Warning: Permanently added '10.128.0.161' (ED25519) to the list of known hosts.
2025/07/23 10:24:38 ignoring optional flag "sandboxArg"="0"
2025/07/23 10:24:39 parsed 1 programs
[ 69.182915][ T4188] cgroup: Unknown subsys name 'net'
[ 69.341832][ T4188] cgroup: Unknown subsys name 'rlimit'
[ 70.792516][ T4188] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 71.169237][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.175955][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[ 73.097211][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 73.115586][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 73.126280][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 73.143732][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 73.151723][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 73.160650][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 73.417930][ T4233] chnl_net:caif_netlink_parms(): no params data found
[ 73.486056][ T4233] bridge0: port 1(bridge_slave_0) entered blocking state
[ 73.493199][ T4233] bridge0: port 1(bridge_slave_0) entered disabled state
[ 73.503104][ T4233] device bridge_slave_0 entered promiscuous mode
[ 73.514212][ T4233] bridge0: port 2(bridge_slave_1) entered blocking state
[ 73.522758][ T4233] bridge0: port 2(bridge_slave_1) entered disabled state
[ 73.531058][ T4233] device bridge_slave_1 entered promiscuous mode
[ 73.562508][ T4233] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 73.574637][ T4233] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 73.608722][ T4233] team0: Port device team_slave_0 added
[ 73.616967][ T4233] team0: Port device team_slave_1 added
[ 73.641472][ T4233] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 73.648603][ T4233] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 73.674654][ T4233] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 73.688110][ T4233] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 73.695068][ T4233] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 73.721069][ T4233] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 73.759998][ T4233] device hsr_slave_0 entered promiscuous mode
[ 73.766909][ T4233] device hsr_slave_1 entered promiscuous mode
[ 73.894700][ T4233] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 73.906364][ T4233] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 73.916016][ T4233] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 73.925199][ T4233] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 73.967894][ T4233] bridge0: port 2(bridge_slave_1) entered blocking state
[ 73.975128][ T4233] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 73.983182][ T4233] bridge0: port 1(bridge_slave_0) entered blocking state
[ 73.990352][ T4233] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 74.045162][ T4233] 8021q: adding VLAN 0 to HW filter on device bond0
[ 74.058870][ T4229] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 74.068649][ T4229] bridge0: port 1(bridge_slave_0) entered disabled state
[ 74.078291][ T4229] bridge0: port 2(bridge_slave_1) entered disabled state
[ 74.091320][ T4233] 8021q: adding VLAN 0 to HW filter on device team0
[ 74.103487][ T4229] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 74.113985][ T4229] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 74.122710][ T4229] bridge0: port 1(bridge_slave_0) entered blocking state
[ 74.129994][ T4229] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 74.150375][ T4229] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 74.160600][ T4229] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 74.169470][ T4229] bridge0: port 2(bridge_slave_1) entered blocking state
[ 74.176600][ T4229] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 74.186243][ T4229] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 74.199961][ T4229] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 74.222843][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 74.235054][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 74.247651][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 74.261214][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 74.271928][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 74.283535][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 74.298242][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 74.311756][ T4233] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 74.323206][ T4233] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 74.331910][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 74.341511][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 74.433852][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 74.442322][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 74.459508][ T4233] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 74.476906][ T4229] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 74.486082][ T4229] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 74.504550][ T4262] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 74.513057][ T4262] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 74.522211][ T4262] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 74.530929][ T4262] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 74.548271][ T4233] device veth0_vlan entered promiscuous mode
[ 74.559476][ T4233] device veth1_vlan entered promiscuous mode
[ 74.577752][ T4262] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 74.586056][ T4262] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 74.594038][ T4262] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 74.604733][ T4262] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 74.628363][ T4233] device veth0_macvtap entered promiscuous mode
[ 74.638167][ T4233] device veth1_macvtap entered promiscuous mode
[ 74.652937][ T4233] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 74.661078][ T4262] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 74.670160][ T4262] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 74.678165][ T4262] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 74.687308][ T4262] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 74.713605][ T4233] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 74.721445][ T4262] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 74.730730][ T4262] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 74.741928][ T4233] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.751181][ T4233] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.760365][ T4233] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.770761][ T4233] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.886485][ T4233] syz-executor (4233) used greatest stack depth: 21152 bytes left
2025/07/23 10:24:49 executed programs: 0
[ 76.512458][ T4289] chnl_net:caif_netlink_parms(): no params data found
[ 76.572317][ T4289] bridge0: port 1(bridge_slave_0) entered blocking state
[ 76.579592][ T4289] bridge0: port 1(bridge_slave_0) entered disabled state
[ 76.588081][ T4289] device bridge_slave_0 entered promiscuous mode
[ 76.596936][ T4289] bridge0: port 2(bridge_slave_1) entered blocking state
[ 76.604078][ T4289] bridge0: port 2(bridge_slave_1) entered disabled state
[ 76.620543][ T4289] device bridge_slave_1 entered promiscuous mode
[ 76.650474][ T4289] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 76.662043][ T4289] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 76.688974][ T4289] team0: Port device team_slave_0 added
[ 76.698236][ T4289] team0: Port device team_slave_1 added
[ 76.723058][ T4289] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 76.730194][ T4289] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 76.756145][ T4289] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 76.769262][ T4289] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 76.776291][ T4289] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 76.802218][ T4289] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 76.838170][ T4289] device hsr_slave_0 entered promiscuous mode
[ 76.844910][ T4289] device hsr_slave_1 entered promiscuous mode
[ 76.853446][ T4289] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 76.861717][ T4289] Cannot create hsr debugfs directory
[ 76.946768][ T4289] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 78.446315][ T4257] Bluetooth: hci0: command 0x0409 tx timeout
[ 79.734471][ T4289] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 79.790706][ T4289] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 79.854759][ T4289] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 80.010125][ T4289] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 80.020744][ T4289] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 80.030611][ T4289] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 80.057076][ T4289] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 80.123775][ T4289] 8021q: adding VLAN 0 to HW filter on device bond0
[ 80.137268][ T4262] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 80.147338][ T4262] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 80.161948][ T155] device hsr_slave_0 left promiscuous mode
[ 80.168739][ T155] device hsr_slave_1 left promiscuous mode
[ 80.175155][ T155] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 80.182853][ T155] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 80.191085][ T155] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 80.199412][ T155] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 80.207654][ T155] device bridge_slave_1 left promiscuous mode
[ 80.214538][ T155] bridge0: port 2(bridge_slave_1) entered disabled state
[ 80.229288][ T155] device bridge_slave_0 left promiscuous mode
[ 80.235878][ T155] bridge0: port 1(bridge_slave_0) entered disabled state
[ 80.252643][ T155] device veth1_macvtap left promiscuous mode
[ 80.258892][ T155] device veth0_macvtap left promiscuous mode
[ 80.264921][ T155] device veth1_vlan left promiscuous mode
[ 80.271324][ T155] device veth0_vlan left promiscuous mode
[ 80.430888][ T155] team0 (unregistering): Port device team_slave_1 removed
[ 80.442811][ T155] team0 (unregistering): Port device team_slave_0 removed
[ 80.457637][ T155] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 80.477115][ T155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 80.526889][ T4257] Bluetooth: hci0: command 0x041b tx timeout
[ 80.542297][ T155] bond0 (unregistering): Released all slaves
[ 80.581609][ T4289] 8021q: adding VLAN 0 to HW filter on device team0
[ 80.592397][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 80.601078][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 80.612953][ T154] bridge0: port 1(bridge_slave_0) entered blocking state
[ 80.620146][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 80.638108][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 80.647443][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 80.656370][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 80.664794][ T154] bridge0: port 2(bridge_slave_1) entered blocking state
[ 80.671913][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 80.680408][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 80.690754][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 80.702140][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 80.711205][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 80.720909][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 80.731687][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 80.741738][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 80.761420][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 80.770359][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 80.779827][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 80.788739][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 80.798931][ T4289] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 80.897956][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 80.907880][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 80.922545][ T4289] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 80.940546][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 80.949422][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 80.973070][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 80.997514][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 81.010030][ T4289] device veth0_vlan entered promiscuous mode
[ 81.017897][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 81.028779][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 81.041106][ T4289] device veth1_vlan entered promiscuous mode
[ 81.063287][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 81.086961][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 81.095241][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 81.104422][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 81.117933][ T4289] device veth0_macvtap entered promiscuous mode
[ 81.130546][ T4289] device veth1_macvtap entered promiscuous mode
[ 81.156999][ T4289] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 81.164511][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 81.174013][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 81.183983][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 81.193316][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 81.207385][ T4289] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 81.214698][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 81.225566][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 81.237574][ T4289] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.246655][ T4289] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.255645][ T4289] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.264346][ T4289] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.332042][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 81.352768][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 81.376314][ T4262] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 81.385783][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 81.394767][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 81.405504][ T4262] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 81.417913][ T2856] cfg80211: failed to load regulatory.db
2025/07/23 10:24:54 executed programs: 2
[ 82.606047][ T4296] Bluetooth: hci0: command 0x040f tx timeout
[ 84.198239][ T144] ==================================================================
[ 84.206352][ T144] BUG: KASAN: use-after-free in __lock_acquire+0xf7/0x7c60
[ 84.213580][ T144] Read of size 8 at addr ffff88807d9f24e0 by task kworker/u4:1/144
[ 84.221467][ T144]
[ 84.223793][ T144] CPU: 0 PID: 144 Comm: kworker/u4:1 Not tainted 5.15.189-syzkaller #0
[ 84.232022][ T144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 84.242070][ T144] Workqueue: kkcmd kcm_tx_work
[ 84.246854][ T144] Call Trace:
[ 84.250146][ T144]
[ 84.253075][ T144] dump_stack_lvl+0x168/0x230
[ 84.257754][ T144] ? show_regs_print_info+0x20/0x20
[ 84.262951][ T144] ? load_image+0x3b0/0x3b0
[ 84.267453][ T144] ? _raw_spin_lock_irqsave+0xb0/0xf0
[ 84.272825][ T144] print_address_description+0x60/0x2d0
[ 84.278368][ T144] ? __lock_acquire+0xf7/0x7c60
[ 84.283217][ T144] kasan_report+0xdf/0x130
[ 84.287636][ T144] ? __lock_acquire+0xf7/0x7c60
[ 84.292494][ T144] __lock_acquire+0xf7/0x7c60
[ 84.297182][ T144] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 84.303248][ T144] ? lock_chain_count+0x20/0x20
[ 84.308107][ T144] ? finish_lock_switch+0x12f/0x280
[ 84.313321][ T144] ? lockdep_hardirqs_on+0x94/0x140
[ 84.318524][ T144] ? finish_lock_switch+0x12f/0x280
[ 84.323748][ T144] ? verify_lock_unused+0x140/0x140
[ 84.329012][ T144] ? finish_task_switch+0x12f/0x640
[ 84.334301][ T144] ? __switch_to_asm+0x34/0x60
[ 84.339156][ T144] ? __schedule+0x11c0/0x43b0
[ 84.343836][ T144] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 84.349821][ T144] lock_acquire+0x197/0x3f0
[ 84.354323][ T144] ? __lock_sock+0x152/0x2a0
[ 84.358913][ T144] ? lockdep_hardirqs_on_prepare+0x760/0x760
[ 84.364896][ T144] ? __local_bh_disable_ip+0xfb/0x190
[ 84.370265][ T144] ? read_lock_is_recursive+0x10/0x10
[ 84.375643][ T144] ? __local_bh_enable_ip+0x12a/0x1b0
[ 84.381011][ T144] ? kthread_data+0x4b/0xc0
[ 84.385515][ T144] ? kthread_data+0x4b/0xc0
[ 84.390020][ T144] ? __lock_sock+0x152/0x2a0
[ 84.394603][ T144] _raw_spin_lock_bh+0x32/0x50
[ 84.399366][ T144] ? __lock_sock+0x152/0x2a0
[ 84.403954][ T144] __lock_sock+0x152/0x2a0
[ 84.408373][ T144] ? sk_page_frag_refill+0x200/0x200
[ 84.413655][ T144] ? do_raw_spin_lock+0x11d/0x280
[ 84.418676][ T144] ? init_wait_entry+0xd0/0xd0
[ 84.423431][ T144] ? __rwlock_init+0x140/0x140
[ 84.428235][ T144] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 84.434218][ T144] ? lock_sock_nested+0x68/0x100
[ 84.439150][ T144] lock_sock_nested+0x9d/0x100
[ 84.443915][ T144] kcm_tx_work+0x2d/0x180
[ 84.448248][ T144] process_one_work+0x863/0x1000
[ 84.453185][ T144] ? worker_detach_from_pool+0x240/0x240
[ 84.458812][ T144] ? lockdep_hardirqs_off+0x70/0x100
[ 84.464096][ T144] ? _raw_spin_lock_irq+0xab/0xe0
[ 84.469132][ T144] ? _raw_spin_lock_irqsave+0xf0/0xf0
[ 84.474525][ T144] ? wq_worker_running+0x97/0x170
[ 84.479547][ T144] worker_thread+0xaa8/0x12a0
[ 84.484255][ T144] ? _raw_spin_unlock_irqrestore+0x82/0x100
[ 84.490146][ T144] ? lockdep_hardirqs_on+0x94/0x140
[ 84.495355][ T144] ? lockdep_hardirqs_on+0x94/0x140
[ 84.500583][ T144] ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 84.506511][ T144] kthread+0x436/0x520
[ 84.510812][ T144] ? rcu_lock_release+0x20/0x20
[ 84.515669][ T144] ? kthread_blkcg+0xd0/0xd0
[ 84.520263][ T144] ret_from_fork+0x1f/0x30
[ 84.524683][ T144]
[ 84.527710][ T144]
[ 84.530050][ T144] Allocated by task 4328:
[ 84.534364][ T144] __kasan_slab_alloc+0x9c/0xd0
[ 84.539210][ T144] slab_post_alloc_hook+0x4c/0x380
[ 84.544320][ T144] kmem_cache_alloc+0x100/0x290
[ 84.549178][ T144] sk_prot_alloc+0x57/0x210
[ 84.553676][ T144] sk_alloc+0x2f/0x310
[ 84.557735][ T144] kcm_ioctl+0x211/0xff0
[ 84.562399][ T144] sock_do_ioctl+0xd3/0x2f0
[ 84.566898][ T144] sock_ioctl+0x4ed/0x6e0
[ 84.571226][ T144] __se_sys_ioctl+0xfa/0x170
[ 84.575813][ T144] do_syscall_64+0x4c/0xa0
[ 84.580227][ T144] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 84.586117][ T144]
[ 84.588434][ T144] Freed by task 4329:
[ 84.592404][ T144] kasan_set_track+0x4b/0x70
[ 84.596994][ T144] kasan_set_free_info+0x1f/0x40
[ 84.601930][ T144] ____kasan_slab_free+0xd5/0x110
[ 84.606958][ T144] slab_free_freelist_hook+0xea/0x170
[ 84.612339][ T144] kmem_cache_free+0x8f/0x210
[ 84.617012][ T144] __sk_destruct+0x54b/0x820
[ 84.621631][ T144] kcm_release+0x51a/0x5b0
[ 84.626045][ T144] sock_close+0xd5/0x240
[ 84.630281][ T144] __fput+0x234/0x930
[ 84.634250][ T144] task_work_run+0x125/0x1a0
[ 84.638973][ T144] exit_to_user_mode_loop+0x10f/0x130
[ 84.644354][ T144] exit_to_user_mode_prepare+0xb1/0x140
[ 84.649898][ T144] syscall_exit_to_user_mode+0x16/0x40
[ 84.655361][ T144] do_syscall_64+0x58/0xa0
[ 84.659781][ T144] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 84.665672][ T144]
[ 84.668009][ T144] Last potentially related work creation:
[ 84.673719][ T144] kasan_save_stack+0x35/0x60
[ 84.678415][ T144] kasan_record_aux_stack+0xb8/0x100
[ 84.683707][ T144] insert_work+0x54/0x3d0
[ 84.685511][ T4296] Bluetooth: hci0: command 0x0419 tx timeout
[ 84.688035][ T144] __queue_work+0x9c5/0xd50
[ 84.688054][ T144] queue_work_on+0x11d/0x1d0
[ 84.688071][ T144] kcm_unattach+0x85e/0xe80
[ 84.707615][ T144] kcm_ioctl+0x78d/0xff0
[ 84.711860][ T144] sock_do_ioctl+0xd3/0x2f0
[ 84.716388][ T144] sock_ioctl+0x4ed/0x6e0
[ 84.720712][ T144] __se_sys_ioctl+0xfa/0x170
[ 84.725323][ T144] do_syscall_64+0x4c/0xa0
[ 84.729747][ T144] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 84.735635][ T144]
[ 84.737952][ T144] Second to last potentially related work creation:
[ 84.744519][ T144] kasan_save_stack+0x35/0x60
[ 84.749187][ T144] kasan_record_aux_stack+0xb8/0x100
[ 84.754487][ T144] insert_work+0x54/0x3d0
[ 84.758816][ T144] __queue_work+0x9c5/0xd50
[ 84.763328][ T144] queue_work_on+0x11d/0x1d0
[ 84.767913][ T144] kcm_ioctl+0xe4b/0xff0
[ 84.772162][ T144] sock_do_ioctl+0xd3/0x2f0
[ 84.776661][ T144] sock_ioctl+0x4ed/0x6e0
[ 84.780988][ T144] __se_sys_ioctl+0xfa/0x170
[ 84.785576][ T144] do_syscall_64+0x4c/0xa0
[ 84.789992][ T144] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 84.795885][ T144]
[ 84.798218][ T144] The buggy address belongs to the object at ffff88807d9f2440
[ 84.798218][ T144] which belongs to the cache KCM of size 1728
[ 84.811652][ T144] The buggy address is located 160 bytes inside of
[ 84.811652][ T144] 1728-byte region [ffff88807d9f2440, ffff88807d9f2b00)
[ 84.825010][ T144] The buggy address belongs to the page:
[ 84.830633][ T144] page:ffffea0001f67c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7d9f0
[ 84.840778][ T144] head:ffffea0001f67c00 order:3 compound_mapcount:0 compound_pincount:0
[ 84.849092][ T144] memcg:ffff88807c8a8501
[ 84.853346][ T144] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 84.861324][ T144] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff88814c9f33c0
[ 84.869902][ T144] raw: 0000000000000000 0000000080110011 00000001ffffffff ffff88807c8a8501
[ 84.878473][ T144] page dumped because: kasan: bad access detected
[ 84.884904][ T144] page_owner tracks the page as allocated
[ 84.890613][ T144] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 4312, ts 81548300042, free_ts 81472519570
[ 84.911101][ T144] get_page_from_freelist+0x1b77/0x1c60
[ 84.916673][ T144] __alloc_pages+0x1e1/0x470
[ 84.921287][ T144] new_slab+0xc0/0x4b0
[ 84.925358][ T144] ___slab_alloc+0x81e/0xdf0
[ 84.929956][ T144] kmem_cache_alloc+0x195/0x290
[ 84.934819][ T144] sk_prot_alloc+0x57/0x210
[ 84.939328][ T144] sk_alloc+0x2f/0x310
[ 84.943392][ T144] kcm_ioctl+0x211/0xff0
[ 84.947628][ T144] sock_do_ioctl+0xd3/0x2f0
[ 84.952145][ T144] sock_ioctl+0x4ed/0x6e0
[ 84.956466][ T144] __se_sys_ioctl+0xfa/0x170
[ 84.961592][ T144] do_syscall_64+0x4c/0xa0
[ 84.966028][ T144] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 84.971943][ T144] page last free stack trace:
[ 84.976613][ T144] free_unref_page_prepare+0x637/0x6c0
[ 84.982097][ T144] free_unref_page+0x94/0x280
[ 84.986776][ T144] __unfreeze_partials+0x1a5/0x200
[ 84.991918][ T144] put_cpu_partial+0x12d/0x190
[ 84.996691][ T144] qlist_free_all+0x35/0x90
[ 85.001194][ T144] kasan_quarantine_reduce+0x150/0x160
[ 85.006651][ T144] __kasan_slab_alloc+0x2f/0xd0
[ 85.011507][ T144] slab_post_alloc_hook+0x4c/0x380
[ 85.016614][ T144] kmem_cache_alloc+0x100/0x290
[ 85.021467][ T144] getname_flags+0xb5/0x500
[ 85.025983][ T144] do_sys_openat2+0xcf/0x4a0
[ 85.030574][ T144] __x64_sys_openat+0x135/0x160
[ 85.035424][ T144] do_syscall_64+0x4c/0xa0
[ 85.039841][ T144] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 85.045735][ T144]
[ 85.048052][ T144] Memory state around the buggy address:
[ 85.053760][ T144] ffff88807d9f2380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 85.061822][ T144] ffff88807d9f2400: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 85.069881][ T144] >ffff88807d9f2480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 85.077952][ T144] ^
[ 85.085142][ T144] ffff88807d9f2500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 85.093200][ T144] ffff88807d9f2580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 85.101252][ T144] ==================================================================
[ 85.109303][ T144] Disabling lock debugging due to kernel taint
[ 85.115456][ T144] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 85.122647][ T144] CPU: 0 PID: 144 Comm: kworker/u4:1 Tainted: G B 5.15.189-syzkaller #0
[ 85.132273][ T144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 85.142326][ T144] Workqueue: kkcmd kcm_tx_work
[ 85.147095][ T144] Call Trace:
[ 85.150372][ T144]
[ 85.153297][ T144] dump_stack_lvl+0x168/0x230
[ 85.157974][ T144] ? show_regs_print_info+0x20/0x20
[ 85.163170][ T144] ? load_image+0x3b0/0x3b0
[ 85.167679][ T144] panic+0x2c9/0x7f0
[ 85.171576][ T144] ? bpf_jit_dump+0xd0/0xd0
[ 85.176076][ T144] ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 85.181970][ T144] ? _raw_spin_unlock+0x40/0x40
[ 85.186826][ T144] ? __lock_acquire+0xf7/0x7c60
[ 85.191678][ T144] check_panic_on_warn+0x80/0xa0
[ 85.196618][ T144] ? __lock_acquire+0xf7/0x7c60
[ 85.201471][ T144] end_report+0x6d/0xf0
[ 85.205628][ T144] kasan_report+0x102/0x130
[ 85.210134][ T144] ? __lock_acquire+0xf7/0x7c60
[ 85.214983][ T144] __lock_acquire+0xf7/0x7c60
[ 85.219663][ T144] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 85.225645][ T144] ? lock_chain_count+0x20/0x20
[ 85.230503][ T144] ? finish_lock_switch+0x12f/0x280
[ 85.235720][ T144] ? lockdep_hardirqs_on+0x94/0x140
[ 85.240923][ T144] ? finish_lock_switch+0x12f/0x280
[ 85.246121][ T144] ? verify_lock_unused+0x140/0x140
[ 85.251317][ T144] ? finish_task_switch+0x12f/0x640
[ 85.256518][ T144] ? __switch_to_asm+0x34/0x60
[ 85.261284][ T144] ? __schedule+0x11c0/0x43b0
[ 85.265982][ T144] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 85.271979][ T144] lock_acquire+0x197/0x3f0
[ 85.276478][ T144] ? __lock_sock+0x152/0x2a0
[ 85.281066][ T144] ? lockdep_hardirqs_on_prepare+0x760/0x760
[ 85.287048][ T144] ? __local_bh_disable_ip+0xfb/0x190
[ 85.292417][ T144] ? read_lock_is_recursive+0x10/0x10
[ 85.297788][ T144] ? __local_bh_enable_ip+0x12a/0x1b0
[ 85.303156][ T144] ? kthread_data+0x4b/0xc0
[ 85.307668][ T144] ? kthread_data+0x4b/0xc0
[ 85.312172][ T144] ? __lock_sock+0x152/0x2a0
[ 85.316758][ T144] _raw_spin_lock_bh+0x32/0x50
[ 85.321522][ T144] ? __lock_sock+0x152/0x2a0
[ 85.326112][ T144] __lock_sock+0x152/0x2a0
[ 85.330619][ T144] ? sk_page_frag_refill+0x200/0x200
[ 85.335909][ T144] ? do_raw_spin_lock+0x11d/0x280
[ 85.340967][ T144] ? init_wait_entry+0xd0/0xd0
[ 85.345735][ T144] ? __rwlock_init+0x140/0x140
[ 85.350494][ T144] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 85.356473][ T144] ? lock_sock_nested+0x68/0x100
[ 85.361413][ T144] lock_sock_nested+0x9d/0x100
[ 85.366200][ T144] kcm_tx_work+0x2d/0x180
[ 85.370533][ T144] process_one_work+0x863/0x1000
[ 85.375478][ T144] ? worker_detach_from_pool+0x240/0x240
[ 85.381109][ T144] ? lockdep_hardirqs_off+0x70/0x100
[ 85.386394][ T144] ? _raw_spin_lock_irq+0xab/0xe0
[ 85.391420][ T144] ? _raw_spin_lock_irqsave+0xf0/0xf0
[ 85.396798][ T144] ? wq_worker_running+0x97/0x170
[ 85.401823][ T144] worker_thread+0xaa8/0x12a0
[ 85.406499][ T144] ? _raw_spin_unlock_irqrestore+0x82/0x100
[ 85.412407][ T144] ? lockdep_hardirqs_on+0x94/0x140
[ 85.417609][ T144] ? lockdep_hardirqs_on+0x94/0x140
[ 85.422821][ T144] ? _raw_spin_unlock_irqrestore+0xaa/0x100
[ 85.428733][ T144] kthread+0x436/0x520
[ 85.432829][ T144] ? rcu_lock_release+0x20/0x20
[ 85.437678][ T144] ? kthread_blkcg+0xd0/0xd0
[ 85.442264][ T144] ret_from_fork+0x1f/0x30
[ 85.446688][ T144]
[ 85.449990][ T144] Kernel Offset: disabled
[ 85.454328][ T144] Rebooting in 86400 seconds..