Warning: Permanently added '10.128.0.133' (ED25519) to the list of known hosts. 2026/01/19 15:13:37 parsed 1 programs [ 57.361070][ T1886] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 58.425671][ T1906] chnl_net:caif_netlink_parms(): no params data found [ 59.422238][ T1906] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.011508][ T530] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 60.019806][ T530] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 60.029170][ T1906] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.036856][ T24] Bluetooth: hci0: command 0x0409 tx timeout 2026/01/19 15:13:41 executed programs: 0 [ 61.544912][ T530] bond0 (unregistering): Released all slaves [ 61.651002][ T2375] chnl_net:caif_netlink_parms(): no params data found [ 61.741428][ T2371] chnl_net:caif_netlink_parms(): no params data found [ 61.750052][ T2368] chnl_net:caif_netlink_parms(): no params data found [ 61.787734][ T2366] chnl_net:caif_netlink_parms(): no params data found [ 61.822201][ T2382] chnl_net:caif_netlink_parms(): no params data found [ 63.233395][ T7] Bluetooth: hci4: command 0x0409 tx timeout [ 63.243469][ T24] Bluetooth: hci1: command 0x0409 tx timeout [ 63.253400][ T24] Bluetooth: hci0: command 0x0409 tx timeout [ 63.273646][ T24] Bluetooth: hci3: command 0x0409 tx timeout [ 63.288121][ T24] Bluetooth: hci2: command 0x0409 tx timeout [ 65.313462][ T7] Bluetooth: hci4: command 0x041b tx timeout [ 65.323577][ T24] Bluetooth: hci2: command 0x041b tx timeout [ 65.329843][ T24] Bluetooth: hci3: command 0x041b tx timeout [ 65.348929][ T24] Bluetooth: hci0: command 0x041b tx timeout [ 65.373314][ T24] Bluetooth: hci1: command 0x041b tx timeout [ 65.822341][ T2371] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.832521][ T2368] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.890151][ T2382] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.914431][ T2375] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.949146][ T2366] 8021q: adding VLAN 0 to HW filter on device bond0 [ 67.403562][ T24] Bluetooth: hci1: command 0x040f tx timeout [ 67.414110][ T24] Bluetooth: hci0: command 0x040f tx timeout [ 67.421200][ T24] Bluetooth: hci3: command 0x040f tx timeout [ 67.441656][ T24] Bluetooth: hci2: command 0x040f tx timeout [ 67.453482][ T24] Bluetooth: hci4: command 0x040f tx timeout [ 68.462945][ T2368] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 68.470609][ T123] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 68.478215][ T123] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 68.520991][ T135] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 68.528511][ T135] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 68.538426][ T2371] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 68.556390][ T2382] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 68.567588][ T135] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 68.575140][ T135] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 68.699672][ T2366] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 68.706905][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 68.714593][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 68.759132][ T2392] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 68.767120][ T2392] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 68.782901][ T2375] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 69.475611][ T24] Bluetooth: hci4: command 0x0419 tx timeout [ 69.484010][ T24] Bluetooth: hci2: command 0x0419 tx timeout [ 69.509626][ T24] Bluetooth: hci3: command 0x0419 tx timeout [ 69.523519][ T24] Bluetooth: hci0: command 0x0419 tx timeout [ 69.537379][ T24] Bluetooth: hci1: command 0x0419 tx timeout 2026/01/19 15:13:54 executed programs: 10 [ 77.913509][ T530] ================================================================== [ 77.921692][ T530] BUG: KASAN: use-after-free in __lock_acquire.constprop.0+0xabd/0xb30 [ 77.930458][ T530] Read of size 8 at addr ffff888110aec1e8 by task kworker/u4:4/530 [ 77.938358][ T530] [ 77.940672][ T530] CPU: 1 PID: 530 Comm: kworker/u4:4 Not tainted syzkaller #0 [ 77.948319][ T530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 77.958458][ T530] Workqueue: kkcmd kcm_tx_work [ 77.963219][ T530] Call Trace: [ 77.966487][ T530] [ 77.969416][ T530] dump_stack_lvl+0x41/0x5e [ 77.973907][ T530] print_address_description.constprop.0.cold+0x6c/0x309 [ 77.981005][ T530] ? __lock_acquire.constprop.0+0xabd/0xb30 [ 77.986973][ T530] ? __lock_acquire.constprop.0+0xabd/0xb30 [ 77.993133][ T530] kasan_report.cold+0x83/0xdf [ 77.997966][ T530] ? __lock_acquire.constprop.0+0xabd/0xb30 [ 78.004141][ T530] __lock_acquire.constprop.0+0xabd/0xb30 [ 78.010010][ T530] ? io_schedule_timeout+0x140/0x140 [ 78.015476][ T530] lock_acquire+0x11a/0x230 [ 78.020058][ T530] ? __lock_sock+0x11c/0x1a0 [ 78.024720][ T530] _raw_spin_lock_bh+0x2b/0x40 [ 78.029465][ T530] ? __lock_sock+0x11c/0x1a0 [ 78.034035][ T530] __lock_sock+0x11c/0x1a0 [ 78.038760][ T530] ? sock_omalloc+0x150/0x150 [ 78.043522][ T530] ? finish_wait+0x230/0x230 [ 78.048269][ T530] ? lock_acquire+0x11a/0x230 [ 78.052928][ T530] ? kcm_tx_work+0x1c/0x140 [ 78.057503][ T530] lock_sock_nested+0x9d/0xc0 [ 78.062164][ T530] kcm_tx_work+0x1c/0x140 [ 78.066619][ T530] process_one_work+0x800/0x11a0 [ 78.071553][ T530] ? mod_delayed_work_on+0x280/0x280 [ 78.076824][ T530] ? rwlock_bug.part.0+0x90/0x90 [ 78.081831][ T530] ? lock_acquire+0x11a/0x230 [ 78.086486][ T530] worker_thread+0x4a0/0xdd0 [ 78.091057][ T530] ? __kthread_parkme+0x92/0x120 [ 78.096069][ T530] ? rescuer_thread+0xb30/0xb30 [ 78.101118][ T530] kthread+0x2f8/0x3b0 [ 78.105277][ T530] ? set_kthread_struct+0x100/0x100 [ 78.110453][ T530] ret_from_fork+0x1f/0x30 [ 78.114864][ T530] [ 78.118068][ T530] [ 78.120383][ T530] Allocated by task 4488: [ 78.124706][ T530] kasan_save_stack+0x1b/0x40 [ 78.129645][ T530] __kasan_slab_alloc+0x61/0x80 [ 78.134482][ T530] kmem_cache_alloc+0x211/0x310 [ 78.139398][ T530] sk_prot_alloc+0x51/0x200 [ 78.143972][ T530] sk_alloc+0x27/0x560 [ 78.148021][ T530] kcm_ioctl+0x628/0x1130 [ 78.152534][ T530] sock_do_ioctl+0xc9/0x1c0 [ 78.157198][ T530] sock_ioctl+0x278/0x4f0 [ 78.161505][ T530] __x64_sys_ioctl+0x11f/0x190 [ 78.166350][ T530] do_syscall_64+0x33/0x80 [ 78.170747][ T530] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 78.176794][ T530] [ 78.179117][ T530] Freed by task 4489: [ 78.183122][ T530] kasan_save_stack+0x1b/0x40 [ 78.187799][ T530] kasan_set_track+0x1c/0x30 [ 78.192563][ T530] kasan_set_free_info+0x20/0x30 [ 78.197499][ T530] __kasan_slab_free+0xe0/0x110 [ 78.202422][ T530] kmem_cache_free+0x7e/0x450 [ 78.207171][ T530] __sk_destruct+0x40d/0x5c0 [ 78.211918][ T530] kcm_release+0x431/0x790 [ 78.216319][ T530] __sock_release+0xbb/0x270 [ 78.221102][ T530] sock_close+0xf/0x20 [ 78.225154][ T530] __fput+0x1b4/0x8e0 [ 78.229119][ T530] task_work_run+0xb8/0x140 [ 78.233606][ T530] exit_to_user_mode_prepare+0x195/0x1a0 [ 78.239237][ T530] syscall_exit_to_user_mode+0x12/0x30 [ 78.245063][ T530] do_syscall_64+0x40/0x80 [ 78.249465][ T530] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 78.255343][ T530] [ 78.257653][ T530] Last potentially related work creation: [ 78.263434][ T530] kasan_save_stack+0x1b/0x40 [ 78.268093][ T530] kasan_record_aux_stack+0xc5/0xf0 [ 78.273379][ T530] insert_work+0x45/0x380 [ 78.277874][ T530] __queue_work+0x520/0xbd0 [ 78.282444][ T530] queue_work_on+0x52/0x70 [ 78.286965][ T530] kcm_unattach+0xad5/0x1250 [ 78.291732][ T530] kcm_ioctl+0x83a/0x1130 [ 78.296052][ T530] sock_do_ioctl+0xc9/0x1c0 [ 78.300539][ T530] sock_ioctl+0x278/0x4f0 [ 78.304851][ T530] __x64_sys_ioctl+0x11f/0x190 [ 78.309597][ T530] do_syscall_64+0x33/0x80 [ 78.313993][ T530] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 78.319931][ T530] [ 78.322242][ T530] Second to last potentially related work creation: [ 78.328805][ T530] kasan_save_stack+0x1b/0x40 [ 78.333471][ T530] kasan_record_aux_stack+0xc5/0xf0 [ 78.338649][ T530] insert_work+0x45/0x380 [ 78.342976][ T530] __queue_work+0x520/0xbd0 [ 78.347459][ T530] queue_work_on+0x52/0x70 [ 78.351859][ T530] kcm_ioctl+0xc5a/0x1130 [ 78.356169][ T530] sock_do_ioctl+0xc9/0x1c0 [ 78.360659][ T530] sock_ioctl+0x278/0x4f0 [ 78.364971][ T530] __x64_sys_ioctl+0x11f/0x190 [ 78.370048][ T530] do_syscall_64+0x33/0x80 [ 78.374534][ T530] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 78.380582][ T530] [ 78.382917][ T530] The buggy address belongs to the object at ffff888110aec140 [ 78.382917][ T530] which belongs to the cache KCM of size 1728 [ 78.396639][ T530] The buggy address is located 168 bytes inside of [ 78.396639][ T530] 1728-byte region [ffff888110aec140, ffff888110aec800) [ 78.410150][ T530] The buggy address belongs to the page: [ 78.415759][ T530] page:ffffea000442ba00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x110ae8 [ 78.425971][ T530] head:ffffea000442ba00 order:3 compound_mapcount:0 compound_pincount:0 [ 78.434378][ T530] memcg:ffff888118bd9e01 [ 78.438685][ T530] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 78.445258][ T530] raw: 0200000000010200 0000000000000000 dead000000000122 ffff88810e17a280 [ 78.454096][ T530] raw: 0000000000000000 0000000080110011 00000001ffffffff ffff888118bd9e01 [ 78.462744][ T530] page dumped because: kasan: bad access detected [ 78.469145][ T530] page_owner tracks the page as allocated [ 78.475016][ T530] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 4450, ts 76273849330, free_ts 76224994167 [ 78.496008][ T530] get_page_from_freelist+0x141f/0x3a80 [ 78.501628][ T530] __alloc_pages+0x1b2/0x420 [ 78.506201][ T530] allocate_slab+0x2eb/0x430 [ 78.511068][ T530] ___slab_alloc+0xb1c/0xf80 [ 78.515638][ T530] kmem_cache_alloc+0x2d7/0x310 [ 78.520472][ T530] sk_prot_alloc+0x51/0x200 [ 78.525050][ T530] sk_alloc+0x27/0x560 [ 78.529281][ T530] kcm_ioctl+0x628/0x1130 [ 78.533696][ T530] sock_do_ioctl+0xc9/0x1c0 [ 78.538372][ T530] sock_ioctl+0x278/0x4f0 [ 78.542687][ T530] __x64_sys_ioctl+0x11f/0x190 [ 78.547449][ T530] do_syscall_64+0x33/0x80 [ 78.552060][ T530] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 78.558428][ T530] page last free stack trace: [ 78.563179][ T530] free_pcp_prepare+0x34e/0x730 [ 78.568074][ T530] free_unref_page+0x19/0x4b0 [ 78.572727][ T530] __unfreeze_partials+0x27d/0x2a0 [ 78.577823][ T530] qlist_free_all+0x68/0x110 [ 78.582392][ T530] kasan_quarantine_reduce+0x180/0x1f0 [ 78.588013][ T530] __kasan_slab_alloc+0x73/0x80 [ 78.592856][ T530] __kmalloc+0x228/0x2f0 [ 78.597161][ T530] tomoyo_realpath_from_path+0xb0/0x6d0 [ 78.602687][ T530] tomoyo_path2_perm+0x29f/0x560 [ 78.607602][ T530] tomoyo_path_rename+0xc1/0x150 [ 78.612517][ T530] security_path_rename+0xeb/0x270 [ 78.617607][ T530] do_renameat2+0x4c8/0xa20 [ 78.622308][ T530] __x64_sys_rename+0x78/0x90 [ 78.627225][ T530] do_syscall_64+0x33/0x80 [ 78.631710][ T530] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 78.637602][ T530] [ 78.639927][ T530] Memory state around the buggy address: [ 78.645630][ T530] ffff888110aec080: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 78.653672][ T530] ffff888110aec100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 78.661848][ T530] >ffff888110aec180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 78.670069][ T530] ^ [ 78.677591][ T530] ffff888110aec200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 78.685892][ T530] ffff888110aec280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 78.694251][ T530] ================================================================== [ 78.702394][ T530] Disabling lock debugging due to kernel taint [ 78.708534][ T530] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 78.716321][ T530] Kernel Offset: disabled [ 78.720718][ T530] Rebooting in 86400 seconds..