Warning: Permanently added '10.128.1.111' (ED25519) to the list of known hosts.
2026/01/23 07:06:59 parsed 1 programs
[ 53.047167][ T4187] cgroup: Unknown subsys name 'net'
[ 53.180244][ T4187] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 54.430713][ T4187] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 56.026625][ T4206] chnl_net:caif_netlink_parms(): no params data found
[ 56.071399][ T4206] bridge0: port 1(bridge_slave_0) entered blocking state
[ 56.079090][ T4206] bridge0: port 1(bridge_slave_0) entered disabled state
[ 56.086987][ T4206] device bridge_slave_0 entered promiscuous mode
[ 56.099485][ T4206] bridge0: port 2(bridge_slave_1) entered blocking state
[ 56.106759][ T4206] bridge0: port 2(bridge_slave_1) entered disabled state
[ 56.114432][ T4206] device bridge_slave_1 entered promiscuous mode
[ 56.131692][ T4206] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 56.142827][ T4206] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 56.168056][ T4206] team0: Port device team_slave_0 added
[ 56.175194][ T4206] team0: Port device team_slave_1 added
[ 56.190336][ T4206] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 56.197536][ T4206] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 56.223895][ T4206] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 56.238087][ T4206] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 56.245240][ T4206] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 56.271436][ T4206] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 56.298997][ T4206] device hsr_slave_0 entered promiscuous mode
[ 56.306669][ T4206] device hsr_slave_1 entered promiscuous mode
[ 56.397600][ T4206] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 56.408450][ T4206] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 56.418822][ T4206] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 56.427923][ T4206] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 56.464244][ T4206] bridge0: port 2(bridge_slave_1) entered blocking state
[ 56.471506][ T4206] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 56.480355][ T4206] bridge0: port 1(bridge_slave_0) entered blocking state
[ 56.487900][ T4206] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 56.548592][ T4206] 8021q: adding VLAN 0 to HW filter on device bond0
[ 56.563221][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 56.577157][ T9] bridge0: port 1(bridge_slave_0) entered disabled state
[ 56.586895][ T9] bridge0: port 2(bridge_slave_1) entered disabled state
[ 56.597026][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 56.612810][ T4206] 8021q: adding VLAN 0 to HW filter on device team0
[ 56.627664][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 56.638438][ T9] bridge0: port 1(bridge_slave_0) entered blocking state
[ 56.645651][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 56.665199][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 56.684732][ T9] bridge0: port 2(bridge_slave_1) entered blocking state
[ 56.691830][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 56.718533][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 56.727509][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 56.736206][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 56.744900][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 56.753248][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 56.766260][ T4206] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 56.878554][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 56.887360][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 56.901875][ T4206] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 56.922784][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 56.947898][ T466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 56.957129][ T466] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 56.966911][ T466] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 56.976420][ T4206] device veth0_vlan entered promiscuous mode
[ 56.989834][ T4206] device veth1_vlan entered promiscuous mode
[ 57.014593][ T466] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 57.028375][ T466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 57.039761][ T4206] device veth0_macvtap entered promiscuous mode
[ 57.052499][ T4206] device veth1_macvtap entered promiscuous mode
[ 57.071178][ T4206] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 57.081725][ T466] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 57.090714][ T466] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 57.101102][ T466] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 57.118571][ T466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 57.131453][ T4206] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 57.139623][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 57.149993][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 57.162452][ T4206] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 57.174228][ T4206] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 57.183487][ T4206] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 57.194316][ T4206] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 57.313444][ T4206] syz-executor (4206) used greatest stack depth: 20792 bytes left
[ 57.520500][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 57.534953][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 57.545975][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 57.562231][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 57.570986][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 57.581542][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 57.692708][ T1439] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 60.100459][ T1439] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 62.379358][ T1439] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 62.431211][ T1439] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/01/23 07:07:11 executed programs: 0
[ 63.646103][ T1439] device hsr_slave_0 left promiscuous mode
[ 63.677122][ T1439] device hsr_slave_1 left promiscuous mode
[ 63.686350][ T1439] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 63.693799][ T1439] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 63.704061][ T1439] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 63.713262][ T1439] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 63.721479][ T1439] device bridge_slave_1 left promiscuous mode
[ 63.728760][ T1439] bridge0: port 2(bridge_slave_1) entered disabled state
[ 63.741416][ T1439] device bridge_slave_0 left promiscuous mode
[ 63.747970][ T1439] bridge0: port 1(bridge_slave_0) entered disabled state
[ 63.763809][ T1439] device veth1_macvtap left promiscuous mode
[ 63.770582][ T1439] device veth0_macvtap left promiscuous mode
[ 63.777121][ T1439] device veth1_vlan left promiscuous mode
[ 63.783267][ T1439] device veth0_vlan left promiscuous mode
[ 63.905342][ T1439] team0 (unregistering): Port device team_slave_1 removed
[ 63.918720][ T1439] team0 (unregistering): Port device team_slave_0 removed
[ 63.932093][ T1439] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 63.945267][ T1439] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 63.989591][ T1439] bond0 (unregistering): Released all slaves
[ 64.176256][ T4338] chnl_net:caif_netlink_parms(): no params data found
[ 64.236887][ T4338] bridge0: port 1(bridge_slave_0) entered blocking state
[ 64.244032][ T4338] bridge0: port 1(bridge_slave_0) entered disabled state
[ 64.252811][ T4338] device bridge_slave_0 entered promiscuous mode
[ 64.261768][ T4338] bridge0: port 2(bridge_slave_1) entered blocking state
[ 64.268985][ T4338] bridge0: port 2(bridge_slave_1) entered disabled state
[ 64.277212][ T4338] device bridge_slave_1 entered promiscuous mode
[ 64.298862][ T4338] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 64.310147][ T4338] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 64.335367][ T4338] team0: Port device team_slave_0 added
[ 64.343444][ T4338] team0: Port device team_slave_1 added
[ 64.363499][ T4338] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 64.371204][ T4338] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 64.401353][ T4338] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 64.413812][ T4338] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 64.420824][ T4338] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 64.447373][ T4338] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 64.488371][ T4338] device hsr_slave_0 entered promiscuous mode
[ 64.495682][ T4338] device hsr_slave_1 entered promiscuous mode
[ 65.008090][ T4338] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 65.027682][ T4338] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 65.047306][ T4338] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 65.069362][ T4338] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 65.173106][ T4338] 8021q: adding VLAN 0 to HW filter on device bond0
[ 65.190000][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 65.205939][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 65.222741][ T4338] 8021q: adding VLAN 0 to HW filter on device team0
[ 65.249063][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 65.264260][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 65.273353][ T154] bridge0: port 1(bridge_slave_0) entered blocking state
[ 65.280463][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 65.295139][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 65.310526][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 65.326390][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 65.347178][ T144] bridge0: port 2(bridge_slave_1) entered blocking state
[ 65.354644][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 65.384646][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 65.393464][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 65.417870][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 65.436235][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 65.455825][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 65.476339][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 65.495308][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 65.513934][ T4338] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 65.544730][ T4338] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 65.566156][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 65.585066][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 65.597130][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 65.615036][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 65.636542][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 65.755465][ T21] Bluetooth: hci0: command 0x0409 tx timeout
[ 65.785043][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 65.792582][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 65.809541][ T4338] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 65.856072][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 65.875033][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 65.909980][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 65.926546][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 65.937062][ T4338] device veth0_vlan entered promiscuous mode
[ 65.951985][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 65.960833][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 65.973220][ T4338] device veth1_vlan entered promiscuous mode
[ 66.002363][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 66.015387][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 66.034947][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 66.045447][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 66.059370][ T4338] device veth0_macvtap entered promiscuous mode
[ 66.077609][ T4338] device veth1_macvtap entered promiscuous mode
[ 66.102408][ T4338] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 66.113835][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 66.123700][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 66.131915][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 66.141388][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 66.151776][ T4338] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 66.161601][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 66.170613][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 66.182984][ T4338] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 66.192325][ T4338] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 66.203021][ T4338] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 66.212768][ T4338] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 66.409023][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 66.419842][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 66.437015][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 66.460739][ T4237] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 66.490313][ T4237] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 66.508565][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 66.569883][ T4439] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[ 66.613339][ T4444] ==================================================================
[ 66.621576][ T4444] BUG: KASAN: use-after-free in ax25_fillin_cb+0x459/0x640
[ 66.628882][ T4444] Read of size 4 at addr ffff88801fd1b338 by task syz.0.19/4444
[ 66.636505][ T4444]
[ 66.638848][ T4444] CPU: 1 PID: 4444 Comm: syz.0.19 Not tainted syzkaller #0
[ 66.646043][ T4444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 66.656198][ T4444] Call Trace:
[ 66.659486][ T4444]
[ 66.662429][ T4444] dump_stack_lvl+0x188/0x250
[ 66.667242][ T4444] ? show_regs_print_info+0x20/0x20
[ 66.672476][ T4444] ? _printk+0xda/0x130
[ 66.676831][ T4444] ? ax25_fillin_cb+0x459/0x640
[ 66.681813][ T4444] ? load_image+0x400/0x400
[ 66.686346][ T4444] print_address_description+0x60/0x2d0
[ 66.691906][ T4444] ? ax25_fillin_cb+0x459/0x640
[ 66.696770][ T4444] kasan_report+0xdf/0x130
[ 66.701198][ T4444] ? ax25_fillin_cb+0x459/0x640
[ 66.706056][ T4444] ax25_fillin_cb+0x459/0x640
[ 66.710744][ T4444] ax25_setsockopt+0x8c9/0xa60
[ 66.715515][ T4444] ? ax25_shutdown+0x10/0x10
[ 66.720113][ T4444] ? aa_sock_opt_perm+0x74/0x100
[ 66.725068][ T4444] ? bpf_lsm_socket_setsockopt+0x5/0x10
[ 66.730715][ T4444] ? security_socket_setsockopt+0x7a/0xa0
[ 66.736441][ T4444] ? ax25_shutdown+0x10/0x10
[ 66.741042][ T4444] __sys_setsockopt+0x2bf/0x3d0
[ 66.745921][ T4444] __x64_sys_setsockopt+0xb1/0xc0
[ 66.750950][ T4444] do_syscall_64+0x4c/0xa0
[ 66.755349][ T4444] ? clear_bhb_loop+0x30/0x80
[ 66.760013][ T4444] ? clear_bhb_loop+0x30/0x80
[ 66.764679][ T4444] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 66.770578][ T4444] RIP: 0033:0x7f2e16af4cb9
[ 66.774977][ T4444] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 66.795181][ T4444] RSP: 002b:00007ffdaa153618 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 66.803789][ T4444] RAX: ffffffffffffffda RBX: 00007f2e16d6ffa0 RCX: 00007f2e16af4cb9
[ 66.811750][ T4444] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000006
[ 66.819890][ T4444] RBP: 00007f2e16b62bf7 R08: 0000000000000010 R09: 0000000000000000
[ 66.827842][ T4444] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000000
[ 66.835794][ T4444] R13: 00007f2e16d6ffac R14: 00007f2e16d6ffa0 R15: 00007f2e16d6ffa0
[ 66.843792][ T4444]
[ 66.846798][ T4444]
[ 66.849110][ T4444] Allocated by task 4439:
[ 66.853422][ T4444] __kasan_kmalloc+0xb5/0xf0
[ 66.858008][ T4444] ax25_dev_device_up+0x50/0x580
[ 66.863649][ T4444] ax25_device_event+0x483/0x4f0
[ 66.868575][ T4444] raw_notifier_call_chain+0xcb/0x160
[ 66.873938][ T4444] __dev_notify_flags+0x194/0x300
[ 66.878951][ T4444] dev_change_flags+0xe3/0x1a0
[ 66.883706][ T4444] dev_ifsioc+0x130/0xd50
[ 66.888127][ T4444] dev_ioctl+0x545/0xe30
[ 66.892357][ T4444] sock_do_ioctl+0x245/0x320
[ 66.897012][ T4444] sock_ioctl+0x4d2/0x710
[ 66.901343][ T4444] __se_sys_ioctl+0xfa/0x170
[ 66.906096][ T4444] do_syscall_64+0x4c/0xa0
[ 66.910501][ T4444] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 66.916491][ T4444]
[ 66.918814][ T4444] Freed by task 4442:
[ 66.922769][ T4444] kasan_set_track+0x4b/0x70
[ 66.927348][ T4444] kasan_set_free_info+0x1f/0x40
[ 66.932355][ T4444] ____kasan_slab_free+0xd5/0x110
[ 66.937360][ T4444] slab_free_freelist_hook+0xea/0x170
[ 66.942747][ T4444] kfree+0xef/0x2a0
[ 66.946545][ T4444] ax25_release+0x661/0x870
[ 66.951058][ T4444] sock_close+0xd5/0x240
[ 66.955374][ T4444] __fput+0x234/0x930
[ 66.959772][ T4444] task_work_run+0x125/0x1a0
[ 66.964365][ T4444] exit_to_user_mode_loop+0x10f/0x130
[ 66.969716][ T4444] exit_to_user_mode_prepare+0xee/0x180
[ 66.975264][ T4444] syscall_exit_to_user_mode+0x16/0x40
[ 66.981073][ T4444] do_syscall_64+0x58/0xa0
[ 66.985673][ T4444] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 66.991589][ T4444]
[ 66.993923][ T4444] The buggy address belongs to the object at ffff88801fd1b300
[ 66.993923][ T4444] which belongs to the cache kmalloc-192 of size 192
[ 67.007953][ T4444] The buggy address is located 56 bytes inside of
[ 67.007953][ T4444] 192-byte region [ffff88801fd1b300, ffff88801fd1b3c0)
[ 67.021337][ T4444] The buggy address belongs to the page:
[ 67.026960][ T4444] page:ffffea00007f46c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1fd1b
[ 67.037099][ T4444] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 67.044639][ T4444] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff888016c41a00
[ 67.053258][ T4444] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 67.061819][ T4444] page dumped because: kasan: bad access detected
[ 67.068236][ T4444] page_owner tracks the page as allocated
[ 67.073931][ T4444] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 4338, ts 66547173547, free_ts 66547029750
[ 67.089977][ T4444] get_page_from_freelist+0x1bbd/0x1ca0
[ 67.095523][ T4444] __alloc_pages+0x1ee/0x480
[ 67.100178][ T4444] new_slab+0xb6/0x4b0
[ 67.104330][ T4444] ___slab_alloc+0x80a/0xdd0
[ 67.108941][ T4444] __kmalloc_node+0x200/0x3b0
[ 67.113607][ T4444] memcg_alloc_page_obj_cgroups+0x81/0x120
[ 67.119625][ T4444] slab_post_alloc_hook+0xba/0x380
[ 67.124726][ T4444] kmem_cache_alloc+0x100/0x290
[ 67.129666][ T4444] sock_alloc_inode+0x17/0xb0
[ 67.134326][ T4444] new_inode_pseudo+0x5f/0x210
[ 67.139072][ T4444] __sock_create+0x129/0x900
[ 67.143646][ T4444] __sys_socket+0xe2/0x170
[ 67.148052][ T4444] __x64_sys_socket+0x76/0x80
[ 67.152798][ T4444] do_syscall_64+0x4c/0xa0
[ 67.157196][ T4444] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 67.163070][ T4444] page last free stack trace:
[ 67.167857][ T4444] free_unref_page_prepare+0x637/0x6c0
[ 67.173331][ T4444] free_unref_page+0x8f/0x2a0
[ 67.178048][ T4444] __vunmap+0x8b9/0xa50
[ 67.182230][ T4444] do_arpt_get_ctl+0xd53/0x1000
[ 67.187064][ T4444] nf_getsockopt+0x25e/0x280
[ 67.191883][ T4444] ip_getsockopt+0x1256/0x16a0
[ 67.196638][ T4444] tcp_getsockopt+0x200/0x25a0
[ 67.201403][ T4444] __sys_getsockopt+0x1b0/0x230
[ 67.206246][ T4444] __x64_sys_getsockopt+0xb1/0xc0
[ 67.211441][ T4444] do_syscall_64+0x4c/0xa0
[ 67.215868][ T4444] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 67.221795][ T4444]
[ 67.224119][ T4444] Memory state around the buggy address:
[ 67.229743][ T4444] ffff88801fd1b200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 67.237998][ T4444] ffff88801fd1b280: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[ 67.246063][ T4444] >ffff88801fd1b300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 67.254111][ T4444] ^
[ 67.259987][ T4444] ffff88801fd1b380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 67.268211][ T4444] ffff88801fd1b400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 67.276433][ T4444] ==================================================================
[ 67.285434][ T4444] Disabling lock debugging due to kernel taint
[ 67.294849][ T4444] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 67.302047][ T4444] CPU: 1 PID: 4444 Comm: syz.0.19 Tainted: G B syzkaller #0
[ 67.310962][ T4444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 67.321002][ T4444] Call Trace:
[ 67.324277][ T4444]
[ 67.327187][ T4444] dump_stack_lvl+0x188/0x250
[ 67.331936][ T4444] ? show_regs_print_info+0x20/0x20
[ 67.337112][ T4444] ? load_image+0x400/0x400
[ 67.341854][ T4444] panic+0x2e5/0x810
[ 67.345902][ T4444] ? bpf_jit_dump+0xd0/0xd0
[ 67.350559][ T4444] ? _raw_spin_unlock_irqrestore+0x10d/0x120
[ 67.356531][ T4444] ? _raw_spin_unlock+0x40/0x40
[ 67.362075][ T4444] ? print_memory_metadata+0x314/0x400
[ 67.367704][ T4444] ? ax25_fillin_cb+0x459/0x640
[ 67.372635][ T4444] check_panic_on_warn+0x80/0xa0
[ 67.377560][ T4444] ? ax25_fillin_cb+0x459/0x640
[ 67.382392][ T4444] end_report+0x6d/0xf0
[ 67.386537][ T4444] kasan_report+0x102/0x130
[ 67.391131][ T4444] ? ax25_fillin_cb+0x459/0x640
[ 67.395961][ T4444] ax25_fillin_cb+0x459/0x640
[ 67.400617][ T4444] ax25_setsockopt+0x8c9/0xa60
[ 67.405366][ T4444] ? ax25_shutdown+0x10/0x10
[ 67.409936][ T4444] ? aa_sock_opt_perm+0x74/0x100
[ 67.414855][ T4444] ? bpf_lsm_socket_setsockopt+0x5/0x10
[ 67.420381][ T4444] ? security_socket_setsockopt+0x7a/0xa0
[ 67.426093][ T4444] ? ax25_shutdown+0x10/0x10
[ 67.430665][ T4444] __sys_setsockopt+0x2bf/0x3d0
[ 67.435496][ T4444] __x64_sys_setsockopt+0xb1/0xc0
[ 67.440592][ T4444] do_syscall_64+0x4c/0xa0
[ 67.444988][ T4444] ? clear_bhb_loop+0x30/0x80
[ 67.449645][ T4444] ? clear_bhb_loop+0x30/0x80
[ 67.454387][ T4444] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 67.460431][ T4444] RIP: 0033:0x7f2e16af4cb9
[ 67.465435][ T4444] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 67.485374][ T4444] RSP: 002b:00007ffdaa153618 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 67.493872][ T4444] RAX: ffffffffffffffda RBX: 00007f2e16d6ffa0 RCX: 00007f2e16af4cb9
[ 67.501928][ T4444] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000006
[ 67.509889][ T4444] RBP: 00007f2e16b62bf7 R08: 0000000000000010 R09: 0000000000000000
[ 67.517985][ T4444] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000000
[ 67.526270][ T4444] R13: 00007f2e16d6ffac R14: 00007f2e16d6ffa0 R15: 00007f2e16d6ffa0
[ 67.534276][ T4444]
[ 67.537601][ T4444] Kernel Offset: disabled
[ 67.541917][ T4444] Rebooting in 86400 seconds..