Warning: Permanently added '10.128.0.147' (ED25519) to the list of known hosts.
2025/07/24 06:44:42 ignoring optional flag "sandboxArg"="0"
2025/07/24 06:44:43 parsed 1 programs
[ 65.331898][ T4188] cgroup: Unknown subsys name 'net'
[ 65.470315][ T4188] cgroup: Unknown subsys name 'rlimit'
[ 66.934653][ T4188] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 69.088521][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 69.100746][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 69.122667][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 69.139784][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 69.147858][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 69.156978][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 70.350577][ T4242] chnl_net:caif_netlink_parms(): no params data found
[ 70.402145][ T4242] bridge0: port 1(bridge_slave_0) entered blocking state
[ 70.411203][ T4242] bridge0: port 1(bridge_slave_0) entered disabled state
[ 70.419673][ T4242] device bridge_slave_0 entered promiscuous mode
[ 70.429236][ T4242] bridge0: port 2(bridge_slave_1) entered blocking state
[ 70.436538][ T4242] bridge0: port 2(bridge_slave_1) entered disabled state
[ 70.445436][ T4242] device bridge_slave_1 entered promiscuous mode
[ 70.486452][ T4242] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 70.507109][ T4242] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 70.618275][ T4242] team0: Port device team_slave_0 added
[ 70.630855][ T4242] team0: Port device team_slave_1 added
[ 70.649623][ T4242] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 70.656657][ T4242] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 70.682858][ T4242] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 70.695930][ T4242] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 70.703029][ T4242] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 70.729702][ T4242] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 70.760816][ T4242] device hsr_slave_0 entered promiscuous mode
[ 70.768153][ T4242] device hsr_slave_1 entered promiscuous mode
[ 70.861317][ T4242] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 70.872785][ T4242] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 70.882103][ T4242] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 70.892048][ T4242] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 70.919486][ T4242] bridge0: port 2(bridge_slave_1) entered blocking state
[ 70.926741][ T4242] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 70.934759][ T4242] bridge0: port 1(bridge_slave_0) entered blocking state
[ 70.941836][ T4242] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 71.006252][ T4242] 8021q: adding VLAN 0 to HW filter on device bond0
[ 71.039764][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 71.049155][ T1264] bridge0: port 1(bridge_slave_0) entered disabled state
[ 71.057791][ T1264] bridge0: port 2(bridge_slave_1) entered disabled state
[ 71.066764][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 71.080054][ T4242] 8021q: adding VLAN 0 to HW filter on device team0
[ 71.092257][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 71.101504][ T1264] bridge0: port 1(bridge_slave_0) entered blocking state
[ 71.108609][ T1264] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 71.120184][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 71.128840][ T1264] bridge0: port 2(bridge_slave_1) entered blocking state
[ 71.135939][ T1264] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 71.174899][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 71.192645][ T4242] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 71.203759][ T4242] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 71.217946][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 71.226618][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 71.235356][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 71.244774][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 71.253056][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 71.265021][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.271492][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[ 71.385905][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 71.394078][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 71.408342][ T4242] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 71.449056][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 71.458078][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 71.498217][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 71.507022][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 71.516046][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 71.524684][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 71.535661][ T4242] device veth0_vlan entered promiscuous mode
[ 71.561511][ T4242] device veth1_vlan entered promiscuous mode
[ 71.579595][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 71.588753][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 71.597379][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 71.606068][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 71.617946][ T4242] device veth0_macvtap entered promiscuous mode
[ 71.641991][ T4242] device veth1_macvtap entered promiscuous mode
[ 71.658811][ T4242] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 71.667202][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 71.676008][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 71.684619][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 71.693212][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 71.706019][ T4242] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 71.714437][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 71.723123][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 71.737443][ T4242] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 71.747633][ T4242] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 71.756652][ T4242] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 71.765948][ T4242] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 71.877805][ T4242] syz-executor (4242) used greatest stack depth: 21024 bytes left
2025/07/24 06:44:53 executed programs: 0
[ 73.200415][ T4293] chnl_net:caif_netlink_parms(): no params data found
[ 73.262024][ T4293] bridge0: port 1(bridge_slave_0) entered blocking state
[ 73.270226][ T4293] bridge0: port 1(bridge_slave_0) entered disabled state
[ 73.278799][ T4293] device bridge_slave_0 entered promiscuous mode
[ 73.287819][ T4293] bridge0: port 2(bridge_slave_1) entered blocking state
[ 73.295058][ T4293] bridge0: port 2(bridge_slave_1) entered disabled state
[ 73.302940][ T4293] device bridge_slave_1 entered promiscuous mode
[ 73.328252][ T4293] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 73.340909][ T4293] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 73.376319][ T4293] team0: Port device team_slave_0 added
[ 73.384900][ T4293] team0: Port device team_slave_1 added
[ 73.411187][ T4293] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 73.420611][ T4293] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 73.449145][ T4293] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 73.466812][ T4293] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 73.473899][ T4293] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 73.501386][ T4293] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 73.547322][ T4293] device hsr_slave_0 entered promiscuous mode
[ 73.555074][ T4293] device hsr_slave_1 entered promiscuous mode
[ 73.561842][ T4293] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 73.571290][ T4293] Cannot create hsr debugfs directory
[ 73.669028][ T4293] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 75.094535][ T4200] Bluetooth: hci0: command 0x0409 tx timeout
[ 76.970793][ T4293] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 77.010217][ T4293] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 77.051686][ T4293] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 77.168069][ T4293] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 77.175133][ T4200] Bluetooth: hci0: command 0x041b tx timeout
[ 77.184973][ T4293] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 77.194622][ T4293] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 77.203684][ T4293] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 77.269747][ T4293] 8021q: adding VLAN 0 to HW filter on device bond0
[ 77.297049][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 77.305890][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 77.316620][ T4293] 8021q: adding VLAN 0 to HW filter on device team0
[ 77.338764][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 77.348010][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 77.357082][ T1264] bridge0: port 1(bridge_slave_0) entered blocking state
[ 77.364208][ T1264] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 77.388712][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 77.399256][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 77.408809][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 77.418589][ T1264] bridge0: port 2(bridge_slave_1) entered blocking state
[ 77.425772][ T1264] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 77.434881][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 77.443687][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 77.452310][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 77.461373][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 77.469956][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 77.479070][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 77.487572][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 77.496012][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 77.504821][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 77.518406][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 77.527332][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 77.539729][ T4293] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 77.666806][ T1161] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 77.674382][ T1161] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 77.689381][ T4293] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 77.718824][ T1161] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 77.727750][ T1161] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 77.757812][ T1161] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 77.767082][ T1161] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 77.776787][ T1161] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 77.785020][ T1161] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 77.794829][ T4293] device veth0_vlan entered promiscuous mode
[ 77.811429][ T154] device hsr_slave_0 left promiscuous mode
[ 77.818295][ T154] device hsr_slave_1 left promiscuous mode
[ 77.825275][ T154] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 77.832706][ T154] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 77.841454][ T154] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 77.849153][ T154] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 77.857406][ T154] device bridge_slave_1 left promiscuous mode
[ 77.864488][ T154] bridge0: port 2(bridge_slave_1) entered disabled state
[ 77.879043][ T154] device bridge_slave_0 left promiscuous mode
[ 77.885331][ T154] bridge0: port 1(bridge_slave_0) entered disabled state
[ 77.905149][ T154] device veth1_macvtap left promiscuous mode
[ 77.911392][ T154] device veth0_macvtap left promiscuous mode
[ 77.917634][ T154] device veth1_vlan left promiscuous mode
[ 77.924337][ T154] device veth0_vlan left promiscuous mode
[ 78.086179][ T154] team0 (unregistering): Port device team_slave_1 removed
[ 78.099117][ T154] team0 (unregistering): Port device team_slave_0 removed
[ 78.111691][ T154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 78.128080][ T154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 78.182488][ T154] bond0 (unregistering): Released all slaves
[ 78.229467][ T4293] device veth1_vlan entered promiscuous mode
[ 78.251999][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 78.260123][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 78.268673][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 78.278063][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 78.289313][ T4293] device veth0_macvtap entered promiscuous mode
[ 78.305358][ T4293] device veth1_macvtap entered promiscuous mode
[ 78.321046][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 78.329758][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 78.342270][ T4293] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 78.350775][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 78.360005][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 78.371251][ T4293] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 78.379118][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 78.390704][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 78.403127][ T4293] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 78.412630][ T4293] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 78.421898][ T4293] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 78.430694][ T4293] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 78.495161][ T1161] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 78.509400][ T1161] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/07/24 06:44:59 executed programs: 2
[ 78.537507][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 78.551367][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 78.559666][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 78.571260][ T1161] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 79.264262][ T4261] Bluetooth: hci0: command 0x040f tx timeout
[ 81.333413][ T4261] Bluetooth: hci0: command 0x0419 tx timeout
[ 81.495923][ T1325] cfg80211: failed to load regulatory.db
2025/07/24 06:45:04 executed programs: 8
[ 84.636148][ T154] ==================================================================
[ 84.644424][ T154] BUG: KASAN: use-after-free in __lock_acquire+0xf7/0x7c60
[ 84.651728][ T154] Read of size 8 at addr ffff8880757541e0 by task kworker/u4:2/154
[ 84.659615][ T154]
[ 84.661952][ T154] CPU: 0 PID: 154 Comm: kworker/u4:2 Not tainted 5.15.189-syzkaller #0
[ 84.670306][ T154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 84.680367][ T154] Workqueue: kkcmd kcm_tx_work
[ 84.685155][ T154] Call Trace:
[ 84.688434][ T154]
[ 84.691367][ T154] dump_stack_lvl+0x168/0x230
[ 84.696053][ T154] ? show_regs_print_info+0x20/0x20
[ 84.701260][ T154] ? load_image+0x3b0/0x3b0
[ 84.705764][ T154] ? _raw_spin_lock_irqsave+0xb0/0xf0
[ 84.711140][ T154] print_address_description+0x60/0x2d0
[ 84.716699][ T154] ? __lock_acquire+0xf7/0x7c60
[ 84.721713][ T154] kasan_report+0xdf/0x130
[ 84.726141][ T154] ? __lock_acquire+0xf7/0x7c60
[ 84.731000][ T154] __lock_acquire+0xf7/0x7c60
[ 84.735690][ T154] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 84.741679][ T154] ? lock_chain_count+0x20/0x20
[ 84.746548][ T154] ? finish_lock_switch+0x12f/0x280
[ 84.751838][ T154] ? lockdep_hardirqs_on+0x94/0x140
[ 84.757049][ T154] ? finish_lock_switch+0x12f/0x280
[ 84.762243][ T154] ? verify_lock_unused+0x140/0x140
[ 84.767564][ T154] ? finish_task_switch+0x12f/0x640
[ 84.772768][ T154] ? __switch_to_asm+0x34/0x60
[ 84.777552][ T154] ? __schedule+0x11c0/0x43b0
[ 84.782240][ T154] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 84.788230][ T154] lock_acquire+0x197/0x3f0
[ 84.792741][ T154] ? __lock_sock+0x152/0x2a0
[ 84.797344][ T154] ? lockdep_hardirqs_on_prepare+0x760/0x760
[ 84.803338][ T154] ? __local_bh_disable_ip+0xfb/0x190
[ 84.808719][ T154] ? read_lock_is_recursive+0x10/0x10
[ 84.814101][ T154] ? __local_bh_enable_ip+0x12a/0x1b0
[ 84.819505][ T154] ? kthread_data+0x4b/0xc0
[ 84.824030][ T154] ? kthread_data+0x4b/0xc0
[ 84.828535][ T154] ? __lock_sock+0x152/0x2a0
[ 84.833147][ T154] _raw_spin_lock_bh+0x32/0x50
[ 84.837929][ T154] ? __lock_sock+0x152/0x2a0
[ 84.842521][ T154] __lock_sock+0x152/0x2a0
[ 84.846961][ T154] ? sk_page_frag_refill+0x200/0x200
[ 84.852244][ T154] ? do_raw_spin_lock+0x11d/0x280
[ 84.857297][ T154] ? init_wait_entry+0xd0/0xd0
[ 84.862061][ T154] ? __rwlock_init+0x140/0x140
[ 84.866827][ T154] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 84.872840][ T154] ? lock_sock_nested+0x68/0x100
[ 84.877779][ T154] lock_sock_nested+0x9d/0x100
[ 84.882543][ T154] kcm_tx_work+0x2d/0x180
[ 84.886881][ T154] process_one_work+0x863/0x1000
[ 84.891827][ T154] ? worker_detach_from_pool+0x240/0x240
[ 84.897458][ T154] ? lockdep_hardirqs_off+0x70/0x100
[ 84.902743][ T154] ? _raw_spin_lock_irq+0xab/0xe0
[ 84.907778][ T154] ? _raw_spin_lock_irqsave+0xf0/0xf0
[ 84.913160][ T154] ? wq_worker_running+0x97/0x170
[ 84.918186][ T154] worker_thread+0xaa8/0x12a0
[ 84.922882][ T154] kthread+0x436/0x520
[ 84.926957][ T154] ? rcu_lock_release+0x20/0x20
[ 84.931814][ T154] ? kthread_blkcg+0xd0/0xd0
[ 84.936412][ T154] ret_from_fork+0x1f/0x30
[ 84.940860][ T154]
[ 84.944231][ T154]
[ 84.946552][ T154] Allocated by task 4343:
[ 84.950868][ T154] __kasan_slab_alloc+0x9c/0xd0
[ 84.955719][ T154] slab_post_alloc_hook+0x4c/0x380
[ 84.960826][ T154] kmem_cache_alloc+0x100/0x290
[ 84.965677][ T154] sk_prot_alloc+0x57/0x210
[ 84.970209][ T154] sk_alloc+0x2f/0x310
[ 84.974301][ T154] kcm_ioctl+0x211/0xff0
[ 84.978541][ T154] sock_do_ioctl+0xd3/0x2f0
[ 84.983048][ T154] sock_ioctl+0x4ed/0x6e0
[ 84.987381][ T154] __se_sys_ioctl+0xfa/0x170
[ 84.991976][ T154] do_syscall_64+0x4c/0xa0
[ 84.996398][ T154] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 85.002297][ T154]
[ 85.004623][ T154] Freed by task 4344:
[ 85.008626][ T154] kasan_set_track+0x4b/0x70
[ 85.013217][ T154] kasan_set_free_info+0x1f/0x40
[ 85.018245][ T154] ____kasan_slab_free+0xd5/0x110
[ 85.023273][ T154] slab_free_freelist_hook+0xea/0x170
[ 85.028654][ T154] kmem_cache_free+0x8f/0x210
[ 85.033331][ T154] __sk_destruct+0x54b/0x820
[ 85.037940][ T154] kcm_release+0x51a/0x5b0
[ 85.042368][ T154] sock_close+0xd5/0x240
[ 85.046651][ T154] __fput+0x234/0x930
[ 85.050633][ T154] task_work_run+0x125/0x1a0
[ 85.055223][ T154] exit_to_user_mode_loop+0x10f/0x130
[ 85.060597][ T154] exit_to_user_mode_prepare+0xb1/0x140
[ 85.066142][ T154] syscall_exit_to_user_mode+0x16/0x40
[ 85.071714][ T154] do_syscall_64+0x58/0xa0
[ 85.076130][ T154] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 85.082029][ T154]
[ 85.084351][ T154] Last potentially related work creation:
[ 85.090054][ T154] kasan_save_stack+0x35/0x60
[ 85.094765][ T154] kasan_record_aux_stack+0xb8/0x100
[ 85.100050][ T154] insert_work+0x54/0x3d0
[ 85.104379][ T154] __queue_work+0x9c5/0xd50
[ 85.108876][ T154] queue_work_on+0x11d/0x1d0
[ 85.113463][ T154] kcm_unattach+0x85e/0xe80
[ 85.117962][ T154] kcm_ioctl+0x78d/0xff0
[ 85.122285][ T154] sock_do_ioctl+0xd3/0x2f0
[ 85.126800][ T154] sock_ioctl+0x4ed/0x6e0
[ 85.131129][ T154] __se_sys_ioctl+0xfa/0x170
[ 85.135722][ T154] do_syscall_64+0x4c/0xa0
[ 85.140146][ T154] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 85.146042][ T154]
[ 85.148536][ T154] Second to last potentially related work creation:
[ 85.155126][ T154] kasan_save_stack+0x35/0x60
[ 85.159803][ T154] kasan_record_aux_stack+0xb8/0x100
[ 85.165189][ T154] insert_work+0x54/0x3d0
[ 85.169520][ T154] __queue_work+0x9c5/0xd50
[ 85.174023][ T154] queue_work_on+0x11d/0x1d0
[ 85.178660][ T154] kcm_ioctl+0xe4b/0xff0
[ 85.182901][ T154] sock_do_ioctl+0xd3/0x2f0
[ 85.187404][ T154] sock_ioctl+0x4ed/0x6e0
[ 85.191738][ T154] __se_sys_ioctl+0xfa/0x170
[ 85.196349][ T154] do_syscall_64+0x4c/0xa0
[ 85.200773][ T154] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 85.206695][ T154]
[ 85.209015][ T154] The buggy address belongs to the object at ffff888075754140
[ 85.209015][ T154] which belongs to the cache KCM of size 1728
[ 85.222453][ T154] The buggy address is located 160 bytes inside of
[ 85.222453][ T154] 1728-byte region [ffff888075754140, ffff888075754800)
[ 85.235987][ T154] The buggy address belongs to the page:
[ 85.241616][ T154] page:ffffea0001d5d400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75750
[ 85.251764][ T154] head:ffffea0001d5d400 order:3 compound_mapcount:0 compound_pincount:0
[ 85.260099][ T154] memcg:ffff888025316201
[ 85.264332][ T154] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 85.272315][ T154] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff88802a0d4780
[ 85.280895][ T154] raw: 0000000000000000 0000000080110011 00000001ffffffff ffff888025316201
[ 85.289739][ T154] page dumped because: kasan: bad access detected
[ 85.296165][ T154] page_owner tracks the page as allocated
[ 85.301879][ T154] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 4313, ts 78617223154, free_ts 78605532091
[ 85.322459][ T154] get_page_from_freelist+0x1b77/0x1c60
[ 85.328036][ T154] __alloc_pages+0x1e1/0x470
[ 85.332645][ T154] new_slab+0xc0/0x4b0
[ 85.336714][ T154] ___slab_alloc+0x81e/0xdf0
[ 85.341304][ T154] kmem_cache_alloc+0x195/0x290
[ 85.346153][ T154] sk_prot_alloc+0x57/0x210
[ 85.350659][ T154] sk_alloc+0x2f/0x310
[ 85.354735][ T154] kcm_create+0xfc/0x570
[ 85.358975][ T154] __sock_create+0x47b/0x900
[ 85.363561][ T154] __sys_socket+0xe2/0x170
[ 85.367972][ T154] __x64_sys_socket+0x76/0x80
[ 85.372644][ T154] do_syscall_64+0x4c/0xa0
[ 85.377060][ T154] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 85.382954][ T154] page last free stack trace:
[ 85.387621][ T154] free_unref_page_prepare+0x637/0x6c0
[ 85.393083][ T154] free_unref_page+0x94/0x280
[ 85.397789][ T154] __unfreeze_partials+0x1a5/0x200
[ 85.402901][ T154] put_cpu_partial+0x12d/0x190
[ 85.407659][ T154] qlist_free_all+0x35/0x90
[ 85.412158][ T154] kasan_quarantine_reduce+0x150/0x160
[ 85.417704][ T154] __kasan_slab_alloc+0x2f/0xd0
[ 85.422572][ T154] slab_post_alloc_hook+0x4c/0x380
[ 85.427697][ T154] kmem_cache_alloc+0x100/0x290
[ 85.432557][ T154] getname_flags+0xb5/0x500
[ 85.437068][ T154] do_sys_openat2+0xcf/0x4a0
[ 85.441663][ T154] __x64_sys_openat+0x135/0x160
[ 85.446518][ T154] do_syscall_64+0x4c/0xa0
[ 85.451049][ T154] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 85.456994][ T154]
[ 85.459336][ T154] Memory state around the buggy address:
[ 85.464960][ T154] ffff888075754080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 85.473020][ T154] ffff888075754100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 85.481081][ T154] >ffff888075754180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 85.489136][ T154] ^
[ 85.496332][ T154] ffff888075754200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 85.504389][ T154] ffff888075754280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 85.512467][ T154] ==================================================================
[ 85.520524][ T154] Disabling lock debugging due to kernel taint
[ 85.526728][ T154] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 85.533928][ T154] CPU: 0 PID: 154 Comm: kworker/u4:2 Tainted: G B 5.15.189-syzkaller #0
[ 85.543644][ T154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 85.553700][ T154] Workqueue: kkcmd kcm_tx_work
[ 85.558474][ T154] Call Trace:
[ 85.561753][ T154]
[ 85.564686][ T154] dump_stack_lvl+0x168/0x230
[ 85.569368][ T154] ? show_regs_print_info+0x20/0x20
[ 85.574570][ T154] ? load_image+0x3b0/0x3b0
[ 85.579080][ T154] panic+0x2c9/0x7f0
[ 85.582979][ T154] ? bpf_jit_dump+0xd0/0xd0
[ 85.587491][ T154] ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 85.593388][ T154] ? _raw_spin_unlock+0x40/0x40
[ 85.598246][ T154] ? __lock_acquire+0xf7/0x7c60
[ 85.603102][ T154] check_panic_on_warn+0x80/0xa0
[ 85.608043][ T154] ? __lock_acquire+0xf7/0x7c60
[ 85.612898][ T154] end_report+0x6d/0xf0
[ 85.617057][ T154] kasan_report+0x102/0x130
[ 85.621581][ T154] ? __lock_acquire+0xf7/0x7c60
[ 85.626442][ T154] __lock_acquire+0xf7/0x7c60
[ 85.631124][ T154] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 85.637109][ T154] ? lock_chain_count+0x20/0x20
[ 85.641966][ T154] ? finish_lock_switch+0x12f/0x280
[ 85.647165][ T154] ? lockdep_hardirqs_on+0x94/0x140
[ 85.652364][ T154] ? finish_lock_switch+0x12f/0x280
[ 85.657563][ T154] ? verify_lock_unused+0x140/0x140
[ 85.662764][ T154] ? finish_task_switch+0x12f/0x640
[ 85.667972][ T154] ? __switch_to_asm+0x34/0x60
[ 85.672740][ T154] ? __schedule+0x11c0/0x43b0
[ 85.677557][ T154] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 85.683567][ T154] lock_acquire+0x197/0x3f0
[ 85.688096][ T154] ? __lock_sock+0x152/0x2a0
[ 85.692692][ T154] ? lockdep_hardirqs_on_prepare+0x760/0x760
[ 85.698680][ T154] ? __local_bh_disable_ip+0xfb/0x190
[ 85.704055][ T154] ? read_lock_is_recursive+0x10/0x10
[ 85.709430][ T154] ? __local_bh_enable_ip+0x12a/0x1b0
[ 85.714886][ T154] ? kthread_data+0x4b/0xc0
[ 85.719393][ T154] ? kthread_data+0x4b/0xc0
[ 85.723894][ T154] ? __lock_sock+0x152/0x2a0
[ 85.728482][ T154] _raw_spin_lock_bh+0x32/0x50
[ 85.733246][ T154] ? __lock_sock+0x152/0x2a0
[ 85.737930][ T154] __lock_sock+0x152/0x2a0
[ 85.742354][ T154] ? sk_page_frag_refill+0x200/0x200
[ 85.747641][ T154] ? do_raw_spin_lock+0x11d/0x280
[ 85.752666][ T154] ? init_wait_entry+0xd0/0xd0
[ 85.757435][ T154] ? __rwlock_init+0x140/0x140
[ 85.762201][ T154] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 85.768187][ T154] ? lock_sock_nested+0x68/0x100
[ 85.773131][ T154] lock_sock_nested+0x9d/0x100
[ 85.777899][ T154] kcm_tx_work+0x2d/0x180
[ 85.782238][ T154] process_one_work+0x863/0x1000
[ 85.787184][ T154] ? worker_detach_from_pool+0x240/0x240
[ 85.792820][ T154] ? lockdep_hardirqs_off+0x70/0x100
[ 85.798136][ T154] ? _raw_spin_lock_irq+0xab/0xe0
[ 85.803257][ T154] ? _raw_spin_lock_irqsave+0xf0/0xf0
[ 85.808652][ T154] ? wq_worker_running+0x97/0x170
[ 85.813777][ T154] worker_thread+0xaa8/0x12a0
[ 85.818471][ T154] kthread+0x436/0x520
[ 85.822541][ T154] ? rcu_lock_release+0x20/0x20
[ 85.827392][ T154] ? kthread_blkcg+0xd0/0xd0
[ 85.832022][ T154] ret_from_fork+0x1f/0x30
[ 85.836449][ T154]
[ 85.839739][ T154] Kernel Offset: disabled
[ 85.844083][ T154] Rebooting in 86400 seconds..