syzbot |
sign-in | mailing list | source | docs |
================================================================== BUG: KASAN: use-after-free in ax25_release+0x5ca/0x870 net/ax25/af_ax25.c:1061 Read of size 8 at addr ffff8880236b0308 by task syz.3.111/4729 CPU: 0 PID: 4729 Comm: syz.3.111 Not tainted 5.15.189-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 Call Trace: <TASK> dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106 print_address_description+0x60/0x2d0 mm/kasan/report.c:248 __kasan_report mm/kasan/report.c:434 [inline] kasan_report+0xdf/0x130 mm/kasan/report.c:451 ax25_release+0x5ca/0x870 net/ax25/af_ax25.c:1061 __sock_release net/socket.c:649 [inline] sock_close+0xd5/0x240 net/socket.c:1336 __fput+0x234/0x930 fs/file_table.c:311 task_work_run+0x125/0x1a0 kernel/task_work.c:188 tracehook_notify_resume include/linux/tracehook.h:189 [inline] exit_to_user_mode_loop+0x10f/0x130 kernel/entry/common.c:181 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:214 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline] syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x66/0xd0 RIP: 0033:0x7f2eee2abbe9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffeb5b8c988 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 RAX: 0000000000000000 RBX: 00000000000137aa RCX: 00007f2eee2abbe9 RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 RBP: 00007f2eee4d4da0 R08: 0000000000000001 R09: 0000000bb5b8cc7f R10: 0000001b31320000 R11: 0000000000000246 R12: 00007f2eee4d2fac R13: 00007f2eee4d2fa0 R14: ffffffffffffffff R15: 00007ffeb5b8caa0 </TASK> Allocated by task 4730: kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track mm/kasan/common.c:46 [inline] set_alloc_info mm/kasan/common.c:434 [inline] ____kasan_kmalloc mm/kasan/common.c:513 [inline] __kasan_kmalloc+0xb5/0xf0 mm/kasan/common.c:522 kmalloc include/linux/slab.h:604 [inline] kzalloc include/linux/slab.h:735 [inline] ax25_dev_device_up+0x50/0x580 net/ax25/ax25_dev.c:55 ax25_device_event+0x483/0x4f0 net/ax25/af_ax25.c:139 notifier_call_chain kernel/notifier.c:83 [inline] raw_notifier_call_chain+0xcb/0x160 kernel/notifier.c:391 call_netdevice_notifiers_extack net/core/dev.c:2061 [inline] call_netdevice_notifiers net/core/dev.c:2075 [inline] __dev_notify_flags+0x178/0x2d0 net/core/dev.c:-1 dev_change_flags+0xe3/0x1a0 net/core/dev.c:8929 dev_ifsioc+0x147/0xe70 net/core/dev_ioctl.c:324 dev_ioctl+0x55f/0xe50 net/core/dev_ioctl.c:587 sock_do_ioctl+0x222/0x2f0 net/socket.c:1154 sock_ioctl+0x4ed/0x6e0 net/socket.c:1257 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x66/0xd0 Freed by task 4730: kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track+0x4b/0x70 mm/kasan/common.c:46 kasan_set_free_info+0x1f/0x40 mm/kasan/generic.c:360 ____kasan_slab_free+0xd5/0x110 mm/kasan/common.c:366 kasan_slab_free include/linux/kasan.h:230 [inline] slab_free_hook mm/slub.c:1705 [inline] slab_free_freelist_hook+0xea/0x170 mm/slub.c:1731 slab_free mm/slub.c:3499 [inline] kfree+0xef/0x2a0 mm/slub.c:4559 ax25_device_event+0x4b4/0x4f0 net/ax25/af_ax25.c:144 notifier_call_chain kernel/notifier.c:83 [inline] raw_notifier_call_chain+0xcb/0x160 kernel/notifier.c:391 call_netdevice_notifiers_extack net/core/dev.c:2061 [inline] call_netdevice_notifiers net/core/dev.c:2075 [inline] __dev_notify_flags+0x178/0x2d0 net/core/dev.c:-1 dev_change_flags+0xe3/0x1a0 net/core/dev.c:8929 dev_ifsioc+0x147/0xe70 net/core/dev_ioctl.c:324 dev_ioctl+0x55f/0xe50 net/core/dev_ioctl.c:587 sock_do_ioctl+0x222/0x2f0 net/socket.c:1154 sock_ioctl+0x4ed/0x6e0 net/socket.c:1257 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x66/0xd0 Last potentially related work creation: kasan_save_stack+0x35/0x60 mm/kasan/common.c:38 kasan_record_aux_stack+0xb8/0x100 mm/kasan/generic.c:348 insert_work+0x54/0x3d0 kernel/workqueue.c:1366 __queue_work+0x9c5/0xd50 kernel/workqueue.c:1532 queue_work_on+0x11d/0x1d0 kernel/workqueue.c:1559 inet6addr_event+0x9c/0xc0 drivers/infiniband/core/roce_gid_mgmt.c:883 notifier_call_chain kernel/notifier.c:83 [inline] atomic_notifier_call_chain+0x15d/0x280 kernel/notifier.c:198 ipv6_add_addr+0xb30/0xde0 net/ipv6/addrconf.c:1182 addrconf_add_linklocal+0x280/0x6b0 net/ipv6/addrconf.c:3239 addrconf_addr_gen+0x4ee/0x620 net/ipv6/addrconf.c:3370 addrconf_init_auto_addrs+0x6d5/0xa80 net/ipv6/addrconf.c:-1 addrconf_notify+0xa6b/0xf00 net/ipv6/addrconf.c:3663 notifier_call_chain kernel/notifier.c:83 [inline] raw_notifier_call_chain+0xcb/0x160 kernel/notifier.c:391 netdev_state_change+0xd2/0x140 net/core/dev.c:1440 linkwatch_do_dev+0x10d/0x160 net/core/link_watch.c:167 __linkwatch_run_queue+0x4a9/0x7b0 net/core/link_watch.c:213 linkwatch_event+0x48/0x50 net/core/link_watch.c:252 process_one_work+0x863/0x1000 kernel/workqueue.c:2310 process_scheduled_works kernel/workqueue.c:2373 [inline] worker_thread+0xdca/0x12a0 kernel/workqueue.c:2459 kthread+0x436/0x520 kernel/kthread.c:334 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287 The buggy address belongs to the object at ffff8880236b0300 which belongs to the cache kmalloc-192 of size 192 The buggy address is located 8 bytes inside of 192-byte region [ffff8880236b0300, ffff8880236b03c0) The buggy address belongs to the page: page:ffffea00008dac00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x236b0 flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000200 dead000000000100 dead000000000122 ffff888016841a00 raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 11078394218, free_ts 8443380776 prep_new_page mm/page_alloc.c:2426 [inline] get_page_from_freelist+0x1b77/0x1c60 mm/page_alloc.c:4192 __alloc_pages+0x1e1/0x470 mm/page_alloc.c:5474 alloc_page_interleave+0x24/0x1e0 mm/mempolicy.c:2031 alloc_slab_page mm/slub.c:1775 [inline] allocate_slab mm/slub.c:1912 [inline] new_slab+0xc0/0x4b0 mm/slub.c:1975 ___slab_alloc+0x81e/0xdf0 mm/slub.c:3008 __slab_alloc mm/slub.c:3095 [inline] slab_alloc_node mm/slub.c:3186 [inline] slab_alloc mm/slub.c:3228 [inline] __kmalloc+0x1cd/0x330 mm/slub.c:4403 kmalloc include/linux/slab.h:609 [inline] usb_alloc_urb+0x3f/0x140 drivers/usb/core/urb.c:74 usb_internal_control_msg drivers/usb/core/message.c:95 [inline] usb_control_msg+0x115/0x3e0 drivers/usb/core/message.c:153 usb_get_string+0xa1/0x3c0 drivers/usb/core/message.c:843 usb_string_sub+0x76/0x420 drivers/usb/core/message.c:882 usb_get_langid drivers/usb/core/message.c:919 [inline] usb_string+0x1cd/0x760 drivers/usb/core/message.c:983 usb_cache_string+0x7b/0xf0 drivers/usb/core/message.c:1029 usb_enumerate_device drivers/usb/core/hub.c:2446 [inline] usb_new_device+0x288/0x1640 drivers/usb/core/hub.c:2574 register_root_hub+0x278/0x580 drivers/usb/core/hcd.c:1021 usb_add_hcd+0xa88/0xef0 drivers/usb/core/hcd.c:3001 vhci_hcd_probe+0x1bd/0x370 drivers/usb/usbip/vhci_hcd.c:1379 page last free stack trace: reset_page_owner include/linux/page_owner.h:24 [inline] free_pages_prepare mm/page_alloc.c:1340 [inline] free_pcp_prepare mm/page_alloc.c:1391 [inline] free_unref_page_prepare+0x637/0x6c0 mm/page_alloc.c:3317 free_unref_page_list+0x122/0x7e0 mm/page_alloc.c:3433 release_pages+0x184b/0x1bb0 mm/swap.c:963 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline] tlb_flush_mmu_free mm/mmu_gather.c:240 [inline] tlb_flush_mmu mm/mmu_gather.c:247 [inline] tlb_finish_mmu+0x164/0x2e0 mm/mmu_gather.c:338 exit_mmap+0x3a6/0x5f0 mm/mmap.c:3214 __mmput+0x115/0x3b0 kernel/fork.c:1127 free_bprm+0x141/0x300 fs/exec.c:1494 kernel_execve+0x380/0x900 fs/exec.c:2015 call_usermodehelper_exec_async+0x207/0x350 kernel/umh.c:112 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287 Memory state around the buggy address: ffff8880236b0200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8880236b0280: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff8880236b0300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8880236b0380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ffff8880236b0400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ==================================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2025/08/28 12:50 | linux-5.15.y | c79648372d02 | e12e5ba4 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan | KASAN: use-after-free Read in ax25_release | ||
| 2025/08/28 09:51 | linux-5.15.y | c79648372d02 | e12e5ba4 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan | KASAN: use-after-free Read in ax25_release | ||
| 2025/08/28 01:21 | linux-5.15.y | c79648372d02 | e12e5ba4 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan | KASAN: use-after-free Read in ax25_release | ||
| 2025/08/27 03:23 | linux-5.15.y | c79648372d02 | e12e5ba4 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan | KASAN: use-after-free Read in ax25_release | ||
| 2025/08/23 19:17 | linux-5.15.y | c79648372d02 | bf27483f | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan | KASAN: use-after-free Read in ax25_release | ||
| 2025/08/17 02:38 | linux-5.15.y | c79648372d02 | 1804e95e | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan | KASAN: use-after-free Read in ax25_release | ||
| 2025/08/15 17:17 | linux-5.15.y | c79648372d02 | 1804e95e | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan | KASAN: use-after-free Read in ax25_release | ||
| 2025/08/15 11:19 | linux-5.15.y | c79648372d02 | 1804e95e | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan | KASAN: use-after-free Read in ax25_release | ||
| 2025/08/11 03:04 | linux-5.15.y | c79648372d02 | 32a0e5ed | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan | KASAN: use-after-free Read in ax25_release | ||
| 2025/08/10 12:44 | linux-5.15.y | c79648372d02 | 32a0e5ed | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan | KASAN: use-after-free Read in ax25_release | ||
| 2025/08/09 03:42 | linux-5.15.y | c79648372d02 | 32a0e5ed | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan | KASAN: use-after-free Read in ax25_release | ||
| 2025/08/06 08:15 | linux-5.15.y | c79648372d02 | ffe1dd46 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan | KASAN: use-after-free Read in ax25_release | ||
| 2025/08/04 05:43 | linux-5.15.y | c79648372d02 | 7368264b | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan | KASAN: use-after-free Read in ax25_release | ||
| 2025/07/27 16:08 | linux-5.15.y | c79648372d02 | fb8f743d | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan | KASAN: use-after-free Read in ax25_release | ||
| 2025/07/26 12:42 | linux-5.15.y | c79648372d02 | fb8f743d | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan | KASAN: use-after-free Read in ax25_release | ||
| 2025/07/26 11:39 | linux-5.15.y | c79648372d02 | fb8f743d | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan | KASAN: use-after-free Read in ax25_release | ||
| 2025/07/25 15:03 | linux-5.15.y | c79648372d02 | fb8f743d | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan | KASAN: use-after-free Read in ax25_release | ||
| 2025/07/24 18:36 | linux-5.15.y | c79648372d02 | 65d60d73 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan | KASAN: use-after-free Read in ax25_release | ||
| 2025/07/24 04:14 | linux-5.15.y | c79648372d02 | 0c1d6ded | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan | KASAN: use-after-free Read in ax25_release | ||
| 2025/07/20 17:21 | linux-5.15.y | c79648372d02 | 7117feec | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan | KASAN: use-after-free Read in ax25_release | ||
| 2025/07/20 10:03 | linux-5.15.y | c79648372d02 | 7117feec | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan | KASAN: use-after-free Read in ax25_release | ||
| 2025/07/19 20:53 | linux-5.15.y | c79648372d02 | 7117feec | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan | KASAN: use-after-free Read in ax25_release | ||
| 2025/07/09 13:44 | linux-5.15.y | 3dea0e7f549e | f4e5e155 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan | KASAN: use-after-free Read in ax25_release | ||
| 2025/07/07 02:21 | linux-5.15.y | 3dea0e7f549e | 4f67c4ae | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan | KASAN: use-after-free Read in ax25_release | ||
| 2025/07/04 22:08 | linux-5.15.y | 3dea0e7f549e | d869b261 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan | KASAN: use-after-free Read in ax25_release | ||
| 2025/07/04 07:58 | linux-5.15.y | 3dea0e7f549e | 76ad128c | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan | KASAN: use-after-free Read in ax25_release | ||
| 2025/02/26 18:02 | linux-5.15.y | c16c81c81336 | d34966d1 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan | KASAN: use-after-free Read in ax25_release | ||
| 2025/08/28 02:19 | linux-5.15.y | c79648372d02 | e12e5ba4 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | KASAN: use-after-free Read in ax25_release | ||
| 2025/08/28 00:06 | linux-5.15.y | c79648372d02 | e12e5ba4 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | KASAN: use-after-free Read in ax25_release | ||
| 2025/08/27 04:30 | linux-5.15.y | c79648372d02 | e12e5ba4 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | KASAN: use-after-free Read in ax25_release | ||
| 2025/08/24 00:52 | linux-5.15.y | c79648372d02 | bf27483f | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | KASAN: use-after-free Read in ax25_release | ||
| 2025/08/22 12:31 | linux-5.15.y | c79648372d02 | bf27483f | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | KASAN: use-after-free Read in ax25_release | ||
| 2025/08/17 12:01 | linux-5.15.y | c79648372d02 | 1804e95e | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | KASAN: use-after-free Read in ax25_release | ||
| 2025/08/16 02:46 | linux-5.15.y | c79648372d02 | 1804e95e | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | KASAN: use-after-free Read in ax25_release | ||
| 2025/08/12 15:28 | linux-5.15.y | c79648372d02 | c06e8995 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | KASAN: use-after-free Read in ax25_release | ||
| 2025/08/12 06:39 | linux-5.15.y | c79648372d02 | c06e8995 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | KASAN: use-after-free Read in ax25_release | ||
| 2025/08/10 01:35 | linux-5.15.y | c79648372d02 | 32a0e5ed | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | KASAN: use-after-free Read in ax25_release | ||
| 2025/08/06 04:53 | linux-5.15.y | c79648372d02 | ffe1dd46 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | KASAN: use-after-free Read in ax25_release | ||
| 2025/07/27 02:36 | linux-5.15.y | c79648372d02 | fb8f743d | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | KASAN: use-after-free Read in ax25_release | ||
| 2025/07/26 10:03 | linux-5.15.y | c79648372d02 | fb8f743d | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | KASAN: use-after-free Read in ax25_release | ||
| 2025/07/25 09:14 | linux-5.15.y | c79648372d02 | fb8f743d | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | KASAN: use-after-free Read in ax25_release | ||
| 2025/07/20 04:55 | linux-5.15.y | c79648372d02 | 7117feec | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | KASAN: use-after-free Read in ax25_release | ||
| 2025/07/20 04:55 | linux-5.15.y | c79648372d02 | 7117feec | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | KASAN: use-after-free Read in ax25_release | ||
| 2025/07/04 21:06 | linux-5.15.y | 3dea0e7f549e | d869b261 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | KASAN: use-after-free Read in ax25_release | ||
| 2025/07/04 05:37 | linux-5.15.y | 3dea0e7f549e | 76ad128c | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | KASAN: use-after-free Read in ax25_release | ||
| 2025/07/03 21:01 | linux-5.15.y | 3dea0e7f549e | 115ceea7 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | KASAN: use-after-free Read in ax25_release |