Extracting prog: 14m9.987111478s
Minimizing prog: 1h30m16.656429429s
Simplifying prog options: 19m5.39529407s
Extracting C: 5m59.275394653s
Simplifying C: 0s


extracting reproducer from 24 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket-setsockopt$auto-syz_genetlink_get_family_id$auto_nlbl_cipsov4-mmap$auto-sysfs$auto-fsopen$auto-fsconfig$auto_SHMEM_HUGE_NEVER-ioctl$auto-openat$auto_def_blk_fops_fs-mmap$auto-socketpair$auto-mmap$auto-close_range$auto-socket-bpf$auto-io_uring_setup$auto-bpf$auto-openat$auto_tracing_iter_fops_trace-write$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto-waitid$auto_P_PGID-prctl$auto_PR_SET_CHILD_SUBREAPER
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(0x4, 0x88, 0x1, &(0x7f0000000000)='!/*:(*\'\x00', 0xe)
syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f00000000c0), r0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
sysfs$auto(0x2, 0x100001000000032, 0x0)
r1 = fsopen$auto(0x0, 0x1)
fsconfig$auto_SHMEM_HUGE_NEVER(r1, 0x3, &(0x7f0000001640)='+\x00', &(0x7f0000001680)="df", 0x0)
ioctl$auto(0xc8, 0x401054d6, 0x5c8d)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram5\x00', 0x2000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
socketpair$auto(0x5, 0x2, 0x7, 0x0)
mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x300000000000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r2 = socket(0x2, 0x2, 0x1)
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1f, r2, 0x10000}, 0x10)
io_uring_setup$auto(0x1, 0x0)
bpf$auto(0x4, 0x0, 0x13)
r3 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/trace_options\x00', 0x80201, 0x0)
write$auto(r3, 0x0, 0x0)
r4 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r4, 0x0, 0xe)
waitid$auto_P_PGID(0x2, 0xffffffffffffffff, &(0x7f0000000000)={@siginfo_0_0={0x2, 0x9, 0x1, @_rt={<r5=>0x0, 0xee01, @sival_int=0x10000}}}, 0x3, &(0x7f0000000080)={{0x1, 0x8000000000000001}, {0x830, 0xf}, 0x5, 0x0, 0xfffffffffffffffd, 0x1000, 0x5, 0xc3, 0x1000, 0x9, 0x9, 0x48a3, 0x7, 0x2, 0xd, 0x3})
prctl$auto_PR_SET_CHILD_SUBREAPER(0x24, 0x9, r5, 0x7, 0x100000000)

program did not crash
single: failed to extract reproducer
bisect: bisecting 24 programs with base timeout 30s
testing program (duration=36s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [30, 22, 2, 3, 21, 29, 17, 23, 22, 27, 30, 22, 30, 29, 22, 22, 29, 6, 21, 22, 30, 27, 15, 24]
detailed listing:
executing program 2:
mmap$auto(0x0, 0x8000000002020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto(0xffffffffffffffff, 0x0, 0x0)
madvise$auto(0x0, 0x200007, 0x19)
remap_file_pages$auto(0x3, 0x1000, 0x0, 0x3, 0x4)
futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0)
openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000003c00), 0x1a9901, 0x0)
r0 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_OVS_FLOW_CMD_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010029bd700002dcdf250300000004000800180001801400108008000800e000000108000f00", @ANYRES32=0x0, @ANYBLOB="8c77e93f3ff828ae376c6c4f8ddfa7a7292f7acde7520ae4cc947bc96b2a6f9ee820037b5934c160dc052ff0b1a98f0ccf73f5d380fc21c62a51cd770fa3dd819d0340d91653ce60ba124e19cd919482fb1944712a7c6a35065e5ad481a052ad079df1b9c25cfd52c9047c83a7d4d81234af85a02f8d729f5579d026f1c37a3c08fda10ddbbea24fc884851ae02eb04bd71040ecfdadd47fbe901a688e48587d59553fc5a6b2ae30d03185bef769bee8abeec9cae067b1183eb0c5286123294b9e81b8ec2a4eec2a6eb95a7fe0118c26c06b1749e05d2a6510da2b17d79be801828350a9575f7ad679f358b7a40a85487ddb491fa4e5c33a3df549711774061c601a0059250b8ca7fa69bbd443e9a31a97a8adc1b44c59cb9a8787c487d9618a38043ce01b9b02e5d1360aa39ab575221c576a9918c925693fd47fffb85ad5d293e676781f95425a186ae3cf63baee390bba1d086e9e3f362b83"], 0x30}, 0x1, 0x0, 0x0, 0x200400f0}, 0x800)
close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0xa)
mmap$auto(0x9, 0x8000000000000000, 0x0, 0x15, 0xffffffffffffffff, 0x4)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mprotect$auto(0x1000, 0x400000, 0x4)
madvise$auto(0x0, 0x2003f0, 0x15)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x10000000000002d, 0x0)
fsopen$auto(0x0, 0x1)
close_range$auto(0x2, 0x8000, 0x0)
mlock$auto(0x5, 0xffff)
r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x20b42, 0x0)
ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000180))
write$auto(r2, &(0x7f0000000040)='7\x00\\\x80\x04|\x03\xcb\x12\xfa\b\x1c\xc7k\x00\x0e\v9\xb5j\x00\x04\xc8\x1fa\x1c\x1a\x05 \xfdr/D\xbf\x98\x06\xe5\xf6\x8d\x1fX\xe5\xbc\xbc\"}$', 0x7fffffff)
socket(0x1d, 0x2, 0x7)
r3 = socket(0x0, 0x80b, 0x7)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'vcan0\x00'})
bind$auto(0x3, &(0x7f0000000040)=@l2={0x1f, 0xfff, @none, 0x3, 0x2}, 0x6a)
connect$auto(0x3, &(0x7f00000018c0)=@can, 0x18)
write$auto(0x3, 0x0, 0xfdef)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
ioctl$auto_XFS_IOC_ALLOCSP64(0xffffffffffffffff, 0x40305824, &(0x7f0000000100)={0x2, 0x50, 0xf2, 0x6, 0xfffffff7, 0xffffffffffffffff})
executing program 2:
r0 = socket(0x2, 0x801, 0x106)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/seq/clients\x00', 0xc0100, 0x0)
read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000e80)=""/199, 0xc7)
close_range$auto(0x2, 0x8, 0x0)
r3 = memfd_create$auto(0x0, 0xe)
r4 = socket(0x2, 0x1, 0x106)
bind$auto(0x3, &(0x7f0000000040)=@vsock={0x28, 0x0, 0x0, @local}, 0x6a)
ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, &(0x7f0000000180)={0x30000000, 0xfffffffc, 0x5, 0xbe, 0x80000001, "d91496ff265f8db6912e71d0173f6174674e98735ff51514f9e40f03c9f438cabce37cadb59ddc2435b6e787ca4f216092d53d0b60197e9be45fa05e"})
sendmmsg$auto(r4, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x7}, 0x6}, 0x5, 0x20000000)
mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000)
write$auto(0x3, 0x0, 0xfffffdef)
close_range$auto(0x2, r1, 0x0)
setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9)
connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55)
openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
write$auto(0x3, 0x0, 0x7df3)
setsockopt$auto(r0, 0x6, 0x3, 0x0, 0xa1)
executing program 2:
r0 = openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/kvm/pf_mmio_spte_created\x00', 0x2002, 0x0)
read$auto_stat_fops_per_vm_kvm_main(r0, 0x0, 0x0)
executing program 2:
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x8000, 0x0)
r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0)
ioctl$auto(r1, 0xc0045520, r0)
executing program 2:
mmap$auto(0x0, 0x2020009, 0x3, 0x200000000000eb1, 0xfffffffffffffffb, 0x8000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd11/integrity/tag_size\x00', 0x0, 0x0)
read$auto(r0, &(0x7f00000000c0)='/sys/devices/platform/vhci_hcd.7/usb23/23-0:1.0/ep_81/interval\x00', 0x3)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ram12\x00', 0x129380, 0x0)
ioctl$auto(r1, 0x301, r1)
close_range$auto(0x2, 0x8, 0x0)
getcwd$auto(0x0, 0x4fec)
socket(0xa, 0x5, 0x0)
socket(0xa, 0x801, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
shmctl$auto_IPC_RMID(0x400, 0x0, &(0x7f00000001c0)={{0x0, <r2=>0xee01, 0x0, 0xc, 0x5, 0x3c43caa8, 0x1}, 0x7, 0x2, 0x6, 0x2, @inferred=0xffffffffffffffff, @inferred=0xffffffffffffffff, 0x5, 0x0, &(0x7f0000000140)="a704ff78fd37ad6a58ae2a9b0ff8f806b2c0c09a5739d0e0265b57791043", &(0x7f0000000180)="78c5114a406028b67ad6dd1383904d44"})
r3 = setfsgid$auto(0xee01)
ioctl$auto_BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000240)={"61cc9ac49883d09ce22bfb3d3d77875ecfd63bd68228aac4c2b3a4478c4efe17", 0x9, 0x5, 0xd, 0x7, 0x40f5, <r4=>0x0})
shmctl$auto(0x4, 0x6, &(0x7f0000000400)={{0xb, r2, r3, 0x2, 0x2, 0xdd9}, 0x8, 0x5, 0x81, 0x9, @raw=0x9, @inferred=r4, 0x5, 0x0, &(0x7f00000002c0)="6fb1347bee4548e9fce67ed384bbc7c10bf432dd1020a1649aeb1a305b940ae9cc318b39d93b9028e52d1918e0c5b988213710da8c26", &(0x7f0000000300)="4784344ad908e076fea01c845f74e1836cf7c547e1204725573a3243913fb002f51f2092d0c709a236143f1b447ea47cb1b3e00ef867102fef5787dd9e0ab5f098baaf563fdc228316bf0aed023bb9833ba52092ad42e31696ae9b70af03a44076eeca98d82befcb933bb2e8b768a8f31db4be92557eb100890ef7e0e6ad808c07a011628a26f784cbff28154b1d94e16b66d8d9c5d0e40f72893ea5a0d7237f8401322cf6172fb60f312faa31344f41e9e803edfff91ab1174f2f3f68773aa30e0f0c7a046d69b864ea3486"})
move_pages$auto(0xffffffffffffffff, 0x1002000000000003, 0x0, 0x0, 0x0, 0x8000400000000000)
close_range$auto(0x2, 0x8000, 0x0)
r5 = openat$auto_safesetid_uid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000040), 0x161100, 0x0)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000480)='/dev/usbmon33\x00', 0x4000, 0x0)
keyctl$auto(0x4, 0xfffffffe, 0xfffffffffffffffe, 0x0, 0xe)
read$auto_safesetid_uid_file_fops_securityfs(r5, 0x0, 0x0)
executing program 1:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x1, 0x100)
r1 = socket(0x2, 0x1, 0x0)
r2 = socket(0x21, 0x4, 0x9310)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a)
listen$auto(r1, 0x7)
accept$auto(r1, 0x0, 0x0)
sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1, 0xb}, 0x800009}, 0x5, 0x20000000)
close_range$auto(0x2, 0x8, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xff, r0, 0xda)
socket(0x2, 0x5, 0x0)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x490000, 0x0)
read$auto(r3, 0x0, 0x20)
r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3)
sysfs$auto(0x2, 0x24, 0x0)
r5 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0)
write$auto(r5, 0x0, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000015c0)={'wg1\x00'})
bpf$auto(0x0, &(0x7f0000001500)=@bpf_attr_5={@target_fd=r2, r6, 0xc, 0xffffffff, r6, @relative_id=0x1d, 0x1}, 0x10)
executing program 2:
r0 = socket(0x2, 0x801, 0x106)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x200000, 0x0)
connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55)
modify_ldt$auto(0x1, 0x0, 0x10)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
getpgrp(0x0)
openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
sysfs$auto(0x2, 0x20, 0x0)
getxattrat$auto(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, 0xb91)
setsockopt$auto(r0, 0x6, 0x3, 0x0, 0xa1)
executing program 1:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, 0x0, 0x4c2801, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20000, 0x0)
syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff)
r1 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
ioctl$auto_I2C_TENBIT(r1, 0x704, 0xfffffffffffffffd)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/dummy_hcd.7/usb8/authorized_default\x00', 0x101002, 0x0)
write$auto(r2, &(0x7f0000000000)='\x00\x00\x00\x00\x00\xab\x00\x00\x00\x00\x00\x00\x00\x00', 0x400000002)
socket(0x2, 0x6, 0x0)
r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0)
read$auto(r4, 0x0, 0x20)
setsockopt$auto_SO_PRIORITY(r0, 0x2, 0xc, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x7)
writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
r5 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
ioctl$auto(r4, 0x541c, r5)
ioctl$auto_BTRFS_IOC_SNAP_CREATE_V2(r5, 0x50009417, &(0x7f0000000240)={@raw=0xff, 0x7ff, 0x4, @unused, @subvolid=0x1})
socket(0x2, 0x1, 0x106)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0)
semget$auto(0xffffff81, 0x4, 0x7)
fadvise64$auto_POSIX_FADV_RANDOM(0xffffffffffffffff, 0xffff, 0x5915007, 0x1)
executing program 3:
r0 = socket(0x2, 0x801, 0x106)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/seq/clients\x00', 0xc0100, 0x0)
read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000e80)=""/199, 0xc7)
close_range$auto(0x2, 0x8, 0x0)
r3 = memfd_create$auto(0x0, 0xe)
r4 = socket(0x2, 0x1, 0x106)
bind$auto(0x3, &(0x7f0000000040)=@vsock={0x28, 0x0, 0x0, @local}, 0x6a)
ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, &(0x7f0000000180)={0x30000000, 0xfffffffc, 0x5, 0xbe, 0x80000001, "d91496ff265f8db6912e71d0173f6174674e98735ff51514f9e40f03c9f438cabce37cadb59ddc2435b6e787ca4f216092d53d0b60197e9be45fa05e"})
sendmmsg$auto(r4, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x7}, 0x6}, 0x5, 0x20000000)
mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000)
write$auto(0x3, 0x0, 0xfffffdef)
close_range$auto(0x2, r1, 0x0)
setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9)
connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55)
openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
write$auto(0x3, 0x0, 0x7df3)
setsockopt$auto(r0, 0x6, 0x3, 0x0, 0xa1)
executing program 0:
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vhci_hcd.11/usb32/32-0:1.0/usb32-port4/disable\x00', 0x80302, 0x0)
rt_sigaction$auto(0x36, &(0x7f0000000000)={0x0, 0x4, 0x0}, 0x0, 0x8)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x10, 0x2, 0x0)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/thread-self/net/netfilter/nf_log\x00', 0x101000, 0x0)
pread64$auto(r1, 0x0, 0x10, 0x5)
rt_sigaction$auto(0x7, &(0x7f00000005c0)={&(0x7f00000003c0)=&(0x7f0000000480)=0x3, 0x8, &(0x7f0000000580)=0x0, {0x1}}, 0x0, 0x8)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_IPVS_CMD_FLUSH(r2, &(0x7f0000001940)={0x0, 0x0, &(0x7f0000001900)={&(0x7f0000000200)={0x14, r3, 0x1, 0x70bd25, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x2400c001}, 0x4000000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
close_range$auto(0x2, 0x8, 0x0)
r4 = socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NBD_CMD_DISCONNECT(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[], 0x64}, 0x1, 0x0, 0x0, 0x80}, 0x4000000)
connect$auto(r4, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
socket(0x10, 0x2, 0x0)
socket(0x2, 0x2, 0x0)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0)
sendmsg$auto_IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004080}, 0x0)
setsockopt$auto(r0, 0x8000001, 0x1, 0x0, 0x5)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x8, 0x1ff, 0x7, 0x25, 0x4909b6f5, 0x1ffde, 0x7, 0x3, 0x9, 0x9, 0x3, 0x4, 0xfffffffffffffffe, 0xb4, 0x9, 0x8, 0x10003, 0x80, 0x10004, 0x0, 0xa, 0x22000, 0x200, 0x0, 0x84, [0x20000003, 0x3, 0x0, 0x50100000000000, 0x0, 0x2000, 0x0, 0xe, 0x70624ce7, 0x0, 0xfffffffffffffffd, 0x0, 0x4000, 0x0, 0x2, 0xfffffffffffffffd, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x1, 0x10000000000, 0xffffffffffffffff, 0x4, 0xfffffffffffeffff, 0x0, 0x292, 0x0, 0x400000000005b8, 0x9, 0x0, 0x200000000, 0x0, 0x6, 0xffffffffffffffff, 0x88e, 0x8000000000008, 0x8000000000000000, 0x9, 0xa38, 0x0, 0x3, 0xfffffffffffffffc, 0x2, 0x1, 0x4]}, 0x1fe, 0xd)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0xf7374674b920089e)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
sendmsg$auto_HANDSHAKE_CMD_ACCEPT(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x33580}}, 0x4064890)
executing program 3:
r0 = socket(0x2, 0x801, 0x106)
r1 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="1b0026bd7000fddbdf25030100000400080012000100898771f1c19f17790485908286fd00000400028023ae3843c0974b6ad3b151195e2bea91a237ad7df7baff32bb48d6477d92bea2605a2efe61bae3bc4fca2c3807a5c80b1f74161ba791b0c4c6b87be0467a4b388362faba65108c9023a569e9f2694ce8c08ea25e7953ddec4586f1808ec3e5c70128788dab3e"], 0x30}, 0x1, 0x0, 0x0, 0x44000884}, 0xc880)
mmap$auto(0x8, 0x10000000020009, 0x4000000000df, 0x17, 0x401, 0x100)
bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55)
modify_ldt$auto(0x1, 0x0, 0x10)
openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, 0x0, 0x2, 0x0)
modify_ldt$auto(0x1, &(0x7f0000000100)="703a2cd648cbfcb004aafc758a8205bdb412dc04fb21b03acd4d5d979bc8175a1e6f01e2fe5c5a69408feea0bedcbbdcf3d0cea97b9bb8db64396775e3b3a6e59f21db271445a851fb59f57eb2c1e210e8242cbe8c4e55e51b01ad356a4a7281ba3b0c805a8697542276d381763e5593c6375fa285ccdcc271fbcf6fb3c9c34f1a5b214b8c1955b9b326af08471126b9edd4578f11655ad54a8c8a5bb112c53604878b894eb45ce9ae4f0303435bf4cfda2c1ca4a34fad83f159be98691b02f108744d89fca8a10258f3bc10529bcac80cc4481bc941d7ac4741", 0x1)
unshare$auto(0x40000080)
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r3 = memfd_secret$auto(0x0)
mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0)
ftruncate$auto(0x3, 0x700)
set_mempolicy$auto(0x6, &(0x7f0000000000)=0x7e, 0x4)
write$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, 0x0, 0x0)
io_uring_setup$auto(0x6, 0x0)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
sendfile$auto(r4, r4, 0x0, 0x200)
socket(0x2b, 0x1, 0x1)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x129800, 0x0)
r5 = openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000000)='/dev/etherd/err\x00', 0x800, 0x0)
read$auto_aoe_fops_aoechr(r5, 0x0, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x24040840}, 0x94)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
executing program 0:
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
getpid()
ioperm$auto(0x2, 0x3, 0x1)
ioctl$auto_MON_IOCX_MFETCH(0xffffffffffffffff, 0xc0109207, &(0x7f00000001c0)={&(0x7f00000000c0)=0x8, 0x0, 0x1})
mmap$auto(0x0, 0x400008, 0xdf, 0xb2, 0x2, 0x8000)
sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x80)
mmap$auto(0xfffffffffffffffe, 0x8000, 0xdf, 0x10000009b71, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x5, 0x0)
ioctl$auto_IOCTL_VMCI_DATAGRAM_RECEIVE(0xffffffffffffffff, 0x7ac, 0x0)
socket(0xa, 0x801, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2c, 0x3, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0x1, 0x1, 0x6, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1008008, 0x0, 0x80000004, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804})
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x2, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0xfffffdfe, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffd]}, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
mmap$auto(0x0, 0x2020009, 0x6af1, 0x20000000000eb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
executing program 1:
mlockall$auto(0x7)
openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x40080, 0x0)
mlockall$auto(0x7)
adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffd, 0xd4, 0x1, 0x6, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x9, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804})
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xa0440, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffd]}, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000f9dbdf250100000005000d00100000000500070010000000080009009c781e2108000a000800000014001f000000000000000000c0feffff0000000014002000ff01faffffff00000000020000000000060002000100"], 0x78}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004)
move_pages$auto(0x0, 0xd0, 0x0, 0x0, 0x0, 0x2)
mmap$auto(0x9, 0x20000c3, 0x3, 0x10, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x0, 0x5, 0xa)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f0000000080))
ioctl$auto(0x3, 0x40081271, 0x38)
write$auto(0x3, 0x0, 0xfdef)
madvise$auto(0x0, 0x2003f0, 0x15)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/loop2\x00', 0x14f602, 0x0)
r3 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x703, 0x0)
write$auto_console_fops_tty_io(r3, &(0x7f0000000440)="671d264add69b6440843b6e6688a2b5ad9df2669e6f9cd236532b20ed763ac8caf4bde4c30b530ac6ebbff950e1a647d6a08a1b55dde5a409b58995648d9dca26087ede284d956395831192b0b02d4db181bad67b751c2441b5d", 0x5a)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x400000, 0x10, 0x7}, 0x18)
openat$auto_sc_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f00000001c0), 0x82000, 0x0)
executing program 0:
r0 = openat$auto_ipsec_dbg_fops_ipsec(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim0/ports/1/ipsec\x00', 0xc2040, 0x0)
r1 = socket(0x10, 0x2, 0x0)
sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x2000000}, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00', @ANYBLOB], 0x1ac}, 0x1, 0x0, 0x0, 0x40080}, 0x40000)
r2 = socket(0x1d, 0x3, 0x1)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
capget$auto(0x0, 0xfffffffffffffffe)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
socketpair$auto(0xfffffffa, 0x5, 0x8000000000000000, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
close_range$auto(0x2, 0xffffffffffffffff, 0x24)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x9)
mmap$auto(0x0, 0x400008, 0xdf, 0x18, 0x2, 0x7fff)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
r4 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
ioctl$auto(r3, 0x5609, r4)
close_range$auto(0x2, 0xffffffffffffffff, 0x0)
openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
ioctl$auto(0x3, 0x6f50, 0xffffffffffffffff)
getsockopt$auto(r2, 0x65, 0x1, 0xffffffffffffffff, 0x0)
recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0xfffffffe, 0x0, 0x5, 0x0, 0x200002, 0x8}, 0x801}, 0xfffffff9, 0x10, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptyq9\x00', 0x1, 0x0)
clock_adjtime$auto(0x1, &(0x7f0000000040)={0x9db9, 0x0, 0xb, 0x0, 0x0, 0x8000, 0xd60, 0x0, 0x0, 0x3, 0x4fd, {0x10, 0x1}, 0x3, 0x6677fb77, 0x1, 0x1, 0x0, 0x6, 0x5, 0x3, 0x10001, 0xffffffff, 0x5ab})
read$auto_ipsec_dbg_fops_ipsec(r0, 0x0, 0x0)
executing program 3:
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0)
r0 = bpf$auto(0x0, &(0x7f0000000000)=@link_update={0x2, @new_prog_fd=<r1=>0x4, 0x7, @old_prog_fd=0x8000}, 0xa3)
mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r2 = openat$auto_userio_fops_userio(0xffffffffffffff9c, &(0x7f0000000000), 0x400480, 0x0)
msgctl$auto_MSG_INFO(0x1000, 0xc, &(0x7f0000000140)={{0x10, <r3=>0xee00, 0xffffffffffffffff, 0x1, 0x95a7, 0xfff, 0x4}, &(0x7f0000000040)=0x9, &(0x7f0000000100)=0xa3, 0x8, 0xe13, 0x8000000000000001, 0x6, 0x7, 0x1, 0x6, 0x8, @raw=0x5b, @inferred=0xffffffffffffffff})
msgctl$auto_IPC_SET(0x4380d56b, 0x1, &(0x7f0000000240)={{0x1, 0x0, <r4=>0xee01, 0x0, 0x80, 0xf059, 0x1}, &(0x7f00000001c0)=0xdc, &(0x7f0000000200)=0x6, 0x7, 0x9, 0x100000001, 0x2, 0x5, 0xe, 0x7, 0x8001, @inferred=0xffffffffffffffff, @inferred=0xffffffffffffffff})
fstat$auto(r2, &(0x7f00000002c0)={0x80, 0x2, 0xdd1f, 0x0, r3, r4, 0x0, 0x2, 0x1c0000000, 0x8, 0x7fffffff, 0x4, 0x94, 0x5, 0xfffffffffffffe2d, 0xb, 0x6})
r5 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000003c0), r1)
sendmsg$auto_NL802154_CMD_SET_SHORT_ADDR(r0, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4004}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x2c, r5, 0x800, 0x70bd2d, 0x25dfdbfd, {}, [@NL802154_ATTR_CCA_MODE={0x8, 0xc, 0xe}, @NL802154_ATTR_LBT_MODE={0x5, 0x13, 0x7}, @NL802154_ATTR_CCA_OPT={0x8, 0xd, 0xa57}]}, 0x2c}, 0x1, 0x0, 0x0, 0x11}, 0x800)
r6 = open(&(0x7f0000000140)='./file0\x00', 0x220c0, 0x20)
fallocate$auto(r6, 0x3fbb061c, 0x0, 0x1)
prctl$auto(0x41, 0x0, 0x0, 0x0, 0x0)
execve$auto(0x0, 0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
memfd_create$auto(0x0, 0x12)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty12\x00', 0x800, 0x0)
r8 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
ioctl$auto(r7, 0x541c, r8)
r9 = io_uring_setup$auto(0xa, 0x0)
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x1020, 0x202, 0x10001, 0x8, r9, [], {0x6, 0x6, 0x8c48, 0x4, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0x100, 0x10000008, 0x52, 0x1, 0x1, 0x40, 0x76c4, 0x80008, 0x5}})
executing program 0:
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/neigh/bridge0/base_reachable_time_ms\x00', 0x202, 0x0)
r1 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x0, 0x0)
read$auto_tomoyo_operations_securityfs_if(r1, &(0x7f0000000040)=""/4099, 0xfd98)
pread64$auto(r1, 0x0, 0x8, 0x7f)
sendfile$auto(r0, r0, 0x0, 0x1)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_CRIT_PROTOCOL_STOP(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB="74010000", @ANYRES16=r2, @ANYBLOB], 0x174}, 0x1, 0x0, 0x0, 0x40041}, 0x810)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/snd-soc-dummy/uevent\x00', 0x0, 0x0)
read$auto(r3, 0x0, 0x20)
sendmsg$auto_TIPC_NL_PUBL_GET(0xffffffffffffffff, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f00000003c0)=ANY=[@ANYBLOB="68130000", @ANYRES16, @ANYBLOB="00012bbd7000fbdbdf25070000000a01098033d6b2f24ee018e9b9855ea5a93da0dbf50b4b8d86d9c820adfd997126489bd2546bfcc6fbff50c3bf8d7f45d1ebb9d89021906d31e536c6c0c92f519a0c83aea385552794c7882697d5a21c4da79315acddceacb346ab83e89a1645955894eef5f3c2c35e3124caac9166412cacae4bffc75d40f06baba4de4dbe5513052f62def8033ecf0fe621bc7a7f715aee786d0f3181c875c3977947736c9579f2a8135c790800c600", @ANYRES32, @ANYBLOB="59000080196ac6b1f594343c4dc2d5eef775d2121d439c6c5e3911f42e14dea873dc07df80b5c9c191ea9197af5a41b30d5154771d3aa6abf4f498dc46b03d453fad04d3d69c1f96fc9b50dbd135811b420500f4000000000000000000000501028090ad7e7c493399c9bdb07eab0d03c802000000bcb15977343e24015792742705e71447aa81a23cdbf4e082e6bf010f5ef7670f5470e766e6bc53d8ed8452c290a80750460290587d580bede006a1c8383ab532e16dcc7eb4de284f4e8fa1f60a760ace6a545c6994d2c88279d8f115b3d80c4e987920e69b02d08f85214cb693ab205b0fc92df8c19d6a9d2edb6c4e135183d735b6292a09eea9d7f9d1b607d7c133e71b699f9c5af00216c14d51a0902458349f24d076023ddea031fb7a36da788838209ab2aa125768bc0f72037b5131b8e65d4bf2306d29853432cdbcb88a434aae6c8849d6274299e692fb08007300543339e00400da000800d800", @ANYRES32, @ANYBLOB="0000002800038008005e00", @ANYRES32, @ANYBLOB="0800f000", @ANYRES32, @ANYBLOB='\b\x00>\x00', @ANYRES32, @ANYBLOB="99f3a10396e315e1f108b34d1f100980b046b622a9dd59042c88a5c2dece45bb172c8508000d00", @ANYRES32, @ANYBLOB="b2c918b3bb0ae2ae692f37b0cc89efe01ad859093422ab8d8d2b0545096c2cd8770f8bc86e30fffe3bf8815d3e27d0861d843153a501a915dc04797ef6a74bbc8d1a81492a3aa181cd3f982327724208db82d67eaa280ac2d84376f52203020ec946cd31eedccc3d49cee968706b648329601fbfe13b55d2fe9c7ab3f612c1889397217f46650544f0b9512146f71219359823e63867c8c60ec770fc07086fbb4a459b1f3306eccb4a6fca61be5f419568da8dd975e5ef50cf2878d2d39850af73f30892db996792913712911d67d0b97e0ea6f2f17a2a9bd11eb1448fa4dd61ead2b246ef9beb447db0ae5cc49c3059b440c0a8e1be3d92fb065c8f6b6b7ce52668f797d14d5a587c63430e487bf4eed22f79d4412ca618fb78817dfab24209c53457ba5a4fedd01fcb1125a7edd63a90"], 0x1368}, 0x1, 0x0, 0x0, 0x80000}, 0x20000)
pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRNM\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^B\xb8\xe4j\t3\xe4\x90\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\x00\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\xfb\xba\xb2.$\'\x1e\x82\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/250, 0x7ff, 0x39)
sysfs$auto(0x2, 0x4, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0xa0000, 0x0)
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000000040))
sysfs$auto(0x2, 0x631, 0x0)
fsopen$auto(0x0, 0x1)
fsopen$auto(0x0, 0x1)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x1, 0x100)
r1 = socket(0x2, 0x1, 0x0)
r2 = socket(0x21, 0x4, 0x9310)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a)
listen$auto(r1, 0x7)
accept$auto(r1, 0x0, 0x0)
sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1, 0xb}, 0x800009}, 0x5, 0x20000000)
close_range$auto(0x2, 0x8, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xff, r0, 0xda)
socket(0x2, 0x5, 0x0)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x490000, 0x0)
read$auto(r3, 0x0, 0x20)
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
sysfs$auto(0x2, 0x24, 0x0)
r4 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0)
write$auto(r4, 0x0, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000015c0)={'wg1\x00'})
bpf$auto(0x0, &(0x7f0000001500)=@bpf_attr_5={@target_fd=r2, r5, 0xc, 0xffffffff, r5, @relative_id=0x1d, 0x1}, 0x10)
executing program 1:
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x5, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0xa, 0x5, 0x0)
getsockopt$auto(r0, 0x84, 0x12, 0x0, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vbi29\x00', 0x1c9240, 0x0)
ioctl$auto(0x3, 0xc0285628, 0x38)
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x20009, 0xe0, 0xeb1, 0xffffffffffffffff, 0x4)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
r0 = socket(0x10, 0x2, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800)
r1 = bpf$auto(0x9, &(0x7f00000001c0)=@test={<r2=>r0, 0x10000, 0x7, 0x1000, 0x101, 0x0, 0x0, 0xfff, 0x10000, 0x8, 0x7fc00000000, 0x4, 0x4, 0x2}, 0x6f3)
sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYRES32=0x0], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000)
madvise$auto(0x0, 0x8000000000000000, 0x15)
madvise$auto(0x0, 0x1010001, 0x100000003)
clone$auto(0x3fff, 0xad3, 0x0, 0x0, 0x8)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
r3 = socket(0x2, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
close_range$auto(r1, r2, 0x3)
sendmmsg$auto(r3, 0x0, 0x5, 0x20000000)
openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000000), 0x10041, 0x0)
accept$auto(r1, &(0x7f0000000140)=@l2tp={0x2, 0x0, @broadcast, 0x3}, &(0x7f0000000280)=0x4)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
executing program 3:
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/neigh/bridge0/base_reachable_time_ms\x00', 0x202, 0x0)
r1 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x0, 0x0)
read$auto_tomoyo_operations_securityfs_if(r1, &(0x7f0000000040)=""/4099, 0xfd98)
pread64$auto(r1, 0x0, 0x8, 0x7f)
sendfile$auto(r0, r0, 0x0, 0x1)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_CRIT_PROTOCOL_STOP(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB="74010000", @ANYRES16=r2, @ANYBLOB="000127bd7000fedbdf2563000000d300c700fb9a4b6d7e9cd67807a7085b6eecbf90c5a304449a6f77cde832691aff6f37b54035e200f749db20f4895300e59c891815f4d2a35cc60e96a7ec9b096a5ede775690321abfb161984e77ba9400f18fe0cdeb0e0de8bc984958019c1f4c916be9df2e446f4f0344ed2cb2e6d7ed8d7c322398df5d07c29a3381caa43a09858c6b16c4a64357056c3d08c75a484fefd289ae485cbd3a4b6a2402ff8ccc05cad8c89cfce28f2d"], 0x174}, 0x1, 0x0, 0x0, 0x40041}, 0x810)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/snd-soc-dummy/uevent\x00', 0x0, 0x0)
read$auto(r3, 0x0, 0x20)
sendmsg$auto_TIPC_NL_PUBL_GET(0xffffffffffffffff, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f00000003c0)=ANY=[@ANYBLOB="68130000", @ANYRES16, @ANYBLOB="00012bbd7000fbdbdf25070000000a01098033d6b2f24ee018e9b9855ea5a93da0dbf50b4b8d86d9c820adfd997126489bd2546bfcc6fbff50c3bf8d7f45d1ebb9d89021906d31e536c6c0c92f519a0c83aea385552794c7882697d5a21c4da79315acddceacb346ab83e89a1645955894eef5f3c2c35e3124caac9166412cacae4bffc75d40f06baba4de4dbe5513052f62def8033ecf0fe621bc7a7f715aee786d0f3181c875c3977947736c9579f2a8135c790800c600", @ANYRES32, @ANYBLOB="59000080196ac6b1f594343c4dc2d5eef775d2121d439c6c5e3911f42e14dea873dc07df80b5c9c191ea9197af5a41b30d5154771d3aa6abf4f498dc46b03d453fad04d3d69c1f96fc9b50dbd135811b420500f4000000000000000000000501028090ad7e7c493399c9bdb07eab0d03c802000000bcb15977343e24015792742705e71447aa81a23cdbf4e082e6bf010f5ef7670f5470e766e6bc53d8ed8452c290a80750460290587d580bede006a1c8383ab532e16dcc7eb4de284f4e8fa1f60a760ace6a545c6994d2c88279d8f115b3d80c4e987920e69b02d08f85214cb693ab205b0fc92df8c19d6a9d2edb6c4e135183d735b6292a09eea9d7f9d1b607d7c133e71b699f9c5af00216c14d51a0902458349f24d076023ddea031fb7a36da788838209ab2aa125768bc0f72037b5131b8e65d4bf2306d29853432cdbcb88a434aae6c8849d6274299e692fb08007300543339e00400da000800d800", @ANYRES32, @ANYBLOB="0000002800038008005e00", @ANYRES32, @ANYBLOB="0800f000", @ANYRES32, @ANYBLOB='\b\x00>\x00', @ANYRES32, @ANYBLOB="99f3a10396e315e1f108b34d1f100980b046b622a9dd59042c88a5c2dece45bb172c8508000d00", @ANYRES32, @ANYBLOB="b2c918b3bb0ae2ae692f37b0cc89efe01ad859093422ab8d8d2b0545096c2cd8770f8bc86e30fffe3bf8815d3e27d0861d843153a501a915dc04797ef6a74bbc8d1a81492a3aa181cd3f982327724208db82d67eaa280ac2d84376f52203020ec946cd31eedccc3d49cee968706b648329601fbfe13b55d2fe9c7ab3f612c1889397217f46650544f0b9512146f71219359823e63867c8c60ec770fc07086fbb4a459b1f3306eccb4a6fca61be5f419568da8dd975e5ef50cf2878d2d39850af73f30892db996792913712911d67d0b97e0ea6f2f17a2a9bd11eb1448fa4dd61ead2b246ef9beb447db0ae5cc49c3059b440c0a8e1be3d92fb065c8f6b6b7ce52668f797d14d5a587c63430e487bf4eed22f79d4412ca618fb78817dfab24209c53457ba5a4fedd01fcb1125a7edd63a90"], 0x1368}, 0x1, 0x0, 0x0, 0x80000}, 0x20000)
pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRNM\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^B\xb8\xe4j\t3\xe4\x90\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\x00\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\xfb\xba\xb2.$\'\x1e\x82\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/250, 0x7ff, 0x39)
sysfs$auto(0x2, 0x4, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0xa0000, 0x0)
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000000040))
sysfs$auto(0x2, 0x631, 0x0)
fsopen$auto(0x0, 0x1)
fsopen$auto(0x0, 0x1)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
executing program 1:
r0 = socket(0xa, 0x1, 0x84)
r1 = getsockopt$auto(r0, 0x83, 0xe, 0x0, &(0x7f0000000040)=0x81)
r2 = openat$auto_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/stats\x00', 0x100, 0x0)
r3 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec4\x00', 0x101901, 0x0)
ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r3, 0xc05c6104, &(0x7f0000000100)={'\x00', 0xffff, 0x6, 0x2, 0x9b4, 0x9, "ce25aafc24b9952f997e703f222ce1", '\x00', "0001410c", '\x00', ["f5404de9641f0000000060c1", "70d9a9a3af9f39d000000001", "ef5ac4927ad89c5c00"]})
r4 = socket(0x15, 0x5, 0x0)
r5 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010026bd"], 0x50}, 0x1, 0x0, 0x0, 0x4048000}, 0x0)
openat$auto_trace_options_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/options/blk_classic\x00', 0x4000, 0x0)
r6 = socket(0x10, 0x2, 0x6)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
ioctl$auto(0xffffffffffffffff, 0x4b47, 0x1)
sendmmsg$auto(r6, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000040), 0x7, 0xa505}, 0x800}, 0x5, 0x400a)
r7 = syz_genetlink_get_family_id$auto_thermal(&(0x7f00000000c0), r0)
sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TEMP(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000001c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB="9b3de62820c0a8f60b7ca3ece37a7a127037c8224d5aa1ef29fdf0294449f94a483995f16d8c308a1dc31345bddc60b3710fe19d5a0cbe31f9495538ec1fba263ee97fe1411825c559f12b9f8233d10e59ea23fbe89f77f27e645bf379ca6a22f9c26da4f748cedcfcee3fccd1e36def0eab0b0a708c4a5431e696a7983c3bd216c64ae2138715c60838c91e8b0cb266fdb1a9f06185240b455f293a0e56891f5438254f7958fd77b7b29752faf576031aa359e93b3e", @ANYRES16=r7, @ANYBLOB="000328bd7000fddbdf250300000008000c000d0000000800080006ab720508001b000180000008000600faffffff"], 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
setsockopt$auto(r4, 0x114, 0x6, 0x0, 0x8000002)
pread64$auto(r2, &(0x7f0000002f00)='@[}\xf5', 0x2, 0x3)
socket(0x1d, 0x3, 0x1)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x2020009, 0x3, 0x400000eb1, 0xfffffffffffffffa, 0x8000)
setresuid$auto(0x8, 0x8, 0x0)
r8 = openat$auto_adf_ctl_ops_adf_ctl_drv(0xffffffffffffff9c, &(0x7f0000000140), 0x800, 0x0)
ioctl$auto_IOCTL_STOP_ACCEL_DEV(r8, 0x40096101, &(0x7f0000000000)={@config_section=&(0x7f0000000380)={"4af387e27933efe4486ea152ed1bd584803219d16d909a29dabb36c941e95a6fdfd91593c1a034abb9176fb953516b42811b70af57618d36f37c698878a45474", @params=&(0x7f0000000040)={"ba12dfd4ed860897de861ff47fd55e8bd29d109d66e6db0d60d8d394f81ef6fc063914d45e70015b5ff95839cbc226ebaf801c18a010254559ebdc4384148e66", "670c509a0be9d98655fb7a968381651a7065ee6a7982a3dbc6efcd81cf4130b0b1676e8894eb3d7d28d2dcb5775918f7cecfa7a1c35f294280b1352343ad7946", @padding3, 0x2}, @next=&(0x7f0000000300)={"8260260e6df0d183c8fe6ea3ccd2090b8713708aeaa2c690a087a4eb3d2175e71d71b88739d7fb4cdf221c5fc8ddb689ebbde8cf0c594712e96ce2e4508902ae", @params=&(0x7f0000000240)={"858ea6bd30a13771228de82f4a55348c74600d908fdf9fa07fd52f84ae6b190fa6924601b42bab94d388ba7d83380b031a8b9b9a8e3d69c793c03dddb9e5a9b9", "972e1489d9c6fa2135368fe72e4ddfaf4a86a3b9e26c8ec9c00fe558d73a46289607835bb7b657ccd7361fdb482683c80a3fd4b35bf20a13e44f8e46776c4280", @next=&(0x7f0000000180)={"94bd6da3d2079bdc60823b0d5d43a85dd0526a68bd43041dab442cb73fea7a5532a5822e5f6848daf7552370e2c19b186205023698e53113ed6126b2cdbeb466", "48637d57da8c94a97aa8c07d727ddcc53a6e35b9acbee6588a640a615fc0c2bd5b2f2935dba4decf557241f96e06cfd2205158b5fc31f0d71165094ed1c407a6", @next, 0x1}}, @padding3}}, 0xfe})
ioctl$auto_SNDRV_PCM_IOCTL_WRITEN_FRAMES2(0xffffffffffffffff, 0x40184152, &(0x7f00000004c0)={0x7fff, &(0x7f0000000100)=&(0x7f0000000400)="0199e0a8449141cc1a27ea4176b3bb1aa2b710a9caf1272e7cfeb204980a0ce0cb8fc6d1b8c1e984a9f133e11398bb82218a61439111efaaff7ce873c6ddd326072439c355cec48f0b41af934960842bac0e9e616d1a65f34a1772796067f6def3493f40e3a501c33c909ce631d8a17cc64e70a2d117628dac9f8bb198244618589032ae7b81e8ea1d9a7d5bbf05202df16bedd6314c3e63876d108b", 0x5})
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000540), 0xffffffffffffffff)
semctl$auto_SETVAL(0xfff, 0x8, 0x10, 0x9)
msgctl$auto_IPC_STAT(0x7, 0x2, &(0x7f0000000600)={{0x72, 0xee00, 0xee00, 0x3, 0x7, 0x0, 0x7}, &(0x7f0000000580)=0x5, &(0x7f00000005c0)=0x9, 0xfff, 0x31de, 0x1, 0x2, 0x7, 0x2, 0x2, 0x8, @inferred=0xffffffffffffffff, @raw=0x1})
executing program 3:
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(r0, 0x0, 0x2, 0x0)
mmap$auto(0x0, 0x20009, 0x7, 0xeb1, 0x405, 0x8000)
statmount$auto(0x0, 0x0, 0x227, 0x0)
r1 = open(&(0x7f0000000040)='./file0\x00', 0x40841, 0x8)
write$auto(r1, 0x0, 0xeffd)
madvise$auto(0x7ff, 0xfffffffffffefffd, 0x15)
sysfs$auto(0x2, 0x10000000000002a, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
socket(0xa, 0x1, 0x84)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000340)='/proc/fs/lockd/nlm_end_grace\x00', 0x48041, 0x0)
lseek$auto(0x3, 0x7fffffffffffffff, 0x1)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54)
madvise$auto(0x110c230000, 0x8031ca, 0x9)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
madvise$auto(0x0, 0xfffffffffffefffd, 0x17)
r2 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cec27\x00', 0x80200, 0x0)
ioctl$auto_CEC_S_MODE(r2, 0x40046109, &(0x7f0000000140)=0x47ee)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x3, 0x0)
madvise$auto(0x0, 0x20499d, 0x9)
futex_waitv$auto(&(0x7f0000000000)={0x8, 0x5d94, 0x4, 0x4}, 0x77, 0x0, 0x0, 0x62bd)
madvise$auto(0x108000, 0x800034, 0x9)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000)
write$auto(0x3, 0x0, 0xfdef)
close_range$auto(0x2, 0x8, 0x0)
executing program 0:
rt_sigaction$auto(0x4, 0x0, &(0x7f0000000340)={0x0, 0x4, 0x0, {0x6}}, 0x8)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
syz_clone3(&(0x7f0000000380)={0x80000, 0x0, 0x0, 0x0, {0x14}, 0x0, 0x0, 0x0, 0x0}, 0x58)
capget$auto(0x0, 0xfffffffffffffffe)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000140)={[0x0, 0x7, 0xd, 0x1, 0x948b, 0x4460, 0x15f4da0a, 0x1, 0x3, 0x7f, 0x80000004, 0x7, 0x0, 0x5, 0x0, 0xfffffffffffffffc]}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001140)='/sys/kernel/mm/ksm/advisor_max_pages_to_scan\x00', 0x20b42, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000000)=""/236, 0xec)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)
capset$auto(0x0, &(0x7f0000000000)={0x3, 0x7, 0x2})
r1 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x80800, 0x0)
read$auto(r1, 0x0, 0x39b8)
executing program 1:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(0x4, 0x88, 0x1, &(0x7f0000000000)='!/*:(*\'\x00', 0xe)
syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f00000000c0), r0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
sysfs$auto(0x2, 0x100001000000032, 0x0)
r1 = fsopen$auto(0x0, 0x1)
fsconfig$auto_SHMEM_HUGE_NEVER(r1, 0x3, &(0x7f0000001640)='+\x00', &(0x7f0000001680)="df", 0x0)
ioctl$auto(0xc8, 0x401054d6, 0x5c8d)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram5\x00', 0x2000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
socketpair$auto(0x5, 0x2, 0x7, 0x0)
mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x300000000000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r2 = socket(0x2, 0x2, 0x1)
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1f, r2, 0x10000}, 0x10)
io_uring_setup$auto(0x1, 0x0)
bpf$auto(0x4, 0x0, 0x13)
r3 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/trace_options\x00', 0x80201, 0x0)
write$auto(r3, 0x0, 0x0)
r4 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r4, 0x0, 0xe)
waitid$auto_P_PGID(0x2, 0xffffffffffffffff, &(0x7f0000000000)={@siginfo_0_0={0x2, 0x9, 0x1, @_rt={<r5=>0x0, 0xee01, @sival_int=0x10000}}}, 0x3, &(0x7f0000000080)={{0x1, 0x8000000000000001}, {0x830, 0xf}, 0x5, 0x0, 0xfffffffffffffffd, 0x1000, 0x5, 0xc3, 0x1000, 0x9, 0x9, 0x48a3, 0x7, 0x2, 0xd, 0x3})
prctl$auto_PR_SET_CHILD_SUBREAPER(0x24, 0x9, r5, 0x7, 0x100000000)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket-setsockopt$auto-syz_genetlink_get_family_id$auto_nlbl_cipsov4-mmap$auto-sysfs$auto-fsopen$auto-fsconfig$auto_SHMEM_HUGE_NEVER-ioctl$auto-openat$auto_def_blk_fops_fs-mmap$auto-socketpair$auto-mmap$auto-close_range$auto-socket-bpf$auto-io_uring_setup$auto-bpf$auto-openat$auto_tracing_iter_fops_trace-write$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto-waitid$auto_P_PGID-prctl$auto_PR_SET_CHILD_SUBREAPER
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(0x4, 0x88, 0x1, &(0x7f0000000000)='!/*:(*\'\x00', 0xe)
syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f00000000c0), r0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
sysfs$auto(0x2, 0x100001000000032, 0x0)
r1 = fsopen$auto(0x0, 0x1)
fsconfig$auto_SHMEM_HUGE_NEVER(r1, 0x3, &(0x7f0000001640)='+\x00', &(0x7f0000001680)="df", 0x0)
ioctl$auto(0xc8, 0x401054d6, 0x5c8d)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram5\x00', 0x2000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
socketpair$auto(0x5, 0x2, 0x7, 0x0)
mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x300000000000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r2 = socket(0x2, 0x2, 0x1)
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1f, r2, 0x10000}, 0x10)
io_uring_setup$auto(0x1, 0x0)
bpf$auto(0x4, 0x0, 0x13)
r3 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/trace_options\x00', 0x80201, 0x0)
write$auto(r3, 0x0, 0x0)
r4 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r4, 0x0, 0xe)
waitid$auto_P_PGID(0x2, 0xffffffffffffffff, &(0x7f0000000000)={@siginfo_0_0={0x2, 0x9, 0x1, @_rt={<r5=>0x0, 0xee01, @sival_int=0x10000}}}, 0x3, &(0x7f0000000080)={{0x1, 0x8000000000000001}, {0x830, 0xf}, 0x5, 0x0, 0xfffffffffffffffd, 0x1000, 0x5, 0xc3, 0x1000, 0x9, 0x9, 0x48a3, 0x7, 0x2, 0xd, 0x3})
prctl$auto_PR_SET_CHILD_SUBREAPER(0x24, 0x9, r5, 0x7, 0x100000000)

program did not crash
single: failed to extract reproducer
bisect: bisecting 24 programs with base timeout 1m40s
testing program (duration=1m46s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [30, 22, 2, 3, 21, 29, 17, 23, 22, 27, 30, 22, 30, 29, 22, 22, 29, 6, 21, 22, 30, 27, 15, 24]
detailed listing:
executing program 2:
mmap$auto(0x0, 0x8000000002020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto(0xffffffffffffffff, 0x0, 0x0)
madvise$auto(0x0, 0x200007, 0x19)
remap_file_pages$auto(0x3, 0x1000, 0x0, 0x3, 0x4)
futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0)
openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000003c00), 0x1a9901, 0x0)
r0 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_OVS_FLOW_CMD_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010029bd700002dcdf250300000004000800180001801400108008000800e000000108000f00", @ANYRES32=0x0, @ANYBLOB="8c77e93f3ff828ae376c6c4f8ddfa7a7292f7acde7520ae4cc947bc96b2a6f9ee820037b5934c160dc052ff0b1a98f0ccf73f5d380fc21c62a51cd770fa3dd819d0340d91653ce60ba124e19cd919482fb1944712a7c6a35065e5ad481a052ad079df1b9c25cfd52c9047c83a7d4d81234af85a02f8d729f5579d026f1c37a3c08fda10ddbbea24fc884851ae02eb04bd71040ecfdadd47fbe901a688e48587d59553fc5a6b2ae30d03185bef769bee8abeec9cae067b1183eb0c5286123294b9e81b8ec2a4eec2a6eb95a7fe0118c26c06b1749e05d2a6510da2b17d79be801828350a9575f7ad679f358b7a40a85487ddb491fa4e5c33a3df549711774061c601a0059250b8ca7fa69bbd443e9a31a97a8adc1b44c59cb9a8787c487d9618a38043ce01b9b02e5d1360aa39ab575221c576a9918c925693fd47fffb85ad5d293e676781f95425a186ae3cf63baee390bba1d086e9e3f362b83"], 0x30}, 0x1, 0x0, 0x0, 0x200400f0}, 0x800)
close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0xa)
mmap$auto(0x9, 0x8000000000000000, 0x0, 0x15, 0xffffffffffffffff, 0x4)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mprotect$auto(0x1000, 0x400000, 0x4)
madvise$auto(0x0, 0x2003f0, 0x15)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x10000000000002d, 0x0)
fsopen$auto(0x0, 0x1)
close_range$auto(0x2, 0x8000, 0x0)
mlock$auto(0x5, 0xffff)
r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x20b42, 0x0)
ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000180))
write$auto(r2, &(0x7f0000000040)='7\x00\\\x80\x04|\x03\xcb\x12\xfa\b\x1c\xc7k\x00\x0e\v9\xb5j\x00\x04\xc8\x1fa\x1c\x1a\x05 \xfdr/D\xbf\x98\x06\xe5\xf6\x8d\x1fX\xe5\xbc\xbc\"}$', 0x7fffffff)
socket(0x1d, 0x2, 0x7)
r3 = socket(0x0, 0x80b, 0x7)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'vcan0\x00'})
bind$auto(0x3, &(0x7f0000000040)=@l2={0x1f, 0xfff, @none, 0x3, 0x2}, 0x6a)
connect$auto(0x3, &(0x7f00000018c0)=@can, 0x18)
write$auto(0x3, 0x0, 0xfdef)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
ioctl$auto_XFS_IOC_ALLOCSP64(0xffffffffffffffff, 0x40305824, &(0x7f0000000100)={0x2, 0x50, 0xf2, 0x6, 0xfffffff7, 0xffffffffffffffff})
executing program 2:
r0 = socket(0x2, 0x801, 0x106)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/seq/clients\x00', 0xc0100, 0x0)
read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000e80)=""/199, 0xc7)
close_range$auto(0x2, 0x8, 0x0)
r3 = memfd_create$auto(0x0, 0xe)
r4 = socket(0x2, 0x1, 0x106)
bind$auto(0x3, &(0x7f0000000040)=@vsock={0x28, 0x0, 0x0, @local}, 0x6a)
ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, &(0x7f0000000180)={0x30000000, 0xfffffffc, 0x5, 0xbe, 0x80000001, "d91496ff265f8db6912e71d0173f6174674e98735ff51514f9e40f03c9f438cabce37cadb59ddc2435b6e787ca4f216092d53d0b60197e9be45fa05e"})
sendmmsg$auto(r4, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x7}, 0x6}, 0x5, 0x20000000)
mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000)
write$auto(0x3, 0x0, 0xfffffdef)
close_range$auto(0x2, r1, 0x0)
setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9)
connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55)
openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
write$auto(0x3, 0x0, 0x7df3)
setsockopt$auto(r0, 0x6, 0x3, 0x0, 0xa1)
executing program 2:
r0 = openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/kvm/pf_mmio_spte_created\x00', 0x2002, 0x0)
read$auto_stat_fops_per_vm_kvm_main(r0, 0x0, 0x0)
executing program 2:
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x8000, 0x0)
r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0)
ioctl$auto(r1, 0xc0045520, r0)
executing program 2:
mmap$auto(0x0, 0x2020009, 0x3, 0x200000000000eb1, 0xfffffffffffffffb, 0x8000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd11/integrity/tag_size\x00', 0x0, 0x0)
read$auto(r0, &(0x7f00000000c0)='/sys/devices/platform/vhci_hcd.7/usb23/23-0:1.0/ep_81/interval\x00', 0x3)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ram12\x00', 0x129380, 0x0)
ioctl$auto(r1, 0x301, r1)
close_range$auto(0x2, 0x8, 0x0)
getcwd$auto(0x0, 0x4fec)
socket(0xa, 0x5, 0x0)
socket(0xa, 0x801, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
shmctl$auto_IPC_RMID(0x400, 0x0, &(0x7f00000001c0)={{0x0, <r2=>0xee01, 0x0, 0xc, 0x5, 0x3c43caa8, 0x1}, 0x7, 0x2, 0x6, 0x2, @inferred=0xffffffffffffffff, @inferred=0xffffffffffffffff, 0x5, 0x0, &(0x7f0000000140)="a704ff78fd37ad6a58ae2a9b0ff8f806b2c0c09a5739d0e0265b57791043", &(0x7f0000000180)="78c5114a406028b67ad6dd1383904d44"})
r3 = setfsgid$auto(0xee01)
ioctl$auto_BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000240)={"61cc9ac49883d09ce22bfb3d3d77875ecfd63bd68228aac4c2b3a4478c4efe17", 0x9, 0x5, 0xd, 0x7, 0x40f5, <r4=>0x0})
shmctl$auto(0x4, 0x6, &(0x7f0000000400)={{0xb, r2, r3, 0x2, 0x2, 0xdd9}, 0x8, 0x5, 0x81, 0x9, @raw=0x9, @inferred=r4, 0x5, 0x0, &(0x7f00000002c0)="6fb1347bee4548e9fce67ed384bbc7c10bf432dd1020a1649aeb1a305b940ae9cc318b39d93b9028e52d1918e0c5b988213710da8c26", &(0x7f0000000300)="4784344ad908e076fea01c845f74e1836cf7c547e1204725573a3243913fb002f51f2092d0c709a236143f1b447ea47cb1b3e00ef867102fef5787dd9e0ab5f098baaf563fdc228316bf0aed023bb9833ba52092ad42e31696ae9b70af03a44076eeca98d82befcb933bb2e8b768a8f31db4be92557eb100890ef7e0e6ad808c07a011628a26f784cbff28154b1d94e16b66d8d9c5d0e40f72893ea5a0d7237f8401322cf6172fb60f312faa31344f41e9e803edfff91ab1174f2f3f68773aa30e0f0c7a046d69b864ea3486"})
move_pages$auto(0xffffffffffffffff, 0x1002000000000003, 0x0, 0x0, 0x0, 0x8000400000000000)
close_range$auto(0x2, 0x8000, 0x0)
r5 = openat$auto_safesetid_uid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000040), 0x161100, 0x0)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000480)='/dev/usbmon33\x00', 0x4000, 0x0)
keyctl$auto(0x4, 0xfffffffe, 0xfffffffffffffffe, 0x0, 0xe)
read$auto_safesetid_uid_file_fops_securityfs(r5, 0x0, 0x0)
executing program 1:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x1, 0x100)
r1 = socket(0x2, 0x1, 0x0)
r2 = socket(0x21, 0x4, 0x9310)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a)
listen$auto(r1, 0x7)
accept$auto(r1, 0x0, 0x0)
sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1, 0xb}, 0x800009}, 0x5, 0x20000000)
close_range$auto(0x2, 0x8, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xff, r0, 0xda)
socket(0x2, 0x5, 0x0)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x490000, 0x0)
read$auto(r3, 0x0, 0x20)
r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3)
sysfs$auto(0x2, 0x24, 0x0)
r5 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0)
write$auto(r5, 0x0, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000015c0)={'wg1\x00'})
bpf$auto(0x0, &(0x7f0000001500)=@bpf_attr_5={@target_fd=r2, r6, 0xc, 0xffffffff, r6, @relative_id=0x1d, 0x1}, 0x10)
executing program 2:
r0 = socket(0x2, 0x801, 0x106)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x200000, 0x0)
connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55)
modify_ldt$auto(0x1, 0x0, 0x10)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
getpgrp(0x0)
openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
sysfs$auto(0x2, 0x20, 0x0)
getxattrat$auto(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, 0xb91)
setsockopt$auto(r0, 0x6, 0x3, 0x0, 0xa1)
executing program 1:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, 0x0, 0x4c2801, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20000, 0x0)
syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff)
r1 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
ioctl$auto_I2C_TENBIT(r1, 0x704, 0xfffffffffffffffd)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/dummy_hcd.7/usb8/authorized_default\x00', 0x101002, 0x0)
write$auto(r2, &(0x7f0000000000)='\x00\x00\x00\x00\x00\xab\x00\x00\x00\x00\x00\x00\x00\x00', 0x400000002)
socket(0x2, 0x6, 0x0)
r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0)
read$auto(r4, 0x0, 0x20)
setsockopt$auto_SO_PRIORITY(r0, 0x2, 0xc, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x7)
writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
r5 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
ioctl$auto(r4, 0x541c, r5)
ioctl$auto_BTRFS_IOC_SNAP_CREATE_V2(r5, 0x50009417, &(0x7f0000000240)={@raw=0xff, 0x7ff, 0x4, @unused, @subvolid=0x1})
socket(0x2, 0x1, 0x106)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0)
semget$auto(0xffffff81, 0x4, 0x7)
fadvise64$auto_POSIX_FADV_RANDOM(0xffffffffffffffff, 0xffff, 0x5915007, 0x1)
executing program 3:
r0 = socket(0x2, 0x801, 0x106)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/seq/clients\x00', 0xc0100, 0x0)
read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000e80)=""/199, 0xc7)
close_range$auto(0x2, 0x8, 0x0)
r3 = memfd_create$auto(0x0, 0xe)
r4 = socket(0x2, 0x1, 0x106)
bind$auto(0x3, &(0x7f0000000040)=@vsock={0x28, 0x0, 0x0, @local}, 0x6a)
ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, &(0x7f0000000180)={0x30000000, 0xfffffffc, 0x5, 0xbe, 0x80000001, "d91496ff265f8db6912e71d0173f6174674e98735ff51514f9e40f03c9f438cabce37cadb59ddc2435b6e787ca4f216092d53d0b60197e9be45fa05e"})
sendmmsg$auto(r4, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x7}, 0x6}, 0x5, 0x20000000)
mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000)
write$auto(0x3, 0x0, 0xfffffdef)
close_range$auto(0x2, r1, 0x0)
setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9)
connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55)
openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
write$auto(0x3, 0x0, 0x7df3)
setsockopt$auto(r0, 0x6, 0x3, 0x0, 0xa1)
executing program 0:
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vhci_hcd.11/usb32/32-0:1.0/usb32-port4/disable\x00', 0x80302, 0x0)
rt_sigaction$auto(0x36, &(0x7f0000000000)={0x0, 0x4, 0x0}, 0x0, 0x8)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x10, 0x2, 0x0)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/thread-self/net/netfilter/nf_log\x00', 0x101000, 0x0)
pread64$auto(r1, 0x0, 0x10, 0x5)
rt_sigaction$auto(0x7, &(0x7f00000005c0)={&(0x7f00000003c0)=&(0x7f0000000480)=0x3, 0x8, &(0x7f0000000580)=0x0, {0x1}}, 0x0, 0x8)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_IPVS_CMD_FLUSH(r2, &(0x7f0000001940)={0x0, 0x0, &(0x7f0000001900)={&(0x7f0000000200)={0x14, r3, 0x1, 0x70bd25, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x2400c001}, 0x4000000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
close_range$auto(0x2, 0x8, 0x0)
r4 = socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NBD_CMD_DISCONNECT(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[], 0x64}, 0x1, 0x0, 0x0, 0x80}, 0x4000000)
connect$auto(r4, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
socket(0x10, 0x2, 0x0)
socket(0x2, 0x2, 0x0)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0)
sendmsg$auto_IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004080}, 0x0)
setsockopt$auto(r0, 0x8000001, 0x1, 0x0, 0x5)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x8, 0x1ff, 0x7, 0x25, 0x4909b6f5, 0x1ffde, 0x7, 0x3, 0x9, 0x9, 0x3, 0x4, 0xfffffffffffffffe, 0xb4, 0x9, 0x8, 0x10003, 0x80, 0x10004, 0x0, 0xa, 0x22000, 0x200, 0x0, 0x84, [0x20000003, 0x3, 0x0, 0x50100000000000, 0x0, 0x2000, 0x0, 0xe, 0x70624ce7, 0x0, 0xfffffffffffffffd, 0x0, 0x4000, 0x0, 0x2, 0xfffffffffffffffd, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x1, 0x10000000000, 0xffffffffffffffff, 0x4, 0xfffffffffffeffff, 0x0, 0x292, 0x0, 0x400000000005b8, 0x9, 0x0, 0x200000000, 0x0, 0x6, 0xffffffffffffffff, 0x88e, 0x8000000000008, 0x8000000000000000, 0x9, 0xa38, 0x0, 0x3, 0xfffffffffffffffc, 0x2, 0x1, 0x4]}, 0x1fe, 0xd)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0xf7374674b920089e)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
sendmsg$auto_HANDSHAKE_CMD_ACCEPT(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x33580}}, 0x4064890)
executing program 3:
r0 = socket(0x2, 0x801, 0x106)
r1 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="1b0026bd7000fddbdf25030100000400080012000100898771f1c19f17790485908286fd00000400028023ae3843c0974b6ad3b151195e2bea91a237ad7df7baff32bb48d6477d92bea2605a2efe61bae3bc4fca2c3807a5c80b1f74161ba791b0c4c6b87be0467a4b388362faba65108c9023a569e9f2694ce8c08ea25e7953ddec4586f1808ec3e5c70128788dab3e"], 0x30}, 0x1, 0x0, 0x0, 0x44000884}, 0xc880)
mmap$auto(0x8, 0x10000000020009, 0x4000000000df, 0x17, 0x401, 0x100)
bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55)
modify_ldt$auto(0x1, 0x0, 0x10)
openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, 0x0, 0x2, 0x0)
modify_ldt$auto(0x1, &(0x7f0000000100)="703a2cd648cbfcb004aafc758a8205bdb412dc04fb21b03acd4d5d979bc8175a1e6f01e2fe5c5a69408feea0bedcbbdcf3d0cea97b9bb8db64396775e3b3a6e59f21db271445a851fb59f57eb2c1e210e8242cbe8c4e55e51b01ad356a4a7281ba3b0c805a8697542276d381763e5593c6375fa285ccdcc271fbcf6fb3c9c34f1a5b214b8c1955b9b326af08471126b9edd4578f11655ad54a8c8a5bb112c53604878b894eb45ce9ae4f0303435bf4cfda2c1ca4a34fad83f159be98691b02f108744d89fca8a10258f3bc10529bcac80cc4481bc941d7ac4741", 0x1)
unshare$auto(0x40000080)
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r3 = memfd_secret$auto(0x0)
mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0)
ftruncate$auto(0x3, 0x700)
set_mempolicy$auto(0x6, &(0x7f0000000000)=0x7e, 0x4)
write$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, 0x0, 0x0)
io_uring_setup$auto(0x6, 0x0)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
sendfile$auto(r4, r4, 0x0, 0x200)
socket(0x2b, 0x1, 0x1)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x129800, 0x0)
r5 = openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000000)='/dev/etherd/err\x00', 0x800, 0x0)
read$auto_aoe_fops_aoechr(r5, 0x0, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x24040840}, 0x94)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
executing program 0:
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
getpid()
ioperm$auto(0x2, 0x3, 0x1)
ioctl$auto_MON_IOCX_MFETCH(0xffffffffffffffff, 0xc0109207, &(0x7f00000001c0)={&(0x7f00000000c0)=0x8, 0x0, 0x1})
mmap$auto(0x0, 0x400008, 0xdf, 0xb2, 0x2, 0x8000)
sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x80)
mmap$auto(0xfffffffffffffffe, 0x8000, 0xdf, 0x10000009b71, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x5, 0x0)
ioctl$auto_IOCTL_VMCI_DATAGRAM_RECEIVE(0xffffffffffffffff, 0x7ac, 0x0)
socket(0xa, 0x801, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2c, 0x3, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0x1, 0x1, 0x6, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1008008, 0x0, 0x80000004, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804})
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x2, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0xfffffdfe, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffd]}, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
mmap$auto(0x0, 0x2020009, 0x6af1, 0x20000000000eb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
executing program 1:
mlockall$auto(0x7)
openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x40080, 0x0)
mlockall$auto(0x7)
adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffd, 0xd4, 0x1, 0x6, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x9, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804})
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xa0440, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffd]}, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000f9dbdf250100000005000d00100000000500070010000000080009009c781e2108000a000800000014001f000000000000000000c0feffff0000000014002000ff01faffffff00000000020000000000060002000100"], 0x78}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004)
move_pages$auto(0x0, 0xd0, 0x0, 0x0, 0x0, 0x2)
mmap$auto(0x9, 0x20000c3, 0x3, 0x10, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x0, 0x5, 0xa)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f0000000080))
ioctl$auto(0x3, 0x40081271, 0x38)
write$auto(0x3, 0x0, 0xfdef)
madvise$auto(0x0, 0x2003f0, 0x15)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/loop2\x00', 0x14f602, 0x0)
r3 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x703, 0x0)
write$auto_console_fops_tty_io(r3, &(0x7f0000000440)="671d264add69b6440843b6e6688a2b5ad9df2669e6f9cd236532b20ed763ac8caf4bde4c30b530ac6ebbff950e1a647d6a08a1b55dde5a409b58995648d9dca26087ede284d956395831192b0b02d4db181bad67b751c2441b5d", 0x5a)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x400000, 0x10, 0x7}, 0x18)
openat$auto_sc_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f00000001c0), 0x82000, 0x0)
executing program 0:
r0 = openat$auto_ipsec_dbg_fops_ipsec(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim0/ports/1/ipsec\x00', 0xc2040, 0x0)
r1 = socket(0x10, 0x2, 0x0)
sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x2000000}, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00', @ANYBLOB], 0x1ac}, 0x1, 0x0, 0x0, 0x40080}, 0x40000)
r2 = socket(0x1d, 0x3, 0x1)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
capget$auto(0x0, 0xfffffffffffffffe)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
socketpair$auto(0xfffffffa, 0x5, 0x8000000000000000, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
close_range$auto(0x2, 0xffffffffffffffff, 0x24)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x9)
mmap$auto(0x0, 0x400008, 0xdf, 0x18, 0x2, 0x7fff)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
r4 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
ioctl$auto(r3, 0x5609, r4)
close_range$auto(0x2, 0xffffffffffffffff, 0x0)
openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
ioctl$auto(0x3, 0x6f50, 0xffffffffffffffff)
getsockopt$auto(r2, 0x65, 0x1, 0xffffffffffffffff, 0x0)
recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0xfffffffe, 0x0, 0x5, 0x0, 0x200002, 0x8}, 0x801}, 0xfffffff9, 0x10, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptyq9\x00', 0x1, 0x0)
clock_adjtime$auto(0x1, &(0x7f0000000040)={0x9db9, 0x0, 0xb, 0x0, 0x0, 0x8000, 0xd60, 0x0, 0x0, 0x3, 0x4fd, {0x10, 0x1}, 0x3, 0x6677fb77, 0x1, 0x1, 0x0, 0x6, 0x5, 0x3, 0x10001, 0xffffffff, 0x5ab})
read$auto_ipsec_dbg_fops_ipsec(r0, 0x0, 0x0)
executing program 3:
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0)
r0 = bpf$auto(0x0, &(0x7f0000000000)=@link_update={0x2, @new_prog_fd=<r1=>0x4, 0x7, @old_prog_fd=0x8000}, 0xa3)
mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r2 = openat$auto_userio_fops_userio(0xffffffffffffff9c, &(0x7f0000000000), 0x400480, 0x0)
msgctl$auto_MSG_INFO(0x1000, 0xc, &(0x7f0000000140)={{0x10, <r3=>0xee00, 0xffffffffffffffff, 0x1, 0x95a7, 0xfff, 0x4}, &(0x7f0000000040)=0x9, &(0x7f0000000100)=0xa3, 0x8, 0xe13, 0x8000000000000001, 0x6, 0x7, 0x1, 0x6, 0x8, @raw=0x5b, @inferred=0xffffffffffffffff})
msgctl$auto_IPC_SET(0x4380d56b, 0x1, &(0x7f0000000240)={{0x1, 0x0, <r4=>0xee01, 0x0, 0x80, 0xf059, 0x1}, &(0x7f00000001c0)=0xdc, &(0x7f0000000200)=0x6, 0x7, 0x9, 0x100000001, 0x2, 0x5, 0xe, 0x7, 0x8001, @inferred=0xffffffffffffffff, @inferred=0xffffffffffffffff})
fstat$auto(r2, &(0x7f00000002c0)={0x80, 0x2, 0xdd1f, 0x0, r3, r4, 0x0, 0x2, 0x1c0000000, 0x8, 0x7fffffff, 0x4, 0x94, 0x5, 0xfffffffffffffe2d, 0xb, 0x6})
r5 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000003c0), r1)
sendmsg$auto_NL802154_CMD_SET_SHORT_ADDR(r0, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4004}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x2c, r5, 0x800, 0x70bd2d, 0x25dfdbfd, {}, [@NL802154_ATTR_CCA_MODE={0x8, 0xc, 0xe}, @NL802154_ATTR_LBT_MODE={0x5, 0x13, 0x7}, @NL802154_ATTR_CCA_OPT={0x8, 0xd, 0xa57}]}, 0x2c}, 0x1, 0x0, 0x0, 0x11}, 0x800)
r6 = open(&(0x7f0000000140)='./file0\x00', 0x220c0, 0x20)
fallocate$auto(r6, 0x3fbb061c, 0x0, 0x1)
prctl$auto(0x41, 0x0, 0x0, 0x0, 0x0)
execve$auto(0x0, 0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
memfd_create$auto(0x0, 0x12)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty12\x00', 0x800, 0x0)
r8 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
ioctl$auto(r7, 0x541c, r8)
r9 = io_uring_setup$auto(0xa, 0x0)
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x1020, 0x202, 0x10001, 0x8, r9, [], {0x6, 0x6, 0x8c48, 0x4, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0x100, 0x10000008, 0x52, 0x1, 0x1, 0x40, 0x76c4, 0x80008, 0x5}})
executing program 0:
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/neigh/bridge0/base_reachable_time_ms\x00', 0x202, 0x0)
r1 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x0, 0x0)
read$auto_tomoyo_operations_securityfs_if(r1, &(0x7f0000000040)=""/4099, 0xfd98)
pread64$auto(r1, 0x0, 0x8, 0x7f)
sendfile$auto(r0, r0, 0x0, 0x1)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_CRIT_PROTOCOL_STOP(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB="74010000", @ANYRES16=r2, @ANYBLOB], 0x174}, 0x1, 0x0, 0x0, 0x40041}, 0x810)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/snd-soc-dummy/uevent\x00', 0x0, 0x0)
read$auto(r3, 0x0, 0x20)
sendmsg$auto_TIPC_NL_PUBL_GET(0xffffffffffffffff, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f00000003c0)=ANY=[@ANYBLOB="68130000", @ANYRES16, @ANYBLOB="00012bbd7000fbdbdf25070000000a01098033d6b2f24ee018e9b9855ea5a93da0dbf50b4b8d86d9c820adfd997126489bd2546bfcc6fbff50c3bf8d7f45d1ebb9d89021906d31e536c6c0c92f519a0c83aea385552794c7882697d5a21c4da79315acddceacb346ab83e89a1645955894eef5f3c2c35e3124caac9166412cacae4bffc75d40f06baba4de4dbe5513052f62def8033ecf0fe621bc7a7f715aee786d0f3181c875c3977947736c9579f2a8135c790800c600", @ANYRES32, @ANYBLOB="59000080196ac6b1f594343c4dc2d5eef775d2121d439c6c5e3911f42e14dea873dc07df80b5c9c191ea9197af5a41b30d5154771d3aa6abf4f498dc46b03d453fad04d3d69c1f96fc9b50dbd135811b420500f4000000000000000000000501028090ad7e7c493399c9bdb07eab0d03c802000000bcb15977343e24015792742705e71447aa81a23cdbf4e082e6bf010f5ef7670f5470e766e6bc53d8ed8452c290a80750460290587d580bede006a1c8383ab532e16dcc7eb4de284f4e8fa1f60a760ace6a545c6994d2c88279d8f115b3d80c4e987920e69b02d08f85214cb693ab205b0fc92df8c19d6a9d2edb6c4e135183d735b6292a09eea9d7f9d1b607d7c133e71b699f9c5af00216c14d51a0902458349f24d076023ddea031fb7a36da788838209ab2aa125768bc0f72037b5131b8e65d4bf2306d29853432cdbcb88a434aae6c8849d6274299e692fb08007300543339e00400da000800d800", @ANYRES32, @ANYBLOB="0000002800038008005e00", @ANYRES32, @ANYBLOB="0800f000", @ANYRES32, @ANYBLOB='\b\x00>\x00', @ANYRES32, @ANYBLOB="99f3a10396e315e1f108b34d1f100980b046b622a9dd59042c88a5c2dece45bb172c8508000d00", @ANYRES32, @ANYBLOB="b2c918b3bb0ae2ae692f37b0cc89efe01ad859093422ab8d8d2b0545096c2cd8770f8bc86e30fffe3bf8815d3e27d0861d843153a501a915dc04797ef6a74bbc8d1a81492a3aa181cd3f982327724208db82d67eaa280ac2d84376f52203020ec946cd31eedccc3d49cee968706b648329601fbfe13b55d2fe9c7ab3f612c1889397217f46650544f0b9512146f71219359823e63867c8c60ec770fc07086fbb4a459b1f3306eccb4a6fca61be5f419568da8dd975e5ef50cf2878d2d39850af73f30892db996792913712911d67d0b97e0ea6f2f17a2a9bd11eb1448fa4dd61ead2b246ef9beb447db0ae5cc49c3059b440c0a8e1be3d92fb065c8f6b6b7ce52668f797d14d5a587c63430e487bf4eed22f79d4412ca618fb78817dfab24209c53457ba5a4fedd01fcb1125a7edd63a90"], 0x1368}, 0x1, 0x0, 0x0, 0x80000}, 0x20000)
pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRNM\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^B\xb8\xe4j\t3\xe4\x90\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\x00\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\xfb\xba\xb2.$\'\x1e\x82\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/250, 0x7ff, 0x39)
sysfs$auto(0x2, 0x4, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0xa0000, 0x0)
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000000040))
sysfs$auto(0x2, 0x631, 0x0)
fsopen$auto(0x0, 0x1)
fsopen$auto(0x0, 0x1)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x1, 0x100)
r1 = socket(0x2, 0x1, 0x0)
r2 = socket(0x21, 0x4, 0x9310)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a)
listen$auto(r1, 0x7)
accept$auto(r1, 0x0, 0x0)
sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1, 0xb}, 0x800009}, 0x5, 0x20000000)
close_range$auto(0x2, 0x8, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xff, r0, 0xda)
socket(0x2, 0x5, 0x0)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x490000, 0x0)
read$auto(r3, 0x0, 0x20)
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
sysfs$auto(0x2, 0x24, 0x0)
r4 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0)
write$auto(r4, 0x0, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000015c0)={'wg1\x00'})
bpf$auto(0x0, &(0x7f0000001500)=@bpf_attr_5={@target_fd=r2, r5, 0xc, 0xffffffff, r5, @relative_id=0x1d, 0x1}, 0x10)
executing program 1:
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x5, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0xa, 0x5, 0x0)
getsockopt$auto(r0, 0x84, 0x12, 0x0, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vbi29\x00', 0x1c9240, 0x0)
ioctl$auto(0x3, 0xc0285628, 0x38)
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x20009, 0xe0, 0xeb1, 0xffffffffffffffff, 0x4)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
r0 = socket(0x10, 0x2, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800)
r1 = bpf$auto(0x9, &(0x7f00000001c0)=@test={<r2=>r0, 0x10000, 0x7, 0x1000, 0x101, 0x0, 0x0, 0xfff, 0x10000, 0x8, 0x7fc00000000, 0x4, 0x4, 0x2}, 0x6f3)
sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYRES32=0x0], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000)
madvise$auto(0x0, 0x8000000000000000, 0x15)
madvise$auto(0x0, 0x1010001, 0x100000003)
clone$auto(0x3fff, 0xad3, 0x0, 0x0, 0x8)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
r3 = socket(0x2, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
close_range$auto(r1, r2, 0x3)
sendmmsg$auto(r3, 0x0, 0x5, 0x20000000)
openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000000), 0x10041, 0x0)
accept$auto(r1, &(0x7f0000000140)=@l2tp={0x2, 0x0, @broadcast, 0x3}, &(0x7f0000000280)=0x4)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
executing program 3:
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/neigh/bridge0/base_reachable_time_ms\x00', 0x202, 0x0)
r1 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x0, 0x0)
read$auto_tomoyo_operations_securityfs_if(r1, &(0x7f0000000040)=""/4099, 0xfd98)
pread64$auto(r1, 0x0, 0x8, 0x7f)
sendfile$auto(r0, r0, 0x0, 0x1)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_CRIT_PROTOCOL_STOP(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB="74010000", @ANYRES16=r2, @ANYBLOB="000127bd7000fedbdf2563000000d300c700fb9a4b6d7e9cd67807a7085b6eecbf90c5a304449a6f77cde832691aff6f37b54035e200f749db20f4895300e59c891815f4d2a35cc60e96a7ec9b096a5ede775690321abfb161984e77ba9400f18fe0cdeb0e0de8bc984958019c1f4c916be9df2e446f4f0344ed2cb2e6d7ed8d7c322398df5d07c29a3381caa43a09858c6b16c4a64357056c3d08c75a484fefd289ae485cbd3a4b6a2402ff8ccc05cad8c89cfce28f2d"], 0x174}, 0x1, 0x0, 0x0, 0x40041}, 0x810)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/snd-soc-dummy/uevent\x00', 0x0, 0x0)
read$auto(r3, 0x0, 0x20)
sendmsg$auto_TIPC_NL_PUBL_GET(0xffffffffffffffff, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f00000003c0)=ANY=[@ANYBLOB="68130000", @ANYRES16, @ANYBLOB="00012bbd7000fbdbdf25070000000a01098033d6b2f24ee018e9b9855ea5a93da0dbf50b4b8d86d9c820adfd997126489bd2546bfcc6fbff50c3bf8d7f45d1ebb9d89021906d31e536c6c0c92f519a0c83aea385552794c7882697d5a21c4da79315acddceacb346ab83e89a1645955894eef5f3c2c35e3124caac9166412cacae4bffc75d40f06baba4de4dbe5513052f62def8033ecf0fe621bc7a7f715aee786d0f3181c875c3977947736c9579f2a8135c790800c600", @ANYRES32, @ANYBLOB="59000080196ac6b1f594343c4dc2d5eef775d2121d439c6c5e3911f42e14dea873dc07df80b5c9c191ea9197af5a41b30d5154771d3aa6abf4f498dc46b03d453fad04d3d69c1f96fc9b50dbd135811b420500f4000000000000000000000501028090ad7e7c493399c9bdb07eab0d03c802000000bcb15977343e24015792742705e71447aa81a23cdbf4e082e6bf010f5ef7670f5470e766e6bc53d8ed8452c290a80750460290587d580bede006a1c8383ab532e16dcc7eb4de284f4e8fa1f60a760ace6a545c6994d2c88279d8f115b3d80c4e987920e69b02d08f85214cb693ab205b0fc92df8c19d6a9d2edb6c4e135183d735b6292a09eea9d7f9d1b607d7c133e71b699f9c5af00216c14d51a0902458349f24d076023ddea031fb7a36da788838209ab2aa125768bc0f72037b5131b8e65d4bf2306d29853432cdbcb88a434aae6c8849d6274299e692fb08007300543339e00400da000800d800", @ANYRES32, @ANYBLOB="0000002800038008005e00", @ANYRES32, @ANYBLOB="0800f000", @ANYRES32, @ANYBLOB='\b\x00>\x00', @ANYRES32, @ANYBLOB="99f3a10396e315e1f108b34d1f100980b046b622a9dd59042c88a5c2dece45bb172c8508000d00", @ANYRES32, @ANYBLOB="b2c918b3bb0ae2ae692f37b0cc89efe01ad859093422ab8d8d2b0545096c2cd8770f8bc86e30fffe3bf8815d3e27d0861d843153a501a915dc04797ef6a74bbc8d1a81492a3aa181cd3f982327724208db82d67eaa280ac2d84376f52203020ec946cd31eedccc3d49cee968706b648329601fbfe13b55d2fe9c7ab3f612c1889397217f46650544f0b9512146f71219359823e63867c8c60ec770fc07086fbb4a459b1f3306eccb4a6fca61be5f419568da8dd975e5ef50cf2878d2d39850af73f30892db996792913712911d67d0b97e0ea6f2f17a2a9bd11eb1448fa4dd61ead2b246ef9beb447db0ae5cc49c3059b440c0a8e1be3d92fb065c8f6b6b7ce52668f797d14d5a587c63430e487bf4eed22f79d4412ca618fb78817dfab24209c53457ba5a4fedd01fcb1125a7edd63a90"], 0x1368}, 0x1, 0x0, 0x0, 0x80000}, 0x20000)
pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRNM\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^B\xb8\xe4j\t3\xe4\x90\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\x00\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\xfb\xba\xb2.$\'\x1e\x82\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/250, 0x7ff, 0x39)
sysfs$auto(0x2, 0x4, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0xa0000, 0x0)
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000000040))
sysfs$auto(0x2, 0x631, 0x0)
fsopen$auto(0x0, 0x1)
fsopen$auto(0x0, 0x1)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
executing program 1:
r0 = socket(0xa, 0x1, 0x84)
r1 = getsockopt$auto(r0, 0x83, 0xe, 0x0, &(0x7f0000000040)=0x81)
r2 = openat$auto_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/stats\x00', 0x100, 0x0)
r3 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec4\x00', 0x101901, 0x0)
ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r3, 0xc05c6104, &(0x7f0000000100)={'\x00', 0xffff, 0x6, 0x2, 0x9b4, 0x9, "ce25aafc24b9952f997e703f222ce1", '\x00', "0001410c", '\x00', ["f5404de9641f0000000060c1", "70d9a9a3af9f39d000000001", "ef5ac4927ad89c5c00"]})
r4 = socket(0x15, 0x5, 0x0)
r5 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010026bd"], 0x50}, 0x1, 0x0, 0x0, 0x4048000}, 0x0)
openat$auto_trace_options_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/options/blk_classic\x00', 0x4000, 0x0)
r6 = socket(0x10, 0x2, 0x6)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
ioctl$auto(0xffffffffffffffff, 0x4b47, 0x1)
sendmmsg$auto(r6, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000040), 0x7, 0xa505}, 0x800}, 0x5, 0x400a)
r7 = syz_genetlink_get_family_id$auto_thermal(&(0x7f00000000c0), r0)
sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TEMP(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000001c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB="9b3de62820c0a8f60b7ca3ece37a7a127037c8224d5aa1ef29fdf0294449f94a483995f16d8c308a1dc31345bddc60b3710fe19d5a0cbe31f9495538ec1fba263ee97fe1411825c559f12b9f8233d10e59ea23fbe89f77f27e645bf379ca6a22f9c26da4f748cedcfcee3fccd1e36def0eab0b0a708c4a5431e696a7983c3bd216c64ae2138715c60838c91e8b0cb266fdb1a9f06185240b455f293a0e56891f5438254f7958fd77b7b29752faf576031aa359e93b3e", @ANYRES16=r7, @ANYBLOB="000328bd7000fddbdf250300000008000c000d0000000800080006ab720508001b000180000008000600faffffff"], 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
setsockopt$auto(r4, 0x114, 0x6, 0x0, 0x8000002)
pread64$auto(r2, &(0x7f0000002f00)='@[}\xf5', 0x2, 0x3)
socket(0x1d, 0x3, 0x1)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x2020009, 0x3, 0x400000eb1, 0xfffffffffffffffa, 0x8000)
setresuid$auto(0x8, 0x8, 0x0)
r8 = openat$auto_adf_ctl_ops_adf_ctl_drv(0xffffffffffffff9c, &(0x7f0000000140), 0x800, 0x0)
ioctl$auto_IOCTL_STOP_ACCEL_DEV(r8, 0x40096101, &(0x7f0000000000)={@config_section=&(0x7f0000000380)={"4af387e27933efe4486ea152ed1bd584803219d16d909a29dabb36c941e95a6fdfd91593c1a034abb9176fb953516b42811b70af57618d36f37c698878a45474", @params=&(0x7f0000000040)={"ba12dfd4ed860897de861ff47fd55e8bd29d109d66e6db0d60d8d394f81ef6fc063914d45e70015b5ff95839cbc226ebaf801c18a010254559ebdc4384148e66", "670c509a0be9d98655fb7a968381651a7065ee6a7982a3dbc6efcd81cf4130b0b1676e8894eb3d7d28d2dcb5775918f7cecfa7a1c35f294280b1352343ad7946", @padding3, 0x2}, @next=&(0x7f0000000300)={"8260260e6df0d183c8fe6ea3ccd2090b8713708aeaa2c690a087a4eb3d2175e71d71b88739d7fb4cdf221c5fc8ddb689ebbde8cf0c594712e96ce2e4508902ae", @params=&(0x7f0000000240)={"858ea6bd30a13771228de82f4a55348c74600d908fdf9fa07fd52f84ae6b190fa6924601b42bab94d388ba7d83380b031a8b9b9a8e3d69c793c03dddb9e5a9b9", "972e1489d9c6fa2135368fe72e4ddfaf4a86a3b9e26c8ec9c00fe558d73a46289607835bb7b657ccd7361fdb482683c80a3fd4b35bf20a13e44f8e46776c4280", @next=&(0x7f0000000180)={"94bd6da3d2079bdc60823b0d5d43a85dd0526a68bd43041dab442cb73fea7a5532a5822e5f6848daf7552370e2c19b186205023698e53113ed6126b2cdbeb466", "48637d57da8c94a97aa8c07d727ddcc53a6e35b9acbee6588a640a615fc0c2bd5b2f2935dba4decf557241f96e06cfd2205158b5fc31f0d71165094ed1c407a6", @next, 0x1}}, @padding3}}, 0xfe})
ioctl$auto_SNDRV_PCM_IOCTL_WRITEN_FRAMES2(0xffffffffffffffff, 0x40184152, &(0x7f00000004c0)={0x7fff, &(0x7f0000000100)=&(0x7f0000000400)="0199e0a8449141cc1a27ea4176b3bb1aa2b710a9caf1272e7cfeb204980a0ce0cb8fc6d1b8c1e984a9f133e11398bb82218a61439111efaaff7ce873c6ddd326072439c355cec48f0b41af934960842bac0e9e616d1a65f34a1772796067f6def3493f40e3a501c33c909ce631d8a17cc64e70a2d117628dac9f8bb198244618589032ae7b81e8ea1d9a7d5bbf05202df16bedd6314c3e63876d108b", 0x5})
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000540), 0xffffffffffffffff)
semctl$auto_SETVAL(0xfff, 0x8, 0x10, 0x9)
msgctl$auto_IPC_STAT(0x7, 0x2, &(0x7f0000000600)={{0x72, 0xee00, 0xee00, 0x3, 0x7, 0x0, 0x7}, &(0x7f0000000580)=0x5, &(0x7f00000005c0)=0x9, 0xfff, 0x31de, 0x1, 0x2, 0x7, 0x2, 0x2, 0x8, @inferred=0xffffffffffffffff, @raw=0x1})
executing program 3:
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(r0, 0x0, 0x2, 0x0)
mmap$auto(0x0, 0x20009, 0x7, 0xeb1, 0x405, 0x8000)
statmount$auto(0x0, 0x0, 0x227, 0x0)
r1 = open(&(0x7f0000000040)='./file0\x00', 0x40841, 0x8)
write$auto(r1, 0x0, 0xeffd)
madvise$auto(0x7ff, 0xfffffffffffefffd, 0x15)
sysfs$auto(0x2, 0x10000000000002a, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
socket(0xa, 0x1, 0x84)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000340)='/proc/fs/lockd/nlm_end_grace\x00', 0x48041, 0x0)
lseek$auto(0x3, 0x7fffffffffffffff, 0x1)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54)
madvise$auto(0x110c230000, 0x8031ca, 0x9)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
madvise$auto(0x0, 0xfffffffffffefffd, 0x17)
r2 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cec27\x00', 0x80200, 0x0)
ioctl$auto_CEC_S_MODE(r2, 0x40046109, &(0x7f0000000140)=0x47ee)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x3, 0x0)
madvise$auto(0x0, 0x20499d, 0x9)
futex_waitv$auto(&(0x7f0000000000)={0x8, 0x5d94, 0x4, 0x4}, 0x77, 0x0, 0x0, 0x62bd)
madvise$auto(0x108000, 0x800034, 0x9)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000)
write$auto(0x3, 0x0, 0xfdef)
close_range$auto(0x2, 0x8, 0x0)
executing program 0:
rt_sigaction$auto(0x4, 0x0, &(0x7f0000000340)={0x0, 0x4, 0x0, {0x6}}, 0x8)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
syz_clone3(&(0x7f0000000380)={0x80000, 0x0, 0x0, 0x0, {0x14}, 0x0, 0x0, 0x0, 0x0}, 0x58)
capget$auto(0x0, 0xfffffffffffffffe)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000140)={[0x0, 0x7, 0xd, 0x1, 0x948b, 0x4460, 0x15f4da0a, 0x1, 0x3, 0x7f, 0x80000004, 0x7, 0x0, 0x5, 0x0, 0xfffffffffffffffc]}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001140)='/sys/kernel/mm/ksm/advisor_max_pages_to_scan\x00', 0x20b42, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000000)=""/236, 0xec)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)
capset$auto(0x0, &(0x7f0000000000)={0x3, 0x7, 0x2})
r1 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x80800, 0x0)
read$auto(r1, 0x0, 0x39b8)
executing program 1:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(0x4, 0x88, 0x1, &(0x7f0000000000)='!/*:(*\'\x00', 0xe)
syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f00000000c0), r0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
sysfs$auto(0x2, 0x100001000000032, 0x0)
r1 = fsopen$auto(0x0, 0x1)
fsconfig$auto_SHMEM_HUGE_NEVER(r1, 0x3, &(0x7f0000001640)='+\x00', &(0x7f0000001680)="df", 0x0)
ioctl$auto(0xc8, 0x401054d6, 0x5c8d)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram5\x00', 0x2000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
socketpair$auto(0x5, 0x2, 0x7, 0x0)
mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x300000000000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r2 = socket(0x2, 0x2, 0x1)
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1f, r2, 0x10000}, 0x10)
io_uring_setup$auto(0x1, 0x0)
bpf$auto(0x4, 0x0, 0x13)
r3 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/trace_options\x00', 0x80201, 0x0)
write$auto(r3, 0x0, 0x0)
r4 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r4, 0x0, 0xe)
waitid$auto_P_PGID(0x2, 0xffffffffffffffff, &(0x7f0000000000)={@siginfo_0_0={0x2, 0x9, 0x1, @_rt={<r5=>0x0, 0xee01, @sival_int=0x10000}}}, 0x3, &(0x7f0000000080)={{0x1, 0x8000000000000001}, {0x830, 0xf}, 0x5, 0x0, 0xfffffffffffffffd, 0x1000, 0x5, 0xc3, 0x1000, 0x9, 0x9, 0x48a3, 0x7, 0x2, 0xd, 0x3})
prctl$auto_PR_SET_CHILD_SUBREAPER(0x24, 0x9, r5, 0x7, 0x100000000)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket-setsockopt$auto-syz_genetlink_get_family_id$auto_nlbl_cipsov4-mmap$auto-sysfs$auto-fsopen$auto-fsconfig$auto_SHMEM_HUGE_NEVER-ioctl$auto-openat$auto_def_blk_fops_fs-mmap$auto-socketpair$auto-mmap$auto-close_range$auto-socket-bpf$auto-io_uring_setup$auto-bpf$auto-openat$auto_tracing_iter_fops_trace-write$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto-waitid$auto_P_PGID-prctl$auto_PR_SET_CHILD_SUBREAPER
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(0x4, 0x88, 0x1, &(0x7f0000000000)='!/*:(*\'\x00', 0xe)
syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f00000000c0), r0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
sysfs$auto(0x2, 0x100001000000032, 0x0)
r1 = fsopen$auto(0x0, 0x1)
fsconfig$auto_SHMEM_HUGE_NEVER(r1, 0x3, &(0x7f0000001640)='+\x00', &(0x7f0000001680)="df", 0x0)
ioctl$auto(0xc8, 0x401054d6, 0x5c8d)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram5\x00', 0x2000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
socketpair$auto(0x5, 0x2, 0x7, 0x0)
mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x300000000000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r2 = socket(0x2, 0x2, 0x1)
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1f, r2, 0x10000}, 0x10)
io_uring_setup$auto(0x1, 0x0)
bpf$auto(0x4, 0x0, 0x13)
r3 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/trace_options\x00', 0x80201, 0x0)
write$auto(r3, 0x0, 0x0)
r4 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r4, 0x0, 0xe)
waitid$auto_P_PGID(0x2, 0xffffffffffffffff, &(0x7f0000000000)={@siginfo_0_0={0x2, 0x9, 0x1, @_rt={<r5=>0x0, 0xee01, @sival_int=0x10000}}}, 0x3, &(0x7f0000000080)={{0x1, 0x8000000000000001}, {0x830, 0xf}, 0x5, 0x0, 0xfffffffffffffffd, 0x1000, 0x5, 0xc3, 0x1000, 0x9, 0x9, 0x48a3, 0x7, 0x2, 0xd, 0x3})
prctl$auto_PR_SET_CHILD_SUBREAPER(0x24, 0x9, r5, 0x7, 0x100000000)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
single: successfully extracted reproducer
found reproducer with 24 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket-setsockopt$auto-syz_genetlink_get_family_id$auto_nlbl_cipsov4-mmap$auto-sysfs$auto-fsopen$auto-fsconfig$auto_SHMEM_HUGE_NEVER-ioctl$auto-openat$auto_def_blk_fops_fs-mmap$auto-socketpair$auto-mmap$auto-close_range$auto-socket-bpf$auto-io_uring_setup$auto-bpf$auto-openat$auto_tracing_iter_fops_trace-write$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto-waitid$auto_P_PGID
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(0x4, 0x88, 0x1, &(0x7f0000000000)='!/*:(*\'\x00', 0xe)
syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f00000000c0), r0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
sysfs$auto(0x2, 0x100001000000032, 0x0)
r1 = fsopen$auto(0x0, 0x1)
fsconfig$auto_SHMEM_HUGE_NEVER(r1, 0x3, &(0x7f0000001640)='+\x00', &(0x7f0000001680)="df", 0x0)
ioctl$auto(0xc8, 0x401054d6, 0x5c8d)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram5\x00', 0x2000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
socketpair$auto(0x5, 0x2, 0x7, 0x0)
mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x300000000000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r2 = socket(0x2, 0x2, 0x1)
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1f, r2, 0x10000}, 0x10)
io_uring_setup$auto(0x1, 0x0)
bpf$auto(0x4, 0x0, 0x13)
r3 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/trace_options\x00', 0x80201, 0x0)
write$auto(r3, 0x0, 0x0)
r4 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r4, 0x0, 0xe)
waitid$auto_P_PGID(0x2, 0xffffffffffffffff, &(0x7f0000000000)={@siginfo_0_0={0x2, 0x9, 0x1, @_rt={0x0, 0xee01, @sival_int=0x10000}}}, 0x3, &(0x7f0000000080)={{0x1, 0x8000000000000001}, {0x830, 0xf}, 0x5, 0x0, 0xfffffffffffffffd, 0x1000, 0x5, 0xc3, 0x1000, 0x9, 0x9, 0x48a3, 0x7, 0x2, 0xd, 0x3})

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket-setsockopt$auto-syz_genetlink_get_family_id$auto_nlbl_cipsov4-mmap$auto-sysfs$auto-fsopen$auto-fsconfig$auto_SHMEM_HUGE_NEVER-ioctl$auto-openat$auto_def_blk_fops_fs-mmap$auto-socketpair$auto-mmap$auto-close_range$auto-socket-bpf$auto-io_uring_setup$auto-bpf$auto-openat$auto_tracing_iter_fops_trace-write$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(0x4, 0x88, 0x1, &(0x7f0000000000)='!/*:(*\'\x00', 0xe)
syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f00000000c0), r0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
sysfs$auto(0x2, 0x100001000000032, 0x0)
r1 = fsopen$auto(0x0, 0x1)
fsconfig$auto_SHMEM_HUGE_NEVER(r1, 0x3, &(0x7f0000001640)='+\x00', &(0x7f0000001680)="df", 0x0)
ioctl$auto(0xc8, 0x401054d6, 0x5c8d)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram5\x00', 0x2000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
socketpair$auto(0x5, 0x2, 0x7, 0x0)
mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x300000000000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r2 = socket(0x2, 0x2, 0x1)
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1f, r2, 0x10000}, 0x10)
io_uring_setup$auto(0x1, 0x0)
bpf$auto(0x4, 0x0, 0x13)
r3 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/trace_options\x00', 0x80201, 0x0)
write$auto(r3, 0x0, 0x0)
r4 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r4, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket-setsockopt$auto-syz_genetlink_get_family_id$auto_nlbl_cipsov4-mmap$auto-sysfs$auto-fsopen$auto-fsconfig$auto_SHMEM_HUGE_NEVER-ioctl$auto-openat$auto_def_blk_fops_fs-mmap$auto-socketpair$auto-mmap$auto-close_range$auto-socket-bpf$auto-io_uring_setup$auto-bpf$auto-openat$auto_tracing_iter_fops_trace-write$auto-openat$auto_force_devcoredump_fops_hci_vhci
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(0x4, 0x88, 0x1, &(0x7f0000000000)='!/*:(*\'\x00', 0xe)
syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f00000000c0), r0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
sysfs$auto(0x2, 0x100001000000032, 0x0)
r1 = fsopen$auto(0x0, 0x1)
fsconfig$auto_SHMEM_HUGE_NEVER(r1, 0x3, &(0x7f0000001640)='+\x00', &(0x7f0000001680)="df", 0x0)
ioctl$auto(0xc8, 0x401054d6, 0x5c8d)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram5\x00', 0x2000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
socketpair$auto(0x5, 0x2, 0x7, 0x0)
mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x300000000000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r2 = socket(0x2, 0x2, 0x1)
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1f, r2, 0x10000}, 0x10)
io_uring_setup$auto(0x1, 0x0)
bpf$auto(0x4, 0x0, 0x13)
r3 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/trace_options\x00', 0x80201, 0x0)
write$auto(r3, 0x0, 0x0)
openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket-setsockopt$auto-syz_genetlink_get_family_id$auto_nlbl_cipsov4-mmap$auto-sysfs$auto-fsopen$auto-fsconfig$auto_SHMEM_HUGE_NEVER-ioctl$auto-openat$auto_def_blk_fops_fs-mmap$auto-socketpair$auto-mmap$auto-close_range$auto-socket-bpf$auto-io_uring_setup$auto-bpf$auto-openat$auto_tracing_iter_fops_trace-write$auto-write$auto
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(0x4, 0x88, 0x1, &(0x7f0000000000)='!/*:(*\'\x00', 0xe)
syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f00000000c0), r0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
sysfs$auto(0x2, 0x100001000000032, 0x0)
r1 = fsopen$auto(0x0, 0x1)
fsconfig$auto_SHMEM_HUGE_NEVER(r1, 0x3, &(0x7f0000001640)='+\x00', &(0x7f0000001680)="df", 0x0)
ioctl$auto(0xc8, 0x401054d6, 0x5c8d)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram5\x00', 0x2000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
socketpair$auto(0x5, 0x2, 0x7, 0x0)
mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x300000000000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r2 = socket(0x2, 0x2, 0x1)
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1f, r2, 0x10000}, 0x10)
io_uring_setup$auto(0x1, 0x0)
bpf$auto(0x4, 0x0, 0x13)
r3 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/trace_options\x00', 0x80201, 0x0)
write$auto(r3, 0x0, 0x0)
write$auto(0xffffffffffffffff, 0x0, 0xe)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket-setsockopt$auto-syz_genetlink_get_family_id$auto_nlbl_cipsov4-mmap$auto-sysfs$auto-fsopen$auto-fsconfig$auto_SHMEM_HUGE_NEVER-ioctl$auto-openat$auto_def_blk_fops_fs-mmap$auto-socketpair$auto-mmap$auto-close_range$auto-socket-bpf$auto-io_uring_setup$auto-bpf$auto-openat$auto_tracing_iter_fops_trace-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(0x4, 0x88, 0x1, &(0x7f0000000000)='!/*:(*\'\x00', 0xe)
syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f00000000c0), r0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
sysfs$auto(0x2, 0x100001000000032, 0x0)
r1 = fsopen$auto(0x0, 0x1)
fsconfig$auto_SHMEM_HUGE_NEVER(r1, 0x3, &(0x7f0000001640)='+\x00', &(0x7f0000001680)="df", 0x0)
ioctl$auto(0xc8, 0x401054d6, 0x5c8d)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram5\x00', 0x2000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
socketpair$auto(0x5, 0x2, 0x7, 0x0)
mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x300000000000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r2 = socket(0x2, 0x2, 0x1)
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1f, r2, 0x10000}, 0x10)
io_uring_setup$auto(0x1, 0x0)
bpf$auto(0x4, 0x0, 0x13)
openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/trace_options\x00', 0x80201, 0x0)
r3 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r3, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket-setsockopt$auto-syz_genetlink_get_family_id$auto_nlbl_cipsov4-mmap$auto-sysfs$auto-fsopen$auto-fsconfig$auto_SHMEM_HUGE_NEVER-ioctl$auto-openat$auto_def_blk_fops_fs-mmap$auto-socketpair$auto-mmap$auto-close_range$auto-socket-bpf$auto-io_uring_setup$auto-bpf$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(0x4, 0x88, 0x1, &(0x7f0000000000)='!/*:(*\'\x00', 0xe)
syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f00000000c0), r0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
sysfs$auto(0x2, 0x100001000000032, 0x0)
r1 = fsopen$auto(0x0, 0x1)
fsconfig$auto_SHMEM_HUGE_NEVER(r1, 0x3, &(0x7f0000001640)='+\x00', &(0x7f0000001680)="df", 0x0)
ioctl$auto(0xc8, 0x401054d6, 0x5c8d)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram5\x00', 0x2000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
socketpair$auto(0x5, 0x2, 0x7, 0x0)
mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x300000000000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r2 = socket(0x2, 0x2, 0x1)
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1f, r2, 0x10000}, 0x10)
io_uring_setup$auto(0x1, 0x0)
bpf$auto(0x4, 0x0, 0x13)
r3 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r3, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket-setsockopt$auto-syz_genetlink_get_family_id$auto_nlbl_cipsov4-mmap$auto-sysfs$auto-fsopen$auto-fsconfig$auto_SHMEM_HUGE_NEVER-ioctl$auto-openat$auto_def_blk_fops_fs-mmap$auto-socketpair$auto-mmap$auto-close_range$auto-socket-bpf$auto-io_uring_setup$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(0x4, 0x88, 0x1, &(0x7f0000000000)='!/*:(*\'\x00', 0xe)
syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f00000000c0), r0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
sysfs$auto(0x2, 0x100001000000032, 0x0)
r1 = fsopen$auto(0x0, 0x1)
fsconfig$auto_SHMEM_HUGE_NEVER(r1, 0x3, &(0x7f0000001640)='+\x00', &(0x7f0000001680)="df", 0x0)
ioctl$auto(0xc8, 0x401054d6, 0x5c8d)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram5\x00', 0x2000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
socketpair$auto(0x5, 0x2, 0x7, 0x0)
mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x300000000000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r2 = socket(0x2, 0x2, 0x1)
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1f, r2, 0x10000}, 0x10)
io_uring_setup$auto(0x1, 0x0)
r3 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r3, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket-setsockopt$auto-syz_genetlink_get_family_id$auto_nlbl_cipsov4-mmap$auto-sysfs$auto-fsopen$auto-fsconfig$auto_SHMEM_HUGE_NEVER-ioctl$auto-openat$auto_def_blk_fops_fs-mmap$auto-socketpair$auto-mmap$auto-close_range$auto-socket-bpf$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(0x4, 0x88, 0x1, &(0x7f0000000000)='!/*:(*\'\x00', 0xe)
syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f00000000c0), r0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
sysfs$auto(0x2, 0x100001000000032, 0x0)
r1 = fsopen$auto(0x0, 0x1)
fsconfig$auto_SHMEM_HUGE_NEVER(r1, 0x3, &(0x7f0000001640)='+\x00', &(0x7f0000001680)="df", 0x0)
ioctl$auto(0xc8, 0x401054d6, 0x5c8d)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram5\x00', 0x2000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
socketpair$auto(0x5, 0x2, 0x7, 0x0)
mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x300000000000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r2 = socket(0x2, 0x2, 0x1)
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1f, r2, 0x10000}, 0x10)
r3 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r3, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket-setsockopt$auto-syz_genetlink_get_family_id$auto_nlbl_cipsov4-mmap$auto-sysfs$auto-fsopen$auto-fsconfig$auto_SHMEM_HUGE_NEVER-ioctl$auto-openat$auto_def_blk_fops_fs-mmap$auto-socketpair$auto-mmap$auto-close_range$auto-socket-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(0x4, 0x88, 0x1, &(0x7f0000000000)='!/*:(*\'\x00', 0xe)
syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f00000000c0), r0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
sysfs$auto(0x2, 0x100001000000032, 0x0)
r1 = fsopen$auto(0x0, 0x1)
fsconfig$auto_SHMEM_HUGE_NEVER(r1, 0x3, &(0x7f0000001640)='+\x00', &(0x7f0000001680)="df", 0x0)
ioctl$auto(0xc8, 0x401054d6, 0x5c8d)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram5\x00', 0x2000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
socketpair$auto(0x5, 0x2, 0x7, 0x0)
mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x300000000000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0x2, 0x2, 0x1)
r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r2, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket-setsockopt$auto-syz_genetlink_get_family_id$auto_nlbl_cipsov4-mmap$auto-sysfs$auto-fsopen$auto-fsconfig$auto_SHMEM_HUGE_NEVER-ioctl$auto-openat$auto_def_blk_fops_fs-mmap$auto-socketpair$auto-mmap$auto-close_range$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(0x4, 0x88, 0x1, &(0x7f0000000000)='!/*:(*\'\x00', 0xe)
syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f00000000c0), r0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
sysfs$auto(0x2, 0x100001000000032, 0x0)
r1 = fsopen$auto(0x0, 0x1)
fsconfig$auto_SHMEM_HUGE_NEVER(r1, 0x3, &(0x7f0000001640)='+\x00', &(0x7f0000001680)="df", 0x0)
ioctl$auto(0xc8, 0x401054d6, 0x5c8d)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram5\x00', 0x2000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
socketpair$auto(0x5, 0x2, 0x7, 0x0)
mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x300000000000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r2, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket-setsockopt$auto-syz_genetlink_get_family_id$auto_nlbl_cipsov4-mmap$auto-sysfs$auto-fsopen$auto-fsconfig$auto_SHMEM_HUGE_NEVER-ioctl$auto-openat$auto_def_blk_fops_fs-mmap$auto-socketpair$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(0x4, 0x88, 0x1, &(0x7f0000000000)='!/*:(*\'\x00', 0xe)
syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f00000000c0), r0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
sysfs$auto(0x2, 0x100001000000032, 0x0)
r1 = fsopen$auto(0x0, 0x1)
fsconfig$auto_SHMEM_HUGE_NEVER(r1, 0x3, &(0x7f0000001640)='+\x00', &(0x7f0000001680)="df", 0x0)
ioctl$auto(0xc8, 0x401054d6, 0x5c8d)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram5\x00', 0x2000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
socketpair$auto(0x5, 0x2, 0x7, 0x0)
mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x300000000000)
r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r2, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket-setsockopt$auto-syz_genetlink_get_family_id$auto_nlbl_cipsov4-mmap$auto-sysfs$auto-fsopen$auto-fsconfig$auto_SHMEM_HUGE_NEVER-ioctl$auto-openat$auto_def_blk_fops_fs-mmap$auto-socketpair$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(0x4, 0x88, 0x1, &(0x7f0000000000)='!/*:(*\'\x00', 0xe)
syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f00000000c0), r0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
sysfs$auto(0x2, 0x100001000000032, 0x0)
r1 = fsopen$auto(0x0, 0x1)
fsconfig$auto_SHMEM_HUGE_NEVER(r1, 0x3, &(0x7f0000001640)='+\x00', &(0x7f0000001680)="df", 0x0)
ioctl$auto(0xc8, 0x401054d6, 0x5c8d)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram5\x00', 0x2000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
socketpair$auto(0x5, 0x2, 0x7, 0x0)
r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r2, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket-setsockopt$auto-syz_genetlink_get_family_id$auto_nlbl_cipsov4-mmap$auto-sysfs$auto-fsopen$auto-fsconfig$auto_SHMEM_HUGE_NEVER-ioctl$auto-openat$auto_def_blk_fops_fs-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(0x4, 0x88, 0x1, &(0x7f0000000000)='!/*:(*\'\x00', 0xe)
syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f00000000c0), r0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
sysfs$auto(0x2, 0x100001000000032, 0x0)
r1 = fsopen$auto(0x0, 0x1)
fsconfig$auto_SHMEM_HUGE_NEVER(r1, 0x3, &(0x7f0000001640)='+\x00', &(0x7f0000001680)="df", 0x0)
ioctl$auto(0xc8, 0x401054d6, 0x5c8d)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram5\x00', 0x2000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r2, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket-setsockopt$auto-syz_genetlink_get_family_id$auto_nlbl_cipsov4-mmap$auto-sysfs$auto-fsopen$auto-fsconfig$auto_SHMEM_HUGE_NEVER-ioctl$auto-openat$auto_def_blk_fops_fs-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(0x4, 0x88, 0x1, &(0x7f0000000000)='!/*:(*\'\x00', 0xe)
syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f00000000c0), r0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
sysfs$auto(0x2, 0x100001000000032, 0x0)
r1 = fsopen$auto(0x0, 0x1)
fsconfig$auto_SHMEM_HUGE_NEVER(r1, 0x3, &(0x7f0000001640)='+\x00', &(0x7f0000001680)="df", 0x0)
ioctl$auto(0xc8, 0x401054d6, 0x5c8d)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram5\x00', 0x2000, 0x0)
r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r2, 0x0, 0xe)

program crashed: WARNING: ODEBUG bug in hci_release_dev
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket-setsockopt$auto-syz_genetlink_get_family_id$auto_nlbl_cipsov4-mmap$auto-sysfs$auto-fsopen$auto-fsconfig$auto_SHMEM_HUGE_NEVER-ioctl$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(0x4, 0x88, 0x1, &(0x7f0000000000)='!/*:(*\'\x00', 0xe)
syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f00000000c0), r0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
sysfs$auto(0x2, 0x100001000000032, 0x0)
r1 = fsopen$auto(0x0, 0x1)
fsconfig$auto_SHMEM_HUGE_NEVER(r1, 0x3, &(0x7f0000001640)='+\x00', &(0x7f0000001680)="df", 0x0)
ioctl$auto(0xc8, 0x401054d6, 0x5c8d)
r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r2, 0x0, 0xe)

program crashed: WARNING: ODEBUG bug in hci_release_dev
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket-setsockopt$auto-syz_genetlink_get_family_id$auto_nlbl_cipsov4-mmap$auto-sysfs$auto-fsopen$auto-fsconfig$auto_SHMEM_HUGE_NEVER-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(0x4, 0x88, 0x1, &(0x7f0000000000)='!/*:(*\'\x00', 0xe)
syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f00000000c0), r0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
sysfs$auto(0x2, 0x100001000000032, 0x0)
r1 = fsopen$auto(0x0, 0x1)
fsconfig$auto_SHMEM_HUGE_NEVER(r1, 0x3, &(0x7f0000001640)='+\x00', &(0x7f0000001680)="df", 0x0)
r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r2, 0x0, 0xe)

program crashed: WARNING: ODEBUG bug in hci_release_dev
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket-setsockopt$auto-syz_genetlink_get_family_id$auto_nlbl_cipsov4-mmap$auto-sysfs$auto-fsopen$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(0x4, 0x88, 0x1, &(0x7f0000000000)='!/*:(*\'\x00', 0xe)
syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f00000000c0), r0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
sysfs$auto(0x2, 0x100001000000032, 0x0)
fsopen$auto(0x0, 0x1)
r1 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r1, 0x0, 0xe)

program crashed: WARNING: ODEBUG bug in hci_release_dev
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket-setsockopt$auto-syz_genetlink_get_family_id$auto_nlbl_cipsov4-mmap$auto-sysfs$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(0x4, 0x88, 0x1, &(0x7f0000000000)='!/*:(*\'\x00', 0xe)
syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f00000000c0), r0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
sysfs$auto(0x2, 0x100001000000032, 0x0)
r1 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r1, 0x0, 0xe)

program crashed: WARNING: ODEBUG bug in hci_release_dev
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket-setsockopt$auto-syz_genetlink_get_family_id$auto_nlbl_cipsov4-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(0x4, 0x88, 0x1, &(0x7f0000000000)='!/*:(*\'\x00', 0xe)
syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f00000000c0), r0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
r1 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r1, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket-setsockopt$auto-syz_genetlink_get_family_id$auto_nlbl_cipsov4-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(0x4, 0x88, 0x1, &(0x7f0000000000)='!/*:(*\'\x00', 0xe)
syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f00000000c0), r0)
r1 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r1, 0x0, 0xe)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket-setsockopt$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x2, 0x0)
setsockopt$auto(0x4, 0x88, 0x1, &(0x7f0000000000)='!/*:(*\'\x00', 0xe)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x2, 0x0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
simplifying guilty program options
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
reproducing took 2h8m45.063422702s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in force_devcd_write+0x317/0x330 drivers/bluetooth/hci_vhci.c:327
Read of size 8 at addr ffff888029675000 by task syz.0.616/6700

CPU: 0 UID: 0 PID: 6700 Comm: syz.0.616 Not tainted 6.14.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:408 [inline]
 print_report+0xc3/0x670 mm/kasan/report.c:521
 kasan_report+0xd9/0x110 mm/kasan/report.c:634
 force_devcd_write+0x317/0x330 drivers/bluetooth/hci_vhci.c:327
 full_proxy_write+0x13c/0x200 fs/debugfs/file.c:398
 vfs_write+0x24c/0x1150 fs/read_write.c:677
 ksys_write+0x12b/0x250 fs/read_write.c:731
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f02add8d169
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd3d736fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f02adfa5fa0 RCX: 00007f02add8d169
RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007f02ade0e2a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f02adfa5fa0 R14: 00007f02adfa5fa0 R15: 0000000000000003
 </TASK>

Allocated by task 5971:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394
 kmalloc_noprof include/linux/slab.h:901 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 vhci_open+0x4c/0x430 drivers/bluetooth/hci_vhci.c:634
 misc_open+0x35a/0x420 drivers/char/misc.c:179
 chrdev_open+0x237/0x6a0 fs/char_dev.c:414
 do_dentry_open+0x735/0x1c40 fs/open.c:956
 vfs_open+0x82/0x3f0 fs/open.c:1086
 do_open fs/namei.c:3830 [inline]
 path_openat+0x1e88/0x2d80 fs/namei.c:3989
 do_filp_open+0x20c/0x470 fs/namei.c:4016
 do_sys_openat2+0x17a/0x1e0 fs/open.c:1428
 do_sys_open fs/open.c:1443 [inline]
 __do_sys_openat fs/open.c:1459 [inline]
 __se_sys_openat fs/open.c:1454 [inline]
 __x64_sys_openat+0x175/0x210 fs/open.c:1454
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Freed by task 5971:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:576
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x51/0x70 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2353 [inline]
 slab_free mm/slub.c:4609 [inline]
 kfree+0x2c4/0x4d0 mm/slub.c:4757
 vhci_release+0xbb/0xf0 drivers/bluetooth/hci_vhci.c:670
 __fput+0x3ff/0xb70 fs/file_table.c:464
 task_work_run+0x14e/0x250 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0xad8/0x2d70 kernel/exit.c:938
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1087
 get_signal+0x24ed/0x26c0 kernel/signal.c:3036
 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

The buggy address belongs to the object at ffff888029675000
 which belongs to the cache kmalloc-1k of size 1024
The buggy address is located 0 bytes inside of
 freed 1024-byte region [ffff888029675000, ffff888029675400)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29670
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000040 ffff88801b041dc0 dead000000000100 dead000000000122
raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
head: 00fff00000000040 ffff88801b041dc0 dead000000000100 dead000000000122
head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
head: 00fff00000000003 ffffea0000a59c01 ffffffffffffffff 0000000000000000
head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5503, tgid 5503 (dhcpcd), ts 61530609715, free_ts 61393388948
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x181/0x1b0 mm/page_alloc.c:1551
 prep_new_page mm/page_alloc.c:1559 [inline]
 get_page_from_freelist+0xfce/0x2f80 mm/page_alloc.c:3477
 __alloc_frozen_pages_noprof+0x221/0x2470 mm/page_alloc.c:4740
 alloc_pages_mpol+0x1fc/0x540 mm/mempolicy.c:2270
 alloc_slab_page mm/slub.c:2423 [inline]
 allocate_slab mm/slub.c:2587 [inline]
 new_slab+0x23d/0x330 mm/slub.c:2640
 ___slab_alloc+0xc5d/0x1720 mm/slub.c:3826
 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3916
 __slab_alloc_node mm/slub.c:3991 [inline]
 slab_alloc_node mm/slub.c:4152 [inline]
 __do_kmalloc_node mm/slub.c:4293 [inline]
 __kmalloc_noprof+0x2ec/0x510 mm/slub.c:4306
 kmalloc_noprof include/linux/slab.h:905 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 neigh_alloc net/core/neighbour.c:473 [inline]
 ___neigh_create+0x14ee/0x28e0 net/core/neighbour.c:607
 ip6_finish_output2+0x130c/0x20a0 net/ipv6/ip6_output.c:132
 __ip6_finish_output net/ipv6/ip6_output.c:215 [inline]
 ip6_finish_output+0x3f9/0x1360 net/ipv6/ip6_output.c:226
 NF_HOOK_COND include/linux/netfilter.h:303 [inline]
 ip6_output+0x1f8/0x540 net/ipv6/ip6_output.c:247
 dst_output include/net/dst.h:459 [inline]
 ip6_local_out+0xcd/0x4a0 net/ipv6/output_core.c:155
 ip6_send_skb+0x112/0x460 net/ipv6/ip6_output.c:1980
 ip6_push_pending_frames+0xe0/0x110 net/ipv6/ip6_output.c:2001
 rawv6_push_pending_frames net/ipv6/raw.c:588 [inline]
 rawv6_sendmsg+0x2f95/0x4610 net/ipv6/raw.c:927
page last free pid 5634 tgid 5634 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1127 [inline]
 free_frozen_pages+0x6db/0xfb0 mm/page_alloc.c:2660
 __put_partials+0x14c/0x170 mm/slub.c:3153
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x195/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4115 [inline]
 slab_alloc_node mm/slub.c:4164 [inline]
 kmem_cache_alloc_noprof+0x226/0x3d0 mm/slub.c:4171
 mt_alloc_one lib/maple_tree.c:176 [inline]
 mas_alloc_nodes+0x18b/0x8b0 lib/maple_tree.c:1253
 mas_node_count_gfp+0x105/0x130 lib/maple_tree.c:1335
 mas_preallocate+0x53f/0xce0 lib/maple_tree.c:5505
 vma_iter_prealloc mm/vma.h:353 [inline]
 commit_merge+0x61d/0xec0 mm/vma.c:655
 vma_expand+0x3fd/0x9c0 mm/vma.c:1073
 relocate_vma_down+0x216/0x480 mm/mmap.c:1711
 setup_arg_pages+0x56e/0xcd0 fs/exec.c:802
 load_elf_binary+0xaf8/0x4fc0 fs/binfmt_elf.c:1020
 search_binary_handler fs/exec.c:1775 [inline]
 exec_binprm fs/exec.c:1807 [inline]
 bprm_execve fs/exec.c:1859 [inline]
 bprm_execve+0x8dd/0x16d0 fs/exec.c:1835
 do_execveat_common.isra.0+0x4a2/0x610 fs/exec.c:1966

Memory state around the buggy address:
 ffff888029674f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff888029674f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff888029675000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                   ^
 ffff888029675080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888029675100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in force_devcd_write+0x317/0x330 drivers/bluetooth/hci_vhci.c:327
Read of size 8 at addr ffff888029675000 by task syz.0.616/6700

CPU: 0 UID: 0 PID: 6700 Comm: syz.0.616 Not tainted 6.14.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:408 [inline]
 print_report+0xc3/0x670 mm/kasan/report.c:521
 kasan_report+0xd9/0x110 mm/kasan/report.c:634
 force_devcd_write+0x317/0x330 drivers/bluetooth/hci_vhci.c:327
 full_proxy_write+0x13c/0x200 fs/debugfs/file.c:398
 vfs_write+0x24c/0x1150 fs/read_write.c:677
 ksys_write+0x12b/0x250 fs/read_write.c:731
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f02add8d169
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd3d736fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f02adfa5fa0 RCX: 00007f02add8d169
RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007f02ade0e2a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f02adfa5fa0 R14: 00007f02adfa5fa0 R15: 0000000000000003
 </TASK>

Allocated by task 5971:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394
 kmalloc_noprof include/linux/slab.h:901 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 vhci_open+0x4c/0x430 drivers/bluetooth/hci_vhci.c:634
 misc_open+0x35a/0x420 drivers/char/misc.c:179
 chrdev_open+0x237/0x6a0 fs/char_dev.c:414
 do_dentry_open+0x735/0x1c40 fs/open.c:956
 vfs_open+0x82/0x3f0 fs/open.c:1086
 do_open fs/namei.c:3830 [inline]
 path_openat+0x1e88/0x2d80 fs/namei.c:3989
 do_filp_open+0x20c/0x470 fs/namei.c:4016
 do_sys_openat2+0x17a/0x1e0 fs/open.c:1428
 do_sys_open fs/open.c:1443 [inline]
 __do_sys_openat fs/open.c:1459 [inline]
 __se_sys_openat fs/open.c:1454 [inline]
 __x64_sys_openat+0x175/0x210 fs/open.c:1454
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Freed by task 5971:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:576
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x51/0x70 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2353 [inline]
 slab_free mm/slub.c:4609 [inline]
 kfree+0x2c4/0x4d0 mm/slub.c:4757
 vhci_release+0xbb/0xf0 drivers/bluetooth/hci_vhci.c:670
 __fput+0x3ff/0xb70 fs/file_table.c:464
 task_work_run+0x14e/0x250 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0xad8/0x2d70 kernel/exit.c:938
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1087
 get_signal+0x24ed/0x26c0 kernel/signal.c:3036
 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

The buggy address belongs to the object at ffff888029675000
 which belongs to the cache kmalloc-1k of size 1024
The buggy address is located 0 bytes inside of
 freed 1024-byte region [ffff888029675000, ffff888029675400)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29670
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000040 ffff88801b041dc0 dead000000000100 dead000000000122
raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
head: 00fff00000000040 ffff88801b041dc0 dead000000000100 dead000000000122
head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
head: 00fff00000000003 ffffea0000a59c01 ffffffffffffffff 0000000000000000
head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5503, tgid 5503 (dhcpcd), ts 61530609715, free_ts 61393388948
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x181/0x1b0 mm/page_alloc.c:1551
 prep_new_page mm/page_alloc.c:1559 [inline]
 get_page_from_freelist+0xfce/0x2f80 mm/page_alloc.c:3477
 __alloc_frozen_pages_noprof+0x221/0x2470 mm/page_alloc.c:4740
 alloc_pages_mpol+0x1fc/0x540 mm/mempolicy.c:2270
 alloc_slab_page mm/slub.c:2423 [inline]
 allocate_slab mm/slub.c:2587 [inline]
 new_slab+0x23d/0x330 mm/slub.c:2640
 ___slab_alloc+0xc5d/0x1720 mm/slub.c:3826
 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3916
 __slab_alloc_node mm/slub.c:3991 [inline]
 slab_alloc_node mm/slub.c:4152 [inline]
 __do_kmalloc_node mm/slub.c:4293 [inline]
 __kmalloc_noprof+0x2ec/0x510 mm/slub.c:4306
 kmalloc_noprof include/linux/slab.h:905 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 neigh_alloc net/core/neighbour.c:473 [inline]
 ___neigh_create+0x14ee/0x28e0 net/core/neighbour.c:607
 ip6_finish_output2+0x130c/0x20a0 net/ipv6/ip6_output.c:132
 __ip6_finish_output net/ipv6/ip6_output.c:215 [inline]
 ip6_finish_output+0x3f9/0x1360 net/ipv6/ip6_output.c:226
 NF_HOOK_COND include/linux/netfilter.h:303 [inline]
 ip6_output+0x1f8/0x540 net/ipv6/ip6_output.c:247
 dst_output include/net/dst.h:459 [inline]
 ip6_local_out+0xcd/0x4a0 net/ipv6/output_core.c:155
 ip6_send_skb+0x112/0x460 net/ipv6/ip6_output.c:1980
 ip6_push_pending_frames+0xe0/0x110 net/ipv6/ip6_output.c:2001
 rawv6_push_pending_frames net/ipv6/raw.c:588 [inline]
 rawv6_sendmsg+0x2f95/0x4610 net/ipv6/raw.c:927
page last free pid 5634 tgid 5634 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1127 [inline]
 free_frozen_pages+0x6db/0xfb0 mm/page_alloc.c:2660
 __put_partials+0x14c/0x170 mm/slub.c:3153
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x195/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4115 [inline]
 slab_alloc_node mm/slub.c:4164 [inline]
 kmem_cache_alloc_noprof+0x226/0x3d0 mm/slub.c:4171
 mt_alloc_one lib/maple_tree.c:176 [inline]
 mas_alloc_nodes+0x18b/0x8b0 lib/maple_tree.c:1253
 mas_node_count_gfp+0x105/0x130 lib/maple_tree.c:1335
 mas_preallocate+0x53f/0xce0 lib/maple_tree.c:5505
 vma_iter_prealloc mm/vma.h:353 [inline]
 commit_merge+0x61d/0xec0 mm/vma.c:655
 vma_expand+0x3fd/0x9c0 mm/vma.c:1073
 relocate_vma_down+0x216/0x480 mm/mmap.c:1711
 setup_arg_pages+0x56e/0xcd0 fs/exec.c:802
 load_elf_binary+0xaf8/0x4fc0 fs/binfmt_elf.c:1020
 search_binary_handler fs/exec.c:1775 [inline]
 exec_binprm fs/exec.c:1807 [inline]
 bprm_execve fs/exec.c:1859 [inline]
 bprm_execve+0x8dd/0x16d0 fs/exec.c:1835
 do_execveat_common.isra.0+0x4a2/0x610 fs/exec.c:1966

Memory state around the buggy address:
 ffff888029674f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff888029674f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff888029675000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                   ^
 ffff888029675080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888029675100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================