Warning: Permanently added '10.128.0.149' (ED25519) to the list of known hosts.
[ 57.592053][ T4164] chnl_net:caif_netlink_parms(): no params data found
[ 57.641047][ T4164] bridge0: port 1(bridge_slave_0) entered blocking state
[ 57.648722][ T4164] bridge0: port 1(bridge_slave_0) entered disabled state
[ 57.656668][ T4164] device bridge_slave_0 entered promiscuous mode
[ 57.666020][ T4164] bridge0: port 2(bridge_slave_1) entered blocking state
[ 57.673242][ T4164] bridge0: port 2(bridge_slave_1) entered disabled state
[ 57.681301][ T4164] device bridge_slave_1 entered promiscuous mode
[ 57.704994][ T4164] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 57.716499][ T4164] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 57.741526][ T4164] team0: Port device team_slave_0 added
[ 57.750438][ T4164] team0: Port device team_slave_1 added
[ 57.770920][ T4164] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 57.778076][ T4164] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 57.804067][ T4164] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 57.816847][ T4164] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 57.823866][ T4164] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 57.849773][ T4164] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 57.882487][ T4164] device hsr_slave_0 entered promiscuous mode
[ 57.889424][ T4164] device hsr_slave_1 entered promiscuous mode
[ 57.986306][ T4164] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 57.997202][ T4164] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 58.006405][ T4164] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 58.015646][ T4164] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 58.038197][ T4164] bridge0: port 2(bridge_slave_1) entered blocking state
[ 58.045386][ T4164] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 58.053325][ T4164] bridge0: port 1(bridge_slave_0) entered blocking state
[ 58.060422][ T4164] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 58.109723][ T4164] 8021q: adding VLAN 0 to HW filter on device bond0
[ 58.122773][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 58.132878][ T144] bridge0: port 1(bridge_slave_0) entered disabled state
[ 58.141811][ T144] bridge0: port 2(bridge_slave_1) entered disabled state
[ 58.149826][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 58.163864][ T4164] 8021q: adding VLAN 0 to HW filter on device team0
[ 58.175100][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 58.184945][ T144] bridge0: port 1(bridge_slave_0) entered blocking state
[ 58.192310][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 58.203977][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 58.212623][ T154] bridge0: port 2(bridge_slave_1) entered blocking state
[ 58.219714][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 58.237059][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 58.247223][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 58.266411][ T4164] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 58.279524][ T4164] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 58.292273][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 58.301066][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 58.309973][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 58.319286][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 58.334453][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 58.342107][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 58.355921][ T4164] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 58.374967][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 58.395010][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 58.404948][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 58.413208][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 58.424570][ T4164] device veth0_vlan entered promiscuous mode
[ 58.435917][ T4164] device veth1_vlan entered promiscuous mode
[ 58.455958][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 58.464506][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 58.472910][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 58.483967][ T4164] device veth0_macvtap entered promiscuous mode
[ 58.494047][ T4164] device veth1_macvtap entered promiscuous mode
[ 58.512547][ T4164] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 58.520268][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 58.530322][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 58.542689][ T4164] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 58.550471][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 58.562303][ T4164] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 58.571530][ T4164] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 58.583642][ T4164] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 58.592628][ T4164] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
executing program
executing program
executing program
[ 58.644267][ T4172] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[ 58.676596][ T4174] ==================================================================
[ 58.684813][ T4174] BUG: KASAN: use-after-free in ax25_fillin_cb+0x459/0x640
[ 58.692132][ T4174] Read of size 4 at addr ffff888018d97738 by task syz-executor428/4174
[ 58.700362][ T4174]
[ 58.702694][ T4174] CPU: 1 PID: 4174 Comm: syz-executor428 Not tainted 5.15.180-syzkaller #0
[ 58.711271][ T4174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 58.721326][ T4174] Call Trace:
[ 58.724598][ T4174]
[ 58.727527][ T4174] dump_stack_lvl+0x168/0x230
[ 58.732221][ T4174] ? show_regs_print_info+0x20/0x20
[ 58.737459][ T4174] ? _printk+0xcc/0x110
[ 58.741628][ T4174] ? ax25_fillin_cb+0x459/0x640
[ 58.746494][ T4174] ? load_image+0x3b0/0x3b0
[ 58.750997][ T4174] print_address_description+0x60/0x2d0
[ 58.756540][ T4174] ? ax25_fillin_cb+0x459/0x640
[ 58.761380][ T4174] kasan_report+0xdf/0x130
[ 58.765967][ T4174] ? ax25_fillin_cb+0x459/0x640
[ 58.771161][ T4174] ax25_fillin_cb+0x459/0x640
[ 58.775834][ T4174] ax25_setsockopt+0x8a2/0xa40
[ 58.780605][ T4174] ? ax25_shutdown+0x10/0x10
[ 58.785209][ T4174] ? aa_sock_opt_perm+0x74/0x100
[ 58.790141][ T4174] ? bpf_lsm_socket_setsockopt+0x5/0x10
[ 58.795697][ T4174] ? security_socket_setsockopt+0x7a/0xa0
[ 58.801407][ T4174] ? ax25_shutdown+0x10/0x10
[ 58.805989][ T4174] __sys_setsockopt+0x3d6/0x5e0
[ 58.810840][ T4174] ? __ia32_sys_recv+0xb0/0xb0
[ 58.815596][ T4174] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 58.821569][ T4174] ? lock_chain_count+0x20/0x20
[ 58.826411][ T4174] ? vtime_user_exit+0x2dc/0x400
[ 58.831348][ T4174] __x64_sys_setsockopt+0xb1/0xc0
[ 58.836369][ T4174] do_syscall_64+0x4c/0xa0
[ 58.840781][ T4174] ? clear_bhb_loop+0x15/0x70
[ 58.845465][ T4174] ? clear_bhb_loop+0x15/0x70
[ 58.850145][ T4174] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 58.856047][ T4174] RIP: 0033:0x7f0e1f3fa619
[ 58.860470][ T4174] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 58.880078][ T4174] RSP: 002b:00007ffc2bdb51b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 58.888513][ T4174] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f0e1f3fa619
[ 58.896484][ T4174] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000007
[ 58.904622][ T4174] RBP: 00007ffc2bdb51f0 R08: 0000000000000010 R09: 0000000000000001
[ 58.912672][ T4174] R10: 0000200000000000 R11: 0000000000000246 R12: 00000000000f4240
[ 58.920635][ T4174] R13: 000000000000e501 R14: 00007ffc2bdb51d4 R15: 00007ffc2bdb51e0
[ 58.928622][ T4174]
[ 58.931645][ T4174]
[ 58.933966][ T4174] Allocated by task 4172:
[ 58.938295][ T4174] __kasan_kmalloc+0xb5/0xf0
[ 58.942887][ T4174] ax25_dev_device_up+0x50/0x580
[ 58.947831][ T4174] ax25_device_event+0x483/0x4f0
[ 58.952765][ T4174] raw_notifier_call_chain+0xcb/0x160
[ 58.958169][ T4174] __dev_notify_flags+0x178/0x2d0
[ 58.963206][ T4174] dev_change_flags+0xe3/0x1a0
[ 58.967975][ T4174] dev_ifsioc+0x147/0xe70
[ 58.972296][ T4174] dev_ioctl+0x55f/0xe50
[ 58.976534][ T4174] sock_do_ioctl+0x222/0x2f0
[ 58.981116][ T4174] sock_ioctl+0x4ed/0x6e0
[ 58.985438][ T4174] __se_sys_ioctl+0xfa/0x170
[ 58.990022][ T4174] do_syscall_64+0x4c/0xa0
[ 58.994434][ T4174] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 59.000322][ T4174]
[ 59.002633][ T4174] Freed by task 4173:
[ 59.006594][ T4174] kasan_set_track+0x4b/0x70
[ 59.011458][ T4174] kasan_set_free_info+0x1f/0x40
[ 59.016438][ T4174] ____kasan_slab_free+0xd5/0x110
[ 59.021467][ T4174] slab_free_freelist_hook+0xea/0x170
[ 59.026868][ T4174] kfree+0xef/0x2a0
[ 59.030698][ T4174] ax25_release+0x661/0x870
[ 59.035196][ T4174] sock_close+0xd5/0x240
[ 59.039605][ T4174] __fput+0x234/0x930
[ 59.043694][ T4174] task_work_run+0x125/0x1a0
[ 59.048299][ T4174] exit_to_user_mode_loop+0x10f/0x130
[ 59.053667][ T4174] exit_to_user_mode_prepare+0xb1/0x140
[ 59.059207][ T4174] syscall_exit_to_user_mode+0x16/0x40
[ 59.064659][ T4174] do_syscall_64+0x58/0xa0
[ 59.069090][ T4174] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 59.075155][ T4174]
[ 59.077476][ T4174] The buggy address belongs to the object at ffff888018d97700
[ 59.077476][ T4174] which belongs to the cache kmalloc-192 of size 192
[ 59.091535][ T4174] The buggy address is located 56 bytes inside of
[ 59.091535][ T4174] 192-byte region [ffff888018d97700, ffff888018d977c0)
[ 59.104723][ T4174] The buggy address belongs to the page:
[ 59.110362][ T4174] page:ffffea00006365c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x18d97
[ 59.120503][ T4174] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 59.128062][ T4174] raw: 00fff00000000200 0000000000000000 0000000f00000001 ffff888016841a00
[ 59.136654][ T4174] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 59.145229][ T4174] page dumped because: kasan: bad access detected
[ 59.151642][ T4174] page_owner tracks the page as allocated
[ 59.157344][ T4174] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 2467479556, free_ts 0
[ 59.172175][ T4174] get_page_from_freelist+0x1b77/0x1c60
[ 59.177723][ T4174] __alloc_pages+0x1e1/0x470
[ 59.182308][ T4174] alloc_page_interleave+0x24/0x1e0
[ 59.187512][ T4174] new_slab+0xc0/0x4b0
[ 59.191573][ T4174] ___slab_alloc+0x81e/0xdf0
[ 59.196153][ T4174] __kmalloc_track_caller+0x1cb/0x330
[ 59.201599][ T4174] krealloc+0x5a/0xf0
[ 59.205570][ T4174] add_sysfs_param+0xe8/0x930
[ 59.210235][ T4174] kernel_add_sysfs_param+0xaf/0x120
[ 59.215508][ T4174] param_sysfs_builtin+0x164/0x1e0
[ 59.220606][ T4174] param_sysfs_init+0x66/0x70
[ 59.225270][ T4174] do_one_initcall+0x1ee/0x680
[ 59.230025][ T4174] do_initcall_level+0x137/0x1f0
[ 59.234956][ T4174] do_initcalls+0x4b/0x90
[ 59.239288][ T4174] kernel_init_freeable+0x3ce/0x560
[ 59.244485][ T4174] kernel_init+0x19/0x1b0
[ 59.248807][ T4174] page_owner free stack trace missing
[ 59.254160][ T4174]
[ 59.256469][ T4174] Memory state around the buggy address:
[ 59.262087][ T4174] ffff888018d97600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 59.270137][ T4174] ffff888018d97680: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 59.278195][ T4174] >ffff888018d97700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 59.286258][ T4174] ^
[ 59.292156][ T4174] ffff888018d97780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 59.300212][ T4174] ffff888018d97800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 59.308258][ T4174] ==================================================================
[ 59.316319][ T4174] Disabling lock debugging due to kernel taint
[ 59.324898][ T4174] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 59.332134][ T4174] CPU: 1 PID: 4174 Comm: syz-executor428 Tainted: G B 5.15.180-syzkaller #0
[ 59.342122][ T4174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 59.352171][ T4174] Call Trace:
[ 59.355514][ T4174]
[ 59.358465][ T4174] dump_stack_lvl+0x168/0x230
[ 59.363165][ T4174] ? show_regs_print_info+0x20/0x20
[ 59.368447][ T4174] ? load_image+0x3b0/0x3b0
[ 59.372962][ T4174] panic+0x2c9/0x7f0
[ 59.376867][ T4174] ? bpf_jit_dump+0xd0/0xd0
[ 59.381376][ T4174] ? _raw_spin_unlock_irqrestore+0xf6/0x100
[ 59.387275][ T4174] ? _raw_spin_unlock+0x40/0x40
[ 59.392123][ T4174] ? print_memory_metadata+0x314/0x400
[ 59.397587][ T4174] ? ax25_fillin_cb+0x459/0x640
[ 59.402443][ T4174] check_panic_on_warn+0x80/0xa0
[ 59.407390][ T4174] ? ax25_fillin_cb+0x459/0x640
[ 59.412233][ T4174] end_report+0x6d/0xf0
[ 59.416491][ T4174] kasan_report+0x102/0x130
[ 59.421082][ T4174] ? ax25_fillin_cb+0x459/0x640
[ 59.425945][ T4174] ax25_fillin_cb+0x459/0x640
[ 59.430621][ T4174] ax25_setsockopt+0x8a2/0xa40
[ 59.435392][ T4174] ? ax25_shutdown+0x10/0x10
[ 59.439977][ T4174] ? aa_sock_opt_perm+0x74/0x100
[ 59.444906][ T4174] ? bpf_lsm_socket_setsockopt+0x5/0x10
[ 59.450448][ T4174] ? security_socket_setsockopt+0x7a/0xa0
[ 59.456158][ T4174] ? ax25_shutdown+0x10/0x10
[ 59.460742][ T4174] __sys_setsockopt+0x3d6/0x5e0
[ 59.465587][ T4174] ? __ia32_sys_recv+0xb0/0xb0
[ 59.470339][ T4174] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 59.476313][ T4174] ? lock_chain_count+0x20/0x20
[ 59.481157][ T4174] ? vtime_user_exit+0x2dc/0x400
[ 59.486143][ T4174] __x64_sys_setsockopt+0xb1/0xc0
[ 59.491164][ T4174] do_syscall_64+0x4c/0xa0
[ 59.495609][ T4174] ? clear_bhb_loop+0x15/0x70
[ 59.500280][ T4174] ? clear_bhb_loop+0x15/0x70
[ 59.504963][ T4174] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 59.510851][ T4174] RIP: 0033:0x7f0e1f3fa619
[ 59.515257][ T4174] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 59.534850][ T4174] RSP: 002b:00007ffc2bdb51b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 59.543274][ T4174] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f0e1f3fa619
[ 59.551239][ T4174] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000007
[ 59.559203][ T4174] RBP: 00007ffc2bdb51f0 R08: 0000000000000010 R09: 0000000000000001
[ 59.567251][ T4174] R10: 0000200000000000 R11: 0000000000000246 R12: 00000000000f4240
[ 59.575212][ T4174] R13: 000000000000e501 R14: 00007ffc2bdb51d4 R15: 00007ffc2bdb51e0
[ 59.583180][ T4174]
[ 59.586490][ T4174] Kernel Offset: disabled
[ 59.590814][ T4174] Rebooting in 86400 seconds..