[  132.938118][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  132.944672][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
Warning: Permanently added '10.128.1.246' (ED25519) to the list of known hosts.
2025/08/11 12:07:51 ignoring optional flag "sandboxArg"="0"
2025/08/11 12:07:52 parsed 1 programs
[  142.242660][ T6391] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  146.958032][ T6432] chnl_net:caif_netlink_parms(): no params data found
[  147.085637][ T6432] bridge0: port 1(bridge_slave_0) entered blocking state
[  147.093030][ T6432] bridge0: port 1(bridge_slave_0) entered disabled state
[  147.100484][ T6432] bridge_slave_0: entered allmulticast mode
[  147.109233][ T6432] bridge_slave_0: entered promiscuous mode
[  147.118129][ T6432] bridge0: port 2(bridge_slave_1) entered blocking state
[  147.125702][ T6432] bridge0: port 2(bridge_slave_1) entered disabled state
[  147.132900][ T6432] bridge_slave_1: entered allmulticast mode
[  147.141144][ T6432] bridge_slave_1: entered promiscuous mode
[  147.177400][ T6432] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  147.189221][ T6432] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  147.222613][ T6432] team0: Port device team_slave_0 added
[  147.232483][ T6432] team0: Port device team_slave_1 added
[  147.264744][ T6432] batman_adv: batadv0: Adding interface: batadv_slave_0
[  147.271759][ T6432] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  147.298998][ T6432] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  147.312529][ T6432] batman_adv: batadv0: Adding interface: batadv_slave_1
[  147.320726][ T6432] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  147.348314][ T6432] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  147.397136][ T6432] hsr_slave_0: entered promiscuous mode
[  147.403470][ T6432] hsr_slave_1: entered promiscuous mode
[  148.061913][ T6432] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  148.076716][ T6432] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  148.088929][ T6432] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  148.101187][ T6432] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  148.222050][ T6432] 8021q: adding VLAN 0 to HW filter on device bond0
[  148.250032][ T6432] 8021q: adding VLAN 0 to HW filter on device team0
[  148.266984][ T3538] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.274270][ T3538] bridge0: port 1(bridge_slave_0) entered forwarding state
[  148.292368][ T3538] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.299601][ T3538] bridge0: port 2(bridge_slave_1) entered forwarding state
[  148.405806][ T6432] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  148.424946][ T6432] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  148.851651][ T6432] 8021q: adding VLAN 0 to HW filter on device batadv0
[  148.932910][ T6432] veth0_vlan: entered promiscuous mode
[  148.950025][ T6432] veth1_vlan: entered promiscuous mode
[  148.988934][ T6432] veth0_macvtap: entered promiscuous mode
[  149.001021][ T6432] veth1_macvtap: entered promiscuous mode
[  149.033052][ T6432] batman_adv: batadv0: Interface activated: batadv_slave_0
[  149.051775][ T6432] batman_adv: batadv0: Interface activated: batadv_slave_1
[  149.072092][   T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  149.101334][   T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  149.123155][   T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  149.135020][   T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  149.314068][   T36] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.337109][   T36] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  151.335497][  T521] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  151.343371][  T521] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  151.405526][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  151.413405][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  151.440072][   T36] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  151.736264][ T5895] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  151.745429][ T5895] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  151.753347][ T5895] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  151.764119][ T5895] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  151.773221][ T5895] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  151.972818][   T36] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  152.298300][   T36] bridge_slave_1: left allmulticast mode
[  152.304023][   T36] bridge_slave_1: left promiscuous mode
[  152.324861][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  152.340227][   T36] bridge_slave_0: left allmulticast mode
[  152.346120][   T36] bridge_slave_0: left promiscuous mode
[  152.357387][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
2025/08/11 12:08:08 executed programs: 0
[  152.915502][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  152.943993][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  152.957359][   T36] bond0 (unregistering): Released all slaves
[  152.972596][ T5182] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  152.981275][ T5182] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  152.989842][ T5182] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  153.002655][ T5182] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  153.011921][ T5182] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  153.090037][   T36] hsr_slave_0: left promiscuous mode
[  153.099327][   T36] hsr_slave_1: left promiscuous mode
[  153.107156][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  153.114977][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  153.123109][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  153.131809][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  153.153394][   T36] veth1_macvtap: left promiscuous mode
[  153.159401][   T36] veth0_macvtap: left promiscuous mode
[  153.167037][   T36] veth1_vlan: left promiscuous mode
[  153.172478][   T36] veth0_vlan: left promiscuous mode
[  153.635087][   T36] team0 (unregistering): Port device team_slave_1 removed
[  153.671077][   T36] team0 (unregistering): Port device team_slave_0 removed
[  154.327475][ T6593] chnl_net:caif_netlink_parms(): no params data found
[  154.446469][ T6593] bridge0: port 1(bridge_slave_0) entered blocking state
[  154.454461][ T6593] bridge0: port 1(bridge_slave_0) entered disabled state
[  154.461722][ T6593] bridge_slave_0: entered allmulticast mode
[  154.471456][ T6593] bridge_slave_0: entered promiscuous mode
[  154.481388][ T6593] bridge0: port 2(bridge_slave_1) entered blocking state
[  154.488986][ T6593] bridge0: port 2(bridge_slave_1) entered disabled state
[  154.496702][ T6593] bridge_slave_1: entered allmulticast mode
[  154.504878][ T6593] bridge_slave_1: entered promiscuous mode
[  154.567300][ T6593] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  154.582118][ T6593] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  155.070293][ T6593] team0: Port device team_slave_0 added
[  155.081068][ T6593] team0: Port device team_slave_1 added
[  155.094403][ T5182] Bluetooth: hci0: command tx timeout
[  155.201774][ T6593] batman_adv: batadv0: Adding interface: batadv_slave_0
[  155.210988][ T6593] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  155.259361][ T6593] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  155.284087][ T6593] batman_adv: batadv0: Adding interface: batadv_slave_1
[  155.291898][ T6593] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  155.327061][ T6593] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  155.501414][ T6593] hsr_slave_0: entered promiscuous mode
[  155.509283][ T6593] hsr_slave_1: entered promiscuous mode
[  156.183872][ T6593] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  156.198941][ T6593] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  156.210519][ T6593] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  156.229224][ T6593] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  156.359025][ T6593] 8021q: adding VLAN 0 to HW filter on device bond0
[  156.383734][ T6593] 8021q: adding VLAN 0 to HW filter on device team0
[  156.397952][  T521] bridge0: port 1(bridge_slave_0) entered blocking state
[  156.405152][  T521] bridge0: port 1(bridge_slave_0) entered forwarding state
[  156.421232][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  156.428474][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  156.727221][ T6593] 8021q: adding VLAN 0 to HW filter on device batadv0
[  156.792524][ T6593] veth0_vlan: entered promiscuous mode
[  156.810357][ T6593] veth1_vlan: entered promiscuous mode
[  156.856797][ T6593] veth0_macvtap: entered promiscuous mode
[  156.870472][ T6593] veth1_macvtap: entered promiscuous mode
[  156.898643][ T6593] batman_adv: batadv0: Interface activated: batadv_slave_0
[  156.918669][ T6593] batman_adv: batadv0: Interface activated: batadv_slave_1
[  156.932528][  T521] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  156.942452][  T521] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  156.962973][  T521] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  156.972005][  T521] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  157.057899][  T521] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  157.068961][  T521] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  157.110698][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  157.118717][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  157.174339][ T5182] Bluetooth: hci0: command tx timeout
2025/08/11 12:08:13 executed programs: 3
[  159.264910][ T5182] Bluetooth: hci0: command tx timeout
[  159.835644][   T49] ==================================================================
[  159.843784][   T49] BUG: KASAN: slab-use-after-free in _raw_spin_lock_bh+0x36/0x50
[  159.851549][   T49] Read of size 1 at addr ffff888029359858 by task kworker/u8:3/49
[  159.859391][   T49] 
[  159.861747][   T49] CPU: 0 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(full) 
[  159.861769][   T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  159.861782][   T49] Workqueue: kkcmd kcm_tx_work
[  159.861817][   T49] Call Trace:
[  159.861825][   T49]  <TASK>
[  159.861832][   T49]  dump_stack_lvl+0x189/0x250
[  159.861855][   T49]  ? __virt_addr_valid+0x1c8/0x5c0
[  159.861878][   T49]  ? rcu_is_watching+0x15/0xb0
[  159.861895][   T49]  ? __kasan_check_byte+0x12/0x40
[  159.861920][   T49]  ? __pfx_dump_stack_lvl+0x10/0x10
[  159.861940][   T49]  ? rcu_is_watching+0x15/0xb0
[  159.861958][   T49]  ? lock_release+0x4b/0x3e0
[  159.861985][   T49]  ? __virt_addr_valid+0x1c8/0x5c0
[  159.862007][   T49]  ? __virt_addr_valid+0x4a5/0x5c0
[  159.862031][   T49]  print_report+0xca/0x240
[  159.862048][   T49]  ? _raw_spin_lock_bh+0x36/0x50
[  159.862069][   T49]  kasan_report+0x118/0x150
[  159.862095][   T49]  ? _raw_spin_lock_bh+0x36/0x50
[  159.862119][   T49]  ? __lock_sock+0x156/0x2b0
[  159.862137][   T49]  __kasan_check_byte+0x2a/0x40
[  159.862170][   T49]  lock_acquire+0x8d/0x360
[  159.862197][   T49]  ? schedule+0x91/0x360
[  159.862217][   T49]  ? kthread_data+0x4f/0xc0
[  159.862236][   T49]  ? __lock_sock+0x156/0x2b0
[  159.862254][   T49]  _raw_spin_lock_bh+0x36/0x50
[  159.862274][   T49]  ? __lock_sock+0x156/0x2b0
[  159.862293][   T49]  __lock_sock+0x156/0x2b0
[  159.862313][   T49]  ? __pfx___lock_sock+0x10/0x10
[  159.862331][   T49]  ? do_raw_spin_lock+0x121/0x290
[  159.862352][   T49]  ? __pfx_autoremove_wake_function+0x10/0x10
[  159.862375][   T49]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  159.862399][   T49]  ? lock_sock_nested+0x6a/0x100
[  159.862424][   T49]  lock_sock_nested+0x9f/0x100
[  159.862448][   T49]  kcm_tx_work+0x31/0x180
[  159.862467][   T49]  ? process_scheduled_works+0x9ef/0x17b0
[  159.862485][   T49]  process_scheduled_works+0xade/0x17b0
[  159.862515][   T49]  ? __pfx_process_scheduled_works+0x10/0x10
[  159.862539][   T49]  worker_thread+0x8a0/0xda0
[  159.862569][   T49]  kthread+0x70e/0x8a0
[  159.862592][   T49]  ? __pfx_worker_thread+0x10/0x10
[  159.862609][   T49]  ? __pfx_kthread+0x10/0x10
[  159.862631][   T49]  ? _raw_spin_unlock_irq+0x23/0x50
[  159.862652][   T49]  ? lockdep_hardirqs_on+0x9c/0x150
[  159.862675][   T49]  ? __pfx_kthread+0x10/0x10
[  159.862697][   T49]  ret_from_fork+0x3fc/0x770
[  159.862717][   T49]  ? __pfx_ret_from_fork+0x10/0x10
[  159.862737][   T49]  ? __switch_to_asm+0x39/0x70
[  159.862760][   T49]  ? __switch_to_asm+0x33/0x70
[  159.862782][   T49]  ? __pfx_kthread+0x10/0x10
[  159.862804][   T49]  ret_from_fork_asm+0x1a/0x30
[  159.862835][   T49]  </TASK>
[  159.862842][   T49] 
[  160.119882][   T49] Allocated by task 6798:
[  160.124214][   T49]  kasan_save_track+0x3e/0x80
[  160.128904][   T49]  __kasan_slab_alloc+0x6c/0x80
[  160.133766][   T49]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  160.139499][   T49]  sk_prot_alloc+0x57/0x220
[  160.144004][   T49]  sk_alloc+0x3a/0x370
[  160.148074][   T49]  kcm_ioctl+0x214/0xff0
[  160.152410][   T49]  sock_do_ioctl+0xdc/0x300
[  160.157205][   T49]  sock_ioctl+0x576/0x790
[  160.161565][   T49]  __se_sys_ioctl+0xfc/0x170
[  160.166179][   T49]  do_syscall_64+0xfa/0x3b0
[  160.170711][   T49]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.176619][   T49] 
[  160.178951][   T49] Freed by task 6799:
[  160.182934][   T49]  kasan_save_track+0x3e/0x80
[  160.187629][   T49]  kasan_save_free_info+0x46/0x50
[  160.192664][   T49]  __kasan_slab_free+0x5b/0x80
[  160.197441][   T49]  kmem_cache_free+0x18f/0x400
[  160.202223][   T49]  __sk_destruct+0x4d2/0x660
[  160.206824][   T49]  kcm_release+0x528/0x5c0
[  160.211251][   T49]  sock_close+0xc3/0x240
[  160.215509][   T49]  __fput+0x449/0xa70
[  160.219502][   T49]  fput_close_sync+0x119/0x200
[  160.224283][   T49]  __x64_sys_close+0x7f/0x110
[  160.228975][   T49]  do_syscall_64+0xfa/0x3b0
[  160.233506][   T49]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.239408][   T49] 
[  160.241738][   T49] Last potentially related work creation:
[  160.247455][   T49]  kasan_save_stack+0x3e/0x60
[  160.252156][   T49]  kasan_record_aux_stack+0xbd/0xd0
[  160.257372][   T49]  insert_work+0x3d/0x330
[  160.261754][   T49]  __queue_work+0xcd2/0xfb0
[  160.266277][   T49]  queue_work_on+0x181/0x270
[  160.270879][   T49]  kcm_unattach+0x863/0xe90
[  160.275444][   T49]  kcm_ioctl+0x794/0xff0
[  160.279693][   T49]  sock_do_ioctl+0xdc/0x300
[  160.284207][   T49]  sock_ioctl+0x576/0x790
[  160.288540][   T49]  __se_sys_ioctl+0xfc/0x170
[  160.293134][   T49]  do_syscall_64+0xfa/0x3b0
[  160.297649][   T49]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.303546][   T49] 
[  160.305873][   T49] Second to last potentially related work creation:
[  160.312456][   T49]  kasan_save_stack+0x3e/0x60
[  160.317158][   T49]  kasan_record_aux_stack+0xbd/0xd0
[  160.322365][   T49]  insert_work+0x3d/0x330
[  160.326707][   T49]  __queue_work+0xcd2/0xfb0
[  160.331213][   T49]  queue_work_on+0x181/0x270
[  160.335806][   T49]  kcm_ioctl+0xe52/0xff0
[  160.340051][   T49]  sock_do_ioctl+0xdc/0x300
[  160.344564][   T49]  sock_ioctl+0x576/0x790
[  160.348900][   T49]  __se_sys_ioctl+0xfc/0x170
[  160.353500][   T49]  do_syscall_64+0xfa/0x3b0
[  160.358034][   T49]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.363932][   T49] 
[  160.366265][   T49] The buggy address belongs to the object at ffff888029359680
[  160.366265][   T49]  which belongs to the cache KCM of size 1792
[  160.379894][   T49] The buggy address is located 472 bytes inside of
[  160.379894][   T49]  freed 1792-byte region [ffff888029359680, ffff888029359d80)
[  160.393973][   T49] 
[  160.396304][   T49] The buggy address belongs to the physical page:
[  160.402735][   T49] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29358
[  160.411531][   T49] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  160.420033][   T49] memcg:ffff888028f94801
[  160.424275][   T49] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  160.431836][   T49] page_type: f5(slab)
[  160.435823][   T49] raw: 00fff00000000040 ffff88814c84e640 dead000000000122 0000000000000000
[  160.444428][   T49] raw: 0000000000000000 0000000080110011 00000000f5000000 ffff888028f94801
[  160.453017][   T49] head: 00fff00000000040 ffff88814c84e640 dead000000000122 0000000000000000
[  160.461690][   T49] head: 0000000000000000 0000000080110011 00000000f5000000 ffff888028f94801
[  160.470405][   T49] head: 00fff00000000003 ffffea0000a4d601 00000000ffffffff 00000000ffffffff
[  160.479086][   T49] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  160.487757][   T49] page dumped because: kasan: bad access detected
[  160.494181][   T49] page_owner tracks the page as allocated
[  160.499899][   T49] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6697, tgid 6696 (syz.0.16), ts 157171989031, free_ts 157085086897
[  160.521204][   T49]  post_alloc_hook+0x240/0x2a0
[  160.525985][   T49]  get_page_from_freelist+0x21e4/0x22c0
[  160.531796][   T49]  __alloc_frozen_pages_noprof+0x181/0x370
[  160.537607][   T49]  alloc_pages_mpol+0x232/0x4a0
[  160.542467][   T49]  allocate_slab+0x8a/0x370
[  160.546974][   T49]  ___slab_alloc+0xbeb/0x1410
[  160.551681][   T49]  kmem_cache_alloc_noprof+0x283/0x3c0
[  160.557234][   T49]  sk_prot_alloc+0x57/0x220
[  160.561741][   T49]  sk_alloc+0x3a/0x370
[  160.565812][   T49]  kcm_create+0x100/0x580
[  160.570150][   T49]  __sock_create+0x4b0/0x9f0
[  160.574750][   T49]  __sys_socket+0xd7/0x1b0
[  160.579178][   T49]  __x64_sys_socket+0x7a/0x90
[  160.583862][   T49]  do_syscall_64+0xfa/0x3b0
[  160.588376][   T49]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.594280][   T49] page last free pid 1174 tgid 1174 stack trace:
[  160.600606][   T49]  __free_frozen_pages+0xbc4/0xd30
[  160.605736][   T49]  __put_partials+0x156/0x1a0
[  160.610425][   T49]  put_cpu_partial+0x17c/0x250
[  160.615191][   T49]  __slab_free+0x2d5/0x3c0
[  160.619611][   T49]  qlist_free_all+0x97/0x140
[  160.624291][   T49]  kasan_quarantine_reduce+0x148/0x160
[  160.629757][   T49]  __kasan_slab_alloc+0x22/0x80
[  160.634614][   T49]  __kmalloc_cache_noprof+0x1be/0x3d0
[  160.639994][   T49]  nsim_fib_event_work+0x835/0x3180
[  160.645199][   T49]  process_scheduled_works+0xade/0x17b0
[  160.650751][   T49]  worker_thread+0x8a0/0xda0
[  160.655342][   T49]  kthread+0x70e/0x8a0
[  160.659423][   T49]  ret_from_fork+0x3fc/0x770
[  160.664016][   T49]  ret_from_fork_asm+0x1a/0x30
[  160.668794][   T49] 
[  160.671117][   T49] Memory state around the buggy address:
[  160.676748][   T49]  ffff888029359700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  160.684816][   T49]  ffff888029359780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  160.692968][   T49] >ffff888029359800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  160.701034][   T49]                                                     ^
[  160.707975][   T49]  ffff888029359880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  160.716042][   T49]  ffff888029359900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  160.724284][   T49] ==================================================================
[  160.732571][   T49] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  160.739789][   T49] CPU: 0 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(full) 
[  160.751431][   T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  160.761496][   T49] Workqueue: kkcmd kcm_tx_work
[  160.766276][   T49] Call Trace:
[  160.769560][   T49]  <TASK>
[  160.772499][   T49]  dump_stack_lvl+0x99/0x250
[  160.777107][   T49]  ? __asan_memcpy+0x40/0x70
[  160.781712][   T49]  ? __pfx_dump_stack_lvl+0x10/0x10
[  160.786930][   T49]  ? __pfx__printk+0x10/0x10
[  160.791539][   T49]  vpanic+0x281/0x750
[  160.795527][   T49]  ? __pfx_print_hex_dump+0x10/0x10
[  160.800738][   T49]  ? __pfx_vpanic+0x10/0x10
[  160.805258][   T49]  ? irqentry_exit+0x74/0x90
[  160.809880][   T49]  ? lockdep_hardirqs_on+0x9c/0x150
[  160.815200][   T49]  panic+0xb9/0xc0
[  160.818932][   T49]  ? __pfx_panic+0x10/0x10
[  160.823380][   T49]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  160.829304][   T49]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  160.835642][   T49]  ? _raw_spin_lock_bh+0x36/0x50
[  160.840601][   T49]  check_panic_on_warn+0x89/0xb0
[  160.845556][   T49]  ? _raw_spin_lock_bh+0x36/0x50
[  160.850862][   T49]  end_report+0x78/0x160
[  160.855208][   T49]  kasan_report+0x129/0x150
[  160.859741][   T49]  ? _raw_spin_lock_bh+0x36/0x50
[  160.864699][   T49]  ? __lock_sock+0x156/0x2b0
[  160.869298][   T49]  __kasan_check_byte+0x2a/0x40
[  160.874172][   T49]  lock_acquire+0x8d/0x360
[  160.878610][   T49]  ? schedule+0x91/0x360
[  160.882862][   T49]  ? kthread_data+0x4f/0xc0
[  160.887474][   T49]  ? __lock_sock+0x156/0x2b0
[  160.892085][   T49]  _raw_spin_lock_bh+0x36/0x50
[  160.896869][   T49]  ? __lock_sock+0x156/0x2b0
[  160.901814][   T49]  __lock_sock+0x156/0x2b0
[  160.906242][   T49]  ? __pfx___lock_sock+0x10/0x10
[  160.911185][   T49]  ? do_raw_spin_lock+0x121/0x290
[  160.916252][   T49]  ? __pfx_autoremove_wake_function+0x10/0x10
[  160.922390][   T49]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  160.927811][   T49]  ? lock_sock_nested+0x6a/0x100
[  160.932805][   T49]  lock_sock_nested+0x9f/0x100
[  160.937677][   T49]  kcm_tx_work+0x31/0x180
[  160.942025][   T49]  ? process_scheduled_works+0x9ef/0x17b0
[  160.947844][   T49]  process_scheduled_works+0xade/0x17b0
[  160.953412][   T49]  ? __pfx_process_scheduled_works+0x10/0x10
[  160.959405][   T49]  worker_thread+0x8a0/0xda0
[  160.964021][   T49]  kthread+0x70e/0x8a0
[  160.968120][   T49]  ? __pfx_worker_thread+0x10/0x10
[  160.973239][   T49]  ? __pfx_kthread+0x10/0x10
[  160.977843][   T49]  ? _raw_spin_unlock_irq+0x23/0x50
[  160.983228][   T49]  ? lockdep_hardirqs_on+0x9c/0x150
[  160.988457][   T49]  ? __pfx_kthread+0x10/0x10
[  160.993059][   T49]  ret_from_fork+0x3fc/0x770
[  160.997660][   T49]  ? __pfx_ret_from_fork+0x10/0x10
[  161.002778][   T49]  ? __switch_to_asm+0x39/0x70
[  161.007644][   T49]  ? __switch_to_asm+0x33/0x70
[  161.012442][   T49]  ? __pfx_kthread+0x10/0x10
[  161.017042][   T49]  ret_from_fork_asm+0x1a/0x30
[  161.021947][   T49]  </TASK>
[  161.025271][   T49] Kernel Offset: disabled
[  161.029599][   T49] Rebooting in 86400 seconds..