Extracting prog: 1h52m2.044777144s
Minimizing prog: 45m37.652407965s
Simplifying prog options: 6m23.023053026s
Extracting C: 2m45.886002538s
Simplifying C: 0s


extracting reproducer from 24 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$tun-ioctl$TUNSETIFF-syz_open_procfs-socketpair$unix-ioctl$sock_SIOCGIFINDEX-fanotify_init-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$rose-ioctl$sock_netdev_private-openat$ptmx-ioctl$TCSETSF-ioctl$TIOCPKT-ioctl$TCSETS-ioctl$sock_rose_SIOCADDRT-socket-socket$inet_sctp-socket$inet6_mptcp-bind$inet6-getsockopt$inet_sctp_SCTP_MAX_BURST-syz_init_net_socket$rose-connect$rose-connect$rose
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_netdev_private(r1, 0x89f8, &(0x7f0000000140)="4e6a106d0103a9f1ef1bd2d08e33610b226f5a0237ccfb2d91866182b2d688a219bbe96e170c9db53b8cc13c6384db08336648be95a44ac11e312d83ea0042064d1246575e3c53038fc7c3f1ed5ba5db77b86b")
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200880, 0x0)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x9, 0x3ff, 0xfffffffb, 0x8001, 0x1a, "08400000c38eaad6a4540ad9455fb5031af800"})
ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000100)=0x9)
ioctl$TCSETS(r5, 0x5402, &(0x7f0000000480)={0x408, 0x3, 0x0, 0xfffc, 0x1a, "4415264a100046001113fb235902af2556c6b6"})
ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
socket(0x2, 0x80805, 0x0)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r7, &(0x7f0000000200)={0xa, 0x4e23, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}, 0x1c)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xc, &(0x7f0000000240)=@assoc_value, &(0x7f0000000080)=0x8)
r8 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r8, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
connect$rose(r8, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40)

program did not crash
single: failed to extract reproducer
bisect: bisecting 24 programs with base timeout 30s
testing program (duration=36s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 20, 4, 6, 15, 25, 3, 24, 24, 24, 2, 26, 20, 9, 2, 10, 18, 26, 14, 24, 24, 19, 22, 3]
detailed listing:
executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f00000000c0)=ANY=[@ANYBLOB])
executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x81, 0x7f, 0x1, 0xffffffffffffffff, 0x80000000}, 0x50)
sync()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
preadv(r0, &(0x7f0000000200)=[{&(0x7f0000000040)=""/175, 0xaf}], 0x1, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000240))
futex(&(0x7f000000cffc), 0x5, 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000000)={0x7, <r2=>0xffffffffffffffff})
ioctl$KDSKBMODE(r2, 0x4b45, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x129080, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0)
ioctl$SNDCTL_TMR_TIMEBASE(r4, 0xc0045401, &(0x7f0000000080)=0xf5)
ioctl$KVM_SET_IRQCHIP(r3, 0x4020aeb2, &(0x7f0000000300)={0x0, 0x12c, @ioapic={0xffff1000, 0x8000, 0x2, 0x80000001, 0x0, [{0x1, 0x85, 0x1, '\x00', 0x4}, {0x5, 0x3, 0x0, '\x00', 0x6}, {0x7, 0x3, 0xe, '\x00', 0x3b}, {0x4e, 0xe, 0xd6, '\x00', 0x86}, {0xc, 0xb, 0x6, '\x00', 0x4}, {0xf, 0x8, 0xf5, '\x00', 0x3}, {0x2, 0xa, 0x50, '\x00', 0x6}, {0x88, 0x3, 0x2a, '\x00', 0x80}, {0x4, 0x0, 0xa, '\x00', 0x1}, {0x8, 0x9, 0x3, '\x00', 0x8}, {0x3, 0x6, 0x3, '\x00', 0x6}, {0x2, 0x9, 0x0, '\x00', 0x7f}, {0x14, 0x51, 0xa, '\x00', 0xfc}, {0xe, 0xfc, 0x5, '\x00', 0x1}, {0x9, 0x2, 0x6, '\x00', 0x9}, {0x1, 0x3, 0xfe, '\x00', 0x3}, {0x2, 0xb, 0xd6, '\x00', 0x7f}, {0x7, 0x15, 0xca, '\x00', 0x6}, {0x0, 0x1, 0x4, '\x00', 0x13}, {0x4, 0x0, 0x40, '\x00', 0xda}, {0x3, 0x3, 0x6, '\x00', 0x9}, {0x9, 0x3, 0x1, '\x00', 0x2}, {0xf9, 0x1, 0x4, '\x00', 0x8}, {0x7, 0xc, 0x0, '\x00', 0x6}]}})
ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000040))
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f00000000c0)=ANY=[@ANYBLOB])
executing program 1:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r2, {0x0, 0x1}, {}, {0x8, 0x6}}, [@filter_kind_options=@f_flow={{0x9}, {0xc, 0x2, [@TCA_FLOW_BASECLASS={0x8, 0x3, {0x0, 0xfff2}}]}}]}, 0x3c}}, 0x0)
executing program 2:
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = fsopen(0x0, 0x1)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000058000000030a0102000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073"], 0x122}}, 0x0)
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0xb, @empty}, 0x1c)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
read(r3, 0x0, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="000200000000000007"], 0x20)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x39}}}, 0x1c)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0xfffffffffffffd00)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
executing program 1:
r0 = socket$kcm(0x10, 0x2, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
syz_emit_vhci(0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r4}, 0x18)
r7 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
ioctl$VIDIOC_S_FMT(r7, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x200, 0x7c2, 0x41414770, 0x58595556, 0x425, 0x10001, 0x6, 0x2, 0x1, 0x3, 0x0, 0x6}})
add_key(&(0x7f0000000040)='dns_resolver\x00', &(0x7f0000000400)={'syz', 0x3}, &(0x7f0000000080)="000001020200", 0x6, 0xfffffffffffffffb)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x12, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0)
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000100050005000700000000000800090000003f0014002000ff"], 0x5c}, 0x1, 0x6c}, 0x0)
executing program 2:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_netdev_private(r1, 0x89f8, &(0x7f0000000140)="4e6a106d0103a9f1ef1bd2d08e33610b226f5a0237ccfb2d91866182b2d688a219bbe96e170c9db53b8cc13c6384db08336648be95a44ac11e312d83ea0042064d1246575e3c53038fc7c3f1ed5ba5db77b86b")
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200880, 0x0)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x9, 0x3ff, 0xfffffffb, 0x8001, 0x1a, "08400000c38eaad6a4540ad9455fb5031af800"})
ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000100)=0x9)
ioctl$TCSETS(r5, 0x5402, &(0x7f0000000480)={0x408, 0x3, 0x0, 0xfffc, 0x1a, "4415264a100046001113fb235902af2556c6b6"})
ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r6 = socket(0x2, 0x80805, 0x0)
r7 = socket$inet_sctp(0x2, 0x5, 0x84)
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r8, &(0x7f0000000200)={0xa, 0x4e23, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}, 0x1c)
getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={<r9=>0x0}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000100)={r9, 0x7fff}, 0xc)
connect$rose(0xffffffffffffffff, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
connect$rose(0xffffffffffffffff, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40)
executing program 3:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
sendto$inet6(r3, &(0x7f0000000080)="b1", 0x1, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
sendto$inet6(r3, &(0x7f0000000180)="e2b82dbb186a643303afda978ae5bfc8908f0ddcfab0927d489bf92155c0f483bc991750b32f7ceee6938aeb1f1a510b1728f6d589d55ca31a1f0c2118f305a9feb7325d35b52041d7416384238426592831dff4a36529d07618ee481843f11a407f67834555695eda8993098fd39990c6573680dd7186a23143864d9a6030600b2a0529aa2b", 0x86, 0x4000, 0x0, 0x0)
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0), 0x40880, 0x0)
ioctl$SOUND_MIXER_READ_RECSRC(r4, 0x80044dff, &(0x7f0000000200))
executing program 0:
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x803, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r0, 0x4040aea0, &(0x7f0000000280)=@arm64={0x5, 0x6, 0x2, '\x00', 0x1})
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r1 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_MCE_KILL(0x21, 0x1, 0x2)
r3 = socket(0x10, 0x3, 0x0)
write(r3, &(0x7f0000000080)="140000001a004f7fb3e45f2024d2f1c9fb470000", 0x14)
recvmmsg(r3, &(0x7f0000005c80), 0x1b, 0x10122, 0x0)
r4 = syz_open_pts(0xffffffffffffffff, 0x0)
dup(r4)
ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r1, 0x50009418, &(0x7f0000000e00)={{r2}, 0x0, 0xe, @inherit={0x70, &(0x7f00000003c0)={0x1, 0x5, 0x6, 0xfff, {0x0, 0x0, 0x8, 0xe, 0x7fffffffffffffff}, [0x2, 0x199, 0xffff, 0x6, 0x7]}}, @subvolid=0xf6dc})
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x78)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000840), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r5, 0x40047438, 0x0)
ioctl$IOMMU_GET_HW_INFO(0xffffffffffffffff, 0x3b8a, &(0x7f00000000c0)={0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f})
ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(0xffffffffffffffff, 0x3b87, &(0x7f0000000000)={0x18, 0x0, 0x0, 0x0, 0x0, 0x3})
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000001000)={&(0x7f0000000a40)=@newtaction={0x14, 0x30, 0x216822a75a8bdd29, 0xffe4}, 0x14}}, 0x0)
executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x8b}, 0x0)
getrlimit(0xe, &(0x7f00000000c0))
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, 0x0, 0x0)
close(0xffffffffffffffff)
ioctl$DRM_IOCTL_MODE_SETCRTC(0xffffffffffffffff, 0xc06864a2, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "65366a50432b7ee2c7feddd91df868e7cfc6fa7272f3bf0a71b5d0c19323a260"}})
syz_open_dev$tty1(0xc, 0x4, 0x1)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
statx(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0xf0cb2f4a0c2cfc5d, 0x0)
read$FUSE(r4, &(0x7f0000006380)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f0000001200)={0x50, 0x0, r5, {0x7, 0x2b, 0x3, 0x61c3c08, 0x0, 0x1, 0x0, 0x6, 0x0, 0x0, 0x2}}, 0x50)
read$FUSE(r4, &(0x7f0000004340)={0x2020, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r4, &(0x7f0000000480)={0x10, 0xffffffffffffffda, r6}, 0x10)
bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x81, 0x7f, 0x1, 0xffffffffffffffff, 0x80000000}, 0x50)
sync()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
preadv(r0, &(0x7f0000000200)=[{&(0x7f0000000040)=""/175, 0xaf}], 0x1, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000240))
futex(&(0x7f000000cffc), 0x5, 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000000)={0x7, <r2=>0xffffffffffffffff})
ioctl$KDSKBMODE(r2, 0x4b45, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x129080, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0)
ioctl$SNDCTL_TMR_TIMEBASE(r4, 0xc0045401, &(0x7f0000000080)=0xf5)
ioctl$KVM_SET_IRQCHIP(r3, 0x4020aeb2, &(0x7f0000000300)={0x0, 0x12c, @ioapic={0xffff1000, 0x8000, 0x2, 0x80000001, 0x0, [{0x1, 0x85, 0x1, '\x00', 0x4}, {0x5, 0x3, 0x0, '\x00', 0x6}, {0x7, 0x3, 0xe, '\x00', 0x3b}, {0x4e, 0xe, 0xd6, '\x00', 0x86}, {0xc, 0xb, 0x6, '\x00', 0x4}, {0xf, 0x8, 0xf5, '\x00', 0x3}, {0x2, 0xa, 0x50, '\x00', 0x6}, {0x88, 0x3, 0x2a, '\x00', 0x80}, {0x4, 0x0, 0xa, '\x00', 0x1}, {0x8, 0x9, 0x3, '\x00', 0x8}, {0x3, 0x6, 0x3, '\x00', 0x6}, {0x2, 0x9, 0x0, '\x00', 0x7f}, {0x14, 0x51, 0xa, '\x00', 0xfc}, {0xe, 0xfc, 0x5, '\x00', 0x1}, {0x9, 0x2, 0x6, '\x00', 0x9}, {0x1, 0x3, 0xfe, '\x00', 0x3}, {0x2, 0xb, 0xd6, '\x00', 0x7f}, {0x7, 0x15, 0xca, '\x00', 0x6}, {0x0, 0x1, 0x4, '\x00', 0x13}, {0x4, 0x0, 0x40, '\x00', 0xda}, {0x3, 0x3, 0x6, '\x00', 0x9}, {0x9, 0x3, 0x1, '\x00', 0x2}, {0xf9, 0x1, 0x4, '\x00', 0x8}, {0x7, 0xc, 0x0, '\x00', 0x6}]}})
ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000040))
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
executing program 0:
accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x80800)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
syz_init_net_socket$ax25(0x3, 0x2, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x1, 'syz1\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1, 0x0, [@null, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000))
executing program 2:
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x200013, 0x0)
quotactl$Q_SETINFO(0xffffffff80000602, &(0x7f0000000000)=@nullb, 0x0, 0x0)
executing program 0:
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
epoll_create1(0x0)
ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, 0x0)
userfaultfd(0x801)
r1 = syz_io_uring_setup(0x27f0, &(0x7f0000000340)={0x0, 0x400000, 0x10100, 0x400001, 0x28c}, &(0x7f0000000080), &(0x7f0000000000)=<r2=>0x0)
syz_io_uring_setup(0x1868, &(0x7f00000003c0)={0x0, 0xd762, 0x100, 0x0, 0x134, 0x0, r1}, &(0x7f00000002c0)=<r3=>0x0, &(0x7f0000000180))
syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r1, 0x8184c, 0x0, 0x9, 0x0, 0x0)
executing program 1:
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
semget$private(0x0, 0x4000, 0x0)
semget$private(0x0, 0x4000, 0x0)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, 0x0, 0x0, r0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
getsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f00000000c0)='cpu.stat\x00', 0x275a, 0x0)
preadv(r2, &(0x7f0000000100), 0xa, 0x700, 0x0)
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
madvise(&(0x7f0000ff3000/0xb000)=nil, 0xb000, 0x2)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = socket$kcm(0x23, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89ee, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ptrace(0x10, 0x0)
ptrace(0x4207, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdir(&(0x7f00000000c0)='./control\x00', 0x0)
chmod(&(0x7f0000000940)='./control\x00', 0x9c32f69e6caa24ef)
lchown(0x0, 0x0, 0xee00)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x854}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001d40)={&(0x7f0000000040)=@proc={0x10, 0x0, 0x25dfdbfd, 0x40}, 0xc, &(0x7f0000001b80)=[{&(0x7f00000003c0)=ANY=[@ANYRESHEX=r4], 0x14}, {0x0}, {0x0}, {&(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRESOCT=0x0, @ANYRES16=<r5=>0xffffffffffffffff, @ANYRES8=<r6=>0xffffffffffffffff, @ANYRESOCT=0x0, @ANYRES8], 0x24}], 0x4, &(0x7f0000000400)=ANY=[], 0x50, 0x24040094}, 0x80)
r7 = getegid()
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000580)=ANY=[@ANYRESOCT=r5, @ANYRESOCT, @ANYBLOB="020002", @ANYRESOCT=r7, @ANYRES32, @ANYRESHEX, @ANYRES64, @ANYRES8, @ANYRES8=r5, @ANYRES64, @ANYRESOCT, @ANYRESOCT=r6, @ANYRES32=r6, @ANYRES16, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="080006", @ANYRESOCT, @ANYRES16, @ANYRES32=r7, @ANYRES8=0x0, @ANYRES32=r7, @ANYBLOB="10000400000000002000000000000000"], 0x94, 0x1)
fchownat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0, r7, 0x800)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000004640)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000980)="4eae9cc396dbd299fda33cd87b36a1b52d52568f38332dcbd9ab3b4dffbbc5cbfe27bbaee211eb4f9d858a9eb136ea626fed7eeeca002555d922215858bb10b946217748694e44c9b6dc2df3e8ac76799da3ae177d95bbdcf176e9e4e99e82e8b002ba87d93e5837e5524878b8ca20a0b1af1fb3c5127e38f9c1ca2a1db33722d3d906d7e1d47734ce6f134b34acf395272cffc29550ff1b30d546be8bb76349984bab0cc173df6e5b30e42b2c18ed489d692c3c0db2b33f8f98904547d5c8f4889cce9adb9b9acf4468be8e74cc5843a3dcfdb14d89874ded83e06e552bce93c675c3e36e10ede22ebd396e28829457dc12bc238c36ecbb123370dd9608fda6e8e29458eeee03e5ae28ed3f941ce4f618f3e38ec69689578acb244eb5e5ad14a2b78785c4bbe67b0a58a3f68dad544ebbc86a0f61a56e7e8e87ce3eaff0f69f5be7f66aeec92235db59976650b8da41bbb2200c5482e17c237922347b02f2e5124324764267c9e934ac4d5985291f364287676f74aeb52b25b2944df64f1ba988b80365b00e2a39be0804a4743c51633771736ac85e71e2488b700abcad4f6b5e762cd54780a9f8c564ec60edb1e3a0125c8acf5ddf496efe947004aaedd31058c0207c1d8620333222c90c15a620e1c53061859e9588f96170d132fbcb35e8d79618039fbad358cb72c05b2181b366611a0d3db665f6e5cca0cf329157edfae356b154b9f3cec298f3dbfd80c6904a33b804646a2a4bd112c83da07eb40c71120fc1ac9132934eb6e22e7ece3f14946f5f79850b47c1883c8266443c55d2e6d50216865103ee1fec931355a65592f4c0c3c565b196ecf12b4cc8904c249429f05875b6e8271cdf205f529d6b1cb8203869d25caa6f33a39570fa4d154bf41e5efd3649805ffe52b1af514683e1b28a9607a6cd65d663035ce0615d5f85f69884aebadcb90c2728bf757f59b73227ed0f0c8ea96a025d9a6faf49d5fe6f9a93a2cde4640eb5172fc0470c28cecb8e85c07774e58f9cbe19f5fc4de6c04dc9f4bbcc07425916ca576874bc05dfef605d15d659ae549fd6032e11314c1284ca4bb20d26cfb095d45115b1cbfb4b7ea08b641092be076d335d5b293922d348ba19e70253df0004fa8f39d157b26dd6f7af4e10c00e35187f81d1975184aa9cd2da093343e895f829f04576f18fc7d0adaff99126a3bc3ebf01535d71a95ea4fc7ad6541cb354b47b9a1a198b5dad311bac1cd4e63c4d727ea7aa44ad078318315ad7bfef961890ea3efc386787fa6999b0e6c90d98efefde8dda7fee00367a800d728d729496880b3f5cf446b1163ac7b14aa4bb0f5f9a894aa1e1aafa5ca91839303383d01134ec9147bd08cefe1ea6dd1b0a3d5813c3e13ce255940277e974173dc3dc24f4b9d67c21faa0c12311b000652e36cfa0caf912e3d97f79b22f5bbfd341aba02efd989b681a721efef624dda83cdd83affa04d2e585b576e91f8ff84c858db04527a0658024354fc9f32a80494887f27589fe5b000a04537da2bfcf46661360c908714bf392f372055d0234f51671f94e8cddf59015a882e6b4cb9105aae6e0978a0158f52e5bf270eeef2f33dab986dea0858d6357b90a11b9a22dbcdd80776fe1c03589d8c37b4797ada0ba5145fadeda1927c0627da3ddcd4f6fb3fd4f5e9bde0fca21eed59456c96e40d137f2232b8279378c258593d6aa63b709c05ba4367b7aa9a9f37f151714ca50a303902d4044d78102410a1d19f33c05da5154beb8121692ec339c18e429740b1fe49042fb58bd325c8357004619aa34af200befdcc7f2b888623236acd91c6acc61eb16a28b98074ab2f0708e998ac7ab8ca1eb39c629c41af1ae844178a44f70c06a1d4c03409661cd0bf59c93e8e64c518be0083fe066d0bd0fe342deffd4a59f1468009f0c9f5c25de06f7d0a8b4421be6228f22ddf2a75c11f300863f2fa19769ed4dcae85c812e512e3b2b07d63287b9b98bd82fbf5fba0927e00969f03e7decb68fee6291cddb5c6d181a72b6d4fe39dbf207ca5f9db1f144738a7c4801daa00c9d5bdf62289298333952444595edeb46d8a61d9350188332c4f1577f8bf0fca916b52224ee57fb022e486fa10f929aa8be2a82d3ba69c80486b3a423cee8e943ad969ff011da34d2926437e798917827cb07981a27a3346d3a0ecbf4d96b2f6a8a6511949a325c8fe0c4134d9d4f32fc4a8f1ddfc45381ef8e3576a5d1e8e5b4af1a030c1aaef4266db690e2124de55fd7227f6290028e2e074c944d1483202bab0151c3404f36c2139d9dd316513f4265983a75bace43ddfc1cae50f11f9f951c93f5c2785cd3fa12907f8cb42f48ae14ee306881b77d1b2265ab511fb9792e42893430c9630d87caa0d8af5652ddb5bf00395623c04e62ca1b4e67cd45f88867d0fd5a744533d8f93e1b82f2e7ba37969eb3d491838408222882781f4e74cae65e3480ea0a2294ec661f145d0c676c8ad6eaacfcb2d3439adbe92af3558d7882d8514335370ca6d2d52357201e478521bc61c0dfe66f8a9c01a5091f8ab5a3aa443e2440ac360b189ec5d5b4340f65e6050fbb88194774a3aa14b6502d7d724022101f21ce709be2cb3a51f726a69dc6c6adf03fb6c7d850e2c1afc6a390e0b79555dce5e703d548b181436e2072fdf39eb9d9257286e29c2f0769340168e2cdfe9f8527aa3fd27686e359dc930bd95c46580fb427e01473b7e0f04c1f4d94b1548591358cad1aae0a4cf7a2aa9a816d23f004edd9475065c9757e4f6bbadd54cba0967b02c6453373d09183b36787aa44c2a4b78539345e396ebd1a5bd408027efa3503e2b1c0332affb4ffd908ffa2161d933af431039e56575e9149c2f75aed68b788591feb5d0d91bd282d30807f4c37eef4277c80304f1e2431c02ae4e0011e8953771aa8dce1463af60ad18e4ac7d88e3cc3dffafd6f1d51c5b1dd251a0829fe12841c75bc134c2449ead63c9cc3f5cb89ead3f74e86ee0939e06a533466b6beca73895a3d88c959413fcb5ce74fb07c7f1a553de413a65aae9d8afd630532530c820266a7af7da5b967fdb272ebdd64d8a899ce07ed2bb541c147bbf45f5272bea84e4ecb0399f23e317f24b731b71594c4bbb5664258607ac3d54582bfe73054239b5aee029c8bd08fad1f768e415a65bfe0c261e1c3c1b02349841aa0073b018b804cc5dec523ed620ae9f732e67cec81fdd426df7b1e6e78084a88d746e7f7487bfba37706adb06ffe81f894448b77d6bcea06ac755f0220b598507da7ab3428ff75be4cd1100becf8c08294d5af0cd87f3cd15f5966886bd4b8ec7e48c3995e58cb611d837b5d2c1d68fc05b526b0e5c7b751a53d3f79d6625814ee062b029690a6cd72de0e2780668b10952796a53afe255be291e8e4f7e376a02674f029b5266ddca9e85a8fbd03700273c0bb6d53f7a511bb66cdd336d93ed4820aff3348437b99423e22dbe75f0e81a14f922885819f318cb36096cf1136b90d0d9cfd979a0367e886c681edc0c9e33b990da3da063789f66cd18d38727b1e16146804a4915748453aa055bbfda5ca73afbb62e2a0f304a5ce11433af6bb3e7cc41c089a9bacde72d61dc808f9766e78db34c03e99e1c519f555196a4d534d982bbf8e3e1cef5dd63df9126aa860dc13225f316e5d5eae2d09eb6ce0f5fa3f7dc9d992be98b367d013583f906a77cf0a1283b7cb61f722b87b15c41f24785564bd3d7fd0d024c4e263656daa56e2a54bddfa537e16c1f5eb9610ce5164478c2f1f7a0dbfe3da07a11c88f3b6852d3d79b4b0b408b023ddf9faad0c6de31e792c71d33f8ac9b3b95de0b0b7aa737601ca4e94e907409202874b7703453b937438601a06b1dfbe27fbe6f49f612bf98669898db652d57e170d4234640beb24ce168fa590a541aee7069b25398aeae466fc7aec119e72994474fb7c629c77f1041ce56d64b1316bf79e980d43c25eaeedf59258e0c44f02ee37d351e19d4d7b3656a82f585b9887e362a5c5e4c68ac3e28ef3907f6e007ed12198ed1c5ceec300e44e23eab1ba223c7350f74e76caec2d26f9b55a9092be92e2ee81d148dbf24e16f109cc33c7056e28662b84c3a01c0d9aef35143cbad7d0394165862242a75f4cf7122352f4d50dc7fba2fcc712e7db62df2c538dfcb43a6007a4f3c86e72ac863c4e0e0dd41141617458da29d5df232e5222b807411a59f69d59871a02876507f6502a79ad0d04e19573f869d14c299bce055404d73ba1b9e4caeb82d7cc1ffb5ab343dcc0b1280068d2f2677cee978fd1fdf9874b526a4ed46f5b12c9bf6771fbae35551a0cdb8396d664c2abf89354af0df3e65062f8aafe2edc54f918bbfa928fef7ac7b7eb74fe543ea16731b7cf634b0a5f93227d4f3432fd5642a8d9f6f7f73510c549c30cc1eda91a01b936b0a0b1068aa5bfc70b85933145320869f1430250f63c71306900b78acabe4a6b2a4ab14765148c1e647d7f95d116edb538597e73302c17ae0e3254d02e831fba81ac288081b0a20217b36883f1c25265a43b71eaeb4063854db947355e403e7cbf09f4197004f6c9bc763977ffa22b43e06cd2f2892b06fdbc5c0b04defca8d3420249cf413ba3f89bf164c45cb15e7b4816dbc438dfdeddbd42d78070b01545d4ab0fbbf3009dab23ae743fd586f51a08621187c33b04b04afe8c19ce89ca8ab505e4b575e71c9326fa9a1c9f552030f36fb5bfd3a5775dde9f9d90074e8081458848e2c5f9dfc42ea9625f29c536474675f4f14b0d7b2819756dbde83ba9a454e20895a8a90abdbe88248a200b06d61b1e056237f59c5d6018c8558ff31ffefb4923c69ff92ba903bae155d845f4a0135aa30de0edf8efc42962461f95f97ba8c9d8ec74aefd3847fb4fb0bff1830309a596d93ba3ed16520e01de4ddeef795f5a96027daad34574cf8a8f10508f546ec8d528e075731e2fe8fafd181cafc53315800eac61fc3f3f22e22e46855cf5cb54259cc316486af43eed2cd7448cc05a756968c0ec193fe46236a0efe35d9c8222ba1c900442fe207b899e15b5a9246c2a1b18c9de94fa4ea485a61c56eed18106305e6282ecfd299af203eeeb7fbcfef9c3b9960e463141a98a2068d36d7bdcf8cb25a27621df2d009bcadc175dc519446f7b3c9e77c9fd89d08086a8a21a9f03175db0b4858d5495ece636199f5b852811ebb39aed475b8ef51d4fa7ae1a908b399e8e56e4a0a757f883bc09fdc4045f6402a1026b4823f627b988c76fef73a0ffe9b2bd7209fa35a569b2782733a4bbab217ffa6bf89be63f46115647e0bc61aa8d3eefda3c462b59544e5abbba9f20103b3d6d94d79cae7ecc1306d1e71fb189b13bc40f0a7294f210b1663fdea1f3d5a64d6618601d5cc1dfee2aa930fccc6055a9237266f92c9794e12e601ca5763b2a2186ceff7559f2884041f88a913f1ca444cfdc505659a863a3c42a30d3cad57199057b88ee8e5e4fb44d67c8d2dabdfc9875eb0373192afbd17e194226ebb4be263f22448ea23f7150d23265282bcb33b6404ec2c889a39f095033582084b88c45cc48ac88eeb28c3c564993ca3ae8e5902bf7cce6f91ffc6bcf29f3a2d96dff986e1b12490ab72249f2514339f851b00f1c2b85bd91b410f4316cc4d17b36a793bd7b31921ec0c675b84e4251a91de3161b57cb11643ccf393054432ae0284a866a98def62880329a42fbcf14422df029355c5801fef59e620c827ab1f89efd6038fc5606c244b1013469488438cd104a3a7c6b6f1f3b", 0x1000}, {&(0x7f00000002c0)="a3098a93ceddff7c69e63683bca8e47083cfe47b9f1c9f95a5fde770570ba4ef072ca0114ec905410f1b733887efe900b9f585f9679988e2706fc6dcba3694410ec13d3c427ee8b1b5d065a9ba1adf2e1a9b64e00844c3683e42bf17405527faf69e90434395114b3b9d664e30bff6f822b45e51e21b0f31ca71467bf1a177bb13488c8ef37ef4d65c3975711a88d0d94a06ec6eff0f76b94e4812e5d4943aa6b86b88a9748d4e87e5280e8e113ab9974c0bc7e9d8e65b184acfc77e05f6df1414d36b6395d17d0463b35a07818b77e84ae4ce647fb6a06b0a3f36efab", 0xdd}, {&(0x7f00000003c0)="07ff2f7945cff3947e804e28b77d66d2fcf51bb0e151bbd242f78bac2bf72a28680e0330594c0ab6331852ae654c6505be5f6b34200dcddab8b01290d80b03a02b22eff5b6dc89336c41ac663c6a1176d726de29c2898d154b81af6649395528df5ae95aa0b4ffa1438ecb87bba8603e710a8e9d91eba25b18aefdfd3d9b483f4ac012a00b29cb9167b39cb29f81961f8487deade88864", 0x97}], 0x3, 0x0, 0x0, 0x48000}}, {{&(0x7f0000000500)=@file={0x0, './control\x00'}, 0x6e, &(0x7f0000000480)=[{&(0x7f0000000680)="83e5224a8a8cf4e0dacf539f6deb06ea1b70f1a02d254f98fedceb525725666c0ce09654dc2ace9d49aeb1b12e1b8aedef6d8f7f761eb3a3c4d3bd7a0a414d29a8de0e534826fc75d04aac7a04ed5aa0dcedbe3b631724bc7d544aee11f52f8ddb40f7802955eb1e1a3c110239acafd296ce705257740f3604d4164b72a1b0786bbab7211370686282457c8e7e9f7db948e840937ea77865b8afd893c2734efe703f651de6df11e58b6d3fa2049f7793f0891e7d2722c18a6b5243f4184a6dbf716392b66bebef7c0db2ad079678860447fc9e5d7b91680b424e32baa5220c", 0xdf}, {&(0x7f0000000240)="3bb1bcaabe708f4f23f3be44709d4c25992c77edc973090fca7efe9ad43d15aef0e7ce4b5f91f98095badb5fe8fda1", 0x2f}, {&(0x7f0000000580)="c8733daab040790db94d1a21868051f9e5f08e8edabef32ba77e1f5d0b9d24dae9ee75093ab0fce2712513ada14dbe729b85507e150a4eaf1c82fc6071346c01d23dfd58af46bcc602d4c7a4a7c85bbd4bdad0730590391e824c9be8f864ea6b0e78dcd1", 0x64}], 0x3, &(0x7f00000007c0)=[@rights={{0x30, 0x1, 0x1, [r3, r0, r2, r0, r3, r3, r0, r4]}}], 0x30, 0x20004040}}, {{&(0x7f0000000840)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f0000002c40)=[{&(0x7f0000000780)="f894f0f3ebbaf43264cb169f6965619fac009a904c6ca51abde71b43344ba41ecc5e23b0f3b3342b83dc11442d62c3998ac9", 0x32}, {&(0x7f0000001980)="0481f7fe6feb4273d6cd7593ec0376a123945f611353fb7d4464b231be6a486b21bb54de0bc5a8c237eefe24f18e45de2bb23cb5605ecfba48c42a4f5cb5040215f5b87514b753c3b398ff09909bcdeda21fc50751633c9d59082f5eb4506ace5559ae3db6a8018c64e198205c23b182f542777093ac3e9ea4e5e94a0c624ddc119b31bfaeb6f5453ca3218282efbd0f0a3715af19560b618045937ef68dc71dd72802e52ab208bfe215986989e39b72cf4ff0e39044e8b8a7c98eb8c696dc15267ff8daf93fc8df32696ddd2d67ec57512dc2475d5c8f7b5ea25a2a6773ef074516c25750eb739664b55c52b0d66fdc90d6efddb0", 0xf5}, {&(0x7f0000001a80)="e796f520e3ffd7f88ecc77ddd0a3cf3d0742f95e9175de18fad9974371109bbbde918597a75c6cd8246910eddfb2d0b5c62da446b065e3ae24d094e8a17f13a73377531b0bd1a02a6a99f1deba00d663aad1e3a8767f778e6e6838ad8d5e251235172bb6747c8b4afa54cdcc9ec9ea41e456a68cd946b97610a38b68e3d9b5cd9b941c4adc07e222124565", 0x8b}, {&(0x7f0000001b40)="1ddbeac97e15c1fa2cc1e52166b0bd498b335beb930850cd4e4f098acdd08b783e08024068f84669cb71ce18a10f9e77cc2a456367924f7971294d8d431c8b0f6345c444ed68a1b40ce550d67cda4c1e5375818028df79b3b76a6d5b7b7163e059efec920e5cfca47048b78cd3895925b2183d2d111a9d8aa7e2e121100e60fc14e8834b80612e5bdca93eb7969b1bc3e6cb1b65fa43974502381ec62cb385c3c65f07b5afd28a39d139ee01b50e07d43b9853dc7a6390d0776553146f18b89f8a68a4d230fe08e54630904530e9fe25714aecb60be37759", 0xd8}, {&(0x7f0000001c40)="6666a898cfd2fce0abaa17b9ea1eaede5ab5e0209a472ea5978764f722b1da326582972d8c9cecbb99b80ed822e50dd44efac6c9fe92669f1519dbcbc6fc42b69e967a67110d3fcb5af424a41ebbf16ecf921e33c7159710329f1d49b13820ca7c5658b8a004310bde83c4b500fc666bc4fed7c9c9ad082aad8ff9cbef911e8182952a9141648f19a302aace36c2c2a2830b95c76e42d935801105eac3c14770b971fd3b62e4952ed6969afd38fd7631d204a05248b4bcb1120346f80a710228379290dbe3a31935884327aa839d5365e10d8a10153e250261df16457a40174fb05806fa7b6b9f4eb02f2b3affac073c43f11f91b82a72fe9af314fedfddd4fc0822008ccd62798de5149c5955726f54a8aad8b8348ab08d6543527426c34217ef489593f14f0e5b4add37cadad0d6aac64d23164134cf630fb5c4e0794d4fa7c62db4c79f623d3883be8f5a42556baaef4b23d98d244256f71068a03068b6453c9c31e81e08faeeb7be7863022849c456e539316d6d9fc5282860cb98220eabd12f2dafe6a598d2a9c351f3f7b0763fe83253731d74bf7badac52781d85cc4c6f53960d0677451a9d78586fb5358f5f12c91074088c2af89568e6146e624a0374ee8fb0b68e79019f7ba5fb04f0c2d9a411deae2e58259a5e68bcda62ee0aafe152716a69042bb811bedbbbb5c2f7a32239b22cad93a8cc5fcacdb5e1e18e284c52521ba6a1aebd7efb2170da881c8c93a43dc373997edf8728abe25b8d9036805b2f9b7f9392663d37ce8b455fb143cdfe4f69ce89a3ebd5ad6e07424024eb19df06c2a1a9d9a2940ebda926a9dd95d7af2bda38e94ef4436635e9cfbe65d21097e4f3ac8904ee010fca53bfdf4710fb1cbccb304cae92751cb69b15dc5bae47ed12c6ce5a29397e360182b1a6f75ca698f82c414d45adeb848f17f0396614d6639a64805c401a6fd15070330ef49cdf8e875e239e8877b9bac20aa7d5ff0cb66a82b1783a98087c591ee610d5ce0f014cb8595dbeb927919846948c2272446fcfa32012be72c89c0837f29d24908dba761ae0ad4339abc916a89f7cfd33b1152075141143c27e63fac706b35713602deda59ad06353c1c1c5f32ce1ddb1531e237f21678ccf0722afd32f7faff371430a6b45daa495f445537d48cc5daf619bd4f8cad46ed7531a00e86db4497c67dd3870bfed13a77395a80c9d87faa5e6b7d83bf93db2763409e0c08b5b3e120e7ce850187e5d1769315383f11601f7365890afad1a3ea8f86fade6916bec8722fc6a0353fa9dbd38ef43177acf014dbd8a5b5f978e7f85c86b7bdfd16d5ce45660fa3d2789c3b3382bd87281d9ea5430381076a5671e8c3f36321ec432f09a55f1f09cf01f1800c031dc25b6091e819f3e2ffb9ffef59163eae28c3e4403625a76c243c095d2391f74ef8154776a7100e151842158f25dd72421855dd40c5d457b25947ea13b3b57e74a0e3668fd5b884fbd9d5c294964f23c66c1f81da4b65664fdd2ad7a8c262d70de8a361d8a5fd4c4b575d549065da6b2210f330ac400d29b4d00a65e7d3b371ee7b6c94f4272c8ba2f5417609cd1266fb718e726a387398af59caf93bb92fd5cb5c31c19ec749369ac84cfac10c354a1ffdfc950c844c435a8fa7e37bd297ea6deb428d18fd7a001022da5fdd33f5247acec3d24ad96256cb5359881dc73c82fa164ae90d22ef4ed44ede9b18db1b547f62c316020fa4f4df4dba6f215b0015beccd33a18d9fe14304b66a4a48527ff7325fd65c007b2737375b3dec44a37ce779fa7d78ab1838be1027c41dd5eca9f0c560b5636b06508e68b0a8bfe0691792e62b2d33d31813b0fdd60db83943b8b105301e0b360d5dd40816fb1be270f58b83fb4e1b8fe82525081ee56cec54c336a7d0275bae181a4adf95221982b126bd5ac08b313e7515f2106211e920fc9e31e6ed6a2163a3a0b55fc9257ab45d92ec63e3fac4d8f6a55d0a17033b63c3b4ad30e442cb0c5eb89ed5f15e74410408a81f47ab260029e0992d73cfec0f11437f8e4c69724df7b4d972c11bb8a547d5fa534a7438c9944efda8af724af8107ca9ef2cc0eda3e0aadd3d5c6c46c9f7e209cbe74233575753e0fda2f5e59a0e20ae427e381f28af9b4c4758b108088141c20ead2ed8aabd058396cfe9bc710c0ef7c74b67d95c027832fb38b087d10e18816346399fb79b3e60040e17c64b20a049b0aa5e1ece290a034ceef525b9fa7494d6bc3a3d8cd64b8cd0a715f0ac455bd818c140517dea5fe868c8b3b7a50bc9b3b7fc4792ccaefa6bcf00ed14765ad64843b894988e83f13b878e044d2578e3e83f1c56677decf35d53bbf36fdfa79af9ae5b019e7b2e5ba32fb8918f62913392376602cd2ae1236d14ab3a65d1e8b72ab752526f27d2c52e9ad4d14c2746302b36589cabe516b1e32e8922b889ccb68c133a7017bf031e449957422ddcf66d316c0b46ac62364a57620d087c091d99e2e895370a771c8cfbdb7bd9b30e19b4ff636a4fc8f6c9b19d7aec5585475ac8eeaf4bd1dc6ecf2abbb82f50c62f3a3bb05c76db3a0851efbc20e5ea3e3986560ead95a7599907e8333bab002d774c7c8d16e44cebbdaf6d0ebab7383e7738f1a7f3ad183bb9b40d83e80d935993282dd5d2963aec6ab6a9700f2ce689a44efc8e136c60b3991c3d621b77bfce7e8eecbc7471eb68b1a233ef1194473d91dd29e9195e288d75dac0fb744ed7d5e0d5331df4fc779087a05463c114247de426c7db635fc1b1e6452b030336c4bd16f8a611ea438490e53dc4d590acbdf249c6781619a07aff4f85cc11ad5304d6151cb81a700dff490d6560295b9d93a6f091a39e16afd7520b1ad52048c1814a8112c6b82993bc383457b5ba6eaa67e8c55298434bccdd9dbfaaa2235f96a5fbcc1c551b3823839b70bdccd26a2a7949d7abe42adc1c637e1bb32e2d198c2bb3351c9022f5f0c8feb1ece7e5d631909a3c98fbbf0b4f03749b59fcb4666cbf40bfb9faff552285c2f9be37a452d2c90566a220f5213a6f96eee2e9a4a8c0b4b797bcd060d54c0b174fd77d4270333d0bef1ed79d67d28fba92bba680dd07ba0138067100a5549cb463c16790a28a3f831b3bad4bde344ef57be688bd2b74cbca88add97fd7aaf18e60e0b0fa04f14b3b17ed40e9ca7fdc1313d6784b6494f9e26b2dafb8336f08f7eb42e320cda0c3e37eaf16667671ac7a77680890e1ec2df6372423da04187d01332e88e9cb83265333383c7e0b7c02e40af9854f8e40f78f2ff57dce9ce778c2b4718ed1ac814e2fc783a86856a93a439e8f016629ad58563f45dd503622c9c5b5660a903a220935d1cefe78b72dfb401b3de7c261afe59fb3f0975f295b17fa3d4cf777a0bcf1079a87a7a94b27fff491237aefd3a399f83fa1537c6bfd7578e7dd9f098993feee3dedca7ef57ca6a51f370bb9ee7161b5576bacee81b3be4c69ffc961371545323929ad65adbe8f556971444f9d35e4d3ab491180e11820b8ab245798ea12fd7019853cedec385e8aab9d43cc72c4c0cac904aab45ab6e88db547c58ae0acd28abf9516c9165bfd7dd2ac3e586ea476a3b8b1cd0b63ed01331bcccbcaa4056a111cffff8739c6c963475f318c208f403d4cd94a27c28f0ce721cfcf16fb4b334055a70c976f16e6c74881833b24b158644b7f9d197656f248a8ffb85c04bc5449e8e3e3f3000d75d4e08b865352bc6c8a489786280c74653097d1f7566dc998aaf14c34e22b07f8d7a5e070560d46b7bd23efa3dfcdcfc26fb25ef5e51a4dec70a424cc3098ce7c902c160ab995b546330acd0fc06ebe7b5791071de1ea7f0c9d4d532ab73e842859a666b330cdf75605eb3429038833808814a1169722673b4a75cb3e32bb51af0e9b94c800589fc9952ce9e51239f84fad6228dfb400afcfafe9a0a11187ea707b495cc7a3919aad0a903195bb1db30f603e393de0e2ad2792df66fdac3fb1e27c1aa489f73e70d0f3bff67ed7322a542944f85a357e6cca582a8cc314a79ea220be991b34abf52e9e6d045f3f06770dd20a2ca150dce894d61362e6138a22d16ab0b08f9a4931b28b6d0bbde80c7d0fa902697451d6780fa0c3851692a40f586f2a1d2186966458c8a06f1bd1c9a4c9ad4933b11dd75c757e40cc58fa88071261ffb3c51f9272a42cb681740253619431f636a745db9feb17020946c7ed6afe979579c97f91d01ec08ee5b25412567f65a69ddd54edbefff08d92de752a872812ac8e91ea3abb5f7aecc848a93030ca97ec3b9e5293578d0783f768da8fe09d6ee56de1cd256165261b958f22c54537da7a13bdffb9d7cce7343e96437aad0879d28389db16c680d3dcf0e6dfc5606a8ea1723c73093ce0e978fbe36b0f90b500c787c4ccf93e37945dd4411ecb8f2c58678423fbe07d80ed3384cd769a04f5df7f48840ff5528b4c87e16d49018c56ec367c7a34a0b342cf8a6c92f7afd6e0560934f695e117b55b790dadd822b1f7793ef9341dd1c9a5ae6fad068ae7b06b122ecc6fd6ce2fc0c0fedee5ce517b4fba61b810c9dce6bb8c0f99747410c83674bc7c8af901482933af8831523c529a96688dcf3748297b100cc2c8de5b0b2d244516f3eb9aa47c23e03171ab44edf7db71a173ab37272c039eb9f9e078acc0f6adf7f43408d98a98d593b7d7980b382f75024fcc4c31feb37a454ccda7ed9fdd402e438af70fddb71b5e421e77fa361d1ae81aab425111f69f1a23a231746f06236a729512d3d10dd35d0e1d635f3d1728a73bc57cc9ed2035fee6c9083b0b75b42f28b5968e88101ec940eb29aa653319bc2966bd1de46ab3858dadfae3087190bf74b9a470a602c50944c5220400244e636a7402ac70dfe83d225477c4d1b513592ddf12ff6813b2cfec0d01f583763ecf1d4bbe6206d422e4f170f022e5006bf05259fa8e722998cd8281f21f7238de31ce617110e8ecb9c51bd66195c2c4b38913669ba0f21b7f2793918225b97757f734cb470f23bcef382bfab3574ef68e37c1061edc53e28513bc4c420cdeb72d553cd0d3f3f18ca11b5ba44196a2cea93f81e09c6bf18c982c9a5f242653457a1e833049f6006a4af9d46ca6a00de2ababd25567a2ccfdbfe7c453d2fb0b5c41c1bc05eca0da55043b389dfd00ce22850a756126e1ef08b5c421ab0e40158588722fe18d6275bd4fb50dba98322437b7a3983f2d3ef0c05a9964520d6572aae3cd337ef5855a1efda8745355d704c7ac133064b23940cdb42a5cede4a31d393a37550e5d92ed9c9780458711f6d502bec2df139d49af8eb5902df2fc460e1c7de524f20c3d5efd952bc43157d2757b6dd4c7af78276c62fa669e3d87580f01bee7a6e430414e61c886b17b42ee37e744c7cd02fb08d0219bd5067d760311afaf9e009dedd969637cfa88cc1478819a34b74e3d18fd27a015d36e97f7dc2c0a5b7977ca0a177bfe4f600af66b524a995c6d0a1ed5c519e09bbba519599d7b7f841f570a7c93a56bb7b8c83d0093f1b85336f6c5df7738afe8bb12d1a836304425d4d6c19325956a4e0292c899ad1d56b4ccfd26f06a1a901c91d384b5cf4f3e20d14eda913f3490db7e3b95c67d6b961455624651c7922d7c0cc6d8b392ef2c6ee8d8ac2d9f5975cc9af36428ef19d26962eceb9ce5a30b66d76c6f31762aeebfe7299d3082b36213423d28d605b79fdcf29fc963b33f2406d9f0e63557f7c3dfd848c95ce907559f1cba1502590e225bebc7b9e498540130b593b370c56476b76112", 0x1000}], 0x5, 0x0, 0x0, 0x40}}, {{&(0x7f0000002cc0)=@abs={0x0, 0x0, 0x4e21}, 0x6e, 0x0, 0x0, &(0x7f0000003180)=[@rights={{0x1c, 0x1, 0x1, [r1, r3, r1]}}, @rights={{0x1c, 0x1, 0x1, [r0, 0xffffffffffffffff, r2]}}], 0x40, 0x40}}, {{&(0x7f00000031c0)=@file={0x0, './control\x00'}, 0x6e, &(0x7f0000004340)=[{&(0x7f0000003240)="00b02c9072d2ac026af569b9574db3c9", 0x10}, {&(0x7f0000003280)="fc192d6a99f049d0fdb6e9a1553e4354a987f46eb338d57843cfc2b57835a92de0304fae20051eed4aa3b4e665468e185fd965c8b5ff8578588994d0f3b960ce763d53a3b97a263c7998a724bfcfd4a72303b7e627c64fddcc9f78fd4507083d7d2818b40fdf51b7d29f9c2ef486f44f82ed83166486260a283ed19c64d21264adf1697be7c6270024c5a6f78e234f63b2535ed9b22733b18fd73090f584005806d09839109f87735e55bccd15485b656d07650785acbcf421807745972a98c02ea1ce4516d96a65ed453821e4d07de80d99539ecc23788fc0f3f49f9a30f7b97118941c655cd50afa6a15b43bc329f7c00f78ff24ca47fe60f32ecd4a6870571b7565abc2294db3bfcdcfdfb129e910c402efbdacaba24a1a40543f27928b078fa4a47109f4490c3272e6198206ffc120089cb45da4719d57afc9c5b951b0439dacf2ab753609db769432f7287f989d981639236ca87d0f020fa14d90bd72f57035375b9a62ae7288a027cdf95dd7e706771a7ec345ab13e1be2c57a19edabd9fa9ba6227025589f608804c4bd6a512876fc45ce5e9873af24a9d2531dd49717f806e2bb9505a9e633432c5cca39d5a923e8541de80424a86944d38dbb49aad0a3f508c9e4482c14806b556112974c0d0b6fe57e20f6863d0167e3cc6222b97f7099f02d373ee01ff56e18b060ea715d26dbcfb0c1cdaa203a79f6197f04eceaeb0c22c3b3b493f8237e6894663c0dff4d81da0ef2146881f30ba62b20089edd049f91168bb4141ec2f79cfa0b02b9cc66f4fa253f8cf2df6579d8e40acb81f36d7631c2640deea5c9152dac6697d41b66f59f4156ba0c332c347fcd3434994b6c681d213b5797ac5ebb1f78cd4111c7c64a3eb9470dbf1424b559f03a28ab81755253a83e133f6b696a4929d2fb73a9604716f61ad7aad138bd97405aca51b50da127dd70c2601d39a6e5df506856d75376695f1092e263ddb3277cdd4e01b82abf295202f3814e923c242becf031d9b8d55b512c44eaaff1aa31929248e22b23a31e61d0a0f8d29770d0c5f1686ddeb55e3512a06257dd82fe7d7100667aee66ba6cc9a939038f8bf74b4aaf355bcd513b848d9f82f6abff97d7eb3de23ef80c21e3379598734cd57529f3330e8978623e7c534e14a0135e1ce130097699cb45b8bb4ff2802ca970b0bd85269a4792fafd688e66e3f3ede8a5f9d4236c099b61c1b1b1e631f5f9002a3f925bc540e96a6842d7eb60093bb1a2bd88917dca1c120d6addfdd7c0d642864d8a60264abc0b30a82def57f8aa6805c5de34e7354e689b0e6a66b88f141458202f49d493d3289fe7f26541c281075e7ff1a67fbf5a2ac9301f8a07bb6c765a92bd4a4bce7929d29b6dbcc431ad3167a64e0988da2c656ef7db7674e45b38066eeefce371591769616cfa44501d7c69c3feaa987065e59809ca284a488b20bf5b47aae61faed6cac844ddddd17cc46f74f6844a160fb259f578c5bba787174508fa7279ff4a57f1a0142e1bc584a4b9318c15ec8e0a12526bb3923e24a58176dd522a8ad3c09715698d1d9cb0671366da3c9a138522af1dc11c330adc176c514a6000316b572d4bc0a3d65eb3e904a6556faafa9245890b8ede8bff8ecc234eacb89b5b3a21010c329a5af0b726401b7a5845e229a8223d030c3bddfdb1cf95a22c7618f29c33f7dc652462ebbb5894255453e310004b35c12349fcfe213c26c73d32b84785a46972771d392be021d05accd5f5cd33db7d7ad970ec3fab078a9189397d224a737c6512a321562d08df56c9a94ea87f0a4f46d23f5a6189b462392457016fc3dc4ef72a5d0abe264e482c2895bc9e3a5e001cdb486f2c73b8f88b61f6c623ced51dab11cdb06ba93148e7ab3354a512ed665380b526fe5cf5858f22e473cb335847651c25ea0bb7940ee7ddc895694a8b03df12b6212c4c6e5eb17961e5d0d65e339b50af29a6dbbf443c78424f2967890073563c499b995e2ea9886e34630484055edce33c12dce9148eb63f35168fd9bc5c252a879a27e70da0a0f28d8514a58abb79f02fcbe667b969d5988fa4645df5a9b2971a6bfbd58836712994dc8a689e0dac835338afc3f9bf68bafcc459831f47605eee0f6e766f5abaf310b1d87473ab6a217996a7a0cd58c6607ecb9ad571e6dbcb22456a8538fe909e4d21c11ee241ac23f1db68d83453df94165b9a9d1c5e712218773480e0f576745425b81cf96dd9af7a0c6deb6f3694fac0e2893ddce92196a21ba3af9037d48ea4bdcc8c4ed35dd505447ac6c98439cb64d9b0db62018d667e752c66ff4692c3d84440055358bce097adf0abe35545c387e5832053ac611c46b0be20c83eaef2418971592914a17201de30528fbabf74fc3e8556ffb8e10b17e19453b676a93112f5bd95433979c1daeead9ec14a3ab477b0343266a6ee74dc372837a2197a16f3d6c1a02e9970015af370a23af7e16bcbea5585e76c999c021f6bee70a24ab3e52dd555c5b9a25106045f89f0c7a0ad1cc8d415778fd7382f3b563d52e9deef631b0f82a1d70b4eb6dd9e0eaa9d4273be4d7d06d0159ba91223179f9f719697db9c00040f937bba4df89904dbadcb7c4198013587c2eeb5ef1503e87ce870122d1b560592ef8c52ecdf2472f669e1233723b81bd32102a8369f08dcffeddb3b2b28b5ffd29c6e981494b3648327dc5f52129240122e911c1d1b56e927455c1bf746ca90db756a2187efe20708637203976466e7bca9d9d8606ec3c5d1b2af33402f96ccbc0bdedb06cf85933b943f3e9a5d70b16455ff9aee174d0c504abc20954e0e67ddc746181ba7e66c642a6bb9406b5fd22374d5c9ace441af4bc35615dec06e5ae4b45fd5aeef08707d26e17fda650781b1fad429fb3dfb6d2a91ba2e22316e6ec0f170070405930fa728825e83c768f53c647e25aab2b316451bc6e74038a60b047c98eed1b1e7014f082c936c352f1f4b7fe259b9bc7f085f9690ec2e2a0c74e0f1f4684c86c5c1314358eeddb7e0d7fc7ebaae9857545d7196f82e550832aa5d8f550483af673d30df81f196c5c5d25e53be770f5925946a099c20851a2f8bbdebde1b187af6c61fcc302cfe8084a77a0d0c1c3d3b9f823edce226c153f0b5bb0a7eef1ceb259d4a1b7e041cf10b08de49724d40332674e9de581782ea52c41a21469748deb33061a60e3406187e52043ee38cd8d9c8aeab132cbd32c1c488f6c4f6d7a7ed46d15a0b38425464175e03d5cf67b74332cee71657f475880a5acb2bbcaf18a8dccca7655631de5663d505bf664c3e2c4d4529114f76355577978ebc75c9192b64ee0e268792c195ce9d77ae18ab0e3da067b399cc11c1319af4c8edd0f86e19466fcff033bda4f23f83f4c83a1393a2c418bb0022bbf9dd4a92af07bd718c2665fefab40aa66bc20f12cfe9286727ab3f06bec7676d8d96c9d565da0e0c7fa85df1423585edb8865fb75eaca1bd302c5373be9fde6d3854861787065ff8eb51be95ec1000294a896fc3e6cdb2b58e15b8157b2556a93cd2f0ed953ce186e20397b99cb62dba3a152a74f2ab3d63b2afc7ea75bdb1f58ad0b959c77e607b7cbad0c1122d16b411a9a97132d0ad67467ba32894094e8871fb20d369e2a0c6373ce66e632654f241f6497ea0cac6aac665a52d076385eb8fecbe31ac4bd781f42498a17f94ca8fe185379b0c548612bd6acaa0a1644c66533fe0a351c783c79a06be1d8e95199686c8c34cef9d07dc26697661018a2e65ef1361007574cf3e2936b26b413d6eb68362d277072d2d68343f4cab0ab19b4aef11cd139f68c80a291ebc8e1eeb6ad392bca605454823c7c8eea0bd97e311a407c4fb30a94304fe43f5ed94b7077ebc15193c828641b4f8403fbf202ce44e55218d33cd533bd24654f542f8f50d16ed7ef2a55f3153b3e0d017a801c338d6a2d459a0e860c0c655eea965e7b6b5dab0760f783356d38a9da70c3d0fadf443e818125f648ba1bfba426c08ed34121d5b898cf40f2cdc3ff0f95db1c04ccb4dd7dca4ba539ff7620f89899616c305a79c03fe4ec2708fd8a05bbcd343b49c420d41a61e2e6ff33c2df0043c24bbe9b690ca7a8df479113f3b0accd5a533d6898f2e81239e68ac4c2074f3262dc667cc0ccc52f866cfebc0fd6a667bdb8c80b3940bfafa51338cf64683992d5ad192446ce0adbf34c1a803c637d9766027dafd2c052da16ef3263081d10f5e70bdcb90c6a64758fff8d3569891081ea8a4e9b378995fbbdb8a43c3311ea62eb9e4279aba1730aff3a68ba309e193fc01b06c6a947438c80b293f6033993e08fa3749269f392410ff85128df672322d1477951313050c270f39a6cc65ff5592292fae2d9e6187e646223e673dc00a8184028abb4a2e8a6a994c0e6321f491074e766a7577fd0719bd0edd5b14af41741bd4850b226ccd581630d0fb456b2c8de560db5063a6eb1740ff0d5a7299a32cc02dfa62389bfb5df7d729e76677f13b38cb88d8db7577ffc4693f4712862a102d814c434bf98a84a4a2976db521f317fb6057009529338606b5b99fa3a14e49decf1df8a79cc151010c456f9ddcf5f70505316173f4d86a810c0af266eb5770500adc318fea0747ce74c8118fcf53735fd6139036db6bd6b308b7abf7706b51396b8f7279cbe4443f5c6e85dc28ae221aed1b300d411a4e1d535cf7292239eba0dd48ed2e642464ba329a00c1fc6fd6e41bf651383c318ebd40eeaf1ca5be85cf0d6df35f1b954539720474bc3312f3768119783a4cc3d99becffff4339ac92ca875d1d49c1adef8a7dc52339ce15292ac1bf358131d4f0aee9cb6ea251a83c2be9a4b36875f65f92f2beb7acee928060e24b45fbc58ffa8ad4071ad0c429b177f40950a5703fdb9fcbcb4ec09c1c30e32338d8574a384cf5348b47b9720536dc87b254523b3761e5f9f1d79fb7ed72f5b885bec3222ac5da224b807a6aa29b2adb9ec090051866d32d582b675a017536b7c6e8fdd2d26e07aa45c57bf64b2effe099a7ac21d5cd0a3ffefe2f809dc622cbbfec53278b2905e76034cdb5af1e49e5da47452af289314393ded83870aa996c7e1f9375bd245d9d9922a1ca0b088bcddf6eea97e81d18f1142fbdb2c46869e698181a8fcb98fbb5250e66503f14b3d2ebbdec6304df02db5d3388814296da03adfc467de29d749cfbcba57beb29a0cfe4c24a8d58e43a55b6216e07e3c16bda173324f05c4c71d159fc77a7601692eb9d8574762029368947291f71db7837d279714dac99ecda6d16dffe12102805683e5b4514925e8dc63fc0a2e60ffaa7a7d8160b4d527860f354647132d4bda0e02abe4abe80229d0409b1f86b95eb56b3a46a460804ecc012746ab1817a3f06830b12d278677710af180ae76f0e369f56f13ed0efb7dc72b3dfa2af7dca6c8530c4678924888c254b56fe01b3bca4138b575e3c1d9583954c35faca2fa8d0b5759e0df9aabd8ba925af28f1f53d6aee9f6e163a466eab25c09d0b9029140dd3e96911e3fec40ae56a3b0127047249f1df12e90f06b122225fd27655b26ce36412f0dc507ad29cd00eadcdb80552df4597112cfe8c1c163528f4c2d71c8db2dec9cd665eca3585be7656162f9aaae6a7bc53d7c2484fcc1636889a62bc1495ff94ffc342eb9c146aaf9050ae033b4af9b49dbf9d2a1531484934d2124b222bd44c6b408c019cf56b2fab015303c3359fec361673daa90af6a41eea76222d0ddf600459ea75d394a89b514506ddc26d623f6b625d1ab55", 0x1000}, {&(0x7f0000004280)="6d17cfca5dabe41ab436a0841add6649b7f5a8cf0b0250aff8799a3ea62ae70cbd158b44ee77fb25bf763448478a0ed77ad44dba4ef887c5e9bd0dc08c535eeeb1b2f3d243d4b88470a48001368eb14becc8c3def36c993d5bc496f17d9e2459ef8b6c612bc3fdc165813f19ff265b63ebaaed66cf65fe23294421d9f303a79314f87b31ddead24f5fbb4d6a935074948b2859b84f79976e1e7e62a53314ae384bc665eaf5eb9837a403ad71752a7636a011ba542eea9ad813631358910b", 0xbe}], 0x3, &(0x7f0000004440)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r7}}}], 0x40, 0x40040b0}}, {{0x0, 0x0, &(0x7f00000045c0)=[{&(0x7f0000004480)="c96a3baf24763e35f7950b8cceb177f0163e95a9a2112054f565cde292acfaea02b65113985ef0fa58c3d487f4dd86b88878", 0x32}, {&(0x7f00000044c0)="cf688e5888bf60cc4d60b3f4a53252601490b6a89aadc4d244282d415dc5ef4c57757a1f92424615b288380f94c428422cb1d1a642c6988816c2c5f8607ed36a06bafc08c58f4c0d93659e325e7dc1a23f1ae7134ebc250fcb7a62358f27f4004f3441bfa4d305e2", 0x68}, {&(0x7f0000004540)="5e994bd2e6465ec5870b43bfa5f0b2af76d8674a699df112732744dbfc33f550f7ce414ae18a21e6cefaaf52c7dd9522bede45d8bfd84cc32c827e92433b927ad1d67c566ff506db", 0x48}], 0x3, &(0x7f0000004600)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r3, r0]}}], 0x38}}], 0x6, 0x4000000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
executing program 1:
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000), 0xd)
fanotify_mark(0xffffffffffffffff, 0x105, 0x40009975, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x15)
write(r1, 0x0, 0x0)
executing program 2:
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x803, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r0, 0x4040aea0, &(0x7f0000000280)=@arm64={0x5, 0x6, 0x2, '\x00', 0x1})
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r1 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r1, 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_MCE_KILL(0x21, 0x1, 0x2)
r3 = socket(0x10, 0x3, 0x0)
write(r3, &(0x7f0000000080)="140000001a004f7fb3e45f2024d2f1c9fb470000", 0x14)
recvmmsg(r3, &(0x7f0000005c80), 0x1b, 0x10122, 0x0)
r4 = syz_open_pts(0xffffffffffffffff, 0x0)
dup(r4)
ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r1, 0x50009418, &(0x7f0000000e00)={{r2}, 0x0, 0xe, @inherit={0x70, &(0x7f00000003c0)={0x1, 0x5, 0x6, 0xfff, {0x0, 0x0, 0x8, 0xe, 0x7fffffffffffffff}, [0x2, 0x199, 0xffff, 0x6, 0x7]}}, @subvolid=0xf6dc})
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x78)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000840), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r5, 0x40047438, 0x0)
ioctl$IOMMU_GET_HW_INFO(0xffffffffffffffff, 0x3b8a, &(0x7f00000000c0)={0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f})
ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(0xffffffffffffffff, 0x3b87, &(0x7f0000000000)={0x18, 0x0, 0x0, 0x0, 0x0, 0x3})
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_netdev_private(r1, 0x89f8, &(0x7f0000000140)="4e6a106d0103a9f1ef1bd2d08e33610b226f5a0237ccfb2d91866182b2d688a219bbe96e170c9db53b8cc13c6384db08336648be95a44ac11e312d83ea0042064d1246575e3c53038fc7c3f1ed5ba5db77b86b")
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200880, 0x0)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x9, 0x3ff, 0xfffffffb, 0x8001, 0x1a, "08400000c38eaad6a4540ad9455fb5031af800"})
ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000100)=0x9)
ioctl$TCSETS(r5, 0x5402, &(0x7f0000000480)={0x408, 0x3, 0x0, 0xfffc, 0x1a, "4415264a100046001113fb235902af2556c6b6"})
ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
socket(0x2, 0x80805, 0x0)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r7, &(0x7f0000000200)={0xa, 0x4e23, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}, 0x1c)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xc, &(0x7f0000000240)=@assoc_value, &(0x7f0000000080)=0x8)
r8 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r8, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
connect$rose(r8, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)
executing program 1:
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002800), 0x2, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000006c0), 0x0)
io_setup(0x6, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00'}, 0x90)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$inet6_tcp_buf(r2, 0x6, 0x1a, 0x0, &(0x7f0000000080))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x48)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000700)={{0x0, 0x1}, {0x2, 0xf5}, 0x400, 0xe, 0x4})
executing program 3:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x30, r1, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0xc, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x30}}, 0x0)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$tun-ioctl$TUNSETIFF-syz_open_procfs-socketpair$unix-ioctl$sock_SIOCGIFINDEX-fanotify_init-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$rose-ioctl$sock_netdev_private-openat$ptmx-ioctl$TCSETSF-ioctl$TIOCPKT-ioctl$TCSETS-ioctl$sock_rose_SIOCADDRT-socket-socket$inet_sctp-socket$inet6_mptcp-bind$inet6-getsockopt$inet_sctp_SCTP_MAX_BURST-syz_init_net_socket$rose-connect$rose-connect$rose
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_netdev_private(r1, 0x89f8, &(0x7f0000000140)="4e6a106d0103a9f1ef1bd2d08e33610b226f5a0237ccfb2d91866182b2d688a219bbe96e170c9db53b8cc13c6384db08336648be95a44ac11e312d83ea0042064d1246575e3c53038fc7c3f1ed5ba5db77b86b")
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200880, 0x0)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x9, 0x3ff, 0xfffffffb, 0x8001, 0x1a, "08400000c38eaad6a4540ad9455fb5031af800"})
ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000100)=0x9)
ioctl$TCSETS(r5, 0x5402, &(0x7f0000000480)={0x408, 0x3, 0x0, 0xfffc, 0x1a, "4415264a100046001113fb235902af2556c6b6"})
ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
socket(0x2, 0x80805, 0x0)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r7, &(0x7f0000000200)={0xa, 0x4e23, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}, 0x1c)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xc, &(0x7f0000000240)=@assoc_value, &(0x7f0000000080)=0x8)
r8 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r8, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
connect$rose(r8, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40)

program did not crash
single: failed to extract reproducer
bisect: bisecting 24 programs with base timeout 1m40s
testing program (duration=1m46s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 20, 4, 6, 15, 25, 3, 24, 24, 24, 2, 26, 20, 9, 2, 10, 18, 26, 14, 24, 24, 19, 22, 3]
detailed listing:
executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f00000000c0)=ANY=[@ANYBLOB])
executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x81, 0x7f, 0x1, 0xffffffffffffffff, 0x80000000}, 0x50)
sync()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
preadv(r0, &(0x7f0000000200)=[{&(0x7f0000000040)=""/175, 0xaf}], 0x1, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000240))
futex(&(0x7f000000cffc), 0x5, 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000000)={0x7, <r2=>0xffffffffffffffff})
ioctl$KDSKBMODE(r2, 0x4b45, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x129080, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0)
ioctl$SNDCTL_TMR_TIMEBASE(r4, 0xc0045401, &(0x7f0000000080)=0xf5)
ioctl$KVM_SET_IRQCHIP(r3, 0x4020aeb2, &(0x7f0000000300)={0x0, 0x12c, @ioapic={0xffff1000, 0x8000, 0x2, 0x80000001, 0x0, [{0x1, 0x85, 0x1, '\x00', 0x4}, {0x5, 0x3, 0x0, '\x00', 0x6}, {0x7, 0x3, 0xe, '\x00', 0x3b}, {0x4e, 0xe, 0xd6, '\x00', 0x86}, {0xc, 0xb, 0x6, '\x00', 0x4}, {0xf, 0x8, 0xf5, '\x00', 0x3}, {0x2, 0xa, 0x50, '\x00', 0x6}, {0x88, 0x3, 0x2a, '\x00', 0x80}, {0x4, 0x0, 0xa, '\x00', 0x1}, {0x8, 0x9, 0x3, '\x00', 0x8}, {0x3, 0x6, 0x3, '\x00', 0x6}, {0x2, 0x9, 0x0, '\x00', 0x7f}, {0x14, 0x51, 0xa, '\x00', 0xfc}, {0xe, 0xfc, 0x5, '\x00', 0x1}, {0x9, 0x2, 0x6, '\x00', 0x9}, {0x1, 0x3, 0xfe, '\x00', 0x3}, {0x2, 0xb, 0xd6, '\x00', 0x7f}, {0x7, 0x15, 0xca, '\x00', 0x6}, {0x0, 0x1, 0x4, '\x00', 0x13}, {0x4, 0x0, 0x40, '\x00', 0xda}, {0x3, 0x3, 0x6, '\x00', 0x9}, {0x9, 0x3, 0x1, '\x00', 0x2}, {0xf9, 0x1, 0x4, '\x00', 0x8}, {0x7, 0xc, 0x0, '\x00', 0x6}]}})
ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000040))
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f00000000c0)=ANY=[@ANYBLOB])
executing program 1:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r2, {0x0, 0x1}, {}, {0x8, 0x6}}, [@filter_kind_options=@f_flow={{0x9}, {0xc, 0x2, [@TCA_FLOW_BASECLASS={0x8, 0x3, {0x0, 0xfff2}}]}}]}, 0x3c}}, 0x0)
executing program 2:
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = fsopen(0x0, 0x1)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000058000000030a0102000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073"], 0x122}}, 0x0)
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0xb, @empty}, 0x1c)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
read(r3, 0x0, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="000200000000000007"], 0x20)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x39}}}, 0x1c)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0xfffffffffffffd00)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
executing program 1:
r0 = socket$kcm(0x10, 0x2, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
syz_emit_vhci(0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r4}, 0x18)
r7 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
ioctl$VIDIOC_S_FMT(r7, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x200, 0x7c2, 0x41414770, 0x58595556, 0x425, 0x10001, 0x6, 0x2, 0x1, 0x3, 0x0, 0x6}})
add_key(&(0x7f0000000040)='dns_resolver\x00', &(0x7f0000000400)={'syz', 0x3}, &(0x7f0000000080)="000001020200", 0x6, 0xfffffffffffffffb)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x12, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0)
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000100050005000700000000000800090000003f0014002000ff"], 0x5c}, 0x1, 0x6c}, 0x0)
executing program 2:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_netdev_private(r1, 0x89f8, &(0x7f0000000140)="4e6a106d0103a9f1ef1bd2d08e33610b226f5a0237ccfb2d91866182b2d688a219bbe96e170c9db53b8cc13c6384db08336648be95a44ac11e312d83ea0042064d1246575e3c53038fc7c3f1ed5ba5db77b86b")
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200880, 0x0)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x9, 0x3ff, 0xfffffffb, 0x8001, 0x1a, "08400000c38eaad6a4540ad9455fb5031af800"})
ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000100)=0x9)
ioctl$TCSETS(r5, 0x5402, &(0x7f0000000480)={0x408, 0x3, 0x0, 0xfffc, 0x1a, "4415264a100046001113fb235902af2556c6b6"})
ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r6 = socket(0x2, 0x80805, 0x0)
r7 = socket$inet_sctp(0x2, 0x5, 0x84)
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r8, &(0x7f0000000200)={0xa, 0x4e23, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}, 0x1c)
getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={<r9=>0x0}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000100)={r9, 0x7fff}, 0xc)
connect$rose(0xffffffffffffffff, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
connect$rose(0xffffffffffffffff, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40)
executing program 3:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
sendto$inet6(r3, &(0x7f0000000080)="b1", 0x1, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
sendto$inet6(r3, &(0x7f0000000180)="e2b82dbb186a643303afda978ae5bfc8908f0ddcfab0927d489bf92155c0f483bc991750b32f7ceee6938aeb1f1a510b1728f6d589d55ca31a1f0c2118f305a9feb7325d35b52041d7416384238426592831dff4a36529d07618ee481843f11a407f67834555695eda8993098fd39990c6573680dd7186a23143864d9a6030600b2a0529aa2b", 0x86, 0x4000, 0x0, 0x0)
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0), 0x40880, 0x0)
ioctl$SOUND_MIXER_READ_RECSRC(r4, 0x80044dff, &(0x7f0000000200))
executing program 0:
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x803, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r0, 0x4040aea0, &(0x7f0000000280)=@arm64={0x5, 0x6, 0x2, '\x00', 0x1})
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r1 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_MCE_KILL(0x21, 0x1, 0x2)
r3 = socket(0x10, 0x3, 0x0)
write(r3, &(0x7f0000000080)="140000001a004f7fb3e45f2024d2f1c9fb470000", 0x14)
recvmmsg(r3, &(0x7f0000005c80), 0x1b, 0x10122, 0x0)
r4 = syz_open_pts(0xffffffffffffffff, 0x0)
dup(r4)
ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r1, 0x50009418, &(0x7f0000000e00)={{r2}, 0x0, 0xe, @inherit={0x70, &(0x7f00000003c0)={0x1, 0x5, 0x6, 0xfff, {0x0, 0x0, 0x8, 0xe, 0x7fffffffffffffff}, [0x2, 0x199, 0xffff, 0x6, 0x7]}}, @subvolid=0xf6dc})
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x78)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000840), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r5, 0x40047438, 0x0)
ioctl$IOMMU_GET_HW_INFO(0xffffffffffffffff, 0x3b8a, &(0x7f00000000c0)={0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f})
ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(0xffffffffffffffff, 0x3b87, &(0x7f0000000000)={0x18, 0x0, 0x0, 0x0, 0x0, 0x3})
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000001000)={&(0x7f0000000a40)=@newtaction={0x14, 0x30, 0x216822a75a8bdd29, 0xffe4}, 0x14}}, 0x0)
executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x8b}, 0x0)
getrlimit(0xe, &(0x7f00000000c0))
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, 0x0, 0x0)
close(0xffffffffffffffff)
ioctl$DRM_IOCTL_MODE_SETCRTC(0xffffffffffffffff, 0xc06864a2, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "65366a50432b7ee2c7feddd91df868e7cfc6fa7272f3bf0a71b5d0c19323a260"}})
syz_open_dev$tty1(0xc, 0x4, 0x1)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
statx(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0xf0cb2f4a0c2cfc5d, 0x0)
read$FUSE(r4, &(0x7f0000006380)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f0000001200)={0x50, 0x0, r5, {0x7, 0x2b, 0x3, 0x61c3c08, 0x0, 0x1, 0x0, 0x6, 0x0, 0x0, 0x2}}, 0x50)
read$FUSE(r4, &(0x7f0000004340)={0x2020, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r4, &(0x7f0000000480)={0x10, 0xffffffffffffffda, r6}, 0x10)
bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x81, 0x7f, 0x1, 0xffffffffffffffff, 0x80000000}, 0x50)
sync()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
preadv(r0, &(0x7f0000000200)=[{&(0x7f0000000040)=""/175, 0xaf}], 0x1, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000240))
futex(&(0x7f000000cffc), 0x5, 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000000)={0x7, <r2=>0xffffffffffffffff})
ioctl$KDSKBMODE(r2, 0x4b45, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x129080, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0)
ioctl$SNDCTL_TMR_TIMEBASE(r4, 0xc0045401, &(0x7f0000000080)=0xf5)
ioctl$KVM_SET_IRQCHIP(r3, 0x4020aeb2, &(0x7f0000000300)={0x0, 0x12c, @ioapic={0xffff1000, 0x8000, 0x2, 0x80000001, 0x0, [{0x1, 0x85, 0x1, '\x00', 0x4}, {0x5, 0x3, 0x0, '\x00', 0x6}, {0x7, 0x3, 0xe, '\x00', 0x3b}, {0x4e, 0xe, 0xd6, '\x00', 0x86}, {0xc, 0xb, 0x6, '\x00', 0x4}, {0xf, 0x8, 0xf5, '\x00', 0x3}, {0x2, 0xa, 0x50, '\x00', 0x6}, {0x88, 0x3, 0x2a, '\x00', 0x80}, {0x4, 0x0, 0xa, '\x00', 0x1}, {0x8, 0x9, 0x3, '\x00', 0x8}, {0x3, 0x6, 0x3, '\x00', 0x6}, {0x2, 0x9, 0x0, '\x00', 0x7f}, {0x14, 0x51, 0xa, '\x00', 0xfc}, {0xe, 0xfc, 0x5, '\x00', 0x1}, {0x9, 0x2, 0x6, '\x00', 0x9}, {0x1, 0x3, 0xfe, '\x00', 0x3}, {0x2, 0xb, 0xd6, '\x00', 0x7f}, {0x7, 0x15, 0xca, '\x00', 0x6}, {0x0, 0x1, 0x4, '\x00', 0x13}, {0x4, 0x0, 0x40, '\x00', 0xda}, {0x3, 0x3, 0x6, '\x00', 0x9}, {0x9, 0x3, 0x1, '\x00', 0x2}, {0xf9, 0x1, 0x4, '\x00', 0x8}, {0x7, 0xc, 0x0, '\x00', 0x6}]}})
ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000040))
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
executing program 0:
accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x80800)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
syz_init_net_socket$ax25(0x3, 0x2, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x1, 'syz1\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1, 0x0, [@null, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000))
executing program 2:
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x200013, 0x0)
quotactl$Q_SETINFO(0xffffffff80000602, &(0x7f0000000000)=@nullb, 0x0, 0x0)
executing program 0:
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
epoll_create1(0x0)
ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, 0x0)
userfaultfd(0x801)
r1 = syz_io_uring_setup(0x27f0, &(0x7f0000000340)={0x0, 0x400000, 0x10100, 0x400001, 0x28c}, &(0x7f0000000080), &(0x7f0000000000)=<r2=>0x0)
syz_io_uring_setup(0x1868, &(0x7f00000003c0)={0x0, 0xd762, 0x100, 0x0, 0x134, 0x0, r1}, &(0x7f00000002c0)=<r3=>0x0, &(0x7f0000000180))
syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r1, 0x8184c, 0x0, 0x9, 0x0, 0x0)
executing program 1:
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
semget$private(0x0, 0x4000, 0x0)
semget$private(0x0, 0x4000, 0x0)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, 0x0, 0x0, r0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
getsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f00000000c0)='cpu.stat\x00', 0x275a, 0x0)
preadv(r2, &(0x7f0000000100), 0xa, 0x700, 0x0)
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
madvise(&(0x7f0000ff3000/0xb000)=nil, 0xb000, 0x2)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = socket$kcm(0x23, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89ee, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ptrace(0x10, 0x0)
ptrace(0x4207, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdir(&(0x7f00000000c0)='./control\x00', 0x0)
chmod(&(0x7f0000000940)='./control\x00', 0x9c32f69e6caa24ef)
lchown(0x0, 0x0, 0xee00)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x854}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001d40)={&(0x7f0000000040)=@proc={0x10, 0x0, 0x25dfdbfd, 0x40}, 0xc, &(0x7f0000001b80)=[{&(0x7f00000003c0)=ANY=[@ANYRESHEX=r4], 0x14}, {0x0}, {0x0}, {&(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRESOCT=0x0, @ANYRES16=<r5=>0xffffffffffffffff, @ANYRES8=<r6=>0xffffffffffffffff, @ANYRESOCT=0x0, @ANYRES8], 0x24}], 0x4, &(0x7f0000000400)=ANY=[], 0x50, 0x24040094}, 0x80)
r7 = getegid()
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000580)=ANY=[@ANYRESOCT=r5, @ANYRESOCT, @ANYBLOB="020002", @ANYRESOCT=r7, @ANYRES32, @ANYRESHEX, @ANYRES64, @ANYRES8, @ANYRES8=r5, @ANYRES64, @ANYRESOCT, @ANYRESOCT=r6, @ANYRES32=r6, @ANYRES16, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="080006", @ANYRESOCT, @ANYRES16, @ANYRES32=r7, @ANYRES8=0x0, @ANYRES32=r7, @ANYBLOB="10000400000000002000000000000000"], 0x94, 0x1)
fchownat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0, r7, 0x800)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000004640)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000980)="4eae9cc396dbd299fda33cd87b36a1b52d52568f38332dcbd9ab3b4dffbbc5cbfe27bbaee211eb4f9d858a9eb136ea626fed7eeeca002555d922215858bb10b946217748694e44c9b6dc2df3e8ac76799da3ae177d95bbdcf176e9e4e99e82e8b002ba87d93e5837e5524878b8ca20a0b1af1fb3c5127e38f9c1ca2a1db33722d3d906d7e1d47734ce6f134b34acf395272cffc29550ff1b30d546be8bb76349984bab0cc173df6e5b30e42b2c18ed489d692c3c0db2b33f8f98904547d5c8f4889cce9adb9b9acf4468be8e74cc5843a3dcfdb14d89874ded83e06e552bce93c675c3e36e10ede22ebd396e28829457dc12bc238c36ecbb123370dd9608fda6e8e29458eeee03e5ae28ed3f941ce4f618f3e38ec69689578acb244eb5e5ad14a2b78785c4bbe67b0a58a3f68dad544ebbc86a0f61a56e7e8e87ce3eaff0f69f5be7f66aeec92235db59976650b8da41bbb2200c5482e17c237922347b02f2e5124324764267c9e934ac4d5985291f364287676f74aeb52b25b2944df64f1ba988b80365b00e2a39be0804a4743c51633771736ac85e71e2488b700abcad4f6b5e762cd54780a9f8c564ec60edb1e3a0125c8acf5ddf496efe947004aaedd31058c0207c1d8620333222c90c15a620e1c53061859e9588f96170d132fbcb35e8d79618039fbad358cb72c05b2181b366611a0d3db665f6e5cca0cf329157edfae356b154b9f3cec298f3dbfd80c6904a33b804646a2a4bd112c83da07eb40c71120fc1ac9132934eb6e22e7ece3f14946f5f79850b47c1883c8266443c55d2e6d50216865103ee1fec931355a65592f4c0c3c565b196ecf12b4cc8904c249429f05875b6e8271cdf205f529d6b1cb8203869d25caa6f33a39570fa4d154bf41e5efd3649805ffe52b1af514683e1b28a9607a6cd65d663035ce0615d5f85f69884aebadcb90c2728bf757f59b73227ed0f0c8ea96a025d9a6faf49d5fe6f9a93a2cde4640eb5172fc0470c28cecb8e85c07774e58f9cbe19f5fc4de6c04dc9f4bbcc07425916ca576874bc05dfef605d15d659ae549fd6032e11314c1284ca4bb20d26cfb095d45115b1cbfb4b7ea08b641092be076d335d5b293922d348ba19e70253df0004fa8f39d157b26dd6f7af4e10c00e35187f81d1975184aa9cd2da093343e895f829f04576f18fc7d0adaff99126a3bc3ebf01535d71a95ea4fc7ad6541cb354b47b9a1a198b5dad311bac1cd4e63c4d727ea7aa44ad078318315ad7bfef961890ea3efc386787fa6999b0e6c90d98efefde8dda7fee00367a800d728d729496880b3f5cf446b1163ac7b14aa4bb0f5f9a894aa1e1aafa5ca91839303383d01134ec9147bd08cefe1ea6dd1b0a3d5813c3e13ce255940277e974173dc3dc24f4b9d67c21faa0c12311b000652e36cfa0caf912e3d97f79b22f5bbfd341aba02efd989b681a721efef624dda83cdd83affa04d2e585b576e91f8ff84c858db04527a0658024354fc9f32a80494887f27589fe5b000a04537da2bfcf46661360c908714bf392f372055d0234f51671f94e8cddf59015a882e6b4cb9105aae6e0978a0158f52e5bf270eeef2f33dab986dea0858d6357b90a11b9a22dbcdd80776fe1c03589d8c37b4797ada0ba5145fadeda1927c0627da3ddcd4f6fb3fd4f5e9bde0fca21eed59456c96e40d137f2232b8279378c258593d6aa63b709c05ba4367b7aa9a9f37f151714ca50a303902d4044d78102410a1d19f33c05da5154beb8121692ec339c18e429740b1fe49042fb58bd325c8357004619aa34af200befdcc7f2b888623236acd91c6acc61eb16a28b98074ab2f0708e998ac7ab8ca1eb39c629c41af1ae844178a44f70c06a1d4c03409661cd0bf59c93e8e64c518be0083fe066d0bd0fe342deffd4a59f1468009f0c9f5c25de06f7d0a8b4421be6228f22ddf2a75c11f300863f2fa19769ed4dcae85c812e512e3b2b07d63287b9b98bd82fbf5fba0927e00969f03e7decb68fee6291cddb5c6d181a72b6d4fe39dbf207ca5f9db1f144738a7c4801daa00c9d5bdf62289298333952444595edeb46d8a61d9350188332c4f1577f8bf0fca916b52224ee57fb022e486fa10f929aa8be2a82d3ba69c80486b3a423cee8e943ad969ff011da34d2926437e798917827cb07981a27a3346d3a0ecbf4d96b2f6a8a6511949a325c8fe0c4134d9d4f32fc4a8f1ddfc45381ef8e3576a5d1e8e5b4af1a030c1aaef4266db690e2124de55fd7227f6290028e2e074c944d1483202bab0151c3404f36c2139d9dd316513f4265983a75bace43ddfc1cae50f11f9f951c93f5c2785cd3fa12907f8cb42f48ae14ee306881b77d1b2265ab511fb9792e42893430c9630d87caa0d8af5652ddb5bf00395623c04e62ca1b4e67cd45f88867d0fd5a744533d8f93e1b82f2e7ba37969eb3d491838408222882781f4e74cae65e3480ea0a2294ec661f145d0c676c8ad6eaacfcb2d3439adbe92af3558d7882d8514335370ca6d2d52357201e478521bc61c0dfe66f8a9c01a5091f8ab5a3aa443e2440ac360b189ec5d5b4340f65e6050fbb88194774a3aa14b6502d7d724022101f21ce709be2cb3a51f726a69dc6c6adf03fb6c7d850e2c1afc6a390e0b79555dce5e703d548b181436e2072fdf39eb9d9257286e29c2f0769340168e2cdfe9f8527aa3fd27686e359dc930bd95c46580fb427e01473b7e0f04c1f4d94b1548591358cad1aae0a4cf7a2aa9a816d23f004edd9475065c9757e4f6bbadd54cba0967b02c6453373d09183b36787aa44c2a4b78539345e396ebd1a5bd408027efa3503e2b1c0332affb4ffd908ffa2161d933af431039e56575e9149c2f75aed68b788591feb5d0d91bd282d30807f4c37eef4277c80304f1e2431c02ae4e0011e8953771aa8dce1463af60ad18e4ac7d88e3cc3dffafd6f1d51c5b1dd251a0829fe12841c75bc134c2449ead63c9cc3f5cb89ead3f74e86ee0939e06a533466b6beca73895a3d88c959413fcb5ce74fb07c7f1a553de413a65aae9d8afd630532530c820266a7af7da5b967fdb272ebdd64d8a899ce07ed2bb541c147bbf45f5272bea84e4ecb0399f23e317f24b731b71594c4bbb5664258607ac3d54582bfe73054239b5aee029c8bd08fad1f768e415a65bfe0c261e1c3c1b02349841aa0073b018b804cc5dec523ed620ae9f732e67cec81fdd426df7b1e6e78084a88d746e7f7487bfba37706adb06ffe81f894448b77d6bcea06ac755f0220b598507da7ab3428ff75be4cd1100becf8c08294d5af0cd87f3cd15f5966886bd4b8ec7e48c3995e58cb611d837b5d2c1d68fc05b526b0e5c7b751a53d3f79d6625814ee062b029690a6cd72de0e2780668b10952796a53afe255be291e8e4f7e376a02674f029b5266ddca9e85a8fbd03700273c0bb6d53f7a511bb66cdd336d93ed4820aff3348437b99423e22dbe75f0e81a14f922885819f318cb36096cf1136b90d0d9cfd979a0367e886c681edc0c9e33b990da3da063789f66cd18d38727b1e16146804a4915748453aa055bbfda5ca73afbb62e2a0f304a5ce11433af6bb3e7cc41c089a9bacde72d61dc808f9766e78db34c03e99e1c519f555196a4d534d982bbf8e3e1cef5dd63df9126aa860dc13225f316e5d5eae2d09eb6ce0f5fa3f7dc9d992be98b367d013583f906a77cf0a1283b7cb61f722b87b15c41f24785564bd3d7fd0d024c4e263656daa56e2a54bddfa537e16c1f5eb9610ce5164478c2f1f7a0dbfe3da07a11c88f3b6852d3d79b4b0b408b023ddf9faad0c6de31e792c71d33f8ac9b3b95de0b0b7aa737601ca4e94e907409202874b7703453b937438601a06b1dfbe27fbe6f49f612bf98669898db652d57e170d4234640beb24ce168fa590a541aee7069b25398aeae466fc7aec119e72994474fb7c629c77f1041ce56d64b1316bf79e980d43c25eaeedf59258e0c44f02ee37d351e19d4d7b3656a82f585b9887e362a5c5e4c68ac3e28ef3907f6e007ed12198ed1c5ceec300e44e23eab1ba223c7350f74e76caec2d26f9b55a9092be92e2ee81d148dbf24e16f109cc33c7056e28662b84c3a01c0d9aef35143cbad7d0394165862242a75f4cf7122352f4d50dc7fba2fcc712e7db62df2c538dfcb43a6007a4f3c86e72ac863c4e0e0dd41141617458da29d5df232e5222b807411a59f69d59871a02876507f6502a79ad0d04e19573f869d14c299bce055404d73ba1b9e4caeb82d7cc1ffb5ab343dcc0b1280068d2f2677cee978fd1fdf9874b526a4ed46f5b12c9bf6771fbae35551a0cdb8396d664c2abf89354af0df3e65062f8aafe2edc54f918bbfa928fef7ac7b7eb74fe543ea16731b7cf634b0a5f93227d4f3432fd5642a8d9f6f7f73510c549c30cc1eda91a01b936b0a0b1068aa5bfc70b85933145320869f1430250f63c71306900b78acabe4a6b2a4ab14765148c1e647d7f95d116edb538597e73302c17ae0e3254d02e831fba81ac288081b0a20217b36883f1c25265a43b71eaeb4063854db947355e403e7cbf09f4197004f6c9bc763977ffa22b43e06cd2f2892b06fdbc5c0b04defca8d3420249cf413ba3f89bf164c45cb15e7b4816dbc438dfdeddbd42d78070b01545d4ab0fbbf3009dab23ae743fd586f51a08621187c33b04b04afe8c19ce89ca8ab505e4b575e71c9326fa9a1c9f552030f36fb5bfd3a5775dde9f9d90074e8081458848e2c5f9dfc42ea9625f29c536474675f4f14b0d7b2819756dbde83ba9a454e20895a8a90abdbe88248a200b06d61b1e056237f59c5d6018c8558ff31ffefb4923c69ff92ba903bae155d845f4a0135aa30de0edf8efc42962461f95f97ba8c9d8ec74aefd3847fb4fb0bff1830309a596d93ba3ed16520e01de4ddeef795f5a96027daad34574cf8a8f10508f546ec8d528e075731e2fe8fafd181cafc53315800eac61fc3f3f22e22e46855cf5cb54259cc316486af43eed2cd7448cc05a756968c0ec193fe46236a0efe35d9c8222ba1c900442fe207b899e15b5a9246c2a1b18c9de94fa4ea485a61c56eed18106305e6282ecfd299af203eeeb7fbcfef9c3b9960e463141a98a2068d36d7bdcf8cb25a27621df2d009bcadc175dc519446f7b3c9e77c9fd89d08086a8a21a9f03175db0b4858d5495ece636199f5b852811ebb39aed475b8ef51d4fa7ae1a908b399e8e56e4a0a757f883bc09fdc4045f6402a1026b4823f627b988c76fef73a0ffe9b2bd7209fa35a569b2782733a4bbab217ffa6bf89be63f46115647e0bc61aa8d3eefda3c462b59544e5abbba9f20103b3d6d94d79cae7ecc1306d1e71fb189b13bc40f0a7294f210b1663fdea1f3d5a64d6618601d5cc1dfee2aa930fccc6055a9237266f92c9794e12e601ca5763b2a2186ceff7559f2884041f88a913f1ca444cfdc505659a863a3c42a30d3cad57199057b88ee8e5e4fb44d67c8d2dabdfc9875eb0373192afbd17e194226ebb4be263f22448ea23f7150d23265282bcb33b6404ec2c889a39f095033582084b88c45cc48ac88eeb28c3c564993ca3ae8e5902bf7cce6f91ffc6bcf29f3a2d96dff986e1b12490ab72249f2514339f851b00f1c2b85bd91b410f4316cc4d17b36a793bd7b31921ec0c675b84e4251a91de3161b57cb11643ccf393054432ae0284a866a98def62880329a42fbcf14422df029355c5801fef59e620c827ab1f89efd6038fc5606c244b1013469488438cd104a3a7c6b6f1f3b", 0x1000}, {&(0x7f00000002c0)="a3098a93ceddff7c69e63683bca8e47083cfe47b9f1c9f95a5fde770570ba4ef072ca0114ec905410f1b733887efe900b9f585f9679988e2706fc6dcba3694410ec13d3c427ee8b1b5d065a9ba1adf2e1a9b64e00844c3683e42bf17405527faf69e90434395114b3b9d664e30bff6f822b45e51e21b0f31ca71467bf1a177bb13488c8ef37ef4d65c3975711a88d0d94a06ec6eff0f76b94e4812e5d4943aa6b86b88a9748d4e87e5280e8e113ab9974c0bc7e9d8e65b184acfc77e05f6df1414d36b6395d17d0463b35a07818b77e84ae4ce647fb6a06b0a3f36efab", 0xdd}, {&(0x7f00000003c0)="07ff2f7945cff3947e804e28b77d66d2fcf51bb0e151bbd242f78bac2bf72a28680e0330594c0ab6331852ae654c6505be5f6b34200dcddab8b01290d80b03a02b22eff5b6dc89336c41ac663c6a1176d726de29c2898d154b81af6649395528df5ae95aa0b4ffa1438ecb87bba8603e710a8e9d91eba25b18aefdfd3d9b483f4ac012a00b29cb9167b39cb29f81961f8487deade88864", 0x97}], 0x3, 0x0, 0x0, 0x48000}}, {{&(0x7f0000000500)=@file={0x0, './control\x00'}, 0x6e, &(0x7f0000000480)=[{&(0x7f0000000680)="83e5224a8a8cf4e0dacf539f6deb06ea1b70f1a02d254f98fedceb525725666c0ce09654dc2ace9d49aeb1b12e1b8aedef6d8f7f761eb3a3c4d3bd7a0a414d29a8de0e534826fc75d04aac7a04ed5aa0dcedbe3b631724bc7d544aee11f52f8ddb40f7802955eb1e1a3c110239acafd296ce705257740f3604d4164b72a1b0786bbab7211370686282457c8e7e9f7db948e840937ea77865b8afd893c2734efe703f651de6df11e58b6d3fa2049f7793f0891e7d2722c18a6b5243f4184a6dbf716392b66bebef7c0db2ad079678860447fc9e5d7b91680b424e32baa5220c", 0xdf}, {&(0x7f0000000240)="3bb1bcaabe708f4f23f3be44709d4c25992c77edc973090fca7efe9ad43d15aef0e7ce4b5f91f98095badb5fe8fda1", 0x2f}, {&(0x7f0000000580)="c8733daab040790db94d1a21868051f9e5f08e8edabef32ba77e1f5d0b9d24dae9ee75093ab0fce2712513ada14dbe729b85507e150a4eaf1c82fc6071346c01d23dfd58af46bcc602d4c7a4a7c85bbd4bdad0730590391e824c9be8f864ea6b0e78dcd1", 0x64}], 0x3, &(0x7f00000007c0)=[@rights={{0x30, 0x1, 0x1, [r3, r0, r2, r0, r3, r3, r0, r4]}}], 0x30, 0x20004040}}, {{&(0x7f0000000840)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f0000002c40)=[{&(0x7f0000000780)="f894f0f3ebbaf43264cb169f6965619fac009a904c6ca51abde71b43344ba41ecc5e23b0f3b3342b83dc11442d62c3998ac9", 0x32}, {&(0x7f0000001980)="0481f7fe6feb4273d6cd7593ec0376a123945f611353fb7d4464b231be6a486b21bb54de0bc5a8c237eefe24f18e45de2bb23cb5605ecfba48c42a4f5cb5040215f5b87514b753c3b398ff09909bcdeda21fc50751633c9d59082f5eb4506ace5559ae3db6a8018c64e198205c23b182f542777093ac3e9ea4e5e94a0c624ddc119b31bfaeb6f5453ca3218282efbd0f0a3715af19560b618045937ef68dc71dd72802e52ab208bfe215986989e39b72cf4ff0e39044e8b8a7c98eb8c696dc15267ff8daf93fc8df32696ddd2d67ec57512dc2475d5c8f7b5ea25a2a6773ef074516c25750eb739664b55c52b0d66fdc90d6efddb0", 0xf5}, {&(0x7f0000001a80)="e796f520e3ffd7f88ecc77ddd0a3cf3d0742f95e9175de18fad9974371109bbbde918597a75c6cd8246910eddfb2d0b5c62da446b065e3ae24d094e8a17f13a73377531b0bd1a02a6a99f1deba00d663aad1e3a8767f778e6e6838ad8d5e251235172bb6747c8b4afa54cdcc9ec9ea41e456a68cd946b97610a38b68e3d9b5cd9b941c4adc07e222124565", 0x8b}, {&(0x7f0000001b40)="1ddbeac97e15c1fa2cc1e52166b0bd498b335beb930850cd4e4f098acdd08b783e08024068f84669cb71ce18a10f9e77cc2a456367924f7971294d8d431c8b0f6345c444ed68a1b40ce550d67cda4c1e5375818028df79b3b76a6d5b7b7163e059efec920e5cfca47048b78cd3895925b2183d2d111a9d8aa7e2e121100e60fc14e8834b80612e5bdca93eb7969b1bc3e6cb1b65fa43974502381ec62cb385c3c65f07b5afd28a39d139ee01b50e07d43b9853dc7a6390d0776553146f18b89f8a68a4d230fe08e54630904530e9fe25714aecb60be37759", 0xd8}, {&(0x7f0000001c40)="6666a898cfd2fce0abaa17b9ea1eaede5ab5e0209a472ea5978764f722b1da326582972d8c9cecbb99b80ed822e50dd44efac6c9fe92669f1519dbcbc6fc42b69e967a67110d3fcb5af424a41ebbf16ecf921e33c7159710329f1d49b13820ca7c5658b8a004310bde83c4b500fc666bc4fed7c9c9ad082aad8ff9cbef911e8182952a9141648f19a302aace36c2c2a2830b95c76e42d935801105eac3c14770b971fd3b62e4952ed6969afd38fd7631d204a05248b4bcb1120346f80a710228379290dbe3a31935884327aa839d5365e10d8a10153e250261df16457a40174fb05806fa7b6b9f4eb02f2b3affac073c43f11f91b82a72fe9af314fedfddd4fc0822008ccd62798de5149c5955726f54a8aad8b8348ab08d6543527426c34217ef489593f14f0e5b4add37cadad0d6aac64d23164134cf630fb5c4e0794d4fa7c62db4c79f623d3883be8f5a42556baaef4b23d98d244256f71068a03068b6453c9c31e81e08faeeb7be7863022849c456e539316d6d9fc5282860cb98220eabd12f2dafe6a598d2a9c351f3f7b0763fe83253731d74bf7badac52781d85cc4c6f53960d0677451a9d78586fb5358f5f12c91074088c2af89568e6146e624a0374ee8fb0b68e79019f7ba5fb04f0c2d9a411deae2e58259a5e68bcda62ee0aafe152716a69042bb811bedbbbb5c2f7a32239b22cad93a8cc5fcacdb5e1e18e284c52521ba6a1aebd7efb2170da881c8c93a43dc373997edf8728abe25b8d9036805b2f9b7f9392663d37ce8b455fb143cdfe4f69ce89a3ebd5ad6e07424024eb19df06c2a1a9d9a2940ebda926a9dd95d7af2bda38e94ef4436635e9cfbe65d21097e4f3ac8904ee010fca53bfdf4710fb1cbccb304cae92751cb69b15dc5bae47ed12c6ce5a29397e360182b1a6f75ca698f82c414d45adeb848f17f0396614d6639a64805c401a6fd15070330ef49cdf8e875e239e8877b9bac20aa7d5ff0cb66a82b1783a98087c591ee610d5ce0f014cb8595dbeb927919846948c2272446fcfa32012be72c89c0837f29d24908dba761ae0ad4339abc916a89f7cfd33b1152075141143c27e63fac706b35713602deda59ad06353c1c1c5f32ce1ddb1531e237f21678ccf0722afd32f7faff371430a6b45daa495f445537d48cc5daf619bd4f8cad46ed7531a00e86db4497c67dd3870bfed13a77395a80c9d87faa5e6b7d83bf93db2763409e0c08b5b3e120e7ce850187e5d1769315383f11601f7365890afad1a3ea8f86fade6916bec8722fc6a0353fa9dbd38ef43177acf014dbd8a5b5f978e7f85c86b7bdfd16d5ce45660fa3d2789c3b3382bd87281d9ea5430381076a5671e8c3f36321ec432f09a55f1f09cf01f1800c031dc25b6091e819f3e2ffb9ffef59163eae28c3e4403625a76c243c095d2391f74ef8154776a7100e151842158f25dd72421855dd40c5d457b25947ea13b3b57e74a0e3668fd5b884fbd9d5c294964f23c66c1f81da4b65664fdd2ad7a8c262d70de8a361d8a5fd4c4b575d549065da6b2210f330ac400d29b4d00a65e7d3b371ee7b6c94f4272c8ba2f5417609cd1266fb718e726a387398af59caf93bb92fd5cb5c31c19ec749369ac84cfac10c354a1ffdfc950c844c435a8fa7e37bd297ea6deb428d18fd7a001022da5fdd33f5247acec3d24ad96256cb5359881dc73c82fa164ae90d22ef4ed44ede9b18db1b547f62c316020fa4f4df4dba6f215b0015beccd33a18d9fe14304b66a4a48527ff7325fd65c007b2737375b3dec44a37ce779fa7d78ab1838be1027c41dd5eca9f0c560b5636b06508e68b0a8bfe0691792e62b2d33d31813b0fdd60db83943b8b105301e0b360d5dd40816fb1be270f58b83fb4e1b8fe82525081ee56cec54c336a7d0275bae181a4adf95221982b126bd5ac08b313e7515f2106211e920fc9e31e6ed6a2163a3a0b55fc9257ab45d92ec63e3fac4d8f6a55d0a17033b63c3b4ad30e442cb0c5eb89ed5f15e74410408a81f47ab260029e0992d73cfec0f11437f8e4c69724df7b4d972c11bb8a547d5fa534a7438c9944efda8af724af8107ca9ef2cc0eda3e0aadd3d5c6c46c9f7e209cbe74233575753e0fda2f5e59a0e20ae427e381f28af9b4c4758b108088141c20ead2ed8aabd058396cfe9bc710c0ef7c74b67d95c027832fb38b087d10e18816346399fb79b3e60040e17c64b20a049b0aa5e1ece290a034ceef525b9fa7494d6bc3a3d8cd64b8cd0a715f0ac455bd818c140517dea5fe868c8b3b7a50bc9b3b7fc4792ccaefa6bcf00ed14765ad64843b894988e83f13b878e044d2578e3e83f1c56677decf35d53bbf36fdfa79af9ae5b019e7b2e5ba32fb8918f62913392376602cd2ae1236d14ab3a65d1e8b72ab752526f27d2c52e9ad4d14c2746302b36589cabe516b1e32e8922b889ccb68c133a7017bf031e449957422ddcf66d316c0b46ac62364a57620d087c091d99e2e895370a771c8cfbdb7bd9b30e19b4ff636a4fc8f6c9b19d7aec5585475ac8eeaf4bd1dc6ecf2abbb82f50c62f3a3bb05c76db3a0851efbc20e5ea3e3986560ead95a7599907e8333bab002d774c7c8d16e44cebbdaf6d0ebab7383e7738f1a7f3ad183bb9b40d83e80d935993282dd5d2963aec6ab6a9700f2ce689a44efc8e136c60b3991c3d621b77bfce7e8eecbc7471eb68b1a233ef1194473d91dd29e9195e288d75dac0fb744ed7d5e0d5331df4fc779087a05463c114247de426c7db635fc1b1e6452b030336c4bd16f8a611ea438490e53dc4d590acbdf249c6781619a07aff4f85cc11ad5304d6151cb81a700dff490d6560295b9d93a6f091a39e16afd7520b1ad52048c1814a8112c6b82993bc383457b5ba6eaa67e8c55298434bccdd9dbfaaa2235f96a5fbcc1c551b3823839b70bdccd26a2a7949d7abe42adc1c637e1bb32e2d198c2bb3351c9022f5f0c8feb1ece7e5d631909a3c98fbbf0b4f03749b59fcb4666cbf40bfb9faff552285c2f9be37a452d2c90566a220f5213a6f96eee2e9a4a8c0b4b797bcd060d54c0b174fd77d4270333d0bef1ed79d67d28fba92bba680dd07ba0138067100a5549cb463c16790a28a3f831b3bad4bde344ef57be688bd2b74cbca88add97fd7aaf18e60e0b0fa04f14b3b17ed40e9ca7fdc1313d6784b6494f9e26b2dafb8336f08f7eb42e320cda0c3e37eaf16667671ac7a77680890e1ec2df6372423da04187d01332e88e9cb83265333383c7e0b7c02e40af9854f8e40f78f2ff57dce9ce778c2b4718ed1ac814e2fc783a86856a93a439e8f016629ad58563f45dd503622c9c5b5660a903a220935d1cefe78b72dfb401b3de7c261afe59fb3f0975f295b17fa3d4cf777a0bcf1079a87a7a94b27fff491237aefd3a399f83fa1537c6bfd7578e7dd9f098993feee3dedca7ef57ca6a51f370bb9ee7161b5576bacee81b3be4c69ffc961371545323929ad65adbe8f556971444f9d35e4d3ab491180e11820b8ab245798ea12fd7019853cedec385e8aab9d43cc72c4c0cac904aab45ab6e88db547c58ae0acd28abf9516c9165bfd7dd2ac3e586ea476a3b8b1cd0b63ed01331bcccbcaa4056a111cffff8739c6c963475f318c208f403d4cd94a27c28f0ce721cfcf16fb4b334055a70c976f16e6c74881833b24b158644b7f9d197656f248a8ffb85c04bc5449e8e3e3f3000d75d4e08b865352bc6c8a489786280c74653097d1f7566dc998aaf14c34e22b07f8d7a5e070560d46b7bd23efa3dfcdcfc26fb25ef5e51a4dec70a424cc3098ce7c902c160ab995b546330acd0fc06ebe7b5791071de1ea7f0c9d4d532ab73e842859a666b330cdf75605eb3429038833808814a1169722673b4a75cb3e32bb51af0e9b94c800589fc9952ce9e51239f84fad6228dfb400afcfafe9a0a11187ea707b495cc7a3919aad0a903195bb1db30f603e393de0e2ad2792df66fdac3fb1e27c1aa489f73e70d0f3bff67ed7322a542944f85a357e6cca582a8cc314a79ea220be991b34abf52e9e6d045f3f06770dd20a2ca150dce894d61362e6138a22d16ab0b08f9a4931b28b6d0bbde80c7d0fa902697451d6780fa0c3851692a40f586f2a1d2186966458c8a06f1bd1c9a4c9ad4933b11dd75c757e40cc58fa88071261ffb3c51f9272a42cb681740253619431f636a745db9feb17020946c7ed6afe979579c97f91d01ec08ee5b25412567f65a69ddd54edbefff08d92de752a872812ac8e91ea3abb5f7aecc848a93030ca97ec3b9e5293578d0783f768da8fe09d6ee56de1cd256165261b958f22c54537da7a13bdffb9d7cce7343e96437aad0879d28389db16c680d3dcf0e6dfc5606a8ea1723c73093ce0e978fbe36b0f90b500c787c4ccf93e37945dd4411ecb8f2c58678423fbe07d80ed3384cd769a04f5df7f48840ff5528b4c87e16d49018c56ec367c7a34a0b342cf8a6c92f7afd6e0560934f695e117b55b790dadd822b1f7793ef9341dd1c9a5ae6fad068ae7b06b122ecc6fd6ce2fc0c0fedee5ce517b4fba61b810c9dce6bb8c0f99747410c83674bc7c8af901482933af8831523c529a96688dcf3748297b100cc2c8de5b0b2d244516f3eb9aa47c23e03171ab44edf7db71a173ab37272c039eb9f9e078acc0f6adf7f43408d98a98d593b7d7980b382f75024fcc4c31feb37a454ccda7ed9fdd402e438af70fddb71b5e421e77fa361d1ae81aab425111f69f1a23a231746f06236a729512d3d10dd35d0e1d635f3d1728a73bc57cc9ed2035fee6c9083b0b75b42f28b5968e88101ec940eb29aa653319bc2966bd1de46ab3858dadfae3087190bf74b9a470a602c50944c5220400244e636a7402ac70dfe83d225477c4d1b513592ddf12ff6813b2cfec0d01f583763ecf1d4bbe6206d422e4f170f022e5006bf05259fa8e722998cd8281f21f7238de31ce617110e8ecb9c51bd66195c2c4b38913669ba0f21b7f2793918225b97757f734cb470f23bcef382bfab3574ef68e37c1061edc53e28513bc4c420cdeb72d553cd0d3f3f18ca11b5ba44196a2cea93f81e09c6bf18c982c9a5f242653457a1e833049f6006a4af9d46ca6a00de2ababd25567a2ccfdbfe7c453d2fb0b5c41c1bc05eca0da55043b389dfd00ce22850a756126e1ef08b5c421ab0e40158588722fe18d6275bd4fb50dba98322437b7a3983f2d3ef0c05a9964520d6572aae3cd337ef5855a1efda8745355d704c7ac133064b23940cdb42a5cede4a31d393a37550e5d92ed9c9780458711f6d502bec2df139d49af8eb5902df2fc460e1c7de524f20c3d5efd952bc43157d2757b6dd4c7af78276c62fa669e3d87580f01bee7a6e430414e61c886b17b42ee37e744c7cd02fb08d0219bd5067d760311afaf9e009dedd969637cfa88cc1478819a34b74e3d18fd27a015d36e97f7dc2c0a5b7977ca0a177bfe4f600af66b524a995c6d0a1ed5c519e09bbba519599d7b7f841f570a7c93a56bb7b8c83d0093f1b85336f6c5df7738afe8bb12d1a836304425d4d6c19325956a4e0292c899ad1d56b4ccfd26f06a1a901c91d384b5cf4f3e20d14eda913f3490db7e3b95c67d6b961455624651c7922d7c0cc6d8b392ef2c6ee8d8ac2d9f5975cc9af36428ef19d26962eceb9ce5a30b66d76c6f31762aeebfe7299d3082b36213423d28d605b79fdcf29fc963b33f2406d9f0e63557f7c3dfd848c95ce907559f1cba1502590e225bebc7b9e498540130b593b370c56476b76112", 0x1000}], 0x5, 0x0, 0x0, 0x40}}, {{&(0x7f0000002cc0)=@abs={0x0, 0x0, 0x4e21}, 0x6e, 0x0, 0x0, &(0x7f0000003180)=[@rights={{0x1c, 0x1, 0x1, [r1, r3, r1]}}, @rights={{0x1c, 0x1, 0x1, [r0, 0xffffffffffffffff, r2]}}], 0x40, 0x40}}, {{&(0x7f00000031c0)=@file={0x0, './control\x00'}, 0x6e, &(0x7f0000004340)=[{&(0x7f0000003240)="00b02c9072d2ac026af569b9574db3c9", 0x10}, {&(0x7f0000003280)="fc192d6a99f049d0fdb6e9a1553e4354a987f46eb338d57843cfc2b57835a92de0304fae20051eed4aa3b4e665468e185fd965c8b5ff8578588994d0f3b960ce763d53a3b97a263c7998a724bfcfd4a72303b7e627c64fddcc9f78fd4507083d7d2818b40fdf51b7d29f9c2ef486f44f82ed83166486260a283ed19c64d21264adf1697be7c6270024c5a6f78e234f63b2535ed9b22733b18fd73090f584005806d09839109f87735e55bccd15485b656d07650785acbcf421807745972a98c02ea1ce4516d96a65ed453821e4d07de80d99539ecc23788fc0f3f49f9a30f7b97118941c655cd50afa6a15b43bc329f7c00f78ff24ca47fe60f32ecd4a6870571b7565abc2294db3bfcdcfdfb129e910c402efbdacaba24a1a40543f27928b078fa4a47109f4490c3272e6198206ffc120089cb45da4719d57afc9c5b951b0439dacf2ab753609db769432f7287f989d981639236ca87d0f020fa14d90bd72f57035375b9a62ae7288a027cdf95dd7e706771a7ec345ab13e1be2c57a19edabd9fa9ba6227025589f608804c4bd6a512876fc45ce5e9873af24a9d2531dd49717f806e2bb9505a9e633432c5cca39d5a923e8541de80424a86944d38dbb49aad0a3f508c9e4482c14806b556112974c0d0b6fe57e20f6863d0167e3cc6222b97f7099f02d373ee01ff56e18b060ea715d26dbcfb0c1cdaa203a79f6197f04eceaeb0c22c3b3b493f8237e6894663c0dff4d81da0ef2146881f30ba62b20089edd049f91168bb4141ec2f79cfa0b02b9cc66f4fa253f8cf2df6579d8e40acb81f36d7631c2640deea5c9152dac6697d41b66f59f4156ba0c332c347fcd3434994b6c681d213b5797ac5ebb1f78cd4111c7c64a3eb9470dbf1424b559f03a28ab81755253a83e133f6b696a4929d2fb73a9604716f61ad7aad138bd97405aca51b50da127dd70c2601d39a6e5df506856d75376695f1092e263ddb3277cdd4e01b82abf295202f3814e923c242becf031d9b8d55b512c44eaaff1aa31929248e22b23a31e61d0a0f8d29770d0c5f1686ddeb55e3512a06257dd82fe7d7100667aee66ba6cc9a939038f8bf74b4aaf355bcd513b848d9f82f6abff97d7eb3de23ef80c21e3379598734cd57529f3330e8978623e7c534e14a0135e1ce130097699cb45b8bb4ff2802ca970b0bd85269a4792fafd688e66e3f3ede8a5f9d4236c099b61c1b1b1e631f5f9002a3f925bc540e96a6842d7eb60093bb1a2bd88917dca1c120d6addfdd7c0d642864d8a60264abc0b30a82def57f8aa6805c5de34e7354e689b0e6a66b88f141458202f49d493d3289fe7f26541c281075e7ff1a67fbf5a2ac9301f8a07bb6c765a92bd4a4bce7929d29b6dbcc431ad3167a64e0988da2c656ef7db7674e45b38066eeefce371591769616cfa44501d7c69c3feaa987065e59809ca284a488b20bf5b47aae61faed6cac844ddddd17cc46f74f6844a160fb259f578c5bba787174508fa7279ff4a57f1a0142e1bc584a4b9318c15ec8e0a12526bb3923e24a58176dd522a8ad3c09715698d1d9cb0671366da3c9a138522af1dc11c330adc176c514a6000316b572d4bc0a3d65eb3e904a6556faafa9245890b8ede8bff8ecc234eacb89b5b3a21010c329a5af0b726401b7a5845e229a8223d030c3bddfdb1cf95a22c7618f29c33f7dc652462ebbb5894255453e310004b35c12349fcfe213c26c73d32b84785a46972771d392be021d05accd5f5cd33db7d7ad970ec3fab078a9189397d224a737c6512a321562d08df56c9a94ea87f0a4f46d23f5a6189b462392457016fc3dc4ef72a5d0abe264e482c2895bc9e3a5e001cdb486f2c73b8f88b61f6c623ced51dab11cdb06ba93148e7ab3354a512ed665380b526fe5cf5858f22e473cb335847651c25ea0bb7940ee7ddc895694a8b03df12b6212c4c6e5eb17961e5d0d65e339b50af29a6dbbf443c78424f2967890073563c499b995e2ea9886e34630484055edce33c12dce9148eb63f35168fd9bc5c252a879a27e70da0a0f28d8514a58abb79f02fcbe667b969d5988fa4645df5a9b2971a6bfbd58836712994dc8a689e0dac835338afc3f9bf68bafcc459831f47605eee0f6e766f5abaf310b1d87473ab6a217996a7a0cd58c6607ecb9ad571e6dbcb22456a8538fe909e4d21c11ee241ac23f1db68d83453df94165b9a9d1c5e712218773480e0f576745425b81cf96dd9af7a0c6deb6f3694fac0e2893ddce92196a21ba3af9037d48ea4bdcc8c4ed35dd505447ac6c98439cb64d9b0db62018d667e752c66ff4692c3d84440055358bce097adf0abe35545c387e5832053ac611c46b0be20c83eaef2418971592914a17201de30528fbabf74fc3e8556ffb8e10b17e19453b676a93112f5bd95433979c1daeead9ec14a3ab477b0343266a6ee74dc372837a2197a16f3d6c1a02e9970015af370a23af7e16bcbea5585e76c999c021f6bee70a24ab3e52dd555c5b9a25106045f89f0c7a0ad1cc8d415778fd7382f3b563d52e9deef631b0f82a1d70b4eb6dd9e0eaa9d4273be4d7d06d0159ba91223179f9f719697db9c00040f937bba4df89904dbadcb7c4198013587c2eeb5ef1503e87ce870122d1b560592ef8c52ecdf2472f669e1233723b81bd32102a8369f08dcffeddb3b2b28b5ffd29c6e981494b3648327dc5f52129240122e911c1d1b56e927455c1bf746ca90db756a2187efe20708637203976466e7bca9d9d8606ec3c5d1b2af33402f96ccbc0bdedb06cf85933b943f3e9a5d70b16455ff9aee174d0c504abc20954e0e67ddc746181ba7e66c642a6bb9406b5fd22374d5c9ace441af4bc35615dec06e5ae4b45fd5aeef08707d26e17fda650781b1fad429fb3dfb6d2a91ba2e22316e6ec0f170070405930fa728825e83c768f53c647e25aab2b316451bc6e74038a60b047c98eed1b1e7014f082c936c352f1f4b7fe259b9bc7f085f9690ec2e2a0c74e0f1f4684c86c5c1314358eeddb7e0d7fc7ebaae9857545d7196f82e550832aa5d8f550483af673d30df81f196c5c5d25e53be770f5925946a099c20851a2f8bbdebde1b187af6c61fcc302cfe8084a77a0d0c1c3d3b9f823edce226c153f0b5bb0a7eef1ceb259d4a1b7e041cf10b08de49724d40332674e9de581782ea52c41a21469748deb33061a60e3406187e52043ee38cd8d9c8aeab132cbd32c1c488f6c4f6d7a7ed46d15a0b38425464175e03d5cf67b74332cee71657f475880a5acb2bbcaf18a8dccca7655631de5663d505bf664c3e2c4d4529114f76355577978ebc75c9192b64ee0e268792c195ce9d77ae18ab0e3da067b399cc11c1319af4c8edd0f86e19466fcff033bda4f23f83f4c83a1393a2c418bb0022bbf9dd4a92af07bd718c2665fefab40aa66bc20f12cfe9286727ab3f06bec7676d8d96c9d565da0e0c7fa85df1423585edb8865fb75eaca1bd302c5373be9fde6d3854861787065ff8eb51be95ec1000294a896fc3e6cdb2b58e15b8157b2556a93cd2f0ed953ce186e20397b99cb62dba3a152a74f2ab3d63b2afc7ea75bdb1f58ad0b959c77e607b7cbad0c1122d16b411a9a97132d0ad67467ba32894094e8871fb20d369e2a0c6373ce66e632654f241f6497ea0cac6aac665a52d076385eb8fecbe31ac4bd781f42498a17f94ca8fe185379b0c548612bd6acaa0a1644c66533fe0a351c783c79a06be1d8e95199686c8c34cef9d07dc26697661018a2e65ef1361007574cf3e2936b26b413d6eb68362d277072d2d68343f4cab0ab19b4aef11cd139f68c80a291ebc8e1eeb6ad392bca605454823c7c8eea0bd97e311a407c4fb30a94304fe43f5ed94b7077ebc15193c828641b4f8403fbf202ce44e55218d33cd533bd24654f542f8f50d16ed7ef2a55f3153b3e0d017a801c338d6a2d459a0e860c0c655eea965e7b6b5dab0760f783356d38a9da70c3d0fadf443e818125f648ba1bfba426c08ed34121d5b898cf40f2cdc3ff0f95db1c04ccb4dd7dca4ba539ff7620f89899616c305a79c03fe4ec2708fd8a05bbcd343b49c420d41a61e2e6ff33c2df0043c24bbe9b690ca7a8df479113f3b0accd5a533d6898f2e81239e68ac4c2074f3262dc667cc0ccc52f866cfebc0fd6a667bdb8c80b3940bfafa51338cf64683992d5ad192446ce0adbf34c1a803c637d9766027dafd2c052da16ef3263081d10f5e70bdcb90c6a64758fff8d3569891081ea8a4e9b378995fbbdb8a43c3311ea62eb9e4279aba1730aff3a68ba309e193fc01b06c6a947438c80b293f6033993e08fa3749269f392410ff85128df672322d1477951313050c270f39a6cc65ff5592292fae2d9e6187e646223e673dc00a8184028abb4a2e8a6a994c0e6321f491074e766a7577fd0719bd0edd5b14af41741bd4850b226ccd581630d0fb456b2c8de560db5063a6eb1740ff0d5a7299a32cc02dfa62389bfb5df7d729e76677f13b38cb88d8db7577ffc4693f4712862a102d814c434bf98a84a4a2976db521f317fb6057009529338606b5b99fa3a14e49decf1df8a79cc151010c456f9ddcf5f70505316173f4d86a810c0af266eb5770500adc318fea0747ce74c8118fcf53735fd6139036db6bd6b308b7abf7706b51396b8f7279cbe4443f5c6e85dc28ae221aed1b300d411a4e1d535cf7292239eba0dd48ed2e642464ba329a00c1fc6fd6e41bf651383c318ebd40eeaf1ca5be85cf0d6df35f1b954539720474bc3312f3768119783a4cc3d99becffff4339ac92ca875d1d49c1adef8a7dc52339ce15292ac1bf358131d4f0aee9cb6ea251a83c2be9a4b36875f65f92f2beb7acee928060e24b45fbc58ffa8ad4071ad0c429b177f40950a5703fdb9fcbcb4ec09c1c30e32338d8574a384cf5348b47b9720536dc87b254523b3761e5f9f1d79fb7ed72f5b885bec3222ac5da224b807a6aa29b2adb9ec090051866d32d582b675a017536b7c6e8fdd2d26e07aa45c57bf64b2effe099a7ac21d5cd0a3ffefe2f809dc622cbbfec53278b2905e76034cdb5af1e49e5da47452af289314393ded83870aa996c7e1f9375bd245d9d9922a1ca0b088bcddf6eea97e81d18f1142fbdb2c46869e698181a8fcb98fbb5250e66503f14b3d2ebbdec6304df02db5d3388814296da03adfc467de29d749cfbcba57beb29a0cfe4c24a8d58e43a55b6216e07e3c16bda173324f05c4c71d159fc77a7601692eb9d8574762029368947291f71db7837d279714dac99ecda6d16dffe12102805683e5b4514925e8dc63fc0a2e60ffaa7a7d8160b4d527860f354647132d4bda0e02abe4abe80229d0409b1f86b95eb56b3a46a460804ecc012746ab1817a3f06830b12d278677710af180ae76f0e369f56f13ed0efb7dc72b3dfa2af7dca6c8530c4678924888c254b56fe01b3bca4138b575e3c1d9583954c35faca2fa8d0b5759e0df9aabd8ba925af28f1f53d6aee9f6e163a466eab25c09d0b9029140dd3e96911e3fec40ae56a3b0127047249f1df12e90f06b122225fd27655b26ce36412f0dc507ad29cd00eadcdb80552df4597112cfe8c1c163528f4c2d71c8db2dec9cd665eca3585be7656162f9aaae6a7bc53d7c2484fcc1636889a62bc1495ff94ffc342eb9c146aaf9050ae033b4af9b49dbf9d2a1531484934d2124b222bd44c6b408c019cf56b2fab015303c3359fec361673daa90af6a41eea76222d0ddf600459ea75d394a89b514506ddc26d623f6b625d1ab55", 0x1000}, {&(0x7f0000004280)="6d17cfca5dabe41ab436a0841add6649b7f5a8cf0b0250aff8799a3ea62ae70cbd158b44ee77fb25bf763448478a0ed77ad44dba4ef887c5e9bd0dc08c535eeeb1b2f3d243d4b88470a48001368eb14becc8c3def36c993d5bc496f17d9e2459ef8b6c612bc3fdc165813f19ff265b63ebaaed66cf65fe23294421d9f303a79314f87b31ddead24f5fbb4d6a935074948b2859b84f79976e1e7e62a53314ae384bc665eaf5eb9837a403ad71752a7636a011ba542eea9ad813631358910b", 0xbe}], 0x3, &(0x7f0000004440)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r7}}}], 0x40, 0x40040b0}}, {{0x0, 0x0, &(0x7f00000045c0)=[{&(0x7f0000004480)="c96a3baf24763e35f7950b8cceb177f0163e95a9a2112054f565cde292acfaea02b65113985ef0fa58c3d487f4dd86b88878", 0x32}, {&(0x7f00000044c0)="cf688e5888bf60cc4d60b3f4a53252601490b6a89aadc4d244282d415dc5ef4c57757a1f92424615b288380f94c428422cb1d1a642c6988816c2c5f8607ed36a06bafc08c58f4c0d93659e325e7dc1a23f1ae7134ebc250fcb7a62358f27f4004f3441bfa4d305e2", 0x68}, {&(0x7f0000004540)="5e994bd2e6465ec5870b43bfa5f0b2af76d8674a699df112732744dbfc33f550f7ce414ae18a21e6cefaaf52c7dd9522bede45d8bfd84cc32c827e92433b927ad1d67c566ff506db", 0x48}], 0x3, &(0x7f0000004600)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r3, r0]}}], 0x38}}], 0x6, 0x4000000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
executing program 1:
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000), 0xd)
fanotify_mark(0xffffffffffffffff, 0x105, 0x40009975, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x15)
write(r1, 0x0, 0x0)
executing program 2:
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x803, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r0, 0x4040aea0, &(0x7f0000000280)=@arm64={0x5, 0x6, 0x2, '\x00', 0x1})
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r1 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r1, 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_MCE_KILL(0x21, 0x1, 0x2)
r3 = socket(0x10, 0x3, 0x0)
write(r3, &(0x7f0000000080)="140000001a004f7fb3e45f2024d2f1c9fb470000", 0x14)
recvmmsg(r3, &(0x7f0000005c80), 0x1b, 0x10122, 0x0)
r4 = syz_open_pts(0xffffffffffffffff, 0x0)
dup(r4)
ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r1, 0x50009418, &(0x7f0000000e00)={{r2}, 0x0, 0xe, @inherit={0x70, &(0x7f00000003c0)={0x1, 0x5, 0x6, 0xfff, {0x0, 0x0, 0x8, 0xe, 0x7fffffffffffffff}, [0x2, 0x199, 0xffff, 0x6, 0x7]}}, @subvolid=0xf6dc})
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x78)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000840), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r5, 0x40047438, 0x0)
ioctl$IOMMU_GET_HW_INFO(0xffffffffffffffff, 0x3b8a, &(0x7f00000000c0)={0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f})
ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(0xffffffffffffffff, 0x3b87, &(0x7f0000000000)={0x18, 0x0, 0x0, 0x0, 0x0, 0x3})
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_netdev_private(r1, 0x89f8, &(0x7f0000000140)="4e6a106d0103a9f1ef1bd2d08e33610b226f5a0237ccfb2d91866182b2d688a219bbe96e170c9db53b8cc13c6384db08336648be95a44ac11e312d83ea0042064d1246575e3c53038fc7c3f1ed5ba5db77b86b")
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200880, 0x0)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x9, 0x3ff, 0xfffffffb, 0x8001, 0x1a, "08400000c38eaad6a4540ad9455fb5031af800"})
ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000100)=0x9)
ioctl$TCSETS(r5, 0x5402, &(0x7f0000000480)={0x408, 0x3, 0x0, 0xfffc, 0x1a, "4415264a100046001113fb235902af2556c6b6"})
ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
socket(0x2, 0x80805, 0x0)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r7, &(0x7f0000000200)={0xa, 0x4e23, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}, 0x1c)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xc, &(0x7f0000000240)=@assoc_value, &(0x7f0000000080)=0x8)
r8 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r8, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
connect$rose(r8, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)
executing program 1:
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002800), 0x2, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000006c0), 0x0)
io_setup(0x6, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00'}, 0x90)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$inet6_tcp_buf(r2, 0x6, 0x1a, 0x0, &(0x7f0000000080))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x48)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000700)={{0x0, 0x1}, {0x2, 0xf5}, 0x400, 0xe, 0x4})
executing program 3:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x30, r1, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0xc, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x30}}, 0x0)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
bisect: bisecting 24 programs
bisect: split chunks (needed=false): <23>
bisect: split chunk #0 of len 23 into 3 parts
bisect: testing without sub-chunk 1/3
testing program (duration=1m44s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [24, 24, 2, 26, 20, 9, 2, 10, 18, 26, 14, 24, 24, 19, 22, 3]
detailed listing:
executing program 3:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
sendto$inet6(r3, &(0x7f0000000080)="b1", 0x1, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
sendto$inet6(r3, &(0x7f0000000180)="e2b82dbb186a643303afda978ae5bfc8908f0ddcfab0927d489bf92155c0f483bc991750b32f7ceee6938aeb1f1a510b1728f6d589d55ca31a1f0c2118f305a9feb7325d35b52041d7416384238426592831dff4a36529d07618ee481843f11a407f67834555695eda8993098fd39990c6573680dd7186a23143864d9a6030600b2a0529aa2b", 0x86, 0x4000, 0x0, 0x0)
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0), 0x40880, 0x0)
ioctl$SOUND_MIXER_READ_RECSRC(r4, 0x80044dff, &(0x7f0000000200))
executing program 0:
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x803, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r0, 0x4040aea0, &(0x7f0000000280)=@arm64={0x5, 0x6, 0x2, '\x00', 0x1})
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r1 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_MCE_KILL(0x21, 0x1, 0x2)
r3 = socket(0x10, 0x3, 0x0)
write(r3, &(0x7f0000000080)="140000001a004f7fb3e45f2024d2f1c9fb470000", 0x14)
recvmmsg(r3, &(0x7f0000005c80), 0x1b, 0x10122, 0x0)
r4 = syz_open_pts(0xffffffffffffffff, 0x0)
dup(r4)
ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r1, 0x50009418, &(0x7f0000000e00)={{r2}, 0x0, 0xe, @inherit={0x70, &(0x7f00000003c0)={0x1, 0x5, 0x6, 0xfff, {0x0, 0x0, 0x8, 0xe, 0x7fffffffffffffff}, [0x2, 0x199, 0xffff, 0x6, 0x7]}}, @subvolid=0xf6dc})
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x78)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000840), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r5, 0x40047438, 0x0)
ioctl$IOMMU_GET_HW_INFO(0xffffffffffffffff, 0x3b8a, &(0x7f00000000c0)={0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f})
ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(0xffffffffffffffff, 0x3b87, &(0x7f0000000000)={0x18, 0x0, 0x0, 0x0, 0x0, 0x3})
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000001000)={&(0x7f0000000a40)=@newtaction={0x14, 0x30, 0x216822a75a8bdd29, 0xffe4}, 0x14}}, 0x0)
executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x8b}, 0x0)
getrlimit(0xe, &(0x7f00000000c0))
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, 0x0, 0x0)
close(0xffffffffffffffff)
ioctl$DRM_IOCTL_MODE_SETCRTC(0xffffffffffffffff, 0xc06864a2, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "65366a50432b7ee2c7feddd91df868e7cfc6fa7272f3bf0a71b5d0c19323a260"}})
syz_open_dev$tty1(0xc, 0x4, 0x1)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
statx(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0xf0cb2f4a0c2cfc5d, 0x0)
read$FUSE(r4, &(0x7f0000006380)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f0000001200)={0x50, 0x0, r5, {0x7, 0x2b, 0x3, 0x61c3c08, 0x0, 0x1, 0x0, 0x6, 0x0, 0x0, 0x2}}, 0x50)
read$FUSE(r4, &(0x7f0000004340)={0x2020, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r4, &(0x7f0000000480)={0x10, 0xffffffffffffffda, r6}, 0x10)
bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x81, 0x7f, 0x1, 0xffffffffffffffff, 0x80000000}, 0x50)
sync()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
preadv(r0, &(0x7f0000000200)=[{&(0x7f0000000040)=""/175, 0xaf}], 0x1, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000240))
futex(&(0x7f000000cffc), 0x5, 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000000)={0x7, <r2=>0xffffffffffffffff})
ioctl$KDSKBMODE(r2, 0x4b45, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x129080, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0)
ioctl$SNDCTL_TMR_TIMEBASE(r4, 0xc0045401, &(0x7f0000000080)=0xf5)
ioctl$KVM_SET_IRQCHIP(r3, 0x4020aeb2, &(0x7f0000000300)={0x0, 0x12c, @ioapic={0xffff1000, 0x8000, 0x2, 0x80000001, 0x0, [{0x1, 0x85, 0x1, '\x00', 0x4}, {0x5, 0x3, 0x0, '\x00', 0x6}, {0x7, 0x3, 0xe, '\x00', 0x3b}, {0x4e, 0xe, 0xd6, '\x00', 0x86}, {0xc, 0xb, 0x6, '\x00', 0x4}, {0xf, 0x8, 0xf5, '\x00', 0x3}, {0x2, 0xa, 0x50, '\x00', 0x6}, {0x88, 0x3, 0x2a, '\x00', 0x80}, {0x4, 0x0, 0xa, '\x00', 0x1}, {0x8, 0x9, 0x3, '\x00', 0x8}, {0x3, 0x6, 0x3, '\x00', 0x6}, {0x2, 0x9, 0x0, '\x00', 0x7f}, {0x14, 0x51, 0xa, '\x00', 0xfc}, {0xe, 0xfc, 0x5, '\x00', 0x1}, {0x9, 0x2, 0x6, '\x00', 0x9}, {0x1, 0x3, 0xfe, '\x00', 0x3}, {0x2, 0xb, 0xd6, '\x00', 0x7f}, {0x7, 0x15, 0xca, '\x00', 0x6}, {0x0, 0x1, 0x4, '\x00', 0x13}, {0x4, 0x0, 0x40, '\x00', 0xda}, {0x3, 0x3, 0x6, '\x00', 0x9}, {0x9, 0x3, 0x1, '\x00', 0x2}, {0xf9, 0x1, 0x4, '\x00', 0x8}, {0x7, 0xc, 0x0, '\x00', 0x6}]}})
ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000040))
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
executing program 0:
accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x80800)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
syz_init_net_socket$ax25(0x3, 0x2, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x1, 'syz1\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1, 0x0, [@null, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000))
executing program 2:
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x200013, 0x0)
quotactl$Q_SETINFO(0xffffffff80000602, &(0x7f0000000000)=@nullb, 0x0, 0x0)
executing program 0:
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
epoll_create1(0x0)
ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, 0x0)
userfaultfd(0x801)
r1 = syz_io_uring_setup(0x27f0, &(0x7f0000000340)={0x0, 0x400000, 0x10100, 0x400001, 0x28c}, &(0x7f0000000080), &(0x7f0000000000)=<r2=>0x0)
syz_io_uring_setup(0x1868, &(0x7f00000003c0)={0x0, 0xd762, 0x100, 0x0, 0x134, 0x0, r1}, &(0x7f00000002c0)=<r3=>0x0, &(0x7f0000000180))
syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r1, 0x8184c, 0x0, 0x9, 0x0, 0x0)
executing program 1:
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
semget$private(0x0, 0x4000, 0x0)
semget$private(0x0, 0x4000, 0x0)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, 0x0, 0x0, r0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
getsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f00000000c0)='cpu.stat\x00', 0x275a, 0x0)
preadv(r2, &(0x7f0000000100), 0xa, 0x700, 0x0)
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
madvise(&(0x7f0000ff3000/0xb000)=nil, 0xb000, 0x2)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = socket$kcm(0x23, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89ee, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ptrace(0x10, 0x0)
ptrace(0x4207, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdir(&(0x7f00000000c0)='./control\x00', 0x0)
chmod(&(0x7f0000000940)='./control\x00', 0x9c32f69e6caa24ef)
lchown(0x0, 0x0, 0xee00)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x854}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001d40)={&(0x7f0000000040)=@proc={0x10, 0x0, 0x25dfdbfd, 0x40}, 0xc, &(0x7f0000001b80)=[{&(0x7f00000003c0)=ANY=[@ANYRESHEX=r4], 0x14}, {0x0}, {0x0}, {&(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRESOCT=0x0, @ANYRES16=<r5=>0xffffffffffffffff, @ANYRES8=<r6=>0xffffffffffffffff, @ANYRESOCT=0x0, @ANYRES8], 0x24}], 0x4, &(0x7f0000000400)=ANY=[], 0x50, 0x24040094}, 0x80)
r7 = getegid()
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000580)=ANY=[@ANYRESOCT=r5, @ANYRESOCT, @ANYBLOB="020002", @ANYRESOCT=r7, @ANYRES32, @ANYRESHEX, @ANYRES64, @ANYRES8, @ANYRES8=r5, @ANYRES64, @ANYRESOCT, @ANYRESOCT=r6, @ANYRES32=r6, @ANYRES16, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="080006", @ANYRESOCT, @ANYRES16, @ANYRES32=r7, @ANYRES8=0x0, @ANYRES32=r7, @ANYBLOB="10000400000000002000000000000000"], 0x94, 0x1)
fchownat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0, r7, 0x800)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000004640)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000980)="4eae9cc396dbd299fda33cd87b36a1b52d52568f38332dcbd9ab3b4dffbbc5cbfe27bbaee211eb4f9d858a9eb136ea626fed7eeeca002555d922215858bb10b946217748694e44c9b6dc2df3e8ac76799da3ae177d95bbdcf176e9e4e99e82e8b002ba87d93e5837e5524878b8ca20a0b1af1fb3c5127e38f9c1ca2a1db33722d3d906d7e1d47734ce6f134b34acf395272cffc29550ff1b30d546be8bb76349984bab0cc173df6e5b30e42b2c18ed489d692c3c0db2b33f8f98904547d5c8f4889cce9adb9b9acf4468be8e74cc5843a3dcfdb14d89874ded83e06e552bce93c675c3e36e10ede22ebd396e28829457dc12bc238c36ecbb123370dd9608fda6e8e29458eeee03e5ae28ed3f941ce4f618f3e38ec69689578acb244eb5e5ad14a2b78785c4bbe67b0a58a3f68dad544ebbc86a0f61a56e7e8e87ce3eaff0f69f5be7f66aeec92235db59976650b8da41bbb2200c5482e17c237922347b02f2e5124324764267c9e934ac4d5985291f364287676f74aeb52b25b2944df64f1ba988b80365b00e2a39be0804a4743c51633771736ac85e71e2488b700abcad4f6b5e762cd54780a9f8c564ec60edb1e3a0125c8acf5ddf496efe947004aaedd31058c0207c1d8620333222c90c15a620e1c53061859e9588f96170d132fbcb35e8d79618039fbad358cb72c05b2181b366611a0d3db665f6e5cca0cf329157edfae356b154b9f3cec298f3dbfd80c6904a33b804646a2a4bd112c83da07eb40c71120fc1ac9132934eb6e22e7ece3f14946f5f79850b47c1883c8266443c55d2e6d50216865103ee1fec931355a65592f4c0c3c565b196ecf12b4cc8904c249429f05875b6e8271cdf205f529d6b1cb8203869d25caa6f33a39570fa4d154bf41e5efd3649805ffe52b1af514683e1b28a9607a6cd65d663035ce0615d5f85f69884aebadcb90c2728bf757f59b73227ed0f0c8ea96a025d9a6faf49d5fe6f9a93a2cde4640eb5172fc0470c28cecb8e85c07774e58f9cbe19f5fc4de6c04dc9f4bbcc07425916ca576874bc05dfef605d15d659ae549fd6032e11314c1284ca4bb20d26cfb095d45115b1cbfb4b7ea08b641092be076d335d5b293922d348ba19e70253df0004fa8f39d157b26dd6f7af4e10c00e35187f81d1975184aa9cd2da093343e895f829f04576f18fc7d0adaff99126a3bc3ebf01535d71a95ea4fc7ad6541cb354b47b9a1a198b5dad311bac1cd4e63c4d727ea7aa44ad078318315ad7bfef961890ea3efc386787fa6999b0e6c90d98efefde8dda7fee00367a800d728d729496880b3f5cf446b1163ac7b14aa4bb0f5f9a894aa1e1aafa5ca91839303383d01134ec9147bd08cefe1ea6dd1b0a3d5813c3e13ce255940277e974173dc3dc24f4b9d67c21faa0c12311b000652e36cfa0caf912e3d97f79b22f5bbfd341aba02efd989b681a721efef624dda83cdd83affa04d2e585b576e91f8ff84c858db04527a0658024354fc9f32a80494887f27589fe5b000a04537da2bfcf46661360c908714bf392f372055d0234f51671f94e8cddf59015a882e6b4cb9105aae6e0978a0158f52e5bf270eeef2f33dab986dea0858d6357b90a11b9a22dbcdd80776fe1c03589d8c37b4797ada0ba5145fadeda1927c0627da3ddcd4f6fb3fd4f5e9bde0fca21eed59456c96e40d137f2232b8279378c258593d6aa63b709c05ba4367b7aa9a9f37f151714ca50a303902d4044d78102410a1d19f33c05da5154beb8121692ec339c18e429740b1fe49042fb58bd325c8357004619aa34af200befdcc7f2b888623236acd91c6acc61eb16a28b98074ab2f0708e998ac7ab8ca1eb39c629c41af1ae844178a44f70c06a1d4c03409661cd0bf59c93e8e64c518be0083fe066d0bd0fe342deffd4a59f1468009f0c9f5c25de06f7d0a8b4421be6228f22ddf2a75c11f300863f2fa19769ed4dcae85c812e512e3b2b07d63287b9b98bd82fbf5fba0927e00969f03e7decb68fee6291cddb5c6d181a72b6d4fe39dbf207ca5f9db1f144738a7c4801daa00c9d5bdf62289298333952444595edeb46d8a61d9350188332c4f1577f8bf0fca916b52224ee57fb022e486fa10f929aa8be2a82d3ba69c80486b3a423cee8e943ad969ff011da34d2926437e798917827cb07981a27a3346d3a0ecbf4d96b2f6a8a6511949a325c8fe0c4134d9d4f32fc4a8f1ddfc45381ef8e3576a5d1e8e5b4af1a030c1aaef4266db690e2124de55fd7227f6290028e2e074c944d1483202bab0151c3404f36c2139d9dd316513f4265983a75bace43ddfc1cae50f11f9f951c93f5c2785cd3fa12907f8cb42f48ae14ee306881b77d1b2265ab511fb9792e42893430c9630d87caa0d8af5652ddb5bf00395623c04e62ca1b4e67cd45f88867d0fd5a744533d8f93e1b82f2e7ba37969eb3d491838408222882781f4e74cae65e3480ea0a2294ec661f145d0c676c8ad6eaacfcb2d3439adbe92af3558d7882d8514335370ca6d2d52357201e478521bc61c0dfe66f8a9c01a5091f8ab5a3aa443e2440ac360b189ec5d5b4340f65e6050fbb88194774a3aa14b6502d7d724022101f21ce709be2cb3a51f726a69dc6c6adf03fb6c7d850e2c1afc6a390e0b79555dce5e703d548b181436e2072fdf39eb9d9257286e29c2f0769340168e2cdfe9f8527aa3fd27686e359dc930bd95c46580fb427e01473b7e0f04c1f4d94b1548591358cad1aae0a4cf7a2aa9a816d23f004edd9475065c9757e4f6bbadd54cba0967b02c6453373d09183b36787aa44c2a4b78539345e396ebd1a5bd408027efa3503e2b1c0332affb4ffd908ffa2161d933af431039e56575e9149c2f75aed68b788591feb5d0d91bd282d30807f4c37eef4277c80304f1e2431c02ae4e0011e8953771aa8dce1463af60ad18e4ac7d88e3cc3dffafd6f1d51c5b1dd251a0829fe12841c75bc134c2449ead63c9cc3f5cb89ead3f74e86ee0939e06a533466b6beca73895a3d88c959413fcb5ce74fb07c7f1a553de413a65aae9d8afd630532530c820266a7af7da5b967fdb272ebdd64d8a899ce07ed2bb541c147bbf45f5272bea84e4ecb0399f23e317f24b731b71594c4bbb5664258607ac3d54582bfe73054239b5aee029c8bd08fad1f768e415a65bfe0c261e1c3c1b02349841aa0073b018b804cc5dec523ed620ae9f732e67cec81fdd426df7b1e6e78084a88d746e7f7487bfba37706adb06ffe81f894448b77d6bcea06ac755f0220b598507da7ab3428ff75be4cd1100becf8c08294d5af0cd87f3cd15f5966886bd4b8ec7e48c3995e58cb611d837b5d2c1d68fc05b526b0e5c7b751a53d3f79d6625814ee062b029690a6cd72de0e2780668b10952796a53afe255be291e8e4f7e376a02674f029b5266ddca9e85a8fbd03700273c0bb6d53f7a511bb66cdd336d93ed4820aff3348437b99423e22dbe75f0e81a14f922885819f318cb36096cf1136b90d0d9cfd979a0367e886c681edc0c9e33b990da3da063789f66cd18d38727b1e16146804a4915748453aa055bbfda5ca73afbb62e2a0f304a5ce11433af6bb3e7cc41c089a9bacde72d61dc808f9766e78db34c03e99e1c519f555196a4d534d982bbf8e3e1cef5dd63df9126aa860dc13225f316e5d5eae2d09eb6ce0f5fa3f7dc9d992be98b367d013583f906a77cf0a1283b7cb61f722b87b15c41f24785564bd3d7fd0d024c4e263656daa56e2a54bddfa537e16c1f5eb9610ce5164478c2f1f7a0dbfe3da07a11c88f3b6852d3d79b4b0b408b023ddf9faad0c6de31e792c71d33f8ac9b3b95de0b0b7aa737601ca4e94e907409202874b7703453b937438601a06b1dfbe27fbe6f49f612bf98669898db652d57e170d4234640beb24ce168fa590a541aee7069b25398aeae466fc7aec119e72994474fb7c629c77f1041ce56d64b1316bf79e980d43c25eaeedf59258e0c44f02ee37d351e19d4d7b3656a82f585b9887e362a5c5e4c68ac3e28ef3907f6e007ed12198ed1c5ceec300e44e23eab1ba223c7350f74e76caec2d26f9b55a9092be92e2ee81d148dbf24e16f109cc33c7056e28662b84c3a01c0d9aef35143cbad7d0394165862242a75f4cf7122352f4d50dc7fba2fcc712e7db62df2c538dfcb43a6007a4f3c86e72ac863c4e0e0dd41141617458da29d5df232e5222b807411a59f69d59871a02876507f6502a79ad0d04e19573f869d14c299bce055404d73ba1b9e4caeb82d7cc1ffb5ab343dcc0b1280068d2f2677cee978fd1fdf9874b526a4ed46f5b12c9bf6771fbae35551a0cdb8396d664c2abf89354af0df3e65062f8aafe2edc54f918bbfa928fef7ac7b7eb74fe543ea16731b7cf634b0a5f93227d4f3432fd5642a8d9f6f7f73510c549c30cc1eda91a01b936b0a0b1068aa5bfc70b85933145320869f1430250f63c71306900b78acabe4a6b2a4ab14765148c1e647d7f95d116edb538597e73302c17ae0e3254d02e831fba81ac288081b0a20217b36883f1c25265a43b71eaeb4063854db947355e403e7cbf09f4197004f6c9bc763977ffa22b43e06cd2f2892b06fdbc5c0b04defca8d3420249cf413ba3f89bf164c45cb15e7b4816dbc438dfdeddbd42d78070b01545d4ab0fbbf3009dab23ae743fd586f51a08621187c33b04b04afe8c19ce89ca8ab505e4b575e71c9326fa9a1c9f552030f36fb5bfd3a5775dde9f9d90074e8081458848e2c5f9dfc42ea9625f29c536474675f4f14b0d7b2819756dbde83ba9a454e20895a8a90abdbe88248a200b06d61b1e056237f59c5d6018c8558ff31ffefb4923c69ff92ba903bae155d845f4a0135aa30de0edf8efc42962461f95f97ba8c9d8ec74aefd3847fb4fb0bff1830309a596d93ba3ed16520e01de4ddeef795f5a96027daad34574cf8a8f10508f546ec8d528e075731e2fe8fafd181cafc53315800eac61fc3f3f22e22e46855cf5cb54259cc316486af43eed2cd7448cc05a756968c0ec193fe46236a0efe35d9c8222ba1c900442fe207b899e15b5a9246c2a1b18c9de94fa4ea485a61c56eed18106305e6282ecfd299af203eeeb7fbcfef9c3b9960e463141a98a2068d36d7bdcf8cb25a27621df2d009bcadc175dc519446f7b3c9e77c9fd89d08086a8a21a9f03175db0b4858d5495ece636199f5b852811ebb39aed475b8ef51d4fa7ae1a908b399e8e56e4a0a757f883bc09fdc4045f6402a1026b4823f627b988c76fef73a0ffe9b2bd7209fa35a569b2782733a4bbab217ffa6bf89be63f46115647e0bc61aa8d3eefda3c462b59544e5abbba9f20103b3d6d94d79cae7ecc1306d1e71fb189b13bc40f0a7294f210b1663fdea1f3d5a64d6618601d5cc1dfee2aa930fccc6055a9237266f92c9794e12e601ca5763b2a2186ceff7559f2884041f88a913f1ca444cfdc505659a863a3c42a30d3cad57199057b88ee8e5e4fb44d67c8d2dabdfc9875eb0373192afbd17e194226ebb4be263f22448ea23f7150d23265282bcb33b6404ec2c889a39f095033582084b88c45cc48ac88eeb28c3c564993ca3ae8e5902bf7cce6f91ffc6bcf29f3a2d96dff986e1b12490ab72249f2514339f851b00f1c2b85bd91b410f4316cc4d17b36a793bd7b31921ec0c675b84e4251a91de3161b57cb11643ccf393054432ae0284a866a98def62880329a42fbcf14422df029355c5801fef59e620c827ab1f89efd6038fc5606c244b1013469488438cd104a3a7c6b6f1f3b", 0x1000}, {&(0x7f00000002c0)="a3098a93ceddff7c69e63683bca8e47083cfe47b9f1c9f95a5fde770570ba4ef072ca0114ec905410f1b733887efe900b9f585f9679988e2706fc6dcba3694410ec13d3c427ee8b1b5d065a9ba1adf2e1a9b64e00844c3683e42bf17405527faf69e90434395114b3b9d664e30bff6f822b45e51e21b0f31ca71467bf1a177bb13488c8ef37ef4d65c3975711a88d0d94a06ec6eff0f76b94e4812e5d4943aa6b86b88a9748d4e87e5280e8e113ab9974c0bc7e9d8e65b184acfc77e05f6df1414d36b6395d17d0463b35a07818b77e84ae4ce647fb6a06b0a3f36efab", 0xdd}, {&(0x7f00000003c0)="07ff2f7945cff3947e804e28b77d66d2fcf51bb0e151bbd242f78bac2bf72a28680e0330594c0ab6331852ae654c6505be5f6b34200dcddab8b01290d80b03a02b22eff5b6dc89336c41ac663c6a1176d726de29c2898d154b81af6649395528df5ae95aa0b4ffa1438ecb87bba8603e710a8e9d91eba25b18aefdfd3d9b483f4ac012a00b29cb9167b39cb29f81961f8487deade88864", 0x97}], 0x3, 0x0, 0x0, 0x48000}}, {{&(0x7f0000000500)=@file={0x0, './control\x00'}, 0x6e, &(0x7f0000000480)=[{&(0x7f0000000680)="83e5224a8a8cf4e0dacf539f6deb06ea1b70f1a02d254f98fedceb525725666c0ce09654dc2ace9d49aeb1b12e1b8aedef6d8f7f761eb3a3c4d3bd7a0a414d29a8de0e534826fc75d04aac7a04ed5aa0dcedbe3b631724bc7d544aee11f52f8ddb40f7802955eb1e1a3c110239acafd296ce705257740f3604d4164b72a1b0786bbab7211370686282457c8e7e9f7db948e840937ea77865b8afd893c2734efe703f651de6df11e58b6d3fa2049f7793f0891e7d2722c18a6b5243f4184a6dbf716392b66bebef7c0db2ad079678860447fc9e5d7b91680b424e32baa5220c", 0xdf}, {&(0x7f0000000240)="3bb1bcaabe708f4f23f3be44709d4c25992c77edc973090fca7efe9ad43d15aef0e7ce4b5f91f98095badb5fe8fda1", 0x2f}, {&(0x7f0000000580)="c8733daab040790db94d1a21868051f9e5f08e8edabef32ba77e1f5d0b9d24dae9ee75093ab0fce2712513ada14dbe729b85507e150a4eaf1c82fc6071346c01d23dfd58af46bcc602d4c7a4a7c85bbd4bdad0730590391e824c9be8f864ea6b0e78dcd1", 0x64}], 0x3, &(0x7f00000007c0)=[@rights={{0x30, 0x1, 0x1, [r3, r0, r2, r0, r3, r3, r0, r4]}}], 0x30, 0x20004040}}, {{&(0x7f0000000840)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f0000002c40)=[{&(0x7f0000000780)="f894f0f3ebbaf43264cb169f6965619fac009a904c6ca51abde71b43344ba41ecc5e23b0f3b3342b83dc11442d62c3998ac9", 0x32}, {&(0x7f0000001980)="0481f7fe6feb4273d6cd7593ec0376a123945f611353fb7d4464b231be6a486b21bb54de0bc5a8c237eefe24f18e45de2bb23cb5605ecfba48c42a4f5cb5040215f5b87514b753c3b398ff09909bcdeda21fc50751633c9d59082f5eb4506ace5559ae3db6a8018c64e198205c23b182f542777093ac3e9ea4e5e94a0c624ddc119b31bfaeb6f5453ca3218282efbd0f0a3715af19560b618045937ef68dc71dd72802e52ab208bfe215986989e39b72cf4ff0e39044e8b8a7c98eb8c696dc15267ff8daf93fc8df32696ddd2d67ec57512dc2475d5c8f7b5ea25a2a6773ef074516c25750eb739664b55c52b0d66fdc90d6efddb0", 0xf5}, {&(0x7f0000001a80)="e796f520e3ffd7f88ecc77ddd0a3cf3d0742f95e9175de18fad9974371109bbbde918597a75c6cd8246910eddfb2d0b5c62da446b065e3ae24d094e8a17f13a73377531b0bd1a02a6a99f1deba00d663aad1e3a8767f778e6e6838ad8d5e251235172bb6747c8b4afa54cdcc9ec9ea41e456a68cd946b97610a38b68e3d9b5cd9b941c4adc07e222124565", 0x8b}, {&(0x7f0000001b40)="1ddbeac97e15c1fa2cc1e52166b0bd498b335beb930850cd4e4f098acdd08b783e08024068f84669cb71ce18a10f9e77cc2a456367924f7971294d8d431c8b0f6345c444ed68a1b40ce550d67cda4c1e5375818028df79b3b76a6d5b7b7163e059efec920e5cfca47048b78cd3895925b2183d2d111a9d8aa7e2e121100e60fc14e8834b80612e5bdca93eb7969b1bc3e6cb1b65fa43974502381ec62cb385c3c65f07b5afd28a39d139ee01b50e07d43b9853dc7a6390d0776553146f18b89f8a68a4d230fe08e54630904530e9fe25714aecb60be37759", 0xd8}, {&(0x7f0000001c40)="6666a898cfd2fce0abaa17b9ea1eaede5ab5e0209a472ea5978764f722b1da326582972d8c9cecbb99b80ed822e50dd44efac6c9fe92669f1519dbcbc6fc42b69e967a67110d3fcb5af424a41ebbf16ecf921e33c7159710329f1d49b13820ca7c5658b8a004310bde83c4b500fc666bc4fed7c9c9ad082aad8ff9cbef911e8182952a9141648f19a302aace36c2c2a2830b95c76e42d935801105eac3c14770b971fd3b62e4952ed6969afd38fd7631d204a05248b4bcb1120346f80a710228379290dbe3a31935884327aa839d5365e10d8a10153e250261df16457a40174fb05806fa7b6b9f4eb02f2b3affac073c43f11f91b82a72fe9af314fedfddd4fc0822008ccd62798de5149c5955726f54a8aad8b8348ab08d6543527426c34217ef489593f14f0e5b4add37cadad0d6aac64d23164134cf630fb5c4e0794d4fa7c62db4c79f623d3883be8f5a42556baaef4b23d98d244256f71068a03068b6453c9c31e81e08faeeb7be7863022849c456e539316d6d9fc5282860cb98220eabd12f2dafe6a598d2a9c351f3f7b0763fe83253731d74bf7badac52781d85cc4c6f53960d0677451a9d78586fb5358f5f12c91074088c2af89568e6146e624a0374ee8fb0b68e79019f7ba5fb04f0c2d9a411deae2e58259a5e68bcda62ee0aafe152716a69042bb811bedbbbb5c2f7a32239b22cad93a8cc5fcacdb5e1e18e284c52521ba6a1aebd7efb2170da881c8c93a43dc373997edf8728abe25b8d9036805b2f9b7f9392663d37ce8b455fb143cdfe4f69ce89a3ebd5ad6e07424024eb19df06c2a1a9d9a2940ebda926a9dd95d7af2bda38e94ef4436635e9cfbe65d21097e4f3ac8904ee010fca53bfdf4710fb1cbccb304cae92751cb69b15dc5bae47ed12c6ce5a29397e360182b1a6f75ca698f82c414d45adeb848f17f0396614d6639a64805c401a6fd15070330ef49cdf8e875e239e8877b9bac20aa7d5ff0cb66a82b1783a98087c591ee610d5ce0f014cb8595dbeb927919846948c2272446fcfa32012be72c89c0837f29d24908dba761ae0ad4339abc916a89f7cfd33b1152075141143c27e63fac706b35713602deda59ad06353c1c1c5f32ce1ddb1531e237f21678ccf0722afd32f7faff371430a6b45daa495f445537d48cc5daf619bd4f8cad46ed7531a00e86db4497c67dd3870bfed13a77395a80c9d87faa5e6b7d83bf93db2763409e0c08b5b3e120e7ce850187e5d1769315383f11601f7365890afad1a3ea8f86fade6916bec8722fc6a0353fa9dbd38ef43177acf014dbd8a5b5f978e7f85c86b7bdfd16d5ce45660fa3d2789c3b3382bd87281d9ea5430381076a5671e8c3f36321ec432f09a55f1f09cf01f1800c031dc25b6091e819f3e2ffb9ffef59163eae28c3e4403625a76c243c095d2391f74ef8154776a7100e151842158f25dd72421855dd40c5d457b25947ea13b3b57e74a0e3668fd5b884fbd9d5c294964f23c66c1f81da4b65664fdd2ad7a8c262d70de8a361d8a5fd4c4b575d549065da6b2210f330ac400d29b4d00a65e7d3b371ee7b6c94f4272c8ba2f5417609cd1266fb718e726a387398af59caf93bb92fd5cb5c31c19ec749369ac84cfac10c354a1ffdfc950c844c435a8fa7e37bd297ea6deb428d18fd7a001022da5fdd33f5247acec3d24ad96256cb5359881dc73c82fa164ae90d22ef4ed44ede9b18db1b547f62c316020fa4f4df4dba6f215b0015beccd33a18d9fe14304b66a4a48527ff7325fd65c007b2737375b3dec44a37ce779fa7d78ab1838be1027c41dd5eca9f0c560b5636b06508e68b0a8bfe0691792e62b2d33d31813b0fdd60db83943b8b105301e0b360d5dd40816fb1be270f58b83fb4e1b8fe82525081ee56cec54c336a7d0275bae181a4adf95221982b126bd5ac08b313e7515f2106211e920fc9e31e6ed6a2163a3a0b55fc9257ab45d92ec63e3fac4d8f6a55d0a17033b63c3b4ad30e442cb0c5eb89ed5f15e74410408a81f47ab260029e0992d73cfec0f11437f8e4c69724df7b4d972c11bb8a547d5fa534a7438c9944efda8af724af8107ca9ef2cc0eda3e0aadd3d5c6c46c9f7e209cbe74233575753e0fda2f5e59a0e20ae427e381f28af9b4c4758b108088141c20ead2ed8aabd058396cfe9bc710c0ef7c74b67d95c027832fb38b087d10e18816346399fb79b3e60040e17c64b20a049b0aa5e1ece290a034ceef525b9fa7494d6bc3a3d8cd64b8cd0a715f0ac455bd818c140517dea5fe868c8b3b7a50bc9b3b7fc4792ccaefa6bcf00ed14765ad64843b894988e83f13b878e044d2578e3e83f1c56677decf35d53bbf36fdfa79af9ae5b019e7b2e5ba32fb8918f62913392376602cd2ae1236d14ab3a65d1e8b72ab752526f27d2c52e9ad4d14c2746302b36589cabe516b1e32e8922b889ccb68c133a7017bf031e449957422ddcf66d316c0b46ac62364a57620d087c091d99e2e895370a771c8cfbdb7bd9b30e19b4ff636a4fc8f6c9b19d7aec5585475ac8eeaf4bd1dc6ecf2abbb82f50c62f3a3bb05c76db3a0851efbc20e5ea3e3986560ead95a7599907e8333bab002d774c7c8d16e44cebbdaf6d0ebab7383e7738f1a7f3ad183bb9b40d83e80d935993282dd5d2963aec6ab6a9700f2ce689a44efc8e136c60b3991c3d621b77bfce7e8eecbc7471eb68b1a233ef1194473d91dd29e9195e288d75dac0fb744ed7d5e0d5331df4fc779087a05463c114247de426c7db635fc1b1e6452b030336c4bd16f8a611ea438490e53dc4d590acbdf249c6781619a07aff4f85cc11ad5304d6151cb81a700dff490d6560295b9d93a6f091a39e16afd7520b1ad52048c1814a8112c6b82993bc383457b5ba6eaa67e8c55298434bccdd9dbfaaa2235f96a5fbcc1c551b3823839b70bdccd26a2a7949d7abe42adc1c637e1bb32e2d198c2bb3351c9022f5f0c8feb1ece7e5d631909a3c98fbbf0b4f03749b59fcb4666cbf40bfb9faff552285c2f9be37a452d2c90566a220f5213a6f96eee2e9a4a8c0b4b797bcd060d54c0b174fd77d4270333d0bef1ed79d67d28fba92bba680dd07ba0138067100a5549cb463c16790a28a3f831b3bad4bde344ef57be688bd2b74cbca88add97fd7aaf18e60e0b0fa04f14b3b17ed40e9ca7fdc1313d6784b6494f9e26b2dafb8336f08f7eb42e320cda0c3e37eaf16667671ac7a77680890e1ec2df6372423da04187d01332e88e9cb83265333383c7e0b7c02e40af9854f8e40f78f2ff57dce9ce778c2b4718ed1ac814e2fc783a86856a93a439e8f016629ad58563f45dd503622c9c5b5660a903a220935d1cefe78b72dfb401b3de7c261afe59fb3f0975f295b17fa3d4cf777a0bcf1079a87a7a94b27fff491237aefd3a399f83fa1537c6bfd7578e7dd9f098993feee3dedca7ef57ca6a51f370bb9ee7161b5576bacee81b3be4c69ffc961371545323929ad65adbe8f556971444f9d35e4d3ab491180e11820b8ab245798ea12fd7019853cedec385e8aab9d43cc72c4c0cac904aab45ab6e88db547c58ae0acd28abf9516c9165bfd7dd2ac3e586ea476a3b8b1cd0b63ed01331bcccbcaa4056a111cffff8739c6c963475f318c208f403d4cd94a27c28f0ce721cfcf16fb4b334055a70c976f16e6c74881833b24b158644b7f9d197656f248a8ffb85c04bc5449e8e3e3f3000d75d4e08b865352bc6c8a489786280c74653097d1f7566dc998aaf14c34e22b07f8d7a5e070560d46b7bd23efa3dfcdcfc26fb25ef5e51a4dec70a424cc3098ce7c902c160ab995b546330acd0fc06ebe7b5791071de1ea7f0c9d4d532ab73e842859a666b330cdf75605eb3429038833808814a1169722673b4a75cb3e32bb51af0e9b94c800589fc9952ce9e51239f84fad6228dfb400afcfafe9a0a11187ea707b495cc7a3919aad0a903195bb1db30f603e393de0e2ad2792df66fdac3fb1e27c1aa489f73e70d0f3bff67ed7322a542944f85a357e6cca582a8cc314a79ea220be991b34abf52e9e6d045f3f06770dd20a2ca150dce894d61362e6138a22d16ab0b08f9a4931b28b6d0bbde80c7d0fa902697451d6780fa0c3851692a40f586f2a1d2186966458c8a06f1bd1c9a4c9ad4933b11dd75c757e40cc58fa88071261ffb3c51f9272a42cb681740253619431f636a745db9feb17020946c7ed6afe979579c97f91d01ec08ee5b25412567f65a69ddd54edbefff08d92de752a872812ac8e91ea3abb5f7aecc848a93030ca97ec3b9e5293578d0783f768da8fe09d6ee56de1cd256165261b958f22c54537da7a13bdffb9d7cce7343e96437aad0879d28389db16c680d3dcf0e6dfc5606a8ea1723c73093ce0e978fbe36b0f90b500c787c4ccf93e37945dd4411ecb8f2c58678423fbe07d80ed3384cd769a04f5df7f48840ff5528b4c87e16d49018c56ec367c7a34a0b342cf8a6c92f7afd6e0560934f695e117b55b790dadd822b1f7793ef9341dd1c9a5ae6fad068ae7b06b122ecc6fd6ce2fc0c0fedee5ce517b4fba61b810c9dce6bb8c0f99747410c83674bc7c8af901482933af8831523c529a96688dcf3748297b100cc2c8de5b0b2d244516f3eb9aa47c23e03171ab44edf7db71a173ab37272c039eb9f9e078acc0f6adf7f43408d98a98d593b7d7980b382f75024fcc4c31feb37a454ccda7ed9fdd402e438af70fddb71b5e421e77fa361d1ae81aab425111f69f1a23a231746f06236a729512d3d10dd35d0e1d635f3d1728a73bc57cc9ed2035fee6c9083b0b75b42f28b5968e88101ec940eb29aa653319bc2966bd1de46ab3858dadfae3087190bf74b9a470a602c50944c5220400244e636a7402ac70dfe83d225477c4d1b513592ddf12ff6813b2cfec0d01f583763ecf1d4bbe6206d422e4f170f022e5006bf05259fa8e722998cd8281f21f7238de31ce617110e8ecb9c51bd66195c2c4b38913669ba0f21b7f2793918225b97757f734cb470f23bcef382bfab3574ef68e37c1061edc53e28513bc4c420cdeb72d553cd0d3f3f18ca11b5ba44196a2cea93f81e09c6bf18c982c9a5f242653457a1e833049f6006a4af9d46ca6a00de2ababd25567a2ccfdbfe7c453d2fb0b5c41c1bc05eca0da55043b389dfd00ce22850a756126e1ef08b5c421ab0e40158588722fe18d6275bd4fb50dba98322437b7a3983f2d3ef0c05a9964520d6572aae3cd337ef5855a1efda8745355d704c7ac133064b23940cdb42a5cede4a31d393a37550e5d92ed9c9780458711f6d502bec2df139d49af8eb5902df2fc460e1c7de524f20c3d5efd952bc43157d2757b6dd4c7af78276c62fa669e3d87580f01bee7a6e430414e61c886b17b42ee37e744c7cd02fb08d0219bd5067d760311afaf9e009dedd969637cfa88cc1478819a34b74e3d18fd27a015d36e97f7dc2c0a5b7977ca0a177bfe4f600af66b524a995c6d0a1ed5c519e09bbba519599d7b7f841f570a7c93a56bb7b8c83d0093f1b85336f6c5df7738afe8bb12d1a836304425d4d6c19325956a4e0292c899ad1d56b4ccfd26f06a1a901c91d384b5cf4f3e20d14eda913f3490db7e3b95c67d6b961455624651c7922d7c0cc6d8b392ef2c6ee8d8ac2d9f5975cc9af36428ef19d26962eceb9ce5a30b66d76c6f31762aeebfe7299d3082b36213423d28d605b79fdcf29fc963b33f2406d9f0e63557f7c3dfd848c95ce907559f1cba1502590e225bebc7b9e498540130b593b370c56476b76112", 0x1000}], 0x5, 0x0, 0x0, 0x40}}, {{&(0x7f0000002cc0)=@abs={0x0, 0x0, 0x4e21}, 0x6e, 0x0, 0x0, &(0x7f0000003180)=[@rights={{0x1c, 0x1, 0x1, [r1, r3, r1]}}, @rights={{0x1c, 0x1, 0x1, [r0, 0xffffffffffffffff, r2]}}], 0x40, 0x40}}, {{&(0x7f00000031c0)=@file={0x0, './control\x00'}, 0x6e, &(0x7f0000004340)=[{&(0x7f0000003240)="00b02c9072d2ac026af569b9574db3c9", 0x10}, {&(0x7f0000003280)="fc192d6a99f049d0fdb6e9a1553e4354a987f46eb338d57843cfc2b57835a92de0304fae20051eed4aa3b4e665468e185fd965c8b5ff8578588994d0f3b960ce763d53a3b97a263c7998a724bfcfd4a72303b7e627c64fddcc9f78fd4507083d7d2818b40fdf51b7d29f9c2ef486f44f82ed83166486260a283ed19c64d21264adf1697be7c6270024c5a6f78e234f63b2535ed9b22733b18fd73090f584005806d09839109f87735e55bccd15485b656d07650785acbcf421807745972a98c02ea1ce4516d96a65ed453821e4d07de80d99539ecc23788fc0f3f49f9a30f7b97118941c655cd50afa6a15b43bc329f7c00f78ff24ca47fe60f32ecd4a6870571b7565abc2294db3bfcdcfdfb129e910c402efbdacaba24a1a40543f27928b078fa4a47109f4490c3272e6198206ffc120089cb45da4719d57afc9c5b951b0439dacf2ab753609db769432f7287f989d981639236ca87d0f020fa14d90bd72f57035375b9a62ae7288a027cdf95dd7e706771a7ec345ab13e1be2c57a19edabd9fa9ba6227025589f608804c4bd6a512876fc45ce5e9873af24a9d2531dd49717f806e2bb9505a9e633432c5cca39d5a923e8541de80424a86944d38dbb49aad0a3f508c9e4482c14806b556112974c0d0b6fe57e20f6863d0167e3cc6222b97f7099f02d373ee01ff56e18b060ea715d26dbcfb0c1cdaa203a79f6197f04eceaeb0c22c3b3b493f8237e6894663c0dff4d81da0ef2146881f30ba62b20089edd049f91168bb4141ec2f79cfa0b02b9cc66f4fa253f8cf2df6579d8e40acb81f36d7631c2640deea5c9152dac6697d41b66f59f4156ba0c332c347fcd3434994b6c681d213b5797ac5ebb1f78cd4111c7c64a3eb9470dbf1424b559f03a28ab81755253a83e133f6b696a4929d2fb73a9604716f61ad7aad138bd97405aca51b50da127dd70c2601d39a6e5df506856d75376695f1092e263ddb3277cdd4e01b82abf295202f3814e923c242becf031d9b8d55b512c44eaaff1aa31929248e22b23a31e61d0a0f8d29770d0c5f1686ddeb55e3512a06257dd82fe7d7100667aee66ba6cc9a939038f8bf74b4aaf355bcd513b848d9f82f6abff97d7eb3de23ef80c21e3379598734cd57529f3330e8978623e7c534e14a0135e1ce130097699cb45b8bb4ff2802ca970b0bd85269a4792fafd688e66e3f3ede8a5f9d4236c099b61c1b1b1e631f5f9002a3f925bc540e96a6842d7eb60093bb1a2bd88917dca1c120d6addfdd7c0d642864d8a60264abc0b30a82def57f8aa6805c5de34e7354e689b0e6a66b88f141458202f49d493d3289fe7f26541c281075e7ff1a67fbf5a2ac9301f8a07bb6c765a92bd4a4bce7929d29b6dbcc431ad3167a64e0988da2c656ef7db7674e45b38066eeefce371591769616cfa44501d7c69c3feaa987065e59809ca284a488b20bf5b47aae61faed6cac844ddddd17cc46f74f6844a160fb259f578c5bba787174508fa7279ff4a57f1a0142e1bc584a4b9318c15ec8e0a12526bb3923e24a58176dd522a8ad3c09715698d1d9cb0671366da3c9a138522af1dc11c330adc176c514a6000316b572d4bc0a3d65eb3e904a6556faafa9245890b8ede8bff8ecc234eacb89b5b3a21010c329a5af0b726401b7a5845e229a8223d030c3bddfdb1cf95a22c7618f29c33f7dc652462ebbb5894255453e310004b35c12349fcfe213c26c73d32b84785a46972771d392be021d05accd5f5cd33db7d7ad970ec3fab078a9189397d224a737c6512a321562d08df56c9a94ea87f0a4f46d23f5a6189b462392457016fc3dc4ef72a5d0abe264e482c2895bc9e3a5e001cdb486f2c73b8f88b61f6c623ced51dab11cdb06ba93148e7ab3354a512ed665380b526fe5cf5858f22e473cb335847651c25ea0bb7940ee7ddc895694a8b03df12b6212c4c6e5eb17961e5d0d65e339b50af29a6dbbf443c78424f2967890073563c499b995e2ea9886e34630484055edce33c12dce9148eb63f35168fd9bc5c252a879a27e70da0a0f28d8514a58abb79f02fcbe667b969d5988fa4645df5a9b2971a6bfbd58836712994dc8a689e0dac835338afc3f9bf68bafcc459831f47605eee0f6e766f5abaf310b1d87473ab6a217996a7a0cd58c6607ecb9ad571e6dbcb22456a8538fe909e4d21c11ee241ac23f1db68d83453df94165b9a9d1c5e712218773480e0f576745425b81cf96dd9af7a0c6deb6f3694fac0e2893ddce92196a21ba3af9037d48ea4bdcc8c4ed35dd505447ac6c98439cb64d9b0db62018d667e752c66ff4692c3d84440055358bce097adf0abe35545c387e5832053ac611c46b0be20c83eaef2418971592914a17201de30528fbabf74fc3e8556ffb8e10b17e19453b676a93112f5bd95433979c1daeead9ec14a3ab477b0343266a6ee74dc372837a2197a16f3d6c1a02e9970015af370a23af7e16bcbea5585e76c999c021f6bee70a24ab3e52dd555c5b9a25106045f89f0c7a0ad1cc8d415778fd7382f3b563d52e9deef631b0f82a1d70b4eb6dd9e0eaa9d4273be4d7d06d0159ba91223179f9f719697db9c00040f937bba4df89904dbadcb7c4198013587c2eeb5ef1503e87ce870122d1b560592ef8c52ecdf2472f669e1233723b81bd32102a8369f08dcffeddb3b2b28b5ffd29c6e981494b3648327dc5f52129240122e911c1d1b56e927455c1bf746ca90db756a2187efe20708637203976466e7bca9d9d8606ec3c5d1b2af33402f96ccbc0bdedb06cf85933b943f3e9a5d70b16455ff9aee174d0c504abc20954e0e67ddc746181ba7e66c642a6bb9406b5fd22374d5c9ace441af4bc35615dec06e5ae4b45fd5aeef08707d26e17fda650781b1fad429fb3dfb6d2a91ba2e22316e6ec0f170070405930fa728825e83c768f53c647e25aab2b316451bc6e74038a60b047c98eed1b1e7014f082c936c352f1f4b7fe259b9bc7f085f9690ec2e2a0c74e0f1f4684c86c5c1314358eeddb7e0d7fc7ebaae9857545d7196f82e550832aa5d8f550483af673d30df81f196c5c5d25e53be770f5925946a099c20851a2f8bbdebde1b187af6c61fcc302cfe8084a77a0d0c1c3d3b9f823edce226c153f0b5bb0a7eef1ceb259d4a1b7e041cf10b08de49724d40332674e9de581782ea52c41a21469748deb33061a60e3406187e52043ee38cd8d9c8aeab132cbd32c1c488f6c4f6d7a7ed46d15a0b38425464175e03d5cf67b74332cee71657f475880a5acb2bbcaf18a8dccca7655631de5663d505bf664c3e2c4d4529114f76355577978ebc75c9192b64ee0e268792c195ce9d77ae18ab0e3da067b399cc11c1319af4c8edd0f86e19466fcff033bda4f23f83f4c83a1393a2c418bb0022bbf9dd4a92af07bd718c2665fefab40aa66bc20f12cfe9286727ab3f06bec7676d8d96c9d565da0e0c7fa85df1423585edb8865fb75eaca1bd302c5373be9fde6d3854861787065ff8eb51be95ec1000294a896fc3e6cdb2b58e15b8157b2556a93cd2f0ed953ce186e20397b99cb62dba3a152a74f2ab3d63b2afc7ea75bdb1f58ad0b959c77e607b7cbad0c1122d16b411a9a97132d0ad67467ba32894094e8871fb20d369e2a0c6373ce66e632654f241f6497ea0cac6aac665a52d076385eb8fecbe31ac4bd781f42498a17f94ca8fe185379b0c548612bd6acaa0a1644c66533fe0a351c783c79a06be1d8e95199686c8c34cef9d07dc26697661018a2e65ef1361007574cf3e2936b26b413d6eb68362d277072d2d68343f4cab0ab19b4aef11cd139f68c80a291ebc8e1eeb6ad392bca605454823c7c8eea0bd97e311a407c4fb30a94304fe43f5ed94b7077ebc15193c828641b4f8403fbf202ce44e55218d33cd533bd24654f542f8f50d16ed7ef2a55f3153b3e0d017a801c338d6a2d459a0e860c0c655eea965e7b6b5dab0760f783356d38a9da70c3d0fadf443e818125f648ba1bfba426c08ed34121d5b898cf40f2cdc3ff0f95db1c04ccb4dd7dca4ba539ff7620f89899616c305a79c03fe4ec2708fd8a05bbcd343b49c420d41a61e2e6ff33c2df0043c24bbe9b690ca7a8df479113f3b0accd5a533d6898f2e81239e68ac4c2074f3262dc667cc0ccc52f866cfebc0fd6a667bdb8c80b3940bfafa51338cf64683992d5ad192446ce0adbf34c1a803c637d9766027dafd2c052da16ef3263081d10f5e70bdcb90c6a64758fff8d3569891081ea8a4e9b378995fbbdb8a43c3311ea62eb9e4279aba1730aff3a68ba309e193fc01b06c6a947438c80b293f6033993e08fa3749269f392410ff85128df672322d1477951313050c270f39a6cc65ff5592292fae2d9e6187e646223e673dc00a8184028abb4a2e8a6a994c0e6321f491074e766a7577fd0719bd0edd5b14af41741bd4850b226ccd581630d0fb456b2c8de560db5063a6eb1740ff0d5a7299a32cc02dfa62389bfb5df7d729e76677f13b38cb88d8db7577ffc4693f4712862a102d814c434bf98a84a4a2976db521f317fb6057009529338606b5b99fa3a14e49decf1df8a79cc151010c456f9ddcf5f70505316173f4d86a810c0af266eb5770500adc318fea0747ce74c8118fcf53735fd6139036db6bd6b308b7abf7706b51396b8f7279cbe4443f5c6e85dc28ae221aed1b300d411a4e1d535cf7292239eba0dd48ed2e642464ba329a00c1fc6fd6e41bf651383c318ebd40eeaf1ca5be85cf0d6df35f1b954539720474bc3312f3768119783a4cc3d99becffff4339ac92ca875d1d49c1adef8a7dc52339ce15292ac1bf358131d4f0aee9cb6ea251a83c2be9a4b36875f65f92f2beb7acee928060e24b45fbc58ffa8ad4071ad0c429b177f40950a5703fdb9fcbcb4ec09c1c30e32338d8574a384cf5348b47b9720536dc87b254523b3761e5f9f1d79fb7ed72f5b885bec3222ac5da224b807a6aa29b2adb9ec090051866d32d582b675a017536b7c6e8fdd2d26e07aa45c57bf64b2effe099a7ac21d5cd0a3ffefe2f809dc622cbbfec53278b2905e76034cdb5af1e49e5da47452af289314393ded83870aa996c7e1f9375bd245d9d9922a1ca0b088bcddf6eea97e81d18f1142fbdb2c46869e698181a8fcb98fbb5250e66503f14b3d2ebbdec6304df02db5d3388814296da03adfc467de29d749cfbcba57beb29a0cfe4c24a8d58e43a55b6216e07e3c16bda173324f05c4c71d159fc77a7601692eb9d8574762029368947291f71db7837d279714dac99ecda6d16dffe12102805683e5b4514925e8dc63fc0a2e60ffaa7a7d8160b4d527860f354647132d4bda0e02abe4abe80229d0409b1f86b95eb56b3a46a460804ecc012746ab1817a3f06830b12d278677710af180ae76f0e369f56f13ed0efb7dc72b3dfa2af7dca6c8530c4678924888c254b56fe01b3bca4138b575e3c1d9583954c35faca2fa8d0b5759e0df9aabd8ba925af28f1f53d6aee9f6e163a466eab25c09d0b9029140dd3e96911e3fec40ae56a3b0127047249f1df12e90f06b122225fd27655b26ce36412f0dc507ad29cd00eadcdb80552df4597112cfe8c1c163528f4c2d71c8db2dec9cd665eca3585be7656162f9aaae6a7bc53d7c2484fcc1636889a62bc1495ff94ffc342eb9c146aaf9050ae033b4af9b49dbf9d2a1531484934d2124b222bd44c6b408c019cf56b2fab015303c3359fec361673daa90af6a41eea76222d0ddf600459ea75d394a89b514506ddc26d623f6b625d1ab55", 0x1000}, {&(0x7f0000004280)="6d17cfca5dabe41ab436a0841add6649b7f5a8cf0b0250aff8799a3ea62ae70cbd158b44ee77fb25bf763448478a0ed77ad44dba4ef887c5e9bd0dc08c535eeeb1b2f3d243d4b88470a48001368eb14becc8c3def36c993d5bc496f17d9e2459ef8b6c612bc3fdc165813f19ff265b63ebaaed66cf65fe23294421d9f303a79314f87b31ddead24f5fbb4d6a935074948b2859b84f79976e1e7e62a53314ae384bc665eaf5eb9837a403ad71752a7636a011ba542eea9ad813631358910b", 0xbe}], 0x3, &(0x7f0000004440)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r7}}}], 0x40, 0x40040b0}}, {{0x0, 0x0, &(0x7f00000045c0)=[{&(0x7f0000004480)="c96a3baf24763e35f7950b8cceb177f0163e95a9a2112054f565cde292acfaea02b65113985ef0fa58c3d487f4dd86b88878", 0x32}, {&(0x7f00000044c0)="cf688e5888bf60cc4d60b3f4a53252601490b6a89aadc4d244282d415dc5ef4c57757a1f92424615b288380f94c428422cb1d1a642c6988816c2c5f8607ed36a06bafc08c58f4c0d93659e325e7dc1a23f1ae7134ebc250fcb7a62358f27f4004f3441bfa4d305e2", 0x68}, {&(0x7f0000004540)="5e994bd2e6465ec5870b43bfa5f0b2af76d8674a699df112732744dbfc33f550f7ce414ae18a21e6cefaaf52c7dd9522bede45d8bfd84cc32c827e92433b927ad1d67c566ff506db", 0x48}], 0x3, &(0x7f0000004600)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r3, r0]}}], 0x38}}], 0x6, 0x4000000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
executing program 1:
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000), 0xd)
fanotify_mark(0xffffffffffffffff, 0x105, 0x40009975, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x15)
write(r1, 0x0, 0x0)
executing program 2:
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x803, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r0, 0x4040aea0, &(0x7f0000000280)=@arm64={0x5, 0x6, 0x2, '\x00', 0x1})
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r1 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r1, 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_MCE_KILL(0x21, 0x1, 0x2)
r3 = socket(0x10, 0x3, 0x0)
write(r3, &(0x7f0000000080)="140000001a004f7fb3e45f2024d2f1c9fb470000", 0x14)
recvmmsg(r3, &(0x7f0000005c80), 0x1b, 0x10122, 0x0)
r4 = syz_open_pts(0xffffffffffffffff, 0x0)
dup(r4)
ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r1, 0x50009418, &(0x7f0000000e00)={{r2}, 0x0, 0xe, @inherit={0x70, &(0x7f00000003c0)={0x1, 0x5, 0x6, 0xfff, {0x0, 0x0, 0x8, 0xe, 0x7fffffffffffffff}, [0x2, 0x199, 0xffff, 0x6, 0x7]}}, @subvolid=0xf6dc})
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x78)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000840), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r5, 0x40047438, 0x0)
ioctl$IOMMU_GET_HW_INFO(0xffffffffffffffff, 0x3b8a, &(0x7f00000000c0)={0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f})
ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(0xffffffffffffffff, 0x3b87, &(0x7f0000000000)={0x18, 0x0, 0x0, 0x0, 0x0, 0x3})
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_netdev_private(r1, 0x89f8, &(0x7f0000000140)="4e6a106d0103a9f1ef1bd2d08e33610b226f5a0237ccfb2d91866182b2d688a219bbe96e170c9db53b8cc13c6384db08336648be95a44ac11e312d83ea0042064d1246575e3c53038fc7c3f1ed5ba5db77b86b")
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200880, 0x0)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x9, 0x3ff, 0xfffffffb, 0x8001, 0x1a, "08400000c38eaad6a4540ad9455fb5031af800"})
ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000100)=0x9)
ioctl$TCSETS(r5, 0x5402, &(0x7f0000000480)={0x408, 0x3, 0x0, 0xfffc, 0x1a, "4415264a100046001113fb235902af2556c6b6"})
ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
socket(0x2, 0x80805, 0x0)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r7, &(0x7f0000000200)={0xa, 0x4e23, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}, 0x1c)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xc, &(0x7f0000000240)=@assoc_value, &(0x7f0000000080)=0x8)
r8 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r8, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
connect$rose(r8, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)
executing program 1:
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002800), 0x2, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000006c0), 0x0)
io_setup(0x6, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00'}, 0x90)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$inet6_tcp_buf(r2, 0x6, 0x1a, 0x0, &(0x7f0000000080))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x48)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000700)={{0x0, 0x1}, {0x2, 0xf5}, 0x400, 0xe, 0x4})
executing program 3:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x30, r1, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0xc, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x30}}, 0x0)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/3
testing program (duration=1m42s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [18, 26, 14, 24, 24, 19, 22, 3]
detailed listing:
executing program 1:
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
semget$private(0x0, 0x4000, 0x0)
semget$private(0x0, 0x4000, 0x0)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, 0x0, 0x0, r0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
getsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f00000000c0)='cpu.stat\x00', 0x275a, 0x0)
preadv(r2, &(0x7f0000000100), 0xa, 0x700, 0x0)
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
madvise(&(0x7f0000ff3000/0xb000)=nil, 0xb000, 0x2)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = socket$kcm(0x23, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89ee, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ptrace(0x10, 0x0)
ptrace(0x4207, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdir(&(0x7f00000000c0)='./control\x00', 0x0)
chmod(&(0x7f0000000940)='./control\x00', 0x9c32f69e6caa24ef)
lchown(0x0, 0x0, 0xee00)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x854}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001d40)={&(0x7f0000000040)=@proc={0x10, 0x0, 0x25dfdbfd, 0x40}, 0xc, &(0x7f0000001b80)=[{&(0x7f00000003c0)=ANY=[@ANYRESHEX=r4], 0x14}, {0x0}, {0x0}, {&(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRESOCT=0x0, @ANYRES16=<r5=>0xffffffffffffffff, @ANYRES8=<r6=>0xffffffffffffffff, @ANYRESOCT=0x0, @ANYRES8], 0x24}], 0x4, &(0x7f0000000400)=ANY=[], 0x50, 0x24040094}, 0x80)
r7 = getegid()
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000580)=ANY=[@ANYRESOCT=r5, @ANYRESOCT, @ANYBLOB="020002", @ANYRESOCT=r7, @ANYRES32, @ANYRESHEX, @ANYRES64, @ANYRES8, @ANYRES8=r5, @ANYRES64, @ANYRESOCT, @ANYRESOCT=r6, @ANYRES32=r6, @ANYRES16, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="080006", @ANYRESOCT, @ANYRES16, @ANYRES32=r7, @ANYRES8=0x0, @ANYRES32=r7, @ANYBLOB="10000400000000002000000000000000"], 0x94, 0x1)
fchownat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0, r7, 0x800)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000004640)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000980)="4eae9cc396dbd299fda33cd87b36a1b52d52568f38332dcbd9ab3b4dffbbc5cbfe27bbaee211eb4f9d858a9eb136ea626fed7eeeca002555d922215858bb10b946217748694e44c9b6dc2df3e8ac76799da3ae177d95bbdcf176e9e4e99e82e8b002ba87d93e5837e5524878b8ca20a0b1af1fb3c5127e38f9c1ca2a1db33722d3d906d7e1d47734ce6f134b34acf395272cffc29550ff1b30d546be8bb76349984bab0cc173df6e5b30e42b2c18ed489d692c3c0db2b33f8f98904547d5c8f4889cce9adb9b9acf4468be8e74cc5843a3dcfdb14d89874ded83e06e552bce93c675c3e36e10ede22ebd396e28829457dc12bc238c36ecbb123370dd9608fda6e8e29458eeee03e5ae28ed3f941ce4f618f3e38ec69689578acb244eb5e5ad14a2b78785c4bbe67b0a58a3f68dad544ebbc86a0f61a56e7e8e87ce3eaff0f69f5be7f66aeec92235db59976650b8da41bbb2200c5482e17c237922347b02f2e5124324764267c9e934ac4d5985291f364287676f74aeb52b25b2944df64f1ba988b80365b00e2a39be0804a4743c51633771736ac85e71e2488b700abcad4f6b5e762cd54780a9f8c564ec60edb1e3a0125c8acf5ddf496efe947004aaedd31058c0207c1d8620333222c90c15a620e1c53061859e9588f96170d132fbcb35e8d79618039fbad358cb72c05b2181b366611a0d3db665f6e5cca0cf329157edfae356b154b9f3cec298f3dbfd80c6904a33b804646a2a4bd112c83da07eb40c71120fc1ac9132934eb6e22e7ece3f14946f5f79850b47c1883c8266443c55d2e6d50216865103ee1fec931355a65592f4c0c3c565b196ecf12b4cc8904c249429f05875b6e8271cdf205f529d6b1cb8203869d25caa6f33a39570fa4d154bf41e5efd3649805ffe52b1af514683e1b28a9607a6cd65d663035ce0615d5f85f69884aebadcb90c2728bf757f59b73227ed0f0c8ea96a025d9a6faf49d5fe6f9a93a2cde4640eb5172fc0470c28cecb8e85c07774e58f9cbe19f5fc4de6c04dc9f4bbcc07425916ca576874bc05dfef605d15d659ae549fd6032e11314c1284ca4bb20d26cfb095d45115b1cbfb4b7ea08b641092be076d335d5b293922d348ba19e70253df0004fa8f39d157b26dd6f7af4e10c00e35187f81d1975184aa9cd2da093343e895f829f04576f18fc7d0adaff99126a3bc3ebf01535d71a95ea4fc7ad6541cb354b47b9a1a198b5dad311bac1cd4e63c4d727ea7aa44ad078318315ad7bfef961890ea3efc386787fa6999b0e6c90d98efefde8dda7fee00367a800d728d729496880b3f5cf446b1163ac7b14aa4bb0f5f9a894aa1e1aafa5ca91839303383d01134ec9147bd08cefe1ea6dd1b0a3d5813c3e13ce255940277e974173dc3dc24f4b9d67c21faa0c12311b000652e36cfa0caf912e3d97f79b22f5bbfd341aba02efd989b681a721efef624dda83cdd83affa04d2e585b576e91f8ff84c858db04527a0658024354fc9f32a80494887f27589fe5b000a04537da2bfcf46661360c908714bf392f372055d0234f51671f94e8cddf59015a882e6b4cb9105aae6e0978a0158f52e5bf270eeef2f33dab986dea0858d6357b90a11b9a22dbcdd80776fe1c03589d8c37b4797ada0ba5145fadeda1927c0627da3ddcd4f6fb3fd4f5e9bde0fca21eed59456c96e40d137f2232b8279378c258593d6aa63b709c05ba4367b7aa9a9f37f151714ca50a303902d4044d78102410a1d19f33c05da5154beb8121692ec339c18e429740b1fe49042fb58bd325c8357004619aa34af200befdcc7f2b888623236acd91c6acc61eb16a28b98074ab2f0708e998ac7ab8ca1eb39c629c41af1ae844178a44f70c06a1d4c03409661cd0bf59c93e8e64c518be0083fe066d0bd0fe342deffd4a59f1468009f0c9f5c25de06f7d0a8b4421be6228f22ddf2a75c11f300863f2fa19769ed4dcae85c812e512e3b2b07d63287b9b98bd82fbf5fba0927e00969f03e7decb68fee6291cddb5c6d181a72b6d4fe39dbf207ca5f9db1f144738a7c4801daa00c9d5bdf62289298333952444595edeb46d8a61d9350188332c4f1577f8bf0fca916b52224ee57fb022e486fa10f929aa8be2a82d3ba69c80486b3a423cee8e943ad969ff011da34d2926437e798917827cb07981a27a3346d3a0ecbf4d96b2f6a8a6511949a325c8fe0c4134d9d4f32fc4a8f1ddfc45381ef8e3576a5d1e8e5b4af1a030c1aaef4266db690e2124de55fd7227f6290028e2e074c944d1483202bab0151c3404f36c2139d9dd316513f4265983a75bace43ddfc1cae50f11f9f951c93f5c2785cd3fa12907f8cb42f48ae14ee306881b77d1b2265ab511fb9792e42893430c9630d87caa0d8af5652ddb5bf00395623c04e62ca1b4e67cd45f88867d0fd5a744533d8f93e1b82f2e7ba37969eb3d491838408222882781f4e74cae65e3480ea0a2294ec661f145d0c676c8ad6eaacfcb2d3439adbe92af3558d7882d8514335370ca6d2d52357201e478521bc61c0dfe66f8a9c01a5091f8ab5a3aa443e2440ac360b189ec5d5b4340f65e6050fbb88194774a3aa14b6502d7d724022101f21ce709be2cb3a51f726a69dc6c6adf03fb6c7d850e2c1afc6a390e0b79555dce5e703d548b181436e2072fdf39eb9d9257286e29c2f0769340168e2cdfe9f8527aa3fd27686e359dc930bd95c46580fb427e01473b7e0f04c1f4d94b1548591358cad1aae0a4cf7a2aa9a816d23f004edd9475065c9757e4f6bbadd54cba0967b02c6453373d09183b36787aa44c2a4b78539345e396ebd1a5bd408027efa3503e2b1c0332affb4ffd908ffa2161d933af431039e56575e9149c2f75aed68b788591feb5d0d91bd282d30807f4c37eef4277c80304f1e2431c02ae4e0011e8953771aa8dce1463af60ad18e4ac7d88e3cc3dffafd6f1d51c5b1dd251a0829fe12841c75bc134c2449ead63c9cc3f5cb89ead3f74e86ee0939e06a533466b6beca73895a3d88c959413fcb5ce74fb07c7f1a553de413a65aae9d8afd630532530c820266a7af7da5b967fdb272ebdd64d8a899ce07ed2bb541c147bbf45f5272bea84e4ecb0399f23e317f24b731b71594c4bbb5664258607ac3d54582bfe73054239b5aee029c8bd08fad1f768e415a65bfe0c261e1c3c1b02349841aa0073b018b804cc5dec523ed620ae9f732e67cec81fdd426df7b1e6e78084a88d746e7f7487bfba37706adb06ffe81f894448b77d6bcea06ac755f0220b598507da7ab3428ff75be4cd1100becf8c08294d5af0cd87f3cd15f5966886bd4b8ec7e48c3995e58cb611d837b5d2c1d68fc05b526b0e5c7b751a53d3f79d6625814ee062b029690a6cd72de0e2780668b10952796a53afe255be291e8e4f7e376a02674f029b5266ddca9e85a8fbd03700273c0bb6d53f7a511bb66cdd336d93ed4820aff3348437b99423e22dbe75f0e81a14f922885819f318cb36096cf1136b90d0d9cfd979a0367e886c681edc0c9e33b990da3da063789f66cd18d38727b1e16146804a4915748453aa055bbfda5ca73afbb62e2a0f304a5ce11433af6bb3e7cc41c089a9bacde72d61dc808f9766e78db34c03e99e1c519f555196a4d534d982bbf8e3e1cef5dd63df9126aa860dc13225f316e5d5eae2d09eb6ce0f5fa3f7dc9d992be98b367d013583f906a77cf0a1283b7cb61f722b87b15c41f24785564bd3d7fd0d024c4e263656daa56e2a54bddfa537e16c1f5eb9610ce5164478c2f1f7a0dbfe3da07a11c88f3b6852d3d79b4b0b408b023ddf9faad0c6de31e792c71d33f8ac9b3b95de0b0b7aa737601ca4e94e907409202874b7703453b937438601a06b1dfbe27fbe6f49f612bf98669898db652d57e170d4234640beb24ce168fa590a541aee7069b25398aeae466fc7aec119e72994474fb7c629c77f1041ce56d64b1316bf79e980d43c25eaeedf59258e0c44f02ee37d351e19d4d7b3656a82f585b9887e362a5c5e4c68ac3e28ef3907f6e007ed12198ed1c5ceec300e44e23eab1ba223c7350f74e76caec2d26f9b55a9092be92e2ee81d148dbf24e16f109cc33c7056e28662b84c3a01c0d9aef35143cbad7d0394165862242a75f4cf7122352f4d50dc7fba2fcc712e7db62df2c538dfcb43a6007a4f3c86e72ac863c4e0e0dd41141617458da29d5df232e5222b807411a59f69d59871a02876507f6502a79ad0d04e19573f869d14c299bce055404d73ba1b9e4caeb82d7cc1ffb5ab343dcc0b1280068d2f2677cee978fd1fdf9874b526a4ed46f5b12c9bf6771fbae35551a0cdb8396d664c2abf89354af0df3e65062f8aafe2edc54f918bbfa928fef7ac7b7eb74fe543ea16731b7cf634b0a5f93227d4f3432fd5642a8d9f6f7f73510c549c30cc1eda91a01b936b0a0b1068aa5bfc70b85933145320869f1430250f63c71306900b78acabe4a6b2a4ab14765148c1e647d7f95d116edb538597e73302c17ae0e3254d02e831fba81ac288081b0a20217b36883f1c25265a43b71eaeb4063854db947355e403e7cbf09f4197004f6c9bc763977ffa22b43e06cd2f2892b06fdbc5c0b04defca8d3420249cf413ba3f89bf164c45cb15e7b4816dbc438dfdeddbd42d78070b01545d4ab0fbbf3009dab23ae743fd586f51a08621187c33b04b04afe8c19ce89ca8ab505e4b575e71c9326fa9a1c9f552030f36fb5bfd3a5775dde9f9d90074e8081458848e2c5f9dfc42ea9625f29c536474675f4f14b0d7b2819756dbde83ba9a454e20895a8a90abdbe88248a200b06d61b1e056237f59c5d6018c8558ff31ffefb4923c69ff92ba903bae155d845f4a0135aa30de0edf8efc42962461f95f97ba8c9d8ec74aefd3847fb4fb0bff1830309a596d93ba3ed16520e01de4ddeef795f5a96027daad34574cf8a8f10508f546ec8d528e075731e2fe8fafd181cafc53315800eac61fc3f3f22e22e46855cf5cb54259cc316486af43eed2cd7448cc05a756968c0ec193fe46236a0efe35d9c8222ba1c900442fe207b899e15b5a9246c2a1b18c9de94fa4ea485a61c56eed18106305e6282ecfd299af203eeeb7fbcfef9c3b9960e463141a98a2068d36d7bdcf8cb25a27621df2d009bcadc175dc519446f7b3c9e77c9fd89d08086a8a21a9f03175db0b4858d5495ece636199f5b852811ebb39aed475b8ef51d4fa7ae1a908b399e8e56e4a0a757f883bc09fdc4045f6402a1026b4823f627b988c76fef73a0ffe9b2bd7209fa35a569b2782733a4bbab217ffa6bf89be63f46115647e0bc61aa8d3eefda3c462b59544e5abbba9f20103b3d6d94d79cae7ecc1306d1e71fb189b13bc40f0a7294f210b1663fdea1f3d5a64d6618601d5cc1dfee2aa930fccc6055a9237266f92c9794e12e601ca5763b2a2186ceff7559f2884041f88a913f1ca444cfdc505659a863a3c42a30d3cad57199057b88ee8e5e4fb44d67c8d2dabdfc9875eb0373192afbd17e194226ebb4be263f22448ea23f7150d23265282bcb33b6404ec2c889a39f095033582084b88c45cc48ac88eeb28c3c564993ca3ae8e5902bf7cce6f91ffc6bcf29f3a2d96dff986e1b12490ab72249f2514339f851b00f1c2b85bd91b410f4316cc4d17b36a793bd7b31921ec0c675b84e4251a91de3161b57cb11643ccf393054432ae0284a866a98def62880329a42fbcf14422df029355c5801fef59e620c827ab1f89efd6038fc5606c244b1013469488438cd104a3a7c6b6f1f3b", 0x1000}, {&(0x7f00000002c0)="a3098a93ceddff7c69e63683bca8e47083cfe47b9f1c9f95a5fde770570ba4ef072ca0114ec905410f1b733887efe900b9f585f9679988e2706fc6dcba3694410ec13d3c427ee8b1b5d065a9ba1adf2e1a9b64e00844c3683e42bf17405527faf69e90434395114b3b9d664e30bff6f822b45e51e21b0f31ca71467bf1a177bb13488c8ef37ef4d65c3975711a88d0d94a06ec6eff0f76b94e4812e5d4943aa6b86b88a9748d4e87e5280e8e113ab9974c0bc7e9d8e65b184acfc77e05f6df1414d36b6395d17d0463b35a07818b77e84ae4ce647fb6a06b0a3f36efab", 0xdd}, {&(0x7f00000003c0)="07ff2f7945cff3947e804e28b77d66d2fcf51bb0e151bbd242f78bac2bf72a28680e0330594c0ab6331852ae654c6505be5f6b34200dcddab8b01290d80b03a02b22eff5b6dc89336c41ac663c6a1176d726de29c2898d154b81af6649395528df5ae95aa0b4ffa1438ecb87bba8603e710a8e9d91eba25b18aefdfd3d9b483f4ac012a00b29cb9167b39cb29f81961f8487deade88864", 0x97}], 0x3, 0x0, 0x0, 0x48000}}, {{&(0x7f0000000500)=@file={0x0, './control\x00'}, 0x6e, &(0x7f0000000480)=[{&(0x7f0000000680)="83e5224a8a8cf4e0dacf539f6deb06ea1b70f1a02d254f98fedceb525725666c0ce09654dc2ace9d49aeb1b12e1b8aedef6d8f7f761eb3a3c4d3bd7a0a414d29a8de0e534826fc75d04aac7a04ed5aa0dcedbe3b631724bc7d544aee11f52f8ddb40f7802955eb1e1a3c110239acafd296ce705257740f3604d4164b72a1b0786bbab7211370686282457c8e7e9f7db948e840937ea77865b8afd893c2734efe703f651de6df11e58b6d3fa2049f7793f0891e7d2722c18a6b5243f4184a6dbf716392b66bebef7c0db2ad079678860447fc9e5d7b91680b424e32baa5220c", 0xdf}, {&(0x7f0000000240)="3bb1bcaabe708f4f23f3be44709d4c25992c77edc973090fca7efe9ad43d15aef0e7ce4b5f91f98095badb5fe8fda1", 0x2f}, {&(0x7f0000000580)="c8733daab040790db94d1a21868051f9e5f08e8edabef32ba77e1f5d0b9d24dae9ee75093ab0fce2712513ada14dbe729b85507e150a4eaf1c82fc6071346c01d23dfd58af46bcc602d4c7a4a7c85bbd4bdad0730590391e824c9be8f864ea6b0e78dcd1", 0x64}], 0x3, &(0x7f00000007c0)=[@rights={{0x30, 0x1, 0x1, [r3, r0, r2, r0, r3, r3, r0, r4]}}], 0x30, 0x20004040}}, {{&(0x7f0000000840)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f0000002c40)=[{&(0x7f0000000780)="f894f0f3ebbaf43264cb169f6965619fac009a904c6ca51abde71b43344ba41ecc5e23b0f3b3342b83dc11442d62c3998ac9", 0x32}, {&(0x7f0000001980)="0481f7fe6feb4273d6cd7593ec0376a123945f611353fb7d4464b231be6a486b21bb54de0bc5a8c237eefe24f18e45de2bb23cb5605ecfba48c42a4f5cb5040215f5b87514b753c3b398ff09909bcdeda21fc50751633c9d59082f5eb4506ace5559ae3db6a8018c64e198205c23b182f542777093ac3e9ea4e5e94a0c624ddc119b31bfaeb6f5453ca3218282efbd0f0a3715af19560b618045937ef68dc71dd72802e52ab208bfe215986989e39b72cf4ff0e39044e8b8a7c98eb8c696dc15267ff8daf93fc8df32696ddd2d67ec57512dc2475d5c8f7b5ea25a2a6773ef074516c25750eb739664b55c52b0d66fdc90d6efddb0", 0xf5}, {&(0x7f0000001a80)="e796f520e3ffd7f88ecc77ddd0a3cf3d0742f95e9175de18fad9974371109bbbde918597a75c6cd8246910eddfb2d0b5c62da446b065e3ae24d094e8a17f13a73377531b0bd1a02a6a99f1deba00d663aad1e3a8767f778e6e6838ad8d5e251235172bb6747c8b4afa54cdcc9ec9ea41e456a68cd946b97610a38b68e3d9b5cd9b941c4adc07e222124565", 0x8b}, {&(0x7f0000001b40)="1ddbeac97e15c1fa2cc1e52166b0bd498b335beb930850cd4e4f098acdd08b783e08024068f84669cb71ce18a10f9e77cc2a456367924f7971294d8d431c8b0f6345c444ed68a1b40ce550d67cda4c1e5375818028df79b3b76a6d5b7b7163e059efec920e5cfca47048b78cd3895925b2183d2d111a9d8aa7e2e121100e60fc14e8834b80612e5bdca93eb7969b1bc3e6cb1b65fa43974502381ec62cb385c3c65f07b5afd28a39d139ee01b50e07d43b9853dc7a6390d0776553146f18b89f8a68a4d230fe08e54630904530e9fe25714aecb60be37759", 0xd8}, {&(0x7f0000001c40)="6666a898cfd2fce0abaa17b9ea1eaede5ab5e0209a472ea5978764f722b1da326582972d8c9cecbb99b80ed822e50dd44efac6c9fe92669f1519dbcbc6fc42b69e967a67110d3fcb5af424a41ebbf16ecf921e33c7159710329f1d49b13820ca7c5658b8a004310bde83c4b500fc666bc4fed7c9c9ad082aad8ff9cbef911e8182952a9141648f19a302aace36c2c2a2830b95c76e42d935801105eac3c14770b971fd3b62e4952ed6969afd38fd7631d204a05248b4bcb1120346f80a710228379290dbe3a31935884327aa839d5365e10d8a10153e250261df16457a40174fb05806fa7b6b9f4eb02f2b3affac073c43f11f91b82a72fe9af314fedfddd4fc0822008ccd62798de5149c5955726f54a8aad8b8348ab08d6543527426c34217ef489593f14f0e5b4add37cadad0d6aac64d23164134cf630fb5c4e0794d4fa7c62db4c79f623d3883be8f5a42556baaef4b23d98d244256f71068a03068b6453c9c31e81e08faeeb7be7863022849c456e539316d6d9fc5282860cb98220eabd12f2dafe6a598d2a9c351f3f7b0763fe83253731d74bf7badac52781d85cc4c6f53960d0677451a9d78586fb5358f5f12c91074088c2af89568e6146e624a0374ee8fb0b68e79019f7ba5fb04f0c2d9a411deae2e58259a5e68bcda62ee0aafe152716a69042bb811bedbbbb5c2f7a32239b22cad93a8cc5fcacdb5e1e18e284c52521ba6a1aebd7efb2170da881c8c93a43dc373997edf8728abe25b8d9036805b2f9b7f9392663d37ce8b455fb143cdfe4f69ce89a3ebd5ad6e07424024eb19df06c2a1a9d9a2940ebda926a9dd95d7af2bda38e94ef4436635e9cfbe65d21097e4f3ac8904ee010fca53bfdf4710fb1cbccb304cae92751cb69b15dc5bae47ed12c6ce5a29397e360182b1a6f75ca698f82c414d45adeb848f17f0396614d6639a64805c401a6fd15070330ef49cdf8e875e239e8877b9bac20aa7d5ff0cb66a82b1783a98087c591ee610d5ce0f014cb8595dbeb927919846948c2272446fcfa32012be72c89c0837f29d24908dba761ae0ad4339abc916a89f7cfd33b1152075141143c27e63fac706b35713602deda59ad06353c1c1c5f32ce1ddb1531e237f21678ccf0722afd32f7faff371430a6b45daa495f445537d48cc5daf619bd4f8cad46ed7531a00e86db4497c67dd3870bfed13a77395a80c9d87faa5e6b7d83bf93db2763409e0c08b5b3e120e7ce850187e5d1769315383f11601f7365890afad1a3ea8f86fade6916bec8722fc6a0353fa9dbd38ef43177acf014dbd8a5b5f978e7f85c86b7bdfd16d5ce45660fa3d2789c3b3382bd87281d9ea5430381076a5671e8c3f36321ec432f09a55f1f09cf01f1800c031dc25b6091e819f3e2ffb9ffef59163eae28c3e4403625a76c243c095d2391f74ef8154776a7100e151842158f25dd72421855dd40c5d457b25947ea13b3b57e74a0e3668fd5b884fbd9d5c294964f23c66c1f81da4b65664fdd2ad7a8c262d70de8a361d8a5fd4c4b575d549065da6b2210f330ac400d29b4d00a65e7d3b371ee7b6c94f4272c8ba2f5417609cd1266fb718e726a387398af59caf93bb92fd5cb5c31c19ec749369ac84cfac10c354a1ffdfc950c844c435a8fa7e37bd297ea6deb428d18fd7a001022da5fdd33f5247acec3d24ad96256cb5359881dc73c82fa164ae90d22ef4ed44ede9b18db1b547f62c316020fa4f4df4dba6f215b0015beccd33a18d9fe14304b66a4a48527ff7325fd65c007b2737375b3dec44a37ce779fa7d78ab1838be1027c41dd5eca9f0c560b5636b06508e68b0a8bfe0691792e62b2d33d31813b0fdd60db83943b8b105301e0b360d5dd40816fb1be270f58b83fb4e1b8fe82525081ee56cec54c336a7d0275bae181a4adf95221982b126bd5ac08b313e7515f2106211e920fc9e31e6ed6a2163a3a0b55fc9257ab45d92ec63e3fac4d8f6a55d0a17033b63c3b4ad30e442cb0c5eb89ed5f15e74410408a81f47ab260029e0992d73cfec0f11437f8e4c69724df7b4d972c11bb8a547d5fa534a7438c9944efda8af724af8107ca9ef2cc0eda3e0aadd3d5c6c46c9f7e209cbe74233575753e0fda2f5e59a0e20ae427e381f28af9b4c4758b108088141c20ead2ed8aabd058396cfe9bc710c0ef7c74b67d95c027832fb38b087d10e18816346399fb79b3e60040e17c64b20a049b0aa5e1ece290a034ceef525b9fa7494d6bc3a3d8cd64b8cd0a715f0ac455bd818c140517dea5fe868c8b3b7a50bc9b3b7fc4792ccaefa6bcf00ed14765ad64843b894988e83f13b878e044d2578e3e83f1c56677decf35d53bbf36fdfa79af9ae5b019e7b2e5ba32fb8918f62913392376602cd2ae1236d14ab3a65d1e8b72ab752526f27d2c52e9ad4d14c2746302b36589cabe516b1e32e8922b889ccb68c133a7017bf031e449957422ddcf66d316c0b46ac62364a57620d087c091d99e2e895370a771c8cfbdb7bd9b30e19b4ff636a4fc8f6c9b19d7aec5585475ac8eeaf4bd1dc6ecf2abbb82f50c62f3a3bb05c76db3a0851efbc20e5ea3e3986560ead95a7599907e8333bab002d774c7c8d16e44cebbdaf6d0ebab7383e7738f1a7f3ad183bb9b40d83e80d935993282dd5d2963aec6ab6a9700f2ce689a44efc8e136c60b3991c3d621b77bfce7e8eecbc7471eb68b1a233ef1194473d91dd29e9195e288d75dac0fb744ed7d5e0d5331df4fc779087a05463c114247de426c7db635fc1b1e6452b030336c4bd16f8a611ea438490e53dc4d590acbdf249c6781619a07aff4f85cc11ad5304d6151cb81a700dff490d6560295b9d93a6f091a39e16afd7520b1ad52048c1814a8112c6b82993bc383457b5ba6eaa67e8c55298434bccdd9dbfaaa2235f96a5fbcc1c551b3823839b70bdccd26a2a7949d7abe42adc1c637e1bb32e2d198c2bb3351c9022f5f0c8feb1ece7e5d631909a3c98fbbf0b4f03749b59fcb4666cbf40bfb9faff552285c2f9be37a452d2c90566a220f5213a6f96eee2e9a4a8c0b4b797bcd060d54c0b174fd77d4270333d0bef1ed79d67d28fba92bba680dd07ba0138067100a5549cb463c16790a28a3f831b3bad4bde344ef57be688bd2b74cbca88add97fd7aaf18e60e0b0fa04f14b3b17ed40e9ca7fdc1313d6784b6494f9e26b2dafb8336f08f7eb42e320cda0c3e37eaf16667671ac7a77680890e1ec2df6372423da04187d01332e88e9cb83265333383c7e0b7c02e40af9854f8e40f78f2ff57dce9ce778c2b4718ed1ac814e2fc783a86856a93a439e8f016629ad58563f45dd503622c9c5b5660a903a220935d1cefe78b72dfb401b3de7c261afe59fb3f0975f295b17fa3d4cf777a0bcf1079a87a7a94b27fff491237aefd3a399f83fa1537c6bfd7578e7dd9f098993feee3dedca7ef57ca6a51f370bb9ee7161b5576bacee81b3be4c69ffc961371545323929ad65adbe8f556971444f9d35e4d3ab491180e11820b8ab245798ea12fd7019853cedec385e8aab9d43cc72c4c0cac904aab45ab6e88db547c58ae0acd28abf9516c9165bfd7dd2ac3e586ea476a3b8b1cd0b63ed01331bcccbcaa4056a111cffff8739c6c963475f318c208f403d4cd94a27c28f0ce721cfcf16fb4b334055a70c976f16e6c74881833b24b158644b7f9d197656f248a8ffb85c04bc5449e8e3e3f3000d75d4e08b865352bc6c8a489786280c74653097d1f7566dc998aaf14c34e22b07f8d7a5e070560d46b7bd23efa3dfcdcfc26fb25ef5e51a4dec70a424cc3098ce7c902c160ab995b546330acd0fc06ebe7b5791071de1ea7f0c9d4d532ab73e842859a666b330cdf75605eb3429038833808814a1169722673b4a75cb3e32bb51af0e9b94c800589fc9952ce9e51239f84fad6228dfb400afcfafe9a0a11187ea707b495cc7a3919aad0a903195bb1db30f603e393de0e2ad2792df66fdac3fb1e27c1aa489f73e70d0f3bff67ed7322a542944f85a357e6cca582a8cc314a79ea220be991b34abf52e9e6d045f3f06770dd20a2ca150dce894d61362e6138a22d16ab0b08f9a4931b28b6d0bbde80c7d0fa902697451d6780fa0c3851692a40f586f2a1d2186966458c8a06f1bd1c9a4c9ad4933b11dd75c757e40cc58fa88071261ffb3c51f9272a42cb681740253619431f636a745db9feb17020946c7ed6afe979579c97f91d01ec08ee5b25412567f65a69ddd54edbefff08d92de752a872812ac8e91ea3abb5f7aecc848a93030ca97ec3b9e5293578d0783f768da8fe09d6ee56de1cd256165261b958f22c54537da7a13bdffb9d7cce7343e96437aad0879d28389db16c680d3dcf0e6dfc5606a8ea1723c73093ce0e978fbe36b0f90b500c787c4ccf93e37945dd4411ecb8f2c58678423fbe07d80ed3384cd769a04f5df7f48840ff5528b4c87e16d49018c56ec367c7a34a0b342cf8a6c92f7afd6e0560934f695e117b55b790dadd822b1f7793ef9341dd1c9a5ae6fad068ae7b06b122ecc6fd6ce2fc0c0fedee5ce517b4fba61b810c9dce6bb8c0f99747410c83674bc7c8af901482933af8831523c529a96688dcf3748297b100cc2c8de5b0b2d244516f3eb9aa47c23e03171ab44edf7db71a173ab37272c039eb9f9e078acc0f6adf7f43408d98a98d593b7d7980b382f75024fcc4c31feb37a454ccda7ed9fdd402e438af70fddb71b5e421e77fa361d1ae81aab425111f69f1a23a231746f06236a729512d3d10dd35d0e1d635f3d1728a73bc57cc9ed2035fee6c9083b0b75b42f28b5968e88101ec940eb29aa653319bc2966bd1de46ab3858dadfae3087190bf74b9a470a602c50944c5220400244e636a7402ac70dfe83d225477c4d1b513592ddf12ff6813b2cfec0d01f583763ecf1d4bbe6206d422e4f170f022e5006bf05259fa8e722998cd8281f21f7238de31ce617110e8ecb9c51bd66195c2c4b38913669ba0f21b7f2793918225b97757f734cb470f23bcef382bfab3574ef68e37c1061edc53e28513bc4c420cdeb72d553cd0d3f3f18ca11b5ba44196a2cea93f81e09c6bf18c982c9a5f242653457a1e833049f6006a4af9d46ca6a00de2ababd25567a2ccfdbfe7c453d2fb0b5c41c1bc05eca0da55043b389dfd00ce22850a756126e1ef08b5c421ab0e40158588722fe18d6275bd4fb50dba98322437b7a3983f2d3ef0c05a9964520d6572aae3cd337ef5855a1efda8745355d704c7ac133064b23940cdb42a5cede4a31d393a37550e5d92ed9c9780458711f6d502bec2df139d49af8eb5902df2fc460e1c7de524f20c3d5efd952bc43157d2757b6dd4c7af78276c62fa669e3d87580f01bee7a6e430414e61c886b17b42ee37e744c7cd02fb08d0219bd5067d760311afaf9e009dedd969637cfa88cc1478819a34b74e3d18fd27a015d36e97f7dc2c0a5b7977ca0a177bfe4f600af66b524a995c6d0a1ed5c519e09bbba519599d7b7f841f570a7c93a56bb7b8c83d0093f1b85336f6c5df7738afe8bb12d1a836304425d4d6c19325956a4e0292c899ad1d56b4ccfd26f06a1a901c91d384b5cf4f3e20d14eda913f3490db7e3b95c67d6b961455624651c7922d7c0cc6d8b392ef2c6ee8d8ac2d9f5975cc9af36428ef19d26962eceb9ce5a30b66d76c6f31762aeebfe7299d3082b36213423d28d605b79fdcf29fc963b33f2406d9f0e63557f7c3dfd848c95ce907559f1cba1502590e225bebc7b9e498540130b593b370c56476b76112", 0x1000}], 0x5, 0x0, 0x0, 0x40}}, {{&(0x7f0000002cc0)=@abs={0x0, 0x0, 0x4e21}, 0x6e, 0x0, 0x0, &(0x7f0000003180)=[@rights={{0x1c, 0x1, 0x1, [r1, r3, r1]}}, @rights={{0x1c, 0x1, 0x1, [r0, 0xffffffffffffffff, r2]}}], 0x40, 0x40}}, {{&(0x7f00000031c0)=@file={0x0, './control\x00'}, 0x6e, &(0x7f0000004340)=[{&(0x7f0000003240)="00b02c9072d2ac026af569b9574db3c9", 0x10}, {&(0x7f0000003280)="fc192d6a99f049d0fdb6e9a1553e4354a987f46eb338d57843cfc2b57835a92de0304fae20051eed4aa3b4e665468e185fd965c8b5ff8578588994d0f3b960ce763d53a3b97a263c7998a724bfcfd4a72303b7e627c64fddcc9f78fd4507083d7d2818b40fdf51b7d29f9c2ef486f44f82ed83166486260a283ed19c64d21264adf1697be7c6270024c5a6f78e234f63b2535ed9b22733b18fd73090f584005806d09839109f87735e55bccd15485b656d07650785acbcf421807745972a98c02ea1ce4516d96a65ed453821e4d07de80d99539ecc23788fc0f3f49f9a30f7b97118941c655cd50afa6a15b43bc329f7c00f78ff24ca47fe60f32ecd4a6870571b7565abc2294db3bfcdcfdfb129e910c402efbdacaba24a1a40543f27928b078fa4a47109f4490c3272e6198206ffc120089cb45da4719d57afc9c5b951b0439dacf2ab753609db769432f7287f989d981639236ca87d0f020fa14d90bd72f57035375b9a62ae7288a027cdf95dd7e706771a7ec345ab13e1be2c57a19edabd9fa9ba6227025589f608804c4bd6a512876fc45ce5e9873af24a9d2531dd49717f806e2bb9505a9e633432c5cca39d5a923e8541de80424a86944d38dbb49aad0a3f508c9e4482c14806b556112974c0d0b6fe57e20f6863d0167e3cc6222b97f7099f02d373ee01ff56e18b060ea715d26dbcfb0c1cdaa203a79f6197f04eceaeb0c22c3b3b493f8237e6894663c0dff4d81da0ef2146881f30ba62b20089edd049f91168bb4141ec2f79cfa0b02b9cc66f4fa253f8cf2df6579d8e40acb81f36d7631c2640deea5c9152dac6697d41b66f59f4156ba0c332c347fcd3434994b6c681d213b5797ac5ebb1f78cd4111c7c64a3eb9470dbf1424b559f03a28ab81755253a83e133f6b696a4929d2fb73a9604716f61ad7aad138bd97405aca51b50da127dd70c2601d39a6e5df506856d75376695f1092e263ddb3277cdd4e01b82abf295202f3814e923c242becf031d9b8d55b512c44eaaff1aa31929248e22b23a31e61d0a0f8d29770d0c5f1686ddeb55e3512a06257dd82fe7d7100667aee66ba6cc9a939038f8bf74b4aaf355bcd513b848d9f82f6abff97d7eb3de23ef80c21e3379598734cd57529f3330e8978623e7c534e14a0135e1ce130097699cb45b8bb4ff2802ca970b0bd85269a4792fafd688e66e3f3ede8a5f9d4236c099b61c1b1b1e631f5f9002a3f925bc540e96a6842d7eb60093bb1a2bd88917dca1c120d6addfdd7c0d642864d8a60264abc0b30a82def57f8aa6805c5de34e7354e689b0e6a66b88f141458202f49d493d3289fe7f26541c281075e7ff1a67fbf5a2ac9301f8a07bb6c765a92bd4a4bce7929d29b6dbcc431ad3167a64e0988da2c656ef7db7674e45b38066eeefce371591769616cfa44501d7c69c3feaa987065e59809ca284a488b20bf5b47aae61faed6cac844ddddd17cc46f74f6844a160fb259f578c5bba787174508fa7279ff4a57f1a0142e1bc584a4b9318c15ec8e0a12526bb3923e24a58176dd522a8ad3c09715698d1d9cb0671366da3c9a138522af1dc11c330adc176c514a6000316b572d4bc0a3d65eb3e904a6556faafa9245890b8ede8bff8ecc234eacb89b5b3a21010c329a5af0b726401b7a5845e229a8223d030c3bddfdb1cf95a22c7618f29c33f7dc652462ebbb5894255453e310004b35c12349fcfe213c26c73d32b84785a46972771d392be021d05accd5f5cd33db7d7ad970ec3fab078a9189397d224a737c6512a321562d08df56c9a94ea87f0a4f46d23f5a6189b462392457016fc3dc4ef72a5d0abe264e482c2895bc9e3a5e001cdb486f2c73b8f88b61f6c623ced51dab11cdb06ba93148e7ab3354a512ed665380b526fe5cf5858f22e473cb335847651c25ea0bb7940ee7ddc895694a8b03df12b6212c4c6e5eb17961e5d0d65e339b50af29a6dbbf443c78424f2967890073563c499b995e2ea9886e34630484055edce33c12dce9148eb63f35168fd9bc5c252a879a27e70da0a0f28d8514a58abb79f02fcbe667b969d5988fa4645df5a9b2971a6bfbd58836712994dc8a689e0dac835338afc3f9bf68bafcc459831f47605eee0f6e766f5abaf310b1d87473ab6a217996a7a0cd58c6607ecb9ad571e6dbcb22456a8538fe909e4d21c11ee241ac23f1db68d83453df94165b9a9d1c5e712218773480e0f576745425b81cf96dd9af7a0c6deb6f3694fac0e2893ddce92196a21ba3af9037d48ea4bdcc8c4ed35dd505447ac6c98439cb64d9b0db62018d667e752c66ff4692c3d84440055358bce097adf0abe35545c387e5832053ac611c46b0be20c83eaef2418971592914a17201de30528fbabf74fc3e8556ffb8e10b17e19453b676a93112f5bd95433979c1daeead9ec14a3ab477b0343266a6ee74dc372837a2197a16f3d6c1a02e9970015af370a23af7e16bcbea5585e76c999c021f6bee70a24ab3e52dd555c5b9a25106045f89f0c7a0ad1cc8d415778fd7382f3b563d52e9deef631b0f82a1d70b4eb6dd9e0eaa9d4273be4d7d06d0159ba91223179f9f719697db9c00040f937bba4df89904dbadcb7c4198013587c2eeb5ef1503e87ce870122d1b560592ef8c52ecdf2472f669e1233723b81bd32102a8369f08dcffeddb3b2b28b5ffd29c6e981494b3648327dc5f52129240122e911c1d1b56e927455c1bf746ca90db756a2187efe20708637203976466e7bca9d9d8606ec3c5d1b2af33402f96ccbc0bdedb06cf85933b943f3e9a5d70b16455ff9aee174d0c504abc20954e0e67ddc746181ba7e66c642a6bb9406b5fd22374d5c9ace441af4bc35615dec06e5ae4b45fd5aeef08707d26e17fda650781b1fad429fb3dfb6d2a91ba2e22316e6ec0f170070405930fa728825e83c768f53c647e25aab2b316451bc6e74038a60b047c98eed1b1e7014f082c936c352f1f4b7fe259b9bc7f085f9690ec2e2a0c74e0f1f4684c86c5c1314358eeddb7e0d7fc7ebaae9857545d7196f82e550832aa5d8f550483af673d30df81f196c5c5d25e53be770f5925946a099c20851a2f8bbdebde1b187af6c61fcc302cfe8084a77a0d0c1c3d3b9f823edce226c153f0b5bb0a7eef1ceb259d4a1b7e041cf10b08de49724d40332674e9de581782ea52c41a21469748deb33061a60e3406187e52043ee38cd8d9c8aeab132cbd32c1c488f6c4f6d7a7ed46d15a0b38425464175e03d5cf67b74332cee71657f475880a5acb2bbcaf18a8dccca7655631de5663d505bf664c3e2c4d4529114f76355577978ebc75c9192b64ee0e268792c195ce9d77ae18ab0e3da067b399cc11c1319af4c8edd0f86e19466fcff033bda4f23f83f4c83a1393a2c418bb0022bbf9dd4a92af07bd718c2665fefab40aa66bc20f12cfe9286727ab3f06bec7676d8d96c9d565da0e0c7fa85df1423585edb8865fb75eaca1bd302c5373be9fde6d3854861787065ff8eb51be95ec1000294a896fc3e6cdb2b58e15b8157b2556a93cd2f0ed953ce186e20397b99cb62dba3a152a74f2ab3d63b2afc7ea75bdb1f58ad0b959c77e607b7cbad0c1122d16b411a9a97132d0ad67467ba32894094e8871fb20d369e2a0c6373ce66e632654f241f6497ea0cac6aac665a52d076385eb8fecbe31ac4bd781f42498a17f94ca8fe185379b0c548612bd6acaa0a1644c66533fe0a351c783c79a06be1d8e95199686c8c34cef9d07dc26697661018a2e65ef1361007574cf3e2936b26b413d6eb68362d277072d2d68343f4cab0ab19b4aef11cd139f68c80a291ebc8e1eeb6ad392bca605454823c7c8eea0bd97e311a407c4fb30a94304fe43f5ed94b7077ebc15193c828641b4f8403fbf202ce44e55218d33cd533bd24654f542f8f50d16ed7ef2a55f3153b3e0d017a801c338d6a2d459a0e860c0c655eea965e7b6b5dab0760f783356d38a9da70c3d0fadf443e818125f648ba1bfba426c08ed34121d5b898cf40f2cdc3ff0f95db1c04ccb4dd7dca4ba539ff7620f89899616c305a79c03fe4ec2708fd8a05bbcd343b49c420d41a61e2e6ff33c2df0043c24bbe9b690ca7a8df479113f3b0accd5a533d6898f2e81239e68ac4c2074f3262dc667cc0ccc52f866cfebc0fd6a667bdb8c80b3940bfafa51338cf64683992d5ad192446ce0adbf34c1a803c637d9766027dafd2c052da16ef3263081d10f5e70bdcb90c6a64758fff8d3569891081ea8a4e9b378995fbbdb8a43c3311ea62eb9e4279aba1730aff3a68ba309e193fc01b06c6a947438c80b293f6033993e08fa3749269f392410ff85128df672322d1477951313050c270f39a6cc65ff5592292fae2d9e6187e646223e673dc00a8184028abb4a2e8a6a994c0e6321f491074e766a7577fd0719bd0edd5b14af41741bd4850b226ccd581630d0fb456b2c8de560db5063a6eb1740ff0d5a7299a32cc02dfa62389bfb5df7d729e76677f13b38cb88d8db7577ffc4693f4712862a102d814c434bf98a84a4a2976db521f317fb6057009529338606b5b99fa3a14e49decf1df8a79cc151010c456f9ddcf5f70505316173f4d86a810c0af266eb5770500adc318fea0747ce74c8118fcf53735fd6139036db6bd6b308b7abf7706b51396b8f7279cbe4443f5c6e85dc28ae221aed1b300d411a4e1d535cf7292239eba0dd48ed2e642464ba329a00c1fc6fd6e41bf651383c318ebd40eeaf1ca5be85cf0d6df35f1b954539720474bc3312f3768119783a4cc3d99becffff4339ac92ca875d1d49c1adef8a7dc52339ce15292ac1bf358131d4f0aee9cb6ea251a83c2be9a4b36875f65f92f2beb7acee928060e24b45fbc58ffa8ad4071ad0c429b177f40950a5703fdb9fcbcb4ec09c1c30e32338d8574a384cf5348b47b9720536dc87b254523b3761e5f9f1d79fb7ed72f5b885bec3222ac5da224b807a6aa29b2adb9ec090051866d32d582b675a017536b7c6e8fdd2d26e07aa45c57bf64b2effe099a7ac21d5cd0a3ffefe2f809dc622cbbfec53278b2905e76034cdb5af1e49e5da47452af289314393ded83870aa996c7e1f9375bd245d9d9922a1ca0b088bcddf6eea97e81d18f1142fbdb2c46869e698181a8fcb98fbb5250e66503f14b3d2ebbdec6304df02db5d3388814296da03adfc467de29d749cfbcba57beb29a0cfe4c24a8d58e43a55b6216e07e3c16bda173324f05c4c71d159fc77a7601692eb9d8574762029368947291f71db7837d279714dac99ecda6d16dffe12102805683e5b4514925e8dc63fc0a2e60ffaa7a7d8160b4d527860f354647132d4bda0e02abe4abe80229d0409b1f86b95eb56b3a46a460804ecc012746ab1817a3f06830b12d278677710af180ae76f0e369f56f13ed0efb7dc72b3dfa2af7dca6c8530c4678924888c254b56fe01b3bca4138b575e3c1d9583954c35faca2fa8d0b5759e0df9aabd8ba925af28f1f53d6aee9f6e163a466eab25c09d0b9029140dd3e96911e3fec40ae56a3b0127047249f1df12e90f06b122225fd27655b26ce36412f0dc507ad29cd00eadcdb80552df4597112cfe8c1c163528f4c2d71c8db2dec9cd665eca3585be7656162f9aaae6a7bc53d7c2484fcc1636889a62bc1495ff94ffc342eb9c146aaf9050ae033b4af9b49dbf9d2a1531484934d2124b222bd44c6b408c019cf56b2fab015303c3359fec361673daa90af6a41eea76222d0ddf600459ea75d394a89b514506ddc26d623f6b625d1ab55", 0x1000}, {&(0x7f0000004280)="6d17cfca5dabe41ab436a0841add6649b7f5a8cf0b0250aff8799a3ea62ae70cbd158b44ee77fb25bf763448478a0ed77ad44dba4ef887c5e9bd0dc08c535eeeb1b2f3d243d4b88470a48001368eb14becc8c3def36c993d5bc496f17d9e2459ef8b6c612bc3fdc165813f19ff265b63ebaaed66cf65fe23294421d9f303a79314f87b31ddead24f5fbb4d6a935074948b2859b84f79976e1e7e62a53314ae384bc665eaf5eb9837a403ad71752a7636a011ba542eea9ad813631358910b", 0xbe}], 0x3, &(0x7f0000004440)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r7}}}], 0x40, 0x40040b0}}, {{0x0, 0x0, &(0x7f00000045c0)=[{&(0x7f0000004480)="c96a3baf24763e35f7950b8cceb177f0163e95a9a2112054f565cde292acfaea02b65113985ef0fa58c3d487f4dd86b88878", 0x32}, {&(0x7f00000044c0)="cf688e5888bf60cc4d60b3f4a53252601490b6a89aadc4d244282d415dc5ef4c57757a1f92424615b288380f94c428422cb1d1a642c6988816c2c5f8607ed36a06bafc08c58f4c0d93659e325e7dc1a23f1ae7134ebc250fcb7a62358f27f4004f3441bfa4d305e2", 0x68}, {&(0x7f0000004540)="5e994bd2e6465ec5870b43bfa5f0b2af76d8674a699df112732744dbfc33f550f7ce414ae18a21e6cefaaf52c7dd9522bede45d8bfd84cc32c827e92433b927ad1d67c566ff506db", 0x48}], 0x3, &(0x7f0000004600)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r3, r0]}}], 0x38}}], 0x6, 0x4000000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
executing program 1:
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000), 0xd)
fanotify_mark(0xffffffffffffffff, 0x105, 0x40009975, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x15)
write(r1, 0x0, 0x0)
executing program 2:
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x803, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r0, 0x4040aea0, &(0x7f0000000280)=@arm64={0x5, 0x6, 0x2, '\x00', 0x1})
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r1 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r1, 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_MCE_KILL(0x21, 0x1, 0x2)
r3 = socket(0x10, 0x3, 0x0)
write(r3, &(0x7f0000000080)="140000001a004f7fb3e45f2024d2f1c9fb470000", 0x14)
recvmmsg(r3, &(0x7f0000005c80), 0x1b, 0x10122, 0x0)
r4 = syz_open_pts(0xffffffffffffffff, 0x0)
dup(r4)
ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r1, 0x50009418, &(0x7f0000000e00)={{r2}, 0x0, 0xe, @inherit={0x70, &(0x7f00000003c0)={0x1, 0x5, 0x6, 0xfff, {0x0, 0x0, 0x8, 0xe, 0x7fffffffffffffff}, [0x2, 0x199, 0xffff, 0x6, 0x7]}}, @subvolid=0xf6dc})
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x78)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000840), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r5, 0x40047438, 0x0)
ioctl$IOMMU_GET_HW_INFO(0xffffffffffffffff, 0x3b8a, &(0x7f00000000c0)={0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f})
ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(0xffffffffffffffff, 0x3b87, &(0x7f0000000000)={0x18, 0x0, 0x0, 0x0, 0x0, 0x3})
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_netdev_private(r1, 0x89f8, &(0x7f0000000140)="4e6a106d0103a9f1ef1bd2d08e33610b226f5a0237ccfb2d91866182b2d688a219bbe96e170c9db53b8cc13c6384db08336648be95a44ac11e312d83ea0042064d1246575e3c53038fc7c3f1ed5ba5db77b86b")
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200880, 0x0)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x9, 0x3ff, 0xfffffffb, 0x8001, 0x1a, "08400000c38eaad6a4540ad9455fb5031af800"})
ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000100)=0x9)
ioctl$TCSETS(r5, 0x5402, &(0x7f0000000480)={0x408, 0x3, 0x0, 0xfffc, 0x1a, "4415264a100046001113fb235902af2556c6b6"})
ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
socket(0x2, 0x80805, 0x0)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r7, &(0x7f0000000200)={0xa, 0x4e23, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}, 0x1c)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xc, &(0x7f0000000240)=@assoc_value, &(0x7f0000000080)=0x8)
r8 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r8, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
connect$rose(r8, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)
executing program 1:
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002800), 0x2, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000006c0), 0x0)
io_setup(0x6, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00'}, 0x90)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$inet6_tcp_buf(r2, 0x6, 0x1a, 0x0, &(0x7f0000000080))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x48)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000700)={{0x0, 0x1}, {0x2, 0xf5}, 0x400, 0xe, 0x4})
executing program 3:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x30, r1, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0xc, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x30}}, 0x0)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
bisect: the chunk can be dropped
bisect: testing without sub-chunk 3/3
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$tun-ioctl$TUNSETIFF-syz_open_procfs-socketpair$unix-ioctl$sock_SIOCGIFINDEX-fanotify_init-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$rose-ioctl$sock_netdev_private-openat$ptmx-ioctl$TCSETSF-ioctl$TIOCPKT-ioctl$TCSETS-ioctl$sock_rose_SIOCADDRT-socket-socket$inet_sctp-socket$inet6_mptcp-bind$inet6-getsockopt$inet_sctp_SCTP_MAX_BURST-syz_init_net_socket$rose-connect$rose-connect$rose
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_netdev_private(r1, 0x89f8, &(0x7f0000000140)="4e6a106d0103a9f1ef1bd2d08e33610b226f5a0237ccfb2d91866182b2d688a219bbe96e170c9db53b8cc13c6384db08336648be95a44ac11e312d83ea0042064d1246575e3c53038fc7c3f1ed5ba5db77b86b")
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200880, 0x0)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x9, 0x3ff, 0xfffffffb, 0x8001, 0x1a, "08400000c38eaad6a4540ad9455fb5031af800"})
ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000100)=0x9)
ioctl$TCSETS(r5, 0x5402, &(0x7f0000000480)={0x408, 0x3, 0x0, 0xfffc, 0x1a, "4415264a100046001113fb235902af2556c6b6"})
ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
socket(0x2, 0x80805, 0x0)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r7, &(0x7f0000000200)={0xa, 0x4e23, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}, 0x1c)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xc, &(0x7f0000000240)=@assoc_value, &(0x7f0000000080)=0x8)
r8 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r8, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
connect$rose(r8, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40)

program did not crash
bisect: split chunks (needed=true): <7>
bisect: split chunk #0 of len 7 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m41s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [24, 19, 22, 3]
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_netdev_private(r1, 0x89f8, &(0x7f0000000140)="4e6a106d0103a9f1ef1bd2d08e33610b226f5a0237ccfb2d91866182b2d688a219bbe96e170c9db53b8cc13c6384db08336648be95a44ac11e312d83ea0042064d1246575e3c53038fc7c3f1ed5ba5db77b86b")
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200880, 0x0)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x9, 0x3ff, 0xfffffffb, 0x8001, 0x1a, "08400000c38eaad6a4540ad9455fb5031af800"})
ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000100)=0x9)
ioctl$TCSETS(r5, 0x5402, &(0x7f0000000480)={0x408, 0x3, 0x0, 0xfffc, 0x1a, "4415264a100046001113fb235902af2556c6b6"})
ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
socket(0x2, 0x80805, 0x0)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r7, &(0x7f0000000200)={0xa, 0x4e23, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}, 0x1c)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xc, &(0x7f0000000240)=@assoc_value, &(0x7f0000000080)=0x8)
r8 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r8, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
connect$rose(r8, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)
executing program 1:
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002800), 0x2, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000006c0), 0x0)
io_setup(0x6, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00'}, 0x90)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$inet6_tcp_buf(r2, 0x6, 0x1a, 0x0, &(0x7f0000000080))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x48)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000700)={{0x0, 0x1}, {0x2, 0xf5}, 0x400, 0xe, 0x4})
executing program 3:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x30, r1, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0xc, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x30}}, 0x0)

program crashed: KASAN: slab-use-after-free Read in rose_transmit_link
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <3>
bisect: split chunk #0 of len 3 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [24, 3]
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_netdev_private(r1, 0x89f8, &(0x7f0000000140)="4e6a106d0103a9f1ef1bd2d08e33610b226f5a0237ccfb2d91866182b2d688a219bbe96e170c9db53b8cc13c6384db08336648be95a44ac11e312d83ea0042064d1246575e3c53038fc7c3f1ed5ba5db77b86b")
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200880, 0x0)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x9, 0x3ff, 0xfffffffb, 0x8001, 0x1a, "08400000c38eaad6a4540ad9455fb5031af800"})
ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000100)=0x9)
ioctl$TCSETS(r5, 0x5402, &(0x7f0000000480)={0x408, 0x3, 0x0, 0xfffc, 0x1a, "4415264a100046001113fb235902af2556c6b6"})
ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
socket(0x2, 0x80805, 0x0)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r7, &(0x7f0000000200)={0xa, 0x4e23, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}, 0x1c)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xc, &(0x7f0000000240)=@assoc_value, &(0x7f0000000080)=0x8)
r8 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r8, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
connect$rose(r8, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40)
executing program 3:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x30, r1, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0xc, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x30}}, 0x0)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [24, 19, 22]
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_netdev_private(r1, 0x89f8, &(0x7f0000000140)="4e6a106d0103a9f1ef1bd2d08e33610b226f5a0237ccfb2d91866182b2d688a219bbe96e170c9db53b8cc13c6384db08336648be95a44ac11e312d83ea0042064d1246575e3c53038fc7c3f1ed5ba5db77b86b")
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200880, 0x0)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x9, 0x3ff, 0xfffffffb, 0x8001, 0x1a, "08400000c38eaad6a4540ad9455fb5031af800"})
ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000100)=0x9)
ioctl$TCSETS(r5, 0x5402, &(0x7f0000000480)={0x408, 0x3, 0x0, 0xfffc, 0x1a, "4415264a100046001113fb235902af2556c6b6"})
ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
socket(0x2, 0x80805, 0x0)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r7, &(0x7f0000000200)={0xa, 0x4e23, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}, 0x1c)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xc, &(0x7f0000000240)=@assoc_value, &(0x7f0000000080)=0x8)
r8 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r8, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
connect$rose(r8, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)
executing program 1:
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002800), 0x2, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000006c0), 0x0)
io_setup(0x6, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00'}, 0x90)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$inet6_tcp_buf(r2, 0x6, 0x1a, 0x0, &(0x7f0000000080))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x48)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000700)={{0x0, 0x1}, {0x2, 0xf5}, 0x400, 0xe, 0x4})

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <2>
bisect: split chunk #0 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [24, 22]
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_netdev_private(r1, 0x89f8, &(0x7f0000000140)="4e6a106d0103a9f1ef1bd2d08e33610b226f5a0237ccfb2d91866182b2d688a219bbe96e170c9db53b8cc13c6384db08336648be95a44ac11e312d83ea0042064d1246575e3c53038fc7c3f1ed5ba5db77b86b")
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200880, 0x0)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x9, 0x3ff, 0xfffffffb, 0x8001, 0x1a, "08400000c38eaad6a4540ad9455fb5031af800"})
ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000100)=0x9)
ioctl$TCSETS(r5, 0x5402, &(0x7f0000000480)={0x408, 0x3, 0x0, 0xfffc, 0x1a, "4415264a100046001113fb235902af2556c6b6"})
ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
socket(0x2, 0x80805, 0x0)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r7, &(0x7f0000000200)={0xa, 0x4e23, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}, 0x1c)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xc, &(0x7f0000000240)=@assoc_value, &(0x7f0000000080)=0x8)
r8 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r8, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
connect$rose(r8, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40)
executing program 1:
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002800), 0x2, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000006c0), 0x0)
io_setup(0x6, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00'}, 0x90)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$inet6_tcp_buf(r2, 0x6, 0x1a, 0x0, &(0x7f0000000080))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x48)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000700)={{0x0, 0x1}, {0x2, 0xf5}, 0x400, 0xe, 0x4})

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [24, 19]
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_netdev_private(r1, 0x89f8, &(0x7f0000000140)="4e6a106d0103a9f1ef1bd2d08e33610b226f5a0237ccfb2d91866182b2d688a219bbe96e170c9db53b8cc13c6384db08336648be95a44ac11e312d83ea0042064d1246575e3c53038fc7c3f1ed5ba5db77b86b")
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200880, 0x0)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x9, 0x3ff, 0xfffffffb, 0x8001, 0x1a, "08400000c38eaad6a4540ad9455fb5031af800"})
ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000100)=0x9)
ioctl$TCSETS(r5, 0x5402, &(0x7f0000000480)={0x408, 0x3, 0x0, 0xfffc, 0x1a, "4415264a100046001113fb235902af2556c6b6"})
ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
socket(0x2, 0x80805, 0x0)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r7, &(0x7f0000000200)={0xa, 0x4e23, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}, 0x1c)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xc, &(0x7f0000000240)=@assoc_value, &(0x7f0000000080)=0x8)
r8 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r8, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
connect$rose(r8, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <1>
bisect: split chunk #0 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: 2 programs left: 

executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_netdev_private(r1, 0x89f8, &(0x7f0000000140)="4e6a106d0103a9f1ef1bd2d08e33610b226f5a0237ccfb2d91866182b2d688a219bbe96e170c9db53b8cc13c6384db08336648be95a44ac11e312d83ea0042064d1246575e3c53038fc7c3f1ed5ba5db77b86b")
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200880, 0x0)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x9, 0x3ff, 0xfffffffb, 0x8001, 0x1a, "08400000c38eaad6a4540ad9455fb5031af800"})
ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000100)=0x9)
ioctl$TCSETS(r5, 0x5402, &(0x7f0000000480)={0x408, 0x3, 0x0, 0xfffc, 0x1a, "4415264a100046001113fb235902af2556c6b6"})
ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
socket(0x2, 0x80805, 0x0)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r7, &(0x7f0000000200)={0xa, 0x4e23, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}, 0x1c)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xc, &(0x7f0000000240)=@assoc_value, &(0x7f0000000080)=0x8)
r8 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r8, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
connect$rose(r8, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)


bisect: trying to concatenate
bisect: concatenate 2 entries
minimizing program #0 before concatenation
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [23, 19]
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_netdev_private(r1, 0x89f8, &(0x7f0000000140)="4e6a106d0103a9f1ef1bd2d08e33610b226f5a0237ccfb2d91866182b2d688a219bbe96e170c9db53b8cc13c6384db08336648be95a44ac11e312d83ea0042064d1246575e3c53038fc7c3f1ed5ba5db77b86b")
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200880, 0x0)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x9, 0x3ff, 0xfffffffb, 0x8001, 0x1a, "08400000c38eaad6a4540ad9455fb5031af800"})
ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000100)=0x9)
ioctl$TCSETS(r5, 0x5402, &(0x7f0000000480)={0x408, 0x3, 0x0, 0xfffc, 0x1a, "4415264a100046001113fb235902af2556c6b6"})
ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
socket(0x2, 0x80805, 0x0)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r7, &(0x7f0000000200)={0xa, 0x4e23, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}, 0x1c)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xc, &(0x7f0000000240)=@assoc_value, &(0x7f0000000080)=0x8)
r8 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r8, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [22, 19]
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_netdev_private(r1, 0x89f8, &(0x7f0000000140)="4e6a106d0103a9f1ef1bd2d08e33610b226f5a0237ccfb2d91866182b2d688a219bbe96e170c9db53b8cc13c6384db08336648be95a44ac11e312d83ea0042064d1246575e3c53038fc7c3f1ed5ba5db77b86b")
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200880, 0x0)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x9, 0x3ff, 0xfffffffb, 0x8001, 0x1a, "08400000c38eaad6a4540ad9455fb5031af800"})
ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000100)=0x9)
ioctl$TCSETS(r5, 0x5402, &(0x7f0000000480)={0x408, 0x3, 0x0, 0xfffc, 0x1a, "4415264a100046001113fb235902af2556c6b6"})
ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
socket(0x2, 0x80805, 0x0)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r7, &(0x7f0000000200)={0xa, 0x4e23, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}, 0x1c)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xc, &(0x7f0000000240)=@assoc_value, &(0x7f0000000080)=0x8)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [22, 19]
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_netdev_private(r1, 0x89f8, &(0x7f0000000140)="4e6a106d0103a9f1ef1bd2d08e33610b226f5a0237ccfb2d91866182b2d688a219bbe96e170c9db53b8cc13c6384db08336648be95a44ac11e312d83ea0042064d1246575e3c53038fc7c3f1ed5ba5db77b86b")
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200880, 0x0)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x9, 0x3ff, 0xfffffffb, 0x8001, 0x1a, "08400000c38eaad6a4540ad9455fb5031af800"})
ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000100)=0x9)
ioctl$TCSETS(r5, 0x5402, &(0x7f0000000480)={0x408, 0x3, 0x0, 0xfffc, 0x1a, "4415264a100046001113fb235902af2556c6b6"})
ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
socket(0x2, 0x80805, 0x0)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r7, &(0x7f0000000200)={0xa, 0x4e23, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}, 0x1c)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xc, &(0x7f0000000240)=@assoc_value, &(0x7f0000000080)=0x8)
connect$rose(0xffffffffffffffff, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [22, 19]
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_netdev_private(r1, 0x89f8, &(0x7f0000000140)="4e6a106d0103a9f1ef1bd2d08e33610b226f5a0237ccfb2d91866182b2d688a219bbe96e170c9db53b8cc13c6384db08336648be95a44ac11e312d83ea0042064d1246575e3c53038fc7c3f1ed5ba5db77b86b")
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200880, 0x0)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x9, 0x3ff, 0xfffffffb, 0x8001, 0x1a, "08400000c38eaad6a4540ad9455fb5031af800"})
ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000100)=0x9)
ioctl$TCSETS(r5, 0x5402, &(0x7f0000000480)={0x408, 0x3, 0x0, 0xfffc, 0x1a, "4415264a100046001113fb235902af2556c6b6"})
ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
socket(0x2, 0x80805, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r6, &(0x7f0000000200)={0xa, 0x4e23, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}, 0x1c)
r7 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r7, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [21, 19]
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_netdev_private(r1, 0x89f8, &(0x7f0000000140)="4e6a106d0103a9f1ef1bd2d08e33610b226f5a0237ccfb2d91866182b2d688a219bbe96e170c9db53b8cc13c6384db08336648be95a44ac11e312d83ea0042064d1246575e3c53038fc7c3f1ed5ba5db77b86b")
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200880, 0x0)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x9, 0x3ff, 0xfffffffb, 0x8001, 0x1a, "08400000c38eaad6a4540ad9455fb5031af800"})
ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000100)=0x9)
ioctl$TCSETS(r5, 0x5402, &(0x7f0000000480)={0x408, 0x3, 0x0, 0xfffc, 0x1a, "4415264a100046001113fb235902af2556c6b6"})
ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
socket(0x2, 0x80805, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r6, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [20, 19]
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_netdev_private(r1, 0x89f8, &(0x7f0000000140)="4e6a106d0103a9f1ef1bd2d08e33610b226f5a0237ccfb2d91866182b2d688a219bbe96e170c9db53b8cc13c6384db08336648be95a44ac11e312d83ea0042064d1246575e3c53038fc7c3f1ed5ba5db77b86b")
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200880, 0x0)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x9, 0x3ff, 0xfffffffb, 0x8001, 0x1a, "08400000c38eaad6a4540ad9455fb5031af800"})
ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000100)=0x9)
ioctl$TCSETS(r5, 0x5402, &(0x7f0000000480)={0x408, 0x3, 0x0, 0xfffc, 0x1a, "4415264a100046001113fb235902af2556c6b6"})
ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
socket(0x2, 0x80805, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r6, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [19, 19]
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_netdev_private(r1, 0x89f8, &(0x7f0000000140)="4e6a106d0103a9f1ef1bd2d08e33610b226f5a0237ccfb2d91866182b2d688a219bbe96e170c9db53b8cc13c6384db08336648be95a44ac11e312d83ea0042064d1246575e3c53038fc7c3f1ed5ba5db77b86b")
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200880, 0x0)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x9, 0x3ff, 0xfffffffb, 0x8001, 0x1a, "08400000c38eaad6a4540ad9455fb5031af800"})
ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000100)=0x9)
ioctl$TCSETS(r5, 0x5402, &(0x7f0000000480)={0x408, 0x3, 0x0, 0xfffc, 0x1a, "4415264a100046001113fb235902af2556c6b6"})
ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
socket(0x2, 0x80805, 0x0)
r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r6, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [18, 19]
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_netdev_private(r1, 0x89f8, &(0x7f0000000140)="4e6a106d0103a9f1ef1bd2d08e33610b226f5a0237ccfb2d91866182b2d688a219bbe96e170c9db53b8cc13c6384db08336648be95a44ac11e312d83ea0042064d1246575e3c53038fc7c3f1ed5ba5db77b86b")
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200880, 0x0)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x9, 0x3ff, 0xfffffffb, 0x8001, 0x1a, "08400000c38eaad6a4540ad9455fb5031af800"})
ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000100)=0x9)
ioctl$TCSETS(r5, 0x5402, &(0x7f0000000480)={0x408, 0x3, 0x0, 0xfffc, 0x1a, "4415264a100046001113fb235902af2556c6b6"})
ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r6, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [17, 19]
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_netdev_private(r1, 0x89f8, &(0x7f0000000140)="4e6a106d0103a9f1ef1bd2d08e33610b226f5a0237ccfb2d91866182b2d688a219bbe96e170c9db53b8cc13c6384db08336648be95a44ac11e312d83ea0042064d1246575e3c53038fc7c3f1ed5ba5db77b86b")
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200880, 0x0)
ioctl$TCSETSF(r4, 0x5404, &(0x7f0000000000)={0x9, 0x3ff, 0xfffffffb, 0x8001, 0x1a, "08400000c38eaad6a4540ad9455fb5031af800"})
ioctl$TIOCPKT(r4, 0x5420, &(0x7f0000000100)=0x9)
ioctl$TCSETS(r4, 0x5402, &(0x7f0000000480)={0x408, 0x3, 0x0, 0xfffc, 0x1a, "4415264a100046001113fb235902af2556c6b6"})
r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r5, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [17, 19]
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_netdev_private(r1, 0x89f8, &(0x7f0000000140)="4e6a106d0103a9f1ef1bd2d08e33610b226f5a0237ccfb2d91866182b2d688a219bbe96e170c9db53b8cc13c6384db08336648be95a44ac11e312d83ea0042064d1246575e3c53038fc7c3f1ed5ba5db77b86b")
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200880, 0x0)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x9, 0x3ff, 0xfffffffb, 0x8001, 0x1a, "08400000c38eaad6a4540ad9455fb5031af800"})
ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000100)=0x9)
ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r6, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [16, 19]
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_netdev_private(r1, 0x89f8, &(0x7f0000000140)="4e6a106d0103a9f1ef1bd2d08e33610b226f5a0237ccfb2d91866182b2d688a219bbe96e170c9db53b8cc13c6384db08336648be95a44ac11e312d83ea0042064d1246575e3c53038fc7c3f1ed5ba5db77b86b")
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200880, 0x0)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x9, 0x3ff, 0xfffffffb, 0x8001, 0x1a, "08400000c38eaad6a4540ad9455fb5031af800"})
ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r6, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [15, 19]
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_netdev_private(r1, 0x89f8, &(0x7f0000000140)="4e6a106d0103a9f1ef1bd2d08e33610b226f5a0237ccfb2d91866182b2d688a219bbe96e170c9db53b8cc13c6384db08336648be95a44ac11e312d83ea0042064d1246575e3c53038fc7c3f1ed5ba5db77b86b")
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200880, 0x0)
ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r5, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [14, 19]
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_netdev_private(r1, 0x89f8, &(0x7f0000000140)="4e6a106d0103a9f1ef1bd2d08e33610b226f5a0237ccfb2d91866182b2d688a219bbe96e170c9db53b8cc13c6384db08336648be95a44ac11e312d83ea0042064d1246575e3c53038fc7c3f1ed5ba5db77b86b")
ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r5, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [13, 19]
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r3, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r4, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [12, 19]
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
ioctl$sock_rose_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [12, 19]
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [12, 19]
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r3, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r4, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [12, 19]
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
fanotify_init(0x10, 0x400)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(0xffffffffffffffff, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [12, 19]
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r3, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r4, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [11, 19]
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [11, 19]
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00')
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [11, 19]
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r3, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r4, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [10, 19]
detailed listing:
executing program 0:
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 19]
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
minimized 24 calls -> 9 calls
minimizing program #1 before concatenation
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 18]
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3)

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 18]
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 17]
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
socket$netlink(0x10, 0x3, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 16]
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x6007)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 15]
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 14]
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 13]
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 12]
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 11]
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 10]
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 9]
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 8]
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000"], 0x4c}}, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 7]
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 6]
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 5]
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
r1 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x10c, 0x0, &(0x7f0000000800)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x1, 0x34}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/242, 0xf2, 0x2, 0x10}}, &(0x7f0000000080)={0x0, 0x20, 0x38}}}, @dead_binder_done, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@flat=@handle={0x73682a85, 0x1, 0x1}, @flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/164, 0xa4, 0x2, 0x8}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @exit_looper, @free_buffer={0x40086303, r1}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000640)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x100b}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000006c0)={0x0, 0x18, 0x30}}}, @release], 0x51, 0x0, &(0x7f0000000700)="bc921d77ae629c44cc1d07f41e828e25ffe260b72a3110d214ab3b709b7e76cab0dd18e52059ca775fa538005497ce83c124dad65f22e89d74c4655d02f6cf32ceeb25e830b6f2c4a8e7027494cec8ef24"})
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 4]
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 3]
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100})
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 3]
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 2]
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
executing program 0:
mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
minimized 19 calls -> 2 calls
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$rose-ioctl$sock_rose_SIOCADDRT-syz_init_net_socket$rose-connect$rose-mmap$binder-setsockopt$inet_sctp6_SCTP_AUTH_CHUNK
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f00000000c0), 0x1)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
bisect: concatenation succeeded
found reproducer with 11 syscalls
minimizing guilty program
testing program (duration=1m28.246993542s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$rose-ioctl$sock_rose_SIOCADDRT-syz_init_net_socket$rose-connect$rose-mmap$binder
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x8)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=1m28.246993542s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$rose-ioctl$sock_rose_SIOCADDRT-syz_init_net_socket$rose-connect$rose
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
testing program (duration=1m28.246993542s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$rose-ioctl$sock_rose_SIOCADDRT-syz_init_net_socket$rose
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
syz_init_net_socket$rose(0xb, 0x5, 0x0)

program did not crash
testing program (duration=1m28.246993542s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$rose-ioctl$sock_rose_SIOCADDRT-connect$rose
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
connect$rose(0xffffffffffffffff, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)

program did not crash
testing program (duration=1m28.246993542s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$rose-syz_init_net_socket$rose-connect$rose
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r2, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)

program did not crash
testing program (duration=1m28.246993542s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-ioctl$sock_rose_SIOCADDRT-syz_init_net_socket$rose-connect$rose
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
ioctl$sock_rose_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r2, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)

program did not crash
testing program (duration=1m28.246993542s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-syz_init_net_socket$rose-ioctl$sock_rose_SIOCADDRT-syz_init_net_socket$rose-connect$rose
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r1, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r2, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)

program did not crash
testing program (duration=1m28.246993542s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-ioctl$sock_netdev_private-syz_init_net_socket$rose-ioctl$sock_rose_SIOCADDRT-syz_init_net_socket$rose-connect$rose
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)

program did not crash
testing program (duration=1m28.246993542s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$rose-ioctl$sock_rose_SIOCADDRT-syz_init_net_socket$rose-connect$rose
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(0xffffffffffffffff, 0x8914, &(0x7f0000000000))
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r1, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r2, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)

program did not crash
testing program (duration=1m28.246993542s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$rose-ioctl$sock_rose_SIOCADDRT-syz_init_net_socket$rose-connect$rose
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000))
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r1, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r2, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)

program did not crash
testing program (duration=1m28.246993542s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$rose-ioctl$sock_rose_SIOCADDRT-syz_init_net_socket$rose-connect$rose
detailed listing:
executing program 0:
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000))
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r1, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r2, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)

program did not crash
testing program (duration=1m28.246993542s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$rose-ioctl$sock_rose_SIOCADDRT-syz_init_net_socket$rose-connect$rose
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000))
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r1, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r2, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)

program did not crash
testing program (duration=1m28.246993542s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$rose-ioctl$sock_rose_SIOCADDRT-syz_init_net_socket$rose-connect$rose
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)

program did not crash
testing program (duration=1m28.246993542s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$rose-ioctl$sock_rose_SIOCADDRT-syz_init_net_socket$rose-connect$rose
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, 0x0, 0x0)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)

program did not crash
testing program (duration=1m28.246993542s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$rose-ioctl$sock_rose_SIOCADDRT-syz_init_net_socket$rose-connect$rose
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)

program did not crash
testing program (duration=1m28.246993542s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$rose-ioctl$sock_rose_SIOCADDRT-syz_init_net_socket$rose-connect$rose
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, 0x0)
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)

program did not crash
testing program (duration=1m28.246993542s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$rose-ioctl$sock_rose_SIOCADDRT-syz_init_net_socket$rose-connect$rose
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=1m28.246993542s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$rose-ioctl$sock_rose_SIOCADDRT-syz_init_net_socket$rose-connect$rose
program did not crash
simplifying guilty program options
testing program (duration=1m28.246993542s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$rose-ioctl$sock_rose_SIOCADDRT-syz_init_net_socket$rose-connect$rose
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)

program did not crash
testing program (duration=1m28.246993542s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$rose-ioctl$sock_rose_SIOCADDRT-syz_init_net_socket$rose-connect$rose
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)

program did not crash
testing program (duration=1m28.246993542s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$rose-ioctl$sock_rose_SIOCADDRT-syz_init_net_socket$rose-connect$rose
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
validation run: crashed=true
testing program (duration=1m28.246993542s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$rose-ioctl$sock_rose_SIOCADDRT-syz_init_net_socket$rose-connect$rose
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
validation run: crashed=true
testing program (duration=1m28.246993542s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-ioctl$sock_netdev_private-syz_init_net_socket$rose-ioctl$sock_rose_SIOCADDRT-syz_init_net_socket$rose-connect$rose
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)

program crashed: KASAN: slab-use-after-free Read in rose_get_neigh
validation run: crashed=true
reproducing took 2h52m52.786324953s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in rose_get_neigh+0x391/0x990 net/rose/rose_route.c:692
Read of size 1 at addr ffff8880772b4030 by task syz.3.1236/8476

CPU: 0 PID: 8476 Comm: syz.3.1236 Not tainted 6.6.96-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x16c/0x230 lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:364 [inline]
 print_report+0xac/0x230 mm/kasan/report.c:475
 kasan_report+0x117/0x150 mm/kasan/report.c:588
 rose_get_neigh+0x391/0x990 net/rose/rose_route.c:692
 rose_connect+0x417/0x10a0 net/rose/af_rose.c:816
 __sys_connect_file net/socket.c:2057 [inline]
 __sys_connect+0x397/0x420 net/socket.c:2074
 __do_sys_connect net/socket.c:2084 [inline]
 __se_sys_connect net/socket.c:2081 [inline]
 __x64_sys_connect+0x7a/0x90 net/socket.c:2081
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fed83d8e929
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fed84c7c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
RAX: ffffffffffffffda RBX: 00007fed83fb5fa0 RCX: 00007fed83d8e929
RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000008
RBP: 00007fed83e10b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fed83fb5fa0 R15: 00007fff38b939a8
 </TASK>

Allocated by task 5957:
 kasan_save_stack mm/kasan/common.c:45 [inline]
 kasan_set_track+0x4e/0x70 mm/kasan/common.c:52
 ____kasan_kmalloc mm/kasan/common.c:374 [inline]
 __kasan_kmalloc+0x8f/0xa0 mm/kasan/common.c:383
 kmalloc include/linux/slab.h:600 [inline]
 rose_add_node+0x23a/0xdd0 net/rose/rose_route.c:85
 rose_rt_ioctl+0xa42/0xfb0 net/rose/rose_route.c:747
 rose_ioctl+0x3cf/0x8b0 net/rose/af_rose.c:1380
 sock_do_ioctl+0xd7/0x2f0 net/socket.c:1222
 sock_ioctl+0x623/0x7a0 net/socket.c:1341
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:871 [inline]
 __se_sys_ioctl+0xfd/0x170 fs/ioctl.c:857
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2

Freed by task 8476:
 kasan_save_stack mm/kasan/common.c:45 [inline]
 kasan_set_track+0x4e/0x70 mm/kasan/common.c:52
 kasan_save_free_info+0x2e/0x50 mm/kasan/generic.c:522
 ____kasan_slab_free+0x126/0x1e0 mm/kasan/common.c:236
 kasan_slab_free include/linux/kasan.h:164 [inline]
 slab_free_hook mm/slub.c:1806 [inline]
 slab_free_freelist_hook+0x130/0x1b0 mm/slub.c:1832
 slab_free mm/slub.c:3816 [inline]
 __kmem_cache_free+0xba/0x1f0 mm/slub.c:3829
 rose_rt_device_down+0x66d/0x6c0 net/rose/rose_route.c:522
 rose_device_event+0x604/0x690 net/rose/af_rose.c:248
 notifier_call_chain+0x197/0x390 kernel/notifier.c:93
 call_netdevice_notifiers_extack net/core/dev.c:2064 [inline]
 call_netdevice_notifiers net/core/dev.c:2078 [inline]
 __dev_notify_flags+0x18e/0x2e0 net/core/dev.c:-1
 dev_change_flags+0xe8/0x1a0 net/core/dev.c:8750
 dev_ifsioc+0x6a7/0xe20 net/core/dev_ioctl.c:529
 dev_ioctl+0x7e2/0x1170 net/core/dev_ioctl.c:786
 sock_do_ioctl+0x226/0x2f0 net/socket.c:1236
 sock_ioctl+0x623/0x7a0 net/socket.c:1341
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:871 [inline]
 __se_sys_ioctl+0xfd/0x170 fs/ioctl.c:857
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2

The buggy address belongs to the object at ffff8880772b4000
 which belongs to the cache kmalloc-512 of size 512
The buggy address is located 48 bytes inside of
 freed 512-byte region [ffff8880772b4000, ffff8880772b4200)

The buggy address belongs to the physical page:
page:ffffea0001dcad00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880772b5800 pfn:0x772b4
head:ffffea0001dcad00 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
page_type: 0xffffffff()
raw: 00fff00000000840 ffff888017841c80 ffffea000083b910 ffffea00007dc810
raw: ffff8880772b5800 0000000000100007 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 2, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 5957, tgid 5956 (syz.0.16), ts 100632189880, free_ts 96098510259
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook+0x1cd/0x210 mm/page_alloc.c:1554
 prep_new_page mm/page_alloc.c:1561 [inline]
 get_page_from_freelist+0x195c/0x19f0 mm/page_alloc.c:3191
 __alloc_pages+0x1e3/0x460 mm/page_alloc.c:4457
 alloc_slab_page+0x5d/0x170 mm/slub.c:1876
 allocate_slab mm/slub.c:2023 [inline]
 new_slab+0x87/0x2e0 mm/slub.c:2076
 ___slab_alloc+0xc6d/0x12f0 mm/slub.c:3230
 __slab_alloc mm/slub.c:3329 [inline]
 __slab_alloc_node mm/slub.c:3382 [inline]
 slab_alloc_node mm/slub.c:3475 [inline]
 __kmem_cache_alloc_node+0x1a2/0x260 mm/slub.c:3524
 kmalloc_trace+0x2a/0xe0 mm/slab_common.c:1098
 kmalloc include/linux/slab.h:600 [inline]
 rose_add_node+0x23a/0xdd0 net/rose/rose_route.c:85
 rose_rt_ioctl+0xa42/0xfb0 net/rose/rose_route.c:747
 rose_ioctl+0x3cf/0x8b0 net/rose/af_rose.c:1380
 sock_do_ioctl+0xd7/0x2f0 net/socket.c:1222
 sock_ioctl+0x623/0x7a0 net/socket.c:1341
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:871 [inline]
 __se_sys_ioctl+0xfd/0x170 fs/ioctl.c:857
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1154 [inline]
 free_unref_page_prepare+0x7ce/0x8e0 mm/page_alloc.c:2336
 free_unref_page+0x32/0x2e0 mm/page_alloc.c:2429
 vfree+0x1a6/0x320 mm/vmalloc.c:2860
 kcov_put kernel/kcov.c:438 [inline]
 kcov_close+0x2b/0x50 kernel/kcov.c:534
 __fput+0x234/0x970 fs/file_table.c:384
 task_work_run+0x1ce/0x250 kernel/task_work.c:239
 exit_task_work include/linux/task_work.h:43 [inline]
 do_exit+0x90b/0x23c0 kernel/exit.c:883
 do_group_exit+0x21b/0x2d0 kernel/exit.c:1024
 get_signal+0x12fc/0x1400 kernel/signal.c:2902
 arch_do_signal_or_restart+0x96/0x780 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop+0x70/0x110 kernel/entry/common.c:174
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:210
 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
 syscall_exit_to_user_mode+0x1a/0x50 kernel/entry/common.c:302
 do_syscall_64+0x61/0xb0 arch/x86/entry/common.c:87
 entry_SYSCALL_64_after_hwframe+0x68/0xd2

Memory state around the buggy address:
 ffff8880772b3f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8880772b3f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8880772b4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                     ^
 ffff8880772b4080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff8880772b4100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in rose_get_neigh+0x391/0x990 net/rose/rose_route.c:692
Read of size 1 at addr ffff8880772b4030 by task syz.3.1236/8476

CPU: 0 PID: 8476 Comm: syz.3.1236 Not tainted 6.6.96-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x16c/0x230 lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:364 [inline]
 print_report+0xac/0x230 mm/kasan/report.c:475
 kasan_report+0x117/0x150 mm/kasan/report.c:588
 rose_get_neigh+0x391/0x990 net/rose/rose_route.c:692
 rose_connect+0x417/0x10a0 net/rose/af_rose.c:816
 __sys_connect_file net/socket.c:2057 [inline]
 __sys_connect+0x397/0x420 net/socket.c:2074
 __do_sys_connect net/socket.c:2084 [inline]
 __se_sys_connect net/socket.c:2081 [inline]
 __x64_sys_connect+0x7a/0x90 net/socket.c:2081
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fed83d8e929
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fed84c7c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
RAX: ffffffffffffffda RBX: 00007fed83fb5fa0 RCX: 00007fed83d8e929
RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000008
RBP: 00007fed83e10b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fed83fb5fa0 R15: 00007fff38b939a8
 </TASK>

Allocated by task 5957:
 kasan_save_stack mm/kasan/common.c:45 [inline]
 kasan_set_track+0x4e/0x70 mm/kasan/common.c:52
 ____kasan_kmalloc mm/kasan/common.c:374 [inline]
 __kasan_kmalloc+0x8f/0xa0 mm/kasan/common.c:383
 kmalloc include/linux/slab.h:600 [inline]
 rose_add_node+0x23a/0xdd0 net/rose/rose_route.c:85
 rose_rt_ioctl+0xa42/0xfb0 net/rose/rose_route.c:747
 rose_ioctl+0x3cf/0x8b0 net/rose/af_rose.c:1380
 sock_do_ioctl+0xd7/0x2f0 net/socket.c:1222
 sock_ioctl+0x623/0x7a0 net/socket.c:1341
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:871 [inline]
 __se_sys_ioctl+0xfd/0x170 fs/ioctl.c:857
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2

Freed by task 8476:
 kasan_save_stack mm/kasan/common.c:45 [inline]
 kasan_set_track+0x4e/0x70 mm/kasan/common.c:52
 kasan_save_free_info+0x2e/0x50 mm/kasan/generic.c:522
 ____kasan_slab_free+0x126/0x1e0 mm/kasan/common.c:236
 kasan_slab_free include/linux/kasan.h:164 [inline]
 slab_free_hook mm/slub.c:1806 [inline]
 slab_free_freelist_hook+0x130/0x1b0 mm/slub.c:1832
 slab_free mm/slub.c:3816 [inline]
 __kmem_cache_free+0xba/0x1f0 mm/slub.c:3829
 rose_rt_device_down+0x66d/0x6c0 net/rose/rose_route.c:522
 rose_device_event+0x604/0x690 net/rose/af_rose.c:248
 notifier_call_chain+0x197/0x390 kernel/notifier.c:93
 call_netdevice_notifiers_extack net/core/dev.c:2064 [inline]
 call_netdevice_notifiers net/core/dev.c:2078 [inline]
 __dev_notify_flags+0x18e/0x2e0 net/core/dev.c:-1
 dev_change_flags+0xe8/0x1a0 net/core/dev.c:8750
 dev_ifsioc+0x6a7/0xe20 net/core/dev_ioctl.c:529
 dev_ioctl+0x7e2/0x1170 net/core/dev_ioctl.c:786
 sock_do_ioctl+0x226/0x2f0 net/socket.c:1236
 sock_ioctl+0x623/0x7a0 net/socket.c:1341
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:871 [inline]
 __se_sys_ioctl+0xfd/0x170 fs/ioctl.c:857
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2

The buggy address belongs to the object at ffff8880772b4000
 which belongs to the cache kmalloc-512 of size 512
The buggy address is located 48 bytes inside of
 freed 512-byte region [ffff8880772b4000, ffff8880772b4200)

The buggy address belongs to the physical page:
page:ffffea0001dcad00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880772b5800 pfn:0x772b4
head:ffffea0001dcad00 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
page_type: 0xffffffff()
raw: 00fff00000000840 ffff888017841c80 ffffea000083b910 ffffea00007dc810
raw: ffff8880772b5800 0000000000100007 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 2, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 5957, tgid 5956 (syz.0.16), ts 100632189880, free_ts 96098510259
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook+0x1cd/0x210 mm/page_alloc.c:1554
 prep_new_page mm/page_alloc.c:1561 [inline]
 get_page_from_freelist+0x195c/0x19f0 mm/page_alloc.c:3191
 __alloc_pages+0x1e3/0x460 mm/page_alloc.c:4457
 alloc_slab_page+0x5d/0x170 mm/slub.c:1876
 allocate_slab mm/slub.c:2023 [inline]
 new_slab+0x87/0x2e0 mm/slub.c:2076
 ___slab_alloc+0xc6d/0x12f0 mm/slub.c:3230
 __slab_alloc mm/slub.c:3329 [inline]
 __slab_alloc_node mm/slub.c:3382 [inline]
 slab_alloc_node mm/slub.c:3475 [inline]
 __kmem_cache_alloc_node+0x1a2/0x260 mm/slub.c:3524
 kmalloc_trace+0x2a/0xe0 mm/slab_common.c:1098
 kmalloc include/linux/slab.h:600 [inline]
 rose_add_node+0x23a/0xdd0 net/rose/rose_route.c:85
 rose_rt_ioctl+0xa42/0xfb0 net/rose/rose_route.c:747
 rose_ioctl+0x3cf/0x8b0 net/rose/af_rose.c:1380
 sock_do_ioctl+0xd7/0x2f0 net/socket.c:1222
 sock_ioctl+0x623/0x7a0 net/socket.c:1341
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:871 [inline]
 __se_sys_ioctl+0xfd/0x170 fs/ioctl.c:857
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1154 [inline]
 free_unref_page_prepare+0x7ce/0x8e0 mm/page_alloc.c:2336
 free_unref_page+0x32/0x2e0 mm/page_alloc.c:2429
 vfree+0x1a6/0x320 mm/vmalloc.c:2860
 kcov_put kernel/kcov.c:438 [inline]
 kcov_close+0x2b/0x50 kernel/kcov.c:534
 __fput+0x234/0x970 fs/file_table.c:384
 task_work_run+0x1ce/0x250 kernel/task_work.c:239
 exit_task_work include/linux/task_work.h:43 [inline]
 do_exit+0x90b/0x23c0 kernel/exit.c:883
 do_group_exit+0x21b/0x2d0 kernel/exit.c:1024
 get_signal+0x12fc/0x1400 kernel/signal.c:2902
 arch_do_signal_or_restart+0x96/0x780 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop+0x70/0x110 kernel/entry/common.c:174
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:210
 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
 syscall_exit_to_user_mode+0x1a/0x50 kernel/entry/common.c:302
 do_syscall_64+0x61/0xb0 arch/x86/entry/common.c:87
 entry_SYSCALL_64_after_hwframe+0x68/0xd2

Memory state around the buggy address:
 ffff8880772b3f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8880772b3f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8880772b4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                     ^
 ffff8880772b4080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff8880772b4100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================