Warning: Permanently added '10.128.1.177' (ED25519) to the list of known hosts.
2026/04/22 16:58:07 parsed 1 programs
[ 88.194126][ T4586] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 89.735002][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 89.743021][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 89.751676][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 89.767857][ T1231] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 89.777440][ T1231] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 89.785908][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 90.266006][ T4624] chnl_net:caif_netlink_parms(): no params data found
[ 90.320108][ T4624] bridge0: port 1(bridge_slave_0) entered blocking state
[ 90.327331][ T4624] bridge0: port 1(bridge_slave_0) entered disabled state
[ 90.335674][ T4624] device bridge_slave_0 entered promiscuous mode
[ 90.344417][ T4624] bridge0: port 2(bridge_slave_1) entered blocking state
[ 90.351555][ T4624] bridge0: port 2(bridge_slave_1) entered disabled state
[ 90.360314][ T4624] device bridge_slave_1 entered promiscuous mode
[ 90.385743][ T4624] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 90.398106][ T4624] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 90.425345][ T4624] team0: Port device team_slave_0 added
[ 90.433760][ T4624] team0: Port device team_slave_1 added
[ 90.455295][ T4624] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 90.462675][ T4624] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 90.489410][ T4624] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 90.503975][ T4624] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 90.510962][ T4624] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 90.537799][ T4624] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 90.573509][ T4624] device hsr_slave_0 entered promiscuous mode
[ 90.580628][ T4624] device hsr_slave_1 entered promiscuous mode
[ 91.167863][ T4624] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 91.190050][ T4624] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 91.213980][ T4624] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 91.234634][ T4624] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 91.347668][ T4624] 8021q: adding VLAN 0 to HW filter on device bond0
[ 91.362290][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 91.370682][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 91.381856][ T4624] 8021q: adding VLAN 0 to HW filter on device team0
[ 91.392148][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 91.401310][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 91.410947][ T1231] bridge0: port 1(bridge_slave_0) entered blocking state
[ 91.418083][ T1231] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 91.442247][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 91.489689][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 91.563644][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 91.575632][ T1231] bridge0: port 2(bridge_slave_1) entered blocking state
[ 91.583139][ T1231] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 91.591654][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 91.613263][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 91.623461][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 91.634877][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 91.644084][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 91.654714][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 91.664840][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 91.680481][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 91.692444][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 91.701305][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 91.711831][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 91.722460][ T4624] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 91.836603][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 91.847104][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 91.860420][ T4624] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 91.897731][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 91.908270][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 91.940171][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 91.949610][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 91.961733][ T4624] device veth0_vlan entered promiscuous mode
[ 91.969329][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 91.979133][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 91.991526][ T4624] device veth1_vlan entered promiscuous mode
[ 92.028064][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 92.040024][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 92.049082][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 92.059292][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 92.072126][ T4624] device veth0_macvtap entered promiscuous mode
[ 92.097570][ T4624] device veth1_macvtap entered promiscuous mode
[ 92.115575][ T4624] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 92.122961][ T4676] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 92.134217][ T4676] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 92.142429][ T4676] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 92.152832][ T4676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 92.164519][ T4624] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 92.174947][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 92.184460][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 92.196170][ T4624] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 92.206097][ T4624] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 92.215553][ T4624] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 92.224627][ T4624] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2026/04/22 16:58:15 executed programs: 0
[ 94.466530][ T4792] chnl_net:caif_netlink_parms(): no params data found
[ 94.542396][ T144] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 94.557865][ T4792] bridge0: port 1(bridge_slave_0) entered blocking state
[ 94.568756][ T4792] bridge0: port 1(bridge_slave_0) entered disabled state
[ 94.579900][ T4792] device bridge_slave_0 entered promiscuous mode
[ 94.589124][ T4792] bridge0: port 2(bridge_slave_1) entered blocking state
[ 94.599954][ T4792] bridge0: port 2(bridge_slave_1) entered disabled state
[ 94.608482][ T4792] device bridge_slave_1 entered promiscuous mode
[ 94.639448][ T4792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 94.651167][ T4792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 94.684942][ T4792] team0: Port device team_slave_0 added
[ 94.693806][ T4792] team0: Port device team_slave_1 added
[ 94.717785][ T4792] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 94.724894][ T4792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 94.751631][ T4792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 94.764705][ T4792] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 94.771982][ T4792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 94.799091][ T4792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 94.833876][ T4792] device hsr_slave_0 entered promiscuous mode
[ 94.840971][ T4792] device hsr_slave_1 entered promiscuous mode
[ 94.848249][ T4792] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 94.856399][ T4792] Cannot create hsr debugfs directory
[ 96.263403][ T4246] Bluetooth: hci0: command 0x0409 tx timeout
[ 96.779629][ T144] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 96.831540][ T144] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 96.901205][ T144] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 97.799495][ T4792] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 97.808531][ T4792] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 97.817254][ T4792] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 97.840035][ T4792] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 97.879462][ T4792] 8021q: adding VLAN 0 to HW filter on device bond0
[ 97.895315][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 97.903053][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 97.917204][ T4792] 8021q: adding VLAN 0 to HW filter on device team0
[ 97.926459][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 97.935223][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 97.944280][ T154] bridge0: port 1(bridge_slave_0) entered blocking state
[ 97.951513][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 97.959479][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 97.980103][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 97.989015][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 97.998057][ T154] bridge0: port 2(bridge_slave_1) entered blocking state
[ 98.005281][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 98.018777][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 98.030904][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 98.062852][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 98.071884][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 98.080732][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 98.093335][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 98.102129][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 98.129036][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 98.137509][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 98.148877][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 98.158620][ T1171] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 98.170234][ T4792] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 98.264447][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 98.272020][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 98.287051][ T4792] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 98.298358][ T144] device hsr_slave_0 left promiscuous mode
[ 98.304929][ T144] device hsr_slave_1 left promiscuous mode
[ 98.311265][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 98.319064][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 98.326860][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 98.334473][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 98.342171][ T144] device bridge_slave_1 left promiscuous mode
[ 98.348522][ T5013] Bluetooth: hci0: command 0x041b tx timeout
[ 98.348983][ T144] bridge0: port 2(bridge_slave_1) entered disabled state
[ 98.364356][ T144] device bridge_slave_0 left promiscuous mode
[ 98.370643][ T144] bridge0: port 1(bridge_slave_0) entered disabled state
[ 98.381567][ T144] device veth1_macvtap left promiscuous mode
[ 98.387797][ T144] device veth0_macvtap left promiscuous mode
[ 98.394203][ T144] device veth1_vlan left promiscuous mode
[ 98.400145][ T144] device veth0_vlan left promiscuous mode
[ 98.521984][ T144] team0 (unregistering): Port device team_slave_1 removed
[ 98.534809][ T144] team0 (unregistering): Port device team_slave_0 removed
[ 98.547022][ T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 98.559389][ T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 98.611299][ T144] bond0 (unregistering): Released all slaves
[ 98.684735][ T4792] device veth0_vlan entered promiscuous mode
[ 98.691259][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 98.700186][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 98.709943][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 98.718653][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 98.727391][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 98.735287][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 98.746959][ T4792] device veth1_vlan entered promiscuous mode
[ 98.780189][ T4676] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 98.789631][ T4676] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 98.798758][ T4676] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 98.807588][ T4676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 98.818122][ T4792] device veth0_macvtap entered promiscuous mode
[ 98.827349][ T4792] device veth1_macvtap entered promiscuous mode
[ 98.847743][ T4792] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 98.855262][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 98.863706][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 98.871679][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 98.880823][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 98.892532][ T4792] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 98.902477][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 98.911305][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 98.922057][ T4792] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.931547][ T4792] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.940630][ T4792] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.949627][ T4792] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 99.010443][ T4676] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.020714][ T4676] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 99.040566][ T4676] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 99.049130][ T4676] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.057248][ T4676] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 99.065662][ T4676] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2026/04/22 16:58:21 executed programs: 3
[ 100.423594][ T5012] Bluetooth: hci0: command 0x040f tx timeout
[ 102.503193][ T5015] Bluetooth: hci0: command 0x0419 tx timeout
[ 103.401352][ T144] ==================================================================
[ 103.409438][ T144] BUG: KASAN: use-after-free in __lock_acquire+0x106/0x7d10
[ 103.417070][ T144] Read of size 8 at addr ffff88807d3f2620 by task kworker/u4:1/144
[ 103.425115][ T144]
[ 103.427537][ T144] CPU: 1 PID: 144 Comm: kworker/u4:1 Not tainted syzkaller #0
[ 103.434972][ T144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 103.445010][ T144] Workqueue: kkcmd kcm_tx_work
[ 103.449870][ T144] Call Trace:
[ 103.453267][ T144]
[ 103.456190][ T144] dump_stack_lvl+0x188/0x250
[ 103.460894][ T144] ? show_regs_print_info+0x20/0x20
[ 103.466091][ T144] ? load_image+0x400/0x400
[ 103.470606][ T144] ? _raw_spin_lock_irqsave+0xbc/0x100
[ 103.476077][ T144] print_address_description+0x60/0x2d0
[ 103.481640][ T144] ? __lock_acquire+0x106/0x7d10
[ 103.486591][ T144] kasan_report+0xdf/0x130
[ 103.491263][ T144] ? __lock_acquire+0x106/0x7d10
[ 103.496199][ T144] __lock_acquire+0x106/0x7d10
[ 103.501211][ T144] ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 103.507336][ T144] ? lock_chain_count+0x20/0x20
[ 103.512206][ T144] ? finish_lock_switch+0x12f/0x280
[ 103.517420][ T144] ? finish_lock_switch+0x12f/0x280
[ 103.522817][ T144] ? verify_lock_unused+0x140/0x140
[ 103.528009][ T144] ? finish_task_switch+0x12f/0x640
[ 103.533205][ T144] ? __switch_to_asm+0x34/0x60
[ 103.537979][ T144] ? __schedule+0x11f7/0x43c0
[ 103.542758][ T144] lock_acquire+0x19e/0x400
[ 103.547339][ T144] ? __lock_sock+0x166/0x2b0
[ 103.551942][ T144] ? lockdep_hardirqs_on_prepare+0x770/0x770
[ 103.557973][ T144] ? __local_bh_disable_ip+0x111/0x1a0
[ 103.563514][ T144] ? read_lock_is_recursive+0x10/0x10
[ 103.569050][ T144] ? __local_bh_enable_ip+0x136/0x1c0
[ 103.574520][ T144] ? kthread_data+0x4b/0xc0
[ 103.579029][ T144] ? kthread_data+0x4b/0xc0
[ 103.583518][ T144] ? __lock_sock+0x166/0x2b0
[ 103.588291][ T144] _raw_spin_lock_bh+0x32/0x50
[ 103.593044][ T144] ? __lock_sock+0x166/0x2b0
[ 103.597631][ T144] __lock_sock+0x166/0x2b0
[ 103.602040][ T144] ? sk_page_frag_refill+0x200/0x200
[ 103.607318][ T144] ? do_raw_spin_lock+0x128/0x2f0
[ 103.612343][ T144] ? init_wait_entry+0xd0/0xd0
[ 103.617101][ T144] ? __rwlock_init+0x140/0x140
[ 103.621970][ T144] ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 103.627953][ T144] ? lock_sock_nested+0x68/0x100
[ 103.632971][ T144] lock_sock_nested+0x9d/0x100
[ 103.637726][ T144] kcm_tx_work+0x2d/0x180
[ 103.642057][ T144] process_one_work+0x85f/0x1010
[ 103.647001][ T144] ? worker_detach_from_pool+0x240/0x240
[ 103.652663][ T144] ? lockdep_hardirqs_off+0x70/0x100
[ 103.657936][ T144] ? _raw_spin_lock_irq+0xb7/0xf0
[ 103.662944][ T144] ? _raw_spin_lock_irqsave+0x100/0x100
[ 103.668504][ T144] ? wq_worker_running+0x97/0x170
[ 103.673582][ T144] worker_thread+0xaa6/0x1290
[ 103.678263][ T144] kthread+0x436/0x520
[ 103.682322][ T144] ? rcu_lock_release+0x20/0x20
[ 103.687155][ T144] ? kthread_blkcg+0xd0/0xd0
[ 103.691727][ T144] ret_from_fork+0x1f/0x30
[ 103.696132][ T144]
[ 103.699205][ T144]
[ 103.701518][ T144] Allocated by task 5072:
[ 103.705837][ T144] __kasan_slab_alloc+0x9c/0xd0
[ 103.710686][ T144] slab_post_alloc_hook+0x4c/0x380
[ 103.715854][ T144] kmem_cache_alloc+0x100/0x290
[ 103.720691][ T144] sk_prot_alloc+0x57/0x210
[ 103.725174][ T144] sk_alloc+0x2f/0x310
[ 103.729218][ T144] kcm_ioctl+0x20f/0x1090
[ 103.733615][ T144] sock_do_ioctl+0xfb/0x320
[ 103.738095][ T144] sock_ioctl+0x4d2/0x710
[ 103.742732][ T144] __se_sys_ioctl+0xfa/0x170
[ 103.747341][ T144] do_syscall_64+0x4c/0xa0
[ 103.751774][ T144] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 103.757751][ T144]
[ 103.760063][ T144] Freed by task 5073:
[ 103.764018][ T144] kasan_set_track+0x4b/0x70
[ 103.768595][ T144] kasan_set_free_info+0x1f/0x40
[ 103.773522][ T144] ____kasan_slab_free+0xd5/0x110
[ 103.778665][ T144] slab_free_freelist_hook+0xea/0x170
[ 103.784034][ T144] kmem_cache_free+0x8f/0x210
[ 103.788693][ T144] __sk_destruct+0x569/0x840
[ 103.793270][ T144] kcm_release+0x51a/0x5b0
[ 103.797702][ T144] sock_close+0xd5/0x240
[ 103.801944][ T144] __fput+0x234/0x930
[ 103.805993][ T144] task_work_run+0x125/0x1a0
[ 103.810566][ T144] exit_to_user_mode_loop+0x10f/0x130
[ 103.815918][ T144] exit_to_user_mode_prepare+0xee/0x180
[ 103.821557][ T144] syscall_exit_to_user_mode+0x16/0x40
[ 103.827129][ T144] do_syscall_64+0x58/0xa0
[ 103.831738][ T144] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 103.837623][ T144]
[ 103.839943][ T144] Last potentially related work creation:
[ 103.845858][ T144] kasan_save_stack+0x35/0x60
[ 103.850531][ T144] kasan_record_aux_stack+0xb8/0x100
[ 103.855808][ T144] insert_work+0x54/0x3d0
[ 103.860214][ T144] __queue_work+0x9c5/0xd50
[ 103.864926][ T144] queue_work_on+0x124/0x1f0
[ 103.869714][ T144] kcm_unattach+0x85e/0xe80
[ 103.874218][ T144] kcm_ioctl+0x7c0/0x1090
[ 103.878541][ T144] sock_do_ioctl+0xfb/0x320
[ 103.883147][ T144] sock_ioctl+0x4d2/0x710
[ 103.887652][ T144] __se_sys_ioctl+0xfa/0x170
[ 103.892353][ T144] do_syscall_64+0x4c/0xa0
[ 103.896846][ T144] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 103.902726][ T144]
[ 103.905669][ T144] Second to last potentially related work creation:
[ 103.912248][ T144] kasan_save_stack+0x35/0x60
[ 103.916911][ T144] kasan_record_aux_stack+0xb8/0x100
[ 103.922179][ T144] insert_work+0x54/0x3d0
[ 103.926493][ T144] __queue_work+0x9c5/0xd50
[ 103.931087][ T144] queue_work_on+0x124/0x1f0
[ 103.935661][ T144] kcm_ioctl+0xee0/0x1090
[ 103.939983][ T144] sock_do_ioctl+0xfb/0x320
[ 103.944577][ T144] sock_ioctl+0x4d2/0x710
[ 103.948901][ T144] __se_sys_ioctl+0xfa/0x170
[ 103.953475][ T144] do_syscall_64+0x4c/0xa0
[ 103.957987][ T144] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 103.963888][ T144]
[ 103.966218][ T144] The buggy address belongs to the object at ffff88807d3f2580
[ 103.966218][ T144] which belongs to the cache KCM of size 1736
[ 103.979644][ T144] The buggy address is located 160 bytes inside of
[ 103.979644][ T144] 1736-byte region [ffff88807d3f2580, ffff88807d3f2c48)
[ 103.992989][ T144] The buggy address belongs to the page:
[ 103.998643][ T144] page:ffffea0001f4fc00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7d3f0
[ 104.009167][ T144] head:ffffea0001f4fc00 order:3 compound_mapcount:0 compound_pincount:0
[ 104.017481][ T144] memcg:ffff8880238d8901
[ 104.021703][ T144] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 104.029956][ T144] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff88802c84f140
[ 104.038550][ T144] raw: 0000000000000000 0000000080110011 00000001ffffffff ffff8880238d8901
[ 104.047554][ T144] page dumped because: kasan: bad access detected
[ 104.053966][ T144] page_owner tracks the page as allocated
[ 104.059659][ T144] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5056, ts 100009701712, free_ts 99940988968
[ 104.080234][ T144] get_page_from_freelist+0x1bbd/0x1ca0
[ 104.085778][ T144] __alloc_pages+0x1ee/0x480
[ 104.090468][ T144] new_slab+0xc0/0x4b0
[ 104.094716][ T144] ___slab_alloc+0x80a/0xdd0
[ 104.099296][ T144] kmem_cache_alloc+0x195/0x290
[ 104.104309][ T144] sk_prot_alloc+0x57/0x210
[ 104.108827][ T144] sk_alloc+0x2f/0x310
[ 104.113256][ T144] kcm_ioctl+0x20f/0x1090
[ 104.117574][ T144] sock_do_ioctl+0xfb/0x320
[ 104.122244][ T144] sock_ioctl+0x4d2/0x710
[ 104.126682][ T144] __se_sys_ioctl+0xfa/0x170
[ 104.131278][ T144] do_syscall_64+0x4c/0xa0
[ 104.135777][ T144] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 104.141697][ T144] page last free stack trace:
[ 104.146376][ T144] free_unref_page_prepare+0x637/0x6c0
[ 104.151850][ T144] free_unref_page+0x8f/0x2a0
[ 104.156515][ T144] do_exit+0x16a2/0x20c0
[ 104.161443][ T144] do_group_exit+0x12e/0x300
[ 104.166011][ T144] get_signal+0x6ca/0x12c0
[ 104.170425][ T144] arch_do_signal_or_restart+0xe7/0x12c0
[ 104.176126][ T144] exit_to_user_mode_loop+0x9e/0x130
[ 104.181499][ T144] exit_to_user_mode_prepare+0xee/0x180
[ 104.187344][ T144] syscall_exit_to_user_mode+0x16/0x40
[ 104.192911][ T144] do_syscall_64+0x58/0xa0
[ 104.197407][ T144] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 104.203635][ T144]
[ 104.205953][ T144] Memory state around the buggy address:
[ 104.211603][ T144] ffff88807d3f2500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 104.219732][ T144] ffff88807d3f2580: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 104.227859][ T144] >ffff88807d3f2600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 104.235988][ T144] ^
[ 104.241088][ T144] ffff88807d3f2680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 104.249249][ T144] ffff88807d3f2700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 104.257672][ T144] ==================================================================
[ 104.265979][ T144] Disabling lock debugging due to kernel taint
[ 104.272140][ T144] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 104.279314][ T144] CPU: 1 PID: 144 Comm: kworker/u4:1 Tainted: G B syzkaller #0
[ 104.288240][ T144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 104.298551][ T144] Workqueue: kkcmd kcm_tx_work
[ 104.303317][ T144] Call Trace:
[ 104.306589][ T144]
[ 104.309532][ T144] dump_stack_lvl+0x188/0x250
[ 104.314288][ T144] ? show_regs_print_info+0x20/0x20
[ 104.319560][ T144] ? load_image+0x400/0x400
[ 104.324048][ T144] panic+0x2e5/0x810
[ 104.327931][ T144] ? bpf_jit_dump+0xd0/0xd0
[ 104.332427][ T144] ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 104.338396][ T144] ? _raw_spin_unlock+0x40/0x40
[ 104.343238][ T144] ? __lock_acquire+0x106/0x7d10
[ 104.348163][ T144] check_panic_on_warn+0x80/0xa0
[ 104.353088][ T144] ? __lock_acquire+0x106/0x7d10
[ 104.358019][ T144] end_report+0x6d/0xf0
[ 104.362158][ T144] kasan_report+0x102/0x130
[ 104.366651][ T144] ? __lock_acquire+0x106/0x7d10
[ 104.371574][ T144] __lock_acquire+0x106/0x7d10
[ 104.376516][ T144] ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 104.382480][ T144] ? lock_chain_count+0x20/0x20
[ 104.387363][ T144] ? finish_lock_switch+0x12f/0x280
[ 104.392557][ T144] ? finish_lock_switch+0x12f/0x280
[ 104.397763][ T144] ? verify_lock_unused+0x140/0x140
[ 104.403377][ T144] ? finish_task_switch+0x12f/0x640
[ 104.408571][ T144] ? __switch_to_asm+0x34/0x60
[ 104.413422][ T144] ? __schedule+0x11f7/0x43c0
[ 104.418189][ T144] lock_acquire+0x19e/0x400
[ 104.422684][ T144] ? __lock_sock+0x166/0x2b0
[ 104.427265][ T144] ? lockdep_hardirqs_on_prepare+0x770/0x770
[ 104.433229][ T144] ? __local_bh_disable_ip+0x111/0x1a0
[ 104.438669][ T144] ? read_lock_is_recursive+0x10/0x10
[ 104.444029][ T144] ? __local_bh_enable_ip+0x136/0x1c0
[ 104.449381][ T144] ? kthread_data+0x4b/0xc0
[ 104.453869][ T144] ? kthread_data+0x4b/0xc0
[ 104.458351][ T144] ? __lock_sock+0x166/0x2b0
[ 104.462925][ T144] _raw_spin_lock_bh+0x32/0x50
[ 104.467941][ T144] ? __lock_sock+0x166/0x2b0
[ 104.472521][ T144] __lock_sock+0x166/0x2b0
[ 104.476918][ T144] ? sk_page_frag_refill+0x200/0x200
[ 104.482194][ T144] ? do_raw_spin_lock+0x128/0x2f0
[ 104.487200][ T144] ? init_wait_entry+0xd0/0xd0
[ 104.491977][ T144] ? __rwlock_init+0x140/0x140
[ 104.496732][ T144] ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 104.502716][ T144] ? lock_sock_nested+0x68/0x100
[ 104.507640][ T144] lock_sock_nested+0x9d/0x100
[ 104.512478][ T144] kcm_tx_work+0x2d/0x180
[ 104.516797][ T144] process_one_work+0x85f/0x1010
[ 104.521743][ T144] ? worker_detach_from_pool+0x240/0x240
[ 104.527470][ T144] ? lockdep_hardirqs_off+0x70/0x100
[ 104.532748][ T144] ? _raw_spin_lock_irq+0xb7/0xf0
[ 104.537872][ T144] ? _raw_spin_lock_irqsave+0x100/0x100
[ 104.543491][ T144] ? wq_worker_running+0x97/0x170
[ 104.548543][ T144] worker_thread+0xaa6/0x1290
[ 104.553350][ T144] kthread+0x436/0x520
[ 104.557489][ T144] ? rcu_lock_release+0x20/0x20
[ 104.562494][ T144] ? kthread_blkcg+0xd0/0xd0
[ 104.567229][ T144] ret_from_fork+0x1f/0x30
[ 104.571641][ T144]
[ 104.575069][ T144] Kernel Offset: disabled
[ 104.579683][ T144] Rebooting in 86400 seconds..