Warning: Permanently added '10.128.0.24' (ED25519) to the list of known hosts.
[   45.972259][ T4020] chnl_net:caif_netlink_parms(): no params data found
[   46.009185][ T4020] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.011246][ T4020] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.013786][ T4020] device bridge_slave_0 entered promiscuous mode
[   46.018606][ T4020] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.020599][ T4020] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.023231][ T4020] device bridge_slave_1 entered promiscuous mode
[   46.039360][ T4020] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   46.043652][ T4020] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   46.059621][ T4020] team0: Port device team_slave_0 added
[   46.062839][ T4020] team0: Port device team_slave_1 added
[   46.075931][ T4020] batman_adv: batadv0: Adding interface: batadv_slave_0
[   46.078141][ T4020] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.085029][ T4020] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   46.090154][ T4020] batman_adv: batadv0: Adding interface: batadv_slave_1
[   46.091921][ T4020] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.099052][ T4020] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   46.158556][ T4020] device hsr_slave_0 entered promiscuous mode
[   46.216769][ T4020] device hsr_slave_1 entered promiscuous mode
[   46.330021][ T4020] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   46.379062][ T4020] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   46.438596][ T4020] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   46.509032][ T4020] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   46.563698][ T4020] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.565705][ T4020] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.568101][ T4020] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.569963][ T4020] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.611381][ T4020] 8021q: adding VLAN 0 to HW filter on device bond0
[   46.618600][  T566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   46.622820][  T566] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.625500][  T566] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.629559][  T566] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   46.636768][ T4020] 8021q: adding VLAN 0 to HW filter on device team0
[   46.649069][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   46.651606][  T352] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.653509][  T352] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.655769][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   46.660085][  T352] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.661958][  T352] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.672506][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   46.675283][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   46.682243][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   46.690692][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   46.697840][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   46.702555][ T4020] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   46.714662][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   46.718395][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   46.725144][ T4020] 8021q: adding VLAN 0 to HW filter on device batadv0
[   46.738485][  T566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   46.752335][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   46.755533][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   46.759826][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   46.764203][ T4020] device veth0_vlan entered promiscuous mode
[   46.772818][ T4020] device veth1_vlan entered promiscuous mode
[   46.786024][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   46.789349][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   46.791981][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   46.797462][ T4020] device veth0_macvtap entered promiscuous mode
[   46.801991][ T4020] device veth1_macvtap entered promiscuous mode
[   46.813043][ T4020] batman_adv: batadv0: Interface activated: batadv_slave_0
[   46.815076][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   46.819700][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   46.826181][ T4020] batman_adv: batadv0: Interface activated: batadv_slave_1
[   46.830596][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   46.836170][ T4020] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   46.839893][ T4020] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   46.842060][ T4020] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   46.844273][ T4020] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
executing program
[   46.881703][ T4029] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
executing program
executing program
[   46.904254][ T4031] ==================================================================
[   46.906404][ T4031] BUG: KASAN: use-after-free in ax25_fillin_cb+0x39c/0x588
[   46.908395][ T4031] Read of size 4 at addr ffff0000c18e4238 by task syz-executor577/4031
[   46.910562][ T4031] 
[   46.911183][ T4031] CPU: 1 PID: 4031 Comm: syz-executor577 Not tainted 5.15.180-syzkaller #0
[   46.913555][ T4031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   46.916224][ T4031] Call trace:
[   46.917073][ T4031]  dump_backtrace+0x0/0x530
[   46.918228][ T4031]  show_stack+0x2c/0x3c
[   46.919379][ T4031]  dump_stack_lvl+0x108/0x170
[   46.920650][ T4031]  print_address_description+0x7c/0x3f0
[   46.922155][ T4031]  kasan_report+0x174/0x1e4
[   46.923364][ T4031]  __asan_report_load4_noabort+0x44/0x50
[   46.924889][ T4031]  ax25_fillin_cb+0x39c/0x588
[   46.926127][ T4031]  ax25_setsockopt+0x980/0xcdc
[   46.927356][ T4031]  __sys_setsockopt+0x3a8/0x6b4
[   46.928659][ T4031]  __arm64_sys_setsockopt+0xb8/0xd4
[   46.930077][ T4031]  invoke_syscall+0x98/0x2b8
[   46.931297][ T4031]  el0_svc_common+0x138/0x258
[   46.932577][ T4031]  do_el0_svc+0x58/0x14c
[   46.933754][ T4031]  el0_svc+0x7c/0x1f0
[   46.934783][ T4031]  el0t_64_sync_handler+0x84/0xe4
[   46.936140][ T4031]  el0t_64_sync+0x1a0/0x1a4
[   46.937342][ T4031] 
[   46.938000][ T4031] Allocated by task 4029:
[   46.939146][ T4031]  ____kasan_kmalloc+0xbc/0xfc
[   46.940392][ T4031]  __kasan_kmalloc+0x10/0x1c
[   46.941600][ T4031]  kmem_cache_alloc_trace+0x27c/0x47c
[   46.943088][ T4031]  ax25_dev_device_up+0x5c/0x548
[   46.944424][ T4031]  ax25_device_event+0x504/0x590
[   46.945768][ T4031]  raw_notifier_call_chain+0xd4/0x164
[   46.947193][ T4031]  __dev_notify_flags+0x2b4/0x540
[   46.948532][ T4031]  dev_change_flags+0xc8/0x154
[   46.949742][ T4031]  dev_ifsioc+0x140/0xfe4
[   46.950908][ T4031]  dev_ioctl+0x4e0/0xd3c
[   46.952078][ T4031]  sock_do_ioctl+0x1dc/0x2dc
[   46.953334][ T4031]  sock_ioctl+0x4f4/0x8b0
[   46.954469][ T4031]  __arm64_sys_ioctl+0x14c/0x1c8
[   46.955755][ T4031]  invoke_syscall+0x98/0x2b8
[   46.956950][ T4031]  el0_svc_common+0x138/0x258
[   46.958148][ T4031]  do_el0_svc+0x58/0x14c
[   46.959309][ T4031]  el0_svc+0x7c/0x1f0
[   46.960407][ T4031]  el0t_64_sync_handler+0x84/0xe4
[   46.961779][ T4031]  el0t_64_sync+0x1a0/0x1a4
[   46.962980][ T4031] 
[   46.963587][ T4031] Freed by task 4030:
[   46.964679][ T4031]  kasan_set_track+0x4c/0x84
[   46.965952][ T4031]  kasan_set_free_info+0x28/0x4c
[   46.967280][ T4031]  ____kasan_slab_free+0x118/0x164
[   46.968608][ T4031]  __kasan_slab_free+0x18/0x28
[   46.969915][ T4031]  slab_free_freelist_hook+0x128/0x1ec
[   46.971389][ T4031]  kfree+0x178/0x410
[   46.972383][ T4031]  ax25_release+0x57c/0x82c
[   46.973571][ T4031]  sock_close+0xb8/0x1fc
[   46.974719][ T4031]  __fput+0x1c4/0x800
[   46.975770][ T4031]  ____fput+0x20/0x30
[   46.976839][ T4031]  task_work_run+0x130/0x1e4
[   46.978128][ T4031]  do_notify_resume+0x262c/0x32b8
[   46.979441][ T4031]  el0_svc+0xfc/0x1f0
[   46.980495][ T4031]  el0t_64_sync_handler+0x84/0xe4
[   46.981834][ T4031]  el0t_64_sync+0x1a0/0x1a4
[   46.983054][ T4031] 
[   46.983702][ T4031] The buggy address belongs to the object at ffff0000c18e4200
[   46.983702][ T4031]  which belongs to the cache kmalloc-256 of size 256
[   46.987458][ T4031] The buggy address is located 56 bytes inside of
[   46.987458][ T4031]  256-byte region [ffff0000c18e4200, ffff0000c18e4300)
[   46.991083][ T4031] The buggy address belongs to the page:
[   46.992576][ T4031] page:000000008f9452a6 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1018e4
[   46.995330][ T4031] head:000000008f9452a6 order:1 compound_mapcount:0
[   46.997097][ T4031] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   46.999344][ T4031] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002480
[   47.001697][ T4031] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   47.003917][ T4031] page dumped because: kasan: bad access detected
[   47.005576][ T4031] 
[   47.006160][ T4031] Memory state around the buggy address:
[   47.007617][ T4031]  ffff0000c18e4100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   47.009748][ T4031]  ffff0000c18e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   47.011970][ T4031] >ffff0000c18e4200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   47.014048][ T4031]                                         ^
[   47.015623][ T4031]  ffff0000c18e4280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   47.017743][ T4031]  ffff0000c18e4300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   47.019937][ T4031] ==================================================================
[   47.022118][ T4031] Disabling lock debugging due to kernel taint
[   47.027368][ T4031] Unable to handle kernel paging request at virtual address cec002bd00001566
[   47.029694][ T4031] Mem abort info:
[   47.030646][ T4031]   ESR = 0x0000000096000021
[   47.031889][ T4031]   EC = 0x25: DABT (current EL), IL = 32 bits
[   47.033939][ T4031]   SET = 0, FnV = 0
[   47.034945][ T4031]   EA = 0, S1PTW = 0
[   47.036034][ T4031]   FSC = 0x21: alignment fault
[   47.037590][ T4031] Data abort info:
[   47.038620][ T4031]   ISV = 0, ISS = 0x00000021
[   47.039863][ T4031]   CM = 0, WnR = 0
[   47.040854][ T4031] [cec002bd00001566] address between user and kernel address ranges
[   47.042977][ T4031] Internal error: Oops: 0000000096000021 [#1] PREEMPT SMP
[   47.044807][ T4031] Modules linked in:
[   47.046712][ T4031] CPU: 1 PID: 4031 Comm: syz-executor577 Tainted: G    B             5.15.180-syzkaller #0
[   47.053165][ T4031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   47.056065][ T4031] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   47.058132][ T4031] pc : ax25_release+0x50c/0x82c
[   47.059423][ T4031] lr : ax25_release+0x504/0x82c
[   47.060739][ T4031] sp : ffff80001ff57950
[   47.061849][ T4031] x29: ffff80001ff57970 x28: dfff800000000000 x27: ffff0000c12cc080
[   47.064066][ T4031] x26: ffff0000cddca028 x25: 0000000000000002 x24: 00000000ffffffff
[   47.066185][ T4031] x23: cec002bd00001566 x22: ffff0000c18e4200 x21: ffff0000de3e1818
[   47.068400][ T4031] x20: ffff0000c12cc000 x19: 1fffe00019bb9405 x18: 0000000000000000
[   47.070433][ T4031] x17: 0000000000000000 x16: ffff8000084c73cc x15: 0000000000000002
[   47.072538][ T4031] x14: ffff0000d47a51c0 x13: 0000000000ff0100 x12: 0000000000000001
[   47.074654][ T4031] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff0000d47a51c0
[   47.076809][ T4031] x8 : ffff800010de0938 x7 : 0000000000000000 x6 : ffff8000083bb1b4
[   47.078934][ T4031] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800010de092c
[   47.081070][ T4031] x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000001
[   47.083241][ T4031] Call trace:
[   47.084098][ T4031]  ax25_release+0x50c/0x82c
[   47.085334][ T4031]  sock_close+0xb8/0x1fc
[   47.086475][ T4031]  __fput+0x1c4/0x800
[   47.087510][ T4031]  ____fput+0x20/0x30
[   47.088557][ T4031]  task_work_run+0x130/0x1e4
[   47.089781][ T4031]  do_notify_resume+0x262c/0x32b8
[   47.091114][ T4031]  el0_svc+0xfc/0x1f0
[   47.092205][ T4031]  el0t_64_sync_handler+0x84/0xe4
[   47.093536][ T4031]  el0t_64_sync+0x1a0/0x1a4
[   47.094745][ T4031] Code: d503201f 97c5148f 52800038 4b1803f8 (b87802f8) 
[   47.096590][ T4031] ---[ end trace 444add1a9d770f29 ]---
[   47.395222][ T4031] Kernel panic - not syncing: Oops: Fatal exception
[   47.397068][ T4031] SMP: stopping secondary CPUs
[   47.398446][ T4031] Kernel Offset: disabled
[   47.399632][ T4031] CPU features: 0x8,000081c1,21302e40
[   47.401086][ T4031] Memory Limit: none
[   47.695382][ T4031] Rebooting in 86400 seconds..