Extracting prog: 58m11.741572615s
Minimizing prog: 8m24.011281244s
Simplifying prog options: 0s
Extracting C: 29.105170534s
Simplifying C: 20m12.449699921s
extracting reproducer from 31 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-statx$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
program did not crash
single: failed to extract reproducer
bisect: bisecting 31 programs with base timeout 30s
testing program (duration=37s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4]
detailed listing:
executing program 0:
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
socket(0xa, 0x3, 0x6)
ioctl$auto(0x3, 0x40085511, 0x1)
executing program 0:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
poll$auto(&(0x7f0000000d40)={0x3, 0x1, 0xa}, 0x5, 0x400)
ioctl$auto_CEC_S_MODE(r0, 0x40046109, &(0x7f0000002c40)=0xd0)
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
clone$auto(0x6, 0x401, 0xffffffffffffffff, 0xfffffffffffffffc, 0xa31b)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
executing program 0:
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x40841, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
mincore$auto(0x0, 0x10000, 0x0)
ioctl$auto_SNDRV_RAWMIDI_IOCTL_STATUS64(r0, 0xc0385720, 0x0)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
tkill$auto(0x80000000000001, 0x7)
executing program 0:
r0 = socket(0x10, 0x2, 0x0)
bpf$auto(0x0, &(0x7f00000004c0)=@bpf_attr_5={@target_ifindex, 0xffffffffffffffff, 0x4, 0xa, 0xffffffffffffffff, @relative_id=0x3, 0x91}, 0x3ff)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='f\x00'], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8)
executing program 32:
r0 = socket(0x10, 0x2, 0x0)
bpf$auto(0x0, &(0x7f00000004c0)=@bpf_attr_5={@target_ifindex, 0xffffffffffffffff, 0x4, 0xa, 0xffffffffffffffff, @relative_id=0x3, 0x91}, 0x3ff)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='f\x00'], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8)
executing program 3:
mmap$auto(0x0, 0x3, 0xdf, 0xeb1, 0x403, 0x8000)
close_range$auto(0x2, 0x8000, 0x0)
io_uring_setup$auto(0x3ff, 0x0)
io_uring_register$auto(0x2, 0xf, 0x0, 0x20)
executing program 3:
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB="18000000", @ANYBLOB='v\x00', @ANYRES32, @ANYRES64], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x40000)
executing program 2:
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
open(&(0x7f0000000100)='.\x00', 0x0, 0x408)
getdents$auto(0x0, 0x0, 0x18)
executing program 3:
madvise$auto(0x0, 0x2000040080000004, 0xe)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0)
ioctl$auto_PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0x0, 0x1, 0x6, 0x50b301a, 0x2c, 0x0, 0x0, 0x2})
executing program 2:
socket(0xa, 0x2, 0x0)
socket(0xa, 0x3, 0x6)
socket(0x2, 0x3, 0xa)
setsockopt$auto(0x3, 0x0, 0x30, 0x0, 0x6901f524)
executing program 1:
r0 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vcsa1\x00', 0x1, 0x0)
write$auto_vcs_fops_vc_screen(r0, &(0x7f00000001c0)="de68b010fe92868d5585a80c205959", 0xf)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x5, 0x8000)
write$auto(0x3, 0x0, 0xfffffdef)
executing program 2:
setresgid$auto(0x81, 0x800000a0, 0x8)
setgroups$auto(0xc00000000, 0xfffffffffffffffc)
setresuid$auto(0x0, 0x8, 0x8000)
shmget$auto(0x14, 0x2, 0xe64)
executing program 4:
r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x5)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto(0x3, 0x4008af22, 0x38)
executing program 2:
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
getrandom$auto(0x0, 0x6000000, 0x3)
madvise$auto(0x0, 0xf663, 0x15)
executing program 3:
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/kcore\x00', 0xc40, 0x0)
close_range$auto(0x2, 0x8000, 0x0)
executing program 1:
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0)
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
ioctl$auto(r0, 0x400c4d00, 0x9)
ioctl$auto(0x3, 0x400c4d05, 0x5)
executing program 4:
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
r0 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100)
newfstatat$auto(r0, 0x0, 0x0, 0x1000)
executing program 1:
unshare$auto(0x40000080)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$auto_MACSEC_CMD_DEL_TXSA(r0, &(0x7f00000056c0)={0x0, 0x0, &(0x7f0000005680)={&(0x7f0000000200)={0x20, r1, 0xbb484b3ccf0b22b, 0x70bd2b, 0x25dfdbfc, {}, [@MACSEC_ATTR_SA_CONFIG={0x4}, @MACSEC_ATTR_IFINDEX={0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000050}, 0x40094)
executing program 3:
mprotect$auto(0x110c238000, 0x1, 0x3)
munmap$auto(0x1000000, 0x2000000c)
madvise$auto(0x0, 0xffffffffffff0001, 0x9)
mlockall$auto(0x3)
executing program 4:
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/kvm/parameters/nx_huge_pages\x00', 0x42080, 0x0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x9)
acct$auto(&(0x7f0000000000)='}\x00')
acct$auto(0x0)
executing program 1:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001)
chdir$auto(&(0x7f0000000000)='}[,&*}\x00')
executing program 4:
socket(0x28, 0x1, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710}, 0x10)
setsockopt$auto(0x3, 0x1, 0x3c, 0x0, 0x9)
executing program 1:
r0 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/fs/ext4/sda1/es_shrinker_info\x00', 0x0, 0x0)
ppoll$auto(&(0x7f00000000c0)={<r1=>r0, 0xf81, 0x27f}, 0x3, 0x0, 0x0, 0x8)
r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/wlan1/forwarding\x00', 0x202, 0x0)
sendfile$auto(r2, r1, 0x0, 0x401)
executing program 4:
r0 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000003fc0)='/dev/bus/usb/017/001\x00', 0xa300, 0x0)
read$auto_mon_fops_binary_mon_bin(r0, &(0x7f0000000000)=""/118, 0x76)
read$auto_mon_fops_binary_mon_bin(r0, &(0x7f0000000180)=""/234, 0xea)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
recvmmsg$auto(0x3, 0x0, 0x687bcbd, 0x8, 0x0)
shutdown$auto(0x200000003, 0x2)
executing program 2:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x2c, 0x940, 0x1ffde, 0x3, 0x6, 0x2, 0x9, 0x5, 0x2, 0x4, 0xb0, 0x7, 0x2, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd]}, 0x1fe, 0x81)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
executing program 4:
socket(0x2, 0x1, 0x0)
listen$auto(0x3, 0x83)
accept$auto(0x3, 0xffffffffffffffff, 0xfffffffffffffffd)
shutdown$auto(0x200000003, 0x2)
executing program 3:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
executing program 2:
mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0x6, 0x8000)
statfs$auto(0x0, &(0x7f0000000100)={0xfffffffffffffffe, 0x81, 0x95, 0x2b48, 0x81, 0x7, 0x6, {[0x5, 0x8]}, 0x1, 0x6, 0x3, [0x3, 0x8, 0x5, 0xfffffffffffffff7]})
r0 = gettid()
process_vm_readv$auto(r0, &(0x7f0000000040)={0x0, 0x8}, 0x4, &(0x7f00000000c0)={0x0, 0x2}, 0x6, 0x0)
program crashed: WARNING: ODEBUG bug in hci_release_dev
bisect: bisecting 31 programs
bisect: split chunks (needed=false): <30>
bisect: split chunk #0 of len 30 into 3 parts
bisect: testing without sub-chunk 1/3
testing program (duration=35s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4]
detailed listing:
executing program 3:
madvise$auto(0x0, 0x2000040080000004, 0xe)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0)
ioctl$auto_PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0x0, 0x1, 0x6, 0x50b301a, 0x2c, 0x0, 0x0, 0x2})
executing program 2:
socket(0xa, 0x2, 0x0)
socket(0xa, 0x3, 0x6)
socket(0x2, 0x3, 0xa)
setsockopt$auto(0x3, 0x0, 0x30, 0x0, 0x6901f524)
executing program 1:
r0 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vcsa1\x00', 0x1, 0x0)
write$auto_vcs_fops_vc_screen(r0, &(0x7f00000001c0)="de68b010fe92868d5585a80c205959", 0xf)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x5, 0x8000)
write$auto(0x3, 0x0, 0xfffffdef)
executing program 2:
setresgid$auto(0x81, 0x800000a0, 0x8)
setgroups$auto(0xc00000000, 0xfffffffffffffffc)
setresuid$auto(0x0, 0x8, 0x8000)
shmget$auto(0x14, 0x2, 0xe64)
executing program 4:
r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x5)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto(0x3, 0x4008af22, 0x38)
executing program 2:
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
getrandom$auto(0x0, 0x6000000, 0x3)
madvise$auto(0x0, 0xf663, 0x15)
executing program 3:
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/kcore\x00', 0xc40, 0x0)
close_range$auto(0x2, 0x8000, 0x0)
executing program 1:
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0)
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
ioctl$auto(r0, 0x400c4d00, 0x9)
ioctl$auto(0x3, 0x400c4d05, 0x5)
executing program 4:
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
r0 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100)
newfstatat$auto(r0, 0x0, 0x0, 0x1000)
executing program 1:
unshare$auto(0x40000080)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$auto_MACSEC_CMD_DEL_TXSA(r0, &(0x7f00000056c0)={0x0, 0x0, &(0x7f0000005680)={&(0x7f0000000200)={0x20, r1, 0xbb484b3ccf0b22b, 0x70bd2b, 0x25dfdbfc, {}, [@MACSEC_ATTR_SA_CONFIG={0x4}, @MACSEC_ATTR_IFINDEX={0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000050}, 0x40094)
executing program 3:
mprotect$auto(0x110c238000, 0x1, 0x3)
munmap$auto(0x1000000, 0x2000000c)
madvise$auto(0x0, 0xffffffffffff0001, 0x9)
mlockall$auto(0x3)
executing program 4:
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/kvm/parameters/nx_huge_pages\x00', 0x42080, 0x0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x9)
acct$auto(&(0x7f0000000000)='}\x00')
acct$auto(0x0)
executing program 1:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001)
chdir$auto(&(0x7f0000000000)='}[,&*}\x00')
executing program 4:
socket(0x28, 0x1, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710}, 0x10)
setsockopt$auto(0x3, 0x1, 0x3c, 0x0, 0x9)
executing program 1:
r0 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/fs/ext4/sda1/es_shrinker_info\x00', 0x0, 0x0)
ppoll$auto(&(0x7f00000000c0)={<r1=>r0, 0xf81, 0x27f}, 0x3, 0x0, 0x0, 0x8)
r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/wlan1/forwarding\x00', 0x202, 0x0)
sendfile$auto(r2, r1, 0x0, 0x401)
executing program 4:
r0 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000003fc0)='/dev/bus/usb/017/001\x00', 0xa300, 0x0)
read$auto_mon_fops_binary_mon_bin(r0, &(0x7f0000000000)=""/118, 0x76)
read$auto_mon_fops_binary_mon_bin(r0, &(0x7f0000000180)=""/234, 0xea)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
recvmmsg$auto(0x3, 0x0, 0x687bcbd, 0x8, 0x0)
shutdown$auto(0x200000003, 0x2)
executing program 2:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x2c, 0x940, 0x1ffde, 0x3, 0x6, 0x2, 0x9, 0x5, 0x2, 0x4, 0xb0, 0x7, 0x2, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd]}, 0x1fe, 0x81)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
executing program 4:
socket(0x2, 0x1, 0x0)
listen$auto(0x3, 0x83)
accept$auto(0x3, 0xffffffffffffffff, 0xfffffffffffffffd)
shutdown$auto(0x200000003, 0x2)
executing program 3:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
executing program 2:
mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0x6, 0x8000)
statfs$auto(0x0, &(0x7f0000000100)={0xfffffffffffffffe, 0x81, 0x95, 0x2b48, 0x81, 0x7, 0x6, {[0x5, 0x8]}, 0x1, 0x6, 0x3, [0x3, 0x8, 0x5, 0xfffffffffffffff7]})
r0 = gettid()
process_vm_readv$auto(r0, &(0x7f0000000040)={0x0, 0x8}, 0x4, &(0x7f00000000c0)={0x0, 0x2}, 0x6, 0x0)
program did not crash
bisect: testing without sub-chunk 2/3
testing program (duration=35s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4]
detailed listing:
executing program 0:
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
socket(0xa, 0x3, 0x6)
ioctl$auto(0x3, 0x40085511, 0x1)
executing program 0:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
poll$auto(&(0x7f0000000d40)={0x3, 0x1, 0xa}, 0x5, 0x400)
ioctl$auto_CEC_S_MODE(r0, 0x40046109, &(0x7f0000002c40)=0xd0)
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
clone$auto(0x6, 0x401, 0xffffffffffffffff, 0xfffffffffffffffc, 0xa31b)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
executing program 0:
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x40841, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
mincore$auto(0x0, 0x10000, 0x0)
ioctl$auto_SNDRV_RAWMIDI_IOCTL_STATUS64(r0, 0xc0385720, 0x0)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
tkill$auto(0x80000000000001, 0x7)
executing program 0:
r0 = socket(0x10, 0x2, 0x0)
bpf$auto(0x0, &(0x7f00000004c0)=@bpf_attr_5={@target_ifindex, 0xffffffffffffffff, 0x4, 0xa, 0xffffffffffffffff, @relative_id=0x3, 0x91}, 0x3ff)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='f\x00'], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8)
executing program 32:
r0 = socket(0x10, 0x2, 0x0)
bpf$auto(0x0, &(0x7f00000004c0)=@bpf_attr_5={@target_ifindex, 0xffffffffffffffff, 0x4, 0xa, 0xffffffffffffffff, @relative_id=0x3, 0x91}, 0x3ff)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='f\x00'], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8)
executing program 3:
mmap$auto(0x0, 0x3, 0xdf, 0xeb1, 0x403, 0x8000)
close_range$auto(0x2, 0x8000, 0x0)
io_uring_setup$auto(0x3ff, 0x0)
io_uring_register$auto(0x2, 0xf, 0x0, 0x20)
executing program 3:
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB="18000000", @ANYBLOB='v\x00', @ANYRES32, @ANYRES64], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x40000)
executing program 2:
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
open(&(0x7f0000000100)='.\x00', 0x0, 0x408)
getdents$auto(0x0, 0x0, 0x18)
executing program 3:
mprotect$auto(0x110c238000, 0x1, 0x3)
munmap$auto(0x1000000, 0x2000000c)
madvise$auto(0x0, 0xffffffffffff0001, 0x9)
mlockall$auto(0x3)
executing program 4:
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/kvm/parameters/nx_huge_pages\x00', 0x42080, 0x0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x9)
acct$auto(&(0x7f0000000000)='}\x00')
acct$auto(0x0)
executing program 1:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001)
chdir$auto(&(0x7f0000000000)='}[,&*}\x00')
executing program 4:
socket(0x28, 0x1, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710}, 0x10)
setsockopt$auto(0x3, 0x1, 0x3c, 0x0, 0x9)
executing program 1:
r0 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/fs/ext4/sda1/es_shrinker_info\x00', 0x0, 0x0)
ppoll$auto(&(0x7f00000000c0)={<r1=>r0, 0xf81, 0x27f}, 0x3, 0x0, 0x0, 0x8)
r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/wlan1/forwarding\x00', 0x202, 0x0)
sendfile$auto(r2, r1, 0x0, 0x401)
executing program 4:
r0 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000003fc0)='/dev/bus/usb/017/001\x00', 0xa300, 0x0)
read$auto_mon_fops_binary_mon_bin(r0, &(0x7f0000000000)=""/118, 0x76)
read$auto_mon_fops_binary_mon_bin(r0, &(0x7f0000000180)=""/234, 0xea)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
recvmmsg$auto(0x3, 0x0, 0x687bcbd, 0x8, 0x0)
shutdown$auto(0x200000003, 0x2)
executing program 2:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x2c, 0x940, 0x1ffde, 0x3, 0x6, 0x2, 0x9, 0x5, 0x2, 0x4, 0xb0, 0x7, 0x2, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd]}, 0x1fe, 0x81)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
executing program 4:
socket(0x2, 0x1, 0x0)
listen$auto(0x3, 0x83)
accept$auto(0x3, 0xffffffffffffffff, 0xfffffffffffffffd)
shutdown$auto(0x200000003, 0x2)
executing program 3:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
executing program 2:
mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0x6, 0x8000)
statfs$auto(0x0, &(0x7f0000000100)={0xfffffffffffffffe, 0x81, 0x95, 0x2b48, 0x81, 0x7, 0x6, {[0x5, 0x8]}, 0x1, 0x6, 0x3, [0x3, 0x8, 0x5, 0xfffffffffffffff7]})
r0 = gettid()
process_vm_readv$auto(r0, &(0x7f0000000040)={0x0, 0x8}, 0x4, &(0x7f00000000c0)={0x0, 0x2}, 0x6, 0x0)
program crashed: WARNING: ODEBUG bug in hci_release_dev
bisect: the chunk can be dropped
bisect: testing without sub-chunk 3/3
testing program (duration=32s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4]
detailed listing:
executing program 0:
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
socket(0xa, 0x3, 0x6)
ioctl$auto(0x3, 0x40085511, 0x1)
executing program 0:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
poll$auto(&(0x7f0000000d40)={0x3, 0x1, 0xa}, 0x5, 0x400)
ioctl$auto_CEC_S_MODE(r0, 0x40046109, &(0x7f0000002c40)=0xd0)
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
clone$auto(0x6, 0x401, 0xffffffffffffffff, 0xfffffffffffffffc, 0xa31b)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
executing program 0:
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x40841, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
mincore$auto(0x0, 0x10000, 0x0)
ioctl$auto_SNDRV_RAWMIDI_IOCTL_STATUS64(r0, 0xc0385720, 0x0)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
tkill$auto(0x80000000000001, 0x7)
executing program 0:
r0 = socket(0x10, 0x2, 0x0)
bpf$auto(0x0, &(0x7f00000004c0)=@bpf_attr_5={@target_ifindex, 0xffffffffffffffff, 0x4, 0xa, 0xffffffffffffffff, @relative_id=0x3, 0x91}, 0x3ff)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='f\x00'], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8)
executing program 32:
r0 = socket(0x10, 0x2, 0x0)
bpf$auto(0x0, &(0x7f00000004c0)=@bpf_attr_5={@target_ifindex, 0xffffffffffffffff, 0x4, 0xa, 0xffffffffffffffff, @relative_id=0x3, 0x91}, 0x3ff)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='f\x00'], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8)
executing program 3:
mmap$auto(0x0, 0x3, 0xdf, 0xeb1, 0x403, 0x8000)
close_range$auto(0x2, 0x8000, 0x0)
io_uring_setup$auto(0x3ff, 0x0)
io_uring_register$auto(0x2, 0xf, 0x0, 0x20)
executing program 3:
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB="18000000", @ANYBLOB='v\x00', @ANYRES32, @ANYRES64], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x40000)
executing program 2:
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
open(&(0x7f0000000100)='.\x00', 0x0, 0x408)
getdents$auto(0x0, 0x0, 0x18)
executing program 3:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
program crashed: WARNING: ODEBUG bug in hci_release_dev
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <10>
bisect: split chunk #0 of len 10 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4, 4, 4, 4]
detailed listing:
executing program 0:
r0 = socket(0x10, 0x2, 0x0)
bpf$auto(0x0, &(0x7f00000004c0)=@bpf_attr_5={@target_ifindex, 0xffffffffffffffff, 0x4, 0xa, 0xffffffffffffffff, @relative_id=0x3, 0x91}, 0x3ff)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='f\x00'], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8)
executing program 32:
r0 = socket(0x10, 0x2, 0x0)
bpf$auto(0x0, &(0x7f00000004c0)=@bpf_attr_5={@target_ifindex, 0xffffffffffffffff, 0x4, 0xa, 0xffffffffffffffff, @relative_id=0x3, 0x91}, 0x3ff)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='f\x00'], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8)
executing program 3:
mmap$auto(0x0, 0x3, 0xdf, 0xeb1, 0x403, 0x8000)
close_range$auto(0x2, 0x8000, 0x0)
io_uring_setup$auto(0x3ff, 0x0)
io_uring_register$auto(0x2, 0xf, 0x0, 0x20)
executing program 3:
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB="18000000", @ANYBLOB='v\x00', @ANYRES32, @ANYRES64], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x40000)
executing program 2:
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
open(&(0x7f0000000100)='.\x00', 0x0, 0x408)
getdents$auto(0x0, 0x0, 0x18)
executing program 3:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4, 4, 4, 4]
detailed listing:
executing program 0:
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
socket(0xa, 0x3, 0x6)
ioctl$auto(0x3, 0x40085511, 0x1)
executing program 0:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
poll$auto(&(0x7f0000000d40)={0x3, 0x1, 0xa}, 0x5, 0x400)
ioctl$auto_CEC_S_MODE(r0, 0x40046109, &(0x7f0000002c40)=0xd0)
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
clone$auto(0x6, 0x401, 0xffffffffffffffff, 0xfffffffffffffffc, 0xa31b)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
executing program 0:
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x40841, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
mincore$auto(0x0, 0x10000, 0x0)
ioctl$auto_SNDRV_RAWMIDI_IOCTL_STATUS64(r0, 0xc0385720, 0x0)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
tkill$auto(0x80000000000001, 0x7)
executing program 3:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
program did not crash
bisect: split chunks (needed=true): <5>, <5>
bisect: split chunk #0 of len 5 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=32s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4, 4, 4, 4, 4, 4]
detailed listing:
executing program 0:
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x40841, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
mincore$auto(0x0, 0x10000, 0x0)
ioctl$auto_SNDRV_RAWMIDI_IOCTL_STATUS64(r0, 0xc0385720, 0x0)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
tkill$auto(0x80000000000001, 0x7)
executing program 0:
r0 = socket(0x10, 0x2, 0x0)
bpf$auto(0x0, &(0x7f00000004c0)=@bpf_attr_5={@target_ifindex, 0xffffffffffffffff, 0x4, 0xa, 0xffffffffffffffff, @relative_id=0x3, 0x91}, 0x3ff)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='f\x00'], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8)
executing program 32:
r0 = socket(0x10, 0x2, 0x0)
bpf$auto(0x0, &(0x7f00000004c0)=@bpf_attr_5={@target_ifindex, 0xffffffffffffffff, 0x4, 0xa, 0xffffffffffffffff, @relative_id=0x3, 0x91}, 0x3ff)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='f\x00'], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8)
executing program 3:
mmap$auto(0x0, 0x3, 0xdf, 0xeb1, 0x403, 0x8000)
close_range$auto(0x2, 0x8000, 0x0)
io_uring_setup$auto(0x3ff, 0x0)
io_uring_register$auto(0x2, 0xf, 0x0, 0x20)
executing program 3:
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB="18000000", @ANYBLOB='v\x00', @ANYRES32, @ANYRES64], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x40000)
executing program 2:
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
open(&(0x7f0000000100)='.\x00', 0x0, 0x408)
getdents$auto(0x0, 0x0, 0x18)
executing program 3:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
program crashed: WARNING: ODEBUG bug in hci_release_dev
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunk #1 of len 5 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4, 4, 4]
detailed listing:
executing program 0:
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x40841, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
mincore$auto(0x0, 0x10000, 0x0)
ioctl$auto_SNDRV_RAWMIDI_IOCTL_STATUS64(r0, 0xc0385720, 0x0)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
tkill$auto(0x80000000000001, 0x7)
executing program 3:
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB="18000000", @ANYBLOB='v\x00', @ANYRES32, @ANYRES64], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x40000)
executing program 2:
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
open(&(0x7f0000000100)='.\x00', 0x0, 0x408)
getdents$auto(0x0, 0x0, 0x18)
executing program 3:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
program crashed: WARNING: ODEBUG bug in hci_release_dev
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <2>, <2>
bisect: split chunk #0 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4, 4]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
tkill$auto(0x80000000000001, 0x7)
executing program 3:
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB="18000000", @ANYBLOB='v\x00', @ANYRES32, @ANYRES64], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x40000)
executing program 2:
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
open(&(0x7f0000000100)='.\x00', 0x0, 0x408)
getdents$auto(0x0, 0x0, 0x18)
executing program 3:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4, 4]
detailed listing:
executing program 0:
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x40841, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
mincore$auto(0x0, 0x10000, 0x0)
ioctl$auto_SNDRV_RAWMIDI_IOCTL_STATUS64(r0, 0xc0385720, 0x0)
executing program 3:
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB="18000000", @ANYBLOB='v\x00', @ANYRES32, @ANYRES64], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x40000)
executing program 2:
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
open(&(0x7f0000000100)='.\x00', 0x0, 0x408)
getdents$auto(0x0, 0x0, 0x18)
executing program 3:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
program did not crash
bisect: split chunk #1 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4, 4]
detailed listing:
executing program 0:
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x40841, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
mincore$auto(0x0, 0x10000, 0x0)
ioctl$auto_SNDRV_RAWMIDI_IOCTL_STATUS64(r0, 0xc0385720, 0x0)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
tkill$auto(0x80000000000001, 0x7)
executing program 2:
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
open(&(0x7f0000000100)='.\x00', 0x0, 0x408)
getdents$auto(0x0, 0x0, 0x18)
executing program 3:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
program crashed: WARNING: ODEBUG bug in hci_release_dev
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <1>, <1>, <1>
bisect: split chunk #0 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: split chunk #1 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: split chunk #2 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: 4 programs left:
executing program 0:
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x40841, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
mincore$auto(0x0, 0x10000, 0x0)
ioctl$auto_SNDRV_RAWMIDI_IOCTL_STATUS64(r0, 0xc0385720, 0x0)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
tkill$auto(0x80000000000001, 0x7)
executing program 2:
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
open(&(0x7f0000000100)='.\x00', 0x0, 0x408)
getdents$auto(0x0, 0x0, 0x18)
executing program 3:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
bisect: trying to concatenate
bisect: concatenate 4 entries
minimizing program #0 before concatenation
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 4, 4, 4]
detailed listing:
executing program 0:
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x40841, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
mincore$auto(0x0, 0x10000, 0x0)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
tkill$auto(0x80000000000001, 0x7)
executing program 2:
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
open(&(0x7f0000000100)='.\x00', 0x0, 0x408)
getdents$auto(0x0, 0x0, 0x18)
executing program 3:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 4, 4, 4]
detailed listing:
executing program 0:
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x40841, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
tkill$auto(0x80000000000001, 0x7)
executing program 2:
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
open(&(0x7f0000000100)='.\x00', 0x0, 0x408)
getdents$auto(0x0, 0x0, 0x18)
executing program 3:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 4, 4]
detailed listing:
executing program 0:
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x40841, 0x0)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
tkill$auto(0x80000000000001, 0x7)
executing program 2:
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
open(&(0x7f0000000100)='.\x00', 0x0, 0x408)
getdents$auto(0x0, 0x0, 0x18)
executing program 3:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [0, 4, 4, 4]
detailed listing:
executing program 0:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
tkill$auto(0x80000000000001, 0x7)
executing program 2:
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
open(&(0x7f0000000100)='.\x00', 0x0, 0x408)
getdents$auto(0x0, 0x0, 0x18)
executing program 3:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
program crashed: WARNING: ODEBUG bug in hci_release_dev
minimized 4 calls -> 0 calls
minimizing program #1 before concatenation
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [0, 3, 4, 4]
detailed listing:
executing program 0:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
executing program 2:
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
open(&(0x7f0000000100)='.\x00', 0x0, 0x408)
getdents$auto(0x0, 0x0, 0x18)
executing program 3:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
program did not crash
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [0, 3, 4, 4]
detailed listing:
executing program 0:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
tkill$auto(0x80000000000001, 0x7)
executing program 2:
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
open(&(0x7f0000000100)='.\x00', 0x0, 0x408)
getdents$auto(0x0, 0x0, 0x18)
executing program 3:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [0, 2, 4, 4]
detailed listing:
executing program 0:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 2:
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
open(&(0x7f0000000100)='.\x00', 0x0, 0x408)
getdents$auto(0x0, 0x0, 0x18)
executing program 3:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [0, 1, 4, 4]
detailed listing:
executing program 0:
executing program 0:
tkill$auto(0x80000000000001, 0x7)
executing program 2:
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
open(&(0x7f0000000100)='.\x00', 0x0, 0x408)
getdents$auto(0x0, 0x0, 0x18)
executing program 3:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
program crashed: WARNING: ODEBUG bug in hci_release_dev
minimized 4 calls -> 1 calls
minimizing program #2 before concatenation
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [0, 1, 3, 4]
detailed listing:
executing program 0:
executing program 0:
tkill$auto(0x80000000000001, 0x7)
executing program 0:
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
open(&(0x7f0000000100)='.\x00', 0x0, 0x408)
executing program 3:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [0, 1, 2, 4]
detailed listing:
executing program 0:
executing program 0:
tkill$auto(0x80000000000001, 0x7)
executing program 0:
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
executing program 3:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [0, 1, 1, 4]
detailed listing:
executing program 0:
executing program 0:
tkill$auto(0x80000000000001, 0x7)
executing program 0:
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
executing program 3:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [0, 1, 0, 4]
detailed listing:
executing program 0:
executing program 0:
tkill$auto(0x80000000000001, 0x7)
executing program 0:
executing program 3:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
program crashed: WARNING: ODEBUG bug in hci_release_dev
minimized 4 calls -> 0 calls
minimizing program #3 before concatenation
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [0, 1, 0, 3]
detailed listing:
executing program 0:
executing program 0:
tkill$auto(0x80000000000001, 0x7)
executing program 2:
executing program 0:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
program did not crash
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [0, 1, 0, 3]
detailed listing:
executing program 0:
executing program 0:
tkill$auto(0x80000000000001, 0x7)
executing program 2:
executing program 0:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
write$auto(0xffffffffffffffff, 0x0, 0xe)
program did not crash
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [0, 1, 0, 3]
detailed listing:
executing program 0:
executing program 0:
tkill$auto(0x80000000000001, 0x7)
executing program 2:
executing program 0:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [0, 1, 0, 2]
detailed listing:
executing program 0:
executing program 0:
tkill$auto(0x80000000000001, 0x7)
executing program 2:
executing program 0:
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
program did not crash
minimized 4 calls -> 3 calls
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
tkill$auto(0x80000000000001, 0x7)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
program crashed: WARNING: ODEBUG bug in hci_release_dev
bisect: concatenation succeeded
found reproducer with 4 syscalls
minimizing guilty program
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci
detailed listing:
executing program 0:
tkill$auto(0x80000000000001, 0x7)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
program did not crash
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-write$auto
detailed listing:
executing program 0:
tkill$auto(0x80000000000001, 0x7)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
write$auto(0xffffffffffffffff, 0x0, 0xe)
program did not crash
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
tkill$auto(0x80000000000001, 0x7)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
program did not crash
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
program did not crash
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
tkill$auto(0x80000000000001, 0x7)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
program did not crash
extracting C reproducer
testing compiled C program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
simplifying C reproducer
testing compiled C program (duration=46.5s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing compiled C program (duration=46.5s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program did not crash
testing compiled C program (duration=46.5s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing compiled C program (duration=46.5s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program did not crash
testing compiled C program (duration=46.5s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing compiled C program (duration=46.5s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing compiled C program (duration=46.5s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing compiled C program (duration=46.5s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program did not crash
testing compiled C program (duration=46.5s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing compiled C program (duration=46.5s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing compiled C program (duration=46.5s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program did not crash
testing compiled C program (duration=46.5s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing compiled C program (duration=46.5s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing compiled C program (duration=46.5s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program did not crash
testing compiled C program (duration=46.5s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing compiled C program (duration=46.5s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
reproducing took 1h27m17.307743005s
repro crashed as (corrupted=false):
------------[ cut here ]------------
ODEBUG: free active (active state 0) object: ffff888033d51248 object type: timer_list hint: hci_devcd_timeout+0x0/0x2f0 include/linux/skbuff.h:2741
WARNING: CPU: 1 PID: 5828 at lib/debugobjects.c:612 debug_print_object+0x1a2/0x2b0 lib/debugobjects.c:612
Modules linked in:
CPU: 1 UID: 0 PID: 5828 Comm: syz-executor344 Not tainted 6.13.0-rc3-syzkaller-00209-g499551201b5f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:debug_print_object+0x1a2/0x2b0 lib/debugobjects.c:612
Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 48 8b 14 dd a0 7f b1 8b 41 56 4c 89 e6 48 c7 c7 20 74 b1 8b e8 4f 59 bc fc 90 <0f> 0b 90 90 58 83 05 b6 5a 7f 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d
RSP: 0018:ffffc90003faf768 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff815a16c9
RDX: ffff888028419e00 RSI: ffffffff815a16d6 RDI: 0000000000000001
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8bb17ac0
R13: ffffffff8b4f8020 R14: ffffffff8a2ad340 R15: ffffc90003faf878
FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055f6d80ebeb8 CR3: 000000007c30e000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__debug_check_no_obj_freed lib/debugobjects.c:1099 [inline]
debug_check_no_obj_freed+0x4b7/0x600 lib/debugobjects.c:1129
slab_free_hook mm/slub.c:2284 [inline]
slab_free mm/slub.c:4613 [inline]
kfree+0x2b3/0x4b0 mm/slub.c:4761
hci_release_dev+0x4d9/0x600 net/bluetooth/hci_core.c:2758
bt_host_release+0x6a/0xb0 net/bluetooth/hci_sysfs.c:87
device_release+0xa1/0x240 drivers/base/core.c:2567
kobject_cleanup lib/kobject.c:689 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x1e4/0x5a0 lib/kobject.c:737
put_device+0x1f/0x30 drivers/base/core.c:3773
vhci_release+0x81/0xf0 drivers/bluetooth/hci_vhci.c:665
__fput+0x3f8/0xb60 fs/file_table.c:450
task_work_run+0x14e/0x250 kernel/task_work.c:239
exit_task_work include/linux/task_work.h:43 [inline]
do_exit+0xad8/0x2d70 kernel/exit.c:938
do_group_exit+0xd3/0x2a0 kernel/exit.c:1087
get_signal+0x2576/0x2610 kernel/signal.c:3017
arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337
exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f977f68926a
Code: Unable to access opcode bytes at 0x7f977f689240.
RSP: 002b:00007ffc28c89690 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f977f68926a
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007f977f6e1049 R09: 00007f977f6e1049
R10: 0000000000008000 R11: 0000000000000293 R12: 00007f977f6e1049
R13: 00007ffc28c896e0 R14: 00007ffc28c89720 R15: 0000000000000000
</TASK>
final repro crashed as (corrupted=false):
------------[ cut here ]------------
ODEBUG: free active (active state 0) object: ffff888033d51248 object type: timer_list hint: hci_devcd_timeout+0x0/0x2f0 include/linux/skbuff.h:2741
WARNING: CPU: 1 PID: 5828 at lib/debugobjects.c:612 debug_print_object+0x1a2/0x2b0 lib/debugobjects.c:612
Modules linked in:
CPU: 1 UID: 0 PID: 5828 Comm: syz-executor344 Not tainted 6.13.0-rc3-syzkaller-00209-g499551201b5f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:debug_print_object+0x1a2/0x2b0 lib/debugobjects.c:612
Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 48 8b 14 dd a0 7f b1 8b 41 56 4c 89 e6 48 c7 c7 20 74 b1 8b e8 4f 59 bc fc 90 <0f> 0b 90 90 58 83 05 b6 5a 7f 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d
RSP: 0018:ffffc90003faf768 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff815a16c9
RDX: ffff888028419e00 RSI: ffffffff815a16d6 RDI: 0000000000000001
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8bb17ac0
R13: ffffffff8b4f8020 R14: ffffffff8a2ad340 R15: ffffc90003faf878
FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055f6d80ebeb8 CR3: 000000007c30e000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__debug_check_no_obj_freed lib/debugobjects.c:1099 [inline]
debug_check_no_obj_freed+0x4b7/0x600 lib/debugobjects.c:1129
slab_free_hook mm/slub.c:2284 [inline]
slab_free mm/slub.c:4613 [inline]
kfree+0x2b3/0x4b0 mm/slub.c:4761
hci_release_dev+0x4d9/0x600 net/bluetooth/hci_core.c:2758
bt_host_release+0x6a/0xb0 net/bluetooth/hci_sysfs.c:87
device_release+0xa1/0x240 drivers/base/core.c:2567
kobject_cleanup lib/kobject.c:689 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x1e4/0x5a0 lib/kobject.c:737
put_device+0x1f/0x30 drivers/base/core.c:3773
vhci_release+0x81/0xf0 drivers/bluetooth/hci_vhci.c:665
__fput+0x3f8/0xb60 fs/file_table.c:450
task_work_run+0x14e/0x250 kernel/task_work.c:239
exit_task_work include/linux/task_work.h:43 [inline]
do_exit+0xad8/0x2d70 kernel/exit.c:938
do_group_exit+0xd3/0x2a0 kernel/exit.c:1087
get_signal+0x2576/0x2610 kernel/signal.c:3017
arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337
exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f977f68926a
Code: Unable to access opcode bytes at 0x7f977f689240.
RSP: 002b:00007ffc28c89690 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f977f68926a
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007f977f6e1049 R09: 00007f977f6e1049
R10: 0000000000008000 R11: 0000000000000293 R12: 00007f977f6e1049
R13: 00007ffc28c896e0 R14: 00007ffc28c89720 R15: 0000000000000000
</TASK>