Warning: Permanently added '10.128.1.240' (ED25519) to the list of known hosts.
2026/01/19 16:23:25 parsed 1 programs
Setting up swapspace version 1, size = 127995904 bytes
[ 92.015243][ T4610] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 94.749929][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 94.762942][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 94.784322][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 94.797373][ T3065] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 94.806720][ T3065] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 94.818224][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 95.323324][ T4696] chnl_net:caif_netlink_parms(): no params data found
[ 95.358355][ T4696] bridge0: port 1(bridge_slave_0) entered blocking state
[ 95.365936][ T4696] bridge0: port 1(bridge_slave_0) entered disabled state
[ 95.374618][ T4696] device bridge_slave_0 entered promiscuous mode
[ 95.382880][ T4696] bridge0: port 2(bridge_slave_1) entered blocking state
[ 95.390282][ T4696] bridge0: port 2(bridge_slave_1) entered disabled state
[ 95.398207][ T4696] device bridge_slave_1 entered promiscuous mode
[ 95.415900][ T4696] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 95.427919][ T4696] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 95.448440][ T4696] team0: Port device team_slave_0 added
[ 95.455978][ T4696] team0: Port device team_slave_1 added
[ 95.472356][ T4696] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 95.480507][ T4696] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 95.509184][ T4696] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 95.521846][ T4696] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 95.529273][ T4696] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 95.556642][ T4696] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 95.583028][ T4696] device hsr_slave_0 entered promiscuous mode
[ 95.591317][ T4696] device hsr_slave_1 entered promiscuous mode
[ 96.236599][ T4696] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 96.246414][ T4696] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 96.256037][ T4696] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 96.267003][ T4696] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 96.366748][ T4696] 8021q: adding VLAN 0 to HW filter on device bond0
[ 96.380436][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 96.390028][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 96.402367][ T4696] 8021q: adding VLAN 0 to HW filter on device team0
[ 96.418306][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 96.429347][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 96.439687][ T3065] bridge0: port 1(bridge_slave_0) entered blocking state
[ 96.447376][ T3065] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 96.457413][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 96.466583][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 96.477038][ T3065] bridge0: port 2(bridge_slave_1) entered blocking state
[ 96.484507][ T3065] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 96.495839][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 96.507554][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 96.536223][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 96.551119][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 96.562636][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 96.581227][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 96.592668][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 96.602398][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 96.611780][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 96.620575][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 96.643804][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 96.657598][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 96.680336][ T4696] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 96.834262][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 96.842508][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 96.857948][ T4696] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 96.885657][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 96.902221][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 96.932418][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 96.941920][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 96.963352][ T4696] device veth0_vlan entered promiscuous mode
[ 96.971781][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 96.980236][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 96.993093][ T4696] device veth1_vlan entered promiscuous mode
[ 97.014676][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 97.023917][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 97.041603][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 97.055302][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 97.071550][ T4696] device veth0_macvtap entered promiscuous mode
[ 97.082641][ T4696] device veth1_macvtap entered promiscuous mode
[ 97.102609][ T4696] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 97.110422][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 97.120629][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 97.132222][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 97.146485][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 97.158307][ T4696] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 97.182161][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 97.196046][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 97.216765][ T4696] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 97.232970][ T4696] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 97.242758][ T4696] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 97.260767][ T4696] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2026/01/19 16:23:34 executed programs: 0
[ 98.228668][ T4810] chnl_net:caif_netlink_parms(): no params data found
[ 98.310572][ T4810] bridge0: port 1(bridge_slave_0) entered blocking state
[ 98.318123][ T4810] bridge0: port 1(bridge_slave_0) entered disabled state
[ 98.326121][ T4810] device bridge_slave_0 entered promiscuous mode
[ 98.334507][ T4810] bridge0: port 2(bridge_slave_1) entered blocking state
[ 98.341996][ T4810] bridge0: port 2(bridge_slave_1) entered disabled state
[ 98.350043][ T4810] device bridge_slave_1 entered promiscuous mode
[ 98.388493][ T4810] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 98.409361][ T4810] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 98.454322][ T4810] team0: Port device team_slave_0 added
[ 98.475315][ T4810] team0: Port device team_slave_1 added
[ 98.523931][ T4810] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 98.540977][ T4810] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 98.570601][ T4810] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 98.593196][ T4810] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 98.600352][ T4810] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 98.634260][ T4810] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 98.706446][ T4810] device hsr_slave_0 entered promiscuous mode
[ 98.714881][ T4810] device hsr_slave_1 entered promiscuous mode
[ 98.725900][ T4810] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 98.734425][ T4810] Cannot create hsr debugfs directory
[ 98.815182][ T145] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 100.100917][ T4200] Bluetooth: hci0: command 0x0409 tx timeout
[ 102.181122][ T21] Bluetooth: hci0: command 0x041b tx timeout
[ 102.574733][ T145] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 102.625111][ T145] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 102.685392][ T145] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 103.454337][ T4810] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 103.464515][ T4810] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 103.474137][ T4810] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 103.492878][ T4810] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 103.543346][ T4810] 8021q: adding VLAN 0 to HW filter on device bond0
[ 103.555287][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 103.563699][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 103.574485][ T4810] 8021q: adding VLAN 0 to HW filter on device team0
[ 103.585984][ T145] device hsr_slave_0 left promiscuous mode
[ 103.593561][ T145] device hsr_slave_1 left promiscuous mode
[ 103.600840][ T145] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 103.608375][ T145] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 103.617133][ T145] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 103.625257][ T145] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 103.633475][ T145] device bridge_slave_1 left promiscuous mode
[ 103.639858][ T145] bridge0: port 2(bridge_slave_1) entered disabled state
[ 103.648393][ T145] device bridge_slave_0 left promiscuous mode
[ 103.655504][ T145] bridge0: port 1(bridge_slave_0) entered disabled state
[ 103.666836][ T145] device veth1_macvtap left promiscuous mode
[ 103.673567][ T145] device veth0_macvtap left promiscuous mode
[ 103.679693][ T145] device veth1_vlan left promiscuous mode
[ 103.685687][ T145] device veth0_vlan left promiscuous mode
[ 103.794741][ T145] team0 (unregistering): Port device team_slave_1 removed
[ 103.807946][ T145] team0 (unregistering): Port device team_slave_0 removed
[ 103.819062][ T145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 103.832812][ T145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 103.877024][ T145] bond0 (unregistering): Released all slaves
[ 103.917308][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 103.927809][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 103.936685][ T3065] bridge0: port 1(bridge_slave_0) entered blocking state
[ 103.944117][ T3065] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 103.953489][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 103.964440][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 103.973929][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 103.984115][ T9] bridge0: port 2(bridge_slave_1) entered blocking state
[ 103.992934][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 104.010683][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 104.022967][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 104.033233][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 104.048064][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 104.057399][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 104.072731][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 104.082318][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 104.091237][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 104.099860][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 104.112637][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 104.122066][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 104.132233][ T4810] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 104.227611][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 104.235559][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 104.246882][ T4810] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 104.254458][ T4687] Bluetooth: hci0: command 0x040f tx timeout
[ 104.269835][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 104.278957][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 104.295623][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 104.304569][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 104.313464][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 104.322483][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 104.333806][ T4810] device veth0_vlan entered promiscuous mode
[ 104.352555][ T4810] device veth1_vlan entered promiscuous mode
[ 104.374222][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 104.385029][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 104.394281][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 104.406027][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 104.418496][ T4810] device veth0_macvtap entered promiscuous mode
[ 104.429201][ T4810] device veth1_macvtap entered promiscuous mode
[ 104.446272][ T4810] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 104.454603][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 104.464530][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 104.472973][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 104.484967][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 104.499326][ T4810] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 104.507301][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 104.517958][ T3065] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 104.530396][ T4810] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 104.539545][ T4810] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 104.549638][ T4810] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 104.559220][ T4810] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 104.616940][ T3065] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 104.635832][ T3065] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 104.643123][ T4346] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 104.653558][ T4346] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2026/01/19 16:23:41 executed programs: 2
[ 104.662877][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 104.675059][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 104.725756][ T5106] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[ 104.798766][ T5110] ==================================================================
[ 104.807243][ T5110] BUG: KASAN: use-after-free in ax25_fillin_cb+0x459/0x640
[ 104.815025][ T5110] Read of size 4 at addr ffff8880225d1438 by task syz.0.19/5110
[ 104.823093][ T5110]
[ 104.825449][ T5110] CPU: 0 PID: 5110 Comm: syz.0.19 Not tainted syzkaller #0
[ 104.833319][ T5110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 104.843930][ T5110] Call Trace:
[ 104.847648][ T5110]
[ 104.850587][ T5110] dump_stack_lvl+0x188/0x250
[ 104.855704][ T5110] ? show_regs_print_info+0x20/0x20
[ 104.861257][ T5110] ? _printk+0xda/0x130
[ 104.865845][ T5110] ? ax25_fillin_cb+0x459/0x640
[ 104.871514][ T5110] ? load_image+0x400/0x400
[ 104.876432][ T5110] print_address_description+0x60/0x2d0
[ 104.882349][ T5110] ? ax25_fillin_cb+0x459/0x640
[ 104.887312][ T5110] kasan_report+0xdf/0x130
[ 104.891842][ T5110] ? ax25_fillin_cb+0x459/0x640
[ 104.897019][ T5110] ax25_fillin_cb+0x459/0x640
[ 104.901984][ T5110] ax25_setsockopt+0x8c9/0xa60
[ 104.907299][ T5110] ? ax25_shutdown+0x10/0x10
[ 104.912088][ T5110] ? aa_sock_opt_perm+0x74/0x100
[ 104.917142][ T5110] ? bpf_lsm_socket_setsockopt+0x5/0x10
[ 104.923054][ T5110] ? security_socket_setsockopt+0x7a/0xa0
[ 104.928962][ T5110] ? ax25_shutdown+0x10/0x10
[ 104.933562][ T5110] __sys_setsockopt+0x2bf/0x3d0
[ 104.938437][ T5110] __x64_sys_setsockopt+0xb1/0xc0
[ 104.943723][ T5110] do_syscall_64+0x4c/0xa0
[ 104.948149][ T5110] ? clear_bhb_loop+0x30/0x80
[ 104.952842][ T5110] ? clear_bhb_loop+0x30/0x80
[ 104.957619][ T5110] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 104.963996][ T5110] RIP: 0033:0x7f2e0bd22ef9
[ 104.968847][ T5110] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 104.989716][ T5110] RSP: 002b:00007f2e0b386028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 104.998830][ T5110] RAX: ffffffffffffffda RBX: 00007f2e0bf8dfa0 RCX: 00007f2e0bd22ef9
[ 105.007516][ T5110] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000006
[ 105.016293][ T5110] RBP: 00007f2e0bdb7ee0 R08: 0000000000000010 R09: 0000000000000000
[ 105.025061][ T5110] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[ 105.033384][ T5110] R13: 00007f2e0bf8e038 R14: 00007f2e0bf8dfa0 R15: 00007ffc26108728
[ 105.041819][ T5110]
[ 105.045016][ T5110]
[ 105.047352][ T5110] Allocated by task 5106:
[ 105.052045][ T5110] __kasan_kmalloc+0xb5/0xf0
[ 105.056796][ T5110] ax25_dev_device_up+0x50/0x580
[ 105.062267][ T5110] ax25_device_event+0x483/0x4f0
[ 105.067667][ T5110] raw_notifier_call_chain+0xcb/0x160
[ 105.073319][ T5110] __dev_notify_flags+0x194/0x300
[ 105.078344][ T5110] dev_change_flags+0xe3/0x1a0
[ 105.083577][ T5110] dev_ifsioc+0x130/0xd50
[ 105.088086][ T5110] dev_ioctl+0x545/0xe30
[ 105.092576][ T5110] sock_do_ioctl+0x245/0x320
[ 105.097353][ T5110] sock_ioctl+0x4d2/0x710
[ 105.101942][ T5110] __se_sys_ioctl+0xfa/0x170
[ 105.106640][ T5110] do_syscall_64+0x4c/0xa0
[ 105.111592][ T5110] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 105.117668][ T5110]
[ 105.119993][ T5110] Freed by task 5107:
[ 105.124052][ T5110] kasan_set_track+0x4b/0x70
[ 105.129075][ T5110] kasan_set_free_info+0x1f/0x40
[ 105.134186][ T5110] ____kasan_slab_free+0xd5/0x110
[ 105.139215][ T5110] slab_free_freelist_hook+0xea/0x170
[ 105.144581][ T5110] kfree+0xef/0x2a0
[ 105.148473][ T5110] ax25_release+0x661/0x870
[ 105.153553][ T5110] sock_close+0xd5/0x240
[ 105.157980][ T5110] __fput+0x234/0x930
[ 105.162083][ T5110] task_work_run+0x125/0x1a0
[ 105.167503][ T5110] exit_to_user_mode_loop+0x10f/0x130
[ 105.173511][ T5110] exit_to_user_mode_prepare+0xee/0x180
[ 105.179199][ T5110] syscall_exit_to_user_mode+0x16/0x40
[ 105.185363][ T5110] do_syscall_64+0x58/0xa0
[ 105.189988][ T5110] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 105.195991][ T5110]
[ 105.198416][ T5110] Last potentially related work creation:
[ 105.204580][ T5110] kasan_save_stack+0x35/0x60
[ 105.209634][ T5110] kasan_record_aux_stack+0xb8/0x100
[ 105.215106][ T5110] call_rcu+0x189/0x950
[ 105.219695][ T5110] addrconf_ifdown+0x16ee/0x19c0
[ 105.225169][ T5110] addrconf_notify+0x445/0xf00
[ 105.230036][ T5110] raw_notifier_call_chain+0xcb/0x160
[ 105.236508][ T5110] unregister_netdevice_many+0x1049/0x19f0
[ 105.242590][ T5110] unregister_netdevice_queue+0x324/0x370
[ 105.248479][ T5110] nsim_destroy+0x49/0x150
[ 105.253049][ T5110] __nsim_dev_port_del+0x155/0x1c0
[ 105.258614][ T5110] nsim_dev_reload_destroy+0x16c/0x240
[ 105.264424][ T5110] nsim_dev_remove+0x59/0x100
[ 105.269384][ T5110] device_release_driver_internal+0x475/0x750
[ 105.275885][ T5110] bus_remove_device+0x2e2/0x400
[ 105.281348][ T5110] device_del+0x6af/0xaf0
[ 105.287391][ T5110] device_unregister+0x1c/0xc0
[ 105.292689][ T5110] del_device_store+0x296/0x3a0
[ 105.297915][ T5110] kernfs_fop_write_iter+0x379/0x4c0
[ 105.303939][ T5110] vfs_write+0x745/0xd60
[ 105.308466][ T5110] ksys_write+0x152/0x260
[ 105.313766][ T5110] do_syscall_64+0x4c/0xa0
[ 105.318665][ T5110] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 105.325437][ T5110]
[ 105.327943][ T5110] The buggy address belongs to the object at ffff8880225d1400
[ 105.327943][ T5110] which belongs to the cache kmalloc-192 of size 192
[ 105.346713][ T5110] The buggy address is located 56 bytes inside of
[ 105.346713][ T5110] 192-byte region [ffff8880225d1400, ffff8880225d14c0)
[ 105.362868][ T5110] The buggy address belongs to the page:
[ 105.369890][ T5110] page:ffffea0000897440 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880225d1600 pfn:0x225d1
[ 105.382873][ T5110] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 105.390957][ T5110] raw: 00fff00000000200 ffffea00006df900 0000000300000003 ffff888016c41a00
[ 105.399547][ T5110] raw: ffff8880225d1600 000000008010000f 00000001ffffffff 0000000000000000
[ 105.409085][ T5110] page dumped because: kasan: bad access detected
[ 105.415989][ T5110] page_owner tracks the page as allocated
[ 105.422032][ T5110] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 3065, ts 72644262854, free_ts 72628160645
[ 105.438924][ T5110] get_page_from_freelist+0x1bbd/0x1ca0
[ 105.444864][ T5110] __alloc_pages+0x1ee/0x480
[ 105.449624][ T5110] new_slab+0xb6/0x4b0
[ 105.454034][ T5110] ___slab_alloc+0x80a/0xdd0
[ 105.459112][ T5110] __kmalloc_node+0x200/0x3b0
[ 105.464007][ T5110] memcg_alloc_page_obj_cgroups+0x81/0x120
[ 105.470383][ T5110] new_slab+0x100/0x4b0
[ 105.476091][ T5110] ___slab_alloc+0x80a/0xdd0
[ 105.482309][ T5110] kmem_cache_alloc+0x195/0x290
[ 105.487889][ T5110] __d_alloc+0x2a/0x6f0
[ 105.492861][ T5110] d_alloc_parallel+0x7b/0x1330
[ 105.498482][ T5110] __lookup_slow+0x134/0x410
[ 105.503307][ T5110] lookup_one_len+0x19d/0x2d0
[ 105.508530][ T5110] start_creating+0x184/0x310
[ 105.514258][ T5110] __debugfs_create_file+0x6f/0x510
[ 105.520944][ T5110] nsim_ethtool_init+0x25d/0x350
[ 105.526325][ T5110] page last free stack trace:
[ 105.531834][ T5110] free_unref_page_prepare+0x637/0x6c0
[ 105.538886][ T5110] free_unref_page+0x8f/0x2a0
[ 105.544026][ T5110] __unfreeze_partials+0x1a5/0x200
[ 105.549397][ T5110] put_cpu_partial+0x12d/0x190
[ 105.554928][ T5110] qlist_free_all+0x35/0x90
[ 105.560227][ T5110] kasan_quarantine_reduce+0x150/0x160
[ 105.566002][ T5110] __kasan_slab_alloc+0x2f/0xd0
[ 105.571114][ T5110] slab_post_alloc_hook+0x4c/0x380
[ 105.577200][ T5110] kmem_cache_alloc_node+0x12d/0x2d0
[ 105.584019][ T5110] __alloc_skb+0xf4/0x750
[ 105.589253][ T5110] devlink_trap_policer_notify+0x2d/0x160
[ 105.595892][ T5110] devlink_trap_policers_unregister+0x189/0x310
[ 105.603105][ T5110] nsim_dev_traps_exit+0x8c/0x120
[ 105.608491][ T5110] nsim_dev_reload_destroy+0x1bd/0x240
[ 105.614941][ T5110] nsim_dev_reload_down+0xf9/0x160
[ 105.620341][ T5110] devlink_reload+0x273/0x790
[ 105.625018][ T5110]
[ 105.628202][ T5110] Memory state around the buggy address:
[ 105.634453][ T5110] ffff8880225d1300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 105.643400][ T5110] ffff8880225d1380: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[ 105.653073][ T5110] >ffff8880225d1400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 105.662494][ T5110] ^
[ 105.669890][ T5110] ffff8880225d1480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 105.680648][ T5110] ffff8880225d1500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 105.691724][ T5110] ==================================================================
[ 105.702015][ T5110] Disabling lock debugging due to kernel taint
[ 105.713722][ T5110] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 105.721856][ T5110] CPU: 0 PID: 5110 Comm: syz.0.19 Tainted: G B syzkaller #0
[ 105.732369][ T5110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 105.743938][ T5110] Call Trace:
[ 105.747619][ T5110]
[ 105.750972][ T5110] dump_stack_lvl+0x188/0x250
[ 105.755858][ T5110] ? show_regs_print_info+0x20/0x20
[ 105.761721][ T5110] ? load_image+0x400/0x400
[ 105.766351][ T5110] panic+0x2e5/0x810
[ 105.770553][ T5110] ? bpf_jit_dump+0xd0/0xd0
[ 105.775231][ T5110] ? _raw_spin_unlock_irqrestore+0x10d/0x120
[ 105.781869][ T5110] ? _raw_spin_unlock+0x40/0x40
[ 105.787749][ T5110] ? print_memory_metadata+0x314/0x400
[ 105.793525][ T5110] ? ax25_fillin_cb+0x459/0x640
[ 105.798827][ T5110] check_panic_on_warn+0x80/0xa0
[ 105.803976][ T5110] ? ax25_fillin_cb+0x459/0x640
[ 105.809806][ T5110] end_report+0x6d/0xf0
[ 105.814493][ T5110] kasan_report+0x102/0x130
[ 105.819887][ T5110] ? ax25_fillin_cb+0x459/0x640
[ 105.825090][ T5110] ax25_fillin_cb+0x459/0x640
[ 105.830192][ T5110] ax25_setsockopt+0x8c9/0xa60
[ 105.835042][ T5110] ? ax25_shutdown+0x10/0x10
[ 105.839803][ T5110] ? aa_sock_opt_perm+0x74/0x100
[ 105.845012][ T5110] ? bpf_lsm_socket_setsockopt+0x5/0x10
[ 105.850768][ T5110] ? security_socket_setsockopt+0x7a/0xa0
[ 105.856931][ T5110] ? ax25_shutdown+0x10/0x10
[ 105.861630][ T5110] __sys_setsockopt+0x2bf/0x3d0
[ 105.866834][ T5110] __x64_sys_setsockopt+0xb1/0xc0
[ 105.872451][ T5110] do_syscall_64+0x4c/0xa0
[ 105.877041][ T5110] ? clear_bhb_loop+0x30/0x80
[ 105.881996][ T5110] ? clear_bhb_loop+0x30/0x80
[ 105.886760][ T5110] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 105.892737][ T5110] RIP: 0033:0x7f2e0bd22ef9
[ 105.897357][ T5110] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 105.918962][ T5110] RSP: 002b:00007f2e0b386028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 105.927820][ T5110] RAX: ffffffffffffffda RBX: 00007f2e0bf8dfa0 RCX: 00007f2e0bd22ef9
[ 105.936377][ T5110] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000006
[ 105.945407][ T5110] RBP: 00007f2e0bdb7ee0 R08: 0000000000000010 R09: 0000000000000000
[ 105.953491][ T5110] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[ 105.961809][ T5110] R13: 00007f2e0bf8e038 R14: 00007f2e0bf8dfa0 R15: 00007ffc26108728
[ 105.969776][ T5110]
[ 105.973828][ T5110] Kernel Offset: disabled
[ 105.978334][ T5110] Rebooting in 86400 seconds..