Extracting prog: 1m59.257632095s
Minimizing prog: 59m13.238352855s
Simplifying prog options: 0s
Extracting C: 1m5.234040414s
Simplifying C: 19m4.49604552s


extracting reproducer from 31 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close-socket$inet6_mptcp-bind$inet6-listen-syz_emit_ethernet-syz_mount_image$hfs-open-getdents-syz_init_net_socket$bt_sco-socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-prctl$PR_SET_MM_AUXV-openat-io_setup-io_submit-setsockopt$inet_sctp_SCTP_AUTO_ASCONF-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-ioctl$sock_netrom_SIOCADDRT-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_mount_image$hfsplus-openat$dir-getdents-socket$inet_mptcp-setsockopt$inet_int-bpf$PROG_LOAD
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0800df", 0x14, 0x6, 0x0, @rand_addr=' \x01\x00', @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10, 0x9, 0x0, 0x10}}}}}}}, 0x0)
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x1000000, &(0x7f0000000180)=ANY=[@ANYBLOB="71756965742c696f636861727365743d69736f383835392d372c63726561746f723d8761b3312c636f6465706167653d6370313235302c7569643d", @ANYRESHEX=0x0, @ANYBLOB='F\x00', @ANYRES64=0x0], 0x1, 0x2fb, &(0x7f0000000240)="$eJzs3b9u00AcB/DvnZ02pVUxbRESC6hQCZaKAgNiCUJZ2ZkQkKRShFVEWyRgIVSMiAdg5xV4CBYQLwAsTDxANqM7nx07OV9SSOImfD9SIud8f36H/91Zogci+m/drX//eOOX+gjAgwfgNiABVAEfwFmcqz7fO2wfhq2mqyJPl1AfgbikGMjT2GvZiqpyuoQRqF8+VrJpNBlRFN35UXYQVDp99VtIYNFch3p/dcpxjUt/5zrAhZJCKU3230B00cULrJYYDhERnQDm+S/NY2JFJwlICWyZx/5MP//7dcsOYLxuhgNJkbNA5vmvR3eRUMf3tN7Vm+/pKZzaL5NZ4ijBVPp+LyA+s3JjMGGfVf6MYiYWubTb9rHdeIOmxBFqRqbAhv5uxqduYki0m5a5qUNxbRXcOxX3Ro0ol/p3JyHttsPWotqwxL9+vBb/nfgsvooHIsAHNNPxnx8JdZj0kQr6jpSsqPivFde4rEupXDDT/lqtJnNZzuhGzpsWjCG9rNpnJNk6kxcEnTQCS5xHyYZuew351wpx73ZsDYhe5eu2UkH6a7CsbmsjV8ozZ8J242nofJXytzrOvUkXxXtxX2ziNz6hnhn/SxXfFjJXputWL3ROc2bE/Vmw5/R1zmDgydEL9mIagbHo7AcVON7bsnd4jFtYPXj56okXhq19tfHIsvFsZV+YlMpbwJpn8hseHHnQSVMiTz08XkfRqDVHkwz+6lgrVPePNEVdPrbM6ipLU+S0D9P8bfiw7ap/geuEnOhGMnQZS4VqoFWwayL3KDphDkRy0E3CwCCW5pwad4l4/qdH8mZUp+8z6itwjNPdk0zkatxJZ3D5oeCabewyZG6wXDyDy7R4vWDOqOdcl64AlzOJAs4WAx3n3BB1fMNDvv8nIiIiIiIiIiIiIiIiIiIiIiIiIpo10/gfC2X3kYiIiIiIiIiIiIiIiIiIiIiIiIiIiIho1o2+/u9Sb6Um29+I1+v/BkPX/80tAGwWiuL6v0Tl+BMAAP//CpR9aw==")
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f00000008c0)=""/54, 0x36)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
prctl$PR_SET_MM_AUXV(0x3c, 0xc, &(0x7f0000000000)="db", 0x1)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x60840, 0x8)
io_setup(0x3, &(0x7f0000000080)=<r7=>0x0)
io_submit(r7, 0x1, &(0x7f0000000440)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0xf00f, 0x4000000, 0x0, 0x0, r6}])
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r6, 0x84, 0x1e, &(0x7f0000000540)=0x10001, 0x4)
r8 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r8, 0x8914, &(0x7f0000000000))
ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(r5, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f00000004c0)='./file1\x00', 0x1804810, &(0x7f0000000140)=ANY=[], 0xfb, 0x69d, &(0x7f0000000640)="$eJzs3c1vHGcdB/DvrDd2Ni0hSZM2oEq1GgkQEYkTKy3mQkAI5VBVVTlwthKnseKkxXGRWyHi8HrtoX9AOeSCOCFx4hKpcOBCb70hH5GQuJQD4cKimZ211971Zt0mXpt+PtHs8zrPPPObl32xognwuXXlbJoPUuTK2VdWy/L6/dml9fuztzr5V5tJppKsJWW2kaT4d7vd/jC5nBQbwxTb0j7vL869/vEn63/vlJr1UvVvDFtvm7rf2rbqtW7ddJKJOv0Mtox39TOPV2zM/HKSM3UKY3coSXuLH/3l6Y2WHq1Bax/ekzkCT1bRed/scyw5Ul/o5eeA7jtvY29nN7qpEftt/wQBAAAAB031HbjZV72l5osP8zCrxdE9nBYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcaGubz/8v6qXRzU+n6D7/f7KuS53fX17YXfcHT2oeAAAAAAAAALCHXniYh1nN0W65XVR/83+xKpysXp/K27mThSznXFYzn5WsZDkXkhzrGWhydX5lZapbGrbmxUFrLl98xES7Q7cew04DAAAAAAAAwP+fn+XK5t//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgPyiSiU6S4l5P9bE0mkkOJ5ksK9aSj7r5g+zBuCcAAAAAe2AqeZjVHO2W20VOJnm2+g3gcN7O7axkMStZykKuVb8LdL71N9bvzy6t35+9VS79437nn7uaRjViOr89DN7y6apHK9ezWNWcy9W8maVcS6Nas3S6nk931G3zulfOqfh27eXRZnatTss9f69O+9zd1c7uZJc/phyrInKoE5GJZKaeWxmN490jM/gI7fLobNlSFnIhjY3Jnty2pcmtO7M15ptDNoZt70idlvvzq51iPhadSPy33bGQiz1n37PDY5589Q+/++FMnd8/uzSaiTptV6+t/nNiticSz40SiRtLt2/euH7n7EGLRJ+ZKhKnNspX8v38IGczndeynMX8OPNZyUKm870qN18f/KLnkt8hUpe3lF571Ewm6zO0c7B2N6cXq3WPZjGv5s1cy0Jeqv5dzIW8nEu5lLmeI3xq+BGurvpG/1VfaX9h4OTPfK3OtJL8uk73hzKux3viunnWz1TxPr6lZjNKJ0aI0oB74zDNL9eZchs/f9SNdE9tj8SFnkg8MzwSv6luK3eWbt9cvjH/1mibO/FenSmvo18m0/vnRlKeLyfKg1WVpracHWXbMxttW+NVtp3caGv0tZ3KH9NsdreymLUdr9TJ+jNc/0gXq7bnBrbNVm2ne9oGfd4CYN878vUjk61/tP7a+qD1i9aN1iuHvzv1zannJ3PoT4e+1ZyZ+Erj+eL3+SA/3fz+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfHp33nn35vzS0sLytky73b770eCmETPd59V8ytW3Z7pPhRqhc6b/9lTZdUDTRNp3d2h6UpkvPZ3s1bb2b+Y/7Xa7ril26PPbP28P1FTGFLr6OX/tfRG6MWXGdksC9sj5lVtvnb/zzrvfWLw1/8bCGwu35y5dmpuZu/TS7Pnri0sLM53Xcc8SeBI23/THPRMAAAAAAAAAAABgVI/5/wysDWoa9z4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB9uVs2k+SJELM+dmyvL6/dmlcunmN3s2kzSSFD9Jig+Ty+ksOdYzXLHTdt5fnHv940/W/9XuqMer+jeGrTeatXrJdJKJTnrvcY13tU6HKobtQrGxh2XAznQDB+P2vwAAAP//eL8QGw==")
r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents(r9, 0x0, 0x0)
r10 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r10, 0x0, 0x12, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000d00)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946e06bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112b0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01ac69398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ef6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b27663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b6214912a517810200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3800000000000000009c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488a0200000000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e4a59414329a7c7f2fad6bc871f5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561fe589e0d12969bc982ff3f0000006c0c6c747d9a1cc500bb89283a16ff10feea20bdac0000000000000000ca06f256a55591019465f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ee40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734837ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a6d072034cecc457776c5fa1f33b0203c07052c6bc314b0ac5c63bc2083c9cda0b7480e0b17854ffcc76176ce266bc698f7921b8afe798a7a5ed33ab0374455ee368fda99a0e681bf9426831b193395cb01a7332a50aac841cb7d48a1768a7640a9820631ba775a3dc4e97f7fda840bcdd3afaa0d7c3c229de4f0f4ac4d04f1a4e52e38325ca2e5f1f9caaa7234053eca09ec3c8c16940bc3edfb2e016f355391c0e7"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)

program crashed: KASAN: use-after-free Read in ax25_release
single: successfully extracted reproducer
found reproducer with 30 syscalls
minimizing guilty program
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close-socket$inet6_mptcp-bind$inet6-listen-syz_emit_ethernet-syz_mount_image$hfs-open-getdents-syz_init_net_socket$bt_sco-socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-prctl$PR_SET_MM_AUXV-openat-io_setup-io_submit-setsockopt$inet_sctp_SCTP_AUTO_ASCONF-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-ioctl$sock_netrom_SIOCADDRT-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_mount_image$hfsplus-openat$dir-getdents-socket$inet_mptcp-setsockopt$inet_int
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0800df", 0x14, 0x6, 0x0, @rand_addr=' \x01\x00', @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10, 0x9, 0x0, 0x10}}}}}}}, 0x0)
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x1000000, &(0x7f0000000180)=ANY=[@ANYBLOB="71756965742c696f636861727365743d69736f383835392d372c63726561746f723d8761b3312c636f6465706167653d6370313235302c7569643d", @ANYRESHEX=0x0, @ANYBLOB='F\x00', @ANYRES64=0x0], 0x1, 0x2fb, &(0x7f0000000240)="$eJzs3b9u00AcB/DvnZ02pVUxbRESC6hQCZaKAgNiCUJZ2ZkQkKRShFVEWyRgIVSMiAdg5xV4CBYQLwAsTDxANqM7nx07OV9SSOImfD9SIud8f36H/91Zogci+m/drX//eOOX+gjAgwfgNiABVAEfwFmcqz7fO2wfhq2mqyJPl1AfgbikGMjT2GvZiqpyuoQRqF8+VrJpNBlRFN35UXYQVDp99VtIYNFch3p/dcpxjUt/5zrAhZJCKU3230B00cULrJYYDhERnQDm+S/NY2JFJwlICWyZx/5MP//7dcsOYLxuhgNJkbNA5vmvR3eRUMf3tN7Vm+/pKZzaL5NZ4ijBVPp+LyA+s3JjMGGfVf6MYiYWubTb9rHdeIOmxBFqRqbAhv5uxqduYki0m5a5qUNxbRXcOxX3Ro0ol/p3JyHttsPWotqwxL9+vBb/nfgsvooHIsAHNNPxnx8JdZj0kQr6jpSsqPivFde4rEupXDDT/lqtJnNZzuhGzpsWjCG9rNpnJNk6kxcEnTQCS5xHyYZuew351wpx73ZsDYhe5eu2UkH6a7CsbmsjV8ozZ8J242nofJXytzrOvUkXxXtxX2ziNz6hnhn/SxXfFjJXputWL3ROc2bE/Vmw5/R1zmDgydEL9mIagbHo7AcVON7bsnd4jFtYPXj56okXhq19tfHIsvFsZV+YlMpbwJpn8hseHHnQSVMiTz08XkfRqDVHkwz+6lgrVPePNEVdPrbM6ipLU+S0D9P8bfiw7ap/geuEnOhGMnQZS4VqoFWwayL3KDphDkRy0E3CwCCW5pwad4l4/qdH8mZUp+8z6itwjNPdk0zkatxJZ3D5oeCabewyZG6wXDyDy7R4vWDOqOdcl64AlzOJAs4WAx3n3BB1fMNDvv8nIiIiIiIiIiIiIiIiIiIiIiIiIpo10/gfC2X3kYiIiIiIiIiIiIiIiIiIiIiIiIiIiIho1o2+/u9Sb6Um29+I1+v/BkPX/80tAGwWiuL6v0Tl+BMAAP//CpR9aw==")
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f00000008c0)=""/54, 0x36)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
prctl$PR_SET_MM_AUXV(0x3c, 0xc, &(0x7f0000000000)="db", 0x1)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x60840, 0x8)
io_setup(0x3, &(0x7f0000000080)=<r7=>0x0)
io_submit(r7, 0x1, &(0x7f0000000440)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0xf00f, 0x4000000, 0x0, 0x0, r6}])
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r6, 0x84, 0x1e, &(0x7f0000000540)=0x10001, 0x4)
r8 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r8, 0x8914, &(0x7f0000000000))
ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(r5, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f00000004c0)='./file1\x00', 0x1804810, &(0x7f0000000140)=ANY=[], 0xfb, 0x69d, &(0x7f0000000640)="$eJzs3c1vHGcdB/DvrDd2Ni0hSZM2oEq1GgkQEYkTKy3mQkAI5VBVVTlwthKnseKkxXGRWyHi8HrtoX9AOeSCOCFx4hKpcOBCb70hH5GQuJQD4cKimZ211971Zt0mXpt+PtHs8zrPPPObl32xognwuXXlbJoPUuTK2VdWy/L6/dml9fuztzr5V5tJppKsJWW2kaT4d7vd/jC5nBQbwxTb0j7vL869/vEn63/vlJr1UvVvDFtvm7rf2rbqtW7ddJKJOv0Mtox39TOPV2zM/HKSM3UKY3coSXuLH/3l6Y2WHq1Bax/ekzkCT1bRed/scyw5Ul/o5eeA7jtvY29nN7qpEftt/wQBAAAAB031HbjZV72l5osP8zCrxdE9nBYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcaGubz/8v6qXRzU+n6D7/f7KuS53fX17YXfcHT2oeAAAAAAAAALCHXniYh1nN0W65XVR/83+xKpysXp/K27mThSznXFYzn5WsZDkXkhzrGWhydX5lZapbGrbmxUFrLl98xES7Q7cew04DAAAAAAAAwP+fn+XK5t//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgPyiSiU6S4l5P9bE0mkkOJ5ksK9aSj7r5g+zBuCcAAAAAe2AqeZjVHO2W20VOJnm2+g3gcN7O7axkMStZykKuVb8LdL71N9bvzy6t35+9VS79437nn7uaRjViOr89DN7y6apHK9ezWNWcy9W8maVcS6Nas3S6nk931G3zulfOqfh27eXRZnatTss9f69O+9zd1c7uZJc/phyrInKoE5GJZKaeWxmN490jM/gI7fLobNlSFnIhjY3Jnty2pcmtO7M15ptDNoZt70idlvvzq51iPhadSPy33bGQiz1n37PDY5589Q+/++FMnd8/uzSaiTptV6+t/nNiticSz40SiRtLt2/euH7n7EGLRJ+ZKhKnNspX8v38IGczndeynMX8OPNZyUKm870qN18f/KLnkt8hUpe3lF571Ewm6zO0c7B2N6cXq3WPZjGv5s1cy0Jeqv5dzIW8nEu5lLmeI3xq+BGurvpG/1VfaX9h4OTPfK3OtJL8uk73hzKux3viunnWz1TxPr6lZjNKJ0aI0oB74zDNL9eZchs/f9SNdE9tj8SFnkg8MzwSv6luK3eWbt9cvjH/1mibO/FenSmvo18m0/vnRlKeLyfKg1WVpracHWXbMxttW+NVtp3caGv0tZ3KH9NsdreymLUdr9TJ+jNc/0gXq7bnBrbNVm2ne9oGfd4CYN878vUjk61/tP7a+qD1i9aN1iuHvzv1zannJ3PoT4e+1ZyZ+Erj+eL3+SA/3fz+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfHp33nn35vzS0sLytky73b770eCmETPd59V8ytW3Z7pPhRqhc6b/9lTZdUDTRNp3d2h6UpkvPZ3s1bb2b+Y/7Xa7ril26PPbP28P1FTGFLr6OX/tfRG6MWXGdksC9sj5lVtvnb/zzrvfWLw1/8bCGwu35y5dmpuZu/TS7Pnri0sLM53Xcc8SeBI23/THPRMAAAAAAAAAAABgVI/5/wysDWoa9z4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB9uVs2k+SJELM+dmyvL6/dmlcunmN3s2kzSSFD9Jig+Ty+ksOdYzXLHTdt5fnHv940/W/9XuqMer+jeGrTeatXrJdJKJTnrvcY13tU6HKobtQrGxh2XAznQDB+P2vwAAAP//eL8QGw==")
r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents(r9, 0x0, 0x0)
r10 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r10, 0x0, 0x12, 0x0, 0x0)

program crashed: general protection fault in ax25_release
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close-socket$inet6_mptcp-bind$inet6-listen-syz_emit_ethernet-syz_mount_image$hfs-open-getdents-syz_init_net_socket$bt_sco-socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-prctl$PR_SET_MM_AUXV-openat-io_setup-io_submit-setsockopt$inet_sctp_SCTP_AUTO_ASCONF-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-ioctl$sock_netrom_SIOCADDRT-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_mount_image$hfsplus-openat$dir-getdents-socket$inet_mptcp
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0800df", 0x14, 0x6, 0x0, @rand_addr=' \x01\x00', @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10, 0x9, 0x0, 0x10}}}}}}}, 0x0)
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x1000000, &(0x7f0000000180)=ANY=[@ANYBLOB="71756965742c696f636861727365743d69736f383835392d372c63726561746f723d8761b3312c636f6465706167653d6370313235302c7569643d", @ANYRESHEX=0x0, @ANYBLOB='F\x00', @ANYRES64=0x0], 0x1, 0x2fb, &(0x7f0000000240)="$eJzs3b9u00AcB/DvnZ02pVUxbRESC6hQCZaKAgNiCUJZ2ZkQkKRShFVEWyRgIVSMiAdg5xV4CBYQLwAsTDxANqM7nx07OV9SSOImfD9SIud8f36H/91Zogci+m/drX//eOOX+gjAgwfgNiABVAEfwFmcqz7fO2wfhq2mqyJPl1AfgbikGMjT2GvZiqpyuoQRqF8+VrJpNBlRFN35UXYQVDp99VtIYNFch3p/dcpxjUt/5zrAhZJCKU3230B00cULrJYYDhERnQDm+S/NY2JFJwlICWyZx/5MP//7dcsOYLxuhgNJkbNA5vmvR3eRUMf3tN7Vm+/pKZzaL5NZ4ijBVPp+LyA+s3JjMGGfVf6MYiYWubTb9rHdeIOmxBFqRqbAhv5uxqduYki0m5a5qUNxbRXcOxX3Ro0ol/p3JyHttsPWotqwxL9+vBb/nfgsvooHIsAHNNPxnx8JdZj0kQr6jpSsqPivFde4rEupXDDT/lqtJnNZzuhGzpsWjCG9rNpnJNk6kxcEnTQCS5xHyYZuew351wpx73ZsDYhe5eu2UkH6a7CsbmsjV8ozZ8J242nofJXytzrOvUkXxXtxX2ziNz6hnhn/SxXfFjJXputWL3ROc2bE/Vmw5/R1zmDgydEL9mIagbHo7AcVON7bsnd4jFtYPXj56okXhq19tfHIsvFsZV+YlMpbwJpn8hseHHnQSVMiTz08XkfRqDVHkwz+6lgrVPePNEVdPrbM6ipLU+S0D9P8bfiw7ap/geuEnOhGMnQZS4VqoFWwayL3KDphDkRy0E3CwCCW5pwad4l4/qdH8mZUp+8z6itwjNPdk0zkatxJZ3D5oeCabewyZG6wXDyDy7R4vWDOqOdcl64AlzOJAs4WAx3n3BB1fMNDvv8nIiIiIiIiIiIiIiIiIiIiIiIiIpo10/gfC2X3kYiIiIiIiIiIiIiIiIiIiIiIiIiIiIho1o2+/u9Sb6Um29+I1+v/BkPX/80tAGwWiuL6v0Tl+BMAAP//CpR9aw==")
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f00000008c0)=""/54, 0x36)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
prctl$PR_SET_MM_AUXV(0x3c, 0xc, &(0x7f0000000000)="db", 0x1)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x60840, 0x8)
io_setup(0x3, &(0x7f0000000080)=<r7=>0x0)
io_submit(r7, 0x1, &(0x7f0000000440)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0xf00f, 0x4000000, 0x0, 0x0, r6}])
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r6, 0x84, 0x1e, &(0x7f0000000540)=0x10001, 0x4)
r8 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r8, 0x8914, &(0x7f0000000000))
ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(r5, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f00000004c0)='./file1\x00', 0x1804810, &(0x7f0000000140)=ANY=[], 0xfb, 0x69d, &(0x7f0000000640)="$eJzs3c1vHGcdB/DvrDd2Ni0hSZM2oEq1GgkQEYkTKy3mQkAI5VBVVTlwthKnseKkxXGRWyHi8HrtoX9AOeSCOCFx4hKpcOBCb70hH5GQuJQD4cKimZ211971Zt0mXpt+PtHs8zrPPPObl32xognwuXXlbJoPUuTK2VdWy/L6/dml9fuztzr5V5tJppKsJWW2kaT4d7vd/jC5nBQbwxTb0j7vL869/vEn63/vlJr1UvVvDFtvm7rf2rbqtW7ddJKJOv0Mtox39TOPV2zM/HKSM3UKY3coSXuLH/3l6Y2WHq1Bax/ekzkCT1bRed/scyw5Ul/o5eeA7jtvY29nN7qpEftt/wQBAAAAB031HbjZV72l5osP8zCrxdE9nBYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcaGubz/8v6qXRzU+n6D7/f7KuS53fX17YXfcHT2oeAAAAAAAAALCHXniYh1nN0W65XVR/83+xKpysXp/K27mThSznXFYzn5WsZDkXkhzrGWhydX5lZapbGrbmxUFrLl98xES7Q7cew04DAAAAAAAAwP+fn+XK5t//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgPyiSiU6S4l5P9bE0mkkOJ5ksK9aSj7r5g+zBuCcAAAAAe2AqeZjVHO2W20VOJnm2+g3gcN7O7axkMStZykKuVb8LdL71N9bvzy6t35+9VS79437nn7uaRjViOr89DN7y6apHK9ezWNWcy9W8maVcS6Nas3S6nk931G3zulfOqfh27eXRZnatTss9f69O+9zd1c7uZJc/phyrInKoE5GJZKaeWxmN490jM/gI7fLobNlSFnIhjY3Jnty2pcmtO7M15ptDNoZt70idlvvzq51iPhadSPy33bGQiz1n37PDY5589Q+/++FMnd8/uzSaiTptV6+t/nNiticSz40SiRtLt2/euH7n7EGLRJ+ZKhKnNspX8v38IGczndeynMX8OPNZyUKm870qN18f/KLnkt8hUpe3lF571Ewm6zO0c7B2N6cXq3WPZjGv5s1cy0Jeqv5dzIW8nEu5lLmeI3xq+BGurvpG/1VfaX9h4OTPfK3OtJL8uk73hzKux3viunnWz1TxPr6lZjNKJ0aI0oB74zDNL9eZchs/f9SNdE9tj8SFnkg8MzwSv6luK3eWbt9cvjH/1mibO/FenSmvo18m0/vnRlKeLyfKg1WVpracHWXbMxttW+NVtp3caGv0tZ3KH9NsdreymLUdr9TJ+jNc/0gXq7bnBrbNVm2ne9oGfd4CYN878vUjk61/tP7a+qD1i9aN1iuHvzv1zannJ3PoT4e+1ZyZ+Erj+eL3+SA/3fz+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfHp33nn35vzS0sLytky73b770eCmETPd59V8ytW3Z7pPhRqhc6b/9lTZdUDTRNp3d2h6UpkvPZ3s1bb2b+Y/7Xa7ril26PPbP28P1FTGFLr6OX/tfRG6MWXGdksC9sj5lVtvnb/zzrvfWLw1/8bCGwu35y5dmpuZu/TS7Pnri0sLM53Xcc8SeBI23/THPRMAAAAAAAAAAABgVI/5/wysDWoa9z4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB9uVs2k+SJELM+dmyvL6/dmlcunmN3s2kzSSFD9Jig+Ty+ksOdYzXLHTdt5fnHv940/W/9XuqMer+jeGrTeatXrJdJKJTnrvcY13tU6HKobtQrGxh2XAznQDB+P2vwAAAP//eL8QGw==")
r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents(r9, 0x0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)

program crashed: KASAN: use-after-free Read in ax25_release
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close-socket$inet6_mptcp-bind$inet6-listen-syz_emit_ethernet-syz_mount_image$hfs-open-getdents-syz_init_net_socket$bt_sco-socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-prctl$PR_SET_MM_AUXV-openat-io_setup-io_submit-setsockopt$inet_sctp_SCTP_AUTO_ASCONF-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-ioctl$sock_netrom_SIOCADDRT-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_mount_image$hfsplus-openat$dir-getdents
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0800df", 0x14, 0x6, 0x0, @rand_addr=' \x01\x00', @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10, 0x9, 0x0, 0x10}}}}}}}, 0x0)
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x1000000, &(0x7f0000000180)=ANY=[@ANYBLOB="71756965742c696f636861727365743d69736f383835392d372c63726561746f723d8761b3312c636f6465706167653d6370313235302c7569643d", @ANYRESHEX=0x0, @ANYBLOB='F\x00', @ANYRES64=0x0], 0x1, 0x2fb, &(0x7f0000000240)="$eJzs3b9u00AcB/DvnZ02pVUxbRESC6hQCZaKAgNiCUJZ2ZkQkKRShFVEWyRgIVSMiAdg5xV4CBYQLwAsTDxANqM7nx07OV9SSOImfD9SIud8f36H/91Zogci+m/drX//eOOX+gjAgwfgNiABVAEfwFmcqz7fO2wfhq2mqyJPl1AfgbikGMjT2GvZiqpyuoQRqF8+VrJpNBlRFN35UXYQVDp99VtIYNFch3p/dcpxjUt/5zrAhZJCKU3230B00cULrJYYDhERnQDm+S/NY2JFJwlICWyZx/5MP//7dcsOYLxuhgNJkbNA5vmvR3eRUMf3tN7Vm+/pKZzaL5NZ4ijBVPp+LyA+s3JjMGGfVf6MYiYWubTb9rHdeIOmxBFqRqbAhv5uxqduYki0m5a5qUNxbRXcOxX3Ro0ol/p3JyHttsPWotqwxL9+vBb/nfgsvooHIsAHNNPxnx8JdZj0kQr6jpSsqPivFde4rEupXDDT/lqtJnNZzuhGzpsWjCG9rNpnJNk6kxcEnTQCS5xHyYZuew351wpx73ZsDYhe5eu2UkH6a7CsbmsjV8ozZ8J242nofJXytzrOvUkXxXtxX2ziNz6hnhn/SxXfFjJXputWL3ROc2bE/Vmw5/R1zmDgydEL9mIagbHo7AcVON7bsnd4jFtYPXj56okXhq19tfHIsvFsZV+YlMpbwJpn8hseHHnQSVMiTz08XkfRqDVHkwz+6lgrVPePNEVdPrbM6ipLU+S0D9P8bfiw7ap/geuEnOhGMnQZS4VqoFWwayL3KDphDkRy0E3CwCCW5pwad4l4/qdH8mZUp+8z6itwjNPdk0zkatxJZ3D5oeCabewyZG6wXDyDy7R4vWDOqOdcl64AlzOJAs4WAx3n3BB1fMNDvv8nIiIiIiIiIiIiIiIiIiIiIiIiIpo10/gfC2X3kYiIiIiIiIiIiIiIiIiIiIiIiIiIiIho1o2+/u9Sb6Um29+I1+v/BkPX/80tAGwWiuL6v0Tl+BMAAP//CpR9aw==")
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f00000008c0)=""/54, 0x36)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
prctl$PR_SET_MM_AUXV(0x3c, 0xc, &(0x7f0000000000)="db", 0x1)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x60840, 0x8)
io_setup(0x3, &(0x7f0000000080)=<r7=>0x0)
io_submit(r7, 0x1, &(0x7f0000000440)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0xf00f, 0x4000000, 0x0, 0x0, r6}])
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r6, 0x84, 0x1e, &(0x7f0000000540)=0x10001, 0x4)
r8 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r8, 0x8914, &(0x7f0000000000))
ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(r5, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f00000004c0)='./file1\x00', 0x1804810, &(0x7f0000000140)=ANY=[], 0xfb, 0x69d, &(0x7f0000000640)="$eJzs3c1vHGcdB/DvrDd2Ni0hSZM2oEq1GgkQEYkTKy3mQkAI5VBVVTlwthKnseKkxXGRWyHi8HrtoX9AOeSCOCFx4hKpcOBCb70hH5GQuJQD4cKimZ211971Zt0mXpt+PtHs8zrPPPObl32xognwuXXlbJoPUuTK2VdWy/L6/dml9fuztzr5V5tJppKsJWW2kaT4d7vd/jC5nBQbwxTb0j7vL869/vEn63/vlJr1UvVvDFtvm7rf2rbqtW7ddJKJOv0Mtox39TOPV2zM/HKSM3UKY3coSXuLH/3l6Y2WHq1Bax/ekzkCT1bRed/scyw5Ul/o5eeA7jtvY29nN7qpEftt/wQBAAAAB031HbjZV72l5osP8zCrxdE9nBYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcaGubz/8v6qXRzU+n6D7/f7KuS53fX17YXfcHT2oeAAAAAAAAALCHXniYh1nN0W65XVR/83+xKpysXp/K27mThSznXFYzn5WsZDkXkhzrGWhydX5lZapbGrbmxUFrLl98xES7Q7cew04DAAAAAAAAwP+fn+XK5t//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgPyiSiU6S4l5P9bE0mkkOJ5ksK9aSj7r5g+zBuCcAAAAAe2AqeZjVHO2W20VOJnm2+g3gcN7O7axkMStZykKuVb8LdL71N9bvzy6t35+9VS79437nn7uaRjViOr89DN7y6apHK9ezWNWcy9W8maVcS6Nas3S6nk931G3zulfOqfh27eXRZnatTss9f69O+9zd1c7uZJc/phyrInKoE5GJZKaeWxmN490jM/gI7fLobNlSFnIhjY3Jnty2pcmtO7M15ptDNoZt70idlvvzq51iPhadSPy33bGQiz1n37PDY5589Q+/++FMnd8/uzSaiTptV6+t/nNiticSz40SiRtLt2/euH7n7EGLRJ+ZKhKnNspX8v38IGczndeynMX8OPNZyUKm870qN18f/KLnkt8hUpe3lF571Ewm6zO0c7B2N6cXq3WPZjGv5s1cy0Jeqv5dzIW8nEu5lLmeI3xq+BGurvpG/1VfaX9h4OTPfK3OtJL8uk73hzKux3viunnWz1TxPr6lZjNKJ0aI0oB74zDNL9eZchs/f9SNdE9tj8SFnkg8MzwSv6luK3eWbt9cvjH/1mibO/FenSmvo18m0/vnRlKeLyfKg1WVpracHWXbMxttW+NVtp3caGv0tZ3KH9NsdreymLUdr9TJ+jNc/0gXq7bnBrbNVm2ne9oGfd4CYN878vUjk61/tP7a+qD1i9aN1iuHvzv1zannJ3PoT4e+1ZyZ+Erj+eL3+SA/3fz+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfHp33nn35vzS0sLytky73b770eCmETPd59V8ytW3Z7pPhRqhc6b/9lTZdUDTRNp3d2h6UpkvPZ3s1bb2b+Y/7Xa7ril26PPbP28P1FTGFLr6OX/tfRG6MWXGdksC9sj5lVtvnb/zzrvfWLw1/8bCGwu35y5dmpuZu/TS7Pnri0sLM53Xcc8SeBI23/THPRMAAAAAAAAAAABgVI/5/wysDWoa9z4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB9uVs2k+SJELM+dmyvL6/dmlcunmN3s2kzSSFD9Jig+Ty+ksOdYzXLHTdt5fnHv940/W/9XuqMer+jeGrTeatXrJdJKJTnrvcY13tU6HKobtQrGxh2XAznQDB+P2vwAAAP//eL8QGw==")
r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents(r9, 0x0, 0x0)

program crashed: KASAN: use-after-free Read in ax25_release
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close-socket$inet6_mptcp-bind$inet6-listen-syz_emit_ethernet-syz_mount_image$hfs-open-getdents-syz_init_net_socket$bt_sco-socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-prctl$PR_SET_MM_AUXV-openat-io_setup-io_submit-setsockopt$inet_sctp_SCTP_AUTO_ASCONF-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-ioctl$sock_netrom_SIOCADDRT-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_mount_image$hfsplus-openat$dir
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0800df", 0x14, 0x6, 0x0, @rand_addr=' \x01\x00', @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10, 0x9, 0x0, 0x10}}}}}}}, 0x0)
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x1000000, &(0x7f0000000180)=ANY=[@ANYBLOB="71756965742c696f636861727365743d69736f383835392d372c63726561746f723d8761b3312c636f6465706167653d6370313235302c7569643d", @ANYRESHEX=0x0, @ANYBLOB='F\x00', @ANYRES64=0x0], 0x1, 0x2fb, &(0x7f0000000240)="$eJzs3b9u00AcB/DvnZ02pVUxbRESC6hQCZaKAgNiCUJZ2ZkQkKRShFVEWyRgIVSMiAdg5xV4CBYQLwAsTDxANqM7nx07OV9SSOImfD9SIud8f36H/91Zogci+m/drX//eOOX+gjAgwfgNiABVAEfwFmcqz7fO2wfhq2mqyJPl1AfgbikGMjT2GvZiqpyuoQRqF8+VrJpNBlRFN35UXYQVDp99VtIYNFch3p/dcpxjUt/5zrAhZJCKU3230B00cULrJYYDhERnQDm+S/NY2JFJwlICWyZx/5MP//7dcsOYLxuhgNJkbNA5vmvR3eRUMf3tN7Vm+/pKZzaL5NZ4ijBVPp+LyA+s3JjMGGfVf6MYiYWubTb9rHdeIOmxBFqRqbAhv5uxqduYki0m5a5qUNxbRXcOxX3Ro0ol/p3JyHttsPWotqwxL9+vBb/nfgsvooHIsAHNNPxnx8JdZj0kQr6jpSsqPivFde4rEupXDDT/lqtJnNZzuhGzpsWjCG9rNpnJNk6kxcEnTQCS5xHyYZuew351wpx73ZsDYhe5eu2UkH6a7CsbmsjV8ozZ8J242nofJXytzrOvUkXxXtxX2ziNz6hnhn/SxXfFjJXputWL3ROc2bE/Vmw5/R1zmDgydEL9mIagbHo7AcVON7bsnd4jFtYPXj56okXhq19tfHIsvFsZV+YlMpbwJpn8hseHHnQSVMiTz08XkfRqDVHkwz+6lgrVPePNEVdPrbM6ipLU+S0D9P8bfiw7ap/geuEnOhGMnQZS4VqoFWwayL3KDphDkRy0E3CwCCW5pwad4l4/qdH8mZUp+8z6itwjNPdk0zkatxJZ3D5oeCabewyZG6wXDyDy7R4vWDOqOdcl64AlzOJAs4WAx3n3BB1fMNDvv8nIiIiIiIiIiIiIiIiIiIiIiIiIpo10/gfC2X3kYiIiIiIiIiIiIiIiIiIiIiIiIiIiIho1o2+/u9Sb6Um29+I1+v/BkPX/80tAGwWiuL6v0Tl+BMAAP//CpR9aw==")
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f00000008c0)=""/54, 0x36)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
prctl$PR_SET_MM_AUXV(0x3c, 0xc, &(0x7f0000000000)="db", 0x1)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x60840, 0x8)
io_setup(0x3, &(0x7f0000000080)=<r7=>0x0)
io_submit(r7, 0x1, &(0x7f0000000440)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0xf00f, 0x4000000, 0x0, 0x0, r6}])
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r6, 0x84, 0x1e, &(0x7f0000000540)=0x10001, 0x4)
r8 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r8, 0x8914, &(0x7f0000000000))
ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(r5, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f00000004c0)='./file1\x00', 0x1804810, &(0x7f0000000140)=ANY=[], 0xfb, 0x69d, &(0x7f0000000640)="$eJzs3c1vHGcdB/DvrDd2Ni0hSZM2oEq1GgkQEYkTKy3mQkAI5VBVVTlwthKnseKkxXGRWyHi8HrtoX9AOeSCOCFx4hKpcOBCb70hH5GQuJQD4cKimZ211971Zt0mXpt+PtHs8zrPPPObl32xognwuXXlbJoPUuTK2VdWy/L6/dml9fuztzr5V5tJppKsJWW2kaT4d7vd/jC5nBQbwxTb0j7vL869/vEn63/vlJr1UvVvDFtvm7rf2rbqtW7ddJKJOv0Mtox39TOPV2zM/HKSM3UKY3coSXuLH/3l6Y2WHq1Bax/ekzkCT1bRed/scyw5Ul/o5eeA7jtvY29nN7qpEftt/wQBAAAAB031HbjZV72l5osP8zCrxdE9nBYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcaGubz/8v6qXRzU+n6D7/f7KuS53fX17YXfcHT2oeAAAAAAAAALCHXniYh1nN0W65XVR/83+xKpysXp/K27mThSznXFYzn5WsZDkXkhzrGWhydX5lZapbGrbmxUFrLl98xES7Q7cew04DAAAAAAAAwP+fn+XK5t//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgPyiSiU6S4l5P9bE0mkkOJ5ksK9aSj7r5g+zBuCcAAAAAe2AqeZjVHO2W20VOJnm2+g3gcN7O7axkMStZykKuVb8LdL71N9bvzy6t35+9VS79437nn7uaRjViOr89DN7y6apHK9ezWNWcy9W8maVcS6Nas3S6nk931G3zulfOqfh27eXRZnatTss9f69O+9zd1c7uZJc/phyrInKoE5GJZKaeWxmN490jM/gI7fLobNlSFnIhjY3Jnty2pcmtO7M15ptDNoZt70idlvvzq51iPhadSPy33bGQiz1n37PDY5589Q+/++FMnd8/uzSaiTptV6+t/nNiticSz40SiRtLt2/euH7n7EGLRJ+ZKhKnNspX8v38IGczndeynMX8OPNZyUKm870qN18f/KLnkt8hUpe3lF571Ewm6zO0c7B2N6cXq3WPZjGv5s1cy0Jeqv5dzIW8nEu5lLmeI3xq+BGurvpG/1VfaX9h4OTPfK3OtJL8uk73hzKux3viunnWz1TxPr6lZjNKJ0aI0oB74zDNL9eZchs/f9SNdE9tj8SFnkg8MzwSv6luK3eWbt9cvjH/1mibO/FenSmvo18m0/vnRlKeLyfKg1WVpracHWXbMxttW+NVtp3caGv0tZ3KH9NsdreymLUdr9TJ+jNc/0gXq7bnBrbNVm2ne9oGfd4CYN878vUjk61/tP7a+qD1i9aN1iuHvzv1zannJ3PoT4e+1ZyZ+Erj+eL3+SA/3fz+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfHp33nn35vzS0sLytky73b770eCmETPd59V8ytW3Z7pPhRqhc6b/9lTZdUDTRNp3d2h6UpkvPZ3s1bb2b+Y/7Xa7ril26PPbP28P1FTGFLr6OX/tfRG6MWXGdksC9sj5lVtvnb/zzrvfWLw1/8bCGwu35y5dmpuZu/TS7Pnri0sLM53Xcc8SeBI23/THPRMAAAAAAAAAAABgVI/5/wysDWoa9z4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB9uVs2k+SJELM+dmyvL6/dmlcunmN3s2kzSSFD9Jig+Ty+ksOdYzXLHTdt5fnHv940/W/9XuqMer+jeGrTeatXrJdJKJTnrvcY13tU6HKobtQrGxh2XAznQDB+P2vwAAAP//eL8QGw==")
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)

program crashed: KASAN: use-after-free Read in ax25_release
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close-socket$inet6_mptcp-bind$inet6-listen-syz_emit_ethernet-syz_mount_image$hfs-open-getdents-syz_init_net_socket$bt_sco-socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-prctl$PR_SET_MM_AUXV-openat-io_setup-io_submit-setsockopt$inet_sctp_SCTP_AUTO_ASCONF-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-ioctl$sock_netrom_SIOCADDRT-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_mount_image$hfsplus
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0800df", 0x14, 0x6, 0x0, @rand_addr=' \x01\x00', @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10, 0x9, 0x0, 0x10}}}}}}}, 0x0)
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x1000000, &(0x7f0000000180)=ANY=[@ANYBLOB="71756965742c696f636861727365743d69736f383835392d372c63726561746f723d8761b3312c636f6465706167653d6370313235302c7569643d", @ANYRESHEX=0x0, @ANYBLOB='F\x00', @ANYRES64=0x0], 0x1, 0x2fb, &(0x7f0000000240)="$eJzs3b9u00AcB/DvnZ02pVUxbRESC6hQCZaKAgNiCUJZ2ZkQkKRShFVEWyRgIVSMiAdg5xV4CBYQLwAsTDxANqM7nx07OV9SSOImfD9SIud8f36H/91Zogci+m/drX//eOOX+gjAgwfgNiABVAEfwFmcqz7fO2wfhq2mqyJPl1AfgbikGMjT2GvZiqpyuoQRqF8+VrJpNBlRFN35UXYQVDp99VtIYNFch3p/dcpxjUt/5zrAhZJCKU3230B00cULrJYYDhERnQDm+S/NY2JFJwlICWyZx/5MP//7dcsOYLxuhgNJkbNA5vmvR3eRUMf3tN7Vm+/pKZzaL5NZ4ijBVPp+LyA+s3JjMGGfVf6MYiYWubTb9rHdeIOmxBFqRqbAhv5uxqduYki0m5a5qUNxbRXcOxX3Ro0ol/p3JyHttsPWotqwxL9+vBb/nfgsvooHIsAHNNPxnx8JdZj0kQr6jpSsqPivFde4rEupXDDT/lqtJnNZzuhGzpsWjCG9rNpnJNk6kxcEnTQCS5xHyYZuew351wpx73ZsDYhe5eu2UkH6a7CsbmsjV8ozZ8J242nofJXytzrOvUkXxXtxX2ziNz6hnhn/SxXfFjJXputWL3ROc2bE/Vmw5/R1zmDgydEL9mIagbHo7AcVON7bsnd4jFtYPXj56okXhq19tfHIsvFsZV+YlMpbwJpn8hseHHnQSVMiTz08XkfRqDVHkwz+6lgrVPePNEVdPrbM6ipLU+S0D9P8bfiw7ap/geuEnOhGMnQZS4VqoFWwayL3KDphDkRy0E3CwCCW5pwad4l4/qdH8mZUp+8z6itwjNPdk0zkatxJZ3D5oeCabewyZG6wXDyDy7R4vWDOqOdcl64AlzOJAs4WAx3n3BB1fMNDvv8nIiIiIiIiIiIiIiIiIiIiIiIiIpo10/gfC2X3kYiIiIiIiIiIiIiIiIiIiIiIiIiIiIho1o2+/u9Sb6Um29+I1+v/BkPX/80tAGwWiuL6v0Tl+BMAAP//CpR9aw==")
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f00000008c0)=""/54, 0x36)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
prctl$PR_SET_MM_AUXV(0x3c, 0xc, &(0x7f0000000000)="db", 0x1)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x60840, 0x8)
io_setup(0x3, &(0x7f0000000080)=<r7=>0x0)
io_submit(r7, 0x1, &(0x7f0000000440)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0xf00f, 0x4000000, 0x0, 0x0, r6}])
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r6, 0x84, 0x1e, &(0x7f0000000540)=0x10001, 0x4)
r8 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r8, 0x8914, &(0x7f0000000000))
ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(r5, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f00000004c0)='./file1\x00', 0x1804810, &(0x7f0000000140)=ANY=[], 0xfb, 0x69d, &(0x7f0000000640)="$eJzs3c1vHGcdB/DvrDd2Ni0hSZM2oEq1GgkQEYkTKy3mQkAI5VBVVTlwthKnseKkxXGRWyHi8HrtoX9AOeSCOCFx4hKpcOBCb70hH5GQuJQD4cKimZ211971Zt0mXpt+PtHs8zrPPPObl32xognwuXXlbJoPUuTK2VdWy/L6/dml9fuztzr5V5tJppKsJWW2kaT4d7vd/jC5nBQbwxTb0j7vL869/vEn63/vlJr1UvVvDFtvm7rf2rbqtW7ddJKJOv0Mtox39TOPV2zM/HKSM3UKY3coSXuLH/3l6Y2WHq1Bax/ekzkCT1bRed/scyw5Ul/o5eeA7jtvY29nN7qpEftt/wQBAAAAB031HbjZV72l5osP8zCrxdE9nBYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcaGubz/8v6qXRzU+n6D7/f7KuS53fX17YXfcHT2oeAAAAAAAAALCHXniYh1nN0W65XVR/83+xKpysXp/K27mThSznXFYzn5WsZDkXkhzrGWhydX5lZapbGrbmxUFrLl98xES7Q7cew04DAAAAAAAAwP+fn+XK5t//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgPyiSiU6S4l5P9bE0mkkOJ5ksK9aSj7r5g+zBuCcAAAAAe2AqeZjVHO2W20VOJnm2+g3gcN7O7axkMStZykKuVb8LdL71N9bvzy6t35+9VS79437nn7uaRjViOr89DN7y6apHK9ezWNWcy9W8maVcS6Nas3S6nk931G3zulfOqfh27eXRZnatTss9f69O+9zd1c7uZJc/phyrInKoE5GJZKaeWxmN490jM/gI7fLobNlSFnIhjY3Jnty2pcmtO7M15ptDNoZt70idlvvzq51iPhadSPy33bGQiz1n37PDY5589Q+/++FMnd8/uzSaiTptV6+t/nNiticSz40SiRtLt2/euH7n7EGLRJ+ZKhKnNspX8v38IGczndeynMX8OPNZyUKm870qN18f/KLnkt8hUpe3lF571Ewm6zO0c7B2N6cXq3WPZjGv5s1cy0Jeqv5dzIW8nEu5lLmeI3xq+BGurvpG/1VfaX9h4OTPfK3OtJL8uk73hzKux3viunnWz1TxPr6lZjNKJ0aI0oB74zDNL9eZchs/f9SNdE9tj8SFnkg8MzwSv6luK3eWbt9cvjH/1mibO/FenSmvo18m0/vnRlKeLyfKg1WVpracHWXbMxttW+NVtp3caGv0tZ3KH9NsdreymLUdr9TJ+jNc/0gXq7bnBrbNVm2ne9oGfd4CYN878vUjk61/tP7a+qD1i9aN1iuHvzv1zannJ3PoT4e+1ZyZ+Erj+eL3+SA/3fz+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfHp33nn35vzS0sLytky73b770eCmETPd59V8ytW3Z7pPhRqhc6b/9lTZdUDTRNp3d2h6UpkvPZ3s1bb2b+Y/7Xa7ril26PPbP28P1FTGFLr6OX/tfRG6MWXGdksC9sj5lVtvnb/zzrvfWLw1/8bCGwu35y5dmpuZu/TS7Pnri0sLM53Xcc8SeBI23/THPRMAAAAAAAAAAABgVI/5/wysDWoa9z4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB9uVs2k+SJELM+dmyvL6/dmlcunmN3s2kzSSFD9Jig+Ty+ksOdYzXLHTdt5fnHv940/W/9XuqMer+jeGrTeatXrJdJKJTnrvcY13tU6HKobtQrGxh2XAznQDB+P2vwAAAP//eL8QGw==")

program crashed: KASAN: use-after-free Write in ax25_dev_device_down
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close-socket$inet6_mptcp-bind$inet6-listen-syz_emit_ethernet-syz_mount_image$hfs-open-getdents-syz_init_net_socket$bt_sco-socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-prctl$PR_SET_MM_AUXV-openat-io_setup-io_submit-setsockopt$inet_sctp_SCTP_AUTO_ASCONF-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-ioctl$sock_netrom_SIOCADDRT-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0800df", 0x14, 0x6, 0x0, @rand_addr=' \x01\x00', @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10, 0x9, 0x0, 0x10}}}}}}}, 0x0)
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x1000000, &(0x7f0000000180)=ANY=[@ANYBLOB="71756965742c696f636861727365743d69736f383835392d372c63726561746f723d8761b3312c636f6465706167653d6370313235302c7569643d", @ANYRESHEX=0x0, @ANYBLOB='F\x00', @ANYRES64=0x0], 0x1, 0x2fb, &(0x7f0000000240)="$eJzs3b9u00AcB/DvnZ02pVUxbRESC6hQCZaKAgNiCUJZ2ZkQkKRShFVEWyRgIVSMiAdg5xV4CBYQLwAsTDxANqM7nx07OV9SSOImfD9SIud8f36H/91Zogci+m/drX//eOOX+gjAgwfgNiABVAEfwFmcqz7fO2wfhq2mqyJPl1AfgbikGMjT2GvZiqpyuoQRqF8+VrJpNBlRFN35UXYQVDp99VtIYNFch3p/dcpxjUt/5zrAhZJCKU3230B00cULrJYYDhERnQDm+S/NY2JFJwlICWyZx/5MP//7dcsOYLxuhgNJkbNA5vmvR3eRUMf3tN7Vm+/pKZzaL5NZ4ijBVPp+LyA+s3JjMGGfVf6MYiYWubTb9rHdeIOmxBFqRqbAhv5uxqduYki0m5a5qUNxbRXcOxX3Ro0ol/p3JyHttsPWotqwxL9+vBb/nfgsvooHIsAHNNPxnx8JdZj0kQr6jpSsqPivFde4rEupXDDT/lqtJnNZzuhGzpsWjCG9rNpnJNk6kxcEnTQCS5xHyYZuew351wpx73ZsDYhe5eu2UkH6a7CsbmsjV8ozZ8J242nofJXytzrOvUkXxXtxX2ziNz6hnhn/SxXfFjJXputWL3ROc2bE/Vmw5/R1zmDgydEL9mIagbHo7AcVON7bsnd4jFtYPXj56okXhq19tfHIsvFsZV+YlMpbwJpn8hseHHnQSVMiTz08XkfRqDVHkwz+6lgrVPePNEVdPrbM6ipLU+S0D9P8bfiw7ap/geuEnOhGMnQZS4VqoFWwayL3KDphDkRy0E3CwCCW5pwad4l4/qdH8mZUp+8z6itwjNPdk0zkatxJZ3D5oeCabewyZG6wXDyDy7R4vWDOqOdcl64AlzOJAs4WAx3n3BB1fMNDvv8nIiIiIiIiIiIiIiIiIiIiIiIiIpo10/gfC2X3kYiIiIiIiIiIiIiIiIiIiIiIiIiIiIho1o2+/u9Sb6Um29+I1+v/BkPX/80tAGwWiuL6v0Tl+BMAAP//CpR9aw==")
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f00000008c0)=""/54, 0x36)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
prctl$PR_SET_MM_AUXV(0x3c, 0xc, &(0x7f0000000000)="db", 0x1)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x60840, 0x8)
io_setup(0x3, &(0x7f0000000080)=<r7=>0x0)
io_submit(r7, 0x1, &(0x7f0000000440)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0xf00f, 0x4000000, 0x0, 0x0, r6}])
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r6, 0x84, 0x1e, &(0x7f0000000540)=0x10001, 0x4)
r8 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r8, 0x8914, &(0x7f0000000000))
ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(r5, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))

program crashed: KASAN: use-after-free Read in ax25_release
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close-socket$inet6_mptcp-bind$inet6-listen-syz_emit_ethernet-syz_mount_image$hfs-open-getdents-syz_init_net_socket$bt_sco-socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-prctl$PR_SET_MM_AUXV-openat-io_setup-io_submit-setsockopt$inet_sctp_SCTP_AUTO_ASCONF-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-ioctl$sock_netrom_SIOCADDRT-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0800df", 0x14, 0x6, 0x0, @rand_addr=' \x01\x00', @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10, 0x9, 0x0, 0x10}}}}}}}, 0x0)
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x1000000, &(0x7f0000000180)=ANY=[@ANYBLOB="71756965742c696f636861727365743d69736f383835392d372c63726561746f723d8761b3312c636f6465706167653d6370313235302c7569643d", @ANYRESHEX=0x0, @ANYBLOB='F\x00', @ANYRES64=0x0], 0x1, 0x2fb, &(0x7f0000000240)="$eJzs3b9u00AcB/DvnZ02pVUxbRESC6hQCZaKAgNiCUJZ2ZkQkKRShFVEWyRgIVSMiAdg5xV4CBYQLwAsTDxANqM7nx07OV9SSOImfD9SIud8f36H/91Zogci+m/drX//eOOX+gjAgwfgNiABVAEfwFmcqz7fO2wfhq2mqyJPl1AfgbikGMjT2GvZiqpyuoQRqF8+VrJpNBlRFN35UXYQVDp99VtIYNFch3p/dcpxjUt/5zrAhZJCKU3230B00cULrJYYDhERnQDm+S/NY2JFJwlICWyZx/5MP//7dcsOYLxuhgNJkbNA5vmvR3eRUMf3tN7Vm+/pKZzaL5NZ4ijBVPp+LyA+s3JjMGGfVf6MYiYWubTb9rHdeIOmxBFqRqbAhv5uxqduYki0m5a5qUNxbRXcOxX3Ro0ol/p3JyHttsPWotqwxL9+vBb/nfgsvooHIsAHNNPxnx8JdZj0kQr6jpSsqPivFde4rEupXDDT/lqtJnNZzuhGzpsWjCG9rNpnJNk6kxcEnTQCS5xHyYZuew351wpx73ZsDYhe5eu2UkH6a7CsbmsjV8ozZ8J242nofJXytzrOvUkXxXtxX2ziNz6hnhn/SxXfFjJXputWL3ROc2bE/Vmw5/R1zmDgydEL9mIagbHo7AcVON7bsnd4jFtYPXj56okXhq19tfHIsvFsZV+YlMpbwJpn8hseHHnQSVMiTz08XkfRqDVHkwz+6lgrVPePNEVdPrbM6ipLU+S0D9P8bfiw7ap/geuEnOhGMnQZS4VqoFWwayL3KDphDkRy0E3CwCCW5pwad4l4/qdH8mZUp+8z6itwjNPdk0zkatxJZ3D5oeCabewyZG6wXDyDy7R4vWDOqOdcl64AlzOJAs4WAx3n3BB1fMNDvv8nIiIiIiIiIiIiIiIiIiIiIiIiIpo10/gfC2X3kYiIiIiIiIiIiIiIiIiIiIiIiIiIiIho1o2+/u9Sb6Um29+I1+v/BkPX/80tAGwWiuL6v0Tl+BMAAP//CpR9aw==")
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f00000008c0)=""/54, 0x36)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
prctl$PR_SET_MM_AUXV(0x3c, 0xc, &(0x7f0000000000)="db", 0x1)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x60840, 0x8)
io_setup(0x3, &(0x7f0000000080)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000000440)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0xf00f, 0x4000000, 0x0, 0x0, r5}])
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r5, 0x84, 0x1e, &(0x7f0000000540)=0x10001, 0x4)
r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r7, 0x8914, &(0x7f0000000000))
ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(r4, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close-socket$inet6_mptcp-bind$inet6-listen-syz_emit_ethernet-syz_mount_image$hfs-open-getdents-syz_init_net_socket$bt_sco-socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-prctl$PR_SET_MM_AUXV-openat-io_setup-io_submit-setsockopt$inet_sctp_SCTP_AUTO_ASCONF-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-ioctl$sock_netrom_SIOCADDRT
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0800df", 0x14, 0x6, 0x0, @rand_addr=' \x01\x00', @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10, 0x9, 0x0, 0x10}}}}}}}, 0x0)
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x1000000, &(0x7f0000000180)=ANY=[@ANYBLOB="71756965742c696f636861727365743d69736f383835392d372c63726561746f723d8761b3312c636f6465706167653d6370313235302c7569643d", @ANYRESHEX=0x0, @ANYBLOB='F\x00', @ANYRES64=0x0], 0x1, 0x2fb, &(0x7f0000000240)="$eJzs3b9u00AcB/DvnZ02pVUxbRESC6hQCZaKAgNiCUJZ2ZkQkKRShFVEWyRgIVSMiAdg5xV4CBYQLwAsTDxANqM7nx07OV9SSOImfD9SIud8f36H/91Zogci+m/drX//eOOX+gjAgwfgNiABVAEfwFmcqz7fO2wfhq2mqyJPl1AfgbikGMjT2GvZiqpyuoQRqF8+VrJpNBlRFN35UXYQVDp99VtIYNFch3p/dcpxjUt/5zrAhZJCKU3230B00cULrJYYDhERnQDm+S/NY2JFJwlICWyZx/5MP//7dcsOYLxuhgNJkbNA5vmvR3eRUMf3tN7Vm+/pKZzaL5NZ4ijBVPp+LyA+s3JjMGGfVf6MYiYWubTb9rHdeIOmxBFqRqbAhv5uxqduYki0m5a5qUNxbRXcOxX3Ro0ol/p3JyHttsPWotqwxL9+vBb/nfgsvooHIsAHNNPxnx8JdZj0kQr6jpSsqPivFde4rEupXDDT/lqtJnNZzuhGzpsWjCG9rNpnJNk6kxcEnTQCS5xHyYZuew351wpx73ZsDYhe5eu2UkH6a7CsbmsjV8ozZ8J242nofJXytzrOvUkXxXtxX2ziNz6hnhn/SxXfFjJXputWL3ROc2bE/Vmw5/R1zmDgydEL9mIagbHo7AcVON7bsnd4jFtYPXj56okXhq19tfHIsvFsZV+YlMpbwJpn8hseHHnQSVMiTz08XkfRqDVHkwz+6lgrVPePNEVdPrbM6ipLU+S0D9P8bfiw7ap/geuEnOhGMnQZS4VqoFWwayL3KDphDkRy0E3CwCCW5pwad4l4/qdH8mZUp+8z6itwjNPdk0zkatxJZ3D5oeCabewyZG6wXDyDy7R4vWDOqOdcl64AlzOJAs4WAx3n3BB1fMNDvv8nIiIiIiIiIiIiIiIiIiIiIiIiIpo10/gfC2X3kYiIiIiIiIiIiIiIiIiIiIiIiIiIiIho1o2+/u9Sb6Um29+I1+v/BkPX/80tAGwWiuL6v0Tl+BMAAP//CpR9aw==")
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f00000008c0)=""/54, 0x36)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
prctl$PR_SET_MM_AUXV(0x3c, 0xc, &(0x7f0000000000)="db", 0x1)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x60840, 0x8)
io_setup(0x3, &(0x7f0000000080)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f0000000440)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0xf00f, 0x4000000, 0x0, 0x0, r4}])
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r4, 0x84, 0x1e, &(0x7f0000000540)=0x10001, 0x4)
r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r6, 0x8914, &(0x7f0000000000))
ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})

program did not crash
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close-socket$inet6_mptcp-bind$inet6-listen-syz_emit_ethernet-syz_mount_image$hfs-open-getdents-syz_init_net_socket$bt_sco-socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-prctl$PR_SET_MM_AUXV-openat-io_setup-io_submit-setsockopt$inet_sctp_SCTP_AUTO_ASCONF-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0800df", 0x14, 0x6, 0x0, @rand_addr=' \x01\x00', @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10, 0x9, 0x0, 0x10}}}}}}}, 0x0)
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x1000000, &(0x7f0000000180)=ANY=[@ANYBLOB="71756965742c696f636861727365743d69736f383835392d372c63726561746f723d8761b3312c636f6465706167653d6370313235302c7569643d", @ANYRESHEX=0x0, @ANYBLOB='F\x00', @ANYRES64=0x0], 0x1, 0x2fb, &(0x7f0000000240)="$eJzs3b9u00AcB/DvnZ02pVUxbRESC6hQCZaKAgNiCUJZ2ZkQkKRShFVEWyRgIVSMiAdg5xV4CBYQLwAsTDxANqM7nx07OV9SSOImfD9SIud8f36H/91Zogci+m/drX//eOOX+gjAgwfgNiABVAEfwFmcqz7fO2wfhq2mqyJPl1AfgbikGMjT2GvZiqpyuoQRqF8+VrJpNBlRFN35UXYQVDp99VtIYNFch3p/dcpxjUt/5zrAhZJCKU3230B00cULrJYYDhERnQDm+S/NY2JFJwlICWyZx/5MP//7dcsOYLxuhgNJkbNA5vmvR3eRUMf3tN7Vm+/pKZzaL5NZ4ijBVPp+LyA+s3JjMGGfVf6MYiYWubTb9rHdeIOmxBFqRqbAhv5uxqduYki0m5a5qUNxbRXcOxX3Ro0ol/p3JyHttsPWotqwxL9+vBb/nfgsvooHIsAHNNPxnx8JdZj0kQr6jpSsqPivFde4rEupXDDT/lqtJnNZzuhGzpsWjCG9rNpnJNk6kxcEnTQCS5xHyYZuew351wpx73ZsDYhe5eu2UkH6a7CsbmsjV8ozZ8J242nofJXytzrOvUkXxXtxX2ziNz6hnhn/SxXfFjJXputWL3ROc2bE/Vmw5/R1zmDgydEL9mIagbHo7AcVON7bsnd4jFtYPXj56okXhq19tfHIsvFsZV+YlMpbwJpn8hseHHnQSVMiTz08XkfRqDVHkwz+6lgrVPePNEVdPrbM6ipLU+S0D9P8bfiw7ap/geuEnOhGMnQZS4VqoFWwayL3KDphDkRy0E3CwCCW5pwad4l4/qdH8mZUp+8z6itwjNPdk0zkatxJZ3D5oeCabewyZG6wXDyDy7R4vWDOqOdcl64AlzOJAs4WAx3n3BB1fMNDvv8nIiIiIiIiIiIiIiIiIiIiIiIiIpo10/gfC2X3kYiIiIiIiIiIiIiIiIiIiIiIiIiIiIho1o2+/u9Sb6Um29+I1+v/BkPX/80tAGwWiuL6v0Tl+BMAAP//CpR9aw==")
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f00000008c0)=""/54, 0x36)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
prctl$PR_SET_MM_AUXV(0x3c, 0xc, &(0x7f0000000000)="db", 0x1)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x60840, 0x8)
io_setup(0x3, &(0x7f0000000080)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000000440)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0xf00f, 0x4000000, 0x0, 0x0, r5}])
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r5, 0x84, 0x1e, &(0x7f0000000540)=0x10001, 0x4)
r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r7, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(r4, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close-socket$inet6_mptcp-bind$inet6-listen-syz_emit_ethernet-syz_mount_image$hfs-open-getdents-syz_init_net_socket$bt_sco-socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-prctl$PR_SET_MM_AUXV-openat-io_setup-io_submit-setsockopt$inet_sctp_SCTP_AUTO_ASCONF-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0800df", 0x14, 0x6, 0x0, @rand_addr=' \x01\x00', @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10, 0x9, 0x0, 0x10}}}}}}}, 0x0)
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x1000000, &(0x7f0000000180)=ANY=[@ANYBLOB="71756965742c696f636861727365743d69736f383835392d372c63726561746f723d8761b3312c636f6465706167653d6370313235302c7569643d", @ANYRESHEX=0x0, @ANYBLOB='F\x00', @ANYRES64=0x0], 0x1, 0x2fb, &(0x7f0000000240)="$eJzs3b9u00AcB/DvnZ02pVUxbRESC6hQCZaKAgNiCUJZ2ZkQkKRShFVEWyRgIVSMiAdg5xV4CBYQLwAsTDxANqM7nx07OV9SSOImfD9SIud8f36H/91Zogci+m/drX//eOOX+gjAgwfgNiABVAEfwFmcqz7fO2wfhq2mqyJPl1AfgbikGMjT2GvZiqpyuoQRqF8+VrJpNBlRFN35UXYQVDp99VtIYNFch3p/dcpxjUt/5zrAhZJCKU3230B00cULrJYYDhERnQDm+S/NY2JFJwlICWyZx/5MP//7dcsOYLxuhgNJkbNA5vmvR3eRUMf3tN7Vm+/pKZzaL5NZ4ijBVPp+LyA+s3JjMGGfVf6MYiYWubTb9rHdeIOmxBFqRqbAhv5uxqduYki0m5a5qUNxbRXcOxX3Ro0ol/p3JyHttsPWotqwxL9+vBb/nfgsvooHIsAHNNPxnx8JdZj0kQr6jpSsqPivFde4rEupXDDT/lqtJnNZzuhGzpsWjCG9rNpnJNk6kxcEnTQCS5xHyYZuew351wpx73ZsDYhe5eu2UkH6a7CsbmsjV8ozZ8J242nofJXytzrOvUkXxXtxX2ziNz6hnhn/SxXfFjJXputWL3ROc2bE/Vmw5/R1zmDgydEL9mIagbHo7AcVON7bsnd4jFtYPXj56okXhq19tfHIsvFsZV+YlMpbwJpn8hseHHnQSVMiTz08XkfRqDVHkwz+6lgrVPePNEVdPrbM6ipLU+S0D9P8bfiw7ap/geuEnOhGMnQZS4VqoFWwayL3KDphDkRy0E3CwCCW5pwad4l4/qdH8mZUp+8z6itwjNPdk0zkatxJZ3D5oeCabewyZG6wXDyDy7R4vWDOqOdcl64AlzOJAs4WAx3n3BB1fMNDvv8nIiIiIiIiIiIiIiIiIiIiIiIiIpo10/gfC2X3kYiIiIiIiIiIiIiIiIiIiIiIiIiIiIho1o2+/u9Sb6Um29+I1+v/BkPX/80tAGwWiuL6v0Tl+BMAAP//CpR9aw==")
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f00000008c0)=""/54, 0x36)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
prctl$PR_SET_MM_AUXV(0x3c, 0xc, &(0x7f0000000000)="db", 0x1)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x60840, 0x8)
io_setup(0x3, &(0x7f0000000080)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000000440)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0xf00f, 0x4000000, 0x0, 0x0, r5}])
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r5, 0x84, 0x1e, &(0x7f0000000540)=0x10001, 0x4)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
setsockopt$ax25_SO_BINDTODEVICE(r4, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)

program did not crash
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close-socket$inet6_mptcp-bind$inet6-listen-syz_emit_ethernet-syz_mount_image$hfs-open-getdents-syz_init_net_socket$bt_sco-socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-prctl$PR_SET_MM_AUXV-openat-io_setup-io_submit-setsockopt$inet_sctp_SCTP_AUTO_ASCONF-syz_init_net_socket$bt_sco-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0800df", 0x14, 0x6, 0x0, @rand_addr=' \x01\x00', @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10, 0x9, 0x0, 0x10}}}}}}}, 0x0)
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x1000000, &(0x7f0000000180)=ANY=[@ANYBLOB="71756965742c696f636861727365743d69736f383835392d372c63726561746f723d8761b3312c636f6465706167653d6370313235302c7569643d", @ANYRESHEX=0x0, @ANYBLOB='F\x00', @ANYRES64=0x0], 0x1, 0x2fb, &(0x7f0000000240)="$eJzs3b9u00AcB/DvnZ02pVUxbRESC6hQCZaKAgNiCUJZ2ZkQkKRShFVEWyRgIVSMiAdg5xV4CBYQLwAsTDxANqM7nx07OV9SSOImfD9SIud8f36H/91Zogci+m/drX//eOOX+gjAgwfgNiABVAEfwFmcqz7fO2wfhq2mqyJPl1AfgbikGMjT2GvZiqpyuoQRqF8+VrJpNBlRFN35UXYQVDp99VtIYNFch3p/dcpxjUt/5zrAhZJCKU3230B00cULrJYYDhERnQDm+S/NY2JFJwlICWyZx/5MP//7dcsOYLxuhgNJkbNA5vmvR3eRUMf3tN7Vm+/pKZzaL5NZ4ijBVPp+LyA+s3JjMGGfVf6MYiYWubTb9rHdeIOmxBFqRqbAhv5uxqduYki0m5a5qUNxbRXcOxX3Ro0ol/p3JyHttsPWotqwxL9+vBb/nfgsvooHIsAHNNPxnx8JdZj0kQr6jpSsqPivFde4rEupXDDT/lqtJnNZzuhGzpsWjCG9rNpnJNk6kxcEnTQCS5xHyYZuew351wpx73ZsDYhe5eu2UkH6a7CsbmsjV8ozZ8J242nofJXytzrOvUkXxXtxX2ziNz6hnhn/SxXfFjJXputWL3ROc2bE/Vmw5/R1zmDgydEL9mIagbHo7AcVON7bsnd4jFtYPXj56okXhq19tfHIsvFsZV+YlMpbwJpn8hseHHnQSVMiTz08XkfRqDVHkwz+6lgrVPePNEVdPrbM6ipLU+S0D9P8bfiw7ap/geuEnOhGMnQZS4VqoFWwayL3KDphDkRy0E3CwCCW5pwad4l4/qdH8mZUp+8z6itwjNPdk0zkatxJZ3D5oeCabewyZG6wXDyDy7R4vWDOqOdcl64AlzOJAs4WAx3n3BB1fMNDvv8nIiIiIiIiIiIiIiIiIiIiIiIiIpo10/gfC2X3kYiIiIiIiIiIiIiIiIiIiIiIiIiIiIho1o2+/u9Sb6Um29+I1+v/BkPX/80tAGwWiuL6v0Tl+BMAAP//CpR9aw==")
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f00000008c0)=""/54, 0x36)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
prctl$PR_SET_MM_AUXV(0x3c, 0xc, &(0x7f0000000000)="db", 0x1)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x60840, 0x8)
io_setup(0x3, &(0x7f0000000080)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000000440)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0xf00f, 0x4000000, 0x0, 0x0, r5}])
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r5, 0x84, 0x1e, &(0x7f0000000540)=0x10001, 0x4)
r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_netdev_private(r7, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(r4, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)

program did not crash
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close-socket$inet6_mptcp-bind$inet6-listen-syz_emit_ethernet-syz_mount_image$hfs-open-getdents-syz_init_net_socket$bt_sco-socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-prctl$PR_SET_MM_AUXV-openat-io_setup-io_submit-setsockopt$inet_sctp_SCTP_AUTO_ASCONF-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0800df", 0x14, 0x6, 0x0, @rand_addr=' \x01\x00', @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10, 0x9, 0x0, 0x10}}}}}}}, 0x0)
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x1000000, &(0x7f0000000180)=ANY=[@ANYBLOB="71756965742c696f636861727365743d69736f383835392d372c63726561746f723d8761b3312c636f6465706167653d6370313235302c7569643d", @ANYRESHEX=0x0, @ANYBLOB='F\x00', @ANYRES64=0x0], 0x1, 0x2fb, &(0x7f0000000240)="$eJzs3b9u00AcB/DvnZ02pVUxbRESC6hQCZaKAgNiCUJZ2ZkQkKRShFVEWyRgIVSMiAdg5xV4CBYQLwAsTDxANqM7nx07OV9SSOImfD9SIud8f36H/91Zogci+m/drX//eOOX+gjAgwfgNiABVAEfwFmcqz7fO2wfhq2mqyJPl1AfgbikGMjT2GvZiqpyuoQRqF8+VrJpNBlRFN35UXYQVDp99VtIYNFch3p/dcpxjUt/5zrAhZJCKU3230B00cULrJYYDhERnQDm+S/NY2JFJwlICWyZx/5MP//7dcsOYLxuhgNJkbNA5vmvR3eRUMf3tN7Vm+/pKZzaL5NZ4ijBVPp+LyA+s3JjMGGfVf6MYiYWubTb9rHdeIOmxBFqRqbAhv5uxqduYki0m5a5qUNxbRXcOxX3Ro0ol/p3JyHttsPWotqwxL9+vBb/nfgsvooHIsAHNNPxnx8JdZj0kQr6jpSsqPivFde4rEupXDDT/lqtJnNZzuhGzpsWjCG9rNpnJNk6kxcEnTQCS5xHyYZuew351wpx73ZsDYhe5eu2UkH6a7CsbmsjV8ozZ8J242nofJXytzrOvUkXxXtxX2ziNz6hnhn/SxXfFjJXputWL3ROc2bE/Vmw5/R1zmDgydEL9mIagbHo7AcVON7bsnd4jFtYPXj56okXhq19tfHIsvFsZV+YlMpbwJpn8hseHHnQSVMiTz08XkfRqDVHkwz+6lgrVPePNEVdPrbM6ipLU+S0D9P8bfiw7ap/geuEnOhGMnQZS4VqoFWwayL3KDphDkRy0E3CwCCW5pwad4l4/qdH8mZUp+8z6itwjNPdk0zkatxJZ3D5oeCabewyZG6wXDyDy7R4vWDOqOdcl64AlzOJAs4WAx3n3BB1fMNDvv8nIiIiIiIiIiIiIiIiIiIiIiIiIpo10/gfC2X3kYiIiIiIiIiIiIiIiIiIiIiIiIiIiIho1o2+/u9Sb6Um29+I1+v/BkPX/80tAGwWiuL6v0Tl+BMAAP//CpR9aw==")
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f00000008c0)=""/54, 0x36)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
prctl$PR_SET_MM_AUXV(0x3c, 0xc, &(0x7f0000000000)="db", 0x1)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x60840, 0x8)
io_setup(0x3, &(0x7f0000000080)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000000440)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0xf00f, 0x4000000, 0x0, 0x0, r5}])
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r5, 0x84, 0x1e, &(0x7f0000000540)=0x10001, 0x4)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(0xffffffffffffffff, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(r4, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)

program did not crash
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close-socket$inet6_mptcp-bind$inet6-listen-syz_emit_ethernet-syz_mount_image$hfs-open-getdents-syz_init_net_socket$bt_sco-socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-prctl$PR_SET_MM_AUXV-openat-io_setup-io_submit-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0800df", 0x14, 0x6, 0x0, @rand_addr=' \x01\x00', @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10, 0x9, 0x0, 0x10}}}}}}}, 0x0)
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x1000000, &(0x7f0000000180)=ANY=[@ANYBLOB="71756965742c696f636861727365743d69736f383835392d372c63726561746f723d8761b3312c636f6465706167653d6370313235302c7569643d", @ANYRESHEX=0x0, @ANYBLOB='F\x00', @ANYRES64=0x0], 0x1, 0x2fb, &(0x7f0000000240)="$eJzs3b9u00AcB/DvnZ02pVUxbRESC6hQCZaKAgNiCUJZ2ZkQkKRShFVEWyRgIVSMiAdg5xV4CBYQLwAsTDxANqM7nx07OV9SSOImfD9SIud8f36H/91Zogci+m/drX//eOOX+gjAgwfgNiABVAEfwFmcqz7fO2wfhq2mqyJPl1AfgbikGMjT2GvZiqpyuoQRqF8+VrJpNBlRFN35UXYQVDp99VtIYNFch3p/dcpxjUt/5zrAhZJCKU3230B00cULrJYYDhERnQDm+S/NY2JFJwlICWyZx/5MP//7dcsOYLxuhgNJkbNA5vmvR3eRUMf3tN7Vm+/pKZzaL5NZ4ijBVPp+LyA+s3JjMGGfVf6MYiYWubTb9rHdeIOmxBFqRqbAhv5uxqduYki0m5a5qUNxbRXcOxX3Ro0ol/p3JyHttsPWotqwxL9+vBb/nfgsvooHIsAHNNPxnx8JdZj0kQr6jpSsqPivFde4rEupXDDT/lqtJnNZzuhGzpsWjCG9rNpnJNk6kxcEnTQCS5xHyYZuew351wpx73ZsDYhe5eu2UkH6a7CsbmsjV8ozZ8J242nofJXytzrOvUkXxXtxX2ziNz6hnhn/SxXfFjJXputWL3ROc2bE/Vmw5/R1zmDgydEL9mIagbHo7AcVON7bsnd4jFtYPXj56okXhq19tfHIsvFsZV+YlMpbwJpn8hseHHnQSVMiTz08XkfRqDVHkwz+6lgrVPePNEVdPrbM6ipLU+S0D9P8bfiw7ap/geuEnOhGMnQZS4VqoFWwayL3KDphDkRy0E3CwCCW5pwad4l4/qdH8mZUp+8z6itwjNPdk0zkatxJZ3D5oeCabewyZG6wXDyDy7R4vWDOqOdcl64AlzOJAs4WAx3n3BB1fMNDvv8nIiIiIiIiIiIiIiIiIiIiIiIiIpo10/gfC2X3kYiIiIiIiIiIiIiIiIiIiIiIiIiIiIho1o2+/u9Sb6Um29+I1+v/BkPX/80tAGwWiuL6v0Tl+BMAAP//CpR9aw==")
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f00000008c0)=""/54, 0x36)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
prctl$PR_SET_MM_AUXV(0x3c, 0xc, &(0x7f0000000000)="db", 0x1)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x60840, 0x8)
io_setup(0x3, &(0x7f0000000080)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000000440)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0xf00f, 0x4000000, 0x0, 0x0, r5}])
r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r7, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(r4, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close-socket$inet6_mptcp-bind$inet6-listen-syz_emit_ethernet-syz_mount_image$hfs-open-getdents-syz_init_net_socket$bt_sco-socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-prctl$PR_SET_MM_AUXV-openat-io_setup-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0800df", 0x14, 0x6, 0x0, @rand_addr=' \x01\x00', @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10, 0x9, 0x0, 0x10}}}}}}}, 0x0)
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x1000000, &(0x7f0000000180)=ANY=[@ANYBLOB="71756965742c696f636861727365743d69736f383835392d372c63726561746f723d8761b3312c636f6465706167653d6370313235302c7569643d", @ANYRESHEX=0x0, @ANYBLOB='F\x00', @ANYRES64=0x0], 0x1, 0x2fb, &(0x7f0000000240)="$eJzs3b9u00AcB/DvnZ02pVUxbRESC6hQCZaKAgNiCUJZ2ZkQkKRShFVEWyRgIVSMiAdg5xV4CBYQLwAsTDxANqM7nx07OV9SSOImfD9SIud8f36H/91Zogci+m/drX//eOOX+gjAgwfgNiABVAEfwFmcqz7fO2wfhq2mqyJPl1AfgbikGMjT2GvZiqpyuoQRqF8+VrJpNBlRFN35UXYQVDp99VtIYNFch3p/dcpxjUt/5zrAhZJCKU3230B00cULrJYYDhERnQDm+S/NY2JFJwlICWyZx/5MP//7dcsOYLxuhgNJkbNA5vmvR3eRUMf3tN7Vm+/pKZzaL5NZ4ijBVPp+LyA+s3JjMGGfVf6MYiYWubTb9rHdeIOmxBFqRqbAhv5uxqduYki0m5a5qUNxbRXcOxX3Ro0ol/p3JyHttsPWotqwxL9+vBb/nfgsvooHIsAHNNPxnx8JdZj0kQr6jpSsqPivFde4rEupXDDT/lqtJnNZzuhGzpsWjCG9rNpnJNk6kxcEnTQCS5xHyYZuew351wpx73ZsDYhe5eu2UkH6a7CsbmsjV8ozZ8J242nofJXytzrOvUkXxXtxX2ziNz6hnhn/SxXfFjJXputWL3ROc2bE/Vmw5/R1zmDgydEL9mIagbHo7AcVON7bsnd4jFtYPXj56okXhq19tfHIsvFsZV+YlMpbwJpn8hseHHnQSVMiTz08XkfRqDVHkwz+6lgrVPePNEVdPrbM6ipLU+S0D9P8bfiw7ap/geuEnOhGMnQZS4VqoFWwayL3KDphDkRy0E3CwCCW5pwad4l4/qdH8mZUp+8z6itwjNPdk0zkatxJZ3D5oeCabewyZG6wXDyDy7R4vWDOqOdcl64AlzOJAs4WAx3n3BB1fMNDvv8nIiIiIiIiIiIiIiIiIiIiIiIiIpo10/gfC2X3kYiIiIiIiIiIiIiIiIiIiIiIiIiIiIho1o2+/u9Sb6Um29+I1+v/BkPX/80tAGwWiuL6v0Tl+BMAAP//CpR9aw==")
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f00000008c0)=""/54, 0x36)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
prctl$PR_SET_MM_AUXV(0x3c, 0xc, &(0x7f0000000000)="db", 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x60840, 0x8)
io_setup(0x3, &(0x7f0000000080))
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r5, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(r4, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close-socket$inet6_mptcp-bind$inet6-listen-syz_emit_ethernet-syz_mount_image$hfs-open-getdents-syz_init_net_socket$bt_sco-socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-prctl$PR_SET_MM_AUXV-openat-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0800df", 0x14, 0x6, 0x0, @rand_addr=' \x01\x00', @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10, 0x9, 0x0, 0x10}}}}}}}, 0x0)
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x1000000, &(0x7f0000000180)=ANY=[@ANYBLOB="71756965742c696f636861727365743d69736f383835392d372c63726561746f723d8761b3312c636f6465706167653d6370313235302c7569643d", @ANYRESHEX=0x0, @ANYBLOB='F\x00', @ANYRES64=0x0], 0x1, 0x2fb, &(0x7f0000000240)="$eJzs3b9u00AcB/DvnZ02pVUxbRESC6hQCZaKAgNiCUJZ2ZkQkKRShFVEWyRgIVSMiAdg5xV4CBYQLwAsTDxANqM7nx07OV9SSOImfD9SIud8f36H/91Zogci+m/drX//eOOX+gjAgwfgNiABVAEfwFmcqz7fO2wfhq2mqyJPl1AfgbikGMjT2GvZiqpyuoQRqF8+VrJpNBlRFN35UXYQVDp99VtIYNFch3p/dcpxjUt/5zrAhZJCKU3230B00cULrJYYDhERnQDm+S/NY2JFJwlICWyZx/5MP//7dcsOYLxuhgNJkbNA5vmvR3eRUMf3tN7Vm+/pKZzaL5NZ4ijBVPp+LyA+s3JjMGGfVf6MYiYWubTb9rHdeIOmxBFqRqbAhv5uxqduYki0m5a5qUNxbRXcOxX3Ro0ol/p3JyHttsPWotqwxL9+vBb/nfgsvooHIsAHNNPxnx8JdZj0kQr6jpSsqPivFde4rEupXDDT/lqtJnNZzuhGzpsWjCG9rNpnJNk6kxcEnTQCS5xHyYZuew351wpx73ZsDYhe5eu2UkH6a7CsbmsjV8ozZ8J242nofJXytzrOvUkXxXtxX2ziNz6hnhn/SxXfFjJXputWL3ROc2bE/Vmw5/R1zmDgydEL9mIagbHo7AcVON7bsnd4jFtYPXj56okXhq19tfHIsvFsZV+YlMpbwJpn8hseHHnQSVMiTz08XkfRqDVHkwz+6lgrVPePNEVdPrbM6ipLU+S0D9P8bfiw7ap/geuEnOhGMnQZS4VqoFWwayL3KDphDkRy0E3CwCCW5pwad4l4/qdH8mZUp+8z6itwjNPdk0zkatxJZ3D5oeCabewyZG6wXDyDy7R4vWDOqOdcl64AlzOJAs4WAx3n3BB1fMNDvv8nIiIiIiIiIiIiIiIiIiIiIiIiIpo10/gfC2X3kYiIiIiIiIiIiIiIiIiIiIiIiIiIiIho1o2+/u9Sb6Um29+I1+v/BkPX/80tAGwWiuL6v0Tl+BMAAP//CpR9aw==")
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f00000008c0)=""/54, 0x36)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
prctl$PR_SET_MM_AUXV(0x3c, 0xc, &(0x7f0000000000)="db", 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x60840, 0x8)
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r5, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(r4, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close-socket$inet6_mptcp-bind$inet6-listen-syz_emit_ethernet-syz_mount_image$hfs-open-getdents-syz_init_net_socket$bt_sco-socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-prctl$PR_SET_MM_AUXV-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0800df", 0x14, 0x6, 0x0, @rand_addr=' \x01\x00', @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10, 0x9, 0x0, 0x10}}}}}}}, 0x0)
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x1000000, &(0x7f0000000180)=ANY=[@ANYBLOB="71756965742c696f636861727365743d69736f383835392d372c63726561746f723d8761b3312c636f6465706167653d6370313235302c7569643d", @ANYRESHEX=0x0, @ANYBLOB='F\x00', @ANYRES64=0x0], 0x1, 0x2fb, &(0x7f0000000240)="$eJzs3b9u00AcB/DvnZ02pVUxbRESC6hQCZaKAgNiCUJZ2ZkQkKRShFVEWyRgIVSMiAdg5xV4CBYQLwAsTDxANqM7nx07OV9SSOImfD9SIud8f36H/91Zogci+m/drX//eOOX+gjAgwfgNiABVAEfwFmcqz7fO2wfhq2mqyJPl1AfgbikGMjT2GvZiqpyuoQRqF8+VrJpNBlRFN35UXYQVDp99VtIYNFch3p/dcpxjUt/5zrAhZJCKU3230B00cULrJYYDhERnQDm+S/NY2JFJwlICWyZx/5MP//7dcsOYLxuhgNJkbNA5vmvR3eRUMf3tN7Vm+/pKZzaL5NZ4ijBVPp+LyA+s3JjMGGfVf6MYiYWubTb9rHdeIOmxBFqRqbAhv5uxqduYki0m5a5qUNxbRXcOxX3Ro0ol/p3JyHttsPWotqwxL9+vBb/nfgsvooHIsAHNNPxnx8JdZj0kQr6jpSsqPivFde4rEupXDDT/lqtJnNZzuhGzpsWjCG9rNpnJNk6kxcEnTQCS5xHyYZuew351wpx73ZsDYhe5eu2UkH6a7CsbmsjV8ozZ8J242nofJXytzrOvUkXxXtxX2ziNz6hnhn/SxXfFjJXputWL3ROc2bE/Vmw5/R1zmDgydEL9mIagbHo7AcVON7bsnd4jFtYPXj56okXhq19tfHIsvFsZV+YlMpbwJpn8hseHHnQSVMiTz08XkfRqDVHkwz+6lgrVPePNEVdPrbM6ipLU+S0D9P8bfiw7ap/geuEnOhGMnQZS4VqoFWwayL3KDphDkRy0E3CwCCW5pwad4l4/qdH8mZUp+8z6itwjNPdk0zkatxJZ3D5oeCabewyZG6wXDyDy7R4vWDOqOdcl64AlzOJAs4WAx3n3BB1fMNDvv8nIiIiIiIiIiIiIiIiIiIiIiIiIpo10/gfC2X3kYiIiIiIiIiIiIiIiIiIiIiIiIiIiIho1o2+/u9Sb6Um29+I1+v/BkPX/80tAGwWiuL6v0Tl+BMAAP//CpR9aw==")
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f00000008c0)=""/54, 0x36)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
prctl$PR_SET_MM_AUXV(0x3c, 0xc, &(0x7f0000000000)="db", 0x1)
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r5, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(r4, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close-socket$inet6_mptcp-bind$inet6-listen-syz_emit_ethernet-syz_mount_image$hfs-open-getdents-syz_init_net_socket$bt_sco-socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0800df", 0x14, 0x6, 0x0, @rand_addr=' \x01\x00', @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10, 0x9, 0x0, 0x10}}}}}}}, 0x0)
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x1000000, &(0x7f0000000180)=ANY=[@ANYBLOB="71756965742c696f636861727365743d69736f383835392d372c63726561746f723d8761b3312c636f6465706167653d6370313235302c7569643d", @ANYRESHEX=0x0, @ANYBLOB='F\x00', @ANYRES64=0x0], 0x1, 0x2fb, &(0x7f0000000240)="$eJzs3b9u00AcB/DvnZ02pVUxbRESC6hQCZaKAgNiCUJZ2ZkQkKRShFVEWyRgIVSMiAdg5xV4CBYQLwAsTDxANqM7nx07OV9SSOImfD9SIud8f36H/91Zogci+m/drX//eOOX+gjAgwfgNiABVAEfwFmcqz7fO2wfhq2mqyJPl1AfgbikGMjT2GvZiqpyuoQRqF8+VrJpNBlRFN35UXYQVDp99VtIYNFch3p/dcpxjUt/5zrAhZJCKU3230B00cULrJYYDhERnQDm+S/NY2JFJwlICWyZx/5MP//7dcsOYLxuhgNJkbNA5vmvR3eRUMf3tN7Vm+/pKZzaL5NZ4ijBVPp+LyA+s3JjMGGfVf6MYiYWubTb9rHdeIOmxBFqRqbAhv5uxqduYki0m5a5qUNxbRXcOxX3Ro0ol/p3JyHttsPWotqwxL9+vBb/nfgsvooHIsAHNNPxnx8JdZj0kQr6jpSsqPivFde4rEupXDDT/lqtJnNZzuhGzpsWjCG9rNpnJNk6kxcEnTQCS5xHyYZuew351wpx73ZsDYhe5eu2UkH6a7CsbmsjV8ozZ8J242nofJXytzrOvUkXxXtxX2ziNz6hnhn/SxXfFjJXputWL3ROc2bE/Vmw5/R1zmDgydEL9mIagbHo7AcVON7bsnd4jFtYPXj56okXhq19tfHIsvFsZV+YlMpbwJpn8hseHHnQSVMiTz08XkfRqDVHkwz+6lgrVPePNEVdPrbM6ipLU+S0D9P8bfiw7ap/geuEnOhGMnQZS4VqoFWwayL3KDphDkRy0E3CwCCW5pwad4l4/qdH8mZUp+8z6itwjNPdk0zkatxJZ3D5oeCabewyZG6wXDyDy7R4vWDOqOdcl64AlzOJAs4WAx3n3BB1fMNDvv8nIiIiIiIiIiIiIiIiIiIiIiIiIpo10/gfC2X3kYiIiIiIiIiIiIiIiIiIiIiIiIiIiIho1o2+/u9Sb6Um29+I1+v/BkPX/80tAGwWiuL6v0Tl+BMAAP//CpR9aw==")
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f00000008c0)=""/54, 0x36)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r5, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(r4, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close-socket$inet6_mptcp-bind$inet6-listen-syz_emit_ethernet-syz_mount_image$hfs-open-getdents-syz_init_net_socket$bt_sco-socketpair$unix-syz_init_net_socket$ax25-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0800df", 0x14, 0x6, 0x0, @rand_addr=' \x01\x00', @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10, 0x9, 0x0, 0x10}}}}}}}, 0x0)
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x1000000, &(0x7f0000000180)=ANY=[@ANYBLOB="71756965742c696f636861727365743d69736f383835392d372c63726561746f723d8761b3312c636f6465706167653d6370313235302c7569643d", @ANYRESHEX=0x0, @ANYBLOB='F\x00', @ANYRES64=0x0], 0x1, 0x2fb, &(0x7f0000000240)="$eJzs3b9u00AcB/DvnZ02pVUxbRESC6hQCZaKAgNiCUJZ2ZkQkKRShFVEWyRgIVSMiAdg5xV4CBYQLwAsTDxANqM7nx07OV9SSOImfD9SIud8f36H/91Zogci+m/drX//eOOX+gjAgwfgNiABVAEfwFmcqz7fO2wfhq2mqyJPl1AfgbikGMjT2GvZiqpyuoQRqF8+VrJpNBlRFN35UXYQVDp99VtIYNFch3p/dcpxjUt/5zrAhZJCKU3230B00cULrJYYDhERnQDm+S/NY2JFJwlICWyZx/5MP//7dcsOYLxuhgNJkbNA5vmvR3eRUMf3tN7Vm+/pKZzaL5NZ4ijBVPp+LyA+s3JjMGGfVf6MYiYWubTb9rHdeIOmxBFqRqbAhv5uxqduYki0m5a5qUNxbRXcOxX3Ro0ol/p3JyHttsPWotqwxL9+vBb/nfgsvooHIsAHNNPxnx8JdZj0kQr6jpSsqPivFde4rEupXDDT/lqtJnNZzuhGzpsWjCG9rNpnJNk6kxcEnTQCS5xHyYZuew351wpx73ZsDYhe5eu2UkH6a7CsbmsjV8ozZ8J242nofJXytzrOvUkXxXtxX2ziNz6hnhn/SxXfFjJXputWL3ROc2bE/Vmw5/R1zmDgydEL9mIagbHo7AcVON7bsnd4jFtYPXj56okXhq19tfHIsvFsZV+YlMpbwJpn8hseHHnQSVMiTz08XkfRqDVHkwz+6lgrVPePNEVdPrbM6ipLU+S0D9P8bfiw7ap/geuEnOhGMnQZS4VqoFWwayL3KDphDkRy0E3CwCCW5pwad4l4/qdH8mZUp+8z6itwjNPdk0zkatxJZ3D5oeCabewyZG6wXDyDy7R4vWDOqOdcl64AlzOJAs4WAx3n3BB1fMNDvv8nIiIiIiIiIiIiIiIiIiIiIiIiIpo10/gfC2X3kYiIiIiIiIiIiIiIiIiIiIiIiIiIiIho1o2+/u9Sb6Um29+I1+v/BkPX/80tAGwWiuL6v0Tl+BMAAP//CpR9aw==")
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f00000008c0)=""/54, 0x36)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0))
r3 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r4, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(r3, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)

program did not crash
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close-socket$inet6_mptcp-bind$inet6-listen-syz_emit_ethernet-syz_mount_image$hfs-open-getdents-syz_init_net_socket$bt_sco-socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0800df", 0x14, 0x6, 0x0, @rand_addr=' \x01\x00', @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10, 0x9, 0x0, 0x10}}}}}}}, 0x0)
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x1000000, &(0x7f0000000180)=ANY=[@ANYBLOB="71756965742c696f636861727365743d69736f383835392d372c63726561746f723d8761b3312c636f6465706167653d6370313235302c7569643d", @ANYRESHEX=0x0, @ANYBLOB='F\x00', @ANYRES64=0x0], 0x1, 0x2fb, &(0x7f0000000240)="$eJzs3b9u00AcB/DvnZ02pVUxbRESC6hQCZaKAgNiCUJZ2ZkQkKRShFVEWyRgIVSMiAdg5xV4CBYQLwAsTDxANqM7nx07OV9SSOImfD9SIud8f36H/91Zogci+m/drX//eOOX+gjAgwfgNiABVAEfwFmcqz7fO2wfhq2mqyJPl1AfgbikGMjT2GvZiqpyuoQRqF8+VrJpNBlRFN35UXYQVDp99VtIYNFch3p/dcpxjUt/5zrAhZJCKU3230B00cULrJYYDhERnQDm+S/NY2JFJwlICWyZx/5MP//7dcsOYLxuhgNJkbNA5vmvR3eRUMf3tN7Vm+/pKZzaL5NZ4ijBVPp+LyA+s3JjMGGfVf6MYiYWubTb9rHdeIOmxBFqRqbAhv5uxqduYki0m5a5qUNxbRXcOxX3Ro0ol/p3JyHttsPWotqwxL9+vBb/nfgsvooHIsAHNNPxnx8JdZj0kQr6jpSsqPivFde4rEupXDDT/lqtJnNZzuhGzpsWjCG9rNpnJNk6kxcEnTQCS5xHyYZuew351wpx73ZsDYhe5eu2UkH6a7CsbmsjV8ozZ8J242nofJXytzrOvUkXxXtxX2ziNz6hnhn/SxXfFjJXputWL3ROc2bE/Vmw5/R1zmDgydEL9mIagbHo7AcVON7bsnd4jFtYPXj56okXhq19tfHIsvFsZV+YlMpbwJpn8hseHHnQSVMiTz08XkfRqDVHkwz+6lgrVPePNEVdPrbM6ipLU+S0D9P8bfiw7ap/geuEnOhGMnQZS4VqoFWwayL3KDphDkRy0E3CwCCW5pwad4l4/qdH8mZUp+8z6itwjNPdk0zkatxJZ3D5oeCabewyZG6wXDyDy7R4vWDOqOdcl64AlzOJAs4WAx3n3BB1fMNDvv8nIiIiIiIiIiIiIiIiIiIiIiIiIpo10/gfC2X3kYiIiIiIiIiIiIiIiIiIiIiIiIiIiIho1o2+/u9Sb6Um29+I1+v/BkPX/80tAGwWiuL6v0Tl+BMAAP//CpR9aw==")
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f00000008c0)=""/54, 0x36)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r4, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)

program did not crash
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close-socket$inet6_mptcp-bind$inet6-listen-syz_emit_ethernet-syz_mount_image$hfs-open-getdents-syz_init_net_socket$bt_sco-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0800df", 0x14, 0x6, 0x0, @rand_addr=' \x01\x00', @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10, 0x9, 0x0, 0x10}}}}}}}, 0x0)
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x1000000, &(0x7f0000000180)=ANY=[@ANYBLOB="71756965742c696f636861727365743d69736f383835392d372c63726561746f723d8761b3312c636f6465706167653d6370313235302c7569643d", @ANYRESHEX=0x0, @ANYBLOB='F\x00', @ANYRES64=0x0], 0x1, 0x2fb, &(0x7f0000000240)="$eJzs3b9u00AcB/DvnZ02pVUxbRESC6hQCZaKAgNiCUJZ2ZkQkKRShFVEWyRgIVSMiAdg5xV4CBYQLwAsTDxANqM7nx07OV9SSOImfD9SIud8f36H/91Zogci+m/drX//eOOX+gjAgwfgNiABVAEfwFmcqz7fO2wfhq2mqyJPl1AfgbikGMjT2GvZiqpyuoQRqF8+VrJpNBlRFN35UXYQVDp99VtIYNFch3p/dcpxjUt/5zrAhZJCKU3230B00cULrJYYDhERnQDm+S/NY2JFJwlICWyZx/5MP//7dcsOYLxuhgNJkbNA5vmvR3eRUMf3tN7Vm+/pKZzaL5NZ4ijBVPp+LyA+s3JjMGGfVf6MYiYWubTb9rHdeIOmxBFqRqbAhv5uxqduYki0m5a5qUNxbRXcOxX3Ro0ol/p3JyHttsPWotqwxL9+vBb/nfgsvooHIsAHNNPxnx8JdZj0kQr6jpSsqPivFde4rEupXDDT/lqtJnNZzuhGzpsWjCG9rNpnJNk6kxcEnTQCS5xHyYZuew351wpx73ZsDYhe5eu2UkH6a7CsbmsjV8ozZ8J242nofJXytzrOvUkXxXtxX2ziNz6hnhn/SxXfFjJXputWL3ROc2bE/Vmw5/R1zmDgydEL9mIagbHo7AcVON7bsnd4jFtYPXj56okXhq19tfHIsvFsZV+YlMpbwJpn8hseHHnQSVMiTz08XkfRqDVHkwz+6lgrVPePNEVdPrbM6ipLU+S0D9P8bfiw7ap/geuEnOhGMnQZS4VqoFWwayL3KDphDkRy0E3CwCCW5pwad4l4/qdH8mZUp+8z6itwjNPdk0zkatxJZ3D5oeCabewyZG6wXDyDy7R4vWDOqOdcl64AlzOJAs4WAx3n3BB1fMNDvv8nIiIiIiIiIiIiIiIiIiIiIiIiIpo10/gfC2X3kYiIiIiIiIiIiIiIiIiIiIiIiIiIiIho1o2+/u9Sb6Um29+I1+v/BkPX/80tAGwWiuL6v0Tl+BMAAP//CpR9aw==")
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f00000008c0)=""/54, 0x36)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r3 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r4, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(r3, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)

program did not crash
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close-socket$inet6_mptcp-bind$inet6-listen-syz_emit_ethernet-syz_mount_image$hfs-open-getdents-socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0800df", 0x14, 0x6, 0x0, @rand_addr=' \x01\x00', @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10, 0x9, 0x0, 0x10}}}}}}}, 0x0)
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x1000000, &(0x7f0000000180)=ANY=[@ANYBLOB="71756965742c696f636861727365743d69736f383835392d372c63726561746f723d8761b3312c636f6465706167653d6370313235302c7569643d", @ANYRESHEX=0x0, @ANYBLOB='F\x00', @ANYRES64=0x0], 0x1, 0x2fb, &(0x7f0000000240)="$eJzs3b9u00AcB/DvnZ02pVUxbRESC6hQCZaKAgNiCUJZ2ZkQkKRShFVEWyRgIVSMiAdg5xV4CBYQLwAsTDxANqM7nx07OV9SSOImfD9SIud8f36H/91Zogci+m/drX//eOOX+gjAgwfgNiABVAEfwFmcqz7fO2wfhq2mqyJPl1AfgbikGMjT2GvZiqpyuoQRqF8+VrJpNBlRFN35UXYQVDp99VtIYNFch3p/dcpxjUt/5zrAhZJCKU3230B00cULrJYYDhERnQDm+S/NY2JFJwlICWyZx/5MP//7dcsOYLxuhgNJkbNA5vmvR3eRUMf3tN7Vm+/pKZzaL5NZ4ijBVPp+LyA+s3JjMGGfVf6MYiYWubTb9rHdeIOmxBFqRqbAhv5uxqduYki0m5a5qUNxbRXcOxX3Ro0ol/p3JyHttsPWotqwxL9+vBb/nfgsvooHIsAHNNPxnx8JdZj0kQr6jpSsqPivFde4rEupXDDT/lqtJnNZzuhGzpsWjCG9rNpnJNk6kxcEnTQCS5xHyYZuew351wpx73ZsDYhe5eu2UkH6a7CsbmsjV8ozZ8J242nofJXytzrOvUkXxXtxX2ziNz6hnhn/SxXfFjJXputWL3ROc2bE/Vmw5/R1zmDgydEL9mIagbHo7AcVON7bsnd4jFtYPXj56okXhq19tfHIsvFsZV+YlMpbwJpn8hseHHnQSVMiTz08XkfRqDVHkwz+6lgrVPePNEVdPrbM6ipLU+S0D9P8bfiw7ap/geuEnOhGMnQZS4VqoFWwayL3KDphDkRy0E3CwCCW5pwad4l4/qdH8mZUp+8z6itwjNPdk0zkatxJZ3D5oeCabewyZG6wXDyDy7R4vWDOqOdcl64AlzOJAs4WAx3n3BB1fMNDvv8nIiIiIiIiIiIiIiIiIiIiIiIiIpo10/gfC2X3kYiIiIiIiIiIiIiIiIiIiIiIiIiIiIho1o2+/u9Sb6Um29+I1+v/BkPX/80tAGwWiuL6v0Tl+BMAAP//CpR9aw==")
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f00000008c0)=""/54, 0x36)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r5, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(r4, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close-socket$inet6_mptcp-bind$inet6-listen-syz_emit_ethernet-syz_mount_image$hfs-open-socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0800df", 0x14, 0x6, 0x0, @rand_addr=' \x01\x00', @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10, 0x9, 0x0, 0x10}}}}}}}, 0x0)
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x1000000, &(0x7f0000000180)=ANY=[@ANYBLOB="71756965742c696f636861727365743d69736f383835392d372c63726561746f723d8761b3312c636f6465706167653d6370313235302c7569643d", @ANYRESHEX=0x0, @ANYBLOB='F\x00', @ANYRES64=0x0], 0x1, 0x2fb, &(0x7f0000000240)="$eJzs3b9u00AcB/DvnZ02pVUxbRESC6hQCZaKAgNiCUJZ2ZkQkKRShFVEWyRgIVSMiAdg5xV4CBYQLwAsTDxANqM7nx07OV9SSOImfD9SIud8f36H/91Zogci+m/drX//eOOX+gjAgwfgNiABVAEfwFmcqz7fO2wfhq2mqyJPl1AfgbikGMjT2GvZiqpyuoQRqF8+VrJpNBlRFN35UXYQVDp99VtIYNFch3p/dcpxjUt/5zrAhZJCKU3230B00cULrJYYDhERnQDm+S/NY2JFJwlICWyZx/5MP//7dcsOYLxuhgNJkbNA5vmvR3eRUMf3tN7Vm+/pKZzaL5NZ4ijBVPp+LyA+s3JjMGGfVf6MYiYWubTb9rHdeIOmxBFqRqbAhv5uxqduYki0m5a5qUNxbRXcOxX3Ro0ol/p3JyHttsPWotqwxL9+vBb/nfgsvooHIsAHNNPxnx8JdZj0kQr6jpSsqPivFde4rEupXDDT/lqtJnNZzuhGzpsWjCG9rNpnJNk6kxcEnTQCS5xHyYZuew351wpx73ZsDYhe5eu2UkH6a7CsbmsjV8ozZ8J242nofJXytzrOvUkXxXtxX2ziNz6hnhn/SxXfFjJXputWL3ROc2bE/Vmw5/R1zmDgydEL9mIagbHo7AcVON7bsnd4jFtYPXj56okXhq19tfHIsvFsZV+YlMpbwJpn8hseHHnQSVMiTz08XkfRqDVHkwz+6lgrVPePNEVdPrbM6ipLU+S0D9P8bfiw7ap/geuEnOhGMnQZS4VqoFWwayL3KDphDkRy0E3CwCCW5pwad4l4/qdH8mZUp+8z6itwjNPdk0zkatxJZ3D5oeCabewyZG6wXDyDy7R4vWDOqOdcl64AlzOJAs4WAx3n3BB1fMNDvv8nIiIiIiIiIiIiIiIiIiIiIiIiIpo10/gfC2X3kYiIiIiIiIiIiIiIiIiIiIiIiIiIiIho1o2+/u9Sb6Um29+I1+v/BkPX/80tAGwWiuL6v0Tl+BMAAP//CpR9aw==")
open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r4, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(r3, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close-socket$inet6_mptcp-bind$inet6-listen-syz_emit_ethernet-syz_mount_image$hfs-socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0800df", 0x14, 0x6, 0x0, @rand_addr=' \x01\x00', @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10, 0x9, 0x0, 0x10}}}}}}}, 0x0)
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x1000000, &(0x7f0000000180)=ANY=[@ANYBLOB="71756965742c696f636861727365743d69736f383835392d372c63726561746f723d8761b3312c636f6465706167653d6370313235302c7569643d", @ANYRESHEX=0x0, @ANYBLOB='F\x00', @ANYRES64=0x0], 0x1, 0x2fb, &(0x7f0000000240)="$eJzs3b9u00AcB/DvnZ02pVUxbRESC6hQCZaKAgNiCUJZ2ZkQkKRShFVEWyRgIVSMiAdg5xV4CBYQLwAsTDxANqM7nx07OV9SSOImfD9SIud8f36H/91Zogci+m/drX//eOOX+gjAgwfgNiABVAEfwFmcqz7fO2wfhq2mqyJPl1AfgbikGMjT2GvZiqpyuoQRqF8+VrJpNBlRFN35UXYQVDp99VtIYNFch3p/dcpxjUt/5zrAhZJCKU3230B00cULrJYYDhERnQDm+S/NY2JFJwlICWyZx/5MP//7dcsOYLxuhgNJkbNA5vmvR3eRUMf3tN7Vm+/pKZzaL5NZ4ijBVPp+LyA+s3JjMGGfVf6MYiYWubTb9rHdeIOmxBFqRqbAhv5uxqduYki0m5a5qUNxbRXcOxX3Ro0ol/p3JyHttsPWotqwxL9+vBb/nfgsvooHIsAHNNPxnx8JdZj0kQr6jpSsqPivFde4rEupXDDT/lqtJnNZzuhGzpsWjCG9rNpnJNk6kxcEnTQCS5xHyYZuew351wpx73ZsDYhe5eu2UkH6a7CsbmsjV8ozZ8J242nofJXytzrOvUkXxXtxX2ziNz6hnhn/SxXfFjJXputWL3ROc2bE/Vmw5/R1zmDgydEL9mIagbHo7AcVON7bsnd4jFtYPXj56okXhq19tfHIsvFsZV+YlMpbwJpn8hseHHnQSVMiTz08XkfRqDVHkwz+6lgrVPePNEVdPrbM6ipLU+S0D9P8bfiw7ap/geuEnOhGMnQZS4VqoFWwayL3KDphDkRy0E3CwCCW5pwad4l4/qdH8mZUp+8z6itwjNPdk0zkatxJZ3D5oeCabewyZG6wXDyDy7R4vWDOqOdcl64AlzOJAs4WAx3n3BB1fMNDvv8nIiIiIiIiIiIiIiIiIiIiIiIiIpo10/gfC2X3kYiIiIiIiIiIiIiIiIiIiIiIiIiIiIho1o2+/u9Sb6Um29+I1+v/BkPX/80tAGwWiuL6v0Tl+BMAAP//CpR9aw==")
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r4, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(r3, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close-socket$inet6_mptcp-bind$inet6-listen-syz_emit_ethernet-socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0800df", 0x14, 0x6, 0x0, @rand_addr=' \x01\x00', @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10, 0x9, 0x0, 0x10}}}}}}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r4, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(r3, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close-socket$inet6_mptcp-bind$inet6-listen-socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r4, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(r3, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close-socket$inet6_mptcp-bind$inet6-socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(r2, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close-socket$inet6_mptcp-socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(r2, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close-socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(r2, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(r1, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(r1, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)

program did not crash
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(r1, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)

program did not crash
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, 0x0, 0x0)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(r1, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)

program did not crash
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r2, 0x8914, 0x0)
setsockopt$ax25_SO_BINDTODEVICE(r1, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)

program did not crash
testing program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(r1, 0x101, 0x19, 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=46.963048848s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
program crashed: KASAN: use-after-free Read in ax25_fillin_cb
simplifying C reproducer
testing compiled C program (duration=46.963048848s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing compiled C program (duration=46.963048848s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
program did not crash
testing compiled C program (duration=46.963048848s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing compiled C program (duration=46.963048848s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
program did not crash
testing compiled C program (duration=46.963048848s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
program did not crash
testing compiled C program (duration=46.963048848s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
program did not crash
testing compiled C program (duration=46.963048848s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing compiled C program (duration=46.963048848s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing compiled C program (duration=46.963048848s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing compiled C program (duration=46.963048848s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing compiled C program (duration=46.963048848s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing compiled C program (duration=46.963048848s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing compiled C program (duration=46.963048848s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing compiled C program (duration=46.963048848s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing compiled C program (duration=46.963048848s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing compiled C program (duration=46.963048848s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing compiled C program (duration=46.963048848s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
program crashed: KASAN: use-after-free Read in ax25_fillin_cb
testing program (duration=46.963048848s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(r1, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
validation run: crashed=true
testing program (duration=46.963048848s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(r1, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
validation run: crashed=true
testing program (duration=46.963048848s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-syz_init_net_socket$ax25-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-setsockopt$ax25_SO_BINDTODEVICE
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(r1, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc)

program crashed: KASAN: use-after-free Read in ax25_fillin_cb
validation run: crashed=true
reproducing took 1h26m2.391227518s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: use-after-free in ax25_fillin_cb_from_dev net/ax25/af_ax25.c:468 [inline]
BUG: KASAN: use-after-free in ax25_fillin_cb+0x459/0x640 net/ax25/af_ax25.c:495
Read of size 4 at addr ffff88801f735238 by task syz.0.18/4349

CPU: 1 PID: 4349 Comm: syz.0.18 Not tainted 5.15.186-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106
 print_address_description+0x60/0x2d0 mm/kasan/report.c:248
 __kasan_report mm/kasan/report.c:434 [inline]
 kasan_report+0xdf/0x130 mm/kasan/report.c:451
 ax25_fillin_cb_from_dev net/ax25/af_ax25.c:468 [inline]
 ax25_fillin_cb+0x459/0x640 net/ax25/af_ax25.c:495
 ax25_setsockopt+0x8a2/0xa40 net/ax25/af_ax25.c:690
 __sys_setsockopt+0x3d6/0x5e0 net/socket.c:2203
 __do_sys_setsockopt net/socket.c:2214 [inline]
 __se_sys_setsockopt net/socket.c:2211 [inline]
 __x64_sys_setsockopt+0xb1/0xc0 net/socket.c:2211
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fb57bc81929
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd05fabae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007fb57bea8fa0 RCX: 00007fb57bc81929
RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000006
RBP: 00007fb57bd03b39 R08: e5a01e6e238456fc R09: 0000000000000000
R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fb57bea8fa0 R14: 00007fb57bea8fa0 R15: 0000000000000005
 </TASK>

Allocated by task 4347:
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track mm/kasan/common.c:46 [inline]
 set_alloc_info mm/kasan/common.c:434 [inline]
 ____kasan_kmalloc mm/kasan/common.c:513 [inline]
 __kasan_kmalloc+0xb5/0xf0 mm/kasan/common.c:522
 kmalloc include/linux/slab.h:604 [inline]
 kzalloc include/linux/slab.h:735 [inline]
 ax25_dev_device_up+0x50/0x580 net/ax25/ax25_dev.c:55
 ax25_device_event+0x483/0x4f0 net/ax25/af_ax25.c:139
 notifier_call_chain kernel/notifier.c:83 [inline]
 raw_notifier_call_chain+0xcb/0x160 kernel/notifier.c:391
 call_netdevice_notifiers_extack net/core/dev.c:2061 [inline]
 call_netdevice_notifiers net/core/dev.c:2075 [inline]
 __dev_notify_flags+0x178/0x2d0 net/core/dev.c:-1
 dev_change_flags+0xe3/0x1a0 net/core/dev.c:8929
 dev_ifsioc+0x147/0xe70 net/core/dev_ioctl.c:324
 dev_ioctl+0x55f/0xe50 net/core/dev_ioctl.c:587
 sock_do_ioctl+0x222/0x2f0 net/socket.c:1154
 sock_ioctl+0x4ed/0x6e0 net/socket.c:1257
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0

Freed by task 4348:
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track+0x4b/0x70 mm/kasan/common.c:46
 kasan_set_free_info+0x1f/0x40 mm/kasan/generic.c:360
 ____kasan_slab_free+0xd5/0x110 mm/kasan/common.c:366
 kasan_slab_free include/linux/kasan.h:230 [inline]
 slab_free_hook mm/slub.c:1705 [inline]
 slab_free_freelist_hook+0xea/0x170 mm/slub.c:1731
 slab_free mm/slub.c:3499 [inline]
 kfree+0xef/0x2a0 mm/slub.c:4559
 ax25_dev_put include/net/ax25.h:302 [inline]
 ax25_release+0x661/0x870 net/ax25/af_ax25.c:1062
 __sock_release net/socket.c:649 [inline]
 sock_close+0xd5/0x240 net/socket.c:1336
 __fput+0x234/0x930 fs/file_table.c:311
 task_work_run+0x125/0x1a0 kernel/task_work.c:188
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop+0x10f/0x130 kernel/entry/common.c:181
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0

The buggy address belongs to the object at ffff88801f735200
 which belongs to the cache kmalloc-192 of size 192
The buggy address is located 56 bytes inside of
 192-byte region [ffff88801f735200, ffff88801f7352c0)
The buggy address belongs to the page:
page:ffffea00007dcd40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1f735
flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000200 0000000000000000 dead000000000122 ffff888016841a00
raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 3561, ts 66085198306, free_ts 65778731941
 prep_new_page mm/page_alloc.c:2426 [inline]
 get_page_from_freelist+0x1b77/0x1c60 mm/page_alloc.c:4192
 __alloc_pages+0x1e1/0x470 mm/page_alloc.c:5474
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_slab_page mm/slub.c:1777 [inline]
 allocate_slab mm/slub.c:1912 [inline]
 new_slab+0xb6/0x4b0 mm/slub.c:1975
 ___slab_alloc+0x81e/0xdf0 mm/slub.c:3008
 __slab_alloc mm/slub.c:3095 [inline]
 slab_alloc_node mm/slub.c:3186 [inline]
 __kmalloc_node+0x200/0x3b0 mm/slub.c:4451
 kmalloc_array_node include/linux/slab.h:697 [inline]
 kcalloc_node include/linux/slab.h:702 [inline]
 memcg_alloc_page_obj_cgroups+0x81/0x120 mm/memcontrol.c:2839
 account_slab_page mm/slab.h:424 [inline]
 allocate_slab mm/slub.c:1928 [inline]
 new_slab+0x100/0x4b0 mm/slub.c:1975
 ___slab_alloc+0x81e/0xdf0 mm/slub.c:3008
 __slab_alloc mm/slub.c:3095 [inline]
 slab_alloc_node mm/slub.c:3186 [inline]
 slab_alloc mm/slub.c:3228 [inline]
 kmem_cache_alloc+0x195/0x290 mm/slub.c:3233
 __d_alloc+0x2a/0x6f0 fs/dcache.c:1749
 d_alloc+0x47/0x1a0 fs/dcache.c:1828
 lookup_one_qstr_excl+0xc6/0x240 fs/namei.c:1559
 do_unlinkat+0x1ce/0x6f0 fs/namei.c:4332
 __do_sys_unlink fs/namei.c:4396 [inline]
 __se_sys_unlink fs/namei.c:4394 [inline]
 __x64_sys_unlink+0x45/0x50 fs/namei.c:4394
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1340 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x637/0x6c0 mm/page_alloc.c:3317
 free_unref_page+0x94/0x280 mm/page_alloc.c:3396
 free_slab mm/slub.c:2015 [inline]
 discard_slab mm/slub.c:2021 [inline]
 __unfreeze_partials+0x1a5/0x200 mm/slub.c:2507
 put_cpu_partial+0x12d/0x190 mm/slub.c:2587
 qlist_free_all+0x35/0x90 mm/kasan/quarantine.c:176
 kasan_quarantine_reduce+0x150/0x160 mm/kasan/quarantine.c:283
 __kasan_slab_alloc+0x2f/0xd0 mm/kasan/common.c:444
 kasan_slab_alloc include/linux/kasan.h:254 [inline]
 slab_post_alloc_hook+0x4c/0x380 mm/slab.h:519
 slab_alloc_node mm/slub.c:3220 [inline]
 kmem_cache_alloc_node+0x12d/0x2d0 mm/slub.c:3256
 __alloc_skb+0xf4/0x750 net/core/skbuff.c:415
 alloc_skb include/linux/skbuff.h:1162 [inline]
 nlmsg_new include/net/netlink.h:953 [inline]
 rtmsg_ifa+0xf9/0x1f0 net/ipv4/devinet.c:1927
 __inet_del_ifa+0x865/0x1020 net/ipv4/devinet.c:442
 inet_del_ifa net/ipv4/devinet.c:480 [inline]
 inetdev_destroy net/ipv4/devinet.c:320 [inline]
 inetdev_event+0x5d3/0x1360 net/ipv4/devinet.c:1612
 notifier_call_chain kernel/notifier.c:83 [inline]
 raw_notifier_call_chain+0xcb/0x160 kernel/notifier.c:391
 call_netdevice_notifiers_extack net/core/dev.c:2061 [inline]
 call_netdevice_notifiers net/core/dev.c:2075 [inline]
 unregister_netdevice_many+0xf57/0x18f0 net/core/dev.c:11134
 default_device_exit_batch+0x336/0x390 net/core/dev.c:11667

Memory state around the buggy address:
 ffff88801f735100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff88801f735180: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
>ffff88801f735200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                        ^
 ffff88801f735280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
 ffff88801f735300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: use-after-free in ax25_fillin_cb_from_dev net/ax25/af_ax25.c:468 [inline]
BUG: KASAN: use-after-free in ax25_fillin_cb+0x459/0x640 net/ax25/af_ax25.c:495
Read of size 4 at addr ffff88801f735238 by task syz.0.18/4349

CPU: 1 PID: 4349 Comm: syz.0.18 Not tainted 5.15.186-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106
 print_address_description+0x60/0x2d0 mm/kasan/report.c:248
 __kasan_report mm/kasan/report.c:434 [inline]
 kasan_report+0xdf/0x130 mm/kasan/report.c:451
 ax25_fillin_cb_from_dev net/ax25/af_ax25.c:468 [inline]
 ax25_fillin_cb+0x459/0x640 net/ax25/af_ax25.c:495
 ax25_setsockopt+0x8a2/0xa40 net/ax25/af_ax25.c:690
 __sys_setsockopt+0x3d6/0x5e0 net/socket.c:2203
 __do_sys_setsockopt net/socket.c:2214 [inline]
 __se_sys_setsockopt net/socket.c:2211 [inline]
 __x64_sys_setsockopt+0xb1/0xc0 net/socket.c:2211
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fb57bc81929
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd05fabae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007fb57bea8fa0 RCX: 00007fb57bc81929
RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000006
RBP: 00007fb57bd03b39 R08: e5a01e6e238456fc R09: 0000000000000000
R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fb57bea8fa0 R14: 00007fb57bea8fa0 R15: 0000000000000005
 </TASK>

Allocated by task 4347:
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track mm/kasan/common.c:46 [inline]
 set_alloc_info mm/kasan/common.c:434 [inline]
 ____kasan_kmalloc mm/kasan/common.c:513 [inline]
 __kasan_kmalloc+0xb5/0xf0 mm/kasan/common.c:522
 kmalloc include/linux/slab.h:604 [inline]
 kzalloc include/linux/slab.h:735 [inline]
 ax25_dev_device_up+0x50/0x580 net/ax25/ax25_dev.c:55
 ax25_device_event+0x483/0x4f0 net/ax25/af_ax25.c:139
 notifier_call_chain kernel/notifier.c:83 [inline]
 raw_notifier_call_chain+0xcb/0x160 kernel/notifier.c:391
 call_netdevice_notifiers_extack net/core/dev.c:2061 [inline]
 call_netdevice_notifiers net/core/dev.c:2075 [inline]
 __dev_notify_flags+0x178/0x2d0 net/core/dev.c:-1
 dev_change_flags+0xe3/0x1a0 net/core/dev.c:8929
 dev_ifsioc+0x147/0xe70 net/core/dev_ioctl.c:324
 dev_ioctl+0x55f/0xe50 net/core/dev_ioctl.c:587
 sock_do_ioctl+0x222/0x2f0 net/socket.c:1154
 sock_ioctl+0x4ed/0x6e0 net/socket.c:1257
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0

Freed by task 4348:
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track+0x4b/0x70 mm/kasan/common.c:46
 kasan_set_free_info+0x1f/0x40 mm/kasan/generic.c:360
 ____kasan_slab_free+0xd5/0x110 mm/kasan/common.c:366
 kasan_slab_free include/linux/kasan.h:230 [inline]
 slab_free_hook mm/slub.c:1705 [inline]
 slab_free_freelist_hook+0xea/0x170 mm/slub.c:1731
 slab_free mm/slub.c:3499 [inline]
 kfree+0xef/0x2a0 mm/slub.c:4559
 ax25_dev_put include/net/ax25.h:302 [inline]
 ax25_release+0x661/0x870 net/ax25/af_ax25.c:1062
 __sock_release net/socket.c:649 [inline]
 sock_close+0xd5/0x240 net/socket.c:1336
 __fput+0x234/0x930 fs/file_table.c:311
 task_work_run+0x125/0x1a0 kernel/task_work.c:188
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop+0x10f/0x130 kernel/entry/common.c:181
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0

The buggy address belongs to the object at ffff88801f735200
 which belongs to the cache kmalloc-192 of size 192
The buggy address is located 56 bytes inside of
 192-byte region [ffff88801f735200, ffff88801f7352c0)
The buggy address belongs to the page:
page:ffffea00007dcd40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1f735
flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000200 0000000000000000 dead000000000122 ffff888016841a00
raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 3561, ts 66085198306, free_ts 65778731941
 prep_new_page mm/page_alloc.c:2426 [inline]
 get_page_from_freelist+0x1b77/0x1c60 mm/page_alloc.c:4192
 __alloc_pages+0x1e1/0x470 mm/page_alloc.c:5474
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_slab_page mm/slub.c:1777 [inline]
 allocate_slab mm/slub.c:1912 [inline]
 new_slab+0xb6/0x4b0 mm/slub.c:1975
 ___slab_alloc+0x81e/0xdf0 mm/slub.c:3008
 __slab_alloc mm/slub.c:3095 [inline]
 slab_alloc_node mm/slub.c:3186 [inline]
 __kmalloc_node+0x200/0x3b0 mm/slub.c:4451
 kmalloc_array_node include/linux/slab.h:697 [inline]
 kcalloc_node include/linux/slab.h:702 [inline]
 memcg_alloc_page_obj_cgroups+0x81/0x120 mm/memcontrol.c:2839
 account_slab_page mm/slab.h:424 [inline]
 allocate_slab mm/slub.c:1928 [inline]
 new_slab+0x100/0x4b0 mm/slub.c:1975
 ___slab_alloc+0x81e/0xdf0 mm/slub.c:3008
 __slab_alloc mm/slub.c:3095 [inline]
 slab_alloc_node mm/slub.c:3186 [inline]
 slab_alloc mm/slub.c:3228 [inline]
 kmem_cache_alloc+0x195/0x290 mm/slub.c:3233
 __d_alloc+0x2a/0x6f0 fs/dcache.c:1749
 d_alloc+0x47/0x1a0 fs/dcache.c:1828
 lookup_one_qstr_excl+0xc6/0x240 fs/namei.c:1559
 do_unlinkat+0x1ce/0x6f0 fs/namei.c:4332
 __do_sys_unlink fs/namei.c:4396 [inline]
 __se_sys_unlink fs/namei.c:4394 [inline]
 __x64_sys_unlink+0x45/0x50 fs/namei.c:4394
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1340 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x637/0x6c0 mm/page_alloc.c:3317
 free_unref_page+0x94/0x280 mm/page_alloc.c:3396
 free_slab mm/slub.c:2015 [inline]
 discard_slab mm/slub.c:2021 [inline]
 __unfreeze_partials+0x1a5/0x200 mm/slub.c:2507
 put_cpu_partial+0x12d/0x190 mm/slub.c:2587
 qlist_free_all+0x35/0x90 mm/kasan/quarantine.c:176
 kasan_quarantine_reduce+0x150/0x160 mm/kasan/quarantine.c:283
 __kasan_slab_alloc+0x2f/0xd0 mm/kasan/common.c:444
 kasan_slab_alloc include/linux/kasan.h:254 [inline]
 slab_post_alloc_hook+0x4c/0x380 mm/slab.h:519
 slab_alloc_node mm/slub.c:3220 [inline]
 kmem_cache_alloc_node+0x12d/0x2d0 mm/slub.c:3256
 __alloc_skb+0xf4/0x750 net/core/skbuff.c:415
 alloc_skb include/linux/skbuff.h:1162 [inline]
 nlmsg_new include/net/netlink.h:953 [inline]
 rtmsg_ifa+0xf9/0x1f0 net/ipv4/devinet.c:1927
 __inet_del_ifa+0x865/0x1020 net/ipv4/devinet.c:442
 inet_del_ifa net/ipv4/devinet.c:480 [inline]
 inetdev_destroy net/ipv4/devinet.c:320 [inline]
 inetdev_event+0x5d3/0x1360 net/ipv4/devinet.c:1612
 notifier_call_chain kernel/notifier.c:83 [inline]
 raw_notifier_call_chain+0xcb/0x160 kernel/notifier.c:391
 call_netdevice_notifiers_extack net/core/dev.c:2061 [inline]
 call_netdevice_notifiers net/core/dev.c:2075 [inline]
 unregister_netdevice_many+0xf57/0x18f0 net/core/dev.c:11134
 default_device_exit_batch+0x336/0x390 net/core/dev.c:11667

Memory state around the buggy address:
 ffff88801f735100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff88801f735180: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
>ffff88801f735200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                        ^
 ffff88801f735280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
 ffff88801f735300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================