Warning: Permanently added '10.128.1.106' (ED25519) to the list of known hosts.
[   43.128292][ T4024] chnl_net:caif_netlink_parms(): no params data found
[   43.165936][ T4024] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.168101][ T4024] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.170686][ T4024] device bridge_slave_0 entered promiscuous mode
[   43.175105][ T4024] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.177090][ T4024] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.179537][ T4024] device bridge_slave_1 entered promiscuous mode
[   43.195197][ T4024] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   43.199868][ T4024] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   43.216130][ T4024] team0: Port device team_slave_0 added
[   43.219581][ T4024] team0: Port device team_slave_1 added
[   43.232572][ T4024] batman_adv: batadv0: Adding interface: batadv_slave_0
[   43.234432][ T4024] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   43.241402][ T4024] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   43.246215][ T4024] batman_adv: batadv0: Adding interface: batadv_slave_1
[   43.248242][ T4024] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   43.255146][ T4024] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   43.328705][ T4024] device hsr_slave_0 entered promiscuous mode
[   43.376851][ T4024] device hsr_slave_1 entered promiscuous mode
[   43.489941][ T4024] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   43.549205][ T4024] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   43.608818][ T4024] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   43.658898][ T4024] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   43.743216][ T4024] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.745260][ T4024] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.747617][ T4024] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.749528][ T4024] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.789305][ T4024] 8021q: adding VLAN 0 to HW filter on device bond0
[   43.796150][  T336] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   43.801026][  T336] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.804459][  T336] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.807824][  T336] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   43.815389][ T4024] 8021q: adding VLAN 0 to HW filter on device team0
[   43.823100][  T336] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   43.825639][  T336] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.827648][  T336] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.832843][  T336] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   43.835349][  T336] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.837280][  T336] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.851227][ T1812] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   43.854426][ T1812] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   43.860780][ T1812] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   43.866238][ T1812] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   43.873295][ T1812] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   43.878191][ T4024] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   43.889150][ T1812] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   43.891261][ T1812] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   43.900072][ T4024] 8021q: adding VLAN 0 to HW filter on device batadv0
[   43.912443][ T1812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   43.925110][ T1812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   43.929909][ T1812] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   43.932504][ T1812] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   43.937856][ T4024] device veth0_vlan entered promiscuous mode
[   43.943904][ T4024] device veth1_vlan entered promiscuous mode
[   43.959075][  T336] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   43.961755][  T336] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   43.964427][  T336] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   43.969652][ T4024] device veth0_macvtap entered promiscuous mode
[   43.973908][ T4024] device veth1_macvtap entered promiscuous mode
[   43.985555][ T4024] batman_adv: batadv0: Interface activated: batadv_slave_0
[   43.988145][ T1812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   43.991419][ T1812] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   43.999045][ T4024] batman_adv: batadv0: Interface activated: batadv_slave_1
[   44.001251][ T1812] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   44.005881][ T4024] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   44.008673][ T4024] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   44.010980][ T4024] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   44.013286][ T4024] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
executing program
[   44.049667][ T4033] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
executing program
executing program
[   44.072361][ T4035] ==================================================================
[   44.074509][ T4035] BUG: KASAN: use-after-free in ax25_fillin_cb+0x394/0x568
[   44.076391][ T4035] Read of size 4 at addr ffff0000c19d6838 by task syz-executor457/4035
[   44.078524][ T4035] 
[   44.079157][ T4035] CPU: 1 PID: 4035 Comm: syz-executor457 Not tainted 5.15.185-syzkaller #0
[   44.081435][ T4035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   44.084057][ T4035] Call trace:
[   44.084886][ T4035]  dump_backtrace+0x0/0x43c
[   44.086116][ T4035]  show_stack+0x2c/0x3c
[   44.087222][ T4035]  __dump_stack+0x30/0x40
[   44.088378][ T4035]  dump_stack_lvl+0xf8/0x160
[   44.089640][ T4035]  print_address_description+0x78/0x30c
[   44.091073][ T4035]  kasan_report+0xec/0x15c
[   44.092249][ T4035]  __asan_report_load4_noabort+0x44/0x50
[   44.093717][ T4035]  ax25_fillin_cb+0x394/0x568
[   44.094971][ T4035]  ax25_setsockopt+0x8d0/0xa5c
[   44.096206][ T4035]  __sys_setsockopt+0x2f8/0x4b0
[   44.097559][ T4035]  __arm64_sys_setsockopt+0xb8/0xd4
[   44.098904][ T4035]  invoke_syscall+0x98/0x2b8
[   44.100117][ T4035]  el0_svc_common+0x138/0x258
[   44.101376][ T4035]  do_el0_svc+0x58/0x14c
[   44.102469][ T4035]  el0_svc+0x78/0x1e0
[   44.103506][ T4035]  el0t_64_sync_handler+0xcc/0xe4
[   44.104798][ T4035]  el0t_64_sync+0x1a0/0x1a4
[   44.106001][ T4035] 
[   44.106604][ T4035] Allocated by task 4033:
[   44.107682][ T4035]  __kasan_kmalloc+0xb0/0xf0
[   44.108877][ T4035]  kmem_cache_alloc_trace+0x274/0x3fc
[   44.110339][ T4035]  ax25_dev_device_up+0x5c/0x540
[   44.111689][ T4035]  ax25_device_event+0x504/0x590
[   44.112969][ T4035]  raw_notifier_call_chain+0xd4/0x164
[   44.114386][ T4035]  __dev_notify_flags+0x250/0x46c
[   44.115701][ T4035]  dev_change_flags+0xc8/0x154
[   44.116985][ T4035]  dev_ifsioc+0x504/0xef4
[   44.118099][ T4035]  dev_ioctl+0x4d0/0xc94
[   44.119198][ T4035]  sock_do_ioctl+0x18c/0x240
[   44.120349][ T4035]  sock_ioctl+0x5c8/0x87c
[   44.121526][ T4035]  __arm64_sys_ioctl+0x14c/0x1c8
[   44.122801][ T4035]  invoke_syscall+0x98/0x2b8
[   44.124030][ T4035]  el0_svc_common+0x138/0x258
[   44.125308][ T4035]  do_el0_svc+0x58/0x14c
[   44.126494][ T4035]  el0_svc+0x78/0x1e0
[   44.127554][ T4035]  el0t_64_sync_handler+0xcc/0xe4
[   44.128911][ T4035]  el0t_64_sync+0x1a0/0x1a4
[   44.130197][ T4035] 
[   44.130846][ T4035] Freed by task 4034:
[   44.131929][ T4035]  kasan_set_track+0x4c/0x84
[   44.133161][ T4035]  kasan_set_free_info+0x28/0x4c
[   44.134518][ T4035]  ____kasan_slab_free+0x118/0x164
[   44.135867][ T4035]  __kasan_slab_free+0x18/0x28
[   44.137126][ T4035]  slab_free_freelist_hook+0x128/0x1e8
[   44.138568][ T4035]  kfree+0x170/0x40c
[   44.139617][ T4035]  ax25_release+0x564/0x814
[   44.140832][ T4035]  sock_close+0xb4/0x1f8
[   44.141943][ T4035]  __fput+0x1c0/0x7f8
[   44.143008][ T4035]  ____fput+0x20/0x30
[   44.144031][ T4035]  task_work_run+0x12c/0x1e0
[   44.145400][ T4035]  do_notify_resume+0x24b4/0x3128
[   44.146777][ T4035]  el0_svc+0xf0/0x1e0
[   44.147881][ T4035]  el0t_64_sync_handler+0xcc/0xe4
[   44.149226][ T4035]  el0t_64_sync+0x1a0/0x1a4
[   44.150489][ T4035] 
[   44.151084][ T4035] The buggy address belongs to the object at ffff0000c19d6800
[   44.151084][ T4035]  which belongs to the cache kmalloc-256 of size 256
[   44.154853][ T4035] The buggy address is located 56 bytes inside of
[   44.154853][ T4035]  256-byte region [ffff0000c19d6800, ffff0000c19d6900)
[   44.158383][ T4035] The buggy address belongs to the page:
[   44.159859][ T4035] page:00000000ff6400a4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1019d6
[   44.162565][ T4035] head:00000000ff6400a4 order:1 compound_mapcount:0
[   44.164244][ T4035] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   44.166381][ T4035] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002480
[   44.168646][ T4035] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   44.170912][ T4035] page dumped because: kasan: bad access detected
[   44.172607][ T4035] 
[   44.173230][ T4035] Memory state around the buggy address:
[   44.174700][ T4035]  ffff0000c19d6700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   44.176856][ T4035]  ffff0000c19d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   44.179042][ T4035] >ffff0000c19d6800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   44.181159][ T4035]                                         ^
[   44.182908][ T4035]  ffff0000c19d6880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   44.185027][ T4035]  ffff0000c19d6900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   44.187131][ T4035] ==================================================================
[   44.189260][ T4035] Disabling lock debugging due to kernel taint
[   44.194153][ T4035] Unable to handle kernel paging request at virtual address 000002b40000156a
[   44.196887][ T4035] Mem abort info:
[   44.197835][ T4035]   ESR = 0x0000000096000021
[   44.199036][ T4035]   EC = 0x25: DABT (current EL), IL = 32 bits
[   44.200666][ T4035]   SET = 0, FnV = 0
[   44.201688][ T4035]   EA = 0, S1PTW = 0
[   44.203415][ T4035]   FSC = 0x21: alignment fault
[   44.204722][ T4035] Data abort info:
[   44.205661][ T4035]   ISV = 0, ISS = 0x00000021
[   44.207171][ T4035]   CM = 0, WnR = 0
[   44.208195][ T4035] user pgtable: 4k pages, 48-bit VAs, pgdp=000000010be8a000
[   44.210066][ T4035] [000002b40000156a] pgd=0000000000000000, p4d=0000000000000000
[   44.212149][ T4035] Internal error: Oops: 0000000096000021 [#1] PREEMPT SMP
[   44.213975][ T4035] Modules linked in:
[   44.215033][ T4035] CPU: 1 PID: 4035 Comm: syz-executor457 Tainted: G    B             5.15.185-syzkaller #0
[   44.217646][ T4035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   44.220288][ T4035] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   44.222373][ T4035] pc : ax25_release+0x4f4/0x814
[   44.223641][ T4035] lr : ax25_release+0x4ec/0x814
[   44.224909][ T4035] sp : ffff80001f1f7a00
[   44.226040][ T4035] x29: ffff80001f1f7a20 x28: dfff800000000000 x27: ffff0000c8cd1080
[   44.228187][ T4035] x26: ffff0000c6145028 x25: 0000000000000002 x24: 00000000ffffffff
[   44.230371][ T4035] x23: ee0002b40000156a x22: ffff0000c19d6800 x21: ffff0000e1c35a18
[   44.232454][ T4035] x20: ffff0000c8cd1000 x19: 1fffe00018c28a05 x18: 0000000000000000
[   44.234587][ T4035] x17: 0000000000000000 x16: ffff8000082d4c48 x15: 0000000000000002
[   44.236702][ T4035] x14: 0000000000ff0100 x13: ffffffffffffffff x12: 0000000000ff0100
[   44.238772][ T4035] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff80001044cac4
[   44.240945][ T4035] x8 : ffff0000d8ca51c0 x7 : 0000000000000000 x6 : ffff80000837a1b0
[   44.243049][ T4035] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80001044cab8
[   44.245158][ T4035] x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000001
[   44.247241][ T4035] Call trace:
[   44.248076][ T4035]  ax25_release+0x4f4/0x814
[   44.249308][ T4035]  sock_close+0xb4/0x1f8
[   44.250422][ T4035]  __fput+0x1c0/0x7f8
[   44.251463][ T4035]  ____fput+0x20/0x30
[   44.252523][ T4035]  task_work_run+0x12c/0x1e0
[   44.253733][ T4035]  do_notify_resume+0x24b4/0x3128
[   44.255070][ T4035]  el0_svc+0xf0/0x1e0
[   44.256116][ T4035]  el0t_64_sync_handler+0xcc/0xe4
[   44.257394][ T4035]  el0t_64_sync+0x1a0/0x1a4
[   44.258567][ T4035] Code: d503201f 9600afd7 52800038 4b1803f8 (b87802f8) 
[   44.260432][ T4035] ---[ end trace 2ffa2b3dedff2c19 ]---
[   44.569798][ T4035] Kernel panic - not syncing: Oops: Fatal exception
[   44.571604][ T4035] SMP: stopping secondary CPUs
[   44.572887][ T4035] Kernel Offset: disabled
[   44.574037][ T4035] CPU features: 0x8,000081c1,21302e40
[   44.575494][ T4035] Memory Limit: none
[   44.872630][ T4035] Rebooting in 86400 seconds..