Warning: Permanently added '10.128.0.85' (ED25519) to the list of known hosts.
2025/07/20 10:02:04 ignoring optional flag "sandboxArg"="0"
2025/07/20 10:02:06 parsed 1 programs
[ 88.574314][ T5853] cgroup: Unknown subsys name 'net'
[ 88.727232][ T5853] cgroup: Unknown subsys name 'cpuset'
[ 88.736811][ T5853] cgroup: Unknown subsys name 'rlimit'
[ 90.455080][ T5853] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 91.995979][ T9] cfg80211: failed to load regulatory.db
[ 93.958388][ T5869] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 94.768247][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 94.776698][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 94.785170][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 94.795023][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 94.802836][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 96.391200][ T5912] chnl_net:caif_netlink_parms(): no params data found
[ 96.469599][ T5912] bridge0: port 1(bridge_slave_0) entered blocking state
[ 96.477379][ T5912] bridge0: port 1(bridge_slave_0) entered disabled state
[ 96.484777][ T5912] bridge_slave_0: entered allmulticast mode
[ 96.492351][ T5912] bridge_slave_0: entered promiscuous mode
[ 96.502657][ T5912] bridge0: port 2(bridge_slave_1) entered blocking state
[ 96.509971][ T5912] bridge0: port 2(bridge_slave_1) entered disabled state
[ 96.517843][ T5912] bridge_slave_1: entered allmulticast mode
[ 96.525150][ T5912] bridge_slave_1: entered promiscuous mode
[ 96.557400][ T5912] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 96.569308][ T5912] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 96.601923][ T5912] team0: Port device team_slave_0 added
[ 96.610612][ T5912] team0: Port device team_slave_1 added
[ 96.639853][ T5912] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 96.647237][ T5912] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 96.674144][ T5912] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 96.687529][ T5912] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 96.694663][ T5912] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 96.720956][ T5912] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 96.764860][ T5912] hsr_slave_0: entered promiscuous mode
[ 96.771208][ T5912] hsr_slave_1: entered promiscuous mode
[ 96.922256][ T5912] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 96.935169][ T5912] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 96.946574][ T5912] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 96.957364][ T5912] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 96.992128][ T5912] bridge0: port 2(bridge_slave_1) entered blocking state
[ 96.999477][ T5912] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 97.007809][ T5912] bridge0: port 1(bridge_slave_0) entered blocking state
[ 97.014958][ T5912] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 97.078302][ T5912] 8021q: adding VLAN 0 to HW filter on device bond0
[ 97.099816][ T5912] 8021q: adding VLAN 0 to HW filter on device team0
[ 97.110082][ T1157] bridge0: port 1(bridge_slave_0) entered disabled state
[ 97.119657][ T1157] bridge0: port 2(bridge_slave_1) entered disabled state
[ 97.140353][ T1157] bridge0: port 1(bridge_slave_0) entered blocking state
[ 97.147500][ T1157] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 97.162372][ T1152] bridge0: port 2(bridge_slave_1) entered blocking state
[ 97.169560][ T1152] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 97.360295][ T5912] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 97.405413][ T5912] veth0_vlan: entered promiscuous mode
[ 97.418098][ T5912] veth1_vlan: entered promiscuous mode
[ 97.454985][ T5912] veth0_macvtap: entered promiscuous mode
[ 97.466598][ T5912] veth1_macvtap: entered promiscuous mode
[ 97.485747][ T5912] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 97.501231][ T5912] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 97.515393][ T5912] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 97.524229][ T5912] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 97.532931][ T5912] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 97.541745][ T5912] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 97.685484][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 97.781311][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 97.889868][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 97.982111][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 98.640464][ T1157] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 98.655765][ T1157] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 98.685020][ T1152] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 98.693137][ T1152] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/07/20 10:02:19 executed programs: 0
[ 99.190378][ T5170] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 99.198387][ T5170] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 99.207147][ T5170] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 99.215869][ T5170] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 99.224670][ T5170] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 99.406259][ T5957] chnl_net:caif_netlink_parms(): no params data found
[ 99.490023][ T5957] bridge0: port 1(bridge_slave_0) entered blocking state
[ 99.497457][ T5957] bridge0: port 1(bridge_slave_0) entered disabled state
[ 99.505043][ T5957] bridge_slave_0: entered allmulticast mode
[ 99.512160][ T5957] bridge_slave_0: entered promiscuous mode
[ 99.522153][ T5957] bridge0: port 2(bridge_slave_1) entered blocking state
[ 99.529482][ T5957] bridge0: port 2(bridge_slave_1) entered disabled state
[ 99.536779][ T5957] bridge_slave_1: entered allmulticast mode
[ 99.544454][ T5957] bridge_slave_1: entered promiscuous mode
[ 99.577634][ T5957] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 99.589493][ T5957] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 99.627440][ T5957] team0: Port device team_slave_0 added
[ 99.635475][ T5957] team0: Port device team_slave_1 added
[ 99.667455][ T5957] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 99.674741][ T5957] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 99.701601][ T5957] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 99.714218][ T5957] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 99.721186][ T5957] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 99.747159][ T5957] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 99.795755][ T5957] hsr_slave_0: entered promiscuous mode
[ 99.802077][ T5957] hsr_slave_1: entered promiscuous mode
[ 99.809353][ T5957] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 99.817286][ T5957] Cannot create hsr debugfs directory
[ 100.686122][ T12] bridge_slave_1: left allmulticast mode
[ 100.692077][ T12] bridge_slave_1: left promiscuous mode
[ 100.701559][ T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 100.717592][ T12] bridge_slave_0: left allmulticast mode
[ 100.723514][ T12] bridge_slave_0: left promiscuous mode
[ 100.729895][ T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 101.120345][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 101.137112][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 101.161226][ T12] bond0 (unregistering): Released all slaves
[ 101.274174][ T5170] Bluetooth: hci0: command tx timeout
[ 101.320667][ T12] hsr_slave_0: left promiscuous mode
[ 101.327129][ T12] hsr_slave_1: left promiscuous mode
[ 101.332992][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 101.342068][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 101.350727][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 101.360802][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 101.377053][ T12] veth1_macvtap: left promiscuous mode
[ 101.383018][ T12] veth0_macvtap: left promiscuous mode
[ 101.388915][ T12] veth1_vlan: left promiscuous mode
[ 101.394413][ T12] veth0_vlan: left promiscuous mode
[ 101.718644][ T12] team0 (unregistering): Port device team_slave_1 removed
[ 101.750169][ T12] team0 (unregistering): Port device team_slave_0 removed
[ 102.371954][ T5957] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 102.385625][ T5957] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 102.396455][ T5957] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 102.417894][ T5957] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 102.562709][ T5957] 8021q: adding VLAN 0 to HW filter on device bond0
[ 102.596993][ T5957] 8021q: adding VLAN 0 to HW filter on device team0
[ 102.910821][ T1152] bridge0: port 1(bridge_slave_0) entered blocking state
[ 102.918263][ T1152] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 102.936090][ T3540] bridge0: port 2(bridge_slave_1) entered blocking state
[ 102.943333][ T3540] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 103.354258][ T5170] Bluetooth: hci0: command tx timeout
[ 103.551449][ T5957] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 103.628011][ T5957] veth0_vlan: entered promiscuous mode
[ 103.648472][ T5957] veth1_vlan: entered promiscuous mode
[ 103.696104][ T5957] veth0_macvtap: entered promiscuous mode
[ 103.708356][ T5957] veth1_macvtap: entered promiscuous mode
[ 103.743005][ T5957] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 103.764525][ T5957] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 103.782339][ T5957] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.795011][ T5957] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.804976][ T5957] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.815940][ T5957] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.908879][ T1166] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 103.920940][ T1166] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 103.957720][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 103.965783][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/07/20 10:02:25 executed programs: 3
[ 105.434060][ T5170] Bluetooth: hci0: command tx timeout
[ 107.514202][ T5170] Bluetooth: hci0: command tx timeout
2025/07/20 10:02:30 executed programs: 9
2025/07/20 10:02:35 executed programs: 15
2025/07/20 10:02:40 executed programs: 21
2025/07/20 10:02:45 executed programs: 27
2025/07/20 10:02:51 executed programs: 33
[ 132.957636][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[ 132.964498][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[ 134.967123][ T12] ==================================================================
[ 134.975254][ T12] BUG: KASAN: slab-use-after-free in _raw_spin_lock_bh+0x36/0x50
[ 134.983022][ T12] Read of size 1 at addr ffff88802dbe9fd8 by task kworker/u8:0/12
[ 134.990832][ T12]
[ 134.993181][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.16.0-rc6-syzkaller-g7abc678e3084 #0 PREEMPT(full)
[ 134.993197][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 134.993207][ T12] Workqueue: kkcmd kcm_tx_work
[ 134.993225][ T12] Call Trace:
[ 134.993231][ T12]
[ 134.993237][ T12] dump_stack_lvl+0x189/0x250
[ 134.993259][ T12] ? __virt_addr_valid+0x1c8/0x5c0
[ 134.993283][ T12] ? rcu_is_watching+0x15/0xb0
[ 134.993304][ T12] ? __kasan_check_byte+0x12/0x40
[ 134.993331][ T12] ? __pfx_dump_stack_lvl+0x10/0x10
[ 134.993352][ T12] ? rcu_is_watching+0x15/0xb0
[ 134.993374][ T12] ? lock_release+0x4b/0x3e0
[ 134.993387][ T12] ? __virt_addr_valid+0x1c8/0x5c0
[ 134.993401][ T12] ? __virt_addr_valid+0x4a5/0x5c0
[ 134.993415][ T12] print_report+0xca/0x230
[ 134.993426][ T12] ? _raw_spin_lock_bh+0x36/0x50
[ 134.993444][ T12] kasan_report+0x118/0x150
[ 134.993460][ T12] ? _raw_spin_lock_bh+0x36/0x50
[ 134.993478][ T12] ? __lock_sock+0x156/0x2b0
[ 134.993489][ T12] __kasan_check_byte+0x2a/0x40
[ 134.993504][ T12] lock_acquire+0x8d/0x360
[ 134.993516][ T12] ? schedule+0x91/0x360
[ 134.993526][ T12] ? kthread_data+0x4f/0xc0
[ 134.993539][ T12] ? __lock_sock+0x156/0x2b0
[ 134.993550][ T12] _raw_spin_lock_bh+0x36/0x50
[ 134.993566][ T12] ? __lock_sock+0x156/0x2b0
[ 134.993576][ T12] __lock_sock+0x156/0x2b0
[ 134.993588][ T12] ? __pfx___lock_sock+0x10/0x10
[ 134.993598][ T12] ? do_raw_spin_lock+0x121/0x290
[ 134.993613][ T12] ? __pfx_autoremove_wake_function+0x10/0x10
[ 134.993629][ T12] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 134.993646][ T12] ? lock_sock_nested+0x6a/0x100
[ 134.993659][ T12] lock_sock_nested+0x9f/0x100
[ 134.993672][ T12] kcm_tx_work+0x31/0x180
[ 134.993684][ T12] ? process_scheduled_works+0x9ef/0x17b0
[ 134.993698][ T12] process_scheduled_works+0xae1/0x17b0
[ 134.993717][ T12] ? __pfx_process_scheduled_works+0x10/0x10
[ 134.993734][ T12] worker_thread+0x8a0/0xda0
[ 134.993753][ T12] kthread+0x70e/0x8a0
[ 134.993768][ T12] ? __pfx_worker_thread+0x10/0x10
[ 134.993781][ T12] ? __pfx_kthread+0x10/0x10
[ 134.993796][ T12] ? _raw_spin_unlock_irq+0x23/0x50
[ 134.993806][ T12] ? lockdep_hardirqs_on+0x9c/0x150
[ 134.993817][ T12] ? __pfx_kthread+0x10/0x10
[ 134.993831][ T12] ret_from_fork+0x3fc/0x770
[ 134.993844][ T12] ? __pfx_ret_from_fork+0x10/0x10
[ 134.993857][ T12] ? __switch_to_asm+0x39/0x70
[ 134.993871][ T12] ? __switch_to_asm+0x33/0x70
[ 134.993884][ T12] ? __pfx_kthread+0x10/0x10
[ 134.993899][ T12] ret_from_fork_asm+0x1a/0x30
[ 134.993947][ T12]
[ 134.993952][ T12]
[ 135.250162][ T12] Allocated by task 6170:
[ 135.254486][ T12] kasan_save_track+0x3e/0x80
[ 135.259165][ T12] __kasan_slab_alloc+0x6c/0x80
[ 135.264031][ T12] kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 135.269526][ T12] sk_prot_alloc+0x57/0x220
[ 135.274307][ T12] sk_alloc+0x3a/0x370
[ 135.278557][ T12] kcm_ioctl+0x214/0xff0
[ 135.282806][ T12] sock_do_ioctl+0xd9/0x300
[ 135.287412][ T12] sock_ioctl+0x576/0x790
[ 135.291744][ T12] __se_sys_ioctl+0xf9/0x170
[ 135.296438][ T12] do_syscall_64+0xfa/0x3b0
[ 135.300945][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 135.306835][ T12]
[ 135.309173][ T12] Freed by task 6171:
[ 135.313339][ T12] kasan_save_track+0x3e/0x80
[ 135.318038][ T12] kasan_save_free_info+0x46/0x50
[ 135.323095][ T12] __kasan_slab_free+0x62/0x70
[ 135.327891][ T12] kmem_cache_free+0x18f/0x400
[ 135.332830][ T12] __sk_destruct+0x4d2/0x660
[ 135.337561][ T12] kcm_release+0x528/0x5c0
[ 135.342019][ T12] sock_close+0xc0/0x240
[ 135.346448][ T12] __fput+0x44c/0xa70
[ 135.350437][ T12] fput_close_sync+0x119/0x200
[ 135.355203][ T12] __x64_sys_close+0x7f/0x110
[ 135.359893][ T12] do_syscall_64+0xfa/0x3b0
[ 135.364407][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 135.370401][ T12]
[ 135.372733][ T12] Last potentially related work creation:
[ 135.378442][ T12] kasan_save_stack+0x3e/0x60
[ 135.383142][ T12] kasan_record_aux_stack+0xbd/0xd0
[ 135.388337][ T12] insert_work+0x3d/0x330
[ 135.392664][ T12] __queue_work+0xcfc/0xfe0
[ 135.397166][ T12] queue_work_on+0x181/0x270
[ 135.401766][ T12] kcm_unattach+0x863/0xe90
[ 135.406265][ T12] kcm_ioctl+0x794/0xff0
[ 135.410601][ T12] sock_do_ioctl+0xd9/0x300
[ 135.415112][ T12] sock_ioctl+0x576/0x790
[ 135.419454][ T12] __se_sys_ioctl+0xf9/0x170
[ 135.424062][ T12] do_syscall_64+0xfa/0x3b0
[ 135.428588][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 135.434570][ T12]
[ 135.436901][ T12] Second to last potentially related work creation:
[ 135.443502][ T12] kasan_save_stack+0x3e/0x60
[ 135.448204][ T12] kasan_record_aux_stack+0xbd/0xd0
[ 135.453417][ T12] insert_work+0x3d/0x330
[ 135.457761][ T12] __queue_work+0xcfc/0xfe0
[ 135.462275][ T12] queue_work_on+0x181/0x270
[ 135.466929][ T12] kcm_ioctl+0xe52/0xff0
[ 135.471186][ T12] sock_do_ioctl+0xd9/0x300
[ 135.475714][ T12] sock_ioctl+0x576/0x790
[ 135.480072][ T12] __se_sys_ioctl+0xf9/0x170
[ 135.484692][ T12] do_syscall_64+0xfa/0x3b0
[ 135.489207][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 135.495121][ T12]
[ 135.497459][ T12] The buggy address belongs to the object at ffff88802dbe9e00
[ 135.497459][ T12] which belongs to the cache KCM of size 1792
[ 135.510925][ T12] The buggy address is located 472 bytes inside of
[ 135.510925][ T12] freed 1792-byte region [ffff88802dbe9e00, ffff88802dbea500)
[ 135.524834][ T12]
[ 135.527257][ T12] The buggy address belongs to the physical page:
[ 135.533662][ T12] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2dbe8
[ 135.542434][ T12] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 135.550934][ T12] memcg:ffff8880319b1601
[ 135.555177][ T12] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 135.562721][ T12] page_type: f5(slab)
[ 135.566700][ T12] raw: 00fff00000000040 ffff88802f257500 dead000000000122 0000000000000000
[ 135.575296][ T12] raw: 0000000000000000 0000000080110011 00000000f5000000 ffff8880319b1601
[ 135.583877][ T12] head: 00fff00000000040 ffff88802f257500 dead000000000122 0000000000000000
[ 135.592549][ T12] head: 0000000000000000 0000000080110011 00000000f5000000 ffff8880319b1601
[ 135.601240][ T12] head: 00fff00000000003 ffffea0000b6fa01 00000000ffffffff 00000000ffffffff
[ 135.609906][ T12] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 135.618566][ T12] page dumped because: kasan: bad access detected
[ 135.625339][ T12] page_owner tracks the page as allocated
[ 135.631049][ T12] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6154, tgid 6152 (syz.0.48), ts 131539170493, free_ts 101920582762
[ 135.652240][ T12] post_alloc_hook+0x240/0x2a0
[ 135.657035][ T12] get_page_from_freelist+0x21e4/0x22c0
[ 135.662613][ T12] __alloc_frozen_pages_noprof+0x181/0x370
[ 135.668725][ T12] alloc_pages_mpol+0x232/0x4a0
[ 135.673624][ T12] allocate_slab+0x8a/0x3b0
[ 135.678186][ T12] ___slab_alloc+0xbfc/0x1480
[ 135.682880][ T12] kmem_cache_alloc_noprof+0x283/0x3c0
[ 135.688359][ T12] sk_prot_alloc+0x57/0x220
[ 135.692865][ T12] sk_alloc+0x3a/0x370
[ 135.696938][ T12] kcm_ioctl+0x214/0xff0
[ 135.701179][ T12] sock_do_ioctl+0xd9/0x300
[ 135.705681][ T12] sock_ioctl+0x576/0x790
[ 135.710024][ T12] __se_sys_ioctl+0xf9/0x170
[ 135.714641][ T12] do_syscall_64+0xfa/0x3b0
[ 135.719240][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 135.725152][ T12] page last free pid 3540 tgid 3540 stack trace:
[ 135.731492][ T12] __free_frozen_pages+0xc71/0xe70
[ 135.736625][ T12] __slab_free+0x326/0x400
[ 135.741068][ T12] qlist_free_all+0x97/0x140
[ 135.745686][ T12] kasan_quarantine_reduce+0x148/0x160
[ 135.751254][ T12] __kasan_slab_alloc+0x22/0x80
[ 135.756142][ T12] __kmalloc_noprof+0x224/0x4f0
[ 135.761009][ T12] ext4_find_extent+0x207/0xcc0
[ 135.765886][ T12] ext4_ext_map_blocks+0x288/0x6ac0
[ 135.771223][ T12] ext4_map_blocks+0x931/0x18d0
[ 135.776101][ T12] ext4_convert_unwritten_extents+0x2ae/0x5d0
[ 135.782189][ T12] ext4_convert_unwritten_io_end_vec+0xff/0x170
[ 135.788528][ T12] ext4_end_io_end+0xc7/0x410
[ 135.793221][ T12] ext4_end_io_rsv_work+0x262/0x330
[ 135.798432][ T12] process_scheduled_works+0xae1/0x17b0
[ 135.804033][ T12] worker_thread+0x8a0/0xda0
[ 135.808735][ T12] kthread+0x70e/0x8a0
[ 135.812823][ T12]
[ 135.815163][ T12] Memory state around the buggy address:
[ 135.820898][ T12] ffff88802dbe9e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 135.829069][ T12] ffff88802dbe9f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 135.837141][ T12] >ffff88802dbe9f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 135.845234][ T12] ^
[ 135.852255][ T12] ffff88802dbea000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 135.860319][ T12] ffff88802dbea080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 135.868396][ T12] ==================================================================
[ 135.876699][ T12] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 135.883920][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.16.0-rc6-syzkaller-g7abc678e3084 #0 PREEMPT(full)
[ 135.895387][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 135.905449][ T12] Workqueue: kkcmd kcm_tx_work
[ 135.910242][ T12] Call Trace:
[ 135.913530][ T12]
[ 135.916472][ T12] dump_stack_lvl+0x99/0x250
[ 135.921082][ T12] ? __asan_memcpy+0x40/0x70
[ 135.925684][ T12] ? __pfx_dump_stack_lvl+0x10/0x10
[ 135.930897][ T12] ? __pfx__printk+0x10/0x10
[ 135.935505][ T12] panic+0x2db/0x790
[ 135.939407][ T12] ? lockdep_hardirqs_on+0x9c/0x150
[ 135.944614][ T12] ? __pfx_panic+0x10/0x10
[ 135.949040][ T12] ? _raw_spin_unlock_irqrestore+0xa8/0x110
[ 135.954940][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 135.960838][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 135.967275][ T12] ? _raw_spin_lock_bh+0x36/0x50
[ 135.972233][ T12] check_panic_on_warn+0x89/0xb0
[ 135.977188][ T12] ? _raw_spin_lock_bh+0x36/0x50
[ 135.982146][ T12] end_report+0x78/0x160
[ 135.986402][ T12] kasan_report+0x129/0x150
[ 135.991009][ T12] ? _raw_spin_lock_bh+0x36/0x50
[ 135.996136][ T12] ? __lock_sock+0x156/0x2b0
[ 136.000731][ T12] __kasan_check_byte+0x2a/0x40
[ 136.005595][ T12] lock_acquire+0x8d/0x360
[ 136.010023][ T12] ? schedule+0x91/0x360
[ 136.014282][ T12] ? kthread_data+0x4f/0xc0
[ 136.018797][ T12] ? __lock_sock+0x156/0x2b0
[ 136.023396][ T12] _raw_spin_lock_bh+0x36/0x50
[ 136.028176][ T12] ? __lock_sock+0x156/0x2b0
[ 136.032814][ T12] __lock_sock+0x156/0x2b0
[ 136.037247][ T12] ? __pfx___lock_sock+0x10/0x10
[ 136.042189][ T12] ? do_raw_spin_lock+0x121/0x290
[ 136.047227][ T12] ? __pfx_autoremove_wake_function+0x10/0x10
[ 136.053306][ T12] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 136.058691][ T12] ? lock_sock_nested+0x6a/0x100
[ 136.063644][ T12] lock_sock_nested+0x9f/0x100
[ 136.068429][ T12] kcm_tx_work+0x31/0x180
[ 136.072769][ T12] ? process_scheduled_works+0x9ef/0x17b0
[ 136.078501][ T12] process_scheduled_works+0xae1/0x17b0
[ 136.084064][ T12] ? __pfx_process_scheduled_works+0x10/0x10
[ 136.090070][ T12] worker_thread+0x8a0/0xda0
[ 136.094725][ T12] kthread+0x70e/0x8a0
[ 136.098814][ T12] ? __pfx_worker_thread+0x10/0x10
[ 136.103945][ T12] ? __pfx_kthread+0x10/0x10
[ 136.108555][ T12] ? _raw_spin_unlock_irq+0x23/0x50
[ 136.113760][ T12] ? lockdep_hardirqs_on+0x9c/0x150
[ 136.119052][ T12] ? __pfx_kthread+0x10/0x10
[ 136.123664][ T12] ret_from_fork+0x3fc/0x770
[ 136.128266][ T12] ? __pfx_ret_from_fork+0x10/0x10
[ 136.133387][ T12] ? __switch_to_asm+0x39/0x70
[ 136.138162][ T12] ? __switch_to_asm+0x33/0x70
[ 136.142936][ T12] ? __pfx_kthread+0x10/0x10
[ 136.147539][ T12] ret_from_fork_asm+0x1a/0x30
[ 136.152322][ T12]
[ 136.155635][ T12] Kernel Offset: disabled
[ 136.159957][ T12] Rebooting in 86400 seconds..