Warning: Permanently added '10.128.0.153' (ED25519) to the list of known hosts.
2025/08/07 16:18:52 ignoring optional flag "sandboxArg"="0"
2025/08/07 16:18:53 parsed 1 programs
[ 124.540665][ T6321] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 129.251524][ T3451] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 129.259448][ T3451] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 129.297072][ T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 129.304985][ T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 129.566316][ T6375] chnl_net:caif_netlink_parms(): no params data found
[ 129.676969][ T6375] bridge0: port 1(bridge_slave_0) entered blocking state
[ 129.685115][ T6375] bridge0: port 1(bridge_slave_0) entered disabled state
[ 129.692548][ T6375] bridge_slave_0: entered allmulticast mode
[ 129.699534][ T6375] bridge_slave_0: entered promiscuous mode
[ 129.718456][ T6375] bridge0: port 2(bridge_slave_1) entered blocking state
[ 129.725777][ T6375] bridge0: port 2(bridge_slave_1) entered disabled state
[ 129.734506][ T6375] bridge_slave_1: entered allmulticast mode
[ 129.744074][ T6375] bridge_slave_1: entered promiscuous mode
[ 129.780717][ T6375] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 129.799916][ T6375] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 129.833876][ T6375] team0: Port device team_slave_0 added
[ 129.842347][ T6375] team0: Port device team_slave_1 added
[ 129.868201][ T6375] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 129.875240][ T6375] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 129.901861][ T6375] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 129.914616][ T6375] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 129.921689][ T6375] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 129.947665][ T6375] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 129.986261][ T6375] hsr_slave_0: entered promiscuous mode
[ 129.992855][ T6375] hsr_slave_1: entered promiscuous mode
[ 130.617527][ T6375] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 130.634093][ T6375] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 130.647156][ T6375] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 130.659330][ T6375] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 130.765590][ T6375] 8021q: adding VLAN 0 to HW filter on device bond0
[ 130.790307][ T6375] 8021q: adding VLAN 0 to HW filter on device team0
[ 130.807494][ T78] bridge0: port 1(bridge_slave_0) entered blocking state
[ 130.814711][ T78] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 130.833398][ T78] bridge0: port 2(bridge_slave_1) entered blocking state
[ 130.841071][ T78] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 131.105443][ T6375] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 131.160795][ T6375] veth0_vlan: entered promiscuous mode
[ 131.178554][ T6375] veth1_vlan: entered promiscuous mode
[ 131.210995][ T6375] veth0_macvtap: entered promiscuous mode
[ 131.228774][ T6375] veth1_macvtap: entered promiscuous mode
[ 131.256427][ T6375] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 131.271955][ T6375] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 131.293528][ T78] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 131.303885][ T78] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 131.320666][ T78] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 131.341087][ T78] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 131.524422][ T1155] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 131.644168][ T1155] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 131.735313][ T1155] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 131.845452][ T1155] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 132.356899][ T5182] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 132.371362][ T5182] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 132.379721][ T5182] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 132.393334][ T5182] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 132.401068][ T5182] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 132.911986][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 132.918626][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
2025/08/07 16:19:05 executed programs: 0
[ 133.211012][ T5945] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 133.230134][ T5945] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 133.239678][ T5945] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 133.250280][ T5945] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 133.258734][ T5945] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 133.504497][ T6492] chnl_net:caif_netlink_parms(): no params data found
[ 133.625923][ T6492] bridge0: port 1(bridge_slave_0) entered blocking state
[ 133.634938][ T6492] bridge0: port 1(bridge_slave_0) entered disabled state
[ 133.642550][ T6492] bridge_slave_0: entered allmulticast mode
[ 133.650432][ T6492] bridge_slave_0: entered promiscuous mode
[ 133.661913][ T6492] bridge0: port 2(bridge_slave_1) entered blocking state
[ 133.669156][ T6492] bridge0: port 2(bridge_slave_1) entered disabled state
[ 133.677922][ T6492] bridge_slave_1: entered allmulticast mode
[ 133.686198][ T6492] bridge_slave_1: entered promiscuous mode
[ 133.734493][ T6492] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 133.747944][ T6492] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 133.801654][ T6492] team0: Port device team_slave_0 added
[ 133.810426][ T6492] team0: Port device team_slave_1 added
[ 133.852964][ T6492] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 133.859945][ T6492] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 133.887251][ T6492] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 133.900928][ T6492] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 133.908322][ T6492] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 133.936298][ T6492] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 133.998612][ T6492] hsr_slave_0: entered promiscuous mode
[ 134.006279][ T6492] hsr_slave_1: entered promiscuous mode
[ 134.013261][ T6492] debugfs: 'hsr0' already exists in 'hsr'
[ 134.019009][ T6492] Cannot create hsr debugfs directory
[ 134.324312][ T1155] bridge_slave_1: left allmulticast mode
[ 134.330095][ T1155] bridge_slave_1: left promiscuous mode
[ 134.338120][ T1155] bridge0: port 2(bridge_slave_1) entered disabled state
[ 134.354842][ T1155] bridge_slave_0: left allmulticast mode
[ 134.365537][ T1155] bridge_slave_0: left promiscuous mode
[ 134.371359][ T1155] bridge0: port 1(bridge_slave_0) entered disabled state
[ 134.663326][ T1155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 134.673898][ T1155] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 134.684878][ T1155] bond0 (unregistering): Released all slaves
[ 134.795955][ T1155] hsr_slave_0: left promiscuous mode
[ 134.807246][ T1155] hsr_slave_1: left promiscuous mode
[ 134.815848][ T1155] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 134.831525][ T1155] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 134.840539][ T1155] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 134.851511][ T1155] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 134.874961][ T1155] veth1_macvtap: left promiscuous mode
[ 134.880544][ T1155] veth0_macvtap: left promiscuous mode
[ 134.886728][ T1155] veth1_vlan: left promiscuous mode
[ 134.892383][ T1155] veth0_vlan: left promiscuous mode
[ 135.315066][ T5182] Bluetooth: hci0: command tx timeout
[ 135.388223][ T1155] team0 (unregistering): Port device team_slave_1 removed
[ 135.427920][ T1155] team0 (unregistering): Port device team_slave_0 removed
[ 136.059808][ T6492] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 136.077691][ T6492] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 136.098626][ T6492] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 136.113449][ T6492] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 136.383788][ T6492] 8021q: adding VLAN 0 to HW filter on device bond0
[ 136.417152][ T6492] 8021q: adding VLAN 0 to HW filter on device team0
[ 136.443290][ T78] bridge0: port 1(bridge_slave_0) entered blocking state
[ 136.450464][ T78] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 136.475096][ T78] bridge0: port 2(bridge_slave_1) entered blocking state
[ 136.482310][ T78] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 136.849105][ T6492] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 136.918913][ T6492] veth0_vlan: entered promiscuous mode
[ 136.936511][ T6492] veth1_vlan: entered promiscuous mode
[ 136.979154][ T6492] veth0_macvtap: entered promiscuous mode
[ 136.993349][ T6492] veth1_macvtap: entered promiscuous mode
[ 137.016346][ T6492] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 137.040411][ T6492] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 137.058634][ T3451] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 137.067882][ T3451] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 137.083320][ T3451] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 137.098852][ T3451] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 137.175028][ T3451] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 137.196501][ T3451] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 137.238174][ T1155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 137.247131][ T1155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 137.391810][ T5182] Bluetooth: hci0: command tx timeout
2025/08/07 16:19:10 executed programs: 3
[ 138.217513][ T13] ==================================================================
[ 138.225622][ T13] BUG: KASAN: slab-use-after-free in _raw_spin_lock_bh+0x36/0x50
[ 138.233459][ T13] Read of size 1 at addr ffff888045af8958 by task kworker/u8:1/13
[ 138.241269][ T13]
[ 138.243708][ T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.16.0-syzkaller-11106-g1b30d4441727 #0 PREEMPT(full)
[ 138.243728][ T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 138.243738][ T13] Workqueue: kkcmd kcm_tx_work
[ 138.243774][ T13] Call Trace:
[ 138.243782][ T13]
[ 138.243789][ T13] dump_stack_lvl+0x189/0x250
[ 138.243807][ T13] ? __virt_addr_valid+0x1c8/0x5c0
[ 138.243823][ T13] ? rcu_is_watching+0x15/0xb0
[ 138.243835][ T13] ? __kasan_check_byte+0x12/0x40
[ 138.243853][ T13] ? __pfx_dump_stack_lvl+0x10/0x10
[ 138.243867][ T13] ? rcu_is_watching+0x15/0xb0
[ 138.243880][ T13] ? lock_release+0x4b/0x3e0
[ 138.243900][ T13] ? __virt_addr_valid+0x1c8/0x5c0
[ 138.243915][ T13] ? __virt_addr_valid+0x4a5/0x5c0
[ 138.243931][ T13] print_report+0xca/0x240
[ 138.243943][ T13] ? _raw_spin_lock_bh+0x36/0x50
[ 138.243962][ T13] kasan_report+0x118/0x150
[ 138.243980][ T13] ? _raw_spin_lock_bh+0x36/0x50
[ 138.244000][ T13] ? __lock_sock+0x156/0x2b0
[ 138.244016][ T13] __kasan_check_byte+0x2a/0x40
[ 138.244033][ T13] lock_acquire+0x8d/0x360
[ 138.244052][ T13] ? schedule+0x91/0x360
[ 138.244070][ T13] ? kthread_data+0x4f/0xc0
[ 138.244083][ T13] ? __lock_sock+0x156/0x2b0
[ 138.244099][ T13] _raw_spin_lock_bh+0x36/0x50
[ 138.244122][ T13] ? __lock_sock+0x156/0x2b0
[ 138.244138][ T13] __lock_sock+0x156/0x2b0
[ 138.244156][ T13] ? __pfx___lock_sock+0x10/0x10
[ 138.244171][ T13] ? do_raw_spin_lock+0x121/0x290
[ 138.244186][ T13] ? __pfx_autoremove_wake_function+0x10/0x10
[ 138.244202][ T13] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 138.244219][ T13] ? lock_sock_nested+0x6a/0x100
[ 138.244238][ T13] lock_sock_nested+0x9f/0x100
[ 138.244258][ T13] kcm_tx_work+0x31/0x180
[ 138.244275][ T13] ? process_scheduled_works+0x9ef/0x17b0
[ 138.244296][ T13] process_scheduled_works+0xade/0x17b0
[ 138.244325][ T13] ? __pfx_process_scheduled_works+0x10/0x10
[ 138.244350][ T13] worker_thread+0x8a0/0xda0
[ 138.244371][ T13] kthread+0x711/0x8a0
[ 138.244388][ T13] ? __pfx_worker_thread+0x10/0x10
[ 138.244400][ T13] ? __pfx_kthread+0x10/0x10
[ 138.244415][ T13] ? _raw_spin_unlock_irq+0x23/0x50
[ 138.244433][ T13] ? lockdep_hardirqs_on+0x9c/0x150
[ 138.244445][ T13] ? __pfx_kthread+0x10/0x10
[ 138.244460][ T13] ret_from_fork+0x3f9/0x770
[ 138.244474][ T13] ? __pfx_ret_from_fork+0x10/0x10
[ 138.244489][ T13] ? __switch_to_asm+0x39/0x70
[ 138.244505][ T13] ? __switch_to_asm+0x33/0x70
[ 138.244520][ T13] ? __pfx_kthread+0x10/0x10
[ 138.244536][ T13] ret_from_fork_asm+0x1a/0x30
[ 138.244557][ T13]
[ 138.244562][ T13]
[ 138.504252][ T13] Allocated by task 6644:
[ 138.508564][ T13] kasan_save_track+0x3e/0x80
[ 138.513233][ T13] __kasan_slab_alloc+0x6c/0x80
[ 138.518070][ T13] kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 138.523522][ T13] sk_prot_alloc+0x57/0x220
[ 138.528008][ T13] sk_alloc+0x3a/0x370
[ 138.532062][ T13] kcm_ioctl+0x214/0xff0
[ 138.536289][ T13] sock_do_ioctl+0xd9/0x300
[ 138.540820][ T13] sock_ioctl+0x576/0x790
[ 138.545152][ T13] __se_sys_ioctl+0xfc/0x170
[ 138.549732][ T13] do_syscall_64+0xfa/0x3b0
[ 138.554321][ T13] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 138.560213][ T13]
[ 138.562530][ T13] Freed by task 6645:
[ 138.566496][ T13] kasan_save_track+0x3e/0x80
[ 138.571163][ T13] kasan_save_free_info+0x46/0x50
[ 138.576171][ T13] __kasan_slab_free+0x62/0x70
[ 138.580932][ T13] kmem_cache_free+0x18f/0x400
[ 138.585945][ T13] __sk_destruct+0x4d2/0x660
[ 138.590609][ T13] kcm_release+0x528/0x5c0
[ 138.595022][ T13] sock_close+0xc0/0x240
[ 138.599254][ T13] __fput+0x44c/0xa70
[ 138.603226][ T13] fput_close_sync+0x119/0x200
[ 138.607979][ T13] __x64_sys_close+0x7f/0x110
[ 138.612642][ T13] do_syscall_64+0xfa/0x3b0
[ 138.617127][ T13] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 138.623003][ T13]
[ 138.625312][ T13] Last potentially related work creation:
[ 138.631004][ T13] kasan_save_stack+0x3e/0x60
[ 138.635671][ T13] kasan_record_aux_stack+0xbd/0xd0
[ 138.640848][ T13] insert_work+0x3d/0x330
[ 138.645166][ T13] __queue_work+0xcd2/0xfb0
[ 138.649651][ T13] queue_work_on+0x181/0x270
[ 138.654307][ T13] kcm_unattach+0x863/0xe90
[ 138.658808][ T13] kcm_ioctl+0x794/0xff0
[ 138.663053][ T13] sock_do_ioctl+0xd9/0x300
[ 138.667565][ T13] sock_ioctl+0x576/0x790
[ 138.671910][ T13] __se_sys_ioctl+0xfc/0x170
[ 138.676500][ T13] do_syscall_64+0xfa/0x3b0
[ 138.680993][ T13] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 138.686869][ T13]
[ 138.689205][ T13] Second to last potentially related work creation:
[ 138.695794][ T13] kasan_save_stack+0x3e/0x60
[ 138.700459][ T13] kasan_record_aux_stack+0xbd/0xd0
[ 138.705640][ T13] insert_work+0x3d/0x330
[ 138.709975][ T13] __queue_work+0xcd2/0xfb0
[ 138.714468][ T13] queue_work_on+0x181/0x270
[ 138.719041][ T13] kcm_ioctl+0xe52/0xff0
[ 138.723265][ T13] sock_do_ioctl+0xd9/0x300
[ 138.727752][ T13] sock_ioctl+0x576/0x790
[ 138.732069][ T13] __se_sys_ioctl+0xfc/0x170
[ 138.736691][ T13] do_syscall_64+0xfa/0x3b0
[ 138.741194][ T13] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 138.747085][ T13]
[ 138.749403][ T13] The buggy address belongs to the object at ffff888045af8780
[ 138.749403][ T13] which belongs to the cache KCM of size 1792
[ 138.762829][ T13] The buggy address is located 472 bytes inside of
[ 138.762829][ T13] freed 1792-byte region [ffff888045af8780, ffff888045af8e80)
[ 138.776695][ T13]
[ 138.779007][ T13] The buggy address belongs to the physical page:
[ 138.785409][ T13] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x45af8
[ 138.794180][ T13] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 138.802677][ T13] memcg:ffff888028a1d101
[ 138.806905][ T13] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 138.814443][ T13] page_type: f5(slab)
[ 138.818409][ T13] raw: 00fff00000000040 ffff88802ec01b40 dead000000000122 0000000000000000
[ 138.826978][ T13] raw: 0000000000000000 0000000080110011 00000000f5000000 ffff888028a1d101
[ 138.835636][ T13] head: 00fff00000000040 ffff88802ec01b40 dead000000000122 0000000000000000
[ 138.844298][ T13] head: 0000000000000000 0000000080110011 00000000f5000000 ffff888028a1d101
[ 138.852956][ T13] head: 00fff00000000003 ffffea000116be01 00000000ffffffff 00000000ffffffff
[ 138.861617][ T13] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 138.870264][ T13] page dumped because: kasan: bad access detected
[ 138.876671][ T13] page_owner tracks the page as allocated
[ 138.882368][ T13] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6602, tgid 6601 (syz.0.16), ts 137306561746, free_ts 137294904001
[ 138.903623][ T13] post_alloc_hook+0x240/0x2a0
[ 138.908383][ T13] get_page_from_freelist+0x21e4/0x22c0
[ 138.913913][ T13] __alloc_frozen_pages_noprof+0x181/0x370
[ 138.919728][ T13] alloc_pages_mpol+0x232/0x4a0
[ 138.924602][ T13] allocate_slab+0x8a/0x370
[ 138.929205][ T13] ___slab_alloc+0xbeb/0x1410
[ 138.933887][ T13] kmem_cache_alloc_noprof+0x283/0x3c0
[ 138.939435][ T13] sk_prot_alloc+0x57/0x220
[ 138.943927][ T13] sk_alloc+0x3a/0x370
[ 138.948001][ T13] kcm_create+0x100/0x580
[ 138.952329][ T13] __sock_create+0x4b3/0x9f0
[ 138.956910][ T13] __sys_socket+0xd7/0x1b0
[ 138.961316][ T13] __x64_sys_socket+0x7a/0x90
[ 138.966012][ T13] do_syscall_64+0xfa/0x3b0
[ 138.970512][ T13] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 138.976399][ T13] page last free pid 6492 tgid 6492 stack trace:
[ 138.982717][ T13] __free_frozen_pages+0xbc4/0xd30
[ 138.987818][ T13] __put_partials+0x156/0x1a0
[ 138.992480][ T13] put_cpu_partial+0x17c/0x250
[ 138.997222][ T13] __slab_free+0x2d5/0x3c0
[ 139.001635][ T13] qlist_free_all+0x97/0x140
[ 139.006213][ T13] kasan_quarantine_reduce+0x148/0x160
[ 139.011655][ T13] __kasan_slab_alloc+0x22/0x80
[ 139.016489][ T13] kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 139.022015][ T13] vm_area_dup+0x2b/0x680
[ 139.026421][ T13] dup_mmap+0x90c/0x1ac0
[ 139.030757][ T13] copy_mm+0x13c/0x4b0
[ 139.034821][ T13] copy_process+0x1706/0x3c00
[ 139.039480][ T13] kernel_clone+0x21e/0x840
[ 139.043965][ T13] __x64_sys_clone+0x18b/0x1e0
[ 139.048719][ T13] do_syscall_64+0xfa/0x3b0
[ 139.053207][ T13] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 139.059085][ T13]
[ 139.061392][ T13] Memory state around the buggy address:
[ 139.067088][ T13] ffff888045af8800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 139.075217][ T13] ffff888045af8880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 139.083259][ T13] >ffff888045af8900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 139.091304][ T13] ^
[ 139.098218][ T13] ffff888045af8980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 139.106261][ T13] ffff888045af8a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 139.114387][ T13] ==================================================================
[ 139.122589][ T13] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 139.129786][ T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.16.0-syzkaller-11106-g1b30d4441727 #0 PREEMPT(full)
[ 139.141487][ T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 139.151972][ T13] Workqueue: kkcmd kcm_tx_work
[ 139.156769][ T13] Call Trace:
[ 139.160046][ T13]
[ 139.162974][ T13] dump_stack_lvl+0x99/0x250
[ 139.167563][ T13] ? __asan_memcpy+0x40/0x70
[ 139.172152][ T13] ? __pfx_dump_stack_lvl+0x10/0x10
[ 139.177455][ T13] ? __pfx__printk+0x10/0x10
[ 139.182141][ T13] vpanic+0x27a/0x730
[ 139.186139][ T13] ? __pfx_print_hex_dump+0x10/0x10
[ 139.191368][ T13] ? __pfx_vpanic+0x10/0x10
[ 139.195912][ T13] ? irqentry_exit+0x74/0x90
[ 139.200499][ T13] ? lockdep_hardirqs_on+0x9c/0x150
[ 139.205686][ T13] panic+0xb9/0xc0
[ 139.209395][ T13] ? __pfx_panic+0x10/0x10
[ 139.213895][ T13] ? _raw_spin_unlock_irqrestore+0xa8/0x110
[ 139.219822][ T13] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 139.226156][ T13] ? _raw_spin_lock_bh+0x36/0x50
[ 139.231179][ T13] check_panic_on_warn+0x89/0xb0
[ 139.236115][ T13] ? _raw_spin_lock_bh+0x36/0x50
[ 139.241045][ T13] end_report+0x78/0x160
[ 139.245280][ T13] kasan_report+0x129/0x150
[ 139.249772][ T13] ? _raw_spin_lock_bh+0x36/0x50
[ 139.254717][ T13] ? __lock_sock+0x156/0x2b0
[ 139.259311][ T13] __kasan_check_byte+0x2a/0x40
[ 139.264168][ T13] lock_acquire+0x8d/0x360
[ 139.268580][ T13] ? schedule+0x91/0x360
[ 139.272815][ T13] ? kthread_data+0x4f/0xc0
[ 139.277302][ T13] ? __lock_sock+0x156/0x2b0
[ 139.281883][ T13] _raw_spin_lock_bh+0x36/0x50
[ 139.286650][ T13] ? __lock_sock+0x156/0x2b0
[ 139.291249][ T13] __lock_sock+0x156/0x2b0
[ 139.295675][ T13] ? __pfx___lock_sock+0x10/0x10
[ 139.300751][ T13] ? do_raw_spin_lock+0x121/0x290
[ 139.305784][ T13] ? __pfx_autoremove_wake_function+0x10/0x10
[ 139.311855][ T13] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 139.317220][ T13] ? lock_sock_nested+0x6a/0x100
[ 139.322172][ T13] lock_sock_nested+0x9f/0x100
[ 139.326932][ T13] kcm_tx_work+0x31/0x180
[ 139.331255][ T13] ? process_scheduled_works+0x9ef/0x17b0
[ 139.337089][ T13] process_scheduled_works+0xade/0x17b0
[ 139.342721][ T13] ? __pfx_process_scheduled_works+0x10/0x10
[ 139.348787][ T13] worker_thread+0x8a0/0xda0
[ 139.353369][ T13] kthread+0x711/0x8a0
[ 139.357431][ T13] ? __pfx_worker_thread+0x10/0x10
[ 139.362541][ T13] ? __pfx_kthread+0x10/0x10
[ 139.367124][ T13] ? _raw_spin_unlock_irq+0x23/0x50
[ 139.372310][ T13] ? lockdep_hardirqs_on+0x9c/0x150
[ 139.377578][ T13] ? __pfx_kthread+0x10/0x10
[ 139.382154][ T13] ret_from_fork+0x3f9/0x770
[ 139.386734][ T13] ? __pfx_ret_from_fork+0x10/0x10
[ 139.391835][ T13] ? __switch_to_asm+0x39/0x70
[ 139.396599][ T13] ? __switch_to_asm+0x33/0x70
[ 139.401347][ T13] ? __pfx_kthread+0x10/0x10
[ 139.405934][ T13] ret_from_fork_asm+0x1a/0x30
[ 139.410775][ T13]
[ 139.414038][ T13] Kernel Offset: disabled
[ 139.418365][ T13] Rebooting in 86400 seconds..