[ 76.296050][ T26] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.236' (ED25519) to the list of known hosts.
2026/06/13 05:11:22 parsed 1 programs
Setting up swapspace version 1, size = 127995904 bytes
[ 82.448265][ T4662] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 84.980543][ T4738] chnl_net:caif_netlink_parms(): no params data found
[ 85.079544][ T4738] bridge0: port 1(bridge_slave_0) entered blocking state
[ 85.100068][ T4738] bridge0: port 1(bridge_slave_0) entered disabled state
[ 85.112231][ T4738] device bridge_slave_0 entered promiscuous mode
[ 85.120739][ T4738] bridge0: port 2(bridge_slave_1) entered blocking state
[ 85.142923][ T4738] bridge0: port 2(bridge_slave_1) entered disabled state
[ 85.150881][ T4738] device bridge_slave_1 entered promiscuous mode
[ 85.195493][ T4738] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 85.207048][ T4738] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 85.233119][ T4738] team0: Port device team_slave_0 added
[ 85.241338][ T4738] team0: Port device team_slave_1 added
[ 85.271899][ T4738] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 85.281724][ T4738] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 85.314260][ T4738] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 85.327131][ T4738] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 85.334425][ T4738] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 85.360710][ T4738] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 85.419792][ T4738] device hsr_slave_0 entered promiscuous mode
[ 85.431839][ T4738] device hsr_slave_1 entered promiscuous mode
[ 86.042400][ T4738] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 86.054441][ T4738] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 86.064284][ T4738] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 86.074081][ T4738] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 86.133720][ T4738] 8021q: adding VLAN 0 to HW filter on device bond0
[ 86.160895][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 86.168991][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 86.179227][ T4738] 8021q: adding VLAN 0 to HW filter on device team0
[ 86.189158][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 86.200080][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 86.208828][ T468] bridge0: port 1(bridge_slave_0) entered blocking state
[ 86.215919][ T468] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 86.225916][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 86.252954][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 86.264821][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 86.274375][ T468] bridge0: port 2(bridge_slave_1) entered blocking state
[ 86.281445][ T468] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 86.289454][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 86.303093][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 86.330218][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 86.339923][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 86.349922][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 86.361265][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 86.373933][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 86.398064][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 86.406844][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 86.419859][ T4738] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 86.431628][ T4738] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 86.443014][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 86.452751][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 86.592290][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 86.601871][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 86.614911][ T4738] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 86.634047][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 86.644592][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 86.676379][ T4738] device veth0_vlan entered promiscuous mode
[ 86.682883][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 86.691942][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 86.702199][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 86.712670][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 86.727268][ T4738] device veth1_vlan entered promiscuous mode
[ 86.765558][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 86.775001][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 86.783950][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 86.792517][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 86.805033][ T4738] device veth0_macvtap entered promiscuous mode
[ 86.827729][ T4738] device veth1_macvtap entered promiscuous mode
[ 86.853578][ T4738] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 86.861296][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 86.870073][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 86.880820][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 86.890123][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 86.901738][ T4738] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 86.912190][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 86.922588][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 86.933864][ T4738] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 86.942585][ T4738] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 86.952713][ T4738] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 86.961732][ T4738] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 88.872377][ T154] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 89.015753][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 89.030916][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 89.044806][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 89.065790][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 89.074150][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 89.082357][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2026/06/13 05:11:32 executed programs: 0
[ 89.815890][ T4962] chnl_net:caif_netlink_parms(): no params data found
[ 89.875276][ T4962] bridge0: port 1(bridge_slave_0) entered blocking state
[ 89.882443][ T4962] bridge0: port 1(bridge_slave_0) entered disabled state
[ 89.891208][ T4962] device bridge_slave_0 entered promiscuous mode
[ 89.900199][ T4962] bridge0: port 2(bridge_slave_1) entered blocking state
[ 89.908345][ T4962] bridge0: port 2(bridge_slave_1) entered disabled state
[ 89.917138][ T4962] device bridge_slave_1 entered promiscuous mode
[ 89.936370][ T4962] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 89.947389][ T4962] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 89.971292][ T4962] team0: Port device team_slave_0 added
[ 89.979842][ T4962] team0: Port device team_slave_1 added
[ 89.999920][ T4962] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 90.008011][ T4962] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 90.034227][ T4962] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 90.047099][ T4962] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 90.054239][ T4962] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 90.080659][ T4962] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 90.115533][ T4962] device hsr_slave_0 entered promiscuous mode
[ 90.124320][ T4962] device hsr_slave_1 entered promiscuous mode
[ 90.131004][ T4962] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 90.141307][ T4962] Cannot create hsr debugfs directory
[ 91.743610][ T4425] Bluetooth: hci0: command 0x0409 tx timeout
[ 92.316280][ T154] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 92.377437][ T154] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 92.417551][ T154] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 93.191859][ T4962] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 93.200910][ T4962] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 93.210721][ T4962] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 93.224077][ T4962] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 93.266868][ T4962] 8021q: adding VLAN 0 to HW filter on device bond0
[ 93.287847][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 93.295603][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 93.305619][ T4962] 8021q: adding VLAN 0 to HW filter on device team0
[ 93.314755][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 93.323504][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 93.331799][ T144] bridge0: port 1(bridge_slave_0) entered blocking state
[ 93.338896][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 93.348114][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 93.372738][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 93.382174][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 93.390644][ T144] bridge0: port 2(bridge_slave_1) entered blocking state
[ 93.397702][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 93.415953][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 93.424797][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 93.434591][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 93.443414][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 93.451786][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 93.460655][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 93.469583][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 93.479792][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 93.488481][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 93.514022][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 93.522385][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 93.533202][ T4962] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 93.610572][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 93.618642][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 93.640886][ T4962] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 93.656926][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 93.666794][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 93.680411][ T154] device hsr_slave_0 left promiscuous mode
[ 93.686944][ T154] device hsr_slave_1 left promiscuous mode
[ 93.693264][ T154] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 93.700634][ T154] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 93.709250][ T154] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 93.717014][ T154] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 93.724802][ T154] device bridge_slave_1 left promiscuous mode
[ 93.730976][ T154] bridge0: port 2(bridge_slave_1) entered disabled state
[ 93.739761][ T154] device bridge_slave_0 left promiscuous mode
[ 93.746553][ T154] bridge0: port 1(bridge_slave_0) entered disabled state
[ 93.757337][ T154] device veth1_macvtap left promiscuous mode
[ 93.764294][ T154] device veth0_macvtap left promiscuous mode
[ 93.770330][ T154] device veth1_vlan left promiscuous mode
[ 93.776280][ T154] device veth0_vlan left promiscuous mode
[ 93.813542][ T5130] Bluetooth: hci0: command 0x041b tx timeout
[ 93.906321][ T154] team0 (unregistering): Port device team_slave_1 removed
[ 93.920235][ T154] team0 (unregistering): Port device team_slave_0 removed
[ 93.931975][ T154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 93.945876][ T154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 93.992352][ T154] bond0 (unregistering): Released all slaves
[ 94.027929][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 94.036750][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 94.047616][ T4962] device veth0_vlan entered promiscuous mode
[ 94.056057][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 94.064033][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 94.081611][ T4962] device veth1_vlan entered promiscuous mode
[ 94.102407][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 94.110530][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 94.118661][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 94.127107][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 94.137472][ T4962] device veth0_macvtap entered promiscuous mode
[ 94.147735][ T4962] device veth1_macvtap entered promiscuous mode
[ 94.165189][ T4962] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 94.172937][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 94.180902][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 94.190333][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 94.198988][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 94.209621][ T4962] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 94.218607][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 94.227637][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 94.243874][ T4962] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.252618][ T4962] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.261528][ T4962] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.270333][ T4962] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.316303][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 94.326557][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 94.334878][ T468] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 94.355639][ T468] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 94.364382][ T468] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 94.371857][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 94.419063][ T5164] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[ 94.478133][ T5168] ==================================================================
[ 94.486451][ T5168] BUG: KASAN: use-after-free in ax25_fillin_cb+0x458/0x640
[ 94.493681][ T5168] Read of size 4 at addr ffff888023139738 by task syz.0.19/5168
[ 94.501320][ T5168]
[ 94.503657][ T5168] CPU: 1 PID: 5168 Comm: syz.0.19 Not tainted syzkaller #0
[ 94.510852][ T5168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 94.520907][ T5168] Call Trace:
[ 94.524181][ T5168]
[ 94.527107][ T5168] dump_stack_lvl+0x188/0x250
[ 94.531791][ T5168] ? show_regs_print_info+0x20/0x20
[ 94.536979][ T5168] ? _printk+0xda/0x130
[ 94.541131][ T5168] ? ax25_fillin_cb+0x458/0x640
[ 94.545981][ T5168] ? load_image+0x410/0x410
[ 94.550487][ T5168] print_address_description+0x60/0x2d0
[ 94.556043][ T5168] ? ax25_fillin_cb+0x458/0x640
[ 94.560887][ T5168] kasan_report+0xdf/0x130
[ 94.565303][ T5168] ? ax25_fillin_cb+0x458/0x640
[ 94.570155][ T5168] ax25_fillin_cb+0x458/0x640
[ 94.574831][ T5168] ax25_setsockopt+0x8c9/0xa60
[ 94.579600][ T5168] ? ax25_shutdown+0x10/0x10
[ 94.584194][ T5168] ? aa_sock_opt_perm+0x74/0x100
[ 94.589217][ T5168] ? bpf_lsm_socket_setsockopt+0x5/0x10
[ 94.594760][ T5168] ? security_socket_setsockopt+0x7a/0xa0
[ 94.600477][ T5168] ? ax25_shutdown+0x10/0x10
[ 94.605068][ T5168] __sys_setsockopt+0x2bf/0x3d0
[ 94.609924][ T5168] __x64_sys_setsockopt+0xb1/0xc0
[ 94.614952][ T5168] do_syscall_64+0x4c/0xa0
[ 94.619377][ T5168] ? clear_bhb_loop+0x30/0x80
[ 94.624047][ T5168] ? clear_bhb_loop+0x30/0x80
[ 94.628718][ T5168] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 94.634628][ T5168] RIP: 0033:0x7f8e0e5d6819
[ 94.639049][ T5168] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 94.658756][ T5168] RSP: 002b:00007f8e0dc38028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 94.667179][ T5168] RAX: ffffffffffffffda RBX: 00007f8e0e84ffa0 RCX: 00007f8e0e5d6819
[ 94.675149][ T5168] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000006
[ 94.683142][ T5168] RBP: 00007f8e0e66cc91 R08: 0000000000000010 R09: 0000000000000000
[ 94.691237][ T5168] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000000
[ 94.699220][ T5168] R13: 00007f8e0e850038 R14: 00007f8e0e84ffa0 R15: 00007fff2dc393e8
[ 94.707213][ T5168]
[ 94.710235][ T5168]
[ 94.712547][ T5168] Allocated by task 5164:
[ 94.716868][ T5168] __kasan_kmalloc+0xaf/0xe0
[ 94.721459][ T5168] ax25_dev_device_up+0x50/0x580
[ 94.726399][ T5168] ax25_device_event+0x487/0x4f0
[ 94.731334][ T5168] raw_notifier_call_chain+0xcb/0x160
[ 94.736698][ T5168] __dev_notify_flags+0x194/0x300
[ 94.741718][ T5168] dev_change_flags+0xda/0x1a0
[ 94.746483][ T5168] dev_ifsioc+0x130/0xd50
[ 94.750803][ T5168] dev_ioctl+0x545/0xe30
[ 94.755046][ T5168] sock_do_ioctl+0x245/0x320
[ 94.759725][ T5168] sock_ioctl+0x48a/0x700
[ 94.764048][ T5168] __se_sys_ioctl+0xfa/0x170
[ 94.768636][ T5168] do_syscall_64+0x4c/0xa0
[ 94.773088][ T5168] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 94.778981][ T5168]
[ 94.781341][ T5168] Freed by task 5165:
[ 94.785395][ T5168] kasan_set_track+0x4b/0x70
[ 94.789981][ T5168] kasan_set_free_info+0x1f/0x40
[ 94.794914][ T5168] ____kasan_slab_free+0xd5/0x110
[ 94.799934][ T5168] slab_free_freelist_hook+0xec/0x170
[ 94.805306][ T5168] kfree+0xef/0x2a0
[ 94.809109][ T5168] ax25_release+0x60f/0x810
[ 94.813608][ T5168] sock_close+0xbf/0x210
[ 94.817843][ T5168] __fput+0x212/0x8c0
[ 94.821940][ T5168] task_work_run+0x125/0x1a0
[ 94.826539][ T5168] exit_to_user_mode_loop+0x10f/0x130
[ 94.831914][ T5168] exit_to_user_mode_prepare+0xee/0x180
[ 94.837468][ T5168] syscall_exit_to_user_mode+0x16/0x40
[ 94.842930][ T5168] do_syscall_64+0x58/0xa0
[ 94.847343][ T5168] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 94.853239][ T5168]
[ 94.855559][ T5168] Last potentially related work creation:
[ 94.861272][ T5168] kasan_save_stack+0x35/0x60
[ 94.865959][ T5168] kasan_record_aux_stack+0xb8/0x100
[ 94.871330][ T5168] call_rcu+0x189/0x900
[ 94.875485][ T5168] rht_deferred_worker+0x17a6/0x1f60
[ 94.880769][ T5168] process_one_work+0x867/0xff0
[ 94.885614][ T5168] worker_thread+0xad7/0x12a0
[ 94.890285][ T5168] kthread+0x42e/0x520
[ 94.894345][ T5168] ret_from_fork+0x1f/0x30
[ 94.898758][ T5168]
[ 94.901159][ T5168] Second to last potentially related work creation:
[ 94.907733][ T5168] kasan_save_stack+0x35/0x60
[ 94.912414][ T5168] kasan_record_aux_stack+0xb8/0x100
[ 94.917699][ T5168] call_rcu+0x189/0x900
[ 94.921849][ T5168] nf_unregister_net_hooks+0xc7/0x130
[ 94.927214][ T5168] cleanup_net+0x58e/0xba0
[ 94.931629][ T5168] process_one_work+0x867/0xff0
[ 94.936480][ T5168] worker_thread+0xad7/0x12a0
[ 94.941149][ T5168] kthread+0x42e/0x520
[ 94.945207][ T5168] ret_from_fork+0x1f/0x30
[ 94.949623][ T5168]
[ 94.951939][ T5168] The buggy address belongs to the object at ffff888023139700
[ 94.951939][ T5168] which belongs to the cache kmalloc-192 of size 192
[ 94.965981][ T5168] The buggy address is located 56 bytes inside of
[ 94.965981][ T5168] 192-byte region [ffff888023139700, ffff8880231397c0)
[ 94.979164][ T5168] The buggy address belongs to the page:
[ 94.984797][ T5168] page:ffffea00008c4e40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x23139
[ 94.994945][ T5168] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 95.002491][ T5168] raw: 00fff00000000200 dead000000000100 dead000000000122 ffff888016c41a00
[ 95.011085][ T5168] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 95.019667][ T5168] page dumped because: kasan: bad access detected
[ 95.026089][ T5168] page_owner tracks the page as allocated
[ 95.032055][ T5168] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 6629685783, free_ts 6622760686
[ 95.047674][ T5168] get_page_from_freelist+0x24f6/0x2670
[ 95.053224][ T5168] __alloc_pages+0x1ee/0x480
[ 95.057807][ T5168] alloc_page_interleave+0x24/0x1e0
[ 95.063006][ T5168] new_slab+0xc0/0x4b0
[ 95.067070][ T5168] ___slab_alloc+0x807/0xdd0
[ 95.071650][ T5168] kmem_cache_alloc_trace+0xf9/0x290
[ 95.076926][ T5168] call_usermodehelper_setup+0x8a/0x260
[ 95.082466][ T5168] kobject_uevent_env+0x658/0x890
[ 95.087482][ T5168] driver_register+0x3e2/0x430
[ 95.092238][ T5168] usb_register_driver+0x201/0x3c0
[ 95.097340][ T5168] do_one_initcall+0x272/0x730
[ 95.102097][ T5168] do_initcall_level+0x13d/0x1f0
[ 95.107033][ T5168] do_initcalls+0x4b/0x90
[ 95.111360][ T5168] kernel_init_freeable+0x3d5/0x560
[ 95.116553][ T5168] kernel_init+0x19/0x1b0
[ 95.120879][ T5168] ret_from_fork+0x1f/0x30
[ 95.125288][ T5168] page last free stack trace:
[ 95.129945][ T5168] free_unref_page_prepare+0x637/0x6c0
[ 95.135400][ T5168] free_unref_page+0x8f/0x2a0
[ 95.140084][ T5168] __vunmap+0x8e0/0xa80
[ 95.144230][ T5168] free_work+0x56/0x80
[ 95.148289][ T5168] process_one_work+0x867/0xff0
[ 95.153130][ T5168] worker_thread+0xad7/0x12a0
[ 95.157809][ T5168] kthread+0x42e/0x520
[ 95.161866][ T5168] ret_from_fork+0x1f/0x30
[ 95.166315][ T5168]
[ 95.168628][ T5168] Memory state around the buggy address:
[ 95.174248][ T5168] ffff888023139600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 95.182304][ T5168] ffff888023139680: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 95.190451][ T5168] >ffff888023139700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 95.198498][ T5168] ^
[ 95.204377][ T5168] ffff888023139780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 95.212438][ T5168] ffff888023139800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 95.220488][ T5168] ==================================================================
[ 95.228537][ T5168] Disabling lock debugging due to kernel taint
[ 95.240198][ T5168] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 95.247409][ T5168] CPU: 0 PID: 5168 Comm: syz.0.19 Tainted: G B syzkaller #0
[ 95.255973][ T5168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 95.266012][ T5168] Call Trace:
[ 95.269292][ T5168]
[ 95.272201][ T5168] dump_stack_lvl+0x188/0x250
[ 95.276861][ T5168] ? show_regs_print_info+0x20/0x20
[ 95.282047][ T5168] ? load_image+0x410/0x410
[ 95.286532][ T5168] panic+0x2f8/0x850
[ 95.290409][ T5168] ? bpf_jit_dump+0xd0/0xd0
[ 95.294890][ T5168] ? _raw_spin_unlock_irqrestore+0x10d/0x120
[ 95.300851][ T5168] ? _raw_spin_unlock+0x40/0x40
[ 95.305675][ T5168] ? print_memory_metadata+0x314/0x400
[ 95.311135][ T5168] ? ax25_fillin_cb+0x458/0x640
[ 95.315975][ T5168] check_panic_on_warn+0x80/0xa0
[ 95.320890][ T5168] ? ax25_fillin_cb+0x458/0x640
[ 95.325717][ T5168] end_report+0x6d/0xf0
[ 95.329856][ T5168] kasan_report+0x102/0x130
[ 95.334430][ T5168] ? ax25_fillin_cb+0x458/0x640
[ 95.339261][ T5168] ax25_fillin_cb+0x458/0x640
[ 95.343953][ T5168] ax25_setsockopt+0x8c9/0xa60
[ 95.348694][ T5168] ? ax25_shutdown+0x10/0x10
[ 95.353260][ T5168] ? aa_sock_opt_perm+0x74/0x100
[ 95.358258][ T5168] ? bpf_lsm_socket_setsockopt+0x5/0x10
[ 95.363781][ T5168] ? security_socket_setsockopt+0x7a/0xa0
[ 95.369472][ T5168] ? ax25_shutdown+0x10/0x10
[ 95.374034][ T5168] __sys_setsockopt+0x2bf/0x3d0
[ 95.378948][ T5168] __x64_sys_setsockopt+0xb1/0xc0
[ 95.383947][ T5168] do_syscall_64+0x4c/0xa0
[ 95.388366][ T5168] ? clear_bhb_loop+0x30/0x80
[ 95.393019][ T5168] ? clear_bhb_loop+0x30/0x80
[ 95.397670][ T5168] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 95.403540][ T5168] RIP: 0033:0x7f8e0e5d6819
[ 95.407934][ T5168] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 95.427515][ T5168] RSP: 002b:00007f8e0dc38028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 95.435908][ T5168] RAX: ffffffffffffffda RBX: 00007f8e0e84ffa0 RCX: 00007f8e0e5d6819
[ 95.443880][ T5168] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000006
[ 95.451941][ T5168] RBP: 00007f8e0e66cc91 R08: 0000000000000010 R09: 0000000000000000
[ 95.459889][ T5168] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000000
[ 95.467841][ T5168] R13: 00007f8e0e850038 R14: 00007f8e0e84ffa0 R15: 00007fff2dc393e8
[ 95.475791][ T5168]
[ 95.479034][ T5168] Kernel Offset: disabled
[ 95.483350][ T5168] Rebooting in 86400 seconds..