Warning: Permanently added '10.128.1.189' (ED25519) to the list of known hosts.
2025/11/02 08:06:17 parsed 1 programs
[ 53.234520][ T4188] cgroup: Unknown subsys name 'net'
[ 53.391389][ T4188] cgroup: Unknown subsys name 'rlimit'
[ 54.677058][ T4188] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 56.355856][ T4207] chnl_net:caif_netlink_parms(): no params data found
[ 56.403319][ T4207] bridge0: port 1(bridge_slave_0) entered blocking state
[ 56.411300][ T4207] bridge0: port 1(bridge_slave_0) entered disabled state
[ 56.419542][ T4207] device bridge_slave_0 entered promiscuous mode
[ 56.430621][ T4207] bridge0: port 2(bridge_slave_1) entered blocking state
[ 56.438181][ T4207] bridge0: port 2(bridge_slave_1) entered disabled state
[ 56.445987][ T4207] device bridge_slave_1 entered promiscuous mode
[ 56.468647][ T4207] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 56.482653][ T4207] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 56.504367][ T4207] team0: Port device team_slave_0 added
[ 56.512401][ T4207] team0: Port device team_slave_1 added
[ 56.529496][ T4207] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 56.536921][ T4207] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 56.563528][ T4207] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 56.577995][ T4207] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 56.585122][ T4207] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 56.611831][ T4207] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 56.641149][ T4207] device hsr_slave_0 entered promiscuous mode
[ 56.648259][ T4207] device hsr_slave_1 entered promiscuous mode
[ 56.735013][ T4207] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 56.745333][ T4207] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 56.754717][ T4207] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 56.764350][ T4207] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 56.811483][ T4207] bridge0: port 2(bridge_slave_1) entered blocking state
[ 56.818711][ T4207] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 56.826699][ T4207] bridge0: port 1(bridge_slave_0) entered blocking state
[ 56.833975][ T4207] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 56.890103][ T4207] 8021q: adding VLAN 0 to HW filter on device bond0
[ 56.905164][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 56.916174][ T1468] bridge0: port 1(bridge_slave_0) entered disabled state
[ 56.925655][ T1468] bridge0: port 2(bridge_slave_1) entered disabled state
[ 56.935566][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 56.949657][ T4207] 8021q: adding VLAN 0 to HW filter on device team0
[ 56.962009][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 56.971320][ T1468] bridge0: port 1(bridge_slave_0) entered blocking state
[ 56.978442][ T1468] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 56.998442][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 57.007008][ T1468] bridge0: port 2(bridge_slave_1) entered blocking state
[ 57.014224][ T1468] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 57.037955][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 57.050176][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 57.059644][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 57.072627][ T4207] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 57.085059][ T4207] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 57.094762][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 57.103600][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 57.214725][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 57.222846][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 57.237105][ T4207] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 57.260653][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 57.282210][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 57.292846][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 57.301917][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 57.312315][ T4207] device veth0_vlan entered promiscuous mode
[ 57.327238][ T4207] device veth1_vlan entered promiscuous mode
[ 57.354390][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 57.364726][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 57.377536][ T4207] device veth0_macvtap entered promiscuous mode
[ 57.388569][ T4207] device veth1_macvtap entered promiscuous mode
[ 57.408028][ T4207] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 57.415617][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 57.426794][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 57.434844][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 57.443636][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 57.455785][ T4207] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 57.464679][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 57.474121][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 57.486933][ T4207] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 57.497293][ T4207] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 57.507655][ T4207] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 57.516394][ T4207] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 58.024423][ T155] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 58.870347][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 58.881329][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 58.893203][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 58.904344][ T151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 58.912596][ T151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 58.922283][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2025/11/02 08:06:24 executed programs: 0
[ 59.344448][ T4282] chnl_net:caif_netlink_parms(): no params data found
[ 59.382571][ T4282] bridge0: port 1(bridge_slave_0) entered blocking state
[ 59.389884][ T4282] bridge0: port 1(bridge_slave_0) entered disabled state
[ 59.398590][ T4282] device bridge_slave_0 entered promiscuous mode
[ 59.406987][ T4282] bridge0: port 2(bridge_slave_1) entered blocking state
[ 59.414301][ T4282] bridge0: port 2(bridge_slave_1) entered disabled state
[ 59.422223][ T4282] device bridge_slave_1 entered promiscuous mode
[ 59.442239][ T4282] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 59.453092][ T4282] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 59.478906][ T4282] team0: Port device team_slave_0 added
[ 59.486946][ T4282] team0: Port device team_slave_1 added
[ 59.503181][ T4282] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 59.510247][ T4282] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 59.536253][ T4282] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 59.548496][ T4282] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 59.555432][ T4282] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 59.581797][ T4282] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 59.610369][ T4282] device hsr_slave_0 entered promiscuous mode
[ 59.617121][ T4282] device hsr_slave_1 entered promiscuous mode
[ 59.624068][ T4282] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 59.632012][ T4282] Cannot create hsr debugfs directory
[ 60.222956][ T155] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 61.316667][ T4203] Bluetooth: hci0: command 0x0409 tx timeout
[ 62.501588][ T155] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 62.553329][ T155] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 63.396151][ T4203] Bluetooth: hci0: command 0x041b tx timeout
[ 63.412347][ T4282] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 63.421281][ T4282] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 63.431525][ T4282] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 63.441031][ T4282] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 63.495252][ T4282] 8021q: adding VLAN 0 to HW filter on device bond0
[ 63.516781][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 63.524575][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 63.535525][ T4282] 8021q: adding VLAN 0 to HW filter on device team0
[ 63.548690][ T155] device hsr_slave_0 left promiscuous mode
[ 63.555245][ T155] device hsr_slave_1 left promiscuous mode
[ 63.562335][ T155] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 63.570053][ T155] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 63.578519][ T155] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 63.586184][ T155] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 63.593755][ T155] device bridge_slave_1 left promiscuous mode
[ 63.600859][ T155] bridge0: port 2(bridge_slave_1) entered disabled state
[ 63.613330][ T155] device bridge_slave_0 left promiscuous mode
[ 63.620902][ T155] bridge0: port 1(bridge_slave_0) entered disabled state
[ 63.639159][ T155] device veth1_macvtap left promiscuous mode
[ 63.645399][ T155] device veth0_macvtap left promiscuous mode
[ 63.652167][ T155] device veth1_vlan left promiscuous mode
[ 63.658304][ T155] device veth0_vlan left promiscuous mode
[ 63.782050][ T155] team0 (unregistering): Port device team_slave_1 removed
[ 63.795846][ T155] team0 (unregistering): Port device team_slave_0 removed
[ 63.809810][ T155] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 63.822734][ T155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 63.873284][ T155] bond0 (unregistering): Released all slaves
[ 63.932183][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 63.940887][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 63.949959][ T151] bridge0: port 1(bridge_slave_0) entered blocking state
[ 63.957091][ T151] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 63.967103][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 63.985084][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 63.994732][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 64.004173][ T1468] bridge0: port 2(bridge_slave_1) entered blocking state
[ 64.011296][ T1468] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 64.020159][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 64.028919][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 64.042888][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 64.052586][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 64.069594][ T4282] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 64.080138][ T4282] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 64.092650][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 64.102985][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 64.111685][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 64.120296][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 64.128826][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 64.137982][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 64.146478][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 64.154779][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 64.252017][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 64.259563][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 64.271460][ T4282] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 64.292432][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 64.302449][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 64.318688][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 64.327066][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 64.335266][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 64.344312][ T1468] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 64.354129][ T4282] device veth0_vlan entered promiscuous mode
[ 64.366768][ T4282] device veth1_vlan entered promiscuous mode
[ 64.392360][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 64.402365][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 64.411282][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 64.421498][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 64.433153][ T4282] device veth0_macvtap entered promiscuous mode
[ 64.444558][ T4282] device veth1_macvtap entered promiscuous mode
[ 64.464925][ T4282] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 64.472882][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 64.482124][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 64.491186][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 64.500288][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 64.512823][ T4282] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 64.520818][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 64.530161][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 64.543404][ T4282] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 64.553559][ T4282] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 64.562346][ T4282] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 64.572158][ T4282] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 64.641327][ T151] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 64.661445][ T151] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/11/02 08:06:30 executed programs: 2
[ 64.684089][ T1468] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 64.687755][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 64.702960][ T1468] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 64.715006][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 64.784964][ T4336] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[ 64.857865][ T4338] ==================================================================
[ 64.866151][ T4338] BUG: KASAN: use-after-free in ax25_fillin_cb+0x459/0x640
[ 64.873472][ T4338] Read of size 4 at addr ffff88807a0d7538 by task syz.0.19/4338
[ 64.881397][ T4338]
[ 64.883739][ T4338] CPU: 0 PID: 4338 Comm: syz.0.19 Not tainted syzkaller #0
[ 64.890942][ T4338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 64.901100][ T4338] Call Trace:
[ 64.904409][ T4338]
[ 64.907360][ T4338] dump_stack_lvl+0x168/0x230
[ 64.912048][ T4338] ? show_regs_print_info+0x20/0x20
[ 64.917250][ T4338] ? _printk+0xcc/0x110
[ 64.921417][ T4338] ? ax25_fillin_cb+0x459/0x640
[ 64.926466][ T4338] ? load_image+0x3b0/0x3b0
[ 64.930991][ T4338] print_address_description+0x60/0x2d0
[ 64.936641][ T4338] ? ax25_fillin_cb+0x459/0x640
[ 64.941508][ T4338] kasan_report+0xdf/0x130
[ 64.946015][ T4338] ? ax25_fillin_cb+0x459/0x640
[ 64.950872][ T4338] ax25_fillin_cb+0x459/0x640
[ 64.955553][ T4338] ax25_setsockopt+0x8a2/0xa40
[ 64.960340][ T4338] ? ax25_shutdown+0x10/0x10
[ 64.965107][ T4338] ? aa_sock_opt_perm+0x74/0x100
[ 64.970139][ T4338] ? bpf_lsm_socket_setsockopt+0x5/0x10
[ 64.975687][ T4338] ? security_socket_setsockopt+0x7a/0xa0
[ 64.981547][ T4338] ? ax25_shutdown+0x10/0x10
[ 64.986161][ T4338] __sys_setsockopt+0x2bf/0x3d0
[ 64.991224][ T4338] __x64_sys_setsockopt+0xb1/0xc0
[ 64.996273][ T4338] do_syscall_64+0x4c/0xa0
[ 65.000711][ T4338] ? clear_bhb_loop+0x30/0x80
[ 65.005404][ T4338] ? clear_bhb_loop+0x30/0x80
[ 65.010423][ T4338] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 65.016368][ T4338] RIP: 0033:0x7fdea042bfc9
[ 65.020887][ T4338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 65.040620][ T4338] RSP: 002b:00007ffe9d85a708 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 65.049047][ T4338] RAX: ffffffffffffffda RBX: 00007fdea0682fa0 RCX: 00007fdea042bfc9
[ 65.057156][ T4338] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000007
[ 65.065328][ T4338] RBP: 00007fdea04aef91 R08: 0000000000000010 R09: 0000000000000000
[ 65.073677][ T4338] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000
[ 65.081703][ T4338] R13: 00007fdea0682fa0 R14: 00007fdea0682fa0 R15: 0000000000000005
[ 65.089725][ T4338]
[ 65.092748][ T4338]
[ 65.095066][ T4338] Allocated by task 4336:
[ 65.099475][ T4338] __kasan_kmalloc+0xb5/0xf0
[ 65.104070][ T4338] ax25_dev_device_up+0x50/0x580
[ 65.109461][ T4338] ax25_device_event+0x483/0x4f0
[ 65.114611][ T4338] raw_notifier_call_chain+0xcb/0x160
[ 65.120112][ T4338] __dev_notify_flags+0x178/0x2d0
[ 65.125240][ T4338] dev_change_flags+0xe3/0x1a0
[ 65.130012][ T4338] dev_ifsioc+0x147/0xe70
[ 65.134453][ T4338] dev_ioctl+0x55f/0xe50
[ 65.138810][ T4338] sock_do_ioctl+0x222/0x2f0
[ 65.143407][ T4338] sock_ioctl+0x4ed/0x6e0
[ 65.147917][ T4338] __se_sys_ioctl+0xfa/0x170
[ 65.152652][ T4338] do_syscall_64+0x4c/0xa0
[ 65.157282][ T4338] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 65.163446][ T4338]
[ 65.165943][ T4338] Freed by task 4337:
[ 65.170009][ T4338] kasan_set_track+0x4b/0x70
[ 65.175036][ T4338] kasan_set_free_info+0x1f/0x40
[ 65.180059][ T4338] ____kasan_slab_free+0xd5/0x110
[ 65.185374][ T4338] slab_free_freelist_hook+0xea/0x170
[ 65.190782][ T4338] kfree+0xef/0x2a0
[ 65.194700][ T4338] ax25_release+0x661/0x870
[ 65.199291][ T4338] sock_close+0xd5/0x240
[ 65.203641][ T4338] __fput+0x234/0x930
[ 65.208145][ T4338] task_work_run+0x125/0x1a0
[ 65.212743][ T4338] exit_to_user_mode_loop+0x10f/0x130
[ 65.218204][ T4338] exit_to_user_mode_prepare+0xee/0x180
[ 65.223753][ T4338] syscall_exit_to_user_mode+0x16/0x40
[ 65.229372][ T4338] do_syscall_64+0x58/0xa0
[ 65.233793][ T4338] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 65.239744][ T4338]
[ 65.242352][ T4338] The buggy address belongs to the object at ffff88807a0d7500
[ 65.242352][ T4338] which belongs to the cache kmalloc-192 of size 192
[ 65.256779][ T4338] The buggy address is located 56 bytes inside of
[ 65.256779][ T4338] 192-byte region [ffff88807a0d7500, ffff88807a0d75c0)
[ 65.270755][ T4338] The buggy address belongs to the page:
[ 65.276395][ T4338] page:ffffea0001e835c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7a0d7
[ 65.286546][ T4338] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 65.294105][ T4338] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff888016841a00
[ 65.302866][ T4338] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 65.311446][ T4338] page dumped because: kasan: bad access detected
[ 65.317861][ T4338] page_owner tracks the page as allocated
[ 65.323559][ T4338] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 4336, ts 64780386484, free_ts 64539351241
[ 65.339533][ T4338] get_page_from_freelist+0x1b77/0x1c60
[ 65.345165][ T4338] __alloc_pages+0x1e1/0x470
[ 65.349833][ T4338] new_slab+0xb6/0x4b0
[ 65.353889][ T4338] ___slab_alloc+0x81e/0xdf0
[ 65.358458][ T4338] __kmalloc_node+0x200/0x3b0
[ 65.363117][ T4338] memcg_alloc_page_obj_cgroups+0x81/0x120
[ 65.369190][ T4338] slab_post_alloc_hook+0xba/0x380
[ 65.374527][ T4338] kmem_cache_alloc+0x100/0x290
[ 65.379525][ T4338] __d_alloc+0x2a/0x6f0
[ 65.383683][ T4338] d_alloc+0x4a/0x250
[ 65.387959][ T4338] lookup_one_qstr_excl+0xc6/0x240
[ 65.393236][ T4338] filename_create+0x21e/0x450
[ 65.398224][ T4338] do_symlinkat+0xb3/0x6c0
[ 65.402653][ T4338] __x64_sys_symlinkat+0x95/0xa0
[ 65.407594][ T4338] do_syscall_64+0x4c/0xa0
[ 65.412092][ T4338] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 65.418449][ T4338] page last free stack trace:
[ 65.423200][ T4338] free_unref_page_prepare+0x637/0x6c0
[ 65.428750][ T4338] free_unref_page+0x94/0x280
[ 65.433515][ T4338] __unfreeze_partials+0x1a5/0x200
[ 65.438613][ T4338] put_cpu_partial+0x12d/0x190
[ 65.443368][ T4338] qlist_free_all+0x35/0x90
[ 65.447906][ T4338] kasan_quarantine_reduce+0x150/0x160
[ 65.453542][ T4338] __kasan_slab_alloc+0x2f/0xd0
[ 65.458477][ T4338] slab_post_alloc_hook+0x4c/0x380
[ 65.463617][ T4338] kmem_cache_alloc_node+0x12d/0x2d0
[ 65.468903][ T4338] __alloc_skb+0xf4/0x750
[ 65.473324][ T4338] alloc_skb_with_frags+0xa7/0x730
[ 65.478525][ T4338] sock_alloc_send_pskb+0x853/0x980
[ 65.483729][ T4338] unix_dgram_sendmsg+0x5ef/0x1890
[ 65.488825][ T4338] __sys_sendto+0x423/0x580
[ 65.493315][ T4338] __x64_sys_sendto+0xda/0xf0
[ 65.497990][ T4338] do_syscall_64+0x4c/0xa0
[ 65.502403][ T4338]
[ 65.504725][ T4338] Memory state around the buggy address:
[ 65.510985][ T4338] ffff88807a0d7400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 65.519043][ T4338] ffff88807a0d7480: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[ 65.527312][ T4338] >ffff88807a0d7500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 65.535380][ T4338] ^
[ 65.541263][ T4338] ffff88807a0d7580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 65.549318][ T4338] ffff88807a0d7600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 65.557458][ T4338] ==================================================================
[ 65.565507][ T4338] Disabling lock debugging due to kernel taint
[ 65.573058][ T1324] Bluetooth: hci0: command 0x040f tx timeout
[ 65.579908][ T4338] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 65.587210][ T4338] CPU: 1 PID: 4338 Comm: syz.0.19 Tainted: G B syzkaller #0
[ 65.595780][ T4338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 65.605814][ T4338] Call Trace:
[ 65.609073][ T4338]
[ 65.612077][ T4338] dump_stack_lvl+0x168/0x230
[ 65.616927][ T4338] ? show_regs_print_info+0x20/0x20
[ 65.622120][ T4338] ? load_image+0x3b0/0x3b0
[ 65.626697][ T4338] panic+0x2c9/0x7f0
[ 65.630771][ T4338] ? bpf_jit_dump+0xd0/0xd0
[ 65.635280][ T4338] ? _raw_spin_unlock_irqrestore+0xf6/0x100
[ 65.641256][ T4338] ? _raw_spin_unlock+0x40/0x40
[ 65.646182][ T4338] ? print_memory_metadata+0x314/0x400
[ 65.651624][ T4338] ? ax25_fillin_cb+0x459/0x640
[ 65.656463][ T4338] check_panic_on_warn+0x80/0xa0
[ 65.661650][ T4338] ? ax25_fillin_cb+0x459/0x640
[ 65.666478][ T4338] end_report+0x6d/0xf0
[ 65.670613][ T4338] kasan_report+0x102/0x130
[ 65.675243][ T4338] ? ax25_fillin_cb+0x459/0x640
[ 65.680087][ T4338] ax25_fillin_cb+0x459/0x640
[ 65.684846][ T4338] ax25_setsockopt+0x8a2/0xa40
[ 65.689688][ T4338] ? ax25_shutdown+0x10/0x10
[ 65.694266][ T4338] ? aa_sock_opt_perm+0x74/0x100
[ 65.699189][ T4338] ? bpf_lsm_socket_setsockopt+0x5/0x10
[ 65.704807][ T4338] ? security_socket_setsockopt+0x7a/0xa0
[ 65.710502][ T4338] ? ax25_shutdown+0x10/0x10
[ 65.715067][ T4338] __sys_setsockopt+0x2bf/0x3d0
[ 65.719919][ T4338] __x64_sys_setsockopt+0xb1/0xc0
[ 65.724921][ T4338] do_syscall_64+0x4c/0xa0
[ 65.729313][ T4338] ? clear_bhb_loop+0x30/0x80
[ 65.733976][ T4338] ? clear_bhb_loop+0x30/0x80
[ 65.738629][ T4338] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 65.744506][ T4338] RIP: 0033:0x7fdea042bfc9
[ 65.748951][ T4338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 65.768822][ T4338] RSP: 002b:00007ffe9d85a708 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 65.777616][ T4338] RAX: ffffffffffffffda RBX: 00007fdea0682fa0 RCX: 00007fdea042bfc9
[ 65.785592][ T4338] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000007
[ 65.793552][ T4338] RBP: 00007fdea04aef91 R08: 0000000000000010 R09: 0000000000000000
[ 65.801504][ T4338] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000
[ 65.809648][ T4338] R13: 00007fdea0682fa0 R14: 00007fdea0682fa0 R15: 0000000000000005
[ 65.817867][ T4338]
[ 65.821152][ T4338] Kernel Offset: disabled
[ 65.825490][ T4338] Rebooting in 86400 seconds..