Warning: Permanently added '10.128.0.170' (ED25519) to the list of known hosts.
2026/03/09 04:23:02 parsed 1 programs
[  113.236887][ T4593] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[  116.110187][ T4631] chnl_net:caif_netlink_parms(): no params data found
[  116.175634][ T4631] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.183052][ T4631] bridge0: port 1(bridge_slave_0) entered disabled state
[  116.191669][ T4631] device bridge_slave_0 entered promiscuous mode
[  116.202538][ T4631] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.209865][ T4631] bridge0: port 2(bridge_slave_1) entered disabled state
[  116.219610][ T4631] device bridge_slave_1 entered promiscuous mode
[  116.250021][ T4631] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  116.261970][ T4631] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  116.293468][ T4631] team0: Port device team_slave_0 added
[  116.301533][ T4631] team0: Port device team_slave_1 added
[  116.328182][ T4631] batman_adv: batadv0: Adding interface: batadv_slave_0
[  116.335239][ T4631] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  116.362807][ T4631] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  116.375753][ T4631] batman_adv: batadv0: Adding interface: batadv_slave_1
[  116.383042][ T4631] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  116.409528][ T4631] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  116.449574][ T4631] device hsr_slave_0 entered promiscuous mode
[  116.457498][ T4631] device hsr_slave_1 entered promiscuous mode
[  117.230407][ T4631] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  117.240618][ T4631] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  117.252076][ T4631] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  117.263466][ T4631] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  117.335434][ T4631] 8021q: adding VLAN 0 to HW filter on device bond0
[  117.350892][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  117.363329][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  117.375057][ T4631] 8021q: adding VLAN 0 to HW filter on device team0
[  117.387811][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  117.398622][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  117.410042][  T155] bridge0: port 1(bridge_slave_0) entered blocking state
[  117.417199][  T155] bridge0: port 1(bridge_slave_0) entered forwarding state
[  117.433228][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  117.441764][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  117.450792][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  117.460263][  T155] bridge0: port 2(bridge_slave_1) entered blocking state
[  117.467483][  T155] bridge0: port 2(bridge_slave_1) entered forwarding state
[  117.477816][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  117.514505][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  117.525953][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  117.536250][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  117.545912][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  117.572289][ T4631] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  117.583461][ T4631] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  117.596565][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  117.606742][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  117.616073][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  117.626197][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  117.636067][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  117.646092][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  117.655161][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  117.869375][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  117.877025][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  117.891143][ T4631] 8021q: adding VLAN 0 to HW filter on device batadv0
[  117.937845][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  117.946967][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  117.993141][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  118.003645][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  118.013480][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  118.021382][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  118.034706][ T4631] device veth0_vlan entered promiscuous mode
[  118.063274][ T4631] device veth1_vlan entered promiscuous mode
[  118.088571][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  118.099039][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  118.108900][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  118.118000][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  118.146058][ T4631] device veth0_macvtap entered promiscuous mode
[  118.158435][ T4631] device veth1_macvtap entered promiscuous mode
[  118.179859][ T4631] batman_adv: batadv0: Interface activated: batadv_slave_0
[  118.189274][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  118.200060][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  118.216166][ T4631] batman_adv: batadv0: Interface activated: batadv_slave_1
[  118.247466][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  118.257413][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  118.269764][ T4631] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  118.279923][ T4631] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  118.289340][ T4631] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  118.299779][ T4631] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  118.991070][  T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.009497][  T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.031317][ T1281] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  119.061503][ T1281] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.072508][ T1281] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.080133][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2026/03/09 04:23:13 executed programs: 0
[  120.698547][ T4779] chnl_net:caif_netlink_parms(): no params data found
[  120.789217][ T4296] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  120.804919][ T4779] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.812124][ T4779] bridge0: port 1(bridge_slave_0) entered disabled state
[  120.821083][ T4779] device bridge_slave_0 entered promiscuous mode
[  120.832038][ T4779] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.839409][ T4779] bridge0: port 2(bridge_slave_1) entered disabled state
[  120.849951][ T4779] device bridge_slave_1 entered promiscuous mode
[  120.881926][ T4779] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  120.894121][ T4779] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  120.930186][ T4779] team0: Port device team_slave_0 added
[  120.938883][ T4779] team0: Port device team_slave_1 added
[  120.964173][ T4779] batman_adv: batadv0: Adding interface: batadv_slave_0
[  120.971188][ T4779] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  120.997996][ T4779] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  121.010482][ T4779] batman_adv: batadv0: Adding interface: batadv_slave_1
[  121.017606][ T4779] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  121.044783][ T4779] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  121.084456][ T4779] device hsr_slave_0 entered promiscuous mode
[  121.091419][ T4779] device hsr_slave_1 entered promiscuous mode
[  121.098754][ T4779] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  121.106931][ T4779] Cannot create hsr debugfs directory
[  122.552562][ T4290] Bluetooth: hci0: command 0x0409 tx timeout
[  123.711439][ T4296] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  123.791116][ T4296] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  123.851731][ T4296] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  124.622654][ T4290] Bluetooth: hci0: command 0x041b tx timeout
[  124.753066][ T4779] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  124.763195][ T4779] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  124.773431][ T4779] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  124.784086][ T4779] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  124.879016][ T4779] 8021q: adding VLAN 0 to HW filter on device bond0
[  124.893838][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  124.904999][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  124.916022][ T4779] 8021q: adding VLAN 0 to HW filter on device team0
[  124.955292][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  124.966590][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  124.975700][  T155] bridge0: port 1(bridge_slave_0) entered blocking state
[  124.983103][  T155] bridge0: port 1(bridge_slave_0) entered forwarding state
[  125.004137][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  125.012871][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  125.021892][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  125.035209][  T155] bridge0: port 2(bridge_slave_1) entered blocking state
[  125.042323][  T155] bridge0: port 2(bridge_slave_1) entered forwarding state
[  125.053240][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  125.072720][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  125.085286][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  125.096885][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  125.109668][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  125.119116][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  125.129652][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  125.144527][ T4779] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  125.155180][ T4779] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  125.171962][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  125.181403][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  125.190433][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  125.199655][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  125.208461][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  125.348766][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  125.356441][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  125.369380][ T4779] 8021q: adding VLAN 0 to HW filter on device batadv0
[  125.398479][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  125.408046][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  125.433592][ T4779] device veth0_vlan entered promiscuous mode
[  125.442744][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  125.451125][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  125.460546][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  125.468913][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  125.491824][ T4779] device veth1_vlan entered promiscuous mode
[  125.514047][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  125.522274][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  125.532203][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  125.541815][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  125.555858][ T4779] device veth0_macvtap entered promiscuous mode
[  125.568692][ T4779] device veth1_macvtap entered promiscuous mode
[  125.588938][ T4296] device hsr_slave_0 left promiscuous mode
[  125.595514][ T4296] device hsr_slave_1 left promiscuous mode
[  125.604865][ T4296] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  125.612302][ T4296] batman_adv: batadv0: Removing interface: batadv_slave_0
[  125.621314][ T4296] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  125.629160][ T4296] batman_adv: batadv0: Removing interface: batadv_slave_1
[  125.637427][ T4296] device bridge_slave_1 left promiscuous mode
[  125.643928][ T4296] bridge0: port 2(bridge_slave_1) entered disabled state
[  125.652664][ T4296] device bridge_slave_0 left promiscuous mode
[  125.658905][ T4296] bridge0: port 1(bridge_slave_0) entered disabled state
[  125.671464][ T4296] device veth1_macvtap left promiscuous mode
[  125.677920][ T4296] device veth0_macvtap left promiscuous mode
[  125.684528][ T4296] device veth1_vlan left promiscuous mode
[  125.690324][ T4296] device veth0_vlan left promiscuous mode
[  125.856561][ T4296] team0 (unregistering): Port device team_slave_1 removed
[  125.873028][ T4296] team0 (unregistering): Port device team_slave_0 removed
[  125.885702][ T4296] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  125.900422][ T4296] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  125.961723][ T4296] bond0 (unregistering): Released all slaves
[  126.011786][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  126.020251][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  126.031913][ T4779] batman_adv: batadv0: Interface activated: batadv_slave_0
[  126.039619][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  126.049131][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  126.060632][ T4779] batman_adv: batadv0: Interface activated: batadv_slave_1
[  126.069132][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  126.078293][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  126.092723][ T4779] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  126.101442][ T4779] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  126.110856][ T4779] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  126.119880][ T4779] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  126.197301][  T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.208020][  T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.218160][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
2026/03/09 04:23:19 executed programs: 2
[  126.246495][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.255264][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.265100][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  126.702495][ T4663] Bluetooth: hci0: command 0x040f tx timeout
[  128.085993][  T154] ==================================================================
[  128.094218][  T154] BUG: KASAN: use-after-free in __lock_acquire+0x106/0x7d10
[  128.101607][  T154] Read of size 8 at addr ffff88807c7b0820 by task kworker/u4:2/154
[  128.109501][  T154] 
[  128.111887][  T154] CPU: 1 PID: 154 Comm: kworker/u4:2 Not tainted syzkaller #0
[  128.119632][  T154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  128.129701][  T154] Workqueue: kkcmd kcm_tx_work
[  128.134496][  T154] Call Trace:
[  128.137788][  T154]  <TASK>
[  128.140826][  T154]  dump_stack_lvl+0x188/0x250
[  128.145600][  T154]  ? show_regs_print_info+0x20/0x20
[  128.150824][  T154]  ? load_image+0x400/0x400
[  128.155346][  T154]  ? _raw_spin_lock_irqsave+0xbc/0x100
[  128.160954][  T154]  print_address_description+0x60/0x2d0
[  128.166683][  T154]  ? __lock_acquire+0x106/0x7d10
[  128.171655][  T154]  kasan_report+0xdf/0x130
[  128.176080][  T154]  ? __lock_acquire+0x106/0x7d10
[  128.181069][  T154]  __lock_acquire+0x106/0x7d10
[  128.185848][  T154]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  128.191866][  T154]  ? lock_chain_count+0x20/0x20
[  128.196734][  T154]  ? finish_lock_switch+0x12f/0x280
[  128.201949][  T154]  ? finish_lock_switch+0x12f/0x280
[  128.207156][  T154]  ? verify_lock_unused+0x140/0x140
[  128.212379][  T154]  ? finish_task_switch+0x12f/0x640
[  128.217635][  T154]  ? __switch_to_asm+0x34/0x60
[  128.222414][  T154]  ? __schedule+0x11f7/0x43c0
[  128.227134][  T154]  lock_acquire+0x19e/0x400
[  128.231676][  T154]  ? __lock_sock+0x166/0x2b0
[  128.236275][  T154]  ? lockdep_hardirqs_on_prepare+0x770/0x770
[  128.242711][  T154]  ? __local_bh_disable_ip+0x111/0x1a0
[  128.248283][  T154]  ? read_lock_is_recursive+0x10/0x10
[  128.253660][  T154]  ? __local_bh_enable_ip+0x136/0x1c0
[  128.259035][  T154]  ? kthread_data+0x4b/0xc0
[  128.263540][  T154]  ? kthread_data+0x4b/0xc0
[  128.268060][  T154]  ? __lock_sock+0x166/0x2b0
[  128.272690][  T154]  _raw_spin_lock_bh+0x32/0x50
[  128.277550][  T154]  ? __lock_sock+0x166/0x2b0
[  128.282150][  T154]  __lock_sock+0x166/0x2b0
[  128.286591][  T154]  ? sk_page_frag_refill+0x200/0x200
[  128.292082][  T154]  ? do_raw_spin_lock+0x128/0x2f0
[  128.297117][  T154]  ? init_wait_entry+0xd0/0xd0
[  128.302008][  T154]  ? __rwlock_init+0x140/0x140
[  128.306879][  T154]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  128.312906][  T154]  ? lock_sock_nested+0x68/0x100
[  128.317980][  T154]  lock_sock_nested+0x9d/0x100
[  128.322761][  T154]  kcm_tx_work+0x2d/0x180
[  128.327117][  T154]  process_one_work+0x85f/0x1010
[  128.332074][  T154]  ? worker_detach_from_pool+0x240/0x240
[  128.337815][  T154]  ? lockdep_hardirqs_off+0x70/0x100
[  128.343273][  T154]  ? _raw_spin_lock_irq+0xb7/0xf0
[  128.348315][  T154]  ? _raw_spin_lock_irqsave+0x100/0x100
[  128.353897][  T154]  ? wq_worker_running+0x97/0x170
[  128.359166][  T154]  worker_thread+0xaa6/0x1290
[  128.364004][  T154]  kthread+0x436/0x520
[  128.368112][  T154]  ? rcu_lock_release+0x20/0x20
[  128.372974][  T154]  ? kthread_blkcg+0xd0/0xd0
[  128.377585][  T154]  ret_from_fork+0x1f/0x30
[  128.382049][  T154]  </TASK>
[  128.385078][  T154] 
[  128.387432][  T154] Allocated by task 5039:
[  128.391907][  T154]  __kasan_slab_alloc+0x9c/0xd0
[  128.396853][  T154]  slab_post_alloc_hook+0x4c/0x380
[  128.401974][  T154]  kmem_cache_alloc+0x100/0x290
[  128.406824][  T154]  sk_prot_alloc+0x57/0x210
[  128.411342][  T154]  sk_alloc+0x2f/0x310
[  128.415544][  T154]  kcm_ioctl+0x20f/0x1090
[  128.419877][  T154]  sock_do_ioctl+0xfb/0x320
[  128.424399][  T154]  sock_ioctl+0x4d2/0x710
[  128.428740][  T154]  __se_sys_ioctl+0xfa/0x170
[  128.433332][  T154]  do_syscall_64+0x4c/0xa0
[  128.437775][  T154]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  128.443672][  T154] 
[  128.445998][  T154] Freed by task 5040:
[  128.449972][  T154]  kasan_set_track+0x4b/0x70
[  128.454596][  T154]  kasan_set_free_info+0x1f/0x40
[  128.459560][  T154]  ____kasan_slab_free+0xd5/0x110
[  128.464627][  T154]  slab_free_freelist_hook+0xea/0x170
[  128.470023][  T154]  kmem_cache_free+0x8f/0x210
[  128.474703][  T154]  __sk_destruct+0x569/0x840
[  128.479290][  T154]  kcm_release+0x51a/0x5b0
[  128.483703][  T154]  sock_close+0xd5/0x240
[  128.487949][  T154]  __fput+0x234/0x930
[  128.491928][  T154]  task_work_run+0x125/0x1a0
[  128.496533][  T154]  exit_to_user_mode_loop+0x10f/0x130
[  128.501907][  T154]  exit_to_user_mode_prepare+0xee/0x180
[  128.507453][  T154]  syscall_exit_to_user_mode+0x16/0x40
[  128.512933][  T154]  do_syscall_64+0x58/0xa0
[  128.517356][  T154]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  128.523277][  T154] 
[  128.525603][  T154] Last potentially related work creation:
[  128.531609][  T154]  kasan_save_stack+0x35/0x60
[  128.536298][  T154]  kasan_record_aux_stack+0xb8/0x100
[  128.541597][  T154]  insert_work+0x54/0x3d0
[  128.545938][  T154]  __queue_work+0x9c5/0xd50
[  128.550445][  T154]  queue_work_on+0x124/0x1f0
[  128.555093][  T154]  kcm_unattach+0x85e/0xe80
[  128.559635][  T154]  kcm_ioctl+0x7c0/0x1090
[  128.563965][  T154]  sock_do_ioctl+0xfb/0x320
[  128.568471][  T154]  sock_ioctl+0x4d2/0x710
[  128.572818][  T154]  __se_sys_ioctl+0xfa/0x170
[  128.577497][  T154]  do_syscall_64+0x4c/0xa0
[  128.582379][  T154]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  128.588416][  T154] 
[  128.590753][  T154] Second to last potentially related work creation:
[  128.597746][  T154]  kasan_save_stack+0x35/0x60
[  128.602455][  T154]  kasan_record_aux_stack+0xb8/0x100
[  128.607775][  T154]  insert_work+0x54/0x3d0
[  128.612136][  T154]  __queue_work+0x9c5/0xd50
[  128.616730][  T154]  queue_work_on+0x124/0x1f0
[  128.621322][  T154]  kcm_ioctl+0xee0/0x1090
[  128.625763][  T154]  sock_do_ioctl+0xfb/0x320
[  128.630370][  T154]  sock_ioctl+0x4d2/0x710
[  128.634912][  T154]  __se_sys_ioctl+0xfa/0x170
[  128.639522][  T154]  do_syscall_64+0x4c/0xa0
[  128.643982][  T154]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  128.649877][  T154] 
[  128.652204][  T154] The buggy address belongs to the object at ffff88807c7b0780
[  128.652204][  T154]  which belongs to the cache KCM of size 1736
[  128.665650][  T154] The buggy address is located 160 bytes inside of
[  128.665650][  T154]  1736-byte region [ffff88807c7b0780, ffff88807c7b0e48)
[  128.679014][  T154] The buggy address belongs to the page:
[  128.684747][  T154] page:ffffea0001f1ec00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7c7b0
[  128.695050][  T154] head:ffffea0001f1ec00 order:3 compound_mapcount:0 compound_pincount:0
[  128.703574][  T154] memcg:ffff888073c1fc01
[  128.707825][  T154] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  128.715916][  T154] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff88802a9898c0
[  128.724501][  T154] raw: 0000000000000000 0000000080110011 00000001ffffffff ffff888073c1fc01
[  128.733175][  T154] page dumped because: kasan: bad access detected
[  128.739614][  T154] page_owner tracks the page as allocated
[  128.745330][  T154] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5030, ts 126309008015, free_ts 126284053166
[  128.766031][  T154]  get_page_from_freelist+0x1bbd/0x1ca0
[  128.771615][  T154]  __alloc_pages+0x1ee/0x480
[  128.776222][  T154]  new_slab+0xc0/0x4b0
[  128.780311][  T154]  ___slab_alloc+0x80a/0xdd0
[  128.782970][ T4290] Bluetooth: hci0: command 0x0419 tx timeout
[  128.785039][  T154]  kmem_cache_alloc+0x195/0x290
[  128.785065][  T154]  sk_prot_alloc+0x57/0x210
[  128.785083][  T154]  sk_alloc+0x2f/0x310
[  128.785099][  T154]  kcm_create+0xfc/0x570
[  128.809163][  T154]  __sock_create+0x47b/0x900
[  128.813778][  T154]  __sys_socket+0xe2/0x170
[  128.818235][  T154]  __x64_sys_socket+0x76/0x80
[  128.822939][  T154]  do_syscall_64+0x4c/0xa0
[  128.827489][  T154]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  128.833420][  T154] page last free stack trace:
[  128.838193][  T154]  free_unref_page_prepare+0x637/0x6c0
[  128.843682][  T154]  free_unref_page+0x8f/0x2a0
[  128.848485][  T154]  __unfreeze_partials+0x1a5/0x200
[  128.853707][  T154]  put_cpu_partial+0x12d/0x190
[  128.858481][  T154]  qlist_free_all+0x35/0x90
[  128.862992][  T154]  kasan_quarantine_reduce+0x150/0x160
[  128.868576][  T154]  __kasan_slab_alloc+0x2f/0xd0
[  128.873545][  T154]  slab_post_alloc_hook+0x4c/0x380
[  128.878804][  T154]  __kmalloc+0x127/0x330
[  128.883067][  T154]  tomoyo_realpath_from_path+0x118/0x610
[  128.888751][  T154]  tomoyo_mount_permission+0x3b8/0x9b0
[  128.894312][  T154]  security_sb_mount+0x83/0xb0
[  128.899093][  T154]  path_mount+0xb8/0x1030
[  128.903435][  T154]  __se_sys_mount+0x2e3/0x3d0
[  128.908121][  T154]  do_syscall_64+0x4c/0xa0
[  128.912551][  T154]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  128.918553][  T154] 
[  128.920889][  T154] Memory state around the buggy address:
[  128.926530][  T154]  ffff88807c7b0700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  128.934738][  T154]  ffff88807c7b0780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  128.942837][  T154] >ffff88807c7b0800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  128.951018][  T154]                                ^
[  128.956265][  T154]  ffff88807c7b0880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  128.964342][  T154]  ffff88807c7b0900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  128.972496][  T154] ==================================================================
[  128.980564][  T154] Disabling lock debugging due to kernel taint
[  128.986737][  T154] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  128.993935][  T154] CPU: 1 PID: 154 Comm: kworker/u4:2 Tainted: G    B             syzkaller #0
[  129.002802][  T154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  129.012879][  T154] Workqueue: kkcmd kcm_tx_work
[  129.017685][  T154] Call Trace:
[  129.020977][  T154]  <TASK>
[  129.023921][  T154]  dump_stack_lvl+0x188/0x250
[  129.028701][  T154]  ? show_regs_print_info+0x20/0x20
[  129.033919][  T154]  ? load_image+0x400/0x400
[  129.038526][  T154]  panic+0x2e5/0x810
[  129.042490][  T154]  ? bpf_jit_dump+0xd0/0xd0
[  129.047011][  T154]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  129.052915][  T154]  ? _raw_spin_unlock+0x40/0x40
[  129.057792][  T154]  ? __lock_acquire+0x106/0x7d10
[  129.062783][  T154]  check_panic_on_warn+0x80/0xa0
[  129.067738][  T154]  ? __lock_acquire+0x106/0x7d10
[  129.072701][  T154]  end_report+0x6d/0xf0
[  129.076879][  T154]  kasan_report+0x102/0x130
[  129.081667][  T154]  ? __lock_acquire+0x106/0x7d10
[  129.086784][  T154]  __lock_acquire+0x106/0x7d10
[  129.091600][  T154]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  129.097867][  T154]  ? lock_chain_count+0x20/0x20
[  129.102764][  T154]  ? finish_lock_switch+0x12f/0x280
[  129.107982][  T154]  ? finish_lock_switch+0x12f/0x280
[  129.113207][  T154]  ? verify_lock_unused+0x140/0x140
[  129.118447][  T154]  ? finish_task_switch+0x12f/0x640
[  129.123673][  T154]  ? __switch_to_asm+0x34/0x60
[  129.128491][  T154]  ? __schedule+0x11f7/0x43c0
[  129.133227][  T154]  lock_acquire+0x19e/0x400
[  129.137785][  T154]  ? __lock_sock+0x166/0x2b0
[  129.142399][  T154]  ? lockdep_hardirqs_on_prepare+0x770/0x770
[  129.148409][  T154]  ? __local_bh_disable_ip+0x111/0x1a0
[  129.153885][  T154]  ? read_lock_is_recursive+0x10/0x10
[  129.159279][  T154]  ? __local_bh_enable_ip+0x136/0x1c0
[  129.164685][  T154]  ? kthread_data+0x4b/0xc0
[  129.169224][  T154]  ? kthread_data+0x4b/0xc0
[  129.173744][  T154]  ? __lock_sock+0x166/0x2b0
[  129.178342][  T154]  _raw_spin_lock_bh+0x32/0x50
[  129.183138][  T154]  ? __lock_sock+0x166/0x2b0
[  129.187770][  T154]  __lock_sock+0x166/0x2b0
[  129.192475][  T154]  ? sk_page_frag_refill+0x200/0x200
[  129.198094][  T154]  ? do_raw_spin_lock+0x128/0x2f0
[  129.203444][  T154]  ? init_wait_entry+0xd0/0xd0
[  129.208244][  T154]  ? __rwlock_init+0x140/0x140
[  129.213044][  T154]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  129.219070][  T154]  ? lock_sock_nested+0x68/0x100
[  129.224029][  T154]  lock_sock_nested+0x9d/0x100
[  129.228913][  T154]  kcm_tx_work+0x2d/0x180
[  129.233431][  T154]  process_one_work+0x85f/0x1010
[  129.238396][  T154]  ? worker_detach_from_pool+0x240/0x240
[  129.244054][  T154]  ? lockdep_hardirqs_off+0x70/0x100
[  129.249392][  T154]  ? _raw_spin_lock_irq+0xb7/0xf0
[  129.254430][  T154]  ? _raw_spin_lock_irqsave+0x100/0x100
[  129.260086][  T154]  ? wq_worker_running+0x97/0x170
[  129.265146][  T154]  worker_thread+0xaa6/0x1290
[  129.269950][  T154]  kthread+0x436/0x520
[  129.274051][  T154]  ? rcu_lock_release+0x20/0x20
[  129.278924][  T154]  ? kthread_blkcg+0xd0/0xd0
[  129.283531][  T154]  ret_from_fork+0x1f/0x30
[  129.287987][  T154]  </TASK>
[  129.291245][  T154] Kernel Offset: disabled
[  129.295687][  T154] Rebooting in 86400 seconds..