Warning: Permanently added '10.128.1.17' (ED25519) to the list of known hosts.
[   43.602968][ T4022] chnl_net:caif_netlink_parms(): no params data found
[   43.641185][ T4022] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.643307][ T4022] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.645942][ T4022] device bridge_slave_0 entered promiscuous mode
[   43.650600][ T4022] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.652686][ T4022] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.655452][ T4022] device bridge_slave_1 entered promiscuous mode
[   43.671328][ T4022] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   43.675986][ T4022] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   43.691368][ T4022] team0: Port device team_slave_0 added
[   43.694761][ T4022] team0: Port device team_slave_1 added
[   43.708949][ T4022] batman_adv: batadv0: Adding interface: batadv_slave_0
[   43.710999][ T4022] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   43.718152][ T4022] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   43.722943][ T4022] batman_adv: batadv0: Adding interface: batadv_slave_1
[   43.724864][ T4022] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   43.732603][ T4022] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   43.829436][ T4022] device hsr_slave_0 entered promiscuous mode
[   43.887612][ T4022] device hsr_slave_1 entered promiscuous mode
[   44.000620][ T4022] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   44.050765][ T4022] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   44.089624][ T4022] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   44.139291][ T4022] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   44.203339][ T4022] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.205456][ T4022] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.207985][ T4022] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.210058][ T4022] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.249461][ T4022] 8021q: adding VLAN 0 to HW filter on device bond0
[   44.256679][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.260969][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.264454][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   44.269658][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   44.277070][ T4022] 8021q: adding VLAN 0 to HW filter on device team0
[   44.283142][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.286171][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.288255][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.294587][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   44.297950][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.299973][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.312966][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   44.320157][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   44.323196][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   44.329520][  T359] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   44.335136][  T359] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   44.340990][ T4022] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   44.352647][  T359] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   44.354880][  T359] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   44.363413][ T4022] 8021q: adding VLAN 0 to HW filter on device batadv0
[   44.376789][  T359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   44.391195][  T359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   44.394295][  T359] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   44.396787][  T359] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   44.402792][ T4022] device veth0_vlan entered promiscuous mode
[   44.410356][ T4022] device veth1_vlan entered promiscuous mode
[   44.425077][  T359] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   44.429800][  T359] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   44.432736][  T359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   44.437061][ T4022] device veth0_macvtap entered promiscuous mode
[   44.442135][ T4022] device veth1_macvtap entered promiscuous mode
[   44.452796][ T4022] batman_adv: batadv0: Interface activated: batadv_slave_0
[   44.455086][  T359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   44.460691][  T359] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   44.466322][ T4022] batman_adv: batadv0: Interface activated: batadv_slave_1
[   44.469139][  T359] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   44.473863][ T4022] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   44.476443][ T4022] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   44.479485][ T4022] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   44.481982][ T4022] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
executing program
[   44.520416][ T4031] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
executing program
executing program
[   44.541380][ T4033] ==================================================================
[   44.543723][ T4033] BUG: KASAN: use-after-free in ax25_fillin_cb+0x394/0x568
[   44.545750][ T4033] Read of size 4 at addr ffff0000c1c30e38 by task syz-executor421/4033
[   44.548082][ T4033] 
[   44.548747][ T4033] CPU: 0 PID: 4033 Comm: syz-executor421 Not tainted 5.15.185-syzkaller #0
[   44.551195][ T4033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   44.554004][ T4033] Call trace:
[   44.554903][ T4033]  dump_backtrace+0x0/0x43c
[   44.556149][ T4033]  show_stack+0x2c/0x3c
[   44.557380][ T4033]  __dump_stack+0x30/0x40
[   44.558580][ T4033]  dump_stack_lvl+0xf8/0x160
[   44.559874][ T4033]  print_address_description+0x78/0x30c
[   44.561469][ T4033]  kasan_report+0xec/0x15c
[   44.562689][ T4033]  __asan_report_load4_noabort+0x44/0x50
[   44.564180][ T4033]  ax25_fillin_cb+0x394/0x568
[   44.565525][ T4033]  ax25_setsockopt+0x8d0/0xa5c
[   44.566819][ T4033]  __sys_setsockopt+0x2f8/0x4b0
[   44.568132][ T4033]  __arm64_sys_setsockopt+0xb8/0xd4
[   44.569622][ T4033]  invoke_syscall+0x98/0x2b8
[   44.571002][ T4033]  el0_svc_common+0x138/0x258
[   44.572278][ T4033]  do_el0_svc+0x58/0x14c
[   44.573475][ T4033]  el0_svc+0x78/0x1e0
[   44.574539][ T4033]  el0t_64_sync_handler+0xcc/0xe4
[   44.575928][ T4033]  el0t_64_sync+0x1a0/0x1a4
[   44.577149][ T4033] 
[   44.577814][ T4033] Allocated by task 4031:
[   44.579030][ T4033]  __kasan_kmalloc+0xb0/0xf0
[   44.580299][ T4033]  kmem_cache_alloc_trace+0x274/0x3fc
[   44.581823][ T4033]  ax25_dev_device_up+0x5c/0x540
[   44.583184][ T4033]  ax25_device_event+0x504/0x590
[   44.584546][ T4033]  raw_notifier_call_chain+0xd4/0x164
[   44.586149][ T4033]  __dev_notify_flags+0x250/0x46c
[   44.587552][ T4033]  dev_change_flags+0xc8/0x154
[   44.588952][ T4033]  dev_ifsioc+0x504/0xef4
[   44.590151][ T4033]  dev_ioctl+0x4d0/0xc94
[   44.591283][ T4033]  sock_do_ioctl+0x18c/0x240
[   44.592596][ T4033]  sock_ioctl+0x5c8/0x87c
[   44.593807][ T4033]  __arm64_sys_ioctl+0x14c/0x1c8
[   44.595143][ T4033]  invoke_syscall+0x98/0x2b8
[   44.596499][ T4033]  el0_svc_common+0x138/0x258
[   44.597810][ T4033]  do_el0_svc+0x58/0x14c
[   44.599037][ T4033]  el0_svc+0x78/0x1e0
[   44.600137][ T4033]  el0t_64_sync_handler+0xcc/0xe4
[   44.601561][ T4033]  el0t_64_sync+0x1a0/0x1a4
[   44.602795][ T4033] 
[   44.603438][ T4033] Freed by task 4032:
[   44.604671][ T4033]  kasan_set_track+0x4c/0x84
[   44.606061][ T4033]  kasan_set_free_info+0x28/0x4c
[   44.607383][ T4033]  ____kasan_slab_free+0x118/0x164
[   44.608838][ T4033]  __kasan_slab_free+0x18/0x28
[   44.610163][ T4033]  slab_free_freelist_hook+0x128/0x1e8
[   44.611720][ T4033]  kfree+0x170/0x40c
[   44.612770][ T4033]  ax25_release+0x564/0x814
[   44.614092][ T4033]  sock_close+0xb4/0x1f8
[   44.615264][ T4033]  __fput+0x1c0/0x7f8
[   44.616399][ T4033]  ____fput+0x20/0x30
[   44.617509][ T4033]  task_work_run+0x12c/0x1e0
[   44.618820][ T4033]  do_notify_resume+0x24b4/0x3128
[   44.620205][ T4033]  el0_svc+0xf0/0x1e0
[   44.621321][ T4033]  el0t_64_sync_handler+0xcc/0xe4
[   44.622693][ T4033]  el0t_64_sync+0x1a0/0x1a4
[   44.623976][ T4033] 
[   44.624679][ T4033] The buggy address belongs to the object at ffff0000c1c30e00
[   44.624679][ T4033]  which belongs to the cache kmalloc-256 of size 256
[   44.628592][ T4033] The buggy address is located 56 bytes inside of
[   44.628592][ T4033]  256-byte region [ffff0000c1c30e00, ffff0000c1c30f00)
[   44.632313][ T4033] The buggy address belongs to the page:
[   44.633872][ T4033] page:00000000c8e22ab2 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101c30
[   44.636719][ T4033] head:00000000c8e22ab2 order:1 compound_mapcount:0
[   44.638513][ T4033] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   44.640755][ T4033] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002480
[   44.643132][ T4033] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   44.645531][ T4033] page dumped because: kasan: bad access detected
[   44.647357][ T4033] 
[   44.648070][ T4033] Memory state around the buggy address:
[   44.649621][ T4033]  ffff0000c1c30d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   44.651828][ T4033]  ffff0000c1c30d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   44.654101][ T4033] >ffff0000c1c30e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   44.656338][ T4033]                                         ^
[   44.657998][ T4033]  ffff0000c1c30e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   44.660316][ T4033]  ffff0000c1c30f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   44.662517][ T4033] ==================================================================
[   44.664920][ T4033] Disabling lock debugging due to kernel taint
[   44.669777][ T4033] Unable to handle kernel paging request at virtual address 000002b400001568
[   44.672312][ T4033] Mem abort info:
[   44.673384][ T4033]   ESR = 0x0000000096000004
[   44.678034][ T4033]   EC = 0x25: DABT (current EL), IL = 32 bits
[   44.679955][ T4033]   SET = 0, FnV = 0
[   44.681019][ T4033]   EA = 0, S1PTW = 0
[   44.682168][ T4033]   FSC = 0x04: level 0 translation fault
[   44.683710][ T4033] Data abort info:
[   44.684790][ T4033]   ISV = 0, ISS = 0x00000004
[   44.686064][ T4033]   CM = 0, WnR = 0
[   44.688197][ T4033] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000117a87000
[   44.690322][ T4033] [000002b400001568] pgd=0000000000000000, p4d=0000000000000000
[   44.692568][ T4033] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
[   44.694571][ T4033] Modules linked in:
[   44.695776][ T4033] CPU: 1 PID: 4033 Comm: syz-executor421 Tainted: G    B             5.15.185-syzkaller #0
[   44.698686][ T4033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   44.701501][ T4033] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   44.703643][ T4033] pc : ax25_release+0x4f4/0x814
[   44.704953][ T4033] lr : ax25_release+0x4ec/0x814
[   44.706308][ T4033] sp : ffff80001f0c7a00
[   44.707445][ T4033] x29: ffff80001f0c7a20 x28: dfff800000000000 x27: ffff0000c82cf080
[   44.709649][ T4033] x26: ffff0000c82c4828 x25: 0000000000000002 x24: 00000000ffffffff
[   44.711893][ T4033] x23: 880002b400001568 x22: ffff0000c1c30e00 x21: ffff0000e2063018
[   44.714214][ T4033] x20: ffff0000c82cf000 x19: 1fffe00019058905 x18: 0000000000000000
[   44.716521][ T4033] x17: 0000000000000000 x16: ffff8000082d4c48 x15: 0000000000000002
[   44.718737][ T4033] x14: 0000000000ff0100 x13: ffffffffffffffff x12: 0000000000ff0100
[   44.720902][ T4033] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff80001044cac4
[   44.723107][ T4033] x8 : ffff0000c8d99b40 x7 : 0000000000000000 x6 : ffff80000837a1b0
[   44.725397][ T4033] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80001044cab8
[   44.727555][ T4033] x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000001
[   44.729911][ T4033] Call trace:
[   44.730810][ T4033]  ax25_release+0x4f4/0x814
[   44.732030][ T4033]  sock_close+0xb4/0x1f8
[   44.733246][ T4033]  __fput+0x1c0/0x7f8
[   44.734356][ T4033]  ____fput+0x20/0x30
[   44.735479][ T4033]  task_work_run+0x12c/0x1e0
[   44.736782][ T4033]  do_notify_resume+0x24b4/0x3128
[   44.738132][ T4033]  el0_svc+0xf0/0x1e0
[   44.739297][ T4033]  el0t_64_sync_handler+0xcc/0xe4
[   44.740697][ T4033]  el0t_64_sync+0x1a0/0x1a4
[   44.742002][ T4033] Code: d503201f 9600afd7 52800038 4b1803f8 (b87802f8) 
[   44.744196][ T4033] ---[ end trace 06f70c64886acf69 ]---
[   45.082090][ T4033] Kernel panic - not syncing: Oops: Fatal exception
[   45.084007][ T4033] SMP: stopping secondary CPUs
[   45.085357][ T4033] Kernel Offset: disabled
[   45.086570][ T4033] CPU features: 0x8,000081c1,21302e40
[   45.088035][ T4033] Memory Limit: none
[   45.394445][ T4033] Rebooting in 86400 seconds..