq+0x23/0x50
[  368.158157][   T36]  ? lockdep_hardirqs_on+0x9c/0x150
[  368.158169][   T36]  ? __pfx_kthread+0x10/0x10
[  368.158183][   T36]  ret_from_fork+0x3fc/0x770
[  368.158196][   T36]  ? __pfx_ret_from_fork+0x10/0x10
[  368.158209][   T36]  ? __switch_to_asm+0x39/0x70
[  368.158223][   T36]  ? __switch_to_asm+0x33/0x70
[  368.158236][   T36]  ? __pfx_kthread+0x10/0x10
[  368.158251][   T36]  ret_from_fork_asm+0x1a/0x30
[  368.158274][   T36]  </TASK>
[  368.158278][   T36] 
[  368.414140][   T36] Allocated by task 6156:
[  368.418481][   T36]  kasan_save_track+0x3e/0x80
[  368.423178][   T36]  __kasan_slab_alloc+0x6c/0x80
[  368.428027][   T36]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  368.433485][   T36]  sk_prot_alloc+0x57/0x220
[  368.437993][   T36]  sk_alloc+0x3a/0x370
[  368.442060][   T36]  kcm_ioctl+0x214/0xff0
[  368.446298][   T36]  sock_do_ioctl+0xd9/0x300
[  368.450794][   T36]  sock_ioctl+0x576/0x790
[  368.455116][   T36]  __se_sys_ioctl+0xf9/0x170
[  368.459702][   T36]  do_syscall_64+0xfa/0x3b0
[  368.464201][   T36]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  368.470088][   T36] 
[  368.472407][   T36] Freed by task 6157:
[  368.476391][   T36]  kasan_save_track+0x3e/0x80
[  368.481103][   T36]  kasan_save_free_info+0x46/0x50
[  368.486129][   T36]  __kasan_slab_free+0x62/0x70
[  368.490889][   T36]  kmem_cache_free+0x18f/0x400
[  368.495652][   T36]  __sk_destruct+0x4d2/0x660
[  368.500257][   T36]  kcm_release+0x528/0x5c0
[  368.504670][   T36]  sock_close+0xc0/0x240
[  368.508906][   T36]  __fput+0x44c/0xa70
[  368.512882][   T36]  fput_close_sync+0x119/0x200
[  368.517640][   T36]  __x64_sys_close+0x7f/0x110
[  368.522344][   T36]  do_syscall_64+0xfa/0x3b0
[  368.526881][   T36]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  368.532791][   T36] 
[  368.535114][   T36] Last potentially related work creation:
[  368.540843][   T36]  kasan_save_stack+0x3e/0x60
[  368.545536][   T36]  kasan_record_aux_stack+0xbd/0xd0
[  368.550729][   T36]  insert_work+0x3d/0x330
[  368.555055][   T36]  __queue_work+0xcfc/0xfe0
[  368.559558][   T36]  queue_work_on+0x181/0x270
[  368.564160][   T36]  kcm_unattach+0x863/0xe90
[  368.568660][   T36]  kcm_ioctl+0x794/0xff0
[  368.572902][   T36]  sock_do_ioctl+0xd9/0x300
[  368.577413][   T36]  sock_ioctl+0x576/0x790
[  368.581736][   T36]  __se_sys_ioctl+0xf9/0x170
[  368.586346][   T36]  do_syscall_64+0xfa/0x3b0
[  368.590857][   T36]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  368.596747][   T36] 
[  368.599090][   T36] Second to last potentially related work creation:
[  368.605666][   T36]  kasan_save_stack+0x3e/0x60
[  368.610350][   T36]  kasan_record_aux_stack+0xbd/0xd0
[  368.615565][   T36]  insert_work+0x3d/0x330
[  368.619889][   T36]  __queue_work+0xcfc/0xfe0
[  368.624386][   T36]  queue_work_on+0x181/0x270
[  368.628991][   T36]  kcm_ioctl+0xe52/0xff0
[  368.633227][   T36]  sock_do_ioctl+0xd9/0x300
[  368.637726][   T36]  sock_ioctl+0x576/0x790
[  368.642075][   T36]  __se_sys_ioctl+0xf9/0x170
[  368.646664][   T36]  do_syscall_64+0xfa/0x3b0
[  368.651207][   T36]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  368.657123][   T36] 
[  368.659456][   T36] The buggy address belongs to the object at ffff88806b0db480
[  368.659456][   T36]  which belongs to the cache KCM of size 1792
[  368.672910][   T36] The buggy address is located 472 bytes inside of
[  368.672910][   T36]  freed 1792-byte region [ffff88806b0db480, ffff88806b0dbb80)
[  368.686801][   T36] 
[  368.689120][   T36] The buggy address belongs to the physical page:
[  368.695524][   T36] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6b0d8
[  368.704278][   T36] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  368.712774][   T36] memcg:ffff8880291d8901
[  368.717016][   T36] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  368.724555][   T36] page_type: f5(slab)
[  368.728533][   T36] raw: 00fff00000000040 ffff88814c554a00 dead000000000122 0000000000000000
[  368.737110][   T36] raw: 0000000000000000 0000000080110011 00000000f5000000 ffff8880291d8901
[  368.745789][   T36] head: 00fff00000000040 ffff88814c554a00 dead000000000122 0000000000000000
[  368.754454][   T36] head: 0000000000000000 0000000080110011 00000000f5000000 ffff8880291d8901
[  368.763219][   T36] head: 00fff00000000003 ffffea0001ac3601 00000000ffffffff 00000000ffffffff
[  368.771892][   T36] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  368.780559][   T36] page dumped because: kasan: bad access detected
[  368.786967][   T36] page_owner tracks the page as allocated
[  368.792671][   T36] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6128, tgid 6126 (syz.0.37), ts 362128751969, free_ts 362069732837
[  368.813853][   T36]  post_alloc_hook+0x240/0x2a0
[  368.818624][   T36]  get_page_from_freelist+0x21e4/0x22c0
[  368.824165][   T36]  __alloc_frozen_pages_noprof+0x181/0x370
[  368.829971][   T36]  alloc_pages_mpol+0x232/0x4a0
[  368.834820][   T36]  allocate_slab+0x8a/0x3b0
[  368.839318][   T36]  ___slab_alloc+0xbfc/0x1480
[  368.844014][   T36]  kmem_cache_alloc_noprof+0x283/0x3c0
[  368.849497][   T36]  sk_prot_alloc+0x57/0x220
[  368.854022][   T36]  sk_alloc+0x3a/0x370
[  368.858109][   T36]  kcm_ioctl+0x214/0xff0
[  368.862361][   T36]  sock_do_ioctl+0xd9/0x300
[  368.866872][   T36]  sock_ioctl+0x576/0x790
[  368.871215][   T36]  __se_sys_ioctl+0xf9/0x170
[  368.875828][   T36]  do_syscall_64+0xfa/0x3b0
[  368.880341][   T36]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  368.886233][   T36] page last free pid 5901 tgid 5901 stack trace:
[  368.892569][   T36]  __free_frozen_pages+0xc71/0xe70
[  368.897681][   T36]  __slab_free+0x326/0x400
[  368.902092][   T36]  qlist_free_all+0x97/0x140
[  368.906736][   T36]  kasan_quarantine_reduce+0x148/0x160
[  368.912220][   T36]  __kasan_slab_alloc+0x22/0x80
[  368.917084][   T36]  __kmalloc_cache_noprof+0x1be/0x3d0
[  368.922483][   T36]  kernfs_fop_open+0x397/0xca0
[  368.927261][   T36]  do_dentry_open+0xdf0/0x1970
[  368.932031][   T36]  vfs_open+0x3b/0x340
[  368.936111][   T36]  path_openat+0x2ee5/0x3830
[  368.940708][   T36]  do_filp_open+0x1fa/0x410
[  368.945225][   T36]  do_sys_openat2+0x121/0x1c0
[  368.949908][   T36]  __x64_sys_openat+0x138/0x170
[  368.954768][   T36]  do_syscall_64+0xfa/0x3b0
[  368.959286][   T36]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  368.965193][   T36] 
[  368.967525][   T36] Memory state around the buggy address:
[  368.973168][   T36]  ffff88806b0db500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  368.981238][   T36]  ffff88806b0db580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  368.989300][   T36] >ffff88806b0db600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  368.997365][   T36]                                                     ^
[  369.004297][   T36]  ffff88806b0db680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  369.012365][   T36]  ffff88806b0db700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  369.020431][   T36] ==================================================================
[  369.028650][   T36] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  369.035869][   T36] CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted 6.16.0-rc6-syzkaller-g7abc678e3084 #0 PREEMPT(full) 
[  369.047334][   T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  369.057397][   T36] Workqueue: kkcmd kcm_tx_work
[  369.062180][   T36] Call Trace:
[  369.065467][   T36]  <TASK>
[  369.068405][   T36]  dump_stack_lvl+0x99/0x250
[  369.073030][   T36]  ? __asan_memcpy+0x40/0x70
[  369.077659][   T36]  ? __pfx_dump_stack_lvl+0x10/0x10
[  369.082870][   T36]  ? __pfx__printk+0x10/0x10
[  369.087489][   T36]  panic+0x2db/0x790
[  369.091424][   T36]  ? lockdep_hardirqs_on+0x9c/0x150
[  369.096666][   T36]  ? __pfx_panic+0x10/0x10
[  369.101094][   T36]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  369.106996][   T36]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  369.112895][   T36]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  369.119241][   T36]  ? _raw_spin_lock_bh+0x36/0x50
[  369.124190][   T36]  check_panic_on_warn+0x89/0xb0
[  369.129141][   T36]  ? _raw_spin_lock_bh+0x36/0x50
[  369.134090][   T36]  end_report+0x78/0x160
[  369.138378][   T36]  kasan_report+0x129/0x150
[  369.142894][   T36]  ? _raw_spin_lock_bh+0x36/0x50
[  369.147847][   T36]  ? __lock_sock+0x156/0x2b0
[  369.152445][   T36]  __kasan_check_byte+0x2a/0x40
[  369.157307][   T36]  lock_acquire+0x8d/0x360
[  369.161735][   T36]  ? schedule+0x91/0x360
[  369.165986][   T36]  ? kthread_data+0x4f/0xc0
[  369.170499][   T36]  ? __lock_sock+0x156/0x2b0
[  369.175100][   T36]  _raw_spin_lock_bh+0x36/0x50
[  369.179879][   T36]  ? __lock_sock+0x156/0x2b0
[  369.184479][   T36]  __lock_sock+0x156/0x2b0
[  369.188903][   T36]  ? __pfx___lock_sock+0x10/0x10
[  369.193848][   T36]  ? do_raw_spin_lock+0x121/0x290
[  369.198884][   T36]  ? __pfx_autoremove_wake_function+0x10/0x10
[  369.204964][   T36]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  369.210377][   T36]  ? lock_sock_nested+0x6a/0x100
[  369.215326][   T36]  lock_sock_nested+0x9f/0x100
[  369.220100][   T36]  kcm_tx_work+0x31/0x180
[  369.224439][   T36]  ? process_scheduled_works+0x9ef/0x17b0
[  369.230168][   T36]  process_scheduled_works+0xae1/0x17b0
[  369.235743][   T36]  ? __pfx_process_scheduled_works+0x10/0x10
[  369.241744][   T36]  worker_thread+0x8a0/0xda0
[  369.246355][   T36]  kthread+0x70e/0x8a0
[  369.250445][   T36]  ? __pfx_worker_thread+0x10/0x10
[  369.255563][   T36]  ? __pfx_kthread+0x10/0x10
[  369.260165][   T36]  ? _raw_spin_unlock_irq+0x23/0x50
[  369.265370][   T36]  ? lockdep_hardirqs_on+0x9c/0x150
[  369.270580][   T36]  ? __pfx_kthread+0x10/0x10
[  369.275188][   T36]  ret_from_fork+0x3fc/0x770
[  369.279792][   T36]  ? __pfx_ret_from_fork+0x10/0x10
[  369.284919][   T36]  ? __switch_to_asm+0x39/0x70
[  369.289693][   T36]  ? __switch_to_asm+0x33/0x70
[  369.294471][   T36]  ? __pfx_kthread+0x10/0x10
[  369.299073][   T36]  ret_from_fork_asm+0x1a/0x30
[  369.303877][   T36]  </TASK>
[  369.307039][   T36] Kernel Offset: disabled
[  369.311364][   T36] Rebooting in 86400 seconds..