[  132.981315][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  132.987885][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
Warning: Permanently added '10.128.0.81' (ED25519) to the list of known hosts.
2025/08/11 11:21:02 ignoring optional flag "sandboxArg"="0"
2025/08/11 11:21:03 parsed 1 programs
[  144.118578][ T6402] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  148.951874][ T6438] chnl_net:caif_netlink_parms(): no params data found
[  149.059192][ T6438] bridge0: port 1(bridge_slave_0) entered blocking state
[  149.066451][ T6438] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.073805][ T6438] bridge_slave_0: entered allmulticast mode
[  149.086881][ T6438] bridge_slave_0: entered promiscuous mode
[  149.095808][ T6438] bridge0: port 2(bridge_slave_1) entered blocking state
[  149.103277][ T6438] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.110552][ T6438] bridge_slave_1: entered allmulticast mode
[  149.119092][ T6438] bridge_slave_1: entered promiscuous mode
[  149.161246][ T6438] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  149.173329][ T6438] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  149.211204][ T6438] team0: Port device team_slave_0 added
[  149.219685][ T6438] team0: Port device team_slave_1 added
[  149.256157][ T6438] batman_adv: batadv0: Adding interface: batadv_slave_0
[  149.263849][ T6438] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  149.289943][ T6438] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  149.302430][ T6438] batman_adv: batadv0: Adding interface: batadv_slave_1
[  149.309938][ T6438] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  149.335985][ T6438] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  149.382074][ T6438] hsr_slave_0: entered promiscuous mode
[  149.388662][ T6438] hsr_slave_1: entered promiscuous mode
[  150.024324][ T6438] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  150.040065][ T6438] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  150.051573][ T6438] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  150.064967][ T6438] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  150.182846][ T6438] 8021q: adding VLAN 0 to HW filter on device bond0
[  150.212312][ T6438] 8021q: adding VLAN 0 to HW filter on device team0
[  150.227714][   T34] bridge0: port 1(bridge_slave_0) entered blocking state
[  150.234965][   T34] bridge0: port 1(bridge_slave_0) entered forwarding state
[  150.262140][   T34] bridge0: port 2(bridge_slave_1) entered blocking state
[  150.269406][   T34] bridge0: port 2(bridge_slave_1) entered forwarding state
[  150.572301][ T6438] 8021q: adding VLAN 0 to HW filter on device batadv0
[  150.643480][ T6438] veth0_vlan: entered promiscuous mode
[  150.659070][ T6438] veth1_vlan: entered promiscuous mode
[  150.694491][ T6438] veth0_macvtap: entered promiscuous mode
[  150.710488][ T6438] veth1_macvtap: entered promiscuous mode
[  150.741159][ T6438] batman_adv: batadv0: Interface activated: batadv_slave_0
[  150.756191][ T6438] batman_adv: batadv0: Interface activated: batadv_slave_1
[  150.776574][ T1148] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  150.809263][ T1148] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  150.833916][ T1148] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  150.853720][ T1148] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  151.026072][ T1148] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  151.100980][ T1148] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  151.190811][ T1148] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  151.272268][ T1148] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  151.987394][ T1339] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  152.005165][ T1339] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  152.050493][ T1339] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  152.059101][ T1339] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  153.331463][ T1148] bridge_slave_1: left allmulticast mode
[  153.337180][ T1148] bridge_slave_1: left promiscuous mode
[  153.358677][ T1148] bridge0: port 2(bridge_slave_1) entered disabled state
[  153.375432][ T1148] bridge_slave_0: left allmulticast mode
[  153.382244][ T5918] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  153.384360][ T1148] bridge_slave_0: left promiscuous mode
[  153.396995][ T1148] bridge0: port 1(bridge_slave_0) entered disabled state
[  153.406838][ T5918] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  153.423657][ T5918] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  153.436572][ T5918] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  153.445164][ T5918] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  153.766114][ T1148] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  153.777785][ T1148] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  153.790607][ T1148] bond0 (unregistering): Released all slaves
[  153.925686][ T1148] hsr_slave_0: left promiscuous mode
[  153.941529][ T1148] hsr_slave_1: left promiscuous mode
[  153.955059][ T1148] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  153.973540][ T1148] batman_adv: batadv0: Removing interface: batadv_slave_0
[  153.989458][ T1148] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  153.997539][ T1148] batman_adv: batadv0: Removing interface: batadv_slave_1
[  154.044402][ T1148] veth1_macvtap: left promiscuous mode
[  154.075339][ T1148] veth0_macvtap: left promiscuous mode
[  154.082746][ T1148] veth1_vlan: left promiscuous mode
[  154.088757][ T1148] veth0_vlan: left promiscuous mode
[  154.604242][ T1148] team0 (unregistering): Port device team_slave_1 removed
[  154.640459][ T1148] team0 (unregistering): Port device team_slave_0 removed
2025/08/11 11:21:20 executed programs: 0
[  155.770018][ T5918] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  155.788553][ T5918] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  155.802161][ T5918] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  155.810268][ T5918] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  155.821054][ T5918] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  156.332971][ T6618] chnl_net:caif_netlink_parms(): no params data found
[  156.538708][ T6618] bridge0: port 1(bridge_slave_0) entered blocking state
[  156.545906][ T6618] bridge0: port 1(bridge_slave_0) entered disabled state
[  156.565134][ T6618] bridge_slave_0: entered allmulticast mode
[  156.574048][ T6618] bridge_slave_0: entered promiscuous mode
[  156.598699][ T6618] bridge0: port 2(bridge_slave_1) entered blocking state
[  156.605956][ T6618] bridge0: port 2(bridge_slave_1) entered disabled state
[  156.636657][ T6618] bridge_slave_1: entered allmulticast mode
[  156.650859][ T6618] bridge_slave_1: entered promiscuous mode
[  156.721048][ T6618] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  156.751238][ T6618] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  156.870924][ T6618] team0: Port device team_slave_0 added
[  156.881007][ T6618] team0: Port device team_slave_1 added
[  156.965452][ T6618] batman_adv: batadv0: Adding interface: batadv_slave_0
[  156.972756][ T6618] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  157.003087][ T6618] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  157.019628][ T6618] batman_adv: batadv0: Adding interface: batadv_slave_1
[  157.026624][ T6618] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  157.053592][ T6618] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  157.144125][ T6618] hsr_slave_0: entered promiscuous mode
[  157.152791][ T6618] hsr_slave_1: entered promiscuous mode
[  157.665669][ T6618] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  157.679262][ T6618] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  157.690727][ T6618] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  157.703369][ T6618] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  157.817469][ T6618] 8021q: adding VLAN 0 to HW filter on device bond0
[  157.848938][ T6618] 8021q: adding VLAN 0 to HW filter on device team0
[  157.866552][   T51] Bluetooth: hci0: command tx timeout
[  157.881112][ T1339] bridge0: port 1(bridge_slave_0) entered blocking state
[  157.888368][ T1339] bridge0: port 1(bridge_slave_0) entered forwarding state
[  157.909788][ T1339] bridge0: port 2(bridge_slave_1) entered blocking state
[  157.916958][ T1339] bridge0: port 2(bridge_slave_1) entered forwarding state
[  158.215301][ T6618] 8021q: adding VLAN 0 to HW filter on device batadv0
[  158.280667][ T6618] veth0_vlan: entered promiscuous mode
[  158.296416][ T6618] veth1_vlan: entered promiscuous mode
[  158.335479][ T6618] veth0_macvtap: entered promiscuous mode
[  158.348052][ T6618] veth1_macvtap: entered promiscuous mode
[  158.376922][ T6618] batman_adv: batadv0: Interface activated: batadv_slave_0
[  158.393382][ T6618] batman_adv: batadv0: Interface activated: batadv_slave_1
[  158.417995][ T1148] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  158.426972][ T1148] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  158.456856][ T1148] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  158.466897][ T1148] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  158.547138][ T1148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  158.566539][ T1148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  158.611426][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  158.619578][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  159.938221][   T51] Bluetooth: hci0: command tx timeout
2025/08/11 11:21:26 executed programs: 5
[  161.300833][   T34] ==================================================================
[  161.308968][   T34] BUG: KASAN: slab-use-after-free in _raw_spin_lock_bh+0x36/0x50
[  161.316736][   T34] Read of size 1 at addr ffff888032fc9858 by task kworker/u8:2/34
[  161.324586][   T34] 
[  161.326970][   T34] CPU: 1 UID: 0 PID: 34 Comm: kworker/u8:2 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(full) 
[  161.326999][   T34] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  161.327014][   T34] Workqueue: kkcmd kcm_tx_work
[  161.327055][   T34] Call Trace:
[  161.327063][   T34]  <TASK>
[  161.327073][   T34]  dump_stack_lvl+0x189/0x250
[  161.327101][   T34]  ? __virt_addr_valid+0x1c8/0x5c0
[  161.327129][   T34]  ? rcu_is_watching+0x15/0xb0
[  161.327149][   T34]  ? __kasan_check_byte+0x12/0x40
[  161.327180][   T34]  ? __pfx_dump_stack_lvl+0x10/0x10
[  161.327205][   T34]  ? rcu_is_watching+0x15/0xb0
[  161.327227][   T34]  ? lock_release+0x4b/0x3e0
[  161.327261][   T34]  ? __virt_addr_valid+0x1c8/0x5c0
[  161.327287][   T34]  ? __virt_addr_valid+0x4a5/0x5c0
[  161.327316][   T34]  print_report+0xca/0x240
[  161.327337][   T34]  ? _raw_spin_lock_bh+0x36/0x50
[  161.327362][   T34]  kasan_report+0x118/0x150
[  161.327394][   T34]  ? _raw_spin_lock_bh+0x36/0x50
[  161.327424][   T34]  ? __lock_sock+0x156/0x2b0
[  161.327446][   T34]  __kasan_check_byte+0x2a/0x40
[  161.327476][   T34]  lock_acquire+0x8d/0x360
[  161.327508][   T34]  ? schedule+0x91/0x360
[  161.327533][   T34]  ? kthread_data+0x4f/0xc0
[  161.327555][   T34]  ? __lock_sock+0x156/0x2b0
[  161.327578][   T34]  _raw_spin_lock_bh+0x36/0x50
[  161.327611][   T34]  ? __lock_sock+0x156/0x2b0
[  161.327632][   T34]  __lock_sock+0x156/0x2b0
[  161.327656][   T34]  ? __pfx___lock_sock+0x10/0x10
[  161.327677][   T34]  ? do_raw_spin_lock+0x121/0x290
[  161.327701][   T34]  ? __pfx_autoremove_wake_function+0x10/0x10
[  161.327726][   T34]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  161.327754][   T34]  ? lock_sock_nested+0x6a/0x100
[  161.327781][   T34]  lock_sock_nested+0x9f/0x100
[  161.327810][   T34]  kcm_tx_work+0x31/0x180
[  161.327835][   T34]  ? process_scheduled_works+0x9ef/0x17b0
[  161.327857][   T34]  process_scheduled_works+0xade/0x17b0
[  161.327894][   T34]  ? __pfx_process_scheduled_works+0x10/0x10
[  161.327925][   T34]  worker_thread+0x8a0/0xda0
[  161.327961][   T34]  kthread+0x70e/0x8a0
[  161.327989][   T34]  ? __pfx_worker_thread+0x10/0x10
[  161.328010][   T34]  ? __pfx_kthread+0x10/0x10
[  161.328034][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  161.328060][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  161.328087][   T34]  ? __pfx_kthread+0x10/0x10
[  161.328113][   T34]  ret_from_fork+0x3fc/0x770
[  161.328135][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  161.328160][   T34]  ? __switch_to_asm+0x39/0x70
[  161.328187][   T34]  ? __switch_to_asm+0x33/0x70
[  161.328213][   T34]  ? __pfx_kthread+0x10/0x10
[  161.328239][   T34]  ret_from_fork_asm+0x1a/0x30
[  161.328275][   T34]  </TASK>
[  161.328283][   T34] 
[  161.584964][   T34] Allocated by task 6801:
[  161.589307][   T34]  kasan_save_track+0x3e/0x80
[  161.594004][   T34]  __kasan_slab_alloc+0x6c/0x80
[  161.598873][   T34]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  161.604429][   T34]  sk_prot_alloc+0x57/0x220
[  161.608937][   T34]  sk_alloc+0x3a/0x370
[  161.613007][   T34]  kcm_ioctl+0x214/0xff0
[  161.617259][   T34]  sock_do_ioctl+0xdc/0x300
[  161.621775][   T34]  sock_ioctl+0x576/0x790
[  161.626289][   T34]  __se_sys_ioctl+0xfc/0x170
[  161.630884][   T34]  do_syscall_64+0xfa/0x3b0
[  161.635401][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.641304][   T34] 
[  161.643631][   T34] Freed by task 6802:
[  161.647611][   T34]  kasan_save_track+0x3e/0x80
[  161.652307][   T34]  kasan_save_free_info+0x46/0x50
[  161.657348][   T34]  __kasan_slab_free+0x5b/0x80
[  161.662126][   T34]  kmem_cache_free+0x18f/0x400
[  161.666908][   T34]  __sk_destruct+0x4d2/0x660
[  161.671505][   T34]  kcm_release+0x528/0x5c0
[  161.675929][   T34]  sock_close+0xc3/0x240
[  161.680181][   T34]  __fput+0x449/0xa70
[  161.684260][   T34]  fput_close_sync+0x119/0x200
[  161.689036][   T34]  __x64_sys_close+0x7f/0x110
[  161.693730][   T34]  do_syscall_64+0xfa/0x3b0
[  161.698267][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.704183][   T34] 
[  161.706519][   T34] Last potentially related work creation:
[  161.712331][   T34]  kasan_save_stack+0x3e/0x60
[  161.717041][   T34]  kasan_record_aux_stack+0xbd/0xd0
[  161.722248][   T34]  insert_work+0x3d/0x330
[  161.726597][   T34]  __queue_work+0xcd2/0xfb0
[  161.731125][   T34]  queue_work_on+0x181/0x270
[  161.735726][   T34]  kcm_unattach+0x863/0xe90
[  161.740248][   T34]  kcm_ioctl+0x794/0xff0
[  161.744592][   T34]  sock_do_ioctl+0xdc/0x300
[  161.749106][   T34]  sock_ioctl+0x576/0x790
[  161.753446][   T34]  __se_sys_ioctl+0xfc/0x170
[  161.758158][   T34]  do_syscall_64+0xfa/0x3b0
[  161.762673][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.768569][   T34] 
[  161.770896][   T34] Second to last potentially related work creation:
[  161.777496][   T34]  kasan_save_stack+0x3e/0x60
[  161.782186][   T34]  kasan_record_aux_stack+0xbd/0xd0
[  161.787407][   T34]  insert_work+0x3d/0x330
[  161.791770][   T34]  __queue_work+0xcd2/0xfb0
[  161.796317][   T34]  queue_work_on+0x181/0x270
[  161.800910][   T34]  kcm_ioctl+0xe52/0xff0
[  161.805166][   T34]  sock_do_ioctl+0xdc/0x300
[  161.809770][   T34]  sock_ioctl+0x576/0x790
[  161.814110][   T34]  __se_sys_ioctl+0xfc/0x170
[  161.818705][   T34]  do_syscall_64+0xfa/0x3b0
[  161.823658][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.829560][   T34] 
[  161.831889][   T34] The buggy address belongs to the object at ffff888032fc9680
[  161.831889][   T34]  which belongs to the cache KCM of size 1792
[  161.845430][   T34] The buggy address is located 472 bytes inside of
[  161.845430][   T34]  freed 1792-byte region [ffff888032fc9680, ffff888032fc9d80)
[  161.859350][   T34] 
[  161.861692][   T34] The buggy address belongs to the physical page:
[  161.868129][   T34] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x32fc8
[  161.876921][   T34] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  161.885437][   T34] memcg:ffff888028764301
[  161.889682][   T34] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  161.897257][   T34] page_type: f5(slab)
[  161.901402][   T34] raw: 00fff00000000040 ffff88814c63d500 dead000000000122 0000000000000000
[  161.910006][   T34] raw: 0000000000000000 0000000080110011 00000000f5000000 ffff888028764301
[  161.918602][   T34] head: 00fff00000000040 ffff88814c63d500 dead000000000122 0000000000000000
[  161.927283][   T34] head: 0000000000000000 0000000080110011 00000000f5000000 ffff888028764301
[  161.935975][   T34] head: 00fff00000000003 ffffea0000cbf201 00000000ffffffff 00000000ffffffff
[  161.944671][   T34] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  161.953351][   T34] page dumped because: kasan: bad access detected
[  161.959780][   T34] page_owner tracks the page as allocated
[  161.965511][   T34] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6700, tgid 6698 (syz.0.16), ts 158677574047, free_ts 158651079845
[  161.986716][   T34]  post_alloc_hook+0x240/0x2a0
[  161.991510][   T34]  get_page_from_freelist+0x21e4/0x22c0
[  161.997066][   T34]  __alloc_frozen_pages_noprof+0x181/0x370
[  162.002872][   T34]  alloc_pages_mpol+0x232/0x4a0
[  162.007737][   T34]  allocate_slab+0x8a/0x370
[  162.012248][   T34]  ___slab_alloc+0xbeb/0x1410
[  162.016943][   T34]  kmem_cache_alloc_noprof+0x283/0x3c0
[  162.022410][   T34]  sk_prot_alloc+0x57/0x220
[  162.026938][   T34]  sk_alloc+0x3a/0x370
[  162.031008][   T34]  kcm_create+0x100/0x580
[  162.035340][   T34]  __sock_create+0x4b0/0x9f0
[  162.039941][   T34]  __sys_socket+0xd7/0x1b0
[  162.044375][   T34]  __x64_sys_socket+0x7a/0x90
[  162.049065][   T34]  do_syscall_64+0xfa/0x3b0
[  162.053596][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.059502][   T34] page last free pid 6618 tgid 6618 stack trace:
[  162.065832][   T34]  __free_frozen_pages+0xbc4/0xd30
[  162.070968][   T34]  __put_partials+0x156/0x1a0
[  162.075647][   T34]  put_cpu_partial+0x17c/0x250
[  162.080430][   T34]  __slab_free+0x2d5/0x3c0
[  162.084852][   T34]  qlist_free_all+0x97/0x140
[  162.089449][   T34]  kasan_quarantine_reduce+0x148/0x160
[  162.094925][   T34]  __kasan_slab_alloc+0x22/0x80
[  162.099784][   T34]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  162.105261][   T34]  getname_flags+0xb8/0x540
[  162.109858][   T34]  __x64_sys_mkdirat+0x7a/0xa0
[  162.114663][   T34]  do_syscall_64+0xfa/0x3b0
[  162.119176][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.125085][   T34] 
[  162.127416][   T34] Memory state around the buggy address:
[  162.133132][   T34]  ffff888032fc9700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  162.141196][   T34]  ffff888032fc9780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  162.149269][   T34] >ffff888032fc9800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  162.157334][   T34]                                                     ^
[  162.164376][   T34]  ffff888032fc9880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  162.173179][   T34]  ffff888032fc9900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  162.181256][   T34] ==================================================================
[  162.189541][   T34] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  162.196768][   T34] CPU: 1 UID: 0 PID: 34 Comm: kworker/u8:2 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(full) 
[  162.208414][   T34] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  162.218496][   T34] Workqueue: kkcmd kcm_tx_work
[  162.223367][   T34] Call Trace:
[  162.226663][   T34]  <TASK>
[  162.229608][   T34]  dump_stack_lvl+0x99/0x250
[  162.234263][   T34]  ? __asan_memcpy+0x40/0x70
[  162.238885][   T34]  ? __pfx_dump_stack_lvl+0x10/0x10
[  162.244241][   T34]  ? __pfx__printk+0x10/0x10
[  162.249008][   T34]  vpanic+0x281/0x750
[  162.253023][   T34]  ? __pfx_print_hex_dump+0x10/0x10
[  162.258325][   T34]  ? __pfx_vpanic+0x10/0x10
[  162.262839][   T34]  ? irqentry_exit+0x74/0x90
[  162.267448][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  162.272838][   T34]  panic+0xb9/0xc0
[  162.276571][   T34]  ? __pfx_panic+0x10/0x10
[  162.280997][   T34]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  162.286989][   T34]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  162.293329][   T34]  ? _raw_spin_lock_bh+0x36/0x50
[  162.298314][   T34]  check_panic_on_warn+0x89/0xb0
[  162.303319][   T34]  ? _raw_spin_lock_bh+0x36/0x50
[  162.308279][   T34]  end_report+0x78/0x160
[  162.312580][   T34]  kasan_report+0x129/0x150
[  162.317119][   T34]  ? _raw_spin_lock_bh+0x36/0x50
[  162.322090][   T34]  ? __lock_sock+0x156/0x2b0
[  162.326785][   T34]  __kasan_check_byte+0x2a/0x40
[  162.331674][   T34]  lock_acquire+0x8d/0x360
[  162.336119][   T34]  ? schedule+0x91/0x360
[  162.340374][   T34]  ? kthread_data+0x4f/0xc0
[  162.344887][   T34]  ? __lock_sock+0x156/0x2b0
[  162.349499][   T34]  _raw_spin_lock_bh+0x36/0x50
[  162.354285][   T34]  ? __lock_sock+0x156/0x2b0
[  162.358974][   T34]  __lock_sock+0x156/0x2b0
[  162.363420][   T34]  ? __pfx___lock_sock+0x10/0x10
[  162.368370][   T34]  ? do_raw_spin_lock+0x121/0x290
[  162.373409][   T34]  ? __pfx_autoremove_wake_function+0x10/0x10
[  162.379487][   T34]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  162.384875][   T34]  ? lock_sock_nested+0x6a/0x100
[  162.389826][   T34]  lock_sock_nested+0x9f/0x100
[  162.394602][   T34]  kcm_tx_work+0x31/0x180
[  162.398944][   T34]  ? process_scheduled_works+0x9ef/0x17b0
[  162.404667][   T34]  process_scheduled_works+0xade/0x17b0
[  162.410229][   T34]  ? __pfx_process_scheduled_works+0x10/0x10
[  162.416221][   T34]  worker_thread+0x8a0/0xda0
[  162.420844][   T34]  kthread+0x70e/0x8a0
[  162.424926][   T34]  ? __pfx_worker_thread+0x10/0x10
[  162.430041][   T34]  ? __pfx_kthread+0x10/0x10
[  162.434647][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  162.439858][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  162.445065][   T34]  ? __pfx_kthread+0x10/0x10
[  162.449667][   T34]  ret_from_fork+0x3fc/0x770
[  162.454266][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  162.459392][   T34]  ? __switch_to_asm+0x39/0x70
[  162.464172][   T34]  ? __switch_to_asm+0x33/0x70
[  162.468949][   T34]  ? __pfx_kthread+0x10/0x10
[  162.473550][   T34]  ret_from_fork_asm+0x1a/0x30
[  162.478333][   T34]  </TASK>
[  162.481621][   T34] Kernel Offset: disabled
[  162.485947][   T34] Rebooting in 86400 seconds..