Warning: Permanently added '10.128.1.243' (ED25519) to the list of known hosts.
2025/07/21 03:34:48 ignoring optional flag "sandboxArg"="0"
2025/07/21 03:34:49 parsed 1 programs
[ 323.021642][ T5830] cgroup: Unknown subsys name 'net'
[ 323.190688][ T5830] cgroup: Unknown subsys name 'rlimit'
[ 324.793825][ T5830] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 326.319580][ T5840] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 326.330069][ T5840] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 326.337813][ T5840] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 326.346720][ T5840] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 326.355092][ T5840] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 326.362514][ T5840] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 326.909106][ T4200] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 326.920972][ T4200] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 326.951021][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 326.959719][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 330.027019][ T5907] chnl_net:caif_netlink_parms(): no params data found
[ 330.107104][ T5907] bridge0: port 1(bridge_slave_0) entered blocking state
[ 330.115446][ T5907] bridge0: port 1(bridge_slave_0) entered disabled state
[ 330.122671][ T5907] bridge_slave_0: entered allmulticast mode
[ 330.129691][ T5907] bridge_slave_0: entered promiscuous mode
[ 330.149443][ T5907] bridge0: port 2(bridge_slave_1) entered blocking state
[ 330.157132][ T5907] bridge0: port 2(bridge_slave_1) entered disabled state
[ 330.164374][ T5907] bridge_slave_1: entered allmulticast mode
[ 330.171318][ T5907] bridge_slave_1: entered promiscuous mode
[ 330.215159][ T5907] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 330.226872][ T5907] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 330.274874][ T5907] team0: Port device team_slave_0 added
[ 330.282803][ T5907] team0: Port device team_slave_1 added
[ 330.309769][ T5907] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 330.317075][ T5907] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 330.343037][ T5907] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 330.364384][ T5907] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 330.371331][ T5907] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 330.397550][ T5907] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 330.441304][ T5907] hsr_slave_0: entered promiscuous mode
[ 330.447869][ T5907] hsr_slave_1: entered promiscuous mode
[ 330.621933][ T5907] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 330.633011][ T5907] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 330.645004][ T5907] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 330.655166][ T5907] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 330.754716][ T5907] 8021q: adding VLAN 0 to HW filter on device bond0
[ 330.778824][ T5907] 8021q: adding VLAN 0 to HW filter on device team0
[ 330.799035][ T4200] bridge0: port 1(bridge_slave_0) entered blocking state
[ 330.806619][ T4200] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 330.824129][ T5858] bridge0: port 2(bridge_slave_1) entered blocking state
[ 330.831224][ T5858] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 331.037892][ T5907] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 331.087592][ T5907] veth0_vlan: entered promiscuous mode
[ 331.099440][ T5907] veth1_vlan: entered promiscuous mode
[ 331.131759][ T5907] veth0_macvtap: entered promiscuous mode
[ 331.141016][ T5907] veth1_macvtap: entered promiscuous mode
[ 331.171642][ T5907] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 331.187651][ T5907] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 331.206440][ T5907] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 331.216112][ T5907] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 331.225046][ T5907] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 331.234128][ T5907] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 331.423954][ T1134] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/07/21 03:35:00 executed programs: 0
[ 331.799820][ T5840] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 331.808266][ T5840] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 331.817804][ T5840] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 331.826126][ T5840] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 331.834642][ T5840] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 331.841968][ T5840] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 331.999602][ T5932] chnl_net:caif_netlink_parms(): no params data found
[ 332.069233][ T5932] bridge0: port 1(bridge_slave_0) entered blocking state
[ 332.076717][ T5932] bridge0: port 1(bridge_slave_0) entered disabled state
[ 332.084061][ T5932] bridge_slave_0: entered allmulticast mode
[ 332.090890][ T5932] bridge_slave_0: entered promiscuous mode
[ 332.100883][ T5932] bridge0: port 2(bridge_slave_1) entered blocking state
[ 332.108125][ T5932] bridge0: port 2(bridge_slave_1) entered disabled state
[ 332.115474][ T5932] bridge_slave_1: entered allmulticast mode
[ 332.122231][ T5932] bridge_slave_1: entered promiscuous mode
[ 332.158852][ T5932] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 332.170659][ T5932] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 332.208134][ T5932] team0: Port device team_slave_0 added
[ 332.217085][ T5932] team0: Port device team_slave_1 added
[ 332.246343][ T5932] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 332.253704][ T5932] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 332.280465][ T5932] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 332.294555][ T5932] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 332.301491][ T5932] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 332.327586][ T5932] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 332.380283][ T5932] hsr_slave_0: entered promiscuous mode
[ 332.387707][ T5932] hsr_slave_1: entered promiscuous mode
[ 332.393973][ T5932] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 332.401702][ T5932] Cannot create hsr debugfs directory
[ 333.873314][ T5840] Bluetooth: hci0: command tx timeout
[ 334.344287][ T1134] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 335.953312][ T5840] Bluetooth: hci0: command tx timeout
[ 336.359016][ T1134] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 336.436223][ T1134] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 337.226605][ T1134] hsr_slave_0: left promiscuous mode
[ 337.236859][ T1134] hsr_slave_1: left promiscuous mode
[ 337.286088][ T1134] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 337.302769][ T1134] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 337.315764][ T1134] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 337.327279][ T1134] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 337.360809][ T1134] bridge_slave_1: left allmulticast mode
[ 337.375128][ T1134] bridge_slave_1: left promiscuous mode
[ 337.381728][ T1134] bridge0: port 2(bridge_slave_1) entered disabled state
[ 337.436949][ T1134] bridge_slave_0: left allmulticast mode
[ 337.452727][ T1134] bridge_slave_0: left promiscuous mode
[ 337.458558][ T1134] bridge0: port 1(bridge_slave_0) entered disabled state
[ 337.530737][ T1134] veth1_macvtap: left promiscuous mode
[ 337.536765][ T1134] veth0_macvtap: left promiscuous mode
[ 337.542519][ T1134] veth1_vlan: left promiscuous mode
[ 337.565258][ T1134] veth0_vlan: left promiscuous mode
[ 337.981895][ T1134] team0 (unregistering): Port device team_slave_1 removed
[ 338.010448][ T1134] team0 (unregistering): Port device team_slave_0 removed
[ 338.032736][ T5840] Bluetooth: hci0: command tx timeout
[ 338.042251][ T1134] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 338.076301][ T1134] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 338.330744][ T1134] bond0 (unregistering): Released all slaves
[ 338.455270][ T5932] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 338.466564][ T5932] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 338.483758][ T5932] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 338.497052][ T5932] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 338.587371][ T5932] 8021q: adding VLAN 0 to HW filter on device bond0
[ 338.606293][ T5932] 8021q: adding VLAN 0 to HW filter on device team0
[ 338.625476][ T5967] bridge0: port 1(bridge_slave_0) entered blocking state
[ 338.632681][ T5967] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 338.641707][ T5967] bridge0: port 2(bridge_slave_1) entered blocking state
[ 338.648860][ T5967] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 338.837369][ T5932] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 338.886021][ T5932] veth0_vlan: entered promiscuous mode
[ 338.899894][ T5932] veth1_vlan: entered promiscuous mode
[ 338.928548][ T5932] veth0_macvtap: entered promiscuous mode
[ 338.940664][ T5932] veth1_macvtap: entered promiscuous mode
[ 338.961415][ T5932] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 338.978922][ T5932] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 338.993644][ T5932] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 339.002350][ T5932] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 339.012150][ T5932] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 339.021274][ T5932] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 339.083489][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 339.092196][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/07/21 03:35:08 executed programs: 2
[ 339.124751][ T5967] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 339.133049][ T5967] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 340.123096][ T5840] Bluetooth: hci0: command tx timeout
2025/07/21 03:35:13 executed programs: 8
2025/07/21 03:35:18 executed programs: 14
2025/07/21 03:35:23 executed programs: 20
2025/07/21 03:35:28 executed programs: 26
2025/07/21 03:35:33 executed programs: 32
2025/07/21 03:35:38 executed programs: 38
2025/07/21 03:35:44 executed programs: 44
[ 378.595217][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 378.601867][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
2025/07/21 03:35:49 executed programs: 50
2025/07/21 03:35:54 executed programs: 56
2025/07/21 03:35:59 executed programs: 62
2025/07/21 03:36:04 executed programs: 68
[ 395.697600][ T1134] ==================================================================
[ 395.705704][ T1134] BUG: KASAN: slab-use-after-free in __lock_acquire+0xff/0x7c80
[ 395.713354][ T1134] Read of size 8 at addr ffff88806907b370 by task kworker/u4:6/1134
[ 395.721317][ T1134]
[ 395.723642][ T1134] CPU: 0 PID: 1134 Comm: kworker/u4:6 Not tainted 6.6.99-syzkaller #0
[ 395.731797][ T1134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 395.741857][ T1134] Workqueue: kkcmd kcm_tx_work
[ 395.746650][ T1134] Call Trace:
[ 395.749926][ T1134]
[ 395.752864][ T1134] dump_stack_lvl+0x16c/0x230
[ 395.757550][ T1134] ? __lock_acquire+0x7c80/0x7c80
[ 395.762603][ T1134] ? show_regs_print_info+0x20/0x20
[ 395.767830][ T1134] ? load_image+0x3b0/0x3b0
[ 395.772371][ T1134] ? __virt_addr_valid+0x469/0x540
[ 395.777513][ T1134] print_report+0xac/0x200
[ 395.781944][ T1134] ? __lock_acquire+0xff/0x7c80
[ 395.786802][ T1134] kasan_report+0x117/0x150
[ 395.791313][ T1134] ? __lock_acquire+0xff/0x7c80
[ 395.796167][ T1134] __lock_acquire+0xff/0x7c80
[ 395.800846][ T1134] ? lockdep_hardirqs_on_prepare+0x400/0x760
[ 395.806839][ T1134] ? finish_task_switch+0x265/0x920
[ 395.812039][ T1134] ? lockdep_hardirqs_on+0x98/0x150
[ 395.817251][ T1134] ? finish_task_switch+0x265/0x920
[ 395.822454][ T1134] ? verify_lock_unused+0x140/0x140
[ 395.827664][ T1134] ? __schedule+0x14ea/0x4580
[ 395.832355][ T1134] lock_acquire+0x197/0x410
[ 395.836862][ T1134] ? __lock_sock+0x156/0x2a0
[ 395.841461][ T1134] ? asan.module_dtor+0x20/0x20
[ 395.846328][ T1134] ? __local_bh_disable_ip+0xff/0x190
[ 395.851703][ T1134] ? read_lock_is_recursive+0x20/0x20
[ 395.857080][ T1134] ? kthread_data+0x4f/0xc0
[ 395.861598][ T1134] ? kthread_data+0x4f/0xc0
[ 395.866113][ T1134] ? __lock_sock+0x156/0x2a0
[ 395.870707][ T1134] _raw_spin_lock_bh+0x36/0x50
[ 395.875491][ T1134] ? __lock_sock+0x156/0x2a0
[ 395.880098][ T1134] __lock_sock+0x156/0x2a0
[ 395.884515][ T1134] ? sk_stream_moderate_sndbuf+0x220/0x220
[ 395.890360][ T1134] ? do_raw_spin_lock+0x121/0x2c0
[ 395.895401][ T1134] ? wake_bit_function+0x200/0x200
[ 395.900521][ T1134] ? __rwlock_init+0x150/0x150
[ 395.905290][ T1134] ? lockdep_hardirqs_on_prepare+0x400/0x760
[ 395.911274][ T1134] ? lock_sock_nested+0x6a/0x100
[ 395.916215][ T1134] lock_sock_nested+0x9f/0x100
[ 395.920987][ T1134] kcm_tx_work+0x31/0x180
[ 395.925325][ T1134] ? process_scheduled_works+0x957/0x15b0
[ 395.931049][ T1134] process_scheduled_works+0xa45/0x15b0
[ 395.936612][ T1134] ? assign_work+0x400/0x400
[ 395.941206][ T1134] ? assign_work+0x39e/0x400
[ 395.945798][ T1134] worker_thread+0xa55/0xfc0
[ 395.950403][ T1134] kthread+0x2fa/0x390
[ 395.954483][ T1134] ? pr_cont_work+0x560/0x560
[ 395.959167][ T1134] ? kthread_blkcg+0xd0/0xd0
[ 395.963759][ T1134] ret_from_fork+0x48/0x80
[ 395.968199][ T1134] ? kthread_blkcg+0xd0/0xd0
[ 395.972800][ T1134] ret_from_fork_asm+0x11/0x20
[ 395.977587][ T1134]
[ 395.980613][ T1134]
[ 395.982946][ T1134] Allocated by task 6255:
[ 395.987274][ T1134] kasan_set_track+0x4e/0x70
[ 395.991871][ T1134] __kasan_slab_alloc+0x6c/0x80
[ 395.996729][ T1134] slab_post_alloc_hook+0x6e/0x4d0
[ 396.001852][ T1134] kmem_cache_alloc+0x11e/0x2e0
[ 396.006727][ T1134] sk_prot_alloc+0x57/0x210
[ 396.011237][ T1134] sk_alloc+0x3a/0x360
[ 396.015309][ T1134] kcm_ioctl+0x215/0xff0
[ 396.019558][ T1134] sock_do_ioctl+0xd7/0x2f0
[ 396.024069][ T1134] sock_ioctl+0x623/0x7a0
[ 396.028407][ T1134] __se_sys_ioctl+0xfd/0x170
[ 396.033000][ T1134] do_syscall_64+0x55/0xb0
[ 396.037437][ T1134] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 396.043345][ T1134]
[ 396.045668][ T1134] Freed by task 6256:
[ 396.049640][ T1134] kasan_set_track+0x4e/0x70
[ 396.054229][ T1134] kasan_save_free_info+0x2e/0x50
[ 396.059256][ T1134] ____kasan_slab_free+0x126/0x1e0
[ 396.064363][ T1134] slab_free_freelist_hook+0x130/0x1b0
[ 396.069836][ T1134] kmem_cache_free+0xf8/0x280
[ 396.074520][ T1134] __sk_destruct+0x485/0x620
[ 396.079112][ T1134] kcm_release+0x524/0x5b0
[ 396.083530][ T1134] sock_close+0xbd/0x230
[ 396.087780][ T1134] __fput+0x234/0x970
[ 396.091774][ T1134] __se_sys_close+0x15f/0x220
[ 396.096451][ T1134] do_syscall_64+0x55/0xb0
[ 396.100866][ T1134] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 396.106771][ T1134]
[ 396.109095][ T1134] Last potentially related work creation:
[ 396.114803][ T1134] kasan_save_stack+0x3e/0x60
[ 396.119478][ T1134] __kasan_record_aux_stack+0xaf/0xc0
[ 396.124859][ T1134] insert_work+0x3d/0x310
[ 396.129190][ T1134] __queue_work+0xc39/0x1020
[ 396.133780][ T1134] queue_work_on+0x121/0x1e0
[ 396.138367][ T1134] kcm_unattach+0x861/0xe80
[ 396.142879][ T1134] kcm_ioctl+0x791/0xff0
[ 396.147157][ T1134] sock_do_ioctl+0xd7/0x2f0
[ 396.151667][ T1134] sock_ioctl+0x623/0x7a0
[ 396.156001][ T1134] __se_sys_ioctl+0xfd/0x170
[ 396.160587][ T1134] do_syscall_64+0x55/0xb0
[ 396.165000][ T1134] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 396.170907][ T1134]
[ 396.173225][ T1134] Second to last potentially related work creation:
[ 396.179794][ T1134] kasan_save_stack+0x3e/0x60
[ 396.184467][ T1134] __kasan_record_aux_stack+0xaf/0xc0
[ 396.189833][ T1134] insert_work+0x3d/0x310
[ 396.194156][ T1134] __queue_work+0xc39/0x1020
[ 396.198742][ T1134] queue_work_on+0x121/0x1e0
[ 396.203327][ T1134] kcm_ioctl+0xe4f/0xff0
[ 396.207568][ T1134] sock_do_ioctl+0xd7/0x2f0
[ 396.212082][ T1134] sock_ioctl+0x623/0x7a0
[ 396.216414][ T1134] __se_sys_ioctl+0xfd/0x170
[ 396.221012][ T1134] do_syscall_64+0x55/0xb0
[ 396.225423][ T1134] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 396.231316][ T1134]
[ 396.233651][ T1134] The buggy address belongs to the object at ffff88806907b2c0
[ 396.233651][ T1134] which belongs to the cache KCM of size 1720
[ 396.247108][ T1134] The buggy address is located 176 bytes inside of
[ 396.247108][ T1134] freed 1720-byte region [ffff88806907b2c0, ffff88806907b978)
[ 396.260987][ T1134]
[ 396.263323][ T1134] The buggy address belongs to the physical page:
[ 396.269734][ T1134] page:ffffea0001a41e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x69078
[ 396.279883][ T1134] head:ffffea0001a41e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 396.288811][ T1134] memcg:ffff88802e5d8301
[ 396.293045][ T1134] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 396.301031][ T1134] page_type: 0xffffffff()
[ 396.305362][ T1134] raw: 00fff00000000840 ffff88814c9c1a00 dead000000000122 0000000000000000
[ 396.313941][ T1134] raw: 0000000000000000 0000000080110011 00000001ffffffff ffff88802e5d8301
[ 396.322518][ T1134] page dumped because: kasan: bad access detected
[ 396.328932][ T1134] page_owner tracks the page as allocated
[ 396.334683][ T1134] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 6235, tgid 6233 (syz.0.77), ts 391408494570, free_ts 391334526830
[ 396.357282][ T1134] post_alloc_hook+0x1cd/0x210
[ 396.362055][ T1134] get_page_from_freelist+0x195c/0x19f0
[ 396.367607][ T1134] __alloc_pages+0x1e3/0x460
[ 396.372204][ T1134] alloc_slab_page+0x5d/0x170
[ 396.376883][ T1134] new_slab+0x87/0x2e0
[ 396.380958][ T1134] ___slab_alloc+0xc6d/0x12f0
[ 396.385648][ T1134] kmem_cache_alloc+0x1b7/0x2e0
[ 396.390501][ T1134] sk_prot_alloc+0x57/0x210
[ 396.395006][ T1134] sk_alloc+0x3a/0x360
[ 396.399073][ T1134] kcm_ioctl+0x215/0xff0
[ 396.403314][ T1134] sock_do_ioctl+0xd7/0x2f0
[ 396.407822][ T1134] sock_ioctl+0x623/0x7a0
[ 396.412162][ T1134] __se_sys_ioctl+0xfd/0x170
[ 396.416755][ T1134] do_syscall_64+0x55/0xb0
[ 396.421177][ T1134] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 396.427083][ T1134] page last free stack trace:
[ 396.431752][ T1134] free_unref_page_prepare+0x7ce/0x8e0
[ 396.437225][ T1134] free_unref_page+0x32/0x2e0
[ 396.441910][ T1134] __slab_free+0x35e/0x410
[ 396.446339][ T1134] qlist_free_all+0x75/0xe0
[ 396.450851][ T1134] kasan_quarantine_reduce+0x143/0x160
[ 396.456324][ T1134] __kasan_slab_alloc+0x22/0x80
[ 396.461175][ T1134] slab_post_alloc_hook+0x6e/0x4d0
[ 396.466294][ T1134] kmem_cache_alloc+0x11e/0x2e0
[ 396.471151][ T1134] taskstats_exit+0x155/0x9e0
[ 396.475837][ T1134] do_exit+0x881/0x23c0
[ 396.480005][ T1134] do_group_exit+0x21b/0x2d0
[ 396.484608][ T1134] get_signal+0x12fc/0x1400
[ 396.489125][ T1134] arch_do_signal_or_restart+0x96/0x780
[ 396.494681][ T1134] exit_to_user_mode_loop+0x70/0x110
[ 396.499987][ T1134] exit_to_user_mode_prepare+0xb1/0x140
[ 396.505539][ T1134] syscall_exit_to_user_mode+0x1a/0x50
[ 396.511002][ T1134]
[ 396.513325][ T1134] Memory state around the buggy address:
[ 396.518947][ T1134] ffff88806907b200: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[ 396.527004][ T1134] ffff88806907b280: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 396.535063][ T1134] >ffff88806907b300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 396.543118][ T1134] ^
[ 396.550824][ T1134] ffff88806907b380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 396.558883][ T1134] ffff88806907b400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 396.566938][ T1134] ==================================================================
[ 396.575006][ T1134] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 396.582191][ T1134] CPU: 0 PID: 1134 Comm: kworker/u4:6 Not tainted 6.6.99-syzkaller #0
[ 396.590340][ T1134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 396.600391][ T1134] Workqueue: kkcmd kcm_tx_work
[ 396.605157][ T1134] Call Trace:
[ 396.608434][ T1134]
[ 396.611364][ T1134] dump_stack_lvl+0x16c/0x230
[ 396.616049][ T1134] ? show_regs_print_info+0x20/0x20
[ 396.621246][ T1134] ? load_image+0x3b0/0x3b0
[ 396.625753][ T1134] panic+0x2c0/0x710
[ 396.629650][ T1134] ? bpf_jit_dump+0xd0/0xd0
[ 396.634158][ T1134] ? _raw_spin_unlock_irqrestore+0xae/0x110
[ 396.640052][ T1134] ? _raw_spin_unlock+0x40/0x40
[ 396.644912][ T1134] ? print_memory_metadata+0x314/0x400
[ 396.650370][ T1134] ? __lock_acquire+0xff/0x7c80
[ 396.655218][ T1134] check_panic_on_warn+0x84/0xa0
[ 396.660155][ T1134] ? __lock_acquire+0xff/0x7c80
[ 396.665003][ T1134] end_report+0x6f/0x140
[ 396.669245][ T1134] kasan_report+0x128/0x150
[ 396.673764][ T1134] ? __lock_acquire+0xff/0x7c80
[ 396.678647][ T1134] __lock_acquire+0xff/0x7c80
[ 396.683328][ T1134] ? lockdep_hardirqs_on_prepare+0x400/0x760
[ 396.689312][ T1134] ? finish_task_switch+0x265/0x920
[ 396.694507][ T1134] ? lockdep_hardirqs_on+0x98/0x150
[ 396.699708][ T1134] ? finish_task_switch+0x265/0x920
[ 396.704901][ T1134] ? verify_lock_unused+0x140/0x140
[ 396.710096][ T1134] ? __schedule+0x14ea/0x4580
[ 396.714780][ T1134] lock_acquire+0x197/0x410
[ 396.719279][ T1134] ? __lock_sock+0x156/0x2a0
[ 396.723881][ T1134] ? asan.module_dtor+0x20/0x20
[ 396.728743][ T1134] ? __local_bh_disable_ip+0xff/0x190
[ 396.734111][ T1134] ? read_lock_is_recursive+0x20/0x20
[ 396.739480][ T1134] ? kthread_data+0x4f/0xc0
[ 396.743991][ T1134] ? kthread_data+0x4f/0xc0
[ 396.748499][ T1134] ? __lock_sock+0x156/0x2a0
[ 396.753084][ T1134] _raw_spin_lock_bh+0x36/0x50
[ 396.757853][ T1134] ? __lock_sock+0x156/0x2a0
[ 396.762444][ T1134] __lock_sock+0x156/0x2a0
[ 396.766866][ T1134] ? sk_stream_moderate_sndbuf+0x220/0x220
[ 396.772674][ T1134] ? do_raw_spin_lock+0x121/0x2c0
[ 396.777715][ T1134] ? wake_bit_function+0x200/0x200
[ 396.782890][ T1134] ? __rwlock_init+0x150/0x150
[ 396.787668][ T1134] ? lockdep_hardirqs_on_prepare+0x400/0x760
[ 396.793658][ T1134] ? lock_sock_nested+0x6a/0x100
[ 396.798604][ T1134] lock_sock_nested+0x9f/0x100
[ 396.803369][ T1134] kcm_tx_work+0x31/0x180
[ 396.807711][ T1134] ? process_scheduled_works+0x957/0x15b0
[ 396.813463][ T1134] process_scheduled_works+0xa45/0x15b0
[ 396.819022][ T1134] ? assign_work+0x400/0x400
[ 396.823612][ T1134] ? assign_work+0x39e/0x400
[ 396.828206][ T1134] worker_thread+0xa55/0xfc0
[ 396.832807][ T1134] kthread+0x2fa/0x390
[ 396.836871][ T1134] ? pr_cont_work+0x560/0x560
[ 396.841555][ T1134] ? kthread_blkcg+0xd0/0xd0
[ 396.846146][ T1134] ret_from_fork+0x48/0x80
[ 396.850574][ T1134] ? kthread_blkcg+0xd0/0xd0
[ 396.855166][ T1134] ret_from_fork_asm+0x11/0x20
[ 396.859940][ T1134]
[ 396.863257][ T1134] Kernel Offset: disabled
[ 396.867590][ T1134] Rebooting in 86400 seconds..