Warning: Permanently added '10.128.0.233' (ED25519) to the list of known hosts.
2025/12/31 11:11:59 parsed 1 programs
[ 106.271116][ T4605] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 107.859410][ T4623] chnl_net:caif_netlink_parms(): no params data found
[ 107.906676][ T4623] bridge0: port 1(bridge_slave_0) entered blocking state
[ 107.914027][ T4623] bridge0: port 1(bridge_slave_0) entered disabled state
[ 107.922218][ T4623] device bridge_slave_0 entered promiscuous mode
[ 107.932647][ T4623] bridge0: port 2(bridge_slave_1) entered blocking state
[ 107.939917][ T4623] bridge0: port 2(bridge_slave_1) entered disabled state
[ 107.948033][ T4623] device bridge_slave_1 entered promiscuous mode
[ 107.973725][ T4623] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 107.985099][ T4623] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 108.013164][ T4623] team0: Port device team_slave_0 added
[ 108.020919][ T4623] team0: Port device team_slave_1 added
[ 108.040425][ T4623] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 108.047798][ T4623] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 108.073965][ T4623] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 108.088081][ T4623] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 108.095136][ T4623] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 108.121718][ T4623] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 108.155235][ T4623] device hsr_slave_0 entered promiscuous mode
[ 108.162187][ T4623] device hsr_slave_1 entered promiscuous mode
[ 108.865754][ T4623] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 108.875833][ T4623] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 108.892374][ T4623] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 108.916417][ T4623] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 109.035491][ T4623] 8021q: adding VLAN 0 to HW filter on device bond0
[ 109.049995][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 109.065472][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 109.088345][ T4623] 8021q: adding VLAN 0 to HW filter on device team0
[ 109.109266][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 109.126179][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 109.145094][ T1228] bridge0: port 1(bridge_slave_0) entered blocking state
[ 109.152342][ T1228] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 109.185139][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 109.198677][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 109.225442][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 109.241961][ T1228] bridge0: port 2(bridge_slave_1) entered blocking state
[ 109.249112][ T1228] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 109.265676][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 109.287905][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 109.308575][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 109.325254][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 109.347564][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 109.357000][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 109.367847][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 109.384051][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 109.394655][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 109.403746][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 109.412955][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 109.423368][ T4623] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 109.600955][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 109.624940][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 109.638857][ T4623] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 109.687362][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 109.698743][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 109.736088][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 109.745545][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 109.766970][ T4623] device veth0_vlan entered promiscuous mode
[ 109.775937][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 109.795086][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 109.807261][ T4623] device veth1_vlan entered promiscuous mode
[ 109.845629][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 109.865503][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 109.885967][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 109.897638][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 109.911285][ T4623] device veth0_macvtap entered promiscuous mode
[ 109.932827][ T4623] device veth1_macvtap entered promiscuous mode
[ 109.966801][ T4623] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 109.974207][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 109.995560][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 110.025714][ T1228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 110.039995][ T4623] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 110.049518][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 110.060820][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 110.073342][ T4623] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 110.082926][ T4623] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 110.093350][ T4623] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 110.103077][ T4623] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 110.344897][ T4313] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 112.211456][ T4313] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 114.580780][ T4313] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 114.625262][ T4313] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 115.590686][ T4313] device hsr_slave_0 left promiscuous mode
[ 115.613861][ T4313] device hsr_slave_1 left promiscuous mode
[ 115.627049][ T4313] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 115.634505][ T4313] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 115.650002][ T4313] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 115.668825][ T4313] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 115.686049][ T4313] device bridge_slave_1 left promiscuous mode
[ 115.692595][ T4313] bridge0: port 2(bridge_slave_1) entered disabled state
[ 115.703349][ T4313] device bridge_slave_0 left promiscuous mode
[ 115.709796][ T4313] bridge0: port 1(bridge_slave_0) entered disabled state
[ 115.730417][ T4313] device veth1_macvtap left promiscuous mode
[ 115.737136][ T4313] device veth0_macvtap left promiscuous mode
[ 115.743258][ T4313] device veth1_vlan left promiscuous mode
[ 115.749694][ T4313] device veth0_vlan left promiscuous mode
[ 115.966406][ T4313] team0 (unregistering): Port device team_slave_1 removed
[ 115.982396][ T4313] team0 (unregistering): Port device team_slave_0 removed
[ 116.000054][ T4313] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 116.016338][ T4313] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 116.086567][ T4313] bond0 (unregistering): Released all slaves
[ 116.223247][ T318] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 116.236635][ T318] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 116.259662][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 116.290948][ T318] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 116.300534][ T318] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 116.312849][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2025/12/31 11:12:14 executed programs: 0
[ 117.642577][ T5054] chnl_net:caif_netlink_parms(): no params data found
[ 117.766663][ T5054] bridge0: port 1(bridge_slave_0) entered blocking state
[ 117.773861][ T5054] bridge0: port 1(bridge_slave_0) entered disabled state
[ 117.782408][ T5054] device bridge_slave_0 entered promiscuous mode
[ 117.791384][ T5054] bridge0: port 2(bridge_slave_1) entered blocking state
[ 117.798886][ T5054] bridge0: port 2(bridge_slave_1) entered disabled state
[ 117.815995][ T5054] device bridge_slave_1 entered promiscuous mode
[ 117.875250][ T5054] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 117.905948][ T5054] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 117.981390][ T5054] team0: Port device team_slave_0 added
[ 118.002388][ T5054] team0: Port device team_slave_1 added
[ 118.054008][ T5054] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 118.061953][ T5054] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 118.087994][ T5054] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 118.104391][ T5054] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 118.113483][ T5054] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 118.142077][ T5054] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 118.198984][ T5054] device hsr_slave_0 entered promiscuous mode
[ 118.206255][ T5054] device hsr_slave_1 entered promiscuous mode
[ 118.320271][ T4313] ODEBUG: Out of memory. ODEBUG disabled
[ 118.858323][ T5054] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 118.870502][ T5054] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 118.881686][ T5054] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 118.891642][ T5054] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 118.958972][ T5054] 8021q: adding VLAN 0 to HW filter on device bond0
[ 118.973101][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 118.981586][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 118.999362][ T5054] 8021q: adding VLAN 0 to HW filter on device team0
[ 119.010729][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 119.020516][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 119.029550][ T144] bridge0: port 1(bridge_slave_0) entered blocking state
[ 119.036798][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 119.046662][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 119.066757][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 119.075724][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 119.084263][ T144] bridge0: port 2(bridge_slave_1) entered blocking state
[ 119.091502][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 119.105221][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 119.120664][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 119.133508][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 119.143508][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 119.163765][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 119.172476][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 119.181823][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 119.191201][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 119.200234][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 119.242803][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 119.251742][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 119.263487][ T5054] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 119.454805][ T23] Bluetooth: hci0: command 0x0409 tx timeout
[ 119.490885][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 119.499077][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 119.511943][ T5054] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 119.565272][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 119.575406][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 119.596947][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 119.615388][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 119.659219][ T5054] device veth0_vlan entered promiscuous mode
[ 119.666761][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 119.676566][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 119.691854][ T5054] device veth1_vlan entered promiscuous mode
[ 119.699209][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 119.757893][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 119.776849][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 119.791117][ T5054] device veth0_macvtap entered promiscuous mode
[ 119.829524][ T5054] device veth1_macvtap entered promiscuous mode
[ 119.850713][ T5054] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 119.859061][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 119.870372][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 119.879681][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 119.890118][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 119.902222][ T5054] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 119.913107][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 119.922980][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 119.936874][ T5054] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 119.947462][ T5054] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 119.957263][ T5054] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 119.966266][ T5054] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 120.052757][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.067010][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.092359][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 120.117263][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 120.126182][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 120.135277][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 121.525390][ T5097] Bluetooth: hci0: command 0x041b tx timeout
2025/12/31 11:12:20 executed programs: 5
[ 123.604785][ T5099] Bluetooth: hci0: command 0x040f tx timeout
[ 125.685159][ T5097] Bluetooth: hci0: command 0x0419 tx timeout
2025/12/31 11:12:25 executed programs: 11
[ 129.627773][ T9] ==================================================================
[ 129.636084][ T9] BUG: KASAN: use-after-free in worker_thread+0xa7a/0x12a0
[ 129.643323][ T9] Read of size 8 at addr ffff88805d165fb0 by task kworker/u4:0/9
[ 129.651049][ T9]
[ 129.653401][ T9] CPU: 1 PID: 9 Comm: kworker/u4:0 Not tainted syzkaller #0
[ 129.660684][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 129.670738][ T9] Workqueue: 0x0 (phy10)
[ 129.675085][ T9] Call Trace:
[ 129.678569][ T9]
[ 129.681535][ T9] dump_stack_lvl+0x168/0x230
[ 129.686220][ T9] ? show_regs_print_info+0x20/0x20
[ 129.691454][ T9] ? _printk+0xcc/0x110
[ 129.695628][ T9] ? worker_thread+0xa7a/0x12a0
[ 129.700487][ T9] ? load_image+0x3b0/0x3b0
[ 129.704996][ T9] ? _raw_spin_lock_irq+0x7a/0xe0
[ 129.710032][ T9] print_address_description+0x60/0x2d0
[ 129.715581][ T9] ? worker_thread+0xa7a/0x12a0
[ 129.720431][ T9] kasan_report+0xdf/0x130
[ 129.724868][ T9] ? worker_thread+0xa7a/0x12a0
[ 129.729730][ T9] worker_thread+0xa7a/0x12a0
[ 129.734446][ T9] kthread+0x436/0x520
[ 129.738538][ T9] ? rcu_lock_release+0x20/0x20
[ 129.743420][ T9] ? kthread_blkcg+0xd0/0xd0
[ 129.748037][ T9] ret_from_fork+0x1f/0x30
[ 129.752461][ T9]
[ 129.755475][ T9]
[ 129.757791][ T9] Allocated by task 5234:
[ 129.762107][ T9] __kasan_slab_alloc+0x9c/0xd0
[ 129.767222][ T9] slab_post_alloc_hook+0x4c/0x380
[ 129.772343][ T9] kmem_cache_alloc+0x100/0x290
[ 129.777186][ T9] sk_prot_alloc+0x57/0x210
[ 129.781692][ T9] sk_alloc+0x2f/0x310
[ 129.785757][ T9] kcm_ioctl+0x211/0xff0
[ 129.790007][ T9] sock_do_ioctl+0xd3/0x2f0
[ 129.794530][ T9] sock_ioctl+0x4ed/0x6e0
[ 129.798958][ T9] __se_sys_ioctl+0xfa/0x170
[ 129.803561][ T9] do_syscall_64+0x4c/0xa0
[ 129.808005][ T9] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 129.813974][ T9]
[ 129.816304][ T9] Freed by task 5235:
[ 129.820632][ T9] kasan_set_track+0x4b/0x70
[ 129.825317][ T9] kasan_set_free_info+0x1f/0x40
[ 129.830250][ T9] ____kasan_slab_free+0xd5/0x110
[ 129.835268][ T9] slab_free_freelist_hook+0xea/0x170
[ 129.840644][ T9] kmem_cache_free+0x8f/0x210
[ 129.845319][ T9] __sk_destruct+0x569/0x840
[ 129.849935][ T9] kcm_release+0x51a/0x5b0
[ 129.854369][ T9] sock_close+0xd5/0x240
[ 129.858604][ T9] __fput+0x234/0x930
[ 129.862599][ T9] task_work_run+0x125/0x1a0
[ 129.867269][ T9] exit_to_user_mode_loop+0x10f/0x130
[ 129.872673][ T9] exit_to_user_mode_prepare+0xee/0x180
[ 129.878222][ T9] syscall_exit_to_user_mode+0x16/0x40
[ 129.883689][ T9] do_syscall_64+0x58/0xa0
[ 129.888099][ T9] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 129.894013][ T9]
[ 129.896331][ T9] Last potentially related work creation:
[ 129.902133][ T9] kasan_save_stack+0x35/0x60
[ 129.906813][ T9] kasan_record_aux_stack+0xb8/0x100
[ 129.912106][ T9] insert_work+0x54/0x3d0
[ 129.916433][ T9] __queue_work+0x9c5/0xd50
[ 129.920941][ T9] queue_work_on+0x11d/0x1d0
[ 129.925526][ T9] kcm_unattach+0x85e/0xe80
[ 129.930115][ T9] kcm_ioctl+0x78d/0xff0
[ 129.934369][ T9] sock_do_ioctl+0xd3/0x2f0
[ 129.938908][ T9] sock_ioctl+0x4ed/0x6e0
[ 129.943241][ T9] __se_sys_ioctl+0xfa/0x170
[ 129.947928][ T9] do_syscall_64+0x4c/0xa0
[ 129.952352][ T9] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 129.958337][ T9]
[ 129.960669][ T9] Second to last potentially related work creation:
[ 129.967240][ T9] kasan_save_stack+0x35/0x60
[ 129.971915][ T9] kasan_record_aux_stack+0xb8/0x100
[ 129.977206][ T9] insert_work+0x54/0x3d0
[ 129.981530][ T9] __queue_work+0x9c5/0xd50
[ 129.986037][ T9] queue_work_on+0x11d/0x1d0
[ 129.990716][ T9] kcm_ioctl+0xe4b/0xff0
[ 129.994954][ T9] sock_do_ioctl+0xd3/0x2f0
[ 129.999568][ T9] sock_ioctl+0x4ed/0x6e0
[ 130.004178][ T9] __se_sys_ioctl+0xfa/0x170
[ 130.008796][ T9] do_syscall_64+0x4c/0xa0
[ 130.013229][ T9] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 130.019143][ T9]
[ 130.021466][ T9] The buggy address belongs to the object at ffff88805d165a00
[ 130.021466][ T9] which belongs to the cache KCM of size 1736
[ 130.035095][ T9] The buggy address is located 1456 bytes inside of
[ 130.035095][ T9] 1736-byte region [ffff88805d165a00, ffff88805d1660c8)
[ 130.048561][ T9] The buggy address belongs to the page:
[ 130.054404][ T9] page:ffffea0001745800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5d160
[ 130.064556][ T9] head:ffffea0001745800 order:3 compound_mapcount:0 compound_pincount:0
[ 130.072891][ T9] memcg:ffff8880228ba601
[ 130.077242][ T9] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 130.085373][ T9] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff88802b5cd000
[ 130.093984][ T9] raw: 0000000000000000 0000000080110011 00000001ffffffff ffff8880228ba601
[ 130.102582][ T9] page dumped because: kasan: bad access detected
[ 130.109017][ T9] page_owner tracks the page as allocated
[ 130.114736][ T9] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5162, ts 120272351401, free_ts 120214623162
[ 130.135565][ T9] get_page_from_freelist+0x1b77/0x1c60
[ 130.141164][ T9] __alloc_pages+0x1e1/0x470
[ 130.145954][ T9] new_slab+0xc0/0x4b0
[ 130.150083][ T9] ___slab_alloc+0x81e/0xdf0
[ 130.154772][ T9] kmem_cache_alloc+0x195/0x290
[ 130.159624][ T9] sk_prot_alloc+0x57/0x210
[ 130.164132][ T9] sk_alloc+0x2f/0x310
[ 130.168205][ T9] kcm_ioctl+0x211/0xff0
[ 130.172446][ T9] sock_do_ioctl+0xd3/0x2f0
[ 130.177031][ T9] sock_ioctl+0x4ed/0x6e0
[ 130.181353][ T9] __se_sys_ioctl+0xfa/0x170
[ 130.186124][ T9] do_syscall_64+0x4c/0xa0
[ 130.190554][ T9] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 130.196472][ T9] page last free stack trace:
[ 130.201150][ T9] free_unref_page_prepare+0x637/0x6c0
[ 130.206619][ T9] free_unref_page+0x94/0x280
[ 130.211299][ T9] __unfreeze_partials+0x1a5/0x200
[ 130.216410][ T9] put_cpu_partial+0x12d/0x190
[ 130.221178][ T9] qlist_free_all+0x35/0x90
[ 130.225781][ T9] kasan_quarantine_reduce+0x150/0x160
[ 130.231239][ T9] __kasan_slab_alloc+0x2f/0xd0
[ 130.236114][ T9] slab_post_alloc_hook+0x4c/0x380
[ 130.241226][ T9] kmem_cache_alloc+0x100/0x290
[ 130.246156][ T9] copy_mm+0x8b1/0x1380
[ 130.250743][ T9] copy_process+0x17c6/0x3e00
[ 130.255620][ T9] kernel_clone+0x219/0x930
[ 130.260138][ T9] __x64_sys_clone+0x170/0x1c0
[ 130.264913][ T9] do_syscall_64+0x4c/0xa0
[ 130.269469][ T9] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 130.275453][ T9]
[ 130.277777][ T9] Memory state around the buggy address:
[ 130.283536][ T9] ffff88805d165e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 130.291639][ T9] ffff88805d165f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 130.299715][ T9] >ffff88805d165f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 130.307889][ T9] ^
[ 130.313540][ T9] ffff88805d166000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 130.321707][ T9] ffff88805d166080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc
[ 130.329764][ T9] ==================================================================
[ 130.337818][ T9] Disabling lock debugging due to kernel taint
[ 130.343990][ T9] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 130.351179][ T9] CPU: 1 PID: 9 Comm: kworker/u4:0 Tainted: G B syzkaller #0
[ 130.359868][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 130.370286][ T9] Workqueue: 0x0 (phy10)
[ 130.374720][ T9] Call Trace:
[ 130.378007][ T9]
[ 130.380933][ T9] dump_stack_lvl+0x168/0x230
[ 130.385610][ T9] ? show_regs_print_info+0x20/0x20
[ 130.390809][ T9] ? load_image+0x3b0/0x3b0
[ 130.395310][ T9] panic+0x2c9/0x7f0
[ 130.399197][ T9] ? bpf_jit_dump+0xd0/0xd0
[ 130.403693][ T9] ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 130.409579][ T9] ? _raw_spin_unlock+0x40/0x40
[ 130.414445][ T9] ? print_memory_metadata+0x314/0x400
[ 130.419903][ T9] ? worker_thread+0xa7a/0x12a0
[ 130.424837][ T9] check_panic_on_warn+0x80/0xa0
[ 130.429767][ T9] ? worker_thread+0xa7a/0x12a0
[ 130.434611][ T9] end_report+0x6d/0xf0
[ 130.438765][ T9] kasan_report+0x102/0x130
[ 130.443265][ T9] ? worker_thread+0xa7a/0x12a0
[ 130.448127][ T9] worker_thread+0xa7a/0x12a0
[ 130.452807][ T9] kthread+0x436/0x520
[ 130.456960][ T9] ? rcu_lock_release+0x20/0x20
[ 130.461824][ T9] ? kthread_blkcg+0xd0/0xd0
[ 130.466411][ T9] ret_from_fork+0x1f/0x30
[ 130.470918][ T9]
[ 131.582898][ T9] Shutting down cpus with NMI
[ 131.588092][ T9] Kernel Offset: disabled
[ 131.592442][ T9] Rebooting in 86400 seconds..