Warning: Permanently added '10.128.1.167' (ED25519) to the list of known hosts.
2025/11/01 09:40:20 parsed 1 programs
[ 74.963389][ T2394] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 75.499289][ T1946] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 75.509318][ T1946] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 75.518636][ T1946] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 75.528505][ T1946] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 75.536542][ T1946] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 75.544285][ T1946] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 76.314752][ T2443] chnl_net:caif_netlink_parms(): no params data found
[ 78.468932][ T2443] 8021q: adding VLAN 0 to HW filter on device bond0
[ 79.894348][ T2443] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 82.742565][ T11] bond0 (unregistering): Released all slaves
2025/11/01 09:40:29 executed programs: 0
[ 83.266217][ T1946] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 83.274246][ T1946] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 83.282337][ T1946] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 83.292623][ T1946] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 83.300581][ T1946] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 83.308530][ T1946] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 83.558336][ T2885] chnl_net:caif_netlink_parms(): no params data found
[ 85.327647][ T1946] Bluetooth: hci0: command tx timeout
[ 85.706795][ T2885] 8021q: adding VLAN 0 to HW filter on device bond0
[ 87.136190][ T2885] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 87.407618][ T1946] Bluetooth: hci0: command tx timeout
[ 89.488852][ T1946] Bluetooth: hci0: command tx timeout
2025/11/01 09:40:36 executed programs: 2
[ 91.567687][ T1946] Bluetooth: hci0: command tx timeout
[ 93.216996][ T863] ==================================================================
[ 93.225112][ T863] BUG: KASAN: slab-use-after-free in __lock_acquire+0xff/0x7c80
[ 93.232742][ T863] Read of size 8 at addr ffff888176191db0 by task kworker/u4:10/863
[ 93.240971][ T863]
[ 93.243301][ T863] CPU: 0 PID: 863 Comm: kworker/u4:10 Not tainted syzkaller #0
[ 93.250909][ T863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 93.260952][ T863] Workqueue: kkcmd kcm_tx_work
[ 93.265718][ T863] Call Trace:
[ 93.268991][ T863]
[ 93.271998][ T863] dump_stack_lvl+0xe7/0x170
[ 93.276691][ T863] ? show_regs_print_info+0x10/0x10
[ 93.282047][ T863] ? load_image+0x2f0/0x2f0
[ 93.286555][ T863] ? __virt_addr_valid+0x10e/0x380
[ 93.291758][ T863] ? __virt_addr_valid+0x10e/0x380
[ 93.296990][ T863] ? __virt_addr_valid+0x10e/0x380
[ 93.302113][ T863] ? __virt_addr_valid+0x2c3/0x380
[ 93.307394][ T863] print_report+0xac/0x220
[ 93.311811][ T863] ? __lock_acquire+0xff/0x7c80
[ 93.316654][ T863] kasan_report+0x117/0x150
[ 93.321147][ T863] ? __lock_acquire+0xff/0x7c80
[ 93.326072][ T863] __lock_acquire+0xff/0x7c80
[ 93.330766][ T863] ? __switch_to+0x585/0x1040
[ 93.335531][ T863] ? mark_lock+0x94/0x320
[ 93.339991][ T863] ? lockdep_hardirqs_on_prepare+0x400/0x760
[ 93.346067][ T863] ? verify_lock_unused+0x140/0x140
[ 93.351353][ T863] ? finish_task_switch+0x1f4/0x780
[ 93.356550][ T863] ? lockdep_hardirqs_on+0x98/0x150
[ 93.361842][ T863] ? finish_task_switch+0x1f4/0x780
[ 93.367034][ T863] lock_acquire+0x197/0x410
[ 93.371525][ T863] ? __lock_sock+0x14c/0x250
[ 93.376127][ T863] ? asan.module_dtor+0x20/0x20
[ 93.380973][ T863] ? __local_bh_disable_ip+0xff/0x190
[ 93.386519][ T863] ? read_lock_is_recursive+0x20/0x20
[ 93.391891][ T863] ? _local_bh_enable+0xa0/0xa0
[ 93.396727][ T863] ? wq_worker_sleeping+0x1e/0x1f0
[ 93.401822][ T863] ? __lock_sock+0x14c/0x250
[ 93.406401][ T863] _raw_spin_lock_bh+0x36/0x50
[ 93.411147][ T863] ? __lock_sock+0x14c/0x250
[ 93.415723][ T863] __lock_sock+0x14c/0x250
[ 93.420296][ T863] ? sk_stream_moderate_sndbuf+0x1f0/0x1f0
[ 93.426080][ T863] ? do_raw_spin_lock+0x121/0x2c0
[ 93.431180][ T863] ? wake_bit_function+0x200/0x200
[ 93.436470][ T863] ? __rwlock_init+0x150/0x150
[ 93.441524][ T863] ? lockdep_hardirqs_on_prepare+0x400/0x760
[ 93.447525][ T863] ? lock_sock_nested+0x60/0xe0
[ 93.452404][ T863] lock_sock_nested+0x85/0xe0
[ 93.457211][ T863] kcm_tx_work+0x2c/0x140
[ 93.461811][ T863] ? process_scheduled_works+0x8c6/0x12a0
[ 93.467623][ T863] process_scheduled_works+0x96d/0x12a0
[ 93.473185][ T863] ? assign_work+0x3a0/0x3a0
[ 93.477862][ T863] worker_thread+0x883/0xd10
[ 93.482744][ T863] kthread+0x274/0x2f0
[ 93.486834][ T863] ? pr_cont_work+0x4a0/0x4a0
[ 93.491634][ T863] ? kthread_blkcg+0xa0/0xa0
[ 93.496315][ T863] ret_from_fork+0x2f/0x60
[ 93.500812][ T863] ? kthread_blkcg+0xa0/0xa0
[ 93.505387][ T863] ret_from_fork_asm+0x11/0x20
[ 93.510529][ T863]
[ 93.513687][ T863]
[ 93.516277][ T863] Allocated by task 3304:
[ 93.520610][ T863] kasan_set_track+0x4e/0x70
[ 93.525257][ T863] __kasan_slab_alloc+0x6c/0x80
[ 93.530205][ T863] slab_post_alloc_hook+0x6e/0x4d0
[ 93.535404][ T863] kmem_cache_alloc+0x11e/0x2e0
[ 93.540443][ T863] sk_prot_alloc+0x51/0x1c0
[ 93.544957][ T863] sk_alloc+0x33/0x300
[ 93.549145][ T863] kcm_ioctl+0x293/0xe40
[ 93.553386][ T863] sock_do_ioctl+0xd1/0x260
[ 93.557879][ T863] sock_ioctl+0x4ce/0x590
[ 93.562188][ T863] __se_sys_ioctl+0xad/0x100
[ 93.566769][ T863] do_syscall_64+0x55/0xb0
[ 93.571363][ T863] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 93.577278][ T863]
[ 93.579600][ T863] Freed by task 3305:
[ 93.583748][ T863] kasan_set_track+0x4e/0x70
[ 93.588492][ T863] kasan_save_free_info+0x2e/0x50
[ 93.593597][ T863] ____kasan_slab_free+0x126/0x1e0
[ 93.598699][ T863] slab_free_freelist_hook+0x130/0x1b0
[ 93.604241][ T863] kmem_cache_free+0xf8/0x280
[ 93.608900][ T863] __sk_destruct+0x389/0x4e0
[ 93.613469][ T863] kcm_release+0x3b1/0x550
[ 93.617864][ T863] sock_close+0xb3/0x210
[ 93.622099][ T863] __fput+0x1c2/0x7a0
[ 93.626169][ T863] __se_sys_close+0x118/0x170
[ 93.630840][ T863] do_syscall_64+0x55/0xb0
[ 93.635349][ T863] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 93.641315][ T863]
[ 93.643643][ T863] Last potentially related work creation:
[ 93.649348][ T863] kasan_save_stack+0x3e/0x60
[ 93.654148][ T863] __kasan_record_aux_stack+0xaf/0xc0
[ 93.659766][ T863] insert_work+0x38/0x260
[ 93.664174][ T863] __queue_work+0x9ee/0xd00
[ 93.668678][ T863] queue_work_on+0xcf/0x160
[ 93.673268][ T863] kcm_unattach+0x858/0xe30
[ 93.677847][ T863] kcm_ioctl+0x6a1/0xe40
[ 93.682075][ T863] sock_do_ioctl+0xd1/0x260
[ 93.686572][ T863] sock_ioctl+0x4ce/0x590
[ 93.690983][ T863] __se_sys_ioctl+0xad/0x100
[ 93.695572][ T863] do_syscall_64+0x55/0xb0
[ 93.700161][ T863] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 93.706129][ T863]
[ 93.708442][ T863] Second to last potentially related work creation:
[ 93.715009][ T863] kasan_save_stack+0x3e/0x60
[ 93.719667][ T863] __kasan_record_aux_stack+0xaf/0xc0
[ 93.725020][ T863] insert_work+0x38/0x260
[ 93.729525][ T863] __queue_work+0x9ee/0xd00
[ 93.734416][ T863] queue_work_on+0xcf/0x160
[ 93.738933][ T863] kcm_ioctl+0xc24/0xe40
[ 93.743175][ T863] sock_do_ioctl+0xd1/0x260
[ 93.747680][ T863] sock_ioctl+0x4ce/0x590
[ 93.752003][ T863] __se_sys_ioctl+0xad/0x100
[ 93.756749][ T863] do_syscall_64+0x55/0xb0
[ 93.761342][ T863] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 93.767405][ T863]
[ 93.769761][ T863] The buggy address belongs to the object at ffff888176191d00
[ 93.769761][ T863] which belongs to the cache KCM of size 1728
[ 93.783551][ T863] The buggy address is located 176 bytes inside of
[ 93.783551][ T863] freed 1728-byte region [ffff888176191d00, ffff8881761923c0)
[ 93.797679][ T863]
[ 93.800007][ T863] The buggy address belongs to the physical page:
[ 93.806848][ T863] page:ffffea0005d86400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x176190
[ 93.817532][ T863] head:ffffea0005d86400 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 93.826464][ T863] memcg:ffff88810c3cae01
[ 93.830794][ T863] flags: 0x100000000000840(slab|head|node=0|zone=2)
[ 93.837392][ T863] page_type: 0xffffffff()
[ 93.841720][ T863] raw: 0100000000000840 ffff888107f65000 dead000000000122 0000000000000000
[ 93.850390][ T863] raw: 0000000000000000 0000000080110011 00000001ffffffff ffff88810c3cae01
[ 93.859083][ T863] page dumped because: kasan: bad access detected
[ 93.865872][ T863] page_owner tracks the page as allocated
[ 93.871727][ T863] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 3288, tgid 3285 (syz.2.16), ts 89825274294, free_ts 89626793173
[ 93.894206][ T863] post_alloc_hook+0x1cd/0x210
[ 93.899030][ T863] get_page_from_freelist+0x23a7/0x2490
[ 93.904668][ T863] __alloc_pages+0x1e3/0x460
[ 93.909295][ T863] alloc_slab_page+0x5d/0x170
[ 93.913960][ T863] new_slab+0x87/0x2e0
[ 93.918112][ T863] ___slab_alloc+0xc6d/0x1300
[ 93.922791][ T863] kmem_cache_alloc+0x1b7/0x2e0
[ 93.927922][ T863] sk_prot_alloc+0x51/0x1c0
[ 93.932426][ T863] sk_alloc+0x33/0x300
[ 93.936564][ T863] kcm_ioctl+0x293/0xe40
[ 93.940888][ T863] sock_do_ioctl+0xd1/0x260
[ 93.945386][ T863] sock_ioctl+0x4ce/0x590
[ 93.949798][ T863] __se_sys_ioctl+0xad/0x100
[ 93.954387][ T863] do_syscall_64+0x55/0xb0
[ 93.958798][ T863] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 93.964703][ T863] page last free stack trace:
[ 93.969476][ T863] free_unref_page_prepare+0x80b/0x920
[ 93.975274][ T863] free_unref_page+0x32/0x2e0
[ 93.979968][ T863] __unfreeze_partials+0x1cf/0x210
[ 93.985177][ T863] put_cpu_partial+0x17c/0x250
[ 93.990150][ T863] __slab_free+0x31d/0x410
[ 93.994558][ T863] qlist_free_all+0x75/0xe0
[ 93.999246][ T863] kasan_quarantine_reduce+0x143/0x160
[ 94.004788][ T863] __kasan_slab_alloc+0x22/0x80
[ 94.009645][ T863] slab_post_alloc_hook+0x6e/0x4d0
[ 94.015029][ T863] __kmem_cache_alloc_node+0x13e/0x260
[ 94.020485][ T863] __kmalloc+0xa4/0x240
[ 94.024810][ T863] load_elf_binary+0x212/0x2160
[ 94.029909][ T863] bprm_execve+0x980/0x1360
[ 94.034409][ T863] kernel_execve+0x710/0x830
[ 94.039149][ T863] call_usermodehelper_exec_async+0x1d8/0x2e0
[ 94.045317][ T863] ret_from_fork+0x2f/0x60
[ 94.049724][ T863]
[ 94.052039][ T863] Memory state around the buggy address:
[ 94.057849][ T863] ffff888176191c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 94.066278][ T863] ffff888176191d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 94.074428][ T863] >ffff888176191d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 94.082566][ T863] ^
[ 94.088297][ T863] ffff888176191e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 94.096356][ T863] ffff888176191e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 94.104593][ T863] ==================================================================
[ 94.112749][ T863] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 94.119940][ T863] CPU: 0 PID: 863 Comm: kworker/u4:10 Not tainted syzkaller #0
[ 94.127734][ T863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 94.138237][ T863] Workqueue: kkcmd kcm_tx_work
[ 94.142998][ T863] Call Trace:
[ 94.146283][ T863]
[ 94.149214][ T863] dump_stack_lvl+0xe7/0x170
[ 94.154053][ T863] ? show_regs_print_info+0x10/0x10
[ 94.159237][ T863] ? load_image+0x2f0/0x2f0
[ 94.163762][ T863] ? vsnprintf+0x799/0x1b70
[ 94.168254][ T863] panic+0x1f3/0x520
[ 94.172139][ T863] ? bpf_jit_dump+0xc0/0xc0
[ 94.176987][ T863] ? _raw_spin_unlock_irqrestore+0xae/0x110
[ 94.182956][ T863] ? _raw_spin_unlock+0x40/0x40
[ 94.187878][ T863] ? print_memory_metadata+0x314/0x400
[ 94.193508][ T863] ? __lock_acquire+0xff/0x7c80
[ 94.198349][ T863] check_panic_on_warn+0x5a/0x80
[ 94.203538][ T863] end_report+0x6f/0x140
[ 94.207859][ T863] kasan_report+0x128/0x150
[ 94.212534][ T863] ? __lock_acquire+0xff/0x7c80
[ 94.217462][ T863] __lock_acquire+0xff/0x7c80
[ 94.222269][ T863] ? __switch_to+0x585/0x1040
[ 94.226952][ T863] ? mark_lock+0x94/0x320
[ 94.231293][ T863] ? lockdep_hardirqs_on_prepare+0x400/0x760
[ 94.237436][ T863] ? verify_lock_unused+0x140/0x140
[ 94.242729][ T863] ? finish_task_switch+0x1f4/0x780
[ 94.248183][ T863] ? lockdep_hardirqs_on+0x98/0x150
[ 94.253461][ T863] ? finish_task_switch+0x1f4/0x780
[ 94.258653][ T863] lock_acquire+0x197/0x410
[ 94.263235][ T863] ? __lock_sock+0x14c/0x250
[ 94.268073][ T863] ? asan.module_dtor+0x20/0x20
[ 94.272932][ T863] ? __local_bh_disable_ip+0xff/0x190
[ 94.278453][ T863] ? read_lock_is_recursive+0x20/0x20
[ 94.283830][ T863] ? _local_bh_enable+0xa0/0xa0
[ 94.288672][ T863] ? wq_worker_sleeping+0x1e/0x1f0
[ 94.293865][ T863] ? __lock_sock+0x14c/0x250
[ 94.298532][ T863] _raw_spin_lock_bh+0x36/0x50
[ 94.303463][ T863] ? __lock_sock+0x14c/0x250
[ 94.308096][ T863] __lock_sock+0x14c/0x250
[ 94.312502][ T863] ? sk_stream_moderate_sndbuf+0x1f0/0x1f0
[ 94.318426][ T863] ? do_raw_spin_lock+0x121/0x2c0
[ 94.323790][ T863] ? wake_bit_function+0x200/0x200
[ 94.329062][ T863] ? __rwlock_init+0x150/0x150
[ 94.333898][ T863] ? lockdep_hardirqs_on_prepare+0x400/0x760
[ 94.339895][ T863] ? lock_sock_nested+0x60/0xe0
[ 94.344823][ T863] lock_sock_nested+0x85/0xe0
[ 94.349576][ T863] kcm_tx_work+0x2c/0x140
[ 94.353967][ T863] ? process_scheduled_works+0x8c6/0x12a0
[ 94.359676][ T863] process_scheduled_works+0x96d/0x12a0
[ 94.365300][ T863] ? assign_work+0x3a0/0x3a0
[ 94.369882][ T863] worker_thread+0x883/0xd10
[ 94.374812][ T863] kthread+0x274/0x2f0
[ 94.378922][ T863] ? pr_cont_work+0x4a0/0x4a0
[ 94.383757][ T863] ? kthread_blkcg+0xa0/0xa0
[ 94.388536][ T863] ret_from_fork+0x2f/0x60
[ 94.393031][ T863] ? kthread_blkcg+0xa0/0xa0
[ 94.397622][ T863] ret_from_fork_asm+0x11/0x20
[ 94.402551][ T863]
[ 94.405934][ T863] Kernel Offset: disabled
[ 94.410262][ T863] Rebooting in 86400 seconds..