Warning: Permanently added '10.128.0.197' (ED25519) to the list of known hosts.
2025/12/29 02:21:36 parsed 1 programs
[   95.155490][ T4616] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   96.759655][  T151] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.767988][  T151] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.783942][ T1164] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   96.796373][ T1164] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.805117][ T1164] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.815555][ T1164] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   97.391317][ T4652] chnl_net:caif_netlink_parms(): no params data found
[   97.447558][ T4652] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.454873][ T4652] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.463042][ T4652] device bridge_slave_0 entered promiscuous mode
[   97.471708][ T4652] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.479286][ T4652] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.487698][ T4652] device bridge_slave_1 entered promiscuous mode
[   97.513420][ T4652] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.525797][ T4652] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.554216][ T4652] team0: Port device team_slave_0 added
[   97.562334][ T4652] team0: Port device team_slave_1 added
[   97.585616][ T4652] batman_adv: batadv0: Adding interface: batadv_slave_0
[   97.592752][ T4652] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.619705][ T4652] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   97.632257][ T4652] batman_adv: batadv0: Adding interface: batadv_slave_1
[   97.639265][ T4652] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.665557][ T4652] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   97.701671][ T4652] device hsr_slave_0 entered promiscuous mode
[   97.708702][ T4652] device hsr_slave_1 entered promiscuous mode
[   98.339528][ T4652] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   98.388617][ T4652] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   98.398157][ T4652] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   98.416428][ T4652] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   98.505053][ T4652] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.520113][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   98.528947][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   98.540442][ T4652] 8021q: adding VLAN 0 to HW filter on device team0
[   98.551357][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   98.560290][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   98.570694][  T151] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.577971][  T151] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.594427][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   98.602651][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   98.613549][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   98.622991][  T151] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.630251][  T151] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.638586][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   98.668048][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   98.677004][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   98.689212][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   98.699240][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   98.739821][ T4652] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   98.752633][ T4652] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   98.766041][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   98.776715][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   98.786809][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   98.795824][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   98.808168][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   98.817071][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   98.852188][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   98.952666][ T1164] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   98.960493][ T1164] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   98.983304][ T4652] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.005879][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   99.017467][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   99.049582][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   99.059126][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   99.071084][ T4652] device veth0_vlan entered promiscuous mode
[   99.095383][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   99.103283][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   99.117508][ T4652] device veth1_vlan entered promiscuous mode
[   99.151264][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   99.162216][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   99.171206][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   99.181361][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   99.192118][ T4652] device veth0_macvtap entered promiscuous mode
[   99.215487][ T4652] device veth1_macvtap entered promiscuous mode
[   99.233526][ T4652] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.242076][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   99.251269][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   99.262004][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   99.272140][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   99.287545][ T4652] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.300158][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   99.309786][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   99.334175][ T4652] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.342920][ T4652] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.354465][ T4652] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.363376][ T4652] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2025/12/29 02:21:44 executed programs: 0
[  101.422788][ T4809] chnl_net:caif_netlink_parms(): no params data found
[  101.450244][ T4203] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.516534][ T4809] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.524864][ T4809] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.532997][ T4809] device bridge_slave_0 entered promiscuous mode
[  101.544334][ T4809] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.551602][ T4809] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.562212][ T4809] device bridge_slave_1 entered promiscuous mode
[  101.590428][ T4809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  101.602158][ T4809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  101.631278][ T4809] team0: Port device team_slave_0 added
[  101.639768][ T4809] team0: Port device team_slave_1 added
[  101.663151][ T4809] batman_adv: batadv0: Adding interface: batadv_slave_0
[  101.670472][ T4809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.696677][ T4809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  101.709150][ T4809] batman_adv: batadv0: Adding interface: batadv_slave_1
[  101.716418][ T4809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.742795][ T4809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  101.778813][ T4809] device hsr_slave_0 entered promiscuous mode
[  101.785881][ T4809] device hsr_slave_1 entered promiscuous mode
[  101.793565][ T4809] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  101.801801][ T4809] Cannot create hsr debugfs directory
[  103.244084][ T4264] Bluetooth: hci0: command 0x0409 tx timeout
[  104.004319][ T4203] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.054590][ T4203] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.112132][ T4203] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.925393][ T4809] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  104.937135][ T4809] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  104.961641][ T4809] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  104.970624][ T4809] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  105.031065][ T4809] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.057860][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  105.066545][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  105.076697][ T4809] 8021q: adding VLAN 0 to HW filter on device team0
[  105.093278][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  105.103020][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  105.112391][  T144] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.119516][  T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.127401][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  105.148651][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  105.158151][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  105.167908][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.175005][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.205582][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  105.216437][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  105.229050][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  105.238700][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  105.248100][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  105.276576][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  105.285647][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  105.297471][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  105.306585][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  105.318679][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  105.327415][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  105.333862][ T5046] Bluetooth: hci0: command 0x041b tx timeout
[  105.355844][ T4809] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  105.445252][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  105.452748][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  105.466604][ T4809] 8021q: adding VLAN 0 to HW filter on device batadv0
[  105.479974][ T4203] device hsr_slave_0 left promiscuous mode
[  105.487498][ T4203] device hsr_slave_1 left promiscuous mode
[  105.494764][ T4203] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  105.502179][ T4203] batman_adv: batadv0: Removing interface: batadv_slave_0
[  105.510476][ T4203] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  105.520273][ T4203] batman_adv: batadv0: Removing interface: batadv_slave_1
[  105.528123][ T4203] device bridge_slave_1 left promiscuous mode
[  105.534853][ T4203] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.543648][ T4203] device bridge_slave_0 left promiscuous mode
[  105.550629][ T4203] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.561634][ T4203] device veth1_macvtap left promiscuous mode
[  105.567891][ T4203] device veth0_macvtap left promiscuous mode
[  105.574220][ T4203] device veth1_vlan left promiscuous mode
[  105.580009][ T4203] device veth0_vlan left promiscuous mode
[  105.715210][ T4203] team0 (unregistering): Port device team_slave_1 removed
[  105.731792][ T4203] team0 (unregistering): Port device team_slave_0 removed
[  105.742729][ T4203] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  105.756394][ T4203] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  105.806080][ T4203] bond0 (unregistering): Released all slaves
[  105.872342][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  105.881780][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  105.903541][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  105.912631][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  105.921723][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  105.930056][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  105.942553][ T4809] device veth0_vlan entered promiscuous mode
[  105.955227][ T4809] device veth1_vlan entered promiscuous mode
[  105.981298][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  105.989758][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  105.998919][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  106.007807][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  106.019444][ T4809] device veth0_macvtap entered promiscuous mode
[  106.029575][ T4809] device veth1_macvtap entered promiscuous mode
[  106.046688][ T4809] batman_adv: batadv0: Interface activated: batadv_slave_0
[  106.056197][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  106.065056][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  106.073297][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  106.082847][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  106.096601][ T4809] batman_adv: batadv0: Interface activated: batadv_slave_1
[  106.105846][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  106.114803][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  106.125190][ T4809] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  106.134490][ T4809] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  106.143181][ T4809] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  106.152289][ T4809] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  106.234133][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.242290][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  106.256363][ T1164] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  106.268690][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
2025/12/29 02:21:50 executed programs: 2
[  106.284319][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  106.297924][ T1164] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  107.259725][ T4203] ==================================================================
[  107.267825][ T4203] BUG: KASAN: use-after-free in __lock_acquire+0xf7/0x7c60
[  107.275032][ T4203] Read of size 8 at addr ffff88807cf20fa0 by task kworker/u4:4/4203
[  107.283438][ T4203] 
[  107.285766][ T4203] CPU: 0 PID: 4203 Comm: kworker/u4:4 Not tainted syzkaller #0
[  107.293476][ T4203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  107.303523][ T4203] Workqueue: kkcmd kcm_tx_work
[  107.308600][ T4203] Call Trace:
[  107.311867][ T4203]  <TASK>
[  107.314785][ T4203]  dump_stack_lvl+0x168/0x230
[  107.319453][ T4203]  ? show_regs_print_info+0x20/0x20
[  107.324648][ T4203]  ? load_image+0x3b0/0x3b0
[  107.329176][ T4203]  ? _raw_spin_lock_irqsave+0xb0/0xf0
[  107.334553][ T4203]  print_address_description+0x60/0x2d0
[  107.340107][ T4203]  ? __lock_acquire+0xf7/0x7c60
[  107.345015][ T4203]  kasan_report+0xdf/0x130
[  107.349548][ T4203]  ? __lock_acquire+0xf7/0x7c60
[  107.354395][ T4203]  __lock_acquire+0xf7/0x7c60
[  107.359067][ T4203]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  107.365032][ T4203]  ? lock_chain_count+0x20/0x20
[  107.369876][ T4203]  ? finish_lock_switch+0x12f/0x280
[  107.375068][ T4203]  ? lockdep_hardirqs_on+0x94/0x140
[  107.380265][ T4203]  ? finish_lock_switch+0x12f/0x280
[  107.385450][ T4203]  ? verify_lock_unused+0x140/0x140
[  107.390728][ T4203]  ? finish_task_switch+0x12f/0x640
[  107.396008][ T4203]  ? __switch_to_asm+0x34/0x60
[  107.400760][ T4203]  ? __schedule+0x11c3/0x4390
[  107.405437][ T4203]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  107.411595][ T4203]  lock_acquire+0x197/0x3f0
[  107.416112][ T4203]  ? __lock_sock+0x152/0x2a0
[  107.420693][ T4203]  ? lockdep_hardirqs_on_prepare+0x760/0x760
[  107.426657][ T4203]  ? __local_bh_disable_ip+0xfb/0x190
[  107.432046][ T4203]  ? read_lock_is_recursive+0x10/0x10
[  107.437420][ T4203]  ? __local_bh_enable_ip+0x12a/0x1b0
[  107.442814][ T4203]  ? kthread_data+0x4b/0xc0
[  107.447334][ T4203]  ? kthread_data+0x4b/0xc0
[  107.451860][ T4203]  ? __lock_sock+0x152/0x2a0
[  107.456442][ T4203]  _raw_spin_lock_bh+0x32/0x50
[  107.461202][ T4203]  ? __lock_sock+0x152/0x2a0
[  107.465806][ T4203]  __lock_sock+0x152/0x2a0
[  107.470215][ T4203]  ? sk_page_frag_refill+0x200/0x200
[  107.475487][ T4203]  ? do_raw_spin_lock+0x11d/0x280
[  107.480500][ T4203]  ? init_wait_entry+0xd0/0xd0
[  107.485251][ T4203]  ? __rwlock_init+0x140/0x140
[  107.490614][ T4203]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  107.496675][ T4203]  ? lock_sock_nested+0x68/0x100
[  107.501610][ T4203]  lock_sock_nested+0x9d/0x100
[  107.506374][ T4203]  kcm_tx_work+0x2d/0x180
[  107.510702][ T4203]  process_one_work+0x863/0x1000
[  107.515636][ T4203]  ? worker_detach_from_pool+0x240/0x240
[  107.521259][ T4203]  ? lockdep_hardirqs_off+0x70/0x100
[  107.526532][ T4203]  ? _raw_spin_lock_irq+0xab/0xe0
[  107.531541][ T4203]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  107.536909][ T4203]  ? wq_worker_running+0x97/0x170
[  107.541929][ T4203]  worker_thread+0xaa8/0x12a0
[  107.546622][ T4203]  ? _raw_spin_unlock_irqrestore+0x82/0x100
[  107.552538][ T4203]  ? lockdep_hardirqs_on+0x94/0x140
[  107.557744][ T4203]  ? lockdep_hardirqs_on+0x94/0x140
[  107.562964][ T4203]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  107.568850][ T4203]  kthread+0x436/0x520
[  107.572999][ T4203]  ? rcu_lock_release+0x20/0x20
[  107.577834][ T4203]  ? kthread_blkcg+0xd0/0xd0
[  107.582415][ T4203]  ret_from_fork+0x1f/0x30
[  107.586996][ T4203]  </TASK>
[  107.590001][ T4203] 
[  107.592308][ T4203] Allocated by task 5092:
[  107.596872][ T4203]  __kasan_slab_alloc+0x9c/0xd0
[  107.601712][ T4203]  slab_post_alloc_hook+0x4c/0x380
[  107.606821][ T4203]  kmem_cache_alloc+0x100/0x290
[  107.611662][ T4203]  sk_prot_alloc+0x57/0x210
[  107.616158][ T4203]  sk_alloc+0x2f/0x310
[  107.620210][ T4203]  kcm_ioctl+0x211/0xff0
[  107.624439][ T4203]  sock_do_ioctl+0xd3/0x2f0
[  107.628937][ T4203]  sock_ioctl+0x4ed/0x6e0
[  107.633251][ T4203]  __se_sys_ioctl+0xfa/0x170
[  107.637822][ T4203]  do_syscall_64+0x4c/0xa0
[  107.642218][ T4203]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  107.648097][ T4203] 
[  107.650408][ T4203] Freed by task 5093:
[  107.654365][ T4203]  kasan_set_track+0x4b/0x70
[  107.658945][ T4203]  kasan_set_free_info+0x1f/0x40
[  107.663875][ T4203]  ____kasan_slab_free+0xd5/0x110
[  107.668883][ T4203]  slab_free_freelist_hook+0xea/0x170
[  107.674238][ T4203]  kmem_cache_free+0x8f/0x210
[  107.678924][ T4203]  __sk_destruct+0x569/0x840
[  107.683505][ T4203]  kcm_release+0x51a/0x5b0
[  107.688285][ T4203]  sock_close+0xd5/0x240
[  107.692566][ T4203]  __fput+0x234/0x930
[  107.696535][ T4203]  task_work_run+0x125/0x1a0
[  107.701112][ T4203]  exit_to_user_mode_loop+0x10f/0x130
[  107.706571][ T4203]  exit_to_user_mode_prepare+0xee/0x180
[  107.712118][ T4203]  syscall_exit_to_user_mode+0x16/0x40
[  107.717696][ T4203]  do_syscall_64+0x58/0xa0
[  107.722123][ T4203]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  107.728008][ T4203] 
[  107.730316][ T4203] Last potentially related work creation:
[  107.736009][ T4203]  kasan_save_stack+0x35/0x60
[  107.740678][ T4203]  kasan_record_aux_stack+0xb8/0x100
[  107.745951][ T4203]  insert_work+0x54/0x3d0
[  107.750269][ T4203]  __queue_work+0x9c5/0xd50
[  107.754941][ T4203]  queue_work_on+0x11d/0x1d0
[  107.759605][ T4203]  kcm_unattach+0x85e/0xe80
[  107.764105][ T4203]  kcm_ioctl+0x78d/0xff0
[  107.768388][ T4203]  sock_do_ioctl+0xd3/0x2f0
[  107.772876][ T4203]  sock_ioctl+0x4ed/0x6e0
[  107.777298][ T4203]  __se_sys_ioctl+0xfa/0x170
[  107.781906][ T4203]  do_syscall_64+0x4c/0xa0
[  107.786315][ T4203]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  107.792771][ T4203] 
[  107.795378][ T4203] Second to last potentially related work creation:
[  107.802052][ T4203]  kasan_save_stack+0x35/0x60
[  107.806829][ T4203]  kasan_record_aux_stack+0xb8/0x100
[  107.812142][ T4203]  insert_work+0x54/0x3d0
[  107.816803][ T4203]  __queue_work+0x9c5/0xd50
[  107.821300][ T4203]  queue_work_on+0x11d/0x1d0
[  107.825879][ T4203]  kcm_ioctl+0xe4b/0xff0
[  107.830146][ T4203]  sock_do_ioctl+0xd3/0x2f0
[  107.834652][ T4203]  sock_ioctl+0x4ed/0x6e0
[  107.838981][ T4203]  __se_sys_ioctl+0xfa/0x170
[  107.843748][ T4203]  do_syscall_64+0x4c/0xa0
[  107.848257][ T4203]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  107.854145][ T4203] 
[  107.856453][ T4203] The buggy address belongs to the object at ffff88807cf20f00
[  107.856453][ T4203]  which belongs to the cache KCM of size 1736
[  107.869991][ T4203] The buggy address is located 160 bytes inside of
[  107.869991][ T4203]  1736-byte region [ffff88807cf20f00, ffff88807cf215c8)
[  107.883693][ T4203] The buggy address belongs to the page:
[  107.889457][ T4203] page:ffffea0001f3c800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7cf20
[  107.899684][ T4203] head:ffffea0001f3c800 order:3 compound_mapcount:0 compound_pincount:0
[  107.907996][ T4203] memcg:ffff8880247cf701
[  107.912226][ T4203] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  107.920217][ T4203] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff88802a271b40
[  107.928795][ T4203] raw: 0000000000000000 0000000080110011 00000001ffffffff ffff8880247cf701
[  107.937359][ T4203] page dumped because: kasan: bad access detected
[  107.943763][ T4203] page_owner tracks the page as allocated
[  107.949496][ T4203] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5087, ts 106356226044, free_ts 106346420903
[  107.970344][ T4203]  get_page_from_freelist+0x1b77/0x1c60
[  107.976338][ T4203]  __alloc_pages+0x1e1/0x470
[  107.980917][ T4203]  new_slab+0xc0/0x4b0
[  107.984972][ T4203]  ___slab_alloc+0x81e/0xdf0
[  107.989633][ T4203]  kmem_cache_alloc+0x195/0x290
[  107.994477][ T4203]  sk_prot_alloc+0x57/0x210
[  107.998968][ T4203]  sk_alloc+0x2f/0x310
[  108.003058][ T4203]  kcm_create+0xfc/0x570
[  108.007298][ T4203]  __sock_create+0x47b/0x900
[  108.011888][ T4203]  __sys_socket+0xe2/0x170
[  108.016304][ T4203]  __x64_sys_socket+0x76/0x80
[  108.020968][ T4203]  do_syscall_64+0x4c/0xa0
[  108.025386][ T4203]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  108.031266][ T4203] page last free stack trace:
[  108.035917][ T4203]  free_unref_page_prepare+0x637/0x6c0
[  108.041364][ T4203]  free_unref_page+0x94/0x280
[  108.046072][ T4203]  __unfreeze_partials+0x1a5/0x200
[  108.051178][ T4203]  put_cpu_partial+0x12d/0x190
[  108.055923][ T4203]  qlist_free_all+0x35/0x90
[  108.060406][ T4203]  kasan_quarantine_reduce+0x150/0x160
[  108.065844][ T4203]  __kasan_slab_alloc+0x2f/0xd0
[  108.070764][ T4203]  slab_post_alloc_hook+0x4c/0x380
[  108.075964][ T4203]  __kmalloc+0x127/0x330
[  108.080207][ T4203]  tomoyo_realpath_from_path+0x118/0x610
[  108.085822][ T4203]  tomoyo_path_perm+0x1cd/0x510
[  108.090658][ T4203]  security_inode_getattr+0xcf/0x120
[  108.095922][ T4203]  vfs_getattr+0x26/0x3a0
[  108.100241][ T4203]  vfs_statx+0x149/0x4d0
[  108.104468][ T4203]  __x64_sys_newfstatat+0x12c/0x1b0
[  108.109677][ T4203]  do_syscall_64+0x4c/0xa0
[  108.114075][ T4203] 
[  108.116375][ T4203] Memory state around the buggy address:
[  108.121978][ T4203]  ffff88807cf20e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  108.130013][ T4203]  ffff88807cf20f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  108.138134][ T4203] >ffff88807cf20f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  108.146173][ T4203]                                ^
[  108.151257][ T4203]  ffff88807cf21000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  108.159294][ T4203]  ffff88807cf21080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  108.167330][ T4203] ==================================================================
[  108.175363][ T4203] Disabling lock debugging due to kernel taint
[  108.181501][ T4203] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  108.188683][ T4203] CPU: 0 PID: 4203 Comm: kworker/u4:4 Tainted: G    B             syzkaller #0
[  108.197959][ T4203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  108.208012][ T4203] Workqueue: kkcmd kcm_tx_work
[  108.212824][ T4203] Call Trace:
[  108.216088][ T4203]  <TASK>
[  108.219006][ T4203]  dump_stack_lvl+0x168/0x230
[  108.223672][ T4203]  ? show_regs_print_info+0x20/0x20
[  108.229030][ T4203]  ? load_image+0x3b0/0x3b0
[  108.233519][ T4203]  panic+0x2c9/0x7f0
[  108.237404][ T4203]  ? bpf_jit_dump+0xd0/0xd0
[  108.241983][ T4203]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  108.247865][ T4203]  ? _raw_spin_unlock+0x40/0x40
[  108.252698][ T4203]  ? __lock_acquire+0xf7/0x7c60
[  108.257535][ T4203]  check_panic_on_warn+0x80/0xa0
[  108.262497][ T4203]  ? __lock_acquire+0xf7/0x7c60
[  108.267328][ T4203]  end_report+0x6d/0xf0
[  108.271465][ T4203]  kasan_report+0x102/0x130
[  108.275950][ T4203]  ? __lock_acquire+0xf7/0x7c60
[  108.280784][ T4203]  __lock_acquire+0xf7/0x7c60
[  108.285529][ T4203]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  108.291853][ T4203]  ? lock_chain_count+0x20/0x20
[  108.296728][ T4203]  ? finish_lock_switch+0x12f/0x280
[  108.301997][ T4203]  ? lockdep_hardirqs_on+0x94/0x140
[  108.307177][ T4203]  ? finish_lock_switch+0x12f/0x280
[  108.312355][ T4203]  ? verify_lock_unused+0x140/0x140
[  108.317539][ T4203]  ? finish_task_switch+0x12f/0x640
[  108.322722][ T4203]  ? __switch_to_asm+0x34/0x60
[  108.327471][ T4203]  ? __schedule+0x11c3/0x4390
[  108.332133][ T4203]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  108.338095][ T4203]  lock_acquire+0x197/0x3f0
[  108.342585][ T4203]  ? __lock_sock+0x152/0x2a0
[  108.347243][ T4203]  ? lockdep_hardirqs_on_prepare+0x760/0x760
[  108.353206][ T4203]  ? __local_bh_disable_ip+0xfb/0x190
[  108.358645][ T4203]  ? read_lock_is_recursive+0x10/0x10
[  108.364008][ T4203]  ? __local_bh_enable_ip+0x12a/0x1b0
[  108.369402][ T4203]  ? kthread_data+0x4b/0xc0
[  108.374034][ T4203]  ? kthread_data+0x4b/0xc0
[  108.378548][ T4203]  ? __lock_sock+0x152/0x2a0
[  108.383123][ T4203]  _raw_spin_lock_bh+0x32/0x50
[  108.387875][ T4203]  ? __lock_sock+0x152/0x2a0
[  108.392448][ T4203]  __lock_sock+0x152/0x2a0
[  108.396846][ T4203]  ? sk_page_frag_refill+0x200/0x200
[  108.402114][ T4203]  ? do_raw_spin_lock+0x11d/0x280
[  108.407542][ T4203]  ? init_wait_entry+0xd0/0xd0
[  108.412307][ T4203]  ? __rwlock_init+0x140/0x140
[  108.417155][ T4203]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  108.423145][ T4203]  ? lock_sock_nested+0x68/0x100
[  108.428086][ T4203]  lock_sock_nested+0x9d/0x100
[  108.432871][ T4203]  kcm_tx_work+0x2d/0x180
[  108.437211][ T4203]  process_one_work+0x863/0x1000
[  108.442151][ T4203]  ? worker_detach_from_pool+0x240/0x240
[  108.447895][ T4203]  ? lockdep_hardirqs_off+0x70/0x100
[  108.453546][ T4203]  ? _raw_spin_lock_irq+0xab/0xe0
[  108.458654][ T4203]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  108.464099][ T4203]  ? wq_worker_running+0x97/0x170
[  108.469106][ T4203]  worker_thread+0xaa8/0x12a0
[  108.473860][ T4203]  ? _raw_spin_unlock_irqrestore+0x82/0x100
[  108.479817][ T4203]  ? lockdep_hardirqs_on+0x94/0x140
[  108.484996][ T4203]  ? lockdep_hardirqs_on+0x94/0x140
[  108.490175][ T4203]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  108.496064][ T4203]  kthread+0x436/0x520
[  108.500158][ T4203]  ? rcu_lock_release+0x20/0x20
[  108.505139][ T4203]  ? kthread_blkcg+0xd0/0xd0
[  108.509737][ T4203]  ret_from_fork+0x1f/0x30
[  108.514148][ T4203]  </TASK>
[  108.517495][ T4203] Kernel Offset: disabled
[  108.521826][ T4203] Rebooting in 86400 seconds..