Warning: Permanently added '10.128.0.21' (ED25519) to the list of known hosts.
1970/01/01 00:00:48 ignoring optional flag "sandboxArg"="0"
1970/01/01 00:00:49 parsed 1 programs
[   52.082294][ T4040] cgroup: Unknown subsys name 'net'
[   52.346388][ T4040] cgroup: Unknown subsys name 'rlimit'
[   52.703786][ T4040] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k SSFS
[   64.229060][ T4091] chnl_net:caif_netlink_parms(): no params data found
[   64.274157][ T4091] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.276339][ T4091] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.279224][ T4091] device bridge_slave_0 entered promiscuous mode
[   64.284521][ T4091] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.286551][ T4091] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.289332][ T4091] device bridge_slave_1 entered promiscuous mode
[   64.310303][ T4091] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.315811][ T4091] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.332525][ T4091] team0: Port device team_slave_0 added
[   64.402226][ T4091] team0: Port device team_slave_1 added
[   64.416964][ T4091] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.418854][ T4091] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.427409][ T4091] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.432312][ T4091] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.434282][ T4091] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.442641][ T4091] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.512172][ T4091] device hsr_slave_0 entered promiscuous mode
[   64.550086][ T4091] device hsr_slave_1 entered promiscuous mode
[   64.678807][ T4091] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   64.732754][ T4091] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   64.783633][ T4091] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   64.847344][ T4091] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   64.953291][ T4091] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.964297][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   64.968023][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   64.976433][ T4091] 8021q: adding VLAN 0 to HW filter on device team0
[   64.982369][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   64.985493][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   64.988451][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.990699][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.994391][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   65.000160][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   65.003007][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   65.005638][ T1613] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.007649][ T1613] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.021419][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   65.024494][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   65.027528][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   65.035138][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   65.038000][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   65.043785][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   65.046746][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   65.050943][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   65.053907][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   65.060791][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   65.063601][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   65.068614][ T4091] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   65.148711][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   65.151245][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   65.159498][ T4091] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.172721][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   65.175692][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   65.193365][ T4091] device veth0_vlan entered promiscuous mode
[   65.198343][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   65.201890][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   65.204982][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   65.208140][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   65.216934][ T4091] device veth1_vlan entered promiscuous mode
[   65.234495][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   65.237397][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   65.243363][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   65.246171][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   65.251728][ T4091] device veth0_macvtap entered promiscuous mode
[   65.256127][ T4091] device veth1_macvtap entered promiscuous mode
[   65.268363][ T4091] batman_adv: batadv0: Interface activated: batadv_slave_0
[   65.271112][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   65.273903][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   65.276589][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   65.279363][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   65.286095][ T4091] batman_adv: batadv0: Interface activated: batadv_slave_1
[   65.288292][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   65.292654][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   65.297900][ T4091] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.302212][ T4091] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.304645][ T4091] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.307001][ T4091] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   65.757627][  T136] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   66.094436][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.096791][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.100424][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   66.118315][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.120914][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.123998][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
1970/01/01 00:01:06 executed programs: 0
[   66.539037][ T4132] chnl_net:caif_netlink_parms(): no params data found
[   66.577810][ T4132] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.580348][ T4132] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.583009][ T4132] device bridge_slave_0 entered promiscuous mode
[   66.587030][ T4132] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.588972][ T4132] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.592732][ T4132] device bridge_slave_1 entered promiscuous mode
[   66.608726][ T4132] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   66.614086][ T4132] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   66.631220][ T4132] team0: Port device team_slave_0 added
[   66.634764][ T4132] team0: Port device team_slave_1 added
[   66.647986][ T4132] batman_adv: batadv0: Adding interface: batadv_slave_0
[   66.650611][ T4132] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.657908][ T4132] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   66.663005][ T4132] batman_adv: batadv0: Adding interface: batadv_slave_1
[   66.664849][ T4132] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.671898][ T4132] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   66.731847][ T4132] device hsr_slave_0 entered promiscuous mode
[   66.760005][ T4132] device hsr_slave_1 entered promiscuous mode
[   66.829931][ T4132] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   66.832272][ T4132] Cannot create hsr debugfs directory
[   68.097465][  T136] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.450601][ T4125] Bluetooth: hci0: command 0x0409 tx timeout
[   69.661433][ T2055] ieee802154 phy0 wpan0: encryption failed: -22
[   69.663674][ T2055] ieee802154 phy1 wpan1: encryption failed: -22
[   70.530071][ T2416] Bluetooth: hci0: command 0x041b tx timeout
[   70.655995][  T136] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.728674][  T136] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   71.641285][ T4132] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   71.682002][ T4132] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   71.712823][ T4132] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   71.789350][ T4132] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   71.887416][ T4132] 8021q: adding VLAN 0 to HW filter on device bond0
[   71.897819][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   71.900875][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   71.907070][ T4132] 8021q: adding VLAN 0 to HW filter on device team0
[   71.914736][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   71.917644][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   71.922796][  T153] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.924674][  T153] bridge0: port 1(bridge_slave_0) entered forwarding state
[   71.927029][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   71.932489][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   71.935582][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   71.938225][  T153] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.940199][  T153] bridge0: port 2(bridge_slave_1) entered forwarding state
[   71.947385][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   71.953711][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   71.959552][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   71.964642][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   71.967640][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   71.981754][ T4132] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   71.984759][ T4132] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   71.989936][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   71.993473][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   71.996460][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   71.999289][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   72.005354][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   72.008254][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   72.011403][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   72.092257][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   72.094604][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   72.131529][ T4132] 8021q: adding VLAN 0 to HW filter on device batadv0
[   72.146155][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   72.149121][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   72.164180][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   72.167065][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   72.170934][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   72.173411][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   72.178201][ T4132] device veth0_vlan entered promiscuous mode
[   72.185993][ T4132] device veth1_vlan entered promiscuous mode
[   72.202611][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   72.205472][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   72.208283][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   72.213399][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   72.218390][ T4132] device veth0_macvtap entered promiscuous mode
[   72.223530][ T4132] device veth1_macvtap entered promiscuous mode
[   72.234233][ T4132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.237243][ T4132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.243265][ T4132] batman_adv: batadv0: Interface activated: batadv_slave_0
[   72.245774][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   72.248561][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   72.252076][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   72.254948][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   72.259995][ T4132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   72.262977][ T4132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.266665][ T4132] batman_adv: batadv0: Interface activated: batadv_slave_1
[   72.268864][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   72.272387][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   72.278284][ T4132] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   72.282142][ T4132] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   72.284601][ T4132] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   72.286977][ T4132] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   72.334422][ T1613] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.342614][ T1613] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.348495][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   72.353566][  T153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.355744][  T153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.358910][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
1970/01/01 00:01:12 executed programs: 2
[   72.396533][ T4195] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[   72.439217][ T4197] ==================================================================
[   72.441640][ T4197] BUG: KASAN: use-after-free in ax25_fillin_cb+0x394/0x568
[   72.443603][ T4197] Read of size 4 at addr ffff0000d55c0638 by task syz.0.18/4197
[   72.445637][ T4197] 
[   72.446247][ T4197] CPU: 1 PID: 4197 Comm: syz.0.18 Not tainted 5.15.189-syzkaller #0
[   72.448427][ T4197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   72.451201][ T4197] Call trace:
[   72.452131][ T4197]  dump_backtrace+0x0/0x43c
[   72.453431][ T4197]  show_stack+0x2c/0x3c
[   72.454626][ T4197]  __dump_stack+0x30/0x40
[   72.455862][ T4197]  dump_stack_lvl+0xf8/0x160
[   72.457088][ T4197]  print_address_description+0x78/0x30c
[   72.458648][ T4197]  kasan_report+0xec/0x15c
[   72.459895][ T4197]  __asan_report_load4_noabort+0x44/0x50
[   72.461450][ T4197]  ax25_fillin_cb+0x394/0x568
[   72.462717][ T4197]  ax25_setsockopt+0x8d0/0xa5c
[   72.464022][ T4197]  __sys_setsockopt+0x260/0x36c
[   72.465321][ T4197]  __arm64_sys_setsockopt+0xb8/0xd4
[   72.466725][ T4197]  invoke_syscall+0x98/0x2b8
[   72.467953][ T4197]  el0_svc_common+0x138/0x258
[   72.469289][ T4197]  do_el0_svc+0x58/0x14c
[   72.470415][ T4197]  el0_svc+0x78/0x1e0
[   72.471534][ T4197]  el0t_64_sync_handler+0xcc/0xe4
[   72.472870][ T4197]  el0t_64_sync+0x1a0/0x1a4
[   72.474102][ T4197] 
[   72.474748][ T4197] Allocated by task 4195:
[   72.475976][ T4197]  __kasan_kmalloc+0xb0/0xf0
[   72.477227][ T4197]  kmem_cache_alloc_trace+0x274/0x3fc
[   72.478708][ T4197]  ax25_dev_device_up+0x5c/0x540
[   72.480152][ T4197]  ax25_device_event+0x504/0x590
[   72.481527][ T4197]  raw_notifier_call_chain+0xd4/0x164
[   72.483002][ T4197]  __dev_notify_flags+0x250/0x46c
[   72.484391][ T4197]  dev_change_flags+0xc8/0x154
[   72.485706][ T4197]  dev_ifsioc+0x504/0xef4
[   72.486926][ T4197]  dev_ioctl+0x4d0/0xc94
[   72.488076][ T4197]  sock_do_ioctl+0x18c/0x240
[   72.489311][ T4197]  sock_ioctl+0x5c8/0x87c
[   72.490480][ T4197]  __arm64_sys_ioctl+0x14c/0x1c8
[   72.491792][ T4197]  invoke_syscall+0x98/0x2b8
[   72.493081][ T4197]  el0_svc_common+0x138/0x258
[   72.494349][ T4197]  do_el0_svc+0x58/0x14c
[   72.495536][ T4197]  el0_svc+0x78/0x1e0
[   72.496641][ T4197]  el0t_64_sync_handler+0xcc/0xe4
[   72.497980][ T4197]  el0t_64_sync+0x1a0/0x1a4
[   72.499217][ T4197] 
[   72.499842][ T4197] Freed by task 4196:
[   72.500906][ T4197]  kasan_set_track+0x4c/0x84
[   72.502130][ T4197]  kasan_set_free_info+0x28/0x4c
[   72.503493][ T4197]  ____kasan_slab_free+0x118/0x164
[   72.504874][ T4197]  __kasan_slab_free+0x18/0x28
[   72.506120][ T4197]  slab_free_freelist_hook+0x128/0x1e8
[   72.507558][ T4197]  kfree+0x170/0x40c
[   72.508621][ T4197]  ax25_release+0x564/0x814
[   72.509877][ T4197]  sock_close+0xb4/0x1f8
[   72.511094][ T4197]  __fput+0x1c0/0x7f8
[   72.512147][ T4197]  ____fput+0x20/0x30
[   72.513231][ T4197]  task_work_run+0x12c/0x1e0
[   72.514476][ T4197]  do_notify_resume+0x24b4/0x3128
[   72.515842][ T4197]  el0_svc+0xf0/0x1e0
[   72.516975][ T4197]  el0t_64_sync_handler+0xcc/0xe4
[   72.518327][ T4197]  el0t_64_sync+0x1a0/0x1a4
[   72.519565][ T4197] 
[   72.520190][ T4197] The buggy address belongs to the object at ffff0000d55c0600
[   72.520190][ T4197]  which belongs to the cache kmalloc-256 of size 256
[   72.524175][ T4197] The buggy address is located 56 bytes inside of
[   72.524175][ T4197]  256-byte region [ffff0000d55c0600, ffff0000d55c0700)
[   72.527696][ T4197] The buggy address belongs to the page:
[   72.529227][ T4197] page:00000000b3cff8d4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1155c0
[   72.531952][ T4197] head:00000000b3cff8d4 order:1 compound_mapcount:0
[   72.533741][ T4197] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   72.535957][ T4197] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002480
[   72.538306][ T4197] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   72.540628][ T4197] page dumped because: kasan: bad access detected
[   72.542367][ T4197] 
[   72.542988][ T4197] Memory state around the buggy address:
[   72.544548][ T4197]  ffff0000d55c0500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   72.546840][ T4197]  ffff0000d55c0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   72.549139][ T4197] >ffff0000d55c0600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   72.551406][ T4197]                                         ^
[   72.553042][ T4197]  ffff0000d55c0680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   72.555318][ T4197]  ffff0000d55c0700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   72.557656][ T4197] ==================================================================
[   72.559860][ T4197] Disabling lock debugging due to kernel taint
[   72.565602][ T4197] Unable to handle kernel paging request at virtual address 006003210000160c
[   72.568032][ T4197] Mem abort info:
[   72.569097][ T4197]   ESR = 0x0000000096000004
[   72.573851][ T4197]   EC = 0x25: DABT (current EL), IL = 32 bits
[   72.575577][ T4197]   SET = 0, FnV = 0
[   72.576627][ T4197]   EA = 0, S1PTW = 0
[   72.577769][ T4197]   FSC = 0x04: level 0 translation fault
[   72.579351][ T4197] Data abort info:
[   72.580713][ T4197]   ISV = 0, ISS = 0x00000004
[   72.582024][ T4197]   CM = 0, WnR = 0
[   72.583017][ T4197] [006003210000160c] address between user and kernel address ranges
[   72.585127][ T4197] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
[   72.587009][ T4197] Modules linked in:
[   72.588062][ T4197] CPU: 1 PID: 4197 Comm: syz.0.18 Tainted: G    B             5.15.189-syzkaller #0
[   72.590516][ T4197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   72.593221][ T4197] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   72.595384][ T4197] pc : ax25_release+0x4f4/0x814
[   72.596664][ T4197] lr : ax25_release+0x4ec/0x814
[   72.597973][ T4197] sp : ffff80001f947a00
[   72.599092][ T4197] x29: ffff80001f947a20 x28: dfff800000000000 x27: ffff0000d70b3080
[   72.601223][ T4197] x26: ffff0000d5788028 x25: ffff0000d5788031 x24: 00000000ffffffff
[   72.603344][ T4197] x23: b96003210000160c x22: ffff0000d55c0600 x21: ffff0000ed814818
[   72.605560][ T4197] x20: ffff0000d70b3000 x19: 1fffe0001aaf1005 x18: 0000000000000000
[   72.607785][ T4197] x17: 0000000000000000 x16: ffff8000082d6448 x15: 0000000000000004
[   72.609798][ T4064] Bluetooth: hci0: command 0x040f tx timeout
[   72.609998][ T4197] x14: 0000000000ff0100 x13: ffffffffffffffff x12: 0000000000ff0100
[   72.613684][ T4197] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff80001045ef30
[   72.615790][ T4197] x8 : ffff0000d3ed8000 x7 : 0000000000000000 x6 : ffff80000837b9bc
[   72.617896][ T4197] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80001045ef24
[   72.620029][ T4197] x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000001
[   72.622161][ T4197] Call trace:
[   72.623031][ T4197]  ax25_release+0x4f4/0x814
[   72.624229][ T4197]  sock_close+0xb4/0x1f8
[   72.625364][ T4197]  __fput+0x1c0/0x7f8
[   72.626413][ T4197]  ____fput+0x20/0x30
[   72.627478][ T4197]  task_work_run+0x12c/0x1e0
[   72.628702][ T4197]  do_notify_resume+0x24b4/0x3128
[   72.630055][ T4197]  el0_svc+0xf0/0x1e0
[   72.631137][ T4197]  el0t_64_sync_handler+0xcc/0xe4
[   72.632473][ T4197]  el0t_64_sync+0x1a0/0x1a4
[   72.633673][ T4197] Code: d503201f 96006935 52800038 4b1803f8 (b87802f8) 
[   72.635582][ T4197] ---[ end trace da5895dd87b7318d ]---
[   72.994554][ T4197] Kernel panic - not syncing: Oops: Fatal exception
[   72.996433][ T4197] SMP: stopping secondary CPUs
[   72.997831][ T4197] Kernel Offset: disabled
[   72.998993][ T4197] CPU features: 0x8,000081c1,21302e40
[   73.000468][ T4197] Memory Limit: none
[   73.378921][ T4197] Rebooting in 86400 seconds..