Warning: Permanently added '10.128.1.179' (ED25519) to the list of known hosts.
2025/08/10 13:28:19 ignoring optional flag "sandboxArg"="0"
2025/08/10 13:28:20 parsed 1 programs
[ 88.184077][ T4603] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 89.776277][ T4626] chnl_net:caif_netlink_parms(): no params data found
[ 89.813196][ T4626] bridge0: port 1(bridge_slave_0) entered blocking state
[ 89.820320][ T4626] bridge0: port 1(bridge_slave_0) entered disabled state
[ 89.828197][ T4626] device bridge_slave_0 entered promiscuous mode
[ 89.836650][ T4626] bridge0: port 2(bridge_slave_1) entered blocking state
[ 89.843823][ T4626] bridge0: port 2(bridge_slave_1) entered disabled state
[ 89.851857][ T4626] device bridge_slave_1 entered promiscuous mode
[ 89.871728][ T4626] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 89.882802][ T4626] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 89.904930][ T4626] team0: Port device team_slave_0 added
[ 89.912820][ T4626] team0: Port device team_slave_1 added
[ 89.928430][ T4626] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 89.935532][ T4626] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 89.961740][ T4626] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 89.975192][ T4626] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 89.982610][ T4626] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 90.008874][ T4626] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 90.042362][ T4626] device hsr_slave_0 entered promiscuous mode
[ 90.049093][ T4626] device hsr_slave_1 entered promiscuous mode
[ 90.638466][ T4626] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 90.649276][ T4626] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 90.672920][ T4626] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 90.694258][ T4626] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 90.872959][ T4626] 8021q: adding VLAN 0 to HW filter on device bond0
[ 90.886806][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 90.901671][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 90.923625][ T4626] 8021q: adding VLAN 0 to HW filter on device team0
[ 90.943513][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 90.954391][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 90.972154][ T1450] bridge0: port 1(bridge_slave_0) entered blocking state
[ 90.979247][ T1450] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 91.022011][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 91.040926][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 91.061665][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 91.080713][ T1450] bridge0: port 2(bridge_slave_1) entered blocking state
[ 91.087990][ T1450] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 91.111951][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 91.132188][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 91.152139][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 91.173180][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 91.202429][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 91.220969][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 91.241451][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 91.260965][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 91.280926][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 91.300884][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 91.311234][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 91.321119][ T4626] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 91.516137][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 91.525453][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 91.539188][ T4626] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 91.565745][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 91.575873][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 91.597938][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 91.607070][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 91.619610][ T4626] device veth0_vlan entered promiscuous mode
[ 91.627682][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 91.636473][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 91.650282][ T4626] device veth1_vlan entered promiscuous mode
[ 91.707649][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 91.717764][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 91.734804][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 91.751058][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 91.763237][ T4626] device veth0_macvtap entered promiscuous mode
[ 91.773784][ T4626] device veth1_macvtap entered promiscuous mode
[ 91.782335][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 91.791407][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 91.808027][ T4626] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 91.815533][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 91.825009][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 91.838650][ T4626] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 91.855097][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 91.864006][ T1450] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 91.875046][ T4626] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 91.892913][ T4626] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 91.902402][ T4626] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 91.911850][ T4626] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 92.383514][ T1450] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 92.402951][ T1450] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 92.423815][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 92.447651][ T1450] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 92.461871][ T1450] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 92.473478][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 94.170834][ T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/08/10 13:28:29 executed programs: 0
[ 94.681436][ T4843] chnl_net:caif_netlink_parms(): no params data found
[ 94.733726][ T4843] bridge0: port 1(bridge_slave_0) entered blocking state
[ 94.741159][ T4843] bridge0: port 1(bridge_slave_0) entered disabled state
[ 94.749101][ T4843] device bridge_slave_0 entered promiscuous mode
[ 94.757533][ T4843] bridge0: port 2(bridge_slave_1) entered blocking state
[ 94.764988][ T4843] bridge0: port 2(bridge_slave_1) entered disabled state
[ 94.773109][ T4843] device bridge_slave_1 entered promiscuous mode
[ 94.798101][ T4843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 94.809457][ T4843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 94.837715][ T4843] team0: Port device team_slave_0 added
[ 94.846320][ T4843] team0: Port device team_slave_1 added
[ 94.868790][ T4843] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 94.876058][ T4843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 94.902462][ T4843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 94.914656][ T4843] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 94.921843][ T4843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 94.948183][ T4843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 94.984443][ T4843] device hsr_slave_0 entered promiscuous mode
[ 94.991561][ T4843] device hsr_slave_1 entered promiscuous mode
[ 94.998193][ T4843] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 95.014362][ T4843] Cannot create hsr debugfs directory
[ 96.601488][ T4260] Bluetooth: hci0: command 0x0409 tx timeout
[ 97.074943][ T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 97.124957][ T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 97.166045][ T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 97.924872][ T4843] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 97.934643][ T4843] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 97.944981][ T4843] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 97.956506][ T4843] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 98.022491][ T4843] 8021q: adding VLAN 0 to HW filter on device bond0
[ 98.053326][ T161] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 98.061733][ T161] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 98.071699][ T4843] 8021q: adding VLAN 0 to HW filter on device team0
[ 98.082892][ T161] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 98.092046][ T161] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 98.100817][ T161] bridge0: port 1(bridge_slave_0) entered blocking state
[ 98.107986][ T161] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 98.115859][ T161] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 98.130130][ T161] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 98.139035][ T161] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 98.148037][ T161] bridge0: port 2(bridge_slave_1) entered blocking state
[ 98.155154][ T161] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 98.174378][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 98.183081][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 98.194006][ T4824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 98.204307][ T4824] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 98.233939][ T4824] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 98.242364][ T4824] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 98.252402][ T4824] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 98.261373][ T4824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 98.271555][ T4824] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 98.279808][ T4824] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 98.288640][ T4824] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 98.298842][ T4843] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 98.382732][ T4824] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 98.391249][ T4824] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 98.422119][ T4843] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 98.453426][ T4824] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 98.462650][ T4824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 98.478848][ T4824] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 98.487473][ T4824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 98.499116][ T4824] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 98.507776][ T4824] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 98.515723][ T4843] device veth0_vlan entered promiscuous mode
[ 98.539039][ T4843] device veth1_vlan entered promiscuous mode
[ 98.555891][ T4824] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 98.564380][ T4824] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 98.573046][ T4824] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 98.582576][ T4824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 98.592848][ T4843] device veth0_macvtap entered promiscuous mode
[ 98.604903][ T4843] device veth1_macvtap entered promiscuous mode
[ 98.626482][ T4843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 98.637576][ T4843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 98.649246][ T4843] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 98.662314][ T4824] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 98.670683][ T4824] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 98.678884][ T4824] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 98.680708][ T1111] Bluetooth: hci0: command 0x041b tx timeout
[ 98.690786][ T4824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 98.712770][ T4843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 98.723513][ T4843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 98.734782][ T4843] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 98.745547][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 98.754293][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 98.766797][ T4843] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.776035][ T4843] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.785232][ T4843] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.794150][ T4843] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.816676][ T9] device hsr_slave_0 left promiscuous mode
[ 98.823074][ T9] device hsr_slave_1 left promiscuous mode
[ 98.829352][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 98.837886][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 98.846196][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 98.853925][ T9] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 98.862123][ T9] device bridge_slave_1 left promiscuous mode
[ 98.868507][ T9] bridge0: port 2(bridge_slave_1) entered disabled state
[ 98.878978][ T9] device bridge_slave_0 left promiscuous mode
[ 98.885603][ T9] bridge0: port 1(bridge_slave_0) entered disabled state
[ 98.897037][ T9] device veth1_macvtap left promiscuous mode
[ 98.903633][ T9] device veth0_macvtap left promiscuous mode
[ 98.909850][ T9] device veth1_vlan left promiscuous mode
[ 98.915777][ T9] device veth0_vlan left promiscuous mode
[ 99.040055][ T9] team0 (unregistering): Port device team_slave_1 removed
[ 99.054471][ T9] team0 (unregistering): Port device team_slave_0 removed
[ 99.067023][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 99.080092][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 99.132022][ T9] bond0 (unregistering): Released all slaves
[ 99.230591][ T151] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.238555][ T151] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 99.243426][ T4824] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.249915][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 99.262784][ T4824] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 99.273346][ T4824] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2025/08/10 13:28:34 executed programs: 3
[ 100.760775][ T4262] Bluetooth: hci0: command 0x040f tx timeout
[ 102.841119][ T5056] Bluetooth: hci0: command 0x0419 tx timeout
2025/08/10 13:28:40 executed programs: 9
[ 107.884520][ T9] ==================================================================
[ 107.892917][ T9] BUG: KASAN: use-after-free in __lock_acquire+0xf7/0x7c60
[ 107.900263][ T9] Read of size 8 at addr ffff8880764a2c20 by task kworker/u4:0/9
[ 107.908018][ T9]
[ 107.910345][ T9] CPU: 0 PID: 9 Comm: kworker/u4:0 Not tainted 5.15.189-syzkaller #0
[ 107.918395][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 107.928441][ T9] Workqueue: kkcmd kcm_tx_work
[ 107.933232][ T9] Call Trace:
[ 107.936498][ T9]
[ 107.939522][ T9] dump_stack_lvl+0x168/0x230
[ 107.944212][ T9] ? show_regs_print_info+0x20/0x20
[ 107.949390][ T9] ? load_image+0x3b0/0x3b0
[ 107.953872][ T9] ? _raw_spin_lock_irqsave+0xb0/0xf0
[ 107.959232][ T9] print_address_description+0x60/0x2d0
[ 107.964850][ T9] ? __lock_acquire+0xf7/0x7c60
[ 107.969703][ T9] kasan_report+0xdf/0x130
[ 107.974104][ T9] ? __lock_acquire+0xf7/0x7c60
[ 107.978947][ T9] __lock_acquire+0xf7/0x7c60
[ 107.983608][ T9] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 107.989568][ T9] ? lock_chain_count+0x20/0x20
[ 107.994400][ T9] ? finish_lock_switch+0x12f/0x280
[ 107.999592][ T9] ? lockdep_hardirqs_on+0x94/0x140
[ 108.004771][ T9] ? finish_lock_switch+0x12f/0x280
[ 108.010177][ T9] ? verify_lock_unused+0x140/0x140
[ 108.015556][ T9] ? finish_task_switch+0x12f/0x640
[ 108.020740][ T9] ? __switch_to_asm+0x34/0x60
[ 108.025489][ T9] ? __schedule+0x11c0/0x43b0
[ 108.030160][ T9] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 108.036158][ T9] lock_acquire+0x197/0x3f0
[ 108.040643][ T9] ? __lock_sock+0x152/0x2a0
[ 108.045220][ T9] ? lockdep_hardirqs_on_prepare+0x760/0x760
[ 108.051268][ T9] ? __local_bh_disable_ip+0xfb/0x190
[ 108.056629][ T9] ? read_lock_is_recursive+0x10/0x10
[ 108.062158][ T9] ? __local_bh_enable_ip+0x12a/0x1b0
[ 108.067512][ T9] ? kthread_data+0x4b/0xc0
[ 108.072012][ T9] ? kthread_data+0x4b/0xc0
[ 108.076507][ T9] ? __lock_sock+0x152/0x2a0
[ 108.081171][ T9] _raw_spin_lock_bh+0x32/0x50
[ 108.085942][ T9] ? __lock_sock+0x152/0x2a0
[ 108.090713][ T9] __lock_sock+0x152/0x2a0
[ 108.095114][ T9] ? sk_page_frag_refill+0x200/0x200
[ 108.100379][ T9] ? do_raw_spin_lock+0x11d/0x280
[ 108.105381][ T9] ? init_wait_entry+0xd0/0xd0
[ 108.110133][ T9] ? __rwlock_init+0x140/0x140
[ 108.114901][ T9] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 108.121013][ T9] ? lock_sock_nested+0x68/0x100
[ 108.125931][ T9] lock_sock_nested+0x9d/0x100
[ 108.130676][ T9] kcm_tx_work+0x2d/0x180
[ 108.134987][ T9] process_one_work+0x863/0x1000
[ 108.139995][ T9] ? worker_detach_from_pool+0x240/0x240
[ 108.145607][ T9] ? lockdep_hardirqs_off+0x70/0x100
[ 108.150880][ T9] ? _raw_spin_lock_irq+0xab/0xe0
[ 108.155903][ T9] ? _raw_spin_lock_irqsave+0xf0/0xf0
[ 108.161293][ T9] ? wq_worker_running+0x97/0x170
[ 108.166336][ T9] worker_thread+0xaa8/0x12a0
[ 108.171019][ T9] kthread+0x436/0x520
[ 108.175071][ T9] ? rcu_lock_release+0x20/0x20
[ 108.180258][ T9] ? kthread_blkcg+0xd0/0xd0
[ 108.184915][ T9] ret_from_fork+0x1f/0x30
[ 108.189403][ T9]
[ 108.192404][ T9]
[ 108.194726][ T9] Allocated by task 5134:
[ 108.199372][ T9] __kasan_slab_alloc+0x9c/0xd0
[ 108.204207][ T9] slab_post_alloc_hook+0x4c/0x380
[ 108.209301][ T9] kmem_cache_alloc+0x100/0x290
[ 108.214142][ T9] sk_prot_alloc+0x57/0x210
[ 108.218631][ T9] sk_alloc+0x2f/0x310
[ 108.222773][ T9] kcm_ioctl+0x211/0xff0
[ 108.226992][ T9] sock_do_ioctl+0xd3/0x2f0
[ 108.231477][ T9] sock_ioctl+0x4ed/0x6e0
[ 108.235786][ T9] __se_sys_ioctl+0xfa/0x170
[ 108.240384][ T9] do_syscall_64+0x4c/0xa0
[ 108.244781][ T9] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 108.250676][ T9]
[ 108.253009][ T9] Freed by task 5135:
[ 108.256987][ T9] kasan_set_track+0x4b/0x70
[ 108.261566][ T9] kasan_set_free_info+0x1f/0x40
[ 108.266497][ T9] ____kasan_slab_free+0xd5/0x110
[ 108.271597][ T9] slab_free_freelist_hook+0xea/0x170
[ 108.276949][ T9] kmem_cache_free+0x8f/0x210
[ 108.281604][ T9] __sk_destruct+0x54b/0x820
[ 108.286180][ T9] kcm_release+0x51a/0x5b0
[ 108.290584][ T9] sock_close+0xd5/0x240
[ 108.294895][ T9] __fput+0x234/0x930
[ 108.298884][ T9] task_work_run+0x125/0x1a0
[ 108.303541][ T9] exit_to_user_mode_loop+0x10f/0x130
[ 108.308913][ T9] exit_to_user_mode_prepare+0xb1/0x140
[ 108.314441][ T9] syscall_exit_to_user_mode+0x16/0x40
[ 108.319979][ T9] do_syscall_64+0x58/0xa0
[ 108.324460][ T9] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 108.330344][ T9]
[ 108.332682][ T9] Last potentially related work creation:
[ 108.338458][ T9] kasan_save_stack+0x35/0x60
[ 108.343119][ T9] kasan_record_aux_stack+0xb8/0x100
[ 108.348385][ T9] insert_work+0x54/0x3d0
[ 108.352797][ T9] __queue_work+0x9c5/0xd50
[ 108.357281][ T9] queue_work_on+0x11d/0x1d0
[ 108.361847][ T9] kcm_unattach+0x85e/0xe80
[ 108.366330][ T9] kcm_ioctl+0x78d/0xff0
[ 108.370567][ T9] sock_do_ioctl+0xd3/0x2f0
[ 108.375079][ T9] sock_ioctl+0x4ed/0x6e0
[ 108.379386][ T9] __se_sys_ioctl+0xfa/0x170
[ 108.383989][ T9] do_syscall_64+0x4c/0xa0
[ 108.388386][ T9] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 108.394261][ T9]
[ 108.396653][ T9] Second to last potentially related work creation:
[ 108.403210][ T9] kasan_save_stack+0x35/0x60
[ 108.407870][ T9] kasan_record_aux_stack+0xb8/0x100
[ 108.413240][ T9] insert_work+0x54/0x3d0
[ 108.417554][ T9] __queue_work+0x9c5/0xd50
[ 108.422039][ T9] queue_work_on+0x11d/0x1d0
[ 108.426696][ T9] kcm_ioctl+0xe4b/0xff0
[ 108.430916][ T9] sock_do_ioctl+0xd3/0x2f0
[ 108.435412][ T9] sock_ioctl+0x4ed/0x6e0
[ 108.439718][ T9] __se_sys_ioctl+0xfa/0x170
[ 108.444292][ T9] do_syscall_64+0x4c/0xa0
[ 108.448693][ T9] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 108.454587][ T9]
[ 108.456902][ T9] The buggy address belongs to the object at ffff8880764a2b80
[ 108.456902][ T9] which belongs to the cache KCM of size 1728
[ 108.470504][ T9] The buggy address is located 160 bytes inside of
[ 108.470504][ T9] 1728-byte region [ffff8880764a2b80, ffff8880764a3240)
[ 108.483929][ T9] The buggy address belongs to the page:
[ 108.489535][ T9] page:ffffea0001d92800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x764a0
[ 108.499783][ T9] head:ffffea0001d92800 order:3 compound_mapcount:0 compound_pincount:0
[ 108.508120][ T9] memcg:ffff88801b5f8a01
[ 108.512355][ T9] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 108.520321][ T9] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff88814c139780
[ 108.528944][ T9] raw: 0000000000000000 0000000080110011 00000001ffffffff ffff88801b5f8a01
[ 108.537505][ T9] page dumped because: kasan: bad access detected
[ 108.543910][ T9] page_owner tracks the page as allocated
[ 108.549620][ T9] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5093, ts 99316326725, free_ts 99292863570
[ 108.570174][ T9] get_page_from_freelist+0x1b77/0x1c60
[ 108.575818][ T9] __alloc_pages+0x1e1/0x470
[ 108.580525][ T9] new_slab+0xc0/0x4b0
[ 108.584587][ T9] ___slab_alloc+0x81e/0xdf0
[ 108.589156][ T9] kmem_cache_alloc+0x195/0x290
[ 108.594007][ T9] sk_prot_alloc+0x57/0x210
[ 108.598499][ T9] sk_alloc+0x2f/0x310
[ 108.602725][ T9] kcm_create+0xfc/0x570
[ 108.606947][ T9] __sock_create+0x47b/0x900
[ 108.611554][ T9] __sys_socket+0xe2/0x170
[ 108.616131][ T9] __x64_sys_socket+0x76/0x80
[ 108.620829][ T9] do_syscall_64+0x4c/0xa0
[ 108.625240][ T9] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 108.631133][ T9] page last free stack trace:
[ 108.635789][ T9] free_unref_page_prepare+0x637/0x6c0
[ 108.641345][ T9] free_unref_page+0x94/0x280
[ 108.646007][ T9] __unfreeze_partials+0x1a5/0x200
[ 108.651101][ T9] put_cpu_partial+0x12d/0x190
[ 108.655845][ T9] qlist_free_all+0x35/0x90
[ 108.660330][ T9] kasan_quarantine_reduce+0x150/0x160
[ 108.665858][ T9] __kasan_slab_alloc+0x2f/0xd0
[ 108.670688][ T9] slab_post_alloc_hook+0x4c/0x380
[ 108.675780][ T9] __kmalloc_node_track_caller+0x156/0x3a0
[ 108.681742][ T9] __alloc_skb+0x22c/0x750
[ 108.686144][ T9] cfg80211_new_sta+0x105/0x390
[ 108.691008][ T9] sta_info_insert_rcu+0x1a3f/0x21c0
[ 108.696272][ T9] ieee80211_ibss_finish_sta+0x27f/0x350
[ 108.701908][ T9] ieee80211_ibss_rx_queued_mgmt+0x135a/0x29c0
[ 108.708069][ T9] ieee80211_iface_work+0x70e/0xc60
[ 108.713250][ T9] process_one_work+0x863/0x1000
[ 108.718171][ T9]
[ 108.720478][ T9] Memory state around the buggy address:
[ 108.726083][ T9] ffff8880764a2b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 108.734117][ T9] ffff8880764a2b80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 108.742285][ T9] >ffff8880764a2c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 108.750428][ T9] ^
[ 108.755589][ T9] ffff8880764a2c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 108.763628][ T9] ffff8880764a2d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 108.771669][ T9] ==================================================================
[ 108.779821][ T9] Disabling lock debugging due to kernel taint
[ 108.785981][ T9] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 108.793254][ T9] CPU: 0 PID: 9 Comm: kworker/u4:0 Tainted: G B 5.15.189-syzkaller #0
[ 108.802957][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 108.813129][ T9] Workqueue: kkcmd kcm_tx_work
[ 108.817945][ T9] Call Trace:
[ 108.821307][ T9]
[ 108.824236][ T9] dump_stack_lvl+0x168/0x230
[ 108.828896][ T9] ? show_regs_print_info+0x20/0x20
[ 108.834074][ T9] ? load_image+0x3b0/0x3b0
[ 108.838647][ T9] panic+0x2c9/0x7f0
[ 108.842522][ T9] ? bpf_jit_dump+0xd0/0xd0
[ 108.847021][ T9] ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 108.852897][ T9] ? _raw_spin_unlock+0x40/0x40
[ 108.857729][ T9] ? __lock_acquire+0xf7/0x7c60
[ 108.862561][ T9] check_panic_on_warn+0x80/0xa0
[ 108.867512][ T9] ? __lock_acquire+0xf7/0x7c60
[ 108.872344][ T9] end_report+0x6d/0xf0
[ 108.876484][ T9] kasan_report+0x102/0x130
[ 108.880988][ T9] ? __lock_acquire+0xf7/0x7c60
[ 108.885822][ T9] __lock_acquire+0xf7/0x7c60
[ 108.890547][ T9] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 108.896526][ T9] ? lock_chain_count+0x20/0x20
[ 108.901364][ T9] ? finish_lock_switch+0x12f/0x280
[ 108.906546][ T9] ? lockdep_hardirqs_on+0x94/0x140
[ 108.911743][ T9] ? finish_lock_switch+0x12f/0x280
[ 108.916933][ T9] ? verify_lock_unused+0x140/0x140
[ 108.922216][ T9] ? finish_task_switch+0x12f/0x640
[ 108.927413][ T9] ? __switch_to_asm+0x34/0x60
[ 108.932286][ T9] ? __schedule+0x11c0/0x43b0
[ 108.936954][ T9] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 108.943032][ T9] lock_acquire+0x197/0x3f0
[ 108.947530][ T9] ? __lock_sock+0x152/0x2a0
[ 108.952109][ T9] ? lockdep_hardirqs_on_prepare+0x760/0x760
[ 108.958245][ T9] ? __local_bh_disable_ip+0xfb/0x190
[ 108.963597][ T9] ? read_lock_is_recursive+0x10/0x10
[ 108.968991][ T9] ? __local_bh_enable_ip+0x12a/0x1b0
[ 108.974430][ T9] ? kthread_data+0x4b/0xc0
[ 108.978924][ T9] ? kthread_data+0x4b/0xc0
[ 108.983437][ T9] ? __lock_sock+0x152/0x2a0
[ 108.988016][ T9] _raw_spin_lock_bh+0x32/0x50
[ 108.992770][ T9] ? __lock_sock+0x152/0x2a0
[ 108.997382][ T9] __lock_sock+0x152/0x2a0
[ 109.001780][ T9] ? sk_page_frag_refill+0x200/0x200
[ 109.007128][ T9] ? do_raw_spin_lock+0x11d/0x280
[ 109.012236][ T9] ? init_wait_entry+0xd0/0xd0
[ 109.017067][ T9] ? __rwlock_init+0x140/0x140
[ 109.021810][ T9] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 109.027778][ T9] ? lock_sock_nested+0x68/0x100
[ 109.032703][ T9] lock_sock_nested+0x9d/0x100
[ 109.037455][ T9] kcm_tx_work+0x2d/0x180
[ 109.041772][ T9] process_one_work+0x863/0x1000
[ 109.046691][ T9] ? worker_detach_from_pool+0x240/0x240
[ 109.052300][ T9] ? lockdep_hardirqs_off+0x70/0x100
[ 109.057571][ T9] ? _raw_spin_lock_irq+0xab/0xe0
[ 109.062588][ T9] ? _raw_spin_lock_irqsave+0xf0/0xf0
[ 109.067940][ T9] ? wq_worker_running+0x97/0x170
[ 109.072944][ T9] worker_thread+0xaa8/0x12a0
[ 109.077631][ T9] kthread+0x436/0x520
[ 109.081678][ T9] ? rcu_lock_release+0x20/0x20
[ 109.086542][ T9] ? kthread_blkcg+0xd0/0xd0
[ 109.091108][ T9] ret_from_fork+0x1f/0x30
[ 109.095516][ T9]
[ 109.098835][ T9] Kernel Offset: disabled
[ 109.103153][ T9] Rebooting in 86400 seconds..