Warning: Permanently added '10.128.0.60' (ED25519) to the list of known hosts.
executing program
executing program
executing program
[   69.523228][ T4169] ==================================================================
[   69.531877][ T4169] BUG: KASAN: use-after-free in ax25_fillin_cb+0x459/0x640
[   69.539229][ T4169] Read of size 4 at addr ffff88802a2fcd38 by task syz-executor412/4169
[   69.547724][ T4169] 
[   69.550178][ T4169] CPU: 1 PID: 4169 Comm: syz-executor412 Not tainted 5.15.185-syzkaller #0
[   69.558770][ T4169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   69.568847][ T4169] Call Trace:
[   69.572159][ T4169]  <TASK>
[   69.575095][ T4169]  dump_stack_lvl+0x168/0x230
[   69.579904][ T4169]  ? show_regs_print_info+0x20/0x20
[   69.585303][ T4169]  ? _printk+0xcc/0x110
[   69.589472][ T4169]  ? ax25_fillin_cb+0x459/0x640
[   69.594340][ T4169]  ? load_image+0x3b0/0x3b0
[   69.599055][ T4169]  print_address_description+0x60/0x2d0
[   69.604617][ T4169]  ? ax25_fillin_cb+0x459/0x640
[   69.609487][ T4169]  kasan_report+0xdf/0x130
[   69.613926][ T4169]  ? ax25_fillin_cb+0x459/0x640
[   69.618980][ T4169]  ax25_fillin_cb+0x459/0x640
[   69.623773][ T4169]  ax25_setsockopt+0x8a2/0xa40
[   69.629116][ T4169]  ? ax25_shutdown+0x10/0x10
[   69.633944][ T4169]  ? aa_sock_opt_perm+0x74/0x100
[   69.638912][ T4169]  ? bpf_lsm_socket_setsockopt+0x5/0x10
[   69.644539][ T4169]  ? security_socket_setsockopt+0x7a/0xa0
[   69.650357][ T4169]  ? ax25_shutdown+0x10/0x10
[   69.654989][ T4169]  __sys_setsockopt+0x3d6/0x5e0
[   69.659943][ T4169]  ? __ia32_sys_recv+0xb0/0xb0
[   69.664823][ T4169]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[   69.670843][ T4169]  ? lock_chain_count+0x20/0x20
[   69.675720][ T4169]  ? vtime_user_exit+0x2dc/0x400
[   69.680671][ T4169]  __x64_sys_setsockopt+0xb1/0xc0
[   69.685711][ T4169]  do_syscall_64+0x4c/0xa0
[   69.690151][ T4169]  ? clear_bhb_loop+0x30/0x80
[   69.694980][ T4169]  ? clear_bhb_loop+0x30/0x80
[   69.699694][ T4169]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   69.705640][ T4169] RIP: 0033:0x7f32a233db39
[   69.710158][ T4169] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   69.729890][ T4169] RSP: 002b:00007ffd7ae7d1d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   69.738479][ T4169] RAX: ffffffffffffffda RBX: 0000200000000000 RCX: 00007f32a233db39
[   69.746941][ T4169] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000003
[   69.755043][ T4169] RBP: 0000000000010f51 R08: e5a01e6e238456fc R09: 0000000000000006
[   69.763063][ T4169] R10: 0000200000000000 R11: 0000000000000246 R12: 00007ffd7ae7d1ec
[   69.771429][ T4169] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
[   69.779588][ T4169]  </TASK>
[   69.782680][ T4169] 
[   69.785050][ T4169] Allocated by task 4167:
[   69.789400][ T4169]  __kasan_kmalloc+0xb5/0xf0
[   69.794186][ T4169]  ax25_dev_device_up+0x50/0x580
[   69.799187][ T4169]  ax25_device_event+0x483/0x4f0
[   69.804227][ T4169]  raw_notifier_call_chain+0xcb/0x160
[   69.809618][ T4169]  __dev_notify_flags+0x178/0x2d0
[   69.814651][ T4169]  dev_change_flags+0xe3/0x1a0
[   69.819438][ T4169]  dev_ifsioc+0x147/0xe70
[   69.823984][ T4169]  dev_ioctl+0x55f/0xe50
[   69.828330][ T4169]  sock_do_ioctl+0x222/0x2f0
[   69.833020][ T4169]  sock_ioctl+0x4ed/0x6e0
[   69.837366][ T4169]  __se_sys_ioctl+0xfa/0x170
[   69.842102][ T4169]  do_syscall_64+0x4c/0xa0
[   69.846629][ T4169]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   69.852978][ T4169] 
[   69.855413][ T4169] Freed by task 4168:
[   69.859423][ T4169]  kasan_set_track+0x4b/0x70
[   69.864054][ T4169]  kasan_set_free_info+0x1f/0x40
[   69.869013][ T4169]  ____kasan_slab_free+0xd5/0x110
[   69.874198][ T4169]  slab_free_freelist_hook+0xea/0x170
[   69.879628][ T4169]  kfree+0xef/0x2a0
[   69.883550][ T4169]  ax25_release+0x661/0x870
[   69.888075][ T4169]  sock_close+0xd5/0x240
[   69.892331][ T4169]  __fput+0x234/0x930
[   69.896329][ T4169]  task_work_run+0x125/0x1a0
[   69.900926][ T4169]  do_exit+0x616/0x20a0
[   69.905105][ T4169]  do_group_exit+0x12e/0x300
[   69.909941][ T4169]  __x64_sys_exit_group+0x3b/0x40
[   69.915167][ T4169]  do_syscall_64+0x4c/0xa0
[   69.919864][ T4169]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   69.925768][ T4169] 
[   69.928194][ T4169] Last potentially related work creation:
[   69.933913][ T4169]  kasan_save_stack+0x35/0x60
[   69.938920][ T4169]  kasan_record_aux_stack+0xb8/0x100
[   69.944228][ T4169]  insert_work+0x54/0x3d0
[   69.948735][ T4169]  __queue_work+0x9c5/0xd50
[   69.953244][ T4169]  queue_work_on+0x11d/0x1d0
[   69.957974][ T4169]  call_usermodehelper_exec+0x26b/0x460
[   69.963539][ T4169]  kobject_uevent_env+0x681/0x890
[   69.968571][ T4169]  net_rx_queue_update_kobjects+0x221/0x490
[   69.974566][ T4169]  netdev_register_kobject+0x223/0x310
[   69.980071][ T4169]  register_netdevice+0x1019/0x16b0
[   69.985283][ T4169]  register_netdev+0x37/0x50
[   69.989885][ T4169]  nr_proto_init+0x164/0x7e0
[   69.994484][ T4169]  do_one_initcall+0x1ee/0x680
[   69.999265][ T4169]  do_initcall_level+0x137/0x1f0
[   70.004426][ T4169]  do_initcalls+0x4b/0x90
[   70.008765][ T4169]  kernel_init_freeable+0x3ce/0x560
[   70.013965][ T4169]  kernel_init+0x19/0x1b0
[   70.018317][ T4169]  ret_from_fork+0x1f/0x30
[   70.022746][ T4169] 
[   70.025169][ T4169] The buggy address belongs to the object at ffff88802a2fcd00
[   70.025169][ T4169]  which belongs to the cache kmalloc-192 of size 192
[   70.039685][ T4169] The buggy address is located 56 bytes inside of
[   70.039685][ T4169]  192-byte region [ffff88802a2fcd00, ffff88802a2fcdc0)
[   70.053030][ T4169] The buggy address belongs to the page:
[   70.058793][ T4169] page:ffffea0000a8bf00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2a2fc
[   70.068975][ T4169] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   70.076558][ T4169] raw: 00fff00000000200 ffffea0005316cc0 0000000700000007 ffff888016841a00
[   70.085184][ T4169] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   70.093778][ T4169] page dumped because: kasan: bad access detected
[   70.100239][ T4169] page_owner tracks the page as allocated
[   70.105968][ T4169] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 24525659718, free_ts 24493812714
[   70.121835][ T4169]  get_page_from_freelist+0x1b77/0x1c60
[   70.127399][ T4169]  __alloc_pages+0x1e1/0x470
[   70.132103][ T4169]  alloc_page_interleave+0x24/0x1e0
[   70.137394][ T4169]  new_slab+0xc0/0x4b0
[   70.141474][ T4169]  ___slab_alloc+0x81e/0xdf0
[   70.146080][ T4169]  __kmalloc_track_caller+0x1cb/0x330
[   70.151468][ T4169]  kmemdup+0x22/0x50
[   70.155481][ T4169]  neigh_parms_alloc+0x86/0x4b0
[   70.160425][ T4169]  inetdev_init+0x127/0x4d0
[   70.164942][ T4169]  inetdev_event+0x280/0x1360
[   70.169662][ T4169]  raw_notifier_call_chain+0xcb/0x160
[   70.175041][ T4169]  register_netdevice+0x1275/0x16b0
[   70.180872][ T4169]  register_netdev+0x37/0x50
[   70.185570][ T4169]  nr_proto_init+0x164/0x7e0
[   70.190168][ T4169]  do_one_initcall+0x1ee/0x680
[   70.194945][ T4169]  do_initcall_level+0x137/0x1f0
[   70.199893][ T4169] page last free stack trace:
[   70.204575][ T4169]  free_unref_page_prepare+0x637/0x6c0
[   70.210133][ T4169]  free_unref_page+0x94/0x280
[   70.214924][ T4169]  __mmdrop+0xaa/0x3e0
[   70.218997][ T4169]  free_bprm+0x141/0x300
[   70.223263][ T4169]  kernel_execve+0x380/0x900
[   70.228046][ T4169]  call_usermodehelper_exec_async+0x207/0x350
[   70.234350][ T4169]  ret_from_fork+0x1f/0x30
[   70.238884][ T4169] 
[   70.241220][ T4169] Memory state around the buggy address:
[   70.247291][ T4169]  ffff88802a2fcc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   70.255359][ T4169]  ffff88802a2fcc80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[   70.263512][ T4169] >ffff88802a2fcd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.271651][ T4169]                                         ^
[   70.277556][ T4169]  ffff88802a2fcd80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   70.285628][ T4169]  ffff88802a2fce00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.293694][ T4169] ==================================================================
[   70.301757][ T4169] Disabling lock debugging due to kernel taint
[   70.308208][ T4169] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   70.315437][ T4169] CPU: 1 PID: 4169 Comm: syz-executor412 Tainted: G    B             5.15.185-syzkaller #0
[   70.325438][ T4169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   70.335733][ T4169] Call Trace:
[   70.339036][ T4169]  <TASK>
[   70.341973][ T4169]  dump_stack_lvl+0x168/0x230
[   70.346660][ T4169]  ? show_regs_print_info+0x20/0x20
[   70.351968][ T4169]  ? load_image+0x3b0/0x3b0
[   70.356621][ T4169]  panic+0x2c9/0x7f0
[   70.360546][ T4169]  ? bpf_jit_dump+0xd0/0xd0
[   70.365065][ T4169]  ? _raw_spin_unlock_irqrestore+0xf6/0x100
[   70.370969][ T4169]  ? _raw_spin_unlock+0x40/0x40
[   70.375831][ T4169]  ? print_memory_metadata+0x314/0x400
[   70.381294][ T4169]  ? ax25_fillin_cb+0x459/0x640
[   70.386252][ T4169]  check_panic_on_warn+0x80/0xa0
[   70.391226][ T4169]  ? ax25_fillin_cb+0x459/0x640
[   70.396149][ T4169]  end_report+0x6d/0xf0
[   70.400312][ T4169]  kasan_report+0x102/0x130
[   70.404858][ T4169]  ? ax25_fillin_cb+0x459/0x640
[   70.409714][ T4169]  ax25_fillin_cb+0x459/0x640
[   70.414497][ T4169]  ax25_setsockopt+0x8a2/0xa40
[   70.419301][ T4169]  ? ax25_shutdown+0x10/0x10
[   70.424226][ T4169]  ? aa_sock_opt_perm+0x74/0x100
[   70.429197][ T4169]  ? bpf_lsm_socket_setsockopt+0x5/0x10
[   70.434775][ T4169]  ? security_socket_setsockopt+0x7a/0xa0
[   70.440692][ T4169]  ? ax25_shutdown+0x10/0x10
[   70.445396][ T4169]  __sys_setsockopt+0x3d6/0x5e0
[   70.450255][ T4169]  ? __ia32_sys_recv+0xb0/0xb0
[   70.455131][ T4169]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[   70.461543][ T4169]  ? lock_chain_count+0x20/0x20
[   70.466414][ T4169]  ? vtime_user_exit+0x2dc/0x400
[   70.472197][ T4169]  __x64_sys_setsockopt+0xb1/0xc0
[   70.477388][ T4169]  do_syscall_64+0x4c/0xa0
[   70.481963][ T4169]  ? clear_bhb_loop+0x30/0x80
[   70.486930][ T4169]  ? clear_bhb_loop+0x30/0x80
[   70.491649][ T4169]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   70.497704][ T4169] RIP: 0033:0x7f32a233db39
[   70.502144][ T4169] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   70.522444][ T4169] RSP: 002b:00007ffd7ae7d1d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   70.531570][ T4169] RAX: ffffffffffffffda RBX: 0000200000000000 RCX: 00007f32a233db39
[   70.539794][ T4169] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000003
[   70.547803][ T4169] RBP: 0000000000010f51 R08: e5a01e6e238456fc R09: 0000000000000006
[   70.555826][ T4169] R10: 0000200000000000 R11: 0000000000000246 R12: 00007ffd7ae7d1ec
[   70.563817][ T4169] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
[   70.572034][ T4169]  </TASK>
[   70.575590][ T4169] Kernel Offset: disabled
[   70.580058][ T4169] Rebooting in 86400 seconds..