Warning: Permanently added '10.128.0.146' (ED25519) to the list of known hosts.
2026/03/09 02:30:35 parsed 1 programs
syzkaller login: [ 56.442044][ T4188] cgroup: Unknown subsys name 'net'
[ 56.573583][ T4188] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 57.876527][ T4188] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 60.179761][ T151] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 60.201073][ T151] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 60.213601][ T1251] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 60.235427][ T1251] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 60.243520][ T1251] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 60.251086][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 60.672487][ T4237] chnl_net:caif_netlink_parms(): no params data found
[ 60.732026][ T4237] bridge0: port 1(bridge_slave_0) entered blocking state
[ 60.739858][ T4237] bridge0: port 1(bridge_slave_0) entered disabled state
[ 60.747930][ T4237] device bridge_slave_0 entered promiscuous mode
[ 60.758414][ T4237] bridge0: port 2(bridge_slave_1) entered blocking state
[ 60.765623][ T4237] bridge0: port 2(bridge_slave_1) entered disabled state
[ 60.774203][ T4237] device bridge_slave_1 entered promiscuous mode
[ 60.800467][ T4237] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 60.811839][ T4237] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 60.837533][ T4237] team0: Port device team_slave_0 added
[ 60.845230][ T4237] team0: Port device team_slave_1 added
[ 60.867131][ T4237] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 60.874540][ T4237] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 60.901075][ T4237] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 60.914029][ T4237] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 60.921998][ T4237] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 60.949236][ T4237] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 60.981852][ T4237] device hsr_slave_0 entered promiscuous mode
[ 60.990719][ T4237] device hsr_slave_1 entered promiscuous mode
[ 61.109539][ T4237] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 61.120767][ T4237] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 61.129580][ T4237] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 61.139302][ T4237] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 61.174125][ T4237] bridge0: port 2(bridge_slave_1) entered blocking state
[ 61.182556][ T4237] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 61.190744][ T4237] bridge0: port 1(bridge_slave_0) entered blocking state
[ 61.201260][ T4237] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 61.273646][ T151] bridge0: port 1(bridge_slave_0) entered disabled state
[ 61.290562][ T151] bridge0: port 2(bridge_slave_1) entered disabled state
[ 61.342229][ T4237] 8021q: adding VLAN 0 to HW filter on device bond0
[ 61.353456][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 61.362523][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 61.372727][ T4237] 8021q: adding VLAN 0 to HW filter on device team0
[ 61.383740][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 61.393007][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 61.401979][ T151] bridge0: port 1(bridge_slave_0) entered blocking state
[ 61.409056][ T151] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 61.421202][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 61.430012][ T151] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 61.438657][ T151] bridge0: port 2(bridge_slave_1) entered blocking state
[ 61.445710][ T151] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 61.455304][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 61.471205][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 61.479803][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 61.490691][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 61.499410][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 61.510795][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 61.519898][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 61.530724][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 61.539497][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 61.551582][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 61.560082][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 61.571902][ T4237] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 61.645622][ T4237] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 61.653232][ T1251] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 61.660875][ T1251] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 61.689734][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 61.698627][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 61.717274][ T4237] device veth0_vlan entered promiscuous mode
[ 61.725310][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 61.734834][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 61.760180][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 61.767940][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 61.778508][ T4237] device veth1_vlan entered promiscuous mode
[ 61.795712][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 61.805284][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 61.815617][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 61.824639][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 61.835585][ T4237] device veth0_macvtap entered promiscuous mode
[ 61.859739][ T4237] device veth1_macvtap entered promiscuous mode
[ 61.873951][ T4237] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 61.881736][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 61.891378][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 61.901067][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 61.909905][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 61.921969][ T4237] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 61.931017][ T1251] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 61.940390][ T1251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 61.963993][ T4237] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 61.973867][ T4237] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 61.983142][ T4237] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 61.992297][ T4237] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2026/03/09 02:30:43 executed programs: 0
[ 63.398864][ T4291] chnl_net:caif_netlink_parms(): no params data found
[ 63.454672][ T4291] bridge0: port 1(bridge_slave_0) entered blocking state
[ 63.462072][ T4291] bridge0: port 1(bridge_slave_0) entered disabled state
[ 63.470186][ T4291] device bridge_slave_0 entered promiscuous mode
[ 63.478677][ T4291] bridge0: port 2(bridge_slave_1) entered blocking state
[ 63.485808][ T4291] bridge0: port 2(bridge_slave_1) entered disabled state
[ 63.495069][ T4291] device bridge_slave_1 entered promiscuous mode
[ 63.521719][ T4291] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 63.533430][ T4291] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 63.562842][ T4291] team0: Port device team_slave_0 added
[ 63.571338][ T4291] team0: Port device team_slave_1 added
[ 63.592946][ T4291] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 63.599961][ T4291] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 63.626092][ T4291] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 63.638684][ T4291] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 63.645838][ T4291] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 63.671993][ T4291] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 63.709945][ T4291] device hsr_slave_0 entered promiscuous mode
[ 63.716865][ T4291] device hsr_slave_1 entered promiscuous mode
[ 63.723674][ T4291] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 63.732637][ T4291] Cannot create hsr debugfs directory
[ 63.823652][ T4291] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 65.329205][ T4246] Bluetooth: hci0: command 0x0409 tx timeout
[ 66.695221][ T4291] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 66.742748][ T4291] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 66.825628][ T4291] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 66.895035][ T4291] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 66.904159][ T4291] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 66.913912][ T4291] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 66.923632][ T4291] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 66.997525][ T4291] 8021q: adding VLAN 0 to HW filter on device bond0
[ 67.011626][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 67.019490][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 67.029315][ T4291] 8021q: adding VLAN 0 to HW filter on device team0
[ 67.052451][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 67.061828][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 67.071153][ T9] bridge0: port 1(bridge_slave_0) entered blocking state
[ 67.078391][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 67.086810][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 67.106136][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 67.114847][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 67.123626][ T9] bridge0: port 2(bridge_slave_1) entered blocking state
[ 67.130731][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 67.149443][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 67.158251][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 67.166766][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 67.176569][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 67.185753][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 67.194848][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 67.203506][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 67.224811][ T1251] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 67.233372][ T1251] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 67.243658][ T1251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 67.253259][ T1251] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 67.265706][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 67.366905][ T1251] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 67.374512][ T1251] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 67.385535][ T4291] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 67.409275][ T4306] Bluetooth: hci0: command 0x041b tx timeout
[ 67.421169][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 67.430261][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 67.458860][ T1251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 67.467002][ T1251] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 67.475626][ T1251] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 67.483835][ T1251] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 67.494968][ T4291] device veth0_vlan entered promiscuous mode
[ 67.510607][ T1281] device hsr_slave_0 left promiscuous mode
[ 67.516897][ T1281] device hsr_slave_1 left promiscuous mode
[ 67.523702][ T1281] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 67.531390][ T1281] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 67.539883][ T1281] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 67.547290][ T1281] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 67.555962][ T1281] device bridge_slave_1 left promiscuous mode
[ 67.563316][ T1281] bridge0: port 2(bridge_slave_1) entered disabled state
[ 67.576014][ T1281] device bridge_slave_0 left promiscuous mode
[ 67.583401][ T1281] bridge0: port 1(bridge_slave_0) entered disabled state
[ 67.600397][ T1281] device veth1_macvtap left promiscuous mode
[ 67.606571][ T1281] device veth0_macvtap left promiscuous mode
[ 67.613107][ T1281] device veth1_vlan left promiscuous mode
[ 67.619821][ T1281] device veth0_vlan left promiscuous mode
[ 67.754809][ T1281] team0 (unregistering): Port device team_slave_1 removed
[ 67.771948][ T1281] team0 (unregistering): Port device team_slave_0 removed
[ 67.784951][ T1281] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 67.800578][ T1281] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 67.852379][ T1281] bond0 (unregistering): Released all slaves
[ 67.895033][ T4291] device veth1_vlan entered promiscuous mode
[ 67.913368][ T1251] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 67.921719][ T1251] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 67.930182][ T1251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 67.938893][ T1251] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 67.951071][ T4291] device veth0_macvtap entered promiscuous mode
[ 67.974520][ T4291] device veth1_macvtap entered promiscuous mode
[ 67.992066][ T4291] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 68.000719][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 68.008921][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 68.016698][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 68.025665][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 68.035926][ T4291] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 68.044651][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 68.053445][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 68.064840][ T4291] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.074700][ T4291] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.083860][ T4291] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.092823][ T4291] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.147781][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 68.157885][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 68.166128][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 68.196834][ T1251] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 68.205370][ T1251] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 68.213995][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 68.247475][ T4315] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[ 68.294855][ T4317] ==================================================================
[ 68.303052][ T4317] BUG: KASAN: use-after-free in ax25_fillin_cb+0x459/0x640
[ 68.310276][ T4317] Read of size 4 at addr ffff8880225be538 by task syz.0.19/4317
[ 68.317902][ T4317]
[ 68.320224][ T4317] CPU: 0 PID: 4317 Comm: syz.0.19 Not tainted syzkaller #0
[ 68.327402][ T4317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 68.337560][ T4317] Call Trace:
[ 68.340823][ T4317]
[ 68.343744][ T4317] dump_stack_lvl+0x188/0x250
[ 68.348405][ T4317] ? show_regs_print_info+0x20/0x20
[ 68.353583][ T4317] ? _printk+0xda/0x130
[ 68.357802][ T4317] ? ax25_fillin_cb+0x459/0x640
[ 68.362645][ T4317] ? load_image+0x400/0x400
[ 68.367141][ T4317] print_address_description+0x60/0x2d0
[ 68.372768][ T4317] ? ax25_fillin_cb+0x459/0x640
[ 68.377623][ T4317] kasan_report+0xdf/0x130
[ 68.382025][ T4317] ? ax25_fillin_cb+0x459/0x640
[ 68.386858][ T4317] ax25_fillin_cb+0x459/0x640
[ 68.391517][ T4317] ax25_setsockopt+0x8c9/0xa60
[ 68.396295][ T4317] ? ax25_shutdown+0x10/0x10
[ 68.400947][ T4317] ? aa_sock_opt_perm+0x74/0x100
[ 68.405940][ T4317] ? bpf_lsm_socket_setsockopt+0x5/0x10
[ 68.411501][ T4317] ? security_socket_setsockopt+0x7a/0xa0
[ 68.417377][ T4317] ? ax25_shutdown+0x10/0x10
[ 68.421952][ T4317] __sys_setsockopt+0x2bf/0x3d0
[ 68.426789][ T4317] __x64_sys_setsockopt+0xb1/0xc0
[ 68.431798][ T4317] do_syscall_64+0x4c/0xa0
[ 68.436314][ T4317] ? clear_bhb_loop+0x30/0x80
[ 68.440987][ T4317] ? clear_bhb_loop+0x30/0x80
[ 68.445654][ T4317] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 68.451538][ T4317] RIP: 0033:0x7fa501458799
[ 68.456031][ T4317] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 68.475619][ T4317] RSP: 002b:00007ffe162b1988 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 68.484054][ T4317] RAX: ffffffffffffffda RBX: 00007fa5016d1fa0 RCX: 00007fa501458799
[ 68.492015][ T4317] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000006
[ 68.499971][ T4317] RBP: 00007fa5014eebd9 R08: 0000000000000010 R09: 0000000000000000
[ 68.507923][ T4317] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000
[ 68.515872][ T4317] R13: 00007fa5016d1fac R14: 00007fa5016d1fa0 R15: 00007fa5016d1fa0
[ 68.523832][ T4317]
[ 68.526831][ T4317]
[ 68.529135][ T4317] Allocated by task 4315:
[ 68.533438][ T4317] __kasan_kmalloc+0xb5/0xf0
[ 68.538007][ T4317] ax25_dev_device_up+0x50/0x580
[ 68.542922][ T4317] ax25_device_event+0x483/0x4f0
[ 68.547864][ T4317] raw_notifier_call_chain+0xcb/0x160
[ 68.553568][ T4317] __dev_notify_flags+0x194/0x300
[ 68.558580][ T4317] dev_change_flags+0xe3/0x1a0
[ 68.563337][ T4317] dev_ifsioc+0x130/0xd50
[ 68.567746][ T4317] dev_ioctl+0x545/0xe30
[ 68.571972][ T4317] sock_do_ioctl+0x245/0x320
[ 68.576546][ T4317] sock_ioctl+0x4d2/0x710
[ 68.580947][ T4317] __se_sys_ioctl+0xfa/0x170
[ 68.585515][ T4317] do_syscall_64+0x4c/0xa0
[ 68.589906][ T4317] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 68.595777][ T4317]
[ 68.598084][ T4317] Freed by task 4316:
[ 68.602056][ T4317] kasan_set_track+0x4b/0x70
[ 68.606627][ T4317] kasan_set_free_info+0x1f/0x40
[ 68.611544][ T4317] ____kasan_slab_free+0xd5/0x110
[ 68.616548][ T4317] slab_free_freelist_hook+0xea/0x170
[ 68.621921][ T4317] kfree+0xef/0x2a0
[ 68.625711][ T4317] ax25_release+0x661/0x870
[ 68.630193][ T4317] sock_close+0xd5/0x240
[ 68.634456][ T4317] __fput+0x234/0x930
[ 68.638519][ T4317] task_work_run+0x125/0x1a0
[ 68.643102][ T4317] exit_to_user_mode_loop+0x10f/0x130
[ 68.648458][ T4317] exit_to_user_mode_prepare+0xee/0x180
[ 68.653980][ T4317] syscall_exit_to_user_mode+0x16/0x40
[ 68.659446][ T4317] do_syscall_64+0x58/0xa0
[ 68.663929][ T4317] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 68.669805][ T4317]
[ 68.672116][ T4317] The buggy address belongs to the object at ffff8880225be500
[ 68.672116][ T4317] which belongs to the cache kmalloc-192 of size 192
[ 68.686320][ T4317] The buggy address is located 56 bytes inside of
[ 68.686320][ T4317] 192-byte region [ffff8880225be500, ffff8880225be5c0)
[ 68.699514][ T4317] The buggy address belongs to the page:
[ 68.705137][ T4317] page:ffffea0000896f80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x225be
[ 68.715270][ T4317] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 68.722840][ T4317] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff888016c41a00
[ 68.731630][ T4317] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 68.740194][ T4317] page dumped because: kasan: bad access detected
[ 68.746600][ T4317] page_owner tracks the page as allocated
[ 68.752625][ T4317] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 4291, ts 68237508538, free_ts 68237254823
[ 68.768668][ T4317] get_page_from_freelist+0x1bbd/0x1ca0
[ 68.774240][ T4317] __alloc_pages+0x1ee/0x480
[ 68.778824][ T4317] new_slab+0xb6/0x4b0
[ 68.782901][ T4317] ___slab_alloc+0x80a/0xdd0
[ 68.787466][ T4317] __kmalloc_node+0x200/0x3b0
[ 68.792119][ T4317] memcg_alloc_page_obj_cgroups+0x81/0x120
[ 68.797901][ T4317] slab_post_alloc_hook+0xba/0x380
[ 68.802997][ T4317] kmem_cache_alloc+0x100/0x290
[ 68.807822][ T4317] __d_alloc+0x2a/0x6f0
[ 68.812041][ T4317] d_alloc_pseudo+0x19/0x70
[ 68.816521][ T4317] alloc_file_pseudo+0xe0/0x200
[ 68.821479][ T4317] sock_alloc_file+0xb3/0x240
[ 68.826242][ T4317] __sys_socket+0x11d/0x170
[ 68.830930][ T4317] __x64_sys_socket+0x76/0x80
[ 68.835611][ T4317] do_syscall_64+0x4c/0xa0
[ 68.840202][ T4317] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 68.846089][ T4317] page last free stack trace:
[ 68.850837][ T4317] free_unref_page_prepare+0x637/0x6c0
[ 68.856315][ T4317] free_unref_page+0x8f/0x2a0
[ 68.860979][ T4317] __vunmap+0x8b9/0xa50
[ 68.865120][ T4317] do_arpt_get_ctl+0xd53/0x1000
[ 68.869951][ T4317] nf_getsockopt+0x25e/0x280
[ 68.874526][ T4317] ip_getsockopt+0x1256/0x16a0
[ 68.879275][ T4317] tcp_getsockopt+0x200/0x25a0
[ 68.884052][ T4317] __sys_getsockopt+0x1b0/0x230
[ 68.888899][ T4317] __x64_sys_getsockopt+0xb1/0xc0
[ 68.893911][ T4317] do_syscall_64+0x4c/0xa0
[ 68.898316][ T4317] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 68.904220][ T4317]
[ 68.906620][ T4317] Memory state around the buggy address:
[ 68.912226][ T4317] ffff8880225be400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 68.920357][ T4317] ffff8880225be480: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[ 68.928409][ T4317] >ffff8880225be500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 68.936467][ T4317] ^
2026/03/09 02:30:49 executed programs: 3
[ 68.942433][ T4317] ffff8880225be580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 68.950483][ T4317] ffff8880225be600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 68.958539][ T4317] ==================================================================
[ 68.966594][ T4317] Disabling lock debugging due to kernel taint
[ 68.976986][ T4317] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 68.984192][ T4317] CPU: 0 PID: 4317 Comm: syz.0.19 Tainted: G B syzkaller #0
[ 68.992773][ T4317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 69.002825][ T4317] Call Trace:
[ 69.006090][ T4317]
[ 69.009012][ T4317] dump_stack_lvl+0x188/0x250
[ 69.013686][ T4317] ? show_regs_print_info+0x20/0x20
[ 69.019064][ T4317] ? load_image+0x400/0x400
[ 69.024339][ T4317] panic+0x2e5/0x810
[ 69.028269][ T4317] ? bpf_jit_dump+0xd0/0xd0
[ 69.032770][ T4317] ? _raw_spin_unlock_irqrestore+0x10d/0x120
[ 69.038744][ T4317] ? _raw_spin_unlock+0x40/0x40
[ 69.043581][ T4317] ? print_memory_metadata+0x314/0x400
[ 69.049112][ T4317] ? ax25_fillin_cb+0x459/0x640
[ 69.053943][ T4317] check_panic_on_warn+0x80/0xa0
[ 69.058862][ T4317] ? ax25_fillin_cb+0x459/0x640
[ 69.063695][ T4317] end_report+0x6d/0xf0
[ 69.067831][ T4317] kasan_report+0x102/0x130
[ 69.072312][ T4317] ? ax25_fillin_cb+0x459/0x640
[ 69.077156][ T4317] ax25_fillin_cb+0x459/0x640
[ 69.081900][ T4317] ax25_setsockopt+0x8c9/0xa60
[ 69.086676][ T4317] ? ax25_shutdown+0x10/0x10
[ 69.091251][ T4317] ? aa_sock_opt_perm+0x74/0x100
[ 69.096173][ T4317] ? bpf_lsm_socket_setsockopt+0x5/0x10
[ 69.101797][ T4317] ? security_socket_setsockopt+0x7a/0xa0
[ 69.107509][ T4317] ? ax25_shutdown+0x10/0x10
[ 69.112076][ T4317] __sys_setsockopt+0x2bf/0x3d0
[ 69.116920][ T4317] __x64_sys_setsockopt+0xb1/0xc0
[ 69.122208][ T4317] do_syscall_64+0x4c/0xa0
[ 69.126617][ T4317] ? clear_bhb_loop+0x30/0x80
[ 69.131343][ T4317] ? clear_bhb_loop+0x30/0x80
[ 69.136008][ T4317] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 69.141895][ T4317] RIP: 0033:0x7fa501458799
[ 69.146310][ T4317] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 69.166103][ T4317] RSP: 002b:00007ffe162b1988 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 69.174760][ T4317] RAX: ffffffffffffffda RBX: 00007fa5016d1fa0 RCX: 00007fa501458799
[ 69.182715][ T4317] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000006
[ 69.190667][ T4317] RBP: 00007fa5014eebd9 R08: 0000000000000010 R09: 0000000000000000
[ 69.198619][ T4317] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000
[ 69.206584][ T4317] R13: 00007fa5016d1fac R14: 00007fa5016d1fa0 R15: 00007fa5016d1fa0
[ 69.214640][ T4317]
[ 69.217936][ T4317] Kernel Offset: disabled
[ 69.222252][ T4317] Rebooting in 86400 seconds..