Warning: Permanently added '10.128.1.253' (ED25519) to the list of known hosts.
2025/08/03 04:49:17 ignoring optional flag "sandboxArg"="0"
2025/08/03 04:49:18 parsed 1 programs
[ 77.782935][ T4271] cgroup: Unknown subsys name 'net'
[ 77.920014][ T4271] cgroup: Unknown subsys name 'rlimit'
[ 79.466603][ T4271] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 81.879915][ T4293] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 81.888350][ T4293] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 81.896261][ T4293] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 81.904417][ T4293] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 81.912372][ T4293] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 81.919972][ T4293] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 82.459432][ T4307] chnl_net:caif_netlink_parms(): no params data found
[ 82.508784][ T4307] bridge0: port 1(bridge_slave_0) entered blocking state
[ 82.516822][ T4307] bridge0: port 1(bridge_slave_0) entered disabled state
[ 82.525014][ T4307] device bridge_slave_0 entered promiscuous mode
[ 82.542471][ T4307] bridge0: port 2(bridge_slave_1) entered blocking state
[ 82.549717][ T4307] bridge0: port 2(bridge_slave_1) entered disabled state
[ 82.558135][ T4307] device bridge_slave_1 entered promiscuous mode
[ 82.582341][ T4307] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 82.600635][ T4307] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 82.625432][ T4307] team0: Port device team_slave_0 added
[ 82.633472][ T4307] team0: Port device team_slave_1 added
[ 82.653940][ T4307] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 82.660940][ T4307] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 82.686910][ T4307] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 82.705949][ T4307] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 82.712926][ T4307] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 82.739097][ T4307] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 82.772540][ T4307] device hsr_slave_0 entered promiscuous mode
[ 82.779649][ T4307] device hsr_slave_1 entered promiscuous mode
[ 82.891906][ T4307] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 82.902490][ T4307] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 82.913435][ T4307] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 82.923120][ T4307] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 82.957592][ T4307] bridge0: port 2(bridge_slave_1) entered blocking state
[ 82.965030][ T4307] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 82.972960][ T4307] bridge0: port 1(bridge_slave_0) entered blocking state
[ 82.980125][ T4307] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 83.043186][ T4307] 8021q: adding VLAN 0 to HW filter on device bond0
[ 83.062617][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 83.075906][ T9] bridge0: port 1(bridge_slave_0) entered disabled state
[ 83.085626][ T9] bridge0: port 2(bridge_slave_1) entered disabled state
[ 83.106425][ T4307] 8021q: adding VLAN 0 to HW filter on device team0
[ 83.118893][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 83.127863][ T9] bridge0: port 1(bridge_slave_0) entered blocking state
[ 83.135081][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 83.164324][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 83.175811][ T9] bridge0: port 2(bridge_slave_1) entered blocking state
[ 83.182933][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 83.194462][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 83.213692][ T4307] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 83.224258][ T4307] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 83.237639][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 83.246130][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 83.255651][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 83.266467][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 83.275082][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 83.505781][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 83.515834][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 83.528961][ T4307] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 83.553474][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 83.562269][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 83.581233][ T4307] device veth0_vlan entered promiscuous mode
[ 83.590553][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 83.599218][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 83.608461][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 83.616653][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 83.632309][ T4307] device veth1_vlan entered promiscuous mode
[ 83.652815][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 83.660991][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 83.669631][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 83.678382][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 83.689836][ T4307] device veth0_macvtap entered promiscuous mode
[ 83.702120][ T4307] device veth1_macvtap entered promiscuous mode
[ 83.721786][ T4307] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 83.729951][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 83.739235][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 83.748805][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 83.758398][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 83.774909][ T4307] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 83.782289][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 83.791918][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 83.806082][ T4307] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.815258][ T4307] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.824021][ T4307] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.832718][ T4307] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 84.141761][ T32] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 84.150396][ T32] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 84.175916][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 84.199064][ T75] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 84.215837][ T4323] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 84.223884][ T4323] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 84.232684][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2025/08/03 04:49:28 executed programs: 0
[ 85.847712][ T4293] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 85.856635][ T4293] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 85.865038][ T4293] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 85.874147][ T4293] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 85.881505][ T4293] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 85.889476][ T4293] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 86.028065][ T4368] chnl_net:caif_netlink_parms(): no params data found
[ 86.076827][ T4368] bridge0: port 1(bridge_slave_0) entered blocking state
[ 86.084091][ T4368] bridge0: port 1(bridge_slave_0) entered disabled state
[ 86.091940][ T4368] device bridge_slave_0 entered promiscuous mode
[ 86.101476][ T4368] bridge0: port 2(bridge_slave_1) entered blocking state
[ 86.108989][ T4368] bridge0: port 2(bridge_slave_1) entered disabled state
[ 86.117086][ T4368] device bridge_slave_1 entered promiscuous mode
[ 86.141354][ T4368] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 86.152534][ T4368] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 86.179437][ T4368] team0: Port device team_slave_0 added
[ 86.187284][ T4368] team0: Port device team_slave_1 added
[ 86.211211][ T4368] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 86.218418][ T4368] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 86.244698][ T4368] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 86.257460][ T4368] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 86.264693][ T4368] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 86.290778][ T4368] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 86.326151][ T4368] device hsr_slave_0 entered promiscuous mode
[ 86.333206][ T4368] device hsr_slave_1 entered promiscuous mode
[ 86.340015][ T4368] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 86.348483][ T4368] Cannot create hsr debugfs directory
[ 86.423689][ T75] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 86.745979][ T7] cfg80211: failed to load regulatory.db
[ 87.944304][ T4293] Bluetooth: hci0: command 0x0409 tx timeout
[ 88.824111][ T75] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 88.896765][ T75] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 89.756646][ T4368] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 89.769491][ T4368] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 89.787014][ T75] device hsr_slave_0 left promiscuous mode
[ 89.796212][ T75] device hsr_slave_1 left promiscuous mode
[ 89.803088][ T75] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 89.812438][ T75] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 89.822438][ T75] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 89.831744][ T75] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 89.841022][ T75] device bridge_slave_1 left promiscuous mode
[ 89.848459][ T75] bridge0: port 2(bridge_slave_1) entered disabled state
[ 89.863178][ T75] device bridge_slave_0 left promiscuous mode
[ 89.870621][ T75] bridge0: port 1(bridge_slave_0) entered disabled state
[ 89.901955][ T75] device veth1_macvtap left promiscuous mode
[ 89.908727][ T75] device veth0_macvtap left promiscuous mode
[ 89.915477][ T75] device veth1_vlan left promiscuous mode
[ 89.921526][ T75] device veth0_vlan left promiscuous mode
[ 90.023520][ T4295] Bluetooth: hci0: command 0x041b tx timeout
[ 90.319149][ T75] team0 (unregistering): Port device team_slave_1 removed
[ 90.349457][ T75] team0 (unregistering): Port device team_slave_0 removed
[ 90.378238][ T75] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 90.408819][ T75] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 90.681023][ T75] bond0 (unregistering): Released all slaves
[ 90.762190][ T4368] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 90.771751][ T4368] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 90.852958][ T4368] 8021q: adding VLAN 0 to HW filter on device bond0
[ 90.882372][ T4368] 8021q: adding VLAN 0 to HW filter on device team0
[ 90.889997][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 90.898000][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 90.909681][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 90.918860][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 90.927421][ T9] bridge0: port 1(bridge_slave_0) entered blocking state
[ 90.934559][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 90.954177][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 90.962756][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 90.973670][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 90.982160][ T9] bridge0: port 2(bridge_slave_1) entered blocking state
[ 90.989314][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 91.007406][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 91.016754][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 91.026221][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 91.035379][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 91.045817][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 91.055901][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 91.065101][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 91.082559][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 91.102483][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 91.115338][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 91.125838][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 91.136514][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 91.370691][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 91.380291][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 91.395182][ T4368] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 91.423127][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 91.432353][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 91.458511][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 91.474114][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 91.485408][ T4368] device veth0_vlan entered promiscuous mode
[ 91.499969][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 91.508774][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 91.524309][ T4368] device veth1_vlan entered promiscuous mode
[ 91.551702][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 91.562039][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 91.570483][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 91.580173][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 91.590734][ T4368] device veth0_macvtap entered promiscuous mode
[ 91.600961][ T4368] device veth1_macvtap entered promiscuous mode
[ 91.616728][ T4368] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 91.625685][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 91.635378][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 91.643705][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 91.652314][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 91.664995][ T4368] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 91.672490][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 91.681634][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 91.693704][ T4368] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 91.702436][ T4368] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 91.711515][ T4368] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 91.720485][ T4368] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 91.777123][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 91.796665][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 91.807914][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 91.818805][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
2025/08/03 04:49:35 executed programs: 2
[ 91.827217][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 91.836388][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 92.103471][ T4295] Bluetooth: hci0: command 0x040f tx timeout
[ 94.183797][ T4295] Bluetooth: hci0: command 0x0419 tx timeout
2025/08/03 04:49:40 executed programs: 8
2025/08/03 04:49:45 executed programs: 14
2025/08/03 04:49:50 executed programs: 20
2025/08/03 04:49:55 executed programs: 26
2025/08/03 04:50:00 executed programs: 32
2025/08/03 04:50:05 executed programs: 38
2025/08/03 04:50:10 executed programs: 44
[ 132.826542][ T1267] ieee802154 phy0 wpan0: encryption failed: -22
[ 132.833215][ T1267] ieee802154 phy1 wpan1: encryption failed: -22
2025/08/03 04:50:16 executed programs: 50
[ 135.498670][ T9] ==================================================================
[ 135.506794][ T9] BUG: KASAN: use-after-free in __lock_acquire+0xf7/0x7c50
[ 135.514060][ T9] Read of size 8 at addr ffff8880691c00b0 by task kworker/u4:0/9
[ 135.521782][ T9]
[ 135.524138][ T9] CPU: 1 PID: 9 Comm: kworker/u4:0 Not tainted 6.1.147-syzkaller #0
[ 135.532139][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 135.542209][ T9] Workqueue: kkcmd kcm_tx_work
[ 135.547017][ T9] Call Trace:
[ 135.550306][ T9]
[ 135.553244][ T9] dump_stack_lvl+0x168/0x22e
[ 135.557954][ T9] ? __lock_acquire+0x7c50/0x7c50
[ 135.563004][ T9] ? show_regs_print_info+0x12/0x12
[ 135.568216][ T9] ? load_image+0x3b0/0x3b0
[ 135.572742][ T9] ? _raw_spin_lock_irqsave+0xb0/0xf0
[ 135.578220][ T9] ? __virt_addr_valid+0x188/0x540
[ 135.583370][ T9] ? __virt_addr_valid+0x465/0x540
[ 135.588513][ T9] ? __lock_acquire+0xf7/0x7c50
[ 135.593396][ T9] print_report+0xa8/0x200
[ 135.597849][ T9] kasan_report+0x10b/0x140
[ 135.602395][ T9] ? __lock_acquire+0xf7/0x7c50
[ 135.607282][ T9] __lock_acquire+0xf7/0x7c50
[ 135.612022][ T9] ? mark_lock+0x94/0x320
[ 135.616385][ T9] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 135.622431][ T9] ? __schedule+0x10ba/0x40b0
[ 135.627126][ T9] ? verify_lock_unused+0x140/0x140
[ 135.632364][ T9] ? finish_task_switch+0x265/0x8f0
[ 135.637576][ T9] ? lockdep_hardirqs_on+0x94/0x140
[ 135.642798][ T9] ? finish_task_switch+0x265/0x8f0
[ 135.648017][ T9] ? __schedule+0x10f4/0x40b0
[ 135.652706][ T9] lock_acquire+0x1b4/0x490
[ 135.657246][ T9] ? __lock_sock+0x152/0x2a0
[ 135.661852][ T9] ? __local_bh_disable_ip+0xfb/0x190
[ 135.667242][ T9] ? read_lock_is_recursive+0x10/0x10
[ 135.672717][ T9] ? __local_bh_enable_ip+0x12a/0x1b0
[ 135.678108][ T9] ? kthread_data+0x4b/0xc0
[ 135.682634][ T9] ? kthread_data+0x4b/0xc0
[ 135.687158][ T9] ? __lock_sock+0x152/0x2a0
[ 135.691755][ T9] _raw_spin_lock_bh+0x32/0x50
[ 135.696540][ T9] ? __lock_sock+0x152/0x2a0
[ 135.701142][ T9] __lock_sock+0x152/0x2a0
[ 135.705567][ T9] ? sk_stream_moderate_sndbuf+0x220/0x220
[ 135.711386][ T9] ? do_raw_spin_lock+0x11d/0x280
[ 135.716429][ T9] ? wake_bit_function+0x200/0x200
[ 135.721566][ T9] ? __rwlock_init+0x140/0x140
[ 135.726351][ T9] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 135.732346][ T9] ? lock_sock_nested+0x66/0x100
[ 135.737299][ T9] lock_sock_nested+0x9b/0x100
[ 135.742075][ T9] ? process_one_work+0x7a1/0x1160
[ 135.747199][ T9] kcm_tx_work+0x2d/0x180
[ 135.751561][ T9] ? process_one_work+0x7a1/0x1160
[ 135.756682][ T9] process_one_work+0x898/0x1160
[ 135.761658][ T9] ? worker_detach_from_pool+0x240/0x240
[ 135.767339][ T9] ? _raw_spin_lock_irq+0xab/0xe0
[ 135.772378][ T9] ? _raw_spin_lock_irqsave+0xf0/0xf0
[ 135.777850][ T9] ? kthread_data+0x4b/0xc0
[ 135.782394][ T9] worker_thread+0xaa2/0x1250
[ 135.787120][ T9] kthread+0x29d/0x330
[ 135.791221][ T9] ? worker_clr_flags+0x1a0/0x1a0
[ 135.796272][ T9] ? kthread_blkcg+0xd0/0xd0
[ 135.800882][ T9] ret_from_fork+0x1f/0x30
[ 135.805324][ T9]
[ 135.808409][ T9]
[ 135.810736][ T9] Allocated by task 4641:
[ 135.815070][ T9] kasan_set_track+0x4b/0x70
[ 135.819690][ T9] __kasan_slab_alloc+0x6b/0x80
[ 135.824564][ T9] slab_post_alloc_hook+0x4b/0x480
[ 135.829690][ T9] kmem_cache_alloc+0x123/0x2f0
[ 135.834552][ T9] sk_prot_alloc+0x57/0x210
[ 135.839084][ T9] sk_alloc+0x36/0x340
[ 135.843171][ T9] kcm_ioctl+0x211/0xff0
[ 135.847423][ T9] sock_do_ioctl+0xd3/0x2f0
[ 135.852031][ T9] sock_ioctl+0x4ed/0x6e0
[ 135.856379][ T9] __se_sys_ioctl+0xfa/0x170
[ 135.861094][ T9] do_syscall_64+0x4c/0xa0
[ 135.865523][ T9] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 135.871439][ T9]
[ 135.873776][ T9] Freed by task 4642:
[ 135.877764][ T9] kasan_set_track+0x4b/0x70
[ 135.882373][ T9] kasan_save_free_info+0x2d/0x50
[ 135.887417][ T9] ____kasan_slab_free+0x126/0x1e0
[ 135.892544][ T9] slab_free_freelist_hook+0x131/0x1a0
[ 135.898019][ T9] kmem_cache_free+0xf7/0x290
[ 135.902709][ T9] __sk_destruct+0x48d/0x630
[ 135.907335][ T9] kcm_release+0x520/0x5b0
[ 135.911787][ T9] sock_close+0xd5/0x240
[ 135.916066][ T9] __fput+0x22c/0x920
[ 135.920103][ T9] task_work_run+0x1ca/0x250
[ 135.924716][ T9] exit_to_user_mode_loop+0xe6/0x110
[ 135.930018][ T9] exit_to_user_mode_prepare+0xb1/0x140
[ 135.935587][ T9] syscall_exit_to_user_mode+0x16/0x40
[ 135.941070][ T9] do_syscall_64+0x58/0xa0
[ 135.945499][ T9] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 135.951412][ T9]
[ 135.953772][ T9] Last potentially related work creation:
[ 135.959583][ T9] kasan_save_stack+0x3a/0x60
[ 135.964355][ T9] __kasan_record_aux_stack+0xb2/0xc0
[ 135.969828][ T9] insert_work+0x54/0x3c0
[ 135.974167][ T9] __queue_work+0xba3/0xfb0
[ 135.978686][ T9] queue_work_on+0x11d/0x1d0
[ 135.983292][ T9] kcm_unattach+0x861/0xe80
[ 135.987811][ T9] kcm_ioctl+0x78d/0xff0
[ 135.992090][ T9] sock_do_ioctl+0xd3/0x2f0
[ 135.996619][ T9] sock_ioctl+0x4ed/0x6e0
[ 136.000960][ T9] __se_sys_ioctl+0xfa/0x170
[ 136.005566][ T9] do_syscall_64+0x4c/0xa0
[ 136.010008][ T9] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 136.015921][ T9]
[ 136.018249][ T9] Second to last potentially related work creation:
[ 136.024854][ T9] kasan_save_stack+0x3a/0x60
[ 136.029559][ T9] __kasan_record_aux_stack+0xb2/0xc0
[ 136.034955][ T9] insert_work+0x54/0x3c0
[ 136.039293][ T9] __queue_work+0xba3/0xfb0
[ 136.043821][ T9] queue_work_on+0x11d/0x1d0
[ 136.048437][ T9] kcm_ioctl+0xe4b/0xff0
[ 136.052729][ T9] sock_do_ioctl+0xd3/0x2f0
[ 136.057259][ T9] sock_ioctl+0x4ed/0x6e0
[ 136.061643][ T9] __se_sys_ioctl+0xfa/0x170
[ 136.066246][ T9] do_syscall_64+0x4c/0xa0
[ 136.070690][ T9] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 136.076607][ T9]
[ 136.078941][ T9] The buggy address belongs to the object at ffff8880691c0000
[ 136.078941][ T9] which belongs to the cache KCM of size 1720
[ 136.092407][ T9] The buggy address is located 176 bytes inside of
[ 136.092407][ T9] 1720-byte region [ffff8880691c0000, ffff8880691c06b8)
[ 136.106473][ T9]
[ 136.108828][ T9] The buggy address belongs to the physical page:
[ 136.115254][ T9] page:ffffea0001a47000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x691c0
[ 136.125411][ T9] head:ffffea0001a47000 order:3 compound_mapcount:0 compound_pincount:0
[ 136.133743][ T9] memcg:ffff888024240a01
[ 136.137986][ T9] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 136.145995][ T9] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff88814cc27640
[ 136.154582][ T9] raw: 0000000000000000 0000000080110011 00000001ffffffff ffff888024240a01
[ 136.163192][ T9] page dumped because: kasan: bad access detected
[ 136.169616][ T9] page_owner tracks the page as allocated
[ 136.175332][ T9] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 4641, tgid 4639 (syz.0.68), ts 135496927542, free_ts 85585135204
[ 136.197824][ T9] post_alloc_hook+0x173/0x1a0
[ 136.202611][ T9] get_page_from_freelist+0x1a26/0x1ac0
[ 136.208171][ T9] __alloc_pages+0x1df/0x4e0
[ 136.212786][ T9] alloc_slab_page+0x5d/0x160
[ 136.217484][ T9] new_slab+0x87/0x2c0
[ 136.221572][ T9] ___slab_alloc+0xbc6/0x1220
[ 136.226277][ T9] kmem_cache_alloc+0x1b7/0x2f0
[ 136.231132][ T9] sk_prot_alloc+0x57/0x210
[ 136.235656][ T9] sk_alloc+0x36/0x340
[ 136.239737][ T9] kcm_ioctl+0x211/0xff0
[ 136.243994][ T9] sock_do_ioctl+0xd3/0x2f0
[ 136.248523][ T9] sock_ioctl+0x4ed/0x6e0
[ 136.252867][ T9] __se_sys_ioctl+0xfa/0x170
[ 136.257468][ T9] do_syscall_64+0x4c/0xa0
[ 136.261898][ T9] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 136.267811][ T9] page last free stack trace:
[ 136.272485][ T9] free_unref_page_prepare+0x8b4/0x9a0
[ 136.277956][ T9] free_unref_page+0x2e/0x3f0
[ 136.282643][ T9] kasan_depopulate_vmalloc_pte+0x67/0x80
[ 136.288379][ T9] __apply_to_page_range+0x962/0xc80
[ 136.293677][ T9] kasan_release_vmalloc+0x93/0xb0
[ 136.298802][ T9] __purge_vmap_area_lazy+0xdb0/0x1900
[ 136.304273][ T9] drain_vmap_area_work+0x3c/0xd0
[ 136.309307][ T9] process_one_work+0x898/0x1160
[ 136.314267][ T9] worker_thread+0xaa2/0x1250
[ 136.318973][ T9] kthread+0x29d/0x330
[ 136.323068][ T9] ret_from_fork+0x1f/0x30
[ 136.327505][ T9]
[ 136.329842][ T9] Memory state around the buggy address:
[ 136.335512][ T9] ffff8880691bff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 136.343582][ T9] ffff8880691c0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 136.351647][ T9] >ffff8880691c0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 136.359709][ T9] ^
[ 136.365348][ T9] ffff8880691c0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 136.373415][ T9] ffff8880691c0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 136.381473][ T9] ==================================================================
[ 136.389608][ T9] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 136.396802][ T9] CPU: 1 PID: 9 Comm: kworker/u4:0 Not tainted 6.1.147-syzkaller #0
[ 136.404880][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 136.414961][ T9] Workqueue: kkcmd kcm_tx_work
[ 136.419757][ T9] Call Trace:
[ 136.423045][ T9]
[ 136.425996][ T9] dump_stack_lvl+0x168/0x22e
[ 136.430692][ T9] ? memcpy+0x3c/0x60
[ 136.434693][ T9] ? show_regs_print_info+0x12/0x12
[ 136.439951][ T9] ? load_image+0x3b0/0x3b0
[ 136.444495][ T9] panic+0x2c9/0x710
[ 136.448424][ T9] ? __lock_acquire+0x7c50/0x7c50
[ 136.453471][ T9] ? bpf_jit_dump+0xd0/0xd0
[ 136.457999][ T9] ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 136.463940][ T9] ? _raw_spin_unlock+0x40/0x40
[ 136.468806][ T9] check_panic_on_warn+0x80/0xa0
[ 136.473932][ T9] ? __lock_acquire+0xf7/0x7c50
[ 136.478798][ T9] end_report+0x66/0x110
[ 136.483058][ T9] kasan_report+0x118/0x140
[ 136.487827][ T9] ? __lock_acquire+0xf7/0x7c50
[ 136.492757][ T9] __lock_acquire+0xf7/0x7c50
[ 136.497450][ T9] ? mark_lock+0x94/0x320
[ 136.501800][ T9] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 136.507797][ T9] ? __schedule+0x10ba/0x40b0
[ 136.512488][ T9] ? verify_lock_unused+0x140/0x140
[ 136.517707][ T9] ? finish_task_switch+0x265/0x8f0
[ 136.522917][ T9] ? lockdep_hardirqs_on+0x94/0x140
[ 136.528131][ T9] ? finish_task_switch+0x265/0x8f0
[ 136.533366][ T9] ? __schedule+0x10f4/0x40b0
[ 136.538145][ T9] lock_acquire+0x1b4/0x490
[ 136.542682][ T9] ? __lock_sock+0x152/0x2a0
[ 136.547284][ T9] ? __local_bh_disable_ip+0xfb/0x190
[ 136.552674][ T9] ? read_lock_is_recursive+0x10/0x10
[ 136.558064][ T9] ? __local_bh_enable_ip+0x12a/0x1b0
[ 136.563451][ T9] ? kthread_data+0x4b/0xc0
[ 136.567991][ T9] ? kthread_data+0x4b/0xc0
[ 136.572521][ T9] ? __lock_sock+0x152/0x2a0
[ 136.577118][ T9] _raw_spin_lock_bh+0x32/0x50
[ 136.581897][ T9] ? __lock_sock+0x152/0x2a0
[ 136.586500][ T9] __lock_sock+0x152/0x2a0
[ 136.590928][ T9] ? sk_stream_moderate_sndbuf+0x220/0x220
[ 136.596765][ T9] ? do_raw_spin_lock+0x11d/0x280
[ 136.601896][ T9] ? wake_bit_function+0x200/0x200
[ 136.607033][ T9] ? __rwlock_init+0x140/0x140
[ 136.611834][ T9] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 136.617855][ T9] ? lock_sock_nested+0x66/0x100
[ 136.622816][ T9] lock_sock_nested+0x9b/0x100
[ 136.627599][ T9] ? process_one_work+0x7a1/0x1160
[ 136.632722][ T9] kcm_tx_work+0x2d/0x180
[ 136.637072][ T9] ? process_one_work+0x7a1/0x1160
[ 136.642220][ T9] process_one_work+0x898/0x1160
[ 136.647173][ T9] ? worker_detach_from_pool+0x240/0x240
[ 136.652817][ T9] ? _raw_spin_lock_irq+0xab/0xe0
[ 136.657860][ T9] ? _raw_spin_lock_irqsave+0xf0/0xf0
[ 136.663251][ T9] ? kthread_data+0x4b/0xc0
[ 136.667788][ T9] worker_thread+0xaa2/0x1250
[ 136.672487][ T9] kthread+0x29d/0x330
[ 136.676576][ T9] ? worker_clr_flags+0x1a0/0x1a0
[ 136.681627][ T9] ? kthread_blkcg+0xd0/0xd0
[ 136.686235][ T9] ret_from_fork+0x1f/0x30
[ 136.690673][ T9]
[ 136.694031][ T9] Kernel Offset: disabled
[ 136.698364][ T9] Rebooting in 86400 seconds..