[   18.862616][ T3704] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting crond: [   18.910286][  T136] gvnic 0000:00:00.0 enp0s0: Device link is up.
[   18.913449][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready
OK
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.101' (ED25519) to the list of known hosts.
1970/01/01 00:00:39 ignoring optional flag "sandboxArg"="0"
1970/01/01 00:00:40 parsed 1 programs
syzkaller login: [   42.563508][ T4039] cgroup: Unknown subsys name 'net'
[   42.803453][ T4039] cgroup: Unknown subsys name 'rlimit'
[   43.183719][ T4039] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k SSFS
[   51.198677][  T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   51.199961][  T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   51.203288][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   51.220140][  T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   51.221439][  T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   51.223470][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   51.899437][ T4079] chnl_net:caif_netlink_parms(): no params data found
[   51.941934][ T4079] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.943110][ T4079] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.945352][ T4079] device bridge_slave_0 entered promiscuous mode
[   51.949227][ T4079] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.950379][ T4079] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.952199][ T4079] device bridge_slave_1 entered promiscuous mode
[   51.967857][ T4079] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   51.971027][ T4079] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   51.986650][ T4079] team0: Port device team_slave_0 added
[   51.989300][ T4079] team0: Port device team_slave_1 added
[   52.002162][ T4079] batman_adv: batadv0: Adding interface: batadv_slave_0
[   52.003095][ T4079] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   52.006696][ T4079] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   52.010406][ T4079] batman_adv: batadv0: Adding interface: batadv_slave_1
[   52.011439][ T4079] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   52.015199][ T4079] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   52.138904][ T4079] device hsr_slave_0 entered promiscuous mode
[   52.208022][ T4079] device hsr_slave_1 entered promiscuous mode
[   52.354221][ T4079] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   52.411616][ T4079] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   52.450151][ T4079] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   52.490359][ T4079] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   52.622567][ T4079] 8021q: adding VLAN 0 to HW filter on device bond0
[   52.632387][  T657] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   52.634441][  T657] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   52.640034][ T4079] 8021q: adding VLAN 0 to HW filter on device team0
[   52.646727][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   52.648841][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   52.650790][  T148] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.652020][  T148] bridge0: port 1(bridge_slave_0) entered forwarding state
[   52.654419][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   52.656233][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   52.659914][  T148] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.661135][  T148] bridge0: port 2(bridge_slave_1) entered forwarding state
[   52.662927][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   52.667294][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   52.672105][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   52.680001][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   52.683664][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   52.685511][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   52.690639][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   52.693765][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   52.702509][ T4079] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   52.704057][ T4079] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   52.710098][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   52.711896][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   52.714246][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   52.716057][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   52.724222][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   52.802532][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   52.803863][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   52.809482][ T4079] 8021q: adding VLAN 0 to HW filter on device batadv0
[   52.821938][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   52.833186][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   52.835382][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   52.838316][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   52.841784][ T4079] device veth0_vlan entered promiscuous mode
[   52.847817][ T4079] device veth1_vlan entered promiscuous mode
[   52.871749][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   52.873526][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   52.875404][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   52.879522][ T4079] device veth0_macvtap entered promiscuous mode
[   52.883170][ T4079] device veth1_macvtap entered promiscuous mode
[   52.894049][ T4079] batman_adv: batadv0: Interface activated: batadv_slave_0
[   52.895431][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   52.897471][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   52.899230][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   52.904002][ T4079] batman_adv: batadv0: Interface activated: batadv_slave_1
[   52.905357][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   52.909256][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   52.913495][ T4079] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   52.914801][ T4079] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   52.915974][ T4079] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   52.917720][ T4079] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
1970/01/01 00:00:54 executed programs: 0
[   54.259410][ T4149] chnl_net:caif_netlink_parms(): no params data found
[   54.301028][ T4149] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.302251][ T4149] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.304184][ T4149] device bridge_slave_0 entered promiscuous mode
[   54.326187][ T4149] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.327880][ T4149] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.329803][ T4149] device bridge_slave_1 entered promiscuous mode
[   54.349657][ T4149] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.353169][ T4149] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.368810][ T4149] team0: Port device team_slave_0 added
[   54.371701][ T4149] team0: Port device team_slave_1 added
[   54.384419][ T4149] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.385469][ T4149] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.389778][ T4149] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.392973][ T4149] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.394024][ T4149] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.398432][ T4149] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.468607][ T4149] device hsr_slave_0 entered promiscuous mode
[   54.507180][ T4149] device hsr_slave_1 entered promiscuous mode
[   54.556490][ T4149] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   54.557853][ T4149] Cannot create hsr debugfs directory
[   54.635263][ T4149] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   56.177105][ T4041] Bluetooth: hci0: command 0x0409 tx timeout
[   57.903774][ T4149] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   57.984026][ T4149] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   58.028019][ T4149] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   58.215037][ T4149] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   58.239424][ T4149] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   58.257123][   T21] Bluetooth: hci0: command 0x041b tx timeout
[   58.290164][ T4149] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   58.328842][ T4149] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   58.429185][ T4149] 8021q: adding VLAN 0 to HW filter on device bond0
[   58.435269][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   58.437696][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   58.441788][ T4149] 8021q: adding VLAN 0 to HW filter on device team0
[   58.445541][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   58.450326][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   58.451898][  T136] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.453010][  T136] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.454562][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   58.459978][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   58.461950][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   58.463526][  T136] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.464674][  T136] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.471436][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   58.473550][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   58.478134][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   58.480847][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   58.482681][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   58.488635][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   58.490555][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   58.494779][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   58.501329][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   58.505682][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   58.508106][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   58.511804][ T4149] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   58.628910][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   58.630460][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   58.635693][ T4149] 8021q: adding VLAN 0 to HW filter on device batadv0
[   58.651885][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   58.653885][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   58.666134][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   58.669239][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   58.672237][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   58.673972][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   58.678257][ T4149] device veth0_vlan entered promiscuous mode
[   58.683969][ T4149] device veth1_vlan entered promiscuous mode
[   58.700810][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   58.702468][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   58.704033][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   58.705766][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   58.711687][ T4149] device veth0_macvtap entered promiscuous mode
[   58.715573][ T4149] device veth1_macvtap entered promiscuous mode
[   58.725482][ T4149] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   58.728045][ T4149] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.730672][ T4149] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.731856][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   58.733616][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   58.735310][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   58.738390][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   58.742357][ T4149] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   58.744005][ T4149] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.750056][ T4149] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.752662][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   58.754468][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   58.759504][ T4149] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.760749][ T4149] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.761984][ T4149] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.763298][ T4149] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.804253][  T148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.805457][  T148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.814793][  T657] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   58.823079][  T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.824262][  T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.826599][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   58.855924][ T4169] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[   58.888543][ T4171] ==================================================================
[   58.889780][ T4171] BUG: KASAN: use-after-free in ax25_fillin_cb+0x394/0x568
[   58.890922][ T4171] Read of size 4 at addr ffff0000dbb8cc38 by task syz.0.19/4171
[   58.892041][ T4171] 
[   58.892421][ T4171] CPU: 1 PID: 4171 Comm: syz.0.19 Not tainted 5.15.189-syzkaller #0
[   58.893527][ T4171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   58.895021][ T4171] Call trace:
[   58.895627][ T4171]  dump_backtrace+0x0/0x43c
[   58.896475][ T4171]  show_stack+0x2c/0x3c
[   58.897137][ T4171]  __dump_stack+0x30/0x40
[   58.897756][ T4171]  dump_stack_lvl+0xf8/0x160
[   58.898529][ T4171]  print_address_description+0x78/0x30c
[   58.899405][ T4171]  kasan_report+0xec/0x15c
[   58.900165][ T4171]  __asan_report_load4_noabort+0x44/0x50
[   58.900977][ T4171]  ax25_fillin_cb+0x394/0x568
[   58.901718][ T4171]  ax25_setsockopt+0x8d0/0xa5c
[   58.902484][ T4171]  __sys_setsockopt+0x260/0x36c
[   58.903318][ T4171]  __arm64_sys_setsockopt+0xb8/0xd4
[   58.904161][ T4171]  invoke_syscall+0x98/0x2b8
[   58.904808][ T4171]  el0_svc_common+0x138/0x258
[   58.905441][ T4171]  do_el0_svc+0x58/0x14c
[   58.905977][ T4171]  el0_svc+0x78/0x1e0
[   58.906511][ T4171]  el0t_64_sync_handler+0xcc/0xe4
[   58.907329][ T4171]  el0t_64_sync+0x1a0/0x1a4
[   58.908062][ T4171] 
[   58.908416][ T4171] Allocated by task 4169:
[   58.909186][ T4171]  __kasan_kmalloc+0xb0/0xf0
[   58.909901][ T4171]  kmem_cache_alloc_trace+0x274/0x3fc
[   58.910802][ T4171]  ax25_dev_device_up+0x5c/0x540
[   58.911660][ T4171]  ax25_device_event+0x504/0x590
[   58.912489][ T4171]  raw_notifier_call_chain+0xd4/0x164
[   58.913409][ T4171]  __dev_notify_flags+0x250/0x46c
[   58.914252][ T4171]  dev_change_flags+0xc8/0x154
[   58.915054][ T4171]  dev_ifsioc+0x504/0xef4
[   58.915732][ T4171]  dev_ioctl+0x4d0/0xc94
[   58.916318][ T4171]  sock_do_ioctl+0x18c/0x240
[   58.917014][ T4171]  sock_ioctl+0x5c8/0x87c
[   58.917785][ T4171]  __arm64_sys_ioctl+0x14c/0x1c8
[   58.918549][ T4171]  invoke_syscall+0x98/0x2b8
[   58.919314][ T4171]  el0_svc_common+0x138/0x258
[   58.919986][ T4171]  do_el0_svc+0x58/0x14c
[   58.920607][ T4171]  el0_svc+0x78/0x1e0
[   58.921290][ T4171]  el0t_64_sync_handler+0xcc/0xe4
[   58.922167][ T4171]  el0t_64_sync+0x1a0/0x1a4
[   58.922891][ T4171] 
[   58.923317][ T4171] Freed by task 4170:
[   58.923868][ T4171]  kasan_set_track+0x4c/0x84
[   58.924595][ T4171]  kasan_set_free_info+0x28/0x4c
[   58.925359][ T4171]  ____kasan_slab_free+0x118/0x164
[   58.926138][ T4171]  __kasan_slab_free+0x18/0x28
[   58.926841][ T4171]  slab_free_freelist_hook+0x128/0x1e8
[   58.927720][ T4171]  kfree+0x170/0x40c
[   58.928320][ T4171]  ax25_release+0x564/0x814
[   58.929018][ T4171]  sock_close+0xb4/0x1f8
[   58.929741][ T4171]  __fput+0x1c0/0x7f8
[   58.930383][ T4171]  ____fput+0x20/0x30
[   58.930961][ T4171]  task_work_run+0x12c/0x1e0
[   58.931595][ T4171]  do_notify_resume+0x24b4/0x3128
[   58.932291][ T4171]  el0_svc+0xf0/0x1e0
[   58.932993][ T4171]  el0t_64_sync_handler+0xcc/0xe4
[   58.933853][ T4171]  el0t_64_sync+0x1a0/0x1a4
[   58.934495][ T4171] 
[   58.934856][ T4171] The buggy address belongs to the object at ffff0000dbb8cc00
[   58.934856][ T4171]  which belongs to the cache kmalloc-256 of size 256
[   58.936968][ T4171] The buggy address is located 56 bytes inside of
[   58.936968][ T4171]  256-byte region [ffff0000dbb8cc00, ffff0000dbb8cd00)
[   58.938839][ T4171] The buggy address belongs to the page:
[   58.939584][ T4171] page:000000000ad1bc63 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11bb8c
[   58.941144][ T4171] head:000000000ad1bc63 order:1 compound_mapcount:0
[   58.942047][ T4171] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   58.943216][ T4171] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002480
[   58.944632][ T4171] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   58.945864][ T4171] page dumped because: kasan: bad access detected
[   58.946891][ T4171] 
[   58.947218][ T4171] Memory state around the buggy address:
[   58.948006][ T4171]  ffff0000dbb8cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   58.949328][ T4171]  ffff0000dbb8cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   58.950656][ T4171] >ffff0000dbb8cc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   58.952122][ T4171]                                         ^
[   58.952991][ T4171]  ffff0000dbb8cc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   58.954133][ T4171]  ffff0000dbb8cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   58.955235][ T4171] ==================================================================
[   58.956435][ T4171] Disabling lock debugging due to kernel taint
[   58.961620][ T4171] Unable to handle kernel paging request at virtual address 8da0031d000015f2
[   58.962886][ T4171] Mem abort info:
[   58.963885][ T4171]   ESR = 0x0000000096000021
[   58.964741][ T4171]   EC = 0x25: DABT (current EL), IL = 32 bits
[   58.965725][ T4171]   SET = 0, FnV = 0
[   58.967728][ T4171]   EA = 0, S1PTW = 0
[   58.968334][ T4171]   FSC = 0x21: alignment fault
[   58.969096][ T4171] Data abort info:
[   58.969579][ T4171]   ISV = 0, ISS = 0x00000021
[   58.970360][ T4171]   CM = 0, WnR = 0
[   58.970945][ T4171] [8da0031d000015f2] address between user and kernel address ranges
[   58.972106][ T4171] Internal error: Oops: 0000000096000021 [#1] PREEMPT SMP
[   58.973075][ T4171] Modules linked in:
[   58.973604][ T4171] CPU: 0 PID: 4171 Comm: syz.0.19 Tainted: G    B             5.15.189-syzkaller #0
[   58.974839][ T4171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   58.976309][ T4171] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   58.977649][ T4171] pc : ax25_release+0x4f4/0x814
[   58.978422][ T4171] lr : ax25_release+0x4ec/0x814
[   58.979069][ T4171] sp : ffff80001fc17a00
[   58.979695][ T4171] x29: ffff80001fc17a20 x28: dfff800000000000 x27: ffff0000d5ac2080
[   58.980909][ T4171] x26: ffff0000d7a7e028 x25: 0000000000000002 x24: 00000000ffffffff
[   58.982289][ T4171] x23: 8da0031d000015f2 x22: ffff0000dbb8cc00 x21: ffff0000c061d418
[   58.983663][ T4171] x20: ffff0000d5ac2000 x19: 1fffe0001af4fc05 x18: 0000000000000000
[   58.984813][ T4171] x17: 0000000000000000 x16: ffff8000082d6448 x15: 0000000000000002
[   58.986051][ T4171] x14: 0000000000ff0100 x13: ffffffffffffffff x12: 0000000000ff0100
[   58.987250][ T4171] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff80001045ef30
[   58.988379][ T4171] x8 : ffff0000ce6a1b40 x7 : 0000000000000000 x6 : ffff80000837b9bc
[   58.989567][ T4171] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80001045ef24
[   58.990789][ T4171] x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000001
[   58.991996][ T4171] Call trace:
[   58.992456][ T4171]  ax25_release+0x4f4/0x814
[   58.993046][ T4171]  sock_close+0xb4/0x1f8
[   58.993623][ T4171]  __fput+0x1c0/0x7f8
[   58.994150][ T4171]  ____fput+0x20/0x30
[   58.994675][ T4171]  task_work_run+0x12c/0x1e0
[   58.995328][ T4171]  do_notify_resume+0x24b4/0x3128
[   58.996056][ T4171]  el0_svc+0xf0/0x1e0
[   58.996690][ T4171]  el0t_64_sync_handler+0xcc/0xe4
[   58.997345][ T4171]  el0t_64_sync+0x1a0/0x1a4
[   58.997939][ T4171] Code: d503201f 96006935 52800038 4b1803f8 (b87802f8) 
[   58.998850][ T4171] ---[ end trace 87b197e15740b28b ]---
[   59.371057][ T4171] Kernel panic - not syncing: Oops: Fatal exception
[   59.372170][ T4171] SMP: stopping secondary CPUs
[   59.372947][ T4171] Kernel Offset: disabled
[   59.373587][ T4171] CPU features: 0x8,000081c1,21302e40
[   59.374489][ T4171] Memory Limit: none
[   59.701169][ T4171] Rebooting in 86400 seconds..