Warning: Permanently added '10.128.1.60' (ED25519) to the list of known hosts. 1970/01/01 00:00:46 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:00:47 parsed 1 programs [ 49.624148][ T4042] cgroup: Unknown subsys name 'net' [ 49.903473][ T4042] cgroup: Unknown subsys name 'rlimit' [ 50.247931][ T4042] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 60.415498][ T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.418034][ T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.420971][ T518] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 60.442991][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.445225][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.448954][ T518] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 61.090247][ T4107] chnl_net:caif_netlink_parms(): no params data found [ 61.132605][ T4107] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.134772][ T4107] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.138864][ T4107] device bridge_slave_0 entered promiscuous mode [ 61.143690][ T4107] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.145703][ T4107] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.148772][ T4107] device bridge_slave_1 entered promiscuous mode [ 61.169923][ T4107] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.174912][ T4107] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.193709][ T4107] team0: Port device team_slave_0 added [ 61.198815][ T4107] team0: Port device team_slave_1 added [ 61.214044][ T4107] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.215919][ T4107] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.223763][ T4107] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.228739][ T4107] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.230589][ T4107] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.238118][ T4107] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.308950][ T4107] device hsr_slave_0 entered promiscuous mode [ 61.347173][ T4107] device hsr_slave_1 entered promiscuous mode [ 61.490669][ T4107] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 61.539475][ T4107] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 61.589523][ T4107] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 61.648442][ T4107] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 61.781496][ T4107] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.790112][ T518] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.792730][ T518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.800040][ T4107] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.805556][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 61.810218][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 61.813253][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.815254][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.832371][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 61.835337][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 61.839714][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 61.842273][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.844240][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.847556][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 61.854617][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 61.863453][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 61.867072][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 61.870008][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 61.883828][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 61.888121][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 61.890893][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 61.893662][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 61.900487][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 61.903172][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 61.920660][ T4107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 62.003683][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 62.005982][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 62.013204][ T4107] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.025977][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 62.031298][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 62.043245][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 62.048739][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 62.051394][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 62.057323][ T4107] device veth0_vlan entered promiscuous mode [ 62.064983][ T4107] device veth1_vlan entered promiscuous mode [ 62.080028][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 62.083262][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 62.086109][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 62.091795][ T4107] device veth0_macvtap entered promiscuous mode [ 62.099672][ T4107] device veth1_macvtap entered promiscuous mode [ 62.112820][ T4107] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.115104][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 62.118811][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 62.121684][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 62.128382][ T4107] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.130978][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 62.133814][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 62.145842][ T4107] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.148677][ T4107] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.151105][ T4107] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.153496][ T4107] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:01:02 executed programs: 0 [ 62.635404][ T4145] chnl_net:caif_netlink_parms(): no params data found [ 62.675382][ T4145] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.677715][ T4145] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.680424][ T4145] device bridge_slave_0 entered promiscuous mode [ 62.684146][ T4145] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.686631][ T4145] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.689217][ T4145] device bridge_slave_1 entered promiscuous mode [ 62.705275][ T4145] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.710384][ T4145] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.727929][ T4145] team0: Port device team_slave_0 added [ 62.731226][ T4145] team0: Port device team_slave_1 added [ 62.744682][ T4145] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.747301][ T4145] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.754492][ T4145] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.759995][ T4145] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.761857][ T4145] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.770075][ T4145] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.828873][ T4145] device hsr_slave_0 entered promiscuous mode [ 62.876670][ T4145] device hsr_slave_1 entered promiscuous mode [ 62.926399][ T4145] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.928720][ T4145] Cannot create hsr debugfs directory [ 62.989870][ T4145] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.517037][ T4127] Bluetooth: hci0: command 0x0409 tx timeout [ 65.423992][ T4145] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.586645][ T3617] Bluetooth: hci0: command 0x041b tx timeout [ 68.072151][ T4145] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.128142][ T4145] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.329357][ T4145] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 68.370253][ T4145] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 68.429101][ T4145] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 68.468332][ T4145] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 68.644817][ T4145] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.652647][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 68.655406][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.660478][ T4145] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.666470][ T3617] Bluetooth: hci0: command 0x040f tx timeout [ 68.668505][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 68.671164][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 68.673861][ T341] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.675789][ T341] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.681750][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 68.684518][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 68.688456][ T341] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.690308][ T341] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.692761][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 68.698394][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 68.712383][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 68.715272][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 68.725687][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 68.729320][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 68.732365][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 68.740607][ T4145] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 68.743367][ T4145] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 68.751214][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 68.753970][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 68.757095][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 68.760357][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 68.763054][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 68.765881][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 68.850552][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 68.852746][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 68.863004][ T4145] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 68.880315][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 68.883224][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 68.900420][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 68.903206][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 68.907686][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 68.910216][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 68.914300][ T4145] device veth0_vlan entered promiscuous mode [ 68.921556][ T4145] device veth1_vlan entered promiscuous mode [ 68.940888][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 68.943498][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 68.949810][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 68.952583][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 68.957832][ T4145] device veth0_macvtap entered promiscuous mode [ 68.963352][ T4145] device veth1_macvtap entered promiscuous mode [ 68.975076][ T4145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.979002][ T4145] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.983360][ T4145] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 68.985529][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 68.990970][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 68.993662][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 69.002214][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 69.008412][ T4145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 69.012036][ T4145] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.015833][ T4145] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 69.018754][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 69.021663][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 69.027778][ T4145] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.030252][ T4145] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.032606][ T4145] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.034992][ T4145] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.103338][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.105720][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.119628][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 69.124371][ T136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.128498][ T136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.131903][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 1970/01/01 00:01:09 executed programs: 2 [ 69.184604][ T4164] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 69.260762][ T4166] ================================================================== [ 69.263097][ T4166] BUG: KASAN: use-after-free in ax25_fillin_cb+0x394/0x568 [ 69.265023][ T4166] Read of size 4 at addr ffff0000d2c34638 by task syz.0.18/4166 [ 69.267140][ T4166] [ 69.267769][ T4166] CPU: 1 PID: 4166 Comm: syz.0.18 Not tainted 5.15.186-syzkaller #0 [ 69.269945][ T4166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 69.272721][ T4166] Call trace: [ 69.273586][ T4166] dump_backtrace+0x0/0x43c [ 69.274873][ T4166] show_stack+0x2c/0x3c [ 69.275987][ T4166] __dump_stack+0x30/0x40 [ 69.277171][ T4166] dump_stack_lvl+0xf8/0x160 [ 69.278465][ T4166] print_address_description+0x78/0x30c [ 69.279980][ T4166] kasan_report+0xec/0x15c [ 69.281196][ T4166] __asan_report_load4_noabort+0x44/0x50 [ 69.282707][ T4166] ax25_fillin_cb+0x394/0x568 [ 69.284034][ T4166] ax25_setsockopt+0x8d0/0xa5c [ 69.285362][ T4166] __sys_setsockopt+0x2f8/0x4b0 [ 69.286633][ T4166] __arm64_sys_setsockopt+0xb8/0xd4 [ 69.288143][ T4166] invoke_syscall+0x98/0x2b8 [ 69.289354][ T4166] el0_svc_common+0x138/0x258 [ 69.290621][ T4166] do_el0_svc+0x58/0x14c [ 69.291884][ T4166] el0_svc+0x78/0x1e0 [ 69.292971][ T4166] el0t_64_sync_handler+0xcc/0xe4 [ 69.294359][ T4166] el0t_64_sync+0x1a0/0x1a4 [ 69.295642][ T4166] [ 69.296299][ T4166] Allocated by task 4164: [ 69.297490][ T4166] __kasan_kmalloc+0xb0/0xf0 [ 69.298763][ T4166] kmem_cache_alloc_trace+0x274/0x3fc [ 69.300295][ T4166] ax25_dev_device_up+0x5c/0x540 [ 69.301627][ T4166] ax25_device_event+0x504/0x590 [ 69.303049][ T4166] raw_notifier_call_chain+0xd4/0x164 [ 69.304542][ T4166] __dev_notify_flags+0x250/0x46c [ 69.305925][ T4166] dev_change_flags+0xc8/0x154 [ 69.307243][ T4166] dev_ifsioc+0x504/0xef4 [ 69.308507][ T4166] dev_ioctl+0x4d0/0xc94 [ 69.309642][ T4166] sock_do_ioctl+0x18c/0x240 [ 69.310930][ T4166] sock_ioctl+0x5c8/0x87c [ 69.312128][ T4166] __arm64_sys_ioctl+0x14c/0x1c8 [ 69.313544][ T4166] invoke_syscall+0x98/0x2b8 [ 69.314838][ T4166] el0_svc_common+0x138/0x258 [ 69.316164][ T4166] do_el0_svc+0x58/0x14c [ 69.317273][ T4166] el0_svc+0x78/0x1e0 [ 69.318363][ T4166] el0t_64_sync_handler+0xcc/0xe4 [ 69.319783][ T4166] el0t_64_sync+0x1a0/0x1a4 [ 69.320975][ T4166] [ 69.321620][ T4166] Freed by task 4165: [ 69.322665][ T4166] kasan_set_track+0x4c/0x84 [ 69.323882][ T4166] kasan_set_free_info+0x28/0x4c [ 69.325177][ T4166] ____kasan_slab_free+0x118/0x164 [ 69.326560][ T4166] __kasan_slab_free+0x18/0x28 [ 69.327809][ T4166] slab_free_freelist_hook+0x128/0x1e8 [ 69.329247][ T4166] kfree+0x170/0x40c [ 69.330283][ T4166] ax25_release+0x564/0x814 [ 69.331453][ T4166] sock_close+0xb4/0x1f8 [ 69.332577][ T4166] __fput+0x1c0/0x7f8 [ 69.333642][ T4166] ____fput+0x20/0x30 [ 69.334714][ T4166] task_work_run+0x12c/0x1e0 [ 69.335932][ T4166] do_notify_resume+0x24b4/0x3128 [ 69.337313][ T4166] el0_svc+0xf0/0x1e0 [ 69.338412][ T4166] el0t_64_sync_handler+0xcc/0xe4 [ 69.339778][ T4166] el0t_64_sync+0x1a0/0x1a4 [ 69.341040][ T4166] [ 69.341645][ T4166] Last potentially related work creation: [ 69.343243][ T4166] kasan_save_stack+0x38/0x68 [ 69.344498][ T4166] kasan_record_aux_stack+0xcc/0x114 [ 69.345926][ T4166] insert_work+0x64/0x388 [ 69.347080][ T4166] __queue_work+0xb30/0x1054 [ 69.348282][ T4166] queue_work_on+0xc4/0x17c [ 69.349420][ T4166] call_usermodehelper_exec+0x22c/0x478 [ 69.350872][ T4166] kobject_uevent_env+0x670/0x888 [ 69.352217][ T4166] kobject_uevent+0x2c/0x3c [ 69.353392][ T4166] netdev_queue_update_kobjects+0x1ac/0x3b4 [ 69.354946][ T4166] netdev_register_kobject+0x228/0x2d4 [ 69.356451][ T4166] register_netdevice+0xd44/0x1304 [ 69.357861][ T4166] __ip_tunnel_create+0x238/0x300 [ 69.359295][ T4166] ip_tunnel_init_net+0x1f0/0x5a8 [ 69.360783][ T4166] ipgre_tap_init_net+0x38/0x48 [ 69.362095][ T4166] ops_init+0x2b0/0x544 [ 69.363259][ T4166] register_pernet_operations+0x24c/0x530 [ 69.364857][ T4166] register_pernet_device+0x3c/0x9c [ 69.366343][ T4166] ipgre_init+0x4c/0x1b8 [ 69.367493][ T4166] do_one_initcall+0x228/0x8b0 [ 69.368816][ T4166] do_initcall_level+0x154/0x214 [ 69.370206][ T4166] do_initcalls+0x58/0xac [ 69.371340][ T4166] do_basic_setup+0x8c/0xa0 [ 69.372577][ T4166] kernel_init_freeable+0x404/0x5fc [ 69.374041][ T4166] kernel_init+0x24/0x1d0 [ 69.375253][ T4166] ret_from_fork+0x10/0x20 [ 69.376538][ T4166] [ 69.377203][ T4166] The buggy address belongs to the object at ffff0000d2c34600 [ 69.377203][ T4166] which belongs to the cache kmalloc-256 of size 256 [ 69.381065][ T4166] The buggy address is located 56 bytes inside of [ 69.381065][ T4166] 256-byte region [ffff0000d2c34600, ffff0000d2c34700) [ 69.384791][ T4166] The buggy address belongs to the page: [ 69.386314][ T4166] page:00000000a550fc50 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x112c34 [ 69.389076][ T4166] head:00000000a550fc50 order:1 compound_mapcount:0 [ 69.390912][ T4166] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 69.393174][ T4166] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002480 [ 69.395590][ T4166] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 69.397955][ T4166] page dumped because: kasan: bad access detected [ 69.399728][ T4166] [ 69.400359][ T4166] Memory state around the buggy address: [ 69.401994][ T4166] ffff0000d2c34500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 69.404245][ T4166] ffff0000d2c34580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 69.406498][ T4166] >ffff0000d2c34600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.408731][ T4166] ^ [ 69.410360][ T4166] ffff0000d2c34680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.412591][ T4166] ffff0000d2c34700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 69.414766][ T4166] ================================================================== [ 69.417085][ T4166] Disabling lock debugging due to kernel taint [ 69.421410][ T4166] Unable to handle kernel paging request at virtual address b8c00314000015ed [ 69.423708][ T4166] Mem abort info: [ 69.424694][ T4166] ESR = 0x0000000096000021 [ 69.425937][ T4166] EC = 0x25: DABT (current EL), IL = 32 bits [ 69.427677][ T4166] SET = 0, FnV = 0 [ 69.428687][ T4166] EA = 0, S1PTW = 0 [ 69.429783][ T4166] FSC = 0x21: alignment fault [ 69.431116][ T4166] Data abort info: [ 69.432475][ T4166] ISV = 0, ISS = 0x00000021 [ 69.433806][ T4166] CM = 0, WnR = 0 [ 69.434915][ T4166] [b8c00314000015ed] address between user and kernel address ranges [ 69.437142][ T4166] Internal error: Oops: 0000000096000021 [#1] PREEMPT SMP [ 69.439079][ T4166] Modules linked in: [ 69.440060][ T4166] CPU: 1 PID: 4166 Comm: syz.0.18 Tainted: G B 5.15.186-syzkaller #0 [ 69.442639][ T4166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 69.445437][ T4166] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 69.447659][ T4166] pc : ax25_release+0x4f4/0x814 [ 69.449044][ T4166] lr : ax25_release+0x4ec/0x814 [ 69.450441][ T4166] sp : ffff80001f777a00 [ 69.451610][ T4166] x29: ffff80001f777a20 x28: dfff800000000000 x27: ffff0000d444d080 [ 69.453809][ T4166] x26: ffff0000d80d8828 x25: 0000000000000002 x24: 00000000ffffffff [ 69.456055][ T4166] x23: b8c00314000015ed x22: ffff0000d2c34600 x21: ffff0000e23fb018 [ 69.458328][ T4166] x20: ffff0000d444d000 x19: 1fffe0001b01b105 x18: 0000000000000000 [ 69.460618][ T4166] x17: 0000000000000000 x16: ffff8000082d6448 x15: 0000000000000002 [ 69.462769][ T4166] x14: 0000000000ff0100 x13: ffffffffffffffff x12: 0000000000ff0100 [ 69.465052][ T4166] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff800010472234 [ 69.467401][ T4166] x8 : ffff0000d396b680 x7 : 0000000000000000 x6 : ffff80000837b9b0 [ 69.469627][ T4166] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800010472228 [ 69.471867][ T4166] x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000001 [ 69.474060][ T4166] Call trace: [ 69.474926][ T4166] ax25_release+0x4f4/0x814 [ 69.476181][ T4166] sock_close+0xb4/0x1f8 [ 69.477332][ T4166] __fput+0x1c0/0x7f8 [ 69.478489][ T4166] ____fput+0x20/0x30 [ 69.479574][ T4166] task_work_run+0x12c/0x1e0 [ 69.480829][ T4166] do_notify_resume+0x24b4/0x3128 [ 69.482194][ T4166] el0_svc+0xf0/0x1e0 [ 69.483283][ T4166] el0t_64_sync_handler+0xcc/0xe4 [ 69.484664][ T4166] el0t_64_sync+0x1a0/0x1a4 [ 69.485958][ T4166] Code: d503201f 9600200b 52800038 4b1803f8 (b87802f8) [ 69.487854][ T4166] ---[ end trace 6bc00687f33719cb ]--- [ 69.810719][ T4166] Kernel panic - not syncing: Oops: Fatal exception [ 69.812681][ T4166] SMP: stopping secondary CPUs [ 69.814061][ T4166] Kernel Offset: disabled [ 69.815302][ T4166] CPU features: 0x8,000081c1,21302e40 [ 69.816877][ T4166] Memory Limit: none [ 70.109937][ T4166] Rebooting in 86400 seconds..