Warning: Permanently added '10.128.0.216' (ED25519) to the list of known hosts.
2026/03/12 06:52:50 parsed 1 programs
[ 72.967992][ T4188] cgroup: Unknown subsys name 'net'
[ 73.118339][ T4188] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 74.627944][ T4188] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 76.039909][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 76.048146][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 76.063672][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 76.086608][ T1236] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 76.095593][ T1236] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 76.105084][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 78.343140][ T4251] chnl_net:caif_netlink_parms(): no params data found
[ 78.396914][ T4251] bridge0: port 1(bridge_slave_0) entered blocking state
[ 78.406959][ T4251] bridge0: port 1(bridge_slave_0) entered disabled state
[ 78.415405][ T4251] device bridge_slave_0 entered promiscuous mode
[ 78.426507][ T4251] bridge0: port 2(bridge_slave_1) entered blocking state
[ 78.434346][ T4251] bridge0: port 2(bridge_slave_1) entered disabled state
[ 78.443413][ T4251] device bridge_slave_1 entered promiscuous mode
[ 78.473575][ T4251] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 78.485142][ T4251] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 78.523786][ T4251] team0: Port device team_slave_0 added
[ 78.536623][ T4251] team0: Port device team_slave_1 added
[ 78.562443][ T4251] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 78.569454][ T4251] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 78.595670][ T4251] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 78.612628][ T4251] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 78.619625][ T4251] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 78.647477][ T4251] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 78.725206][ T4251] device hsr_slave_0 entered promiscuous mode
[ 78.738568][ T4251] device hsr_slave_1 entered promiscuous mode
[ 78.881712][ T4251] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 78.893250][ T4251] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 78.903718][ T4251] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 78.913699][ T4251] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 78.939169][ T4251] bridge0: port 2(bridge_slave_1) entered blocking state
[ 78.946436][ T4251] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 78.954861][ T4251] bridge0: port 1(bridge_slave_0) entered blocking state
[ 78.962015][ T4251] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 79.015234][ T4251] 8021q: adding VLAN 0 to HW filter on device bond0
[ 79.031007][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 79.041069][ T144] bridge0: port 1(bridge_slave_0) entered disabled state
[ 79.049712][ T144] bridge0: port 2(bridge_slave_1) entered disabled state
[ 79.064527][ T4251] 8021q: adding VLAN 0 to HW filter on device team0
[ 79.076673][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 79.085994][ T144] bridge0: port 1(bridge_slave_0) entered blocking state
[ 79.093155][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 79.107404][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 79.116173][ T144] bridge0: port 2(bridge_slave_1) entered blocking state
[ 79.123340][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 79.146422][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 79.155244][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 79.169662][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 79.205227][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 79.217547][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 79.226678][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 79.237987][ T4251] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 79.404573][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 79.413062][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 79.427686][ T4251] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 79.467730][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 79.476706][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 79.496376][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 79.507068][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 79.520420][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 79.529658][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 79.562903][ T4251] device veth0_vlan entered promiscuous mode
[ 79.576051][ T4251] device veth1_vlan entered promiscuous mode
[ 79.620307][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 79.629008][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 79.639824][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 79.649944][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 79.662914][ T4251] device veth0_macvtap entered promiscuous mode
[ 79.674443][ T4251] device veth1_macvtap entered promiscuous mode
[ 79.708259][ T4251] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 79.717811][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 79.726734][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 79.735365][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 79.744630][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 79.758372][ T4251] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 79.766529][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 79.775600][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 79.789538][ T4251] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 79.799996][ T4251] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 79.809572][ T4251] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 79.818664][ T4251] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2026/03/12 06:53:00 executed programs: 0
[ 80.989005][ T4293] chnl_net:caif_netlink_parms(): no params data found
[ 81.059235][ T4293] bridge0: port 1(bridge_slave_0) entered blocking state
[ 81.067695][ T4293] bridge0: port 1(bridge_slave_0) entered disabled state
[ 81.078947][ T4293] device bridge_slave_0 entered promiscuous mode
[ 81.089386][ T4293] bridge0: port 2(bridge_slave_1) entered blocking state
[ 81.098960][ T4293] bridge0: port 2(bridge_slave_1) entered disabled state
[ 81.108752][ T4293] device bridge_slave_1 entered promiscuous mode
[ 81.142263][ T4293] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 81.159650][ T4293] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 81.190681][ T4293] team0: Port device team_slave_0 added
[ 81.199332][ T4293] team0: Port device team_slave_1 added
[ 81.228494][ T4293] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 81.238655][ T4293] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 81.268444][ T4293] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 81.282476][ T4293] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 81.289463][ T4293] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 81.318528][ T4293] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 81.354362][ T4293] device hsr_slave_0 entered promiscuous mode
[ 81.362979][ T4293] device hsr_slave_1 entered promiscuous mode
[ 81.369648][ T4293] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 81.377604][ T4293] Cannot create hsr debugfs directory
[ 81.474751][ T4293] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 82.912258][ T7] Bluetooth: hci0: command 0x0409 tx timeout
[ 84.359978][ T4293] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 84.428148][ T4293] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 84.480005][ T4293] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 84.593079][ T4293] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 84.604700][ T4293] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 84.616345][ T4293] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 84.639776][ T4293] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 84.706819][ T4293] 8021q: adding VLAN 0 to HW filter on device bond0
[ 84.720827][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 84.729211][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 84.740127][ T4293] 8021q: adding VLAN 0 to HW filter on device team0
[ 84.763205][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 84.773113][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 84.781797][ T144] bridge0: port 1(bridge_slave_0) entered blocking state
[ 84.788887][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 84.797333][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 84.822845][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 84.833435][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 84.842226][ T144] bridge0: port 2(bridge_slave_1) entered blocking state
[ 84.849365][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 84.878396][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 84.890624][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 84.919128][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 84.928767][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 84.938140][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 84.953125][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 84.962571][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 84.982851][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 84.992041][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 85.000864][ T4270] Bluetooth: hci0: command 0x041b tx timeout
[ 85.010154][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 85.018977][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 85.030491][ T4293] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 85.047208][ T9] device hsr_slave_0 left promiscuous mode
[ 85.054665][ T9] device hsr_slave_1 left promiscuous mode
[ 85.063214][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 85.070717][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 85.079623][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 85.088787][ T9] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 85.096831][ T9] device bridge_slave_1 left promiscuous mode
[ 85.104842][ T9] bridge0: port 2(bridge_slave_1) entered disabled state
[ 85.120714][ T9] device bridge_slave_0 left promiscuous mode
[ 85.127201][ T9] bridge0: port 1(bridge_slave_0) entered disabled state
[ 85.147491][ T9] device veth1_macvtap left promiscuous mode
[ 85.155764][ T9] device veth0_macvtap left promiscuous mode
[ 85.162200][ T9] device veth1_vlan left promiscuous mode
[ 85.168376][ T9] device veth0_vlan left promiscuous mode
[ 85.346844][ T9] team0 (unregistering): Port device team_slave_1 removed
[ 85.359798][ T9] team0 (unregistering): Port device team_slave_0 removed
[ 85.376977][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 85.392799][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 85.455888][ T9] bond0 (unregistering): Released all slaves
[ 85.627526][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 85.635778][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 85.650898][ T4293] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 85.680560][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 85.689802][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 85.709294][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 85.718549][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 85.728298][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 85.736792][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 85.748362][ T4293] device veth0_vlan entered promiscuous mode
[ 85.763258][ T4293] device veth1_vlan entered promiscuous mode
[ 85.798127][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 85.807888][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 85.821877][ T4293] device veth0_macvtap entered promiscuous mode
[ 85.832820][ T4293] device veth1_macvtap entered promiscuous mode
[ 85.849186][ T4293] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 85.856648][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 85.865549][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 85.874504][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 85.884049][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 85.899058][ T4293] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 85.907965][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 85.916968][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 85.928920][ T4293] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 85.938125][ T4293] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 85.947179][ T4293] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 85.956533][ T4293] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 86.045275][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 86.059522][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 86.068078][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
2026/03/12 06:53:05 executed programs: 2
[ 86.091114][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 86.099844][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 86.110031][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 86.158304][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[ 86.223728][ T4307] ==================================================================
[ 86.232203][ T4307] BUG: KASAN: use-after-free in ax25_fillin_cb+0x459/0x640
[ 86.239476][ T4307] Read of size 4 at addr ffff888024886e38 by task syz.0.19/4307
[ 86.247133][ T4307]
[ 86.249493][ T4307] CPU: 0 PID: 4307 Comm: syz.0.19 Not tainted syzkaller #0
[ 86.256799][ T4307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 86.266969][ T4307] Call Trace:
[ 86.270276][ T4307]
[ 86.273248][ T4307] dump_stack_lvl+0x188/0x250
[ 86.277970][ T4307] ? show_regs_print_info+0x20/0x20
[ 86.283205][ T4307] ? _printk+0xda/0x130
[ 86.287384][ T4307] ? ax25_fillin_cb+0x459/0x640
[ 86.292273][ T4307] ? load_image+0x400/0x400
[ 86.296854][ T4307] print_address_description+0x60/0x2d0
[ 86.302435][ T4307] ? ax25_fillin_cb+0x459/0x640
[ 86.308195][ T4307] kasan_report+0xdf/0x130
[ 86.312836][ T4307] ? ax25_fillin_cb+0x459/0x640
[ 86.317751][ T4307] ax25_fillin_cb+0x459/0x640
[ 86.322495][ T4307] ax25_setsockopt+0x8c9/0xa60
[ 86.327308][ T4307] ? ax25_shutdown+0x10/0x10
[ 86.331932][ T4307] ? aa_sock_opt_perm+0x74/0x100
[ 86.336909][ T4307] ? bpf_lsm_socket_setsockopt+0x5/0x10
[ 86.342598][ T4307] ? security_socket_setsockopt+0x7a/0xa0
[ 86.348356][ T4307] ? ax25_shutdown+0x10/0x10
[ 86.352988][ T4307] __sys_setsockopt+0x2bf/0x3d0
[ 86.357879][ T4307] __x64_sys_setsockopt+0xb1/0xc0
[ 86.362945][ T4307] do_syscall_64+0x4c/0xa0
[ 86.367396][ T4307] ? clear_bhb_loop+0x30/0x80
[ 86.372098][ T4307] ? clear_bhb_loop+0x30/0x80
[ 86.376915][ T4307] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 86.382831][ T4307] RIP: 0033:0x7f9157c86799
[ 86.387284][ T4307] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 86.407033][ T4307] RSP: 002b:00007ffca8fb9258 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 86.415498][ T4307] RAX: ffffffffffffffda RBX: 00007f9157efffa0 RCX: 00007f9157c86799
[ 86.423502][ T4307] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000004
[ 86.431584][ T4307] RBP: 00007f9157d1cc99 R08: 0000000000000010 R09: 0000000000000000
[ 86.439593][ T4307] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000000
[ 86.447608][ T4307] R13: 00007f9157efffac R14: 00007f9157efffa0 R15: 00007f9157efffa0
[ 86.455629][ T4307]
[ 86.458671][ T4307]
[ 86.461011][ T4307] Allocated by task 4305:
[ 86.465370][ T4307] __kasan_kmalloc+0xb5/0xf0
[ 86.469995][ T4307] ax25_dev_device_up+0x50/0x580
[ 86.474982][ T4307] ax25_device_event+0x483/0x4f0
[ 86.479945][ T4307] raw_notifier_call_chain+0xcb/0x160
[ 86.485344][ T4307] __dev_notify_flags+0x194/0x300
[ 86.490394][ T4307] dev_change_flags+0xe3/0x1a0
[ 86.495180][ T4307] dev_ifsioc+0x130/0xd50
[ 86.499533][ T4307] dev_ioctl+0x545/0xe30
[ 86.503810][ T4307] sock_do_ioctl+0x245/0x320
[ 86.508515][ T4307] sock_ioctl+0x4d2/0x710
[ 86.512882][ T4307] __se_sys_ioctl+0xfa/0x170
[ 86.517502][ T4307] do_syscall_64+0x4c/0xa0
[ 86.521976][ T4307] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 86.527903][ T4307]
[ 86.530248][ T4307] Freed by task 4306:
[ 86.534271][ T4307] kasan_set_track+0x4b/0x70
[ 86.538904][ T4307] kasan_set_free_info+0x1f/0x40
[ 86.543868][ T4307] ____kasan_slab_free+0xd5/0x110
[ 86.548917][ T4307] slab_free_freelist_hook+0xea/0x170
[ 86.554320][ T4307] kfree+0xef/0x2a0
[ 86.558151][ T4307] ax25_release+0x661/0x870
[ 86.562681][ T4307] sock_close+0xd5/0x240
[ 86.566950][ T4307] __fput+0x234/0x930
[ 86.570954][ T4307] task_work_run+0x125/0x1a0
[ 86.575576][ T4307] exit_to_user_mode_loop+0x10f/0x130
[ 86.580980][ T4307] exit_to_user_mode_prepare+0xee/0x180
[ 86.586650][ T4307] syscall_exit_to_user_mode+0x16/0x40
[ 86.592155][ T4307] do_syscall_64+0x58/0xa0
[ 86.596592][ T4307] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 86.602507][ T4307]
[ 86.604861][ T4307] The buggy address belongs to the object at ffff888024886e00
[ 86.604861][ T4307] which belongs to the cache kmalloc-192 of size 192
[ 86.618937][ T4307] The buggy address is located 56 bytes inside of
[ 86.618937][ T4307] 192-byte region [ffff888024886e00, ffff888024886ec0)
[ 86.632159][ T4307] The buggy address belongs to the page:
[ 86.637833][ T4307] page:ffffea0000922180 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x24886
[ 86.648024][ T4307] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 86.655717][ T4307] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff888016c41a00
[ 86.664423][ T4307] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[ 86.673026][ T4307] page dumped because: kasan: bad access detected
[ 86.679465][ T4307] page_owner tracks the page as allocated
[ 86.685231][ T4307] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 4293, ts 86142792277, free_ts 86142600199
[ 86.701254][ T4307] get_page_from_freelist+0x1bbd/0x1ca0
[ 86.706840][ T4307] __alloc_pages+0x1ee/0x480
[ 86.711453][ T4307] new_slab+0xb6/0x4b0
[ 86.715557][ T4307] ___slab_alloc+0x80a/0xdd0
[ 86.720172][ T4307] __kmalloc_node+0x200/0x3b0
[ 86.724991][ T4307] memcg_alloc_page_obj_cgroups+0x81/0x120
[ 86.730853][ T4307] new_slab+0x100/0x4b0
[ 86.735040][ T4307] ___slab_alloc+0x80a/0xdd0
[ 86.739671][ T4307] kmem_cache_alloc+0x195/0x290
[ 86.744555][ T4307] sock_alloc_inode+0x17/0xb0
[ 86.749257][ T4307] new_inode_pseudo+0x5f/0x210
[ 86.754053][ T4307] __sock_create+0x129/0x900
[ 86.758692][ T4307] __sys_socket+0xe2/0x170
[ 86.763136][ T4307] __x64_sys_socket+0x76/0x80
[ 86.767838][ T4307] do_syscall_64+0x4c/0xa0
[ 86.772280][ T4307] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 86.778203][ T4307] page last free stack trace:
[ 86.782890][ T4307] free_unref_page_prepare+0x637/0x6c0
[ 86.788467][ T4307] free_unref_page+0x8f/0x2a0
[ 86.793176][ T4307] __vunmap+0x8b9/0xa50
[ 86.797359][ T4307] do_ipt_get_ctl+0xe5e/0x1110
[ 86.802157][ T4307] nf_getsockopt+0x25e/0x280
[ 86.806772][ T4307] ip_getsockopt+0x1256/0x16a0
[ 86.811563][ T4307] tcp_getsockopt+0x200/0x25a0
[ 86.816356][ T4307] __sys_getsockopt+0x1b0/0x230
[ 86.821241][ T4307] __x64_sys_getsockopt+0xb1/0xc0
[ 86.826289][ T4307] do_syscall_64+0x4c/0xa0
[ 86.830732][ T4307] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 86.836662][ T4307]
[ 86.839035][ T4307] Memory state around the buggy address:
[ 86.844687][ T4307] ffff888024886d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 86.852773][ T4307] ffff888024886d80: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
[ 86.860854][ T4307] >ffff888024886e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 86.868927][ T4307] ^
[ 86.874845][ T4307] ffff888024886e80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 86.882927][ T4307] ffff888024886f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 86.891034][ T4307] ==================================================================
[ 86.899136][ T4307] Disabling lock debugging due to kernel taint
[ 86.923412][ T4307] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 86.930794][ T4307] CPU: 0 PID: 4307 Comm: syz.0.19 Tainted: G B syzkaller #0
[ 86.939543][ T4307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 86.949630][ T4307] Call Trace:
[ 86.952940][ T4307]
[ 86.955897][ T4307] dump_stack_lvl+0x188/0x250
[ 86.960699][ T4307] ? show_regs_print_info+0x20/0x20
[ 86.965977][ T4307] ? load_image+0x400/0x400
[ 86.970543][ T4307] panic+0x2e5/0x810
[ 86.974468][ T4307] ? bpf_jit_dump+0xd0/0xd0
[ 86.978997][ T4307] ? _raw_spin_unlock_irqrestore+0x10d/0x120
[ 86.985005][ T4307] ? _raw_spin_unlock+0x40/0x40
[ 86.989878][ T4307] ? print_memory_metadata+0x314/0x400
[ 86.995360][ T4307] ? ax25_fillin_cb+0x459/0x640
[ 87.000676][ T4307] check_panic_on_warn+0x80/0xa0
[ 87.005642][ T4307] ? ax25_fillin_cb+0x459/0x640
[ 87.010520][ T4307] end_report+0x6d/0xf0
[ 87.014702][ T4307] kasan_report+0x102/0x130
[ 87.019239][ T4307] ? ax25_fillin_cb+0x459/0x640
[ 87.024329][ T4307] ax25_fillin_cb+0x459/0x640
[ 87.029208][ T4307] ax25_setsockopt+0x8c9/0xa60
[ 87.034020][ T4307] ? ax25_shutdown+0x10/0x10
[ 87.038712][ T4307] ? aa_sock_opt_perm+0x74/0x100
[ 87.043854][ T4307] ? bpf_lsm_socket_setsockopt+0x5/0x10
[ 87.049447][ T4307] ? security_socket_setsockopt+0x7a/0xa0
[ 87.055211][ T4307] ? ax25_shutdown+0x10/0x10
[ 87.059848][ T4307] __sys_setsockopt+0x2bf/0x3d0
[ 87.064734][ T4307] __x64_sys_setsockopt+0xb1/0xc0
[ 87.069794][ T4307] do_syscall_64+0x4c/0xa0
[ 87.074377][ T4307] ? clear_bhb_loop+0x30/0x80
[ 87.079123][ T4307] ? clear_bhb_loop+0x30/0x80
[ 87.083284][ T4269] Bluetooth: hci0: command 0x040f tx timeout
[ 87.083832][ T4307] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 87.095723][ T4307] RIP: 0033:0x7f9157c86799
[ 87.100177][ T4307] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 87.119825][ T4307] RSP: 002b:00007ffca8fb9258 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 87.128309][ T4307] RAX: ffffffffffffffda RBX: 00007f9157efffa0 RCX: 00007f9157c86799
[ 87.136352][ T4307] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000004
[ 87.144360][ T4307] RBP: 00007f9157d1cc99 R08: 0000000000000010 R09: 0000000000000000
[ 87.152362][ T4307] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000000
[ 87.160373][ T4307] R13: 00007f9157efffac R14: 00007f9157efffa0 R15: 00007f9157efffa0
[ 87.168379][ T4307]
[ 87.171663][ T4307] Kernel Offset: disabled
[ 87.176032][ T4307] Rebooting in 86400 seconds..