Warning: Permanently added '10.128.1.190' (ED25519) to the list of known hosts.
2025/08/03 09:56:46 ignoring optional flag "sandboxArg"="0"
2025/08/03 09:56:47 parsed 1 programs
[ 60.355278][ T4272] cgroup: Unknown subsys name 'net'
[ 60.487510][ T4272] cgroup: Unknown subsys name 'rlimit'
[ 61.768720][ T4272] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 63.104523][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 63.122648][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 63.131285][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 63.141265][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 63.149299][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 63.157537][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 64.117266][ T4308] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 64.125992][ T4310] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 64.134097][ T4310] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 64.153303][ T4310] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 64.160821][ T4310] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 64.168241][ T4310] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 65.136075][ T4332] chnl_net:caif_netlink_parms(): no params data found
[ 65.188663][ T4332] bridge0: port 1(bridge_slave_0) entered blocking state
[ 65.197408][ T4332] bridge0: port 1(bridge_slave_0) entered disabled state
[ 65.205362][ T4332] device bridge_slave_0 entered promiscuous mode
[ 65.214323][ T4332] bridge0: port 2(bridge_slave_1) entered blocking state
[ 65.221431][ T4332] bridge0: port 2(bridge_slave_1) entered disabled state
[ 65.229810][ T4332] device bridge_slave_1 entered promiscuous mode
[ 65.254537][ T4332] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 65.265131][ T4332] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 65.289309][ T4332] team0: Port device team_slave_0 added
[ 65.297745][ T4332] team0: Port device team_slave_1 added
[ 65.337605][ T4332] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 65.344632][ T4332] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 65.371674][ T4332] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 65.388428][ T4332] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 65.395595][ T4332] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 65.421655][ T4332] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 65.460953][ T4332] device hsr_slave_0 entered promiscuous mode
[ 65.467704][ T4332] device hsr_slave_1 entered promiscuous mode
[ 65.544885][ T4332] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 65.554187][ T4332] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 65.563468][ T4332] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 65.572120][ T4332] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 65.594092][ T4332] bridge0: port 2(bridge_slave_1) entered blocking state
[ 65.601241][ T4332] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 65.609050][ T4332] bridge0: port 1(bridge_slave_0) entered blocking state
[ 65.616207][ T4332] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 65.660095][ T4332] 8021q: adding VLAN 0 to HW filter on device bond0
[ 65.679876][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 65.690011][ T75] bridge0: port 1(bridge_slave_0) entered disabled state
[ 65.699423][ T75] bridge0: port 2(bridge_slave_1) entered disabled state
[ 65.709163][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 65.730073][ T4332] 8021q: adding VLAN 0 to HW filter on device team0
[ 65.742857][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 65.751225][ T75] bridge0: port 1(bridge_slave_0) entered blocking state
[ 65.758335][ T75] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 65.774782][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 65.783516][ T75] bridge0: port 2(bridge_slave_1) entered blocking state
[ 65.790631][ T75] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 65.810488][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 65.819381][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 65.831035][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 65.851283][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 65.864318][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 65.881742][ T4332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 66.022031][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 66.029944][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 66.042252][ T4332] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 66.067108][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 66.085330][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 66.093721][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 66.101689][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 66.111134][ T4332] device veth0_vlan entered promiscuous mode
[ 66.128968][ T4332] device veth1_vlan entered promiscuous mode
[ 66.146398][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 66.155839][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 66.174266][ T4332] device veth0_macvtap entered promiscuous mode
[ 66.183333][ T4332] device veth1_macvtap entered promiscuous mode
[ 66.198553][ T4332] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 66.207418][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 66.215856][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 66.224681][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 66.233719][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 66.246639][ T4332] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 66.254506][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 66.264414][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 66.289451][ T4332] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 66.298618][ T4332] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 66.307634][ T4332] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 66.316463][ T4332] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 66.456668][ T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/08/03 09:56:55 executed programs: 0
[ 67.120707][ T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 67.129212][ T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 67.136913][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 67.147539][ T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 67.156084][ T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 67.163971][ T4308] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 67.267847][ T4373] chnl_net:caif_netlink_parms(): no params data found
[ 67.307580][ T4373] bridge0: port 1(bridge_slave_0) entered blocking state
[ 67.314815][ T4373] bridge0: port 1(bridge_slave_0) entered disabled state
[ 67.322393][ T4373] device bridge_slave_0 entered promiscuous mode
[ 67.331073][ T4373] bridge0: port 2(bridge_slave_1) entered blocking state
[ 67.338375][ T4373] bridge0: port 2(bridge_slave_1) entered disabled state
[ 67.346299][ T4373] device bridge_slave_1 entered promiscuous mode
[ 67.369329][ T4373] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 67.381356][ T4373] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 67.408343][ T4373] team0: Port device team_slave_0 added
[ 67.416330][ T4373] team0: Port device team_slave_1 added
[ 67.433310][ T4373] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 67.440264][ T4373] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 67.466413][ T4373] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 67.479756][ T4373] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 67.487798][ T4373] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 67.514218][ T4373] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 67.543625][ T4373] device hsr_slave_0 entered promiscuous mode
[ 67.550203][ T4373] device hsr_slave_1 entered promiscuous mode
[ 67.558006][ T4373] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 67.566046][ T4373] Cannot create hsr debugfs directory
[ 69.101997][ T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 69.243188][ T47] Bluetooth: hci0: command 0x0409 tx timeout
[ 71.237010][ T1266] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.243547][ T1266] ieee802154 phy1 wpan1: encryption failed: -22
[ 71.312674][ T4310] Bluetooth: hci0: command 0x041b tx timeout
[ 71.660837][ T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 71.725392][ T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 72.558124][ T9] device hsr_slave_0 left promiscuous mode
[ 72.565232][ T9] device hsr_slave_1 left promiscuous mode
[ 72.571773][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 72.579368][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 72.587435][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 72.594884][ T9] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 72.602385][ T9] device bridge_slave_1 left promiscuous mode
[ 72.609271][ T9] bridge0: port 2(bridge_slave_1) entered disabled state
[ 72.619058][ T9] device bridge_slave_0 left promiscuous mode
[ 72.625996][ T9] bridge0: port 1(bridge_slave_0) entered disabled state
[ 72.643451][ T9] device veth1_macvtap left promiscuous mode
[ 72.649627][ T9] device veth0_macvtap left promiscuous mode
[ 72.655781][ T9] device veth1_vlan left promiscuous mode
[ 72.661681][ T9] device veth0_vlan left promiscuous mode
[ 72.913673][ T9] team0 (unregistering): Port device team_slave_1 removed
[ 72.938417][ T9] team0 (unregistering): Port device team_slave_0 removed
[ 72.963461][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 72.993443][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 73.215786][ T9] bond0 (unregistering): Released all slaves
[ 73.311598][ T4373] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 73.325125][ T4373] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 73.334678][ T4373] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 73.343817][ T4373] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 73.393361][ T47] Bluetooth: hci0: command 0x040f tx timeout
[ 73.408112][ T4373] 8021q: adding VLAN 0 to HW filter on device bond0
[ 73.432364][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 73.441533][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 73.451344][ T4373] 8021q: adding VLAN 0 to HW filter on device team0
[ 73.460882][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 73.469563][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 73.478192][ T75] bridge0: port 1(bridge_slave_0) entered blocking state
[ 73.485304][ T75] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 73.494529][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 73.513244][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 73.523772][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 73.532390][ T11] bridge0: port 2(bridge_slave_1) entered blocking state
[ 73.539499][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 73.557401][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 73.566370][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 73.576170][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 73.585526][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 73.602690][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 73.610702][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 73.619282][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 73.635431][ T4373] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 73.645930][ T4373] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 73.657626][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 73.667018][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 73.675732][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 73.684438][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 73.693740][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 73.874922][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 73.883044][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 73.895319][ T4373] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 73.910821][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 73.920126][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 73.936950][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 73.945153][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 73.954978][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 73.963195][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 73.971956][ T4373] device veth0_vlan entered promiscuous mode
[ 73.982724][ T4373] device veth1_vlan entered promiscuous mode
[ 73.999735][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 74.007833][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 74.016391][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 74.025358][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 74.035879][ T4373] device veth0_macvtap entered promiscuous mode
[ 74.053298][ T4373] device veth1_macvtap entered promiscuous mode
[ 74.067490][ T4373] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 74.075025][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 74.083511][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 74.091560][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 74.100119][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 74.111505][ T4373] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 74.119827][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 74.128879][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 74.146686][ T4373] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.155624][ T4373] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.164361][ T4373] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.173085][ T4373] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.216749][ T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 74.229355][ T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 74.252372][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
2025/08/03 09:57:03 executed programs: 2
[ 74.260911][ T75] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 74.269550][ T75] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 74.278278][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 75.474006][ T47] Bluetooth: hci0: command 0x0419 tx timeout
[ 76.354161][ T14] cfg80211: failed to load regulatory.db
2025/08/03 09:57:08 executed programs: 8
2025/08/03 09:57:13 executed programs: 14
2025/08/03 09:57:18 executed programs: 20
2025/08/03 09:57:23 executed programs: 26
2025/08/03 09:57:28 executed programs: 32
[ 99.878670][ T9] ==================================================================
[ 99.886768][ T9] BUG: KASAN: use-after-free in kcm_write_msgs+0x2f3/0x12e0
[ 99.894049][ T9] Write of size 1 at addr ffff8880296e1c52 by task kworker/u4:0/9
[ 99.901833][ T9]
[ 99.904153][ T9] CPU: 0 PID: 9 Comm: kworker/u4:0 Not tainted 6.1.147-syzkaller #0
[ 99.912114][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 99.922155][ T9] Workqueue: kkcmd kcm_tx_work
[ 99.926928][ T9] Call Trace:
[ 99.930199][ T9]
[ 99.933126][ T9] dump_stack_lvl+0x168/0x22e
[ 99.937809][ T9] ? read_lock_is_recursive+0x10/0x10
[ 99.943167][ T9] ? show_regs_print_info+0x12/0x12
[ 99.948364][ T9] ? load_image+0x3b0/0x3b0
[ 99.952850][ T9] ? _raw_spin_lock_irqsave+0xb0/0xf0
[ 99.958213][ T9] ? __virt_addr_valid+0x188/0x540
[ 99.963306][ T9] ? __virt_addr_valid+0x465/0x540
[ 99.968398][ T9] ? kcm_write_msgs+0x2f3/0x12e0
[ 99.973318][ T9] print_report+0xa8/0x200
[ 99.977732][ T9] kasan_report+0x10b/0x140
[ 99.982218][ T9] ? kcm_write_msgs+0x2f3/0x12e0
[ 99.987140][ T9] ? process_one_work+0x7a1/0x1160
[ 99.992242][ T9] kcm_write_msgs+0x2f3/0x12e0
[ 99.996990][ T9] ? lockdep_hardirqs_on+0x94/0x140
[ 100.002173][ T9] ? __local_bh_enable_ip+0x12a/0x1b0
[ 100.007534][ T9] ? _local_bh_enable+0xa0/0xa0
[ 100.012370][ T9] ? lock_sock_nested+0x66/0x100
[ 100.017293][ T9] ? do_raw_spin_unlock+0x11d/0x230
[ 100.022476][ T9] ? process_one_work+0x7a1/0x1160
[ 100.027568][ T9] kcm_tx_work+0x35/0x180
[ 100.031886][ T9] ? process_one_work+0x7a1/0x1160
[ 100.036992][ T9] process_one_work+0x898/0x1160
[ 100.041922][ T9] ? worker_detach_from_pool+0x240/0x240
[ 100.047538][ T9] ? _raw_spin_lock_irq+0xab/0xe0
[ 100.052548][ T9] ? _raw_spin_lock_irqsave+0xf0/0xf0
[ 100.057905][ T9] ? kthread_data+0x4b/0xc0
[ 100.062395][ T9] worker_thread+0xaa2/0x1250
[ 100.067062][ T9] kthread+0x29d/0x330
[ 100.071113][ T9] ? worker_clr_flags+0x1a0/0x1a0
[ 100.076117][ T9] ? kthread_blkcg+0xd0/0xd0
[ 100.080692][ T9] ret_from_fork+0x1f/0x30
[ 100.085095][ T9]
[ 100.088096][ T9]
[ 100.090399][ T9] Allocated by task 4555:
[ 100.094705][ T9] kasan_set_track+0x4b/0x70
[ 100.099279][ T9] __kasan_slab_alloc+0x6b/0x80
[ 100.104113][ T9] slab_post_alloc_hook+0x4b/0x480
[ 100.109204][ T9] kmem_cache_alloc+0x123/0x2f0
[ 100.114037][ T9] sk_prot_alloc+0x57/0x210
[ 100.118524][ T9] sk_alloc+0x36/0x340
[ 100.122577][ T9] kcm_ioctl+0x211/0xff0
[ 100.126799][ T9] sock_do_ioctl+0xd3/0x2f0
[ 100.131281][ T9] sock_ioctl+0x4ed/0x6e0
[ 100.135592][ T9] __se_sys_ioctl+0xfa/0x170
[ 100.140162][ T9] do_syscall_64+0x4c/0xa0
[ 100.144559][ T9] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 100.150434][ T9]
[ 100.152737][ T9] Freed by task 4556:
[ 100.156698][ T9] kasan_set_track+0x4b/0x70
[ 100.161272][ T9] kasan_save_free_info+0x2d/0x50
[ 100.166278][ T9] ____kasan_slab_free+0x126/0x1e0
[ 100.171371][ T9] slab_free_freelist_hook+0x131/0x1a0
[ 100.176809][ T9] kmem_cache_free+0xf7/0x290
[ 100.181467][ T9] __sk_destruct+0x48d/0x630
[ 100.186042][ T9] kcm_release+0x520/0x5b0
[ 100.190441][ T9] sock_close+0xd5/0x240
[ 100.194662][ T9] __fput+0x22c/0x920
[ 100.198628][ T9] task_work_run+0x1ca/0x250
[ 100.203199][ T9] exit_to_user_mode_loop+0xe6/0x110
[ 100.208468][ T9] exit_to_user_mode_prepare+0xb1/0x140
[ 100.213996][ T9] syscall_exit_to_user_mode+0x16/0x40
[ 100.219435][ T9] do_syscall_64+0x58/0xa0
[ 100.223833][ T9] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 100.229711][ T9]
[ 100.232013][ T9] Last potentially related work creation:
[ 100.237706][ T9] kasan_save_stack+0x3a/0x60
[ 100.242367][ T9] __kasan_record_aux_stack+0xb2/0xc0
[ 100.247720][ T9] insert_work+0x54/0x3c0
[ 100.252028][ T9] __queue_work+0xba3/0xfb0
[ 100.256514][ T9] queue_work_on+0x11d/0x1d0
[ 100.261084][ T9] kcm_unattach+0x861/0xe80
[ 100.265568][ T9] kcm_ioctl+0x78d/0xff0
[ 100.269793][ T9] sock_do_ioctl+0xd3/0x2f0
[ 100.274277][ T9] sock_ioctl+0x4ed/0x6e0
[ 100.278585][ T9] __se_sys_ioctl+0xfa/0x170
[ 100.283160][ T9] do_syscall_64+0x4c/0xa0
[ 100.287557][ T9] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 100.293436][ T9]
[ 100.295744][ T9] Second to last potentially related work creation:
[ 100.302304][ T9] kasan_save_stack+0x3a/0x60
[ 100.306961][ T9] __kasan_record_aux_stack+0xb2/0xc0
[ 100.312321][ T9] insert_work+0x54/0x3c0
[ 100.316632][ T9] __queue_work+0xba3/0xfb0
[ 100.321118][ T9] queue_work_on+0x11d/0x1d0
[ 100.325693][ T9] kcm_ioctl+0xe4b/0xff0
[ 100.329916][ T9] sock_do_ioctl+0xd3/0x2f0
[ 100.334410][ T9] sock_ioctl+0x4ed/0x6e0
[ 100.338719][ T9] __se_sys_ioctl+0xfa/0x170
[ 100.343289][ T9] do_syscall_64+0x4c/0xa0
[ 100.347693][ T9] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 100.353569][ T9]
[ 100.355875][ T9] The buggy address belongs to the object at ffff8880296e15c0
[ 100.355875][ T9] which belongs to the cache KCM of size 1720
[ 100.369300][ T9] The buggy address is located 1682 bytes inside of
[ 100.369300][ T9] 1720-byte region [ffff8880296e15c0, ffff8880296e1c78)
[ 100.382728][ T9]
[ 100.385035][ T9] The buggy address belongs to the physical page:
[ 100.391429][ T9] page:ffffea0000a5b800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x296e0
[ 100.401558][ T9] head:ffffea0000a5b800 order:3 compound_mapcount:0 compound_pincount:0
[ 100.409862][ T9] memcg:ffff88801f657c01
[ 100.414077][ T9] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 100.422046][ T9] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff88802ff83780
[ 100.430611][ T9] raw: 0000000000000000 0000000080110011 00000001ffffffff ffff88801f657c01
[ 100.439168][ T9] page dumped because: kasan: bad access detected
[ 100.445562][ T9] page_owner tracks the page as allocated
[ 100.451253][ T9] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 4547, tgid 4545 (syz.0.45), ts 98176315308, free_ts 96406320508
[ 100.473631][ T9] post_alloc_hook+0x173/0x1a0
[ 100.478383][ T9] get_page_from_freelist+0x1a26/0x1ac0
[ 100.483912][ T9] __alloc_pages+0x1df/0x4e0
[ 100.488483][ T9] alloc_slab_page+0x5d/0x160
[ 100.493139][ T9] new_slab+0x87/0x2c0
[ 100.497187][ T9] ___slab_alloc+0xbc6/0x1220
[ 100.501842][ T9] kmem_cache_alloc+0x1b7/0x2f0
[ 100.506686][ T9] sk_prot_alloc+0x57/0x210
[ 100.511171][ T9] sk_alloc+0x36/0x340
[ 100.515222][ T9] kcm_ioctl+0x211/0xff0
[ 100.519447][ T9] sock_do_ioctl+0xd3/0x2f0
[ 100.523939][ T9] sock_ioctl+0x4ed/0x6e0
[ 100.528247][ T9] __se_sys_ioctl+0xfa/0x170
[ 100.532819][ T9] do_syscall_64+0x4c/0xa0
[ 100.537220][ T9] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 100.543095][ T9] page last free stack trace:
[ 100.547743][ T9] free_unref_page_prepare+0x8b4/0x9a0
[ 100.553187][ T9] free_unref_page+0x2e/0x3f0
[ 100.557849][ T9] __unfreeze_partials+0x1a5/0x200
[ 100.562941][ T9] put_cpu_partial+0x17c/0x250
[ 100.567690][ T9] qlist_free_all+0x76/0xe0
[ 100.572184][ T9] kasan_quarantine_reduce+0x144/0x160
[ 100.577633][ T9] __kasan_slab_alloc+0x1e/0x80
[ 100.582475][ T9] slab_post_alloc_hook+0x4b/0x480
[ 100.587573][ T9] kmem_cache_alloc+0x123/0x2f0
[ 100.592412][ T9] taskstats_exit+0x151/0x9d0
[ 100.597077][ T9] do_exit+0x8b4/0x2400
[ 100.601233][ T9] do_group_exit+0x217/0x2d0
[ 100.605806][ T9] get_signal+0x1272/0x1350
[ 100.610292][ T9] arch_do_signal_or_restart+0xb0/0x1230
[ 100.615906][ T9] exit_to_user_mode_loop+0x70/0x110
[ 100.621171][ T9] exit_to_user_mode_prepare+0xb1/0x140
[ 100.626701][ T9]
[ 100.629004][ T9] Memory state around the buggy address:
[ 100.634639][ T9] ffff8880296e1b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 100.642697][ T9] ffff8880296e1b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 100.650743][ T9] >ffff8880296e1c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 100.658783][ T9] ^
[ 100.665435][ T9] ffff8880296e1c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 100.673477][ T9] ffff8880296e1d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 100.681513][ T9] ==================================================================
[ 100.695011][ T9] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 100.702226][ T9] CPU: 1 PID: 9 Comm: kworker/u4:0 Not tainted 6.1.147-syzkaller #0
[ 100.710205][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 100.720259][ T9] Workqueue: kkcmd kcm_tx_work
[ 100.725016][ T9] Call Trace:
[ 100.728277][ T9]
[ 100.731190][ T9] dump_stack_lvl+0x168/0x22e
[ 100.735849][ T9] ? memcpy+0x3c/0x60
[ 100.739910][ T9] ? show_regs_print_info+0x12/0x12
[ 100.745089][ T9] ? load_image+0x3b0/0x3b0
[ 100.749577][ T9] panic+0x2c9/0x710
[ 100.753465][ T9] ? bpf_jit_dump+0xd0/0xd0
[ 100.757960][ T9] ? _raw_spin_unlock_irqrestore+0xf6/0x100
[ 100.763838][ T9] ? _raw_spin_unlock+0x40/0x40
[ 100.768680][ T9] check_panic_on_warn+0x80/0xa0
[ 100.773603][ T9] ? kcm_write_msgs+0x2f3/0x12e0
[ 100.778521][ T9] end_report+0x66/0x110
[ 100.782746][ T9] kasan_report+0x118/0x140
[ 100.787234][ T9] ? kcm_write_msgs+0x2f3/0x12e0
[ 100.792153][ T9] ? process_one_work+0x7a1/0x1160
[ 100.797244][ T9] kcm_write_msgs+0x2f3/0x12e0
[ 100.801988][ T9] ? lockdep_hardirqs_on+0x94/0x140
[ 100.807174][ T9] ? __local_bh_enable_ip+0x12a/0x1b0
[ 100.812532][ T9] ? _local_bh_enable+0xa0/0xa0
[ 100.817366][ T9] ? lock_sock_nested+0x66/0x100
[ 100.822281][ T9] ? do_raw_spin_unlock+0x11d/0x230
[ 100.827467][ T9] ? process_one_work+0x7a1/0x1160
[ 100.832563][ T9] kcm_tx_work+0x35/0x180
[ 100.836879][ T9] ? process_one_work+0x7a1/0x1160
[ 100.841971][ T9] process_one_work+0x898/0x1160
[ 100.846895][ T9] ? worker_detach_from_pool+0x240/0x240
[ 100.852512][ T9] ? _raw_spin_lock_irq+0xab/0xe0
[ 100.857523][ T9] ? _raw_spin_lock_irqsave+0xf0/0xf0
[ 100.862879][ T9] ? kthread_data+0x4b/0xc0
[ 100.867377][ T9] worker_thread+0xaa2/0x1250
[ 100.872050][ T9] kthread+0x29d/0x330
[ 100.876108][ T9] ? worker_clr_flags+0x1a0/0x1a0
[ 100.881116][ T9] ? kthread_blkcg+0xd0/0xd0
[ 100.885691][ T9] ret_from_fork+0x1f/0x30
[ 100.890096][ T9]
[ 100.893316][ T9] Kernel Offset: disabled
[ 100.897630][ T9] Rebooting in 86400 seconds..