Warning: Permanently added '10.128.0.72' (ED25519) to the list of known hosts.
2025/08/08 14:24:02 ignoring optional flag "sandboxArg"="0"
2025/08/08 14:24:03 parsed 1 programs
[  138.125599][ T1306] ieee802154 phy0 wpan0: encryption failed: -22
[  138.132326][ T1306] ieee802154 phy1 wpan1: encryption failed: -22
[  141.230679][ T6325] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  145.037815][ T6342] chnl_net:caif_netlink_parms(): no params data found
[  145.131004][ T6342] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.138960][ T6342] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.147022][ T6342] bridge_slave_0: entered allmulticast mode
[  145.154550][ T6342] bridge_slave_0: entered promiscuous mode
[  145.163152][ T6342] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.170346][ T6342] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.177662][ T6342] bridge_slave_1: entered allmulticast mode
[  145.186573][ T6342] bridge_slave_1: entered promiscuous mode
[  145.220622][ T6342] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  145.232968][ T6342] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  145.276540][ T6342] team0: Port device team_slave_0 added
[  145.285466][ T6342] team0: Port device team_slave_1 added
[  145.318132][ T6342] batman_adv: batadv0: Adding interface: batadv_slave_0
[  145.327058][ T6342] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  145.353260][ T6342] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  145.366548][ T6342] batman_adv: batadv0: Adding interface: batadv_slave_1
[  145.373833][ T6342] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  145.399815][ T6342] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  145.448090][ T6342] hsr_slave_0: entered promiscuous mode
[  145.455364][ T6342] hsr_slave_1: entered promiscuous mode
[  146.158359][ T6342] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  146.170769][ T6342] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  146.185266][ T6342] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  146.197952][ T6342] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  146.332437][ T6342] 8021q: adding VLAN 0 to HW filter on device bond0
[  146.360065][ T6342] 8021q: adding VLAN 0 to HW filter on device team0
[  146.378211][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.385525][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  146.410910][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.418687][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  146.704098][ T6342] 8021q: adding VLAN 0 to HW filter on device batadv0
[  146.769505][ T6342] veth0_vlan: entered promiscuous mode
[  146.789967][ T6342] veth1_vlan: entered promiscuous mode
[  146.829148][ T6342] veth0_macvtap: entered promiscuous mode
[  146.849010][ T6342] veth1_macvtap: entered promiscuous mode
[  146.875010][ T6342] batman_adv: batadv0: Interface activated: batadv_slave_0
[  146.895896][ T6342] batman_adv: batadv0: Interface activated: batadv_slave_1
[  146.917258][ T1089] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  146.935882][ T1089] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  146.959545][ T1089] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  146.980636][ T1089] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  147.134244][ T5185] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  147.151544][ T5185] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  147.162141][ T5185] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  147.178849][ T5185] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  147.189137][ T5185] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  147.207792][   T59] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  147.300650][   T59] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  147.396412][   T59] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  147.577225][   T59] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.926482][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  148.945370][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  148.988551][ T1089] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  148.997674][ T1089] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  149.308576][   T59] bridge_slave_1: left allmulticast mode
[  149.331614][   T59] bridge_slave_1: left promiscuous mode
[  149.337764][   T59] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.363712][   T59] bridge_slave_0: left allmulticast mode
[  149.374455][   T59] bridge_slave_0: left promiscuous mode
[  149.380327][   T59] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.773955][   T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  149.787280][   T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  149.798717][   T59] bond0 (unregistering): Released all slaves
[  149.914080][   T59] hsr_slave_0: left promiscuous mode
[  149.920260][   T59] hsr_slave_1: left promiscuous mode
[  149.931059][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  149.938843][   T59] batman_adv: batadv0: Removing interface: batadv_slave_0
[  149.949282][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  149.957305][   T59] batman_adv: batadv0: Removing interface: batadv_slave_1
[  149.984967][   T59] veth1_macvtap: left promiscuous mode
[  149.990580][   T59] veth0_macvtap: left promiscuous mode
[  149.997369][   T59] veth1_vlan: left promiscuous mode
[  150.003733][   T59] veth0_vlan: left promiscuous mode
[  150.488251][   T59] team0 (unregistering): Port device team_slave_1 removed
[  150.525330][   T59] team0 (unregistering): Port device team_slave_0 removed
2025/08/08 14:24:22 executed programs: 0
[  154.096195][ T5185] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  154.104874][ T5185] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  154.113256][ T5185] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  154.121664][ T5185] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  154.129975][ T5185] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  154.442783][ T6583] chnl_net:caif_netlink_parms(): no params data found
[  154.578656][ T6583] bridge0: port 1(bridge_slave_0) entered blocking state
[  154.590533][ T6583] bridge0: port 1(bridge_slave_0) entered disabled state
[  154.599526][ T6583] bridge_slave_0: entered allmulticast mode
[  154.608014][ T6583] bridge_slave_0: entered promiscuous mode
[  154.619539][ T6583] bridge0: port 2(bridge_slave_1) entered blocking state
[  154.627156][ T6583] bridge0: port 2(bridge_slave_1) entered disabled state
[  154.635628][ T6583] bridge_slave_1: entered allmulticast mode
[  154.643977][ T6583] bridge_slave_1: entered promiscuous mode
[  154.695750][ T6583] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  154.709707][ T6583] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  154.758877][ T6583] team0: Port device team_slave_0 added
[  154.768663][ T6583] team0: Port device team_slave_1 added
[  154.815550][ T6583] batman_adv: batadv0: Adding interface: batadv_slave_0
[  154.822663][ T6583] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  154.850135][ T6583] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  154.863052][ T6583] batman_adv: batadv0: Adding interface: batadv_slave_1
[  154.870048][ T6583] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  154.896124][ T6583] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  154.965650][ T6583] hsr_slave_0: entered promiscuous mode
[  154.973270][ T6583] hsr_slave_1: entered promiscuous mode
[  155.510982][ T6583] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  155.527917][ T6583] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  155.540162][ T6583] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  155.553186][ T6583] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  155.685061][ T6583] 8021q: adding VLAN 0 to HW filter on device bond0
[  155.714957][ T6583] 8021q: adding VLAN 0 to HW filter on device team0
[  155.729113][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  155.736360][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  155.756489][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  155.763762][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  156.073201][ T6583] 8021q: adding VLAN 0 to HW filter on device batadv0
[  156.137095][ T6583] veth0_vlan: entered promiscuous mode
[  156.153882][ T6583] veth1_vlan: entered promiscuous mode
[  156.197658][ T6583] veth0_macvtap: entered promiscuous mode
[  156.205086][ T5185] Bluetooth: hci0: command tx timeout
[  156.218729][ T6583] veth1_macvtap: entered promiscuous mode
[  156.245730][ T6583] batman_adv: batadv0: Interface activated: batadv_slave_0
[  156.267693][ T6583] batman_adv: batadv0: Interface activated: batadv_slave_1
[  156.289242][ T1100] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  156.302174][ T1100] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  156.317875][ T1100] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  156.329528][ T1100] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  156.402549][ T1100] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  156.412175][ T1100] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  156.454960][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  156.462929][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  158.281616][ T5185] Bluetooth: hci0: command tx timeout
[  158.325960][   T59] ==================================================================
[  158.334088][   T59] BUG: KASAN: slab-use-after-free in _raw_spin_lock_bh+0x36/0x50
[  158.341903][   T59] Read of size 1 at addr ffff888031e00958 by task kworker/u8:4/59
[  158.349744][   T59] 
[  158.352116][   T59] CPU: 1 UID: 0 PID: 59 Comm: kworker/u8:4 Not tainted 6.16.0-syzkaller-12063-g37816488247d-dirty #0 PREEMPT(full) 
[  158.352146][   T59] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  158.352161][   T59] Workqueue: kkcmd kcm_tx_work
[  158.352200][   T59] Call Trace:
[  158.352209][   T59]  <TASK>
[  158.352218][   T59]  dump_stack_lvl+0x189/0x250
[  158.352248][   T59]  ? __virt_addr_valid+0x1c8/0x5c0
[  158.352276][   T59]  ? rcu_is_watching+0x15/0xb0
[  158.352298][   T59]  ? __kasan_check_byte+0x12/0x40
[  158.352335][   T59]  ? __pfx_dump_stack_lvl+0x10/0x10
[  158.352360][   T59]  ? rcu_is_watching+0x15/0xb0
[  158.352382][   T59]  ? lock_release+0x4b/0x3e0
[  158.352416][   T59]  ? __virt_addr_valid+0x1c8/0x5c0
[  158.352444][   T59]  ? __virt_addr_valid+0x4a5/0x5c0
[  158.352473][   T59]  print_report+0xca/0x240
[  158.352494][   T59]  ? _raw_spin_lock_bh+0x36/0x50
[  158.352516][   T59]  kasan_report+0x118/0x150
[  158.352548][   T59]  ? _raw_spin_lock_bh+0x36/0x50
[  158.352575][   T59]  ? __lock_sock+0x156/0x2b0
[  158.352594][   T59]  __kasan_check_byte+0x2a/0x40
[  158.352625][   T59]  lock_acquire+0x8d/0x360
[  158.352658][   T59]  ? schedule+0x91/0x360
[  158.352681][   T59]  ? kthread_data+0x4f/0xc0
[  158.352705][   T59]  ? __lock_sock+0x156/0x2b0
[  158.352725][   T59]  _raw_spin_lock_bh+0x36/0x50
[  158.352748][   T59]  ? __lock_sock+0x156/0x2b0
[  158.352768][   T59]  __lock_sock+0x156/0x2b0
[  158.352791][   T59]  ? __pfx___lock_sock+0x10/0x10
[  158.352810][   T59]  ? do_raw_spin_lock+0x121/0x290
[  158.352836][   T59]  ? __pfx_autoremove_wake_function+0x10/0x10
[  158.352864][   T59]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  158.352894][   T59]  ? lock_sock_nested+0x6a/0x100
[  158.352920][   T59]  lock_sock_nested+0x9f/0x100
[  158.352946][   T59]  kcm_tx_work+0x31/0x180
[  158.352968][   T59]  ? process_scheduled_works+0x9ef/0x17b0
[  158.352991][   T59]  process_scheduled_works+0xade/0x17b0
[  158.353036][   T59]  ? __pfx_process_scheduled_works+0x10/0x10
[  158.353068][   T59]  worker_thread+0x8a0/0xda0
[  158.353103][   T59]  kthread+0x70e/0x8a0
[  158.353132][   T59]  ? __pfx_worker_thread+0x10/0x10
[  158.353153][   T59]  ? __pfx_kthread+0x10/0x10
[  158.353190][   T59]  ? _raw_spin_unlock_irq+0x23/0x50
[  158.353213][   T59]  ? lockdep_hardirqs_on+0x9c/0x150
[  158.353238][   T59]  ? __pfx_kthread+0x10/0x10
[  158.353263][   T59]  ret_from_fork+0x3fc/0x770
[  158.353286][   T59]  ? __pfx_ret_from_fork+0x10/0x10
[  158.353311][   T59]  ? __switch_to_asm+0x39/0x70
[  158.353353][   T59]  ? __switch_to_asm+0x33/0x70
[  158.353380][   T59]  ? __pfx_kthread+0x10/0x10
[  158.353405][   T59]  ret_from_fork_asm+0x1a/0x30
[  158.353442][   T59]  </TASK>
[  158.353449][   T59] 
[  158.611331][   T59] Allocated by task 6724:
[  158.615672][   T59]  kasan_save_track+0x3e/0x80
[  158.620388][   T59]  __kasan_slab_alloc+0x6c/0x80
[  158.625264][   T59]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  158.630741][   T59]  sk_prot_alloc+0x57/0x220
[  158.635256][   T59]  sk_alloc+0x3a/0x370
[  158.639434][   T59]  kcm_ioctl+0x214/0xff0
[  158.643694][   T59]  sock_do_ioctl+0xd9/0x300
[  158.648213][   T59]  sock_ioctl+0x576/0x790
[  158.652545][   T59]  __se_sys_ioctl+0xfc/0x170
[  158.657143][   T59]  do_syscall_64+0xfa/0x3b0
[  158.661655][   T59]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.667552][   T59] 
[  158.669901][   T59] Freed by task 6725:
[  158.673884][   T59]  kasan_save_track+0x3e/0x80
[  158.678847][   T59]  kasan_save_free_info+0x46/0x50
[  158.683887][   T59]  __kasan_slab_free+0x5b/0x80
[  158.688658][   T59]  kmem_cache_free+0x18f/0x400
[  158.693429][   T59]  __sk_destruct+0x4d2/0x660
[  158.698123][   T59]  kcm_release+0x528/0x5c0
[  158.702556][   T59]  sock_close+0xc0/0x240
[  158.706805][   T59]  __fput+0x44c/0xa70
[  158.710788][   T59]  fput_close_sync+0x119/0x200
[  158.715559][   T59]  __x64_sys_close+0x7f/0x110
[  158.720248][   T59]  do_syscall_64+0xfa/0x3b0
[  158.724764][   T59]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.730665][   T59] 
[  158.732996][   T59] Last potentially related work creation:
[  158.738707][   T59]  kasan_save_stack+0x3e/0x60
[  158.743391][   T59]  kasan_record_aux_stack+0xbd/0xd0
[  158.748686][   T59]  insert_work+0x3d/0x330
[  158.753029][   T59]  __queue_work+0xcd2/0xfb0
[  158.757539][   T59]  queue_work_on+0x181/0x270
[  158.762226][   T59]  kcm_unattach+0x863/0xe90
[  158.766732][   T59]  kcm_ioctl+0x794/0xff0
[  158.770989][   T59]  sock_do_ioctl+0xd9/0x300
[  158.775589][   T59]  sock_ioctl+0x576/0x790
[  158.779936][   T59]  __se_sys_ioctl+0xfc/0x170
[  158.784555][   T59]  do_syscall_64+0xfa/0x3b0
[  158.789079][   T59]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.794983][   T59] 
[  158.797311][   T59] Second to last potentially related work creation:
[  158.803894][   T59]  kasan_save_stack+0x3e/0x60
[  158.808845][   T59]  kasan_record_aux_stack+0xbd/0xd0
[  158.814046][   T59]  insert_work+0x3d/0x330
[  158.818409][   T59]  __queue_work+0xcd2/0xfb0
[  158.822922][   T59]  queue_work_on+0x181/0x270
[  158.827617][   T59]  kcm_ioctl+0xe52/0xff0
[  158.831882][   T59]  sock_do_ioctl+0xd9/0x300
[  158.836390][   T59]  sock_ioctl+0x576/0x790
[  158.840907][   T59]  __se_sys_ioctl+0xfc/0x170
[  158.845610][   T59]  do_syscall_64+0xfa/0x3b0
[  158.850140][   T59]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.856040][   T59] 
[  158.858365][   T59] The buggy address belongs to the object at ffff888031e00780
[  158.858365][   T59]  which belongs to the cache KCM of size 1792
[  158.872177][   T59] The buggy address is located 472 bytes inside of
[  158.872177][   T59]  freed 1792-byte region [ffff888031e00780, ffff888031e00e80)
[  158.886068][   T59] 
[  158.888405][   T59] The buggy address belongs to the physical page:
[  158.894831][   T59] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x31e00
[  158.903690][   T59] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  158.912192][   T59] memcg:ffff8880291be401
[  158.916431][   T59] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  158.923988][   T59] page_type: f5(slab)
[  158.927975][   T59] raw: 00fff00000000040 ffff88814c5fa780 dead000000000122 0000000000000000
[  158.936559][   T59] raw: 0000000000000000 0000000080110011 00000000f5000000 ffff8880291be401
[  158.945153][   T59] head: 00fff00000000040 ffff88814c5fa780 dead000000000122 0000000000000000
[  158.953832][   T59] head: 0000000000000000 0000000080110011 00000000f5000000 ffff8880291be401
[  158.962507][   T59] head: 00fff00000000003 ffffea0000c78001 00000000ffffffff 00000000ffffffff
[  158.971217][   T59] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  158.979889][   T59] page dumped because: kasan: bad access detected
[  158.986321][   T59] page_owner tracks the page as allocated
[  158.992298][   T59] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6692, tgid 6688 (syz.0.17), ts 157441443200, free_ts 157382453488
[  159.013524][   T59]  post_alloc_hook+0x240/0x2a0
[  159.018319][   T59]  get_page_from_freelist+0x21e4/0x22c0
[  159.023870][   T59]  __alloc_frozen_pages_noprof+0x181/0x370
[  159.029685][   T59]  alloc_pages_mpol+0x232/0x4a0
[  159.034552][   T59]  allocate_slab+0x8a/0x370
[  159.039074][   T59]  ___slab_alloc+0xbeb/0x1410
[  159.043763][   T59]  kmem_cache_alloc_noprof+0x283/0x3c0
[  159.049232][   T59]  sk_prot_alloc+0x57/0x220
[  159.053767][   T59]  sk_alloc+0x3a/0x370
[  159.057870][   T59]  kcm_ioctl+0x214/0xff0
[  159.062165][   T59]  sock_do_ioctl+0xd9/0x300
[  159.066677][   T59]  sock_ioctl+0x576/0x790
[  159.071099][   T59]  __se_sys_ioctl+0xfc/0x170
[  159.075792][   T59]  do_syscall_64+0xfa/0x3b0
[  159.080318][   T59]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.086235][   T59] page last free pid 5235 tgid 5235 stack trace:
[  159.092578][   T59]  __free_frozen_pages+0xbc4/0xd30
[  159.097712][   T59]  __put_partials+0x156/0x1a0
[  159.102422][   T59]  put_cpu_partial+0x17c/0x250
[  159.107277][   T59]  __slab_free+0x2d5/0x3c0
[  159.111705][   T59]  qlist_free_all+0x97/0x140
[  159.116301][   T59]  kasan_quarantine_reduce+0x148/0x160
[  159.121855][   T59]  __kasan_slab_alloc+0x22/0x80
[  159.126736][   T59]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  159.132229][   T59]  getname_flags+0xb8/0x540
[  159.136763][   T59]  vfs_fstatat+0x43/0x170
[  159.141108][   T59]  __x64_sys_newfstatat+0x116/0x190
[  159.146322][   T59]  do_syscall_64+0xfa/0x3b0
[  159.150937][   T59]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.156852][   T59] 
[  159.159199][   T59] Memory state around the buggy address:
[  159.164834][   T59]  ffff888031e00800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  159.172906][   T59]  ffff888031e00880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  159.180972][   T59] >ffff888031e00900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  159.189038][   T59]                                                     ^
[  159.195977][   T59]  ffff888031e00980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  159.204215][   T59]  ffff888031e00a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  159.212296][   T59] ==================================================================
[  159.220477][   T59] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  159.227700][   T59] CPU: 1 UID: 0 PID: 59 Comm: kworker/u8:4 Not tainted 6.16.0-syzkaller-12063-g37816488247d-dirty #0 PREEMPT(full) 
[  159.239899][   T59] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  159.249999][   T59] Workqueue: kkcmd kcm_tx_work
[  159.254803][   T59] Call Trace:
[  159.258116][   T59]  <TASK>
[  159.261054][   T59]  dump_stack_lvl+0x99/0x250
[  159.265678][   T59]  ? __asan_memcpy+0x40/0x70
[  159.270293][   T59]  ? __pfx_dump_stack_lvl+0x10/0x10
[  159.275505][   T59]  ? __pfx__printk+0x10/0x10
[  159.280203][   T59]  vpanic+0x281/0x750
[  159.284195][   T59]  ? __pfx_print_hex_dump+0x10/0x10
[  159.289404][   T59]  ? __pfx_vpanic+0x10/0x10
[  159.294008][   T59]  ? irqentry_exit+0x74/0x90
[  159.298619][   T59]  ? lockdep_hardirqs_on+0x9c/0x150
[  159.303828][   T59]  panic+0xb9/0xc0
[  159.307558][   T59]  ? __pfx_panic+0x10/0x10
[  159.311998][   T59]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  159.317937][   T59]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  159.324287][   T59]  ? _raw_spin_lock_bh+0x36/0x50
[  159.329231][   T59]  check_panic_on_warn+0x89/0xb0
[  159.334204][   T59]  ? _raw_spin_lock_bh+0x36/0x50
[  159.339164][   T59]  end_report+0x78/0x160
[  159.343428][   T59]  kasan_report+0x129/0x150
[  159.348038][   T59]  ? _raw_spin_lock_bh+0x36/0x50
[  159.353075][   T59]  ? __lock_sock+0x156/0x2b0
[  159.357681][   T59]  __kasan_check_byte+0x2a/0x40
[  159.362547][   T59]  lock_acquire+0x8d/0x360
[  159.366982][   T59]  ? schedule+0x91/0x360
[  159.371246][   T59]  ? kthread_data+0x4f/0xc0
[  159.375761][   T59]  ? __lock_sock+0x156/0x2b0
[  159.380366][   T59]  _raw_spin_lock_bh+0x36/0x50
[  159.385138][   T59]  ? __lock_sock+0x156/0x2b0
[  159.389734][   T59]  __lock_sock+0x156/0x2b0
[  159.394156][   T59]  ? __pfx___lock_sock+0x10/0x10
[  159.399099][   T59]  ? do_raw_spin_lock+0x121/0x290
[  159.404220][   T59]  ? __pfx_autoremove_wake_function+0x10/0x10
[  159.410296][   T59]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  159.415681][   T59]  ? lock_sock_nested+0x6a/0x100
[  159.420626][   T59]  lock_sock_nested+0x9f/0x100
[  159.425409][   T59]  kcm_tx_work+0x31/0x180
[  159.429760][   T59]  ? process_scheduled_works+0x9ef/0x17b0
[  159.435488][   T59]  process_scheduled_works+0xade/0x17b0
[  159.441051][   T59]  ? __pfx_process_scheduled_works+0x10/0x10
[  159.447064][   T59]  worker_thread+0x8a0/0xda0
[  159.451690][   T59]  kthread+0x70e/0x8a0
[  159.455788][   T59]  ? __pfx_worker_thread+0x10/0x10
[  159.460912][   T59]  ? __pfx_kthread+0x10/0x10
[  159.465520][   T59]  ? _raw_spin_unlock_irq+0x23/0x50
[  159.470834][   T59]  ? lockdep_hardirqs_on+0x9c/0x150
[  159.476078][   T59]  ? __pfx_kthread+0x10/0x10
[  159.480681][   T59]  ret_from_fork+0x3fc/0x770
[  159.485280][   T59]  ? __pfx_ret_from_fork+0x10/0x10
[  159.490421][   T59]  ? __switch_to_asm+0x39/0x70
[  159.495291][   T59]  ? __switch_to_asm+0x33/0x70
[  159.500068][   T59]  ? __pfx_kthread+0x10/0x10
[  159.504675][   T59]  ret_from_fork_asm+0x1a/0x30
[  159.509469][   T59]  </TASK>
[  159.512803][   T59] Kernel Offset: disabled
[  159.517216][   T59] Rebooting in 86400 seconds..