Warning: Permanently added '10.128.1.96' (ED25519) to the list of known hosts.
2026/02/08 04:17:57 parsed 1 programs
[ 69.586587][ T4191] cgroup: Unknown subsys name 'net'
[ 69.701959][ T4191] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 71.216073][ T4191] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 71.379169][ T1425] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.385746][ T1425] ieee802154 phy1 wpan1: encryption failed: -22
[ 74.027404][ T4241] syz-executor (4241) used greatest stack depth: 21072 bytes left
[ 74.107848][ T4246] chnl_net:caif_netlink_parms(): no params data found
[ 74.174505][ T4246] bridge0: port 1(bridge_slave_0) entered blocking state
[ 74.183585][ T4246] bridge0: port 1(bridge_slave_0) entered disabled state
[ 74.192153][ T4246] device bridge_slave_0 entered promiscuous mode
[ 74.203335][ T4246] bridge0: port 2(bridge_slave_1) entered blocking state
[ 74.210846][ T4246] bridge0: port 2(bridge_slave_1) entered disabled state
[ 74.220493][ T4246] device bridge_slave_1 entered promiscuous mode
[ 74.246730][ T4246] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 74.258428][ T4246] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 74.286298][ T4246] team0: Port device team_slave_0 added
[ 74.294173][ T4246] team0: Port device team_slave_1 added
[ 74.316960][ T4246] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 74.324033][ T4246] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 74.350467][ T4246] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 74.363708][ T4246] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 74.370891][ T4246] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 74.396956][ T4246] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 74.434112][ T4246] device hsr_slave_0 entered promiscuous mode
[ 74.441355][ T4246] device hsr_slave_1 entered promiscuous mode
[ 74.567228][ T4246] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 74.577870][ T4246] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 74.588175][ T4246] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 74.599539][ T4246] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 74.674059][ T4246] bridge0: port 2(bridge_slave_1) entered blocking state
[ 74.683687][ T4246] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 74.695308][ T4246] bridge0: port 1(bridge_slave_0) entered blocking state
[ 74.702465][ T4246] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 74.790196][ T4246] 8021q: adding VLAN 0 to HW filter on device bond0
[ 74.807658][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 74.818229][ T1259] bridge0: port 1(bridge_slave_0) entered disabled state
[ 74.827716][ T1259] bridge0: port 2(bridge_slave_1) entered disabled state
[ 74.840441][ T4246] 8021q: adding VLAN 0 to HW filter on device team0
[ 74.852547][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 74.861981][ T1259] bridge0: port 1(bridge_slave_0) entered blocking state
[ 74.869374][ T1259] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 74.882201][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 74.890928][ T9] bridge0: port 2(bridge_slave_1) entered blocking state
[ 74.898073][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 74.920360][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 74.930051][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 74.943309][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 74.956347][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 74.968306][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 74.979764][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 75.077982][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 75.086013][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 75.099673][ T4246] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 75.133853][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 75.144013][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 75.179548][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 75.188826][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 75.198554][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 75.206826][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 75.219065][ T4246] device veth0_vlan entered promiscuous mode
[ 75.250480][ T4246] device veth1_vlan entered promiscuous mode
[ 75.269249][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 75.279053][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 75.288088][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 75.297132][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 75.310223][ T4246] device veth0_macvtap entered promiscuous mode
[ 75.334280][ T4246] device veth1_macvtap entered promiscuous mode
[ 75.350862][ T4246] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 75.359021][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 75.368001][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 75.376769][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 75.385709][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 75.397493][ T4246] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 75.405099][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 75.414133][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 75.444309][ T4246] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.453575][ T4246] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.462747][ T4246] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.472796][ T4246] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.620106][ T4246] syz-executor (4246) used greatest stack depth: 20496 bytes left
[ 76.698307][ T1259] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 76.715724][ T1259] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 76.741024][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 76.773598][ T1259] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 76.782676][ T1259] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 76.791945][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2026/02/08 04:18:07 executed programs: 0
[ 77.500769][ T144] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 77.593884][ T4302] chnl_net:caif_netlink_parms(): no params data found
[ 77.637513][ T4302] bridge0: port 1(bridge_slave_0) entered blocking state
[ 77.644856][ T4302] bridge0: port 1(bridge_slave_0) entered disabled state
[ 77.652900][ T4302] device bridge_slave_0 entered promiscuous mode
[ 77.661027][ T4302] bridge0: port 2(bridge_slave_1) entered blocking state
[ 77.668203][ T4302] bridge0: port 2(bridge_slave_1) entered disabled state
[ 77.676520][ T4302] device bridge_slave_1 entered promiscuous mode
[ 77.696690][ T4302] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 77.708601][ T4302] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 77.731554][ T4302] team0: Port device team_slave_0 added
[ 77.739237][ T4302] team0: Port device team_slave_1 added
[ 77.757106][ T4302] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 77.764066][ T4302] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 77.792686][ T4302] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 77.804805][ T4302] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 77.811957][ T4302] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 77.838262][ T4302] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 77.870016][ T4302] device hsr_slave_0 entered promiscuous mode
[ 77.876832][ T4302] device hsr_slave_1 entered promiscuous mode
[ 77.883849][ T4302] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 77.892053][ T4302] Cannot create hsr debugfs directory
[ 79.546397][ T1328] Bluetooth: hci0: command 0x0409 tx timeout
[ 80.823150][ T144] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 80.870961][ T144] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 80.943320][ T144] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 81.616211][ T4269] Bluetooth: hci0: command 0x041b tx timeout
[ 81.846172][ T4302] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 81.861458][ T4302] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 81.871524][ T4302] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 81.901296][ T4302] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 81.998547][ T4302] 8021q: adding VLAN 0 to HW filter on device bond0
[ 82.037652][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 82.057185][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 82.067859][ T4302] 8021q: adding VLAN 0 to HW filter on device team0
[ 82.117919][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 82.129823][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 82.139493][ T1259] bridge0: port 1(bridge_slave_0) entered blocking state
[ 82.146631][ T1259] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 82.155219][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 82.164035][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 82.172789][ T1259] bridge0: port 2(bridge_slave_1) entered blocking state
[ 82.180055][ T1259] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 82.188197][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 82.197117][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 82.207001][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 82.228796][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 82.238516][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 82.247354][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 82.259483][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 82.268336][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 82.277236][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 82.285800][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 82.294135][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 82.318670][ T4302] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 82.327128][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 82.439205][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 82.446978][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 82.459949][ T4302] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 82.477460][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 82.486595][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 82.519024][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 82.530437][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 82.550444][ T4302] device veth0_vlan entered promiscuous mode
[ 82.558651][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 82.569152][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 82.587557][ T4302] device veth1_vlan entered promiscuous mode
[ 82.603680][ T144] device hsr_slave_0 left promiscuous mode
[ 82.611121][ T144] device hsr_slave_1 left promiscuous mode
[ 82.617960][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 82.625520][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 82.633722][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 82.641858][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 82.649863][ T144] device bridge_slave_1 left promiscuous mode
[ 82.657973][ T144] bridge0: port 2(bridge_slave_1) entered disabled state
[ 82.672883][ T144] device bridge_slave_0 left promiscuous mode
[ 82.680061][ T144] bridge0: port 1(bridge_slave_0) entered disabled state
[ 82.698343][ T144] device veth1_macvtap left promiscuous mode
[ 82.704586][ T144] device veth0_macvtap left promiscuous mode
[ 82.710758][ T144] device veth1_vlan left promiscuous mode
[ 82.717283][ T144] device veth0_vlan left promiscuous mode
[ 82.891601][ T144] team0 (unregistering): Port device team_slave_1 removed
[ 82.908292][ T144] team0 (unregistering): Port device team_slave_0 removed
[ 82.922012][ T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 82.938509][ T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 83.001157][ T144] bond0 (unregistering): Released all slaves
[ 83.069806][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 83.078656][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 83.092075][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 83.101233][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 83.113937][ T4302] device veth0_macvtap entered promiscuous mode
[ 83.125102][ T4302] device veth1_macvtap entered promiscuous mode
[ 83.144018][ T4302] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 83.151582][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 83.160454][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 83.169343][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 83.184489][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 83.197000][ T4302] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 83.204303][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 83.213374][ T1232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 83.228638][ T4302] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.238818][ T4302] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.248180][ T4302] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.257271][ T4302] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.323843][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 83.333054][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 83.341289][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
2026/02/08 04:18:13 executed programs: 2
[ 83.381823][ T1259] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 83.390330][ T1259] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 83.398760][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 83.451437][ T4363] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[ 83.518799][ T4365] ==================================================================
[ 83.527101][ T4365] BUG: KASAN: use-after-free in ax25_fillin_cb+0x459/0x640
[ 83.534349][ T4365] Read of size 4 at addr ffff888073b17938 by task syz.0.19/4365
[ 83.542001][ T4365]
[ 83.544353][ T4365] CPU: 1 PID: 4365 Comm: syz.0.19 Not tainted syzkaller #0
[ 83.551657][ T4365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 83.561742][ T4365] Call Trace:
[ 83.565039][ T4365]
[ 83.568003][ T4365] dump_stack_lvl+0x188/0x250
[ 83.572727][ T4365] ? show_regs_print_info+0x20/0x20
[ 83.577953][ T4365] ? _printk+0xda/0x130
[ 83.582141][ T4365] ? ax25_fillin_cb+0x459/0x640
[ 83.587023][ T4365] ? load_image+0x400/0x400
[ 83.591665][ T4365] print_address_description+0x60/0x2d0
[ 83.597246][ T4365] ? ax25_fillin_cb+0x459/0x640
[ 83.602140][ T4365] kasan_report+0xdf/0x130
[ 83.606617][ T4365] ? ax25_fillin_cb+0x459/0x640
[ 83.611492][ T4365] ax25_fillin_cb+0x459/0x640
[ 83.616193][ T4365] ax25_setsockopt+0x8c9/0xa60
[ 83.620987][ T4365] ? ax25_shutdown+0x10/0x10
[ 83.625606][ T4365] ? aa_sock_opt_perm+0x74/0x100
[ 83.630578][ T4365] ? bpf_lsm_socket_setsockopt+0x5/0x10
[ 83.636151][ T4365] ? security_socket_setsockopt+0x7a/0xa0
[ 83.641884][ T4365] ? ax25_shutdown+0x10/0x10
[ 83.646503][ T4365] __sys_setsockopt+0x2bf/0x3d0
[ 83.651392][ T4365] __x64_sys_setsockopt+0xb1/0xc0
[ 83.656445][ T4365] do_syscall_64+0x4c/0xa0
[ 83.660885][ T4365] ? clear_bhb_loop+0x30/0x80
[ 83.665584][ T4365] ? clear_bhb_loop+0x30/0x80
[ 83.670305][ T4365] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 83.676227][ T4365] RIP: 0033:0x7f9f6bb31eb9
[ 83.680670][ T4365] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 83.700300][ T4365] RSP: 002b:00007ffc6b0401d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 83.708748][ T4365] RAX: ffffffffffffffda RBX: 00007f9f6bdacfa0 RCX: 00007f9f6bb31eb9
[ 83.716740][ T4365] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000006
[ 83.724747][ T4365] RBP: 00007f9f6bb9fc1f R08: 0000000000000010 R09: 0000000000000000
[ 83.732840][ T4365] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000000
[ 83.740842][ T4365] R13: 00007f9f6bdacfac R14: 00007f9f6bdacfa0 R15: 00007f9f6bdacfa0
[ 83.748858][ T4365]
[ 83.751896][ T4365]
[ 83.754239][ T4365] Allocated by task 4363:
[ 83.758579][ T4365] __kasan_kmalloc+0xb5/0xf0
[ 83.763205][ T4365] ax25_dev_device_up+0x50/0x580
[ 83.768167][ T4365] ax25_device_event+0x483/0x4f0
[ 83.773199][ T4365] raw_notifier_call_chain+0xcb/0x160
[ 83.778594][ T4365] __dev_notify_flags+0x194/0x300
[ 83.783671][ T4365] dev_change_flags+0xe3/0x1a0
[ 83.788450][ T4365] dev_ifsioc+0x130/0xd50
[ 83.792895][ T4365] dev_ioctl+0x545/0xe30
[ 83.797174][ T4365] sock_do_ioctl+0x245/0x320
[ 83.801802][ T4365] sock_ioctl+0x4d2/0x710
[ 83.806180][ T4365] __se_sys_ioctl+0xfa/0x170
[ 83.810805][ T4365] do_syscall_64+0x4c/0xa0
[ 83.815245][ T4365] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 83.821160][ T4365]
[ 83.823502][ T4365] Freed by task 4364:
[ 83.827495][ T4365] kasan_set_track+0x4b/0x70
[ 83.832284][ T4365] kasan_set_free_info+0x1f/0x40
[ 83.837248][ T4365] ____kasan_slab_free+0xd5/0x110
[ 83.842373][ T4365] slab_free_freelist_hook+0xea/0x170
[ 83.847760][ T4365] kfree+0xef/0x2a0
[ 83.851605][ T4365] ax25_release+0x661/0x870
[ 83.856132][ T4365] sock_close+0xd5/0x240
[ 83.860570][ T4365] __fput+0x234/0x930
[ 83.864572][ T4365] task_work_run+0x125/0x1a0
[ 83.869188][ T4365] exit_to_user_mode_loop+0x10f/0x130
[ 83.874582][ T4365] exit_to_user_mode_prepare+0xee/0x180
[ 83.880153][ T4365] syscall_exit_to_user_mode+0x16/0x40
[ 83.885674][ T4365] do_syscall_64+0x58/0xa0
[ 83.890111][ T4365] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 83.896028][ T4365]
[ 83.898372][ T4365] The buggy address belongs to the object at ffff888073b17900
[ 83.898372][ T4365] which belongs to the cache kmalloc-192 of size 192
[ 83.912699][ T4365] The buggy address is located 56 bytes inside of
[ 83.912699][ T4365] 192-byte region [ffff888073b17900, ffff888073b179c0)
[ 83.925906][ T4365] The buggy address belongs to the page:
[ 83.931563][ T4365] page:ffffea0001cec5c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x73b17
[ 83.941733][ T4365] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 83.949318][ T4365] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff888016c41a00
[ 83.957957][ T4365] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[ 83.966643][ T4365] page dumped because: kasan: bad access detected
[ 83.973085][ T4365] page_owner tracks the page as allocated
[ 83.978829][ T4365] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 4302, ts 83428011130, free_ts 83368702362
[ 83.994834][ T4365] get_page_from_freelist+0x1bbd/0x1ca0
[ 84.000413][ T4365] __alloc_pages+0x1ee/0x480
[ 84.005031][ T4365] new_slab+0xb6/0x4b0
[ 84.009124][ T4365] ___slab_alloc+0x80a/0xdd0
[ 84.013734][ T4365] __kmalloc_node+0x200/0x3b0
[ 84.018430][ T4365] memcg_alloc_page_obj_cgroups+0x81/0x120
[ 84.024272][ T4365] slab_post_alloc_hook+0xba/0x380
[ 84.029404][ T4365] kmem_cache_alloc+0x100/0x290
[ 84.034293][ T4365] __d_alloc+0x2a/0x6f0
[ 84.038467][ T4365] d_alloc+0x4a/0x250
[ 84.042471][ T4365] lookup_one_qstr_excl+0xc6/0x240
[ 84.047612][ T4365] filename_create+0x23a/0x470
[ 84.052403][ T4365] do_mkdirat+0xa5/0x5b0
[ 84.056673][ T4365] __x64_sys_mkdirat+0x85/0x90
[ 84.061462][ T4365] do_syscall_64+0x4c/0xa0
[ 84.065904][ T4365] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 84.071858][ T4365] page last free stack trace:
[ 84.076648][ T4365] free_unref_page_prepare+0x637/0x6c0
[ 84.082154][ T4365] free_unref_page+0x8f/0x2a0
[ 84.086887][ T4365] __unfreeze_partials+0x1a5/0x200
[ 84.092023][ T4365] put_cpu_partial+0x12d/0x190
[ 84.096859][ T4365] qlist_free_all+0x35/0x90
[ 84.101391][ T4365] kasan_quarantine_reduce+0x150/0x160
[ 84.106868][ T4365] __kasan_slab_alloc+0x2f/0xd0
[ 84.111752][ T4365] slab_post_alloc_hook+0x4c/0x380
[ 84.116888][ T4365] kmem_cache_alloc_trace+0x103/0x2a0
[ 84.122384][ T4365] nsim_fib_event_work+0x88d/0x33e0
[ 84.127618][ T4365] process_one_work+0x85f/0x1010
[ 84.132591][ T4365] worker_thread+0xd60/0x1290
[ 84.137297][ T4365] kthread+0x436/0x520
[ 84.141575][ T4365] ret_from_fork+0x1f/0x30
[ 84.146065][ T4365]
[ 84.148420][ T4365] Memory state around the buggy address:
[ 84.154213][ T4365] ffff888073b17800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 84.162341][ T4365] ffff888073b17880: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 84.170427][ T4365] >ffff888073b17900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 84.178508][ T4365] ^
[ 84.184427][ T4365] ffff888073b17980: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 84.192513][ T4365] ffff888073b17a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 84.200598][ T4365] ==================================================================
[ 84.208759][ T4365] Disabling lock debugging due to kernel taint
[ 84.218321][ T4269] Bluetooth: hci0: command 0x040f tx timeout
[ 84.235435][ T4365] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 84.242659][ T4365] CPU: 1 PID: 4365 Comm: syz.0.19 Tainted: G B syzkaller #0
[ 84.251387][ T4365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 84.261455][ T4365] Call Trace:
[ 84.264746][ T4365]
[ 84.267708][ T4365] dump_stack_lvl+0x188/0x250
[ 84.272413][ T4365] ? show_regs_print_info+0x20/0x20
[ 84.277657][ T4365] ? load_image+0x400/0x400
[ 84.282216][ T4365] panic+0x2e5/0x810
[ 84.286138][ T4365] ? bpf_jit_dump+0xd0/0xd0
[ 84.290684][ T4365] ? _raw_spin_unlock_irqrestore+0x10d/0x120
[ 84.296682][ T4365] ? _raw_spin_unlock+0x40/0x40
[ 84.301557][ T4365] ? print_memory_metadata+0x314/0x400
[ 84.307573][ T4365] ? ax25_fillin_cb+0x459/0x640
[ 84.312451][ T4365] check_panic_on_warn+0x80/0xa0
[ 84.317410][ T4365] ? ax25_fillin_cb+0x459/0x640
[ 84.322275][ T4365] end_report+0x6d/0xf0
[ 84.326456][ T4365] kasan_report+0x102/0x130
[ 84.330983][ T4365] ? ax25_fillin_cb+0x459/0x640
[ 84.335857][ T4365] ax25_fillin_cb+0x459/0x640
[ 84.340557][ T4365] ax25_setsockopt+0x8c9/0xa60
[ 84.345355][ T4365] ? ax25_shutdown+0x10/0x10
[ 84.349967][ T4365] ? aa_sock_opt_perm+0x74/0x100
[ 84.354931][ T4365] ? bpf_lsm_socket_setsockopt+0x5/0x10
[ 84.360507][ T4365] ? security_socket_setsockopt+0x7a/0xa0
[ 84.366253][ T4365] ? ax25_shutdown+0x10/0x10
[ 84.370868][ T4365] __sys_setsockopt+0x2bf/0x3d0
[ 84.375744][ T4365] __x64_sys_setsockopt+0xb1/0xc0
[ 84.380821][ T4365] do_syscall_64+0x4c/0xa0
[ 84.385259][ T4365] ? clear_bhb_loop+0x30/0x80
[ 84.389961][ T4365] ? clear_bhb_loop+0x30/0x80
[ 84.394659][ T4365] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 84.400577][ T4365] RIP: 0033:0x7f9f6bb31eb9
[ 84.405016][ T4365] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 84.424646][ T4365] RSP: 002b:00007ffc6b0401d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 84.433095][ T4365] RAX: ffffffffffffffda RBX: 00007f9f6bdacfa0 RCX: 00007f9f6bb31eb9
[ 84.441087][ T4365] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000006
[ 84.449123][ T4365] RBP: 00007f9f6bb9fc1f R08: 0000000000000010 R09: 0000000000000000
[ 84.457113][ T4365] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000000
[ 84.465118][ T4365] R13: 00007f9f6bdacfac R14: 00007f9f6bdacfa0 R15: 00007f9f6bdacfa0
[ 84.473124][ T4365]
[ 84.476470][ T4365] Kernel Offset: disabled
[ 84.480809][ T4365] Rebooting in 86400 seconds..