Warning: Permanently added '10.128.0.154' (ED25519) to the list of known hosts.
2026/04/22 06:00:24 parsed 1 programs
[ 70.598065][ T4187] cgroup: Unknown subsys name 'net'
[ 70.702806][ T4187] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 71.355448][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.362027][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[ 72.217714][ T4187] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 74.328708][ T4220] chnl_net:caif_netlink_parms(): no params data found
[ 74.395991][ T4220] bridge0: port 1(bridge_slave_0) entered blocking state
[ 74.405024][ T4220] bridge0: port 1(bridge_slave_0) entered disabled state
[ 74.413687][ T4220] device bridge_slave_0 entered promiscuous mode
[ 74.424137][ T4220] bridge0: port 2(bridge_slave_1) entered blocking state
[ 74.431310][ T4220] bridge0: port 2(bridge_slave_1) entered disabled state
[ 74.441202][ T4220] device bridge_slave_1 entered promiscuous mode
[ 74.471858][ T4220] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 74.483778][ T4220] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 74.511475][ T4220] team0: Port device team_slave_0 added
[ 74.519853][ T4220] team0: Port device team_slave_1 added
[ 74.543299][ T4220] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 74.550305][ T4220] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 74.576700][ T4220] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 74.590153][ T4220] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 74.597390][ T4220] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 74.623852][ T4220] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 74.666021][ T4220] device hsr_slave_0 entered promiscuous mode
[ 74.673344][ T4220] device hsr_slave_1 entered promiscuous mode
[ 74.822256][ T4220] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 74.836589][ T4220] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 74.847984][ T4220] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 74.859879][ T4220] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 74.894155][ T4220] bridge0: port 2(bridge_slave_1) entered blocking state
[ 74.901413][ T4220] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 74.909535][ T4220] bridge0: port 1(bridge_slave_0) entered blocking state
[ 74.916684][ T4220] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 74.979898][ T4220] 8021q: adding VLAN 0 to HW filter on device bond0
[ 74.997462][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 75.009222][ T9] bridge0: port 1(bridge_slave_0) entered disabled state
[ 75.018441][ T9] bridge0: port 2(bridge_slave_1) entered disabled state
[ 75.027432][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 75.044752][ T4220] 8021q: adding VLAN 0 to HW filter on device team0
[ 75.057478][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 75.067243][ T4227] bridge0: port 1(bridge_slave_0) entered blocking state
[ 75.074457][ T4227] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 75.093978][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 75.104621][ T4227] bridge0: port 2(bridge_slave_1) entered blocking state
[ 75.111947][ T4227] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 75.136817][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 75.147780][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 75.166577][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 75.176079][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 75.185306][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 75.197091][ T4220] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 75.322185][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 75.331072][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 75.346659][ T4220] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 75.369273][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 75.379209][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 75.400358][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 75.410142][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 75.421864][ T4220] device veth0_vlan entered promiscuous mode
[ 75.430708][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 75.440800][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 75.454540][ T4220] device veth1_vlan entered promiscuous mode
[ 75.479389][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 75.489321][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 75.499377][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 75.508345][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 75.520286][ T4220] device veth0_macvtap entered promiscuous mode
[ 75.531015][ T4220] device veth1_macvtap entered promiscuous mode
[ 75.554822][ T4220] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 75.562886][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 75.571718][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 75.579955][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 75.589706][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 75.604175][ T4220] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 75.612825][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 75.622048][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 75.634692][ T4220] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.644638][ T4220] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.655902][ T4220] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.666232][ T4220] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.979265][ T144] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 76.018457][ T4227] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 76.027850][ T4227] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 76.041065][ T157] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 76.059278][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 76.067317][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 76.075975][ T157] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 78.010632][ T144] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 80.587910][ T144] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 80.642157][ T144] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 82.424854][ T144] device hsr_slave_0 left promiscuous mode
[ 82.464331][ T144] device hsr_slave_1 left promiscuous mode
[ 82.472367][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 82.481017][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 82.514456][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 82.521911][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 82.541526][ T144] device bridge_slave_1 left promiscuous mode
[ 82.550188][ T144] bridge0: port 2(bridge_slave_1) entered disabled state
[ 82.567308][ T144] device bridge_slave_0 left promiscuous mode
[ 82.576757][ T144] bridge0: port 1(bridge_slave_0) entered disabled state
[ 82.609264][ T144] device veth1_macvtap left promiscuous mode
[ 82.616309][ T144] device veth0_macvtap left promiscuous mode
[ 82.622900][ T144] device veth1_vlan left promiscuous mode
[ 82.629042][ T144] device veth0_vlan left promiscuous mode
[ 82.900792][ T144] team0 (unregistering): Port device team_slave_1 removed
[ 82.918798][ T144] team0 (unregistering): Port device team_slave_0 removed
[ 82.940798][ T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 82.961546][ T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
2026/04/22 06:00:38 executed programs: 0
[ 83.043898][ T144] bond0 (unregistering): Released all slaves
[ 83.283705][ T4336] chnl_net:caif_netlink_parms(): no params data found
[ 83.358273][ T4336] bridge0: port 1(bridge_slave_0) entered blocking state
[ 83.365836][ T4336] bridge0: port 1(bridge_slave_0) entered disabled state
[ 83.374134][ T4336] device bridge_slave_0 entered promiscuous mode
[ 83.392619][ T4336] bridge0: port 2(bridge_slave_1) entered blocking state
[ 83.399992][ T4336] bridge0: port 2(bridge_slave_1) entered disabled state
[ 83.408439][ T4336] device bridge_slave_1 entered promiscuous mode
[ 83.433411][ T4336] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 83.456609][ T4336] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 83.500899][ T4336] team0: Port device team_slave_0 added
[ 83.516440][ T4336] team0: Port device team_slave_1 added
[ 83.538333][ T4336] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 83.545419][ T4336] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 83.571699][ T4336] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 83.585166][ T4336] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 83.592168][ T4336] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 83.619381][ T4336] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 83.679551][ T4336] device hsr_slave_0 entered promiscuous mode
[ 83.704822][ T4336] device hsr_slave_1 entered promiscuous mode
[ 84.408808][ T4336] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 84.419154][ T4336] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 84.431008][ T4336] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 84.446546][ T4336] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 84.526222][ T4336] 8021q: adding VLAN 0 to HW filter on device bond0
[ 84.540650][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 84.553364][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 84.573497][ T4336] 8021q: adding VLAN 0 to HW filter on device team0
[ 84.586039][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 84.596115][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 84.606968][ T4227] bridge0: port 1(bridge_slave_0) entered blocking state
[ 84.614124][ T4227] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 84.634156][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 84.643183][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 84.652011][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 84.661196][ T4227] bridge0: port 2(bridge_slave_1) entered blocking state
[ 84.668329][ T4227] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 84.678827][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 84.688481][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 84.706328][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 84.717074][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 84.728189][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 84.737489][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 84.757517][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 84.766396][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 84.776935][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 84.786065][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 84.803180][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 84.825129][ T4336] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 85.010842][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 85.023773][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 85.037824][ T4336] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 85.086520][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 85.101875][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 85.113182][ T7] Bluetooth: hci0: command 0x0409 tx timeout
[ 85.140352][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 85.167209][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 85.176841][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 85.186313][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 85.197003][ T4336] device veth0_vlan entered promiscuous mode
[ 85.226934][ T4336] device veth1_vlan entered promiscuous mode
[ 85.277996][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 85.288471][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 85.315334][ T4336] device veth0_macvtap entered promiscuous mode
[ 85.337869][ T4336] device veth1_macvtap entered promiscuous mode
[ 85.376341][ T4336] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 85.392705][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 85.409653][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 85.419719][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 85.429336][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 85.443644][ T4336] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 85.455153][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 85.474766][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 85.487800][ T4336] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 85.514064][ T4336] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 85.522902][ T4336] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 85.531629][ T4336] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 85.619839][ T4244] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 85.642750][ T4244] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 85.681825][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 85.693536][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 85.701408][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 85.711811][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 85.820911][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[ 85.932456][ T4420] ==================================================================
[ 85.940826][ T4420] BUG: KASAN: use-after-free in ax25_fillin_cb+0x459/0x640
[ 85.948300][ T4420] Read of size 4 at addr ffff888070e66738 by task syz.0.19/4420
[ 85.955985][ T4420]
[ 85.958363][ T4420] CPU: 1 PID: 4420 Comm: syz.0.19 Not tainted syzkaller #0
[ 85.965598][ T4420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 85.975811][ T4420] Call Trace:
[ 85.979137][ T4420]
[ 85.982102][ T4420] dump_stack_lvl+0x188/0x250
[ 85.986941][ T4420] ? show_regs_print_info+0x20/0x20
[ 85.992178][ T4420] ? _printk+0xda/0x130
[ 85.996375][ T4420] ? ax25_fillin_cb+0x459/0x640
[ 86.001958][ T4420] ? load_image+0x400/0x400
[ 86.006507][ T4420] print_address_description+0x60/0x2d0
[ 86.012272][ T4420] ? ax25_fillin_cb+0x459/0x640
[ 86.017428][ T4420] kasan_report+0xdf/0x130
[ 86.022107][ T4420] ? ax25_fillin_cb+0x459/0x640
[ 86.026999][ T4420] ax25_fillin_cb+0x459/0x640
[ 86.031765][ T4420] ax25_setsockopt+0x8c9/0xa60
[ 86.036587][ T4420] ? ax25_shutdown+0x10/0x10
[ 86.041216][ T4420] ? aa_sock_opt_perm+0x74/0x100
[ 86.046199][ T4420] ? bpf_lsm_socket_setsockopt+0x5/0x10
[ 86.051839][ T4420] ? security_socket_setsockopt+0x7a/0xa0
[ 86.057777][ T4420] ? ax25_shutdown+0x10/0x10
[ 86.062490][ T4420] __sys_setsockopt+0x2bf/0x3d0
[ 86.067376][ T4420] __x64_sys_setsockopt+0xb1/0xc0
[ 86.072438][ T4420] do_syscall_64+0x4c/0xa0
[ 86.076883][ T4420] ? clear_bhb_loop+0x30/0x80
[ 86.081591][ T4420] ? clear_bhb_loop+0x30/0x80
[ 86.086293][ T4420] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 86.092239][ T4420] RIP: 0033:0x7f6657023819
[ 86.096693][ T4420] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 86.116528][ T4420] RSP: 002b:00007ffd3b446b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 86.125263][ T4420] RAX: ffffffffffffffda RBX: 00007f665729cfa0 RCX: 00007f6657023819
[ 86.133311][ T4420] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000007
[ 86.141327][ T4420] RBP: 00007f66570b9c91 R08: 0000000000000010 R09: 0000000000000000
[ 86.149340][ T4420] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000000
[ 86.157352][ T4420] R13: 00007f665729cfac R14: 00007f665729cfa0 R15: 00007f665729cfa0
[ 86.165479][ T4420]
[ 86.168538][ T4420]
[ 86.170908][ T4420] Allocated by task 4407:
[ 86.175262][ T4420] __kasan_kmalloc+0xb5/0xf0
[ 86.179929][ T4420] ax25_dev_device_up+0x50/0x580
[ 86.185108][ T4420] ax25_device_event+0x483/0x4f0
[ 86.190089][ T4420] raw_notifier_call_chain+0xcb/0x160
[ 86.195498][ T4420] __dev_notify_flags+0x194/0x300
[ 86.200669][ T4420] dev_change_flags+0xe3/0x1a0
[ 86.205480][ T4420] dev_ifsioc+0x130/0xd50
[ 86.209852][ T4420] dev_ioctl+0x545/0xe30
[ 86.214125][ T4420] sock_do_ioctl+0x245/0x320
[ 86.218833][ T4420] sock_ioctl+0x4d2/0x710
[ 86.223232][ T4420] __se_sys_ioctl+0xfa/0x170
[ 86.227853][ T4420] do_syscall_64+0x4c/0xa0
[ 86.232303][ T4420] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 86.238234][ T4420]
[ 86.240633][ T4420] Freed by task 4416:
[ 86.244652][ T4420] kasan_set_track+0x4b/0x70
[ 86.249274][ T4420] kasan_set_free_info+0x1f/0x40
[ 86.254249][ T4420] ____kasan_slab_free+0xd5/0x110
[ 86.259313][ T4420] slab_free_freelist_hook+0xea/0x170
[ 86.264715][ T4420] kfree+0xef/0x2a0
[ 86.268570][ T4420] ax25_release+0x661/0x870
[ 86.273147][ T4420] sock_close+0xd5/0x240
[ 86.277421][ T4420] __fput+0x234/0x930
[ 86.281445][ T4420] task_work_run+0x125/0x1a0
[ 86.286072][ T4420] exit_to_user_mode_loop+0x10f/0x130
[ 86.291477][ T4420] exit_to_user_mode_prepare+0xee/0x180
[ 86.297060][ T4420] syscall_exit_to_user_mode+0x16/0x40
[ 86.302570][ T4420] do_syscall_64+0x58/0xa0
[ 86.307117][ T4420] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 86.313179][ T4420]
[ 86.315532][ T4420] The buggy address belongs to the object at ffff888070e66700
[ 86.315532][ T4420] which belongs to the cache kmalloc-192 of size 192
[ 86.329619][ T4420] The buggy address is located 56 bytes inside of
[ 86.329619][ T4420] 192-byte region [ffff888070e66700, ffff888070e667c0)
[ 86.342861][ T4420] The buggy address belongs to the page:
[ 86.348533][ T4420] page:ffffea0001c39980 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x70e66
[ 86.358742][ T4420] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 86.366343][ T4420] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff888016c41a00
[ 86.374968][ T4420] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[ 86.383672][ T4420] page dumped because: kasan: bad access detected
[ 86.390121][ T4420] page_owner tracks the page as allocated
[ 86.395859][ T4420] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 4336, ts 85797534685, free_ts 85797141273
[ 86.411876][ T4420] get_page_from_freelist+0x1bbd/0x1ca0
[ 86.417466][ T4420] __alloc_pages+0x1ee/0x480
[ 86.422184][ T4420] new_slab+0xb6/0x4b0
[ 86.426289][ T4420] ___slab_alloc+0x80a/0xdd0
[ 86.430923][ T4420] __kmalloc_node+0x200/0x3b0
[ 86.435636][ T4420] memcg_alloc_page_obj_cgroups+0x81/0x120
[ 86.441474][ T4420] slab_post_alloc_hook+0xba/0x380
[ 86.446616][ T4420] kmem_cache_alloc+0x100/0x290
[ 86.451499][ T4420] dup_fd+0x53/0xc70
[ 86.455429][ T4420] copy_files+0x72/0xe0
[ 86.459660][ T4420] copy_process+0x16aa/0x3e20
[ 86.464364][ T4420] kernel_clone+0x23f/0x990
[ 86.468893][ T4420] __x64_sys_clone+0x19a/0x210
[ 86.473690][ T4420] do_syscall_64+0x4c/0xa0
[ 86.478141][ T4420] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 86.484073][ T4420] page last free stack trace:
[ 86.488769][ T4420] free_unref_page_prepare+0x637/0x6c0
[ 86.494259][ T4420] free_unref_page+0x8f/0x2a0
[ 86.498968][ T4420] __vunmap+0x8b9/0xa50
[ 86.503160][ T4420] __do_replace+0x85b/0x9c0
[ 86.507693][ T4420] do_ip6t_set_ctl+0xaaa/0xd90
[ 86.512606][ T4420] nf_setsockopt+0x25f/0x280
[ 86.517233][ T4420] ipv6_setsockopt+0x2086/0x3cc0
[ 86.522202][ T4420] tcp_setsockopt+0x240/0x1e90
[ 86.526999][ T4420] __sys_setsockopt+0x2bf/0x3d0
[ 86.531889][ T4420] __x64_sys_setsockopt+0xb1/0xc0
[ 86.536951][ T4420] do_syscall_64+0x4c/0xa0
[ 86.541418][ T4420] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 86.547348][ T4420]
[ 86.549699][ T4420] Memory state around the buggy address:
[ 86.556887][ T4420] ffff888070e66600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 86.564989][ T4420] ffff888070e66680: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[ 86.573084][ T4420] >ffff888070e66700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 86.581173][ T4420] ^
[ 86.587093][ T4420] ffff888070e66780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 86.595180][ T4420] ffff888070e66800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 86.603274][ T4420] ==================================================================
[ 86.611450][ T4420] Disabling lock debugging due to kernel taint
[ 86.629244][ T4420] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 86.636498][ T4420] CPU: 1 PID: 4420 Comm: syz.0.19 Tainted: G B syzkaller #0
[ 86.645139][ T4420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 86.655227][ T4420] Call Trace:
[ 86.658536][ T4420]
[ 86.661496][ T4420] dump_stack_lvl+0x188/0x250
[ 86.666300][ T4420] ? show_regs_print_info+0x20/0x20
[ 86.671534][ T4420] ? load_image+0x400/0x400
[ 86.676123][ T4420] panic+0x2e5/0x810
[ 86.680062][ T4420] ? bpf_jit_dump+0xd0/0xd0
[ 86.684649][ T4420] ? _raw_spin_unlock_irqrestore+0x10d/0x120
[ 86.690800][ T4420] ? _raw_spin_unlock+0x40/0x40
[ 86.695696][ T4420] ? print_memory_metadata+0x314/0x400
[ 86.701211][ T4420] ? ax25_fillin_cb+0x459/0x640
[ 86.706097][ T4420] check_panic_on_warn+0x80/0xa0
[ 86.711180][ T4420] ? ax25_fillin_cb+0x459/0x640
[ 86.716073][ T4420] end_report+0x6d/0xf0
[ 86.720268][ T4420] kasan_report+0x102/0x130
[ 86.725175][ T4420] ? ax25_fillin_cb+0x459/0x640
[ 86.730287][ T4420] ax25_fillin_cb+0x459/0x640
[ 86.735003][ T4420] ax25_setsockopt+0x8c9/0xa60
[ 86.739809][ T4420] ? ax25_shutdown+0x10/0x10
[ 86.744435][ T4420] ? aa_sock_opt_perm+0x74/0x100
[ 86.749405][ T4420] ? bpf_lsm_socket_setsockopt+0x5/0x10
[ 86.755005][ T4420] ? security_socket_setsockopt+0x7a/0xa0
[ 86.760765][ T4420] ? ax25_shutdown+0x10/0x10
[ 86.765390][ T4420] __sys_setsockopt+0x2bf/0x3d0
[ 86.770284][ T4420] __x64_sys_setsockopt+0xb1/0xc0
[ 86.775347][ T4420] do_syscall_64+0x4c/0xa0
[ 86.779798][ T4420] ? clear_bhb_loop+0x30/0x80
[ 86.784507][ T4420] ? clear_bhb_loop+0x30/0x80
[ 86.789227][ T4420] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 86.795435][ T4420] RIP: 0033:0x7f6657023819
[ 86.800084][ T4420] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 86.819718][ T4420] RSP: 002b:00007ffd3b446b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 86.828174][ T4420] RAX: ffffffffffffffda RBX: 00007f665729cfa0 RCX: 00007f6657023819
[ 86.836268][ T4420] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000007
[ 86.844272][ T4420] RBP: 00007f66570b9c91 R08: 0000000000000010 R09: 0000000000000000
[ 86.852278][ T4420] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000000
[ 86.860558][ T4420] R13: 00007f665729cfac R14: 00007f665729cfa0 R15: 00007f665729cfa0
[ 86.868665][ T4420]
[ 86.871856][ T4420] Kernel Offset: disabled
[ 86.876220][ T4420] Rebooting in 86400 seconds..