Warning: Permanently added '10.128.1.69' (ED25519) to the list of known hosts.
2026/01/04 10:30:55 parsed 1 programs
[ 55.846799][ T4188] cgroup: Unknown subsys name 'net'
[ 55.981919][ T4188] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 57.165696][ T4188] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 60.142346][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 60.157690][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 60.166835][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 60.179740][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 60.187912][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 60.196602][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 60.900540][ T4277] chnl_net:caif_netlink_parms(): no params data found
[ 60.934437][ T4277] bridge0: port 1(bridge_slave_0) entered blocking state
[ 60.941936][ T4277] bridge0: port 1(bridge_slave_0) entered disabled state
[ 60.949775][ T4277] device bridge_slave_0 entered promiscuous mode
[ 60.958381][ T4277] bridge0: port 2(bridge_slave_1) entered blocking state
[ 60.965539][ T4277] bridge0: port 2(bridge_slave_1) entered disabled state
[ 60.974129][ T4277] device bridge_slave_1 entered promiscuous mode
[ 60.992472][ T4277] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 61.003543][ T4277] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 61.023678][ T4277] team0: Port device team_slave_0 added
[ 61.030983][ T4277] team0: Port device team_slave_1 added
[ 61.046252][ T4277] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 61.053214][ T4277] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 61.079356][ T4277] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 61.091408][ T4277] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 61.098510][ T4277] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 61.124502][ T4277] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 61.148779][ T4277] device hsr_slave_0 entered promiscuous mode
[ 61.155453][ T4277] device hsr_slave_1 entered promiscuous mode
[ 61.223903][ T4277] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 61.233617][ T4277] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 61.242947][ T4277] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 61.252172][ T4277] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 61.290542][ T4277] bridge0: port 2(bridge_slave_1) entered blocking state
[ 61.297676][ T4277] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 61.305288][ T4277] bridge0: port 1(bridge_slave_0) entered blocking state
[ 61.312371][ T4277] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 61.370328][ T4277] 8021q: adding VLAN 0 to HW filter on device bond0
[ 61.382339][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 61.392308][ T9] bridge0: port 1(bridge_slave_0) entered disabled state
[ 61.400935][ T9] bridge0: port 2(bridge_slave_1) entered disabled state
[ 61.409670][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 61.423511][ T4277] 8021q: adding VLAN 0 to HW filter on device team0
[ 61.451131][ T1218] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 61.459828][ T1218] bridge0: port 1(bridge_slave_0) entered blocking state
[ 61.466889][ T1218] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 61.482044][ T1218] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 61.490977][ T1218] bridge0: port 2(bridge_slave_1) entered blocking state
[ 61.498061][ T1218] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 61.536568][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 61.551488][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 61.560964][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 61.570085][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 61.582808][ T1218] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 61.593852][ T4277] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 61.689184][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 61.696683][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 61.708778][ T4277] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 61.741986][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 61.760516][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 61.768874][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 61.776382][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 61.788537][ T4277] device veth0_vlan entered promiscuous mode
[ 61.809465][ T4277] device veth1_vlan entered promiscuous mode
[ 61.825606][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 61.833941][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 61.842516][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 61.865027][ T4277] device veth0_macvtap entered promiscuous mode
[ 61.874067][ T4277] device veth1_macvtap entered promiscuous mode
[ 61.889290][ T4277] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 61.896920][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 61.906415][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 61.917074][ T4277] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 61.925378][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 61.934727][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 61.947213][ T4277] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 61.957097][ T4277] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 61.966871][ T4277] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 61.975844][ T4277] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 62.070187][ T4277] syz-executor (4277) used greatest stack depth: 20096 bytes left
2026/01/04 10:31:03 executed programs: 0
[ 62.553266][ T4299] chnl_net:caif_netlink_parms(): no params data found
[ 62.616465][ T4299] bridge0: port 1(bridge_slave_0) entered blocking state
[ 62.626113][ T4299] bridge0: port 1(bridge_slave_0) entered disabled state
[ 62.634462][ T4299] device bridge_slave_0 entered promiscuous mode
[ 62.645463][ T4299] bridge0: port 2(bridge_slave_1) entered blocking state
[ 62.652678][ T4299] bridge0: port 2(bridge_slave_1) entered disabled state
[ 62.663555][ T4299] device bridge_slave_1 entered promiscuous mode
[ 62.700385][ T4299] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 62.712444][ T4299] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 62.747946][ T4299] team0: Port device team_slave_0 added
[ 62.757376][ T4299] team0: Port device team_slave_1 added
[ 62.785956][ T4299] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 62.793080][ T4299] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 62.821770][ T4299] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 62.835095][ T4299] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 62.844703][ T4299] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 62.870712][ T4299] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 62.910270][ T4299] device hsr_slave_0 entered promiscuous mode
[ 62.917134][ T4299] device hsr_slave_1 entered promiscuous mode
[ 62.924086][ T4299] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 62.932028][ T4299] Cannot create hsr debugfs directory
[ 63.042568][ T4299] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 64.428027][ T4274] Bluetooth: hci0: command 0x0409 tx timeout
[ 65.652177][ T4299] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 66.508408][ T26] Bluetooth: hci0: command 0x041b tx timeout
[ 67.403270][ T4299] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 67.472956][ T4299] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 67.663447][ T4299] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 67.674318][ T4299] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 67.683064][ T4299] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 67.691692][ T4299] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 67.739116][ T4299] 8021q: adding VLAN 0 to HW filter on device bond0
[ 67.751743][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 67.759860][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 67.771248][ T4299] 8021q: adding VLAN 0 to HW filter on device team0
[ 67.785935][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 67.795401][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 67.805035][ T1252] bridge0: port 1(bridge_slave_0) entered blocking state
[ 67.812137][ T1252] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 67.820351][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 67.838497][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 67.847215][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 67.856034][ T1252] bridge0: port 2(bridge_slave_1) entered blocking state
[ 67.863122][ T1252] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 67.871594][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 67.880275][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 67.888675][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 67.897071][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 67.905526][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 67.914660][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 67.924343][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 67.936977][ T154] device hsr_slave_0 left promiscuous mode
[ 67.943624][ T154] device hsr_slave_1 left promiscuous mode
[ 67.950158][ T154] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 67.958861][ T154] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 67.966872][ T154] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 67.974811][ T154] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 67.982435][ T154] device bridge_slave_1 left promiscuous mode
[ 67.989668][ T154] bridge0: port 2(bridge_slave_1) entered disabled state
[ 68.001296][ T154] device bridge_slave_0 left promiscuous mode
[ 68.007480][ T154] bridge0: port 1(bridge_slave_0) entered disabled state
[ 68.022348][ T154] device veth1_macvtap left promiscuous mode
[ 68.029161][ T154] device veth0_macvtap left promiscuous mode
[ 68.035396][ T154] device veth1_vlan left promiscuous mode
[ 68.041306][ T154] device veth0_vlan left promiscuous mode
[ 68.152972][ T154] team0 (unregistering): Port device team_slave_1 removed
[ 68.165245][ T154] team0 (unregistering): Port device team_slave_0 removed
[ 68.175816][ T154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 68.188325][ T154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 68.237700][ T154] bond0 (unregistering): Released all slaves
[ 68.294495][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 68.303095][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 68.314448][ T1218] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 68.324631][ T1218] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 68.337899][ T4299] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 68.417257][ T1218] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 68.424916][ T1218] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 68.441558][ T4299] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 68.466523][ T1218] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 68.475145][ T1218] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 68.496243][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 68.512527][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 68.521379][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 68.531167][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 68.540657][ T4299] device veth0_vlan entered promiscuous mode
[ 68.551109][ T4299] device veth1_vlan entered promiscuous mode
[ 68.565686][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 68.575238][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 68.583610][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 68.591789][ T4273] Bluetooth: hci0: command 0x040f tx timeout
[ 68.594372][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 68.609703][ T4299] device veth0_macvtap entered promiscuous mode
[ 68.619480][ T4299] device veth1_macvtap entered promiscuous mode
[ 68.631761][ T4299] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 68.639319][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 68.648732][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 68.656486][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 68.665569][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 68.677183][ T4299] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 68.688359][ T4299] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.698369][ T4299] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.707087][ T4299] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.715940][ T4299] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.729272][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 68.738499][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 68.801536][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 68.820955][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 68.828938][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 68.836903][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2026/01/04 10:31:09 executed programs: 2
[ 68.846743][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 68.856918][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 68.903282][ T4319] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[ 68.948626][ T4321] ==================================================================
[ 68.956911][ T4321] BUG: KASAN: use-after-free in ax25_fillin_cb+0x459/0x640
[ 68.964148][ T4321] Read of size 4 at addr ffff88801da5e438 by task syz.0.19/4321
[ 68.971888][ T4321]
[ 68.974228][ T4321] CPU: 1 PID: 4321 Comm: syz.0.19 Not tainted syzkaller #0
[ 68.981781][ T4321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 68.991851][ T4321] Call Trace:
[ 68.995138][ T4321]
[ 68.998089][ T4321] dump_stack_lvl+0x168/0x230
[ 69.002789][ T4321] ? show_regs_print_info+0x20/0x20
[ 69.008082][ T4321] ? _printk+0xcc/0x110
[ 69.012270][ T4321] ? ax25_fillin_cb+0x459/0x640
[ 69.017128][ T4321] ? load_image+0x3b0/0x3b0
[ 69.021647][ T4321] print_address_description+0x60/0x2d0
[ 69.027207][ T4321] ? ax25_fillin_cb+0x459/0x640
[ 69.032074][ T4321] kasan_report+0xdf/0x130
[ 69.036509][ T4321] ? ax25_fillin_cb+0x459/0x640
[ 69.041378][ T4321] ax25_fillin_cb+0x459/0x640
[ 69.046095][ T4321] ax25_setsockopt+0x8a2/0xa40
[ 69.050879][ T4321] ? ax25_shutdown+0x10/0x10
[ 69.055497][ T4321] ? aa_sock_opt_perm+0x74/0x100
[ 69.060460][ T4321] ? bpf_lsm_socket_setsockopt+0x5/0x10
[ 69.066027][ T4321] ? security_socket_setsockopt+0x7a/0xa0
[ 69.071763][ T4321] ? ax25_shutdown+0x10/0x10
[ 69.076374][ T4321] __sys_setsockopt+0x2bf/0x3d0
[ 69.081248][ T4321] __x64_sys_setsockopt+0xb1/0xc0
[ 69.086287][ T4321] do_syscall_64+0x4c/0xa0
[ 69.090716][ T4321] ? clear_bhb_loop+0x30/0x80
[ 69.095404][ T4321] ? clear_bhb_loop+0x30/0x80
[ 69.100094][ T4321] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 69.106000][ T4321] RIP: 0033:0x7f08f2594749
[ 69.110433][ T4321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 69.130057][ T4321] RSP: 002b:00007ffd6f332f08 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 69.138502][ T4321] RAX: ffffffffffffffda RBX: 00007f08f27eafa0 RCX: 00007f08f2594749
[ 69.146504][ T4321] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000006
[ 69.154490][ T4321] RBP: 00007f08f2618f91 R08: 0000000000000010 R09: 0000000000000000
[ 69.162477][ T4321] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[ 69.170464][ T4321] R13: 00007f08f27eafa0 R14: 00007f08f27eafa0 R15: 0000000000000005
[ 69.178473][ T4321]
[ 69.181504][ T4321]
[ 69.183838][ T4321] Allocated by task 4319:
[ 69.188178][ T4321] __kasan_kmalloc+0xb5/0xf0
[ 69.192786][ T4321] ax25_dev_device_up+0x50/0x580
[ 69.197738][ T4321] ax25_device_event+0x483/0x4f0
[ 69.202688][ T4321] raw_notifier_call_chain+0xcb/0x160
[ 69.208069][ T4321] __dev_notify_flags+0x178/0x2d0
[ 69.213129][ T4321] dev_change_flags+0xe3/0x1a0
[ 69.218005][ T4321] dev_ifsioc+0x147/0xe70
[ 69.222352][ T4321] dev_ioctl+0x55f/0xe50
[ 69.226600][ T4321] sock_do_ioctl+0x222/0x2f0
[ 69.231200][ T4321] sock_ioctl+0x4ed/0x6e0
[ 69.235540][ T4321] __se_sys_ioctl+0xfa/0x170
[ 69.240145][ T4321] do_syscall_64+0x4c/0xa0
[ 69.244576][ T4321] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 69.250479][ T4321]
[ 69.252812][ T4321] Freed by task 4320:
[ 69.256799][ T4321] kasan_set_track+0x4b/0x70
[ 69.261409][ T4321] kasan_set_free_info+0x1f/0x40
[ 69.266366][ T4321] ____kasan_slab_free+0xd5/0x110
[ 69.271405][ T4321] slab_free_freelist_hook+0xea/0x170
[ 69.276790][ T4321] kfree+0xef/0x2a0
[ 69.280782][ T4321] ax25_release+0x661/0x870
[ 69.285300][ T4321] sock_close+0xd5/0x240
[ 69.289551][ T4321] __fput+0x234/0x930
[ 69.293541][ T4321] task_work_run+0x125/0x1a0
[ 69.298148][ T4321] exit_to_user_mode_loop+0x10f/0x130
[ 69.303532][ T4321] exit_to_user_mode_prepare+0xee/0x180
[ 69.309096][ T4321] syscall_exit_to_user_mode+0x16/0x40
[ 69.314577][ T4321] do_syscall_64+0x58/0xa0
[ 69.319005][ T4321] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 69.324914][ T4321]
[ 69.327248][ T4321] The buggy address belongs to the object at ffff88801da5e400
[ 69.327248][ T4321] which belongs to the cache kmalloc-192 of size 192
[ 69.341309][ T4321] The buggy address is located 56 bytes inside of
[ 69.341309][ T4321] 192-byte region [ffff88801da5e400, ffff88801da5e4c0)
[ 69.354632][ T4321] The buggy address belongs to the page:
[ 69.360282][ T4321] page:ffffea0000769780 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1da5e
[ 69.370454][ T4321] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 69.378030][ T4321] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff888016841a00
[ 69.386629][ T4321] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 69.395217][ T4321] page dumped because: kasan: bad access detected
[ 69.401640][ T4321] page_owner tracks the page as allocated
[ 69.407360][ T4321] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 4299, ts 68895745695, free_ts 68895383661
[ 69.423387][ T4321] get_page_from_freelist+0x1b77/0x1c60
[ 69.428969][ T4321] __alloc_pages+0x1e1/0x470
[ 69.433570][ T4321] new_slab+0xb6/0x4b0
[ 69.437647][ T4321] ___slab_alloc+0x81e/0xdf0
[ 69.442259][ T4321] __kmalloc_node+0x200/0x3b0
[ 69.446946][ T4321] memcg_alloc_page_obj_cgroups+0x81/0x120
[ 69.452763][ T4321] slab_post_alloc_hook+0xba/0x380
[ 69.457885][ T4321] kmem_cache_alloc+0x100/0x290
[ 69.462749][ T4321] dup_fd+0x53/0xc70
[ 69.466657][ T4321] copy_files+0x72/0xe0
[ 69.470832][ T4321] copy_process+0x1680/0x3e00
[ 69.475528][ T4321] kernel_clone+0x219/0x930
[ 69.480044][ T4321] __x64_sys_clone+0x170/0x1c0
[ 69.484818][ T4321] do_syscall_64+0x4c/0xa0
[ 69.489243][ T4321] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 69.495148][ T4321] page last free stack trace:
[ 69.499822][ T4321] free_unref_page_prepare+0x637/0x6c0
[ 69.505298][ T4321] free_unref_page+0x94/0x280
[ 69.510070][ T4321] __vunmap+0x8ab/0xa40
[ 69.514235][ T4321] do_ip6t_get_ctl+0xe1a/0x1090
[ 69.519093][ T4321] nf_getsockopt+0x25e/0x280
[ 69.523700][ T4321] ipv6_getsockopt+0x442/0x2000
[ 69.528570][ T4321] tcp_getsockopt+0x1e3/0x2390
[ 69.533449][ T4321] __sys_getsockopt+0x1b0/0x230
[ 69.538308][ T4321] __x64_sys_getsockopt+0xb1/0xc0
[ 69.543347][ T4321] do_syscall_64+0x4c/0xa0
[ 69.547779][ T4321] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 69.553686][ T4321]
[ 69.556016][ T4321] Memory state around the buggy address:
[ 69.561654][ T4321] ffff88801da5e300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 69.569828][ T4321] ffff88801da5e380: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[ 69.577909][ T4321] >ffff88801da5e400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 69.585973][ T4321] ^
[ 69.591957][ T4321] ffff88801da5e480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 69.600024][ T4321] ffff88801da5e500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 69.608087][ T4321] ==================================================================
[ 69.616174][ T4321] Disabling lock debugging due to kernel taint
[ 69.637630][ T4321] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 69.644859][ T4321] CPU: 1 PID: 4321 Comm: syz.0.19 Tainted: G B syzkaller #0
[ 69.653456][ T4321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 69.663524][ T4321] Call Trace:
[ 69.666803][ T4321]
[ 69.669743][ T4321] dump_stack_lvl+0x168/0x230
[ 69.674402][ T4321] ? show_regs_print_info+0x20/0x20
[ 69.679584][ T4321] ? load_image+0x3b0/0x3b0
[ 69.684076][ T4321] panic+0x2c9/0x7f0
[ 69.687954][ T4321] ? bpf_jit_dump+0xd0/0xd0
[ 69.692432][ T4321] ? _raw_spin_unlock_irqrestore+0xf6/0x100
[ 69.698300][ T4321] ? _raw_spin_unlock+0x40/0x40
[ 69.703122][ T4321] ? print_memory_metadata+0x314/0x400
[ 69.708571][ T4321] ? ax25_fillin_cb+0x459/0x640
[ 69.713502][ T4321] check_panic_on_warn+0x80/0xa0
[ 69.718498][ T4321] ? ax25_fillin_cb+0x459/0x640
[ 69.723320][ T4321] end_report+0x6d/0xf0
[ 69.727450][ T4321] kasan_report+0x102/0x130
[ 69.731938][ T4321] ? ax25_fillin_cb+0x459/0x640
[ 69.736777][ T4321] ax25_fillin_cb+0x459/0x640
[ 69.741425][ T4321] ax25_setsockopt+0x8a2/0xa40
[ 69.746161][ T4321] ? ax25_shutdown+0x10/0x10
[ 69.750729][ T4321] ? aa_sock_opt_perm+0x74/0x100
[ 69.755651][ T4321] ? bpf_lsm_socket_setsockopt+0x5/0x10
[ 69.761176][ T4321] ? security_socket_setsockopt+0x7a/0xa0
[ 69.766875][ T4321] ? ax25_shutdown+0x10/0x10
[ 69.771440][ T4321] __sys_setsockopt+0x2bf/0x3d0
[ 69.776267][ T4321] __x64_sys_setsockopt+0xb1/0xc0
[ 69.781269][ T4321] do_syscall_64+0x4c/0xa0
[ 69.785658][ T4321] ? clear_bhb_loop+0x30/0x80
[ 69.790308][ T4321] ? clear_bhb_loop+0x30/0x80
[ 69.794959][ T4321] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 69.800822][ T4321] RIP: 0033:0x7f08f2594749
[ 69.805213][ T4321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 69.824788][ T4321] RSP: 002b:00007ffd6f332f08 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 69.833175][ T4321] RAX: ffffffffffffffda RBX: 00007f08f27eafa0 RCX: 00007f08f2594749
[ 69.841119][ T4321] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000006
[ 69.849062][ T4321] RBP: 00007f08f2618f91 R08: 0000000000000010 R09: 0000000000000000
[ 69.857007][ T4321] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[ 69.864952][ T4321] R13: 00007f08f27eafa0 R14: 00007f08f27eafa0 R15: 0000000000000005
[ 69.872898][ T4321]
[ 69.876069][ T4321] Kernel Offset: disabled
[ 69.880502][ T4321] Rebooting in 86400 seconds..