Warning: Permanently added '10.128.1.78' (ED25519) to the list of known hosts.
2026/03/12 09:08:57 parsed 1 programs
[ 53.228866][ T4186] cgroup: Unknown subsys name 'net'
[ 53.365328][ T4186] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 54.708279][ T4186] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 56.081535][ T4199] chnl_net:caif_netlink_parms(): no params data found
[ 56.120989][ T4199] bridge0: port 1(bridge_slave_0) entered blocking state
[ 56.128376][ T4199] bridge0: port 1(bridge_slave_0) entered disabled state
[ 56.136244][ T4199] device bridge_slave_0 entered promiscuous mode
[ 56.146897][ T4199] bridge0: port 2(bridge_slave_1) entered blocking state
[ 56.154023][ T4199] bridge0: port 2(bridge_slave_1) entered disabled state
[ 56.161903][ T4199] device bridge_slave_1 entered promiscuous mode
[ 56.178640][ T4199] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 56.192813][ T4199] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 56.211472][ T4199] team0: Port device team_slave_0 added
[ 56.218356][ T4199] team0: Port device team_slave_1 added
[ 56.235924][ T4199] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 56.243028][ T4199] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 56.268999][ T4199] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 56.281310][ T4199] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 56.288259][ T4199] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 56.314214][ T4199] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 56.347738][ T4199] device hsr_slave_0 entered promiscuous mode
[ 56.354350][ T4199] device hsr_slave_1 entered promiscuous mode
[ 56.433627][ T4199] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 56.443519][ T4199] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 56.455889][ T4199] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 56.465691][ T4199] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 56.484387][ T4199] bridge0: port 2(bridge_slave_1) entered blocking state
[ 56.491555][ T4199] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 56.499143][ T4199] bridge0: port 1(bridge_slave_0) entered blocking state
[ 56.506236][ T4199] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 56.546890][ T4199] 8021q: adding VLAN 0 to HW filter on device bond0
[ 56.558533][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 56.568684][ T428] bridge0: port 1(bridge_slave_0) entered disabled state
[ 56.577426][ T428] bridge0: port 2(bridge_slave_1) entered disabled state
[ 56.585387][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 56.602000][ T4199] 8021q: adding VLAN 0 to HW filter on device team0
[ 56.614774][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 56.624686][ T428] bridge0: port 1(bridge_slave_0) entered blocking state
[ 56.631959][ T428] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 56.652596][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 56.664747][ T428] bridge0: port 2(bridge_slave_1) entered blocking state
[ 56.671845][ T428] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 56.692555][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 56.702372][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 56.719798][ T4199] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 56.731524][ T4199] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 56.744874][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 56.754146][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 56.763466][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 56.776448][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 56.893053][ T4199] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 56.901479][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 56.908903][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 56.933600][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 56.954625][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 56.963867][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 56.973630][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 56.986004][ T4199] device veth0_vlan entered promiscuous mode
[ 56.999848][ T4199] device veth1_vlan entered promiscuous mode
[ 57.024457][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 57.035525][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 57.044370][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 57.056965][ T4199] device veth0_macvtap entered promiscuous mode
[ 57.064766][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 57.075390][ T4199] device veth1_macvtap entered promiscuous mode
[ 57.096443][ T4199] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 57.104730][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 57.114568][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 57.126223][ T4199] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 57.134056][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 57.143227][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 57.154610][ T4199] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 57.164478][ T4199] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 57.174466][ T4199] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 57.183721][ T4199] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 57.278574][ T4199] syz-executor (4199) used greatest stack depth: 20880 bytes left
[ 57.870713][ T144] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 60.115597][ T144] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 62.344446][ T144] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 62.426487][ T144] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 63.340047][ T144] device hsr_slave_0 left promiscuous mode
[ 63.348084][ T144] device hsr_slave_1 left promiscuous mode
[ 63.354877][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 63.363826][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 63.372706][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 63.380078][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 63.388025][ T144] device bridge_slave_1 left promiscuous mode
[ 63.394961][ T144] bridge0: port 2(bridge_slave_1) entered disabled state
[ 63.406553][ T144] device bridge_slave_0 left promiscuous mode
[ 63.412954][ T144] bridge0: port 1(bridge_slave_0) entered disabled state
[ 63.428393][ T144] device veth1_macvtap left promiscuous mode
[ 63.434569][ T144] device veth0_macvtap left promiscuous mode
[ 63.440742][ T144] device veth1_vlan left promiscuous mode
[ 63.446576][ T144] device veth0_vlan left promiscuous mode
[ 63.565865][ T144] team0 (unregistering): Port device team_slave_1 removed
[ 63.579563][ T144] team0 (unregistering): Port device team_slave_0 removed
[ 63.592257][ T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 63.605675][ T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 63.651016][ T144] bond0 (unregistering): Released all slaves
[ 63.717448][ T4212] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 63.743643][ T4212] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 63.764884][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 63.787480][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 63.795987][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 63.805954][ T4212] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2026/03/12 09:09:09 executed programs: 0
[ 64.745469][ T4337] chnl_net:caif_netlink_parms(): no params data found
[ 64.837189][ T4337] bridge0: port 1(bridge_slave_0) entered blocking state
[ 64.855043][ T4337] bridge0: port 1(bridge_slave_0) entered disabled state
[ 64.871600][ T4337] device bridge_slave_0 entered promiscuous mode
[ 64.891462][ T4337] bridge0: port 2(bridge_slave_1) entered blocking state
[ 64.900869][ T4337] bridge0: port 2(bridge_slave_1) entered disabled state
[ 64.908807][ T4337] device bridge_slave_1 entered promiscuous mode
[ 64.937313][ T4337] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 64.962551][ T4337] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 65.003472][ T4337] team0: Port device team_slave_0 added
[ 65.020614][ T4337] team0: Port device team_slave_1 added
[ 65.040507][ T4337] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 65.047446][ T4337] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 65.076584][ T4337] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 65.088928][ T4337] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 65.096184][ T4337] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 65.123064][ T4337] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 65.159790][ T4337] device hsr_slave_0 entered promiscuous mode
[ 65.170876][ T4337] device hsr_slave_1 entered promiscuous mode
[ 65.764816][ T4337] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 65.806909][ T4337] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 65.989069][ T4337] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 66.004151][ T4337] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 66.091837][ T4337] 8021q: adding VLAN 0 to HW filter on device bond0
[ 66.104735][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 66.114162][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 66.124819][ T4337] 8021q: adding VLAN 0 to HW filter on device team0
[ 66.136722][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 66.147273][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 66.156344][ T154] bridge0: port 1(bridge_slave_0) entered blocking state
[ 66.163435][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 66.182423][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 66.192667][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 66.202600][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 66.213664][ T154] bridge0: port 2(bridge_slave_1) entered blocking state
[ 66.220756][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 66.229330][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 66.239754][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 66.259038][ T4337] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 66.271505][ T4337] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 66.286153][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 66.296266][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 66.304764][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 66.313294][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 66.322398][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 66.330867][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 66.339177][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 66.347413][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 66.355955][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 66.363671][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 66.497029][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 66.505243][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 66.517986][ T4337] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 66.531912][ T4409] Bluetooth: hci0: command 0x0409 tx timeout
[ 66.542069][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 66.552353][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 66.572678][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 66.582643][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 66.592725][ T4337] device veth0_vlan entered promiscuous mode
[ 66.603472][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 66.612464][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 66.654526][ T4337] device veth1_vlan entered promiscuous mode
[ 66.675319][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 66.684826][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 66.693557][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 66.703640][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 66.714827][ T4337] device veth0_macvtap entered promiscuous mode
[ 66.755293][ T4337] device veth1_macvtap entered promiscuous mode
[ 66.772575][ T4337] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 66.779879][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 66.788142][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 66.797001][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 66.807102][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 66.851633][ T4337] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 66.861803][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 66.872956][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 66.885128][ T4337] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 66.894205][ T4337] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 66.905073][ T4337] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 66.914684][ T4337] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 67.040974][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 67.048824][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 67.061948][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 67.117963][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 67.127992][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 67.138600][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 67.221873][ T4464] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[ 67.297246][ T4468] ==================================================================
[ 67.305482][ T4468] BUG: KASAN: use-after-free in ax25_fillin_cb+0x459/0x640
[ 67.312702][ T4468] Read of size 4 at addr ffff88801e974438 by task syz.0.19/4468
[ 67.320331][ T4468]
[ 67.322663][ T4468] CPU: 1 PID: 4468 Comm: syz.0.19 Not tainted syzkaller #0
[ 67.329855][ T4468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 67.339918][ T4468] Call Trace:
[ 67.343195][ T4468]
[ 67.346125][ T4468] dump_stack_lvl+0x188/0x250
[ 67.350810][ T4468] ? show_regs_print_info+0x20/0x20
[ 67.356015][ T4468] ? _printk+0xda/0x130
[ 67.360173][ T4468] ? ax25_fillin_cb+0x459/0x640
[ 67.365034][ T4468] ? load_image+0x400/0x400
[ 67.369544][ T4468] print_address_description+0x60/0x2d0
[ 67.375086][ T4468] ? ax25_fillin_cb+0x459/0x640
[ 67.379916][ T4468] kasan_report+0xdf/0x130
[ 67.384310][ T4468] ? ax25_fillin_cb+0x459/0x640
[ 67.389138][ T4468] ax25_fillin_cb+0x459/0x640
[ 67.393790][ T4468] ax25_setsockopt+0x8c9/0xa60
[ 67.398531][ T4468] ? ax25_shutdown+0x10/0x10
[ 67.403097][ T4468] ? aa_sock_opt_perm+0x74/0x100
[ 67.408013][ T4468] ? bpf_lsm_socket_setsockopt+0x5/0x10
[ 67.413535][ T4468] ? security_socket_setsockopt+0x7a/0xa0
[ 67.419237][ T4468] ? ax25_shutdown+0x10/0x10
[ 67.423822][ T4468] __sys_setsockopt+0x2bf/0x3d0
[ 67.428656][ T4468] __x64_sys_setsockopt+0xb1/0xc0
[ 67.433657][ T4468] do_syscall_64+0x4c/0xa0
[ 67.438047][ T4468] ? clear_bhb_loop+0x30/0x80
[ 67.442697][ T4468] ? clear_bhb_loop+0x30/0x80
[ 67.447351][ T4468] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 67.453228][ T4468] RIP: 0033:0x7f2278092799
[ 67.457622][ T4468] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 67.477200][ T4468] RSP: 002b:00007ffeb19d9aa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 67.485590][ T4468] RAX: ffffffffffffffda RBX: 00007f227830bfa0 RCX: 00007f2278092799
[ 67.493540][ T4468] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000004
[ 67.501493][ T4468] RBP: 00007f2278128c99 R08: 0000000000000010 R09: 0000000000000000
[ 67.509448][ T4468] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000000
[ 67.517394][ T4468] R13: 00007f227830bfac R14: 00007f227830bfa0 R15: 00007f227830bfa0
[ 67.525355][ T4468]
[ 67.528355][ T4468]
[ 67.530658][ T4468] Allocated by task 4464:
[ 67.534958][ T4468] __kasan_kmalloc+0xb5/0xf0
[ 67.539522][ T4468] ax25_dev_device_up+0x50/0x580
[ 67.544432][ T4468] ax25_device_event+0x483/0x4f0
[ 67.549343][ T4468] raw_notifier_call_chain+0xcb/0x160
[ 67.554721][ T4468] __dev_notify_flags+0x194/0x300
[ 67.559719][ T4468] dev_change_flags+0xe3/0x1a0
[ 67.564462][ T4468] dev_ifsioc+0x130/0xd50
[ 67.568767][ T4468] dev_ioctl+0x545/0xe30
[ 67.572984][ T4468] sock_do_ioctl+0x245/0x320
[ 67.577550][ T4468] sock_ioctl+0x4d2/0x710
[ 67.581851][ T4468] __se_sys_ioctl+0xfa/0x170
[ 67.586418][ T4468] do_syscall_64+0x4c/0xa0
[ 67.590811][ T4468] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 67.596681][ T4468]
[ 67.598982][ T4468] Freed by task 4467:
[ 67.602934][ T4468] kasan_set_track+0x4b/0x70
[ 67.607500][ T4468] kasan_set_free_info+0x1f/0x40
[ 67.612409][ T4468] ____kasan_slab_free+0xd5/0x110
[ 67.617404][ T4468] slab_free_freelist_hook+0xea/0x170
[ 67.622752][ T4468] kfree+0xef/0x2a0
[ 67.626543][ T4468] ax25_release+0x661/0x870
[ 67.631033][ T4468] sock_close+0xd5/0x240
[ 67.635249][ T4468] __fput+0x234/0x930
[ 67.639203][ T4468] task_work_run+0x125/0x1a0
[ 67.643767][ T4468] exit_to_user_mode_loop+0x10f/0x130
[ 67.649120][ T4468] exit_to_user_mode_prepare+0xee/0x180
[ 67.654644][ T4468] syscall_exit_to_user_mode+0x16/0x40
[ 67.660082][ T4468] do_syscall_64+0x58/0xa0
[ 67.664470][ T4468] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 67.670339][ T4468]
[ 67.672647][ T4468] The buggy address belongs to the object at ffff88801e974400
[ 67.672647][ T4468] which belongs to the cache kmalloc-192 of size 192
[ 67.686677][ T4468] The buggy address is located 56 bytes inside of
[ 67.686677][ T4468] 192-byte region [ffff88801e974400, ffff88801e9744c0)
[ 67.699842][ T4468] The buggy address belongs to the page:
[ 67.705459][ T4468] page:ffffea00007a5d00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1e974
[ 67.715582][ T4468] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 67.723120][ T4468] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff888016c41a00
[ 67.731683][ T4468] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 67.740236][ T4468] page dumped because: kasan: bad access detected
[ 67.746634][ T4468] page_owner tracks the page as allocated
[ 67.752323][ T4468] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 4442, ts 66822642956, free_ts 66822312760
[ 67.768263][ T4468] get_page_from_freelist+0x1bbd/0x1ca0
[ 67.773790][ T4468] __alloc_pages+0x1ee/0x480
[ 67.778357][ T4468] new_slab+0xb6/0x4b0
[ 67.782398][ T4468] ___slab_alloc+0x80a/0xdd0
[ 67.786961][ T4468] __kmalloc_node+0x200/0x3b0
[ 67.791607][ T4468] memcg_alloc_page_obj_cgroups+0x81/0x120
[ 67.797384][ T4468] new_slab+0x100/0x4b0
[ 67.801515][ T4468] ___slab_alloc+0x80a/0xdd0
[ 67.806077][ T4468] kmem_cache_alloc+0x195/0x290
[ 67.810899][ T4468] __d_alloc+0x2a/0x6f0
[ 67.815029][ T4468] d_alloc_pseudo+0x19/0x70
[ 67.819504][ T4468] alloc_file_pseudo+0xe0/0x200
[ 67.824330][ T4468] create_pipe_files+0x3a8/0x700
[ 67.829244][ T4468] __do_pipe_flags+0x46/0x1f0
[ 67.833900][ T4468] do_pipe2+0xa7/0x190
[ 67.837945][ T4468] __x64_sys_pipe2+0x56/0x60
[ 67.842507][ T4468] page last free stack trace:
[ 67.847149][ T4468] free_unref_page_prepare+0x637/0x6c0
[ 67.852582][ T4468] free_unref_page+0x8f/0x2a0
[ 67.857233][ T4468] free_pipe_info+0x2b8/0x340
[ 67.861883][ T4468] pipe_release+0x24a/0x330
[ 67.866358][ T4468] __fput+0x234/0x930
[ 67.870313][ T4468] task_work_run+0x125/0x1a0
[ 67.874879][ T4468] do_exit+0x626/0x20c0
[ 67.879008][ T4468] do_group_exit+0x12e/0x300
[ 67.883581][ T4468] __x64_sys_exit_group+0x3b/0x40
[ 67.888577][ T4468] do_syscall_64+0x4c/0xa0
[ 67.892967][ T4468] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 67.898840][ T4468]
[ 67.901151][ T4468] Memory state around the buggy address:
[ 67.906763][ T4468] ffff88801e974300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 67.914796][ T4468] ffff88801e974380: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[ 67.922831][ T4468] >ffff88801e974400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 67.930872][ T4468] ^
[ 67.936751][ T4468] ffff88801e974480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 67.944786][ T4468] ffff88801e974500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 67.952817][ T4468] ==================================================================
[ 67.960858][ T4468] Disabling lock debugging due to kernel taint
[ 67.968818][ T4468] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 67.976024][ T4468] CPU: 1 PID: 4468 Comm: syz.0.19 Tainted: G B syzkaller #0
[ 67.984598][ T4468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 67.994638][ T4468] Call Trace:
[ 67.997892][ T4468]
[ 68.000799][ T4468] dump_stack_lvl+0x188/0x250
[ 68.005457][ T4468] ? show_regs_print_info+0x20/0x20
[ 68.010631][ T4468] ? load_image+0x400/0x400
[ 68.015109][ T4468] panic+0x2e5/0x810
[ 68.018980][ T4468] ? bpf_jit_dump+0xd0/0xd0
[ 68.023456][ T4468] ? _raw_spin_unlock_irqrestore+0x10d/0x120
[ 68.029411][ T4468] ? _raw_spin_unlock+0x40/0x40
[ 68.034235][ T4468] ? print_memory_metadata+0x314/0x400
[ 68.039668][ T4468] ? ax25_fillin_cb+0x459/0x640
[ 68.044489][ T4468] check_panic_on_warn+0x80/0xa0
[ 68.049404][ T4468] ? ax25_fillin_cb+0x459/0x640
[ 68.054229][ T4468] end_report+0x6d/0xf0
[ 68.058362][ T4468] kasan_report+0x102/0x130
[ 68.062840][ T4468] ? ax25_fillin_cb+0x459/0x640
[ 68.067665][ T4468] ax25_fillin_cb+0x459/0x640
[ 68.072314][ T4468] ax25_setsockopt+0x8c9/0xa60
[ 68.077053][ T4468] ? ax25_shutdown+0x10/0x10
[ 68.081612][ T4468] ? aa_sock_opt_perm+0x74/0x100
[ 68.086526][ T4468] ? bpf_lsm_socket_setsockopt+0x5/0x10
[ 68.092045][ T4468] ? security_socket_setsockopt+0x7a/0xa0
[ 68.097734][ T4468] ? ax25_shutdown+0x10/0x10
[ 68.102297][ T4468] __sys_setsockopt+0x2bf/0x3d0
[ 68.107217][ T4468] __x64_sys_setsockopt+0xb1/0xc0
[ 68.112214][ T4468] do_syscall_64+0x4c/0xa0
[ 68.116601][ T4468] ? clear_bhb_loop+0x30/0x80
[ 68.121249][ T4468] ? clear_bhb_loop+0x30/0x80
[ 68.125901][ T4468] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 68.131766][ T4468] RIP: 0033:0x7f2278092799
[ 68.136156][ T4468] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 68.155737][ T4468] RSP: 002b:00007ffeb19d9aa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 68.164124][ T4468] RAX: ffffffffffffffda RBX: 00007f227830bfa0 RCX: 00007f2278092799
[ 68.172070][ T4468] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000004
[ 68.180017][ T4468] RBP: 00007f2278128c99 R08: 0000000000000010 R09: 0000000000000000
[ 68.187963][ T4468] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000000
[ 68.195906][ T4468] R13: 00007f227830bfac R14: 00007f227830bfa0 R15: 00007f227830bfa0
[ 68.203854][ T4468]
[ 68.206942][ T4468] Kernel Offset: disabled
[ 68.211250][ T4468] Rebooting in 86400 seconds..