Warning: Permanently added '10.128.1.55' (ED25519) to the list of known hosts.
1970/01/01 00:00:41 ignoring optional flag "sandboxArg"="0"
1970/01/01 00:00:42 parsed 1 programs
[   44.945784][ T4039] cgroup: Unknown subsys name 'net'
[   45.186288][ T4039] cgroup: Unknown subsys name 'rlimit'
[   45.508122][ T4039] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k SSFS
[   52.397461][ T4062] chnl_net:caif_netlink_parms(): no params data found
[   52.445567][ T4062] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.447686][ T4062] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.451486][ T4062] device bridge_slave_0 entered promiscuous mode
[   52.459086][ T4062] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.461264][ T4062] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.463863][ T4062] device bridge_slave_1 entered promiscuous mode
[   52.480794][ T4062] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   52.485376][ T4062] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   52.506718][ T4062] team0: Port device team_slave_0 added
[   52.509833][ T4062] team0: Port device team_slave_1 added
[   52.523039][ T4062] batman_adv: batadv0: Adding interface: batadv_slave_0
[   52.524827][ T4062] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   52.531899][ T4062] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   52.536652][ T4062] batman_adv: batadv0: Adding interface: batadv_slave_1
[   52.538578][ T4062] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   52.545881][ T4062] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   52.622350][ T4062] device hsr_slave_0 entered promiscuous mode
[   52.670422][ T4062] device hsr_slave_1 entered promiscuous mode
[   52.801790][ T4062] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   52.853361][ T4062] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   52.914629][ T4062] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   52.954788][ T4062] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   53.025129][ T4062] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.027195][ T4062] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.029637][ T4062] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.031770][ T4062] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.094112][ T4062] 8021q: adding VLAN 0 to HW filter on device bond0
[   53.104143][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   53.108424][  T136] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.112446][  T136] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.115542][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   53.127192][ T4062] 8021q: adding VLAN 0 to HW filter on device team0
[   53.133800][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   53.136854][  T136] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.138950][  T136] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.151479][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   53.154376][  T136] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.156356][  T136] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.165254][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   53.172568][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   53.175731][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   53.185698][ T4062] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   53.188568][ T4062] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   53.196512][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   53.199709][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   53.205570][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   53.290340][ T4062] 8021q: adding VLAN 0 to HW filter on device batadv0
[   53.293502][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   53.295646][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   53.309213][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   53.326789][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   53.329543][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   53.333182][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   53.338404][ T4062] device veth0_vlan entered promiscuous mode
[   53.347930][ T4062] device veth1_vlan entered promiscuous mode
[   53.366076][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   53.369297][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   53.373397][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   53.378168][ T4062] device veth0_macvtap entered promiscuous mode
[   53.384664][ T4062] device veth1_macvtap entered promiscuous mode
[   53.396692][ T4062] batman_adv: batadv0: Interface activated: batadv_slave_0
[   53.399025][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   53.402243][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   53.407383][ T4062] batman_adv: batadv0: Interface activated: batadv_slave_1
[   53.411520][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   53.414515][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   53.417997][ T4062] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   53.421118][ T4062] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   53.423496][ T4062] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   53.425832][ T4062] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   54.533108][    T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   54.683323][  T293] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   54.685652][  T293] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   54.688676][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   54.709404][  T293] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   54.711828][  T293] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   54.714552][  T293] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
1970/01/01 00:00:55 executed programs: 0
[   55.652654][ T4131] chnl_net:caif_netlink_parms(): no params data found
[   55.689157][ T4131] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.691817][ T4131] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.694531][ T4131] device bridge_slave_0 entered promiscuous mode
[   55.698377][ T4131] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.700911][ T4131] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.703630][ T4131] device bridge_slave_1 entered promiscuous mode
[   55.720373][ T4131] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.725040][ T4131] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.744279][ T4131] team0: Port device team_slave_0 added
[   55.748315][ T4131] team0: Port device team_slave_1 added
[   55.761643][ T4131] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.763559][ T4131] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.771850][ T4131] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.776255][ T4131] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.778146][ T4131] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.785509][ T4131] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.842255][ T4131] device hsr_slave_0 entered promiscuous mode
[   55.880421][ T4131] device hsr_slave_1 entered promiscuous mode
[   55.930157][ T4131] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   55.932497][ T4131] Cannot create hsr debugfs directory
[   57.008109][    T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   57.620634][ T4103] Bluetooth: hci0: command 0x0409 tx timeout
[   58.847737][    T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   58.900007][    T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   59.690317][ T4154] Bluetooth: hci0: command 0x041b tx timeout
[   59.888266][ T4131] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   59.970978][ T4131] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   60.012235][ T4131] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   60.032024][ T4131] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   60.126906][ T4131] 8021q: adding VLAN 0 to HW filter on device bond0
[   60.135970][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   60.138613][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   60.143818][ T4131] 8021q: adding VLAN 0 to HW filter on device team0
[   60.148388][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   60.154052][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   60.156670][  T371] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.158705][  T371] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.161917][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   60.166968][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   60.169926][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   60.175711][  T371] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.177669][  T371] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.184577][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   60.217376][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   60.223593][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   60.227484][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   60.235913][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   60.241840][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   60.245907][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   60.252325][  T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   60.255051][  T293] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   60.260432][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   60.263379][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   60.268157][ T4131] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   60.345708][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   60.347930][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   60.359393][ T4131] 8021q: adding VLAN 0 to HW filter on device batadv0
[   60.373275][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   60.376180][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   60.387965][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   60.392253][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   60.421823][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   60.424457][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   60.427625][ T4131] device veth0_vlan entered promiscuous mode
[   60.436888][ T4131] device veth1_vlan entered promiscuous mode
[   60.452222][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   60.455023][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   60.457760][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   60.460883][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   60.464366][ T4131] device veth0_macvtap entered promiscuous mode
[   60.494992][ T4131] device veth1_macvtap entered promiscuous mode
[   60.504768][ T4131] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   60.507796][ T4131] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.512660][ T4131] batman_adv: batadv0: Interface activated: batadv_slave_0
[   60.514755][  T628] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   60.517561][  T628] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   60.520914][  T628] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   60.523803][  T628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   60.528475][ T4131] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   60.532363][ T4131] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.536731][ T4131] batman_adv: batadv0: Interface activated: batadv_slave_1
[   60.539711][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   60.543538][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   60.548983][ T4131] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   60.551691][ T4131] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   60.554016][ T4131] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   60.556349][ T4131] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   60.604080][  T628] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.606424][  T628] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.612054][  T628] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   60.644589][  T371] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.646808][  T371] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.649767][  T293] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
1970/01/01 00:01:00 executed programs: 2
[   60.688013][ T4189] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[   60.727458][ T4191] ==================================================================
[   60.729811][ T4191] BUG: KASAN: use-after-free in ax25_fillin_cb+0x394/0x568
[   60.731754][ T4191] Read of size 4 at addr ffff0000d3686038 by task syz.0.18/4191
[   60.733859][ T4191] 
[   60.734470][ T4191] CPU: 1 PID: 4191 Comm: syz.0.18 Not tainted 5.15.189-syzkaller #0
[   60.736621][ T4191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   60.739424][ T4191] Call trace:
[   60.740305][ T4191]  dump_backtrace+0x0/0x43c
[   60.741567][ T4191]  show_stack+0x2c/0x3c
[   60.742693][ T4191]  __dump_stack+0x30/0x40
[   60.743943][ T4191]  dump_stack_lvl+0xf8/0x160
[   60.745167][ T4191]  print_address_description+0x78/0x30c
[   60.746667][ T4191]  kasan_report+0xec/0x15c
[   60.747851][ T4191]  __asan_report_load4_noabort+0x44/0x50
[   60.749506][ T4191]  ax25_fillin_cb+0x394/0x568
[   60.750807][ T4191]  ax25_setsockopt+0x8d0/0xa5c
[   60.752028][ T4191]  __sys_setsockopt+0x260/0x36c
[   60.753393][ T4191]  __arm64_sys_setsockopt+0xb8/0xd4
[   60.754814][ T4191]  invoke_syscall+0x98/0x2b8
[   60.756087][ T4191]  el0_svc_common+0x138/0x258
[   60.757382][ T4191]  do_el0_svc+0x58/0x14c
[   60.758495][ T4191]  el0_svc+0x78/0x1e0
[   60.759600][ T4191]  el0t_64_sync_handler+0xcc/0xe4
[   60.760944][ T4191]  el0t_64_sync+0x1a0/0x1a4
[   60.762157][ T4191] 
[   60.762773][ T4191] Allocated by task 4189:
[   60.763958][ T4191]  __kasan_kmalloc+0xb0/0xf0
[   60.765235][ T4191]  kmem_cache_alloc_trace+0x274/0x3fc
[   60.766716][ T4191]  ax25_dev_device_up+0x5c/0x540
[   60.768117][ T4191]  ax25_device_event+0x504/0x590
[   60.769467][ T4191]  raw_notifier_call_chain+0xd4/0x164
[   60.770915][ T4191]  __dev_notify_flags+0x250/0x46c
[   60.772237][ T4191]  dev_change_flags+0xc8/0x154
[   60.773553][ T4191]  dev_ifsioc+0x504/0xef4
[   60.774774][ T4191]  dev_ioctl+0x4d0/0xc94
[   60.775944][ T4191]  sock_do_ioctl+0x18c/0x240
[   60.777164][ T4191]  sock_ioctl+0x5c8/0x87c
[   60.778410][ T4191]  __arm64_sys_ioctl+0x14c/0x1c8
[   60.779730][ T4191]  invoke_syscall+0x98/0x2b8
[   60.780955][ T4191]  el0_svc_common+0x138/0x258
[   60.782281][ T4191]  do_el0_svc+0x58/0x14c
[   60.783421][ T4191]  el0_svc+0x78/0x1e0
[   60.784526][ T4191]  el0t_64_sync_handler+0xcc/0xe4
[   60.785911][ T4191]  el0t_64_sync+0x1a0/0x1a4
[   60.787208][ T4191] 
[   60.787827][ T4191] Freed by task 4190:
[   60.788900][ T4191]  kasan_set_track+0x4c/0x84
[   60.790105][ T4191]  kasan_set_free_info+0x28/0x4c
[   60.791440][ T4191]  ____kasan_slab_free+0x118/0x164
[   60.792829][ T4191]  __kasan_slab_free+0x18/0x28
[   60.794149][ T4191]  slab_free_freelist_hook+0x128/0x1e8
[   60.795649][ T4191]  kfree+0x170/0x40c
[   60.796669][ T4191]  ax25_release+0x564/0x814
[   60.797952][ T4191]  sock_close+0xb4/0x1f8
[   60.799084][ T4191]  __fput+0x1c0/0x7f8
[   60.800232][ T4191]  ____fput+0x20/0x30
[   60.801316][ T4191]  task_work_run+0x12c/0x1e0
[   60.802601][ T4191]  do_notify_resume+0x24b4/0x3128
[   60.803995][ T4191]  el0_svc+0xf0/0x1e0
[   60.805061][ T4191]  el0t_64_sync_handler+0xcc/0xe4
[   60.806456][ T4191]  el0t_64_sync+0x1a0/0x1a4
[   60.807704][ T4191] 
[   60.808330][ T4191] Last potentially related work creation:
[   60.809851][ T4191]  kasan_save_stack+0x38/0x68
[   60.811152][ T4191]  kasan_record_aux_stack+0xcc/0x114
[   60.812568][ T4191]  insert_work+0x64/0x388
[   60.813741][ T4191]  __queue_work+0xb30/0x1054
[   60.814972][ T4191]  queue_work_on+0xc4/0x17c
[   60.816181][ T4191]  call_usermodehelper_exec+0x22c/0x478
[   60.817732][ T4191]  kobject_uevent_env+0x670/0x888
[   60.819104][ T4191]  kobject_uevent+0x2c/0x3c
[   60.820318][ T4191]  device_add+0xa28/0xf94
[   60.821526][ T4191]  device_create_groups_vargs+0x1d4/0x26c
[   60.823102][ T4191]  device_create_with_groups+0xec/0x13c
[   60.824579][ T4191]  misc_register+0x258/0x4f8
[   60.825755][ T4191]  ubi_init+0x78/0x36c
[   60.826895][ T4191]  do_one_initcall+0x228/0x8b0
[   60.828235][ T4191]  do_initcall_level+0x154/0x214
[   60.829540][ T4191]  do_initcalls+0x58/0xac
[   60.830712][ T4191]  do_basic_setup+0x8c/0xa0
[   60.831981][ T4191]  kernel_init_freeable+0x404/0x5fc
[   60.833415][ T4191]  kernel_init+0x24/0x1d0
[   60.834607][ T4191]  ret_from_fork+0x10/0x20
[   60.835830][ T4191] 
[   60.836491][ T4191] The buggy address belongs to the object at ffff0000d3686000
[   60.836491][ T4191]  which belongs to the cache kmalloc-256 of size 256
[   60.840326][ T4191] The buggy address is located 56 bytes inside of
[   60.840326][ T4191]  256-byte region [ffff0000d3686000, ffff0000d3686100)
[   60.843947][ T4191] The buggy address belongs to the page:
[   60.845510][ T4191] page:000000004253609b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113686
[   60.848343][ T4191] head:000000004253609b order:1 compound_mapcount:0
[   60.850149][ T4191] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   60.852411][ T4191] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002480
[   60.854787][ T4191] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   60.857232][ T4191] page dumped because: kasan: bad access detected
[   60.858900][ T4191] 
[   60.859490][ T4191] Memory state around the buggy address:
[   60.861011][ T4191]  ffff0000d3685f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   60.863166][ T4191]  ffff0000d3685f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   60.865364][ T4191] >ffff0000d3686000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.867582][ T4191]                                         ^
[   60.869158][ T4191]  ffff0000d3686080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.871407][ T4191]  ffff0000d3686100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   60.873590][ T4191] ==================================================================
[   60.875838][ T4191] Disabling lock debugging due to kernel taint
[   60.881158][ T4191] Unable to handle kernel paging request at virtual address b5e0032700001606
[   60.885846][ T4191] Mem abort info:
[   60.886916][ T4191]   ESR = 0x0000000096000021
[   60.888108][ T4191]   EC = 0x25: DABT (current EL), IL = 32 bits
[   60.889704][ T4191]   SET = 0, FnV = 0
[   60.891608][ T4191]   EA = 0, S1PTW = 0
[   60.892690][ T4191]   FSC = 0x21: alignment fault
[   60.893941][ T4191] Data abort info:
[   60.894927][ T4191]   ISV = 0, ISS = 0x00000021
[   60.896207][ T4191]   CM = 0, WnR = 0
[   60.897177][ T4191] [b5e0032700001606] address between user and kernel address ranges
[   60.899365][ T4191] Internal error: Oops: 0000000096000021 [#1] PREEMPT SMP
[   60.901232][ T4191] Modules linked in:
[   60.902345][ T4191] CPU: 1 PID: 4191 Comm: syz.0.18 Tainted: G    B             5.15.189-syzkaller #0
[   60.904940][ T4191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   60.907672][ T4191] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   60.910018][ T4191] pc : ax25_release+0x4f4/0x814
[   60.911420][ T4191] lr : ax25_release+0x4ec/0x814
[   60.912915][ T4191] sp : ffff80001fc77a00
[   60.913977][ T4191] x29: ffff80001fc77a20 x28: dfff800000000000 x27: ffff0000dd7cc080
[   60.916210][ T4191] x26: ffff0000d7d3f028 x25: ffff0000d7d3f031 x24: 00000000ffffffff
[   60.918419][ T4191] x23: b5e0032700001606 x22: ffff0000d3686000 x21: ffff0000dd31c818
[   60.920578][ T4191] x20: ffff0000dd7cc000 x19: 1fffe0001afa7e05 x18: 0000000000000000
[   60.922846][ T4191] x17: 0000000000000000 x16: ffff8000082d6448 x15: 0000000000000004
[   60.925121][ T4191] x14: 0000000000ff0100 x13: ffffffffffffffff x12: 0000000000ff0100
[   60.927299][ T4191] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff80001045ef30
[   60.929661][ T4191] x8 : ffff0000c1339b40 x7 : 0000000000000000 x6 : ffff80000837b9bc
[   60.931795][ T4191] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80001045ef24
[   60.934106][ T4191] x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000001
[   60.936317][ T4191] Call trace:
[   60.937260][ T4191]  ax25_release+0x4f4/0x814
[   60.938538][ T4191]  sock_close+0xb4/0x1f8
[   60.939642][ T4191]  __fput+0x1c0/0x7f8
[   60.940699][ T4191]  ____fput+0x20/0x30
[   60.941804][ T4191]  task_work_run+0x12c/0x1e0
[   60.943028][ T4191]  do_notify_resume+0x24b4/0x3128
[   60.944412][ T4191]  el0_svc+0xf0/0x1e0
[   60.945527][ T4191]  el0t_64_sync_handler+0xcc/0xe4
[   60.946935][ T4191]  el0t_64_sync+0x1a0/0x1a4
[   60.948162][ T4191] Code: d503201f 96006935 52800038 4b1803f8 (b87802f8) 
[   60.950141][ T4191] ---[ end trace 5f80353a09825645 ]---
[   61.296337][ T4191] Kernel panic - not syncing: Oops: Fatal exception
[   61.298224][ T4191] SMP: stopping secondary CPUs
[   61.299572][ T4191] Kernel Offset: disabled
[   61.300693][ T4191] CPU features: 0x8,000081c1,21302e40
[   61.302273][ T4191] Memory Limit: none
[   61.639138][ T4191] Rebooting in 86400 seconds..