Warning: Permanently added '10.128.0.238' (ED25519) to the list of known hosts. 1970/01/01 00:00:42 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:00:43 parsed 1 programs [ 46.335329][ T4040] cgroup: Unknown subsys name 'net' [ 46.603508][ T4040] cgroup: Unknown subsys name 'rlimit' [ 46.933489][ T4040] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 56.105216][ T148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.107810][ T148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.110678][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 56.128310][ T333] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.130513][ T333] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.133403][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 57.289673][ T4110] chnl_net:caif_netlink_parms(): no params data found [ 57.333718][ T4110] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.335867][ T4110] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.338889][ T4110] device bridge_slave_0 entered promiscuous mode [ 57.343297][ T4110] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.345284][ T4110] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.349505][ T4110] device bridge_slave_1 entered promiscuous mode [ 57.367233][ T4110] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.373536][ T4110] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.390769][ T4110] team0: Port device team_slave_0 added [ 57.395409][ T4110] team0: Port device team_slave_1 added [ 57.409268][ T4110] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 57.411238][ T4110] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.418390][ T4110] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 57.422947][ T4110] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 57.424877][ T4110] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.432184][ T4110] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 57.489990][ T4110] device hsr_slave_0 entered promiscuous mode [ 57.557899][ T4110] device hsr_slave_1 entered promiscuous mode [ 57.695778][ T4110] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 57.729851][ T4110] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 57.770363][ T4110] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 57.820021][ T4110] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 57.827414][ T136] ODEBUG: Out of memory. ODEBUG disabled [ 57.874052][ T4110] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.876163][ T4110] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.878478][ T4110] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.880444][ T4110] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.921527][ T4110] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.928784][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.932039][ T148] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.934469][ T148] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.945726][ T4110] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.952621][ T593] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.955172][ T593] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.959177][ T593] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.973176][ T593] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.975776][ T593] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.977780][ T593] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.995723][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 58.004923][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 58.009487][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 58.017362][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 58.020871][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 58.024055][ T4110] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 58.096535][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 58.100087][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 58.106815][ T4110] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.119536][ T553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 58.131490][ T553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 58.134295][ T553] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 58.136981][ T553] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 58.141861][ T4110] device veth0_vlan entered promiscuous mode [ 58.147823][ T4110] device veth1_vlan entered promiscuous mode [ 58.161904][ T553] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 58.164460][ T553] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 58.167219][ T553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 58.172766][ T4110] device veth0_macvtap entered promiscuous mode [ 58.177126][ T4110] device veth1_macvtap entered promiscuous mode [ 58.189233][ T4110] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 58.191536][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 58.194604][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 58.200699][ T4110] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 58.203330][ T553] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 58.207864][ T4110] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.210207][ T4110] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.212539][ T4110] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.214837][ T4110] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:00:58 executed programs: 0 [ 58.763909][ T4144] chnl_net:caif_netlink_parms(): no params data found [ 58.798300][ T4144] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.800279][ T4144] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.802824][ T4144] device bridge_slave_0 entered promiscuous mode [ 58.806504][ T4144] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.809237][ T4144] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.811751][ T4144] device bridge_slave_1 entered promiscuous mode [ 58.825135][ T4144] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.830373][ T4144] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.845370][ T4144] team0: Port device team_slave_0 added [ 58.848405][ T4144] team0: Port device team_slave_1 added [ 58.859890][ T4144] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.861814][ T4144] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.868851][ T4144] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.872949][ T4144] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.874840][ T4144] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.882182][ T4144] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.949278][ T4144] device hsr_slave_0 entered promiscuous mode [ 58.988192][ T4144] device hsr_slave_1 entered promiscuous mode [ 59.017660][ T4144] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 59.019952][ T4144] Cannot create hsr debugfs directory [ 59.072210][ T4144] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.748057][ T4129] Bluetooth: hci0: command 0x0409 tx timeout [ 61.193940][ T4144] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.827660][ T4129] Bluetooth: hci0: command 0x041b tx timeout [ 63.573717][ T4144] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 63.692760][ T4144] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 63.984669][ T4144] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 64.009240][ T4144] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 64.039419][ T4144] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 64.089249][ T4144] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 64.708706][ T4144] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.715502][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.722088][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.727021][ T4144] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.732630][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 64.735300][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.741124][ T333] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.743186][ T333] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.752100][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 64.754878][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 64.757976][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 64.760566][ T333] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.762548][ T333] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.764906][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 64.779121][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 64.781916][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 64.785430][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 64.789360][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 64.792049][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 64.794688][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 64.799783][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 64.802317][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 64.804931][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 64.810025][ T4144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 64.815704][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 64.882086][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 64.884223][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 64.891263][ T4144] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.902060][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 64.904950][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 64.907814][ T4128] Bluetooth: hci0: command 0x040f tx timeout [ 64.918953][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 64.921547][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 64.924863][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 64.927180][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 64.930287][ T4144] device veth0_vlan entered promiscuous mode [ 64.935842][ T4144] device veth1_vlan entered promiscuous mode [ 64.949243][ T553] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 64.951859][ T553] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 64.954320][ T553] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 64.956886][ T553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 64.964413][ T4144] device veth0_macvtap entered promiscuous mode [ 64.969444][ T4144] device veth1_macvtap entered promiscuous mode [ 64.981390][ T4144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.984374][ T4144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.988087][ T4144] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.990174][ T553] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 64.992757][ T553] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 64.995354][ T553] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 64.998789][ T553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 65.004074][ T4144] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.006914][ T4144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.010872][ T4144] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.012920][ T553] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 65.015634][ T553] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 65.020603][ T4144] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.022987][ T4144] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.025316][ T4144] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.028588][ T4144] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.074976][ T153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.077169][ T153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.083047][ T553] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 65.103078][ T153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.105293][ T153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.109086][ T553] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 1970/01/01 00:01:05 executed programs: 2 [ 65.147887][ T4164] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 65.203973][ T4166] ================================================================== [ 65.206132][ T4166] BUG: KASAN: use-after-free in ax25_fillin_cb+0x394/0x568 [ 65.208040][ T4166] Read of size 4 at addr ffff0000c0b7e838 by task syz.0.18/4166 [ 65.210064][ T4166] [ 65.210653][ T4166] CPU: 1 PID: 4166 Comm: syz.0.18 Not tainted 5.15.189-syzkaller #0 [ 65.212708][ T4166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 65.215313][ T4166] Call trace: [ 65.216164][ T4166] dump_backtrace+0x0/0x43c [ 65.217358][ T4166] show_stack+0x2c/0x3c [ 65.218460][ T4166] __dump_stack+0x30/0x40 [ 65.219591][ T4166] dump_stack_lvl+0xf8/0x160 [ 65.220749][ T4166] print_address_description+0x78/0x30c [ 65.222191][ T4166] kasan_report+0xec/0x15c [ 65.223375][ T4166] __asan_report_load4_noabort+0x44/0x50 [ 65.224838][ T4166] ax25_fillin_cb+0x394/0x568 [ 65.226056][ T4166] ax25_setsockopt+0x8d0/0xa5c [ 65.227325][ T4166] __sys_setsockopt+0x260/0x36c [ 65.228677][ T4166] __arm64_sys_setsockopt+0xb8/0xd4 [ 65.229993][ T4166] invoke_syscall+0x98/0x2b8 [ 65.231175][ T4166] el0_svc_common+0x138/0x258 [ 65.232459][ T4166] do_el0_svc+0x58/0x14c [ 65.233554][ T4166] el0_svc+0x78/0x1e0 [ 65.234590][ T4166] el0t_64_sync_handler+0xcc/0xe4 [ 65.235904][ T4166] el0t_64_sync+0x1a0/0x1a4 [ 65.237022][ T4166] [ 65.237651][ T4166] Allocated by task 4164: [ 65.238822][ T4166] __kasan_kmalloc+0xb0/0xf0 [ 65.240010][ T4166] kmem_cache_alloc_trace+0x274/0x3fc [ 65.241366][ T4166] ax25_dev_device_up+0x5c/0x540 [ 65.242653][ T4166] ax25_device_event+0x504/0x590 [ 65.243936][ T4166] raw_notifier_call_chain+0xd4/0x164 [ 65.245387][ T4166] __dev_notify_flags+0x250/0x46c [ 65.246703][ T4166] dev_change_flags+0xc8/0x154 [ 65.247941][ T4166] dev_ifsioc+0x504/0xef4 [ 65.249090][ T4166] dev_ioctl+0x4d0/0xc94 [ 65.250208][ T4166] sock_do_ioctl+0x18c/0x240 [ 65.251403][ T4166] sock_ioctl+0x5c8/0x87c [ 65.252549][ T4166] __arm64_sys_ioctl+0x14c/0x1c8 [ 65.253906][ T4166] invoke_syscall+0x98/0x2b8 [ 65.255108][ T4166] el0_svc_common+0x138/0x258 [ 65.256377][ T4166] do_el0_svc+0x58/0x14c [ 65.257476][ T4166] el0_svc+0x78/0x1e0 [ 65.258499][ T4166] el0t_64_sync_handler+0xcc/0xe4 [ 65.259824][ T4166] el0t_64_sync+0x1a0/0x1a4 [ 65.260998][ T4166] [ 65.261603][ T4166] Freed by task 4165: [ 65.262629][ T4166] kasan_set_track+0x4c/0x84 [ 65.263826][ T4166] kasan_set_free_info+0x28/0x4c [ 65.265117][ T4166] ____kasan_slab_free+0x118/0x164 [ 65.266458][ T4166] __kasan_slab_free+0x18/0x28 [ 65.267569][ T4166] slab_free_freelist_hook+0x128/0x1e8 [ 65.268808][ T4166] kfree+0x170/0x40c [ 65.269684][ T4166] ax25_release+0x564/0x814 [ 65.270712][ T4166] sock_close+0xb4/0x1f8 [ 65.271720][ T4166] __fput+0x1c0/0x7f8 [ 65.272770][ T4166] ____fput+0x20/0x30 [ 65.273793][ T4166] task_work_run+0x12c/0x1e0 [ 65.274986][ T4166] do_notify_resume+0x24b4/0x3128 [ 65.276258][ T4166] el0_svc+0xf0/0x1e0 [ 65.277258][ T4166] el0t_64_sync_handler+0xcc/0xe4 [ 65.278534][ T4166] el0t_64_sync+0x1a0/0x1a4 [ 65.279829][ T4166] [ 65.280478][ T4166] The buggy address belongs to the object at ffff0000c0b7e800 [ 65.280478][ T4166] which belongs to the cache kmalloc-256 of size 256 [ 65.284392][ T4166] The buggy address is located 56 bytes inside of [ 65.284392][ T4166] 256-byte region [ffff0000c0b7e800, ffff0000c0b7e900) [ 65.287936][ T4166] The buggy address belongs to the page: [ 65.289431][ T4166] page:000000004bc22321 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100b7e [ 65.292243][ T4166] head:000000004bc22321 order:1 compound_mapcount:0 [ 65.294076][ T4166] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 65.296226][ T4166] raw: 05ffc00000010200 0000000000000000 0000000100000001 ffff0000c0002480 [ 65.298535][ T4166] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 65.300835][ T4166] page dumped because: kasan: bad access detected [ 65.302654][ T4166] [ 65.303298][ T4166] Memory state around the buggy address: [ 65.304848][ T4166] ffff0000c0b7e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.307032][ T4166] ffff0000c0b7e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.309218][ T4166] >ffff0000c0b7e800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.311467][ T4166] ^ [ 65.313099][ T4166] ffff0000c0b7e880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.315345][ T4166] ffff0000c0b7e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.317528][ T4166] ================================================================== [ 65.319786][ T4166] Disabling lock debugging due to kernel taint [ 65.331592][ T4166] Unable to handle kernel paging request at virtual address a0a002ff000015ed [ 65.334684][ T4166] Mem abort info: [ 65.335673][ T4166] ESR = 0x0000000096000021 [ 65.336859][ T4166] EC = 0x25: DABT (current EL), IL = 32 bits [ 65.339924][ T4166] SET = 0, FnV = 0 [ 65.341039][ T4166] EA = 0, S1PTW = 0 [ 65.342188][ T4166] FSC = 0x21: alignment fault [ 65.343506][ T4166] Data abort info: [ 65.344533][ T4166] ISV = 0, ISS = 0x00000021 [ 65.345825][ T4166] CM = 0, WnR = 0 [ 65.346836][ T4166] [a0a002ff000015ed] address between user and kernel address ranges [ 65.349558][ T4166] Internal error: Oops: 0000000096000021 [#1] PREEMPT SMP [ 65.351444][ T4166] Modules linked in: [ 65.352547][ T4166] CPU: 1 PID: 4166 Comm: syz.0.18 Tainted: G B 5.15.189-syzkaller #0 [ 65.355101][ T4166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 65.357829][ T4166] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 65.359931][ T4166] pc : ax25_release+0x4f4/0x814 [ 65.361325][ T4166] lr : ax25_release+0x4ec/0x814 [ 65.362669][ T4166] sp : ffff80001f897a00 [ 65.363720][ T4166] x29: ffff80001f897a20 x28: dfff800000000000 x27: ffff0000d7c87080 [ 65.365928][ T4166] x26: ffff0000d81c8828 x25: 0000000000000002 x24: 00000000ffffffff [ 65.368158][ T4166] x23: a0a002ff000015ed x22: ffff0000c0b7e800 x21: ffff0000ddb81e18 [ 65.370300][ T4166] x20: ffff0000d7c87000 x19: 1fffe0001b039105 x18: 0000000000000000 [ 65.372569][ T4166] x17: 0000000000000000 x16: ffff8000082d6448 x15: 0000000000000002 [ 65.374715][ T4166] x14: 0000000000ff0100 x13: ffffffffffffffff x12: 0000000000ff0100 [ 65.376942][ T4166] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff80001045ef30 [ 65.379125][ T4166] x8 : ffff0000d1dcd1c0 x7 : 0000000000000000 x6 : ffff80000837b9bc [ 65.381266][ T4166] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80001045ef24 [ 65.383484][ T4166] x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000001 [ 65.385670][ T4166] Call trace: [ 65.386549][ T4166] ax25_release+0x4f4/0x814 [ 65.387771][ T4166] sock_close+0xb4/0x1f8 [ 65.388958][ T4166] __fput+0x1c0/0x7f8 [ 65.390054][ T4166] ____fput+0x20/0x30 [ 65.391114][ T4166] task_work_run+0x12c/0x1e0 [ 65.392352][ T4166] do_notify_resume+0x24b4/0x3128 [ 65.393712][ T4166] el0_svc+0xf0/0x1e0 [ 65.394721][ T4166] el0t_64_sync_handler+0xcc/0xe4 [ 65.396095][ T4166] el0t_64_sync+0x1a0/0x1a4 [ 65.397362][ T4166] Code: d503201f 96006935 52800038 4b1803f8 (b87802f8) [ 65.399253][ T4166] ---[ end trace e31420b59600e347 ]--- [ 65.722801][ T4166] Kernel panic - not syncing: Oops: Fatal exception [ 65.724639][ T4166] SMP: stopping secondary CPUs [ 65.725965][ T4166] Kernel Offset: disabled [ 65.727137][ T4166] CPU features: 0x8,000081c1,21302e40 [ 65.728620][ T4166] Memory Limit: none [ 66.062637][ T4166] Rebooting in 86400 seconds..