[  473.167344][ T8417] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  473.250118][ T8417] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  473.319806][ T8417] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  473.400975][ T8417] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  473.529144][ T8417] bridge_slave_1: left allmulticast mode
[  473.534818][ T8417] bridge_slave_1: left promiscuous mode
[  473.540935][ T8417] bridge0: port 2(bridge_slave_1) entered disabled state
[  473.550952][ T8417] bridge_slave_0: left allmulticast mode
[  473.556702][ T8417] bridge_slave_0: left promiscuous mode
[  473.562784][ T8417] bridge0: port 1(bridge_slave_0) entered disabled state
[  473.810290][ T8417] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  473.821443][ T8417] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  473.831536][ T8417] bond0 (unregistering): Released all slaves
[  474.178182][ T8417] hsr_slave_0: left promiscuous mode
[  474.201868][ T8417] hsr_slave_1: left promiscuous mode
[  474.207915][ T8417] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  474.230191][ T8417] batman_adv: batadv0: Removing interface: batadv_slave_0
[  474.238264][ T8417] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  474.259801][ T8417] batman_adv: batadv0: Removing interface: batadv_slave_1
[  474.287024][ T8417] veth1_macvtap: left promiscuous mode
[  474.292695][ T8417] veth0_macvtap: left promiscuous mode
[  474.298481][ T8417] veth1_vlan: left promiscuous mode
[  474.303891][ T8417] veth0_vlan: left promiscuous mode
[  474.568060][ T8417] team0 (unregistering): Port device team_slave_1 removed
[  474.594633][ T8417] team0 (unregistering): Port device team_slave_0 removed
Warning: Permanently added '10.128.1.39' (ED25519) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[  480.378048][ T3594] ==================================================================
[  480.386498][ T3594] BUG: KASAN: slab-use-after-free in _raw_spin_lock_bh+0x36/0x50
[  480.394422][ T3594] Read of size 1 at addr ffff888021b001d8 by task kworker/u8:7/3594
[  480.402688][ T3594] 
[  480.405705][ T3594] CPU: 1 UID: 0 PID: 3594 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT(full) 
[  480.405722][ T3594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  480.405730][ T3594] Workqueue: kkcmd kcm_tx_work
[  480.405757][ T3594] Call Trace:
[  480.405764][ T3594]  <TASK>
[  480.405771][ T3594]  dump_stack_lvl+0x189/0x250
[  480.405784][ T3594]  ? __virt_addr_valid+0x1c8/0x5c0
[  480.405796][ T3594]  ? rcu_is_watching+0x15/0xb0
[  480.405805][ T3594]  ? __kasan_check_byte+0x12/0x40
[  480.405817][ T3594]  ? __pfx_dump_stack_lvl+0x10/0x10
[  480.405827][ T3594]  ? rcu_is_watching+0x15/0xb0
[  480.405835][ T3594]  ? lock_release+0x4b/0x3e0
[  480.405849][ T3594]  ? __virt_addr_valid+0x1c8/0x5c0
[  480.405859][ T3594]  ? __virt_addr_valid+0x4a5/0x5c0
[  480.405870][ T3594]  print_report+0xca/0x240
[  480.405880][ T3594]  ? _raw_spin_lock_bh+0x36/0x50
[  480.405891][ T3594]  kasan_report+0x118/0x150
[  480.405903][ T3594]  ? _raw_spin_lock_bh+0x36/0x50
[  480.405915][ T3594]  ? __lock_sock+0x156/0x2b0
[  480.405924][ T3594]  __kasan_check_byte+0x2a/0x40
[  480.405936][ T3594]  lock_acquire+0x8d/0x360
[  480.405948][ T3594]  ? schedule+0x91/0x360
[  480.405963][ T3594]  ? kthread_data+0x4f/0xc0
[  480.405972][ T3594]  ? __lock_sock+0x156/0x2b0
[  480.405981][ T3594]  _raw_spin_lock_bh+0x36/0x50
[  480.405995][ T3594]  ? __lock_sock+0x156/0x2b0
[  480.406004][ T3594]  __lock_sock+0x156/0x2b0
[  480.406014][ T3594]  ? __pfx___lock_sock+0x10/0x10
[  480.406023][ T3594]  ? do_raw_spin_lock+0x121/0x290
[  480.406033][ T3594]  ? __pfx_autoremove_wake_function+0x10/0x10
[  480.406045][ T3594]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  480.406056][ T3594]  ? lock_sock_nested+0x6a/0x100
[  480.406068][ T3594]  lock_sock_nested+0x9f/0x100
[  480.406079][ T3594]  kcm_tx_work+0x31/0x180
[  480.406089][ T3594]  ? process_scheduled_works+0x9ef/0x17b0
[  480.406098][ T3594]  process_scheduled_works+0xae1/0x17b0
[  480.406113][ T3594]  ? __pfx_process_scheduled_works+0x10/0x10
[  480.406125][ T3594]  worker_thread+0x8a0/0xda0
[  480.406135][ T3594]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  480.406148][ T3594]  ? __kthread_parkme+0x7b/0x200
[  480.406159][ T3594]  kthread+0x711/0x8a0
[  480.406170][ T3594]  ? __pfx_worker_thread+0x10/0x10
[  480.406179][ T3594]  ? __pfx_kthread+0x10/0x10
[  480.406189][ T3594]  ? _raw_spin_unlock_irq+0x23/0x50
[  480.406200][ T3594]  ? lockdep_hardirqs_on+0x9c/0x150
[  480.406213][ T3594]  ? __pfx_kthread+0x10/0x10
[  480.406223][ T3594]  ret_from_fork+0x3f9/0x770
[  480.406234][ T3594]  ? __pfx_ret_from_fork+0x10/0x10
[  480.406244][ T3594]  ? __switch_to_asm+0x39/0x70
[  480.406255][ T3594]  ? __switch_to_asm+0x33/0x70
[  480.406265][ T3594]  ? __pfx_kthread+0x10/0x10
[  480.406275][ T3594]  ret_from_fork_asm+0x1a/0x30
[  480.406290][ T3594]  </TASK>
[  480.406294][ T3594] 
[  480.677120][ T3594] Allocated by task 8787:
[  480.681590][ T3594]  kasan_save_track+0x3e/0x80
[  480.687257][ T3594]  __kasan_slab_alloc+0x6c/0x80
[  480.692394][ T3594]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  480.697964][ T3594]  sk_prot_alloc+0x57/0x220
[  480.702481][ T3594]  sk_alloc+0x3a/0x370
[  480.706551][ T3594]  kcm_ioctl+0x214/0xff0
[  480.710845][ T3594]  sock_do_ioctl+0xd9/0x300
[  480.715625][ T3594]  sock_ioctl+0x576/0x790
[  480.719978][ T3594]  __se_sys_ioctl+0xfc/0x170
[  480.724731][ T3594]  do_syscall_64+0xfa/0x3b0
[  480.729472][ T3594]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  480.735348][ T3594] 
[  480.737654][ T3594] Freed by task 8788:
[  480.741624][ T3594]  kasan_save_track+0x3e/0x80
[  480.746401][ T3594]  kasan_save_free_info+0x46/0x50
[  480.751612][ T3594]  __kasan_slab_free+0x5b/0x80
[  480.756484][ T3594]  kmem_cache_free+0x18f/0x400
[  480.761289][ T3594]  __sk_destruct+0x4d2/0x660
[  480.766349][ T3594]  kcm_release+0x528/0x5c0
[  480.770778][ T3594]  sock_close+0xc0/0x240
[  480.775108][ T3594]  __fput+0x44c/0xa70
[  480.779096][ T3594]  fput_close_sync+0x119/0x200
[  480.784036][ T3594]  __x64_sys_close+0x7f/0x110
[  480.788802][ T3594]  do_syscall_64+0xfa/0x3b0
[  480.793851][ T3594]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  480.799914][ T3594] 
[  480.802228][ T3594] Last potentially related work creation:
[  480.808508][ T3594]  kasan_save_stack+0x3e/0x60
[  480.813261][ T3594]  kasan_record_aux_stack+0xbd/0xd0
[  480.818443][ T3594]  insert_work+0x3d/0x330
[  480.822762][ T3594]  __queue_work+0xcd2/0xfb0
[  480.827267][ T3594]  queue_work_on+0x181/0x270
[  480.831852][ T3594]  kcm_unattach+0x863/0xe90
[  480.836624][ T3594]  kcm_ioctl+0x794/0xff0
[  480.840933][ T3594]  sock_do_ioctl+0xd9/0x300
[  480.845436][ T3594]  sock_ioctl+0x576/0x790
[  480.849776][ T3594]  __se_sys_ioctl+0xfc/0x170
[  480.854542][ T3594]  do_syscall_64+0xfa/0x3b0
[  480.859217][ T3594]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  480.865107][ T3594] 
[  480.867414][ T3594] Second to last potentially related work creation:
[  480.873980][ T3594]  kasan_save_stack+0x3e/0x60
[  480.878848][ T3594]  kasan_record_aux_stack+0xbd/0xd0
[  480.884058][ T3594]  insert_work+0x3d/0x330
[  480.888463][ T3594]  __queue_work+0xcd2/0xfb0
[  480.893071][ T3594]  queue_work_on+0x181/0x270
[  480.897732][ T3594]  kcm_ioctl+0xe52/0xff0
[  480.902245][ T3594]  sock_do_ioctl+0xd9/0x300
[  480.906776][ T3594]  sock_ioctl+0x576/0x790
[  480.911733][ T3594]  __se_sys_ioctl+0xfc/0x170
[  480.916912][ T3594]  do_syscall_64+0xfa/0x3b0
[  480.921435][ T3594]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  480.927521][ T3594] 
[  480.929931][ T3594] The buggy address belongs to the object at ffff888021b00000
[  480.929931][ T3594]  which belongs to the cache KCM of size 1792
[  480.943798][ T3594] The buggy address is located 472 bytes inside of
[  480.943798][ T3594]  freed 1792-byte region [ffff888021b00000, ffff888021b00700)
[  480.957764][ T3594] 
[  480.960075][ T3594] The buggy address belongs to the physical page:
[  480.966484][ T3594] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21b00
[  480.975437][ T3594] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  480.984014][ T3594] memcg:ffff8880323d2a01
[  480.988249][ T3594] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  480.995807][ T3594] page_type: f5(slab)
[  480.999862][ T3594] raw: 00fff00000000040 ffff88802f662500 ffffea0001f17000 dead000000000002
[  481.008426][ T3594] raw: 0000000000000000 0000000080110011 00000000f5000000 ffff8880323d2a01
[  481.017115][ T3594] head: 00fff00000000040 ffff88802f662500 ffffea0001f17000 dead000000000002
[  481.025865][ T3594] head: 0000000000000000 0000000080110011 00000000f5000000 ffff8880323d2a01
[  481.034527][ T3594] head: 00fff00000000003 ffffea000086c001 00000000ffffffff 00000000ffffffff
[  481.043186][ T3594] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  481.052272][ T3594] page dumped because: kasan: bad access detected
[  481.058684][ T3594] page_owner tracks the page as allocated
[  481.064468][ T3594] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6976, tgid 6975 (syz.0.35), ts 147273358558, free_ts 147261032211
[  481.085646][ T3594]  post_alloc_hook+0x240/0x2a0
[  481.090423][ T3594]  get_page_from_freelist+0x21e4/0x22c0
[  481.095956][ T3594]  __alloc_frozen_pages_noprof+0x181/0x370
[  481.101741][ T3594]  alloc_pages_mpol+0x232/0x4a0
[  481.106581][ T3594]  allocate_slab+0x8a/0x370
[  481.111070][ T3594]  ___slab_alloc+0xbeb/0x1410
[  481.115737][ T3594]  kmem_cache_alloc_noprof+0x283/0x3c0
[  481.121193][ T3594]  sk_prot_alloc+0x57/0x220
[  481.125805][ T3594]  sk_alloc+0x3a/0x370
[  481.129863][ T3594]  kcm_create+0x100/0x580
[  481.134187][ T3594]  __sock_create+0x4b3/0x9f0
[  481.138771][ T3594]  __sys_socket+0xd7/0x1b0
[  481.143172][ T3594]  __x64_sys_socket+0x7a/0x90
[  481.147846][ T3594]  do_syscall_64+0xfa/0x3b0
[  481.152460][ T3594]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  481.158336][ T3594] page last free pid 6973 tgid 6971 stack trace:
[  481.164730][ T3594]  __free_frozen_pages+0xbc4/0xd30
[  481.169828][ T3594]  __folio_put+0x21b/0x2c0
[  481.174222][ T3594]  do_exit+0x182b/0x2300
[  481.178481][ T3594]  do_group_exit+0x21c/0x2d0
[  481.183143][ T3594]  get_signal+0x1286/0x1340
[  481.187663][ T3594]  arch_do_signal_or_restart+0x9a/0x750
[  481.193371][ T3594]  exit_to_user_mode_loop+0x75/0x110
[  481.198672][ T3594]  do_syscall_64+0x2bd/0x3b0
[  481.203264][ T3594]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  481.209228][ T3594] 
[  481.211533][ T3594] Memory state around the buggy address:
[  481.217138][ T3594]  ffff888021b00080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  481.225179][ T3594]  ffff888021b00100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  481.233409][ T3594] >ffff888021b00180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  481.241457][ T3594]                                                     ^
[  481.248638][ T3594]  ffff888021b00200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  481.256699][ T3594]  ffff888021b00280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  481.264753][ T3594] ==================================================================
[  481.272865][ T3594] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  481.280096][ T3594] CPU: 1 UID: 0 PID: 3594 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT(full) 
[  481.290061][ T3594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  481.300118][ T3594] Workqueue: kkcmd kcm_tx_work
[  481.304888][ T3594] Call Trace:
[  481.308157][ T3594]  <TASK>
[  481.311078][ T3594]  dump_stack_lvl+0x99/0x250
[  481.315658][ T3594]  ? __asan_memcpy+0x40/0x70
[  481.320325][ T3594]  ? __pfx_dump_stack_lvl+0x10/0x10
[  481.325517][ T3594]  ? __pfx__printk+0x10/0x10
[  481.330114][ T3594]  vpanic+0x281/0x750
[  481.334082][ T3594]  ? __pfx_print_hex_dump+0x10/0x10
[  481.339264][ T3594]  ? __pfx_vpanic+0x10/0x10
[  481.343751][ T3594]  ? irqentry_exit+0x74/0x90
[  481.348347][ T3594]  ? lockdep_hardirqs_on+0x9c/0x150
[  481.353531][ T3594]  panic+0xb9/0xc0
[  481.357245][ T3594]  ? __pfx_panic+0x10/0x10
[  481.361732][ T3594]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  481.367609][ T3594]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  481.374020][ T3594]  ? _raw_spin_lock_bh+0x36/0x50
[  481.378962][ T3594]  check_panic_on_warn+0x89/0xb0
[  481.383905][ T3594]  ? _raw_spin_lock_bh+0x36/0x50
[  481.388931][ T3594]  end_report+0x78/0x160
[  481.393164][ T3594]  kasan_report+0x129/0x150
[  481.397668][ T3594]  ? _raw_spin_lock_bh+0x36/0x50
[  481.402594][ T3594]  ? __lock_sock+0x156/0x2b0
[  481.407208][ T3594]  __kasan_check_byte+0x2a/0x40
[  481.412047][ T3594]  lock_acquire+0x8d/0x360
[  481.416460][ T3594]  ? schedule+0x91/0x360
[  481.420716][ T3594]  ? kthread_data+0x4f/0xc0
[  481.425203][ T3594]  ? __lock_sock+0x156/0x2b0
[  481.429862][ T3594]  _raw_spin_lock_bh+0x36/0x50
[  481.434620][ T3594]  ? __lock_sock+0x156/0x2b0
[  481.439211][ T3594]  __lock_sock+0x156/0x2b0
[  481.443630][ T3594]  ? __pfx___lock_sock+0x10/0x10
[  481.448557][ T3594]  ? do_raw_spin_lock+0x121/0x290
[  481.453574][ T3594]  ? __pfx_autoremove_wake_function+0x10/0x10
[  481.459646][ T3594]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  481.465203][ T3594]  ? lock_sock_nested+0x6a/0x100
[  481.470135][ T3594]  lock_sock_nested+0x9f/0x100
[  481.474900][ T3594]  kcm_tx_work+0x31/0x180
[  481.479216][ T3594]  ? process_scheduled_works+0x9ef/0x17b0
[  481.484920][ T3594]  process_scheduled_works+0xae1/0x17b0
[  481.490465][ T3594]  ? __pfx_process_scheduled_works+0x10/0x10
[  481.496444][ T3594]  worker_thread+0x8a0/0xda0
[  481.501131][ T3594]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  481.507447][ T3594]  ? __kthread_parkme+0x7b/0x200
[  481.512373][ T3594]  kthread+0x711/0x8a0
[  481.516435][ T3594]  ? __pfx_worker_thread+0x10/0x10
[  481.521578][ T3594]  ? __pfx_kthread+0x10/0x10
[  481.526160][ T3594]  ? _raw_spin_unlock_irq+0x23/0x50
[  481.531344][ T3594]  ? lockdep_hardirqs_on+0x9c/0x150
[  481.536527][ T3594]  ? __pfx_kthread+0x10/0x10
[  481.541103][ T3594]  ret_from_fork+0x3f9/0x770
[  481.545680][ T3594]  ? __pfx_ret_from_fork+0x10/0x10
[  481.550780][ T3594]  ? __switch_to_asm+0x39/0x70
[  481.555536][ T3594]  ? __switch_to_asm+0x33/0x70
[  481.560286][ T3594]  ? __pfx_kthread+0x10/0x10
[  481.564873][ T3594]  ret_from_fork_asm+0x1a/0x30
[  481.569629][ T3594]  </TASK>
[  481.572906][ T3594] Kernel Offset: disabled
[  481.577210][ T3594] Rebooting in 86400 seconds..