Warning: Permanently added '10.128.1.50' (ED25519) to the list of known hosts.
2025/08/07 15:55:10 ignoring optional flag "sandboxArg"="0"
2025/08/07 15:55:11 parsed 1 programs
[  124.155800][ T6350] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  128.382136][ T6394] chnl_net:caif_netlink_parms(): no params data found
[  128.466939][ T6394] bridge0: port 1(bridge_slave_0) entered blocking state
[  128.474370][ T6394] bridge0: port 1(bridge_slave_0) entered disabled state
[  128.481528][ T6394] bridge_slave_0: entered allmulticast mode
[  128.488722][ T6394] bridge_slave_0: entered promiscuous mode
[  128.498059][ T6394] bridge0: port 2(bridge_slave_1) entered blocking state
[  128.505298][ T6394] bridge0: port 2(bridge_slave_1) entered disabled state
[  128.512428][ T6394] bridge_slave_1: entered allmulticast mode
[  128.519953][ T6394] bridge_slave_1: entered promiscuous mode
[  128.551822][ T6394] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  128.565246][ T6394] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  128.600161][ T6394] team0: Port device team_slave_0 added
[  128.607843][ T6394] team0: Port device team_slave_1 added
[  128.631978][ T6394] batman_adv: batadv0: Adding interface: batadv_slave_0
[  128.639588][ T6394] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  128.667087][ T6394] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  128.679924][ T6394] batman_adv: batadv0: Adding interface: batadv_slave_1
[  128.687110][ T6394] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  128.713126][ T6394] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  128.751916][ T6394] hsr_slave_0: entered promiscuous mode
[  128.758458][ T6394] hsr_slave_1: entered promiscuous mode
[  129.395116][ T6394] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  129.410414][ T6394] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  129.422960][ T6394] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  129.439329][ T6394] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  129.549040][ T6394] 8021q: adding VLAN 0 to HW filter on device bond0
[  129.576864][ T6394] 8021q: adding VLAN 0 to HW filter on device team0
[  129.592665][ T4090] bridge0: port 1(bridge_slave_0) entered blocking state
[  129.600402][ T4090] bridge0: port 1(bridge_slave_0) entered forwarding state
[  129.626197][ T4090] bridge0: port 2(bridge_slave_1) entered blocking state
[  129.633925][ T4090] bridge0: port 2(bridge_slave_1) entered forwarding state
[  129.909594][ T6394] 8021q: adding VLAN 0 to HW filter on device batadv0
[  129.969219][ T6394] veth0_vlan: entered promiscuous mode
[  129.983406][ T6394] veth1_vlan: entered promiscuous mode
[  130.028879][ T6394] veth0_macvtap: entered promiscuous mode
[  130.040469][ T6394] veth1_macvtap: entered promiscuous mode
[  130.068053][ T6394] batman_adv: batadv0: Interface activated: batadv_slave_0
[  130.088293][ T6394] batman_adv: batadv0: Interface activated: batadv_slave_1
[  130.108991][ T4090] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  130.135664][ T4090] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  130.158004][ T4090] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  130.178411][ T4090] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  130.348061][   T36] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.463100][   T36] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.594279][   T36] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.675749][   T36] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.640956][ T5881] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  131.649567][ T5881] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  131.657874][ T5881] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  131.666542][ T5881] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  131.674416][ T5881] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  132.091236][ T1148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  132.109223][ T1148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  132.146520][ T4090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  132.155717][ T4090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/08/07 15:55:24 executed programs: 0
[  132.874523][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  132.881009][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  132.944726][ T5182] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  132.953352][ T5182] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  132.968859][ T5182] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  132.978171][ T5182] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  132.985920][ T5182] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  133.120757][   T36] bridge_slave_1: left allmulticast mode
[  133.126982][   T36] bridge_slave_1: left promiscuous mode
[  133.132781][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.148773][   T36] bridge_slave_0: left allmulticast mode
[  133.155753][   T36] bridge_slave_0: left promiscuous mode
[  133.161745][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  133.484950][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  133.495665][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  133.505640][   T36] bond0 (unregistering): Released all slaves
[  133.660753][   T36] hsr_slave_0: left promiscuous mode
[  133.671584][   T36] hsr_slave_1: left promiscuous mode
[  133.678156][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  133.686636][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  133.697208][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  133.705516][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  133.726965][   T36] veth1_macvtap: left promiscuous mode
[  133.732588][   T36] veth0_macvtap: left promiscuous mode
[  133.739184][   T36] veth1_vlan: left promiscuous mode
[  133.745653][   T36] veth0_vlan: left promiscuous mode
[  134.247035][   T36] team0 (unregistering): Port device team_slave_1 removed
[  134.289962][   T36] team0 (unregistering): Port device team_slave_0 removed
[  134.800187][ T6538] chnl_net:caif_netlink_parms(): no params data found
[  134.968886][ T6538] bridge0: port 1(bridge_slave_0) entered blocking state
[  134.977342][ T6538] bridge0: port 1(bridge_slave_0) entered disabled state
[  134.984968][ T6538] bridge_slave_0: entered allmulticast mode
[  134.992750][ T6538] bridge_slave_0: entered promiscuous mode
[  135.016720][ T6538] bridge0: port 2(bridge_slave_1) entered blocking state
[  135.026445][ T6538] bridge0: port 2(bridge_slave_1) entered disabled state
[  135.033736][ T6538] bridge_slave_1: entered allmulticast mode
[  135.037171][ T5881] Bluetooth: hci0: command tx timeout
[  135.042671][ T6538] bridge_slave_1: entered promiscuous mode
[  135.211747][ T6538] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  135.232427][ T6538] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  135.350350][ T6538] team0: Port device team_slave_0 added
[  135.419149][ T6538] team0: Port device team_slave_1 added
[  135.531889][ T6538] batman_adv: batadv0: Adding interface: batadv_slave_0
[  135.538980][ T6538] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  135.570089][ T6538] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  135.592509][ T6538] batman_adv: batadv0: Adding interface: batadv_slave_1
[  135.610465][ T6538] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  135.638633][ T6538] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  135.739988][ T6538] hsr_slave_0: entered promiscuous mode
[  135.754827][ T6538] hsr_slave_1: entered promiscuous mode
[  136.352549][ T6538] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  136.365654][ T6538] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  136.380324][ T6538] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  136.392226][ T6538] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  136.518501][ T6538] 8021q: adding VLAN 0 to HW filter on device bond0
[  136.550667][ T6538] 8021q: adding VLAN 0 to HW filter on device team0
[  136.565317][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  136.572471][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  136.590455][ T4090] bridge0: port 2(bridge_slave_1) entered blocking state
[  136.597723][ T4090] bridge0: port 2(bridge_slave_1) entered forwarding state
[  136.859663][ T6538] 8021q: adding VLAN 0 to HW filter on device batadv0
[  136.919971][ T6538] veth0_vlan: entered promiscuous mode
[  136.938430][ T6538] veth1_vlan: entered promiscuous mode
[  136.986746][ T6538] veth0_macvtap: entered promiscuous mode
[  137.000361][ T6538] veth1_macvtap: entered promiscuous mode
[  137.029875][ T6538] batman_adv: batadv0: Interface activated: batadv_slave_0
[  137.042124][ T6538] batman_adv: batadv0: Interface activated: batadv_slave_1
[  137.086007][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  137.107164][ T5881] Bluetooth: hci0: command tx timeout
[  137.107248][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  137.128994][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  137.147215][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  137.288479][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  137.308488][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  137.355668][ T1148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  137.366332][ T1148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/08/07 15:55:29 executed programs: 3
[  139.186007][ T5881] Bluetooth: hci0: command tx timeout
[  141.264121][ T5881] Bluetooth: hci0: command tx timeout
2025/08/07 15:55:35 executed programs: 9
2025/08/07 15:55:40 executed programs: 15
2025/08/07 15:55:45 executed programs: 21
2025/08/07 15:55:50 executed programs: 27
2025/08/07 15:55:55 executed programs: 33
2025/08/07 15:56:00 executed programs: 39
2025/08/07 15:56:05 executed programs: 45
2025/08/07 15:56:10 executed programs: 51
2025/08/07 15:56:15 executed programs: 57
2025/08/07 15:56:20 executed programs: 63
2025/08/07 15:56:25 executed programs: 69
[  194.307175][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  194.313560][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
2025/08/07 15:56:30 executed programs: 75
2025/08/07 15:56:36 executed programs: 81
2025/08/07 15:56:41 executed programs: 87
2025/08/07 15:56:46 executed programs: 93
2025/08/07 15:56:51 executed programs: 99
2025/08/07 15:56:56 executed programs: 105
2025/08/07 15:57:01 executed programs: 111
2025/08/07 15:57:06 executed programs: 117
2025/08/07 15:57:11 executed programs: 123
2025/08/07 15:57:16 executed programs: 129
2025/08/07 15:57:21 executed programs: 135
2025/08/07 15:57:26 executed programs: 141
[  255.748873][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  255.755431][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  257.826401][ T5881] Bluetooth: hci0: command 0x0406 tx timeout
2025/08/07 15:57:31 executed programs: 147
2025/08/07 15:57:37 executed programs: 153
2025/08/07 15:57:42 executed programs: 159
2025/08/07 15:57:47 executed programs: 165
2025/08/07 15:57:52 executed programs: 171
2025/08/07 15:57:57 executed programs: 177
2025/08/07 15:58:02 executed programs: 183
2025/08/07 15:58:07 executed programs: 189
2025/08/07 15:58:12 executed programs: 195
2025/08/07 15:58:17 executed programs: 201
2025/08/07 15:58:22 executed programs: 207
2025/08/07 15:58:27 executed programs: 213
[  317.187397][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  317.193724][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
2025/08/07 15:58:32 executed programs: 219
2025/08/07 15:58:38 executed programs: 225
2025/08/07 15:58:43 executed programs: 231
[  334.905570][   T49] ==================================================================
[  334.913757][   T49] BUG: KASAN: slab-use-after-free in _raw_spin_lock_bh+0x36/0x50
[  334.921605][   T49] Read of size 1 at addr ffff88807ecbd458 by task kworker/u8:3/49
[  334.929435][   T49] 
[  334.931835][   T49] CPU: 0 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted 6.16.0-syzkaller-11106-g1b30d4441727 #0 PREEMPT(full) 
[  334.931851][   T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  334.931859][   T49] Workqueue: kkcmd kcm_tx_work
[  334.931887][   T49] Call Trace:
[  334.931894][   T49]  <TASK>
[  334.931901][   T49]  dump_stack_lvl+0x189/0x250
[  334.931915][   T49]  ? __virt_addr_valid+0x1c8/0x5c0
[  334.931926][   T49]  ? rcu_is_watching+0x15/0xb0
[  334.931936][   T49]  ? __kasan_check_byte+0x12/0x40
[  334.931948][   T49]  ? __pfx_dump_stack_lvl+0x10/0x10
[  334.931958][   T49]  ? rcu_is_watching+0x15/0xb0
[  334.931966][   T49]  ? lock_release+0x4b/0x3e0
[  334.931979][   T49]  ? __virt_addr_valid+0x1c8/0x5c0
[  334.931990][   T49]  ? __virt_addr_valid+0x4a5/0x5c0
[  334.932001][   T49]  print_report+0xca/0x240
[  334.932010][   T49]  ? _raw_spin_lock_bh+0x36/0x50
[  334.932023][   T49]  kasan_report+0x118/0x150
[  334.932036][   T49]  ? _raw_spin_lock_bh+0x36/0x50
[  334.932049][   T49]  ? __lock_sock+0x156/0x2b0
[  334.932064][   T49]  __kasan_check_byte+0x2a/0x40
[  334.932075][   T49]  lock_acquire+0x8d/0x360
[  334.932088][   T49]  ? schedule+0x91/0x360
[  334.932101][   T49]  ? kthread_data+0x4f/0xc0
[  334.932110][   T49]  ? __lock_sock+0x156/0x2b0
[  334.932121][   T49]  _raw_spin_lock_bh+0x36/0x50
[  334.932133][   T49]  ? __lock_sock+0x156/0x2b0
[  334.932144][   T49]  __lock_sock+0x156/0x2b0
[  334.932156][   T49]  ? __pfx___lock_sock+0x10/0x10
[  334.932167][   T49]  ? do_raw_spin_lock+0x121/0x290
[  334.932177][   T49]  ? __pfx_autoremove_wake_function+0x10/0x10
[  334.932188][   T49]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  334.932200][   T49]  ? lock_sock_nested+0x6a/0x100
[  334.932213][   T49]  lock_sock_nested+0x9f/0x100
[  334.932227][   T49]  kcm_tx_work+0x31/0x180
[  334.932239][   T49]  ? process_scheduled_works+0x9ef/0x17b0
[  334.932277][   T49]  process_scheduled_works+0xade/0x17b0
[  334.932297][   T49]  ? __pfx_process_scheduled_works+0x10/0x10
[  334.932314][   T49]  worker_thread+0x8a0/0xda0
[  334.932323][   T49]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  334.932338][   T49]  ? __kthread_parkme+0x7b/0x200
[  334.932349][   T49]  kthread+0x711/0x8a0
[  334.932360][   T49]  ? __pfx_worker_thread+0x10/0x10
[  334.932369][   T49]  ? __pfx_kthread+0x10/0x10
[  334.932379][   T49]  ? _raw_spin_unlock_irq+0x23/0x50
[  334.932391][   T49]  ? lockdep_hardirqs_on+0x9c/0x150
[  334.932399][   T49]  ? __pfx_kthread+0x10/0x10
[  334.932410][   T49]  ret_from_fork+0x3f9/0x770
[  334.932420][   T49]  ? __pfx_ret_from_fork+0x10/0x10
[  334.932430][   T49]  ? __switch_to_asm+0x39/0x70
[  334.932441][   T49]  ? __switch_to_asm+0x33/0x70
[  334.932451][   T49]  ? __pfx_kthread+0x10/0x10
[  334.932461][   T49]  ret_from_fork_asm+0x1a/0x30
[  334.932476][   T49]  </TASK>
[  334.932480][   T49] 
[  335.201598][   T49] Allocated by task 7751:
[  335.205909][   T49]  kasan_save_track+0x3e/0x80
[  335.210630][   T49]  __kasan_slab_alloc+0x6c/0x80
[  335.215477][   T49]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  335.220924][   T49]  sk_prot_alloc+0x57/0x220
[  335.225414][   T49]  sk_alloc+0x3a/0x370
[  335.229559][   T49]  kcm_ioctl+0x214/0xff0
[  335.233794][   T49]  sock_do_ioctl+0xd9/0x300
[  335.238461][   T49]  sock_ioctl+0x576/0x790
[  335.242870][   T49]  __se_sys_ioctl+0xfc/0x170
[  335.247479][   T49]  do_syscall_64+0xfa/0x3b0
[  335.251968][   T49]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.257848][   T49] 
[  335.260156][   T49] Freed by task 7752:
[  335.264188][   T49]  kasan_save_track+0x3e/0x80
[  335.268855][   T49]  kasan_save_free_info+0x46/0x50
[  335.273865][   T49]  __kasan_slab_free+0x62/0x70
[  335.278618][   T49]  kmem_cache_free+0x18f/0x400
[  335.283376][   T49]  __sk_destruct+0x4d2/0x660
[  335.288042][   T49]  kcm_release+0x528/0x5c0
[  335.292462][   T49]  sock_close+0xc0/0x240
[  335.296781][   T49]  __fput+0x44c/0xa70
[  335.300750][   T49]  fput_close_sync+0x119/0x200
[  335.305612][   T49]  __x64_sys_close+0x7f/0x110
[  335.310287][   T49]  do_syscall_64+0xfa/0x3b0
[  335.314814][   T49]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.320721][   T49] 
[  335.323061][   T49] Last potentially related work creation:
[  335.328758][   T49]  kasan_save_stack+0x3e/0x60
[  335.333438][   T49]  kasan_record_aux_stack+0xbd/0xd0
[  335.338650][   T49]  insert_work+0x3d/0x330
[  335.342969][   T49]  __queue_work+0xcd2/0xfb0
[  335.347455][   T49]  queue_work_on+0x181/0x270
[  335.352025][   T49]  kcm_unattach+0x863/0xe90
[  335.356529][   T49]  kcm_ioctl+0x794/0xff0
[  335.360762][   T49]  sock_do_ioctl+0xd9/0x300
[  335.365338][   T49]  sock_ioctl+0x576/0x790
[  335.369655][   T49]  __se_sys_ioctl+0xfc/0x170
[  335.374238][   T49]  do_syscall_64+0xfa/0x3b0
[  335.378728][   T49]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.384699][   T49] 
[  335.387099][   T49] Second to last potentially related work creation:
[  335.393841][   T49]  kasan_save_stack+0x3e/0x60
[  335.398509][   T49]  kasan_record_aux_stack+0xbd/0xd0
[  335.403869][   T49]  insert_work+0x3d/0x330
[  335.408194][   T49]  __queue_work+0xcd2/0xfb0
[  335.412682][   T49]  queue_work_on+0x181/0x270
[  335.417260][   T49]  kcm_ioctl+0xe52/0xff0
[  335.421583][   T49]  sock_do_ioctl+0xd9/0x300
[  335.426076][   T49]  sock_ioctl+0x576/0x790
[  335.430420][   T49]  __se_sys_ioctl+0xfc/0x170
[  335.435086][   T49]  do_syscall_64+0xfa/0x3b0
[  335.439576][   T49]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.445541][   T49] 
[  335.447850][   T49] The buggy address belongs to the object at ffff88807ecbd280
[  335.447850][   T49]  which belongs to the cache KCM of size 1792
[  335.461279][   T49] The buggy address is located 472 bytes inside of
[  335.461279][   T49]  freed 1792-byte region [ffff88807ecbd280, ffff88807ecbd980)
[  335.475271][   T49] 
[  335.477617][   T49] The buggy address belongs to the physical page:
[  335.484034][   T49] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7ecb8
[  335.492788][   T49] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  335.501274][   T49] memcg:ffff888027ed6201
[  335.505510][   T49] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  335.513057][   T49] page_type: f5(slab)
[  335.517071][   T49] raw: 00fff00000000040 ffff88814cddc140 ffffea0001c88200 dead000000000002
[  335.525812][   T49] raw: 0000000000000000 0000000080110011 00000000f5000000 ffff888027ed6201
[  335.534380][   T49] head: 00fff00000000040 ffff88814cddc140 ffffea0001c88200 dead000000000002
[  335.543126][   T49] head: 0000000000000000 0000000080110011 00000000f5000000 ffff888027ed6201
[  335.551956][   T49] head: 00fff00000000003 ffffea0001fb2e01 00000000ffffffff 00000000ffffffff
[  335.560701][   T49] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  335.569442][   T49] page dumped because: kasan: bad access detected
[  335.576007][   T49] page_owner tracks the page as allocated
[  335.581793][   T49] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6661, tgid 6659 (syz.0.16), ts 137419785978, free_ts 137388500654
[  335.602962][   T49]  post_alloc_hook+0x240/0x2a0
[  335.607726][   T49]  get_page_from_freelist+0x21e4/0x22c0
[  335.613446][   T49]  __alloc_frozen_pages_noprof+0x181/0x370
[  335.619256][   T49]  alloc_pages_mpol+0x232/0x4a0
[  335.624093][   T49]  allocate_slab+0x8a/0x370
[  335.628591][   T49]  ___slab_alloc+0xbeb/0x1410
[  335.633254][   T49]  kmem_cache_alloc_noprof+0x283/0x3c0
[  335.638698][   T49]  sk_prot_alloc+0x57/0x220
[  335.643288][   T49]  sk_alloc+0x3a/0x370
[  335.647358][   T49]  kcm_create+0x100/0x580
[  335.651765][   T49]  __sock_create+0x4b3/0x9f0
[  335.656433][   T49]  __sys_socket+0xd7/0x1b0
[  335.660834][   T49]  __x64_sys_socket+0x7a/0x90
[  335.665591][   T49]  do_syscall_64+0xfa/0x3b0
[  335.670187][   T49]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.676154][   T49] page last free pid 6538 tgid 6538 stack trace:
[  335.682551][   T49]  __free_frozen_pages+0xbc4/0xd30
[  335.688100][   T49]  __put_partials+0x156/0x1a0
[  335.692771][   T49]  put_cpu_partial+0x17c/0x250
[  335.697523][   T49]  __slab_free+0x2d5/0x3c0
[  335.702036][   T49]  qlist_free_all+0x97/0x140
[  335.706615][   T49]  kasan_quarantine_reduce+0x148/0x160
[  335.712237][   T49]  __kasan_slab_alloc+0x22/0x80
[  335.717163][   T49]  kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
[  335.723048][   T49]  shmem_alloc_inode+0x28/0x40
[  335.727805][   T49]  alloc_inode+0x6a/0x1b0
[  335.732122][   T49]  new_inode+0x22/0x170
[  335.736311][   T49]  shmem_get_inode+0x346/0xe90
[  335.741065][   T49]  shmem_mknod+0x18c/0x3e0
[  335.745463][   T49]  shmem_mkdir+0x33/0x70
[  335.749770][   T49]  vfs_mkdir+0x303/0x510
[  335.754016][   T49]  do_mkdirat+0x247/0x590
[  335.758347][   T49] 
[  335.760660][   T49] Memory state around the buggy address:
[  335.766285][   T49]  ffff88807ecbd300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  335.774336][   T49]  ffff88807ecbd380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  335.782487][   T49] >ffff88807ecbd400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  335.790584][   T49]                                                     ^
[  335.797505][   T49]  ffff88807ecbd480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  335.805556][   T49]  ffff88807ecbd500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  335.813606][   T49] ==================================================================
[  335.821818][   T49] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  335.829126][   T49] CPU: 0 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted 6.16.0-syzkaller-11106-g1b30d4441727 #0 PREEMPT(full) 
[  335.840844][   T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  335.851009][   T49] Workqueue: kkcmd kcm_tx_work
[  335.855784][   T49] Call Trace:
[  335.859054][   T49]  <TASK>
[  335.861976][   T49]  dump_stack_lvl+0x99/0x250
[  335.866564][   T49]  ? __asan_memcpy+0x40/0x70
[  335.871212][   T49]  ? __pfx_dump_stack_lvl+0x10/0x10
[  335.876494][   T49]  ? __pfx__printk+0x10/0x10
[  335.881098][   T49]  vpanic+0x27a/0x730
[  335.885077][   T49]  ? __pfx_print_hex_dump+0x10/0x10
[  335.890624][   T49]  ? __pfx_vpanic+0x10/0x10
[  335.895301][   T49]  ? irqentry_exit+0x74/0x90
[  335.900000][   T49]  ? lockdep_hardirqs_on+0x9c/0x150
[  335.905195][   T49]  panic+0xb9/0xc0
[  335.908911][   T49]  ? __pfx_panic+0x10/0x10
[  335.913316][   T49]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  335.919386][   T49]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  335.925796][   T49]  ? _raw_spin_lock_bh+0x36/0x50
[  335.930818][   T49]  check_panic_on_warn+0x89/0xb0
[  335.935748][   T49]  ? _raw_spin_lock_bh+0x36/0x50
[  335.940779][   T49]  end_report+0x78/0x160
[  335.945030][   T49]  kasan_report+0x129/0x150
[  335.949629][   T49]  ? _raw_spin_lock_bh+0x36/0x50
[  335.954569][   T49]  ? __lock_sock+0x156/0x2b0
[  335.959242][   T49]  __kasan_check_byte+0x2a/0x40
[  335.964087][   T49]  lock_acquire+0x8d/0x360
[  335.968500][   T49]  ? schedule+0x91/0x360
[  335.972736][   T49]  ? kthread_data+0x4f/0xc0
[  335.977233][   T49]  ? __lock_sock+0x156/0x2b0
[  335.981829][   T49]  _raw_spin_lock_bh+0x36/0x50
[  335.986683][   T49]  ? __lock_sock+0x156/0x2b0
[  335.991267][   T49]  __lock_sock+0x156/0x2b0
[  335.995677][   T49]  ? __pfx___lock_sock+0x10/0x10
[  336.000694][   T49]  ? do_raw_spin_lock+0x121/0x290
[  336.005720][   T49]  ? __pfx_autoremove_wake_function+0x10/0x10
[  336.011965][   T49]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  336.017338][   T49]  ? lock_sock_nested+0x6a/0x100
[  336.022280][   T49]  lock_sock_nested+0x9f/0x100
[  336.027044][   T49]  kcm_tx_work+0x31/0x180
[  336.031456][   T49]  ? process_scheduled_works+0x9ef/0x17b0
[  336.037291][   T49]  process_scheduled_works+0xade/0x17b0
[  336.042844][   T49]  ? __pfx_process_scheduled_works+0x10/0x10
[  336.048834][   T49]  worker_thread+0x8a0/0xda0
[  336.053436][   T49]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  336.059773][   T49]  ? __kthread_parkme+0x7b/0x200
[  336.064813][   T49]  kthread+0x711/0x8a0
[  336.068897][   T49]  ? __pfx_worker_thread+0x10/0x10
[  336.074165][   T49]  ? __pfx_kthread+0x10/0x10
[  336.078746][   T49]  ? _raw_spin_unlock_irq+0x23/0x50
[  336.083950][   T49]  ? lockdep_hardirqs_on+0x9c/0x150
[  336.089167][   T49]  ? __pfx_kthread+0x10/0x10
[  336.093751][   T49]  ret_from_fork+0x3f9/0x770
[  336.098444][   T49]  ? __pfx_ret_from_fork+0x10/0x10
[  336.103549][   T49]  ? __switch_to_asm+0x39/0x70
[  336.108395][   T49]  ? __switch_to_asm+0x33/0x70
[  336.113158][   T49]  ? __pfx_kthread+0x10/0x10
[  336.117737][   T49]  ret_from_fork_asm+0x1a/0x30
[  336.122495][   T49]  </TASK>
[  336.125806][   T49] Kernel Offset: disabled
[  336.130121][   T49] Rebooting in 86400 seconds..