Warning: Permanently added '10.128.1.99' (ED25519) to the list of known hosts.
2026/05/20 07:31:44 parsed 1 programs
[ 110.457880][ T4635] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 113.868139][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.881929][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 113.890654][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 113.915233][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.923439][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 113.931099][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 114.250517][ T155] ODEBUG: Out of memory. ODEBUG disabled
[ 114.535597][ T4695] chnl_net:caif_netlink_parms(): no params data found
[ 114.613122][ T4695] bridge0: port 1(bridge_slave_0) entered blocking state
[ 114.620451][ T4695] bridge0: port 1(bridge_slave_0) entered disabled state
[ 114.628622][ T4695] device bridge_slave_0 entered promiscuous mode
[ 114.636835][ T4695] bridge0: port 2(bridge_slave_1) entered blocking state
[ 114.644332][ T4695] bridge0: port 2(bridge_slave_1) entered disabled state
[ 114.652235][ T4695] device bridge_slave_1 entered promiscuous mode
[ 114.673624][ T4695] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 114.685149][ T4695] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 114.708781][ T4695] team0: Port device team_slave_0 added
[ 114.716573][ T4695] team0: Port device team_slave_1 added
[ 114.735937][ T4695] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 114.742930][ T4695] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 114.769444][ T4695] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 114.781583][ T4695] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 114.788648][ T4695] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 114.814937][ T4695] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 114.845677][ T4695] device hsr_slave_0 entered promiscuous mode
[ 114.852786][ T4695] device hsr_slave_1 entered promiscuous mode
[ 115.396979][ T4695] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 115.408542][ T4695] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 115.418577][ T4695] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 115.428785][ T4695] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 115.552959][ T4695] 8021q: adding VLAN 0 to HW filter on device bond0
[ 115.569647][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 115.579283][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 115.592520][ T4695] 8021q: adding VLAN 0 to HW filter on device team0
[ 115.607814][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 115.618347][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 115.628534][ T1232] bridge0: port 1(bridge_slave_0) entered blocking state
[ 115.635689][ T1232] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 115.645899][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 115.655224][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 115.665914][ T1232] bridge0: port 2(bridge_slave_1) entered blocking state
[ 115.673154][ T1232] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 115.695915][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 115.706509][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 115.717019][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 115.727424][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 115.739857][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 115.749407][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 115.759942][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 115.769353][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 115.787572][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 115.797826][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 115.806986][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 115.818878][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 115.829621][ T4695] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 116.003623][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 116.011191][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 116.026297][ T4695] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 116.048649][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 116.059189][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 116.096016][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 116.105659][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 116.116332][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 116.125082][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 116.138770][ T4695] device veth0_vlan entered promiscuous mode
[ 116.174147][ T4695] device veth1_vlan entered promiscuous mode
[ 116.212968][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 116.225828][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 116.234421][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 116.244501][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 116.259039][ T4695] device veth0_macvtap entered promiscuous mode
[ 116.325146][ T4695] device veth1_macvtap entered promiscuous mode
[ 116.347339][ T4695] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 116.356071][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 116.365756][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 116.376344][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 116.385554][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 116.399935][ T4695] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 116.408430][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 116.418173][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 116.431012][ T4695] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 116.441929][ T4695] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 116.451069][ T4695] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 116.460654][ T4695] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2026/05/20 07:31:55 executed programs: 0
[ 117.511347][ T4795] chnl_net:caif_netlink_parms(): no params data found
[ 117.605928][ T4795] bridge0: port 1(bridge_slave_0) entered blocking state
[ 117.615178][ T4795] bridge0: port 1(bridge_slave_0) entered disabled state
[ 117.623948][ T4795] device bridge_slave_0 entered promiscuous mode
[ 117.632586][ T4795] bridge0: port 2(bridge_slave_1) entered blocking state
[ 117.640756][ T4795] bridge0: port 2(bridge_slave_1) entered disabled state
[ 117.649262][ T4795] device bridge_slave_1 entered promiscuous mode
[ 117.686412][ T4795] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 117.701785][ T4795] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 117.737134][ T4795] team0: Port device team_slave_0 added
[ 117.756976][ T4795] team0: Port device team_slave_1 added
[ 117.815085][ T4795] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 117.822086][ T4795] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 117.883187][ T4795] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 117.909193][ T4795] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 117.923076][ T4795] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 117.973175][ T4795] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 118.035140][ T4795] device hsr_slave_0 entered promiscuous mode
[ 118.042303][ T4795] device hsr_slave_1 entered promiscuous mode
[ 118.066197][ T4795] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 118.074005][ T4795] Cannot create hsr debugfs directory
[ 118.198306][ T4795] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 119.443467][ T4845] Bluetooth: hci0: command 0x0409 tx timeout
[ 120.812933][ T4795] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 120.859876][ T4795] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 120.944256][ T4795] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 121.140100][ T4795] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 121.150711][ T4795] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 121.162748][ T4795] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 121.182882][ T4795] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 121.258917][ T4795] 8021q: adding VLAN 0 to HW filter on device bond0
[ 121.286366][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 121.296799][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 121.308668][ T4795] 8021q: adding VLAN 0 to HW filter on device team0
[ 121.321915][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 121.331330][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 121.343723][ T9] bridge0: port 1(bridge_slave_0) entered blocking state
[ 121.351002][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 121.386287][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 121.395726][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 121.406063][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 121.417259][ T9] bridge0: port 2(bridge_slave_1) entered blocking state
[ 121.424586][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 121.434449][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 121.446150][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 121.456371][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 121.468113][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 121.478299][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 121.501822][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 121.514001][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 121.517094][ T4703] Bluetooth: hci0: command 0x041b tx timeout
[ 121.532172][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 121.544156][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 121.555677][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 121.566855][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 121.578000][ T4795] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 121.647406][ T155] device hsr_slave_0 left promiscuous mode
[ 121.656418][ T155] device hsr_slave_1 left promiscuous mode
[ 121.662871][ T155] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 121.674662][ T155] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 121.682562][ T155] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 121.691726][ T155] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 121.700992][ T155] device bridge_slave_1 left promiscuous mode
[ 121.708976][ T155] bridge0: port 2(bridge_slave_1) entered disabled state
[ 121.719447][ T155] device bridge_slave_0 left promiscuous mode
[ 121.727968][ T155] bridge0: port 1(bridge_slave_0) entered disabled state
[ 121.742210][ T155] device veth1_macvtap left promiscuous mode
[ 121.749517][ T155] device veth0_macvtap left promiscuous mode
[ 121.757141][ T155] device veth1_vlan left promiscuous mode
[ 121.762959][ T155] device veth0_vlan left promiscuous mode
[ 121.980944][ T155] team0 (unregistering): Port device team_slave_1 removed
[ 121.998347][ T155] team0 (unregistering): Port device team_slave_0 removed
[ 122.016637][ T155] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 122.035024][ T155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 122.091236][ T155] bond0 (unregistering): Released all slaves
[ 122.197206][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 122.205133][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 122.225916][ T4795] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 122.247665][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 122.259594][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 122.279907][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 122.292063][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 122.304006][ T4795] device veth0_vlan entered promiscuous mode
[ 122.339976][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 122.351216][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 122.361850][ T4795] device veth1_vlan entered promiscuous mode
[ 122.389287][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 122.402252][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 122.416080][ T4795] device veth0_macvtap entered promiscuous mode
[ 122.433425][ T4795] device veth1_macvtap entered promiscuous mode
[ 122.450910][ T4795] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 122.461388][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 122.472304][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 122.483430][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 122.492324][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 122.506712][ T4795] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 122.517747][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 122.527392][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 122.541148][ T4795] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 122.551330][ T4795] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 122.565924][ T4795] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 122.576035][ T4795] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 122.645016][ T1232] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 122.652919][ T1232] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 122.677248][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 122.693527][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 122.701396][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 122.711441][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2026/05/20 07:32:01 executed programs: 2
[ 123.593448][ T4703] Bluetooth: hci0: command 0x040f tx timeout
[ 124.532006][ T1232] ==================================================================
[ 124.540351][ T1232] BUG: KASAN: use-after-free in release_sock+0x133/0x1b0
[ 124.547512][ T1232] Read of size 8 at addr ffff88807b6d1010 by task kworker/u4:5/1232
[ 124.555698][ T1232]
[ 124.558056][ T1232] CPU: 1 PID: 1232 Comm: kworker/u4:5 Not tainted syzkaller #0
[ 124.565887][ T1232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 124.576066][ T1232] Workqueue: kkcmd kcm_tx_work
[ 124.580874][ T1232] Call Trace:
[ 124.584176][ T1232]
[ 124.587231][ T1232] dump_stack_lvl+0x188/0x250
[ 124.591930][ T1232] ? show_regs_print_info+0x20/0x20
[ 124.597149][ T1232] ? _printk+0xda/0x130
[ 124.601331][ T1232] ? release_sock+0x133/0x1b0
[ 124.606062][ T1232] ? load_image+0x400/0x400
[ 124.610612][ T1232] print_address_description+0x60/0x2d0
[ 124.616180][ T1232] ? release_sock+0x133/0x1b0
[ 124.621032][ T1232] kasan_report+0xdf/0x130
[ 124.625481][ T1232] ? release_sock+0x133/0x1b0
[ 124.630189][ T1232] release_sock+0x133/0x1b0
[ 124.634715][ T1232] process_one_work+0x85f/0x1010
[ 124.639692][ T1232] ? worker_detach_from_pool+0x240/0x240
[ 124.645501][ T1232] ? lockdep_hardirqs_off+0x70/0x100
[ 124.650914][ T1232] ? _raw_spin_lock_irq+0xb7/0xf0
[ 124.655968][ T1232] ? _raw_spin_lock_irqsave+0x100/0x100
[ 124.661531][ T1232] ? wq_worker_running+0x97/0x170
[ 124.666576][ T1232] worker_thread+0xaa6/0x1290
[ 124.671273][ T1232] ? lockdep_hardirqs_on+0x94/0x140
[ 124.676521][ T1232] ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 124.682435][ T1232] kthread+0x436/0x520
[ 124.686523][ T1232] ? rcu_lock_release+0x20/0x20
[ 124.691416][ T1232] ? kthread_blkcg+0xd0/0xd0
[ 124.696116][ T1232] ret_from_fork+0x1f/0x30
[ 124.700551][ T1232]
[ 124.703610][ T1232]
[ 124.705959][ T1232] Allocated by task 5080:
[ 124.710300][ T1232] __kasan_slab_alloc+0x9c/0xd0
[ 124.715161][ T1232] slab_post_alloc_hook+0x4c/0x380
[ 124.720274][ T1232] kmem_cache_alloc+0x100/0x290
[ 124.725220][ T1232] sk_prot_alloc+0x57/0x210
[ 124.729751][ T1232] sk_alloc+0x2f/0x310
[ 124.733907][ T1232] kcm_ioctl+0x20f/0x1090
[ 124.738275][ T1232] sock_do_ioctl+0xfb/0x320
[ 124.742799][ T1232] sock_ioctl+0x4d2/0x710
[ 124.747141][ T1232] __se_sys_ioctl+0xfa/0x170
[ 124.751823][ T1232] do_syscall_64+0x4c/0xa0
[ 124.756348][ T1232] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 124.762439][ T1232]
[ 124.764771][ T1232] Freed by task 5081:
[ 124.768770][ T1232] kasan_set_track+0x4b/0x70
[ 124.773376][ T1232] kasan_set_free_info+0x1f/0x40
[ 124.778475][ T1232] ____kasan_slab_free+0xd5/0x110
[ 124.783570][ T1232] slab_free_freelist_hook+0xea/0x170
[ 124.788979][ T1232] kmem_cache_free+0x8f/0x210
[ 124.793748][ T1232] __sk_destruct+0x569/0x840
[ 124.798355][ T1232] kcm_release+0x51a/0x5b0
[ 124.802798][ T1232] sock_close+0xd5/0x240
[ 124.807067][ T1232] __fput+0x234/0x930
[ 124.811063][ T1232] task_work_run+0x125/0x1a0
[ 124.815689][ T1232] exit_to_user_mode_loop+0x10f/0x130
[ 124.821462][ T1232] exit_to_user_mode_prepare+0xee/0x180
[ 124.827031][ T1232] syscall_exit_to_user_mode+0x16/0x40
[ 124.832520][ T1232] do_syscall_64+0x58/0xa0
[ 124.836949][ T1232] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 124.842853][ T1232]
[ 124.845190][ T1232] Last potentially related work creation:
[ 124.851039][ T1232] kasan_save_stack+0x35/0x60
[ 124.855759][ T1232] kasan_record_aux_stack+0xb8/0x100
[ 124.861267][ T1232] insert_work+0x54/0x3d0
[ 124.865620][ T1232] __queue_work+0x9c5/0xd50
[ 124.870159][ T1232] queue_work_on+0x124/0x1f0
[ 124.874829][ T1232] kcm_unattach+0x85e/0xe80
[ 124.879371][ T1232] kcm_ioctl+0x7c0/0x1090
[ 124.883731][ T1232] sock_do_ioctl+0xfb/0x320
[ 124.888260][ T1232] sock_ioctl+0x4d2/0x710
[ 124.892610][ T1232] __se_sys_ioctl+0xfa/0x170
[ 124.897329][ T1232] do_syscall_64+0x4c/0xa0
[ 124.901799][ T1232] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 124.907784][ T1232]
[ 124.910109][ T1232] Second to last potentially related work creation:
[ 124.916691][ T1232] kasan_save_stack+0x35/0x60
[ 124.921381][ T1232] kasan_record_aux_stack+0xb8/0x100
[ 124.926679][ T1232] insert_work+0x54/0x3d0
[ 124.931033][ T1232] __queue_work+0x9c5/0xd50
[ 124.935549][ T1232] queue_work_on+0x124/0x1f0
[ 124.940187][ T1232] kcm_ioctl+0xee0/0x1090
[ 124.944558][ T1232] sock_do_ioctl+0xfb/0x320
[ 124.949088][ T1232] sock_ioctl+0x4d2/0x710
[ 124.953430][ T1232] __se_sys_ioctl+0xfa/0x170
[ 124.958026][ T1232] do_syscall_64+0x4c/0xa0
[ 124.962456][ T1232] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 124.968364][ T1232]
[ 124.970686][ T1232] The buggy address belongs to the object at ffff88807b6d0f00
[ 124.970686][ T1232] which belongs to the cache KCM of size 1736
[ 124.984137][ T1232] The buggy address is located 272 bytes inside of
[ 124.984137][ T1232] 1736-byte region [ffff88807b6d0f00, ffff88807b6d15c8)
[ 124.997543][ T1232] The buggy address belongs to the page:
[ 125.003212][ T1232] page:ffffea0001edb400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b6d0
[ 125.013478][ T1232] head:ffffea0001edb400 order:3 compound_mapcount:0 compound_pincount:0
[ 125.021803][ T1232] memcg:ffff888074c90201
[ 125.026050][ T1232] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 125.034237][ T1232] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff88802a118500
[ 125.042912][ T1232] raw: 0000000000000000 0000000080110011 00000001ffffffff ffff888074c90201
[ 125.051580][ T1232] page dumped because: kasan: bad access detected
[ 125.058132][ T1232] page_owner tracks the page as allocated
[ 125.063869][ T1232] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5051, ts 122847732767, free_ts 122815905607
[ 125.084675][ T1232] get_page_from_freelist+0x1bbd/0x1ca0
[ 125.090290][ T1232] __alloc_pages+0x1ee/0x480
[ 125.094886][ T1232] new_slab+0xc0/0x4b0
[ 125.098956][ T1232] ___slab_alloc+0x80a/0xdd0
[ 125.103550][ T1232] kmem_cache_alloc+0x195/0x290
[ 125.108521][ T1232] sk_prot_alloc+0x57/0x210
[ 125.113051][ T1232] sk_alloc+0x2f/0x310
[ 125.117142][ T1232] kcm_ioctl+0x20f/0x1090
[ 125.121496][ T1232] sock_do_ioctl+0xfb/0x320
[ 125.126007][ T1232] sock_ioctl+0x4d2/0x710
[ 125.130366][ T1232] __se_sys_ioctl+0xfa/0x170
[ 125.134978][ T1232] do_syscall_64+0x4c/0xa0
[ 125.139402][ T1232] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 125.145306][ T1232] page last free stack trace:
[ 125.150001][ T1232] free_unref_page_prepare+0x637/0x6c0
[ 125.155556][ T1232] free_unref_page+0x8f/0x2a0
[ 125.160325][ T1232] __unfreeze_partials+0x1a5/0x200
[ 125.165440][ T1232] put_cpu_partial+0x12d/0x190
[ 125.170226][ T1232] qlist_free_all+0x35/0x90
[ 125.174816][ T1232] kasan_quarantine_reduce+0x150/0x160
[ 125.180303][ T1232] __kasan_slab_alloc+0x2f/0xd0
[ 125.185162][ T1232] slab_post_alloc_hook+0x4c/0x380
[ 125.190321][ T1232] __kmalloc+0x127/0x330
[ 125.194571][ T1232] tomoyo_realpath_from_path+0x118/0x610
[ 125.200240][ T1232] tomoyo_path_perm+0x23f/0x5d0
[ 125.205113][ T1232] security_inode_getattr+0xcf/0x120
[ 125.210622][ T1232] vfs_getattr+0x26/0x3a0
[ 125.215006][ T1232] __x64_sys_newfstat+0x137/0x210
[ 125.220155][ T1232] do_syscall_64+0x4c/0xa0
[ 125.224608][ T1232] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 125.230546][ T1232]
[ 125.232896][ T1232] Memory state around the buggy address:
[ 125.238627][ T1232] ffff88807b6d0f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 125.246703][ T1232] ffff88807b6d0f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 125.254866][ T1232] >ffff88807b6d1000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 125.263047][ T1232] ^
[ 125.267742][ T1232] ffff88807b6d1080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 125.275895][ T1232] ffff88807b6d1100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 125.283976][ T1232] ==================================================================
[ 125.292047][ T1232] Disabling lock debugging due to kernel taint
[ 125.298344][ T1232] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 125.305552][ T1232] CPU: 1 PID: 1232 Comm: kworker/u4:5 Tainted: G B syzkaller #0
[ 125.314507][ T1232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 125.324857][ T1232] Workqueue: kkcmd kcm_tx_work
[ 125.329655][ T1232] Call Trace:
[ 125.332954][ T1232]
[ 125.335907][ T1232] dump_stack_lvl+0x188/0x250
[ 125.340620][ T1232] ? show_regs_print_info+0x20/0x20
[ 125.345938][ T1232] ? load_image+0x400/0x400
[ 125.350462][ T1232] panic+0x2e5/0x810
[ 125.354375][ T1232] ? bpf_jit_dump+0xd0/0xd0
[ 125.358896][ T1232] ? _raw_spin_unlock_irqrestore+0xbc/0x120
[ 125.364799][ T1232] ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 125.370795][ T1232] ? _raw_spin_unlock+0x40/0x40
[ 125.375742][ T1232] ? print_memory_metadata+0x314/0x400
[ 125.381213][ T1232] ? release_sock+0x133/0x1b0
[ 125.385908][ T1232] check_panic_on_warn+0x80/0xa0
[ 125.390858][ T1232] ? release_sock+0x133/0x1b0
[ 125.395545][ T1232] end_report+0x6d/0xf0
[ 125.399719][ T1232] kasan_report+0x102/0x130
[ 125.404235][ T1232] ? release_sock+0x133/0x1b0
[ 125.408935][ T1232] release_sock+0x133/0x1b0
[ 125.413540][ T1232] process_one_work+0x85f/0x1010
[ 125.418501][ T1232] ? worker_detach_from_pool+0x240/0x240
[ 125.424164][ T1232] ? lockdep_hardirqs_off+0x70/0x100
[ 125.429641][ T1232] ? _raw_spin_lock_irq+0xb7/0xf0
[ 125.434683][ T1232] ? _raw_spin_lock_irqsave+0x100/0x100
[ 125.440335][ T1232] ? wq_worker_running+0x97/0x170
[ 125.445375][ T1232] worker_thread+0xaa6/0x1290
[ 125.450156][ T1232] ? lockdep_hardirqs_on+0x94/0x140
[ 125.455461][ T1232] ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 125.461371][ T1232] kthread+0x436/0x520
[ 125.465457][ T1232] ? rcu_lock_release+0x20/0x20
[ 125.470323][ T1232] ? kthread_blkcg+0xd0/0xd0
[ 125.474925][ T1232] ret_from_fork+0x1f/0x30
[ 125.479365][ T1232]
[ 125.482710][ T1232] Kernel Offset: disabled
[ 125.487231][ T1232] Rebooting in 86400 seconds..