Warning: Permanently added '10.128.0.162' (ED25519) to the list of known hosts.
2025/08/02 11:44:06 ignoring optional flag "sandboxArg"="0"
2025/08/02 11:44:07 parsed 1 programs
[   83.958280][ T4270] cgroup: Unknown subsys name 'net'
[   84.074762][ T4270] cgroup: Unknown subsys name 'rlimit'
[   85.663976][ T4270] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   86.880019][   T26] cfg80211: failed to load regulatory.db
[   89.041690][ T4328] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   89.059083][ T4328] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   89.066924][ T4328] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   89.075252][ T4328] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   89.083625][ T4328] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   89.091101][ T4328] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   89.951345][ T4343] chnl_net:caif_netlink_parms(): no params data found
[   90.027021][ T4343] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.035160][ T4343] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.043383][ T4343] device bridge_slave_0 entered promiscuous mode
[   90.064982][ T4343] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.072369][ T4343] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.080406][ T4343] device bridge_slave_1 entered promiscuous mode
[   90.107883][ T4343] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.139239][ T4343] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.164578][ T4343] team0: Port device team_slave_0 added
[   90.183277][ T4343] team0: Port device team_slave_1 added
[   90.202593][ T4343] batman_adv: batadv0: Adding interface: batadv_slave_0
[   90.209924][ T4343] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.236404][ T4343] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   90.259444][ T4343] batman_adv: batadv0: Adding interface: batadv_slave_1
[   90.266439][ T4343] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.293593][ T4343] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   90.336744][ T4343] device hsr_slave_0 entered promiscuous mode
[   90.344983][ T4343] device hsr_slave_1 entered promiscuous mode
[   90.503962][ T4343] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   90.514201][ T4343] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   90.524625][ T4343] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   90.538475][ T4343] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   90.581199][ T4343] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.588552][ T4343] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.596809][ T4343] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.604210][ T4343] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.653924][ T4343] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.670870][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   90.681722][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.690804][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.700233][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   90.717582][ T4343] 8021q: adding VLAN 0 to HW filter on device team0
[   90.731386][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   90.741128][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.748321][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.763148][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   90.772194][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.779397][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.799687][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   90.814087][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   90.827584][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   90.839909][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   90.852847][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   90.863781][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   91.057549][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   91.065296][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   91.080732][ T4343] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.110417][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   91.119376][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   91.136598][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   91.146311][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   91.158566][ T4343] device veth0_vlan entered promiscuous mode
[   91.171022][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   91.179959][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   91.190324][ T4343] device veth1_vlan entered promiscuous mode
[   91.213588][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   91.222310][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   91.231565][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   91.240636][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   91.251546][ T4343] device veth0_macvtap entered promiscuous mode
[   91.262055][ T4343] device veth1_macvtap entered promiscuous mode
[   91.279900][ T4343] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.294050][ T4343] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.303248][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   91.312388][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   91.321396][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   91.330251][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   91.339362][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   91.348158][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   91.358441][ T4343] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.367562][ T4343] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.377311][ T4343] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.386185][ T4343] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.518693][    T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.592333][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.607731][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.621588][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   91.633178][   T75] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.641667][   T75] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.650697][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2025/08/02 11:44:17 executed programs: 0
[   92.170239][   T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   92.178848][   T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   92.186728][   T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   92.195535][   T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   92.203395][   T48] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   92.211365][   T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   92.356489][ T4370] chnl_net:caif_netlink_parms(): no params data found
[   92.409127][ T4370] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.416325][ T4370] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.424514][ T4370] device bridge_slave_0 entered promiscuous mode
[   92.432801][ T4370] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.440309][ T4370] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.448419][ T4370] device bridge_slave_1 entered promiscuous mode
[   92.472493][ T4370] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   92.484774][ T4370] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   92.513427][ T4370] team0: Port device team_slave_0 added
[   92.520984][ T4370] team0: Port device team_slave_1 added
[   92.542542][ T4370] batman_adv: batadv0: Adding interface: batadv_slave_0
[   92.549758][ T4370] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.576237][ T4370] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   92.589820][ T4370] batman_adv: batadv0: Adding interface: batadv_slave_1
[   92.596967][ T4370] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.623417][ T4370] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   92.661658][ T4370] device hsr_slave_0 entered promiscuous mode
[   92.670267][ T4370] device hsr_slave_1 entered promiscuous mode
[   92.677256][ T4370] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   92.685365][ T4370] Cannot create hsr debugfs directory
[   93.920206][    T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.238796][   T48] Bluetooth: hci0: command 0x0409 tx timeout
[   96.079063][    T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.150818][    T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.328411][ T4328] Bluetooth: hci0: command 0x041b tx timeout
[   97.034607][ T4370] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   97.044834][ T4370] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   97.062226][    T9] device hsr_slave_0 left promiscuous mode
[   97.069414][    T9] device hsr_slave_1 left promiscuous mode
[   97.076139][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   97.084276][    T9] batman_adv: batadv0: Removing interface: batadv_slave_0
[   97.093237][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   97.101325][    T9] batman_adv: batadv0: Removing interface: batadv_slave_1
[   97.109486][    T9] device bridge_slave_1 left promiscuous mode
[   97.116553][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.130503][    T9] device bridge_slave_0 left promiscuous mode
[   97.137418][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.163589][    T9] device veth1_macvtap left promiscuous mode
[   97.170211][    T9] device veth0_macvtap left promiscuous mode
[   97.176393][    T9] device veth1_vlan left promiscuous mode
[   97.183378][    T9] device veth0_vlan left promiscuous mode
[   97.579131][    T9] team0 (unregistering): Port device team_slave_1 removed
[   97.611651][    T9] team0 (unregistering): Port device team_slave_0 removed
[   97.641166][    T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   97.675905][    T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   97.956884][    T9] bond0 (unregistering): Released all slaves
[   98.017313][ T4370] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   98.026919][ T4370] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   98.114956][ T4370] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.128754][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   98.137778][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   98.149476][ T4370] 8021q: adding VLAN 0 to HW filter on device team0
[   98.170407][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   98.180169][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   98.191994][   T41] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.199261][   T41] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.218699][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   98.226798][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   98.235871][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   98.246589][   T41] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.253800][   T41] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.262173][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   98.271364][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   98.282806][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   98.294747][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   98.304296][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   98.316195][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   98.332855][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   98.349210][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   98.357946][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   98.367225][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   98.376329][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   98.390412][ T4370] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   98.398881][ T4328] Bluetooth: hci0: command 0x040f tx timeout
[   98.604412][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   98.612837][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   98.625736][ T4370] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.650867][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   98.660369][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   98.684413][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   98.693107][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   98.702489][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   98.710731][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   98.725950][ T4370] device veth0_vlan entered promiscuous mode
[   98.736922][ T4370] device veth1_vlan entered promiscuous mode
[   98.757225][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   98.767331][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   98.775963][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   98.784668][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   98.800170][ T4370] device veth0_macvtap entered promiscuous mode
[   98.809747][ T4370] device veth1_macvtap entered promiscuous mode
[   98.826542][ T4370] batman_adv: batadv0: Interface activated: batadv_slave_0
[   98.834236][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   98.842995][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   98.851523][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   98.860367][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   98.882401][ T4370] batman_adv: batadv0: Interface activated: batadv_slave_1
[   98.890137][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   98.899969][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   98.917077][ T4370] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   98.925941][ T4370] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   98.935067][ T4370] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   98.944090][ T4370] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.004918][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.014454][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.030538][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
2025/08/02 11:44:24 executed programs: 2
[   99.076387][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.085061][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.094719][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  100.478279][   T48] Bluetooth: hci0: command 0x0419 tx timeout
2025/08/02 11:44:30 executed programs: 8
2025/08/02 11:44:35 executed programs: 14
2025/08/02 11:44:40 executed programs: 20
2025/08/02 11:44:45 executed programs: 26
2025/08/02 11:44:50 executed programs: 32
2025/08/02 11:44:55 executed programs: 38
[  132.960312][ T1273] ieee802154 phy0 wpan0: encryption failed: -22
[  132.967011][ T1273] ieee802154 phy1 wpan1: encryption failed: -22
2025/08/02 11:45:00 executed programs: 44
2025/08/02 11:45:05 executed programs: 50
2025/08/02 11:45:11 executed programs: 56
2025/08/02 11:45:16 executed programs: 62
2025/08/02 11:45:21 executed programs: 68
2025/08/02 11:45:26 executed programs: 74
2025/08/02 11:45:31 executed programs: 80
[  168.417843][   T46] ==================================================================
[  168.426013][   T46] BUG: KASAN: use-after-free in __lock_acquire+0xf7/0x7c50
[  168.433286][   T46] Read of size 8 at addr ffff88807870df70 by task kworker/u4:3/46
[  168.441131][   T46] 
[  168.443495][   T46] CPU: 1 PID: 46 Comm: kworker/u4:3 Not tainted 6.1.147-syzkaller #0
[  168.451585][   T46] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  168.461886][   T46] Workqueue: kkcmd kcm_tx_work
[  168.466695][   T46] Call Trace:
[  168.469986][   T46]  <TASK>
[  168.473011][   T46]  dump_stack_lvl+0x168/0x22e
[  168.477737][   T46]  ? __lock_acquire+0x7c50/0x7c50
[  168.482899][   T46]  ? show_regs_print_info+0x12/0x12
[  168.488152][   T46]  ? load_image+0x3b0/0x3b0
[  168.492700][   T46]  ? _raw_spin_lock_irqsave+0xb0/0xf0
[  168.498107][   T46]  ? __virt_addr_valid+0x188/0x540
[  168.503241][   T46]  ? __virt_addr_valid+0x465/0x540
[  168.508474][   T46]  ? __lock_acquire+0xf7/0x7c50
[  168.513393][   T46]  print_report+0xa8/0x200
[  168.517860][   T46]  kasan_report+0x10b/0x140
[  168.522419][   T46]  ? __lock_acquire+0xf7/0x7c50
[  168.527413][   T46]  __lock_acquire+0xf7/0x7c50
[  168.532111][   T46]  ? mark_lock+0x94/0x320
[  168.536642][   T46]  ? __lock_acquire+0x13c0/0x7c50
[  168.541702][   T46]  ? verify_lock_unused+0x140/0x140
[  168.547015][   T46]  ? __lock_acquire+0x13c0/0x7c50
[  168.552059][   T46]  ? verify_lock_unused+0x140/0x140
[  168.558043][   T46]  lock_acquire+0x1b4/0x490
[  168.562628][   T46]  ? kcm_tx_work+0x2d/0x180
[  168.567183][   T46]  ? read_lock_is_recursive+0x10/0x10
[  168.572757][   T46]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  168.578778][   T46]  ? process_one_work+0x7a1/0x1160
[  168.583915][   T46]  lock_sock_nested+0x44/0x100
[  168.588717][   T46]  ? kcm_tx_work+0x2d/0x180
[  168.593322][   T46]  ? process_one_work+0x7a1/0x1160
[  168.598722][   T46]  kcm_tx_work+0x2d/0x180
[  168.603128][   T46]  ? process_one_work+0x7a1/0x1160
[  168.608288][   T46]  process_one_work+0x898/0x1160
[  168.613276][   T46]  ? worker_detach_from_pool+0x240/0x240
[  168.618945][   T46]  ? _raw_spin_lock_irq+0xab/0xe0
[  168.624021][   T46]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  168.629532][   T46]  ? kthread_data+0x4b/0xc0
[  168.634065][   T46]  worker_thread+0xaa2/0x1250
[  168.638863][   T46]  ? __kthread_parkme+0x162/0x1c0
[  168.643913][   T46]  kthread+0x29d/0x330
[  168.648011][   T46]  ? worker_clr_flags+0x1a0/0x1a0
[  168.653140][   T46]  ? kthread_blkcg+0xd0/0xd0
[  168.657781][   T46]  ret_from_fork+0x1f/0x30
[  168.662227][   T46]  </TASK>
[  168.665256][   T46] 
[  168.667584][   T46] Allocated by task 4749:
[  168.671934][   T46]  kasan_set_track+0x4b/0x70
[  168.676546][   T46]  __kasan_slab_alloc+0x6b/0x80
[  168.681423][   T46]  slab_post_alloc_hook+0x4b/0x480
[  168.686554][   T46]  kmem_cache_alloc+0x123/0x2f0
[  168.691418][   T46]  sk_prot_alloc+0x57/0x210
[  168.695972][   T46]  sk_alloc+0x36/0x340
[  168.700061][   T46]  kcm_ioctl+0x211/0xff0
[  168.704322][   T46]  sock_do_ioctl+0xd3/0x2f0
[  168.708839][   T46]  sock_ioctl+0x4ed/0x6e0
[  168.713187][   T46]  __se_sys_ioctl+0xfa/0x170
[  168.717793][   T46]  do_syscall_64+0x4c/0xa0
[  168.722226][   T46]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  168.728173][   T46] 
[  168.730500][   T46] Freed by task 4750:
[  168.734485][   T46]  kasan_set_track+0x4b/0x70
[  168.739098][   T46]  kasan_save_free_info+0x2d/0x50
[  168.744165][   T46]  ____kasan_slab_free+0x126/0x1e0
[  168.749293][   T46]  slab_free_freelist_hook+0x131/0x1a0
[  168.754770][   T46]  kmem_cache_free+0xf7/0x290
[  168.759462][   T46]  __sk_destruct+0x48d/0x630
[  168.764091][   T46]  kcm_release+0x520/0x5b0
[  168.768616][   T46]  sock_close+0xd5/0x240
[  168.772909][   T46]  __fput+0x22c/0x920
[  168.776949][   T46]  task_work_run+0x1ca/0x250
[  168.781603][   T46]  exit_to_user_mode_loop+0xe6/0x110
[  168.786922][   T46]  exit_to_user_mode_prepare+0xb1/0x140
[  168.792489][   T46]  syscall_exit_to_user_mode+0x16/0x40
[  168.798068][   T46]  do_syscall_64+0x58/0xa0
[  168.802554][   T46]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  168.808471][   T46] 
[  168.810797][   T46] Last potentially related work creation:
[  168.816526][   T46]  kasan_save_stack+0x3a/0x60
[  168.821221][   T46]  __kasan_record_aux_stack+0xb2/0xc0
[  168.826622][   T46]  insert_work+0x54/0x3c0
[  168.830975][   T46]  __queue_work+0xba3/0xfb0
[  168.835701][   T46]  queue_work_on+0x11d/0x1d0
[  168.840345][   T46]  kcm_unattach+0x861/0xe80
[  168.844970][   T46]  kcm_ioctl+0x78d/0xff0
[  168.849221][   T46]  sock_do_ioctl+0xd3/0x2f0
[  168.853755][   T46]  sock_ioctl+0x4ed/0x6e0
[  168.858104][   T46]  __se_sys_ioctl+0xfa/0x170
[  168.862723][   T46]  do_syscall_64+0x4c/0xa0
[  168.867166][   T46]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  168.873193][   T46] 
[  168.875531][   T46] Second to last potentially related work creation:
[  168.882212][   T46]  kasan_save_stack+0x3a/0x60
[  168.886902][   T46]  __kasan_record_aux_stack+0xb2/0xc0
[  168.892324][   T46]  insert_work+0x54/0x3c0
[  168.896675][   T46]  __queue_work+0xba3/0xfb0
[  168.901201][   T46]  queue_work_on+0x11d/0x1d0
[  168.905813][   T46]  kcm_ioctl+0xe4b/0xff0
[  168.910073][   T46]  sock_do_ioctl+0xd3/0x2f0
[  168.914643][   T46]  sock_ioctl+0x4ed/0x6e0
[  168.918997][   T46]  __se_sys_ioctl+0xfa/0x170
[  168.923634][   T46]  do_syscall_64+0x4c/0xa0
[  168.928114][   T46]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  168.934028][   T46] 
[  168.936356][   T46] The buggy address belongs to the object at ffff88807870de40
[  168.936356][   T46]  which belongs to the cache KCM of size 1720
[  168.949805][   T46] The buggy address is located 304 bytes inside of
[  168.949805][   T46]  1720-byte region [ffff88807870de40, ffff88807870e4f8)
[  168.963201][   T46] 
[  168.965531][   T46] The buggy address belongs to the physical page:
[  168.971960][   T46] page:ffffea0001e1c200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78708
[  168.982293][   T46] head:ffffea0001e1c200 order:3 compound_mapcount:0 compound_pincount:0
[  168.990799][   T46] memcg:ffff88801df44501
[  168.995092][   T46] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  169.003103][   T46] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff88802f12a500
[  169.011693][   T46] raw: 0000000000000000 0000000080110011 00000001ffffffff ffff88801df44501
[  169.020310][   T46] page dumped because: kasan: bad access detected
[  169.027083][   T46] page_owner tracks the page as allocated
[  169.032815][   T46] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 4704, tgid 4703 (syz.0.87), ts 158934984142, free_ts 158931967784
[  169.055403][   T46]  post_alloc_hook+0x173/0x1a0
[  169.060191][   T46]  get_page_from_freelist+0x1a26/0x1ac0
[  169.065760][   T46]  __alloc_pages+0x1df/0x4e0
[  169.070379][   T46]  alloc_slab_page+0x5d/0x160
[  169.075271][   T46]  new_slab+0x87/0x2c0
[  169.079361][   T46]  ___slab_alloc+0xbc6/0x1220
[  169.084054][   T46]  kmem_cache_alloc+0x1b7/0x2f0
[  169.088928][   T46]  sk_prot_alloc+0x57/0x210
[  169.094007][   T46]  sk_alloc+0x36/0x340
[  169.098103][   T46]  kcm_create+0xfc/0x570
[  169.102390][   T46]  __sock_create+0x4a2/0x940
[  169.107076][   T46]  __sys_socket+0xc4/0x190
[  169.111526][   T46]  __x64_sys_socket+0x76/0x80
[  169.116219][   T46]  do_syscall_64+0x4c/0xa0
[  169.120648][   T46]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  169.126564][   T46] page last free stack trace:
[  169.131250][   T46]  free_unref_page_prepare+0x8b4/0x9a0
[  169.136744][   T46]  free_unref_page+0x2e/0x3f0
[  169.141451][   T46]  __unfreeze_partials+0x1a5/0x200
[  169.146578][   T46]  put_cpu_partial+0x17c/0x250
[  169.151351][   T46]  qlist_free_all+0x76/0xe0
[  169.155896][   T46]  kasan_quarantine_reduce+0x144/0x160
[  169.161370][   T46]  __kasan_slab_alloc+0x1e/0x80
[  169.166243][   T46]  slab_post_alloc_hook+0x4b/0x480
[  169.171499][   T46]  kmem_cache_alloc_lru+0x11a/0x2e0
[  169.176712][   T46]  shmem_alloc_inode+0x24/0x40
[  169.181578][   T46]  new_inode_pseudo+0x5f/0x1c0
[  169.186348][   T46]  new_inode+0x25/0x1c0
[  169.190511][   T46]  shmem_get_inode+0x347/0xbf0
[  169.195287][   T46]  shmem_symlink+0x97/0x670
[  169.199819][   T46]  vfs_symlink+0x247/0x3d0
[  169.204261][   T46]  do_symlinkat+0x1ae/0x3f0
[  169.208777][   T46] 
[  169.211103][   T46] Memory state around the buggy address:
[  169.216841][   T46]  ffff88807870de00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  169.224913][   T46]  ffff88807870de80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  169.233074][   T46] >ffff88807870df00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  169.241765][   T46]                                                              ^
[  169.249511][   T46]  ffff88807870df80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  169.257612][   T46]  ffff88807870e000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  169.265676][   T46] ==================================================================
[  169.273771][   T46] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  169.280968][   T46] CPU: 1 PID: 46 Comm: kworker/u4:3 Not tainted 6.1.147-syzkaller #0
[  169.289060][   T46] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  169.299124][   T46] Workqueue: kkcmd kcm_tx_work
[  169.303993][   T46] Call Trace:
[  169.307284][   T46]  <TASK>
[  169.310225][   T46]  dump_stack_lvl+0x168/0x22e
[  169.314913][   T46]  ? memcpy+0x3c/0x60
[  169.318911][   T46]  ? show_regs_print_info+0x12/0x12
[  169.324401][   T46]  ? load_image+0x3b0/0x3b0
[  169.328939][   T46]  panic+0x2c9/0x710
[  169.332868][   T46]  ? __lock_acquire+0x7c50/0x7c50
[  169.337926][   T46]  ? bpf_jit_dump+0xd0/0xd0
[  169.342485][   T46]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  169.348518][   T46]  ? _raw_spin_unlock+0x40/0x40
[  169.353388][   T46]  check_panic_on_warn+0x80/0xa0
[  169.358341][   T46]  ? __lock_acquire+0xf7/0x7c50
[  169.363294][   T46]  end_report+0x66/0x110
[  169.367553][   T46]  kasan_report+0x118/0x140
[  169.372070][   T46]  ? __lock_acquire+0xf7/0x7c50
[  169.376938][   T46]  __lock_acquire+0xf7/0x7c50
[  169.381641][   T46]  ? mark_lock+0x94/0x320
[  169.386022][   T46]  ? __lock_acquire+0x13c0/0x7c50
[  169.391119][   T46]  ? verify_lock_unused+0x140/0x140
[  169.396355][   T46]  ? __lock_acquire+0x13c0/0x7c50
[  169.401411][   T46]  ? verify_lock_unused+0x140/0x140
[  169.406642][   T46]  lock_acquire+0x1b4/0x490
[  169.411193][   T46]  ? kcm_tx_work+0x2d/0x180
[  169.415814][   T46]  ? read_lock_is_recursive+0x10/0x10
[  169.421216][   T46]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  169.427230][   T46]  ? process_one_work+0x7a1/0x1160
[  169.432373][   T46]  lock_sock_nested+0x44/0x100
[  169.437168][   T46]  ? kcm_tx_work+0x2d/0x180
[  169.441694][   T46]  ? process_one_work+0x7a1/0x1160
[  169.446817][   T46]  kcm_tx_work+0x2d/0x180
[  169.451163][   T46]  ? process_one_work+0x7a1/0x1160
[  169.456369][   T46]  process_one_work+0x898/0x1160
[  169.461326][   T46]  ? worker_detach_from_pool+0x240/0x240
[  169.467145][   T46]  ? _raw_spin_lock_irq+0xab/0xe0
[  169.472184][   T46]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  169.477595][   T46]  ? kthread_data+0x4b/0xc0
[  169.482133][   T46]  worker_thread+0xaa2/0x1250
[  169.486834][   T46]  ? __kthread_parkme+0x162/0x1c0
[  169.491890][   T46]  kthread+0x29d/0x330
[  169.495979][   T46]  ? worker_clr_flags+0x1a0/0x1a0
[  169.501039][   T46]  ? kthread_blkcg+0xd0/0xd0
[  169.505651][   T46]  ret_from_fork+0x1f/0x30
[  169.510095][   T46]  </TASK>
[  169.513397][   T46] Kernel Offset: disabled
[  169.517728][   T46] Rebooting in 86400 seconds..