larsks/ax25_relase_uaf.txt

## ax25_relase_uaf.txt
Apr 17 09:38:03 radio1.local kernel: ------------[ cut here ]------------
Apr 17 09:38:03 radio1.local kernel: WARNING: CPU: 0 PID: 3750 at lib/refcount.c:28 ax25_release+0x358/0x36c [ax25]
Apr 17 09:38:03 radio1.local kernel: refcount_t: underflow; use-after-free.
Apr 17 09:38:03 radio1.local kernel: Modules linked in: tun tcp_diag inet_diag mkiss overlay cmac algif_hash aes_arm_bs crypto_simd cryptd algif_skcipher af_alg bnep vc4 snd_soc_hdmi_codec drm_display_helper cec drm_dma_helper drm_kms_helper brcmfmac_wcc snd_soc_core hci_uart btbcm bluetooth brcmfmac cp210x snd_compress usbserial raspberrypi_hwmon snd_pcm_dmaengine snd_usb_audio bcm2835_codec(C) v4l2_mem2mem brcmutil snd_hwdep snd_usbmidi_lib bcm2835_v4l2(C) bcm2835_isp(C) cfg80211 bcm2835_mmal_vchiq(C) videobuf2_dma_contig videobuf2_vmalloc videobuf2_memops snd_rawmidi snd_bcm2835(C) videobuf2_v4l2 binfmt_misc snd_seq_device videodev snd_pcm snd_timer snd videobuf2_common ecdh_generic ecc rfkill mc vc_sm_cma(C) raspberrypi_gpiomem uio_pdrv_genirq uio netrom ax25 drm fuse drm_panel_orientation_quirks backlight dm_mod ip_tables x_tables ipv6 i2c_bcm2835 fixed
Apr 17 09:38:03 radio1.local kernel: CPU: 0 PID: 3750 Comm: axwrapper Tainted: G         C         6.6.20+rpt-rpi-v7 #1  Raspbian 1:6.6.20-1+rpt1
Apr 17 09:38:03 radio1.local kernel: Hardware name: BCM2835
Apr 17 09:38:03 radio1.local kernel:  unwind_backtrace from show_stack+0x18/0x1c
Apr 17 09:38:03 radio1.local kernel:  show_stack from dump_stack_lvl+0x50/0x68
Apr 17 09:38:03 radio1.local kernel:  dump_stack_lvl from __warn+0x80/0x11c
Apr 17 09:38:03 radio1.local kernel:  __warn from warn_slowpath_fmt+0x12c/0x198
Apr 17 09:38:03 radio1.local kernel:  warn_slowpath_fmt from ax25_release+0x358/0x36c [ax25]
Apr 17 09:38:03 radio1.local kernel:  ax25_release [ax25] from __sock_release+0x44/0xbc
Apr 17 09:38:03 radio1.local kernel:  __sock_release from sock_close+0x18/0x20
Apr 17 09:38:03 radio1.local kernel:  sock_close from __fput+0xd0/0x280
Apr 17 09:38:03 radio1.local kernel:  __fput from task_work_run+0x94/0xc4
Apr 17 09:38:03 radio1.local kernel:  task_work_run from do_exit+0x340/0x988
Apr 17 09:38:03 radio1.local kernel:  do_exit from do_group_exit+0x40/0x8c
Apr 17 09:38:03 radio1.local kernel:  do_group_exit from __wake_up_parent+0x0/0x20
Apr 17 09:38:03 radio1.local kernel: ---[ end trace 0000000000000000 ]---

## ax25_release_refcount.txt
[   44.821130] ------------[ cut here ]------------
[   44.821529] refcount_t: decrement hit 0; leaking memory.
[   44.821870] WARNING: CPU: 1 PID: 1056 at lib/refcount.c:31 refcount_warn_saturate+0xff/0x110
[   44.822383] Modules linked in: rfkill mkiss binfmt_misc vfat intel_rapl_msr fat intel_rapl_common intel_uncore_frequency_common kvm_intel snd_hda_codec_generic kvm snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core rapl snd_hwdep iTCO_wdt iTCO_vendor_support snd_seq snd_seq_device i2c_i801 snd_pcm i2c_smbus virtio_gpu snd_timer pcspkr snd virtio_net pktcdvd net_failover soundcore lpc_ich virtio_dma_buf virtio_balloon failover drm_shmem_helper joydev netrom ax25 loop zram zsmalloc crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel sha512_ssse3 sha256_ssse3 sha1_ssse3 virtio_console virtio_blk serio_raw ip6_tables ip_tables fuse qemu_fw_cfg
[   44.826448] CPU: 1 PID: 1056 Comm: trigger Not tainted 6.9.0-rc4-ax25-radio+ #10
[   44.826900] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39 04/01/2014
[   44.827377] RIP: 0010:refcount_warn_saturate+0xff/0x110
[   44.827671] Code: 00 14 83 82 c6 05 02 08 4e 01 01 e8 cb bd 91 ff 0f 0b c3 cc cc cc cc 48 c7 c7 58 14 83 82 c6 05 e6 07 4e 01 01 e8 b1 bd 91 ff <0f> 0b c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90
[   44.828646] RSP: 0018:ffffc90001e73d28 EFLAGS: 00010282
[   44.828976] RAX: 0000000000000000 RBX: ffff88813c6b4570 RCX: 0000000000000000
[   44.829379] RDX: ffff88817bd2f1c0 RSI: ffff88817bd21880 RDI: ffff88817bd21880
[   44.829847] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000003
[   44.830216] R10: ffffc90001e73bc8 R11: ffffffff82b3e548 R12: ffff88813d51ed80
[   44.830586] R13: ffff8881118f4600 R14: ffff88813f399880 R15: ffff88813c6b4000
[   44.831020] FS:  0000000000000000(0000) GS:ffff88817bd00000(0000) knlGS:0000000000000000
[   44.831435] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   44.831788] CR2: 00007f1006c5c680 CR3: 0000000002a22005 CR4: 0000000000770ef0
[   44.832259] PKRU: 55555554
[   44.832410] Call Trace:
[   44.832546]  <TASK>
[   44.832673]  ? __warn+0x80/0x120
[   44.832882]  ? refcount_warn_saturate+0xff/0x110
[   44.833125]  ? report_bug+0x164/0x190
[   44.833323]  ? handle_bug+0x3c/0x80
[   44.833517]  ? exc_invalid_op+0x17/0x70
[   44.833745]  ? asm_exc_invalid_op+0x1a/0x20
[   44.833988]  ? refcount_warn_saturate+0xff/0x110
[   44.834237]  ? refcount_warn_saturate+0xff/0x110
[   44.834484]  ref_tracker_free+0x206/0x210
[   44.834716]  ? _raw_spin_unlock+0xe/0x30
[   44.834947]  ? __dev_queue_xmit+0x26a/0xda0
[   44.835168]  ? __alloc_skb+0xd9/0x1a0
[   44.835364]  ax25_release+0xff/0x360 [ax25]
[   44.835595]  __sock_release+0x3a/0xc0
[   44.835805]  sock_close+0x15/0x20
[   44.835994]  __fput+0x97/0x2c0
[   44.836160]  task_work_run+0x59/0x90
[   44.836353]  do_exit+0x311/0xac0
[   44.836529]  ? handle_mm_fault+0xad/0x2d0
[   44.836753]  do_group_exit+0x30/0x80
[   44.837143]  __x64_sys_exit_group+0x18/0x20
[   44.837545]  do_syscall_64+0x64/0x170
[   44.837918]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   44.838341] RIP: 0033:0x7f1006b6191d
[   44.838720] Code: Unable to access opcode bytes at 0x7f1006b618f3.
[   44.839247] RSP: 002b:00007fff662fa038 EFLAGS: 00000202 ORIG_RAX: 00000000000000e7
[   44.839852] RAX: ffffffffffffffda RBX: 00007f1006c5dfa8 RCX: 00007f1006b6191d
[   44.840404] RDX: 00000000000000e7 RSI: ffffffffffffff88 RDI: 0000000000000000
[   44.840932] RBP: 00007fff662fa090 R08: 00007fff662f9fd8 R09: 00007fff662f9f5f
[   44.841453] R10: 00007fff662f9ed0 R11: 0000000000000202 R12: 0000000000000001
[   44.841978] R13: 0000000000000000 R14: 0000000000000000 R15: 00007f1006c5dfc0
[   44.842495]  </TASK>
[   44.842765] ---[ end trace 0000000000000000 ]---

## ax25_unregister_netdevice_uaf.txt
[  102.402998] ------------[ cut here ]------------
[  102.403340] refcount_t: underflow; use-after-free.
[  102.403708] WARNING: CPU: 0 PID: 857 at lib/refcount.c:28 refcount_warn_saturate+0xbe/0x110
[  102.403716] Modules linked in: rfkill mkiss binfmt_misc vfat intel_rapl_msr fat intel_rapl_common intel_uncore_frequency_common kvm_intel snd_hda_codec_generic kvm snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core rapl snd_hwdep iTCO_wdt iTCO_vendor_support snd_seq snd_seq_device i2c_i801 snd_pcm i2c_smbus virtio_gpu snd_timer pcspkr snd virtio_net pktcdvd net_failover soundcore lpc_ich virtio_dma_buf virtio_balloon failover drm_shmem_helper joydev netrom ax25 loop zram zsmalloc crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel sha512_ssse3 sha256_ssse3 sha1_ssse3 virtio_console virtio_blk serio_raw ip6_tables ip_tables fuse qemu_fw_cfg
[  102.403739] CPU: 0 PID: 857 Comm: ax25ipd Tainted: G        W          6.9.0-rc4-ax25-radio+ #10
[  102.403740] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39 04/01/2014
[  102.403741] RIP: 0010:refcount_warn_saturate+0xbe/0x110
[  102.403743] Code: 01 01 e8 15 be 91 ff 0f 0b c3 cc cc cc cc 80 3d 38 08 4e 01 00 75 85 48 c7 c7 30 14 83 82 c6 05 28 08 4e 01 01 e8 f2 bd 91 ff <0f> 0b c3 cc cc cc cc 80 3d 16 08 4e 01 00 0f 85 5e ff ff ff 48 c7
[  102.403744] RSP: 0018:ffffc90000813bf8 EFLAGS: 00010286
[  102.403745] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  102.403746] RDX: ffff88817bc2f1c0 RSI: ffff88817bc21880 RDI: ffff88817bc21880
[  102.403747] RBP: ffff88813c6b4000 R08: 0000000000000000 R09: 0000000000000003
[  102.403747] R10: ffffc90000813a98 R11: ffffffff82b3e548 R12: ffff88813d51ed80
[  102.403748] R13: ffffc90000813c70 R14: 00000000ffffffe6 R15: 0000000000000000
[  102.403749] FS:  0000000000000000(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000
[  102.403749] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  102.403750] CR2: 00007f2a973f0080 CR3: 0000000002a22001 CR4: 0000000000770ef0
[  102.403752] PKRU: 55555554
[  102.403753] Call Trace:
[  102.403754]  <TASK>
[  102.403755]  ? __warn+0x80/0x120
[  102.403758]  ? refcount_warn_saturate+0xbe/0x110
[  102.403760]  ? report_bug+0x164/0x190
[  102.403764]  ? handle_bug+0x3c/0x80
[  102.403766]  ? exc_invalid_op+0x17/0x70
[  102.403768]  ? asm_exc_invalid_op+0x1a/0x20
[  102.403772]  ? refcount_warn_saturate+0xbe/0x110
[  102.403774]  ? refcount_warn_saturate+0xbe/0x110
[  102.403775]  ax25_device_event+0x1c6/0x260 [ax25]
[  102.403781]  notifier_call_chain+0x5a/0xd0
[  102.403783]  dev_close_many+0x11e/0x180
[  102.403786]  unregister_netdevice_many_notify+0x1a8/0x880
[  102.403788]  unregister_netdevice_queue+0xf7/0x140
[  102.403790]  unregister_netdev+0x1c/0x30
[  102.403791]  mkiss_close+0x76/0xb0 [mkiss]
[  102.403793]  tty_ldisc_hangup+0xfd/0x230
[  102.403796]  __tty_hangup.part.0+0x1f3/0x370
[  102.403797]  tty_release+0xee/0x600
[  102.403798]  __fput+0x97/0x2c0
[  102.403801]  task_work_run+0x59/0x90
[  102.403803]  do_exit+0x311/0xac0
[  102.403805]  do_group_exit+0x30/0x80
[  102.403806]  __x64_sys_exit_group+0x18/0x20
[  102.403807]  do_syscall_64+0x64/0x170
[  102.403809]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  102.403811] RIP: 0033:0x7f5d6cdf191d
[  102.403814] Code: Unable to access opcode bytes at 0x7f5d6cdf18f3.
[  102.403815] RSP: 002b:00007ffe38ac7ce8 EFLAGS: 00000206 ORIG_RAX: 00000000000000e7
[  102.403816] RAX: ffffffffffffffda RBX: 00007f5d6ceedfa8 RCX: 00007f5d6cdf191d
[  102.403817] RDX: 00000000000000e7 RSI: ffffffffffffff88 RDI: 0000000000000002
[  102.403817] RBP: 00007ffe38ac7d40 R08: 00007ffe38ac7c88 R09: 00007ffe38ac7c0f
[  102.403818] R10: 00007ffe38ac7b80 R11: 0000000000000206 R12: 0000000000000001
[  102.403819] R13: 0000000000000000 R14: 0000000000000002 R15: 00007f5d6ceedfc0
[  102.403820]  </TASK>
[  102.403820] ---[ end trace 0000000000000000 ]---
	Apr 17 09:38:03 radio1.local kernel: ------------[ cut here ]------------
	Apr 17 09:38:03 radio1.local kernel: WARNING: CPU: 0 PID: 3750 at lib/refcount.c:28 ax25_release+0x358/0x36c [ax25]
	Apr 17 09:38:03 radio1.local kernel: refcount_t: underflow; use-after-free.
	Apr 17 09:38:03 radio1.local kernel: Modules linked in: tun tcp_diag inet_diag mkiss overlay cmac algif_hash aes_arm_bs crypto_simd cryptd algif_skcipher af_alg bnep vc4 snd_soc_hdmi_codec drm_display_helper cec drm_dma_helper drm_kms_helper brcmfmac_wcc snd_soc_core hci_uart btbcm bluetooth brcmfmac cp210x snd_compress usbserial raspberrypi_hwmon snd_pcm_dmaengine snd_usb_audio bcm2835_codec(C) v4l2_mem2mem brcmutil snd_hwdep snd_usbmidi_lib bcm2835_v4l2(C) bcm2835_isp(C) cfg80211 bcm2835_mmal_vchiq(C) videobuf2_dma_contig videobuf2_vmalloc videobuf2_memops snd_rawmidi snd_bcm2835(C) videobuf2_v4l2 binfmt_misc snd_seq_device videodev snd_pcm snd_timer snd videobuf2_common ecdh_generic ecc rfkill mc vc_sm_cma(C) raspberrypi_gpiomem uio_pdrv_genirq uio netrom ax25 drm fuse drm_panel_orientation_quirks backlight dm_mod ip_tables x_tables ipv6 i2c_bcm2835 fixed
	Apr 17 09:38:03 radio1.local kernel: CPU: 0 PID: 3750 Comm: axwrapper Tainted: G C 6.6.20+rpt-rpi-v7 #1 Raspbian 1:6.6.20-1+rpt1
	Apr 17 09:38:03 radio1.local kernel: Hardware name: BCM2835
	Apr 17 09:38:03 radio1.local kernel: unwind_backtrace from show_stack+0x18/0x1c
	Apr 17 09:38:03 radio1.local kernel: show_stack from dump_stack_lvl+0x50/0x68
	Apr 17 09:38:03 radio1.local kernel: dump_stack_lvl from __warn+0x80/0x11c
	Apr 17 09:38:03 radio1.local kernel: __warn from warn_slowpath_fmt+0x12c/0x198
	Apr 17 09:38:03 radio1.local kernel: warn_slowpath_fmt from ax25_release+0x358/0x36c [ax25]
	Apr 17 09:38:03 radio1.local kernel: ax25_release [ax25] from __sock_release+0x44/0xbc
	Apr 17 09:38:03 radio1.local kernel: __sock_release from sock_close+0x18/0x20
	Apr 17 09:38:03 radio1.local kernel: sock_close from __fput+0xd0/0x280
	Apr 17 09:38:03 radio1.local kernel: __fput from task_work_run+0x94/0xc4
	Apr 17 09:38:03 radio1.local kernel: task_work_run from do_exit+0x340/0x988
	Apr 17 09:38:03 radio1.local kernel: do_exit from do_group_exit+0x40/0x8c
	Apr 17 09:38:03 radio1.local kernel: do_group_exit from __wake_up_parent+0x0/0x20
	Apr 17 09:38:03 radio1.local kernel: ---[ end trace 0000000000000000 ]---
	[ 44.821130] ------------[ cut here ]------------
	[ 44.821529] refcount_t: decrement hit 0; leaking memory.
	[ 44.821870] WARNING: CPU: 1 PID: 1056 at lib/refcount.c:31 refcount_warn_saturate+0xff/0x110
	[ 44.822383] Modules linked in: rfkill mkiss binfmt_misc vfat intel_rapl_msr fat intel_rapl_common intel_uncore_frequency_common kvm_intel snd_hda_codec_generic kvm snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core rapl snd_hwdep iTCO_wdt iTCO_vendor_support snd_seq snd_seq_device i2c_i801 snd_pcm i2c_smbus virtio_gpu snd_timer pcspkr snd virtio_net pktcdvd net_failover soundcore lpc_ich virtio_dma_buf virtio_balloon failover drm_shmem_helper joydev netrom ax25 loop zram zsmalloc crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel sha512_ssse3 sha256_ssse3 sha1_ssse3 virtio_console virtio_blk serio_raw ip6_tables ip_tables fuse qemu_fw_cfg
	[ 44.826448] CPU: 1 PID: 1056 Comm: trigger Not tainted 6.9.0-rc4-ax25-radio+ #10
	[ 44.826900] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39 04/01/2014
	[ 44.827377] RIP: 0010:refcount_warn_saturate+0xff/0x110
	[ 44.827671] Code: 00 14 83 82 c6 05 02 08 4e 01 01 e8 cb bd 91 ff 0f 0b c3 cc cc cc cc 48 c7 c7 58 14 83 82 c6 05 e6 07 4e 01 01 e8 b1 bd 91 ff <0f> 0b c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90
	[ 44.828646] RSP: 0018:ffffc90001e73d28 EFLAGS: 00010282
	[ 44.828976] RAX: 0000000000000000 RBX: ffff88813c6b4570 RCX: 0000000000000000
	[ 44.829379] RDX: ffff88817bd2f1c0 RSI: ffff88817bd21880 RDI: ffff88817bd21880
	[ 44.829847] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000003
	[ 44.830216] R10: ffffc90001e73bc8 R11: ffffffff82b3e548 R12: ffff88813d51ed80
	[ 44.830586] R13: ffff8881118f4600 R14: ffff88813f399880 R15: ffff88813c6b4000
	[ 44.831020] FS: 0000000000000000(0000) GS:ffff88817bd00000(0000) knlGS:0000000000000000
	[ 44.831435] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
	[ 44.831788] CR2: 00007f1006c5c680 CR3: 0000000002a22005 CR4: 0000000000770ef0
	[ 44.832259] PKRU: 55555554
	[ 44.832410] Call Trace:
	[ 44.832546] <TASK>
	[ 44.832673] ? __warn+0x80/0x120
	[ 44.832882] ? refcount_warn_saturate+0xff/0x110
	[ 44.833125] ? report_bug+0x164/0x190
	[ 44.833323] ? handle_bug+0x3c/0x80
	[ 44.833517] ? exc_invalid_op+0x17/0x70
	[ 44.833745] ? asm_exc_invalid_op+0x1a/0x20
	[ 44.833988] ? refcount_warn_saturate+0xff/0x110
	[ 44.834237] ? refcount_warn_saturate+0xff/0x110
	[ 44.834484] ref_tracker_free+0x206/0x210
	[ 44.834716] ? _raw_spin_unlock+0xe/0x30
	[ 44.834947] ? __dev_queue_xmit+0x26a/0xda0
	[ 44.835168] ? __alloc_skb+0xd9/0x1a0
	[ 44.835364] ax25_release+0xff/0x360 [ax25]
	[ 44.835595] __sock_release+0x3a/0xc0
	[ 44.835805] sock_close+0x15/0x20
	[ 44.835994] __fput+0x97/0x2c0
	[ 44.836160] task_work_run+0x59/0x90
	[ 44.836353] do_exit+0x311/0xac0
	[ 44.836529] ? handle_mm_fault+0xad/0x2d0
	[ 44.836753] do_group_exit+0x30/0x80
	[ 44.837143] __x64_sys_exit_group+0x18/0x20
	[ 44.837545] do_syscall_64+0x64/0x170
	[ 44.837918] entry_SYSCALL_64_after_hwframe+0x76/0x7e
	[ 44.838341] RIP: 0033:0x7f1006b6191d
	[ 44.838720] Code: Unable to access opcode bytes at 0x7f1006b618f3.
	[ 44.839247] RSP: 002b:00007fff662fa038 EFLAGS: 00000202 ORIG_RAX: 00000000000000e7
	[ 44.839852] RAX: ffffffffffffffda RBX: 00007f1006c5dfa8 RCX: 00007f1006b6191d
	[ 44.840404] RDX: 00000000000000e7 RSI: ffffffffffffff88 RDI: 0000000000000000
	[ 44.840932] RBP: 00007fff662fa090 R08: 00007fff662f9fd8 R09: 00007fff662f9f5f
	[ 44.841453] R10: 00007fff662f9ed0 R11: 0000000000000202 R12: 0000000000000001
	[ 44.841978] R13: 0000000000000000 R14: 0000000000000000 R15: 00007f1006c5dfc0
	[ 44.842495] </TASK>
	[ 44.842765] ---[ end trace 0000000000000000 ]---
	[ 102.402998] ------------[ cut here ]------------
	[ 102.403340] refcount_t: underflow; use-after-free.
	[ 102.403708] WARNING: CPU: 0 PID: 857 at lib/refcount.c:28 refcount_warn_saturate+0xbe/0x110
	[ 102.403716] Modules linked in: rfkill mkiss binfmt_misc vfat intel_rapl_msr fat intel_rapl_common intel_uncore_frequency_common kvm_intel snd_hda_codec_generic kvm snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core rapl snd_hwdep iTCO_wdt iTCO_vendor_support snd_seq snd_seq_device i2c_i801 snd_pcm i2c_smbus virtio_gpu snd_timer pcspkr snd virtio_net pktcdvd net_failover soundcore lpc_ich virtio_dma_buf virtio_balloon failover drm_shmem_helper joydev netrom ax25 loop zram zsmalloc crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel sha512_ssse3 sha256_ssse3 sha1_ssse3 virtio_console virtio_blk serio_raw ip6_tables ip_tables fuse qemu_fw_cfg
	[ 102.403739] CPU: 0 PID: 857 Comm: ax25ipd Tainted: G W 6.9.0-rc4-ax25-radio+ #10
	[ 102.403740] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39 04/01/2014
	[ 102.403741] RIP: 0010:refcount_warn_saturate+0xbe/0x110
	[ 102.403743] Code: 01 01 e8 15 be 91 ff 0f 0b c3 cc cc cc cc 80 3d 38 08 4e 01 00 75 85 48 c7 c7 30 14 83 82 c6 05 28 08 4e 01 01 e8 f2 bd 91 ff <0f> 0b c3 cc cc cc cc 80 3d 16 08 4e 01 00 0f 85 5e ff ff ff 48 c7
	[ 102.403744] RSP: 0018:ffffc90000813bf8 EFLAGS: 00010286
	[ 102.403745] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
	[ 102.403746] RDX: ffff88817bc2f1c0 RSI: ffff88817bc21880 RDI: ffff88817bc21880
	[ 102.403747] RBP: ffff88813c6b4000 R08: 0000000000000000 R09: 0000000000000003
	[ 102.403747] R10: ffffc90000813a98 R11: ffffffff82b3e548 R12: ffff88813d51ed80
	[ 102.403748] R13: ffffc90000813c70 R14: 00000000ffffffe6 R15: 0000000000000000
	[ 102.403749] FS: 0000000000000000(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000
	[ 102.403749] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
	[ 102.403750] CR2: 00007f2a973f0080 CR3: 0000000002a22001 CR4: 0000000000770ef0
	[ 102.403752] PKRU: 55555554
	[ 102.403753] Call Trace:
	[ 102.403754] <TASK>
	[ 102.403755] ? __warn+0x80/0x120
	[ 102.403758] ? refcount_warn_saturate+0xbe/0x110
	[ 102.403760] ? report_bug+0x164/0x190
	[ 102.403764] ? handle_bug+0x3c/0x80
	[ 102.403766] ? exc_invalid_op+0x17/0x70
	[ 102.403768] ? asm_exc_invalid_op+0x1a/0x20
	[ 102.403772] ? refcount_warn_saturate+0xbe/0x110
	[ 102.403774] ? refcount_warn_saturate+0xbe/0x110
	[ 102.403775] ax25_device_event+0x1c6/0x260 [ax25]
	[ 102.403781] notifier_call_chain+0x5a/0xd0
	[ 102.403783] dev_close_many+0x11e/0x180
	[ 102.403786] unregister_netdevice_many_notify+0x1a8/0x880
	[ 102.403788] unregister_netdevice_queue+0xf7/0x140
	[ 102.403790] unregister_netdev+0x1c/0x30
	[ 102.403791] mkiss_close+0x76/0xb0 [mkiss]
	[ 102.403793] tty_ldisc_hangup+0xfd/0x230
	[ 102.403796] __tty_hangup.part.0+0x1f3/0x370
	[ 102.403797] tty_release+0xee/0x600
	[ 102.403798] __fput+0x97/0x2c0
	[ 102.403801] task_work_run+0x59/0x90
	[ 102.403803] do_exit+0x311/0xac0
	[ 102.403805] do_group_exit+0x30/0x80
	[ 102.403806] __x64_sys_exit_group+0x18/0x20
	[ 102.403807] do_syscall_64+0x64/0x170
	[ 102.403809] entry_SYSCALL_64_after_hwframe+0x76/0x7e
	[ 102.403811] RIP: 0033:0x7f5d6cdf191d
	[ 102.403814] Code: Unable to access opcode bytes at 0x7f5d6cdf18f3.
	[ 102.403815] RSP: 002b:00007ffe38ac7ce8 EFLAGS: 00000206 ORIG_RAX: 00000000000000e7
	[ 102.403816] RAX: ffffffffffffffda RBX: 00007f5d6ceedfa8 RCX: 00007f5d6cdf191d
	[ 102.403817] RDX: 00000000000000e7 RSI: ffffffffffffff88 RDI: 0000000000000002
	[ 102.403817] RBP: 00007ffe38ac7d40 R08: 00007ffe38ac7c88 R09: 00007ffe38ac7c0f
	[ 102.403818] R10: 00007ffe38ac7b80 R11: 0000000000000206 R12: 0000000000000001
	[ 102.403819] R13: 0000000000000000 R14: 0000000000000002 R15: 00007f5d6ceedfc0
	[ 102.403820] </TASK>
	[ 102.403820] ---[ end trace 0000000000000000 ]---