Extracting prog: 10m50.833311652s Minimizing prog: 50m46.318704669s Simplifying prog options: 0s Extracting C: 1m11.522217813s Simplifying C: 26m48.204591396s 30 programs, timeouts [15s 1m40s 6m0s] extracting reproducer from 30 programs single: executing 5 programs separately with timeout 15s testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-bpf$PROG_LOAD-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939-setsockopt$sock_int-readv detailed listing: executing program 0: r0 = socket$can_j1939(0x1d, 0x2, 0x7) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)="4480502ac1216c3f00", 0x9}}, 0x0) setsockopt$sock_int(r0, 0x1, 0x4b, &(0x7f0000000240)=0x7ff, 0x4) readv(r0, &(0x7f00000019c0)=[{&(0x7f00000002c0)=""/25, 0x19}], 0x1) program did not crash testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-sendmsg$nl_route detailed listing: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c00000020000100000000000000000002200000000000000000000008000100ac1414aa050004"], 0x2c}}, 0x0) program did not crash testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): epoll_create1-socket-connect$inet6-getsockopt$sock_buf-socket$nl_route-socket$nl_route-sendmsg$nl_route-bind$packet-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-socket$alg-bind$alg-accept4-setsockopt$ALG_SET_KEY-read$alg-recvmmsg detailed listing: executing program 0: epoll_create1(0x0) r0 = socket(0x40000000015, 0x5, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f00000001c0)=0x3b) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(0x0, r2) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10) read$alg(r4, &(0x7f0000000080)=""/16, 0x10) recvmmsg(r4, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0) program did not crash testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD-syz_genetlink_get_family_id$devlink-socket$nl_generic-sendmsg$DEVLINK_CMD_TRAP_GROUP_SET detailed listing: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="b402000000000000791100000000000085000000010000009500000000000000359bb9f43d86b136000000008762000000f3"], &(0x7f0000000100)='syzkaller\x00', 0x4, 0xc5, &(0x7f0000000300)=""/197, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff31, 0x10, &(0x7f00000002c0), 0xffffffffffffff35}, 0x54) r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x4c, r0, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x8, 0x8e}}]}, 0x4c}}, 0x0) program did not crash testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$batadv-sendmsg$BATADV_CMD_GET_BLA_BACKBONE detailed listing: executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="030300000000000000000500000008000300", @ANYRES32], 0x1c}}, 0x0) program did not crash single: failed to extract reproducer bisect: bisecting 30 programs with base timeout 15s testing program (duration=22s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 3, 3, 3, 8, 6, 13, 4, 3, 4, 3, 1, 4, 2, 12, 28, 13, 16, 28, 26, 28, 23, 8, 6, 2, 3, 6, 4, 5, 8] detailed listing: executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="030300000000000000000500000008000300", @ANYRES32], 0x1c}}, 0x0) executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="030300000000000000000500000008000300", @ANYRES32], 0x1c}}, 0x0) executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="030300000000000000000500000008000300", @ANYRES32], 0x1c}}, 0x0) executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="030300000000000000000500000008000300", @ANYRES32], 0x1c}}, 0x0) executing program 3: r0 = socket$inet6(0xa, 0x806, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c) listen(r0, 0x3) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) r2 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000002500)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x12021, 0x0) sendmmsg(r2, &(0x7f0000001500), 0x588, 0x0) executing program 3: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00'}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r0, r1, 0x2, 0x2}, 0x10) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000240)={@cgroup=r2, 0xffffffffffffffff, 0x2, 0x0, 0x4000}, 0x10) executing program 3: r0 = socket(0x10, 0x803, 0x0) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(r0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, &(0x7f0000000340)) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x1c1842, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000880)={0x38, r3, 0x81ff6ee4d0c4d277, 0x70bd26, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0x24, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'vlan0\x00'}}]}]}, 0x38}}, 0x0) executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="b402000000000000791100000000000085000000010000009500000000000000359bb9f43d86b136000000008762000000f3"], &(0x7f0000000100)='syzkaller\x00', 0x4, 0xc5, &(0x7f0000000300)=""/197, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff31, 0x10, &(0x7f00000002c0), 0xffffffffffffff35}, 0x54) r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x4c, r0, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x8, 0x8e}}]}, 0x4c}}, 0x0) executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="030300000000000000000500000008000300", @ANYRES32], 0x1c}}, 0x0) executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="b402000000000000791100000000000085000000010000009500000000000000359bb9f43d86b136000000008762000000f3"], &(0x7f0000000100)='syzkaller\x00', 0x4, 0xc5, &(0x7f0000000300)=""/197, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff31, 0x10, &(0x7f00000002c0), 0xffffffffffffff35}, 0x54) r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x4c, r0, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x8, 0x8e}}]}, 0x4c}}, 0x0) executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="030300000000000000000500000008000300", @ANYRES32], 0x1c}}, 0x0) executing program 1: bpf$MAP_CREATE(0x24, &(0x7f00000000c0), 0x48) executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="b402000000000000791100000000000085000000010000009500000000000000359bb9f43d86b136000000008762000000f3"], &(0x7f0000000100)='syzkaller\x00', 0x4, 0xc5, &(0x7f0000000300)=""/197, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff31, 0x10, &(0x7f00000002c0), 0xffffffffffffff35}, 0x54) r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x4c, r0, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x8, 0x8e}}]}, 0x4c}}, 0x0) executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x4}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_MACSEC_PROTECT={0x5}, @IFLA_MACSEC_INC_SCI={0x5}]}}}]}, 0x44}}, 0x0) executing program 1: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendmmsg$inet(r3, &(0x7f0000000940)=[{{0x0, 0x0, &(0x7f0000002c00)=[{&(0x7f0000000680)="b2", 0x1}], 0x1}}], 0x1, 0xf000080) setsockopt$sock_int(r3, 0x1, 0x20, &(0x7f0000000000), 0x4) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) executing program 1: r0 = socket$inet6(0xa, 0x5, 0x0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r1, &(0x7f0000000000)="c5", 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x15}, 0x1c) setsockopt$inet6_mreq(r1, 0x29, 0x15, 0x0, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000080)=0x1d3a, 0x4) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x10) socket$tipc(0x1e, 0x5, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r5, &(0x7f0000000400)={0x1f, @fixed}, 0x8) setsockopt$bt_BT_VOICE(r5, 0x112, 0xb, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) ppoll(&(0x7f0000000500)=[{r3}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x60, &(0x7f0000000640)={&(0x7f0000000100)={0x34, 0x0, 0x809, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_STRINGSETS={0x1c, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}]}]}, @ETHTOOL_A_STRSET_HEADER={0x4}]}, 0x34}}, 0x0) recvmmsg(r2, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @dev}], 0x1c) executing program 1: socket$inet_dccp(0x2, 0x6, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@private2, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x3}, {0x0, 0x5a66}}, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, 0x0, 0x2b}, 0x0, @in=@empty}}, 0xe8) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) getsockopt$inet6_mreq(r0, 0x29, 0x0, 0x0, &(0x7f0000000400)) bpf$MAP_CREATE(0x0, 0x0, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) close(r0) sendto$inet6(r0, &(0x7f0000000140), 0x0, 0x4000141, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000300)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0) executing program 1: epoll_create1(0x0) r0 = socket(0x40000000015, 0x5, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f00000001c0)=0x3b) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(0x0, r2) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10) read$alg(r4, &(0x7f0000000080)=""/16, 0x10) recvmmsg(r4, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0) executing program 4: mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000440)={'#! ', './file0', [{0x20, '\xc6\x89\x8a\xda~\"6c*)M!\xac[\xc1\x1c\xdf\xb6z\x1a;O\x9a\x990h\x04\x900\xf7%/P\xd5V8\"A\xd5h\xb1/O\x98\xd4\xe1\x85\x0f\xf0\x13F\xd1c\x95\xdb+`\xde\"\xbd\x94E\xa9\xf9\xa5\xe7\xb1\x045\x05\x9eI?\xc3\xe0I!\a\x00\x00\x00\x00\x00\x00\x00c\xedi\xcdB_>VV\xf7/<4\x05T1\bX\x02\xc3\xdf\xb8\xb2\xe6{;+P\xef\x04yr\xdd#:\xb8\xca\xf4\xf9>$\xf6\xc0\xe2*\x17\x11\xf53\x9fAM:\xcc\xee|c\xa5\x1a\xe2\'y!\xecs\'\xd8\x7f\x98O\xec\xb0.\xe1m\xe0\xd5!\x01\xe8\xd8k\xf9\xdf\x0f\x06\xf9\xa1q\xb6\x85\xc3\x10X\xc2\xf5\x1cs\xcc!%\xf1\xfb\xeeB\x9dIo\xf4`\x80\xa2\x0f\x1b\xf5~\x10!\xb4{\x9b\xae\x17\x99\xce\x93\x14\xd1\x1e\x9fw\xcbQ(/9\xe2\x8c#!\xff\xd3a'}, {0x20, '\'%:('}, {0x20, 'wlan1\x00'}], 0xa, "20e8f184974a246867a82480146b82001b0500b0d304f37bc36d4d0a2427eb112032096ab2d1221b7113e09c813c46d948adafef37b2e81c"}, 0x134) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='pids.current\x00', 0x275a, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) r4 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r4, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414"], 0x1c) sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac1414aa00000000000000001400020002000000e000000200000000000000000d0001007564703a73797a3200090000"], 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x0) mmap(&(0x7f0000496000/0x2000)=nil, 0x2000, 0x0, 0x10, r0, 0x0) mmap(&(0x7f00008b7000/0x4000)=nil, 0x4000, 0x0, 0x13, 0xffffffffffffffff, 0x0) mmap(&(0x7f00004e7000/0x2000)=nil, 0x2000, 0x0, 0x13, r1, 0x0) mmap(&(0x7f00005fe000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mmap(&(0x7f00004a3000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) mmap(&(0x7f0000b4f000/0x1000)=nil, 0x1000, 0x1000007, 0x12, 0xffffffffffffffff, 0x3000) mmap(&(0x7f0000b4d000/0x3000)=nil, 0x3000, 0x3000006, 0x10, r5, 0x0) mmap(&(0x7f00002bc000/0x3000)=nil, 0x3000, 0x3000003, 0x10010, r1, 0x0) r6 = socket$rds(0x15, 0x5, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r1) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000300)={'wlan1\x00'}) bind$rds(r6, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) sendmsg$rds(r6, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x4880) sendmsg$rds(r6, &(0x7f0000000680)={&(0x7f00000000c0)={0x2, 0x0, @local}, 0x10, 0x0}, 0x0) ioctl$EXT4_IOC_SETFSUUID(0xffffffffffffffff, 0x4008662c, &(0x7f0000000100)={0x10, 0x0, "51b9f95688f417807365c8a0895d8e5e"}) executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x30, 0x0, 0x0, 0xee01}, {}, {}, 0x4}}, 0xb8}}, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)-generic\x00'}, 0x58) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB], 0xb8}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=@mpls_delroute={0x24, 0x19, 0x1, 0x0, 0x0, {0x1c, 0x14, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x1}, [@RTA_TTL_PROPAGATE={0x5, 0x13}]}, 0x24}}, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b405000091c3000071101f0000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90) bind$alg(0xffffffffffffffff, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000180)='/proc/sxnc_qlen_max\x00'/36}, 0x30) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000ec0)={'batadv0\x00', 0x0}) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x3, 0x261, 0x2}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r7, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000240)}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000440)={r8, &(0x7f0000000480), &(0x7f0000000540), 0x1}, 0x20) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)={0x1c, r6, 0x0, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}]}, 0x1c}}, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd502000000090001"], 0x7c}}, 0x0) sendmsg$NFT_MSG_GETOBJ_RESET(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000640)={0x28, 0x15, 0xa, 0x903, 0x0, 0x0, {}, [@NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0xa}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x28}}, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000540), r4) write$binfmt_script(r4, &(0x7f0000000100), 0xfecc) executing program 4: r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) r5 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x0, 0x0, @remote}, 0x1c) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r4, @ANYBLOB="0c009985f2330fd547793c000800a0003a0900080500390104000000080026"], 0x40}}, 0x0) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0) getsockopt$inet6_opts(r0, 0x29, 0x3b, 0x0, &(0x7f0000000040)) r6 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r6, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004001) sendmsg(r6, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000001940)=[{&(0x7f0000000200)="f9", 0x1}], 0x1}, 0x0) close(r6) r7 = socket(0x10, 0x3, 0x0) write(r7, &(0x7f0000000080)="3300000058001f000307f4f9002304000a04f55f0800010002010002170003800500000099db973b91aa057972513500b04067", 0x33) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001e000100000000000000000007000000", @ANYRES32=0x0, @ANYBLOB="0000000008000f0040"], 0x24}}, 0x0) r9 = socket$kcm(0x2, 0x1000000000000002, 0x0) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002540)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ced4fbd44e24eb0d34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f07e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3a06d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a4693685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0e067345560942ea629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90941576aebc8619d73415cda2130f5011e4845505008000000000004f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c298d9a331bcc80000000008141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c040035cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e509e734fe7da3770845cf442d488afdc0e1700000000000000000000000000000000000000000000000000000520500002952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a62415f78000000005f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c81c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b40824095135861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e5dd921a5eadd4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ecff079cc16bd83a00840e602c28ec78e116ae46c4897e2795b6ff020000004b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e29b10b50000eb4acff90756dba1ecf9f58afd3c19b5c455c9c022e8d03fe28bc358684492aa771dbfe8e4cd14dc5c1eb98b63198f6f830745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b51c34a5384f2cf51180c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af243b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380ecf1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734a37ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f558982d57c556ca1427b5960b7999054df5fb6410bc3cdc8517d817367565ca2a20996fcba472213744d3a156979651596afde2b0089f023fcfccd0712ebd1f7682bd6ea8445fc787390d71ec61d5b7b0f05f6931914bf49d66f07dd646bfbdea1cf021a88aa0d66eff294271a93e32f54f281068514a4cd2d0700a43df59e9924e4affdbd22405e675e9d7cdc10546571131831d4dc8c8363077a908d9ae4f27ff095f5b07667f93a3573d3fabfca58ee0a6b6a691102bb3c7be4dc5b816853275e7ae8c13ec341bad15353fad794b46c4fd73e1b4cc78de2156cb158870d5b8446dae9ba5f7f244e6cf8f6791671057347208a313ebbcb72b04706005670f2b0055e440d72c7c3316982c6ebe8675459cf6bb393b007f5cedb7bc411834600000000000000000000000000a20071b07d568a8150ed646b4999d878d0226d9651647a5999ae7c7c85322a215fcdb1adbad63499518fe0d10145d430422c78367dfa941f74b63f3884565ac89c673da2c2b1172be5f2cd1f3f453ebddc432bd24c73fa773b739e20fcec29a821230654a383ac1868495f67d942c772ca75e09073dbe9307ff5cac7c2c411149a4d989a8a019e068da218d4bc34e4102fd2f97397331e4cd70b49155831635f07ca87f00dc929f902540f565c20add8675b79e005cf0277d954697317b907b77fa5d6b7feaebaf676a2a37de8aa70748fee4bc198ffd3e2de11eb0eff896fd94de0805ba6b1054a7b3e300d4581e9af62a1ecaee96d2819b3d192e5b9561eb622da25450f586be14017a1cf74f89a1dd18af004decfe266134c3d036ae7996931fe6008a73ed34c35f0da4ffee1fe63bc1af6ef1b4731d50b8ceb582a1e9c6e8d97f8290cc105754f592d16ccdb1df8636d7ca5e372cea97dd0f005cc7092b126dd46758917fb0d94b8483d403bd451429cc1660f0b5a529d8134dc2702f6d8e2f943d98fbe50a3ba653f13f98a00fcbf311f9758ade8e4eb87b4b9fb2d09005d8c4bdcab2fff9ed8c9de961fd831a070381c8020352fea7c334b2959ddd956701a7ea415e224a81c9fa1ebbabe74f7743e09b6c8b72650b51d5c2000ef3679c039b3604374fc1af7ab354204afbd24f0e701bc08a98452ce2668617e85e0d876f5a8b6d9b777f1c384d8a9883e30ede126fc485972eca6ad5b8d324262defb6b9aab8d5b76bc91ca50f87966797da2499ca0ac76707c0408a7b6d8708fe7714988babdc11f00008ca6907624ceaa181126d0925c8e98f73496c90758ce3f8c2a596450dcf6333c1b361084a7ebd71dff6733cc460de5d23738a3bf37023df054b2a8db0d8d6d34754b9d71c2ee75f50a2b9770586466803918fa9bb8af8c0caffb2b5df6ed657a0cc609e9cd20c7a82d0cf1cfb455c1f3439989d722ea2f843eff50ec162b21db3f35555d0e85e3bdfafd08913fd6cedc3cafde55fec7b6fb9aa5823bedd57cf4b638547b5744133dbe9521fb2dc979f5b299dbf74ebbe1c7dcf814406f65d373c35e0bd3f8971c704e60b03c47cb828fc3da6cbcb0fe377b50d62f0029a1c76dcfc676f44da4009929c51d5a66763d3f723fa5e7d915e80744"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) setsockopt$sock_attach_bpf(r9, 0x88, 0x67, &(0x7f00000002c0)=r10, 0x4) r11 = socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x2, 0x1, 0x88}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) sendmsg$NL80211_CMD_TRIGGER_SCAN(r11, &(0x7f0000000340)={0x0, 0x1d, &(0x7f0000000300)={&(0x7f0000001940)={0x28, r12, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) accept4$bt_l2cap(r7, &(0x7f0000000040)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x80000) executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)}, 0x4040001) setsockopt$sock_attach_bpf(r0, 0x1, 0xa, &(0x7f0000000180), 0x4) recvmsg$unix(r0, &(0x7f0000000700)={0x0, 0x0, 0x0}, 0x2) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) write$binfmt_elf64(r3, &(0x7f0000000500)=ANY=[], 0x78) close(r4) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.events\x00', 0x7a05, 0x1700) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)) pwritev(r5, &(0x7f00000004c0)=[{0x0}, {0x0}, {&(0x7f0000000200)="db", 0xfffff000}], 0x3, 0x8040000, 0x0) splice(r2, 0x0, r4, 0x0, 0x5, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r7 = socket$inet6(0xa, 0x0, 0x8) sendmmsg$inet6(r7, &(0x7f0000004580)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="24000000000000002900000032000000000003"], 0x28}}], 0x1, 0x0) ioctl$BTRFS_IOC_BALANCE_V2(r4, 0xc4009420, &(0x7f0000000740)={0x6, 0x3, {0x10000, @usage=0x1, 0x0, 0x3, 0x5, 0xf8a4, 0x8000000000000000, 0x5, 0x40, @usage=0x5, 0x6f1, 0x3, [0x3, 0x80000001, 0x8, 0x1, 0xfffffffffffffd81, 0x3ff]}, {0x7, @struct={0x6c, 0x3ff}, 0x0, 0xe582, 0xffffffff00000000, 0x2, 0x401, 0x2, 0x4, @usage=0x8001, 0x9, 0x7, [0x10000, 0x4, 0x6, 0x3, 0x7fffffff, 0x5]}, {0x5, @struct={0x0, 0xa74}, 0x0, 0x0, 0x1, 0x2, 0x9, 0x5, 0x40, @usage=0xffffffff, 0x100, 0x401, [0xa2, 0x57, 0x4eec, 0x3, 0xffff]}, {0x1000, 0x7, 0x4}}) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r1, 0x84009422, &(0x7f0000000b40)={0x0, 0x0, {0x0, @struct, 0x0}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) ioctl$BTRFS_IOC_SCRUB(r2, 0xc400941b, &(0x7f0000000f40)={0x0, 0x4, 0x80, 0x1}) ioctl$BTRFS_IOC_BALANCE_V2(r4, 0xc4009420, &(0x7f0000001340)={0x9, 0x4, {0x2, @struct={0xe7a0000, 0x3}, r8, 0xb, 0x1, 0x0, 0x598d, 0xfff, 0x6e, @struct={0x0, 0x4}, 0x5, 0x1, [0x3, 0xc7df, 0x1, 0x5, 0x6, 0xea]}, {0x3, @usage=0x6, r9, 0x2, 0x480000000, 0x7fffffff, 0x4, 0x89, 0x43, @struct={0x1000, 0xa0}, 0x4a84, 0x5, [0x8, 0x200, 0x8, 0x3, 0x0, 0xa6d1]}, {0x3, @struct={0xfff, 0x6e}, 0x0, 0x8, 0x6, 0x158bc0000000, 0x7, 0x2, 0x400, @usage=0xeb4f, 0xb7ba, 0xf5cf, [0x13b8, 0x1, 0x1, 0x80000001, 0xd83]}, {0xd8, 0x400, 0xd4}}) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r5, 0x80047210, &(0x7f0000000280)) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000000c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x4, '\x00', 0x0, r6, 0x4, 0x3, 0x4}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) executing program 4: bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7, 0x102, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) bpf$MAP_CREATE(0xf, 0x0, 0x0) executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) recvmsg$kcm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000006c0)=""/4096, 0x1000}], 0x1}, 0x0) executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c00000020000100000000000000000002200000000000000000000008000100ac1414aa050004"], 0x2c}}, 0x0) executing program 0: r0 = socket(0x40000000015, 0x5, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private2}, 0x1c) getsockname$packet(r0, 0x0, &(0x7f0000000e00)) executing program 0: r0 = socket(0x40000000015, 0x5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) sendto$l2tp6(r0, 0x0, 0x0, 0x4000000, &(0x7f0000000180)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x20) executing program 0: r0 = socket$phonet(0x23, 0x2, 0x1) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r1}, 0x10) close(r0) executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) write$binfmt_aout(r0, &(0x7f00000002c0)=ANY=[], 0xc1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000005, 0x13, r0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r1, &(0x7f0000000000), 0xe) executing program 0: r0 = socket$can_j1939(0x1d, 0x2, 0x7) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)="4480502ac1216c3f00", 0x9}}, 0x0) setsockopt$sock_int(r0, 0x1, 0x4b, &(0x7f0000000240)=0x7ff, 0x4) readv(r0, &(0x7f00000019c0)=[{&(0x7f00000002c0)=""/25, 0x19}], 0x1) program did not crash replaying the whole log did not cause a kernel crash single: executing 5 programs separately with timeout 1m40s testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-bpf$PROG_LOAD-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939-setsockopt$sock_int-readv detailed listing: executing program 0: r0 = socket$can_j1939(0x1d, 0x2, 0x7) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)="4480502ac1216c3f00", 0x9}}, 0x0) setsockopt$sock_int(r0, 0x1, 0x4b, &(0x7f0000000240)=0x7ff, 0x4) readv(r0, &(0x7f00000019c0)=[{&(0x7f00000002c0)=""/25, 0x19}], 0x1) program crashed: WARNING: refcount bug in j1939_session_put single: successfully extracted reproducer found reproducer with 8 syscalls minimizing guilty program testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-bpf$PROG_LOAD-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939-setsockopt$sock_int detailed listing: executing program 0: r0 = socket$can_j1939(0x1d, 0x2, 0x7) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)="4480502ac1216c3f00", 0x9}}, 0x0) setsockopt$sock_int(r0, 0x1, 0x4b, &(0x7f0000000240)=0x7ff, 0x4) program crashed: WARNING: refcount bug in j1939_session_put testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-bpf$PROG_LOAD-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939 detailed listing: executing program 0: r0 = socket$can_j1939(0x1d, 0x2, 0x7) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)="4480502ac1216c3f00", 0x9}}, 0x0) program crashed: WARNING: refcount bug in j1939_session_put testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-bpf$PROG_LOAD-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939 detailed listing: executing program 0: r0 = socket$can_j1939(0x1d, 0x2, 0x7) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1}, 0x18) program did not crash testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-bpf$PROG_LOAD-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-sendmsg$can_j1939 detailed listing: executing program 0: r0 = socket$can_j1939(0x1d, 0x2, 0x7) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)="4480502ac1216c3f00", 0x9}}, 0x0) program did not crash testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-bpf$PROG_LOAD-ioctl$ifreq_SIOCGIFINDEX_vcan-connect$can_j1939-sendmsg$can_j1939 detailed listing: executing program 0: r0 = socket$can_j1939(0x1d, 0x2, 0x7) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)="4480502ac1216c3f00", 0x9}}, 0x0) program did not crash testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-bpf$PROG_LOAD-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939 detailed listing: executing program 0: r0 = socket$can_j1939(0x1d, 0x2, 0x7) bpf$PROG_LOAD(0x5, 0x0, 0x0) bind$can_j1939(r0, &(0x7f00000000c0), 0x18) connect$can_j1939(r0, &(0x7f0000000140), 0x18) sendmsg$can_j1939(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)="4480502ac1216c3f00", 0x9}}, 0x0) program did not crash testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939 detailed listing: executing program 0: r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)="4480502ac1216c3f00", 0x9}}, 0x0) program crashed: WARNING: refcount bug in j1939_session_put testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939 detailed listing: executing program 0: ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f00000000c0)={0x1d, r0}, 0x18) connect$can_j1939(0xffffffffffffffff, &(0x7f0000000140)={0x1d, r0}, 0x18) sendmsg$can_j1939(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)="4480502ac1216c3f00", 0x9}}, 0x0) program did not crash testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939 detailed listing: executing program 0: r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, 0x0) bind$can_j1939(r0, &(0x7f00000000c0), 0x18) connect$can_j1939(r0, &(0x7f0000000140), 0x18) sendmsg$can_j1939(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)="4480502ac1216c3f00", 0x9}}, 0x0) program did not crash testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939 detailed listing: executing program 0: r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, 0x0, 0x0) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)="4480502ac1216c3f00", 0x9}}, 0x0) program did not crash testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939 detailed listing: executing program 0: r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18) connect$can_j1939(r0, 0x0, 0x0) sendmsg$can_j1939(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)="4480502ac1216c3f00", 0x9}}, 0x0) program did not crash testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939 detailed listing: executing program 0: r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1}, 0x18) sendmsg$can_j1939(r0, 0x0, 0x0) program did not crash testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939 detailed listing: executing program 0: r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) program did not crash testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939 detailed listing: executing program 0: r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) program did not crash testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939 detailed listing: executing program 0: r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)}}, 0x0) program did not crash extracting C reproducer testing compiled C program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939 program crashed: WARNING: refcount bug in j1939_session_put simplifying C reproducer testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939 program crashed: WARNING: refcount bug in j1939_session_put testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939 program crashed: WARNING: refcount bug in j1939_session_put testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939 program did not crash testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939 program crashed: WARNING: refcount bug in j1939_session_put testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939 program did not crash testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939 program crashed: WARNING: refcount bug in j1939_session_put testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939 program crashed: WARNING: refcount bug in j1939_session_put testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939 program crashed: WARNING: refcount bug in j1939_session_put testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939 program crashed: WARNING: refcount bug in j1939_session_put testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939 program crashed: WARNING: refcount bug in j1939_session_put testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939 program crashed: WARNING: refcount bug in j1939_session_put testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939 program crashed: WARNING: refcount bug in j1939_session_put testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939 program crashed: WARNING: refcount bug in j1939_session_put testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939 program crashed: WARNING: refcount bug in j1939_session_put testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939 program crashed: WARNING: refcount bug in j1939_session_put testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-connect$can_j1939-sendmsg$can_j1939 program crashed: WARNING: refcount bug in j1939_session_put reproducing took 1h29m36.878853856s repro crashed as (corrupted=false): ------------[ cut here ]------------ refcount_t: underflow; use-after-free. WARNING: CPU: 1 PID: 5234 at lib/refcount.c:28 refcount_warn_saturate+0x15a/0x1d0 lib/refcount.c:28 Modules linked in: CPU: 1 UID: 0 PID: 5234 Comm: syz-executor352 Not tainted 6.10.0-syzkaller-12610-g743ff02152bc #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 RIP: 0010:refcount_warn_saturate+0x15a/0x1d0 lib/refcount.c:28 Code: 00 17 40 8c e8 67 97 a5 fc 90 0f 0b 90 90 eb 99 e8 1b 89 e3 fc c6 05 76 7d 31 0b 01 90 48 c7 c7 60 17 40 8c e8 47 97 a5 fc 90 <0f> 0b 90 90 e9 76 ff ff ff e8 f8 88 e3 fc c6 05 50 7d 31 0b 01 90 RSP: 0018:ffffc90000a186a0 EFLAGS: 00010246 RAX: 8210bc3d87b44100 RBX: ffff88802edf3364 RCX: ffff88801cff9e00 RDX: 0000000080000101 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000003 R08: ffffffff81559432 R09: 1ffff92000143074 R10: dffffc0000000000 R11: fffff52000143075 R12: ffff888023993068 R13: ffff88802edf3364 R14: 1ffff11004732618 R15: ffff888023993000 FS: 000055557cc6d380(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000000 CR3: 000000007a48c000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: kfree_skb_reason include/linux/skbuff.h:1260 [inline] kfree_skb include/linux/skbuff.h:1269 [inline] j1939_session_destroy net/can/j1939/transport.c:282 [inline] __j1939_session_release net/can/j1939/transport.c:294 [inline] kref_put include/linux/kref.h:65 [inline] j1939_session_put+0x1e7/0x440 net/can/j1939/transport.c:299 j1939_tp_cmd_recv net/can/j1939/transport.c:2113 [inline] j1939_tp_recv+0x7fe/0x1050 net/can/j1939/transport.c:2161 j1939_can_recv+0x732/0xb20 net/can/j1939/main.c:108 deliver net/can/af_can.c:572 [inline] can_rcv_filter+0x359/0x7f0 net/can/af_can.c:606 can_receive+0x31c/0x470 net/can/af_can.c:663 can_rcv+0x144/0x260 net/can/af_can.c:687 __netif_receive_skb_one_core net/core/dev.c:5660 [inline] __netif_receive_skb+0x2e0/0x650 net/core/dev.c:5774 process_backlog+0x662/0x15b0 net/core/dev.c:6107 __napi_poll+0xcb/0x490 net/core/dev.c:6771 napi_poll net/core/dev.c:6840 [inline] net_rx_action+0x89b/0x1240 net/core/dev.c:6962 handle_softirqs+0x2c4/0x970 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637 irq_exit_rcu+0x9/0x30 kernel/softirq.c:649 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline] RIP: 0010:_raw_spin_unlock_irqrestore+0xd8/0x140 kernel/locking/spinlock.c:194 Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 0e 9c 3b f6 f6 44 24 21 02 75 52 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 63 c1 a3 f5 65 8b 05 64 b7 44 74 85 c0 74 43 48 c7 04 24 0e 36 RSP: 0018:ffffc9000356f8c0 EFLAGS: 00000206 RAX: 8210bc3d87b44100 RBX: 1ffff920006adf1c RCX: ffffffff81701f3a RDX: dffffc0000000000 RSI: ffffffff8bead5a0 RDI: 0000000000000001 RBP: ffffc9000356f950 R08: ffffffff9351e8e7 R09: 1ffffffff26a3d1c R10: dffffc0000000000 R11: fffffbfff26a3d1d R12: dffffc0000000000 R13: 1ffff920006adf18 R14: ffffc9000356f8e0 R15: 0000000000000246 j1939_sk_send_loop net/can/j1939/socket.c:1164 [inline] j1939_sk_sendmsg+0xe01/0x14c0 net/can/j1939/socket.c:1277 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597 ___sys_sendmsg net/socket.c:2651 [inline] __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2680 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fd72305ae09 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 01 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffee43e4cf8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd72305ae09 RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 RBP: 00000000000f4240 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffee43e4d50 R13: 00007fd7230a8406 R14: 0000000000000003 R15: 00007ffee43e4d30 ---------------- Code disassembly (best guess): 0: 9c pushf 1: 8f 44 24 20 pop 0x20(%rsp) 5: 42 80 3c 23 00 cmpb $0x0,(%rbx,%r12,1) a: 74 08 je 0x14 c: 4c 89 f7 mov %r14,%rdi f: e8 0e 9c 3b f6 call 0xf63b9c22 14: f6 44 24 21 02 testb $0x2,0x21(%rsp) 19: 75 52 jne 0x6d 1b: 41 f7 c7 00 02 00 00 test $0x200,%r15d 22: 74 01 je 0x25 24: fb sti 25: bf 01 00 00 00 mov $0x1,%edi * 2a: e8 63 c1 a3 f5 call 0xf5a3c192 <-- trapping instruction 2f: 65 8b 05 64 b7 44 74 mov %gs:0x7444b764(%rip),%eax # 0x7444b79a 36: 85 c0 test %eax,%eax 38: 74 43 je 0x7d 3a: 48 rex.W 3b: c7 .byte 0xc7 3c: 04 24 add $0x24,%al 3e: 0e (bad) 3f: 36 ss final repro crashed as (corrupted=false): ------------[ cut here ]------------ refcount_t: underflow; use-after-free. WARNING: CPU: 1 PID: 5234 at lib/refcount.c:28 refcount_warn_saturate+0x15a/0x1d0 lib/refcount.c:28 Modules linked in: CPU: 1 UID: 0 PID: 5234 Comm: syz-executor352 Not tainted 6.10.0-syzkaller-12610-g743ff02152bc #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 RIP: 0010:refcount_warn_saturate+0x15a/0x1d0 lib/refcount.c:28 Code: 00 17 40 8c e8 67 97 a5 fc 90 0f 0b 90 90 eb 99 e8 1b 89 e3 fc c6 05 76 7d 31 0b 01 90 48 c7 c7 60 17 40 8c e8 47 97 a5 fc 90 <0f> 0b 90 90 e9 76 ff ff ff e8 f8 88 e3 fc c6 05 50 7d 31 0b 01 90 RSP: 0018:ffffc90000a186a0 EFLAGS: 00010246 RAX: 8210bc3d87b44100 RBX: ffff88802edf3364 RCX: ffff88801cff9e00 RDX: 0000000080000101 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000003 R08: ffffffff81559432 R09: 1ffff92000143074 R10: dffffc0000000000 R11: fffff52000143075 R12: ffff888023993068 R13: ffff88802edf3364 R14: 1ffff11004732618 R15: ffff888023993000 FS: 000055557cc6d380(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000000 CR3: 000000007a48c000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: kfree_skb_reason include/linux/skbuff.h:1260 [inline] kfree_skb include/linux/skbuff.h:1269 [inline] j1939_session_destroy net/can/j1939/transport.c:282 [inline] __j1939_session_release net/can/j1939/transport.c:294 [inline] kref_put include/linux/kref.h:65 [inline] j1939_session_put+0x1e7/0x440 net/can/j1939/transport.c:299 j1939_tp_cmd_recv net/can/j1939/transport.c:2113 [inline] j1939_tp_recv+0x7fe/0x1050 net/can/j1939/transport.c:2161 j1939_can_recv+0x732/0xb20 net/can/j1939/main.c:108 deliver net/can/af_can.c:572 [inline] can_rcv_filter+0x359/0x7f0 net/can/af_can.c:606 can_receive+0x31c/0x470 net/can/af_can.c:663 can_rcv+0x144/0x260 net/can/af_can.c:687 __netif_receive_skb_one_core net/core/dev.c:5660 [inline] __netif_receive_skb+0x2e0/0x650 net/core/dev.c:5774 process_backlog+0x662/0x15b0 net/core/dev.c:6107 __napi_poll+0xcb/0x490 net/core/dev.c:6771 napi_poll net/core/dev.c:6840 [inline] net_rx_action+0x89b/0x1240 net/core/dev.c:6962 handle_softirqs+0x2c4/0x970 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637 irq_exit_rcu+0x9/0x30 kernel/softirq.c:649 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline] RIP: 0010:_raw_spin_unlock_irqrestore+0xd8/0x140 kernel/locking/spinlock.c:194 Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 0e 9c 3b f6 f6 44 24 21 02 75 52 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 63 c1 a3 f5 65 8b 05 64 b7 44 74 85 c0 74 43 48 c7 04 24 0e 36 RSP: 0018:ffffc9000356f8c0 EFLAGS: 00000206 RAX: 8210bc3d87b44100 RBX: 1ffff920006adf1c RCX: ffffffff81701f3a RDX: dffffc0000000000 RSI: ffffffff8bead5a0 RDI: 0000000000000001 RBP: ffffc9000356f950 R08: ffffffff9351e8e7 R09: 1ffffffff26a3d1c R10: dffffc0000000000 R11: fffffbfff26a3d1d R12: dffffc0000000000 R13: 1ffff920006adf18 R14: ffffc9000356f8e0 R15: 0000000000000246 j1939_sk_send_loop net/can/j1939/socket.c:1164 [inline] j1939_sk_sendmsg+0xe01/0x14c0 net/can/j1939/socket.c:1277 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597 ___sys_sendmsg net/socket.c:2651 [inline] __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2680 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fd72305ae09 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 01 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffee43e4cf8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd72305ae09 RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 RBP: 00000000000f4240 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffee43e4d50 R13: 00007fd7230a8406 R14: 0000000000000003 R15: 00007ffee43e4d30 ---------------- Code disassembly (best guess): 0: 9c pushf 1: 8f 44 24 20 pop 0x20(%rsp) 5: 42 80 3c 23 00 cmpb $0x0,(%rbx,%r12,1) a: 74 08 je 0x14 c: 4c 89 f7 mov %r14,%rdi f: e8 0e 9c 3b f6 call 0xf63b9c22 14: f6 44 24 21 02 testb $0x2,0x21(%rsp) 19: 75 52 jne 0x6d 1b: 41 f7 c7 00 02 00 00 test $0x200,%r15d 22: 74 01 je 0x25 24: fb sti 25: bf 01 00 00 00 mov $0x1,%edi * 2a: e8 63 c1 a3 f5 call 0xf5a3c192 <-- trapping instruction 2f: 65 8b 05 64 b7 44 74 mov %gs:0x7444b764(%rip),%eax # 0x7444b79a 36: 85 c0 test %eax,%eax 38: 74 43 je 0x7d 3a: 48 rex.W 3b: c7 .byte 0xc7 3c: 04 24 add $0x24,%al 3e: 0e (bad) 3f: 36 ss