Warning: Permanently added '10.128.1.102' (ED25519) to the list of known hosts.
[   42.493763][ T4025] chnl_net:caif_netlink_parms(): no params data found
[   42.532579][ T4025] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.534652][ T4025] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.537189][ T4025] device bridge_slave_0 entered promiscuous mode
[   42.541980][ T4025] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.543944][ T4025] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.546591][ T4025] device bridge_slave_1 entered promiscuous mode
[   42.562967][ T4025] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   42.567626][ T4025] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   42.584334][ T4025] team0: Port device team_slave_0 added
[   42.587938][ T4025] team0: Port device team_slave_1 added
[   42.601753][ T4025] batman_adv: batadv0: Adding interface: batadv_slave_0
[   42.603756][ T4025] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   42.610885][ T4025] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   42.616108][ T4025] batman_adv: batadv0: Adding interface: batadv_slave_1
[   42.618048][ T4025] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   42.625418][ T4025] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   42.703311][ T4025] device hsr_slave_0 entered promiscuous mode
[   42.751436][ T4025] device hsr_slave_1 entered promiscuous mode
[   42.880382][ T4025] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   42.944007][ T4025] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   42.993444][ T4025] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   43.064069][ T4025] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   43.139066][ T4025] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.141322][ T4025] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.143826][ T4025] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.145857][ T4025] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.186375][ T4025] 8021q: adding VLAN 0 to HW filter on device bond0
[   43.196327][  T477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   43.200403][  T477] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.204715][  T477] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.207709][  T477] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   43.216280][ T4025] 8021q: adding VLAN 0 to HW filter on device team0
[   43.222837][  T477] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   43.225674][  T477] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.227638][  T477] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.234347][  T477] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   43.237038][  T477] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.238944][  T477] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.256089][  T477] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   43.258947][  T477] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   43.264853][  T477] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   43.272493][  T477] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   43.278684][  T477] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   43.283824][ T4025] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   43.296452][  T477] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   43.298658][  T477] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   43.307041][ T4025] 8021q: adding VLAN 0 to HW filter on device batadv0
[   43.321614][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   43.335175][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   43.338285][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   43.341541][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   43.346174][ T4025] device veth0_vlan entered promiscuous mode
[   43.353667][ T4025] device veth1_vlan entered promiscuous mode
[   43.370148][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   43.375026][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   43.378106][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   43.383658][ T4025] device veth0_macvtap entered promiscuous mode
[   43.388024][ T4025] device veth1_macvtap entered promiscuous mode
[   43.401835][ T4025] batman_adv: batadv0: Interface activated: batadv_slave_0
[   43.404203][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   43.407748][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   43.414738][ T4025] batman_adv: batadv0: Interface activated: batadv_slave_1
[   43.417084][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   43.424111][ T4025] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   43.426670][ T4025] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   43.428980][ T4025] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   43.432091][ T4025] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
executing program
[   43.472152][ T4033] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
executing program
executing program
[   43.493923][ T4035] ==================================================================
[   43.496205][ T4035] BUG: KASAN: use-after-free in ax25_fillin_cb+0x394/0x568
[   43.498186][ T4035] Read of size 4 at addr ffff0000c1c2ba38 by task syz-executor277/4035
[   43.500418][ T4035] 
[   43.501059][ T4035] CPU: 1 PID: 4035 Comm: syz-executor277 Not tainted 5.15.183-syzkaller #0
[   43.503352][ T4035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   43.506134][ T4035] Call trace:
[   43.506992][ T4035]  dump_backtrace+0x0/0x43c
[   43.508227][ T4035]  show_stack+0x2c/0x3c
[   43.509326][ T4035]  __dump_stack+0x30/0x40
[   43.510480][ T4035]  dump_stack_lvl+0xf8/0x160
[   43.511713][ T4035]  print_address_description+0x78/0x30c
[   43.513214][ T4035]  kasan_report+0xec/0x15c
[   43.514391][ T4035]  __asan_report_load4_noabort+0x44/0x50
[   43.515881][ T4035]  ax25_fillin_cb+0x394/0x568
[   43.517082][ T4035]  ax25_setsockopt+0x8d0/0xa5c
[   43.518373][ T4035]  __sys_setsockopt+0x2f8/0x4b0
[   43.519720][ T4035]  __arm64_sys_setsockopt+0xb8/0xd4
[   43.521078][ T4035]  invoke_syscall+0x98/0x2b8
[   43.522327][ T4035]  el0_svc_common+0x138/0x258
[   43.523605][ T4035]  do_el0_svc+0x58/0x14c
[   43.524724][ T4035]  el0_svc+0x78/0x1e0
[   43.525803][ T4035]  el0t_64_sync_handler+0xcc/0xe4
[   43.527145][ T4035]  el0t_64_sync+0x1a0/0x1a4
[   43.528309][ T4035] 
[   43.528946][ T4035] Allocated by task 4033:
[   43.530143][ T4035]  __kasan_kmalloc+0xb0/0xf0
[   43.531391][ T4035]  kmem_cache_alloc_trace+0x274/0x3fc
[   43.532834][ T4035]  ax25_dev_device_up+0x5c/0x540
[   43.534207][ T4035]  ax25_device_event+0x504/0x590
[   43.535568][ T4035]  raw_notifier_call_chain+0xd4/0x164
[   43.537039][ T4035]  __dev_notify_flags+0x250/0x46c
[   43.538411][ T4035]  dev_change_flags+0xc8/0x154
[   43.539671][ T4035]  dev_ifsioc+0x504/0xef4
[   43.540832][ T4035]  dev_ioctl+0x4d0/0xc94
[   43.541977][ T4035]  sock_do_ioctl+0x18c/0x240
[   43.543191][ T4035]  sock_ioctl+0x5c8/0x87c
[   43.544415][ T4035]  __arm64_sys_ioctl+0x14c/0x1c8
[   43.545725][ T4035]  invoke_syscall+0x98/0x2b8
[   43.546956][ T4035]  el0_svc_common+0x138/0x258
[   43.548225][ T4035]  do_el0_svc+0x58/0x14c
[   43.549352][ T4035]  el0_svc+0x78/0x1e0
[   43.550390][ T4035]  el0t_64_sync_handler+0xcc/0xe4
[   43.551746][ T4035]  el0t_64_sync+0x1a0/0x1a4
[   43.552934][ T4035] 
[   43.553525][ T4035] Freed by task 4034:
[   43.554591][ T4035]  kasan_set_track+0x4c/0x84
[   43.555813][ T4035]  kasan_set_free_info+0x28/0x4c
[   43.557099][ T4035]  ____kasan_slab_free+0x118/0x164
[   43.558469][ T4035]  __kasan_slab_free+0x18/0x28
[   43.559745][ T4035]  slab_free_freelist_hook+0x128/0x1e8
[   43.561187][ T4035]  kfree+0x170/0x40c
[   43.562207][ T4035]  ax25_release+0x564/0x814
[   43.563394][ T4035]  sock_close+0xb4/0x1f8
[   43.564510][ T4035]  __fput+0x1c0/0x7f8
[   43.565644][ T4035]  ____fput+0x20/0x30
[   43.566704][ T4035]  task_work_run+0x12c/0x1e0
[   43.567945][ T4035]  do_notify_resume+0x24b4/0x3128
[   43.569271][ T4035]  el0_svc+0xf0/0x1e0
[   43.570310][ T4035]  el0t_64_sync_handler+0xcc/0xe4
[   43.571663][ T4035]  el0t_64_sync+0x1a0/0x1a4
[   43.572820][ T4035] 
[   43.573421][ T4035] The buggy address belongs to the object at ffff0000c1c2ba00
[   43.573421][ T4035]  which belongs to the cache kmalloc-256 of size 256
[   43.577174][ T4035] The buggy address is located 56 bytes inside of
[   43.577174][ T4035]  256-byte region [ffff0000c1c2ba00, ffff0000c1c2bb00)
[   43.580724][ T4035] The buggy address belongs to the page:
[   43.582232][ T4035] page:00000000dc854bf5 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101c2a
[   43.585039][ T4035] head:00000000dc854bf5 order:1 compound_mapcount:0
[   43.586794][ T4035] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   43.589021][ T4035] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002480
[   43.591343][ T4035] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   43.593662][ T4035] page dumped because: kasan: bad access detected
[   43.595332][ T4035] 
[   43.595969][ T4035] Memory state around the buggy address:
[   43.597560][ T4035]  ffff0000c1c2b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   43.599846][ T4035]  ffff0000c1c2b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   43.602091][ T4035] >ffff0000c1c2ba00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   43.604262][ T4035]                                         ^
[   43.605881][ T4035]  ffff0000c1c2ba80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   43.608025][ T4035]  ffff0000c1c2bb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   43.610166][ T4035] ==================================================================
[   43.612371][ T4035] Disabling lock debugging due to kernel taint
[   43.617758][ T4035] Unable to handle kernel paging request at virtual address 000002ab0000156a
[   43.620170][ T4035] Mem abort info:
[   43.621172][ T4035]   ESR = 0x0000000096000021
[   43.622391][ T4035]   EC = 0x25: DABT (current EL), IL = 32 bits
[   43.624088][ T4035]   SET = 0, FnV = 0
[   43.625163][ T4035]   EA = 0, S1PTW = 0
[   43.626900][ T4035]   FSC = 0x21: alignment fault
[   43.628253][ T4035] Data abort info:
[   43.629226][ T4035]   ISV = 0, ISS = 0x00000021
[   43.630512][ T4035]   CM = 0, WnR = 0
[   43.632321][ T4035] user pgtable: 4k pages, 48-bit VAs, pgdp=000000010204f000
[   43.634383][ T4035] [000002ab0000156a] pgd=0000000000000000, p4d=0000000000000000
[   43.636439][ T4035] Internal error: Oops: 0000000096000021 [#1] PREEMPT SMP
[   43.638363][ T4035] Modules linked in:
[   43.639394][ T4035] CPU: 1 PID: 4035 Comm: syz-executor277 Tainted: G    B             5.15.183-syzkaller #0
[   43.641866][ T4035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   43.644578][ T4035] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   43.646682][ T4035] pc : ax25_release+0x4f4/0x814
[   43.647964][ T4035] lr : ax25_release+0x4ec/0x814
[   43.649274][ T4035] sp : ffff80001ee27a00
[   43.650362][ T4035] x29: ffff80001ee27a20 x28: dfff800000000000 x27: ffff0000c2a8d080
[   43.652512][ T4035] x26: ffff0000c8e4c828 x25: 0000000000000002 x24: 00000000ffffffff
[   43.654644][ T4035] x23: ec0002ab0000156a x22: ffff0000c1c2ba00 x21: ffff0000e2056018
[   43.656787][ T4035] x20: ffff0000c2a8d000 x19: 1fffe000191c9905 x18: 0000000000000000
[   43.659035][ T4035] x17: 0000000000000000 x16: ffff8000082d4b38 x15: 0000000000000002
[   43.661289][ T4035] x14: 0000000000ff0100 x13: ffffffffffffffff x12: 0000000000ff0100
[   43.663502][ T4035] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff8000104473e0
[   43.665678][ T4035] x8 : ffff0000c6971b40 x7 : 0000000000000000 x6 : ffff80000837a0a0
[   43.667953][ T4035] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000104473d4
[   43.670140][ T4035] x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000001
[   43.672318][ T4035] Call trace:
[   43.673292][ T4035]  ax25_release+0x4f4/0x814
[   43.674473][ T4035]  sock_close+0xb4/0x1f8
[   43.675624][ T4035]  __fput+0x1c0/0x7f8
[   43.676685][ T4035]  ____fput+0x20/0x30
[   43.677730][ T4035]  task_work_run+0x12c/0x1e0
[   43.679067][ T4035]  do_notify_resume+0x24b4/0x3128
[   43.680414][ T4035]  el0_svc+0xf0/0x1e0
[   43.681453][ T4035]  el0t_64_sync_handler+0xcc/0xe4
[   43.682807][ T4035]  el0t_64_sync+0x1a0/0x1a4
[   43.683982][ T4035] Code: d503201f 9600c549 52800038 4b1803f8 (b87802f8) 
[   43.685915][ T4035] ---[ end trace 0418c0feac78f10e ]---
[   44.012081][ T4035] Kernel panic - not syncing: Oops: Fatal exception
[   44.013967][ T4035] SMP: stopping secondary CPUs
[   44.015258][ T4035] Kernel Offset: disabled
[   44.016442][ T4035] CPU features: 0x8,000081c1,21302e40
[   44.017862][ T4035] Memory Limit: none
[   44.310159][ T4035] Rebooting in 86400 seconds..