[   84.086505][  T144] device veth1_macvtap left promiscuous mode
[   84.092800][  T144] device veth0_macvtap left promiscuous mode
[   84.099532][  T144] device veth1_vlan left promiscuous mode
[   84.105374][  T144] device veth0_vlan left promiscuous mode
[   84.307153][  T144] team0 (unregistering): Port device team_slave_1 removed
[   84.324635][  T144] team0 (unregistering): Port device team_slave_0 removed
[   84.337341][  T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   84.353466][  T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   84.408559][  T144] bond0 (unregistering): Released all slaves
[   86.689855][    T7] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.1.59' (ED25519) to the list of known hosts.
2025/08/10 12:53:53 ignoring optional flag "sandboxArg"="0"
2025/08/10 12:53:54 parsed 1 programs
[  105.747352][ T4645] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[  107.516016][ T4663] chnl_net:caif_netlink_parms(): no params data found
[  107.562372][ T4663] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.569877][ T4663] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.577721][ T4663] device bridge_slave_0 entered promiscuous mode
[  107.586712][ T4663] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.593893][ T4663] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.601936][ T4663] device bridge_slave_1 entered promiscuous mode
[  107.625812][ T4663] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  107.636748][ T4663] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  107.661455][ T4663] team0: Port device team_slave_0 added
[  107.671649][ T4663] team0: Port device team_slave_1 added
[  107.691194][ T4663] batman_adv: batadv0: Adding interface: batadv_slave_0
[  107.698304][ T4663] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.724506][ T4663] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  107.739449][ T4663] batman_adv: batadv0: Adding interface: batadv_slave_1
[  107.746447][ T4663] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.772561][ T4663] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  107.805785][ T4663] device hsr_slave_0 entered promiscuous mode
[  107.812906][ T4663] device hsr_slave_1 entered promiscuous mode
[  108.546317][ T4663] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  108.561191][ T4663] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  108.581885][ T4663] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  108.601140][ T4663] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  108.747820][ T4663] 8021q: adding VLAN 0 to HW filter on device bond0
[  108.765123][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  108.773826][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  108.792818][ T4663] 8021q: adding VLAN 0 to HW filter on device team0
[  108.805425][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  108.815501][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  108.830852][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.837994][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[  108.859177][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  108.868251][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  108.877067][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  108.886039][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.893201][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  108.906918][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  108.922201][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  108.933726][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  108.943707][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  108.962201][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  108.971162][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  108.982465][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  108.992730][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  109.001732][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  109.016403][ T4663] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  109.029263][ T4663] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  109.037531][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  109.048405][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  109.269789][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  109.277413][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  109.304597][ T4663] 8021q: adding VLAN 0 to HW filter on device batadv0
[  109.348599][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  109.367364][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  109.392124][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  109.401748][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  109.420184][ T4663] device veth0_vlan entered promiscuous mode
[  109.428220][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  109.449219][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  109.472932][ T4663] device veth1_vlan entered promiscuous mode
[  109.520160][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  109.537031][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  109.545853][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  109.554605][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  109.565492][ T4663] device veth0_macvtap entered promiscuous mode
[  109.577002][ T4663] device veth1_macvtap entered promiscuous mode
[  109.602340][ T4663] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.610167][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  109.620732][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  109.634035][ T4663] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.643626][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  109.653196][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  109.664775][ T4663] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  109.691810][ T4663] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  109.702119][ T4663] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  109.711246][ T4663] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  112.274555][ T4288] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.295865][ T4288] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  112.320670][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  112.332675][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.343893][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  112.354278][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  112.395829][    T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/08/10 12:54:06 executed programs: 0
[  113.556926][ T4900] chnl_net:caif_netlink_parms(): no params data found
[  113.623298][ T4900] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.630552][ T4900] bridge0: port 1(bridge_slave_0) entered disabled state
[  113.639628][ T4900] device bridge_slave_0 entered promiscuous mode
[  113.649970][ T4900] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.657168][ T4900] bridge0: port 2(bridge_slave_1) entered disabled state
[  113.665701][ T4900] device bridge_slave_1 entered promiscuous mode
[  113.697519][ T4900] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  113.712686][ T4900] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  113.747503][ T4900] team0: Port device team_slave_0 added
[  113.759085][ T4900] team0: Port device team_slave_1 added
[  113.786175][ T4900] batman_adv: batadv0: Adding interface: batadv_slave_0
[  113.796278][ T4900] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  113.833097][ T4900] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  113.845869][ T4900] batman_adv: batadv0: Adding interface: batadv_slave_1
[  113.857294][ T4900] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  113.886000][ T4900] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  113.934424][ T4900] device hsr_slave_0 entered promiscuous mode
[  113.944008][ T4900] device hsr_slave_1 entered promiscuous mode
[  113.951060][ T4900] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  113.961425][ T4900] Cannot create hsr debugfs directory
[  114.053690][    T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.134133][    T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.225667][    T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  115.040639][ T4900] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  115.083112][ T4900] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  115.095809][ T4900] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  115.107152][ T4900] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  115.204829][ T4900] 8021q: adding VLAN 0 to HW filter on device bond0
[  115.232582][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  115.243440][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  115.256356][ T4900] 8021q: adding VLAN 0 to HW filter on device team0
[  115.267107][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  115.277317][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  115.286976][  T154] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.294222][  T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[  115.329941][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  115.339405][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  115.348955][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  115.357485][  T154] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.364939][  T154] bridge0: port 2(bridge_slave_1) entered forwarding state
[  115.375876][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  115.418501][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  115.427774][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  115.437415][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  115.449795][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  115.470193][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  115.479153][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  115.487839][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  115.488164][   T21] Bluetooth: hci0: command 0x0409 tx timeout
[  115.503577][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  115.512775][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  115.522249][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  115.533876][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  115.724564][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  115.732492][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  115.748542][ T4900] 8021q: adding VLAN 0 to HW filter on device batadv0
[  115.763207][    T9] device hsr_slave_0 left promiscuous mode
[  115.770277][    T9] device hsr_slave_1 left promiscuous mode
[  115.776890][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  115.785138][    T9] batman_adv: batadv0: Removing interface: batadv_slave_0
[  115.795484][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  115.804098][    T9] batman_adv: batadv0: Removing interface: batadv_slave_1
[  115.815092][    T9] device bridge_slave_1 left promiscuous mode
[  115.821686][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.833328][    T9] device bridge_slave_0 left promiscuous mode
[  115.840697][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.857212][    T9] device veth1_macvtap left promiscuous mode
[  115.863389][    T9] device veth0_macvtap left promiscuous mode
[  115.872530][    T9] device veth1_vlan left promiscuous mode
[  115.878494][    T9] device veth0_vlan left promiscuous mode
[  116.105861][    T9] team0 (unregistering): Port device team_slave_1 removed
[  116.125291][    T9] team0 (unregistering): Port device team_slave_0 removed
[  116.142346][    T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  116.161637][    T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  116.251484][    T9] bond0 (unregistering): Released all slaves
[  116.329774][ T1133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  116.340916][ T1133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  116.364518][ T1133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  116.375293][ T1133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  116.388873][ T1133] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  116.397458][ T1133] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  116.409919][ T4900] device veth0_vlan entered promiscuous mode
[  116.433267][ T4900] device veth1_vlan entered promiscuous mode
[  116.476126][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  116.488996][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  116.502096][ T4900] device veth0_macvtap entered promiscuous mode
[  116.514541][ T4900] device veth1_macvtap entered promiscuous mode
[  116.549582][ T4900] batman_adv: batadv0: Interface activated: batadv_slave_0
[  116.557335][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  116.566252][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  116.575714][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  116.585666][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  116.600783][ T4900] batman_adv: batadv0: Interface activated: batadv_slave_1
[  116.617367][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  116.645226][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  116.659553][ T4900] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  116.669405][ T4900] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  116.679392][ T4900] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  116.688736][ T4900] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  116.793163][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.807770][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.830390][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  116.853025][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.869314][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.885058][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  117.568011][ T4235] Bluetooth: hci0: command 0x041b tx timeout
2025/08/10 12:54:11 executed programs: 4
[  118.726769][ T1133] ==================================================================
[  118.734906][ T1133] BUG: KASAN: use-after-free in __lock_acquire+0xf7/0x7c60
[  118.742117][ T1133] Read of size 8 at addr ffff88807bef9660 by task kworker/u4:3/1133
[  118.750089][ T1133] 
[  118.752415][ T1133] CPU: 0 PID: 1133 Comm: kworker/u4:3 Not tainted 5.15.189-syzkaller #0
[  118.760755][ T1133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  118.770813][ T1133] Workqueue: kkcmd kcm_tx_work
[  118.775593][ T1133] Call Trace:
[  118.779162][ T1133]  <TASK>
[  118.782098][ T1133]  dump_stack_lvl+0x168/0x230
[  118.786880][ T1133]  ? show_regs_print_info+0x20/0x20
[  118.792083][ T1133]  ? load_image+0x3b0/0x3b0
[  118.796590][ T1133]  ? _raw_spin_lock_irqsave+0xb0/0xf0
[  118.802013][ T1133]  print_address_description+0x60/0x2d0
[  118.807574][ T1133]  ? __lock_acquire+0xf7/0x7c60
[  118.812431][ T1133]  kasan_report+0xdf/0x130
[  118.816854][ T1133]  ? __lock_acquire+0xf7/0x7c60
[  118.821719][ T1133]  __lock_acquire+0xf7/0x7c60
[  118.826420][ T1133]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  118.832495][ T1133]  ? lock_chain_count+0x20/0x20
[  118.837373][ T1133]  ? finish_lock_switch+0x12f/0x280
[  118.842608][ T1133]  ? lockdep_hardirqs_on+0x94/0x140
[  118.847815][ T1133]  ? finish_lock_switch+0x12f/0x280
[  118.853034][ T1133]  ? verify_lock_unused+0x140/0x140
[  118.858256][ T1133]  ? finish_task_switch+0x12f/0x640
[  118.863619][ T1133]  ? __switch_to_asm+0x34/0x60
[  118.868400][ T1133]  ? __schedule+0x11c0/0x43b0
[  118.873112][ T1133]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  118.879132][ T1133]  lock_acquire+0x197/0x3f0
[  118.883680][ T1133]  ? __lock_sock+0x152/0x2a0
[  118.888287][ T1133]  ? lockdep_hardirqs_on_prepare+0x760/0x760
[  118.894294][ T1133]  ? __local_bh_disable_ip+0xfb/0x190
[  118.899945][ T1133]  ? read_lock_is_recursive+0x10/0x10
[  118.905337][ T1133]  ? __local_bh_enable_ip+0x12a/0x1b0
[  118.910719][ T1133]  ? kthread_data+0x4b/0xc0
[  118.915257][ T1133]  ? kthread_data+0x4b/0xc0
[  118.919785][ T1133]  ? __lock_sock+0x152/0x2a0
[  118.924377][ T1133]  _raw_spin_lock_bh+0x32/0x50
[  118.929237][ T1133]  ? __lock_sock+0x152/0x2a0
[  118.933847][ T1133]  __lock_sock+0x152/0x2a0
[  118.938271][ T1133]  ? sk_page_frag_refill+0x200/0x200
[  118.943602][ T1133]  ? do_raw_spin_lock+0x11d/0x280
[  118.948629][ T1133]  ? init_wait_entry+0xd0/0xd0
[  118.953394][ T1133]  ? __rwlock_init+0x140/0x140
[  118.958155][ T1133]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  118.964243][ T1133]  ? lock_sock_nested+0x68/0x100
[  118.969199][ T1133]  lock_sock_nested+0x9d/0x100
[  118.973973][ T1133]  kcm_tx_work+0x2d/0x180
[  118.978309][ T1133]  process_one_work+0x863/0x1000
[  118.983293][ T1133]  ? worker_detach_from_pool+0x240/0x240
[  118.988935][ T1133]  ? lockdep_hardirqs_off+0x70/0x100
[  118.994227][ T1133]  ? _raw_spin_lock_irq+0xab/0xe0
[  118.999262][ T1133]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  119.004676][ T1133]  ? wq_worker_running+0x97/0x170
[  119.009705][ T1133]  worker_thread+0xaa8/0x12a0
[  119.014386][ T1133]  ? _raw_spin_unlock_irqrestore+0x82/0x100
[  119.020282][ T1133]  ? lockdep_hardirqs_on+0x94/0x140
[  119.025481][ T1133]  ? lockdep_hardirqs_on+0x94/0x140
[  119.030710][ T1133]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  119.036611][ T1133]  kthread+0x436/0x520
[  119.040690][ T1133]  ? rcu_lock_release+0x20/0x20
[  119.045580][ T1133]  ? kthread_blkcg+0xd0/0xd0
[  119.050188][ T1133]  ret_from_fork+0x1f/0x30
[  119.054717][ T1133]  </TASK>
[  119.057750][ T1133] 
[  119.060067][ T1133] Allocated by task 5099:
[  119.064389][ T1133]  __kasan_slab_alloc+0x9c/0xd0
[  119.069237][ T1133]  slab_post_alloc_hook+0x4c/0x380
[  119.074787][ T1133]  kmem_cache_alloc+0x100/0x290
[  119.079666][ T1133]  sk_prot_alloc+0x57/0x210
[  119.084171][ T1133]  sk_alloc+0x2f/0x310
[  119.088263][ T1133]  kcm_ioctl+0x211/0xff0
[  119.092501][ T1133]  sock_do_ioctl+0xd3/0x2f0
[  119.097010][ T1133]  sock_ioctl+0x4ed/0x6e0
[  119.101343][ T1133]  __se_sys_ioctl+0xfa/0x170
[  119.105948][ T1133]  do_syscall_64+0x4c/0xa0
[  119.110370][ T1133]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  119.116386][ T1133] 
[  119.118709][ T1133] Freed by task 5100:
[  119.122712][ T1133]  kasan_set_track+0x4b/0x70
[  119.127347][ T1133]  kasan_set_free_info+0x1f/0x40
[  119.132296][ T1133]  ____kasan_slab_free+0xd5/0x110
[  119.137324][ T1133]  slab_free_freelist_hook+0xea/0x170
[  119.142726][ T1133]  kmem_cache_free+0x8f/0x210
[  119.147402][ T1133]  __sk_destruct+0x54b/0x820
[  119.151997][ T1133]  kcm_release+0x51a/0x5b0
[  119.156415][ T1133]  sock_close+0xd5/0x240
[  119.160665][ T1133]  __fput+0x234/0x930
[  119.164644][ T1133]  task_work_run+0x125/0x1a0
[  119.169228][ T1133]  exit_to_user_mode_loop+0x10f/0x130
[  119.174596][ T1133]  exit_to_user_mode_prepare+0xb1/0x140
[  119.180140][ T1133]  syscall_exit_to_user_mode+0x16/0x40
[  119.185688][ T1133]  do_syscall_64+0x58/0xa0
[  119.190131][ T1133]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  119.196112][ T1133] 
[  119.198434][ T1133] Last potentially related work creation:
[  119.204167][ T1133]  kasan_save_stack+0x35/0x60
[  119.208839][ T1133]  kasan_record_aux_stack+0xb8/0x100
[  119.214128][ T1133]  insert_work+0x54/0x3d0
[  119.218483][ T1133]  __queue_work+0x9c5/0xd50
[  119.223017][ T1133]  queue_work_on+0x11d/0x1d0
[  119.227647][ T1133]  kcm_unattach+0x85e/0xe80
[  119.232173][ T1133]  kcm_ioctl+0x78d/0xff0
[  119.236435][ T1133]  sock_do_ioctl+0xd3/0x2f0
[  119.240948][ T1133]  sock_ioctl+0x4ed/0x6e0
[  119.245275][ T1133]  __se_sys_ioctl+0xfa/0x170
[  119.249862][ T1133]  do_syscall_64+0x4c/0xa0
[  119.254273][ T1133]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  119.260171][ T1133] 
[  119.262514][ T1133] Second to last potentially related work creation:
[  119.269222][ T1133]  kasan_save_stack+0x35/0x60
[  119.273934][ T1133]  kasan_record_aux_stack+0xb8/0x100
[  119.279234][ T1133]  insert_work+0x54/0x3d0
[  119.283564][ T1133]  __queue_work+0x9c5/0xd50
[  119.288070][ T1133]  queue_work_on+0x11d/0x1d0
[  119.292685][ T1133]  kcm_ioctl+0xe4b/0xff0
[  119.296965][ T1133]  sock_do_ioctl+0xd3/0x2f0
[  119.301465][ T1133]  sock_ioctl+0x4ed/0x6e0
[  119.305790][ T1133]  __se_sys_ioctl+0xfa/0x170
[  119.310376][ T1133]  do_syscall_64+0x4c/0xa0
[  119.314792][ T1133]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  119.320682][ T1133] 
[  119.323002][ T1133] The buggy address belongs to the object at ffff88807bef95c0
[  119.323002][ T1133]  which belongs to the cache KCM of size 1728
[  119.336440][ T1133] The buggy address is located 160 bytes inside of
[  119.336440][ T1133]  1728-byte region [ffff88807bef95c0, ffff88807bef9c80)
[  119.349798][ T1133] The buggy address belongs to the page:
[  119.355424][ T1133] page:ffffea0001efbe00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7bef8
[  119.365567][ T1133] head:ffffea0001efbe00 order:3 compound_mapcount:0 compound_pincount:0
[  119.373884][ T1133] memcg:ffff88802334a601
[  119.378117][ T1133] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  119.386143][ T1133] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff88802a3c28c0
[  119.394729][ T1133] raw: 0000000000000000 0000000080110011 00000001ffffffff ffff88802334a601
[  119.403300][ T1133] page dumped because: kasan: bad access detected
[  119.409714][ T1133] page_owner tracks the page as allocated
[  119.415458][ T1133] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5060, ts 116979660464, free_ts 116954385815
[  119.436119][ T1133]  get_page_from_freelist+0x1b77/0x1c60
[  119.441719][ T1133]  __alloc_pages+0x1e1/0x470
[  119.446321][ T1133]  new_slab+0xc0/0x4b0
[  119.450386][ T1133]  ___slab_alloc+0x81e/0xdf0
[  119.454965][ T1133]  kmem_cache_alloc+0x195/0x290
[  119.459812][ T1133]  sk_prot_alloc+0x57/0x210
[  119.464316][ T1133]  sk_alloc+0x2f/0x310
[  119.468401][ T1133]  kcm_create+0xfc/0x570
[  119.472638][ T1133]  __sock_create+0x47b/0x900
[  119.477233][ T1133]  __sys_socket+0xe2/0x170
[  119.481650][ T1133]  __x64_sys_socket+0x76/0x80
[  119.486322][ T1133]  do_syscall_64+0x4c/0xa0
[  119.490735][ T1133]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  119.496652][ T1133] page last free stack trace:
[  119.501327][ T1133]  free_unref_page_prepare+0x637/0x6c0
[  119.506804][ T1133]  free_unref_page+0x94/0x280
[  119.511503][ T1133]  __unfreeze_partials+0x1a5/0x200
[  119.516613][ T1133]  put_cpu_partial+0x12d/0x190
[  119.521374][ T1133]  qlist_free_all+0x35/0x90
[  119.525903][ T1133]  kasan_quarantine_reduce+0x150/0x160
[  119.531368][ T1133]  __kasan_slab_alloc+0x2f/0xd0
[  119.536226][ T1133]  slab_post_alloc_hook+0x4c/0x380
[  119.541344][ T1133]  kmem_cache_alloc+0x100/0x290
[  119.546197][ T1133]  getname_flags+0xb5/0x500
[  119.550701][ T1133]  do_sys_openat2+0xcf/0x4a0
[  119.555296][ T1133]  __x64_sys_openat+0x135/0x160
[  119.560151][ T1133]  do_syscall_64+0x4c/0xa0
[  119.564572][ T1133]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  119.570499][ T1133] 
[  119.572826][ T1133] Memory state around the buggy address:
[  119.578488][ T1133]  ffff88807bef9500: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  119.586903][ T1133]  ffff88807bef9580: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  119.595314][ T1133] >ffff88807bef9600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  119.603388][ T1133]                                                        ^
[  119.610579][ T1133]  ffff88807bef9680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  119.618634][ T1133]  ffff88807bef9700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  119.626693][ T1133] ==================================================================
[  119.634768][ T1133] Disabling lock debugging due to kernel taint
[  119.640924][ T1133] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  119.648122][ T1133] CPU: 0 PID: 1133 Comm: kworker/u4:3 Tainted: G    B             5.15.189-syzkaller #0
[  119.657836][ T1133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  119.667983][ T1133] Workqueue: kkcmd kcm_tx_work
[  119.672801][ T1133] Call Trace:
[  119.676083][ T1133]  <TASK>
[  119.679019][ T1133]  dump_stack_lvl+0x168/0x230
[  119.683731][ T1133]  ? show_regs_print_info+0x20/0x20
[  119.689035][ T1133]  ? load_image+0x3b0/0x3b0
[  119.693543][ T1133]  panic+0x2c9/0x7f0
[  119.697440][ T1133]  ? bpf_jit_dump+0xd0/0xd0
[  119.701942][ T1133]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  119.707838][ T1133]  ? _raw_spin_unlock+0x40/0x40
[  119.712691][ T1133]  ? __lock_acquire+0xf7/0x7c60
[  119.717540][ T1133]  check_panic_on_warn+0x80/0xa0
[  119.722478][ T1133]  ? __lock_acquire+0xf7/0x7c60
[  119.727329][ T1133]  end_report+0x6d/0xf0
[  119.731485][ T1133]  kasan_report+0x102/0x130
[  119.735996][ T1133]  ? __lock_acquire+0xf7/0x7c60
[  119.740849][ T1133]  __lock_acquire+0xf7/0x7c60
[  119.745528][ T1133]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  119.751514][ T1133]  ? lock_chain_count+0x20/0x20
[  119.756372][ T1133]  ? finish_lock_switch+0x12f/0x280
[  119.761578][ T1133]  ? lockdep_hardirqs_on+0x94/0x140
[  119.766775][ T1133]  ? finish_lock_switch+0x12f/0x280
[  119.771973][ T1133]  ? verify_lock_unused+0x140/0x140
[  119.777178][ T1133]  ? finish_task_switch+0x12f/0x640
[  119.782378][ T1133]  ? __switch_to_asm+0x34/0x60
[  119.787143][ T1133]  ? __schedule+0x11c0/0x43b0
[  119.791824][ T1133]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  119.797806][ T1133]  lock_acquire+0x197/0x3f0
[  119.802312][ T1133]  ? __lock_sock+0x152/0x2a0
[  119.806897][ T1133]  ? lockdep_hardirqs_on_prepare+0x760/0x760
[  119.812882][ T1133]  ? __local_bh_disable_ip+0xfb/0x190
[  119.818287][ T1133]  ? read_lock_is_recursive+0x10/0x10
[  119.823799][ T1133]  ? __local_bh_enable_ip+0x12a/0x1b0
[  119.829188][ T1133]  ? kthread_data+0x4b/0xc0
[  119.833840][ T1133]  ? kthread_data+0x4b/0xc0
[  119.838367][ T1133]  ? __lock_sock+0x152/0x2a0
[  119.842966][ T1133]  _raw_spin_lock_bh+0x32/0x50
[  119.847743][ T1133]  ? __lock_sock+0x152/0x2a0
[  119.852382][ T1133]  __lock_sock+0x152/0x2a0
[  119.856805][ T1133]  ? sk_page_frag_refill+0x200/0x200
[  119.862356][ T1133]  ? do_raw_spin_lock+0x11d/0x280
[  119.867396][ T1133]  ? init_wait_entry+0xd0/0xd0
[  119.872166][ T1133]  ? __rwlock_init+0x140/0x140
[  119.876941][ T1133]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  119.882967][ T1133]  ? lock_sock_nested+0x68/0x100
[  119.887941][ T1133]  lock_sock_nested+0x9d/0x100
[  119.892708][ T1133]  kcm_tx_work+0x2d/0x180
[  119.897042][ T1133]  process_one_work+0x863/0x1000
[  119.901999][ T1133]  ? worker_detach_from_pool+0x240/0x240
[  119.907669][ T1133]  ? lockdep_hardirqs_off+0x70/0x100
[  119.912967][ T1133]  ? _raw_spin_lock_irq+0xab/0xe0
[  119.917999][ T1133]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  119.923378][ T1133]  ? wq_worker_running+0x97/0x170
[  119.928414][ T1133]  worker_thread+0xaa8/0x12a0
[  119.933102][ T1133]  ? _raw_spin_unlock_irqrestore+0x82/0x100
[  119.939000][ T1133]  ? lockdep_hardirqs_on+0x94/0x140
[  119.944206][ T1133]  ? lockdep_hardirqs_on+0x94/0x140
[  119.949749][ T1133]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  119.955676][ T1133]  kthread+0x436/0x520
[  119.959758][ T1133]  ? rcu_lock_release+0x20/0x20
[  119.964623][ T1133]  ? kthread_blkcg+0xd0/0xd0
[  119.969227][ T1133]  ret_from_fork+0x1f/0x30
[  119.973659][ T1133]  </TASK>
[  119.976954][ T1133] Kernel Offset: disabled
[  119.981541][ T1133] Rebooting in 86400 seconds..