Warning: Permanently added '10.128.1.44' (ED25519) to the list of known hosts.
2025/11/22 15:39:58 parsed 1 programs
syzkaller login: [ 52.976308][ T4189] cgroup: Unknown subsys name 'net'
[ 53.080470][ T4189] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 54.328085][ T4189] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 55.547174][ T4196] chnl_net:caif_netlink_parms(): no params data found
[ 55.587524][ T4196] bridge0: port 1(bridge_slave_0) entered blocking state
[ 55.595110][ T4196] bridge0: port 1(bridge_slave_0) entered disabled state
[ 55.603533][ T4196] device bridge_slave_0 entered promiscuous mode
[ 55.612968][ T4196] bridge0: port 2(bridge_slave_1) entered blocking state
[ 55.620102][ T4196] bridge0: port 2(bridge_slave_1) entered disabled state
[ 55.627893][ T4196] device bridge_slave_1 entered promiscuous mode
[ 55.647028][ T4196] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 55.657967][ T4196] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 55.679010][ T4196] team0: Port device team_slave_0 added
[ 55.686227][ T4196] team0: Port device team_slave_1 added
[ 55.702909][ T4196] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 55.709861][ T4196] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 55.735771][ T4196] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 55.747967][ T4196] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 55.754971][ T4196] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 55.780929][ T4196] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 55.809071][ T4196] device hsr_slave_0 entered promiscuous mode
[ 55.816366][ T4196] device hsr_slave_1 entered promiscuous mode
[ 55.898459][ T4196] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 55.908750][ T4196] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 55.917659][ T4196] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 55.926857][ T4196] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 55.950228][ T4196] bridge0: port 2(bridge_slave_1) entered blocking state
[ 55.957370][ T4196] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 55.965335][ T4196] bridge0: port 1(bridge_slave_0) entered blocking state
[ 55.972422][ T4196] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 56.009042][ T4196] 8021q: adding VLAN 0 to HW filter on device bond0
[ 56.023182][ T1261] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 56.034422][ T1261] bridge0: port 1(bridge_slave_0) entered disabled state
[ 56.043147][ T1261] bridge0: port 2(bridge_slave_1) entered disabled state
[ 56.050943][ T1261] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 56.064024][ T4196] 8021q: adding VLAN 0 to HW filter on device team0
[ 56.075721][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 56.084702][ T144] bridge0: port 1(bridge_slave_0) entered blocking state
[ 56.091741][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 56.106379][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 56.114795][ T144] bridge0: port 2(bridge_slave_1) entered blocking state
[ 56.121818][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 56.135982][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 56.146491][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 56.156774][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 56.169496][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 56.180636][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 56.191407][ T4196] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 56.261985][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 56.269867][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 56.281540][ T4196] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 56.297559][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 56.317865][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 56.326503][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 56.334649][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 56.344221][ T4196] device veth0_vlan entered promiscuous mode
[ 56.355137][ T4196] device veth1_vlan entered promiscuous mode
[ 56.370810][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 56.379411][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 56.387902][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 56.400208][ T4196] device veth0_macvtap entered promiscuous mode
[ 56.410791][ T4196] device veth1_macvtap entered promiscuous mode
[ 56.426804][ T4196] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 56.434910][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 56.444445][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 56.455533][ T4196] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 56.463416][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 56.474718][ T4196] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 56.483937][ T4196] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 56.492767][ T4196] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 56.501523][ T4196] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 56.611946][ T4196] syz-executor (4196) used greatest stack depth: 20288 bytes left
[ 56.628711][ T144] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 59.507943][ T144] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 61.527427][ T144] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 61.578743][ T144] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 62.297713][ T144] device hsr_slave_0 left promiscuous mode
[ 62.314674][ T144] device hsr_slave_1 left promiscuous mode
[ 62.334665][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 62.347937][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 62.383953][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 62.391800][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 62.412934][ T144] device bridge_slave_1 left promiscuous mode
[ 62.420018][ T144] bridge0: port 2(bridge_slave_1) entered disabled state
[ 62.447460][ T144] device bridge_slave_0 left promiscuous mode
[ 62.454851][ T144] bridge0: port 1(bridge_slave_0) entered disabled state
[ 62.477300][ T144] device veth1_macvtap left promiscuous mode
[ 62.483664][ T144] device veth0_macvtap left promiscuous mode
[ 62.489727][ T144] device veth1_vlan left promiscuous mode
[ 62.496080][ T144] device veth0_vlan left promiscuous mode
[ 62.628207][ T144] team0 (unregistering): Port device team_slave_1 removed
[ 62.639754][ T144] team0 (unregistering): Port device team_slave_0 removed
[ 62.651161][ T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 62.665764][ T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 62.710307][ T144] bond0 (unregistering): Released all slaves
[ 64.521689][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 64.552193][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 64.562968][ T1208] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 64.574595][ T1208] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 64.594952][ T1208] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 64.610706][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 64.980708][ T144] ODEBUG: Out of memory. ODEBUG disabled
2025/11/22 15:40:12 executed programs: 0
[ 65.987620][ T4426] chnl_net:caif_netlink_parms(): no params data found
[ 66.032873][ T4426] bridge0: port 1(bridge_slave_0) entered blocking state
[ 66.040087][ T4426] bridge0: port 1(bridge_slave_0) entered disabled state
[ 66.048167][ T4426] device bridge_slave_0 entered promiscuous mode
[ 66.073060][ T4426] bridge0: port 2(bridge_slave_1) entered blocking state
[ 66.080219][ T4426] bridge0: port 2(bridge_slave_1) entered disabled state
[ 66.088182][ T4426] device bridge_slave_1 entered promiscuous mode
[ 66.126065][ T4426] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 66.136766][ T4426] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 66.159763][ T4426] team0: Port device team_slave_0 added
[ 66.179297][ T4426] team0: Port device team_slave_1 added
[ 66.195318][ T4426] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 66.202386][ T4426] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 66.228394][ T4426] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 66.240402][ T4426] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 66.247945][ T4426] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 66.274088][ T4426] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 66.318669][ T4426] device hsr_slave_0 entered promiscuous mode
[ 66.326041][ T4426] device hsr_slave_1 entered promiscuous mode
[ 66.863262][ T4426] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 66.875454][ T4426] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 66.903636][ T4426] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 66.924662][ T4426] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 67.076272][ T4426] 8021q: adding VLAN 0 to HW filter on device bond0
[ 67.098079][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 67.112883][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 67.134958][ T4426] 8021q: adding VLAN 0 to HW filter on device team0
[ 67.154733][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 67.176681][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 67.186307][ T154] bridge0: port 1(bridge_slave_0) entered blocking state
[ 67.193404][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 67.202046][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 67.215795][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 67.226116][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 67.234885][ T9] bridge0: port 2(bridge_slave_1) entered blocking state
[ 67.241933][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 67.266312][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 67.283031][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 67.301040][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 67.324492][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 67.344277][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 67.353086][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 67.373547][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 67.392668][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 67.412730][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 67.435572][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 67.452916][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 67.475407][ T4426] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 67.647191][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 67.662404][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 67.677287][ T4426] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 67.705263][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 67.723852][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 67.748289][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 67.764833][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 67.784822][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 67.803831][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 67.825541][ T4426] device veth0_vlan entered promiscuous mode
[ 67.850847][ T4426] device veth1_vlan entered promiscuous mode
[ 67.857705][ T4398] Bluetooth: hci0: command 0x0409 tx timeout
[ 67.888976][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 67.904256][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 67.923834][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 67.943645][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 67.965673][ T4426] device veth0_macvtap entered promiscuous mode
[ 67.984495][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 68.007900][ T4426] device veth1_macvtap entered promiscuous mode
[ 68.043807][ T4426] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 68.051107][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 68.072914][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 68.090313][ T4426] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 68.113327][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 68.132645][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 68.150336][ T4426] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.164245][ T4426] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.173373][ T4426] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.182337][ T4426] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.247863][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 68.260273][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 68.275060][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 68.283015][ T1208] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 68.302377][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 68.311068][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 68.390166][ T4525] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[ 68.475807][ T4528] ==================================================================
[ 68.484111][ T4528] BUG: KASAN: use-after-free in ax25_fillin_cb+0x459/0x640
[ 68.491347][ T4528] Read of size 4 at addr ffff8880187dc738 by task syz.0.19/4528
[ 68.498989][ T4528]
[ 68.501319][ T4528] CPU: 0 PID: 4528 Comm: syz.0.19 Not tainted syzkaller #0
[ 68.508523][ T4528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 68.518597][ T4528] Call Trace:
[ 68.521885][ T4528]
[ 68.524826][ T4528] dump_stack_lvl+0x168/0x230
[ 68.529519][ T4528] ? show_regs_print_info+0x20/0x20
[ 68.534730][ T4528] ? _printk+0xcc/0x110
[ 68.538889][ T4528] ? ax25_fillin_cb+0x459/0x640
[ 68.543735][ T4528] ? load_image+0x3b0/0x3b0
[ 68.548229][ T4528] print_address_description+0x60/0x2d0
[ 68.553759][ T4528] ? ax25_fillin_cb+0x459/0x640
[ 68.558592][ T4528] kasan_report+0xdf/0x130
[ 68.562985][ T4528] ? ax25_fillin_cb+0x459/0x640
[ 68.567829][ T4528] ax25_fillin_cb+0x459/0x640
[ 68.572497][ T4528] ax25_setsockopt+0x8a2/0xa40
[ 68.577246][ T4528] ? ax25_shutdown+0x10/0x10
[ 68.581816][ T4528] ? aa_sock_opt_perm+0x74/0x100
[ 68.586734][ T4528] ? bpf_lsm_socket_setsockopt+0x5/0x10
[ 68.592262][ T4528] ? security_socket_setsockopt+0x7a/0xa0
[ 68.597967][ T4528] ? ax25_shutdown+0x10/0x10
[ 68.602667][ T4528] __sys_setsockopt+0x2bf/0x3d0
[ 68.607514][ T4528] __x64_sys_setsockopt+0xb1/0xc0
[ 68.612526][ T4528] do_syscall_64+0x4c/0xa0
[ 68.616927][ T4528] ? clear_bhb_loop+0x30/0x80
[ 68.621582][ T4528] ? clear_bhb_loop+0x30/0x80
[ 68.626234][ T4528] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 68.632120][ T4528] RIP: 0033:0x7fdfedd86749
[ 68.636572][ T4528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 68.656186][ T4528] RSP: 002b:00007ffcfe839498 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 68.664588][ T4528] RAX: ffffffffffffffda RBX: 00007fdfedfdcfa0 RCX: 00007fdfedd86749
[ 68.672544][ T4528] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000006
[ 68.680501][ T4528] RBP: 00007fdfede0af91 R08: 0000000000000010 R09: 0000000000000000
[ 68.688457][ T4528] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000000
[ 68.696421][ T4528] R13: 00007fdfedfdcfa0 R14: 00007fdfedfdcfa0 R15: 0000000000000005
[ 68.704391][ T4528]
[ 68.707396][ T4528]
[ 68.709700][ T4528] Allocated by task 4525:
[ 68.714008][ T4528] __kasan_kmalloc+0xb5/0xf0
[ 68.718584][ T4528] ax25_dev_device_up+0x50/0x580
[ 68.723523][ T4528] ax25_device_event+0x483/0x4f0
[ 68.728460][ T4528] raw_notifier_call_chain+0xcb/0x160
[ 68.733816][ T4528] __dev_notify_flags+0x178/0x2d0
[ 68.738832][ T4528] dev_change_flags+0xe3/0x1a0
[ 68.743596][ T4528] dev_ifsioc+0x147/0xe70
[ 68.747936][ T4528] dev_ioctl+0x55f/0xe50
[ 68.752178][ T4528] sock_do_ioctl+0x222/0x2f0
[ 68.756770][ T4528] sock_ioctl+0x4ed/0x6e0
[ 68.761104][ T4528] __se_sys_ioctl+0xfa/0x170
[ 68.765680][ T4528] do_syscall_64+0x4c/0xa0
[ 68.770082][ T4528] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 68.775961][ T4528]
[ 68.778278][ T4528] Freed by task 4527:
[ 68.782241][ T4528] kasan_set_track+0x4b/0x70
[ 68.786832][ T4528] kasan_set_free_info+0x1f/0x40
[ 68.791766][ T4528] ____kasan_slab_free+0xd5/0x110
[ 68.796852][ T4528] slab_free_freelist_hook+0xea/0x170
[ 68.802207][ T4528] kfree+0xef/0x2a0
[ 68.805993][ T4528] ax25_release+0x661/0x870
[ 68.810475][ T4528] sock_close+0xd5/0x240
[ 68.814696][ T4528] __fput+0x234/0x930
[ 68.818652][ T4528] task_work_run+0x125/0x1a0
[ 68.823235][ T4528] exit_to_user_mode_loop+0x10f/0x130
[ 68.828585][ T4528] exit_to_user_mode_prepare+0xee/0x180
[ 68.834108][ T4528] syscall_exit_to_user_mode+0x16/0x40
[ 68.839547][ T4528] do_syscall_64+0x58/0xa0
[ 68.843938][ T4528] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 68.849809][ T4528]
[ 68.852125][ T4528] Last potentially related work creation:
[ 68.857823][ T4528] kasan_save_stack+0x35/0x60
[ 68.862513][ T4528] kasan_record_aux_stack+0xb8/0x100
[ 68.867780][ T4528] insert_work+0x54/0x3d0
[ 68.872092][ T4528] __queue_work+0x9c5/0xd50
[ 68.876584][ T4528] queue_work_on+0x11d/0x1d0
[ 68.881148][ T4528] netdevice_event+0x803/0x900
[ 68.885890][ T4528] raw_notifier_call_chain+0xcb/0x160
[ 68.891243][ T4528] dev_set_mac_address+0x2c4/0x3d0
[ 68.896331][ T4528] dev_set_mac_address_user+0x2d/0x50
[ 68.901684][ T4528] do_setlink+0x80d/0x3980
[ 68.906078][ T4528] rtnl_newlink+0x1419/0x17d0
[ 68.910750][ T4528] rtnetlink_rcv_msg+0x7ff/0xe90
[ 68.915679][ T4528] netlink_rcv_skb+0x1e0/0x430
[ 68.920420][ T4528] netlink_unicast+0x774/0x920
[ 68.925162][ T4528] netlink_sendmsg+0x8ab/0xbc0
[ 68.929896][ T4528] __sys_sendto+0x423/0x580
[ 68.934382][ T4528] __x64_sys_sendto+0xda/0xf0
[ 68.939041][ T4528] do_syscall_64+0x4c/0xa0
[ 68.943433][ T4528] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 68.949304][ T4528]
[ 68.951606][ T4528] The buggy address belongs to the object at ffff8880187dc700
[ 68.951606][ T4528] which belongs to the cache kmalloc-192 of size 192
[ 68.965634][ T4528] The buggy address is located 56 bytes inside of
[ 68.965634][ T4528] 192-byte region [ffff8880187dc700, ffff8880187dc7c0)
[ 68.978803][ T4528] The buggy address belongs to the page:
[ 68.984422][ T4528] page:ffffea000061f700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x187dc
[ 68.994550][ T4528] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 69.002077][ T4528] raw: 00fff00000000200 ffffea000061f880 0000000600000006 ffff888016841a00
[ 69.010647][ T4528] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 69.019203][ T4528] page dumped because: kasan: bad access detected
[ 69.025600][ T4528] page_owner tracks the page as allocated
[ 69.031286][ T4528] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 2319981629, free_ts 0
[ 69.046107][ T4528] get_page_from_freelist+0x1b77/0x1c60
[ 69.051643][ T4528] __alloc_pages+0x1e1/0x470
[ 69.056217][ T4528] alloc_page_interleave+0x24/0x1e0
[ 69.061393][ T4528] new_slab+0xc0/0x4b0
[ 69.065445][ T4528] ___slab_alloc+0x81e/0xdf0
[ 69.070008][ T4528] __kmalloc_track_caller+0x1cb/0x330
[ 69.075353][ T4528] krealloc+0x5a/0xf0
[ 69.079308][ T4528] add_sysfs_param+0xe8/0x930
[ 69.083963][ T4528] kernel_add_sysfs_param+0xaf/0x120
[ 69.089228][ T4528] param_sysfs_builtin+0x164/0x1e0
[ 69.094314][ T4528] param_sysfs_init+0x66/0x70
[ 69.098972][ T4528] do_one_initcall+0x1ee/0x680
[ 69.103711][ T4528] do_initcall_level+0x137/0x1f0
[ 69.108627][ T4528] do_initcalls+0x4b/0x90
[ 69.112928][ T4528] kernel_init_freeable+0x3ce/0x560
[ 69.118100][ T4528] kernel_init+0x19/0x1b0
[ 69.122402][ T4528] page_owner free stack trace missing
[ 69.127741][ T4528]
[ 69.130036][ T4528] Memory state around the buggy address:
[ 69.135649][ T4528] ffff8880187dc600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 69.143704][ T4528] ffff8880187dc680: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[ 69.151741][ T4528] >ffff8880187dc700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 69.159776][ T4528] ^
[ 69.165646][ T4528] ffff8880187dc780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 69.173682][ T4528] ffff8880187dc800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 69.181715][ T4528] ==================================================================
[ 69.189836][ T4528] Disabling lock debugging due to kernel taint
[ 69.198305][ T4528] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 69.205555][ T4528] CPU: 0 PID: 4528 Comm: syz.0.19 Tainted: G B syzkaller #0
[ 69.214221][ T4528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 69.224253][ T4528] Call Trace:
[ 69.227508][ T4528]
[ 69.230417][ T4528] dump_stack_lvl+0x168/0x230
[ 69.235076][ T4528] ? show_regs_print_info+0x20/0x20
[ 69.240249][ T4528] ? load_image+0x3b0/0x3b0
[ 69.244728][ T4528] panic+0x2c9/0x7f0
[ 69.248609][ T4528] ? bpf_jit_dump+0xd0/0xd0
[ 69.253114][ T4528] ? _raw_spin_unlock_irqrestore+0xf6/0x100
[ 69.258989][ T4528] ? _raw_spin_unlock+0x40/0x40
[ 69.263815][ T4528] ? print_memory_metadata+0x314/0x400
[ 69.269249][ T4528] ? ax25_fillin_cb+0x459/0x640
[ 69.274071][ T4528] check_panic_on_warn+0x80/0xa0
[ 69.279012][ T4528] ? ax25_fillin_cb+0x459/0x640
[ 69.283839][ T4528] end_report+0x6d/0xf0
[ 69.287971][ T4528] kasan_report+0x102/0x130
[ 69.292445][ T4528] ? ax25_fillin_cb+0x459/0x640
[ 69.297270][ T4528] ax25_fillin_cb+0x459/0x640
[ 69.301921][ T4528] ax25_setsockopt+0x8a2/0xa40
[ 69.306657][ T4528] ? ax25_shutdown+0x10/0x10
[ 69.311223][ T4528] ? aa_sock_opt_perm+0x74/0x100
[ 69.316134][ T4528] ? bpf_lsm_socket_setsockopt+0x5/0x10
[ 69.321656][ T4528] ? security_socket_setsockopt+0x7a/0xa0
[ 69.327354][ T4528] ? ax25_shutdown+0x10/0x10
[ 69.331917][ T4528] __sys_setsockopt+0x2bf/0x3d0
[ 69.336743][ T4528] __x64_sys_setsockopt+0xb1/0xc0
[ 69.341740][ T4528] do_syscall_64+0x4c/0xa0
[ 69.346154][ T4528] ? clear_bhb_loop+0x30/0x80
[ 69.350805][ T4528] ? clear_bhb_loop+0x30/0x80
[ 69.355456][ T4528] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 69.361327][ T4528] RIP: 0033:0x7fdfedd86749
[ 69.365721][ T4528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 69.385305][ T4528] RSP: 002b:00007ffcfe839498 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 69.393692][ T4528] RAX: ffffffffffffffda RBX: 00007fdfedfdcfa0 RCX: 00007fdfedd86749
[ 69.401640][ T4528] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000006
[ 69.409591][ T4528] RBP: 00007fdfede0af91 R08: 0000000000000010 R09: 0000000000000000
[ 69.417542][ T4528] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000000
[ 69.425489][ T4528] R13: 00007fdfedfdcfa0 R14: 00007fdfedfdcfa0 R15: 0000000000000005
[ 69.433439][ T4528]
[ 69.436641][ T4528] Kernel Offset: disabled
[ 69.440962][ T4528] Rebooting in 86400 seconds..