Warning: Permanently added '10.128.0.86' (ED25519) to the list of known hosts.
2025/08/03 21:31:24 ignoring optional flag "sandboxArg"="0"
2025/08/03 21:31:25 parsed 1 programs
[   99.637078][ T4282] cgroup: Unknown subsys name 'net'
[   99.738083][ T4282] cgroup: Unknown subsys name 'rlimit'
[  101.247393][ T4282] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[  105.030045][ T4335] chnl_net:caif_netlink_parms(): no params data found
[  105.081835][ T4335] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.089469][ T4335] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.097583][ T4335] device bridge_slave_0 entered promiscuous mode
[  105.114313][ T4335] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.121604][ T4335] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.129415][ T4335] device bridge_slave_1 entered promiscuous mode
[  105.162923][ T4335] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  105.174807][ T4335] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  105.212184][ T4335] team0: Port device team_slave_0 added
[  105.220169][ T4335] team0: Port device team_slave_1 added
[  105.240264][ T4335] batman_adv: batadv0: Adding interface: batadv_slave_0
[  105.247745][ T4335] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.273822][ T4335] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  105.294122][ T4335] batman_adv: batadv0: Adding interface: batadv_slave_1
[  105.301297][ T4335] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.327552][ T4335] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  105.367519][ T4335] device hsr_slave_0 entered promiscuous mode
[  105.374409][ T4335] device hsr_slave_1 entered promiscuous mode
[  105.503879][ T4335] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  105.519128][ T4335] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  105.533561][ T4335] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  105.543453][ T4335] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  105.577647][ T4335] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.585203][ T4335] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.593279][ T4335] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.600527][ T4335] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.649925][ T4335] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.666264][   T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  105.677974][   T47] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.686899][   T47] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.702726][ T4335] 8021q: adding VLAN 0 to HW filter on device team0
[  105.729256][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  105.744648][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.751929][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.768917][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  105.778617][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.785850][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.806339][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  105.815113][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  105.828276][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  105.841465][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  105.854293][   T48] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  105.865833][ T4335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  106.067505][   T48] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  106.075093][   T48] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  106.090619][ T4335] 8021q: adding VLAN 0 to HW filter on device batadv0
[  106.116151][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  106.125349][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  106.146589][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  106.155556][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  106.166490][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  106.174765][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  106.191115][ T4335] device veth0_vlan entered promiscuous mode
[  106.203705][ T4335] device veth1_vlan entered promiscuous mode
[  106.223793][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  106.233713][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  106.243696][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  106.253200][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  106.272207][ T4335] device veth0_macvtap entered promiscuous mode
[  106.281679][ T4335] device veth1_macvtap entered promiscuous mode
[  106.298175][ T4335] batman_adv: batadv0: Interface activated: batadv_slave_0
[  106.313058][   T48] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  106.329245][   T48] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  106.338193][   T48] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  106.347174][   T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  106.358611][ T4335] batman_adv: batadv0: Interface activated: batadv_slave_1
[  106.373739][   T48] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  106.383012][   T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  106.395041][ T4335] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  106.404898][ T4335] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  106.413738][ T4335] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  106.423478][ T4335] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  106.585750][ T4356] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  106.594216][ T4356] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  106.603123][ T4356] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  106.612576][ T4356] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  106.621658][ T4356] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  106.629035][ T4356] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  106.668357][    T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.980853][   T32] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.988905][   T32] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.005858][   T48] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  107.018589][   T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.027026][   T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.036786][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2025/08/03 21:31:35 executed programs: 0
[  107.419546][   T49] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  107.428628][   T49] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  107.436672][   T49] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  107.447135][   T49] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  107.455908][   T49] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  107.463485][   T49] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  107.608423][ T4373] chnl_net:caif_netlink_parms(): no params data found
[  107.659569][ T4373] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.667482][ T4373] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.677068][ T4373] device bridge_slave_0 entered promiscuous mode
[  107.686869][ T4373] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.694491][ T4373] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.703056][ T4373] device bridge_slave_1 entered promiscuous mode
[  107.730304][ T4373] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  107.742411][ T4373] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  107.772798][ T4373] team0: Port device team_slave_0 added
[  107.782723][ T4373] team0: Port device team_slave_1 added
[  107.806118][ T4373] batman_adv: batadv0: Adding interface: batadv_slave_0
[  107.813313][ T4373] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.839646][ T4373] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  107.852825][ T4373] batman_adv: batadv0: Adding interface: batadv_slave_1
[  107.859874][ T4373] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.886002][ T4373] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  107.923395][ T4373] device hsr_slave_0 entered promiscuous mode
[  107.931000][ T4373] device hsr_slave_1 entered promiscuous mode
[  107.937733][ T4373] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  107.945788][ T4373] Cannot create hsr debugfs directory
[  108.753715][    T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  109.522113][ T4355] Bluetooth: hci0: command 0x0409 tx timeout
[  110.983149][    T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  111.034535][    T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  111.601570][ T4355] Bluetooth: hci0: command 0x041b tx timeout
[  111.862263][    T9] device hsr_slave_0 left promiscuous mode
[  111.869740][    T9] device hsr_slave_1 left promiscuous mode
[  111.880426][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  111.901141][    T9] batman_adv: batadv0: Removing interface: batadv_slave_0
[  111.910524][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  111.919173][    T9] batman_adv: batadv0: Removing interface: batadv_slave_1
[  111.940180][    T9] device bridge_slave_1 left promiscuous mode
[  111.948984][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[  111.965174][    T9] device bridge_slave_0 left promiscuous mode
[  111.972866][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[  112.002391][    T9] device veth1_macvtap left promiscuous mode
[  112.008849][    T9] device veth0_macvtap left promiscuous mode
[  112.016539][    T9] device veth1_vlan left promiscuous mode
[  112.023373][    T9] device veth0_vlan left promiscuous mode
[  112.453199][    T9] team0 (unregistering): Port device team_slave_1 removed
[  112.483543][    T9] team0 (unregistering): Port device team_slave_0 removed
[  112.513952][    T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  112.546010][    T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  112.854201][    T9] bond0 (unregistering): Released all slaves
[  112.987137][ T4373] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  112.997917][ T4373] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  113.011344][ T4373] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  113.022729][ T4373] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  113.102760][ T4373] 8021q: adding VLAN 0 to HW filter on device bond0
[  113.116143][   T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  113.124626][   T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  113.135866][ T4373] 8021q: adding VLAN 0 to HW filter on device team0
[  113.163327][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  113.173164][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  113.182362][ T4409] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.189496][ T4409] bridge0: port 1(bridge_slave_0) entered forwarding state
[  113.199789][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  113.219931][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  113.229583][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  113.239369][ T4409] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.246549][ T4409] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.255068][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  113.264062][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  113.292870][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  113.304606][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  113.313760][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  113.323177][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  113.332232][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  113.340948][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  113.349441][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  113.363651][ T4373] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  113.383971][ T4373] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  113.392390][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  113.402112][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  113.633968][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  113.641865][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  113.654902][ T4373] 8021q: adding VLAN 0 to HW filter on device batadv0
[  113.675442][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  113.683787][ T4355] Bluetooth: hci0: command 0x040f tx timeout
[  113.684716][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  113.708467][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  113.717221][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  113.725974][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  113.735214][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  113.755499][ T4373] device veth0_vlan entered promiscuous mode
[  113.767185][ T4373] device veth1_vlan entered promiscuous mode
[  113.787205][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  113.795945][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  113.805100][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  113.814043][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  113.824809][ T4373] device veth0_macvtap entered promiscuous mode
[  113.844680][ T4373] device veth1_macvtap entered promiscuous mode
[  113.863278][ T4373] batman_adv: batadv0: Interface activated: batadv_slave_0
[  113.871690][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  113.879936][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  113.888832][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  113.897952][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  113.918470][ T4373] batman_adv: batadv0: Interface activated: batadv_slave_1
[  113.926157][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  113.936811][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  113.949785][ T4373] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  113.959972][ T4373] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  113.969158][ T4373] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  113.978613][ T4373] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  114.100134][ T4371] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.129560][ T4371] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.150901][   T47] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  114.162270][   T47] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.170367][   T47] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/08/03 21:31:42 executed programs: 2
[  114.205121][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  115.760943][ T4356] Bluetooth: hci0: command 0x0419 tx timeout
2025/08/03 21:31:47 executed programs: 8
[  120.295369][   T47] ==================================================================
[  120.303541][   T47] BUG: KASAN: use-after-free in lock_sock_nested+0xf1/0x100
[  120.310865][   T47] Write of size 4 at addr ffff8880781fb398 by task kworker/u4:3/47
[  120.318779][   T47] 
[  120.321133][   T47] CPU: 1 PID: 47 Comm: kworker/u4:3 Not tainted 6.1.147-syzkaller #0
[  120.329203][   T47] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  120.339320][   T47] Workqueue: kkcmd kcm_tx_work
[  120.344144][   T47] Call Trace:
[  120.347475][   T47]  <TASK>
[  120.350413][   T47]  dump_stack_lvl+0x168/0x22e
[  120.355116][   T47]  ? read_lock_is_recursive+0x10/0x10
[  120.360592][   T47]  ? show_regs_print_info+0x12/0x12
[  120.365801][   T47]  ? load_image+0x3b0/0x3b0
[  120.370350][   T47]  ? _raw_spin_lock_irqsave+0xb0/0xf0
[  120.375741][   T47]  ? __virt_addr_valid+0x188/0x540
[  120.380890][   T47]  ? __virt_addr_valid+0x465/0x540
[  120.386016][   T47]  ? lock_sock_nested+0xf1/0x100
[  120.390967][   T47]  print_report+0xa8/0x200
[  120.395399][   T47]  kasan_report+0x10b/0x140
[  120.399919][   T47]  ? __rwlock_init+0x140/0x140
[  120.404700][   T47]  ? lock_sock_nested+0xf1/0x100
[  120.409667][   T47]  lock_sock_nested+0xf1/0x100
[  120.414446][   T47]  ? process_one_work+0x7a1/0x1160
[  120.419573][   T47]  kcm_tx_work+0x2d/0x180
[  120.424025][   T47]  ? process_one_work+0x7a1/0x1160
[  120.429149][   T47]  process_one_work+0x898/0x1160
[  120.434103][   T47]  ? worker_detach_from_pool+0x240/0x240
[  120.439750][   T47]  ? _raw_spin_lock_irq+0xab/0xe0
[  120.444813][   T47]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  120.450211][   T47]  ? kthread_data+0x4b/0xc0
[  120.454733][   T47]  worker_thread+0xaa2/0x1250
[  120.459435][   T47]  kthread+0x29d/0x330
[  120.463516][   T47]  ? worker_clr_flags+0x1a0/0x1a0
[  120.468553][   T47]  ? kthread_blkcg+0xd0/0xd0
[  120.473162][   T47]  ret_from_fork+0x1f/0x30
[  120.477605][   T47]  </TASK>
[  120.480628][   T47] 
[  120.482953][   T47] Allocated by task 4456:
[  120.487283][   T47]  kasan_set_track+0x4b/0x70
[  120.491927][   T47]  __kasan_slab_alloc+0x6b/0x80
[  120.496836][   T47]  slab_post_alloc_hook+0x4b/0x480
[  120.501990][   T47]  kmem_cache_alloc+0x123/0x2f0
[  120.506882][   T47]  sk_prot_alloc+0x57/0x210
[  120.511403][   T47]  sk_alloc+0x36/0x340
[  120.515498][   T47]  kcm_ioctl+0x211/0xff0
[  120.519759][   T47]  sock_do_ioctl+0xd3/0x2f0
[  120.524293][   T47]  sock_ioctl+0x4ed/0x6e0
[  120.528635][   T47]  __se_sys_ioctl+0xfa/0x170
[  120.533238][   T47]  do_syscall_64+0x4c/0xa0
[  120.537661][   T47]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  120.543566][   T47] 
[  120.545888][   T47] Freed by task 4457:
[  120.549870][   T47]  kasan_set_track+0x4b/0x70
[  120.554471][   T47]  kasan_save_free_info+0x2d/0x50
[  120.559511][   T47]  ____kasan_slab_free+0x126/0x1e0
[  120.564632][   T47]  slab_free_freelist_hook+0x131/0x1a0
[  120.570120][   T47]  kmem_cache_free+0xf7/0x290
[  120.574821][   T47]  __sk_destruct+0x48d/0x630
[  120.579452][   T47]  kcm_release+0x520/0x5b0
[  120.583888][   T47]  sock_close+0xd5/0x240
[  120.588140][   T47]  __fput+0x22c/0x920
[  120.592141][   T47]  task_work_run+0x1ca/0x250
[  120.596754][   T47]  exit_to_user_mode_loop+0xe6/0x110
[  120.602090][   T47]  exit_to_user_mode_prepare+0xb1/0x140
[  120.607674][   T47]  syscall_exit_to_user_mode+0x16/0x40
[  120.613181][   T47]  do_syscall_64+0x58/0xa0
[  120.617602][   T47]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  120.623526][   T47] 
[  120.625866][   T47] Last potentially related work creation:
[  120.631581][   T47]  kasan_save_stack+0x3a/0x60
[  120.636294][   T47]  __kasan_record_aux_stack+0xb2/0xc0
[  120.641697][   T47]  insert_work+0x54/0x3c0
[  120.646056][   T47]  __queue_work+0xba3/0xfb0
[  120.650593][   T47]  queue_work_on+0x11d/0x1d0
[  120.655218][   T47]  kcm_unattach+0x861/0xe80
[  120.659740][   T47]  kcm_ioctl+0x78d/0xff0
[  120.664011][   T47]  sock_do_ioctl+0xd3/0x2f0
[  120.668559][   T47]  sock_ioctl+0x4ed/0x6e0
[  120.672904][   T47]  __se_sys_ioctl+0xfa/0x170
[  120.677516][   T47]  do_syscall_64+0x4c/0xa0
[  120.681963][   T47]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  120.687884][   T47] 
[  120.690211][   T47] Second to last potentially related work creation:
[  120.696796][   T47]  kasan_save_stack+0x3a/0x60
[  120.701933][   T47]  __kasan_record_aux_stack+0xb2/0xc0
[  120.707355][   T47]  insert_work+0x54/0x3c0
[  120.711694][   T47]  __queue_work+0xba3/0xfb0
[  120.716212][   T47]  queue_work_on+0x11d/0x1d0
[  120.720826][   T47]  kcm_ioctl+0xe4b/0xff0
[  120.725084][   T47]  sock_do_ioctl+0xd3/0x2f0
[  120.729609][   T47]  sock_ioctl+0x4ed/0x6e0
[  120.733949][   T47]  __se_sys_ioctl+0xfa/0x170
[  120.738553][   T47]  do_syscall_64+0x4c/0xa0
[  120.743101][   T47]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  120.749014][   T47] 
[  120.751340][   T47] The buggy address belongs to the object at ffff8880781fb2c0
[  120.751340][   T47]  which belongs to the cache KCM of size 1720
[  120.764827][   T47] The buggy address is located 216 bytes inside of
[  120.764827][   T47]  1720-byte region [ffff8880781fb2c0, ffff8880781fb978)
[  120.778250][   T47] 
[  120.780581][   T47] The buggy address belongs to the physical page:
[  120.787011][   T47] page:ffffea0001e07e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x781f8
[  120.797173][   T47] head:ffffea0001e07e00 order:3 compound_mapcount:0 compound_pincount:0
[  120.805507][   T47] memcg:ffff88802f9f9301
[  120.809847][   T47] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  120.817864][   T47] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff88802ead0b40
[  120.826484][   T47] raw: 0000000000000000 0000000080110011 00000001ffffffff ffff88802f9f9301
[  120.835073][   T47] page dumped because: kasan: bad access detected
[  120.841501][   T47] page_owner tracks the page as allocated
[  120.847232][   T47] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 4425, tgid 4424 (syz.0.17), ts 114260481623, free_ts 114248514036
[  120.869824][   T47]  post_alloc_hook+0x173/0x1a0
[  120.874612][   T47]  get_page_from_freelist+0x1a26/0x1ac0
[  120.880175][   T47]  __alloc_pages+0x1df/0x4e0
[  120.884778][   T47]  alloc_slab_page+0x5d/0x160
[  120.889485][   T47]  new_slab+0x87/0x2c0
[  120.893566][   T47]  ___slab_alloc+0xbc6/0x1220
[  120.898265][   T47]  kmem_cache_alloc+0x1b7/0x2f0
[  120.903156][   T47]  sk_prot_alloc+0x57/0x210
[  120.907675][   T47]  sk_alloc+0x36/0x340
[  120.911762][   T47]  kcm_create+0xfc/0x570
[  120.916010][   T47]  __sock_create+0x4a2/0x940
[  120.920649][   T47]  __sys_socket+0xc4/0x190
[  120.925094][   T47]  __x64_sys_socket+0x76/0x80
[  120.929849][   T47]  do_syscall_64+0x4c/0xa0
[  120.934305][   T47]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  120.940218][   T47] page last free stack trace:
[  120.944895][   T47]  free_unref_page_prepare+0x8b4/0x9a0
[  120.950379][   T47]  free_unref_page+0x2e/0x3f0
[  120.955070][   T47]  __unfreeze_partials+0x1a5/0x200
[  120.960214][   T47]  put_cpu_partial+0x17c/0x250
[  120.965030][   T47]  qlist_free_all+0x76/0xe0
[  120.969561][   T47]  kasan_quarantine_reduce+0x144/0x160
[  120.975115][   T47]  __kasan_slab_alloc+0x1e/0x80
[  120.979986][   T47]  slab_post_alloc_hook+0x4b/0x480
[  120.985106][   T47]  kmem_cache_alloc+0x123/0x2f0
[  120.989979][   T47]  prepare_creds+0x3c/0x610
[  120.994513][   T47]  copy_creds+0x146/0xd50
[  120.998893][   T47]  copy_process+0x904/0x4020
[  121.003505][   T47]  kernel_clone+0x225/0x8b0
[  121.008016][   T47]  __x64_sys_clone+0x17c/0x1d0
[  121.012784][   T47]  do_syscall_64+0x4c/0xa0
[  121.017212][   T47]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  121.023124][   T47] 
[  121.025448][   T47] Memory state around the buggy address:
[  121.031081][   T47]  ffff8880781fb280: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  121.039152][   T47]  ffff8880781fb300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  121.047226][   T47] >ffff8880781fb380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  121.055467][   T47]                             ^
[  121.060318][   T47]  ffff8880781fb400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  121.068395][   T47]  ffff8880781fb480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  121.076478][   T47] ==================================================================
[  121.084644][   T47] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  121.091874][   T47] CPU: 1 PID: 47 Comm: kworker/u4:3 Not tainted 6.1.147-syzkaller #0
[  121.099976][   T47] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  121.110072][   T47] Workqueue: kkcmd kcm_tx_work
[  121.114898][   T47] Call Trace:
[  121.118225][   T47]  <TASK>
[  121.121188][   T47]  dump_stack_lvl+0x168/0x22e
[  121.125928][   T47]  ? memcpy+0x3c/0x60
[  121.129960][   T47]  ? show_regs_print_info+0x12/0x12
[  121.135200][   T47]  ? load_image+0x3b0/0x3b0
[  121.139766][   T47]  panic+0x2c9/0x710
[  121.143715][   T47]  ? bpf_jit_dump+0xd0/0xd0
[  121.148276][   T47]  ? _raw_spin_unlock_irqrestore+0xa5/0x100
[  121.154189][   T47]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  121.160095][   T47]  ? _raw_spin_unlock+0x40/0x40
[  121.164959][   T47]  check_panic_on_warn+0x80/0xa0
[  121.169905][   T47]  ? lock_sock_nested+0xf1/0x100
[  121.174856][   T47]  end_report+0x66/0x110
[  121.179133][   T47]  kasan_report+0x118/0x140
[  121.183705][   T47]  ? __rwlock_init+0x140/0x140
[  121.188557][   T47]  ? lock_sock_nested+0xf1/0x100
[  121.193531][   T47]  lock_sock_nested+0xf1/0x100
[  121.198312][   T47]  ? process_one_work+0x7a1/0x1160
[  121.203437][   T47]  kcm_tx_work+0x2d/0x180
[  121.207782][   T47]  ? process_one_work+0x7a1/0x1160
[  121.212908][   T47]  process_one_work+0x898/0x1160
[  121.217866][   T47]  ? worker_detach_from_pool+0x240/0x240
[  121.223537][   T47]  ? _raw_spin_lock_irq+0xab/0xe0
[  121.228588][   T47]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  121.233978][   T47]  ? kthread_data+0x4b/0xc0
[  121.238522][   T47]  worker_thread+0xaa2/0x1250
[  121.243228][   T47]  kthread+0x29d/0x330
[  121.247316][   T47]  ? worker_clr_flags+0x1a0/0x1a0
[  121.252353][   T47]  ? kthread_blkcg+0xd0/0xd0
[  121.256983][   T47]  ret_from_fork+0x1f/0x30
[  121.261447][   T47]  </TASK>
[  121.264872][   T47] Kernel Offset: disabled
[  121.269206][   T47] Rebooting in 86400 seconds..