program:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
ioctl$sock_ax25_SIOCADDRT(r1, 0x890b, &(0x7f00000000c0)={@default, @default, 0x2, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null]})
r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$sock_ax25_SIOCADDRT(r1, 0x890b, &(0x7f00000001c0)={@default, @null, 0x7, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
connect$ax25(r1, &(0x7f0000000240)={{0x3, @bcast, 0x4}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default]}, 0x48)
ioctl$sock_ifreq(r3, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})

[   69.034944][ T4664] Bluetooth: hci0: command tx timeout
[   69.105173][ T5320] ax25_connect(): syz.0.0 uses autobind, please contact jreuter@yaina.de
[   69.137011][ T5320] ------------[ cut here ]------------
[   69.139778][ T5320] refcount_t: decrement hit 0; leaking memory.
[   69.146840][ T5320] WARNING: CPU: 0 PID: 5320 at lib/refcount.c:31 refcount_warn_saturate+0xfa/0x1d0
[   69.152739][ T5320] Modules linked in:
[   69.155086][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0
[   69.159812][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.164040][ T5320] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0
[   69.167115][ T5320] Code: b2 00 00 00 e8 37 8d cc fc 5b 5d c3 cc cc cc cc e8 2b 8d cc fc c6 05 48 d8 31 0b 01 90 48 c7 c7 e0 a4 80 8c e8 b7 4a 8c fc 90 <0f> 0b 90 90 eb d9 e8 0b 8d cc fc c6 05 25 d8 31 0b 01 90 48 c7 c7
[   69.176518][ T5320] RSP: 0018:ffffc9000d4570e8 EFLAGS: 00010246
[   69.179172][ T5320] RAX: 53b1ebd175033a00 RBX: ffff88803487464c RCX: 0000000000100000
[   69.182510][ T5320] RDX: ffffc9000e102000 RSI: 000000000000511a RDI: 000000000000511b
[   69.185973][ T5320] RBP: 0000000000000004 R08: ffffffff81817e32 R09: 1ffff11003f8519a
[   69.189595][ T5320] R10: dffffc0000000000 R11: ffffed1003f8519b R12: ffff888034874608
[   69.193591][ T5320] R13: 0000000000000000 R14: ffff88803487464c R15: dffffc0000000000
[   69.197872][ T5320] FS:  00007fc8f645b6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   69.201425][ T5320] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   69.203940][ T5320] CR2: 00007efc9566eba8 CR3: 00000000366da000 CR4: 0000000000352ef0
[   69.207273][ T5320] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   69.210766][ T5320] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   69.214174][ T5320] Call Trace:
[   69.215820][ T5320]  <TASK>
[   69.217277][ T5320]  ? __warn+0x165/0x4d0
[   69.219398][ T5320]  ? refcount_warn_saturate+0xfa/0x1d0
[   69.221575][ T5320]  ? report_bug+0x2b3/0x500
[   69.223422][ T5320]  ? refcount_warn_saturate+0xfa/0x1d0
[   69.225423][ T5320]  ? handle_bug+0x60/0x90
[   69.227154][ T5320]  ? exc_invalid_op+0x1a/0x50
[   69.229253][ T5320]  ? asm_exc_invalid_op+0x1a/0x20
[   69.231355][ T5320]  ? __warn_printk+0x292/0x360
[   69.233236][ T5320]  ? refcount_warn_saturate+0xfa/0x1d0
[   69.235252][ T5320]  ? refcount_warn_saturate+0xf9/0x1d0
[   69.237156][ T5320]  ref_tracker_free+0x6af/0x7e0
[   69.239269][ T5320]  ? __pfx_ref_tracker_free+0x10/0x10
[   69.241402][ T5320]  ? ax25_disconnect+0x1b3/0x3d0
[   69.244016][ T5320]  ? _raw_spin_unlock+0x28/0x50
[   69.246320][ T5320]  ? ax25_disconnect+0x34a/0x3d0
[   69.248305][ T5320]  ax25_device_event+0x334/0x600
[   69.250548][ T5320]  notifier_call_chain+0x1a5/0x3f0
[   69.252441][ T5320]  dev_close_many+0x33c/0x4c0
[   69.254346][ T5320]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   69.257261][ T5320]  ? __pfx_dev_close_many+0x10/0x10
[   69.260029][ T5320]  ? bond_netdev_event+0x161/0xf20
[   69.262165][ T5320]  dev_close+0x1c0/0x2c0
[   69.263848][ T5320]  ? __pfx_dev_close+0x10/0x10
[   69.265575][ T5320]  ? __asan_memset+0x23/0x50
[   69.267509][ T5320]  bpq_device_event+0x372/0x8d0
[   69.269594][ T5320]  ? lockdep_rtnl_is_held+0x26/0x40
[   69.272025][ T5320]  notifier_call_chain+0x1a5/0x3f0
[   69.274805][ T5320]  dev_close_many+0x33c/0x4c0
[   69.276934][ T5320]  ? mark_lock+0x9a/0x360
[   69.278717][ T5320]  ? __pfx_dev_close_many+0x10/0x10
[   69.280920][ T5320]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   69.283248][ T5320]  dev_close+0x1c0/0x2c0
[   69.284926][ T5320]  ? __pfx_dev_close+0x10/0x10
[   69.286835][ T5320]  ? __local_bh_enable_ip+0x168/0x200
[   69.289262][ T5320]  ? bond_enslave+0x6b0/0x3910
[   69.291941][ T5320]  bond_setup_by_slave+0x64/0x420
[   69.295000][ T5320]  bond_enslave+0x7b9/0x3910
[   69.297534][ T5320]  ? __kernel_text_address+0xd/0x40
[   69.300117][ T5320]  ? arch_stack_walk+0xfd/0x150
[   69.302393][ T5320]  ? __pfx_validate_chain+0x10/0x10
[   69.304955][ T5320]  ? __lock_acquire+0x1397/0x2100
[   69.307196][ T5320]  ? aa_get_newest_label+0xff/0x6f0
[   69.309641][ T5320]  ? __pfx_bond_enslave+0x10/0x10
[   69.312237][ T5320]  ? apparmor_capable+0x13b/0x1b0
[   69.314254][ T5320]  ? full_name_hash+0x93/0xe0
[   69.315972][ T5320]  bond_do_ioctl+0x7c3/0xc00
[   69.318019][ T5320]  ? __pfx_bond_do_ioctl+0x10/0x10
[   69.320179][ T5320]  ? rcu_is_watching+0x15/0xb0
[   69.321982][ T5320]  ? trace_contention_end+0x3c/0x120
[   69.324030][ T5320]  ? __pfx_lock_acquire+0x10/0x10
[   69.326506][ T5320]  ? full_name_hash+0x93/0xe0
[   69.328930][ T5320]  dev_ifsioc+0xb6d/0xe70
[   69.330530][ T5320]  ? __pfx_dev_ifsioc+0x10/0x10
[   69.332471][ T5320]  ? dev_load+0x21/0x1f0
[   69.334097][ T5320]  dev_ioctl+0x719/0x1340
[   69.335700][ T5320]  sock_do_ioctl+0x240/0x460
[   69.337209][ T5320]  ? __pfx_sock_do_ioctl+0x10/0x10
[   69.339387][ T5320]  sock_ioctl+0x626/0x8e0
[   69.341557][ T5320]  ? __pfx_sock_ioctl+0x10/0x10
[   69.344087][ T5320]  ? __fget_files+0x2a/0x410
[   69.346001][ T5320]  ? __fget_files+0x2a/0x410
[   69.347681][ T5320]  ? __pfx_sock_ioctl+0x10/0x10
[   69.349694][ T5320]  __se_sys_ioctl+0xf5/0x170
[   69.351477][ T5320]  do_syscall_64+0xf3/0x230
[   69.353365][ T5320]  ? clear_bhb_loop+0x35/0x90
[   69.355484][ T5320]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.358441][ T5320] RIP: 0033:0x7fc8f558d169
[   69.360452][ T5320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.368145][ T5320] RSP: 002b:00007fc8f645b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   69.372203][ T5320] RAX: ffffffffffffffda RBX: 00007fc8f57a5fa0 RCX: 00007fc8f558d169
[   69.375455][ T5320] RDX: 0000400000000180 RSI: 0000000000008990 RDI: 0000000000000008
[   69.378413][ T5320] RBP: 00007fc8f560e2a0 R08: 0000000000000000 R09: 0000000000000000
[   69.381977][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   69.385743][ T5320] R13: 0000000000000000 R14: 00007fc8f57a5fa0 R15: 00007ffed663ec48
[   69.389184][ T5320]  </TASK>
[   69.390336][ T5320] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   69.393156][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0
[   69.397100][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.401896][ T5320] Call Trace:
[   69.403832][ T5320]  <TASK>
[   69.405374][ T5320]  dump_stack_lvl+0x241/0x360
[   69.407433][ T5320]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.409485][ T5320]  ? __pfx__printk+0x10/0x10
[   69.411359][ T5320]  ? _printk+0xd5/0x120
[   69.413029][ T5320]  ? __init_begin+0x41000/0x41000
[   69.415180][ T5320]  ? vscnprintf+0x5d/0x90
[   69.416893][ T5320]  panic+0x349/0x880
[   69.418403][ T5320]  ? __warn+0x174/0x4d0
[   69.420087][ T5320]  ? __pfx_panic+0x10/0x10
[   69.422060][ T5320]  __warn+0x344/0x4d0
[   69.424209][ T5320]  ? refcount_warn_saturate+0xfa/0x1d0
[   69.426762][ T5320]  report_bug+0x2b3/0x500
[   69.428832][ T5320]  ? refcount_warn_saturate+0xfa/0x1d0
[   69.430951][ T5320]  handle_bug+0x60/0x90
[   69.432518][ T5320]  exc_invalid_op+0x1a/0x50
[   69.434413][ T5320]  asm_exc_invalid_op+0x1a/0x20
[   69.436293][ T5320] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0
[   69.438652][ T5320] Code: b2 00 00 00 e8 37 8d cc fc 5b 5d c3 cc cc cc cc e8 2b 8d cc fc c6 05 48 d8 31 0b 01 90 48 c7 c7 e0 a4 80 8c e8 b7 4a 8c fc 90 <0f> 0b 90 90 eb d9 e8 0b 8d cc fc c6 05 25 d8 31 0b 01 90 48 c7 c7
[   69.448418][ T5320] RSP: 0018:ffffc9000d4570e8 EFLAGS: 00010246
[   69.451440][ T5320] RAX: 53b1ebd175033a00 RBX: ffff88803487464c RCX: 0000000000100000
[   69.454529][ T5320] RDX: ffffc9000e102000 RSI: 000000000000511a RDI: 000000000000511b
[   69.457623][ T5320] RBP: 0000000000000004 R08: ffffffff81817e32 R09: 1ffff11003f8519a
[   69.460775][ T5320] R10: dffffc0000000000 R11: ffffed1003f8519b R12: ffff888034874608
[   69.463909][ T5320] R13: 0000000000000000 R14: ffff88803487464c R15: dffffc0000000000
[   69.467258][ T5320]  ? __warn_printk+0x292/0x360
[   69.469127][ T5320]  ? refcount_warn_saturate+0xf9/0x1d0
[   69.471452][ T5320]  ref_tracker_free+0x6af/0x7e0
[   69.473543][ T5320]  ? __pfx_ref_tracker_free+0x10/0x10
[   69.475886][ T5320]  ? ax25_disconnect+0x1b3/0x3d0
[   69.478012][ T5320]  ? _raw_spin_unlock+0x28/0x50
[   69.479847][ T5320]  ? ax25_disconnect+0x34a/0x3d0
[   69.481894][ T5320]  ax25_device_event+0x334/0x600
[   69.484641][ T5320]  notifier_call_chain+0x1a5/0x3f0
[   69.487188][ T5320]  dev_close_many+0x33c/0x4c0
[   69.489206][ T5320]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   69.491734][ T5320]  ? __pfx_dev_close_many+0x10/0x10
[   69.493724][ T5320]  ? bond_netdev_event+0x161/0xf20
[   69.495720][ T5320]  dev_close+0x1c0/0x2c0
[   69.497452][ T5320]  ? __pfx_dev_close+0x10/0x10
[   69.499396][ T5320]  ? __asan_memset+0x23/0x50
[   69.501371][ T5320]  bpq_device_event+0x372/0x8d0
[   69.503709][ T5320]  ? lockdep_rtnl_is_held+0x26/0x40
[   69.506174][ T5320]  notifier_call_chain+0x1a5/0x3f0
[   69.508329][ T5320]  dev_close_many+0x33c/0x4c0
[   69.510308][ T5320]  ? mark_lock+0x9a/0x360
[   69.511969][ T5320]  ? __pfx_dev_close_many+0x10/0x10
[   69.514123][ T5320]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   69.516552][ T5320]  dev_close+0x1c0/0x2c0
[   69.518182][ T5320]  ? __pfx_dev_close+0x10/0x10
[   69.520131][ T5320]  ? __local_bh_enable_ip+0x168/0x200
[   69.522387][ T5320]  ? bond_enslave+0x6b0/0x3910
[   69.524686][ T5320]  bond_setup_by_slave+0x64/0x420
[   69.526855][ T5320]  bond_enslave+0x7b9/0x3910
[   69.528566][ T5320]  ? __kernel_text_address+0xd/0x40
[   69.530434][ T5320]  ? arch_stack_walk+0xfd/0x150
[   69.532243][ T5320]  ? __pfx_validate_chain+0x10/0x10
[   69.534734][ T5320]  ? __lock_acquire+0x1397/0x2100
[   69.536965][ T5320]  ? aa_get_newest_label+0xff/0x6f0
[   69.539147][ T5320]  ? __pfx_bond_enslave+0x10/0x10
[   69.541228][ T5320]  ? apparmor_capable+0x13b/0x1b0
[   69.543131][ T5320]  ? full_name_hash+0x93/0xe0
[   69.545045][ T5320]  bond_do_ioctl+0x7c3/0xc00
[   69.547249][ T5320]  ? __pfx_bond_do_ioctl+0x10/0x10
[   69.550145][ T5320]  ? rcu_is_watching+0x15/0xb0
[   69.552285][ T5320]  ? trace_contention_end+0x3c/0x120
[   69.554239][ T5320]  ? __pfx_lock_acquire+0x10/0x10
[   69.556158][ T5320]  ? full_name_hash+0x93/0xe0
[   69.557913][ T5320]  dev_ifsioc+0xb6d/0xe70
[   69.559621][ T5320]  ? __pfx_dev_ifsioc+0x10/0x10
[   69.561693][ T5320]  ? dev_load+0x21/0x1f0
[   69.563553][ T5320]  dev_ioctl+0x719/0x1340
[   69.565532][ T5320]  sock_do_ioctl+0x240/0x460
[   69.567540][ T5320]  ? __pfx_sock_do_ioctl+0x10/0x10
[   69.569943][ T5320]  sock_ioctl+0x626/0x8e0
[   69.571775][ T5320]  ? __pfx_sock_ioctl+0x10/0x10
[   69.573843][ T5320]  ? __fget_files+0x2a/0x410
[   69.575588][ T5320]  ? __fget_files+0x2a/0x410
[   69.577220][ T5320]  ? __pfx_sock_ioctl+0x10/0x10
[   69.579331][ T5320]  __se_sys_ioctl+0xf5/0x170
[   69.581028][ T5320]  do_syscall_64+0xf3/0x230
[   69.582699][ T5320]  ? clear_bhb_loop+0x35/0x90
[   69.584722][ T5320]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.587032][ T5320] RIP: 0033:0x7fc8f558d169
[   69.588560][ T5320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.595905][ T5320] RSP: 002b:00007fc8f645b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   69.599130][ T5320] RAX: ffffffffffffffda RBX: 00007fc8f57a5fa0 RCX: 00007fc8f558d169
[   69.602160][ T5320] RDX: 0000400000000180 RSI: 0000000000008990 RDI: 0000000000000008
[   69.605461][ T5320] RBP: 00007fc8f560e2a0 R08: 0000000000000000 R09: 0000000000000000
[   69.608486][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   69.611527][ T5320] R13: 0000000000000000 R14: 00007fc8f57a5fa0 R15: 00007ffed663ec48
[   69.614847][ T5320]  </TASK>
[   69.616647][ T5320] Kernel Offset: disabled
[   69.618717][ T5320] Rebooting in 86400 seconds..