Warning: Permanently added '10.128.1.157' (ED25519) to the list of known hosts.
2025/10/19 16:49:38 parsed 1 programs
[   91.516916][ T4601] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   93.233455][ T4631] chnl_net:caif_netlink_parms(): no params data found
[   93.271698][ T4631] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.278892][ T4631] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.286752][ T4631] device bridge_slave_0 entered promiscuous mode
[   93.295089][ T4631] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.302481][ T4631] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.310195][ T4631] device bridge_slave_1 entered promiscuous mode
[   93.333557][ T4631] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   93.345146][ T4631] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   93.374004][ T4631] team0: Port device team_slave_0 added
[   93.383337][ T4631] team0: Port device team_slave_1 added
[   93.405413][ T4631] batman_adv: batadv0: Adding interface: batadv_slave_0
[   93.412500][ T4631] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.439326][ T4631] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   93.452057][ T4631] batman_adv: batadv0: Adding interface: batadv_slave_1
[   93.459009][ T4631] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.486724][ T4631] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   93.525456][ T4631] device hsr_slave_0 entered promiscuous mode
[   93.534047][ T4631] device hsr_slave_1 entered promiscuous mode
[   94.134911][ T4631] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   94.161314][ T4631] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   94.170698][ T4631] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   94.201341][ T4631] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   94.362374][ T4631] 8021q: adding VLAN 0 to HW filter on device bond0
[   94.389814][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   94.412450][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   94.428186][ T4631] 8021q: adding VLAN 0 to HW filter on device team0
[   94.444611][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   94.453622][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   94.464209][  T154] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.471338][  T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.480791][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   94.491354][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   94.510247][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   94.531060][ T4310] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.538258][ T4310] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.570131][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   94.579038][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   94.602922][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   94.622428][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   94.632885][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   94.653143][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   94.663085][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   94.681444][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   94.694715][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   94.723276][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   94.732584][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   94.752051][ T4631] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   94.936818][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   94.954569][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   94.973610][ T4631] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.008658][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   95.018692][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   95.040760][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   95.051448][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   95.061214][ T4631] device veth0_vlan entered promiscuous mode
[   95.068198][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   95.076531][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   95.089096][ T4631] device veth1_vlan entered promiscuous mode
[   95.114761][ T1223] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   95.123740][ T1223] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   95.132385][ T1223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   95.141919][ T1223] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   95.154061][ T4631] device veth0_macvtap entered promiscuous mode
[   95.177256][ T4631] device veth1_macvtap entered promiscuous mode
[   95.194902][ T4631] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.204900][ T1223] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   95.214275][ T1223] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   95.224862][ T1223] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   95.234386][ T1223] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   95.249386][ T4631] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.258358][ T1223] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   95.268843][ T1223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   95.294791][ T4631] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.304845][ T4631] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.315037][ T4631] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.324055][ T4631] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   96.411422][ T1223] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.419554][ T1223] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.452321][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   96.463388][ T1223] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.482272][ T1223] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.501809][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2025/10/19 16:49:47 executed programs: 0
[   97.833382][  T144] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.984451][ T4823] chnl_net:caif_netlink_parms(): no params data found
[   98.041371][ T4823] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.048535][ T4823] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.057657][ T4823] device bridge_slave_0 entered promiscuous mode
[   98.066457][ T4823] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.073729][ T4823] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.082051][ T4823] device bridge_slave_1 entered promiscuous mode
[   98.106961][ T4823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   98.118367][ T4823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   98.147011][ T4823] team0: Port device team_slave_0 added
[   98.155744][ T4823] team0: Port device team_slave_1 added
[   98.177765][ T4823] batman_adv: batadv0: Adding interface: batadv_slave_0
[   98.184886][ T4823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.211189][ T4823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   98.223514][ T4823] batman_adv: batadv0: Adding interface: batadv_slave_1
[   98.230982][ T4823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.256928][ T4823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   98.293973][ T4823] device hsr_slave_0 entered promiscuous mode
[   98.301247][ T4823] device hsr_slave_1 entered promiscuous mode
[   98.307984][ T4823] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   98.316287][ T4823] Cannot create hsr debugfs directory
[   99.913441][    T7] Bluetooth: hci0: command 0x0409 tx timeout
[  100.356539][  T144] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.396481][  T144] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.458306][  T144] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.276904][ T4823] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  101.314273][ T4823] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  101.326660][ T4823] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  101.335623][ T4823] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  101.395592][ T4823] 8021q: adding VLAN 0 to HW filter on device bond0
[  101.414199][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  101.424102][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  101.434281][ T4823] 8021q: adding VLAN 0 to HW filter on device team0
[  101.456085][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  101.465286][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  101.473868][  T154] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.481061][  T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[  101.488921][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  101.503168][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  101.512560][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  101.521228][ T4310] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.528405][ T4310] bridge0: port 2(bridge_slave_1) entered forwarding state
[  101.555025][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  101.567058][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  101.578156][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  101.588484][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  101.597771][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  101.609875][ T1223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  101.618713][ T1223] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  101.629021][ T1223] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  101.638259][ T1223] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  101.669152][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  101.678420][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  101.688498][ T4823] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  101.780826][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  101.788378][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  101.802880][ T4823] 8021q: adding VLAN 0 to HW filter on device batadv0
[  101.818506][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  101.827663][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  101.853452][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  101.862183][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  101.871203][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  101.879022][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  101.889447][ T4823] device veth0_vlan entered promiscuous mode
[  101.913170][ T4823] device veth1_vlan entered promiscuous mode
[  101.936562][ T1223] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  101.945040][ T1223] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  101.953630][ T1223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  101.962461][ T1223] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  101.972745][ T4823] device veth0_macvtap entered promiscuous mode
[  101.980338][   T23] Bluetooth: hci0: command 0x041b tx timeout
[  101.982227][ T4823] device veth1_macvtap entered promiscuous mode
[  102.005688][ T4823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  102.016516][ T4823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  102.028906][ T4823] batman_adv: batadv0: Interface activated: batadv_slave_0
[  102.039016][ T1223] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  102.047847][ T1223] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  102.056410][ T1223] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  102.065257][ T1223] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  102.076309][  T144] device hsr_slave_0 left promiscuous mode
[  102.082897][  T144] device hsr_slave_1 left promiscuous mode
[  102.089111][  T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  102.096889][  T144] batman_adv: batadv0: Removing interface: batadv_slave_0
[  102.104946][  T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  102.112971][  T144] batman_adv: batadv0: Removing interface: batadv_slave_1
[  102.120896][  T144] device bridge_slave_1 left promiscuous mode
[  102.127040][  T144] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.135322][  T144] device bridge_slave_0 left promiscuous mode
[  102.142730][  T144] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.153242][  T144] device veth1_macvtap left promiscuous mode
[  102.159255][  T144] device veth0_macvtap left promiscuous mode
[  102.165431][  T144] device veth1_vlan left promiscuous mode
[  102.171317][  T144] device veth0_vlan left promiscuous mode
[  102.300897][  T144] team0 (unregistering): Port device team_slave_1 removed
[  102.315323][  T144] team0 (unregistering): Port device team_slave_0 removed
[  102.326047][  T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  102.338836][  T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  102.393219][  T144] bond0 (unregistering): Released all slaves
[  102.435999][ T4823] batman_adv: batadv0: Interface activated: batadv_slave_1
[  102.446810][ T1223] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  102.455819][ T1223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  102.468741][ T4823] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  102.477920][ T4823] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  102.487040][ T4823] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  102.496402][ T4823] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  102.561195][ T1223] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.577524][ T1223] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.592993][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  102.610415][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.618537][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.628207][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2025/10/19 16:49:53 executed programs: 3
[  104.060526][ T5041] Bluetooth: hci0: command 0x040f tx timeout
[  104.435440][  T154] ==================================================================
[  104.443612][  T154] BUG: KASAN: use-after-free in __lock_acquire+0xf7/0x7c60
[  104.450842][  T154] Read of size 8 at addr ffff88807e3d1720 by task kworker/u4:2/154
[  104.458717][  T154] 
[  104.461126][  T154] CPU: 1 PID: 154 Comm: kworker/u4:2 Not tainted syzkaller #0
[  104.468616][  T154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  104.478667][  T154] Workqueue: kkcmd kcm_tx_work
[  104.483587][  T154] Call Trace:
[  104.486957][  T154]  <TASK>
[  104.489871][  T154]  dump_stack_lvl+0x168/0x230
[  104.494540][  T154]  ? show_regs_print_info+0x20/0x20
[  104.499723][  T154]  ? load_image+0x3b0/0x3b0
[  104.504217][  T154]  ? _raw_spin_lock_irqsave+0xb0/0xf0
[  104.509689][  T154]  print_address_description+0x60/0x2d0
[  104.515240][  T154]  ? __lock_acquire+0xf7/0x7c60
[  104.520102][  T154]  kasan_report+0xdf/0x130
[  104.524562][  T154]  ? __lock_acquire+0xf7/0x7c60
[  104.529397][  T154]  __lock_acquire+0xf7/0x7c60
[  104.534058][  T154]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  104.540024][  T154]  ? lock_chain_count+0x20/0x20
[  104.544861][  T154]  ? finish_lock_switch+0x12f/0x280
[  104.550039][  T154]  ? lockdep_hardirqs_on+0x94/0x140
[  104.555252][  T154]  ? finish_lock_switch+0x12f/0x280
[  104.560870][  T154]  ? verify_lock_unused+0x140/0x140
[  104.566049][  T154]  ? finish_task_switch+0x12f/0x640
[  104.571232][  T154]  ? __switch_to_asm+0x34/0x60
[  104.575979][  T154]  ? __schedule+0x11c3/0x4390
[  104.580695][  T154]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  104.586660][  T154]  lock_acquire+0x197/0x3f0
[  104.591338][  T154]  ? __lock_sock+0x152/0x2a0
[  104.595925][  T154]  ? lockdep_hardirqs_on_prepare+0x760/0x760
[  104.601895][  T154]  ? __local_bh_disable_ip+0xfb/0x190
[  104.607439][  T154]  ? read_lock_is_recursive+0x10/0x10
[  104.612794][  T154]  ? __local_bh_enable_ip+0x12a/0x1b0
[  104.618159][  T154]  ? kthread_data+0x4b/0xc0
[  104.622740][  T154]  ? kthread_data+0x4b/0xc0
[  104.627371][  T154]  ? __lock_sock+0x152/0x2a0
[  104.631942][  T154]  _raw_spin_lock_bh+0x32/0x50
[  104.636702][  T154]  ? __lock_sock+0x152/0x2a0
[  104.641272][  T154]  __lock_sock+0x152/0x2a0
[  104.645686][  T154]  ? sk_page_frag_refill+0x200/0x200
[  104.650957][  T154]  ? do_raw_spin_lock+0x11d/0x280
[  104.655975][  T154]  ? init_wait_entry+0xd0/0xd0
[  104.660719][  T154]  ? __rwlock_init+0x140/0x140
[  104.665463][  T154]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  104.671611][  T154]  ? lock_sock_nested+0x68/0x100
[  104.676647][  T154]  lock_sock_nested+0x9d/0x100
[  104.681455][  T154]  kcm_tx_work+0x2d/0x180
[  104.685768][  T154]  process_one_work+0x863/0x1000
[  104.690788][  T154]  ? worker_detach_from_pool+0x240/0x240
[  104.696413][  T154]  ? lockdep_hardirqs_off+0x70/0x100
[  104.701688][  T154]  ? _raw_spin_lock_irq+0xab/0xe0
[  104.706699][  T154]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  104.712141][  T154]  ? wq_worker_running+0x97/0x170
[  104.717160][  T154]  worker_thread+0xaa8/0x12a0
[  104.721841][  T154]  ? _raw_spin_unlock_irqrestore+0x82/0x100
[  104.727808][  T154]  ? lockdep_hardirqs_on+0x94/0x140
[  104.732993][  T154]  ? lockdep_hardirqs_on+0x94/0x140
[  104.738173][  T154]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  104.744165][  T154]  kthread+0x436/0x520
[  104.748222][  T154]  ? rcu_lock_release+0x20/0x20
[  104.753088][  T154]  ? kthread_blkcg+0xd0/0xd0
[  104.757661][  T154]  ret_from_fork+0x1f/0x30
[  104.762071][  T154]  </TASK>
[  104.765101][  T154] 
[  104.767405][  T154] Allocated by task 5098:
[  104.771714][  T154]  __kasan_slab_alloc+0x9c/0xd0
[  104.776643][  T154]  slab_post_alloc_hook+0x4c/0x380
[  104.781775][  T154]  kmem_cache_alloc+0x100/0x290
[  104.786604][  T154]  sk_prot_alloc+0x57/0x210
[  104.791088][  T154]  sk_alloc+0x2f/0x310
[  104.795137][  T154]  kcm_ioctl+0x211/0xff0
[  104.799394][  T154]  sock_do_ioctl+0xd3/0x2f0
[  104.803887][  T154]  sock_ioctl+0x4ed/0x6e0
[  104.808284][  T154]  __se_sys_ioctl+0xfa/0x170
[  104.812943][  T154]  do_syscall_64+0x4c/0xa0
[  104.817479][  T154]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  104.823461][  T154] 
[  104.825771][  T154] Freed by task 5099:
[  104.829746][  T154]  kasan_set_track+0x4b/0x70
[  104.834354][  T154]  kasan_set_free_info+0x1f/0x40
[  104.839276][  T154]  ____kasan_slab_free+0xd5/0x110
[  104.844291][  T154]  slab_free_freelist_hook+0xea/0x170
[  104.849762][  T154]  kmem_cache_free+0x8f/0x210
[  104.854696][  T154]  __sk_destruct+0x569/0x840
[  104.859270][  T154]  kcm_release+0x51a/0x5b0
[  104.863673][  T154]  sock_close+0xd5/0x240
[  104.867896][  T154]  __fput+0x234/0x930
[  104.871960][  T154]  task_work_run+0x125/0x1a0
[  104.876548][  T154]  exit_to_user_mode_loop+0x10f/0x130
[  104.882005][  T154]  exit_to_user_mode_prepare+0xee/0x180
[  104.887550][  T154]  syscall_exit_to_user_mode+0x16/0x40
[  104.892991][  T154]  do_syscall_64+0x58/0xa0
[  104.897561][  T154]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  104.903443][  T154] 
[  104.905756][  T154] Last potentially related work creation:
[  104.911467][  T154]  kasan_save_stack+0x35/0x60
[  104.916142][  T154]  kasan_record_aux_stack+0xb8/0x100
[  104.921412][  T154]  insert_work+0x54/0x3d0
[  104.925725][  T154]  __queue_work+0x9c5/0xd50
[  104.930209][  T154]  queue_work_on+0x11d/0x1d0
[  104.934865][  T154]  kcm_unattach+0x85e/0xe80
[  104.939434][  T154]  kcm_ioctl+0x78d/0xff0
[  104.943747][  T154]  sock_do_ioctl+0xd3/0x2f0
[  104.948232][  T154]  sock_ioctl+0x4ed/0x6e0
[  104.952574][  T154]  __se_sys_ioctl+0xfa/0x170
[  104.957148][  T154]  do_syscall_64+0x4c/0xa0
[  104.961545][  T154]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  104.967423][  T154] 
[  104.969732][  T154] Second to last potentially related work creation:
[  104.976378][  T154]  kasan_save_stack+0x35/0x60
[  104.981042][  T154]  kasan_record_aux_stack+0xb8/0x100
[  104.986503][  T154]  insert_work+0x54/0x3d0
[  104.990859][  T154]  __queue_work+0x9c5/0xd50
[  104.995427][  T154]  queue_work_on+0x11d/0x1d0
[  104.999997][  T154]  kcm_ioctl+0xe4b/0xff0
[  105.004220][  T154]  sock_do_ioctl+0xd3/0x2f0
[  105.008703][  T154]  sock_ioctl+0x4ed/0x6e0
[  105.013010][  T154]  __se_sys_ioctl+0xfa/0x170
[  105.017694][  T154]  do_syscall_64+0x4c/0xa0
[  105.022093][  T154]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  105.027969][  T154] 
[  105.030366][  T154] The buggy address belongs to the object at ffff88807e3d1680
[  105.030366][  T154]  which belongs to the cache KCM of size 1736
[  105.043798][  T154] The buggy address is located 160 bytes inside of
[  105.043798][  T154]  1736-byte region [ffff88807e3d1680, ffff88807e3d1d48)
[  105.057452][  T154] The buggy address belongs to the page:
[  105.063319][  T154] page:ffffea0001f8f400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7e3d0
[  105.073552][  T154] head:ffffea0001f8f400 order:3 compound_mapcount:0 compound_pincount:0
[  105.081958][  T154] memcg:ffff888018d9a301
[  105.086176][  T154] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  105.094141][  T154] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff88802b997c80
[  105.102789][  T154] raw: 0000000000000000 0000000080110011 00000001ffffffff ffff888018d9a301
[  105.111617][  T154] page dumped because: kasan: bad access detected
[  105.118165][  T154] page_owner tracks the page as allocated
[  105.123866][  T154] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5089, ts 102685558994, free_ts 102678633487
[  105.144692][  T154]  get_page_from_freelist+0x1b77/0x1c60
[  105.150244][  T154]  __alloc_pages+0x1e1/0x470
[  105.154934][  T154]  new_slab+0xc0/0x4b0
[  105.159200][  T154]  ___slab_alloc+0x81e/0xdf0
[  105.163887][  T154]  kmem_cache_alloc+0x195/0x290
[  105.168736][  T154]  sk_prot_alloc+0x57/0x210
[  105.173242][  T154]  sk_alloc+0x2f/0x310
[  105.177489][  T154]  kcm_create+0xfc/0x570
[  105.181739][  T154]  __sock_create+0x47b/0x900
[  105.186485][  T154]  __sys_socket+0xe2/0x170
[  105.190887][  T154]  __x64_sys_socket+0x76/0x80
[  105.195567][  T154]  do_syscall_64+0x4c/0xa0
[  105.199991][  T154]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  105.205925][  T154] page last free stack trace:
[  105.210754][  T154]  free_unref_page_prepare+0x637/0x6c0
[  105.216283][  T154]  free_unref_page+0x94/0x280
[  105.221029][  T154]  qlist_free_all+0x35/0x90
[  105.225601][  T154]  kasan_quarantine_reduce+0x150/0x160
[  105.231221][  T154]  __kasan_slab_alloc+0x2f/0xd0
[  105.236070][  T154]  slab_post_alloc_hook+0x4c/0x380
[  105.241258][  T154]  kmem_cache_alloc_node_trace+0x13d/0x300
[  105.247046][  T154]  __get_vm_area_node+0x119/0x2d0
[  105.252051][  T154]  __vmalloc_node_range+0xef/0x8b0
[  105.257146][  T154]  vzalloc+0x75/0x80
[  105.261031][  T154]  alloc_counters+0xd0/0x740
[  105.265631][  T154]  do_ip6t_get_ctl+0x9fe/0x1090
[  105.270472][  T154]  nf_getsockopt+0x25e/0x280
[  105.275340][  T154]  ipv6_getsockopt+0x442/0x2000
[  105.280180][  T154]  tcp_getsockopt+0x1e3/0x2390
[  105.285011][  T154]  __sys_getsockopt+0x1b0/0x230
[  105.289865][  T154] 
[  105.292177][  T154] Memory state around the buggy address:
[  105.297872][  T154]  ffff88807e3d1600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  105.305913][  T154]  ffff88807e3d1680: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  105.313962][  T154] >ffff88807e3d1700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  105.321998][  T154]                                ^
[  105.327090][  T154]  ffff88807e3d1780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  105.335127][  T154]  ffff88807e3d1800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  105.343163][  T154] ==================================================================
[  105.351207][  T154] Disabling lock debugging due to kernel taint
[  105.357393][  T154] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  105.364576][  T154] CPU: 1 PID: 154 Comm: kworker/u4:2 Tainted: G    B             syzkaller #0
[  105.373488][  T154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  105.383527][  T154] Workqueue: kkcmd kcm_tx_work
[  105.388285][  T154] Call Trace:
[  105.391635][  T154]  <TASK>
[  105.394568][  T154]  dump_stack_lvl+0x168/0x230
[  105.399324][  T154]  ? show_regs_print_info+0x20/0x20
[  105.404595][  T154]  ? load_image+0x3b0/0x3b0
[  105.409086][  T154]  panic+0x2c9/0x7f0
[  105.412964][  T154]  ? bpf_jit_dump+0xd0/0xd0
[  105.417623][  T154]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  105.423496][  T154]  ? _raw_spin_unlock+0x40/0x40
[  105.428413][  T154]  ? __lock_acquire+0xf7/0x7c60
[  105.433249][  T154]  check_panic_on_warn+0x80/0xa0
[  105.438172][  T154]  ? __lock_acquire+0xf7/0x7c60
[  105.443091][  T154]  end_report+0x6d/0xf0
[  105.447342][  T154]  kasan_report+0x102/0x130
[  105.451838][  T154]  ? __lock_acquire+0xf7/0x7c60
[  105.456685][  T154]  __lock_acquire+0xf7/0x7c60
[  105.461431][  T154]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  105.467394][  T154]  ? lock_chain_count+0x20/0x20
[  105.472230][  T154]  ? finish_lock_switch+0x12f/0x280
[  105.477407][  T154]  ? lockdep_hardirqs_on+0x94/0x140
[  105.482600][  T154]  ? finish_lock_switch+0x12f/0x280
[  105.487871][  T154]  ? verify_lock_unused+0x140/0x140
[  105.493139][  T154]  ? finish_task_switch+0x12f/0x640
[  105.498322][  T154]  ? __switch_to_asm+0x34/0x60
[  105.503069][  T154]  ? __schedule+0x11c3/0x4390
[  105.507767][  T154]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  105.513817][  T154]  lock_acquire+0x197/0x3f0
[  105.518391][  T154]  ? __lock_sock+0x152/0x2a0
[  105.523248][  T154]  ? lockdep_hardirqs_on_prepare+0x760/0x760
[  105.529212][  T154]  ? __local_bh_disable_ip+0xfb/0x190
[  105.534661][  T154]  ? read_lock_is_recursive+0x10/0x10
[  105.540018][  T154]  ? __local_bh_enable_ip+0x12a/0x1b0
[  105.545371][  T154]  ? kthread_data+0x4b/0xc0
[  105.549859][  T154]  ? kthread_data+0x4b/0xc0
[  105.554344][  T154]  ? __lock_sock+0x152/0x2a0
[  105.558913][  T154]  _raw_spin_lock_bh+0x32/0x50
[  105.563656][  T154]  ? __lock_sock+0x152/0x2a0
[  105.568484][  T154]  __lock_sock+0x152/0x2a0
[  105.572881][  T154]  ? sk_page_frag_refill+0x200/0x200
[  105.578145][  T154]  ? do_raw_spin_lock+0x11d/0x280
[  105.583158][  T154]  ? init_wait_entry+0xd0/0xd0
[  105.587907][  T154]  ? __rwlock_init+0x140/0x140
[  105.592649][  T154]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  105.598612][  T154]  ? lock_sock_nested+0x68/0x100
[  105.603531][  T154]  lock_sock_nested+0x9d/0x100
[  105.608282][  T154]  kcm_tx_work+0x2d/0x180
[  105.612693][  T154]  process_one_work+0x863/0x1000
[  105.617626][  T154]  ? worker_detach_from_pool+0x240/0x240
[  105.623237][  T154]  ? lockdep_hardirqs_off+0x70/0x100
[  105.628515][  T154]  ? _raw_spin_lock_irq+0xab/0xe0
[  105.633607][  T154]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  105.639049][  T154]  ? wq_worker_running+0x97/0x170
[  105.644162][  T154]  worker_thread+0xaa8/0x12a0
[  105.648817][  T154]  ? _raw_spin_unlock_irqrestore+0x82/0x100
[  105.654717][  T154]  ? lockdep_hardirqs_on+0x94/0x140
[  105.659983][  T154]  ? lockdep_hardirqs_on+0x94/0x140
[  105.665168][  T154]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  105.671042][  T154]  kthread+0x436/0x520
[  105.675088][  T154]  ? rcu_lock_release+0x20/0x20
[  105.680006][  T154]  ? kthread_blkcg+0xd0/0xd0
[  105.684580][  T154]  ret_from_fork+0x1f/0x30
[  105.688982][  T154]  </TASK>
[  105.692503][  T154] Kernel Offset: disabled
[  105.696828][  T154] Rebooting in 86400 seconds..