Warning: Permanently added '10.128.1.250' (ED25519) to the list of known hosts.
2026/01/19 15:10:32 parsed 1 programs
Setting up swapspace version 1, size = 127995904 bytes
[ 92.838493][ T4615] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 94.243568][ T4632] chnl_net:caif_netlink_parms(): no params data found
[ 94.284498][ T4632] bridge0: port 1(bridge_slave_0) entered blocking state
[ 94.292011][ T4632] bridge0: port 1(bridge_slave_0) entered disabled state
[ 94.300120][ T4632] device bridge_slave_0 entered promiscuous mode
[ 94.311026][ T4632] bridge0: port 2(bridge_slave_1) entered blocking state
[ 94.318457][ T4632] bridge0: port 2(bridge_slave_1) entered disabled state
[ 94.326988][ T4632] device bridge_slave_1 entered promiscuous mode
[ 94.347424][ T4632] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 94.360593][ T4632] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 94.383662][ T4632] team0: Port device team_slave_0 added
[ 94.391638][ T4632] team0: Port device team_slave_1 added
[ 94.413370][ T4632] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 94.421002][ T4632] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 94.449361][ T4632] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 94.461747][ T4632] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 94.469326][ T4632] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 94.496483][ T4632] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 94.524608][ T4632] device hsr_slave_0 entered promiscuous mode
[ 94.532473][ T4632] device hsr_slave_1 entered promiscuous mode
[ 95.193825][ T4632] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 95.218360][ T4632] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 95.239935][ T4632] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 95.258111][ T4632] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 95.426157][ T4632] 8021q: adding VLAN 0 to HW filter on device bond0
[ 95.466516][ T1506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 95.474656][ T1506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 95.490792][ T4632] 8021q: adding VLAN 0 to HW filter on device team0
[ 95.509382][ T1506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 95.530886][ T1506] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 95.540075][ T1506] bridge0: port 1(bridge_slave_0) entered blocking state
[ 95.547381][ T1506] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 95.576698][ T1506] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 95.597839][ T3067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 95.615107][ T3067] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 95.624944][ T3067] bridge0: port 2(bridge_slave_1) entered blocking state
[ 95.632619][ T3067] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 95.668196][ T3067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 95.689001][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 95.705354][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 95.718689][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 95.729344][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 95.740114][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 95.758187][ T4632] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 95.770859][ T4632] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 95.785445][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 95.797667][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 95.807086][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 95.818455][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 95.829278][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 95.849306][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 96.001802][ T3067] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 96.010291][ T3067] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 96.027875][ T4632] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 96.054769][ T3067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 96.064951][ T3067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 96.088078][ T3067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 96.096819][ T3067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 96.106894][ T4632] device veth0_vlan entered promiscuous mode
[ 96.118518][ T3067] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 96.128251][ T3067] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 96.141804][ T4632] device veth1_vlan entered promiscuous mode
[ 96.170133][ T3067] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 96.180740][ T3067] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 96.189674][ T3067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 96.205209][ T3067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 96.219381][ T4632] device veth0_macvtap entered promiscuous mode
[ 96.231071][ T4632] device veth1_macvtap entered promiscuous mode
[ 96.246174][ T3067] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 96.254990][ T3067] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 96.270682][ T4632] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 96.282062][ T3067] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 96.291882][ T3067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 96.307938][ T4632] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 96.316811][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 96.329179][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 96.341385][ T4632] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 96.359773][ T4632] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 96.369583][ T4632] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 96.379978][ T4632] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 96.604875][ T3067] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 96.620384][ T3067] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 96.636322][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 96.649496][ T3067] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 96.658680][ T3067] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 96.668755][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 98.772126][ T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 100.662148][ T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 100.742330][ T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 100.813541][ T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/01/19 15:10:44 executed programs: 0
[ 102.232010][ T5041] chnl_net:caif_netlink_parms(): no params data found
[ 102.306964][ T5041] bridge0: port 1(bridge_slave_0) entered blocking state
[ 102.315119][ T5041] bridge0: port 1(bridge_slave_0) entered disabled state
[ 102.324356][ T5041] device bridge_slave_0 entered promiscuous mode
[ 102.347140][ T5041] bridge0: port 2(bridge_slave_1) entered blocking state
[ 102.354514][ T5041] bridge0: port 2(bridge_slave_1) entered disabled state
[ 102.367108][ T5041] device bridge_slave_1 entered promiscuous mode
[ 102.411817][ T5041] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 102.427536][ T5041] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 102.469359][ T9] device hsr_slave_0 left promiscuous mode
[ 102.478957][ T9] device hsr_slave_1 left promiscuous mode
[ 102.486177][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 102.493694][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 102.505700][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 102.513706][ T9] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 102.525239][ T9] device bridge_slave_1 left promiscuous mode
[ 102.532395][ T9] bridge0: port 2(bridge_slave_1) entered disabled state
[ 102.544181][ T9] device bridge_slave_0 left promiscuous mode
[ 102.551113][ T9] bridge0: port 1(bridge_slave_0) entered disabled state
[ 102.564262][ T9] device veth1_macvtap left promiscuous mode
[ 102.570944][ T9] device veth0_macvtap left promiscuous mode
[ 102.577253][ T9] device veth1_vlan left promiscuous mode
[ 102.583444][ T9] device veth0_vlan left promiscuous mode
[ 102.719850][ T9] team0 (unregistering): Port device team_slave_1 removed
[ 102.733298][ T9] team0 (unregistering): Port device team_slave_0 removed
[ 102.745183][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 102.760928][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 102.812967][ T9] bond0 (unregistering): Released all slaves
[ 102.882976][ T5041] team0: Port device team_slave_0 added
[ 102.891359][ T5041] team0: Port device team_slave_1 added
[ 102.913097][ T5041] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 102.920552][ T5041] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 102.946955][ T5041] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 102.962360][ T5041] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 102.969605][ T5041] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 102.998440][ T5041] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 103.038142][ T5041] device hsr_slave_0 entered promiscuous mode
[ 103.045330][ T5041] device hsr_slave_1 entered promiscuous mode
[ 103.561802][ T5041] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 103.579455][ T5041] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 103.598670][ T5041] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 103.617660][ T5041] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 103.742130][ T5041] 8021q: adding VLAN 0 to HW filter on device bond0
[ 103.759033][ T1155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 103.768674][ T1155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 103.781199][ T5041] 8021q: adding VLAN 0 to HW filter on device team0
[ 103.797344][ T1155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 103.807213][ T1155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 103.818459][ T1155] bridge0: port 1(bridge_slave_0) entered blocking state
[ 103.825671][ T1155] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 103.845846][ T1155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 103.859185][ T1155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 103.869385][ T1155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 103.878840][ T1155] bridge0: port 2(bridge_slave_1) entered blocking state
[ 103.885982][ T1155] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 103.895427][ T1155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 103.905187][ T1155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 103.931688][ T1155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 103.944865][ T1155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 103.957953][ T1155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 103.969568][ T1155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 103.979135][ T1155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 103.997191][ T1155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 104.018552][ T5041] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 104.046606][ T5041] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 104.056443][ T1155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 104.077695][ T1155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 104.092689][ T1155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 104.105802][ T4308] Bluetooth: hci0: command 0x0409 tx timeout
[ 104.260484][ T1155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 104.270702][ T1155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 104.292062][ T5041] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 104.338417][ T1155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 104.356674][ T1155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 104.391525][ T3067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 104.401483][ T3067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 104.411571][ T3067] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 104.420299][ T3067] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 104.432079][ T5041] device veth0_vlan entered promiscuous mode
[ 104.461193][ T5041] device veth1_vlan entered promiscuous mode
[ 104.512088][ T3067] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 104.521388][ T3067] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 104.546844][ T3067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 104.562377][ T3067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 104.576128][ T5041] device veth0_macvtap entered promiscuous mode
[ 104.587443][ T5041] device veth1_macvtap entered promiscuous mode
[ 104.631128][ T5041] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 104.641092][ T1506] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 104.654272][ T1506] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 104.679304][ T1506] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 104.689341][ T1506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 104.701421][ T5041] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 104.719270][ T1506] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 104.736439][ T1506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 104.747951][ T5041] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 104.757776][ T5041] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 104.767448][ T5041] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 104.778160][ T5041] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 104.899875][ T1506] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 104.910962][ T1506] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 104.924740][ T3067] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 104.963852][ T3067] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 104.973671][ T3067] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 104.988576][ T3067] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 105.172844][ T5142] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[ 105.234410][ T5147] ==================================================================
[ 105.242813][ T5147] BUG: KASAN: use-after-free in ax25_fillin_cb+0x459/0x640
[ 105.250319][ T5147] Read of size 4 at addr ffff888029174f38 by task syz.0.19/5147
[ 105.258189][ T5147]
[ 105.260550][ T5147] CPU: 0 PID: 5147 Comm: syz.0.19 Not tainted syzkaller #0
[ 105.267842][ T5147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 105.278641][ T5147] Call Trace:
[ 105.282004][ T5147]
[ 105.285015][ T5147] dump_stack_lvl+0x188/0x250
[ 105.290248][ T5147] ? show_regs_print_info+0x20/0x20
[ 105.295664][ T5147] ? _printk+0xda/0x130
[ 105.300192][ T5147] ? ax25_fillin_cb+0x459/0x640
[ 105.305296][ T5147] ? load_image+0x400/0x400
[ 105.310012][ T5147] print_address_description+0x60/0x2d0
[ 105.315677][ T5147] ? ax25_fillin_cb+0x459/0x640
[ 105.320734][ T5147] kasan_report+0xdf/0x130
[ 105.325166][ T5147] ? ax25_fillin_cb+0x459/0x640
[ 105.330203][ T5147] ax25_fillin_cb+0x459/0x640
[ 105.335238][ T5147] ax25_setsockopt+0x8c9/0xa60
[ 105.340543][ T5147] ? ax25_shutdown+0x10/0x10
[ 105.345422][ T5147] ? aa_sock_opt_perm+0x74/0x100
[ 105.350456][ T5147] ? bpf_lsm_socket_setsockopt+0x5/0x10
[ 105.356002][ T5147] ? security_socket_setsockopt+0x7a/0xa0
[ 105.361712][ T5147] ? ax25_shutdown+0x10/0x10
[ 105.366649][ T5147] __sys_setsockopt+0x2bf/0x3d0
[ 105.371596][ T5147] __x64_sys_setsockopt+0xb1/0xc0
[ 105.376851][ T5147] do_syscall_64+0x4c/0xa0
[ 105.381366][ T5147] ? clear_bhb_loop+0x30/0x80
[ 105.386311][ T5147] ? clear_bhb_loop+0x30/0x80
[ 105.391275][ T5147] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 105.397408][ T5147] RIP: 0033:0x7f5ad6e28ef9
[ 105.401830][ T5147] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 105.422942][ T5147] RSP: 002b:00007f5ad648c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 105.431698][ T5147] RAX: ffffffffffffffda RBX: 00007f5ad7093fa0 RCX: 00007f5ad6e28ef9
[ 105.440065][ T5147] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000006
[ 105.448217][ T5147] RBP: 00007f5ad6ebdee0 R08: 0000000000000010 R09: 0000000000000000
[ 105.456561][ T5147] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[ 105.464679][ T5147] R13: 00007f5ad7094038 R14: 00007f5ad7093fa0 R15: 00007ffd72872258
[ 105.472667][ T5147]
[ 105.475783][ T5147]
[ 105.478100][ T5147] Allocated by task 5142:
[ 105.482504][ T5147] __kasan_kmalloc+0xb5/0xf0
[ 105.487081][ T5147] ax25_dev_device_up+0x50/0x580
[ 105.492103][ T5147] ax25_device_event+0x483/0x4f0
[ 105.497250][ T5147] raw_notifier_call_chain+0xcb/0x160
[ 105.502957][ T5147] __dev_notify_flags+0x194/0x300
[ 105.508055][ T5147] dev_change_flags+0xe3/0x1a0
[ 105.513032][ T5147] dev_ifsioc+0x130/0xd50
[ 105.517559][ T5147] dev_ioctl+0x545/0xe30
[ 105.522071][ T5147] sock_do_ioctl+0x245/0x320
[ 105.527608][ T5147] sock_ioctl+0x4d2/0x710
[ 105.532263][ T5147] __se_sys_ioctl+0xfa/0x170
[ 105.537250][ T5147] do_syscall_64+0x4c/0xa0
[ 105.541747][ T5147] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 105.548236][ T5147]
[ 105.550561][ T5147] Freed by task 5144:
[ 105.554518][ T5147] kasan_set_track+0x4b/0x70
[ 105.559359][ T5147] kasan_set_free_info+0x1f/0x40
[ 105.564458][ T5147] ____kasan_slab_free+0xd5/0x110
[ 105.569651][ T5147] slab_free_freelist_hook+0xea/0x170
[ 105.575470][ T5147] kfree+0xef/0x2a0
[ 105.579398][ T5147] ax25_release+0x661/0x870
[ 105.583910][ T5147] sock_close+0xd5/0x240
[ 105.588145][ T5147] __fput+0x234/0x930
[ 105.592200][ T5147] task_work_run+0x125/0x1a0
[ 105.596785][ T5147] exit_to_user_mode_loop+0x10f/0x130
[ 105.602172][ T5147] exit_to_user_mode_prepare+0xee/0x180
[ 105.607706][ T5147] syscall_exit_to_user_mode+0x16/0x40
[ 105.613239][ T5147] do_syscall_64+0x58/0xa0
[ 105.617639][ T5147] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 105.623608][ T5147]
[ 105.625920][ T5147] Last potentially related work creation:
[ 105.631629][ T5147] kasan_save_stack+0x35/0x60
[ 105.636533][ T5147] kasan_record_aux_stack+0xb8/0x100
[ 105.642032][ T5147] insert_work+0x54/0x3d0
[ 105.646349][ T5147] __queue_work+0x9c5/0xd50
[ 105.650860][ T5147] queue_work_on+0x124/0x1f0
[ 105.655549][ T5147] inet6addr_event+0x9c/0xc0
[ 105.660508][ T5147] atomic_notifier_call_chain+0x15d/0x280
[ 105.666265][ T5147] addrconf_ifdown+0xe0c/0x19c0
[ 105.671218][ T5147] addrconf_notify+0x445/0xf00
[ 105.676057][ T5147] raw_notifier_call_chain+0xcb/0x160
[ 105.681424][ T5147] dev_close_many+0x29f/0x400
[ 105.686193][ T5147] unregister_netdevice_many+0x481/0x19f0
[ 105.691896][ T5147] default_device_exit_batch+0x364/0x3c0
[ 105.697804][ T5147] cleanup_net+0x791/0xba0
[ 105.702223][ T5147] process_one_work+0x85f/0x1010
[ 105.707475][ T5147] worker_thread+0xaa6/0x1290
[ 105.712387][ T5147] kthread+0x436/0x520
[ 105.716469][ T5147] ret_from_fork+0x1f/0x30
[ 105.721087][ T5147]
[ 105.723395][ T5147] The buggy address belongs to the object at ffff888029174f00
[ 105.723395][ T5147] which belongs to the cache kmalloc-192 of size 192
[ 105.738061][ T5147] The buggy address is located 56 bytes inside of
[ 105.738061][ T5147] 192-byte region [ffff888029174f00, ffff888029174fc0)
[ 105.751441][ T5147] The buggy address belongs to the page:
[ 105.757072][ T5147] page:ffffea0000a45d00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29174
[ 105.767654][ T5147] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 105.775566][ T5147] raw: 00fff00000000200 ffffea0000af5c40 0000000300000002 ffff888016c41a00
[ 105.784282][ T5147] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[ 105.793123][ T5147] page dumped because: kasan: bad access detected
[ 105.799738][ T5147] page_owner tracks the page as allocated
[ 105.805612][ T5147] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 4364, ts 74327532365, free_ts 74324508917
[ 105.822275][ T5147] get_page_from_freelist+0x1bbd/0x1ca0
[ 105.828300][ T5147] __alloc_pages+0x1ee/0x480
[ 105.833249][ T5147] new_slab+0xb6/0x4b0
[ 105.837456][ T5147] ___slab_alloc+0x80a/0xdd0
[ 105.842050][ T5147] __kmalloc_node+0x200/0x3b0
[ 105.846855][ T5147] memcg_alloc_page_obj_cgroups+0x81/0x120
[ 105.853365][ T5147] new_slab+0x100/0x4b0
[ 105.857511][ T5147] ___slab_alloc+0x80a/0xdd0
[ 105.862330][ T5147] kmem_cache_alloc+0x195/0x290
[ 105.867186][ T5147] __d_alloc+0x2a/0x6f0
[ 105.871345][ T5147] d_alloc_cursor+0x40/0xd0
[ 105.876012][ T5147] dcache_dir_open+0x37/0x70
[ 105.880697][ T5147] do_dentry_open+0x7ff/0xf80
[ 105.885358][ T5147] path_openat+0x26f5/0x2fa0
[ 105.889933][ T5147] do_filp_open+0x1e2/0x410
[ 105.894767][ T5147] do_sys_openat2+0x150/0x4b0
[ 105.899648][ T5147] page last free stack trace:
[ 105.904319][ T5147] free_unref_page_prepare+0x637/0x6c0
[ 105.909862][ T5147] free_unref_page+0x8f/0x2a0
[ 105.914537][ T5147] __mmdrop+0xaa/0x3e0
[ 105.918671][ T5147] finish_task_switch+0x215/0x640
[ 105.923760][ T5147] schedule_tail+0xc/0xb0
[ 105.928071][ T5147] ret_from_fork+0x8/0x30
[ 105.932518][ T5147]
[ 105.934848][ T5147] Memory state around the buggy address:
[ 105.940569][ T5147] ffff888029174e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 105.948875][ T5147] ffff888029174e80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 105.956925][ T5147] >ffff888029174f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 105.965155][ T5147] ^
[ 105.971611][ T5147] ffff888029174f80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 105.980476][ T5147] ffff888029175000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 105.988850][ T5147] ==================================================================
[ 105.997070][ T5147] Disabling lock debugging due to kernel taint
[ 106.009197][ T5147] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 106.016500][ T5147] CPU: 0 PID: 5147 Comm: syz.0.19 Tainted: G B syzkaller #0
[ 106.025174][ T5147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 106.035488][ T5147] Call Trace:
[ 106.038804][ T5147]
[ 106.041805][ T5147] dump_stack_lvl+0x188/0x250
[ 106.046899][ T5147] ? show_regs_print_info+0x20/0x20
[ 106.052168][ T5147] ? load_image+0x400/0x400
[ 106.056664][ T5147] panic+0x2e5/0x810
[ 106.060543][ T5147] ? bpf_jit_dump+0xd0/0xd0
[ 106.065022][ T5147] ? _raw_spin_unlock_irqrestore+0x10d/0x120
[ 106.071152][ T5147] ? _raw_spin_unlock+0x40/0x40
[ 106.076028][ T5147] ? print_memory_metadata+0x314/0x400
[ 106.081568][ T5147] ? ax25_fillin_cb+0x459/0x640
[ 106.086408][ T5147] check_panic_on_warn+0x80/0xa0
[ 106.091435][ T5147] ? ax25_fillin_cb+0x459/0x640
[ 106.096283][ T5147] end_report+0x6d/0xf0
[ 106.100436][ T5147] kasan_report+0x102/0x130
[ 106.104925][ T5147] ? ax25_fillin_cb+0x459/0x640
[ 106.110106][ T5147] ax25_fillin_cb+0x459/0x640
[ 106.114793][ T5147] ax25_setsockopt+0x8c9/0xa60
[ 106.119775][ T5147] ? ax25_shutdown+0x10/0x10
[ 106.124531][ T5147] ? aa_sock_opt_perm+0x74/0x100
[ 106.129540][ T5147] ? bpf_lsm_socket_setsockopt+0x5/0x10
[ 106.135101][ T5147] ? security_socket_setsockopt+0x7a/0xa0
[ 106.140961][ T5147] ? ax25_shutdown+0x10/0x10
[ 106.145537][ T5147] __sys_setsockopt+0x2bf/0x3d0
[ 106.150472][ T5147] __x64_sys_setsockopt+0xb1/0xc0
[ 106.155478][ T5147] do_syscall_64+0x4c/0xa0
[ 106.159966][ T5147] ? clear_bhb_loop+0x30/0x80
[ 106.164736][ T5147] ? clear_bhb_loop+0x30/0x80
[ 106.169498][ T5147] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 106.175388][ T5147] RIP: 0033:0x7f5ad6e28ef9
[ 106.179973][ T5147] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 106.200613][ T5147] RSP: 002b:00007f5ad648c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 106.209011][ T5147] RAX: ffffffffffffffda RBX: 00007f5ad7093fa0 RCX: 00007f5ad6e28ef9
[ 106.216965][ T5147] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000006
[ 106.225099][ T5147] RBP: 00007f5ad6ebdee0 R08: 0000000000000010 R09: 0000000000000000
[ 106.233251][ T5147] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[ 106.241596][ T5147] R13: 00007f5ad7094038 R14: 00007f5ad7093fa0 R15: 00007ffd72872258
[ 106.249968][ T5147]
[ 106.253487][ T5147] Kernel Offset: disabled
[ 106.258028][ T5147] Rebooting in 86400 seconds..