Warning: Permanently added '10.128.0.13' (ED25519) to the list of known hosts.
2025/10/19 16:36:40 parsed 1 programs
[   93.952444][ T4749] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   96.205739][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.225085][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.243808][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   96.265500][  T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.275261][  T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.289161][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   97.024766][  T145] ODEBUG: Out of memory. ODEBUG disabled
[   97.452965][ T4818] chnl_net:caif_netlink_parms(): no params data found
[   97.487873][ T4818] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.495136][ T4818] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.503010][ T4818] device bridge_slave_0 entered promiscuous mode
[   97.511391][ T4818] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.519312][ T4818] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.526917][ T4818] device bridge_slave_1 entered promiscuous mode
[   97.544803][ T4818] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.555543][ T4818] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.575999][ T4818] team0: Port device team_slave_0 added
[   97.583244][ T4818] team0: Port device team_slave_1 added
[   97.598800][ T4818] batman_adv: batadv0: Adding interface: batadv_slave_0
[   97.605761][ T4818] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.631955][ T4818] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   97.643837][ T4818] batman_adv: batadv0: Adding interface: batadv_slave_1
[   97.651103][ T4818] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.677225][ T4818] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   97.703617][ T4818] device hsr_slave_0 entered promiscuous mode
[   97.710472][ T4818] device hsr_slave_1 entered promiscuous mode
[   98.249844][ T4818] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   98.259532][ T4818] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   98.270210][ T4818] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   98.280290][ T4818] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   98.303343][ T4818] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.310571][ T4818] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.317927][ T4818] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.325070][ T4818] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.392062][ T4818] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.406259][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   98.415660][ T1225] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.425050][ T1225] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.434666][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   98.448407][ T4818] 8021q: adding VLAN 0 to HW filter on device team0
[   98.460955][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   98.472055][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   98.481410][ T1225] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.488539][ T1225] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.535866][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   98.547103][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   98.557242][ T1225] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.564380][ T1225] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.576007][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   98.584916][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   98.595259][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   98.605829][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   98.644515][ T4818] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   98.659140][ T4818] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   98.672929][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   98.682398][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   98.692975][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   98.701920][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   98.711061][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   98.719838][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   98.728425][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   98.740098][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   98.860900][ T4408] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   98.870789][ T4408] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   98.884112][ T4818] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.934648][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   98.944862][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   98.967561][ T4818] device veth0_vlan entered promiscuous mode
[   98.981575][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   99.005558][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   99.016901][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   99.025319][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   99.064945][ T4818] device veth1_vlan entered promiscuous mode
[   99.085240][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   99.095724][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   99.106239][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   99.116352][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   99.127834][ T4818] device veth0_macvtap entered promiscuous mode
[   99.137666][ T4818] device veth1_macvtap entered promiscuous mode
[   99.174880][ T4818] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.199692][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   99.209940][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   99.229997][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   99.249872][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   99.273056][ T4818] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.284209][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   99.299566][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   99.321958][ T4818] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.332848][ T4818] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.341943][ T4818] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.352388][ T4818] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2025/10/19 16:36:48 executed programs: 0
[  100.340234][ T4942] chnl_net:caif_netlink_parms(): no params data found
[  100.436855][ T4942] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.451412][ T4942] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.460923][ T4942] device bridge_slave_0 entered promiscuous mode
[  100.483182][ T4942] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.490590][ T4942] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.498883][ T4942] device bridge_slave_1 entered promiscuous mode
[  100.542838][ T4942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  100.573725][ T4942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.610594][ T4942] team0: Port device team_slave_0 added
[  100.623554][ T4942] team0: Port device team_slave_1 added
[  100.661744][ T4942] batman_adv: batadv0: Adding interface: batadv_slave_0
[  100.669142][ T4942] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  100.713058][ T4942] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  100.742186][ T4942] batman_adv: batadv0: Adding interface: batadv_slave_1
[  100.758101][ T4942] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  100.818088][ T4942] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  100.896056][ T4942] device hsr_slave_0 entered promiscuous mode
[  100.915209][ T4942] device hsr_slave_1 entered promiscuous mode
[  100.925619][ T4942] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  100.934305][ T4942] Cannot create hsr debugfs directory
[  101.116227][ T4942] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.168156][ T4810] Bluetooth: hci0: command 0x0409 tx timeout
[  104.243838][ T4942] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.248162][ T4809] Bluetooth: hci0: command 0x041b tx timeout
[  104.483130][ T4942] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.525158][ T4942] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.605197][ T4942] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  104.615983][ T4942] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  104.625025][ T4942] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  104.634573][ T4942] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  104.687551][ T4942] 8021q: adding VLAN 0 to HW filter on device bond0
[  104.699363][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  104.707287][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  104.725649][ T4942] 8021q: adding VLAN 0 to HW filter on device team0
[  104.737652][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  104.746698][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  104.756759][ T1225] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.763862][ T1225] bridge0: port 1(bridge_slave_0) entered forwarding state
[  104.773215][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  104.789740][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  104.798750][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  104.807025][ T1225] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.814133][ T1225] bridge0: port 2(bridge_slave_1) entered forwarding state
[  104.822206][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  104.838738][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  104.849856][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  104.860072][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  104.874836][ T4942] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  104.885945][ T4942] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  104.898638][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  104.906497][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  104.915715][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  104.924694][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  104.933786][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  104.942586][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  104.951202][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  104.959558][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  105.043789][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  105.051487][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  105.063951][ T4942] 8021q: adding VLAN 0 to HW filter on device batadv0
[  105.085324][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  105.094297][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  105.116526][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  105.125116][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  105.134232][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  105.142437][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  105.154594][  T145] device hsr_slave_0 left promiscuous mode
[  105.161132][  T145] device hsr_slave_1 left promiscuous mode
[  105.167612][  T145] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  105.175710][  T145] batman_adv: batadv0: Removing interface: batadv_slave_0
[  105.184367][  T145] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  105.191994][  T145] batman_adv: batadv0: Removing interface: batadv_slave_1
[  105.199812][  T145] device bridge_slave_1 left promiscuous mode
[  105.206295][  T145] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.215594][  T145] device bridge_slave_0 left promiscuous mode
[  105.222146][  T145] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.232299][  T145] device veth1_macvtap left promiscuous mode
[  105.238777][  T145] device veth0_macvtap left promiscuous mode
[  105.244859][  T145] device veth1_vlan left promiscuous mode
[  105.250865][  T145] device veth0_vlan left promiscuous mode
[  105.352905][  T145] team0 (unregistering): Port device team_slave_1 removed
[  105.364860][  T145] team0 (unregistering): Port device team_slave_0 removed
[  105.375694][  T145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  105.387946][  T145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  105.432897][  T145] bond0 (unregistering): Released all slaves
[  105.472319][ T4942] device veth0_vlan entered promiscuous mode
[  105.483773][ T4942] device veth1_vlan entered promiscuous mode
[  105.502180][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  105.510512][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  105.518710][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  105.527112][ T1225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  105.536970][ T4942] device veth0_macvtap entered promiscuous mode
[  105.548735][ T4942] device veth1_macvtap entered promiscuous mode
[  105.572121][ T4942] batman_adv: batadv0: Interface activated: batadv_slave_0
[  105.579899][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  105.588114][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  105.595965][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  105.604942][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  105.615595][ T4942] batman_adv: batadv0: Interface activated: batadv_slave_1
[  105.624125][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  105.633521][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  105.644887][ T4942] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  105.654186][ T4942] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  105.663377][ T4942] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  105.672507][ T4942] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  105.734931][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.751157][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.758665][ T4408] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.766658][ T4408] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.769673][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
2025/10/19 16:36:54 executed programs: 2
[  105.809867][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  106.328067][ T4809] Bluetooth: hci0: command 0x040f tx timeout
[  108.408432][ T4813] Bluetooth: hci0: command 0x0419 tx timeout
2025/10/19 16:36:59 executed programs: 8
[  112.675567][ T4408] ==================================================================
[  112.683762][ T4408] BUG: KASAN: use-after-free in __lock_acquire+0xf7/0x7c60
[  112.690993][ T4408] Read of size 8 at addr ffff888079822da0 by task kworker/u4:5/4408
[  112.698949][ T4408] 
[  112.701268][ T4408] CPU: 0 PID: 4408 Comm: kworker/u4:5 Not tainted syzkaller #0
[  112.708788][ T4408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  112.718828][ T4408] Workqueue: kkcmd kcm_tx_work
[  112.723602][ T4408] Call Trace:
[  112.727005][ T4408]  <TASK>
[  112.730054][ T4408]  dump_stack_lvl+0x168/0x230
[  112.734764][ T4408]  ? show_regs_print_info+0x20/0x20
[  112.740004][ T4408]  ? load_image+0x3b0/0x3b0
[  112.744493][ T4408]  ? _raw_spin_lock_irqsave+0xb0/0xf0
[  112.750235][ T4408]  print_address_description+0x60/0x2d0
[  112.755808][ T4408]  ? __lock_acquire+0xf7/0x7c60
[  112.760733][ T4408]  kasan_report+0xdf/0x130
[  112.765273][ T4408]  ? __lock_acquire+0xf7/0x7c60
[  112.770210][ T4408]  __lock_acquire+0xf7/0x7c60
[  112.774995][ T4408]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  112.781056][ T4408]  ? lock_chain_count+0x20/0x20
[  112.785900][ T4408]  ? finish_lock_switch+0x12f/0x280
[  112.791177][ T4408]  ? lockdep_hardirqs_on+0x94/0x140
[  112.796373][ T4408]  ? finish_lock_switch+0x12f/0x280
[  112.801556][ T4408]  ? verify_lock_unused+0x140/0x140
[  112.806882][ T4408]  ? finish_task_switch+0x12f/0x640
[  112.812064][ T4408]  ? __switch_to_asm+0x34/0x60
[  112.816817][ T4408]  ? __schedule+0x11c3/0x4390
[  112.821475][ T4408]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  112.827437][ T4408]  lock_acquire+0x197/0x3f0
[  112.831926][ T4408]  ? __lock_sock+0x152/0x2a0
[  112.836528][ T4408]  ? lockdep_hardirqs_on_prepare+0x760/0x760
[  112.842528][ T4408]  ? __local_bh_disable_ip+0xfb/0x190
[  112.847996][ T4408]  ? read_lock_is_recursive+0x10/0x10
[  112.853369][ T4408]  ? __local_bh_enable_ip+0x12a/0x1b0
[  112.858722][ T4408]  ? kthread_data+0x4b/0xc0
[  112.863224][ T4408]  ? kthread_data+0x4b/0xc0
[  112.867706][ T4408]  ? __lock_sock+0x152/0x2a0
[  112.872285][ T4408]  _raw_spin_lock_bh+0x32/0x50
[  112.877120][ T4408]  ? __lock_sock+0x152/0x2a0
[  112.881693][ T4408]  __lock_sock+0x152/0x2a0
[  112.886113][ T4408]  ? sk_page_frag_refill+0x200/0x200
[  112.891492][ T4408]  ? do_raw_spin_lock+0x11d/0x280
[  112.896521][ T4408]  ? init_wait_entry+0xd0/0xd0
[  112.901388][ T4408]  ? __rwlock_init+0x140/0x140
[  112.906240][ T4408]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  112.912382][ T4408]  ? lock_sock_nested+0x68/0x100
[  112.917407][ T4408]  lock_sock_nested+0x9d/0x100
[  112.922441][ T4408]  kcm_tx_work+0x2d/0x180
[  112.926862][ T4408]  process_one_work+0x863/0x1000
[  112.931885][ T4408]  ? worker_detach_from_pool+0x240/0x240
[  112.937506][ T4408]  ? lockdep_hardirqs_off+0x70/0x100
[  112.943038][ T4408]  ? _raw_spin_lock_irq+0xab/0xe0
[  112.948226][ T4408]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  112.953681][ T4408]  ? wq_worker_running+0x97/0x170
[  112.958716][ T4408]  worker_thread+0xaa8/0x12a0
[  112.963374][ T4408]  ? _raw_spin_unlock_irqrestore+0x82/0x100
[  112.969249][ T4408]  ? lockdep_hardirqs_on+0x94/0x140
[  112.974432][ T4408]  ? lockdep_hardirqs_on+0x94/0x140
[  112.979624][ T4408]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  112.985590][ T4408]  kthread+0x436/0x520
[  112.989644][ T4408]  ? rcu_lock_release+0x20/0x20
[  112.994482][ T4408]  ? kthread_blkcg+0xd0/0xd0
[  112.999147][ T4408]  ret_from_fork+0x1f/0x30
[  113.003849][ T4408]  </TASK>
[  113.006948][ T4408] 
[  113.009283][ T4408] Allocated by task 5233:
[  113.013678][ T4408]  __kasan_slab_alloc+0x9c/0xd0
[  113.018644][ T4408]  slab_post_alloc_hook+0x4c/0x380
[  113.023832][ T4408]  kmem_cache_alloc+0x100/0x290
[  113.028668][ T4408]  sk_prot_alloc+0x57/0x210
[  113.033250][ T4408]  sk_alloc+0x2f/0x310
[  113.037418][ T4408]  kcm_ioctl+0x211/0xff0
[  113.041648][ T4408]  sock_do_ioctl+0xd3/0x2f0
[  113.046350][ T4408]  sock_ioctl+0x4ed/0x6e0
[  113.050680][ T4408]  __se_sys_ioctl+0xfa/0x170
[  113.055279][ T4408]  do_syscall_64+0x4c/0xa0
[  113.059698][ T4408]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  113.065802][ T4408] 
[  113.068116][ T4408] Freed by task 5234:
[  113.072099][ T4408]  kasan_set_track+0x4b/0x70
[  113.076669][ T4408]  kasan_set_free_info+0x1f/0x40
[  113.081675][ T4408]  ____kasan_slab_free+0xd5/0x110
[  113.086679][ T4408]  slab_free_freelist_hook+0xea/0x170
[  113.092033][ T4408]  kmem_cache_free+0x8f/0x210
[  113.096790][ T4408]  __sk_destruct+0x569/0x840
[  113.101353][ T4408]  kcm_release+0x51a/0x5b0
[  113.105748][ T4408]  sock_close+0xd5/0x240
[  113.109979][ T4408]  __fput+0x234/0x930
[  113.113964][ T4408]  task_work_run+0x125/0x1a0
[  113.118535][ T4408]  exit_to_user_mode_loop+0x10f/0x130
[  113.123985][ T4408]  exit_to_user_mode_prepare+0xee/0x180
[  113.129526][ T4408]  syscall_exit_to_user_mode+0x16/0x40
[  113.135065][ T4408]  do_syscall_64+0x58/0xa0
[  113.139461][ T4408]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  113.145340][ T4408] 
[  113.147646][ T4408] Last potentially related work creation:
[  113.153358][ T4408]  kasan_save_stack+0x35/0x60
[  113.158032][ T4408]  kasan_record_aux_stack+0xb8/0x100
[  113.163297][ T4408]  insert_work+0x54/0x3d0
[  113.167630][ T4408]  __queue_work+0x9c5/0xd50
[  113.172130][ T4408]  queue_work_on+0x11d/0x1d0
[  113.176706][ T4408]  kcm_unattach+0x85e/0xe80
[  113.181441][ T4408]  kcm_ioctl+0x78d/0xff0
[  113.185674][ T4408]  sock_do_ioctl+0xd3/0x2f0
[  113.190286][ T4408]  sock_ioctl+0x4ed/0x6e0
[  113.194973][ T4408]  __se_sys_ioctl+0xfa/0x170
[  113.199561][ T4408]  do_syscall_64+0x4c/0xa0
[  113.203958][ T4408]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  113.209945][ T4408] 
[  113.212260][ T4408] Second to last potentially related work creation:
[  113.218821][ T4408]  kasan_save_stack+0x35/0x60
[  113.223566][ T4408]  kasan_record_aux_stack+0xb8/0x100
[  113.228834][ T4408]  insert_work+0x54/0x3d0
[  113.233330][ T4408]  __queue_work+0x9c5/0xd50
[  113.238115][ T4408]  queue_work_on+0x11d/0x1d0
[  113.242688][ T4408]  kcm_ioctl+0xe4b/0xff0
[  113.247020][ T4408]  sock_do_ioctl+0xd3/0x2f0
[  113.251708][ T4408]  sock_ioctl+0x4ed/0x6e0
[  113.256478][ T4408]  __se_sys_ioctl+0xfa/0x170
[  113.261255][ T4408]  do_syscall_64+0x4c/0xa0
[  113.265655][ T4408]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  113.271535][ T4408] 
[  113.273847][ T4408] The buggy address belongs to the object at ffff888079822d00
[  113.273847][ T4408]  which belongs to the cache KCM of size 1736
[  113.287372][ T4408] The buggy address is located 160 bytes inside of
[  113.287372][ T4408]  1736-byte region [ffff888079822d00, ffff8880798233c8)
[  113.301192][ T4408] The buggy address belongs to the page:
[  113.306823][ T4408] page:ffffea0001e60800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x79820
[  113.317425][ T4408] head:ffffea0001e60800 order:3 compound_mapcount:0 compound_pincount:0
[  113.325794][ T4408] memcg:ffff88801a3aec01
[  113.330024][ T4408] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  113.338146][ T4408] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff88802aaaac80
[  113.346924][ T4408] raw: 0000000000000000 0000000080110011 00000001ffffffff ffff88801a3aec01
[  113.355752][ T4408] page dumped because: kasan: bad access detected
[  113.362374][ T4408] page_owner tracks the page as allocated
[  113.368197][ T4408] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5200, ts 105844366679, free_ts 105804985200
[  113.388840][ T4408]  get_page_from_freelist+0x1b77/0x1c60
[  113.394567][ T4408]  __alloc_pages+0x1e1/0x470
[  113.399260][ T4408]  new_slab+0xc0/0x4b0
[  113.403323][ T4408]  ___slab_alloc+0x81e/0xdf0
[  113.407925][ T4408]  kmem_cache_alloc+0x195/0x290
[  113.412871][ T4408]  sk_prot_alloc+0x57/0x210
[  113.417396][ T4408]  sk_alloc+0x2f/0x310
[  113.421457][ T4408]  kcm_create+0xfc/0x570
[  113.425679][ T4408]  __sock_create+0x47b/0x900
[  113.430266][ T4408]  __sys_socket+0xe2/0x170
[  113.435000][ T4408]  __x64_sys_socket+0x76/0x80
[  113.439670][ T4408]  do_syscall_64+0x4c/0xa0
[  113.444282][ T4408]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  113.450264][ T4408] page last free stack trace:
[  113.455048][ T4408]  free_unref_page_prepare+0x637/0x6c0
[  113.460946][ T4408]  free_unref_page+0x94/0x280
[  113.465617][ T4408]  __unfreeze_partials+0x1a5/0x200
[  113.470712][ T4408]  put_cpu_partial+0x12d/0x190
[  113.475465][ T4408]  qlist_free_all+0x35/0x90
[  113.480297][ T4408]  kasan_quarantine_reduce+0x150/0x160
[  113.485983][ T4408]  __kasan_slab_alloc+0x2f/0xd0
[  113.490817][ T4408]  slab_post_alloc_hook+0x4c/0x380
[  113.496009][ T4408]  __kmalloc+0x127/0x330
[  113.500244][ T4408]  fib6_info_alloc+0x2e/0xe0
[  113.504813][ T4408]  ip6_route_info_create+0x44f/0x1210
[  113.510180][ T4408]  ip6_route_add+0x24/0x130
[  113.514667][ T4408]  addrconf_add_dev+0x250/0x350
[  113.519495][ T4408]  addrconf_init_auto_addrs+0x5f8/0xa80
[  113.525021][ T4408]  addrconf_notify+0xa6b/0xf00
[  113.529771][ T4408]  raw_notifier_call_chain+0xcb/0x160
[  113.535208][ T4408] 
[  113.537522][ T4408] Memory state around the buggy address:
[  113.543131][ T4408]  ffff888079822c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  113.551197][ T4408]  ffff888079822d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  113.559248][ T4408] >ffff888079822d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  113.567291][ T4408]                                ^
[  113.572467][ T4408]  ffff888079822e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  113.580505][ T4408]  ffff888079822e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  113.588853][ T4408] ==================================================================
[  113.596935][ T4408] Disabling lock debugging due to kernel taint
[  113.603099][ T4408] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  113.610474][ T4408] CPU: 0 PID: 4408 Comm: kworker/u4:5 Tainted: G    B             syzkaller #0
[  113.619414][ T4408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  113.629636][ T4408] Workqueue: kkcmd kcm_tx_work
[  113.634416][ T4408] Call Trace:
[  113.637690][ T4408]  <TASK>
[  113.640694][ T4408]  dump_stack_lvl+0x168/0x230
[  113.645482][ T4408]  ? show_regs_print_info+0x20/0x20
[  113.650965][ T4408]  ? load_image+0x3b0/0x3b0
[  113.655462][ T4408]  panic+0x2c9/0x7f0
[  113.659359][ T4408]  ? bpf_jit_dump+0xd0/0xd0
[  113.663934][ T4408]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  113.669979][ T4408]  ? _raw_spin_unlock+0x40/0x40
[  113.674833][ T4408]  ? __lock_acquire+0xf7/0x7c60
[  113.679804][ T4408]  check_panic_on_warn+0x80/0xa0
[  113.684740][ T4408]  ? __lock_acquire+0xf7/0x7c60
[  113.689591][ T4408]  end_report+0x6d/0xf0
[  113.693795][ T4408]  kasan_report+0x102/0x130
[  113.698278][ T4408]  ? __lock_acquire+0xf7/0x7c60
[  113.703317][ T4408]  __lock_acquire+0xf7/0x7c60
[  113.708073][ T4408]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  113.714064][ T4408]  ? lock_chain_count+0x20/0x20
[  113.718906][ T4408]  ? finish_lock_switch+0x12f/0x280
[  113.724187][ T4408]  ? lockdep_hardirqs_on+0x94/0x140
[  113.729507][ T4408]  ? finish_lock_switch+0x12f/0x280
[  113.734787][ T4408]  ? verify_lock_unused+0x140/0x140
[  113.739972][ T4408]  ? finish_task_switch+0x12f/0x640
[  113.745154][ T4408]  ? __switch_to_asm+0x34/0x60
[  113.749901][ T4408]  ? __schedule+0x11c3/0x4390
[  113.754559][ T4408]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  113.760529][ T4408]  lock_acquire+0x197/0x3f0
[  113.765119][ T4408]  ? __lock_sock+0x152/0x2a0
[  113.769963][ T4408]  ? lockdep_hardirqs_on_prepare+0x760/0x760
[  113.775930][ T4408]  ? __local_bh_disable_ip+0xfb/0x190
[  113.781426][ T4408]  ? read_lock_is_recursive+0x10/0x10
[  113.786839][ T4408]  ? __local_bh_enable_ip+0x12a/0x1b0
[  113.792313][ T4408]  ? kthread_data+0x4b/0xc0
[  113.796811][ T4408]  ? kthread_data+0x4b/0xc0
[  113.801306][ T4408]  ? __lock_sock+0x152/0x2a0
[  113.805885][ T4408]  _raw_spin_lock_bh+0x32/0x50
[  113.810649][ T4408]  ? __lock_sock+0x152/0x2a0
[  113.815306][ T4408]  __lock_sock+0x152/0x2a0
[  113.819734][ T4408]  ? sk_page_frag_refill+0x200/0x200
[  113.824997][ T4408]  ? do_raw_spin_lock+0x11d/0x280
[  113.830001][ T4408]  ? init_wait_entry+0xd0/0xd0
[  113.834756][ T4408]  ? __rwlock_init+0x140/0x140
[  113.839584][ T4408]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  113.845633][ T4408]  ? lock_sock_nested+0x68/0x100
[  113.850551][ T4408]  lock_sock_nested+0x9d/0x100
[  113.855302][ T4408]  kcm_tx_work+0x2d/0x180
[  113.859701][ T4408]  process_one_work+0x863/0x1000
[  113.864659][ T4408]  ? worker_detach_from_pool+0x240/0x240
[  113.870394][ T4408]  ? lockdep_hardirqs_off+0x70/0x100
[  113.875695][ T4408]  ? _raw_spin_lock_irq+0xab/0xe0
[  113.880789][ T4408]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  113.886232][ T4408]  ? wq_worker_running+0x97/0x170
[  113.891327][ T4408]  worker_thread+0xaa8/0x12a0
[  113.895994][ T4408]  ? _raw_spin_unlock_irqrestore+0x82/0x100
[  113.901908][ T4408]  ? lockdep_hardirqs_on+0x94/0x140
[  113.907143][ T4408]  ? lockdep_hardirqs_on+0x94/0x140
[  113.912323][ T4408]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  113.918198][ T4408]  kthread+0x436/0x520
[  113.922248][ T4408]  ? rcu_lock_release+0x20/0x20
[  113.927181][ T4408]  ? kthread_blkcg+0xd0/0xd0
[  113.931844][ T4408]  ret_from_fork+0x1f/0x30
[  113.936248][ T4408]  </TASK>
[  113.939498][ T4408] Kernel Offset: disabled
[  113.943855][ T4408] Rebooting in 86400 seconds..