Extracting prog: 1h2m50.453416721s
Minimizing prog: 17m40.371881945s
Simplifying prog options: 0s
Extracting C: 32.78114901s
Simplifying C: 21m54.471533977s


extracting reproducer from 28 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$ipvs-sendmsg$IPVS_CMD_DEL_DAEMON-socket$alg-ioctl$sock_SIOCETHTOOL-syz_init_net_socket$ax25-syz_init_net_socket$bt_sco-socket$can_raw-syz_init_net_socket$netrom-socketpair$unix-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netrom_SIOCADDRT-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private
detailed listing:
executing program 0:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program did not crash
single: failed to extract reproducer
bisect: bisecting 28 programs with base timeout 30s
testing program (duration=37s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [11, 6, 7, 3, 2, 5, 5, 2, 25, 3, 27, 23, 4, 2, 26, 2, 22, 3, 4, 7, 6, 5, 28, 16, 7, 14, 13, 13]
detailed listing:
executing program 0:
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x1, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
set_mempolicy(0x3, &(0x7f0000000000)=0x1, 0x7)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000580)=ANY=[@ANYRESOCT, @ANYRESOCT, @ANYRESHEX=0x0, @ANYRES32, @ANYBLOB="0470d6d93c528185b7ba63359f5718b5e0b96a5f8c3fe94b8f7a381b37c9c8fb944ec856f78c72b8ecd5294f789be1f5369a18865734ae0d791dfa907332d31170821ff42a222db7142677c4a64df57bee6cea5daa69262e650daf9192e13c615ee1dc023c739afc226b441cd3691196c11e485f1562a30956e8fd08ed7a7ab7b644447cec1ee272217e01"], 0x69)
syz_mount_image$ocfs2(&(0x7f0000004740), &(0x7f0000004780)='./file0\x00', 0x100000a, &(0x7f00000001c0)=ANY=[@ANYBLOB="6a6f75726e616c5f6173796e635f636f6d6d69742c6865617274626561743d6e6f6e652c6c6f63616c666c6f636b732c696e6f646536342c6a6f75726e616c5f6173796e635f636f6d6d69742c6e6f61636c2c6e6f61636c2c6572726f72733d636f6e74696e75652c00edc97523793b5022d016bb24c65ba594abbd38fd9c301bfa101e61d574eb5cc84215aa20846b6f33df6281eaedb4b4afaaacd321e4df0d16b4f5a8a992efe2554b52ec9c980e5544cd4b8df3e1ba594d07e0bfe3471c164430a36b7ebddc35caf2959224d8330f1807117fc520d8ff5660c5691afd66a8e397bb802ed69df198008fb799cc37"], 0x1, 0x470e, &(0x7f0000008f40)="$eJzs222IHGcBB/BnNqe5pMn1XtImafqySQQPLceln6r1QzyrNpo2L9pWU+Xcu1wvp3u7592uFgxSgyAKghIEFV+oCqVfakEM9EstQsEXpFUoFUXrF5FCFfxg0AZ6srszuZ3Zvc7mNmlp+/tBOzfPzPPMs/e/eebl2RRitVMLK8WFlWKpUqzO3r9yS/Fz1XJ9cS4UXiWv9fHpzZXISfavnSPv+8BH7rklhD8c+9qHVldXV0PDcOjqQNvP5/99erZ9mShk6jTa7d5ayx/rj7z087e80h55ToQQdnT0q2FTCOFjvwhhcwhhJC4bjZdbQgjbQghRCOHR3/zrx4P9dKHN2XtfeO7YmcP7zkw9/tgzF+aPrrtjFMJ3y7tvnl98cf+m255/x2U6PAAAvKIPHj9y99HJA+HJKAydG+i8X98ZL5P74zvf9qm7Hh5Y275Kbza9iqECAABAxtrz/3D0cpf5umRmLZkSfOKBE3c/Fa1t92D7+nboriO3v3/yQDz/G3VsvzUu+ud7NzXnULPzvtn535FM/e7zv2vHefirz/6y8taN9z/pX3Lc4RAVJlLrhcLERAjHplrru6KthXJ1pfbO+6v1ysmNH/eNIp1/dvZ+bUK/1/xHM9Xz5v93f+LzP9sy0M8nGAvZv9rGerHzT5ku0vmvP5b/5EtRT/mPZerl5X/H09vP/2pzP58ge0QuRTr/1om4r32HYmsAaOT/zYH8/Hdk2s/L//tT5x49sYHv/zTGmeGo0dfB1Ajwcly+zleYyEjn3woiNXTGv8j1zv//ZfK/JtN+Xv53Vv/xu7/1cf1fb/wfn+qnzTePdP6tIIqpPdbO/5FC/vl/bab9vPx/e+rPz36yr2t1Z/6N/o+7/vcknX98IU4Pns3fZK/j/85M+3n57xq776GFDfT7w1vifg5FYaztW6fnGpewobX56uYjTWPz0gYO8iaQzr/1W0udOkOtRfP8H84f/3dl2s/L/6E9X3/P6b6+/9t9/J80/vcknf+WZtml5P9SJv/dmfbz8v/h6b//5b7LPP431g/Kvyfp/Ld2bF97/1Po6fnvukz9vPc/+0afeuSvfTz/J/1Ljpu8/0neQ4xHrfc/dJfO/6p19+v1+r8nUy/v/P/Wf55/en8/43802PEGwK1f79L5b2sVdnkA7DX/6zPt5+X/hXu+/PE/beD5r3nHN5jk3/b8v7lVftT435N0/ttbhal/DPVg8//N63/Umft/M/nfkGk/L/8LhyYGvnKZr/+N/o93eZVNp3T+Q+vu18j/9z1c/2/M1MvL/4t7f/rizX3d/4cwacDfsHT+V6+7X/P8H8zP/6ZMvbz8v/ONXz/xYB/9f3sfdcnm37rWp06n+N681+f/Yqb9vPx/NH7+7P4r8Px3q+t/T9L5t2bNLyX/7PP/3kz7efl/78gPlgeuwPufO+QPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwIaPxcjhEhYnUeqEwMRHCWLy+K2yNZkonp2fK1dnPrISwIy4vhtFovlydKZWnFyrVk3PTpXK5OhvCNfH2HWEwWilXa9OLpaVrL7a1JTo1V1quzcyVaiGEnXH59WF70tbMQm2xtNTcN6lzVVT6bL1aK03UV+aWw+6L5duS8vnlan3puottXV2oLi+dKlWmTy4sv3tycnIy7LnY55Fo7oHaXKXW6m1ra6NOUnc4avswzc03tB3v09X6cqVUbpbf2FanXJ0tldvq3NR2vNpyvTJbqs1Nl6vzyfGKbXXbPltz895423gYSX2+pG7WwXh5+6HjHz1++EDH9mKUzrtSX5yb3N79bwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAN64nb3vXt0MIA621QgjhYPJDFP+XcvbeF547dubwvjNTjz/2zIX5o932AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPg/O3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdi5n5cowjgOwO+MbRZIKV2EPAaGiOhNwoJ+EUnlGtmxS+egTgkZFAWGER0LgiCoW1QQdAoq/4Kog8dO1aUOHQwiqBidSdld2HKh13aeB4Z3htF3vjCwO/N+3n0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYP87uWOzK2ku7Ni9t3f0hdObnNoYQRpPl/c97O0JPCOHrl5nToUFb6Knp/83k3Hj9VZPfe/vHH14fTdZef/G/xXW7Q5IOrTremaTp0NDa+29XdwafTQ8mIaSxCyGKhbEnZyohhI7YhRDFz4/zF7PP9w2xCyGK/g93u7L7X4ldCFFs3f2pr5I/49EOOv/qr89XLwyu/u5v9gjewiM669Dbk1fepW5q6b3M3/+TfPM+WA6zJ468fx67CKKZnZs6GrsGAADg3zrXJP8PW5b3719OQk93fe7/rSb/763pv3H+v+Le9htjMy2FENvqxiaz4+F9rfTZ/k4NXL39umK8p6zk/+Um/y83+X+5yf/LTf5fbvJ/Mq/k/6X0+OaexRexiyAa+T8AAJTPoeMTU9Xhkezlf9OPzvq8vi9vq3me/uDW9MCjVeNG8sP/2+FjEwcODo/k971+QHBl/Yd06ez3fL5HbVuYrJl30Wz9h96nC/PXGvx0rfqH8zeK+orrWv8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgF/szrEJg2AQgNH/kioTZI1kikCaRME9nMHSARzF2hmcw8oFtBDRxtJG3mvu4IPjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALi+T/4r/q936iLdpojUZ/V335/rUi5jaKp2vG89Du4+TvoXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABmduBABgAAAECYv3Ue7QcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgpwAAAP//6bfLTA==")
syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000100)='.\x00', 0x2182824, &(0x7f00000001c0)=ANY=[], 0xfe, 0x0, &(0x7f0000000040))
r1 = syz_io_uring_setup(0xd0, &(0x7f0000000480), &(0x7f00000000c0)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000240)=[{&(0x7f0000001800)=""/224, 0xe0}], 0x1})
io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0)
executing program 2:
r0 = io_uring_setup(0x3b2c, &(0x7f0000000000)={0x0, 0x6928, 0x10, 0xfffffffe, 0x2a8})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0)
close(r0)
executing program 2:
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f00000000000000000a000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0)
listen(0xffffffffffffffff, 0x5)
executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netstat\x00')
read$eventfd(r0, &(0x7f0000000100), 0xfffffd79)
syz_usb_connect(0x0, 0x3f, &(0x7f00000004c0)=ANY=[@ANYBLOB="12010000954c53400d051b01a46f0000000109022d00010000000009040000000202ff00052406000005240000000d2402"], 0x0)
executing program 4:
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_IRQ_BUSID(r0, 0xc0106403, 0x0)
executing program 0:
r0 = socket(0x40000000015, 0x5, 0x0)
r1 = syz_usb_connect(0x3, 0x40, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x93, 0x3, 0x70, 0x10, 0x471, 0x81e, 0xb492, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2e, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x37, 0x2, 0x2, 0xbf, 0xa1, 0x43, 0x0, [], [{{0x9, 0x5, 0x1, 0x2, 0x3ff, 0x0, 0xfa}}, {{0x9, 0x5, 0x82, 0x2, 0x40, 0x0, 0x0, 0x0, [@generic={0xa, 0x24, "93b141d201f6576f"}]}}]}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
bind$inet(r0, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10)
executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000040000000000000000000000000000000000000000000000000000100"/103], 0xfc}}, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_IPV6_RTHDR(r1, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="00020201"], 0x18)
sendmmsg$inet6(r1, &(0x7f0000003a00)=[{{&(0x7f00000000c0)={0xa, 0x4e22, 0xffffff83, @local, 0x9}, 0x1c, &(0x7f0000000180)=[{&(0x7f0000000600)="11", 0x1}], 0x1, 0x0, 0x0, 0xf5}}], 0x1, 0x4044050)
executing program 4:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000340)={0x29, 0x0, 0x1, 0x9}, 0x8)
executing program 4:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
io_setup(0xa, 0x0)
io_submit(0x0, 0x0, &(0x7f0000000180))
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {0xa, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @remote})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000480)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @random="0106002010ff"})
unshare(0x68060200)
executing program 2:
r0 = socket(0x10, 0x803, 0x0)
getsockname$packet(r0, &(0x7f0000000280)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="4800000010000305ff8100"/20, @ANYRES32=r1, @ANYBLOB="0000000040000200280012800a000100767863616e000000180002801400010000000000", @ANYRES32=r1, @ANYBLOB="99"], 0x48}, 0x1, 0x0, 0x0, 0x40}, 0x0)
executing program 2:
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
syz_open_dev$ndb(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
ioctl$sock_SIOCGIFCONF(r2, 0x8912, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket(0x2, 0x3, 0xff)
connect$pppl2tp(r4, &(0x7f0000000180)=@pppol2tpin6={0x18, 0x1, {0x0, r4, 0x3, 0x3, 0x0, 0x0, {0xa, 0x4e22, 0x3, @loopback, 0xe5e}}}, 0x32)
connect$inet(r4, 0x0, 0x0)
sendmsg$key(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x18}}, 0x88a0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x8000, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0x1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00"/18, @ANYRES32=0x1, @ANYBLOB="010000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000020000000500"/28], 0x50)
syz_genetlink_get_family_id$netlbl_cipso(0xfffffffffffffffe, 0xffffffffffffffff)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000540)={'ip6gre0\x00', &(0x7f00000004c0)={'ip6_vti0\x00', 0x0, 0x4, 0xfe, 0x3, 0x1, 0x40, @loopback, @mcast2, 0x78f1, 0x20, 0x6, 0x3}})
openat$zero(0xffffffffffffff9c, &(0x7f00000007c0), 0x105000, 0x0)
ioctl$TCSETS(r5, 0x89f1, &(0x7f0000000100)={0x0, 0x0, 0xffffffff, 0x2, 0x13, '\x00\x00\x00l\x00'})
executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x10000000}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)={@map, r3, 0x7, 0x0, 0x0, @void, @value}, 0x10)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000540)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
fadvise64(0xffffffffffffffff, 0xaa1f, 0xff39, 0x3)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
prlimit64(0x0, 0x0, &(0x7f0000000800)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
r4 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x80800)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r4, 0xc1205531, &(0x7f0000000340)={0x0, 0x7, 0x0, 0x8002, '\x00', '\x00', '\x00', 0x4, 0xfffffffe, 0x100, 0x0, "abd206a1ebd7cedfd17ebd65400ed41b"})
executing program 1:
write(0xffffffffffffffff, &(0x7f0000000040)="050000000100", 0x6)
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$FBIOPUT_CON2FBMAP(r0, 0x4610, &(0x7f0000000040)={0x29, 0xffffffff})
executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
ioctl$EVIOCGBITSW(r0, 0x80404525, 0x0)
executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x48)
socket$inet(0x2, 0xa, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r1, 0x404c534a, &(0x7f00000001c0)={0x0, 0x0, 0x9})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket(0x28, 0x1, 0x0)
r6 = syz_io_uring_setup(0x112, &(0x7f0000000280)={0x0, 0x408c, 0x100, 0x3, 0x40}, &(0x7f0000000180)=<r7=>0x0, &(0x7f0000000040)=<r8=>0x0)
recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x10, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000000c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r5, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0, 0x2121, 0x0, {0x3}})
io_uring_enter(r6, 0x47f6, 0xb277, 0x0, 0x0, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="1400000042000b0023ad"], 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x4040084)
executing program 3:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCGPKT(r0, 0x80045438, 0x0)
executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x18)
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e4, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x4041}, 0x0)
sendmsg$inet(r2, &(0x7f0000002b80)={&(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10, &(0x7f0000000480)}, 0xc800)
r4 = syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
bind$ax25(r4, &(0x7f0000000540)={{0x3, @bcast, 0x1}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
ioctl$EVIOCGABS0(0xffffffffffffffff, 0x80184540, 0x0)
connect$ax25(r4, &(0x7f00000001c0)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
ioctl$sock_ifreq(r3, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})
executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r0)
sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f00000014c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001440)={0x1c, r1, 0x25, 0x70bd2d, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x40080)
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0x40d, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, 0xa010, 0x54014}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_DEFAULT_PVID={0x6, 0x27, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc005}, 0x0)
executing program 1:
write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000020000000000fc00"/31], 0xb8}, 0x1, 0x0, 0x0, 0x80c0}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x1, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x30, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x9}, {}, 0x0, 0x0, 0x0, 0x1}}, 0xb8}}, 0x4000)
executing program 3:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000240))
r2 = dup(r1)
ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x1, r2})
executing program 1:
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc)
r0 = socket$isdn(0x22, 0x2, 0x10)
r1 = socket$isdn(0x22, 0x2, 0x2)
r2 = dup3(r1, r0, 0x0)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r2, 0x6, 0x1, &(0x7f00000000c0)={0xfff, 0x9, 0x4, 0x3, 0x6, 0x1, 0xf8b}, 0xc)
executing program 3:
pipe2(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
syz_open_dev$vim2m(0x0, 0x8004, 0x2)
tee(0xffffffffffffffff, 0xffffffffffffffff, 0x80000001, 0x20)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r5 = syz_open_dev$vim2m(0x0, 0x401, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000540)={0x7, 0x2, 0x0, "adbdeec74e9e4aea00000000000000a902552f08cefca46206b322e0e2b678c4", 0x31303453})
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x60680, 0x0)
ioctl$TIOCPKT(r6, 0x5420, &(0x7f00000000c0)=0x3ff)
write$UHID_CREATE(r0, &(0x7f0000000400)={0x0, {'syz1\x00', 'syz1\x00', 'syz0\x00', 0x0, 0x0, 0xd5, 0x401, 0x8, 0xfffffc01, 0xf}}, 0x120)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1f, 0x5, &(0x7f0000000240)=@raw=[@tail_call, @map_idx={0x18, 0x0, 0x5, 0x0, 0xb}], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x5c, '\x00', 0x0, @fallback, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0xe3)
socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r7, 0x8916, &(0x7f0000000180)={'lo\x00', {0x2, 0x4e21, @empty=0x7f000000}})
keyctl$clear(0x3, 0xfffffffffffffffd)
request_key(&(0x7f0000000000)='asymmetric\x00', &(0x7f0000000080)={'syz', 0x0}, &(0x7f00000000c0)=')\x80', 0x0)
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee0, 0x4008011, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f0000000080)=0xf7e)
read$dsp(r3, &(0x7f00000002c0)=""/4096, 0x1000)
executing program 1:
r0 = socket$nl_audit(0x10, 0x3, 0x9)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000009000000000000000000000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
sendmsg$AUDIT_USER_AVC(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x10, 0x453, 0x10, 0x70bd25, 0x25dfdbfe}, 0x10}, 0x1, 0x0, 0x0, 0x80c4}, 0x20000010)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_test', 0x141a82, 0x0)
sendfile(r2, r2, 0x0, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
executing program 4:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5883, 0x0, 0x3}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000000)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_RENAMEAT={0x23, 0x4, 0x0, 0xffffffffffffffff, &(0x7f0000000340)='\x00', &(0x7f0000000380)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1})
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0)
executing program 3:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, 0x0)
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program crashed: possible deadlock in rtnl_lock
bisect: bisecting 28 programs
bisect: split chunks (needed=false): <27>
bisect: split chunk #0 of len 27 into 3 parts
bisect: testing without sub-chunk 1/3
testing program (duration=34s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 27, 23, 4, 2, 26, 2, 22, 3, 4, 7, 6, 5, 28, 16, 7, 14, 13, 13]
detailed listing:
executing program 2:
r0 = socket(0x10, 0x803, 0x0)
getsockname$packet(r0, &(0x7f0000000280)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="4800000010000305ff8100"/20, @ANYRES32=r1, @ANYBLOB="0000000040000200280012800a000100767863616e000000180002801400010000000000", @ANYRES32=r1, @ANYBLOB="99"], 0x48}, 0x1, 0x0, 0x0, 0x40}, 0x0)
executing program 2:
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
syz_open_dev$ndb(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
ioctl$sock_SIOCGIFCONF(r2, 0x8912, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket(0x2, 0x3, 0xff)
connect$pppl2tp(r4, &(0x7f0000000180)=@pppol2tpin6={0x18, 0x1, {0x0, r4, 0x3, 0x3, 0x0, 0x0, {0xa, 0x4e22, 0x3, @loopback, 0xe5e}}}, 0x32)
connect$inet(r4, 0x0, 0x0)
sendmsg$key(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x18}}, 0x88a0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x8000, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0x1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00"/18, @ANYRES32=0x1, @ANYBLOB="010000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000020000000500"/28], 0x50)
syz_genetlink_get_family_id$netlbl_cipso(0xfffffffffffffffe, 0xffffffffffffffff)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000540)={'ip6gre0\x00', &(0x7f00000004c0)={'ip6_vti0\x00', 0x0, 0x4, 0xfe, 0x3, 0x1, 0x40, @loopback, @mcast2, 0x78f1, 0x20, 0x6, 0x3}})
openat$zero(0xffffffffffffff9c, &(0x7f00000007c0), 0x105000, 0x0)
ioctl$TCSETS(r5, 0x89f1, &(0x7f0000000100)={0x0, 0x0, 0xffffffff, 0x2, 0x13, '\x00\x00\x00l\x00'})
executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x10000000}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)={@map, r3, 0x7, 0x0, 0x0, @void, @value}, 0x10)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000540)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
fadvise64(0xffffffffffffffff, 0xaa1f, 0xff39, 0x3)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
prlimit64(0x0, 0x0, &(0x7f0000000800)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
r4 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x80800)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r4, 0xc1205531, &(0x7f0000000340)={0x0, 0x7, 0x0, 0x8002, '\x00', '\x00', '\x00', 0x4, 0xfffffffe, 0x100, 0x0, "abd206a1ebd7cedfd17ebd65400ed41b"})
executing program 1:
write(0xffffffffffffffff, &(0x7f0000000040)="050000000100", 0x6)
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$FBIOPUT_CON2FBMAP(r0, 0x4610, &(0x7f0000000040)={0x29, 0xffffffff})
executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
ioctl$EVIOCGBITSW(r0, 0x80404525, 0x0)
executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x48)
socket$inet(0x2, 0xa, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r1, 0x404c534a, &(0x7f00000001c0)={0x0, 0x0, 0x9})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket(0x28, 0x1, 0x0)
r6 = syz_io_uring_setup(0x112, &(0x7f0000000280)={0x0, 0x408c, 0x100, 0x3, 0x40}, &(0x7f0000000180)=<r7=>0x0, &(0x7f0000000040)=<r8=>0x0)
recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x10, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000000c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r5, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0, 0x2121, 0x0, {0x3}})
io_uring_enter(r6, 0x47f6, 0xb277, 0x0, 0x0, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="1400000042000b0023ad"], 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x4040084)
executing program 3:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCGPKT(r0, 0x80045438, 0x0)
executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x18)
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e4, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x4041}, 0x0)
sendmsg$inet(r2, &(0x7f0000002b80)={&(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10, &(0x7f0000000480)}, 0xc800)
r4 = syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
bind$ax25(r4, &(0x7f0000000540)={{0x3, @bcast, 0x1}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
ioctl$EVIOCGABS0(0xffffffffffffffff, 0x80184540, 0x0)
connect$ax25(r4, &(0x7f00000001c0)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
ioctl$sock_ifreq(r3, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})
executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r0)
sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f00000014c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001440)={0x1c, r1, 0x25, 0x70bd2d, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x40080)
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0x40d, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, 0xa010, 0x54014}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_DEFAULT_PVID={0x6, 0x27, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc005}, 0x0)
executing program 1:
write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000020000000000fc00"/31], 0xb8}, 0x1, 0x0, 0x0, 0x80c0}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x1, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x30, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x9}, {}, 0x0, 0x0, 0x0, 0x1}}, 0xb8}}, 0x4000)
executing program 3:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000240))
r2 = dup(r1)
ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x1, r2})
executing program 1:
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc)
r0 = socket$isdn(0x22, 0x2, 0x10)
r1 = socket$isdn(0x22, 0x2, 0x2)
r2 = dup3(r1, r0, 0x0)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r2, 0x6, 0x1, &(0x7f00000000c0)={0xfff, 0x9, 0x4, 0x3, 0x6, 0x1, 0xf8b}, 0xc)
executing program 3:
pipe2(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
syz_open_dev$vim2m(0x0, 0x8004, 0x2)
tee(0xffffffffffffffff, 0xffffffffffffffff, 0x80000001, 0x20)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r5 = syz_open_dev$vim2m(0x0, 0x401, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000540)={0x7, 0x2, 0x0, "adbdeec74e9e4aea00000000000000a902552f08cefca46206b322e0e2b678c4", 0x31303453})
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x60680, 0x0)
ioctl$TIOCPKT(r6, 0x5420, &(0x7f00000000c0)=0x3ff)
write$UHID_CREATE(r0, &(0x7f0000000400)={0x0, {'syz1\x00', 'syz1\x00', 'syz0\x00', 0x0, 0x0, 0xd5, 0x401, 0x8, 0xfffffc01, 0xf}}, 0x120)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1f, 0x5, &(0x7f0000000240)=@raw=[@tail_call, @map_idx={0x18, 0x0, 0x5, 0x0, 0xb}], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x5c, '\x00', 0x0, @fallback, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0xe3)
socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r7, 0x8916, &(0x7f0000000180)={'lo\x00', {0x2, 0x4e21, @empty=0x7f000000}})
keyctl$clear(0x3, 0xfffffffffffffffd)
request_key(&(0x7f0000000000)='asymmetric\x00', &(0x7f0000000080)={'syz', 0x0}, &(0x7f00000000c0)=')\x80', 0x0)
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee0, 0x4008011, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f0000000080)=0xf7e)
read$dsp(r3, &(0x7f00000002c0)=""/4096, 0x1000)
executing program 1:
r0 = socket$nl_audit(0x10, 0x3, 0x9)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000009000000000000000000000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
sendmsg$AUDIT_USER_AVC(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x10, 0x453, 0x10, 0x70bd25, 0x25dfdbfe}, 0x10}, 0x1, 0x0, 0x0, 0x80c4}, 0x20000010)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_test', 0x141a82, 0x0)
sendfile(r2, r2, 0x0, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
executing program 4:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5883, 0x0, 0x3}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000000)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_RENAMEAT={0x23, 0x4, 0x0, 0xffffffffffffffff, &(0x7f0000000340)='\x00', &(0x7f0000000380)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1})
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0)
executing program 3:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, 0x0)
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program crashed: KASAN: use-after-free Read in ax25_release
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/3
testing program (duration=32s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 7, 6, 5, 28, 16, 7, 14, 13, 13]
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0x40d, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, 0xa010, 0x54014}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_DEFAULT_PVID={0x6, 0x27, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc005}, 0x0)
executing program 1:
write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000020000000000fc00"/31], 0xb8}, 0x1, 0x0, 0x0, 0x80c0}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x1, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x30, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x9}, {}, 0x0, 0x0, 0x0, 0x1}}, 0xb8}}, 0x4000)
executing program 3:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000240))
r2 = dup(r1)
ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x1, r2})
executing program 1:
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc)
r0 = socket$isdn(0x22, 0x2, 0x10)
r1 = socket$isdn(0x22, 0x2, 0x2)
r2 = dup3(r1, r0, 0x0)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r2, 0x6, 0x1, &(0x7f00000000c0)={0xfff, 0x9, 0x4, 0x3, 0x6, 0x1, 0xf8b}, 0xc)
executing program 3:
pipe2(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
syz_open_dev$vim2m(0x0, 0x8004, 0x2)
tee(0xffffffffffffffff, 0xffffffffffffffff, 0x80000001, 0x20)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r5 = syz_open_dev$vim2m(0x0, 0x401, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000540)={0x7, 0x2, 0x0, "adbdeec74e9e4aea00000000000000a902552f08cefca46206b322e0e2b678c4", 0x31303453})
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x60680, 0x0)
ioctl$TIOCPKT(r6, 0x5420, &(0x7f00000000c0)=0x3ff)
write$UHID_CREATE(r0, &(0x7f0000000400)={0x0, {'syz1\x00', 'syz1\x00', 'syz0\x00', 0x0, 0x0, 0xd5, 0x401, 0x8, 0xfffffc01, 0xf}}, 0x120)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1f, 0x5, &(0x7f0000000240)=@raw=[@tail_call, @map_idx={0x18, 0x0, 0x5, 0x0, 0xb}], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x5c, '\x00', 0x0, @fallback, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0xe3)
socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r7, 0x8916, &(0x7f0000000180)={'lo\x00', {0x2, 0x4e21, @empty=0x7f000000}})
keyctl$clear(0x3, 0xfffffffffffffffd)
request_key(&(0x7f0000000000)='asymmetric\x00', &(0x7f0000000080)={'syz', 0x0}, &(0x7f00000000c0)=')\x80', 0x0)
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee0, 0x4008011, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f0000000080)=0xf7e)
read$dsp(r3, &(0x7f00000002c0)=""/4096, 0x1000)
executing program 1:
r0 = socket$nl_audit(0x10, 0x3, 0x9)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000009000000000000000000000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
sendmsg$AUDIT_USER_AVC(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x10, 0x453, 0x10, 0x70bd25, 0x25dfdbfe}, 0x10}, 0x1, 0x0, 0x0, 0x80c4}, 0x20000010)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_test', 0x141a82, 0x0)
sendfile(r2, r2, 0x0, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
executing program 4:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5883, 0x0, 0x3}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000000)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_RENAMEAT={0x23, 0x4, 0x0, 0xffffffffffffffff, &(0x7f0000000340)='\x00', &(0x7f0000000380)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1})
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0)
executing program 3:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, 0x0)
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program did not crash
bisect: testing without sub-chunk 3/3
testing program (duration=32s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 27, 23, 4, 2, 26, 2, 22, 3, 13]
detailed listing:
executing program 2:
r0 = socket(0x10, 0x803, 0x0)
getsockname$packet(r0, &(0x7f0000000280)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="4800000010000305ff8100"/20, @ANYRES32=r1, @ANYBLOB="0000000040000200280012800a000100767863616e000000180002801400010000000000", @ANYRES32=r1, @ANYBLOB="99"], 0x48}, 0x1, 0x0, 0x0, 0x40}, 0x0)
executing program 2:
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
syz_open_dev$ndb(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
ioctl$sock_SIOCGIFCONF(r2, 0x8912, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket(0x2, 0x3, 0xff)
connect$pppl2tp(r4, &(0x7f0000000180)=@pppol2tpin6={0x18, 0x1, {0x0, r4, 0x3, 0x3, 0x0, 0x0, {0xa, 0x4e22, 0x3, @loopback, 0xe5e}}}, 0x32)
connect$inet(r4, 0x0, 0x0)
sendmsg$key(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x18}}, 0x88a0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x8000, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0x1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00"/18, @ANYRES32=0x1, @ANYBLOB="010000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000020000000500"/28], 0x50)
syz_genetlink_get_family_id$netlbl_cipso(0xfffffffffffffffe, 0xffffffffffffffff)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000540)={'ip6gre0\x00', &(0x7f00000004c0)={'ip6_vti0\x00', 0x0, 0x4, 0xfe, 0x3, 0x1, 0x40, @loopback, @mcast2, 0x78f1, 0x20, 0x6, 0x3}})
openat$zero(0xffffffffffffff9c, &(0x7f00000007c0), 0x105000, 0x0)
ioctl$TCSETS(r5, 0x89f1, &(0x7f0000000100)={0x0, 0x0, 0xffffffff, 0x2, 0x13, '\x00\x00\x00l\x00'})
executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x10000000}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)={@map, r3, 0x7, 0x0, 0x0, @void, @value}, 0x10)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000540)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
fadvise64(0xffffffffffffffff, 0xaa1f, 0xff39, 0x3)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
prlimit64(0x0, 0x0, &(0x7f0000000800)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
r4 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x80800)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r4, 0xc1205531, &(0x7f0000000340)={0x0, 0x7, 0x0, 0x8002, '\x00', '\x00', '\x00', 0x4, 0xfffffffe, 0x100, 0x0, "abd206a1ebd7cedfd17ebd65400ed41b"})
executing program 1:
write(0xffffffffffffffff, &(0x7f0000000040)="050000000100", 0x6)
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$FBIOPUT_CON2FBMAP(r0, 0x4610, &(0x7f0000000040)={0x29, 0xffffffff})
executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
ioctl$EVIOCGBITSW(r0, 0x80404525, 0x0)
executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x48)
socket$inet(0x2, 0xa, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r1, 0x404c534a, &(0x7f00000001c0)={0x0, 0x0, 0x9})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket(0x28, 0x1, 0x0)
r6 = syz_io_uring_setup(0x112, &(0x7f0000000280)={0x0, 0x408c, 0x100, 0x3, 0x40}, &(0x7f0000000180)=<r7=>0x0, &(0x7f0000000040)=<r8=>0x0)
recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x10, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000000c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r5, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0, 0x2121, 0x0, {0x3}})
io_uring_enter(r6, 0x47f6, 0xb277, 0x0, 0x0, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="1400000042000b0023ad"], 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x4040084)
executing program 3:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCGPKT(r0, 0x80045438, 0x0)
executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x18)
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e4, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x4041}, 0x0)
sendmsg$inet(r2, &(0x7f0000002b80)={&(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10, &(0x7f0000000480)}, 0xc800)
r4 = syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
bind$ax25(r4, &(0x7f0000000540)={{0x3, @bcast, 0x1}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
ioctl$EVIOCGABS0(0xffffffffffffffff, 0x80184540, 0x0)
connect$ax25(r4, &(0x7f00000001c0)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
ioctl$sock_ifreq(r3, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})
executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r0)
sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f00000014c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001440)={0x1c, r1, 0x25, 0x70bd2d, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x40080)
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program crashed: possible deadlock in rtnl_lock
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <9>
bisect: split chunk #0 of len 9 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [26, 2, 22, 3, 13]
detailed listing:
executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x48)
socket$inet(0x2, 0xa, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r1, 0x404c534a, &(0x7f00000001c0)={0x0, 0x0, 0x9})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket(0x28, 0x1, 0x0)
r6 = syz_io_uring_setup(0x112, &(0x7f0000000280)={0x0, 0x408c, 0x100, 0x3, 0x40}, &(0x7f0000000180)=<r7=>0x0, &(0x7f0000000040)=<r8=>0x0)
recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x10, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000000c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r5, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0, 0x2121, 0x0, {0x3}})
io_uring_enter(r6, 0x47f6, 0xb277, 0x0, 0x0, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="1400000042000b0023ad"], 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x4040084)
executing program 3:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCGPKT(r0, 0x80045438, 0x0)
executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x18)
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e4, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x4041}, 0x0)
sendmsg$inet(r2, &(0x7f0000002b80)={&(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10, &(0x7f0000000480)}, 0xc800)
r4 = syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
bind$ax25(r4, &(0x7f0000000540)={{0x3, @bcast, 0x1}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
ioctl$EVIOCGABS0(0xffffffffffffffff, 0x80184540, 0x0)
connect$ax25(r4, &(0x7f00000001c0)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
ioctl$sock_ifreq(r3, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})
executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r0)
sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f00000014c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001440)={0x1c, r1, 0x25, 0x70bd2d, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x40080)
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program crashed: possible deadlock in rtnl_lock
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <4>
bisect: split chunk #0 of len 4 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [22, 3, 13]
detailed listing:
executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x18)
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e4, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x4041}, 0x0)
sendmsg$inet(r2, &(0x7f0000002b80)={&(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10, &(0x7f0000000480)}, 0xc800)
r4 = syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
bind$ax25(r4, &(0x7f0000000540)={{0x3, @bcast, 0x1}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
ioctl$EVIOCGABS0(0xffffffffffffffff, 0x80184540, 0x0)
connect$ax25(r4, &(0x7f00000001c0)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
ioctl$sock_ifreq(r3, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})
executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r0)
sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f00000014c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001440)={0x1c, r1, 0x25, 0x70bd2d, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x40080)
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program crashed: possible deadlock in rtnl_lock
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <2>
bisect: split chunk #0 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 13]
detailed listing:
executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r0)
sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f00000014c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001440)={0x1c, r1, 0x25, 0x70bd2d, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x40080)
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [22, 13]
detailed listing:
executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x18)
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e4, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x4041}, 0x0)
sendmsg$inet(r2, &(0x7f0000002b80)={&(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10, &(0x7f0000000480)}, 0xc800)
r4 = syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
bind$ax25(r4, &(0x7f0000000540)={{0x3, @bcast, 0x1}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
ioctl$EVIOCGABS0(0xffffffffffffffff, 0x80184540, 0x0)
connect$ax25(r4, &(0x7f00000001c0)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
ioctl$sock_ifreq(r3, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program crashed: possible deadlock in rtnl_lock
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <1>
bisect: split chunk #0 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: 2 programs left: 

executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x18)
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e4, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x4041}, 0x0)
sendmsg$inet(r2, &(0x7f0000002b80)={&(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10, &(0x7f0000000480)}, 0xc800)
r4 = syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
bind$ax25(r4, &(0x7f0000000540)={{0x3, @bcast, 0x1}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
ioctl$EVIOCGABS0(0xffffffffffffffff, 0x80184540, 0x0)
connect$ax25(r4, &(0x7f00000001c0)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
ioctl$sock_ifreq(r3, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))


bisect: trying to concatenate
bisect: concatenate 2 entries
minimizing program #0 before concatenation
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [21, 13]
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x18)
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e4, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x4041}, 0x0)
sendmsg$inet(r2, &(0x7f0000002b80)={&(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10, &(0x7f0000000480)}, 0xc800)
r3 = syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
bind$ax25(r3, &(0x7f0000000540)={{0x3, @bcast, 0x1}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
ioctl$EVIOCGABS0(0xffffffffffffffff, 0x80184540, 0x0)
connect$ax25(r3, &(0x7f00000001c0)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program crashed: possible deadlock in ax25_device_event
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [20, 13]
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x18)
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e4, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x4041}, 0x0)
sendmsg$inet(r2, &(0x7f0000002b80)={&(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10, &(0x7f0000000480)}, 0xc800)
r3 = syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
bind$ax25(r3, &(0x7f0000000540)={{0x3, @bcast, 0x1}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
ioctl$EVIOCGABS0(0xffffffffffffffff, 0x80184540, 0x0)
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program crashed: KASAN: use-after-free Read in ax25_release
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [19, 13]
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x18)
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e4, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x4041}, 0x0)
sendmsg$inet(r2, &(0x7f0000002b80)={&(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10, &(0x7f0000000480)}, 0xc800)
r3 = syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
bind$ax25(r3, &(0x7f0000000540)={{0x3, @bcast, 0x1}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program crashed: KASAN: use-after-free Read in ax25_release
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [18, 13]
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x18)
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e4, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x4041}, 0x0)
sendmsg$inet(r2, &(0x7f0000002b80)={&(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10, &(0x7f0000000480)}, 0xc800)
syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program crashed: KASAN: use-after-free Read in ax25_release
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [17, 13]
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x18)
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e4, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x4041}, 0x0)
sendmsg$inet(r2, &(0x7f0000002b80)={&(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10, &(0x7f0000000480)}, 0xc800)
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program crashed: KASAN: use-after-free Read in ax25_release
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [16, 13]
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x18)
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e4, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x4041}, 0x0)
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program crashed: KASAN: use-after-free Read in ax25_release
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [15, 13]
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x18)
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e4, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program crashed: KASAN: use-after-free Read in ax25_release
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [14, 13]
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x18)
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e4, 0x0)
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program crashed: KASAN: use-after-free Read in ax25_release
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [13, 13]
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x18)
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program crashed: KASAN: use-after-free Read in ax25_release
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [12, 13]
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x18)
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program crashed: KASAN: use-after-free Read in ax25_release
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [11, 13]
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x18)
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program crashed: KASAN: use-after-free Read in ax25_release
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [10, 13]
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x18)
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [10, 13]
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x18)
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [10, 13]
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x18)
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(0xffffffffffffffff, 0x8914, &(0x7f0000000000))
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [10, 13]
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x18)
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [10, 13]
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x18)
ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [10, 13]
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x18)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program crashed: KASAN: use-after-free Read in ax25_release
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 13]
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program crashed: KASAN: use-after-free Read in ax25_release
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [8, 13]
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program crashed: KASAN: use-after-free Read in ax25_release
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [7, 13]
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program crashed: KASAN: use-after-free Read in ax25_release
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [6, 13]
detailed listing:
executing program 0:
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program crashed: KASAN: use-after-free Read in ax25_release
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 13]
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

program crashed: KASAN: use-after-free Read in ax25_release
minimized 22 calls -> 5 calls
minimizing program #1 before concatenation
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 12]
detailed listing:
executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
executing program 0:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r1, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 11]
detailed listing:
executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
executing program 0:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(r1, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 10]
detailed listing:
executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
executing program 0:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 9]
detailed listing:
executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
executing program 0:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
syz_init_net_socket$ax25(0x3, 0x2, 0x7)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 9]
detailed listing:
executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
executing program 0:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 8]
detailed listing:
executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
executing program 0:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 7]
detailed listing:
executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
executing program 0:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 6]
detailed listing:
executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
executing program 0:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 5]
detailed listing:
executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
executing program 0:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'syz_tun\x00', 0x0})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 5]
detailed listing:
executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
executing program 0:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 4]
detailed listing:
executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
executing program 0:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 3]
detailed listing:
executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
executing program 0:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 2]
detailed listing:
executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
executing program 0:
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
minimized 13 calls -> 2 calls
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$ax25-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
setsockopt$ax25_SO_BINDTODEVICE(r2, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
bisect: concatenation succeeded
found reproducer with 7 syscalls
minimizing guilty program
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$ax25
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
syz_init_net_socket$ax25(0x3, 0x2, 0x7)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-syz_init_net_socket$ax25-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
setsockopt$ax25_SO_BINDTODEVICE(r1, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-ioctl$sock_netdev_private-syz_init_net_socket$ax25-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
setsockopt$ax25_SO_BINDTODEVICE(r2, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$ax25-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(0xffffffffffffffff, 0x8914, &(0x7f0000000000))
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
setsockopt$ax25_SO_BINDTODEVICE(r1, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$ax25-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000))
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
setsockopt$ax25_SO_BINDTODEVICE(r1, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$ax25-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000))
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
setsockopt$ax25_SO_BINDTODEVICE(r1, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$ax25-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000))
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
setsockopt$ax25_SO_BINDTODEVICE(r1, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$ax25-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
setsockopt$ax25_SO_BINDTODEVICE(r2, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$ax25-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, 0x0, 0x0)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
setsockopt$ax25_SO_BINDTODEVICE(r2, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$ax25-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
setsockopt$ax25_SO_BINDTODEVICE(r2, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$ax25-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
setsockopt$ax25_SO_BINDTODEVICE(r2, 0x101, 0x19, 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$ax25-setsockopt$ax25_SO_BINDTODEVICE
program crashed: KASAN: use-after-free Read in ax25_fillin_cb
simplifying C reproducer
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$ax25-setsockopt$ax25_SO_BINDTODEVICE
program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing compiled C program (duration=45s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$ax25-setsockopt$ax25_SO_BINDTODEVICE
program did not crash
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$ax25-setsockopt$ax25_SO_BINDTODEVICE
program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$ax25-setsockopt$ax25_SO_BINDTODEVICE
program did not crash
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$ax25-setsockopt$ax25_SO_BINDTODEVICE
program did not crash
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$ax25-setsockopt$ax25_SO_BINDTODEVICE
program did not crash
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$ax25-setsockopt$ax25_SO_BINDTODEVICE
program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$ax25-setsockopt$ax25_SO_BINDTODEVICE
program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$ax25-setsockopt$ax25_SO_BINDTODEVICE
program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$ax25-setsockopt$ax25_SO_BINDTODEVICE
program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$ax25-setsockopt$ax25_SO_BINDTODEVICE
program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$ax25-setsockopt$ax25_SO_BINDTODEVICE
program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$ax25-setsockopt$ax25_SO_BINDTODEVICE
program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$ax25-setsockopt$ax25_SO_BINDTODEVICE
program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$ax25-setsockopt$ax25_SO_BINDTODEVICE
program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$ax25-setsockopt$ax25_SO_BINDTODEVICE
program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$ax25-setsockopt$ax25_SO_BINDTODEVICE
program crashed: KASAN: use-after-free Read in ax25_fillin_cb
reproducing took 1h42m58.078024433s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: use-after-free in ax25_fillin_cb_from_dev net/ax25/af_ax25.c:468 [inline]
BUG: KASAN: use-after-free in ax25_fillin_cb+0x39c/0x588 net/ax25/af_ax25.c:495
Read of size 4 at addr ffff0000c18e4238 by task syz-executor577/4031

CPU: 1 PID: 4031 Comm: syz-executor577 Not tainted 5.15.180-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 print_address_description+0x7c/0x3f0 mm/kasan/report.c:248
 __kasan_report mm/kasan/report.c:434 [inline]
 kasan_report+0x174/0x1e4 mm/kasan/report.c:451
 __asan_report_load4_noabort+0x44/0x50 mm/kasan/report_generic.c:308
 ax25_fillin_cb_from_dev net/ax25/af_ax25.c:468 [inline]
 ax25_fillin_cb+0x39c/0x588 net/ax25/af_ax25.c:495
 ax25_setsockopt+0x980/0xcdc net/ax25/af_ax25.c:690
 __sys_setsockopt+0x3a8/0x6b4 net/socket.c:2203
 __do_sys_setsockopt net/socket.c:2214 [inline]
 __se_sys_setsockopt net/socket.c:2211 [inline]
 __arm64_sys_setsockopt+0xb8/0xd4 net/socket.c:2211
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584

Allocated by task 4029:
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track mm/kasan/common.c:46 [inline]
 set_alloc_info mm/kasan/common.c:434 [inline]
 ____kasan_kmalloc+0xbc/0xfc mm/kasan/common.c:513
 __kasan_kmalloc+0x10/0x1c mm/kasan/common.c:522
 kasan_kmalloc include/linux/kasan.h:264 [inline]
 kmem_cache_alloc_trace+0x27c/0x47c mm/slub.c:3247
 kmalloc include/linux/slab.h:604 [inline]
 kzalloc include/linux/slab.h:735 [inline]
 ax25_dev_device_up+0x5c/0x548 net/ax25/ax25_dev.c:55
 ax25_device_event+0x504/0x590 net/ax25/af_ax25.c:139
 notifier_call_chain kernel/notifier.c:83 [inline]
 raw_notifier_call_chain+0xd4/0x164 kernel/notifier.c:391
 __dev_notify_flags+0x2b4/0x540 net/core/dev.c:-1
 dev_change_flags+0xc8/0x154 net/core/dev.c:8928
 dev_ifsioc+0x140/0xfe4 net/core/dev_ioctl.c:324
 dev_ioctl+0x4e0/0xd3c net/core/dev_ioctl.c:587
 sock_do_ioctl+0x1dc/0x2dc net/socket.c:1154
 sock_ioctl+0x4f4/0x8b0 net/socket.c:1257
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl fs/ioctl.c:860 [inline]
 __arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:860
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584

Freed by task 4030:
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track+0x4c/0x84 mm/kasan/common.c:46
 kasan_set_free_info+0x28/0x4c mm/kasan/generic.c:360
 ____kasan_slab_free+0x118/0x164 mm/kasan/common.c:366
 __kasan_slab_free+0x18/0x28 mm/kasan/common.c:374
 kasan_slab_free include/linux/kasan.h:230 [inline]
 slab_free_hook mm/slub.c:1705 [inline]
 slab_free_freelist_hook+0x128/0x1ec mm/slub.c:1731
 slab_free mm/slub.c:3499 [inline]
 kfree+0x178/0x410 mm/slub.c:4559
 ax25_dev_put include/net/ax25.h:302 [inline]
 ax25_release+0x57c/0x82c net/ax25/af_ax25.c:1062
 __sock_release net/socket.c:649 [inline]
 sock_close+0xb8/0x1fc net/socket.c:1336
 __fput+0x1c4/0x800 fs/file_table.c:311
 ____fput+0x20/0x30 fs/file_table.c:339
 task_work_run+0x130/0x1e4 kernel/task_work.c:188
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584

The buggy address belongs to the object at ffff0000c18e4200
 which belongs to the cache kmalloc-256 of size 256
The buggy address is located 56 bytes inside of
 256-byte region [ffff0000c18e4200, ffff0000c18e4300)
The buggy address belongs to the page:
page:000000008f9452a6 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1018e4
head:000000008f9452a6 order:1 compound_mapcount:0
flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002480
raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff0000c18e4100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff0000c18e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff0000c18e4200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                        ^
 ffff0000c18e4280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff0000c18e4300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
Unable to handle kernel paging request at virtual address cec002bd00001566
Mem abort info:
  ESR = 0x0000000096000021
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x21: alignment fault
Data abort info:
  ISV = 0, ISS = 0x00000021
  CM = 0, WnR = 0
[cec002bd00001566] address between user and kernel address ranges
Internal error: Oops: 0000000096000021 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 4031 Comm: syz-executor577 Tainted: G    B             5.15.180-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __lse_atomic_fetch_sub_release arch/arm64/include/asm/atomic_lse.h:161 [inline]
pc : arch_atomic_fetch_sub_release arch/arm64/include/asm/atomic.h:51 [inline]
pc : atomic_fetch_sub_release include/linux/atomic/atomic-instrumented.h:168 [inline]
pc : __refcount_dec include/linux/refcount.h:338 [inline]
pc : refcount_dec include/linux/refcount.h:359 [inline]
pc : dev_put include/linux/netdevice.h:4197 [inline]
pc : ax25_release+0x50c/0x82c net/ax25/af_ax25.c:1061
lr : __lse_atomic_fetch_sub_release arch/arm64/include/asm/atomic_lse.h:-1 [inline]
lr : arch_atomic_fetch_sub_release arch/arm64/include/asm/atomic.h:51 [inline]
lr : atomic_fetch_sub_release include/linux/atomic/atomic-instrumented.h:168 [inline]
lr : __refcount_dec include/linux/refcount.h:338 [inline]
lr : refcount_dec include/linux/refcount.h:359 [inline]
lr : dev_put include/linux/netdevice.h:4197 [inline]
lr : ax25_release+0x504/0x82c net/ax25/af_ax25.c:1061
sp : ffff80001ff57950
x29: ffff80001ff57970 x28: dfff800000000000 x27: ffff0000c12cc080
x26: ffff0000cddca028 x25: 0000000000000002 x24: 00000000ffffffff
x23: cec002bd00001566 x22: ffff0000c18e4200 x21: ffff0000de3e1818
x20: ffff0000c12cc000 x19: 1fffe00019bb9405 x18: 0000000000000000
x17: 0000000000000000 x16: ffff8000084c73cc x15: 0000000000000002
x14: ffff0000d47a51c0 x13: 0000000000ff0100 x12: 0000000000000001
x11: 0000000000000000 x10: 0000000000000000 x9 : ffff0000d47a51c0
x8 : ffff800010de0938 x7 : 0000000000000000 x6 : ffff8000083bb1b4
x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800010de092c
x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000001
Call trace:
 __lse_atomic_fetch_sub_release arch/arm64/include/asm/atomic_lse.h:161 [inline]
 arch_atomic_fetch_sub_release arch/arm64/include/asm/atomic.h:51 [inline]
 atomic_fetch_sub_release include/linux/atomic/atomic-instrumented.h:168 [inline]
 __refcount_dec include/linux/refcount.h:338 [inline]
 refcount_dec include/linux/refcount.h:359 [inline]
 dev_put include/linux/netdevice.h:4197 [inline]
 ax25_release+0x50c/0x82c net/ax25/af_ax25.c:1061
 __sock_release net/socket.c:649 [inline]
 sock_close+0xb8/0x1fc net/socket.c:1336
 __fput+0x1c4/0x800 fs/file_table.c:311
 ____fput+0x20/0x30 fs/file_table.c:339
 task_work_run+0x130/0x1e4 kernel/task_work.c:188
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: d503201f 97c5148f 52800038 4b1803f8 (b87802f8) 
---[ end trace 444add1a9d770f29 ]---
----------------
Code disassembly (best guess):
   0:	d503201f 	nop
   4:	97c5148f 	bl	0xffffffffff145240
   8:	52800038 	mov	w24, #0x1                   	// #1
   c:	4b1803f8 	neg	w24, w24
* 10:	b87802f8 	ldaddl	w24, w24, [x23] <-- trapping instruction

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: use-after-free in ax25_fillin_cb_from_dev net/ax25/af_ax25.c:468 [inline]
BUG: KASAN: use-after-free in ax25_fillin_cb+0x39c/0x588 net/ax25/af_ax25.c:495
Read of size 4 at addr ffff0000c18e4238 by task syz-executor577/4031

CPU: 1 PID: 4031 Comm: syz-executor577 Not tainted 5.15.180-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 print_address_description+0x7c/0x3f0 mm/kasan/report.c:248
 __kasan_report mm/kasan/report.c:434 [inline]
 kasan_report+0x174/0x1e4 mm/kasan/report.c:451
 __asan_report_load4_noabort+0x44/0x50 mm/kasan/report_generic.c:308
 ax25_fillin_cb_from_dev net/ax25/af_ax25.c:468 [inline]
 ax25_fillin_cb+0x39c/0x588 net/ax25/af_ax25.c:495
 ax25_setsockopt+0x980/0xcdc net/ax25/af_ax25.c:690
 __sys_setsockopt+0x3a8/0x6b4 net/socket.c:2203
 __do_sys_setsockopt net/socket.c:2214 [inline]
 __se_sys_setsockopt net/socket.c:2211 [inline]
 __arm64_sys_setsockopt+0xb8/0xd4 net/socket.c:2211
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584

Allocated by task 4029:
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track mm/kasan/common.c:46 [inline]
 set_alloc_info mm/kasan/common.c:434 [inline]
 ____kasan_kmalloc+0xbc/0xfc mm/kasan/common.c:513
 __kasan_kmalloc+0x10/0x1c mm/kasan/common.c:522
 kasan_kmalloc include/linux/kasan.h:264 [inline]
 kmem_cache_alloc_trace+0x27c/0x47c mm/slub.c:3247
 kmalloc include/linux/slab.h:604 [inline]
 kzalloc include/linux/slab.h:735 [inline]
 ax25_dev_device_up+0x5c/0x548 net/ax25/ax25_dev.c:55
 ax25_device_event+0x504/0x590 net/ax25/af_ax25.c:139
 notifier_call_chain kernel/notifier.c:83 [inline]
 raw_notifier_call_chain+0xd4/0x164 kernel/notifier.c:391
 __dev_notify_flags+0x2b4/0x540 net/core/dev.c:-1
 dev_change_flags+0xc8/0x154 net/core/dev.c:8928
 dev_ifsioc+0x140/0xfe4 net/core/dev_ioctl.c:324
 dev_ioctl+0x4e0/0xd3c net/core/dev_ioctl.c:587
 sock_do_ioctl+0x1dc/0x2dc net/socket.c:1154
 sock_ioctl+0x4f4/0x8b0 net/socket.c:1257
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl fs/ioctl.c:860 [inline]
 __arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:860
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584

Freed by task 4030:
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track+0x4c/0x84 mm/kasan/common.c:46
 kasan_set_free_info+0x28/0x4c mm/kasan/generic.c:360
 ____kasan_slab_free+0x118/0x164 mm/kasan/common.c:366
 __kasan_slab_free+0x18/0x28 mm/kasan/common.c:374
 kasan_slab_free include/linux/kasan.h:230 [inline]
 slab_free_hook mm/slub.c:1705 [inline]
 slab_free_freelist_hook+0x128/0x1ec mm/slub.c:1731
 slab_free mm/slub.c:3499 [inline]
 kfree+0x178/0x410 mm/slub.c:4559
 ax25_dev_put include/net/ax25.h:302 [inline]
 ax25_release+0x57c/0x82c net/ax25/af_ax25.c:1062
 __sock_release net/socket.c:649 [inline]
 sock_close+0xb8/0x1fc net/socket.c:1336
 __fput+0x1c4/0x800 fs/file_table.c:311
 ____fput+0x20/0x30 fs/file_table.c:339
 task_work_run+0x130/0x1e4 kernel/task_work.c:188
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584

The buggy address belongs to the object at ffff0000c18e4200
 which belongs to the cache kmalloc-256 of size 256
The buggy address is located 56 bytes inside of
 256-byte region [ffff0000c18e4200, ffff0000c18e4300)
The buggy address belongs to the page:
page:000000008f9452a6 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1018e4
head:000000008f9452a6 order:1 compound_mapcount:0
flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002480
raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff0000c18e4100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff0000c18e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff0000c18e4200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                        ^
 ffff0000c18e4280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff0000c18e4300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
Unable to handle kernel paging request at virtual address cec002bd00001566
Mem abort info:
  ESR = 0x0000000096000021
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x21: alignment fault
Data abort info:
  ISV = 0, ISS = 0x00000021
  CM = 0, WnR = 0
[cec002bd00001566] address between user and kernel address ranges
Internal error: Oops: 0000000096000021 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 4031 Comm: syz-executor577 Tainted: G    B             5.15.180-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __lse_atomic_fetch_sub_release arch/arm64/include/asm/atomic_lse.h:161 [inline]
pc : arch_atomic_fetch_sub_release arch/arm64/include/asm/atomic.h:51 [inline]
pc : atomic_fetch_sub_release include/linux/atomic/atomic-instrumented.h:168 [inline]
pc : __refcount_dec include/linux/refcount.h:338 [inline]
pc : refcount_dec include/linux/refcount.h:359 [inline]
pc : dev_put include/linux/netdevice.h:4197 [inline]
pc : ax25_release+0x50c/0x82c net/ax25/af_ax25.c:1061
lr : __lse_atomic_fetch_sub_release arch/arm64/include/asm/atomic_lse.h:-1 [inline]
lr : arch_atomic_fetch_sub_release arch/arm64/include/asm/atomic.h:51 [inline]
lr : atomic_fetch_sub_release include/linux/atomic/atomic-instrumented.h:168 [inline]
lr : __refcount_dec include/linux/refcount.h:338 [inline]
lr : refcount_dec include/linux/refcount.h:359 [inline]
lr : dev_put include/linux/netdevice.h:4197 [inline]
lr : ax25_release+0x504/0x82c net/ax25/af_ax25.c:1061
sp : ffff80001ff57950
x29: ffff80001ff57970 x28: dfff800000000000 x27: ffff0000c12cc080
x26: ffff0000cddca028 x25: 0000000000000002 x24: 00000000ffffffff
x23: cec002bd00001566 x22: ffff0000c18e4200 x21: ffff0000de3e1818
x20: ffff0000c12cc000 x19: 1fffe00019bb9405 x18: 0000000000000000
x17: 0000000000000000 x16: ffff8000084c73cc x15: 0000000000000002
x14: ffff0000d47a51c0 x13: 0000000000ff0100 x12: 0000000000000001
x11: 0000000000000000 x10: 0000000000000000 x9 : ffff0000d47a51c0
x8 : ffff800010de0938 x7 : 0000000000000000 x6 : ffff8000083bb1b4
x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800010de092c
x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000001
Call trace:
 __lse_atomic_fetch_sub_release arch/arm64/include/asm/atomic_lse.h:161 [inline]
 arch_atomic_fetch_sub_release arch/arm64/include/asm/atomic.h:51 [inline]
 atomic_fetch_sub_release include/linux/atomic/atomic-instrumented.h:168 [inline]
 __refcount_dec include/linux/refcount.h:338 [inline]
 refcount_dec include/linux/refcount.h:359 [inline]
 dev_put include/linux/netdevice.h:4197 [inline]
 ax25_release+0x50c/0x82c net/ax25/af_ax25.c:1061
 __sock_release net/socket.c:649 [inline]
 sock_close+0xb8/0x1fc net/socket.c:1336
 __fput+0x1c4/0x800 fs/file_table.c:311
 ____fput+0x20/0x30 fs/file_table.c:339
 task_work_run+0x130/0x1e4 kernel/task_work.c:188
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: d503201f 97c5148f 52800038 4b1803f8 (b87802f8) 
---[ end trace 444add1a9d770f29 ]---
----------------
Code disassembly (best guess):
   0:	d503201f 	nop
   4:	97c5148f 	bl	0xffffffffff145240
   8:	52800038 	mov	w24, #0x1                   	// #1
   c:	4b1803f8 	neg	w24, w24
* 10:	b87802f8 	ldaddl	w24, w24, [x23] <-- trapping instruction