Extracting prog: 6m50.127862177s Minimizing prog: 1h5m55.312961947s Simplifying prog options: 0s Extracting C: 46.695958135s Simplifying C: 30m4.956787369s extracting reproducer from 31 programs first checking the prog from the crash report single: executing 1 programs separately with timeout 30s testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-mmap$auto-socketpair$auto-close_range$auto-open-socket-setsockopt$auto-syz_open_procfs$namespace-mmap$auto-socketpair$auto-syz_clone3-rt_sigqueueinfo$auto-mmap$auto-socket-io_uring_setup$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-mmap$auto-getpid-sendmsg$auto_HSR_C_GET_NODE_STATUS-process_vm_readv$auto-close_range$auto-openat$auto_kvm_chardev_ops_kvm_main-ioctl$auto_KVM_CREATE_VM-openat$auto_userfaultfd_dev_fops_userfaultfd-ioctl$auto-lsm_list_modules$auto-socket detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/pid\x00') mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) syz_clone3(&(0x7f0000000200)={0x10a81c200, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=0x0, {0x30}, &(0x7f00000000c0)=""/37, 0x25, &(0x7f0000000180)=""/65, &(0x7f0000000100)=[0x0, 0x0], 0x2, {r0}}, 0x58) rt_sigqueueinfo$auto(r1, 0x2, &(0x7f0000000280)={@_si_pad}) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) socket(0x22, 0x80000, 0xd67d) io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, r0, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r2, 0x0, 0xe) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = getpid() sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x24040004}, 0x800) process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) r5 = openat$auto_userfaultfd_dev_fops_userfaultfd(0xffffffffffffff9c, &(0x7f00000000c0), 0x81, 0x0) ioctl$auto(0x3, 0x40a0ae49, r5) lsm_list_modules$auto(0x0, 0x0, 0xfffffffe) socket(0x2, 0x801, 0x106) program did not crash single: failed to extract reproducer bisect: bisecting 31 programs with base timeout 30s testing program (duration=37s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [30, 30, 19, 22, 13, 20, 20, 24, 40, 7, 27, 30, 22, 28, 10, 21, 30, 25, 23, 22, 6, 28, 15, 26, 2, 28, 10, 17, 3, 30, 6] detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/bond0/queues/tx-9/xps_rxqs\x00', 0x1a1842, 0x0) unshare$auto(0x40000080) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000040)='./file0\x00', 0x44, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f00000003c0)=""/192, 0xc0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x1c1282, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000280)=""/65, 0x41) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) syz_clone3(&(0x7f0000000400)={0x9840100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) mmap$auto(0x0, 0x10000, 0x8000, 0xeb1, 0xfffffffffffffffa, 0x8000) ppoll$auto(0x0, 0x9, 0x0, 0x0, 0x8) madvise$auto(0x0, 0x200007, 0x19) syz_clone3(0x0, 0xfffffff7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) futex_wait$auto(0x0, 0x0, 0x7f, 0x2, 0x0, 0x1) futex_wake$auto(0x0, 0x6, 0xfffffffa, 0x6) sysfs$auto(0x2, 0x23, 0x0) r1 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r1, 0x0, 0x4) mbind$auto(0x0, 0x2091d2, 0x7, 0x0, 0x6, 0x2) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_VERSION_SET(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000001}, 0x4010) executing program 0: shmat$auto(0x0, &(0x7f0000000580)='(\x00', 0xfffffffa) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) uname$auto(0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) r0 = socket(0x2, 0x6, 0x0) listen$auto(r0, 0x81) ioctl$auto(0x3, 0xc040ff0b, 0xffffffffffffffff) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x3, 0x3a) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_REPORT_PMSR(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000240)={0x20, r3, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@HWSIM_ATTR_ADDR_TRANSMITTER={0xa, 0x2, "9e695f99bb0e"}]}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$auto_NL80211_CMD_GET_WIPHY(r1, 0x0, 0xc004) setsockopt$auto(0x400000000000003, 0x29, 0xcc, 0x0, 0x567) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x0, 0x0) r4 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) read$auto_rng_chrdev_ops_core(r4, &(0x7f0000000040)=""/4096, 0xfffffe82) clock_settime$auto(0xb, &(0x7f0000001040)={0xf47, 0x5}) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r5 = fsopen$auto(&(0x7f0000001080)='/dev/ttyS1\x00', 0x401) ioctl$auto_SNDCTL_DSP_CHANNELS(r5, 0xc0045006, &(0x7f00000010c0)="c74545609120c2a48456991bb6098098ebe63f7b0f0365e6a1828e9903442adf084b4d8dd55801787f54c819e7944b5a65fa2f") socket(0x21, 0x6, 0x3) socket(0xa, 0x3, 0x3a) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x46) executing program 0: mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x37}}, 0x6e) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="18000000", @ANYRES8=r1, @ANYRES8=r1, @ANYRES32=r1], 0x18}}, 0x80) io_uring_setup$auto(0x1, 0x0) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram5\x00', 0x2000, 0x0) fchownat$auto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x6) ioctl$auto_BLKRASET(r3, 0x1262, 0x0) sendmsg$auto_NL80211_CMD_PEER_MEASUREMENT_START(r0, 0x0, 0x4008080) r4 = socketpair$auto(0x1e, 0x5, 0x10, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) fsmount$auto(r4, 0x2, 0x3) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) io_uring_setup$auto(0x6, 0x0) sendto$auto(0x3, 0x0, 0x2000f, 0x101, &(0x7f0000000000)=@in={0x2, 0x4e22, @loopback}, 0x1c) executing program 0: mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x22, 0x1, 0x0) listen$auto(0x3, 0xfffffffa) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty30\x00', 0x62c00, 0x0) r0 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0xa2741, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0xdff1, 0xfffffffffffffffd, 0xd4, 0xffffffffffffffc0, 0x6, 0x0, 0x80009, 0x1, 0x2, {0x2100000000, 0x10000}, 0x3, 0x6, 0xffffffffffffffdd, 0x1008000, 0x0, 0x80000004, 0x8, 0x5, 0x29a, 0xdeb1, 0x1800}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = fcntl$getown(r0, 0x9) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r2, 0x4, 0x7ff) setpgid$auto(r1, r2) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r4 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x6) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) sendmsg$auto_NL80211_CMD_DEAUTHENTICATE(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14, 0x0, 0x8, 0x70bd25, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x4) mprotect$auto(0x10000, 0xd4, 0x7ff) executing program 0: r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/domainname\x00', 0x88042, 0x0) poll$auto(&(0x7f0000000080)={r0, 0x0, 0x5}, 0x5, 0x49) write$auto_proc_sys_file_operations_proc_sysctl(r0, 0x0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x88282, 0x0) sendfile$auto(r1, r1, 0x0, 0x71) r2 = openat$auto_safesetid_uid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000b00), 0x40042, 0x0) read$auto(r2, 0x0, 0x4) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/mm/transparent_hugepage/khugepaged/alloc_sleep_millisecs\x00', 0x20681, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f00000000c0)='5', 0x1) tkill$auto(0x1, 0x7) msgrcv$auto(0xff, 0x0, 0x2400000000, 0x6, 0x6bc2cc7d) ioctl$auto_TIOCMBIC2(0xffffffffffffffff, 0x5417, &(0x7f0000000100)) keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x0, 0x0, 0x2f5, 0x48eafc79) executing program 0: unshare$auto(0x40000080) (async) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/mpls/platform_labels\x00', 0x202, 0x0) mmap$auto(0x0, 0x0, 0x7fff, 0x9b72, 0x2, 0x8000) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x0, 0x0) (async) ftruncate$auto(0x3, 0x700) mmap$auto(0x0, 0x400008, 0xde, 0x9b72, 0x2, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-touch0\x00', 0xe0800, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) r2 = getpid() process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={0x0, 0xffffffff}, 0x6, 0x0) (async) close_range$auto(0x2, 0xffffffffffffffff, 0x3) (async) capget$auto(0x0, 0xfffffffffffffffe) (async) fstat$auto(0x2, 0x0) (async) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) (async) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) (async) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/ns_last_pid\x00', 0x68001, 0x0) (async) madvise$auto(0x110c234000, 0x1, 0x9) write$auto(r3, 0x0, 0x0) (async) pwrite64$auto(r0, &(0x7f0000000040)='/proc/sys/user/max_fanotify_g\b\x00\x00\x00s@', 0x7, 0x7) executing program 32: unshare$auto(0x40000080) (async) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/mpls/platform_labels\x00', 0x202, 0x0) mmap$auto(0x0, 0x0, 0x7fff, 0x9b72, 0x2, 0x8000) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x0, 0x0) (async) ftruncate$auto(0x3, 0x700) mmap$auto(0x0, 0x400008, 0xde, 0x9b72, 0x2, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-touch0\x00', 0xe0800, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) r2 = getpid() process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={0x0, 0xffffffff}, 0x6, 0x0) (async) close_range$auto(0x2, 0xffffffffffffffff, 0x3) (async) capget$auto(0x0, 0xfffffffffffffffe) (async) fstat$auto(0x2, 0x0) (async) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) (async) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) (async) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/ns_last_pid\x00', 0x68001, 0x0) (async) madvise$auto(0x110c234000, 0x1, 0x9) write$auto(r3, 0x0, 0x0) (async) pwrite64$auto(r0, &(0x7f0000000040)='/proc/sys/user/max_fanotify_g\b\x00\x00\x00s@', 0x7, 0x7) executing program 4: openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) msgctl$auto(0x8000, 0x6, &(0x7f0000000180)={{0x442, 0x0, 0xee01, 0x0, 0x1, 0x7, 0x83}, 0x0, 0x0, 0x4, 0xfffffffffffffffe, 0xc869be, 0x1, 0x12c, 0xa, 0x4, 0x3, @raw=0x313}) recvmmsg$auto(r0, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000080), r0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x6, 0xdf, 0x400009b72, 0x2, 0x80000000) socket(0x2, 0x1, 0x106) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) socket(0x15, 0x5, 0x0) r1 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) write$auto_mousedev_fops_mousedev(r1, &(0x7f00000000c0)="13", 0x1) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x9, 0x100000001, 0x63, 0x0, 0x0, 0x0, 0x1000000006, 0x6, 0x7, 0x400, 0x7ffffff9, 0x5, 0xffffffff80000000, 0x9, 0x61, 0x105}) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40400c4) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f00000003c0)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) prctl$auto(0x3e, 0x1, 0x0, 0x20000000001, 0x1) (async) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x20000000001, 0x1) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x121102, 0x0) write$auto(r2, &(0x7f0000000080)='[#FQ:\x00', 0x83) (async) write$auto(r2, &(0x7f0000000080)='[#FQ:\x00', 0x83) socket(0xa, 0x1, 0x84) (async) r3 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2, 0x4, 0x0) sendmsg$auto_NL80211_CMD_SET_INTERFACE(r1, 0x0, 0x4000) mmap$auto(0x0, 0x400005, 0xe3, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x400005, 0xe3, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) madvise$auto(0x0, 0xffffffffffff0005, 0x19) munmap$auto(0x20001000, 0x7) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x24044011}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, 0x0, 0x101002, 0x0) (async) openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, 0x0, 0x101002, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0xf1, 0x2, 0x8000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0xf1, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000001c00), r3) (async) r4 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000001c00), r3) sendmsg$auto_IOAM6_CMD_ADD_NAMESPACE(r0, &(0x7f0000001d00)={0x0, 0x0, &(0x7f0000001cc0)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000fddf4f887c327d9b60f0ea771fafc69696a8128d35dcc4b62c4d537be39059bbc7943ae687c32e36d9a816f6df6022b6ae38f9fc49d371e06de4bfa940b69540925266396845d7feba3b8b410240dd056ab52dafbedce3873cafbf3242a921f85c09a79ac2cda85210b06774df4fb162", @ANYRES16=r4, @ANYBLOB="311e27bd7000fddbdf2501000000"], 0x14}, 0x1, 0x0, 0x0, 0x4001}, 0x400c010) executing program 2: mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) r0 = socket(0x1d, 0x3, 0x1) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/erspan0/queues/tx-0/byte_queue_limits/inflight\x00', 0x88040, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000001100)=""/4106, 0x100a) setsockopt$auto(r0, 0x65, 0x1, 0x0, 0x800) bind$auto(0x3, &(0x7f0000000040)=@sco={0x1f, @none}, 0x6a) close_range$auto(0x2, 0x8, 0x0) executing program 4: bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x2, 0x4, 0x3, 0x2, 0x8, 0xc, 0xe3, 0x400000000a, 0x3}, 0x6f6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x2000000, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x0) madvise$auto(0x0, 0x2000000080000001, 0x3) socket(0x2, 0x801, 0x106) socket(0x2, 0x2, 0x88) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @rand_addr=0xfffffffe}, 0x55) r1 = socket(0x10, 0x2, 0x0) openat$auto_proc_fault_inject_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/make-it-fail\x00', 0x40002, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x408, 0x7, 0x1ff, 0x7, 0x42, 0x4909b6f8, 0x1ffdf, 0x7, 0x200003, 0x2, 0xa121, 0x3, 0x6, 0x4, 0xb4, 0xa, 0x6, 0x10005, 0x80, 0x100000000, 0x0, 0x7, 0x2100, 0x200, 0x0, 0x84}, 0x1fe, 0xd) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r2) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001f80)={0x24, r3, 0xd0d58b333228212f, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r4}, @NL80211_ATTR_SCAN_SUPP_RATES={0x8, 0x7d, 0x0, 0x1, [@nested={0x4, 0x5}]}]}, 0x24}}, 0x4000000) sendmsg$auto_NL80211_CMD_GET_MPP(r0, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000380)={0x114, r3, 0x4, 0x70bd2d, 0x25dfdbfc, {}, [@NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x4}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_TDLS_ACTION={0x5, 0x88, 0x7}, @NL80211_ATTR_MDID={0x6, 0xb1, 0x415}, @NL80211_ATTR_VHT_CAPABILITY={0xdd, 0x9d, "fc09e3717664aad8cb17d6ef6ba4f122458cb3affb96f228dd2a0ba9ce100631d9a24d1b93874ebc688af519679c56a67fc8cee45cb7fdf431f53c23ac1d75ecf9f914a8883690d84a1fca61dff2c2386a3c3fb2e6a95f8013d92240bc1da6aee30c27b96cee52cb668217e5342f1f74137274e0160e35c2c2f498816e03e18daff3ec8758335e7745bef53de13220c2738ecf7c5d78883bfdab333fa1cd9c47b83a9e7efa9924d90d0ce9379281091b28a1fcc9ac7cee0a6332bf3688f06302e0e1a2b86ff709bdea5d32fd213c77996fe6d04b339c69b2af"}, @NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY={0x4}]}, 0x114}, 0x1, 0x0, 0x0, 0x20002881}, 0x1) madvise$auto(0x40, 0xffffffff, 0x7fffffff) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) executing program 2: close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0x9, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x9, 0xffb, 0x18, 0xffffffffffffffff, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) openat$auto_generic(0xffffffffffffff9c, 0x0, 0x101000, 0x0) close_range$auto(0x0, 0x5, 0x0) r0 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) shmat$auto(0x59, &(0x7f0000000580)='(\x04', 0xfffffffd) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0xffff, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8002) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x3, 0x7ff, 0x0, 0x10000, 0x1, 0x2, {0x2100000000, 0x10000}, 0x100000001, 0x6, 0xffffffffffffffdd, 0x1008000, 0x0, 0x80000004, 0x83, 0xffffffffffff628e, 0x9, 0xdeb5, 0x1800}) madvise$auto(0x0, 0x2003f0, 0x15) timerfd_create$auto(0x9, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D1p\x00', 0x0, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x34000, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x2, 0x9, 0x2, 0x6]}, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x2, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r2 = socket(0xa, 0x3, 0x5) sendmmsg$auto(r2, &(0x7f0000000040)={{&(0x7f0000000040), 0x200001, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x8000005}, 0x3b8b, 0xa) mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb5, r0, 0x0) ioctl$auto(0x3, 0x80000541b, 0x38) executing program 1: mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x22, 0x1, 0x0) listen$auto(0x3, 0xfffffffa) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty30\x00', 0x62c00, 0x0) r0 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0xa2741, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0xdff1, 0xfffffffffffffffd, 0xd4, 0xffffffffffffffc0, 0x6, 0x0, 0x80009, 0x1, 0x2, {0x2100000000, 0x10000}, 0x3, 0x6, 0xffffffffffffffdd, 0x1008000, 0x0, 0x80000004, 0x8, 0x5, 0x29a, 0xdeb1, 0x1800}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = fcntl$getown(r0, 0x9) ptrace$auto(0x10, 0x0, 0x4, 0x7ff) ptrace$auto_PTRACE_SET_THREAD_AREA(0x1a, 0x0, 0x4, 0x8) setpgid$auto(r1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r3 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x6) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) sendmsg$auto_NL80211_CMD_DEAUTHENTICATE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14, 0x0, 0x8, 0x70bd25, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x4) mprotect$auto(0x10000, 0xd4, 0x7ff) executing program 4: sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="a02c0000", @ANYRES16, @ANYBLOB="010026bd7020f8dbdf250100000008000200", @ANYBLOB="08000100486652000a0002"], 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x80) r0 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000000), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r2 = socket(0x22, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@tipc=@name={0x1e, 0x2, 0x0, {{}, 0x1}}, 0x1) mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f00000000c0)) prctl$auto_PR_GET_SPECULATION_CTRL(0x34, 0x10, 0xffffffffffffffff, 0x8000, 0xacb) write$auto(r2, 0x0, 0x7) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_proc_pid_set_comm_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/comm\x00', 0x10000, 0x0) write$auto(r3, &(0x7f0000000080)='/dev/audio1\x00', 0x9) prctl$auto(0x16, 0x1, 0x6, 0xfffffffffffffffe, 0x4) mmap$auto(0x0, 0x400008, 0xdd, 0x9b72, 0x2, 0x8000) r5 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x40, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r5, 0xc1105511, &(0x7f0000000300)={{@raw=0x4, 0x4, 0xf8, 0x80003, "a401d243a009000000cc2bd4dbe3e10d3cff1522303a3227f8d61b7ea40201a46800", @raw}, 0x1ea, 0x3, 0x1, @raw=0x8f10, @enumerated={0x5, 0x40, "3095515a1ccb98aaec08d4b73653a99a837a7edac832a782092945b0cb8bfb061f16498eadb8e29df7e85d16ba61ce6fa5870cd0caddcd0f25473b81009d5900", 0x8, 0x5}, "2bb2d72b107f43a0d30100000000000000ae4a5be70b75810dfa4cc9182ef819d3613ea5b4243440fc9595b760cee784decb284ff031aa97d8f831c11fd4f929"}) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x9, 0x62, 0x80000021, 0x7, 0x6d3e, 0x9, 0x2, 0x1]}, 0x0) mmap$auto(0x0, 0x8000000b3d, 0x3, 0xeb1, 0xfffffffffffffffa, 0x0) sendmsg$auto_OVS_DP_CMD_DEL(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r0], 0x38}, 0x1, 0x0, 0x0, 0x7daaab7119aa4f13}, 0x22000000) executing program 2: socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) getcwd$auto(0x0, 0xffffffffffffffed) fchmodat$auto(0xffffffffffffffff, 0x0, 0x23) move_pages$auto(r0, 0x1002, 0x0, 0x0, 0x0, 0x2) r2 = getpid() kcmp$auto(r0, r2, 0x7, 0xffffffffffffffff, r1) executing program 1: mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x806, 0x0) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x55) sysinfo$auto(0x0) setsockopt$auto(0x3, 0x1, 0xd, 0x0, 0x8) close_range$auto(0x2, 0xa, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x200, 0x29, 0x940, 0x7ff, 0x3, 0x6, 0x2, 0x9, 0x5, 0x2, 0x4, 0xb0, 0x400007, 0x2, 0x3, 0x5, 0x7, 0xfffffffe, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc]}, 0x1fe, 0x4) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) semctl$auto(0x6, 0x81, 0x10, 0xffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/admmidi2\x00', 0x16b101, 0x0) ioctl$auto_SNDRV_RAWMIDI_IOCTL_DROP(r0, 0x40045730, &(0x7f0000000040)) r1 = socket(0x10, 0x2, 0x0) semctl$auto_SEM_STAT(0x80, 0x8000, 0x12, 0x7) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) sendfile$auto(r2, r2, 0x0, 0x400000000003) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) executing program 4: mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x10, 0x2, 0x14) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000004440), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ip6gre0\x00', 0x0}) sendmsg$auto_OVS_DP_CMD_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000004540)={&(0x7f0000000140)={0x40, r1, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@OVS_DP_ATTR_IFINDEX={0x8, 0x9, r2}, @OVS_DP_ATTR_USER_FEATURES={0x8, 0x5, 0x6}, @OVS_DP_ATTR_NAME={0x11, 0x1, 'ovs_\xff\xc3\x00\x00\x00\x00\x00\x00\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x2000000) socket(0x11, 0x80003, 0x300) socket(0xa, 0x801, 0x100) socket(0x2, 0x80002, 0x73) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop5/mq/0/nr_reserved_tags\x00', 0x80880, 0x0) finit_module$auto(0x3, 0xfffffffffffffffe, 0x400000000004) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) socket$nl_generic(0x10, 0x3, 0x10) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x1, 0x7356, 0x33, 0x65f, 0x1ffde, 0x7, 0xffffffffffffffff, 0x20000009, 0x4, 0x3, 0x6, 0x2091, 0xb4, 0x9, 0x6, 0x6, 0x83, 0x4, 0x7ff, 0x400, 0x2000, 0x203, 0x0, 0x84}, 0x1fe, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)="462b1bdffca387f9b48d3e8ddc56088cf226d70bfc07421095549358bc81fff05f1b5a52e33d2da3f986d1e726d811d9e6dc25c5a7a57ea7c12126026d8de6ca1aa4e974e22c7f4d2236df9bed3cbf6796829a56b1231f3f99c19048669797e33123764de05aefe39c322d48454c534ecce63439fc386a2c6697094df8f6e6816e5a", 0x40}, 0x4, 0x0, 0x7, 0xa509}, 0x800}, 0x1000, 0x4008) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x0) r4 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14af"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES8=r4], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) executing program 2: openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) (async) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, 0xfffefffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/graphics/fbcon/cursor_blink\x00', 0x0, 0x0) r1 = open(0x0, 0x709043, 0xe2) fcntl$auto(r1, 0x409, 0x40003f) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) (async) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000001100)=""/192, 0xc0) write$auto(0x3, 0x0, 0x100082) (async) write$auto(0x3, 0x0, 0x100082) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) setsockopt$auto(0xffffffffffffffff, 0x8, 0xc, 0x0, 0x567) (async) setsockopt$auto(0xffffffffffffffff, 0x8, 0xc, 0x0, 0x567) unshare$auto(0x40000080) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x8080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x4008) acct$auto(0x0) (async) acct$auto(0x0) io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f00000001c0)) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) executing program 1: r0 = socket(0x2, 0x0, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f00000001c0)='}[,&*}\x00', &(0x7f0000000080)='nfsd\x00', 0x7, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) r1 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r3, r2, 0x4, 0x1ff, r1, @relative_id=0x13, 0xe600}, 0xf) r4 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r4, 0x0, 0x3}, 0xc) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) lseek$auto(0x0, 0xfffffffffffffffd, 0x1) socket(0x2b, 0x5, 0x5) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/attr/apparmor/current\x00', 0x18900, 0x0) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @broadcast}, 0x6a) mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x8000) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) getcwd$auto(0x0, 0xffffffffffffffff) mount_setattr$auto(0x5, 0x0, 0x8000, &(0x7f0000000640)={0x1, 0x4, 0x100000, @raw=0xf980}, 0x283) executing program 4: socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/nbd14/capability\x00', 0x180, 0x0) sendfile$auto(0x2, 0x3, 0x0, 0xc3e0) sysfs$auto(0x2, 0x2, 0x0) sendmsg$auto_NLBL_MGMT_C_LISTDEF(r0, 0x0, 0x200048d0) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x1, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) socketpair$auto(0x4, 0x3, 0xb, 0x0) io_uring_enter$auto(0x3, 0x4, 0xffffffff, 0x6, 0x0, 0x2) close_range$auto(0x2, 0x8000, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto(0x3, 0x4048aec9, r1) executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f00000001c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'macsec0\x00', 0x0}) statx$auto(0xffffffffffffff9c, 0x0, 0x2, 0x9, &(0x7f0000001400)={0x1, 0xe23b, 0xebee, 0x80000001, 0xffffffffffffffff, 0x0, 0x81, 0x1, 0xffff, 0xc, 0x4, 0x8, {0x0, 0xfb0}, {0x7, 0x401}, {0xb03, 0x6}, {0x7, 0x9}, 0x3, 0x7, 0x5, 0x9, 0x7, 0x7, 0x6, 0x3, 0xff, 0x40, 0x8001, 0x401, [0x9b, 0x0, 0x7fff, 0x3, 0x935c, 0x9, 0x4, 0x9e1]}) sendmsg$auto_MACSEC_CMD_UPD_OFFLOAD(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f00000012c0)=ANY=[@ANYBLOB="44010000", @ANYRES16=r1, @ANYBLOB="01002dbd7000fddbdf250a00000008000100", @ANYRES32=r3, @ANYBLOB="280109800c00ea006d61637365633000e7002e80ea546656278c93952f9101afd392a22ad5dee5c3d6fea5031c8d17ca812af7fe7b240d9f6a3469659743be1864c7db436e9e76d49111fd550a1ca8b35a7d9748c7374ce3c5ee0cb000d2af41cf3ff5ca2140a4345cd86d7fa409604cd47536c8c89ac53fcf904f2040e3fa588f7845d5a5a3c758d76a6ea3243d41523307b728c1eae2fae8f36da92dc889cdc79fd55c8d4d0ad53e9f9120101cf27eaf1d15ddb64f597c46cf34373303f61cfc19c15f173d7f0d2f6870beddf607a1ebd3b22caddd7f9fd609a1115beabcf4f867ddee569d307ebe1240f53b7999a06b1f915f882e7e0008004300", @ANYRES32, @ANYBLOB="0b0042006d6163736563000014002d00fc010000000000000000000000003f01080001"], 0x144}, 0x1, 0x0, 0x0, 0x4040085}, 0x0) executing program 1: mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket(0x23, 0x5, 0x0) socket(0xa, 0x5, 0x0) socket(0x2, 0x80805, 0x0) socket(0x2, 0x1, 0x84) open(0x0, 0xc162, 0x0) socket(0x80000000000000a, 0x6, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket(0xa, 0x2, 0x0) open(0x0, 0x2a4c0, 0x0) r0 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) write$auto_snd_seq_f_ops_seq_clientmgr(r0, &(0x7f00000000c0)="632d1bfe595046ab5c40bd6163307acb6d16baef6176e669a216aae1834ccafdd80500ffffffffdfff1a0e00"/56, 0x38) socket(0xa, 0x1, 0x84) socket(0x11, 0x3, 0x2) socket(0x2b, 0x1, 0x1) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x40, 0x0) socket(0x18, 0x5, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) executing program 3: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r0 = socket(0x2, 0x801, 0x106) getsockopt$auto(r0, 0x11c, 0x3, 0x0, 0x0) connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x4e32, @rand_addr=0x64010101}, 0x51) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) executing program 1: unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0x16, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'tunl0\x00', 0x0}) sendmsg$auto_NCSI_CMD_PKG_INFO(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={0x0}, 0x1, 0x0, 0x0, 0x41}, 0x44088) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r2 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r2, 0x43403d05, 0x0) madvise$auto(0x0, 0x53, 0x9) r3 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000040), r0) sendmsg$auto_BATADV_CMD_TP_METER(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="02d989d539a89fddd2f1d39374a20c0feb000000", @ANYRES16=r3, @ANYBLOB="010025bd7000fbdbdf250200000008003a009b00000005000a0004000000050037000100000008000b00000080000a001d00ffffffffffff0000"], 0x40}, 0x1, 0x0, 0x0, 0x48010}, 0x4000044) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r4 = openat$auto_ftrace_event_format_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000640)='/sys/kernel/tracing/events/vmalloc/alloc_vmap_area/format\x00', 0x40, 0x0) pread64$auto(r4, &(0x7f0000000100)='/sys/kernel/tracing/events/vmalloc/alloc_vmap_area/format\x00', 0x100000001, 0x101) mremap$auto(0x1fc000, 0xfee0, 0x3fd8, 0x3, 0xfffff000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) migrate_pages$auto(0x0, 0x8, 0x0, &(0x7f00000001c0)=0x7b) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000002ec0), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c00000956a4a25d090000000a68d40c593a8dbb67a276fc233e8bfdd9f555", @ANYRES16=r6, @ANYBLOB="010029bd7000ffdbdf2505000000180001801400020076657468315f746f5f62617461647600"], 0x2c}, 0x1, 0x0, 0x0, 0x11}, 0x24000802) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0xc0, r6, 0xf18, 0x70bd2a, 0x25dfdbfd, {}, [@ETHTOOL_A_PAUSE_HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}]}, @ETHTOOL_A_PAUSE_RX={0x5, 0x3, 0x8}, @ETHTOOL_A_PAUSE_HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7fffffff}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8000}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xf312}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}]}, @ETHTOOL_A_PAUSE_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}]}, @ETHTOOL_A_PAUSE_RX={0x5, 0x3, 0x4}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4040}, 0x4800) r7 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x80502, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r7, 0xc0045006, 0x0) executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) landlock_restrict_self$auto(r0, 0xfffffffc) executing program 3: sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="a02c0000", @ANYRES16, @ANYBLOB="010026bd7020f8dbdf250100000008000200", @ANYBLOB="08000100486652000a0002"], 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x80) r0 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000000), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r2 = socket(0x22, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@tipc=@name={0x1e, 0x2, 0x0, {{}, 0x1}}, 0x1) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000100), 0x100, 0x0) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f00000000c0)) prctl$auto_PR_GET_SPECULATION_CTRL(0x34, 0x10, 0xffffffffffffffff, 0x8000, 0xacb) write$auto(r2, 0x0, 0x7) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_proc_pid_set_comm_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/comm\x00', 0x10000, 0x0) write$auto(r3, &(0x7f0000000080)='/dev/audio1\x00', 0x9) prctl$auto(0x16, 0x1, 0x6, 0xfffffffffffffffe, 0x4) mmap$auto(0x0, 0x400008, 0xdd, 0x9b72, 0x2, 0x8000) r5 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x40, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r5, 0xc1105511, &(0x7f0000000300)={{@raw=0x4, 0x4, 0xf8, 0x80003, "a401d243a009000000cc2bd4dbe3e10d3cff1522303a3227f8d61b7ea40201a46800", @raw}, 0x1ea, 0x3, 0x1, @raw=0x8f10, @enumerated={0x5, 0x40, "3095515a1ccb98aaec08d4b73653a99a837a7edac832a782092945b0cb8bfb061f16498eadb8e29df7e85d16ba61ce6fa5870cd0caddcd0f25473b81009d5900", 0x8, 0x5}, "2bb2d72b107f43a0d30100000000000000ae4a5be70b75810dfa4cc9182ef819d3613ea5b4243440fc9595b760cee784decb284ff031aa97d8f831c11fd4f929"}) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x9, 0x62, 0x80000021, 0x7, 0x6d3e, 0x9, 0x2, 0x1]}, 0x0) mmap$auto(0x0, 0x8000000b3d, 0x3, 0xeb1, 0xfffffffffffffffa, 0x0) sendmsg$auto_OVS_DP_CMD_DEL(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r0], 0x38}, 0x1, 0x0, 0x0, 0x7daaab7119aa4f13}, 0x22000000) executing program 2: openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) socket(0x26, 0x80805, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x802, 0x0) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x802, 0x0) ppoll$auto(&(0x7f0000000040)={r0, 0x5, 0xf}, 0x4, 0x0, 0x0, 0x8) write$auto(0x3, 0x0, 0x100082) executing program 3: openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/pci/00/03.0\x00', 0xa0002, 0x0) mmap$auto(0x0, 0x4e, 0xa, 0x9b72, 0x2, 0x28000) writev$auto(0xffffffffffffffff, 0x0, 0x3) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x8000, 0x0) read$auto(r0, 0x0, 0xe8) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001240)='/proc/thread-self/fail-nth\x00', 0xa0302, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x40008, 0xb3, 0x9b72, r0, 0x28000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/video2\x00', 0x1ab442, 0x0) ioctl$auto(0x3, 0x50434902, 0x38) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/block/ram3/queue/iostats_passthrough\x00', 0x80202, 0x0) r3 = openat$auto_bm_register_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000640), 0x401, 0x0) write$auto(r3, 0x0, 0xff) r4 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000380), 0x82002, 0x0) ioctl$auto_RTC_ALM_SET(r4, 0x40247007, &(0x7f00000000c0)={0x8, 0x3, 0x17, 0x0, 0x5, 0x2003, 0x74f, 0x1fb, 0xf}) r5 = socket(0x21, 0x2, 0x2) sendfile$auto(r5, r2, 0x0, 0x3ff) executing program 3: r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001100)='/proc/bus/pci/00/03.0\x00', 0xa0581, 0x0) write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000001140)="8cbdca", 0x3) writev$auto(r0, 0x0, 0x6) executing program 2: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/pid\x00') mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) syz_clone3(&(0x7f0000000200)={0x10a81c200, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=0x0, {0x30}, &(0x7f00000000c0)=""/37, 0x25, &(0x7f0000000180)=""/65, &(0x7f0000000100)=[0x0, 0x0], 0x2, {r0}}, 0x58) rt_sigqueueinfo$auto(r1, 0x2, &(0x7f0000000280)={@_si_pad}) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) socket(0x22, 0x80000, 0xd67d) io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, r0, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r2, 0x0, 0xe) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = getpid() sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x24040004}, 0x800) process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) r5 = openat$auto_userfaultfd_dev_fops_userfaultfd(0xffffffffffffff9c, &(0x7f00000000c0), 0x81, 0x0) ioctl$auto(0x3, 0x40a0ae49, r5) lsm_list_modules$auto(0x0, 0x0, 0xfffffffe) socket(0x2, 0x801, 0x106) executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f00000001c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'macsec0\x00', 0x0}) statx$auto(0xffffffffffffff9c, 0x0, 0x2, 0x9, &(0x7f0000001400)={0x1, 0xe23b, 0xebee, 0x80000001, 0xffffffffffffffff, 0x0, 0x81, 0x1, 0xffff, 0xc, 0x4, 0x8, {0x0, 0xfb0}, {0x7, 0x401}, {0xb03, 0x6}, {0x7, 0x9}, 0x3, 0x7, 0x5, 0x9, 0x7, 0x7, 0x6, 0x3, 0xff, 0x40, 0x8001, 0x401, [0x9b, 0x0, 0x7fff, 0x3, 0x935c, 0x9, 0x4, 0x9e1]}) sendmsg$auto_MACSEC_CMD_UPD_OFFLOAD(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f00000012c0)=ANY=[@ANYBLOB="44010000", @ANYRES16=r1, @ANYBLOB="01002dbd7000fddbdf250a00000008000100", @ANYRES32=r3, @ANYBLOB="280109800c00ea006d61637365633000e7002e80ea546656278c93952f9101afd392a22ad5dee5c3d6fea5031c8d17ca812af7fe7b240d9f6a3469659743be1864c7db436e9e76d49111fd550a1ca8b35a7d9748c7374ce3c5ee0cb000d2af41cf3ff5ca2140a4345cd86d7fa409604cd47536c8c89ac53fcf904f2040e3fa588f7845d5a5a3c758d76a6ea3243d41523307b728c1eae2fae8f36da92dc889cdc79fd55c8d4d0ad53e9f9120101cf27eaf1d15ddb64f597c46cf34373303f61cfc19c15f173d7f0d2f6870beddf607a1ebd3b22caddd7f9fd609a1115beabcf4f867ddee569d307ebe1240f53b7999a06b1f915f882e7e0008004300", @ANYRES32, @ANYBLOB="0b0042006d6163736563000014002d00fc010000000000000000000000006001080001"], 0x144}, 0x1, 0x0, 0x0, 0x4040085}, 0x0) program did not crash replaying the whole log did not cause a kernel crash single: executing 1 programs separately with timeout 1m40s testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-mmap$auto-socketpair$auto-close_range$auto-open-socket-setsockopt$auto-syz_open_procfs$namespace-mmap$auto-socketpair$auto-syz_clone3-rt_sigqueueinfo$auto-mmap$auto-socket-io_uring_setup$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-mmap$auto-getpid-sendmsg$auto_HSR_C_GET_NODE_STATUS-process_vm_readv$auto-close_range$auto-openat$auto_kvm_chardev_ops_kvm_main-ioctl$auto_KVM_CREATE_VM-openat$auto_userfaultfd_dev_fops_userfaultfd-ioctl$auto-lsm_list_modules$auto-socket detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/pid\x00') mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) syz_clone3(&(0x7f0000000200)={0x10a81c200, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=0x0, {0x30}, &(0x7f00000000c0)=""/37, 0x25, &(0x7f0000000180)=""/65, &(0x7f0000000100)=[0x0, 0x0], 0x2, {r0}}, 0x58) rt_sigqueueinfo$auto(r1, 0x2, &(0x7f0000000280)={@_si_pad}) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) socket(0x22, 0x80000, 0xd67d) io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, r0, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r2, 0x0, 0xe) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = getpid() sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x24040004}, 0x800) process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) r5 = openat$auto_userfaultfd_dev_fops_userfaultfd(0xffffffffffffff9c, &(0x7f00000000c0), 0x81, 0x0) ioctl$auto(0x3, 0x40a0ae49, r5) lsm_list_modules$auto(0x0, 0x0, 0xfffffffe) socket(0x2, 0x801, 0x106) program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump single: successfully extracted reproducer found reproducer with 30 syscalls minimizing guilty program testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-mmap$auto-socketpair$auto-close_range$auto-open-socket-setsockopt$auto-syz_open_procfs$namespace-mmap$auto-socketpair$auto-syz_clone3-rt_sigqueueinfo$auto-mmap$auto-socket-io_uring_setup$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-mmap$auto-getpid-sendmsg$auto_HSR_C_GET_NODE_STATUS-process_vm_readv$auto-close_range$auto-openat$auto_kvm_chardev_ops_kvm_main-ioctl$auto_KVM_CREATE_VM-openat$auto_userfaultfd_dev_fops_userfaultfd-ioctl$auto-lsm_list_modules$auto detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/pid\x00') mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) syz_clone3(&(0x7f0000000200)={0x10a81c200, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=0x0, {0x30}, &(0x7f00000000c0)=""/37, 0x25, &(0x7f0000000180)=""/65, &(0x7f0000000100)=[0x0, 0x0], 0x2, {r0}}, 0x58) rt_sigqueueinfo$auto(r1, 0x2, &(0x7f0000000280)={@_si_pad}) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) socket(0x22, 0x80000, 0xd67d) io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, r0, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r2, 0x0, 0xe) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = getpid() sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x24040004}, 0x800) process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) r5 = openat$auto_userfaultfd_dev_fops_userfaultfd(0xffffffffffffff9c, &(0x7f00000000c0), 0x81, 0x0) ioctl$auto(0x3, 0x40a0ae49, r5) lsm_list_modules$auto(0x0, 0x0, 0xfffffffe) program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-mmap$auto-socketpair$auto-close_range$auto-open-socket-setsockopt$auto-syz_open_procfs$namespace-mmap$auto-socketpair$auto-syz_clone3-rt_sigqueueinfo$auto-mmap$auto-socket-io_uring_setup$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-mmap$auto-getpid-sendmsg$auto_HSR_C_GET_NODE_STATUS-process_vm_readv$auto-close_range$auto-openat$auto_kvm_chardev_ops_kvm_main-ioctl$auto_KVM_CREATE_VM-openat$auto_userfaultfd_dev_fops_userfaultfd-ioctl$auto detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/pid\x00') mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) syz_clone3(&(0x7f0000000200)={0x10a81c200, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=0x0, {0x30}, &(0x7f00000000c0)=""/37, 0x25, &(0x7f0000000180)=""/65, &(0x7f0000000100)=[0x0, 0x0], 0x2, {r0}}, 0x58) rt_sigqueueinfo$auto(r1, 0x2, &(0x7f0000000280)={@_si_pad}) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) socket(0x22, 0x80000, 0xd67d) io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, r0, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r2, 0x0, 0xe) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = getpid() sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x24040004}, 0x800) process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) r5 = openat$auto_userfaultfd_dev_fops_userfaultfd(0xffffffffffffff9c, &(0x7f00000000c0), 0x81, 0x0) ioctl$auto(0x3, 0x40a0ae49, r5) program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-mmap$auto-socketpair$auto-close_range$auto-open-socket-setsockopt$auto-syz_open_procfs$namespace-mmap$auto-socketpair$auto-syz_clone3-rt_sigqueueinfo$auto-mmap$auto-socket-io_uring_setup$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-mmap$auto-getpid-sendmsg$auto_HSR_C_GET_NODE_STATUS-process_vm_readv$auto-close_range$auto-openat$auto_kvm_chardev_ops_kvm_main-ioctl$auto_KVM_CREATE_VM-openat$auto_userfaultfd_dev_fops_userfaultfd detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/pid\x00') mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) syz_clone3(&(0x7f0000000200)={0x10a81c200, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=0x0, {0x30}, &(0x7f00000000c0)=""/37, 0x25, &(0x7f0000000180)=""/65, &(0x7f0000000100)=[0x0, 0x0], 0x2, {r0}}, 0x58) rt_sigqueueinfo$auto(r1, 0x2, &(0x7f0000000280)={@_si_pad}) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) socket(0x22, 0x80000, 0xd67d) io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, r0, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r2, 0x0, 0xe) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = getpid() sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x24040004}, 0x800) process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) openat$auto_userfaultfd_dev_fops_userfaultfd(0xffffffffffffff9c, &(0x7f00000000c0), 0x81, 0x0) program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-mmap$auto-socketpair$auto-close_range$auto-open-socket-setsockopt$auto-syz_open_procfs$namespace-mmap$auto-socketpair$auto-syz_clone3-rt_sigqueueinfo$auto-mmap$auto-socket-io_uring_setup$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-mmap$auto-getpid-sendmsg$auto_HSR_C_GET_NODE_STATUS-process_vm_readv$auto-close_range$auto-openat$auto_kvm_chardev_ops_kvm_main-ioctl$auto_KVM_CREATE_VM detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/pid\x00') mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) syz_clone3(&(0x7f0000000200)={0x10a81c200, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=0x0, {0x30}, &(0x7f00000000c0)=""/37, 0x25, &(0x7f0000000180)=""/65, &(0x7f0000000100)=[0x0, 0x0], 0x2, {r0}}, 0x58) rt_sigqueueinfo$auto(r1, 0x2, &(0x7f0000000280)={@_si_pad}) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) socket(0x22, 0x80000, 0xd67d) io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, r0, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r2, 0x0, 0xe) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = getpid() sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x24040004}, 0x800) process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-mmap$auto-socketpair$auto-close_range$auto-open-socket-setsockopt$auto-syz_open_procfs$namespace-mmap$auto-socketpair$auto-syz_clone3-rt_sigqueueinfo$auto-mmap$auto-socket-io_uring_setup$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-mmap$auto-getpid-sendmsg$auto_HSR_C_GET_NODE_STATUS-process_vm_readv$auto-close_range$auto-openat$auto_kvm_chardev_ops_kvm_main detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/pid\x00') mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) syz_clone3(&(0x7f0000000200)={0x10a81c200, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=0x0, {0x30}, &(0x7f00000000c0)=""/37, 0x25, &(0x7f0000000180)=""/65, &(0x7f0000000100)=[0x0, 0x0], 0x2, {r0}}, 0x58) rt_sigqueueinfo$auto(r1, 0x2, &(0x7f0000000280)={@_si_pad}) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) socket(0x22, 0x80000, 0xd67d) io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, r0, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r2, 0x0, 0xe) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = getpid() sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x24040004}, 0x800) process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) program did not crash testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-mmap$auto-socketpair$auto-close_range$auto-open-socket-setsockopt$auto-syz_open_procfs$namespace-mmap$auto-socketpair$auto-syz_clone3-rt_sigqueueinfo$auto-mmap$auto-socket-io_uring_setup$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-mmap$auto-getpid-sendmsg$auto_HSR_C_GET_NODE_STATUS-process_vm_readv$auto-close_range$auto-ioctl$auto_KVM_CREATE_VM detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/pid\x00') mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) syz_clone3(&(0x7f0000000200)={0x10a81c200, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=0x0, {0x30}, &(0x7f00000000c0)=""/37, 0x25, &(0x7f0000000180)=""/65, &(0x7f0000000100)=[0x0, 0x0], 0x2, {r0}}, 0x58) rt_sigqueueinfo$auto(r1, 0x2, &(0x7f0000000280)={@_si_pad}) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) socket(0x22, 0x80000, 0xd67d) io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, r0, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r2, 0x0, 0xe) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = getpid() sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x24040004}, 0x800) process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-mmap$auto-socketpair$auto-close_range$auto-open-socket-setsockopt$auto-syz_open_procfs$namespace-mmap$auto-socketpair$auto-syz_clone3-rt_sigqueueinfo$auto-mmap$auto-socket-io_uring_setup$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-mmap$auto-getpid-sendmsg$auto_HSR_C_GET_NODE_STATUS-process_vm_readv$auto-ioctl$auto_KVM_CREATE_VM detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/pid\x00') mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) syz_clone3(&(0x7f0000000200)={0x10a81c200, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=0x0, {0x30}, &(0x7f00000000c0)=""/37, 0x25, &(0x7f0000000180)=""/65, &(0x7f0000000100)=[0x0, 0x0], 0x2, {r0}}, 0x58) rt_sigqueueinfo$auto(r1, 0x2, &(0x7f0000000280)={@_si_pad}) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) socket(0x22, 0x80000, 0xd67d) io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, r0, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r2, 0x0, 0xe) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = getpid() sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x24040004}, 0x800) process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-mmap$auto-socketpair$auto-close_range$auto-open-socket-setsockopt$auto-syz_open_procfs$namespace-mmap$auto-socketpair$auto-syz_clone3-rt_sigqueueinfo$auto-mmap$auto-socket-io_uring_setup$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-mmap$auto-getpid-sendmsg$auto_HSR_C_GET_NODE_STATUS-ioctl$auto_KVM_CREATE_VM detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/pid\x00') mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) syz_clone3(&(0x7f0000000200)={0x10a81c200, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=0x0, {0x30}, &(0x7f00000000c0)=""/37, 0x25, &(0x7f0000000180)=""/65, &(0x7f0000000100)=[0x0, 0x0], 0x2, {r0}}, 0x58) rt_sigqueueinfo$auto(r1, 0x2, &(0x7f0000000280)={@_si_pad}) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) socket(0x22, 0x80000, 0xd67d) io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, r0, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r2, 0x0, 0xe) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getpid() sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x24040004}, 0x800) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-mmap$auto-socketpair$auto-close_range$auto-open-socket-setsockopt$auto-syz_open_procfs$namespace-mmap$auto-socketpair$auto-syz_clone3-rt_sigqueueinfo$auto-mmap$auto-socket-io_uring_setup$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-mmap$auto-getpid-ioctl$auto_KVM_CREATE_VM detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/pid\x00') mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) syz_clone3(&(0x7f0000000200)={0x10a81c200, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=0x0, {0x30}, &(0x7f00000000c0)=""/37, 0x25, &(0x7f0000000180)=""/65, &(0x7f0000000100)=[0x0, 0x0], 0x2, {r0}}, 0x58) rt_sigqueueinfo$auto(r1, 0x2, &(0x7f0000000280)={@_si_pad}) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) socket(0x22, 0x80000, 0xd67d) io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, r0, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r2, 0x0, 0xe) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getpid() ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-mmap$auto-socketpair$auto-close_range$auto-open-socket-setsockopt$auto-syz_open_procfs$namespace-mmap$auto-socketpair$auto-syz_clone3-rt_sigqueueinfo$auto-mmap$auto-socket-io_uring_setup$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-mmap$auto-ioctl$auto_KVM_CREATE_VM detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/pid\x00') mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) syz_clone3(&(0x7f0000000200)={0x10a81c200, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=0x0, {0x30}, &(0x7f00000000c0)=""/37, 0x25, &(0x7f0000000180)=""/65, &(0x7f0000000100)=[0x0, 0x0], 0x2, {r0}}, 0x58) rt_sigqueueinfo$auto(r1, 0x2, &(0x7f0000000280)={@_si_pad}) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) socket(0x22, 0x80000, 0xd67d) io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, r0, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r2, 0x0, 0xe) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-mmap$auto-socketpair$auto-close_range$auto-open-socket-setsockopt$auto-syz_open_procfs$namespace-mmap$auto-socketpair$auto-syz_clone3-rt_sigqueueinfo$auto-mmap$auto-socket-io_uring_setup$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/pid\x00') mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) syz_clone3(&(0x7f0000000200)={0x10a81c200, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=0x0, {0x30}, &(0x7f00000000c0)=""/37, 0x25, &(0x7f0000000180)=""/65, &(0x7f0000000100)=[0x0, 0x0], 0x2, {r0}}, 0x58) rt_sigqueueinfo$auto(r1, 0x2, &(0x7f0000000280)={@_si_pad}) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) socket(0x22, 0x80000, 0xd67d) io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, r0, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r2, 0x0, 0xe) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-mmap$auto-socketpair$auto-close_range$auto-open-socket-setsockopt$auto-syz_open_procfs$namespace-mmap$auto-socketpair$auto-syz_clone3-rt_sigqueueinfo$auto-mmap$auto-socket-io_uring_setup$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-ioctl$auto_KVM_CREATE_VM detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/pid\x00') mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) syz_clone3(&(0x7f0000000200)={0x10a81c200, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=0x0, {0x30}, &(0x7f00000000c0)=""/37, 0x25, &(0x7f0000000180)=""/65, &(0x7f0000000100)=[0x0, 0x0], 0x2, {r0}}, 0x58) rt_sigqueueinfo$auto(r1, 0x2, &(0x7f0000000280)={@_si_pad}) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) socket(0x22, 0x80000, 0xd67d) io_uring_setup$auto(0x6, 0x0) openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, r0, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) program did not crash testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-mmap$auto-socketpair$auto-close_range$auto-open-socket-setsockopt$auto-syz_open_procfs$namespace-mmap$auto-socketpair$auto-syz_clone3-rt_sigqueueinfo$auto-mmap$auto-socket-io_uring_setup$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto-ioctl$auto_KVM_CREATE_VM detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/pid\x00') mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) syz_clone3(&(0x7f0000000200)={0x10a81c200, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=0x0, {0x30}, &(0x7f00000000c0)=""/37, 0x25, &(0x7f0000000180)=""/65, &(0x7f0000000100)=[0x0, 0x0], 0x2, {r0}}, 0x58) rt_sigqueueinfo$auto(r1, 0x2, &(0x7f0000000280)={@_si_pad}) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) socket(0x22, 0x80000, 0xd67d) io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) write$auto(r2, 0x0, 0xe) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) program did not crash testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-mmap$auto-socketpair$auto-close_range$auto-open-socket-setsockopt$auto-syz_open_procfs$namespace-mmap$auto-socketpair$auto-syz_clone3-rt_sigqueueinfo$auto-mmap$auto-socket-io_uring_setup$auto-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/pid\x00') mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) syz_clone3(&(0x7f0000000200)={0x10a81c200, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=0x0, {0x30}, &(0x7f00000000c0)=""/37, 0x25, &(0x7f0000000180)=""/65, &(0x7f0000000100)=[0x0, 0x0], 0x2, {r0}}, 0x58) rt_sigqueueinfo$auto(r1, 0x2, &(0x7f0000000280)={@_si_pad}) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) socket(0x22, 0x80000, 0xd67d) io_uring_setup$auto(0x6, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, r0, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(0xffffffffffffffff, 0x0, 0xe) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) program did not crash testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-mmap$auto-socketpair$auto-close_range$auto-open-socket-setsockopt$auto-syz_open_procfs$namespace-mmap$auto-socketpair$auto-syz_clone3-rt_sigqueueinfo$auto-mmap$auto-socket-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/pid\x00') mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) syz_clone3(&(0x7f0000000200)={0x10a81c200, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=0x0, {0x30}, &(0x7f00000000c0)=""/37, 0x25, &(0x7f0000000180)=""/65, &(0x7f0000000100)=[0x0, 0x0], 0x2, {r0}}, 0x58) rt_sigqueueinfo$auto(r1, 0x2, &(0x7f0000000280)={@_si_pad}) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) socket(0x22, 0x80000, 0xd67d) r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, r0, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r2, 0x0, 0xe) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-mmap$auto-socketpair$auto-close_range$auto-open-socket-setsockopt$auto-syz_open_procfs$namespace-mmap$auto-socketpair$auto-syz_clone3-rt_sigqueueinfo$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/pid\x00') mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) syz_clone3(&(0x7f0000000200)={0x10a81c200, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=0x0, {0x30}, &(0x7f00000000c0)=""/37, 0x25, &(0x7f0000000180)=""/65, &(0x7f0000000100)=[0x0, 0x0], 0x2, {r0}}, 0x58) rt_sigqueueinfo$auto(r1, 0x2, &(0x7f0000000280)={@_si_pad}) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, r0, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r2, 0x0, 0xe) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-mmap$auto-socketpair$auto-close_range$auto-open-socket-setsockopt$auto-syz_open_procfs$namespace-mmap$auto-socketpair$auto-syz_clone3-rt_sigqueueinfo$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/pid\x00') mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) syz_clone3(&(0x7f0000000200)={0x10a81c200, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=0x0, {0x30}, &(0x7f00000000c0)=""/37, 0x25, &(0x7f0000000180)=""/65, &(0x7f0000000100)=[0x0, 0x0], 0x2, {r0}}, 0x58) rt_sigqueueinfo$auto(r1, 0x2, &(0x7f0000000280)={@_si_pad}) r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, r0, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r2, 0x0, 0xe) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-mmap$auto-socketpair$auto-close_range$auto-open-socket-setsockopt$auto-syz_open_procfs$namespace-mmap$auto-socketpair$auto-syz_clone3-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/pid\x00') mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) syz_clone3(&(0x7f0000000200)={0x10a81c200, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x30}, &(0x7f00000000c0)=""/37, 0x25, &(0x7f0000000180)=""/65, &(0x7f0000000100)=[0x0, 0x0], 0x2, {r0}}, 0x58) r1 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, r0, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r1, 0x0, 0xe) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-mmap$auto-socketpair$auto-close_range$auto-open-socket-setsockopt$auto-syz_open_procfs$namespace-mmap$auto-socketpair$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/pid\x00') mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r1 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, r0, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r1, 0x0, 0xe) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-mmap$auto-socketpair$auto-close_range$auto-open-socket-setsockopt$auto-syz_open_procfs$namespace-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/pid\x00') mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, r0, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r1, 0x0, 0xe) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-mmap$auto-socketpair$auto-close_range$auto-open-socket-setsockopt$auto-syz_open_procfs$namespace-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/pid\x00') r1 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, r0, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r1, 0x0, 0xe) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-mmap$auto-socketpair$auto-close_range$auto-open-socket-setsockopt$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) r1 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, r0, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r1, 0x0, 0xe) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-mmap$auto-socketpair$auto-close_range$auto-open-socket-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) r1 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, r0, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r1, 0x0, 0xe) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-mmap$auto-socketpair$auto-close_range$auto-open-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x163340, 0x6a) r1 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, r0, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r1, 0x0, 0xe) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-mmap$auto-socketpair$auto-close_range$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, 0xffffffffffffffff, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r0, 0x0, 0xe) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-mmap$auto-socketpair$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, 0xffffffffffffffff, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r0, 0x0, 0xe) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, 0xffffffffffffffff, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r0, 0x0, 0xe) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, 0xffffffffffffffff, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r0, 0x0, 0xe) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM detailed listing: executing program 0: openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, 0xffffffffffffffff, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r0, 0x0, 0xe) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) program did not crash testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM detailed listing: executing program 0: mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, 0xffffffffffffffff, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r0, 0x0, 0xe) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM detailed listing: executing program 0: mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, 0x0, 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, 0xffffffffffffffff, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r0, 0x0, 0xe) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) program did not crash testing program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM detailed listing: executing program 0: mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, 0x0) write$auto(r0, 0x0, 0xe) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump extracting C reproducer testing compiled C program (duration=1m51.331545438s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump simplifying C reproducer testing compiled C program (duration=1m51.331545438s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing compiled C program (duration=1m51.331545438s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing compiled C program (duration=1m51.331545438s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM program did not crash testing compiled C program (duration=1m51.331545438s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing compiled C program (duration=1m51.331545438s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing compiled C program (duration=1m51.331545438s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing compiled C program (duration=1m51.331545438s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing compiled C program (duration=1m51.331545438s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing compiled C program (duration=1m51.331545438s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing compiled C program (duration=1m51.331545438s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM program did not crash testing compiled C program (duration=1m51.331545438s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing compiled C program (duration=1m51.331545438s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing compiled C program (duration=1m51.331545438s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing compiled C program (duration=1m51.331545438s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing compiled C program (duration=1m51.331545438s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump testing compiled C program (duration=1m51.331545438s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-io_uring_setup$auto-write$auto-ioctl$auto_KVM_CREATE_VM program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump reproducing took 1h43m37.093596673s repro crashed as (corrupted=false): ================================================================== BUG: KASAN: vmalloc-out-of-bounds in skb_put_data include/linux/skbuff.h:2752 [inline] BUG: KASAN: vmalloc-out-of-bounds in hci_devcd_dump+0x142/0x240 net/bluetooth/coredump.c:258 Read of size 140 at addr ffffc90000ace000 by task kworker/u9:2/5840 CPU: 1 UID: 0 PID: 5840 Comm: kworker/u9:2 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Workqueue: hci0 hci_devcd_timeout Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0xc3/0x670 mm/kasan/report.c:521 kasan_report+0xe0/0x110 mm/kasan/report.c:634 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189 __asan_memcpy+0x23/0x60 mm/kasan/shadow.c:105 skb_put_data include/linux/skbuff.h:2752 [inline] hci_devcd_dump+0x142/0x240 net/bluetooth/coredump.c:258 hci_devcd_timeout+0xb5/0x2e0 net/bluetooth/coredump.c:413 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238 process_scheduled_works kernel/workqueue.c:3319 [inline] worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400 kthread+0x3c2/0x780 kernel/kthread.c:464 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 The buggy address ffffc90000ace000 belongs to a vmalloc virtual mapping Memory state around the buggy address: ffffc90000acdf00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc90000acdf80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 >ffffc90000ace000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ^ ffffc90000ace080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc90000ace100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ================================================================== final repro crashed as (corrupted=false): ================================================================== BUG: KASAN: vmalloc-out-of-bounds in skb_put_data include/linux/skbuff.h:2752 [inline] BUG: KASAN: vmalloc-out-of-bounds in hci_devcd_dump+0x142/0x240 net/bluetooth/coredump.c:258 Read of size 140 at addr ffffc90000ace000 by task kworker/u9:2/5840 CPU: 1 UID: 0 PID: 5840 Comm: kworker/u9:2 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Workqueue: hci0 hci_devcd_timeout Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0xc3/0x670 mm/kasan/report.c:521 kasan_report+0xe0/0x110 mm/kasan/report.c:634 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189 __asan_memcpy+0x23/0x60 mm/kasan/shadow.c:105 skb_put_data include/linux/skbuff.h:2752 [inline] hci_devcd_dump+0x142/0x240 net/bluetooth/coredump.c:258 hci_devcd_timeout+0xb5/0x2e0 net/bluetooth/coredump.c:413 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238 process_scheduled_works kernel/workqueue.c:3319 [inline] worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400 kthread+0x3c2/0x780 kernel/kthread.c:464 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 The buggy address ffffc90000ace000 belongs to a vmalloc virtual mapping Memory state around the buggy address: ffffc90000acdf00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc90000acdf80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 >ffffc90000ace000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ^ ffffc90000ace080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc90000ace100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ==================================================================