Warning: Permanently added '10.128.1.226' (ED25519) to the list of known hosts.
2025/08/10 14:04:01 ignoring optional flag "sandboxArg"="0"
2025/08/10 14:04:02 parsed 1 programs
[ 70.946624][ T4189] cgroup: Unknown subsys name 'net'
[ 71.116050][ T4189] cgroup: Unknown subsys name 'rlimit'
[ 71.514687][ T1430] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.522780][ T1430] ieee802154 phy1 wpan1: encryption failed: -22
[ 72.590106][ T4189] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 75.114918][ T4223] chnl_net:caif_netlink_parms(): no params data found
[ 75.191077][ T4223] bridge0: port 1(bridge_slave_0) entered blocking state
[ 75.199710][ T4223] bridge0: port 1(bridge_slave_0) entered disabled state
[ 75.212573][ T4223] device bridge_slave_0 entered promiscuous mode
[ 75.225577][ T4223] bridge0: port 2(bridge_slave_1) entered blocking state
[ 75.234397][ T4223] bridge0: port 2(bridge_slave_1) entered disabled state
[ 75.244653][ T4223] device bridge_slave_1 entered promiscuous mode
[ 75.281649][ T4223] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 75.293936][ T4223] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 75.325038][ T4223] team0: Port device team_slave_0 added
[ 75.334001][ T4223] team0: Port device team_slave_1 added
[ 75.363249][ T4223] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 75.373712][ T4223] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 75.402629][ T4223] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 75.418299][ T4223] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 75.426691][ T4223] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 75.456878][ T4223] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 75.506626][ T4223] device hsr_slave_0 entered promiscuous mode
[ 75.516533][ T4223] device hsr_slave_1 entered promiscuous mode
[ 75.663328][ T4223] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 75.678462][ T4223] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 75.689994][ T4223] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 75.700046][ T4223] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 75.741867][ T4223] bridge0: port 2(bridge_slave_1) entered blocking state
[ 75.749909][ T4223] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 75.759105][ T4223] bridge0: port 1(bridge_slave_0) entered blocking state
[ 75.767450][ T4223] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 75.830320][ T4223] 8021q: adding VLAN 0 to HW filter on device bond0
[ 75.852079][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 75.875059][ T9] bridge0: port 1(bridge_slave_0) entered disabled state
[ 75.887797][ T9] bridge0: port 2(bridge_slave_1) entered disabled state
[ 75.899582][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 75.923588][ T4223] 8021q: adding VLAN 0 to HW filter on device team0
[ 75.938569][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 75.949774][ T1172] bridge0: port 1(bridge_slave_0) entered blocking state
[ 75.958374][ T1172] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 75.983498][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 75.999314][ T1172] bridge0: port 2(bridge_slave_1) entered blocking state
[ 76.012178][ T1172] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 76.053211][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 76.074622][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 76.091548][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 76.109809][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 76.123630][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 76.148408][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 76.181036][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 76.195477][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 76.218926][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 76.312135][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 76.334683][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 76.362368][ T4223] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 76.406207][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 76.422139][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 76.475139][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 76.497782][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 76.521584][ T4223] device veth0_vlan entered promiscuous mode
[ 76.532897][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 76.548251][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 76.579520][ T4223] device veth1_vlan entered promiscuous mode
[ 76.607216][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 76.622911][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 76.633201][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 76.646577][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 76.675248][ T4223] device veth0_macvtap entered promiscuous mode
[ 76.687110][ T4223] device veth1_macvtap entered promiscuous mode
[ 76.715437][ T4223] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 76.731604][ T4223] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 76.744014][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 76.762706][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 76.779510][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 76.798808][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 76.812092][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 76.825659][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 76.856139][ T4223] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 76.874281][ T4223] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 76.901246][ T4223] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 76.923212][ T4223] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 77.072791][ T4223] syz-executor (4223) used greatest stack depth: 20960 bytes left
[ 78.461447][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 78.490903][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 78.514921][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 78.528219][ T142] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 78.539451][ T142] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 78.554283][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 78.928285][ T1278] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/08/10 14:04:12 executed programs: 0
[ 79.196201][ T4291] chnl_net:caif_netlink_parms(): no params data found
[ 79.235045][ T4291] bridge0: port 1(bridge_slave_0) entered blocking state
[ 79.244588][ T4291] bridge0: port 1(bridge_slave_0) entered disabled state
[ 79.254768][ T4291] device bridge_slave_0 entered promiscuous mode
[ 79.265251][ T4291] bridge0: port 2(bridge_slave_1) entered blocking state
[ 79.273627][ T4291] bridge0: port 2(bridge_slave_1) entered disabled state
[ 79.283401][ T4291] device bridge_slave_1 entered promiscuous mode
[ 79.306773][ T4291] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 79.319981][ T4291] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 79.345332][ T4291] team0: Port device team_slave_0 added
[ 79.355781][ T4291] team0: Port device team_slave_1 added
[ 79.376470][ T4291] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 79.384343][ T4291] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 79.415118][ T4291] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 79.429261][ T4291] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 79.441550][ T4291] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 79.475298][ T4291] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 79.505096][ T4291] device hsr_slave_0 entered promiscuous mode
[ 79.515022][ T4291] device hsr_slave_1 entered promiscuous mode
[ 79.523634][ T4291] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 79.535242][ T4291] Cannot create hsr debugfs directory
[ 81.202206][ T4244] Bluetooth: hci0: command 0x0409 tx timeout
[ 81.353854][ T1278] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 81.443359][ T1278] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 81.531189][ T1278] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 82.559519][ T4291] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 82.576440][ T4291] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 82.594654][ T4291] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 82.649630][ T4291] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 82.785808][ T4291] 8021q: adding VLAN 0 to HW filter on device bond0
[ 82.806168][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 82.820764][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 82.837163][ T4291] 8021q: adding VLAN 0 to HW filter on device team0
[ 82.890066][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 82.907014][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 82.929898][ T4298] bridge0: port 1(bridge_slave_0) entered blocking state
[ 82.940800][ T4298] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 82.953888][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 82.968159][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 82.985258][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 83.002923][ T4298] bridge0: port 2(bridge_slave_1) entered blocking state
[ 83.016723][ T4298] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 83.088496][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 83.105757][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 83.133226][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 83.157923][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 83.178636][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 83.196480][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 83.214975][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 83.231979][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 83.245483][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 83.270621][ T4245] Bluetooth: hci0: command 0x041b tx timeout
[ 83.288293][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 83.299888][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 83.314906][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 83.447864][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 83.461280][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 83.503952][ T4291] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 83.526962][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 83.542445][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 83.579320][ T4291] device veth0_vlan entered promiscuous mode
[ 83.589303][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 83.608825][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 83.627565][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 83.639653][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 83.662117][ T4291] device veth1_vlan entered promiscuous mode
[ 83.696039][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 83.713135][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 83.727459][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 83.739090][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 83.753405][ T4291] device veth0_macvtap entered promiscuous mode
[ 83.782270][ T1278] device hsr_slave_0 left promiscuous mode
[ 83.793687][ T1278] device hsr_slave_1 left promiscuous mode
[ 83.802247][ T1278] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 83.812997][ T1278] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 83.822674][ T1278] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 83.831464][ T1278] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 83.841348][ T1278] device bridge_slave_1 left promiscuous mode
[ 83.849423][ T1278] bridge0: port 2(bridge_slave_1) entered disabled state
[ 83.866609][ T1278] device bridge_slave_0 left promiscuous mode
[ 83.875772][ T1278] bridge0: port 1(bridge_slave_0) entered disabled state
[ 83.898092][ T1278] device veth1_macvtap left promiscuous mode
[ 83.907535][ T1278] device veth0_macvtap left promiscuous mode
[ 83.918805][ T1278] device veth1_vlan left promiscuous mode
[ 83.929832][ T1278] device veth0_vlan left promiscuous mode
[ 84.113046][ T1278] team0 (unregistering): Port device team_slave_1 removed
[ 84.127490][ T1278] team0 (unregistering): Port device team_slave_0 removed
[ 84.148977][ T1278] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 84.170203][ T1278] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 84.231962][ T1278] bond0 (unregistering): Released all slaves
[ 84.326774][ T4291] device veth1_macvtap entered promiscuous mode
[ 84.347309][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 84.361097][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 84.392274][ T4291] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 84.407058][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 84.418648][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 84.438646][ T4291] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 84.448500][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 84.459533][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 84.474648][ T4291] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 84.484938][ T4291] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 84.496828][ T4291] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 84.510595][ T4291] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 84.586214][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 84.606385][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 84.634556][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 84.649240][ T1172] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 84.662849][ T1172] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/08/10 14:04:17 executed programs: 2
[ 84.679775][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 84.719895][ T4373] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[ 84.809246][ T4375] ==================================================================
[ 84.819599][ T4375] BUG: KASAN: use-after-free in ax25_fillin_cb+0x459/0x640
[ 84.827741][ T4375] Read of size 4 at addr ffff88801eb72638 by task syz.0.19/4375
[ 84.838371][ T4375]
[ 84.840842][ T4375] CPU: 1 PID: 4375 Comm: syz.0.19 Not tainted 5.15.189-syzkaller #0
[ 84.851291][ T4375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 84.866560][ T4375] Call Trace:
[ 84.870584][ T4375]
[ 84.874604][ T4375] dump_stack_lvl+0x168/0x230
[ 84.881399][ T4375] ? show_regs_print_info+0x20/0x20
[ 84.888618][ T4375] ? _printk+0xcc/0x110
[ 84.894660][ T4375] ? ax25_fillin_cb+0x459/0x640
[ 84.903499][ T4375] ? load_image+0x3b0/0x3b0
[ 84.908839][ T4375] print_address_description+0x60/0x2d0
[ 84.918484][ T4375] ? ax25_fillin_cb+0x459/0x640
[ 84.923960][ T4375] kasan_report+0xdf/0x130
[ 84.929726][ T4375] ? ax25_fillin_cb+0x459/0x640
[ 84.936856][ T4375] ax25_fillin_cb+0x459/0x640
[ 84.945377][ T4375] ax25_setsockopt+0x8a2/0xa40
[ 84.958472][ T4375] ? ax25_shutdown+0x10/0x10
[ 84.969341][ T4375] ? aa_sock_opt_perm+0x74/0x100
[ 84.980475][ T4375] ? bpf_lsm_socket_setsockopt+0x5/0x10
[ 84.989664][ T4375] ? security_socket_setsockopt+0x7a/0xa0
[ 84.999014][ T4375] ? ax25_shutdown+0x10/0x10
[ 85.008642][ T4375] __sys_setsockopt+0x2bf/0x3d0
[ 85.018558][ T4375] __x64_sys_setsockopt+0xb1/0xc0
[ 85.027048][ T4375] do_syscall_64+0x4c/0xa0
[ 85.033937][ T4375] ? clear_bhb_loop+0x30/0x80
[ 85.040941][ T4375] ? clear_bhb_loop+0x30/0x80
[ 85.049607][ T4375] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 85.057610][ T4375] RIP: 0033:0x7f7ae40acbe9
[ 85.067011][ T4375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 85.089142][ T4375] RSP: 002b:00007ffe0b1b3b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 85.099889][ T4375] RAX: ffffffffffffffda RBX: 00007f7ae42d3fa0 RCX: 00007f7ae40acbe9
[ 85.113836][ T4375] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000007
[ 85.124942][ T4375] RBP: 00007f7ae412fe19 R08: 0000000000000010 R09: 0000000000000000
[ 85.135566][ T4375] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000
[ 85.148910][ T4375] R13: 00007f7ae42d3fa0 R14: 00007f7ae42d3fa0 R15: 0000000000000005
[ 85.166817][ T4375]
[ 85.171951][ T4375]
[ 85.177649][ T4375] Allocated by task 4373:
[ 85.183377][ T4375] __kasan_kmalloc+0xb5/0xf0
[ 85.190585][ T4375] ax25_dev_device_up+0x50/0x580
[ 85.200975][ T4375] ax25_device_event+0x483/0x4f0
[ 85.209983][ T4375] raw_notifier_call_chain+0xcb/0x160
[ 85.220584][ T4375] __dev_notify_flags+0x178/0x2d0
[ 85.230030][ T4375] dev_change_flags+0xe3/0x1a0
[ 85.236515][ T4375] dev_ifsioc+0x147/0xe70
[ 85.243508][ T4375] dev_ioctl+0x55f/0xe50
[ 85.250049][ T4375] sock_do_ioctl+0x222/0x2f0
[ 85.255805][ T4375] sock_ioctl+0x4ed/0x6e0
[ 85.261286][ T4375] __se_sys_ioctl+0xfa/0x170
[ 85.269089][ T4375] do_syscall_64+0x4c/0xa0
[ 85.274779][ T4375] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 85.281903][ T4375]
[ 85.284683][ T4375] Freed by task 4374:
[ 85.289510][ T4375] kasan_set_track+0x4b/0x70
[ 85.294390][ T4375] kasan_set_free_info+0x1f/0x40
[ 85.300044][ T4375] ____kasan_slab_free+0xd5/0x110
[ 85.305544][ T4375] slab_free_freelist_hook+0xea/0x170
[ 85.311479][ T4375] kfree+0xef/0x2a0
[ 85.316205][ T4375] ax25_release+0x661/0x870
[ 85.320705][ T4375] sock_close+0xd5/0x240
[ 85.325040][ T4375] __fput+0x234/0x930
[ 85.329369][ T4375] task_work_run+0x125/0x1a0
[ 85.333984][ T4375] exit_to_user_mode_loop+0x10f/0x130
[ 85.339630][ T4375] exit_to_user_mode_prepare+0xb1/0x140
[ 85.346433][ T4375] syscall_exit_to_user_mode+0x16/0x40
[ 85.352615][ T4375] do_syscall_64+0x58/0xa0
[ 85.358468][ T4375] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 85.368916][ T4375]
[ 85.371559][ T4375] The buggy address belongs to the object at ffff88801eb72600
[ 85.371559][ T4375] which belongs to the cache kmalloc-192 of size 192
[ 85.389004][ T4375] The buggy address is located 56 bytes inside of
[ 85.389004][ T4375] 192-byte region [ffff88801eb72600, ffff88801eb726c0)
[ 85.405347][ T4375] The buggy address belongs to the page:
[ 85.411325][ T4375] page:ffffea00007adc80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1eb72
[ 85.422195][ T4375] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 85.430207][ T4375] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff888016841a00
[ 85.441376][ T4375] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 85.452834][ T4375] page dumped because: kasan: bad access detected
[ 85.465116][ T4375] page_owner tracks the page as allocated
[ 85.482899][ T4375] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 4373, ts 84715700156, free_ts 84712020795
[ 85.514879][ T4375] get_page_from_freelist+0x1b77/0x1c60
[ 85.521785][ T4375] __alloc_pages+0x1e1/0x470
[ 85.527295][ T4375] new_slab+0xb6/0x4b0
[ 85.533617][ T4375] ___slab_alloc+0x81e/0xdf0
[ 85.538393][ T4375] __kmalloc_node+0x200/0x3b0
[ 85.543270][ T4375] memcg_alloc_page_obj_cgroups+0x81/0x120
[ 85.549106][ T4375] slab_post_alloc_hook+0xba/0x380
[ 85.556101][ T4375] kmem_cache_alloc+0x100/0x290
[ 85.561645][ T4375] __d_alloc+0x2a/0x6f0
[ 85.569697][ T4375] d_alloc+0x47/0x1a0
[ 85.575007][ T4375] lookup_one_qstr_excl+0xc6/0x240
[ 85.581635][ T4375] filename_create+0x21e/0x450
[ 85.586688][ T4375] do_symlinkat+0xb3/0x6c0
[ 85.592612][ T4375] __x64_sys_symlinkat+0x95/0xa0
[ 85.599956][ T4375] do_syscall_64+0x4c/0xa0
[ 85.605882][ T4375] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 85.614321][ T4375] page last free stack trace:
[ 85.620834][ T4375] free_unref_page_prepare+0x637/0x6c0
[ 85.628302][ T4375] free_unref_page+0x94/0x280
[ 85.633345][ T4375] qlist_free_all+0x35/0x90
[ 85.638385][ T4375] kasan_quarantine_reduce+0x150/0x160
[ 85.644472][ T4375] __kasan_slab_alloc+0x2f/0xd0
[ 85.650847][ T4375] slab_post_alloc_hook+0x4c/0x380
[ 85.656451][ T4375] __kmalloc_node+0x15a/0x3b0
[ 85.661246][ T4375] kvmalloc_node+0x84/0x130
[ 85.665858][ T4375] seq_read_iter+0x1f6/0xd50
[ 85.670972][ T4375] vfs_read+0x725/0xcf0
[ 85.675529][ T4375] ksys_read+0x14d/0x250
[ 85.680500][ T4375] do_syscall_64+0x4c/0xa0
[ 85.685110][ T4375] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 85.691112][ T4375]
[ 85.694135][ T4375] Memory state around the buggy address:
[ 85.700211][ T4375] ffff88801eb72500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 85.709048][ T4375] ffff88801eb72580: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[ 85.717557][ T4375] >ffff88801eb72600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 85.726634][ T4375] ^
[ 85.733063][ T4375] ffff88801eb72680: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 85.744336][ T4375] ffff88801eb72700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 85.756083][ T4375] ==================================================================
[ 85.765705][ T4375] Disabling lock debugging due to kernel taint
[ 85.776363][ T4319] Bluetooth: hci0: command 0x040f tx timeout
[ 85.785835][ T4375] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 85.800681][ T4375] CPU: 1 PID: 4375 Comm: syz.0.19 Tainted: G B 5.15.189-syzkaller #0
[ 85.811409][ T4375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 85.822498][ T4375] Call Trace:
[ 85.826866][ T4375]
[ 85.830438][ T4375] dump_stack_lvl+0x168/0x230
[ 85.836506][ T4375] ? show_regs_print_info+0x20/0x20
[ 85.843155][ T4375] ? load_image+0x3b0/0x3b0
[ 85.848690][ T4375] panic+0x2c9/0x7f0
[ 85.853721][ T4375] ? bpf_jit_dump+0xd0/0xd0
[ 85.859241][ T4375] ? _raw_spin_unlock_irqrestore+0xf6/0x100
[ 85.865425][ T4375] ? _raw_spin_unlock+0x40/0x40
[ 85.870539][ T4375] ? print_memory_metadata+0x314/0x400
[ 85.877265][ T4375] ? ax25_fillin_cb+0x459/0x640
[ 85.882495][ T4375] check_panic_on_warn+0x80/0xa0
[ 85.888253][ T4375] ? ax25_fillin_cb+0x459/0x640
[ 85.894399][ T4375] end_report+0x6d/0xf0
[ 85.899982][ T4375] kasan_report+0x102/0x130
[ 85.906502][ T4375] ? ax25_fillin_cb+0x459/0x640
[ 85.911550][ T4375] ax25_fillin_cb+0x459/0x640
[ 85.916617][ T4375] ax25_setsockopt+0x8a2/0xa40
[ 85.921684][ T4375] ? ax25_shutdown+0x10/0x10
[ 85.927587][ T4375] ? aa_sock_opt_perm+0x74/0x100
[ 85.933597][ T4375] ? bpf_lsm_socket_setsockopt+0x5/0x10
[ 85.939408][ T4375] ? security_socket_setsockopt+0x7a/0xa0
[ 85.946289][ T4375] ? ax25_shutdown+0x10/0x10
[ 85.952224][ T4375] __sys_setsockopt+0x2bf/0x3d0
[ 85.957686][ T4375] __x64_sys_setsockopt+0xb1/0xc0
[ 85.963222][ T4375] do_syscall_64+0x4c/0xa0
[ 85.968428][ T4375] ? clear_bhb_loop+0x30/0x80
[ 85.973405][ T4375] ? clear_bhb_loop+0x30/0x80
[ 85.978530][ T4375] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 85.985152][ T4375] RIP: 0033:0x7f7ae40acbe9
[ 85.990340][ T4375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 86.013540][ T4375] RSP: 002b:00007ffe0b1b3b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 86.022961][ T4375] RAX: ffffffffffffffda RBX: 00007f7ae42d3fa0 RCX: 00007f7ae40acbe9
[ 86.032910][ T4375] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000007
[ 86.041714][ T4375] RBP: 00007f7ae412fe19 R08: 0000000000000010 R09: 0000000000000000
[ 86.050774][ T4375] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000
[ 86.059751][ T4375] R13: 00007f7ae42d3fa0 R14: 00007f7ae42d3fa0 R15: 0000000000000005
[ 86.068621][ T4375]
[ 86.087290][ T4375] Kernel Offset: disabled
[ 86.091845][ T4375] Rebooting in 86400 seconds..