Warning: Permanently added '10.128.1.131' (ED25519) to the list of known hosts. 2026/05/23 09:30:47 parsed 1 programs [ 113.757825][ T4626] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 115.843802][ T4246] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.851686][ T4246] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.880886][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 115.895871][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.904414][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.912783][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 117.422815][ T4673] chnl_net:caif_netlink_parms(): no params data found [ 117.470535][ T4673] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.477980][ T4673] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.486820][ T4673] device bridge_slave_0 entered promiscuous mode [ 117.495008][ T4673] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.502278][ T4673] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.510588][ T4673] device bridge_slave_1 entered promiscuous mode [ 117.533336][ T4673] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 117.544876][ T4673] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 117.569082][ T4673] team0: Port device team_slave_0 added [ 117.577135][ T4673] team0: Port device team_slave_1 added [ 117.597470][ T4673] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 117.604536][ T4673] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 117.630952][ T4673] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 117.643288][ T4673] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 117.650358][ T4673] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 117.676324][ T4673] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 117.708132][ T4673] device hsr_slave_0 entered promiscuous mode [ 117.715234][ T4673] device hsr_slave_1 entered promiscuous mode [ 118.310144][ T4673] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 118.320190][ T4673] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 118.336105][ T4673] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 118.369900][ T4673] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 118.397788][ T4673] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.404959][ T4673] bridge0: port 2(bridge_slave_1) entered forwarding state [ 118.412478][ T4673] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.419678][ T4673] bridge0: port 1(bridge_slave_0) entered forwarding state [ 118.432223][ T1160] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.441488][ T1160] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.542912][ T4673] 8021q: adding VLAN 0 to HW filter on device bond0 [ 118.558345][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 118.567358][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 118.587357][ T4673] 8021q: adding VLAN 0 to HW filter on device team0 [ 118.634372][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 118.644393][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 118.653129][ T1160] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.660311][ T1160] bridge0: port 1(bridge_slave_0) entered forwarding state [ 118.669529][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 118.678503][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 118.687691][ T1160] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.694842][ T1160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 118.704791][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 118.714360][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 118.748257][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 118.761727][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 118.772009][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 118.782345][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 118.792945][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 118.834804][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 118.843291][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 118.859690][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 118.870795][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 118.887820][ T4673] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 119.107204][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 119.123851][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 119.138021][ T4673] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 119.172982][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 119.195634][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 119.225440][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 119.246133][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 119.264658][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 119.277498][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 119.296983][ T4673] device veth0_vlan entered promiscuous mode [ 119.320875][ T4673] device veth1_vlan entered promiscuous mode [ 119.357771][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 119.374460][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 119.393170][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 119.405776][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 119.425004][ T4673] device veth0_macvtap entered promiscuous mode [ 119.435924][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 119.446692][ T4673] device veth1_macvtap entered promiscuous mode [ 119.468671][ T4673] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 119.476959][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 119.488317][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 119.502634][ T4673] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 119.511517][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 119.521516][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 119.533505][ T4673] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.543430][ T4673] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.562136][ T4673] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.571331][ T4673] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 2026/05/23 09:30:58 executed programs: 0 [ 121.005257][ T4777] chnl_net:caif_netlink_parms(): no params data found [ 121.110600][ T4777] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.120156][ T4777] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.131680][ T4777] device bridge_slave_0 entered promiscuous mode [ 121.157471][ T4777] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.173810][ T4777] bridge0: port 2(bridge_slave_1) entered disabled state [ 121.186391][ T4777] device bridge_slave_1 entered promiscuous mode [ 121.238264][ T4777] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 121.253215][ T4777] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 121.306138][ T4777] team0: Port device team_slave_0 added [ 121.326996][ T4777] team0: Port device team_slave_1 added [ 121.367973][ T4777] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 121.382663][ T4777] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 121.415104][ T4777] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 121.442708][ T4293] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.459067][ T4777] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 121.469506][ T4777] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 121.499206][ T4777] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 121.551891][ T4777] device hsr_slave_0 entered promiscuous mode [ 121.559380][ T4777] device hsr_slave_1 entered promiscuous mode [ 121.568752][ T4777] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 121.576679][ T4777] Cannot create hsr debugfs directory [ 122.833943][ T7] Bluetooth: hci0: command 0x0409 tx timeout [ 124.620030][ T4293] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.690105][ T4293] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.766113][ T4293] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.914973][ T4313] Bluetooth: hci0: command 0x041b tx timeout [ 125.692418][ T4777] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 125.702607][ T4777] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 125.727357][ T4777] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 125.738114][ T4777] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 125.814897][ T4777] 8021q: adding VLAN 0 to HW filter on device bond0 [ 125.827819][ T4293] device hsr_slave_0 left promiscuous mode [ 125.834466][ T4293] device hsr_slave_1 left promiscuous mode [ 125.840909][ T4293] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 125.848781][ T4293] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 125.857751][ T4293] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 125.865571][ T4293] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 125.873436][ T4293] device bridge_slave_1 left promiscuous mode [ 125.879746][ T4293] bridge0: port 2(bridge_slave_1) entered disabled state [ 125.888524][ T4293] device bridge_slave_0 left promiscuous mode [ 125.895119][ T4293] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.909392][ T4293] device veth1_macvtap left promiscuous mode [ 125.915546][ T4293] device veth0_macvtap left promiscuous mode [ 125.921613][ T4293] device veth1_vlan left promiscuous mode [ 125.927535][ T4293] device veth0_vlan left promiscuous mode [ 126.077180][ T4293] team0 (unregistering): Port device team_slave_1 removed [ 126.089617][ T4293] team0 (unregistering): Port device team_slave_0 removed [ 126.106668][ T4293] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 126.120980][ T4293] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 126.180018][ T4293] bond0 (unregistering): Released all slaves [ 126.276899][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 126.285061][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 126.296399][ T4777] 8021q: adding VLAN 0 to HW filter on device team0 [ 126.307263][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 126.316495][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 126.325208][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.332266][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 126.346948][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 126.355200][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 126.365942][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 126.374675][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.381910][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 126.389916][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 126.412427][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 126.422343][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 126.433517][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 126.442589][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 126.455440][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 126.464468][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 126.476266][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 126.484838][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 126.495451][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 126.504726][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 126.516228][ T4777] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 126.625385][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 126.632902][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 126.646293][ T4777] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 126.663091][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 126.672161][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 126.691811][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 126.700564][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 126.711784][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 126.720078][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 126.729361][ T4777] device veth0_vlan entered promiscuous mode [ 126.751531][ T4777] device veth1_vlan entered promiscuous mode [ 126.778401][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 126.787688][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 126.798093][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 126.806887][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 126.819403][ T4777] device veth0_macvtap entered promiscuous mode [ 126.841275][ T4777] device veth1_macvtap entered promiscuous mode [ 126.861511][ T4777] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 126.871282][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 126.881800][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 126.890649][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 126.900882][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 126.913297][ T4777] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 126.923993][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 126.933198][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 126.945843][ T4777] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.957038][ T4777] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.966942][ T4777] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.976927][ T4777] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.993951][ T1324] Bluetooth: hci0: command 0x040f tx timeout [ 127.055923][ T1160] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.076580][ T1160] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.099088][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready 2026/05/23 09:31:05 executed programs: 2 [ 127.115402][ T4246] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.124301][ T4246] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.132799][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 129.063736][ T1324] Bluetooth: hci0: command 0x0419 tx timeout [ 130.672613][ T144] ================================================================== [ 130.680737][ T144] BUG: KASAN: use-after-free in __lock_acquire+0x106/0x7d10 [ 130.688067][ T144] Read of size 8 at addr ffff88807b762620 by task kworker/u4:1/144 [ 130.695974][ T144] [ 130.698330][ T144] CPU: 1 PID: 144 Comm: kworker/u4:1 Not tainted syzkaller #0 [ 130.705802][ T144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 130.715874][ T144] Workqueue: kkcmd kcm_tx_work [ 130.720669][ T144] Call Trace: [ 130.723967][ T144] [ 130.726910][ T144] dump_stack_lvl+0x188/0x250 [ 130.731604][ T144] ? show_regs_print_info+0x20/0x20 [ 130.736818][ T144] ? load_image+0x400/0x400 [ 130.741341][ T144] ? _raw_spin_lock_irqsave+0xbc/0x100 [ 130.746817][ T144] print_address_description+0x60/0x2d0 [ 130.752481][ T144] ? __lock_acquire+0x106/0x7d10 [ 130.757783][ T144] kasan_report+0xdf/0x130 [ 130.762304][ T144] ? __lock_acquire+0x106/0x7d10 [ 130.767280][ T144] __lock_acquire+0x106/0x7d10 [ 130.772061][ T144] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 130.778063][ T144] ? lock_chain_count+0x20/0x20 [ 130.782937][ T144] ? finish_lock_switch+0x12f/0x280 [ 130.788148][ T144] ? finish_lock_switch+0x12f/0x280 [ 130.793387][ T144] ? verify_lock_unused+0x140/0x140 [ 130.798600][ T144] ? finish_task_switch+0x12f/0x640 [ 130.803814][ T144] ? __switch_to_asm+0x34/0x60 [ 130.808596][ T144] ? __schedule+0x11f7/0x43c0 [ 130.813306][ T144] lock_acquire+0x19e/0x400 [ 130.817827][ T144] ? __lock_sock+0x166/0x2b0 [ 130.822431][ T144] ? lockdep_hardirqs_on_prepare+0x770/0x770 [ 130.828432][ T144] ? __local_bh_disable_ip+0x111/0x1a0 [ 130.834001][ T144] ? read_lock_is_recursive+0x10/0x10 [ 130.839392][ T144] ? __local_bh_enable_ip+0x136/0x1c0 [ 130.844783][ T144] ? kthread_data+0x4b/0xc0 [ 130.849321][ T144] ? kthread_data+0x4b/0xc0 [ 130.853843][ T144] ? __lock_sock+0x166/0x2b0 [ 130.858493][ T144] _raw_spin_lock_bh+0x32/0x50 [ 130.863272][ T144] ? __lock_sock+0x166/0x2b0 [ 130.867903][ T144] __lock_sock+0x166/0x2b0 [ 130.872334][ T144] ? sk_page_frag_refill+0x200/0x200 [ 130.877637][ T144] ? do_raw_spin_lock+0x128/0x2f0 [ 130.882769][ T144] ? init_wait_entry+0xd0/0xd0 [ 130.887641][ T144] ? __rwlock_init+0x140/0x140 [ 130.892436][ T144] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 130.898433][ T144] ? lock_sock_nested+0x68/0x100 [ 130.903387][ T144] lock_sock_nested+0x9d/0x100 [ 130.908178][ T144] kcm_tx_work+0x2d/0x180 [ 130.912521][ T144] process_one_work+0x85f/0x1010 [ 130.917478][ T144] ? worker_detach_from_pool+0x240/0x240 [ 130.923122][ T144] ? lockdep_hardirqs_off+0x70/0x100 [ 130.928429][ T144] ? _raw_spin_lock_irq+0xb7/0xf0 [ 130.933552][ T144] ? _raw_spin_lock_irqsave+0x100/0x100 [ 130.939199][ T144] ? wq_worker_running+0x97/0x170 [ 130.944237][ T144] worker_thread+0xaa6/0x1290 [ 130.948931][ T144] ? lockdep_hardirqs_on+0x94/0x140 [ 130.954144][ T144] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 130.960061][ T144] kthread+0x436/0x520 [ 130.964145][ T144] ? rcu_lock_release+0x20/0x20 [ 130.969016][ T144] ? kthread_blkcg+0xd0/0xd0 [ 130.973623][ T144] ret_from_fork+0x1f/0x30 [ 130.978064][ T144] [ 130.981098][ T144] [ 130.983429][ T144] Allocated by task 5073: [ 130.987759][ T144] __kasan_slab_alloc+0x9c/0xd0 [ 130.992648][ T144] slab_post_alloc_hook+0x4c/0x380 [ 130.997796][ T144] kmem_cache_alloc+0x100/0x290 [ 131.002655][ T144] sk_prot_alloc+0x57/0x210 [ 131.007169][ T144] sk_alloc+0x2f/0x310 [ 131.011246][ T144] kcm_ioctl+0x20f/0x1090 [ 131.015585][ T144] sock_do_ioctl+0xfb/0x320 [ 131.020097][ T144] sock_ioctl+0x4d2/0x710 [ 131.024440][ T144] __se_sys_ioctl+0xfa/0x170 [ 131.029079][ T144] do_syscall_64+0x4c/0xa0 [ 131.033510][ T144] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 131.039419][ T144] [ 131.041751][ T144] Freed by task 5074: [ 131.045733][ T144] kasan_set_track+0x4b/0x70 [ 131.050336][ T144] kasan_set_free_info+0x1f/0x40 [ 131.055289][ T144] ____kasan_slab_free+0xd5/0x110 [ 131.060329][ T144] slab_free_freelist_hook+0xea/0x170 [ 131.065801][ T144] kmem_cache_free+0x8f/0x210 [ 131.070486][ T144] __sk_destruct+0x569/0x840 [ 131.075108][ T144] kcm_release+0x51a/0x5b0 [ 131.079544][ T144] sock_close+0xd5/0x240 [ 131.083796][ T144] __fput+0x234/0x930 [ 131.087791][ T144] task_work_run+0x125/0x1a0 [ 131.092386][ T144] exit_to_user_mode_loop+0x10f/0x130 [ 131.097764][ T144] exit_to_user_mode_prepare+0xee/0x180 [ 131.103318][ T144] syscall_exit_to_user_mode+0x16/0x40 [ 131.108789][ T144] do_syscall_64+0x58/0xa0 [ 131.113218][ T144] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 131.119120][ T144] [ 131.121456][ T144] Last potentially related work creation: [ 131.127395][ T144] kasan_save_stack+0x35/0x60 [ 131.133090][ T144] kasan_record_aux_stack+0xb8/0x100 [ 131.138585][ T144] insert_work+0x54/0x3d0 [ 131.143021][ T144] __queue_work+0x9c5/0xd50 [ 131.147540][ T144] queue_work_on+0x124/0x1f0 [ 131.152146][ T144] kcm_unattach+0x85e/0xe80 [ 131.156667][ T144] kcm_ioctl+0x7c0/0x1090 [ 131.161021][ T144] sock_do_ioctl+0xfb/0x320 [ 131.165777][ T144] sock_ioctl+0x4d2/0x710 [ 131.170136][ T144] __se_sys_ioctl+0xfa/0x170 [ 131.174764][ T144] do_syscall_64+0x4c/0xa0 [ 131.179459][ T144] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 131.185371][ T144] [ 131.188484][ T144] Second to last potentially related work creation: [ 131.195077][ T144] kasan_save_stack+0x35/0x60 [ 131.199856][ T144] kasan_record_aux_stack+0xb8/0x100 [ 131.205159][ T144] insert_work+0x54/0x3d0 [ 131.209520][ T144] __queue_work+0x9c5/0xd50 [ 131.214196][ T144] queue_work_on+0x124/0x1f0 [ 131.218831][ T144] kcm_ioctl+0xee0/0x1090 [ 131.223182][ T144] sock_do_ioctl+0xfb/0x320 [ 131.227710][ T144] sock_ioctl+0x4d2/0x710 [ 131.232050][ T144] __se_sys_ioctl+0xfa/0x170 [ 131.236673][ T144] do_syscall_64+0x4c/0xa0 [ 131.241322][ T144] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 131.247324][ T144] [ 131.249773][ T144] The buggy address belongs to the object at ffff88807b762580 [ 131.249773][ T144] which belongs to the cache KCM of size 1736 [ 131.263667][ T144] The buggy address is located 160 bytes inside of [ 131.263667][ T144] 1736-byte region [ffff88807b762580, ffff88807b762c48) [ 131.277073][ T144] The buggy address belongs to the page: [ 131.282722][ T144] page:ffffea0001edd800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b760 [ 131.292890][ T144] head:ffffea0001edd800 order:3 compound_mapcount:0 compound_pincount:0 [ 131.301234][ T144] memcg:ffff888026ae4901 [ 131.305483][ T144] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 131.313480][ T144] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff88802c690000 [ 131.322075][ T144] raw: 0000000000000000 0000000080110011 00000001ffffffff ffff888026ae4901 [ 131.330677][ T144] page dumped because: kasan: bad access detected [ 131.337110][ T144] page_owner tracks the page as allocated [ 131.342835][ T144] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5056, ts 127195870820, free_ts 126738297561 [ 131.364223][ T144] get_page_from_freelist+0x1bbd/0x1ca0 [ 131.369804][ T144] __alloc_pages+0x1ee/0x480 [ 131.374412][ T144] new_slab+0xc0/0x4b0 [ 131.378512][ T144] ___slab_alloc+0x80a/0xdd0 [ 131.383130][ T144] kmem_cache_alloc+0x195/0x290 [ 131.388010][ T144] sk_prot_alloc+0x57/0x210 [ 131.392545][ T144] sk_alloc+0x2f/0x310 [ 131.396640][ T144] kcm_create+0xfc/0x570 [ 131.400905][ T144] __sock_create+0x47b/0x900 [ 131.405513][ T144] __sys_socket+0xe2/0x170 [ 131.409940][ T144] __x64_sys_socket+0x76/0x80 [ 131.414640][ T144] do_syscall_64+0x4c/0xa0 [ 131.419071][ T144] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 131.424980][ T144] page last free stack trace: [ 131.429662][ T144] free_unref_page_prepare+0x637/0x6c0 [ 131.435134][ T144] free_unref_page+0x8f/0x2a0 [ 131.439826][ T144] free_nonslab_page+0xe2/0x150 [ 131.444692][ T144] device_release+0x92/0x1c0 [ 131.449386][ T144] kobject_put+0x21d/0x460 [ 131.453987][ T144] netdev_run_todo+0x8f4/0xa70 [ 131.458885][ T144] default_device_exit_batch+0x369/0x3c0 [ 131.464655][ T144] cleanup_net+0x791/0xba0 [ 131.469099][ T144] process_one_work+0x85f/0x1010 [ 131.474059][ T144] worker_thread+0xaa6/0x1290 [ 131.478757][ T144] kthread+0x436/0x520 [ 131.482839][ T144] ret_from_fork+0x1f/0x30 [ 131.487573][ T144] [ 131.489907][ T144] Memory state around the buggy address: [ 131.495547][ T144] ffff88807b762500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 131.503636][ T144] ffff88807b762580: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 131.511822][ T144] >ffff88807b762600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 131.519914][ T144] ^ [ 131.525054][ T144] ffff88807b762680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 131.533147][ T144] ffff88807b762700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 131.541227][ T144] ================================================================== [ 131.549304][ T144] Disabling lock debugging due to kernel taint [ 131.555490][ T144] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 131.562805][ T144] CPU: 1 PID: 144 Comm: kworker/u4:1 Tainted: G B syzkaller #0 [ 131.571673][ T144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 131.581750][ T144] Workqueue: kkcmd kcm_tx_work [ 131.586550][ T144] Call Trace: [ 131.590282][ T144] [ 131.593238][ T144] dump_stack_lvl+0x188/0x250 [ 131.597985][ T144] ? show_regs_print_info+0x20/0x20 [ 131.603207][ T144] ? load_image+0x400/0x400 [ 131.607740][ T144] panic+0x2e5/0x810 [ 131.611664][ T144] ? bpf_jit_dump+0xd0/0xd0 [ 131.616196][ T144] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 131.622117][ T144] ? _raw_spin_unlock+0x40/0x40 [ 131.626991][ T144] ? __lock_acquire+0x106/0x7d10 [ 131.631953][ T144] check_panic_on_warn+0x80/0xa0 [ 131.636917][ T144] ? __lock_acquire+0x106/0x7d10 [ 131.641879][ T144] end_report+0x6d/0xf0 [ 131.646175][ T144] kasan_report+0x102/0x130 [ 131.650711][ T144] ? __lock_acquire+0x106/0x7d10 [ 131.655676][ T144] __lock_acquire+0x106/0x7d10 [ 131.660576][ T144] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 131.666597][ T144] ? lock_chain_count+0x20/0x20 [ 131.671480][ T144] ? finish_lock_switch+0x12f/0x280 [ 131.676696][ T144] ? finish_lock_switch+0x12f/0x280 [ 131.681910][ T144] ? verify_lock_unused+0x140/0x140 [ 131.687147][ T144] ? finish_task_switch+0x12f/0x640 [ 131.692644][ T144] ? __switch_to_asm+0x34/0x60 [ 131.697424][ T144] ? __schedule+0x11f7/0x43c0 [ 131.702652][ T144] lock_acquire+0x19e/0x400 [ 131.707208][ T144] ? __lock_sock+0x166/0x2b0 [ 131.711832][ T144] ? lockdep_hardirqs_on_prepare+0x770/0x770 [ 131.718136][ T144] ? __local_bh_disable_ip+0x111/0x1a0 [ 131.723718][ T144] ? read_lock_is_recursive+0x10/0x10 [ 131.729365][ T144] ? __local_bh_enable_ip+0x136/0x1c0 [ 131.734987][ T144] ? kthread_data+0x4b/0xc0 [ 131.739516][ T144] ? kthread_data+0x4b/0xc0 [ 131.744047][ T144] ? __lock_sock+0x166/0x2b0 [ 131.748651][ T144] _raw_spin_lock_bh+0x32/0x50 [ 131.753579][ T144] ? __lock_sock+0x166/0x2b0 [ 131.758295][ T144] __lock_sock+0x166/0x2b0 [ 131.762738][ T144] ? sk_page_frag_refill+0x200/0x200 [ 131.768045][ T144] ? do_raw_spin_lock+0x128/0x2f0 [ 131.773085][ T144] ? init_wait_entry+0xd0/0xd0 [ 131.777868][ T144] ? __rwlock_init+0x140/0x140 [ 131.782670][ T144] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 131.788671][ T144] ? lock_sock_nested+0x68/0x100 [ 131.793625][ T144] lock_sock_nested+0x9d/0x100 [ 131.798468][ T144] kcm_tx_work+0x2d/0x180 [ 131.802830][ T144] process_one_work+0x85f/0x1010 [ 131.807793][ T144] ? worker_detach_from_pool+0x240/0x240 [ 131.813445][ T144] ? lockdep_hardirqs_off+0x70/0x100 [ 131.818746][ T144] ? _raw_spin_lock_irq+0xb7/0xf0 [ 131.823787][ T144] ? _raw_spin_lock_irqsave+0x100/0x100 [ 131.829341][ T144] ? wq_worker_running+0x97/0x170 [ 131.834382][ T144] worker_thread+0xaa6/0x1290 [ 131.839099][ T144] ? lockdep_hardirqs_on+0x94/0x140 [ 131.844316][ T144] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 131.850224][ T144] kthread+0x436/0x520 [ 131.854306][ T144] ? rcu_lock_release+0x20/0x20 [ 131.859175][ T144] ? kthread_blkcg+0xd0/0xd0 [ 131.863777][ T144] ret_from_fork+0x1f/0x30 [ 131.868223][ T144] [ 131.871492][ T144] Kernel Offset: disabled [ 131.875846][ T144] Rebooting in 86400 seconds..