Warning: Permanently added '10.128.10.1' (ED25519) to the list of known hosts.
1970/01/01 00:00:43 ignoring optional flag "sandboxArg"="0"
1970/01/01 00:00:44 parsed 1 programs
[   47.222159][ T4029] cgroup: Unknown subsys name 'net'
[   47.554655][ T4029] cgroup: Unknown subsys name 'rlimit'
[   47.899247][ T4029] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k SSFS
[   54.422397][  T148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   54.424714][  T148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   54.427536][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   54.454519][  T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   54.456684][  T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   54.460082][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   55.249412][ T4096] chnl_net:caif_netlink_parms(): no params data found
[   55.298453][ T4096] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.300420][ T4096] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.303205][ T4096] device bridge_slave_0 entered promiscuous mode
[   55.308429][ T4096] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.310366][ T4096] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.313014][ T4096] device bridge_slave_1 entered promiscuous mode
[   55.336257][ T4096] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.341359][ T4096] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.359266][ T4096] team0: Port device team_slave_0 added
[   55.362853][ T4096] team0: Port device team_slave_1 added
[   55.379292][ T4096] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.381225][ T4096] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.388755][ T4096] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.393576][ T4096] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.395551][ T4096] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.403038][ T4096] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.460300][ T4096] device hsr_slave_0 entered promiscuous mode
[   55.508041][ T4096] device hsr_slave_1 entered promiscuous mode
[   55.656322][ T4096] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   55.720910][ T4096] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   55.749985][ T4096] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   55.794731][ T4096] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   55.886771][ T4096] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.897187][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   55.901245][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   55.909113][ T4096] 8021q: adding VLAN 0 to HW filter on device team0
[   55.913392][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   55.916562][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   55.921188][  T136] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.923225][  T136] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.926276][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   55.934961][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   55.938118][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   55.941736][  T148] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.943645][  T148] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.956282][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   55.966452][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   55.973032][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   55.976069][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   55.979019][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   55.984168][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   55.987095][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   55.993677][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   55.996317][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   56.003279][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   56.005985][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   56.011595][ T4096] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   56.096283][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   56.098797][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   56.106572][ T4096] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.120298][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   56.132941][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   56.135985][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   56.140101][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   56.144721][ T4096] device veth0_vlan entered promiscuous mode
[   56.152563][ T4096] device veth1_vlan entered promiscuous mode
[   56.170237][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   56.173012][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   56.175832][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   56.181740][ T4096] device veth0_macvtap entered promiscuous mode
[   56.186096][ T4096] device veth1_macvtap entered promiscuous mode
[   56.197811][ T4096] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.199993][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   56.202895][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   56.205601][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   56.211323][ T4096] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.214443][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   56.217187][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   56.223093][ T4096] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.225585][ T4096] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.228379][ T4096] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.230734][ T4096] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
1970/01/01 00:00:56 executed programs: 0
[   56.734786][ T4138] chnl_net:caif_netlink_parms(): no params data found
[   56.774700][ T4138] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.776796][ T4138] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.779998][ T4138] device bridge_slave_0 entered promiscuous mode
[   56.784008][ T4138] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.786084][ T4138] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.789313][ T4138] device bridge_slave_1 entered promiscuous mode
[   56.805696][ T4138] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.810615][ T4138] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.830059][ T4138] team0: Port device team_slave_0 added
[   56.834723][ T4138] team0: Port device team_slave_1 added
[   56.890205][ T4138] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.892146][ T4138] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.900654][ T4138] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.905476][ T4138] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.907372][ T4138] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.914984][ T4138] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.970182][ T4138] device hsr_slave_0 entered promiscuous mode
[   57.007962][ T4138] device hsr_slave_1 entered promiscuous mode
[   57.047889][ T4138] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   57.050285][ T4138] Cannot create hsr debugfs directory
[   57.114991][ T4138] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   58.668740][ T4113] Bluetooth: hci0: command 0x0409 tx timeout
[   59.565938][ T4138] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   60.758017][ T4113] Bluetooth: hci0: command 0x041b tx timeout
[   61.944776][ T4138] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   62.031609][ T4138] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   62.264440][ T4138] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   62.312827][ T4138] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   62.350640][ T4138] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   62.410166][ T4138] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   62.520002][ T4138] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.531573][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   62.534580][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   62.543952][ T4138] 8021q: adding VLAN 0 to HW filter on device team0
[   62.552150][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   62.554994][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   62.558853][  T148] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.560832][  T148] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.568531][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   62.574880][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   62.578613][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   62.581486][  T148] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.583348][  T148] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.600304][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   62.604798][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   62.609000][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   62.612265][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   62.614930][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   62.618079][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   62.620917][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   62.623825][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   62.627099][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   62.636080][ T4138] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   62.639692][ T4138] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   62.642387][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   62.645066][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   62.743219][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   62.745302][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   62.752524][ T4138] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.764666][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   62.767450][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   62.783340][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   62.786039][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   62.789566][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   62.792058][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   62.796155][ T4138] device veth0_vlan entered promiscuous mode
[   62.806666][ T4138] device veth1_vlan entered promiscuous mode
[   62.828253][ T1959] Bluetooth: hci0: command 0x040f tx timeout
[   62.831939][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   62.834586][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   62.837281][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   62.841882][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   62.848666][ T4138] device veth0_macvtap entered promiscuous mode
[   62.853644][ T4138] device veth1_macvtap entered promiscuous mode
[   62.865319][ T4138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   62.871012][ T4138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.876105][ T4138] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.879942][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   62.882627][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   62.885274][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   62.888947][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   62.893760][ T4138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   62.896510][ T4138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.900441][ T4138] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.902515][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   62.905853][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   63.149319][ T4138] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   63.151789][ T4138] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   63.154116][ T4138] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.156354][ T4138] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   63.214139][  T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.216285][  T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.231825][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.232799][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   63.234112][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.239114][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
1970/01/01 00:01:03 executed programs: 2
[   63.289732][ T4156] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[   63.323782][ T4158] ==================================================================
[   63.326136][ T4158] BUG: KASAN: use-after-free in ax25_fillin_cb+0x394/0x568
[   63.328078][ T4158] Read of size 4 at addr ffff0000d4cbfe38 by task syz.0.18/4158
[   63.330179][ T4158] 
[   63.330811][ T4158] CPU: 1 PID: 4158 Comm: syz.0.18 Not tainted 5.15.186-syzkaller #0
[   63.333031][ T4158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   63.335861][ T4158] Call trace:
[   63.336807][ T4158]  dump_backtrace+0x0/0x43c
[   63.338043][ T4158]  show_stack+0x2c/0x3c
[   63.339176][ T4158]  __dump_stack+0x30/0x40
[   63.340367][ T4158]  dump_stack_lvl+0xf8/0x160
[   63.341636][ T4158]  print_address_description+0x78/0x30c
[   63.343154][ T4158]  kasan_report+0xec/0x15c
[   63.344417][ T4158]  __asan_report_load4_noabort+0x44/0x50
[   63.345925][ T4158]  ax25_fillin_cb+0x394/0x568
[   63.347196][ T4158]  ax25_setsockopt+0x8d0/0xa5c
[   63.348560][ T4158]  __sys_setsockopt+0x2f8/0x4b0
[   63.349958][ T4158]  __arm64_sys_setsockopt+0xb8/0xd4
[   63.351477][ T4158]  invoke_syscall+0x98/0x2b8
[   63.352739][ T4158]  el0_svc_common+0x138/0x258
[   63.353984][ T4158]  do_el0_svc+0x58/0x14c
[   63.355121][ T4158]  el0_svc+0x78/0x1e0
[   63.356183][ T4158]  el0t_64_sync_handler+0xcc/0xe4
[   63.357542][ T4158]  el0t_64_sync+0x1a0/0x1a4
[   63.358803][ T4158] 
[   63.359445][ T4158] Allocated by task 4156:
[   63.360567][ T4158]  __kasan_kmalloc+0xb0/0xf0
[   63.361842][ T4158]  kmem_cache_alloc_trace+0x274/0x3fc
[   63.363334][ T4158]  ax25_dev_device_up+0x5c/0x540
[   63.364747][ T4158]  ax25_device_event+0x504/0x590
[   63.366094][ T4158]  raw_notifier_call_chain+0xd4/0x164
[   63.367569][ T4158]  __dev_notify_flags+0x250/0x46c
[   63.368975][ T4158]  dev_change_flags+0xc8/0x154
[   63.370232][ T4158]  dev_ifsioc+0x504/0xef4
[   63.371391][ T4158]  dev_ioctl+0x4d0/0xc94
[   63.372591][ T4158]  sock_do_ioctl+0x18c/0x240
[   63.373845][ T4158]  sock_ioctl+0x5c8/0x87c
[   63.375028][ T4158]  __arm64_sys_ioctl+0x14c/0x1c8
[   63.376357][ T4158]  invoke_syscall+0x98/0x2b8
[   63.377581][ T4158]  el0_svc_common+0x138/0x258
[   63.378910][ T4158]  do_el0_svc+0x58/0x14c
[   63.380033][ T4158]  el0_svc+0x78/0x1e0
[   63.381115][ T4158]  el0t_64_sync_handler+0xcc/0xe4
[   63.382460][ T4158]  el0t_64_sync+0x1a0/0x1a4
[   63.383671][ T4158] 
[   63.384280][ T4158] Freed by task 4157:
[   63.385342][ T4158]  kasan_set_track+0x4c/0x84
[   63.386571][ T4158]  kasan_set_free_info+0x28/0x4c
[   63.387883][ T4158]  ____kasan_slab_free+0x118/0x164
[   63.389237][ T4158]  __kasan_slab_free+0x18/0x28
[   63.390531][ T4158]  slab_free_freelist_hook+0x128/0x1e8
[   63.392008][ T4158]  kfree+0x170/0x40c
[   63.393088][ T4158]  ax25_release+0x564/0x814
[   63.394382][ T4158]  sock_close+0xb4/0x1f8
[   63.395544][ T4158]  __fput+0x1c0/0x7f8
[   63.396609][ T4158]  ____fput+0x20/0x30
[   63.397731][ T4158]  task_work_run+0x12c/0x1e0
[   63.399004][ T4158]  do_notify_resume+0x24b4/0x3128
[   63.400382][ T4158]  el0_svc+0xf0/0x1e0
[   63.401475][ T4158]  el0t_64_sync_handler+0xcc/0xe4
[   63.402826][ T4158]  el0t_64_sync+0x1a0/0x1a4
[   63.404108][ T4158] 
[   63.404733][ T4158] The buggy address belongs to the object at ffff0000d4cbfe00
[   63.404733][ T4158]  which belongs to the cache kmalloc-256 of size 256
[   63.408576][ T4158] The buggy address is located 56 bytes inside of
[   63.408576][ T4158]  256-byte region [ffff0000d4cbfe00, ffff0000d4cbff00)
[   63.412273][ T4158] The buggy address belongs to the page:
[   63.413800][ T4158] page:000000001633db91 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x114cbe
[   63.416647][ T4158] head:000000001633db91 order:1 compound_mapcount:0
[   63.418445][ T4158] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   63.420766][ T4158] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002480
[   63.423116][ T4158] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   63.425469][ T4158] page dumped because: kasan: bad access detected
[   63.427279][ T4158] 
[   63.427933][ T4158] Memory state around the buggy address:
[   63.429596][ T4158]  ffff0000d4cbfd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   63.431837][ T4158]  ffff0000d4cbfd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   63.434105][ T4158] >ffff0000d4cbfe00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   63.436416][ T4158]                                         ^
[   63.438062][ T4158]  ffff0000d4cbfe80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   63.440351][ T4158]  ffff0000d4cbff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   63.442716][ T4158] ==================================================================
[   63.444917][ T4158] Disabling lock debugging due to kernel taint
[   63.449000][ T4158] Unable to handle kernel paging request at virtual address e1a00313000015e5
[   63.451850][ T4158] Mem abort info:
[   63.452847][ T4158]   ESR = 0x0000000096000021
[   63.454105][ T4158]   EC = 0x25: DABT (current EL), IL = 32 bits
[   63.455680][ T4158]   SET = 0, FnV = 0
[   63.456785][ T4158]   EA = 0, S1PTW = 0
[   63.459655][ T4158]   FSC = 0x21: alignment fault
[   63.460941][ T4158] Data abort info:
[   63.461935][ T4158]   ISV = 0, ISS = 0x00000021
[   63.463194][ T4158]   CM = 0, WnR = 0
[   63.464178][ T4158] [e1a00313000015e5] address between user and kernel address ranges
[   63.466315][ T4158] Internal error: Oops: 0000000096000021 [#1] PREEMPT SMP
[   63.468232][ T4158] Modules linked in:
[   63.469346][ T4158] CPU: 1 PID: 4158 Comm: syz.0.18 Tainted: G    B             5.15.186-syzkaller #0
[   63.472006][ T4158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   63.474733][ T4158] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   63.476859][ T4158] pc : ax25_release+0x4f4/0x814
[   63.478280][ T4158] lr : ax25_release+0x4ec/0x814
[   63.479731][ T4158] sp : ffff80001f767a00
[   63.480972][ T4158] x29: ffff80001f767a20 x28: dfff800000000000 x27: ffff0000d78ac080
[   63.483191][ T4158] x26: ffff0000d3805828 x25: 0000000000000002 x24: 00000000ffffffff
[   63.485411][ T4158] x23: e1a00313000015e5 x22: ffff0000d4cbfe00 x21: ffff0000dcff3018
[   63.487737][ T4158] x20: ffff0000d78ac000 x19: 1fffe0001a700b05 x18: 0000000000000000
[   63.489966][ T4158] x17: 0000000000000000 x16: ffff8000082d6448 x15: 0000000000000002
[   63.492239][ T4158] x14: 0000000000ff0100 x13: ffffffffffffffff x12: 0000000000ff0100
[   63.494446][ T4158] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff8000104555f4
[   63.496640][ T4158] x8 : ffff0000cc361b40 x7 : 0000000000000000 x6 : ffff80000837b9b0
[   63.498846][ T4158] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000104555e8
[   63.501007][ T4158] x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000001
[   63.503195][ T4158] Call trace:
[   63.504125][ T4158]  ax25_release+0x4f4/0x814
[   63.505415][ T4158]  sock_close+0xb4/0x1f8
[   63.506571][ T4158]  __fput+0x1c0/0x7f8
[   63.507724][ T4158]  ____fput+0x20/0x30
[   63.508776][ T4158]  task_work_run+0x12c/0x1e0
[   63.510082][ T4158]  do_notify_resume+0x24b4/0x3128
[   63.511460][ T4158]  el0_svc+0xf0/0x1e0
[   63.512646][ T4158]  el0t_64_sync_handler+0xcc/0xe4
[   63.514029][ T4158]  el0t_64_sync+0x1a0/0x1a4
[   63.515262][ T4158] Code: d503201f 9600931b 52800038 4b1803f8 (b87802f8) 
[   63.517232][ T4158] ---[ end trace 85a43f0ab0f162db ]---
[   63.910054][ T4158] Kernel panic - not syncing: Oops: Fatal exception
[   63.911902][ T4158] SMP: stopping secondary CPUs
[   63.913216][ T4158] Kernel Offset: disabled
[   63.914357][ T4158] CPU features: 0x8,000081c1,21302e40
[   63.915771][ T4158] Memory Limit: none
[   64.232875][ T4158] Rebooting in 86400 seconds..