Warning: Permanently added '10.128.0.253' (ED25519) to the list of known hosts.
[   59.967421][ T4164] chnl_net:caif_netlink_parms(): no params data found
[   60.017485][ T4164] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.025241][ T4164] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.033546][ T4164] device bridge_slave_0 entered promiscuous mode
[   60.043152][ T4164] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.050347][ T4164] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.058459][ T4164] device bridge_slave_1 entered promiscuous mode
[   60.081684][ T4164] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   60.093033][ T4164] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   60.117991][ T4164] team0: Port device team_slave_0 added
[   60.125483][ T4164] team0: Port device team_slave_1 added
[   60.145818][ T4164] batman_adv: batadv0: Adding interface: batadv_slave_0
[   60.153089][ T4164] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   60.179097][ T4164] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   60.191745][ T4164] batman_adv: batadv0: Adding interface: batadv_slave_1
[   60.198827][ T4164] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   60.224976][ T4164] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   60.257500][ T4164] device hsr_slave_0 entered promiscuous mode
[   60.264638][ T4164] device hsr_slave_1 entered promiscuous mode
[   60.363909][ T4164] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   60.375056][ T4164] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   60.384380][ T4164] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   60.393816][ T4164] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   60.417208][ T4164] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.424376][ T4164] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.432415][ T4164] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.439545][ T4164] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.490107][ T4164] 8021q: adding VLAN 0 to HW filter on device bond0
[   60.503366][  T491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   60.514251][  T491] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.522689][  T491] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.532375][  T491] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   60.546249][ T4164] 8021q: adding VLAN 0 to HW filter on device team0
[   60.557317][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   60.565730][  T144] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.572881][  T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.584505][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   60.593278][  T144] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.600372][  T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.621170][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   60.630654][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   60.649673][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   60.658690][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   60.667617][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   60.678551][ T4164] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   60.695572][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   60.703309][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   60.716569][ T4164] 8021q: adding VLAN 0 to HW filter on device batadv0
[   60.734883][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   60.755211][  T448] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   60.763987][  T448] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   60.772548][  T448] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   60.783321][ T4164] device veth0_vlan entered promiscuous mode
[   60.795873][ T4164] device veth1_vlan entered promiscuous mode
[   60.817746][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   60.826131][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   60.834896][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   60.846087][ T4164] device veth0_macvtap entered promiscuous mode
[   60.857871][ T4164] device veth1_macvtap entered promiscuous mode
[   60.875121][ T4164] batman_adv: batadv0: Interface activated: batadv_slave_0
[   60.882831][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   60.892205][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   60.904542][ T4164] batman_adv: batadv0: Interface activated: batadv_slave_1
[   60.913127][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   60.926162][ T4164] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   60.935594][ T4164] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   60.944712][ T4164] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   60.953494][ T4164] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
executing program
executing program
executing program
executing program
[   61.011549][ T4173] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[   61.054521][ T4176] ==================================================================
[   61.062726][ T4176] BUG: KASAN: use-after-free in ax25_fillin_cb+0x460/0x660
[   61.069946][ T4176] Read of size 4 at addr ffff8880197f8938 by task syz-executor338/4176
[   61.078175][ T4176] 
[   61.080501][ T4176] CPU: 1 PID: 4176 Comm: syz-executor338 Not tainted 5.15.180-syzkaller #0
[   61.089074][ T4176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   61.099144][ T4176] Call Trace:
[   61.102425][ T4176]  <TASK>
[   61.105344][ T4176]  dump_stack_lvl+0x1e3/0x2d0
[   61.110029][ T4176]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[   61.115662][ T4176]  ? _printk+0xd1/0x120
[   61.119814][ T4176]  ? __wake_up_klogd+0xcc/0x100
[   61.124690][ T4176]  ? panic+0x860/0x860
[   61.128755][ T4176]  ? _raw_spin_lock_irqsave+0xdd/0x120
[   61.134232][ T4176]  ? __lock_acquire+0x1ff0/0x1ff0
[   61.139251][ T4176]  print_address_description+0x63/0x3b0
[   61.144794][ T4176]  ? ax25_fillin_cb+0x460/0x660
[   61.149642][ T4176]  kasan_report+0x16b/0x1c0
[   61.154143][ T4176]  ? ax25_fillin_cb+0x460/0x660
[   61.159000][ T4176]  ax25_fillin_cb+0x460/0x660
[   61.163706][ T4176]  ax25_setsockopt+0xab7/0xe70
[   61.168482][ T4176]  ? ax25_shutdown+0x10/0x10
[   61.173073][ T4176]  ? aa_sock_opt_perm+0x79/0x110
[   61.178002][ T4176]  ? bpf_lsm_socket_setsockopt+0x5/0x10
[   61.183538][ T4176]  ? security_socket_setsockopt+0x7d/0xa0
[   61.189247][ T4176]  ? ax25_shutdown+0x10/0x10
[   61.193835][ T4176]  __sys_setsockopt+0x57e/0x990
[   61.198719][ T4176]  ? __ia32_sys_recv+0xb0/0xb0
[   61.203482][ T4176]  ? syscall_enter_from_user_mode+0x2e/0x240
[   61.209456][ T4176]  __x64_sys_setsockopt+0xb1/0xc0
[   61.214483][ T4176]  do_syscall_64+0x3b/0xb0
[   61.218896][ T4176]  ? clear_bhb_loop+0x15/0x70
[   61.223569][ T4176]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   61.229474][ T4176] RIP: 0033:0x7f68664c15d9
[   61.233882][ T4176] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   61.253495][ T4176] RSP: 002b:00007ffe659123e8 EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[   61.261926][ T4176] RAX: ffffffffffffffda RBX: 0000200000000000 RCX: 00007f68664c15d9
[   61.269908][ T4176] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000004
[   61.277871][ T4176] RBP: 00007ffe65912420 R08: 0000000000000010 R09: 0000000000000001
[   61.285832][ T4176] R10: 0000200000000000 R11: 0000000000000206 R12: 00000000000f4240
[   61.293798][ T4176] R13: 000000000000ee4b R14: 00007ffe65912404 R15: 00007ffe65912410
[   61.301775][ T4176]  </TASK>
[   61.304785][ T4176] 
[   61.307103][ T4176] Allocated by task 4173:
[   61.311444][ T4176]  ____kasan_kmalloc+0xba/0xf0
[   61.316201][ T4176]  kmem_cache_alloc_trace+0x143/0x290
[   61.321564][ T4176]  ax25_dev_device_up+0x51/0x5a0
[   61.326496][ T4176]  ax25_device_event+0x4a0/0x510
[   61.331423][ T4176]  raw_notifier_call_chain+0xd0/0x170
[   61.336784][ T4176]  __dev_notify_flags+0x1fd/0x3f0
[   61.341798][ T4176]  dev_change_flags+0xe7/0x190
[   61.346550][ T4176]  dev_ifsioc+0x147/0x10c0
[   61.350960][ T4176]  dev_ioctl+0x504/0xf60
[   61.355192][ T4176]  sock_do_ioctl+0x34f/0x5a0
[   61.359787][ T4176]  sock_ioctl+0x484/0x770
[   61.364126][ T4176]  __se_sys_ioctl+0xf1/0x160
[   61.368712][ T4176]  do_syscall_64+0x3b/0xb0
[   61.373120][ T4176]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   61.379018][ T4176] 
[   61.381330][ T4176] Freed by task 4175:
[   61.385345][ T4176]  kasan_set_track+0x4b/0x80
[   61.389926][ T4176]  kasan_set_free_info+0x1f/0x40
[   61.394883][ T4176]  ____kasan_slab_free+0xd8/0x120
[   61.399899][ T4176]  slab_free_freelist_hook+0xdd/0x160
[   61.405272][ T4176]  kfree+0xf1/0x270
[   61.409085][ T4176]  ax25_release+0x3b3/0x840
[   61.413608][ T4176]  sock_close+0xcd/0x230
[   61.417856][ T4176]  __fput+0x3fe/0x8e0
[   61.421827][ T4176]  task_work_run+0x129/0x1a0
[   61.426431][ T4176]  exit_to_user_mode_loop+0x106/0x130
[   61.431793][ T4176]  exit_to_user_mode_prepare+0xb1/0x140
[   61.437328][ T4176]  syscall_exit_to_user_mode+0x5d/0x240
[   61.442860][ T4176]  do_syscall_64+0x47/0xb0
[   61.447269][ T4176]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   61.453170][ T4176] 
[   61.455480][ T4176] The buggy address belongs to the object at ffff8880197f8900
[   61.455480][ T4176]  which belongs to the cache kmalloc-192 of size 192
[   61.469527][ T4176] The buggy address is located 56 bytes inside of
[   61.469527][ T4176]  192-byte region [ffff8880197f8900, ffff8880197f89c0)
[   61.482715][ T4176] The buggy address belongs to the page:
[   61.488344][ T4176] page:ffffea000065fe00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x197f8
[   61.498483][ T4176] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   61.506060][ T4176] raw: 00fff00000000200 dead000000000100 dead000000000122 ffff888017441a00
[   61.514667][ T4176] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   61.523274][ T4176] page dumped because: kasan: bad access detected
[   61.529693][ T4176] page_owner tracks the page as allocated
[   61.535396][ T4176] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 2607065833, free_ts 0
[   61.550232][ T4176]  get_page_from_freelist+0x3b78/0x3d40
[   61.555779][ T4176]  __alloc_pages+0x272/0x700
[   61.560375][ T4176]  alloc_page_interleave+0x22/0x1c0
[   61.565575][ T4176]  new_slab+0xbb/0x4b0
[   61.569642][ T4176]  ___slab_alloc+0x6f6/0xe10
[   61.574225][ T4176]  kmem_cache_alloc_trace+0x1a0/0x290
[   61.579589][ T4176]  call_usermodehelper_setup+0x8a/0x260
[   61.585137][ T4176]  kobject_uevent_env+0x681/0x8d0
[   61.590163][ T4176]  kernel_add_sysfs_param+0x106/0x130
[   61.595521][ T4176]  param_sysfs_builtin+0x16a/0x1f0
[   61.600627][ T4176]  param_sysfs_init+0x66/0x70
[   61.605289][ T4176]  do_one_initcall+0x22b/0x7a0
[   61.610046][ T4176]  do_initcall_level+0x157/0x210
[   61.614980][ T4176]  do_initcalls+0x49/0x90
[   61.619301][ T4176]  kernel_init_freeable+0x425/0x5c0
[   61.624496][ T4176]  kernel_init+0x19/0x290
[   61.628813][ T4176] page_owner free stack trace missing
[   61.634167][ T4176] 
[   61.636474][ T4176] Memory state around the buggy address:
[   61.642107][ T4176]  ffff8880197f8800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   61.650166][ T4176]  ffff8880197f8880: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   61.658229][ T4176] >ffff8880197f8900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   61.666331][ T4176]                                         ^
[   61.672239][ T4176]  ffff8880197f8980: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   61.680292][ T4176]  ffff8880197f8a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   61.688382][ T4176] ==================================================================
[   61.696441][ T4176] Disabling lock debugging due to kernel taint
[   61.705728][ T4176] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   61.712959][ T4176] CPU: 0 PID: 4176 Comm: syz-executor338 Tainted: G    B             5.15.180-syzkaller #0
[   61.722949][ T4176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   61.732998][ T4176] Call Trace:
[   61.736270][ T4176]  <TASK>
[   61.739189][ T4176]  dump_stack_lvl+0x1e3/0x2d0
[   61.743869][ T4176]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[   61.749499][ T4176]  ? panic+0x860/0x860
[   61.753556][ T4176]  ? preempt_schedule_common+0xa6/0xd0
[   61.759005][ T4176]  ? preempt_schedule+0xd9/0xe0
[   61.763860][ T4176]  panic+0x318/0x860
[   61.767742][ T4176]  ? check_panic_on_warn+0x1d/0xa0
[   61.772846][ T4176]  ? fb_is_primary_device+0xd0/0xd0
[   61.778034][ T4176]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   61.784091][ T4176]  ? _raw_spin_unlock+0x40/0x40
[   61.788930][ T4176]  check_panic_on_warn+0x7e/0xa0
[   61.793862][ T4176]  ? ax25_fillin_cb+0x460/0x660
[   61.798750][ T4176]  end_report+0x6d/0xf0
[   61.802907][ T4176]  kasan_report+0x18e/0x1c0
[   61.807402][ T4176]  ? ax25_fillin_cb+0x460/0x660
[   61.812262][ T4176]  ax25_fillin_cb+0x460/0x660
[   61.816936][ T4176]  ax25_setsockopt+0xab7/0xe70
[   61.821707][ T4176]  ? ax25_shutdown+0x10/0x10
[   61.826289][ T4176]  ? aa_sock_opt_perm+0x79/0x110
[   61.831244][ T4176]  ? bpf_lsm_socket_setsockopt+0x5/0x10
[   61.836824][ T4176]  ? security_socket_setsockopt+0x7d/0xa0
[   61.842578][ T4176]  ? ax25_shutdown+0x10/0x10
[   61.847164][ T4176]  __sys_setsockopt+0x57e/0x990
[   61.852026][ T4176]  ? __ia32_sys_recv+0xb0/0xb0
[   61.856781][ T4176]  ? syscall_enter_from_user_mode+0x2e/0x240
[   61.862748][ T4176]  __x64_sys_setsockopt+0xb1/0xc0
[   61.867775][ T4176]  do_syscall_64+0x3b/0xb0
[   61.872181][ T4176]  ? clear_bhb_loop+0x15/0x70
[   61.876846][ T4176]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   61.882739][ T4176] RIP: 0033:0x7f68664c15d9
[   61.887145][ T4176] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   61.906917][ T4176] RSP: 002b:00007ffe659123e8 EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[   61.915334][ T4176] RAX: ffffffffffffffda RBX: 0000200000000000 RCX: 00007f68664c15d9
[   61.923295][ T4176] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000004
[   61.931257][ T4176] RBP: 00007ffe65912420 R08: 0000000000000010 R09: 0000000000000001
[   61.939219][ T4176] R10: 0000200000000000 R11: 0000000000000206 R12: 00000000000f4240
[   61.947179][ T4176] R13: 000000000000ee4b R14: 00007ffe65912404 R15: 00007ffe65912410
[   61.955145][ T4176]  </TASK>
[   61.958467][ T4176] Kernel Offset: disabled
[   61.962805][ T4176] Rebooting in 86400 seconds..