Warning: Permanently added '10.128.1.101' (ED25519) to the list of known hosts.
executing program
executing program
executing program
[   43.310748][ T4026] ==================================================================
[   43.313098][ T4026] BUG: KASAN: use-after-free in ax25_fillin_cb+0x394/0x568
[   43.315051][ T4026] Read of size 4 at addr ffff0000d2759e38 by task syz-executor228/4026
[   43.317391][ T4026] 
[   43.318064][ T4026] CPU: 1 PID: 4026 Comm: syz-executor228 Not tainted 5.15.185-syzkaller #0
[   43.320445][ T4026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   43.323312][ T4026] Call trace:
[   43.324233][ T4026]  dump_backtrace+0x0/0x43c
[   43.325573][ T4026]  show_stack+0x2c/0x3c
[   43.326760][ T4026]  __dump_stack+0x30/0x40
[   43.327988][ T4026]  dump_stack_lvl+0xf8/0x160
[   43.329261][ T4026]  print_address_description+0x78/0x30c
[   43.330927][ T4026]  kasan_report+0xec/0x15c
[   43.332159][ T4026]  __asan_report_load4_noabort+0x44/0x50
[   43.333728][ T4026]  ax25_fillin_cb+0x394/0x568
[   43.334990][ T4026]  ax25_setsockopt+0x8d0/0xa5c
[   43.336275][ T4026]  __sys_setsockopt+0x2f8/0x4b0
[   43.337636][ T4026]  __arm64_sys_setsockopt+0xb8/0xd4
[   43.339097][ T4026]  invoke_syscall+0x98/0x2b8
[   43.340408][ T4026]  el0_svc_common+0x138/0x258
[   43.341691][ T4026]  do_el0_svc+0x58/0x14c
[   43.342877][ T4026]  el0_svc+0x78/0x1e0
[   43.343995][ T4026]  el0t_64_sync_handler+0xcc/0xe4
[   43.345409][ T4026]  el0t_64_sync+0x1a0/0x1a4
[   43.346647][ T4026] 
[   43.347312][ T4026] Allocated by task 4024:
[   43.348547][ T4026]  __kasan_kmalloc+0xb0/0xf0
[   43.349831][ T4026]  kmem_cache_alloc_trace+0x274/0x3fc
[   43.351311][ T4026]  ax25_dev_device_up+0x5c/0x540
[   43.352745][ T4026]  ax25_device_event+0x504/0x590
[   43.354109][ T4026]  raw_notifier_call_chain+0xd4/0x164
[   43.355677][ T4026]  __dev_notify_flags+0x250/0x46c
[   43.357062][ T4026]  dev_change_flags+0xc8/0x154
[   43.358366][ T4026]  dev_ifsioc+0x504/0xef4
[   43.359549][ T4026]  dev_ioctl+0x4d0/0xc94
[   43.360776][ T4026]  sock_do_ioctl+0x18c/0x240
[   43.362041][ T4026]  sock_ioctl+0x5c8/0x87c
[   43.363188][ T4026]  __arm64_sys_ioctl+0x14c/0x1c8
[   43.364580][ T4026]  invoke_syscall+0x98/0x2b8
[   43.365833][ T4026]  el0_svc_common+0x138/0x258
[   43.367200][ T4026]  do_el0_svc+0x58/0x14c
[   43.368363][ T4026]  el0_svc+0x78/0x1e0
[   43.369483][ T4026]  el0t_64_sync_handler+0xcc/0xe4
[   43.370881][ T4026]  el0t_64_sync+0x1a0/0x1a4
[   43.372116][ T4026] 
[   43.372732][ T4026] Freed by task 4025:
[   43.373813][ T4026]  kasan_set_track+0x4c/0x84
[   43.375104][ T4026]  kasan_set_free_info+0x28/0x4c
[   43.376478][ T4026]  ____kasan_slab_free+0x118/0x164
[   43.377884][ T4026]  __kasan_slab_free+0x18/0x28
[   43.379245][ T4026]  slab_free_freelist_hook+0x128/0x1e8
[   43.380871][ T4026]  kfree+0x170/0x40c
[   43.381945][ T4026]  ax25_release+0x564/0x814
[   43.383174][ T4026]  sock_close+0xb4/0x1f8
[   43.384339][ T4026]  __fput+0x1c0/0x7f8
[   43.385518][ T4026]  ____fput+0x20/0x30
[   43.386639][ T4026]  task_work_run+0x12c/0x1e0
[   43.387929][ T4026]  do_exit+0x67c/0x1f58
[   43.389064][ T4026]  do_group_exit+0x100/0x268
[   43.390328][ T4026]  __wake_up_parent+0x0/0x60
[   43.391631][ T4026]  invoke_syscall+0x98/0x2b8
[   43.392928][ T4026]  el0_svc_common+0x138/0x258
[   43.394262][ T4026]  do_el0_svc+0x58/0x14c
[   43.395517][ T4026]  el0_svc+0x78/0x1e0
[   43.396658][ T4026]  el0t_64_sync_handler+0xcc/0xe4
[   43.398034][ T4026]  el0t_64_sync+0x1a0/0x1a4
[   43.399288][ T4026] 
[   43.399984][ T4026] Last potentially related work creation:
[   43.401909][ T4026]  kasan_save_stack+0x38/0x68
[   43.403162][ T4026]  kasan_record_aux_stack+0xcc/0x114
[   43.404661][ T4026]  insert_work+0x64/0x388
[   43.405863][ T4026]  __queue_work+0xb30/0x1054
[   43.407110][ T4026]  queue_work_on+0xc4/0x17c
[   43.408387][ T4026]  call_usermodehelper_exec+0x22c/0x478
[   43.409874][ T4026]  kobject_uevent_env+0x670/0x888
[   43.411279][ T4026]  kobject_uevent+0x2c/0x3c
[   43.412579][ T4026]  driver_register+0x29c/0x374
[   43.413866][ T4026]  i2c_register_driver+0xb4/0x178
[   43.415224][ T4026]  mpl3115_driver_init+0x20/0x2c
[   43.416575][ T4026]  do_one_initcall+0x228/0x8b0
[   43.417876][ T4026]  do_initcall_level+0x154/0x214
[   43.419195][ T4026]  do_initcalls+0x58/0xac
[   43.420394][ T4026]  do_basic_setup+0x8c/0xa0
[   43.421625][ T4026]  kernel_init_freeable+0x404/0x5fc
[   43.423099][ T4026]  kernel_init+0x24/0x1d0
[   43.424256][ T4026]  ret_from_fork+0x10/0x20
[   43.425454][ T4026] 
[   43.426096][ T4026] The buggy address belongs to the object at ffff0000d2759e00
[   43.426096][ T4026]  which belongs to the cache kmalloc-256 of size 256
[   43.429960][ T4026] The buggy address is located 56 bytes inside of
[   43.429960][ T4026]  256-byte region [ffff0000d2759e00, ffff0000d2759f00)
[   43.433662][ T4026] The buggy address belongs to the page:
[   43.435212][ T4026] page:00000000050c2d20 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x112758
[   43.438022][ T4026] head:00000000050c2d20 order:1 compound_mapcount:0
[   43.439845][ T4026] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   43.442021][ T4026] raw: 05ffc00000010200 0000000000000000 0000000100000001 ffff0000c0002480
[   43.444380][ T4026] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   43.446701][ T4026] page dumped because: kasan: bad access detected
[   43.448486][ T4026] 
[   43.449098][ T4026] Memory state around the buggy address:
[   43.450659][ T4026]  ffff0000d2759d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   43.452860][ T4026]  ffff0000d2759d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   43.455092][ T4026] >ffff0000d2759e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   43.457305][ T4026]                                         ^
[   43.458922][ T4026]  ffff0000d2759e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   43.461115][ T4026]  ffff0000d2759f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   43.463343][ T4026] ==================================================================
[   43.465538][ T4026] Disabling lock debugging due to kernel taint
[   43.468311][ T4026] Unable to handle kernel paging request at virtual address 0020024800001561
[   43.470711][ T4026] Mem abort info:
[   43.471700][ T4026]   ESR = 0x0000000096000021
[   43.472912][ T4026]   EC = 0x25: DABT (current EL), IL = 32 bits
[   43.474547][ T4026]   SET = 0, FnV = 0
[   43.475583][ T4026]   EA = 0, S1PTW = 0
[   43.476725][ T4026]   FSC = 0x21: alignment fault
[   43.478024][ T4026] Data abort info:
[   43.479003][ T4026]   ISV = 0, ISS = 0x00000021
[   43.480239][ T4026]   CM = 0, WnR = 0
[   43.481261][ T4026] [0020024800001561] address between user and kernel address ranges
[   43.483428][ T4026] Internal error: Oops: 0000000096000021 [#1] PREEMPT SMP
[   43.485291][ T4026] Modules linked in:
[   43.486376][ T4026] CPU: 1 PID: 4026 Comm: syz-executor228 Tainted: G    B             5.15.185-syzkaller #0
[   43.489153][ T4026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   43.491992][ T4026] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   43.494155][ T4026] pc : ax25_release+0x4f4/0x814
[   43.495459][ T4026] lr : ax25_release+0x4ec/0x814
[   43.496802][ T4026] sp : ffff80001f207a20
[   43.497902][ T4026] x29: ffff80001f207a40 x28: dfff800000000000 x27: ffff0000c1bbd080
[   43.500077][ T4026] x26: ffff0000c1b0f828 x25: 0000000000000002 x24: 00000000ffffffff
[   43.502263][ T4026] x23: c920024800001561 x22: ffff0000d2759e00 x21: ffff0000deb26618
[   43.504475][ T4026] x20: ffff0000c1bbd000 x19: 1fffe00018361f05 x18: 0000000000000000
[   43.506667][ T4026] x17: 0000000000000000 x16: ffff8000082d4c48 x15: 000000000000000a
[   43.508866][ T4026] x14: 00000000ffff8000 x13: 0000000066f4a79b x12: 0000000000ff0100
[   43.511082][ T4026] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff80001044cac4
[   43.513271][ T4026] x8 : ffff0000c1e0d1c0 x7 : 0000000000000000 x6 : ffff80000837a1b0
[   43.515483][ T4026] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80001044cab8
[   43.517647][ T4026] x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000001
[   43.519884][ T4026] Call trace:
[   43.520790][ T4026]  ax25_release+0x4f4/0x814
[   43.522003][ T4026]  sock_close+0xb4/0x1f8
[   43.523210][ T4026]  __fput+0x1c0/0x7f8
[   43.524275][ T4026]  ____fput+0x20/0x30
[   43.525374][ T4026]  task_work_run+0x12c/0x1e0
[   43.526651][ T4026]  do_exit+0x67c/0x1f58
[   43.527827][ T4026]  do_group_exit+0x100/0x268
[   43.529140][ T4026]  __wake_up_parent+0x0/0x60
[   43.530398][ T4026]  invoke_syscall+0x98/0x2b8
[   43.531644][ T4026]  el0_svc_common+0x138/0x258
[   43.532929][ T4026]  do_el0_svc+0x58/0x14c
[   43.534100][ T4026]  el0_svc+0x78/0x1e0
[   43.535229][ T4026]  el0t_64_sync_handler+0xcc/0xe4
[   43.536621][ T4026]  el0t_64_sync+0x1a0/0x1a4
[   43.537899][ T4026] Code: d503201f 9600afd7 52800038 4b1803f8 (b87802f8) 
[   43.539853][ T4026] ---[ end trace 9d8c31850d31ad34 ]---
[   43.856281][ T4026] Kernel panic - not syncing: Oops: Fatal exception
[   43.858178][ T4026] SMP: stopping secondary CPUs
[   43.859573][ T4026] Kernel Offset: disabled
[   43.860734][ T4026] CPU features: 0x8,000081c1,21302e40
[   43.862186][ T4026] Memory Limit: none
[   44.140533][ T4026] Rebooting in 86400 seconds..