Warning: Permanently added '10.128.0.20' (ED25519) to the list of known hosts.
1970/01/01 00:00:45 ignoring optional flag "sandboxArg"="0"
1970/01/01 00:00:46 parsed 1 programs
[   48.829842][ T4031] cgroup: Unknown subsys name 'net'
[   49.069639][ T4031] cgroup: Unknown subsys name 'rlimit'
[   49.432353][ T4031] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k SSFS
[   57.674391][ T4091] chnl_net:caif_netlink_parms(): no params data found
[   57.718162][ T4091] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.720178][ T4091] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.723492][ T4091] device bridge_slave_0 entered promiscuous mode
[   57.727929][ T4091] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.730034][ T4091] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.734430][ T4091] device bridge_slave_1 entered promiscuous mode
[   57.755099][ T4091] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.760067][ T4091] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.778489][ T4091] team0: Port device team_slave_0 added
[   57.782171][ T4091] team0: Port device team_slave_1 added
[   57.798972][ T4091] batman_adv: batadv0: Adding interface: batadv_slave_0
[   57.800994][ T4091] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.808510][ T4091] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   57.814857][ T4091] batman_adv: batadv0: Adding interface: batadv_slave_1
[   57.816861][ T4091] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.823994][ T4091] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   57.896333][ T4091] device hsr_slave_0 entered promiscuous mode
[   57.935393][ T4091] device hsr_slave_1 entered promiscuous mode
[   58.070418][ T4091] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   58.136916][ T4091] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   58.176435][ T4091] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   58.224668][ T4091] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   58.325126][ T4091] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.327369][ T4091] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.329915][ T4091] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.331871][ T4091] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.381793][ T4091] 8021q: adding VLAN 0 to HW filter on device bond0
[   58.392186][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   58.396772][  T148] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.399940][  T148] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.408998][ T4091] 8021q: adding VLAN 0 to HW filter on device team0
[   58.418062][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   58.420787][  T136] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.422983][  T136] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.430066][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   58.434388][  T136] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.436477][  T136] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.452733][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   58.457510][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   58.468646][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   58.480288][ T4091] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   58.484354][ T4091] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   58.489137][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   58.495368][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   58.498986][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   58.571759][  T396] ODEBUG: Out of memory. ODEBUG disabled
[   58.592336][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   58.594760][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   58.602312][ T4091] 8021q: adding VLAN 0 to HW filter on device batadv0
[   58.616409][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   58.619189][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   58.631598][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   58.634949][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   58.637887][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   58.640795][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   58.646758][ T4091] device veth0_vlan entered promiscuous mode
[   58.653270][ T4091] device veth1_vlan entered promiscuous mode
[   58.666559][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   58.669227][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   58.671787][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   58.675239][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   58.679433][ T4091] device veth0_macvtap entered promiscuous mode
[   58.685058][ T4091] device veth1_macvtap entered promiscuous mode
[   58.696244][ T4091] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.698554][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   58.701200][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   58.704524][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   58.707326][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   58.715894][ T4091] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.720604][ T4091] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.724953][ T4091] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.727326][ T4091] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.729786][ T4091] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.734792][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   58.737730][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   58.891308][  T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.894081][  T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.897896][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   58.910668][  T136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.913938][  T136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.916660][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
1970/01/01 00:00:59 executed programs: 0
[   59.491709][ T4134] chnl_net:caif_netlink_parms(): no params data found
[   59.524883][ T4134] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.527047][ T4134] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.529725][ T4134] device bridge_slave_0 entered promiscuous mode
[   59.534125][ T4134] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.536145][ T4134] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.538977][ T4134] device bridge_slave_1 entered promiscuous mode
[   59.554424][ T4134] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   59.559723][ T4134] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   59.575847][ T4134] team0: Port device team_slave_0 added
[   59.579137][ T4134] team0: Port device team_slave_1 added
[   59.591636][ T4134] batman_adv: batadv0: Adding interface: batadv_slave_0
[   59.593770][ T4134] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.600844][ T4134] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   59.605445][ T4134] batman_adv: batadv0: Adding interface: batadv_slave_1
[   59.607426][ T4134] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.614776][ T4134] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   59.674693][ T4134] device hsr_slave_0 entered promiscuous mode
[   59.722820][ T4134] device hsr_slave_1 entered promiscuous mode
[   59.772623][ T4134] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   59.775004][ T4134] Cannot create hsr debugfs directory
[   59.868693][ T4134] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   61.483286][ T4116] Bluetooth: hci0: command 0x0409 tx timeout
[   62.369229][ T4134] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   63.562540][ T4116] Bluetooth: hci0: command 0x041b tx timeout
[   64.019077][ T4134] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.100743][ T4134] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.268493][ T4134] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   64.297438][ T4134] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   64.337312][ T4134] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   64.385547][ T4134] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   64.469643][ T4134] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.477662][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   64.480135][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   64.485935][ T4134] 8021q: adding VLAN 0 to HW filter on device team0
[   64.497001][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   64.499993][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   64.503262][  T136] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.505251][  T136] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.508143][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   64.511180][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   64.521314][  T136] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.523412][  T136] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.527581][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   64.532325][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   64.537399][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   64.548281][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   64.552011][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   64.556469][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   64.559359][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   64.562160][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   64.566211][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   64.573378][ T4134] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   64.576860][ T4134] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   64.580908][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   64.583791][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   64.586780][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   64.673010][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   64.675352][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   64.679561][ T4134] 8021q: adding VLAN 0 to HW filter on device batadv0
[   64.693264][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   64.696163][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   64.707319][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   64.710110][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   64.714133][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   64.716743][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   64.726929][ T4134] device veth0_vlan entered promiscuous mode
[   64.733331][ T4134] device veth1_vlan entered promiscuous mode
[   64.752122][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   64.755726][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   64.758406][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   64.761988][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   64.768451][ T4134] device veth0_macvtap entered promiscuous mode
[   64.773044][ T4134] device veth1_macvtap entered promiscuous mode
[   64.783676][ T4134] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   64.786801][ T4134] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.790430][ T4134] batman_adv: batadv0: Interface activated: batadv_slave_0
[   64.796518][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   64.799370][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   64.802052][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   64.805809][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   64.810650][ T4134] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   64.814687][ T4134] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.818516][ T4134] batman_adv: batadv0: Interface activated: batadv_slave_1
[   64.820651][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   64.824248][  T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   64.829498][ T4134] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   64.831815][ T4134] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   64.835713][ T4134] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   64.838248][ T4134] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.892979][  T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.895289][  T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.898251][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   65.212064][  T136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.215069][  T136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.217659][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
1970/01/01 00:01:05 executed programs: 2
[   65.257722][ T4153] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[   65.291732][ T4156] ==================================================================
[   65.294215][ T4156] BUG: KASAN: use-after-free in ax25_fillin_cb+0x394/0x568
[   65.296420][ T4156] Read of size 4 at addr ffff0000c7e3de38 by task syz.0.18/4156
[   65.298762][ T4156] 
[   65.299549][ T4156] CPU: 0 PID: 4156 Comm: syz.0.18 Not tainted 5.15.186-syzkaller #0
[   65.301849][ T4156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   65.304774][ T4156] Call trace:
[   65.305779][ T4156]  dump_backtrace+0x0/0x43c
[   65.307114][ T4156]  show_stack+0x2c/0x3c
[   65.308301][ T4156]  __dump_stack+0x30/0x40
[   65.309504][ T4156]  dump_stack_lvl+0xf8/0x160
[   65.310842][ T4156]  print_address_description+0x78/0x30c
[   65.312303][ T4156]  kasan_report+0xec/0x15c
[   65.313533][ T4156]  __asan_report_load4_noabort+0x44/0x50
[   65.315176][ T4156]  ax25_fillin_cb+0x394/0x568
[   65.316479][ T4156]  ax25_setsockopt+0x8d0/0xa5c
[   65.317819][ T4156]  __sys_setsockopt+0x2f8/0x4b0
[   65.319188][ T4156]  __arm64_sys_setsockopt+0xb8/0xd4
[   65.320700][ T4156]  invoke_syscall+0x98/0x2b8
[   65.322033][ T4156]  el0_svc_common+0x138/0x258
[   65.323351][ T4156]  do_el0_svc+0x58/0x14c
[   65.324497][ T4156]  el0_svc+0x78/0x1e0
[   65.325568][ T4156]  el0t_64_sync_handler+0xcc/0xe4
[   65.326952][ T4156]  el0t_64_sync+0x1a0/0x1a4
[   65.328220][ T4156] 
[   65.328814][ T4156] Allocated by task 4153:
[   65.330062][ T4156]  __kasan_kmalloc+0xb0/0xf0
[   65.331321][ T4156]  kmem_cache_alloc_trace+0x274/0x3fc
[   65.332847][ T4156]  ax25_dev_device_up+0x5c/0x540
[   65.334232][ T4156]  ax25_device_event+0x504/0x590
[   65.335656][ T4156]  raw_notifier_call_chain+0xd4/0x164
[   65.337153][ T4156]  __dev_notify_flags+0x250/0x46c
[   65.338537][ T4156]  dev_change_flags+0xc8/0x154
[   65.339850][ T4156]  dev_ifsioc+0x504/0xef4
[   65.341012][ T4156]  dev_ioctl+0x4d0/0xc94
[   65.342197][ T4156]  sock_do_ioctl+0x18c/0x240
[   65.343486][ T4156]  sock_ioctl+0x5c8/0x87c
[   65.344676][ T4156]  __arm64_sys_ioctl+0x14c/0x1c8
[   65.346069][ T4156]  invoke_syscall+0x98/0x2b8
[   65.347311][ T4156]  el0_svc_common+0x138/0x258
[   65.348570][ T4156]  do_el0_svc+0x58/0x14c
[   65.349758][ T4156]  el0_svc+0x78/0x1e0
[   65.350843][ T4156]  el0t_64_sync_handler+0xcc/0xe4
[   65.352319][ T4156]  el0t_64_sync+0x1a0/0x1a4
[   65.353545][ T4156] 
[   65.354178][ T4156] Freed by task 4154:
[   65.355275][ T4156]  kasan_set_track+0x4c/0x84
[   65.356540][ T4156]  kasan_set_free_info+0x28/0x4c
[   65.357972][ T4156]  ____kasan_slab_free+0x118/0x164
[   65.359439][ T4156]  __kasan_slab_free+0x18/0x28
[   65.360815][ T4156]  slab_free_freelist_hook+0x128/0x1e8
[   65.362365][ T4156]  kfree+0x170/0x40c
[   65.363444][ T4156]  ax25_release+0x564/0x814
[   65.364714][ T4156]  sock_close+0xb4/0x1f8
[   65.365913][ T4156]  __fput+0x1c0/0x7f8
[   65.367018][ T4156]  ____fput+0x20/0x30
[   65.368221][ T4156]  task_work_run+0x12c/0x1e0
[   65.369474][ T4156]  do_notify_resume+0x24b4/0x3128
[   65.370921][ T4156]  el0_svc+0xf0/0x1e0
[   65.372026][ T4156]  el0t_64_sync_handler+0xcc/0xe4
[   65.373401][ T4156]  el0t_64_sync+0x1a0/0x1a4
[   65.374612][ T4156] 
[   65.375224][ T4156] Last potentially related work creation:
[   65.376801][ T4156]  kasan_save_stack+0x38/0x68
[   65.378105][ T4156]  kasan_record_aux_stack+0xcc/0x114
[   65.379501][ T4156]  insert_work+0x64/0x388
[   65.380663][ T4156]  __queue_work+0xb30/0x1054
[   65.381896][ T4156]  queue_work_on+0xc4/0x17c
[   65.383170][ T4156]  call_usermodehelper_exec+0x22c/0x478
[   65.384684][ T4156]  kobject_uevent_env+0x670/0x888
[   65.386138][ T4156]  kobject_uevent+0x2c/0x3c
[   65.387374][ T4156]  driver_register+0x29c/0x374
[   65.388733][ T4156]  __platform_driver_register+0x6c/0x80
[   65.390346][ T4156]  es7134_driver_init+0x20/0x2c
[   65.391688][ T4156]  do_one_initcall+0x228/0x8b0
[   65.393077][ T4156]  do_initcall_level+0x154/0x214
[   65.394424][ T4156]  do_initcalls+0x58/0xac
[   65.395688][ T4156]  do_basic_setup+0x8c/0xa0
[   65.396931][ T4156]  kernel_init_freeable+0x404/0x5fc
[   65.398487][ T4156]  kernel_init+0x24/0x1d0
[   65.399696][ T4156]  ret_from_fork+0x10/0x20
[   65.400944][ T4156] 
[   65.401580][ T4156] The buggy address belongs to the object at ffff0000c7e3de00
[   65.401580][ T4156]  which belongs to the cache kmalloc-256 of size 256
[   65.405518][ T4156] The buggy address is located 56 bytes inside of
[   65.405518][ T4156]  256-byte region [ffff0000c7e3de00, ffff0000c7e3df00)
[   65.409234][ T4156] The buggy address belongs to the page:
[   65.410761][ T4156] page:00000000dbf7a57b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107e3c
[   65.413678][ T4156] head:00000000dbf7a57b order:1 compound_mapcount:0
[   65.415492][ T4156] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   65.417767][ T4156] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002480
[   65.420276][ T4156] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   65.422699][ T4156] page dumped because: kasan: bad access detected
[   65.424541][ T4156] 
[   65.425175][ T4156] Memory state around the buggy address:
[   65.426716][ T4156]  ffff0000c7e3dd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   65.429143][ T4156]  ffff0000c7e3dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   65.431409][ T4156] >ffff0000c7e3de00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   65.433679][ T4156]                                         ^
[   65.435344][ T4156]  ffff0000c7e3de80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   65.437702][ T4156]  ffff0000c7e3df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   65.439891][ T4156] ==================================================================
[   65.442084][ T4156] Disabling lock debugging due to kernel taint
[   65.448409][ T4156] Unable to handle kernel paging request at virtual address 00600300000015e2
[   65.450877][ T4156] Mem abort info:
[   65.451795][ T4156]   ESR = 0x0000000096000021
[   65.454896][ T4156]   EC = 0x25: DABT (current EL), IL = 32 bits
[   65.456696][ T4156]   SET = 0, FnV = 0
[   65.457724][ T4156]   EA = 0, S1PTW = 0
[   65.458835][ T4156]   FSC = 0x21: alignment fault
[   65.460200][ T4156] Data abort info:
[   65.461319][ T4156]   ISV = 0, ISS = 0x00000021
[   65.464344][ T4156]   CM = 0, WnR = 0
[   65.465521][ T4156] [00600300000015e2] address between user and kernel address ranges
[   65.467868][ T4156] Internal error: Oops: 0000000096000021 [#1] PREEMPT SMP
[   65.469996][ T4156] Modules linked in:
[   65.470969][ T4156] CPU: 1 PID: 4156 Comm: syz.0.18 Tainted: G    B             5.15.186-syzkaller #0
[   65.473608][ T4156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   65.476367][ T4156] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   65.478446][ T4156] pc : ax25_release+0x4f4/0x814
[   65.479776][ T4156] lr : ax25_release+0x4ec/0x814
[   65.481087][ T4156] sp : ffff80001f687a00
[   65.482255][ T4156] x29: ffff80001f687a20 x28: dfff800000000000 x27: ffff0000d6dfc080
[   65.484530][ T4156] x26: ffff0000d6de8828 x25: 0000000000000002 x24: 00000000ffffffff
[   65.486819][ T4156] x23: a6600300000015e2 x22: ffff0000c7e3de00 x21: ffff0000dca99818
[   65.489218][ T4156] x20: ffff0000d6dfc000 x19: 1fffe0001adbd105 x18: 0000000000000000
[   65.491387][ T4156] x17: 0000000000000000 x16: ffff8000082d6448 x15: 0000000000000002
[   65.493743][ T4156] x14: 0000000000ff0100 x13: ffffffffffffffff x12: 0000000000ff0100
[   65.495967][ T4156] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff8000104555f4
[   65.498195][ T4156] x8 : ffff0000ce7cb680 x7 : 0000000000000000 x6 : ffff80000837b9b0
[   65.500311][ T4156] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000104555e8
[   65.502476][ T4156] x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000001
[   65.504802][ T4156] Call trace:
[   65.505673][ T4156]  ax25_release+0x4f4/0x814
[   65.506933][ T4156]  sock_close+0xb4/0x1f8
[   65.508138][ T4156]  __fput+0x1c0/0x7f8
[   65.509323][ T4156]  ____fput+0x20/0x30
[   65.510431][ T4156]  task_work_run+0x12c/0x1e0
[   65.511630][ T4156]  do_notify_resume+0x24b4/0x3128
[   65.512970][ T4156]  el0_svc+0xf0/0x1e0
[   65.514090][ T4156]  el0t_64_sync_handler+0xcc/0xe4
[   65.515486][ T4156]  el0t_64_sync+0x1a0/0x1a4
[   65.516741][ T4156] Code: d503201f 9600931b 52800038 4b1803f8 (b87802f8) 
[   65.518603][ T4156] ---[ end trace 38af9434d2f51416 ]---
[   65.877099][ T4156] Kernel panic - not syncing: Oops: Fatal exception
[   65.878925][ T4156] SMP: stopping secondary CPUs
[   65.880218][ T4156] Kernel Offset: disabled
[   65.881370][ T4156] CPU features: 0x8,000081c1,21302e40
[   65.882737][ T4156] Memory Limit: none
[   66.201694][ T4156] Rebooting in 86400 seconds..