Warning: Permanently added '10.128.1.60' (ED25519) to the list of known hosts.
2025/09/11 04:50:39 parsed 1 programs
[   80.373759][ T1924] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   81.322755][ T1933] chnl_net:caif_netlink_parms(): no params data found
[   84.330978][ T1933] 8021q: adding VLAN 0 to HW filter on device bond0
[   86.330302][  T570] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   86.337914][  T570] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   86.349321][ T1933] 8021q: adding VLAN 0 to HW filter on device batadv0
[   90.273147][   T38] bond0 (unregistering): Released all slaves
[   91.159419][ T1469] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   91.167477][ T1469] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   91.175341][ T1469] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   91.184070][ T1469] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   91.192955][ T1469] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   91.200680][ T1467] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/09/11 04:50:51 executed programs: 0
[   91.928054][   T42] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   91.935632][   T42] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   91.944053][   T42] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   91.952651][   T42] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   91.960243][   T42] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   91.967705][   T42] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   92.288213][ T2415] chnl_net:caif_netlink_parms(): no params data found
[   94.029711][ T1469] Bluetooth: hci0: command 0x0409 tx timeout
[   95.233838][ T2415] 8021q: adding VLAN 0 to HW filter on device bond0
[   96.109661][ T1469] Bluetooth: hci0: command 0x041b tx timeout
[   97.248309][  T570] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   97.255958][  T570] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   97.266633][ T2415] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.189657][ T1469] Bluetooth: hci0: command 0x040f tx timeout
[  100.279543][ T1469] Bluetooth: hci0: command 0x0419 tx timeout
2025/09/11 04:51:00 executed programs: 2
2025/09/11 04:51:05 executed programs: 8
[  106.198776][  T570] ==================================================================
[  106.207246][  T570] BUG: KASAN: use-after-free in __lock_acquire+0xf7/0x7c50
[  106.214550][  T570] Read of size 8 at addr ffff88811f9124f0 by task kworker/u4:4/570
[  106.222890][  T570] 
[  106.225939][  T570] CPU: 1 PID: 570 Comm: kworker/u4:4 Not tainted syzkaller #0
[  106.233876][  T570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  106.244549][  T570] Workqueue: kkcmd kcm_tx_work
[  106.249488][  T570] Call Trace:
[  106.252775][  T570]  <TASK>
[  106.255697][  T570]  dump_stack_lvl+0xe3/0x16b
[  106.260378][  T570]  ? show_regs_print_info+0x5/0x5
[  106.265572][  T570]  ? load_image+0x2f0/0x2f0
[  106.270080][  T570]  ? _raw_spin_lock_irqsave+0xb0/0xf0
[  106.275805][  T570]  ? __virt_addr_valid+0x10a/0x380
[  106.281559][  T570]  ? __virt_addr_valid+0x10a/0x380
[  106.286778][  T570]  ? __virt_addr_valid+0x10a/0x380
[  106.291890][  T570]  ? __virt_addr_valid+0x10a/0x380
[  106.297070][  T570]  ? __virt_addr_valid+0x2bf/0x380
[  106.302324][  T570]  ? __lock_acquire+0xf7/0x7c50
[  106.307792][  T570]  print_report+0xa8/0x210
[  106.312495][  T570]  kasan_report+0x10b/0x140
[  106.317086][  T570]  ? __lock_acquire+0xf7/0x7c50
[  106.322065][  T570]  __lock_acquire+0xf7/0x7c50
[  106.326902][  T570]  ? lock_pin_lock+0x3a0/0x3a0
[  106.331658][  T570]  ? __switch_to+0x58d/0x1080
[  106.336441][  T570]  ? mark_lock+0x94/0x320
[  106.340836][  T570]  ? verify_lock_unused+0x140/0x140
[  106.346015][  T570]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  106.352166][  T570]  ? lock_chain_count+0x20/0x20
[  106.357007][  T570]  ? finish_task_switch+0x1f4/0x750
[  106.362283][  T570]  ? lockdep_hardirqs_on+0x94/0x140
[  106.367656][  T570]  lock_acquire+0x1b4/0x490
[  106.372155][  T570]  ? __lock_sock+0x148/0x250
[  106.376839][  T570]  ? __local_bh_disable_ip+0xfb/0x190
[  106.382415][  T570]  ? read_lock_is_recursive+0x10/0x10
[  106.387906][  T570]  ? __local_bh_enable_ip+0x12a/0x1b0
[  106.393521][  T570]  ? _local_bh_enable+0xa0/0xa0
[  106.398493][  T570]  ? wq_worker_sleeping+0x19/0x210
[  106.403609][  T570]  ? __lock_sock+0x148/0x250
[  106.408209][  T570]  _raw_spin_lock_bh+0x32/0x50
[  106.412961][  T570]  ? __lock_sock+0x148/0x250
[  106.417548][  T570]  __lock_sock+0x148/0x250
[  106.421980][  T570]  ? sk_stream_moderate_sndbuf+0x1f0/0x1f0
[  106.427859][  T570]  ? do_raw_spin_lock+0x11d/0x280
[  106.433069][  T570]  ? wake_bit_function+0x200/0x200
[  106.438510][  T570]  ? __rwlock_init+0x140/0x140
[  106.443472][  T570]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  106.449801][  T570]  ? lock_sock_nested+0x5c/0xe0
[  106.455615][  T570]  lock_sock_nested+0x81/0xe0
[  106.460434][  T570]  ? process_one_work+0x6dc/0xea0
[  106.465665][  T570]  kcm_tx_work+0x28/0x140
[  106.470113][  T570]  ? process_one_work+0x6dc/0xea0
[  106.475469][  T570]  process_one_work+0x799/0xea0
[  106.480523][  T570]  ? worker_detach_from_pool+0x220/0x220
[  106.486579][  T570]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  106.492665][  T570]  ? wq_worker_sleeping+0x19/0x210
[  106.499691][  T570]  worker_thread+0x8cc/0xfb0
[  106.504941][  T570]  ? lockdep_hardirqs_on+0x94/0x140
[  106.510656][  T570]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  106.516897][  T570]  ? __kthread_parkme+0xba/0x190
[  106.522332][  T570]  ? worker_clr_flags+0x160/0x160
[  106.527546][  T570]  kthread+0x259/0x2d0
[  106.531865][  T570]  ? worker_clr_flags+0x160/0x160
[  106.536917][  T570]  ? kthread_blkcg+0xa0/0xa0
[  106.541600][  T570]  ret_from_fork+0x1f/0x30
[  106.546132][  T570]  </TASK>
[  106.549175][  T570] 
[  106.551706][  T570] Allocated by task 2847:
[  106.556050][  T570]  kasan_set_track+0x4b/0x70
[  106.560675][  T570]  __kasan_slab_alloc+0x6b/0x80
[  106.565526][  T570]  slab_post_alloc_hook+0x4b/0x480
[  106.570634][  T570]  kmem_cache_alloc+0x123/0x2f0
[  106.575495][  T570]  sk_prot_alloc+0x51/0x1b0
[  106.580006][  T570]  sk_alloc+0x30/0x2d0
[  106.584158][  T570]  kcm_ioctl+0x28f/0xe40
[  106.588598][  T570]  sock_do_ioctl+0xcd/0x260
[  106.593099][  T570]  sock_ioctl+0x41d/0x540
[  106.597427][  T570]  __se_sys_ioctl+0xa6/0xf0
[  106.601909][  T570]  do_syscall_64+0x4c/0xa0
[  106.606338][  T570]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  106.612302][  T570] 
[  106.614720][  T570] Freed by task 2848:
[  106.618724][  T570]  kasan_set_track+0x4b/0x70
[  106.623473][  T570]  kasan_save_free_info+0x2d/0x50
[  106.628536][  T570]  ____kasan_slab_free+0x126/0x1e0
[  106.633738][  T570]  slab_free_freelist_hook+0x131/0x1a0
[  106.639202][  T570]  kmem_cache_free+0xf7/0x290
[  106.643886][  T570]  __sk_destruct+0x353/0x4b0
[  106.648466][  T570]  kcm_release+0x3ad/0x550
[  106.652884][  T570]  sock_close+0xcb/0x220
[  106.657245][  T570]  __fput+0x1a9/0x700
[  106.661220][  T570]  task_work_run+0x142/0x1e0
[  106.665832][  T570]  exit_to_user_mode_loop+0xda/0xf0
[  106.671035][  T570]  exit_to_user_mode_prepare+0xa9/0x120
[  106.676704][  T570]  syscall_exit_to_user_mode+0x16/0x40
[  106.682449][  T570]  do_syscall_64+0x58/0xa0
[  106.686906][  T570]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  106.692820][  T570] 
[  106.695500][  T570] Last potentially related work creation:
[  106.701304][  T570]  kasan_save_stack+0x3a/0x60
[  106.706052][  T570]  __kasan_record_aux_stack+0xb2/0xc0
[  106.711557][  T570]  insert_work+0x4f/0x330
[  106.715971][  T570]  __queue_work+0x93d/0xc40
[  106.720543][  T570]  queue_work_on+0xcb/0x160
[  106.725137][  T570]  kcm_unattach+0x858/0xe30
[  106.729813][  T570]  kcm_ioctl+0x69d/0xe40
[  106.734167][  T570]  sock_do_ioctl+0xcd/0x260
[  106.738668][  T570]  sock_ioctl+0x41d/0x540
[  106.743010][  T570]  __se_sys_ioctl+0xa6/0xf0
[  106.747525][  T570]  do_syscall_64+0x4c/0xa0
[  106.751932][  T570]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  106.757823][  T570] 
[  106.760124][  T570] Second to last potentially related work creation:
[  106.766689][  T570]  kasan_save_stack+0x3a/0x60
[  106.771481][  T570]  __kasan_record_aux_stack+0xb2/0xc0
[  106.776941][  T570]  insert_work+0x4f/0x330
[  106.781448][  T570]  __queue_work+0x93d/0xc40
[  106.786130][  T570]  queue_work_on+0xcb/0x160
[  106.790904][  T570]  kcm_ioctl+0xc20/0xe40
[  106.795144][  T570]  sock_do_ioctl+0xcd/0x260
[  106.799650][  T570]  sock_ioctl+0x41d/0x540
[  106.803973][  T570]  __se_sys_ioctl+0xa6/0xf0
[  106.808506][  T570]  do_syscall_64+0x4c/0xa0
[  106.812945][  T570]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  106.818933][  T570] 
[  106.821355][  T570] The buggy address belongs to the object at ffff88811f912440
[  106.821355][  T570]  which belongs to the cache KCM of size 1720
[  106.834911][  T570] The buggy address is located 176 bytes inside of
[  106.834911][  T570]  1720-byte region [ffff88811f912440, ffff88811f912af8)
[  106.848534][  T570] 
[  106.850854][  T570] The buggy address belongs to the physical page:
[  106.857354][  T570] page:ffffea00047e4400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11f910
[  106.868001][  T570] head:ffffea00047e4400 order:3 compound_mapcount:0 compound_pincount:0
[  106.876583][  T570] memcg:ffff88810466fa01
[  106.880833][  T570] flags: 0x200000000010200(slab|head|node=0|zone=2)
[  106.887517][  T570] raw: 0200000000010200 0000000000000000 dead000000000122 ffff888107f4d780
[  106.896523][  T570] raw: 0000000000000000 0000000080110011 00000001ffffffff ffff88810466fa01
[  106.905095][  T570] page dumped because: kasan: bad access detected
[  106.911517][  T570] page_owner tracks the page as allocated
[  106.917247][  T570] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 2817, tgid 2814 (syz.2.17), ts 101115598020, free_ts 101063542490
[  106.940003][  T570]  post_alloc_hook+0x173/0x1a0
[  106.944787][  T570]  get_page_from_freelist+0x24d6/0x2650
[  106.950365][  T570]  __alloc_pages+0x1df/0x4e0
[  106.955006][  T570]  alloc_slab_page+0x5d/0x160
[  106.959688][  T570]  new_slab+0x87/0x2c0
[  106.963738][  T570]  ___slab_alloc+0xbc6/0x1230
[  106.968405][  T570]  kmem_cache_alloc+0x1b7/0x2f0
[  106.973395][  T570]  sk_prot_alloc+0x51/0x1b0
[  106.978092][  T570]  sk_alloc+0x30/0x2d0
[  106.982173][  T570]  kcm_ioctl+0x28f/0xe40
[  106.986403][  T570]  sock_do_ioctl+0xcd/0x260
[  106.990897][  T570]  sock_ioctl+0x41d/0x540
[  106.995248][  T570]  __se_sys_ioctl+0xa6/0xf0
[  106.999757][  T570]  do_syscall_64+0x4c/0xa0
[  107.004443][  T570]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  107.010598][  T570] page last free stack trace:
[  107.015349][  T570]  free_unref_page_prepare+0x822/0x860
[  107.020822][  T570]  free_unref_page+0x2e/0x3c0
[  107.025528][  T570]  qlist_free_all+0x76/0xe0
[  107.030043][  T570]  kasan_quarantine_reduce+0x144/0x160
[  107.035510][  T570]  __kasan_slab_alloc+0x1e/0x80
[  107.040478][  T570]  slab_post_alloc_hook+0x4b/0x480
[  107.045599][  T570]  kmem_cache_alloc+0x123/0x2f0
[  107.050458][  T570]  getname_flags+0xa0/0x430
[  107.054987][  T570]  user_path_at_empty+0x1b/0x50
[  107.059911][  T570]  do_readlinkat+0xbe/0x380
[  107.064405][  T570]  __x64_sys_readlink+0x76/0x80
[  107.069329][  T570]  do_syscall_64+0x4c/0xa0
[  107.073718][  T570]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  107.079704][  T570] 
[  107.082118][  T570] Memory state around the buggy address:
[  107.088090][  T570]  ffff88811f912380: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[  107.096267][  T570]  ffff88811f912400: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  107.104587][  T570] >ffff88811f912480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  107.112918][  T570]                                                              ^
[  107.120631][  T570]  ffff88811f912500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  107.128672][  T570]  ffff88811f912580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  107.136791][  T570] ==================================================================
[  107.144941][  T570] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  107.152280][  T570] CPU: 1 PID: 570 Comm: kworker/u4:4 Not tainted syzkaller #0
[  107.159845][  T570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  107.170004][  T570] Workqueue: kkcmd kcm_tx_work
[  107.174840][  T570] Call Trace:
[  107.178212][  T570]  <TASK>
[  107.181222][  T570]  dump_stack_lvl+0xe3/0x16b
[  107.185926][  T570]  ? show_regs_print_info+0x5/0x5
[  107.191039][  T570]  ? load_image+0x2f0/0x2f0
[  107.195652][  T570]  panic+0x1f0/0x510
[  107.199550][  T570]  ? bpf_jit_dump+0xc0/0xc0
[  107.204165][  T570]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  107.210157][  T570]  ? _raw_spin_unlock+0x40/0x40
[  107.215026][  T570]  ? __lock_acquire+0xf7/0x7c50
[  107.219861][  T570]  check_panic_on_warn+0x56/0x70
[  107.224808][  T570]  end_report+0x66/0x110
[  107.229162][  T570]  kasan_report+0x118/0x140
[  107.233667][  T570]  ? __lock_acquire+0xf7/0x7c50
[  107.238494][  T570]  __lock_acquire+0xf7/0x7c50
[  107.243245][  T570]  ? lock_pin_lock+0x3a0/0x3a0
[  107.248014][  T570]  ? __switch_to+0x58d/0x1080
[  107.252679][  T570]  ? mark_lock+0x94/0x320
[  107.257078][  T570]  ? verify_lock_unused+0x140/0x140
[  107.262263][  T570]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  107.268231][  T570]  ? lock_chain_count+0x20/0x20
[  107.273147][  T570]  ? finish_task_switch+0x1f4/0x750
[  107.278409][  T570]  ? lockdep_hardirqs_on+0x94/0x140
[  107.283602][  T570]  lock_acquire+0x1b4/0x490
[  107.288081][  T570]  ? __lock_sock+0x148/0x250
[  107.292799][  T570]  ? __local_bh_disable_ip+0xfb/0x190
[  107.298253][  T570]  ? read_lock_is_recursive+0x10/0x10
[  107.303906][  T570]  ? __local_bh_enable_ip+0x12a/0x1b0
[  107.309305][  T570]  ? _local_bh_enable+0xa0/0xa0
[  107.314359][  T570]  ? wq_worker_sleeping+0x19/0x210
[  107.319494][  T570]  ? __lock_sock+0x148/0x250
[  107.324136][  T570]  _raw_spin_lock_bh+0x32/0x50
[  107.329184][  T570]  ? __lock_sock+0x148/0x250
[  107.333767][  T570]  __lock_sock+0x148/0x250
[  107.338348][  T570]  ? sk_stream_moderate_sndbuf+0x1f0/0x1f0
[  107.344215][  T570]  ? do_raw_spin_lock+0x11d/0x280
[  107.349312][  T570]  ? wake_bit_function+0x200/0x200
[  107.354427][  T570]  ? __rwlock_init+0x140/0x140
[  107.359311][  T570]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  107.365462][  T570]  ? lock_sock_nested+0x5c/0xe0
[  107.370575][  T570]  lock_sock_nested+0x81/0xe0
[  107.375247][  T570]  ? process_one_work+0x6dc/0xea0
[  107.380442][  T570]  kcm_tx_work+0x28/0x140
[  107.384756][  T570]  ? process_one_work+0x6dc/0xea0
[  107.389788][  T570]  process_one_work+0x799/0xea0
[  107.394660][  T570]  ? worker_detach_from_pool+0x220/0x220
[  107.400346][  T570]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  107.405830][  T570]  ? wq_worker_sleeping+0x19/0x210
[  107.410953][  T570]  worker_thread+0x8cc/0xfb0
[  107.415569][  T570]  ? lockdep_hardirqs_on+0x94/0x140
[  107.420768][  T570]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  107.426781][  T570]  ? __kthread_parkme+0xba/0x190
[  107.431730][  T570]  ? worker_clr_flags+0x160/0x160
[  107.436768][  T570]  kthread+0x259/0x2d0
[  107.440832][  T570]  ? worker_clr_flags+0x160/0x160
[  107.446422][  T570]  ? kthread_blkcg+0xa0/0xa0
[  107.450999][  T570]  ret_from_fork+0x1f/0x30
[  107.455415][  T570]  </TASK>
[  107.458814][  T570] Kernel Offset: disabled
[  107.463155][  T570] Rebooting in 86400 seconds..