Warning: Permanently added '10.128.0.177' (ED25519) to the list of known hosts.
[   59.749775][ T4161] chnl_net:caif_netlink_parms(): no params data found
[   59.798827][ T4161] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.806329][ T4161] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.814778][ T4161] device bridge_slave_0 entered promiscuous mode
[   59.823985][ T4161] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.831082][ T4161] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.839116][ T4161] device bridge_slave_1 entered promiscuous mode
[   59.862483][ T4161] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   59.874805][ T4161] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   59.898830][ T4161] team0: Port device team_slave_0 added
[   59.906750][ T4161] team0: Port device team_slave_1 added
[   59.926382][ T4161] batman_adv: batadv0: Adding interface: batadv_slave_0
[   59.933496][ T4161] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.959445][ T4161] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   59.971945][ T4161] batman_adv: batadv0: Adding interface: batadv_slave_1
[   59.979074][ T4161] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   60.005130][ T4161] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   60.037397][ T4161] device hsr_slave_0 entered promiscuous mode
[   60.044547][ T4161] device hsr_slave_1 entered promiscuous mode
[   60.140468][ T4161] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   60.151390][ T4161] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   60.160711][ T4161] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   60.169798][ T4161] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   60.191858][ T4161] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.199030][ T4161] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.206797][ T4161] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.213898][ T4161] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.260415][ T4161] 8021q: adding VLAN 0 to HW filter on device bond0
[   60.274689][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   60.285108][  T144] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.293919][  T144] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.302032][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   60.315811][ T4161] 8021q: adding VLAN 0 to HW filter on device team0
[   60.327175][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   60.336590][  T144] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.343717][  T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.354735][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   60.363918][  T155] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.370972][  T155] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.389995][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   60.398619][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   60.413072][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   60.425938][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   60.438321][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   60.449709][ T4161] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   60.467129][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   60.474675][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   60.487102][ T4161] 8021q: adding VLAN 0 to HW filter on device batadv0
[   60.505604][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   60.524509][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   60.534458][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   60.542137][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   60.552815][ T4161] device veth0_vlan entered promiscuous mode
[   60.564939][ T4161] device veth1_vlan entered promiscuous mode
[   60.584310][ T4171] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   60.592421][ T4171] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   60.600946][ T4171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   60.611809][ T4161] device veth0_macvtap entered promiscuous mode
[   60.621833][ T4161] device veth1_macvtap entered promiscuous mode
[   60.639134][ T4161] batman_adv: batadv0: Interface activated: batadv_slave_0
[   60.647032][ T4171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   60.656957][ T4171] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   60.668895][ T4161] batman_adv: batadv0: Interface activated: batadv_slave_1
[   60.676882][ T4171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
executing program
[   60.687841][ T4161] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   60.697362][ T4161] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   60.706606][ T4161] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   60.715667][ T4161] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
executing program
executing program
executing program
[   60.765364][ T4172] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[   60.807342][ T4175] ==================================================================
[   60.815548][ T4175] BUG: KASAN: use-after-free in ax25_fillin_cb+0x460/0x660
[   60.822781][ T4175] Read of size 4 at addr ffff88801a3c0138 by task syz-executor262/4175
[   60.831006][ T4175] 
[   60.833353][ T4175] CPU: 0 PID: 4175 Comm: syz-executor262 Not tainted 5.15.180-syzkaller #0
[   60.841959][ T4175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   60.852166][ T4175] Call Trace:
[   60.855469][ T4175]  <TASK>
[   60.858396][ T4175]  dump_stack_lvl+0x1e3/0x2d0
[   60.863126][ T4175]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[   60.868763][ T4175]  ? _printk+0xd1/0x120
[   60.872955][ T4175]  ? __wake_up_klogd+0xcc/0x100
[   60.877820][ T4175]  ? panic+0x860/0x860
[   60.881899][ T4175]  ? _raw_spin_lock_irqsave+0xdd/0x120
[   60.887358][ T4175]  ? __lock_acquire+0x1ff0/0x1ff0
[   60.892389][ T4175]  print_address_description+0x63/0x3b0
[   60.897936][ T4175]  ? ax25_fillin_cb+0x460/0x660
[   60.902793][ T4175]  kasan_report+0x16b/0x1c0
[   60.907294][ T4175]  ? ax25_fillin_cb+0x460/0x660
[   60.912148][ T4175]  ax25_fillin_cb+0x460/0x660
[   60.916820][ T4175]  ax25_setsockopt+0xab7/0xe70
[   60.921785][ T4175]  ? ax25_shutdown+0x10/0x10
[   60.926392][ T4175]  ? aa_sock_opt_perm+0x79/0x110
[   60.931328][ T4175]  ? bpf_lsm_socket_setsockopt+0x5/0x10
[   60.937068][ T4175]  ? security_socket_setsockopt+0x7d/0xa0
[   60.942787][ T4175]  ? ax25_shutdown+0x10/0x10
[   60.947376][ T4175]  __sys_setsockopt+0x57e/0x990
[   60.952303][ T4175]  ? __ia32_sys_recv+0xb0/0xb0
[   60.957085][ T4175]  ? syscall_enter_from_user_mode+0x2e/0x240
[   60.963076][ T4175]  __x64_sys_setsockopt+0xb1/0xc0
[   60.968142][ T4175]  do_syscall_64+0x3b/0xb0
[   60.972560][ T4175]  ? clear_bhb_loop+0x15/0x70
[   60.977248][ T4175]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   60.983144][ T4175] RIP: 0033:0x7f9d344965d9
[   60.987570][ T4175] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   61.007492][ T4175] RSP: 002b:00007ffee49f78a8 EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[   61.015943][ T4175] RAX: ffffffffffffffda RBX: 0000200000000000 RCX: 00007f9d344965d9
[   61.023912][ T4175] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000004
[   61.031879][ T4175] RBP: 00007ffee49f78e0 R08: 0000000000000010 R09: 0000000000000001
[   61.039849][ T4175] R10: 0000200000000000 R11: 0000000000000206 R12: 00000000000f4240
[   61.047835][ T4175] R13: 000000000000ed63 R14: 00007ffee49f78c4 R15: 00007ffee49f78d0
[   61.055995][ T4175]  </TASK>
[   61.059010][ T4175] 
[   61.061323][ T4175] Allocated by task 4172:
[   61.065645][ T4175]  ____kasan_kmalloc+0xba/0xf0
[   61.070446][ T4175]  kmem_cache_alloc_trace+0x143/0x290
[   61.075822][ T4175]  ax25_dev_device_up+0x51/0x5a0
[   61.081113][ T4175]  ax25_device_event+0x4a0/0x510
[   61.086054][ T4175]  raw_notifier_call_chain+0xd0/0x170
[   61.091432][ T4175]  __dev_notify_flags+0x1fd/0x3f0
[   61.096568][ T4175]  dev_change_flags+0xe7/0x190
[   61.101350][ T4175]  dev_ifsioc+0x147/0x10c0
[   61.105775][ T4175]  dev_ioctl+0x504/0xf60
[   61.110015][ T4175]  sock_do_ioctl+0x34f/0x5a0
[   61.114687][ T4175]  sock_ioctl+0x484/0x770
[   61.119035][ T4175]  __se_sys_ioctl+0xf1/0x160
[   61.123794][ T4175]  do_syscall_64+0x3b/0xb0
[   61.128210][ T4175]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   61.134116][ T4175] 
[   61.136452][ T4175] Freed by task 4174:
[   61.140502][ T4175]  kasan_set_track+0x4b/0x80
[   61.145114][ T4175]  kasan_set_free_info+0x1f/0x40
[   61.150062][ T4175]  ____kasan_slab_free+0xd8/0x120
[   61.155079][ T4175]  slab_free_freelist_hook+0xdd/0x160
[   61.160449][ T4175]  kfree+0xf1/0x270
[   61.164252][ T4175]  ax25_release+0x3b3/0x840
[   61.168755][ T4175]  sock_close+0xcd/0x230
[   61.172989][ T4175]  __fput+0x3fe/0x8e0
[   61.176960][ T4175]  task_work_run+0x129/0x1a0
[   61.181542][ T4175]  exit_to_user_mode_loop+0x106/0x130
[   61.186902][ T4175]  exit_to_user_mode_prepare+0xb1/0x140
[   61.192450][ T4175]  syscall_exit_to_user_mode+0x5d/0x240
[   61.198006][ T4175]  do_syscall_64+0x47/0xb0
[   61.202419][ T4175]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   61.208311][ T4175] 
[   61.210644][ T4175] The buggy address belongs to the object at ffff88801a3c0100
[   61.210644][ T4175]  which belongs to the cache kmalloc-192 of size 192
[   61.224688][ T4175] The buggy address is located 56 bytes inside of
[   61.224688][ T4175]  192-byte region [ffff88801a3c0100, ffff88801a3c01c0)
[   61.237870][ T4175] The buggy address belongs to the page:
[   61.243511][ T4175] page:ffffea000068f000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1a3c0
[   61.253673][ T4175] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   61.261223][ T4175] raw: 00fff00000000200 dead000000000100 dead000000000122 ffff888017441a00
[   61.269814][ T4175] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   61.278504][ T4175] page dumped because: kasan: bad access detected
[   61.284909][ T4175] page_owner tracks the page as allocated
[   61.290626][ T4175] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 2311389386, free_ts 0
[   61.305546][ T4175]  get_page_from_freelist+0x3b78/0x3d40
[   61.311109][ T4175]  __alloc_pages+0x272/0x700
[   61.315715][ T4175]  alloc_page_interleave+0x22/0x1c0
[   61.320906][ T4175]  new_slab+0xbb/0x4b0
[   61.324967][ T4175]  ___slab_alloc+0x6f6/0xe10
[   61.329561][ T4175]  __kmalloc_track_caller+0x1c7/0x300
[   61.334921][ T4175]  krealloc+0x5c/0xf0
[   61.338897][ T4175]  add_sysfs_param+0xca/0x7f0
[   61.343581][ T4175]  kernel_add_sysfs_param+0xb0/0x130
[   61.348895][ T4175]  param_sysfs_builtin+0x16a/0x1f0
[   61.353999][ T4175]  param_sysfs_init+0x66/0x70
[   61.358666][ T4175]  do_one_initcall+0x22b/0x7a0
[   61.363425][ T4175]  do_initcall_level+0x157/0x210
[   61.368375][ T4175]  do_initcalls+0x49/0x90
[   61.372721][ T4175]  kernel_init_freeable+0x425/0x5c0
[   61.377914][ T4175]  kernel_init+0x19/0x290
[   61.382233][ T4175] page_owner free stack trace missing
[   61.387688][ T4175] 
[   61.390003][ T4175] Memory state around the buggy address:
[   61.395622][ T4175]  ffff88801a3c0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   61.403675][ T4175]  ffff88801a3c0080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   61.411721][ T4175] >ffff88801a3c0100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   61.419769][ T4175]                                         ^
[   61.425667][ T4175]  ffff88801a3c0180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   61.433717][ T4175]  ffff88801a3c0200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   61.441759][ T4175] ==================================================================
[   61.449803][ T4175] Disabling lock debugging due to kernel taint
[   61.457046][ T4175] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   61.464252][ T4175] CPU: 1 PID: 4175 Comm: syz-executor262 Tainted: G    B             5.15.180-syzkaller #0
[   61.474262][ T4175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   61.484324][ T4175] Call Trace:
[   61.487590][ T4175]  <TASK>
[   61.490507][ T4175]  dump_stack_lvl+0x1e3/0x2d0
[   61.495184][ T4175]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[   61.500809][ T4175]  ? panic+0x860/0x860
[   61.504868][ T4175]  ? preempt_schedule_common+0xa6/0xd0
[   61.510322][ T4175]  ? preempt_schedule+0xd9/0xe0
[   61.515163][ T4175]  panic+0x318/0x860
[   61.519046][ T4175]  ? check_panic_on_warn+0x1d/0xa0
[   61.524145][ T4175]  ? fb_is_primary_device+0xd0/0xd0
[   61.529331][ T4175]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   61.535298][ T4175]  ? _raw_spin_unlock+0x40/0x40
[   61.540167][ T4175]  check_panic_on_warn+0x7e/0xa0
[   61.545090][ T4175]  ? ax25_fillin_cb+0x460/0x660
[   61.549940][ T4175]  end_report+0x6d/0xf0
[   61.554099][ T4175]  kasan_report+0x18e/0x1c0
[   61.558601][ T4175]  ? ax25_fillin_cb+0x460/0x660
[   61.563451][ T4175]  ax25_fillin_cb+0x460/0x660
[   61.568123][ T4175]  ax25_setsockopt+0xab7/0xe70
[   61.572880][ T4175]  ? ax25_shutdown+0x10/0x10
[   61.577469][ T4175]  ? aa_sock_opt_perm+0x79/0x110
[   61.582399][ T4175]  ? bpf_lsm_socket_setsockopt+0x5/0x10
[   61.587937][ T4175]  ? security_socket_setsockopt+0x7d/0xa0
[   61.593669][ T4175]  ? ax25_shutdown+0x10/0x10
[   61.598271][ T4175]  __sys_setsockopt+0x57e/0x990
[   61.603116][ T4175]  ? __ia32_sys_recv+0xb0/0xb0
[   61.607893][ T4175]  ? syscall_enter_from_user_mode+0x2e/0x240
[   61.613862][ T4175]  __x64_sys_setsockopt+0xb1/0xc0
[   61.618971][ T4175]  do_syscall_64+0x3b/0xb0
[   61.623374][ T4175]  ? clear_bhb_loop+0x15/0x70
[   61.628039][ T4175]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   61.633935][ T4175] RIP: 0033:0x7f9d344965d9
[   61.638341][ T4175] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   61.657952][ T4175] RSP: 002b:00007ffee49f78a8 EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[   61.666359][ T4175] RAX: ffffffffffffffda RBX: 0000200000000000 RCX: 00007f9d344965d9
[   61.674407][ T4175] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000004
[   61.682372][ T4175] RBP: 00007ffee49f78e0 R08: 0000000000000010 R09: 0000000000000001
[   61.690440][ T4175] R10: 0000200000000000 R11: 0000000000000206 R12: 00000000000f4240
[   61.698409][ T4175] R13: 000000000000ed63 R14: 00007ffee49f78c4 R15: 00007ffee49f78d0
[   61.706404][ T4175]  </TASK>
[   61.709745][ T4175] Kernel Offset: disabled
[   61.714070][ T4175] Rebooting in 86400 seconds..