Warning: Permanently added '10.128.1.124' (ED25519) to the list of known hosts.
[   42.017311][ T4023] chnl_net:caif_netlink_parms(): no params data found
[   42.052628][ T4023] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.054643][ T4023] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.057447][ T4023] device bridge_slave_0 entered promiscuous mode
[   42.061609][ T4023] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.063531][ T4023] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.066159][ T4023] device bridge_slave_1 entered promiscuous mode
[   42.081538][ T4023] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   42.085981][ T4023] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   42.100079][ T4023] team0: Port device team_slave_0 added
[   42.103376][ T4023] team0: Port device team_slave_1 added
[   42.116360][ T4023] batman_adv: batadv0: Adding interface: batadv_slave_0
[   42.118442][ T4023] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   42.125480][ T4023] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   42.130742][ T4023] batman_adv: batadv0: Adding interface: batadv_slave_1
[   42.132614][ T4023] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   42.140125][ T4023] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   42.228643][ T4023] device hsr_slave_0 entered promiscuous mode
[   42.266800][ T4023] device hsr_slave_1 entered promiscuous mode
[   42.398805][ T4023] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   42.449443][ T4023] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   42.478567][ T4023] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   42.518336][ T4023] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   42.582122][ T4023] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.584241][ T4023] bridge0: port 2(bridge_slave_1) entered forwarding state
[   42.586681][ T4023] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.588593][ T4023] bridge0: port 1(bridge_slave_0) entered forwarding state
[   42.631075][ T4023] 8021q: adding VLAN 0 to HW filter on device bond0
[   42.638573][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   42.642831][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.646159][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.650109][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   42.657124][ T4023] 8021q: adding VLAN 0 to HW filter on device team0
[   42.662800][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   42.665390][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.667329][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   42.672701][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   42.675333][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.677343][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   42.690512][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   42.693403][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   42.702340][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   42.709129][  T338] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   42.715520][  T338] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   42.720210][ T4023] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   42.732780][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   42.734931][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   42.742586][ T4023] 8021q: adding VLAN 0 to HW filter on device batadv0
[   42.755093][  T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   42.768840][  T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   42.771793][  T338] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   42.774331][  T338] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   42.778682][ T4023] device veth0_vlan entered promiscuous mode
[   42.785654][ T4023] device veth1_vlan entered promiscuous mode
[   42.800049][  T338] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   42.802601][  T338] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   42.805278][  T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   42.813152][ T4023] device veth0_macvtap entered promiscuous mode
[   42.818855][ T4023] device veth1_macvtap entered promiscuous mode
[   42.830448][ T4023] batman_adv: batadv0: Interface activated: batadv_slave_0
[   42.832668][  T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   42.835877][  T338] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   42.841873][ T4023] batman_adv: batadv0: Interface activated: batadv_slave_1
[   42.844200][  T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   42.849841][ T4023] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   42.852210][ T4023] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   42.854564][ T4023] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   42.857219][ T4023] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
executing program
[   42.889732][ T4032] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
executing program
executing program
[   42.911930][ T4034] ==================================================================
[   42.914251][ T4034] BUG: KASAN: use-after-free in ax25_fillin_cb+0x394/0x568
[   42.916179][ T4034] Read of size 4 at addr ffff0000c1c4c838 by task syz-executor238/4034
[   42.918519][ T4034] 
[   42.919171][ T4034] CPU: 0 PID: 4034 Comm: syz-executor238 Not tainted 5.15.182-syzkaller #0
[   42.921488][ T4034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   42.924312][ T4034] Call trace:
[   42.925242][ T4034]  dump_backtrace+0x0/0x43c
[   42.926510][ T4034]  show_stack+0x2c/0x3c
[   42.927682][ T4034]  __dump_stack+0x30/0x40
[   42.928889][ T4034]  dump_stack_lvl+0xf8/0x160
[   42.930136][ T4034]  print_address_description+0x78/0x30c
[   42.931614][ T4034]  kasan_report+0xec/0x15c
[   42.932817][ T4034]  __asan_report_load4_noabort+0x44/0x50
[   42.934367][ T4034]  ax25_fillin_cb+0x394/0x568
[   42.935661][ T4034]  ax25_setsockopt+0x8d0/0xa5c
[   42.937006][ T4034]  __sys_setsockopt+0x2f8/0x4b0
[   42.938283][ T4034]  __arm64_sys_setsockopt+0xb8/0xd4
[   42.939699][ T4034]  invoke_syscall+0x98/0x2b8
[   42.940987][ T4034]  el0_svc_common+0x138/0x258
[   42.942278][ T4034]  do_el0_svc+0x58/0x14c
[   42.943395][ T4034]  el0_svc+0x78/0x1e0
[   42.944458][ T4034]  el0t_64_sync_handler+0xcc/0xe4
[   42.945864][ T4034]  el0t_64_sync+0x1a0/0x1a4
[   42.947083][ T4034] 
[   42.947735][ T4034] Allocated by task 4032:
[   42.948901][ T4034]  __kasan_kmalloc+0xb0/0xf0
[   42.950172][ T4034]  kmem_cache_alloc_trace+0x274/0x3fc
[   42.951587][ T4034]  ax25_dev_device_up+0x5c/0x540
[   42.952916][ T4034]  ax25_device_event+0x504/0x590
[   42.954310][ T4034]  raw_notifier_call_chain+0xd4/0x164
[   42.955729][ T4034]  __dev_notify_flags+0x250/0x46c
[   42.957091][ T4034]  dev_change_flags+0xc8/0x154
[   42.958385][ T4034]  dev_ifsioc+0x504/0xef4
[   42.959528][ T4034]  dev_ioctl+0x4d0/0xc94
[   42.960673][ T4034]  sock_do_ioctl+0x18c/0x240
[   42.961918][ T4034]  sock_ioctl+0x5c8/0x87c
[   42.963118][ T4034]  __arm64_sys_ioctl+0x14c/0x1c8
[   42.964451][ T4034]  invoke_syscall+0x98/0x2b8
[   42.965707][ T4034]  el0_svc_common+0x138/0x258
[   42.967060][ T4034]  do_el0_svc+0x58/0x14c
[   42.968232][ T4034]  el0_svc+0x78/0x1e0
[   42.969321][ T4034]  el0t_64_sync_handler+0xcc/0xe4
[   42.970751][ T4034]  el0t_64_sync+0x1a0/0x1a4
[   42.972047][ T4034] 
[   42.972630][ T4034] Freed by task 4033:
[   42.973726][ T4034]  kasan_set_track+0x4c/0x84
[   42.974917][ T4034]  kasan_set_free_info+0x28/0x4c
[   42.976286][ T4034]  ____kasan_slab_free+0x118/0x164
[   42.977659][ T4034]  __kasan_slab_free+0x18/0x28
[   42.978996][ T4034]  slab_free_freelist_hook+0x128/0x1e8
[   42.980522][ T4034]  kfree+0x170/0x40c
[   42.981584][ T4034]  ax25_release+0x564/0x814
[   42.982844][ T4034]  sock_close+0xb4/0x1f8
[   42.983998][ T4034]  __fput+0x1c0/0x7f8
[   42.985085][ T4034]  ____fput+0x20/0x30
[   42.986131][ T4034]  task_work_run+0x12c/0x1e0
[   42.987370][ T4034]  do_notify_resume+0x24b4/0x3128
[   42.988705][ T4034]  el0_svc+0xf0/0x1e0
[   42.989793][ T4034]  el0t_64_sync_handler+0xcc/0xe4
[   42.991251][ T4034]  el0t_64_sync+0x1a0/0x1a4
[   42.992514][ T4034] 
[   42.993155][ T4034] The buggy address belongs to the object at ffff0000c1c4c800
[   42.993155][ T4034]  which belongs to the cache kmalloc-256 of size 256
[   42.997025][ T4034] The buggy address is located 56 bytes inside of
[   42.997025][ T4034]  256-byte region [ffff0000c1c4c800, ffff0000c1c4c900)
[   43.000747][ T4034] The buggy address belongs to the page:
[   43.002303][ T4034] page:00000000c7ea531d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101c4c
[   43.005094][ T4034] head:00000000c7ea531d order:1 compound_mapcount:0
[   43.006869][ T4034] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   43.009019][ T4034] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002480
[   43.011360][ T4034] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   43.013688][ T4034] page dumped because: kasan: bad access detected
[   43.015433][ T4034] 
[   43.016027][ T4034] Memory state around the buggy address:
[   43.017556][ T4034]  ffff0000c1c4c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   43.019764][ T4034]  ffff0000c1c4c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   43.022022][ T4034] >ffff0000c1c4c800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   43.024345][ T4034]                                         ^
[   43.025986][ T4034]  ffff0000c1c4c880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   43.028135][ T4034]  ffff0000c1c4c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   43.030374][ T4034] ==================================================================
[   43.032665][ T4034] Disabling lock debugging due to kernel taint
[   43.036509][ T4034] Unable to handle kernel paging request at virtual address e4a002ae00001569
[   43.038963][ T4034] Mem abort info:
[   43.039971][ T4034]   ESR = 0x0000000096000021
[   43.041171][ T4034]   EC = 0x25: DABT (current EL), IL = 32 bits
[   43.042883][ T4034]   SET = 0, FnV = 0
[   43.044381][ T4034]   EA = 0, S1PTW = 0
[   43.045451][ T4034]   FSC = 0x21: alignment fault
[   43.047911][ T4034] Data abort info:
[   43.048918][ T4034]   ISV = 0, ISS = 0x00000021
[   43.050203][ T4034]   CM = 0, WnR = 0
[   43.051245][ T4034] [e4a002ae00001569] address between user and kernel address ranges
[   43.053384][ T4034] Internal error: Oops: 0000000096000021 [#1] PREEMPT SMP
[   43.055287][ T4034] Modules linked in:
[   43.056289][ T4034] CPU: 0 PID: 4034 Comm: syz-executor238 Tainted: G    B             5.15.182-syzkaller #0
[   43.058937][ T4034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   43.061645][ T4034] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   43.063783][ T4034] pc : ax25_release+0x4f4/0x814
[   43.065148][ T4034] lr : ax25_release+0x4ec/0x814
[   43.066491][ T4034] sp : ffff80001f137a00
[   43.067622][ T4034] x29: ffff80001f137a20 x28: dfff800000000000 x27: ffff0000c605c080
[   43.069808][ T4034] x26: ffff0000c8b20028 x25: 0000000000000002 x24: 00000000ffffffff
[   43.071984][ T4034] x23: e4a002ae00001569 x22: ffff0000c1c4c800 x21: ffff0000de3ac818
[   43.074135][ T4034] x20: ffff0000c605c000 x19: 1fffe00019164005 x18: 0000000000000000
[   43.076271][ T4034] x17: 0000000000000000 x16: ffff8000082d4b24 x15: 0000000000000002
[   43.078421][ T4034] x14: 0000000000ff0100 x13: ffffffffffffffff x12: 0000000000ff0100
[   43.080581][ T4034] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff800010448bc4
[   43.082732][ T4034] x8 : ffff0000c2d751c0 x7 : 0000000000000000 x6 : ffff80000837a08c
[   43.085001][ T4034] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800010448bb8
[   43.087184][ T4034] x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000001
[   43.089331][ T4034] Call trace:
[   43.090249][ T4034]  ax25_release+0x4f4/0x814
[   43.091465][ T4034]  sock_close+0xb4/0x1f8
[   43.092582][ T4034]  __fput+0x1c0/0x7f8
[   43.093673][ T4034]  ____fput+0x20/0x30
[   43.094742][ T4034]  task_work_run+0x12c/0x1e0
[   43.095957][ T4034]  do_notify_resume+0x24b4/0x3128
[   43.097309][ T4034]  el0_svc+0xf0/0x1e0
[   43.098386][ T4034]  el0t_64_sync_handler+0xcc/0xe4
[   43.099748][ T4034]  el0t_64_sync+0x1a0/0x1a4
[   43.100997][ T4034] Code: d503201f 9600bf4b 52800038 4b1803f8 (b87802f8) 
[   43.102921][ T4034] ---[ end trace 77023cbc03519729 ]---
[   43.419718][ T4034] Kernel panic - not syncing: Oops: Fatal exception
[   43.421480][ T4034] SMP: stopping secondary CPUs
[   43.422831][ T4034] Kernel Offset: disabled
[   43.424001][ T4034] CPU features: 0x8,000081c1,21302e40
[   43.425493][ T4034] Memory Limit: none
[   43.716293][ T4034] Rebooting in 86400 seconds..