Extracting prog: 5h43m13.595392641s
Minimizing prog: 20m32.593650416s
Simplifying prog options: 0s
Extracting C: 53.917723629s
Simplifying C: 27m52.288514811s


extracting reproducer from 24 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_kernfs_file_fops_kernfs_internal-read$auto-sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE-openat$auto_proc_fail_nth_operations_base-writev$auto-openat$auto_tty_fops_tty_io-syz_genetlink_get_family_id$auto_l2tp-openat$auto_safesetid_gid_file_fops_securityfs-ioctl$auto-mmap$auto-socket$nl_generic-ioctl$auto-close_range$auto-mmap$auto-ioctl$auto_VHOST_SET_VRING_ERR-syz_genetlink_get_family_id$auto_nl80211-sendmsg$auto_NL80211_CMD_DISASSOCIATE-socketpair$auto-sendmmsg$auto-sendmmsg$auto-write$auto-clone$auto-openat2$dir-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto-ioctl$auto_EVIOCSKEYCODE-syz_genetlink_get_family_id$auto_smc_pnetid-sendmsg$auto_SMC_PNETID_ADD
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program did not crash
single: failed to extract reproducer
bisect: bisecting 24 programs with base timeout 30s
testing program (duration=36s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [27, 11, 30, 30, 30, 29, 5, 25, 26, 27, 28, 8, 1, 26, 30, 29, 20, 5, 15, 14, 28, 30, 30, 30]
detailed listing:
executing program 2:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x3, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x800)
bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x8000007, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3)
sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/fuse/parameters/max_user_bgreq\x00', 0x1f2382, 0x0)
sendfile$auto(r0, r0, 0x0, 0x7fff)
sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0)
pidfd_send_signal$auto_PIDFD_SELF_THREAD_GROUP(0xffffffffffffb1e0, 0x4, &(0x7f00000000c0)={@siginfo_0_0={0xa, 0xb92, 0x9}}, 0x4)
r1 = socket(0xa, 0x5, 0x84)
sendto$auto(r1, 0x0, 0x401, 0x101, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fb8000"}, 0x1c)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000)
mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0x1e, 0x1, 0x0)
socket(0x28, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2b, 0x1, 0x1)
pipe2$auto(0x0, 0x80)
keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8)
socket(0x2, 0x3, 0xa)
pipe2$auto(0x0, 0x80)
syz_clone(0x4000000, &(0x7f0000000040)="1110772e9118d81097a406f5750008b28be67ef0011bcaa612e84dc6950fa015", 0x20, &(0x7f0000000280), &(0x7f0000000300), &(0x7f0000000340)="999cddedc642f9d16b60e08e550af0331de32832f1be9a913df00e1438c3b438e7993dce0b5987fdc239df")
keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x8)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0}, 0x63}, 0x3, 0x0)
executing program 2:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cpu.max.burst\x00', 0x80302, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.7/usb8/power/active_duration\x00', 0xc8080, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
r2 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0225020000000800030080"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x20040004)
sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x5, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x5}, 0x3}, 0x40000204, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)=""/17, 0x11)
read$auto_cachefiles_daemon_fops_internal(r0, &(0x7f0000000000)=""/111, 0x6f)
sendfile$auto(r0, r0, 0x0, 0x3)
executing program 2:
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x11, 0x3, 0x9)
r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x2, 0x0)
write$auto_sg_fops_sg(r0, &(0x7f0000001380)="4a0200000000040000899edb615550fd8c44924d87f0010047eb02eff5d2adc245a4e1eded0e91b86c61b6b42ed6", 0x2e)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
r1 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x64)
fchdir$auto(r1)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r2)
io_uring_setup$auto(0x6, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mq_open$auto(&(0x7f0000000000)='.\xf1e4\xdf\x16\x95kxE\xd9x\x15\xb0\xf6V\x93\xb4E\x06\xc5}l', 0x400056a, 0x9, 0x0)
ftruncate$auto(0x3, 0x700)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
close_range$auto(0x2, 0xa, 0x0)
socket(0xa, 0x1, 0xff)
r3 = socket(0xa, 0x3, 0xff)
connect$auto(r3, &(0x7f00000018c0)=@generic={0xa}, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
madvise$auto(0x1ffff000, 0x7, 0x100000000)
mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2)
shmget$auto(0x8, 0x10563, 0x568d1af2)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
getpgid$auto(0x0)
shmctl$auto(0x0, 0x0, 0xfffffffffffffffd)
lsm_set_self_attr$auto(0x1, 0x0, 0x80, 0x0)
close_range$auto(0x2, 0xa, 0x0)
executing program 2:
mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x7ffd) (async)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
ioctl$auto(0xffffffffffffffff, 0x4, 0xffffffffffffffff) (async)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async, rerun: 32)
move_mount$auto(0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x77) (rerun: 32)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
socket(0x25, 0x1, 0x4) (async, rerun: 64)
syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 64)
socket(0x10, 0x2, 0xf) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async)
socket(0xa, 0x801, 0x106)
socket(0x2b, 0x1, 0x1) (async, rerun: 64)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) (async, rerun: 64)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv6/neigh/veth1/unres_qlen\x00', 0x382, 0x0) (async, rerun: 64)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080) (async, rerun: 32)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) (async, rerun: 32)
close_range$auto(0x2, 0x8, 0x0) (async)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
sendfile$auto(r0, r0, 0x0, 0x23f) (async)
setns(0xffffffffffffffff, 0x8000000) (async)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/sctp/rto_min\x00', 0xba45a641e375b9f1, 0x0)
sendfile$auto(r1, r1, 0x0, 0x1) (async)
r2 = socket(0xa, 0x5, 0x84)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x1fe, 0x8000)
r3 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r2)
sendmsg$auto_GTP_CMD_DELPDP(r2, &(0x7f00000001c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000125bd7000fcdbdf0d721a25010000000800020004000000080002001c0000000c0003000000000000000c0006000600040000000c00030003000000000000000c000300ff7f00000000000008000800800000006594b92500643918"], 0x58}, 0x1, 0x0, 0x0, 0x400}, 0x4040000)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x947, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0xfff, 0x7, 0x8001, 0x2, 0x5, 0x3, 0x40, 0x7, 0x0, 0x0, 0x6, 0x2, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd]}, 0x1fe, 0x81)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
modify_ldt$auto(0x1, &(0x7f00000001c0), 0x10)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001cc0)='/dev/input/event1\x00', 0x101242, 0x0)
ioctl$auto_EVIOCREVOKE(r0, 0x40044591, 0x0)
ioctl$auto_EVIOCGREP(r0, 0x80084503, 0x0)
socket(0x2, 0x1, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
msgrcv$auto(0x0, 0x0, 0x1000, 0x8000000000000000, 0xb5)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000)
mmap$auto(0x0, 0x1004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000)
r1 = semctl$auto(0x1ff, 0x100000001, 0x13, 0x9)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r2 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r2, 0x107, 0x12, 0x0, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYRESHEX=r1, @ANYRES8=r1, @ANYRES16=r1, @ANYRES8=r1, @ANYRES8=r2, @ANYRESOCT=r1, @ANYRES64=r1, @ANYBLOB="56f826c0", @ANYBLOB], 0x1ac}}, 0x40000)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x181881, 0x0)
signalfd$auto(0x4, 0x0, 0x8)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/arch_status\x00', 0x80300, 0x0)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card1/pcm0c/sub3/info\x00', 0x1a3443, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000140), 0x80200, 0x0)
io_uring_setup$auto(0x40000002c55, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0)
executing program 1:
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/traceSMB\x00', 0x0, 0x0)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(0x3, 0x0, 0x1f40)
r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f00000004c0), 0x2202, 0x0)
ioctl$auto_USB_RAW_IOCTL_EP0_WRITE(r0, 0x40085503, &(0x7f0000000600)={0xd, 0x0, 0x3})
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x6, &(0x7f0000000000)={0x0, 0xfc6}, 0x6, 0x0, 0x7, 0xa505}, 0x800}, 0x80000000, 0x4008)
recvmsg$auto(0xffffffffffffffff, 0x0, 0x6)
writev$auto(0xca, 0x0, 0x2000000000000003)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event0\x00', 0x2, 0x0)
io_uring_setup$auto(0xc, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x30}, 0x1)
close_range$auto(0x2, 0xa, 0x0)
socketpair$auto(0x1, 0x4, 0x4, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/stack\x00', 0x8a1940, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000)
io_uring_setup$auto(0x6, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0xc0000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2a, 0x2, 0xb)
mmap$auto(0x1, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xffffeffe, 0x2)
pipe$auto(0x0)
executing program 1:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
mq_unlink$auto(0x0)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 1:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x3, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x800)
bpf$auto(0x0, &(0x7f00000001c0)=@test={<r0=>0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x8000007, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3)
r1 = gettid()
ioprio_set$auto_IOPRIO_WHO_PGRP(0x2, r1, 0x8)
ioctl$auto_LOOP_CTL_GET_FREE(r0, 0x4c82, r1)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000)
sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000)
sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0)
r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000080))
r3 = getgid()
setresgid$auto(0xffffffffffffffff, r3, 0x0)
r4 = gettid()
kill$auto(r4, 0x11)
msgctl$auto_IPC_SET(0x6, 0x1, &(0x7f0000000100)={{0x9, 0xee00, r3, 0x0, 0x3f3, 0x84e3, 0x8}, &(0x7f0000000080)=0x2, &(0x7f00000000c0)=0x8, 0x80, 0x8, 0x7fffffff, 0x8001, 0x5, 0x6, 0xbed, 0x1, @inferred=r4, @raw=0xc00})
fstat$auto(r2, &(0x7f00000001c0)={0x4, 0xc5bd, 0x6, 0x1000006, 0x0, r3, 0x0, 0xa, 0x10000, 0x6, 0x5, 0x6, 0x8, 0xcc, 0x4, 0x6, 0x10000})
r5 = socket(0xa, 0x5, 0x84)
sendto$auto(r5, 0x0, 0x401, 0x101, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fb8000"}, 0x1c)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000040)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0x5}, 0x1, 0x0, 0x9, 0x6}, 0x7}, 0x3, 0x0)
executing program 0:
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x2000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000)
r0 = socket(0xa, 0x2, 0x73)
sendto$auto(r0, 0x0, 0xfdef, 0x0, &(0x7f0000000000)=@generic={0xa, "e2c483400200ff803636166b00"}, 0x1c)
r1 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r2 = syz_clone3(&(0x7f00000003c0)={0x40000, 0x0, &(0x7f0000000140), &(0x7f0000000180), {0x38}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[0x0, 0x0, 0xffffffffffffffff, 0x0], 0x4, {r1}}, 0x58)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x8000003, 0x7)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
ioctl$auto_XFS_IOC_ALLOCSP64(r1, 0x40305824, &(0x7f0000000440)={0x3ff, 0x9, 0x5, 0x100, 0xc17d, <r4=>r2})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000280), 0xffffffffffffffff)
openat$auto_ptdump_fops_(0xffffffffffffff9c, &(0x7f0000000100), 0x28840, 0x0)
socket(0x2, 0x1, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
r7 = socket(0x15, 0x1, 0x20000000)
getsockopt$auto(r7, 0x114, 0x5, 0xfffffffffffffffc, 0x0)
sendmsg$auto_ETHTOOL_MSG_RSS_GET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="0938a467", @ANYRES16=r6, @ANYBLOB="010329bd700002dcdf252600000004000180"], 0x18}, 0x1, 0x0, 0x0, 0x40}, 0x40)
setpriority$auto_PRIO_PGRP(0x1, r4, 0x5)
semctl$auto_SETALL(0x9, 0x47, 0x11, 0x7)
read$auto(0xffffffffffffffff, 0x0, 0x1f40)
r8 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r8, &(0x7f00000000c0)={0x0, 0xffffffff}, 0x6)
ioctl$auto_RTC_WKALM_SET(0xffffffffffffffff, 0x4028700f, 0x0)
ioctl$auto_USBDEVFS_ALLOW_SUSPEND(r3, 0x5522, 0x0)
executing program 3:
syz_clone3(&(0x7f00000001c0)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r0 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc)
fcntl$auto(r0, 0x400, 0x1)
r1 = open(&(0x7f0000000040)='./file0\x00', 0x82580, 0x4)
ioctl$auto_SG_SET_DEBUG(0xffffffffffffffff, 0x227e, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
write$auto(0x1, 0x0, 0x80000000)
preadv$auto(0x40000000000003, &(0x7f0000000240)={0x0, 0xfffffffd}, 0x6, 0xc, 0x1)
r2 = socket(0x2b, 0x1, 0x1)
ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0)
sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(r2, 0x0, 0x20000001)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
munmap$auto(0x8000, 0xffffffff)
select$auto(0xe, 0xfffffffffffffffe, 0x0, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmmsg$auto(0x3, 0x0, 0xb, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/traceSMB\x00', 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(0x3, 0x0, 0x1f40)
r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cec2\x00', 0x101000, 0x0)
mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000)
syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000140), 0xffffffffffffffff)
fsconfig$auto_EROFS_MOUNT_DAX_NEVER(r1, 0x10001, &(0x7f0000000080)=']/@\x00', &(0x7f00000000c0)="b0bb4f730f7c779e425b154120061d4ded38430f52c6943bc314f5fbdcdb0c114090a06fcda9a643cef0c85b0ab5ef4b8a8703e80ce5d36c8dafd678539850559bce345ac6b1b7bb529922d0b1d3ee9c6ba20cfe515c76ddfa2805f69af1c3f3639881fe07be60f41eb0bff52a85ea08db82de24410422b2dfd217cd194cf98b742d2cc939cda58d495e44c0756d84ea7e461129a3295e89763da2da22a80bb407081612f7fc5bf47640aca030ab602fd37ac9e43a5b2fc837baa258e62bcd03a6ec14a9b497566091d1df2845128afa51a2ac4fdab83910b027a2d984ea79454d842b8b9b60d2652a8317117a", 0x80)
executing program 2:
mmap$auto(0x0, 0x4000a, 0xdf, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/pci0000:00/0000:00:01.3/local_cpus\x00', 0x80000, 0x0)
read$auto(r0, 0x0, 0x24)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x8)
syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000040), 0xffffffffffffffff)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
memfd_create$auto(0x0, 0xfffffff7)
executing program 0:
ioctl$auto_BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, &(0x7f0000000040)="bc9cd5a32a9760b72a5f1e8e1b99eb7ae18d14b8c0994c95690820180805c3d6c83ab7358da14f2ebd3341cba551f3")
executing program 1:
mmap$auto(0x0, 0x400008, 0x2, 0x9b72, 0x2, 0x8000)
ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0)
r0 = epoll_create$auto(0x3e)
epoll_ctl$auto(r0, 0x1, 0x8000000000000000, 0x0)
r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x1, 0x0)
r2 = openat$auto_tracing_err_log_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/error_log\x00', 0xd0000, 0x0)
mmap$auto(0x0, 0x100020, 0x0, 0xeb1, r2, 0x4000000000008000)
socket(0x2, 0x1, 0x0)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
ioctl$auto_TUNGETVNETBE2(0xffffffffffffffff, 0x800454df, &(0x7f0000000000)=0x3)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x1, 0x0)
r4 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154)
fcntl$auto(r4, 0x400, 0x1)
open(&(0x7f00000000c0)='./file0\x00', 0x141000, 0x81)
open(&(0x7f00000002c0)='./file0\x00', 0x103001, 0x120)
close_range$auto(0x2, 0x8, 0x0)
setresuid$auto(0xf5, 0x8000, 0x67)
bpf$auto(0x5, &(0x7f0000000300)=@bpf_attr_3={0x6, 0x24, 0xf, 0x63, 0x400, 0x0, 0x1, 0x80f0c8, 0x20, "38c1d5cbcb9f6b5e511f0cd8ed068f65", 0x0, 0x113e33f2, 0xffffffffffffffff, 0xe4, 0x6, 0x5, 0x6, 0x8, 0x0, 0x3, @attach_prog_fd, 0x6, 0xffff, 0x8, 0x0, 0xfffffffe}, 0x47)
setsockopt$auto(r3, 0x8000000000000006, 0x1c, 0x0, 0x3)
write$auto_seq_oss_f_ops_seq_oss(r1, &(0x7f0000000640)="445cc19989fb9c017005441c9085b524b7c0cc9b1a9f4edddfe162b01f9fe8f5adae095ec393ca717c2e4c6a64d1d08a304bb9528310c110129f6c575f67b4582a5f62b8e838fc6962c99765e6f49df32fe5fe58b9a26a37ef5d9c5f4789c742ab66cb019c4301e062dfeb918dbdb211b041bbeb9917bb2bb6c1bc1698a8d82139d84da0968c422c55239a2ed6bde3ec686e5fb78e80ee4c0045438d4f7fce23399079ece10b7e9e60185e97a0676ea0dbb2c14613f246f3089a1d9bbfd3dcc242b13e8ec303971c06b8e20f6f22820a23f0c642d9669ff73d85bf1c393f8d2f3a6755b5f222ee91f7f39c7eda4deaeeab296687a36914ac53eb6af38743eb03339bd94f3d9669adf2058b18648dc7306351ad5aada08450f3278cc2035282941542a4f2d70c1758b45a53fa2e016f57dd89629b5d2b7f5929c73da5f436ba0efec93deb7ccca0795176bb80d2afaea3bddec1d935a7c0fd9f41a3e180d19544b84b76d195ca07c9f88f0ffdf7e7831c01094133518941b5344c6b0771f9bda9af9ea4a571eba33acc91a32fd1240e06f5fc28f8b648b0d51d6efc66dbaaeed0bf3bc186093eaa6d060ef2001c298812c598be6cae0ca8ef5d4141224828f698daae1ffabfad67167dd5b5c3c91a496890ad9b3af588de8b8b58c220464c9695e815223e6800449615315539f5b9c670361fff443114a49c738e42709de97dd192d3360cd0227023c9676339b7d10fe70c2509f13a011dcc19bd447478499e1727ca5457f8b69fd7193dd3a93ee1df99e541713e00d4c85aa04b79b2b7505a09d5e6867440c152cb2b4eb9f56618ca7dbeef37e8c95b5fbe2b3bcc521c75a5f3007e784ad4d2a93102e35e346635f54c0484e691", 0x274)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffff6, 0x7)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
r0 = socket(0xa, 0x5, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @rand_addr=0xfffffffa}, 0x55)
setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xae00, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
socket(0x21, 0x2, 0x2)
sendto$auto(0x3, 0x0, 0x18, 0x101, 0x0, 0x1c)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x1d, 0x3, 0x1)
arch_prctl$auto(0x5000, 0x5)
getsockopt$auto(r2, 0x7, 0x0, 0xffffffffffffffff, 0x0)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
ioctl$auto(0x3, 0xc048aec8, r1)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/net/nr6/queues/rx-0/rps_flow_cnt\x00', 0x109802, 0x0)
sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="00032cbd70c14c060000000000000500040009000000"], 0x1c}, 0x1, 0x0, 0x0, 0x801}, 0x0)
ioctl$auto_SNDRV_PCM_IOCTL_HW_REFINE_OLD(0xffffffffffffffff, 0xc1004110, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000de, 0xeb1, r1, 0x0)
r3 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0)
sendfile$auto(r4, r4, 0x0, 0x7fffe000)
ioctl$auto_PPPIOCSMRU(r3, 0xc004743e, 0x0)
executing program 3:
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/traceSMB\x00', 0x0, 0x0)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(0x3, 0x0, 0x1f40)
r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f00000004c0), 0x2202, 0x0)
ioctl$auto_USB_RAW_IOCTL_EP0_WRITE(r0, 0x40085503, &(0x7f0000000600)={0xd, 0x0, 0x3})
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x6, &(0x7f0000000000)={0x0, 0xfc6}, 0x6, 0x0, 0x7, 0xa505}, 0x800}, 0x80000000, 0x4008)
recvmsg$auto(0xffffffffffffffff, 0x0, 0x6)
writev$auto(0xca, 0x0, 0x2000000000000003)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event0\x00', 0x2, 0x0)
io_uring_setup$auto(0xc, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x30}, 0x1)
close_range$auto(0x2, 0xa, 0x0)
socketpair$auto(0x1, 0x4, 0x4, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/stack\x00', 0x8a1940, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000)
io_uring_setup$auto(0x6, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0xc0000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2a, 0x2, 0xb)
mmap$auto(0x1, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xffffeffe, 0x2)
pipe$auto(0x0)
executing program 3:
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0)
ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000840)="12915fb9d5")
r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/v4l-subdev7\x00', 0x0, 0x0)
mmap$auto(0x8, 0x4020009, 0xdf, 0xeb1, r1, 0x6)
socket(0xa, 0x801, 0x106)
mmap$auto(0x0, 0x400009, 0xdf, 0x1800000000010, r1, 0x8000)
pipe$auto(0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = io_uring_setup$auto(0x811, 0x0)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
ioctl$auto(0x3, 0xc10c5541, r2)
mmap$auto(0x0, 0x2, 0xe2, 0x9b72, 0x7, 0x28000)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$auto(0x8000000000000024, 0xfffffffffffffffc, 0x0)
r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/kcore\x00', 0xc40, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r3, 0x0, 0x4d)
ioctl$auto(0x3, 0xc0285628, 0x38)
executing program 3:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input0/inhibited\x00', 0x20b42, 0x0)
r1 = io_uring_setup$auto(0xa, 0x0)
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0x7, 0x1020, 0x202, 0x10001, 0x8, r1, [], {0x6, 0x6, 0x8c48, 0x4, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0x100, 0x10000009, 0x52, 0x1, 0x1, 0x40, 0x76c4, 0x80008, 0x5}})
ioctl$auto_BCH_IOCTL_DISK_RESIZE(r1, 0x4018bc0e, &(0x7f0000000000)={0x3552, 0x0, 0x80, 0xb730})
write$auto(r0, &(0x7f0000000640)='1\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\x05\x00\x00\x00\x00\x00\x00\x00\x9c\x8a\xe2\xc7cOM\xb6\xa3\x10!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea\xa3\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z`\xfd\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f\x9b(\x82,W\xa3\b\xf3\x9d_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xe8\xe9u\x9f\xdeK\xa5\x06\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96#`\xe7\xd5Y\a\xc1\xe9(V\xbe\f\x9c\x9d!\xea\x96=\xd8N\xe1~\xc5\xbaJk+\x91\xc3\xaa\xde;c\xbd\xd7\x94|45\xcd\x11\xea\xe5C\x99\x98\xca\x96V\x9c\xd9\x11\x048\x8d\xab\x84zJA\xdb[\xb7\x18\x1c,P\x8d\xb37\xb2N\x9c\xc9G]\xaa\xfd~\x86\xd3y\xc6\x87\xb2\xb1\xa9]\x83\xc6\xf1\xf2T\xd3+\x1e\n\xa8g\xcf\x17\xc7\xbdhpA\xdd\xd8\xce\x19\fU\xbfl;x\x98{1:\xe7\xbb(s\xf5\xa3\xe3\xc7\f\xf0\xc7\xfe\x1e[\xaeb\xf9\xdc\x91^I\xb6\x9e\xabi\x8c\x87c\xbd\xe6\"6\t,\xcf\xf6\xa7\xe0\xb6<\xb2\xa2\xef\xeb\xba6y\xe0FT\x1f8\r\x97b\x97\xef\xac\xf6\xcc\x1a\x98Y\'z\xbfR\x1aS\xc1\x01\xac3\xbe\xb0E\xc1\x13\x16\xeb\x10\xce\xc5\xfc>Ym\xde\xa7\x19\\}\xd3\x17yc\xc3\x13\xed\xee\xe6\xdaJ\xfd\x90\xbf/\xf2\x9f-\xb1\xf5\xbd\xa32\xa3\xc8\xbe( \x9a\xd73\xcb\x87}b\xa7\x97\x18M\xf60\xad\xd0\xceV+\x02S$yq\x92mG:\xa7eA\xfe0\x1ao\xa9{\x06>\x05]\xfe:\xba\x96\x92\x91\xb3\x8a\xa5\xbd\xff\xbf.\xbdZ\xa1\x8d\x0f\x80d\x04N\xa9\xd9\x16\x93~\xbd\xbcr\xbb>r\x9d\x9aX\x91\xe4\xe1\xa9{\x13\x140\x9ax\xe8\xe8\xf1\xafz\xb0\x1erR&1\xaez\xa8J\x8d\xec|}\xfd\xb5\xce\x87\a\xf7YB\rv\"\xcf\xafno!,S4\xca \x94q_\x00R<\x03\xfd]vS\xa9\x8dG~\xee\xed\xce\x86\x80\xeb\xde\xac\'\x04A\xd5\x9d\xa9\x12%\xbe:\xb5\x92\xe8\xb8\xa9\xc9>\x89\x9d', 0x40000000004)
executing program 1:
mmap$auto(0x0, 0x2020006, 0x1000000000000007, 0xeb1, 0x0, 0x1008000)
r0 = socket(0xa, 0x80803, 0x6)
bind$auto(r0, &(0x7f0000000040)=@generic={0xa, "2c551d000000fe8000"}, 0x66)
close_range$auto(0x2, 0x8, 0x0)
r1 = socket(0x2, 0x3, 0x6)
r2 = socket(0x2, 0x2, 0x88)
sendmsg$auto_CGROUPSTATS_CMD_GET(0xffffffffffffffff, 0x0, 0x4080)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000000c0), r2)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x54, r3, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@ETHTOOL_A_CHANNELS_HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan1\x00'}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000040}, 0x8051)
sendmsg$auto_NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x54}, 0x1, 0x0, 0x0, 0x2000000}, 0x24004804)
io_setup$auto(0x5, 0xffffffffffffffff)
io_uring_register$auto(r2, 0x5, &(0x7f0000000280)="976d955a5a2cb4bfdda18f211e3dfcc3e74f46dd36a907101e482d4de729fd8ed035e960a1b83def29a383a6a584eeffc0277dfa09076b5b860da10e06bd972c53", 0x2b7)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
executing program 3:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
socket(0x2, 0x1, 0x0)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
open(0x0, 0x22240, 0x155)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x182400, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_MODULE_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r1, 0x2497a7476db46aa9, 0x70bd25, 0x25dfdbfc, {}, [@ETHTOOL_A_MODULE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x18000}, 0x1000000)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x1, 0x0)
setsockopt$auto(0x6, 0x8000000000000006, 0x1b, 0x0, 0x7ffffc)
executing program 2:
r0 = socket(0xa, 0x1, 0x84)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/devices/virtual/net/bond0/bonding/arp_validate\x00', 0x20042, 0x0)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
r1 = clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x60282, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
msgctl$auto_IPC_INFO(0x44, 0x3, &(0x7f00000001c0)={{0x0, 0x0, 0x0, 0x2, 0x57e, 0xffff8001}, 0x0, 0x0, 0x0, 0x9, 0x400, 0xfffffffffffffff9, 0x2, 0x18, 0x0, 0xfff8, @inferred=r1, @inferred=r1})
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, 0x0)
write$auto(r0, 0x0, 0x809b9)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x10000, 0xf4, 0xa, 0xeb1, 0x401, 0x5)
syz_clone3(&(0x7f0000000100)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58)
mmap$auto(0x8001, 0xff, 0x80000001, 0x1010, 0xffffffffffffffff, 0x28000)
r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000b80)='/proc/sys/kernel/kptr_restrict\x00', 0x202, 0x0)
mmap$auto(0x100000000000000, 0x6, 0xe4, 0x9b7e, r3, 0x28000)
r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/sctp/auth_enable\x00', 0x100, 0x0)
read$auto_proc_sys_file_operations_proc_sysctl(r4, 0x0, 0x0)
mmap$auto(0x800000000, 0x6, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000000), 0xa480, 0x0)
readv$auto(0x3, &(0x7f0000000280)={0x0, 0x40000f7}, 0x87)
read$auto(r3, 0x0, 0xb5)
write$auto(0x3, 0x0, 0xfdef)
rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0xfffffffffffffff0, 0x6, 0x20000006, 0x2}, 0x8000, 0x0, 0x6)
inotify_add_watch$auto(r0, &(0x7f0000000000)='./file0\x00', 0x4)
bpf$auto(0x8000000000000020, 0xffffffffffffffff, 0x0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp1\x00', 0x81, 0x0)
executing program 3:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
capset$auto(&(0x7f0000000180)={0x19980330}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
quotactl$auto(0x2, &(0x7f0000000040)='/dev/sda1\x00', 0x62a0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_gtp(&(0x7f0000002f80), r1)
sendmsg$auto_GTP_CMD_NEWPDP(r0, &(0x7f0000003080)={0x0, 0x0, &(0x7f0000003040)={&(0x7f0000000340)=ANY=[@ANYBLOB="3400a265c44acc690002", @ANYRES16=r2, @ANYBLOB="05002bbd7000fddbdf25000000000800010005000000080002000100000008000800060000000800090001040000"], 0x34}, 0x1, 0x0, 0x0, 0x4c000}, 0x80)
r3 = semctl$auto_GETPID(0x9, 0x200, 0xb, 0x5)
shmctl$auto_IPC_SET(0x0, 0x1, &(0x7f00000001c0)={{0xfe, 0x0, 0xee01, 0x3ff, 0xea, 0x3, 0x2006}, 0x4cf, 0x1, 0x2f4, 0x7, @inferred=r3, @inferred=<r4=>r3, 0x2, 0x0, 0x0, 0x0})
r5 = socket(0xa, 0x1, 0x100)
ioperm$auto(0x7, 0x5ad2, 0x8)
modify_ldt$auto(0x1, 0x0, 0x10)
ioctl$auto_USBDEVFS_ALLOW_SUSPEND(0xffffffffffffffff, 0x5522, 0x0)
openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
pread64$auto(r5, &(0x7f00000001c0)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x100, 0x0)
r6 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
socket(0x21, 0x3, 0x9)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000200), 0xffffffffffffffff)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0x1d, 0x8fd6, 0x400000000000948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r7, &(0x7f0000000700)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)={0x344, 0x0, 0x300, 0x70bd27, 0x25dfdbfc, {}, [@OVS_PACKET_ATTR_HASH={0xc, 0xb, 0x80}, @OVS_PACKET_ATTR_KEY={0xc, 0x2, 0x0, 0x1, [@typed={0x8, 0x131, 0x0, 0x0, @pid=r4}]}, @OVS_PACKET_ATTR_ACTIONS={0x317, 0x3, 0x0, 0x1, [@nested={0x191, 0x147, 0x0, 0x1, [@typed={0xa6, 0xe2, 0x0, 0x0, @binary="2781a7d5ebd3b10f058880c5c58afeb71f21596f8cd38d0c47d8df61abb64aa83710bcaaa5287efbab14d3ca5734c51fa7b90042f84664a42ab8a0071c2ee2c5f87113fc63b887e37b5010cd33d581e2b1d63ae3bdaeb7f4fd80b8c22296f6f158e14cb221d44348c31fa97315d7d540284393ff656bf10516ccb5038d9389623bd5bffb9b7cac13797645e101d774c14ea9337c1b541bc85ac8328cd2a7c58af186"}, @typed={0x4, 0x103}, @nested={0x4, 0x39}, @generic="dce611693dab53eddacb49055fa8fc3a1fc086e18d5c8c6f76aafaead2fea74251a94d0c1954f321756a12655666d5fa45765c159f09afa908385df5f580144d6a96e5029973daaf91bc0cce67aa823a54c8aa9ac22ca726290a7a5ea5557caac3592c2e97668cd562046718d91e9c3a30591c3b5216911048db5af188c7664d04d2e9e9886e5ec0bfd383738c0d0bbcf096020c120e7b19aecd22b25d582e2247750ed0c8aba709c6a5afcec81f39cf1275d5b43a512c", @nested={0x4, 0x6a}, @generic="9e24a8a50346b232787817af21c155ea60383614521956d12d43ebc84a31", @nested={0x4, 0x1f}]}, @typed={0x102, 0xc, 0x0, 0x0, @binary="dd3462c4de9a85b52f13d3c274a86ee7ade75f11033399f6539e15156f97b46d8b411c022ec2c9ab65673f0703e013a72acdc1334896ff809c1607fa4d1225185822bd6a9732636d9c6275e1fd1e630a024736b1aba231072799ebac66ec11e29db988a172e2a5dedc81f371221d8972e6e214c79363136225c706290d141d1a49bd4158011bc2ef3ecc14402746f32e5d949e68277aaf71a5b86c2516b38eb291db6ab41c1797fcde745820697c7a8792d3489cdd1084866a725cf976ff2ff57ab89d54afe666ff8e2110c5c9653df6a2bec941ccc4d73e2bc5d3e50caba38b757a67a9a4d03a71066ae9d3fb08a76727a877022634f43902bd0dd4b394"}, @nested={0x17, 0x65, 0x0, 0x1, [@generic="7d9f6e18fe42a054c9f5663bb8bda7", @nested={0x4, 0x109}]}, @generic="e7e9a69637cb898afc38370e0492f567988fbe316f38b51b3430069fe57d94c04aad11485b9b714c9300538beb6086d53ff114b0745cff8f0bd2709f4a556327", @generic="9b15fefe511c89d66bc670c95fdb1b34ee2e1c868588cd372c5d90e30e6291a6d3e161"]}]}, 0x344}, 0x1, 0x0, 0x0, 0x20000000}, 0x800)
write$auto(r6, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x2]}, 0x0)
mmap$auto(0x83, 0x0, 0x6945, 0xeb1, 0x405, 0x8000)
write$auto(0x3, 0x0, 0xffd8)
unshare$auto(0x40000080)
executing program 1:
mmap$auto(0x100000000, 0x4, 0x0, 0x400ebf, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fs/ext4/sda1/mb_stats\x00', 0x88000, 0x0)
pread64$auto(r0, 0x0, 0x20, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
getpid()
ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0)
r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
r2 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0)
readv$auto(r2, &(0x7f0000000680)={0x0, 0x40200}, 0x3)
ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, 0x0)
ppoll$auto(&(0x7f0000000000)={r1, 0x40}, 0x2, 0x0, 0x0, 0x8)
ioctl$auto_SNDCTL_DSP_SYNC(r1, 0x5001, 0xfffffffffffffffc)
modify_ldt$auto(0x1, 0x0, 0x10)
pread64$auto(r1, &(0x7f0000000080)='/dev/cpu/0/cpuid\x00', 0x8, 0x2)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/lru_gen_full\x00', 0x0, 0x0)
pread64$auto(r3, &(0x7f0000000040)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x7ff, 0x400)
inotify_rm_watch$auto(r2, 0x8001)
r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
getpid()
prctl$auto(0x3e, 0x564c, 0x0, 0x4, 0x400002)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0)
write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x201, 0x7, 0x9, 0x1, 0x948b, 0x2, 0x15f4da0a, 0x3, 0x3, 0x1000062, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2000000000002, 0x6]}, 0x0)
mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000)
write$auto(0x3, 0x0, 0xffd8)
unshare$auto(0x40000080)
openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs1\x00', 0x48080, 0x0)
fcntl$auto(0x3, 0x4, 0xa553)
process_mrelease$auto(0xffffffffffffffff, 0x0)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
bisect: bisecting 24 programs
bisect: split chunks (needed=false): <23>
bisect: split chunk #0 of len 23 into 3 parts
bisect: testing without sub-chunk 1/3
testing program (duration=34s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [26, 27, 28, 8, 1, 26, 30, 29, 20, 5, 15, 14, 28, 30, 30, 30]
detailed listing:
executing program 1:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x3, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x800)
bpf$auto(0x0, &(0x7f00000001c0)=@test={<r0=>0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x8000007, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3)
r1 = gettid()
ioprio_set$auto_IOPRIO_WHO_PGRP(0x2, r1, 0x8)
ioctl$auto_LOOP_CTL_GET_FREE(r0, 0x4c82, r1)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000)
sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000)
sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0)
r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000080))
r3 = getgid()
setresgid$auto(0xffffffffffffffff, r3, 0x0)
r4 = gettid()
kill$auto(r4, 0x11)
msgctl$auto_IPC_SET(0x6, 0x1, &(0x7f0000000100)={{0x9, 0xee00, r3, 0x0, 0x3f3, 0x84e3, 0x8}, &(0x7f0000000080)=0x2, &(0x7f00000000c0)=0x8, 0x80, 0x8, 0x7fffffff, 0x8001, 0x5, 0x6, 0xbed, 0x1, @inferred=r4, @raw=0xc00})
fstat$auto(r2, &(0x7f00000001c0)={0x4, 0xc5bd, 0x6, 0x1000006, 0x0, r3, 0x0, 0xa, 0x10000, 0x6, 0x5, 0x6, 0x8, 0xcc, 0x4, 0x6, 0x10000})
r5 = socket(0xa, 0x5, 0x84)
sendto$auto(r5, 0x0, 0x401, 0x101, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fb8000"}, 0x1c)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000040)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0x5}, 0x1, 0x0, 0x9, 0x6}, 0x7}, 0x3, 0x0)
executing program 0:
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x2000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000)
r0 = socket(0xa, 0x2, 0x73)
sendto$auto(r0, 0x0, 0xfdef, 0x0, &(0x7f0000000000)=@generic={0xa, "e2c483400200ff803636166b00"}, 0x1c)
r1 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r2 = syz_clone3(&(0x7f00000003c0)={0x40000, 0x0, &(0x7f0000000140), &(0x7f0000000180), {0x38}, 0x0, 0x0, 0x0, &(0x7f0000000380)=[0x0, 0x0, 0xffffffffffffffff, 0x0], 0x4, {r1}}, 0x58)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x8000003, 0x7)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
ioctl$auto_XFS_IOC_ALLOCSP64(r1, 0x40305824, &(0x7f0000000440)={0x3ff, 0x9, 0x5, 0x100, 0xc17d, <r4=>r2})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000280), 0xffffffffffffffff)
openat$auto_ptdump_fops_(0xffffffffffffff9c, &(0x7f0000000100), 0x28840, 0x0)
socket(0x2, 0x1, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
r7 = socket(0x15, 0x1, 0x20000000)
getsockopt$auto(r7, 0x114, 0x5, 0xfffffffffffffffc, 0x0)
sendmsg$auto_ETHTOOL_MSG_RSS_GET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="0938a467", @ANYRES16=r6, @ANYBLOB="010329bd700002dcdf252600000004000180"], 0x18}, 0x1, 0x0, 0x0, 0x40}, 0x40)
setpriority$auto_PRIO_PGRP(0x1, r4, 0x5)
semctl$auto_SETALL(0x9, 0x47, 0x11, 0x7)
read$auto(0xffffffffffffffff, 0x0, 0x1f40)
r8 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r8, &(0x7f00000000c0)={0x0, 0xffffffff}, 0x6)
ioctl$auto_RTC_WKALM_SET(0xffffffffffffffff, 0x4028700f, 0x0)
ioctl$auto_USBDEVFS_ALLOW_SUSPEND(r3, 0x5522, 0x0)
executing program 3:
syz_clone3(&(0x7f00000001c0)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r0 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc)
fcntl$auto(r0, 0x400, 0x1)
r1 = open(&(0x7f0000000040)='./file0\x00', 0x82580, 0x4)
ioctl$auto_SG_SET_DEBUG(0xffffffffffffffff, 0x227e, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
write$auto(0x1, 0x0, 0x80000000)
preadv$auto(0x40000000000003, &(0x7f0000000240)={0x0, 0xfffffffd}, 0x6, 0xc, 0x1)
r2 = socket(0x2b, 0x1, 0x1)
ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0)
sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(r2, 0x0, 0x20000001)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
munmap$auto(0x8000, 0xffffffff)
select$auto(0xe, 0xfffffffffffffffe, 0x0, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmmsg$auto(0x3, 0x0, 0xb, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/traceSMB\x00', 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(0x3, 0x0, 0x1f40)
r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cec2\x00', 0x101000, 0x0)
mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000)
syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000140), 0xffffffffffffffff)
fsconfig$auto_EROFS_MOUNT_DAX_NEVER(r1, 0x10001, &(0x7f0000000080)=']/@\x00', &(0x7f00000000c0)="b0bb4f730f7c779e425b154120061d4ded38430f52c6943bc314f5fbdcdb0c114090a06fcda9a643cef0c85b0ab5ef4b8a8703e80ce5d36c8dafd678539850559bce345ac6b1b7bb529922d0b1d3ee9c6ba20cfe515c76ddfa2805f69af1c3f3639881fe07be60f41eb0bff52a85ea08db82de24410422b2dfd217cd194cf98b742d2cc939cda58d495e44c0756d84ea7e461129a3295e89763da2da22a80bb407081612f7fc5bf47640aca030ab602fd37ac9e43a5b2fc837baa258e62bcd03a6ec14a9b497566091d1df2845128afa51a2ac4fdab83910b027a2d984ea79454d842b8b9b60d2652a8317117a", 0x80)
executing program 2:
mmap$auto(0x0, 0x4000a, 0xdf, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/pci0000:00/0000:00:01.3/local_cpus\x00', 0x80000, 0x0)
read$auto(r0, 0x0, 0x24)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x8)
syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000040), 0xffffffffffffffff)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
memfd_create$auto(0x0, 0xfffffff7)
executing program 0:
ioctl$auto_BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, &(0x7f0000000040)="bc9cd5a32a9760b72a5f1e8e1b99eb7ae18d14b8c0994c95690820180805c3d6c83ab7358da14f2ebd3341cba551f3")
executing program 1:
mmap$auto(0x0, 0x400008, 0x2, 0x9b72, 0x2, 0x8000)
ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0)
r0 = epoll_create$auto(0x3e)
epoll_ctl$auto(r0, 0x1, 0x8000000000000000, 0x0)
r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x1, 0x0)
r2 = openat$auto_tracing_err_log_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/error_log\x00', 0xd0000, 0x0)
mmap$auto(0x0, 0x100020, 0x0, 0xeb1, r2, 0x4000000000008000)
socket(0x2, 0x1, 0x0)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
ioctl$auto_TUNGETVNETBE2(0xffffffffffffffff, 0x800454df, &(0x7f0000000000)=0x3)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x1, 0x0)
r4 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154)
fcntl$auto(r4, 0x400, 0x1)
open(&(0x7f00000000c0)='./file0\x00', 0x141000, 0x81)
open(&(0x7f00000002c0)='./file0\x00', 0x103001, 0x120)
close_range$auto(0x2, 0x8, 0x0)
setresuid$auto(0xf5, 0x8000, 0x67)
bpf$auto(0x5, &(0x7f0000000300)=@bpf_attr_3={0x6, 0x24, 0xf, 0x63, 0x400, 0x0, 0x1, 0x80f0c8, 0x20, "38c1d5cbcb9f6b5e511f0cd8ed068f65", 0x0, 0x113e33f2, 0xffffffffffffffff, 0xe4, 0x6, 0x5, 0x6, 0x8, 0x0, 0x3, @attach_prog_fd, 0x6, 0xffff, 0x8, 0x0, 0xfffffffe}, 0x47)
setsockopt$auto(r3, 0x8000000000000006, 0x1c, 0x0, 0x3)
write$auto_seq_oss_f_ops_seq_oss(r1, &(0x7f0000000640)="445cc19989fb9c017005441c9085b524b7c0cc9b1a9f4edddfe162b01f9fe8f5adae095ec393ca717c2e4c6a64d1d08a304bb9528310c110129f6c575f67b4582a5f62b8e838fc6962c99765e6f49df32fe5fe58b9a26a37ef5d9c5f4789c742ab66cb019c4301e062dfeb918dbdb211b041bbeb9917bb2bb6c1bc1698a8d82139d84da0968c422c55239a2ed6bde3ec686e5fb78e80ee4c0045438d4f7fce23399079ece10b7e9e60185e97a0676ea0dbb2c14613f246f3089a1d9bbfd3dcc242b13e8ec303971c06b8e20f6f22820a23f0c642d9669ff73d85bf1c393f8d2f3a6755b5f222ee91f7f39c7eda4deaeeab296687a36914ac53eb6af38743eb03339bd94f3d9669adf2058b18648dc7306351ad5aada08450f3278cc2035282941542a4f2d70c1758b45a53fa2e016f57dd89629b5d2b7f5929c73da5f436ba0efec93deb7ccca0795176bb80d2afaea3bddec1d935a7c0fd9f41a3e180d19544b84b76d195ca07c9f88f0ffdf7e7831c01094133518941b5344c6b0771f9bda9af9ea4a571eba33acc91a32fd1240e06f5fc28f8b648b0d51d6efc66dbaaeed0bf3bc186093eaa6d060ef2001c298812c598be6cae0ca8ef5d4141224828f698daae1ffabfad67167dd5b5c3c91a496890ad9b3af588de8b8b58c220464c9695e815223e6800449615315539f5b9c670361fff443114a49c738e42709de97dd192d3360cd0227023c9676339b7d10fe70c2509f13a011dcc19bd447478499e1727ca5457f8b69fd7193dd3a93ee1df99e541713e00d4c85aa04b79b2b7505a09d5e6867440c152cb2b4eb9f56618ca7dbeef37e8c95b5fbe2b3bcc521c75a5f3007e784ad4d2a93102e35e346635f54c0484e691", 0x274)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffff6, 0x7)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
r0 = socket(0xa, 0x5, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @rand_addr=0xfffffffa}, 0x55)
setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xae00, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
socket(0x21, 0x2, 0x2)
sendto$auto(0x3, 0x0, 0x18, 0x101, 0x0, 0x1c)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x1d, 0x3, 0x1)
arch_prctl$auto(0x5000, 0x5)
getsockopt$auto(r2, 0x7, 0x0, 0xffffffffffffffff, 0x0)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
ioctl$auto(0x3, 0xc048aec8, r1)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/net/nr6/queues/rx-0/rps_flow_cnt\x00', 0x109802, 0x0)
sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="00032cbd70c14c060000000000000500040009000000"], 0x1c}, 0x1, 0x0, 0x0, 0x801}, 0x0)
ioctl$auto_SNDRV_PCM_IOCTL_HW_REFINE_OLD(0xffffffffffffffff, 0xc1004110, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000de, 0xeb1, r1, 0x0)
r3 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0)
sendfile$auto(r4, r4, 0x0, 0x7fffe000)
ioctl$auto_PPPIOCSMRU(r3, 0xc004743e, 0x0)
executing program 3:
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/traceSMB\x00', 0x0, 0x0)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(0x3, 0x0, 0x1f40)
r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f00000004c0), 0x2202, 0x0)
ioctl$auto_USB_RAW_IOCTL_EP0_WRITE(r0, 0x40085503, &(0x7f0000000600)={0xd, 0x0, 0x3})
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x6, &(0x7f0000000000)={0x0, 0xfc6}, 0x6, 0x0, 0x7, 0xa505}, 0x800}, 0x80000000, 0x4008)
recvmsg$auto(0xffffffffffffffff, 0x0, 0x6)
writev$auto(0xca, 0x0, 0x2000000000000003)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event0\x00', 0x2, 0x0)
io_uring_setup$auto(0xc, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x30}, 0x1)
close_range$auto(0x2, 0xa, 0x0)
socketpair$auto(0x1, 0x4, 0x4, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/stack\x00', 0x8a1940, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000)
io_uring_setup$auto(0x6, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0xc0000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2a, 0x2, 0xb)
mmap$auto(0x1, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xffffeffe, 0x2)
pipe$auto(0x0)
executing program 3:
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0)
ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000840)="12915fb9d5")
r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/v4l-subdev7\x00', 0x0, 0x0)
mmap$auto(0x8, 0x4020009, 0xdf, 0xeb1, r1, 0x6)
socket(0xa, 0x801, 0x106)
mmap$auto(0x0, 0x400009, 0xdf, 0x1800000000010, r1, 0x8000)
pipe$auto(0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = io_uring_setup$auto(0x811, 0x0)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
ioctl$auto(0x3, 0xc10c5541, r2)
mmap$auto(0x0, 0x2, 0xe2, 0x9b72, 0x7, 0x28000)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$auto(0x8000000000000024, 0xfffffffffffffffc, 0x0)
r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/kcore\x00', 0xc40, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r3, 0x0, 0x4d)
ioctl$auto(0x3, 0xc0285628, 0x38)
executing program 3:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input0/inhibited\x00', 0x20b42, 0x0)
r1 = io_uring_setup$auto(0xa, 0x0)
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0x7, 0x1020, 0x202, 0x10001, 0x8, r1, [], {0x6, 0x6, 0x8c48, 0x4, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0x100, 0x10000009, 0x52, 0x1, 0x1, 0x40, 0x76c4, 0x80008, 0x5}})
ioctl$auto_BCH_IOCTL_DISK_RESIZE(r1, 0x4018bc0e, &(0x7f0000000000)={0x3552, 0x0, 0x80, 0xb730})
write$auto(r0, &(0x7f0000000640)='1\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\x05\x00\x00\x00\x00\x00\x00\x00\x9c\x8a\xe2\xc7cOM\xb6\xa3\x10!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea\xa3\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z`\xfd\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f\x9b(\x82,W\xa3\b\xf3\x9d_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xe8\xe9u\x9f\xdeK\xa5\x06\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96#`\xe7\xd5Y\a\xc1\xe9(V\xbe\f\x9c\x9d!\xea\x96=\xd8N\xe1~\xc5\xbaJk+\x91\xc3\xaa\xde;c\xbd\xd7\x94|45\xcd\x11\xea\xe5C\x99\x98\xca\x96V\x9c\xd9\x11\x048\x8d\xab\x84zJA\xdb[\xb7\x18\x1c,P\x8d\xb37\xb2N\x9c\xc9G]\xaa\xfd~\x86\xd3y\xc6\x87\xb2\xb1\xa9]\x83\xc6\xf1\xf2T\xd3+\x1e\n\xa8g\xcf\x17\xc7\xbdhpA\xdd\xd8\xce\x19\fU\xbfl;x\x98{1:\xe7\xbb(s\xf5\xa3\xe3\xc7\f\xf0\xc7\xfe\x1e[\xaeb\xf9\xdc\x91^I\xb6\x9e\xabi\x8c\x87c\xbd\xe6\"6\t,\xcf\xf6\xa7\xe0\xb6<\xb2\xa2\xef\xeb\xba6y\xe0FT\x1f8\r\x97b\x97\xef\xac\xf6\xcc\x1a\x98Y\'z\xbfR\x1aS\xc1\x01\xac3\xbe\xb0E\xc1\x13\x16\xeb\x10\xce\xc5\xfc>Ym\xde\xa7\x19\\}\xd3\x17yc\xc3\x13\xed\xee\xe6\xdaJ\xfd\x90\xbf/\xf2\x9f-\xb1\xf5\xbd\xa32\xa3\xc8\xbe( \x9a\xd73\xcb\x87}b\xa7\x97\x18M\xf60\xad\xd0\xceV+\x02S$yq\x92mG:\xa7eA\xfe0\x1ao\xa9{\x06>\x05]\xfe:\xba\x96\x92\x91\xb3\x8a\xa5\xbd\xff\xbf.\xbdZ\xa1\x8d\x0f\x80d\x04N\xa9\xd9\x16\x93~\xbd\xbcr\xbb>r\x9d\x9aX\x91\xe4\xe1\xa9{\x13\x140\x9ax\xe8\xe8\xf1\xafz\xb0\x1erR&1\xaez\xa8J\x8d\xec|}\xfd\xb5\xce\x87\a\xf7YB\rv\"\xcf\xafno!,S4\xca \x94q_\x00R<\x03\xfd]vS\xa9\x8dG~\xee\xed\xce\x86\x80\xeb\xde\xac\'\x04A\xd5\x9d\xa9\x12%\xbe:\xb5\x92\xe8\xb8\xa9\xc9>\x89\x9d', 0x40000000004)
executing program 1:
mmap$auto(0x0, 0x2020006, 0x1000000000000007, 0xeb1, 0x0, 0x1008000)
r0 = socket(0xa, 0x80803, 0x6)
bind$auto(r0, &(0x7f0000000040)=@generic={0xa, "2c551d000000fe8000"}, 0x66)
close_range$auto(0x2, 0x8, 0x0)
r1 = socket(0x2, 0x3, 0x6)
r2 = socket(0x2, 0x2, 0x88)
sendmsg$auto_CGROUPSTATS_CMD_GET(0xffffffffffffffff, 0x0, 0x4080)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000000c0), r2)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x54, r3, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@ETHTOOL_A_CHANNELS_HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan1\x00'}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000040}, 0x8051)
sendmsg$auto_NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x54}, 0x1, 0x0, 0x0, 0x2000000}, 0x24004804)
io_setup$auto(0x5, 0xffffffffffffffff)
io_uring_register$auto(r2, 0x5, &(0x7f0000000280)="976d955a5a2cb4bfdda18f211e3dfcc3e74f46dd36a907101e482d4de729fd8ed035e960a1b83def29a383a6a584eeffc0277dfa09076b5b860da10e06bd972c53", 0x2b7)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
executing program 3:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
socket(0x2, 0x1, 0x0)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
open(0x0, 0x22240, 0x155)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x182400, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_MODULE_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r1, 0x2497a7476db46aa9, 0x70bd25, 0x25dfdbfc, {}, [@ETHTOOL_A_MODULE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x18000}, 0x1000000)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x1, 0x0)
setsockopt$auto(0x6, 0x8000000000000006, 0x1b, 0x0, 0x7ffffc)
executing program 2:
r0 = socket(0xa, 0x1, 0x84)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/devices/virtual/net/bond0/bonding/arp_validate\x00', 0x20042, 0x0)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
r1 = clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x60282, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
msgctl$auto_IPC_INFO(0x44, 0x3, &(0x7f00000001c0)={{0x0, 0x0, 0x0, 0x2, 0x57e, 0xffff8001}, 0x0, 0x0, 0x0, 0x9, 0x400, 0xfffffffffffffff9, 0x2, 0x18, 0x0, 0xfff8, @inferred=r1, @inferred=r1})
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, 0x0)
write$auto(r0, 0x0, 0x809b9)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x10000, 0xf4, 0xa, 0xeb1, 0x401, 0x5)
syz_clone3(&(0x7f0000000100)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58)
mmap$auto(0x8001, 0xff, 0x80000001, 0x1010, 0xffffffffffffffff, 0x28000)
r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000b80)='/proc/sys/kernel/kptr_restrict\x00', 0x202, 0x0)
mmap$auto(0x100000000000000, 0x6, 0xe4, 0x9b7e, r3, 0x28000)
r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/sctp/auth_enable\x00', 0x100, 0x0)
read$auto_proc_sys_file_operations_proc_sysctl(r4, 0x0, 0x0)
mmap$auto(0x800000000, 0x6, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000000), 0xa480, 0x0)
readv$auto(0x3, &(0x7f0000000280)={0x0, 0x40000f7}, 0x87)
read$auto(r3, 0x0, 0xb5)
write$auto(0x3, 0x0, 0xfdef)
rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0xfffffffffffffff0, 0x6, 0x20000006, 0x2}, 0x8000, 0x0, 0x6)
inotify_add_watch$auto(r0, &(0x7f0000000000)='./file0\x00', 0x4)
bpf$auto(0x8000000000000020, 0xffffffffffffffff, 0x0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp1\x00', 0x81, 0x0)
executing program 3:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
capset$auto(&(0x7f0000000180)={0x19980330}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
quotactl$auto(0x2, &(0x7f0000000040)='/dev/sda1\x00', 0x62a0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_gtp(&(0x7f0000002f80), r1)
sendmsg$auto_GTP_CMD_NEWPDP(r0, &(0x7f0000003080)={0x0, 0x0, &(0x7f0000003040)={&(0x7f0000000340)=ANY=[@ANYBLOB="3400a265c44acc690002", @ANYRES16=r2, @ANYBLOB="05002bbd7000fddbdf25000000000800010005000000080002000100000008000800060000000800090001040000"], 0x34}, 0x1, 0x0, 0x0, 0x4c000}, 0x80)
r3 = semctl$auto_GETPID(0x9, 0x200, 0xb, 0x5)
shmctl$auto_IPC_SET(0x0, 0x1, &(0x7f00000001c0)={{0xfe, 0x0, 0xee01, 0x3ff, 0xea, 0x3, 0x2006}, 0x4cf, 0x1, 0x2f4, 0x7, @inferred=r3, @inferred=<r4=>r3, 0x2, 0x0, 0x0, 0x0})
r5 = socket(0xa, 0x1, 0x100)
ioperm$auto(0x7, 0x5ad2, 0x8)
modify_ldt$auto(0x1, 0x0, 0x10)
ioctl$auto_USBDEVFS_ALLOW_SUSPEND(0xffffffffffffffff, 0x5522, 0x0)
openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
pread64$auto(r5, &(0x7f00000001c0)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x100, 0x0)
r6 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
socket(0x21, 0x3, 0x9)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000200), 0xffffffffffffffff)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0x1d, 0x8fd6, 0x400000000000948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r7, &(0x7f0000000700)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)={0x344, 0x0, 0x300, 0x70bd27, 0x25dfdbfc, {}, [@OVS_PACKET_ATTR_HASH={0xc, 0xb, 0x80}, @OVS_PACKET_ATTR_KEY={0xc, 0x2, 0x0, 0x1, [@typed={0x8, 0x131, 0x0, 0x0, @pid=r4}]}, @OVS_PACKET_ATTR_ACTIONS={0x317, 0x3, 0x0, 0x1, [@nested={0x191, 0x147, 0x0, 0x1, [@typed={0xa6, 0xe2, 0x0, 0x0, @binary="2781a7d5ebd3b10f058880c5c58afeb71f21596f8cd38d0c47d8df61abb64aa83710bcaaa5287efbab14d3ca5734c51fa7b90042f84664a42ab8a0071c2ee2c5f87113fc63b887e37b5010cd33d581e2b1d63ae3bdaeb7f4fd80b8c22296f6f158e14cb221d44348c31fa97315d7d540284393ff656bf10516ccb5038d9389623bd5bffb9b7cac13797645e101d774c14ea9337c1b541bc85ac8328cd2a7c58af186"}, @typed={0x4, 0x103}, @nested={0x4, 0x39}, @generic="dce611693dab53eddacb49055fa8fc3a1fc086e18d5c8c6f76aafaead2fea74251a94d0c1954f321756a12655666d5fa45765c159f09afa908385df5f580144d6a96e5029973daaf91bc0cce67aa823a54c8aa9ac22ca726290a7a5ea5557caac3592c2e97668cd562046718d91e9c3a30591c3b5216911048db5af188c7664d04d2e9e9886e5ec0bfd383738c0d0bbcf096020c120e7b19aecd22b25d582e2247750ed0c8aba709c6a5afcec81f39cf1275d5b43a512c", @nested={0x4, 0x6a}, @generic="9e24a8a50346b232787817af21c155ea60383614521956d12d43ebc84a31", @nested={0x4, 0x1f}]}, @typed={0x102, 0xc, 0x0, 0x0, @binary="dd3462c4de9a85b52f13d3c274a86ee7ade75f11033399f6539e15156f97b46d8b411c022ec2c9ab65673f0703e013a72acdc1334896ff809c1607fa4d1225185822bd6a9732636d9c6275e1fd1e630a024736b1aba231072799ebac66ec11e29db988a172e2a5dedc81f371221d8972e6e214c79363136225c706290d141d1a49bd4158011bc2ef3ecc14402746f32e5d949e68277aaf71a5b86c2516b38eb291db6ab41c1797fcde745820697c7a8792d3489cdd1084866a725cf976ff2ff57ab89d54afe666ff8e2110c5c9653df6a2bec941ccc4d73e2bc5d3e50caba38b757a67a9a4d03a71066ae9d3fb08a76727a877022634f43902bd0dd4b394"}, @nested={0x17, 0x65, 0x0, 0x1, [@generic="7d9f6e18fe42a054c9f5663bb8bda7", @nested={0x4, 0x109}]}, @generic="e7e9a69637cb898afc38370e0492f567988fbe316f38b51b3430069fe57d94c04aad11485b9b714c9300538beb6086d53ff114b0745cff8f0bd2709f4a556327", @generic="9b15fefe511c89d66bc670c95fdb1b34ee2e1c868588cd372c5d90e30e6291a6d3e161"]}]}, 0x344}, 0x1, 0x0, 0x0, 0x20000000}, 0x800)
write$auto(r6, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x2]}, 0x0)
mmap$auto(0x83, 0x0, 0x6945, 0xeb1, 0x405, 0x8000)
write$auto(0x3, 0x0, 0xffd8)
unshare$auto(0x40000080)
executing program 1:
mmap$auto(0x100000000, 0x4, 0x0, 0x400ebf, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fs/ext4/sda1/mb_stats\x00', 0x88000, 0x0)
pread64$auto(r0, 0x0, 0x20, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
getpid()
ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0)
r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
r2 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0)
readv$auto(r2, &(0x7f0000000680)={0x0, 0x40200}, 0x3)
ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, 0x0)
ppoll$auto(&(0x7f0000000000)={r1, 0x40}, 0x2, 0x0, 0x0, 0x8)
ioctl$auto_SNDCTL_DSP_SYNC(r1, 0x5001, 0xfffffffffffffffc)
modify_ldt$auto(0x1, 0x0, 0x10)
pread64$auto(r1, &(0x7f0000000080)='/dev/cpu/0/cpuid\x00', 0x8, 0x2)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/lru_gen_full\x00', 0x0, 0x0)
pread64$auto(r3, &(0x7f0000000040)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x7ff, 0x400)
inotify_rm_watch$auto(r2, 0x8001)
r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
getpid()
prctl$auto(0x3e, 0x564c, 0x0, 0x4, 0x400002)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0)
write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x201, 0x7, 0x9, 0x1, 0x948b, 0x2, 0x15f4da0a, 0x3, 0x3, 0x1000062, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2000000000002, 0x6]}, 0x0)
mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000)
write$auto(0x3, 0x0, 0xffd8)
unshare$auto(0x40000080)
openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs1\x00', 0x48080, 0x0)
fcntl$auto(0x3, 0x4, 0xa553)
process_mrelease$auto(0xffffffffffffffff, 0x0)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program did not crash
bisect: testing without sub-chunk 2/3
testing program (duration=34s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [27, 11, 30, 30, 30, 29, 5, 25, 20, 5, 15, 14, 28, 30, 30, 30]
detailed listing:
executing program 2:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x3, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x800)
bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x8000007, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3)
sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/fuse/parameters/max_user_bgreq\x00', 0x1f2382, 0x0)
sendfile$auto(r0, r0, 0x0, 0x7fff)
sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0)
pidfd_send_signal$auto_PIDFD_SELF_THREAD_GROUP(0xffffffffffffb1e0, 0x4, &(0x7f00000000c0)={@siginfo_0_0={0xa, 0xb92, 0x9}}, 0x4)
r1 = socket(0xa, 0x5, 0x84)
sendto$auto(r1, 0x0, 0x401, 0x101, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fb8000"}, 0x1c)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000)
mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0x1e, 0x1, 0x0)
socket(0x28, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2b, 0x1, 0x1)
pipe2$auto(0x0, 0x80)
keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8)
socket(0x2, 0x3, 0xa)
pipe2$auto(0x0, 0x80)
syz_clone(0x4000000, &(0x7f0000000040)="1110772e9118d81097a406f5750008b28be67ef0011bcaa612e84dc6950fa015", 0x20, &(0x7f0000000280), &(0x7f0000000300), &(0x7f0000000340)="999cddedc642f9d16b60e08e550af0331de32832f1be9a913df00e1438c3b438e7993dce0b5987fdc239df")
keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x8)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0}, 0x63}, 0x3, 0x0)
executing program 2:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cpu.max.burst\x00', 0x80302, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.7/usb8/power/active_duration\x00', 0xc8080, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
r2 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0225020000000800030080"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x20040004)
sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x5, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x5}, 0x3}, 0x40000204, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)=""/17, 0x11)
read$auto_cachefiles_daemon_fops_internal(r0, &(0x7f0000000000)=""/111, 0x6f)
sendfile$auto(r0, r0, 0x0, 0x3)
executing program 2:
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x11, 0x3, 0x9)
r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x2, 0x0)
write$auto_sg_fops_sg(r0, &(0x7f0000001380)="4a0200000000040000899edb615550fd8c44924d87f0010047eb02eff5d2adc245a4e1eded0e91b86c61b6b42ed6", 0x2e)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
r1 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x64)
fchdir$auto(r1)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r2)
io_uring_setup$auto(0x6, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mq_open$auto(&(0x7f0000000000)='.\xf1e4\xdf\x16\x95kxE\xd9x\x15\xb0\xf6V\x93\xb4E\x06\xc5}l', 0x400056a, 0x9, 0x0)
ftruncate$auto(0x3, 0x700)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
close_range$auto(0x2, 0xa, 0x0)
socket(0xa, 0x1, 0xff)
r3 = socket(0xa, 0x3, 0xff)
connect$auto(r3, &(0x7f00000018c0)=@generic={0xa}, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
madvise$auto(0x1ffff000, 0x7, 0x100000000)
mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2)
shmget$auto(0x8, 0x10563, 0x568d1af2)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
getpgid$auto(0x0)
shmctl$auto(0x0, 0x0, 0xfffffffffffffffd)
lsm_set_self_attr$auto(0x1, 0x0, 0x80, 0x0)
close_range$auto(0x2, 0xa, 0x0)
executing program 2:
mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x7ffd) (async)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
ioctl$auto(0xffffffffffffffff, 0x4, 0xffffffffffffffff) (async)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async, rerun: 32)
move_mount$auto(0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x77) (rerun: 32)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
socket(0x25, 0x1, 0x4) (async, rerun: 64)
syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 64)
socket(0x10, 0x2, 0xf) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async)
socket(0xa, 0x801, 0x106)
socket(0x2b, 0x1, 0x1) (async, rerun: 64)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) (async, rerun: 64)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv6/neigh/veth1/unres_qlen\x00', 0x382, 0x0) (async, rerun: 64)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080) (async, rerun: 32)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) (async, rerun: 32)
close_range$auto(0x2, 0x8, 0x0) (async)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
sendfile$auto(r0, r0, 0x0, 0x23f) (async)
setns(0xffffffffffffffff, 0x8000000) (async)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/sctp/rto_min\x00', 0xba45a641e375b9f1, 0x0)
sendfile$auto(r1, r1, 0x0, 0x1) (async)
r2 = socket(0xa, 0x5, 0x84)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x1fe, 0x8000)
r3 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r2)
sendmsg$auto_GTP_CMD_DELPDP(r2, &(0x7f00000001c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000125bd7000fcdbdf0d721a25010000000800020004000000080002001c0000000c0003000000000000000c0006000600040000000c00030003000000000000000c000300ff7f00000000000008000800800000006594b92500643918"], 0x58}, 0x1, 0x0, 0x0, 0x400}, 0x4040000)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x947, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0xfff, 0x7, 0x8001, 0x2, 0x5, 0x3, 0x40, 0x7, 0x0, 0x0, 0x6, 0x2, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd]}, 0x1fe, 0x81)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
modify_ldt$auto(0x1, &(0x7f00000001c0), 0x10)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001cc0)='/dev/input/event1\x00', 0x101242, 0x0)
ioctl$auto_EVIOCREVOKE(r0, 0x40044591, 0x0)
ioctl$auto_EVIOCGREP(r0, 0x80084503, 0x0)
socket(0x2, 0x1, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
msgrcv$auto(0x0, 0x0, 0x1000, 0x8000000000000000, 0xb5)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000)
mmap$auto(0x0, 0x1004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000)
r1 = semctl$auto(0x1ff, 0x100000001, 0x13, 0x9)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r2 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r2, 0x107, 0x12, 0x0, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYRESHEX=r1, @ANYRES8=r1, @ANYRES16=r1, @ANYRES8=r1, @ANYRES8=r2, @ANYRESOCT=r1, @ANYRES64=r1, @ANYBLOB="56f826c0", @ANYBLOB], 0x1ac}}, 0x40000)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x181881, 0x0)
signalfd$auto(0x4, 0x0, 0x8)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/arch_status\x00', 0x80300, 0x0)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card1/pcm0c/sub3/info\x00', 0x1a3443, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000140), 0x80200, 0x0)
io_uring_setup$auto(0x40000002c55, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0)
executing program 1:
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/traceSMB\x00', 0x0, 0x0)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(0x3, 0x0, 0x1f40)
r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f00000004c0), 0x2202, 0x0)
ioctl$auto_USB_RAW_IOCTL_EP0_WRITE(r0, 0x40085503, &(0x7f0000000600)={0xd, 0x0, 0x3})
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x6, &(0x7f0000000000)={0x0, 0xfc6}, 0x6, 0x0, 0x7, 0xa505}, 0x800}, 0x80000000, 0x4008)
recvmsg$auto(0xffffffffffffffff, 0x0, 0x6)
writev$auto(0xca, 0x0, 0x2000000000000003)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event0\x00', 0x2, 0x0)
io_uring_setup$auto(0xc, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x30}, 0x1)
close_range$auto(0x2, 0xa, 0x0)
socketpair$auto(0x1, 0x4, 0x4, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/stack\x00', 0x8a1940, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000)
io_uring_setup$auto(0x6, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0xc0000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2a, 0x2, 0xb)
mmap$auto(0x1, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xffffeffe, 0x2)
pipe$auto(0x0)
executing program 1:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
mq_unlink$auto(0x0)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 3:
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0)
ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000840)="12915fb9d5")
r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/v4l-subdev7\x00', 0x0, 0x0)
mmap$auto(0x8, 0x4020009, 0xdf, 0xeb1, r1, 0x6)
socket(0xa, 0x801, 0x106)
mmap$auto(0x0, 0x400009, 0xdf, 0x1800000000010, r1, 0x8000)
pipe$auto(0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = io_uring_setup$auto(0x811, 0x0)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
ioctl$auto(0x3, 0xc10c5541, r2)
mmap$auto(0x0, 0x2, 0xe2, 0x9b72, 0x7, 0x28000)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$auto(0x8000000000000024, 0xfffffffffffffffc, 0x0)
r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/kcore\x00', 0xc40, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r3, 0x0, 0x4d)
ioctl$auto(0x3, 0xc0285628, 0x38)
executing program 3:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input0/inhibited\x00', 0x20b42, 0x0)
r1 = io_uring_setup$auto(0xa, 0x0)
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0x7, 0x1020, 0x202, 0x10001, 0x8, r1, [], {0x6, 0x6, 0x8c48, 0x4, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0x100, 0x10000009, 0x52, 0x1, 0x1, 0x40, 0x76c4, 0x80008, 0x5}})
ioctl$auto_BCH_IOCTL_DISK_RESIZE(r1, 0x4018bc0e, &(0x7f0000000000)={0x3552, 0x0, 0x80, 0xb730})
write$auto(r0, &(0x7f0000000640)='1\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\x05\x00\x00\x00\x00\x00\x00\x00\x9c\x8a\xe2\xc7cOM\xb6\xa3\x10!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea\xa3\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z`\xfd\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f\x9b(\x82,W\xa3\b\xf3\x9d_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xe8\xe9u\x9f\xdeK\xa5\x06\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96#`\xe7\xd5Y\a\xc1\xe9(V\xbe\f\x9c\x9d!\xea\x96=\xd8N\xe1~\xc5\xbaJk+\x91\xc3\xaa\xde;c\xbd\xd7\x94|45\xcd\x11\xea\xe5C\x99\x98\xca\x96V\x9c\xd9\x11\x048\x8d\xab\x84zJA\xdb[\xb7\x18\x1c,P\x8d\xb37\xb2N\x9c\xc9G]\xaa\xfd~\x86\xd3y\xc6\x87\xb2\xb1\xa9]\x83\xc6\xf1\xf2T\xd3+\x1e\n\xa8g\xcf\x17\xc7\xbdhpA\xdd\xd8\xce\x19\fU\xbfl;x\x98{1:\xe7\xbb(s\xf5\xa3\xe3\xc7\f\xf0\xc7\xfe\x1e[\xaeb\xf9\xdc\x91^I\xb6\x9e\xabi\x8c\x87c\xbd\xe6\"6\t,\xcf\xf6\xa7\xe0\xb6<\xb2\xa2\xef\xeb\xba6y\xe0FT\x1f8\r\x97b\x97\xef\xac\xf6\xcc\x1a\x98Y\'z\xbfR\x1aS\xc1\x01\xac3\xbe\xb0E\xc1\x13\x16\xeb\x10\xce\xc5\xfc>Ym\xde\xa7\x19\\}\xd3\x17yc\xc3\x13\xed\xee\xe6\xdaJ\xfd\x90\xbf/\xf2\x9f-\xb1\xf5\xbd\xa32\xa3\xc8\xbe( \x9a\xd73\xcb\x87}b\xa7\x97\x18M\xf60\xad\xd0\xceV+\x02S$yq\x92mG:\xa7eA\xfe0\x1ao\xa9{\x06>\x05]\xfe:\xba\x96\x92\x91\xb3\x8a\xa5\xbd\xff\xbf.\xbdZ\xa1\x8d\x0f\x80d\x04N\xa9\xd9\x16\x93~\xbd\xbcr\xbb>r\x9d\x9aX\x91\xe4\xe1\xa9{\x13\x140\x9ax\xe8\xe8\xf1\xafz\xb0\x1erR&1\xaez\xa8J\x8d\xec|}\xfd\xb5\xce\x87\a\xf7YB\rv\"\xcf\xafno!,S4\xca \x94q_\x00R<\x03\xfd]vS\xa9\x8dG~\xee\xed\xce\x86\x80\xeb\xde\xac\'\x04A\xd5\x9d\xa9\x12%\xbe:\xb5\x92\xe8\xb8\xa9\xc9>\x89\x9d', 0x40000000004)
executing program 1:
mmap$auto(0x0, 0x2020006, 0x1000000000000007, 0xeb1, 0x0, 0x1008000)
r0 = socket(0xa, 0x80803, 0x6)
bind$auto(r0, &(0x7f0000000040)=@generic={0xa, "2c551d000000fe8000"}, 0x66)
close_range$auto(0x2, 0x8, 0x0)
r1 = socket(0x2, 0x3, 0x6)
r2 = socket(0x2, 0x2, 0x88)
sendmsg$auto_CGROUPSTATS_CMD_GET(0xffffffffffffffff, 0x0, 0x4080)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000000c0), r2)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x54, r3, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@ETHTOOL_A_CHANNELS_HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan1\x00'}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000040}, 0x8051)
sendmsg$auto_NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x54}, 0x1, 0x0, 0x0, 0x2000000}, 0x24004804)
io_setup$auto(0x5, 0xffffffffffffffff)
io_uring_register$auto(r2, 0x5, &(0x7f0000000280)="976d955a5a2cb4bfdda18f211e3dfcc3e74f46dd36a907101e482d4de729fd8ed035e960a1b83def29a383a6a584eeffc0277dfa09076b5b860da10e06bd972c53", 0x2b7)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
executing program 3:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
socket(0x2, 0x1, 0x0)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
open(0x0, 0x22240, 0x155)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x182400, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_MODULE_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r1, 0x2497a7476db46aa9, 0x70bd25, 0x25dfdbfc, {}, [@ETHTOOL_A_MODULE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x18000}, 0x1000000)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x1, 0x0)
setsockopt$auto(0x6, 0x8000000000000006, 0x1b, 0x0, 0x7ffffc)
executing program 2:
r0 = socket(0xa, 0x1, 0x84)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/devices/virtual/net/bond0/bonding/arp_validate\x00', 0x20042, 0x0)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
r1 = clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x60282, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
msgctl$auto_IPC_INFO(0x44, 0x3, &(0x7f00000001c0)={{0x0, 0x0, 0x0, 0x2, 0x57e, 0xffff8001}, 0x0, 0x0, 0x0, 0x9, 0x400, 0xfffffffffffffff9, 0x2, 0x18, 0x0, 0xfff8, @inferred=r1, @inferred=r1})
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, 0x0)
write$auto(r0, 0x0, 0x809b9)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x10000, 0xf4, 0xa, 0xeb1, 0x401, 0x5)
syz_clone3(&(0x7f0000000100)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58)
mmap$auto(0x8001, 0xff, 0x80000001, 0x1010, 0xffffffffffffffff, 0x28000)
r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000b80)='/proc/sys/kernel/kptr_restrict\x00', 0x202, 0x0)
mmap$auto(0x100000000000000, 0x6, 0xe4, 0x9b7e, r3, 0x28000)
r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/sctp/auth_enable\x00', 0x100, 0x0)
read$auto_proc_sys_file_operations_proc_sysctl(r4, 0x0, 0x0)
mmap$auto(0x800000000, 0x6, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000000), 0xa480, 0x0)
readv$auto(0x3, &(0x7f0000000280)={0x0, 0x40000f7}, 0x87)
read$auto(r3, 0x0, 0xb5)
write$auto(0x3, 0x0, 0xfdef)
rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0xfffffffffffffff0, 0x6, 0x20000006, 0x2}, 0x8000, 0x0, 0x6)
inotify_add_watch$auto(r0, &(0x7f0000000000)='./file0\x00', 0x4)
bpf$auto(0x8000000000000020, 0xffffffffffffffff, 0x0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp1\x00', 0x81, 0x0)
executing program 3:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
capset$auto(&(0x7f0000000180)={0x19980330}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
quotactl$auto(0x2, &(0x7f0000000040)='/dev/sda1\x00', 0x62a0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_gtp(&(0x7f0000002f80), r1)
sendmsg$auto_GTP_CMD_NEWPDP(r0, &(0x7f0000003080)={0x0, 0x0, &(0x7f0000003040)={&(0x7f0000000340)=ANY=[@ANYBLOB="3400a265c44acc690002", @ANYRES16=r2, @ANYBLOB="05002bbd7000fddbdf25000000000800010005000000080002000100000008000800060000000800090001040000"], 0x34}, 0x1, 0x0, 0x0, 0x4c000}, 0x80)
r3 = semctl$auto_GETPID(0x9, 0x200, 0xb, 0x5)
shmctl$auto_IPC_SET(0x0, 0x1, &(0x7f00000001c0)={{0xfe, 0x0, 0xee01, 0x3ff, 0xea, 0x3, 0x2006}, 0x4cf, 0x1, 0x2f4, 0x7, @inferred=r3, @inferred=<r4=>r3, 0x2, 0x0, 0x0, 0x0})
r5 = socket(0xa, 0x1, 0x100)
ioperm$auto(0x7, 0x5ad2, 0x8)
modify_ldt$auto(0x1, 0x0, 0x10)
ioctl$auto_USBDEVFS_ALLOW_SUSPEND(0xffffffffffffffff, 0x5522, 0x0)
openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
pread64$auto(r5, &(0x7f00000001c0)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x100, 0x0)
r6 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
socket(0x21, 0x3, 0x9)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000200), 0xffffffffffffffff)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0x1d, 0x8fd6, 0x400000000000948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r7, &(0x7f0000000700)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)={0x344, 0x0, 0x300, 0x70bd27, 0x25dfdbfc, {}, [@OVS_PACKET_ATTR_HASH={0xc, 0xb, 0x80}, @OVS_PACKET_ATTR_KEY={0xc, 0x2, 0x0, 0x1, [@typed={0x8, 0x131, 0x0, 0x0, @pid=r4}]}, @OVS_PACKET_ATTR_ACTIONS={0x317, 0x3, 0x0, 0x1, [@nested={0x191, 0x147, 0x0, 0x1, [@typed={0xa6, 0xe2, 0x0, 0x0, @binary="2781a7d5ebd3b10f058880c5c58afeb71f21596f8cd38d0c47d8df61abb64aa83710bcaaa5287efbab14d3ca5734c51fa7b90042f84664a42ab8a0071c2ee2c5f87113fc63b887e37b5010cd33d581e2b1d63ae3bdaeb7f4fd80b8c22296f6f158e14cb221d44348c31fa97315d7d540284393ff656bf10516ccb5038d9389623bd5bffb9b7cac13797645e101d774c14ea9337c1b541bc85ac8328cd2a7c58af186"}, @typed={0x4, 0x103}, @nested={0x4, 0x39}, @generic="dce611693dab53eddacb49055fa8fc3a1fc086e18d5c8c6f76aafaead2fea74251a94d0c1954f321756a12655666d5fa45765c159f09afa908385df5f580144d6a96e5029973daaf91bc0cce67aa823a54c8aa9ac22ca726290a7a5ea5557caac3592c2e97668cd562046718d91e9c3a30591c3b5216911048db5af188c7664d04d2e9e9886e5ec0bfd383738c0d0bbcf096020c120e7b19aecd22b25d582e2247750ed0c8aba709c6a5afcec81f39cf1275d5b43a512c", @nested={0x4, 0x6a}, @generic="9e24a8a50346b232787817af21c155ea60383614521956d12d43ebc84a31", @nested={0x4, 0x1f}]}, @typed={0x102, 0xc, 0x0, 0x0, @binary="dd3462c4de9a85b52f13d3c274a86ee7ade75f11033399f6539e15156f97b46d8b411c022ec2c9ab65673f0703e013a72acdc1334896ff809c1607fa4d1225185822bd6a9732636d9c6275e1fd1e630a024736b1aba231072799ebac66ec11e29db988a172e2a5dedc81f371221d8972e6e214c79363136225c706290d141d1a49bd4158011bc2ef3ecc14402746f32e5d949e68277aaf71a5b86c2516b38eb291db6ab41c1797fcde745820697c7a8792d3489cdd1084866a725cf976ff2ff57ab89d54afe666ff8e2110c5c9653df6a2bec941ccc4d73e2bc5d3e50caba38b757a67a9a4d03a71066ae9d3fb08a76727a877022634f43902bd0dd4b394"}, @nested={0x17, 0x65, 0x0, 0x1, [@generic="7d9f6e18fe42a054c9f5663bb8bda7", @nested={0x4, 0x109}]}, @generic="e7e9a69637cb898afc38370e0492f567988fbe316f38b51b3430069fe57d94c04aad11485b9b714c9300538beb6086d53ff114b0745cff8f0bd2709f4a556327", @generic="9b15fefe511c89d66bc670c95fdb1b34ee2e1c868588cd372c5d90e30e6291a6d3e161"]}]}, 0x344}, 0x1, 0x0, 0x0, 0x20000000}, 0x800)
write$auto(r6, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x2]}, 0x0)
mmap$auto(0x83, 0x0, 0x6945, 0xeb1, 0x405, 0x8000)
write$auto(0x3, 0x0, 0xffd8)
unshare$auto(0x40000080)
executing program 1:
mmap$auto(0x100000000, 0x4, 0x0, 0x400ebf, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fs/ext4/sda1/mb_stats\x00', 0x88000, 0x0)
pread64$auto(r0, 0x0, 0x20, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
getpid()
ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0)
r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
r2 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0)
readv$auto(r2, &(0x7f0000000680)={0x0, 0x40200}, 0x3)
ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, 0x0)
ppoll$auto(&(0x7f0000000000)={r1, 0x40}, 0x2, 0x0, 0x0, 0x8)
ioctl$auto_SNDCTL_DSP_SYNC(r1, 0x5001, 0xfffffffffffffffc)
modify_ldt$auto(0x1, 0x0, 0x10)
pread64$auto(r1, &(0x7f0000000080)='/dev/cpu/0/cpuid\x00', 0x8, 0x2)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/lru_gen_full\x00', 0x0, 0x0)
pread64$auto(r3, &(0x7f0000000040)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x7ff, 0x400)
inotify_rm_watch$auto(r2, 0x8001)
r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
getpid()
prctl$auto(0x3e, 0x564c, 0x0, 0x4, 0x400002)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0)
write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x201, 0x7, 0x9, 0x1, 0x948b, 0x2, 0x15f4da0a, 0x3, 0x3, 0x1000062, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2000000000002, 0x6]}, 0x0)
mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000)
write$auto(0x3, 0x0, 0xffd8)
unshare$auto(0x40000080)
openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs1\x00', 0x48080, 0x0)
fcntl$auto(0x3, 0x4, 0xa553)
process_mrelease$auto(0xffffffffffffffff, 0x0)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
bisect: the chunk can be dropped
bisect: testing without sub-chunk 3/3
testing program (duration=32s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [27, 11, 30, 30, 30, 29, 5, 25, 30]
detailed listing:
executing program 2:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x3, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x800)
bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x8000007, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3)
sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/fuse/parameters/max_user_bgreq\x00', 0x1f2382, 0x0)
sendfile$auto(r0, r0, 0x0, 0x7fff)
sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0)
pidfd_send_signal$auto_PIDFD_SELF_THREAD_GROUP(0xffffffffffffb1e0, 0x4, &(0x7f00000000c0)={@siginfo_0_0={0xa, 0xb92, 0x9}}, 0x4)
r1 = socket(0xa, 0x5, 0x84)
sendto$auto(r1, 0x0, 0x401, 0x101, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fb8000"}, 0x1c)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000)
mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0x1e, 0x1, 0x0)
socket(0x28, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2b, 0x1, 0x1)
pipe2$auto(0x0, 0x80)
keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8)
socket(0x2, 0x3, 0xa)
pipe2$auto(0x0, 0x80)
syz_clone(0x4000000, &(0x7f0000000040)="1110772e9118d81097a406f5750008b28be67ef0011bcaa612e84dc6950fa015", 0x20, &(0x7f0000000280), &(0x7f0000000300), &(0x7f0000000340)="999cddedc642f9d16b60e08e550af0331de32832f1be9a913df00e1438c3b438e7993dce0b5987fdc239df")
keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x8)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0}, 0x63}, 0x3, 0x0)
executing program 2:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cpu.max.burst\x00', 0x80302, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.7/usb8/power/active_duration\x00', 0xc8080, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
r2 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0225020000000800030080"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x20040004)
sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x5, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x5}, 0x3}, 0x40000204, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)=""/17, 0x11)
read$auto_cachefiles_daemon_fops_internal(r0, &(0x7f0000000000)=""/111, 0x6f)
sendfile$auto(r0, r0, 0x0, 0x3)
executing program 2:
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x11, 0x3, 0x9)
r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x2, 0x0)
write$auto_sg_fops_sg(r0, &(0x7f0000001380)="4a0200000000040000899edb615550fd8c44924d87f0010047eb02eff5d2adc245a4e1eded0e91b86c61b6b42ed6", 0x2e)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
r1 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x64)
fchdir$auto(r1)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r2)
io_uring_setup$auto(0x6, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mq_open$auto(&(0x7f0000000000)='.\xf1e4\xdf\x16\x95kxE\xd9x\x15\xb0\xf6V\x93\xb4E\x06\xc5}l', 0x400056a, 0x9, 0x0)
ftruncate$auto(0x3, 0x700)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
close_range$auto(0x2, 0xa, 0x0)
socket(0xa, 0x1, 0xff)
r3 = socket(0xa, 0x3, 0xff)
connect$auto(r3, &(0x7f00000018c0)=@generic={0xa}, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
madvise$auto(0x1ffff000, 0x7, 0x100000000)
mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2)
shmget$auto(0x8, 0x10563, 0x568d1af2)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
getpgid$auto(0x0)
shmctl$auto(0x0, 0x0, 0xfffffffffffffffd)
lsm_set_self_attr$auto(0x1, 0x0, 0x80, 0x0)
close_range$auto(0x2, 0xa, 0x0)
executing program 2:
mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x7ffd) (async)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
ioctl$auto(0xffffffffffffffff, 0x4, 0xffffffffffffffff) (async)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async, rerun: 32)
move_mount$auto(0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x77) (rerun: 32)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
socket(0x25, 0x1, 0x4) (async, rerun: 64)
syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 64)
socket(0x10, 0x2, 0xf) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async)
socket(0xa, 0x801, 0x106)
socket(0x2b, 0x1, 0x1) (async, rerun: 64)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) (async, rerun: 64)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv6/neigh/veth1/unres_qlen\x00', 0x382, 0x0) (async, rerun: 64)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080) (async, rerun: 32)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) (async, rerun: 32)
close_range$auto(0x2, 0x8, 0x0) (async)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
sendfile$auto(r0, r0, 0x0, 0x23f) (async)
setns(0xffffffffffffffff, 0x8000000) (async)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/sctp/rto_min\x00', 0xba45a641e375b9f1, 0x0)
sendfile$auto(r1, r1, 0x0, 0x1) (async)
r2 = socket(0xa, 0x5, 0x84)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x1fe, 0x8000)
r3 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r2)
sendmsg$auto_GTP_CMD_DELPDP(r2, &(0x7f00000001c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000125bd7000fcdbdf0d721a25010000000800020004000000080002001c0000000c0003000000000000000c0006000600040000000c00030003000000000000000c000300ff7f00000000000008000800800000006594b92500643918"], 0x58}, 0x1, 0x0, 0x0, 0x400}, 0x4040000)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x947, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0xfff, 0x7, 0x8001, 0x2, 0x5, 0x3, 0x40, 0x7, 0x0, 0x0, 0x6, 0x2, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd]}, 0x1fe, 0x81)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
modify_ldt$auto(0x1, &(0x7f00000001c0), 0x10)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001cc0)='/dev/input/event1\x00', 0x101242, 0x0)
ioctl$auto_EVIOCREVOKE(r0, 0x40044591, 0x0)
ioctl$auto_EVIOCGREP(r0, 0x80084503, 0x0)
socket(0x2, 0x1, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
msgrcv$auto(0x0, 0x0, 0x1000, 0x8000000000000000, 0xb5)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000)
mmap$auto(0x0, 0x1004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000)
r1 = semctl$auto(0x1ff, 0x100000001, 0x13, 0x9)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r2 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r2, 0x107, 0x12, 0x0, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYRESHEX=r1, @ANYRES8=r1, @ANYRES16=r1, @ANYRES8=r1, @ANYRES8=r2, @ANYRESOCT=r1, @ANYRES64=r1, @ANYBLOB="56f826c0", @ANYBLOB], 0x1ac}}, 0x40000)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x181881, 0x0)
signalfd$auto(0x4, 0x0, 0x8)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/arch_status\x00', 0x80300, 0x0)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card1/pcm0c/sub3/info\x00', 0x1a3443, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000140), 0x80200, 0x0)
io_uring_setup$auto(0x40000002c55, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0)
executing program 1:
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/traceSMB\x00', 0x0, 0x0)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(0x3, 0x0, 0x1f40)
r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f00000004c0), 0x2202, 0x0)
ioctl$auto_USB_RAW_IOCTL_EP0_WRITE(r0, 0x40085503, &(0x7f0000000600)={0xd, 0x0, 0x3})
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x6, &(0x7f0000000000)={0x0, 0xfc6}, 0x6, 0x0, 0x7, 0xa505}, 0x800}, 0x80000000, 0x4008)
recvmsg$auto(0xffffffffffffffff, 0x0, 0x6)
writev$auto(0xca, 0x0, 0x2000000000000003)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event0\x00', 0x2, 0x0)
io_uring_setup$auto(0xc, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x30}, 0x1)
close_range$auto(0x2, 0xa, 0x0)
socketpair$auto(0x1, 0x4, 0x4, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/stack\x00', 0x8a1940, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000)
io_uring_setup$auto(0x6, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0xc0000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2a, 0x2, 0xb)
mmap$auto(0x1, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xffffeffe, 0x2)
pipe$auto(0x0)
executing program 1:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
mq_unlink$auto(0x0)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <8>
bisect: split chunk #0 of len 8 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [30, 29, 5, 25, 30]
detailed listing:
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x947, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0xfff, 0x7, 0x8001, 0x2, 0x5, 0x3, 0x40, 0x7, 0x0, 0x0, 0x6, 0x2, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd]}, 0x1fe, 0x81)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
modify_ldt$auto(0x1, &(0x7f00000001c0), 0x10)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001cc0)='/dev/input/event1\x00', 0x101242, 0x0)
ioctl$auto_EVIOCREVOKE(r0, 0x40044591, 0x0)
ioctl$auto_EVIOCGREP(r0, 0x80084503, 0x0)
socket(0x2, 0x1, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
msgrcv$auto(0x0, 0x0, 0x1000, 0x8000000000000000, 0xb5)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000)
mmap$auto(0x0, 0x1004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000)
r1 = semctl$auto(0x1ff, 0x100000001, 0x13, 0x9)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r2 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r2, 0x107, 0x12, 0x0, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYRESHEX=r1, @ANYRES8=r1, @ANYRES16=r1, @ANYRES8=r1, @ANYRES8=r2, @ANYRESOCT=r1, @ANYRES64=r1, @ANYBLOB="56f826c0", @ANYBLOB], 0x1ac}}, 0x40000)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x181881, 0x0)
signalfd$auto(0x4, 0x0, 0x8)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/arch_status\x00', 0x80300, 0x0)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card1/pcm0c/sub3/info\x00', 0x1a3443, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000140), 0x80200, 0x0)
io_uring_setup$auto(0x40000002c55, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0)
executing program 1:
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/traceSMB\x00', 0x0, 0x0)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(0x3, 0x0, 0x1f40)
r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f00000004c0), 0x2202, 0x0)
ioctl$auto_USB_RAW_IOCTL_EP0_WRITE(r0, 0x40085503, &(0x7f0000000600)={0xd, 0x0, 0x3})
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x6, &(0x7f0000000000)={0x0, 0xfc6}, 0x6, 0x0, 0x7, 0xa505}, 0x800}, 0x80000000, 0x4008)
recvmsg$auto(0xffffffffffffffff, 0x0, 0x6)
writev$auto(0xca, 0x0, 0x2000000000000003)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event0\x00', 0x2, 0x0)
io_uring_setup$auto(0xc, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x30}, 0x1)
close_range$auto(0x2, 0xa, 0x0)
socketpair$auto(0x1, 0x4, 0x4, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/stack\x00', 0x8a1940, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000)
io_uring_setup$auto(0x6, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0xc0000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2a, 0x2, 0xb)
mmap$auto(0x1, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xffffeffe, 0x2)
pipe$auto(0x0)
executing program 1:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
mq_unlink$auto(0x0)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [27, 11, 30, 30, 30]
detailed listing:
executing program 2:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x3, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x800)
bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x8000007, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3)
sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/fuse/parameters/max_user_bgreq\x00', 0x1f2382, 0x0)
sendfile$auto(r0, r0, 0x0, 0x7fff)
sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0)
pidfd_send_signal$auto_PIDFD_SELF_THREAD_GROUP(0xffffffffffffb1e0, 0x4, &(0x7f00000000c0)={@siginfo_0_0={0xa, 0xb92, 0x9}}, 0x4)
r1 = socket(0xa, 0x5, 0x84)
sendto$auto(r1, 0x0, 0x401, 0x101, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fb8000"}, 0x1c)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000)
mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0x1e, 0x1, 0x0)
socket(0x28, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2b, 0x1, 0x1)
pipe2$auto(0x0, 0x80)
keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8)
socket(0x2, 0x3, 0xa)
pipe2$auto(0x0, 0x80)
syz_clone(0x4000000, &(0x7f0000000040)="1110772e9118d81097a406f5750008b28be67ef0011bcaa612e84dc6950fa015", 0x20, &(0x7f0000000280), &(0x7f0000000300), &(0x7f0000000340)="999cddedc642f9d16b60e08e550af0331de32832f1be9a913df00e1438c3b438e7993dce0b5987fdc239df")
keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x8)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0}, 0x63}, 0x3, 0x0)
executing program 2:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cpu.max.burst\x00', 0x80302, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.7/usb8/power/active_duration\x00', 0xc8080, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
r2 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0225020000000800030080"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x20040004)
sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x5, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x5}, 0x3}, 0x40000204, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)=""/17, 0x11)
read$auto_cachefiles_daemon_fops_internal(r0, &(0x7f0000000000)=""/111, 0x6f)
sendfile$auto(r0, r0, 0x0, 0x3)
executing program 2:
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x11, 0x3, 0x9)
r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x2, 0x0)
write$auto_sg_fops_sg(r0, &(0x7f0000001380)="4a0200000000040000899edb615550fd8c44924d87f0010047eb02eff5d2adc245a4e1eded0e91b86c61b6b42ed6", 0x2e)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
r1 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x64)
fchdir$auto(r1)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r2)
io_uring_setup$auto(0x6, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mq_open$auto(&(0x7f0000000000)='.\xf1e4\xdf\x16\x95kxE\xd9x\x15\xb0\xf6V\x93\xb4E\x06\xc5}l', 0x400056a, 0x9, 0x0)
ftruncate$auto(0x3, 0x700)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
close_range$auto(0x2, 0xa, 0x0)
socket(0xa, 0x1, 0xff)
r3 = socket(0xa, 0x3, 0xff)
connect$auto(r3, &(0x7f00000018c0)=@generic={0xa}, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
madvise$auto(0x1ffff000, 0x7, 0x100000000)
mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2)
shmget$auto(0x8, 0x10563, 0x568d1af2)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
getpgid$auto(0x0)
shmctl$auto(0x0, 0x0, 0xfffffffffffffffd)
lsm_set_self_attr$auto(0x1, 0x0, 0x80, 0x0)
close_range$auto(0x2, 0xa, 0x0)
executing program 2:
mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x7ffd) (async)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
ioctl$auto(0xffffffffffffffff, 0x4, 0xffffffffffffffff) (async)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async, rerun: 32)
move_mount$auto(0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x77) (rerun: 32)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
socket(0x25, 0x1, 0x4) (async, rerun: 64)
syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 64)
socket(0x10, 0x2, 0xf) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async)
socket(0xa, 0x801, 0x106)
socket(0x2b, 0x1, 0x1) (async, rerun: 64)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) (async, rerun: 64)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv6/neigh/veth1/unres_qlen\x00', 0x382, 0x0) (async, rerun: 64)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080) (async, rerun: 32)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) (async, rerun: 32)
close_range$auto(0x2, 0x8, 0x0) (async)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
sendfile$auto(r0, r0, 0x0, 0x23f) (async)
setns(0xffffffffffffffff, 0x8000000) (async)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/sctp/rto_min\x00', 0xba45a641e375b9f1, 0x0)
sendfile$auto(r1, r1, 0x0, 0x1) (async)
r2 = socket(0xa, 0x5, 0x84)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x1fe, 0x8000)
r3 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r2)
sendmsg$auto_GTP_CMD_DELPDP(r2, &(0x7f00000001c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000125bd7000fcdbdf0d721a25010000000800020004000000080002001c0000000c0003000000000000000c0006000600040000000c00030003000000000000000c000300ff7f00000000000008000800800000006594b92500643918"], 0x58}, 0x1, 0x0, 0x0, 0x400}, 0x4040000)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program did not crash
bisect: split chunks (needed=true): <4>, <4>
bisect: split chunk #0 of len 4 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [30, 30, 30, 29, 5, 25, 30]
detailed listing:
executing program 2:
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x11, 0x3, 0x9)
r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x2, 0x0)
write$auto_sg_fops_sg(r0, &(0x7f0000001380)="4a0200000000040000899edb615550fd8c44924d87f0010047eb02eff5d2adc245a4e1eded0e91b86c61b6b42ed6", 0x2e)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
r1 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x64)
fchdir$auto(r1)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r2)
io_uring_setup$auto(0x6, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mq_open$auto(&(0x7f0000000000)='.\xf1e4\xdf\x16\x95kxE\xd9x\x15\xb0\xf6V\x93\xb4E\x06\xc5}l', 0x400056a, 0x9, 0x0)
ftruncate$auto(0x3, 0x700)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
close_range$auto(0x2, 0xa, 0x0)
socket(0xa, 0x1, 0xff)
r3 = socket(0xa, 0x3, 0xff)
connect$auto(r3, &(0x7f00000018c0)=@generic={0xa}, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
madvise$auto(0x1ffff000, 0x7, 0x100000000)
mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2)
shmget$auto(0x8, 0x10563, 0x568d1af2)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
getpgid$auto(0x0)
shmctl$auto(0x0, 0x0, 0xfffffffffffffffd)
lsm_set_self_attr$auto(0x1, 0x0, 0x80, 0x0)
close_range$auto(0x2, 0xa, 0x0)
executing program 2:
mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x7ffd) (async)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
ioctl$auto(0xffffffffffffffff, 0x4, 0xffffffffffffffff) (async)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async, rerun: 32)
move_mount$auto(0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x77) (rerun: 32)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
socket(0x25, 0x1, 0x4) (async, rerun: 64)
syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 64)
socket(0x10, 0x2, 0xf) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async)
socket(0xa, 0x801, 0x106)
socket(0x2b, 0x1, 0x1) (async, rerun: 64)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) (async, rerun: 64)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv6/neigh/veth1/unres_qlen\x00', 0x382, 0x0) (async, rerun: 64)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080) (async, rerun: 32)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) (async, rerun: 32)
close_range$auto(0x2, 0x8, 0x0) (async)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
sendfile$auto(r0, r0, 0x0, 0x23f) (async)
setns(0xffffffffffffffff, 0x8000000) (async)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/sctp/rto_min\x00', 0xba45a641e375b9f1, 0x0)
sendfile$auto(r1, r1, 0x0, 0x1) (async)
r2 = socket(0xa, 0x5, 0x84)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x1fe, 0x8000)
r3 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r2)
sendmsg$auto_GTP_CMD_DELPDP(r2, &(0x7f00000001c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000125bd7000fcdbdf0d721a25010000000800020004000000080002001c0000000c0003000000000000000c0006000600040000000c00030003000000000000000c000300ff7f00000000000008000800800000006594b92500643918"], 0x58}, 0x1, 0x0, 0x0, 0x400}, 0x4040000)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x947, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0xfff, 0x7, 0x8001, 0x2, 0x5, 0x3, 0x40, 0x7, 0x0, 0x0, 0x6, 0x2, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd]}, 0x1fe, 0x81)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
modify_ldt$auto(0x1, &(0x7f00000001c0), 0x10)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001cc0)='/dev/input/event1\x00', 0x101242, 0x0)
ioctl$auto_EVIOCREVOKE(r0, 0x40044591, 0x0)
ioctl$auto_EVIOCGREP(r0, 0x80084503, 0x0)
socket(0x2, 0x1, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
msgrcv$auto(0x0, 0x0, 0x1000, 0x8000000000000000, 0xb5)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000)
mmap$auto(0x0, 0x1004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000)
r1 = semctl$auto(0x1ff, 0x100000001, 0x13, 0x9)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r2 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r2, 0x107, 0x12, 0x0, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYRESHEX=r1, @ANYRES8=r1, @ANYRES16=r1, @ANYRES8=r1, @ANYRES8=r2, @ANYRESOCT=r1, @ANYRES64=r1, @ANYBLOB="56f826c0", @ANYBLOB], 0x1ac}}, 0x40000)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x181881, 0x0)
signalfd$auto(0x4, 0x0, 0x8)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/arch_status\x00', 0x80300, 0x0)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card1/pcm0c/sub3/info\x00', 0x1a3443, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000140), 0x80200, 0x0)
io_uring_setup$auto(0x40000002c55, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0)
executing program 1:
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/traceSMB\x00', 0x0, 0x0)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(0x3, 0x0, 0x1f40)
r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f00000004c0), 0x2202, 0x0)
ioctl$auto_USB_RAW_IOCTL_EP0_WRITE(r0, 0x40085503, &(0x7f0000000600)={0xd, 0x0, 0x3})
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x6, &(0x7f0000000000)={0x0, 0xfc6}, 0x6, 0x0, 0x7, 0xa505}, 0x800}, 0x80000000, 0x4008)
recvmsg$auto(0xffffffffffffffff, 0x0, 0x6)
writev$auto(0xca, 0x0, 0x2000000000000003)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event0\x00', 0x2, 0x0)
io_uring_setup$auto(0xc, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x30}, 0x1)
close_range$auto(0x2, 0xa, 0x0)
socketpair$auto(0x1, 0x4, 0x4, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/stack\x00', 0x8a1940, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000)
io_uring_setup$auto(0x6, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0xc0000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2a, 0x2, 0xb)
mmap$auto(0x1, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xffffeffe, 0x2)
pipe$auto(0x0)
executing program 1:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
mq_unlink$auto(0x0)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [27, 11, 30, 29, 5, 25, 30]
detailed listing:
executing program 2:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x3, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x800)
bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x8000007, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3)
sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/fuse/parameters/max_user_bgreq\x00', 0x1f2382, 0x0)
sendfile$auto(r0, r0, 0x0, 0x7fff)
sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0)
pidfd_send_signal$auto_PIDFD_SELF_THREAD_GROUP(0xffffffffffffb1e0, 0x4, &(0x7f00000000c0)={@siginfo_0_0={0xa, 0xb92, 0x9}}, 0x4)
r1 = socket(0xa, 0x5, 0x84)
sendto$auto(r1, 0x0, 0x401, 0x101, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fb8000"}, 0x1c)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000)
mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0x1e, 0x1, 0x0)
socket(0x28, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2b, 0x1, 0x1)
pipe2$auto(0x0, 0x80)
keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8)
socket(0x2, 0x3, 0xa)
pipe2$auto(0x0, 0x80)
syz_clone(0x4000000, &(0x7f0000000040)="1110772e9118d81097a406f5750008b28be67ef0011bcaa612e84dc6950fa015", 0x20, &(0x7f0000000280), &(0x7f0000000300), &(0x7f0000000340)="999cddedc642f9d16b60e08e550af0331de32832f1be9a913df00e1438c3b438e7993dce0b5987fdc239df")
keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x8)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0}, 0x63}, 0x3, 0x0)
executing program 2:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cpu.max.burst\x00', 0x80302, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.7/usb8/power/active_duration\x00', 0xc8080, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
r2 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0225020000000800030080"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x20040004)
sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x5, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x5}, 0x3}, 0x40000204, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)=""/17, 0x11)
read$auto_cachefiles_daemon_fops_internal(r0, &(0x7f0000000000)=""/111, 0x6f)
sendfile$auto(r0, r0, 0x0, 0x3)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x947, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0xfff, 0x7, 0x8001, 0x2, 0x5, 0x3, 0x40, 0x7, 0x0, 0x0, 0x6, 0x2, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd]}, 0x1fe, 0x81)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
modify_ldt$auto(0x1, &(0x7f00000001c0), 0x10)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001cc0)='/dev/input/event1\x00', 0x101242, 0x0)
ioctl$auto_EVIOCREVOKE(r0, 0x40044591, 0x0)
ioctl$auto_EVIOCGREP(r0, 0x80084503, 0x0)
socket(0x2, 0x1, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
msgrcv$auto(0x0, 0x0, 0x1000, 0x8000000000000000, 0xb5)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000)
mmap$auto(0x0, 0x1004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000)
r1 = semctl$auto(0x1ff, 0x100000001, 0x13, 0x9)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r2 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r2, 0x107, 0x12, 0x0, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYRESHEX=r1, @ANYRES8=r1, @ANYRES16=r1, @ANYRES8=r1, @ANYRES8=r2, @ANYRESOCT=r1, @ANYRES64=r1, @ANYBLOB="56f826c0", @ANYBLOB], 0x1ac}}, 0x40000)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x181881, 0x0)
signalfd$auto(0x4, 0x0, 0x8)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/arch_status\x00', 0x80300, 0x0)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card1/pcm0c/sub3/info\x00', 0x1a3443, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000140), 0x80200, 0x0)
io_uring_setup$auto(0x40000002c55, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0)
executing program 1:
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/traceSMB\x00', 0x0, 0x0)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(0x3, 0x0, 0x1f40)
r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f00000004c0), 0x2202, 0x0)
ioctl$auto_USB_RAW_IOCTL_EP0_WRITE(r0, 0x40085503, &(0x7f0000000600)={0xd, 0x0, 0x3})
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x6, &(0x7f0000000000)={0x0, 0xfc6}, 0x6, 0x0, 0x7, 0xa505}, 0x800}, 0x80000000, 0x4008)
recvmsg$auto(0xffffffffffffffff, 0x0, 0x6)
writev$auto(0xca, 0x0, 0x2000000000000003)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event0\x00', 0x2, 0x0)
io_uring_setup$auto(0xc, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x30}, 0x1)
close_range$auto(0x2, 0xa, 0x0)
socketpair$auto(0x1, 0x4, 0x4, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/stack\x00', 0x8a1940, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000)
io_uring_setup$auto(0x6, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0xc0000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2a, 0x2, 0xb)
mmap$auto(0x1, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xffffeffe, 0x2)
pipe$auto(0x0)
executing program 1:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
mq_unlink$auto(0x0)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program did not crash
bisect: split chunk #1 of len 4 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [27, 11, 30, 30, 5, 25, 30]
detailed listing:
executing program 2:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x3, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x800)
bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x8000007, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3)
sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/fuse/parameters/max_user_bgreq\x00', 0x1f2382, 0x0)
sendfile$auto(r0, r0, 0x0, 0x7fff)
sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0)
pidfd_send_signal$auto_PIDFD_SELF_THREAD_GROUP(0xffffffffffffb1e0, 0x4, &(0x7f00000000c0)={@siginfo_0_0={0xa, 0xb92, 0x9}}, 0x4)
r1 = socket(0xa, 0x5, 0x84)
sendto$auto(r1, 0x0, 0x401, 0x101, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fb8000"}, 0x1c)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000)
mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0x1e, 0x1, 0x0)
socket(0x28, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2b, 0x1, 0x1)
pipe2$auto(0x0, 0x80)
keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8)
socket(0x2, 0x3, 0xa)
pipe2$auto(0x0, 0x80)
syz_clone(0x4000000, &(0x7f0000000040)="1110772e9118d81097a406f5750008b28be67ef0011bcaa612e84dc6950fa015", 0x20, &(0x7f0000000280), &(0x7f0000000300), &(0x7f0000000340)="999cddedc642f9d16b60e08e550af0331de32832f1be9a913df00e1438c3b438e7993dce0b5987fdc239df")
keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x8)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0}, 0x63}, 0x3, 0x0)
executing program 2:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cpu.max.burst\x00', 0x80302, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.7/usb8/power/active_duration\x00', 0xc8080, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
r2 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0225020000000800030080"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x20040004)
sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x5, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x5}, 0x3}, 0x40000204, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)=""/17, 0x11)
read$auto_cachefiles_daemon_fops_internal(r0, &(0x7f0000000000)=""/111, 0x6f)
sendfile$auto(r0, r0, 0x0, 0x3)
executing program 2:
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x11, 0x3, 0x9)
r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x2, 0x0)
write$auto_sg_fops_sg(r0, &(0x7f0000001380)="4a0200000000040000899edb615550fd8c44924d87f0010047eb02eff5d2adc245a4e1eded0e91b86c61b6b42ed6", 0x2e)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
r1 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x64)
fchdir$auto(r1)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r2)
io_uring_setup$auto(0x6, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mq_open$auto(&(0x7f0000000000)='.\xf1e4\xdf\x16\x95kxE\xd9x\x15\xb0\xf6V\x93\xb4E\x06\xc5}l', 0x400056a, 0x9, 0x0)
ftruncate$auto(0x3, 0x700)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
close_range$auto(0x2, 0xa, 0x0)
socket(0xa, 0x1, 0xff)
r3 = socket(0xa, 0x3, 0xff)
connect$auto(r3, &(0x7f00000018c0)=@generic={0xa}, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
madvise$auto(0x1ffff000, 0x7, 0x100000000)
mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2)
shmget$auto(0x8, 0x10563, 0x568d1af2)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
getpgid$auto(0x0)
shmctl$auto(0x0, 0x0, 0xfffffffffffffffd)
lsm_set_self_attr$auto(0x1, 0x0, 0x80, 0x0)
close_range$auto(0x2, 0xa, 0x0)
executing program 2:
mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x7ffd) (async)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
ioctl$auto(0xffffffffffffffff, 0x4, 0xffffffffffffffff) (async)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async, rerun: 32)
move_mount$auto(0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x77) (rerun: 32)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
socket(0x25, 0x1, 0x4) (async, rerun: 64)
syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 64)
socket(0x10, 0x2, 0xf) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async)
socket(0xa, 0x801, 0x106)
socket(0x2b, 0x1, 0x1) (async, rerun: 64)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) (async, rerun: 64)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv6/neigh/veth1/unres_qlen\x00', 0x382, 0x0) (async, rerun: 64)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080) (async, rerun: 32)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) (async, rerun: 32)
close_range$auto(0x2, 0x8, 0x0) (async)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
sendfile$auto(r0, r0, 0x0, 0x23f) (async)
setns(0xffffffffffffffff, 0x8000000) (async)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/sctp/rto_min\x00', 0xba45a641e375b9f1, 0x0)
sendfile$auto(r1, r1, 0x0, 0x1) (async)
r2 = socket(0xa, 0x5, 0x84)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x1fe, 0x8000)
r3 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r2)
sendmsg$auto_GTP_CMD_DELPDP(r2, &(0x7f00000001c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000125bd7000fcdbdf0d721a25010000000800020004000000080002001c0000000c0003000000000000000c0006000600040000000c00030003000000000000000c000300ff7f00000000000008000800800000006594b92500643918"], 0x58}, 0x1, 0x0, 0x0, 0x400}, 0x4040000)
executing program 1:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
mq_unlink$auto(0x0)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [27, 11, 30, 30, 30, 29, 30]
detailed listing:
executing program 2:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x3, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x800)
bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x8000007, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3)
sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/fuse/parameters/max_user_bgreq\x00', 0x1f2382, 0x0)
sendfile$auto(r0, r0, 0x0, 0x7fff)
sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0)
pidfd_send_signal$auto_PIDFD_SELF_THREAD_GROUP(0xffffffffffffb1e0, 0x4, &(0x7f00000000c0)={@siginfo_0_0={0xa, 0xb92, 0x9}}, 0x4)
r1 = socket(0xa, 0x5, 0x84)
sendto$auto(r1, 0x0, 0x401, 0x101, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fb8000"}, 0x1c)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000)
mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0x1e, 0x1, 0x0)
socket(0x28, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2b, 0x1, 0x1)
pipe2$auto(0x0, 0x80)
keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8)
socket(0x2, 0x3, 0xa)
pipe2$auto(0x0, 0x80)
syz_clone(0x4000000, &(0x7f0000000040)="1110772e9118d81097a406f5750008b28be67ef0011bcaa612e84dc6950fa015", 0x20, &(0x7f0000000280), &(0x7f0000000300), &(0x7f0000000340)="999cddedc642f9d16b60e08e550af0331de32832f1be9a913df00e1438c3b438e7993dce0b5987fdc239df")
keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x8)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0}, 0x63}, 0x3, 0x0)
executing program 2:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cpu.max.burst\x00', 0x80302, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.7/usb8/power/active_duration\x00', 0xc8080, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
r2 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0225020000000800030080"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x20040004)
sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x5, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x5}, 0x3}, 0x40000204, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)=""/17, 0x11)
read$auto_cachefiles_daemon_fops_internal(r0, &(0x7f0000000000)=""/111, 0x6f)
sendfile$auto(r0, r0, 0x0, 0x3)
executing program 2:
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x11, 0x3, 0x9)
r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x2, 0x0)
write$auto_sg_fops_sg(r0, &(0x7f0000001380)="4a0200000000040000899edb615550fd8c44924d87f0010047eb02eff5d2adc245a4e1eded0e91b86c61b6b42ed6", 0x2e)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
r1 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x64)
fchdir$auto(r1)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r2)
io_uring_setup$auto(0x6, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mq_open$auto(&(0x7f0000000000)='.\xf1e4\xdf\x16\x95kxE\xd9x\x15\xb0\xf6V\x93\xb4E\x06\xc5}l', 0x400056a, 0x9, 0x0)
ftruncate$auto(0x3, 0x700)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
close_range$auto(0x2, 0xa, 0x0)
socket(0xa, 0x1, 0xff)
r3 = socket(0xa, 0x3, 0xff)
connect$auto(r3, &(0x7f00000018c0)=@generic={0xa}, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
madvise$auto(0x1ffff000, 0x7, 0x100000000)
mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2)
shmget$auto(0x8, 0x10563, 0x568d1af2)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
getpgid$auto(0x0)
shmctl$auto(0x0, 0x0, 0xfffffffffffffffd)
lsm_set_self_attr$auto(0x1, 0x0, 0x80, 0x0)
close_range$auto(0x2, 0xa, 0x0)
executing program 2:
mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x7ffd) (async)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
ioctl$auto(0xffffffffffffffff, 0x4, 0xffffffffffffffff) (async)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async, rerun: 32)
move_mount$auto(0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x77) (rerun: 32)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
socket(0x25, 0x1, 0x4) (async, rerun: 64)
syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 64)
socket(0x10, 0x2, 0xf) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async)
socket(0xa, 0x801, 0x106)
socket(0x2b, 0x1, 0x1) (async, rerun: 64)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) (async, rerun: 64)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv6/neigh/veth1/unres_qlen\x00', 0x382, 0x0) (async, rerun: 64)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080) (async, rerun: 32)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) (async, rerun: 32)
close_range$auto(0x2, 0x8, 0x0) (async)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
sendfile$auto(r0, r0, 0x0, 0x23f) (async)
setns(0xffffffffffffffff, 0x8000000) (async)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/sctp/rto_min\x00', 0xba45a641e375b9f1, 0x0)
sendfile$auto(r1, r1, 0x0, 0x1) (async)
r2 = socket(0xa, 0x5, 0x84)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x1fe, 0x8000)
r3 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r2)
sendmsg$auto_GTP_CMD_DELPDP(r2, &(0x7f00000001c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000125bd7000fcdbdf0d721a25010000000800020004000000080002001c0000000c0003000000000000000c0006000600040000000c00030003000000000000000c000300ff7f00000000000008000800800000006594b92500643918"], 0x58}, 0x1, 0x0, 0x0, 0x400}, 0x4040000)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x947, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0xfff, 0x7, 0x8001, 0x2, 0x5, 0x3, 0x40, 0x7, 0x0, 0x0, 0x6, 0x2, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd]}, 0x1fe, 0x81)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
modify_ldt$auto(0x1, &(0x7f00000001c0), 0x10)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001cc0)='/dev/input/event1\x00', 0x101242, 0x0)
ioctl$auto_EVIOCREVOKE(r0, 0x40044591, 0x0)
ioctl$auto_EVIOCGREP(r0, 0x80084503, 0x0)
socket(0x2, 0x1, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
msgrcv$auto(0x0, 0x0, 0x1000, 0x8000000000000000, 0xb5)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000)
mmap$auto(0x0, 0x1004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000)
r1 = semctl$auto(0x1ff, 0x100000001, 0x13, 0x9)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r2 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r2, 0x107, 0x12, 0x0, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYRESHEX=r1, @ANYRES8=r1, @ANYRES16=r1, @ANYRES8=r1, @ANYRES8=r2, @ANYRESOCT=r1, @ANYRES64=r1, @ANYBLOB="56f826c0", @ANYBLOB], 0x1ac}}, 0x40000)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x181881, 0x0)
signalfd$auto(0x4, 0x0, 0x8)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/arch_status\x00', 0x80300, 0x0)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card1/pcm0c/sub3/info\x00', 0x1a3443, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000140), 0x80200, 0x0)
io_uring_setup$auto(0x40000002c55, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0)
executing program 1:
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/traceSMB\x00', 0x0, 0x0)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(0x3, 0x0, 0x1f40)
r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f00000004c0), 0x2202, 0x0)
ioctl$auto_USB_RAW_IOCTL_EP0_WRITE(r0, 0x40085503, &(0x7f0000000600)={0xd, 0x0, 0x3})
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x6, &(0x7f0000000000)={0x0, 0xfc6}, 0x6, 0x0, 0x7, 0xa505}, 0x800}, 0x80000000, 0x4008)
recvmsg$auto(0xffffffffffffffff, 0x0, 0x6)
writev$auto(0xca, 0x0, 0x2000000000000003)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event0\x00', 0x2, 0x0)
io_uring_setup$auto(0xc, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x30}, 0x1)
close_range$auto(0x2, 0xa, 0x0)
socketpair$auto(0x1, 0x4, 0x4, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/stack\x00', 0x8a1940, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000)
io_uring_setup$auto(0x6, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0xc0000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2a, 0x2, 0xb)
mmap$auto(0x1, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xffffeffe, 0x2)
pipe$auto(0x0)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program did not crash
bisect: split chunks (needed=true): <2>, <2>, <2>, <2>
bisect: split chunk #0 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=32s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [11, 30, 30, 30, 29, 5, 25, 30]
detailed listing:
executing program 2:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cpu.max.burst\x00', 0x80302, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.7/usb8/power/active_duration\x00', 0xc8080, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
r2 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0225020000000800030080"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x20040004)
sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x5, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x5}, 0x3}, 0x40000204, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)=""/17, 0x11)
read$auto_cachefiles_daemon_fops_internal(r0, &(0x7f0000000000)=""/111, 0x6f)
sendfile$auto(r0, r0, 0x0, 0x3)
executing program 2:
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x11, 0x3, 0x9)
r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x2, 0x0)
write$auto_sg_fops_sg(r0, &(0x7f0000001380)="4a0200000000040000899edb615550fd8c44924d87f0010047eb02eff5d2adc245a4e1eded0e91b86c61b6b42ed6", 0x2e)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
r1 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x64)
fchdir$auto(r1)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r2)
io_uring_setup$auto(0x6, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mq_open$auto(&(0x7f0000000000)='.\xf1e4\xdf\x16\x95kxE\xd9x\x15\xb0\xf6V\x93\xb4E\x06\xc5}l', 0x400056a, 0x9, 0x0)
ftruncate$auto(0x3, 0x700)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
close_range$auto(0x2, 0xa, 0x0)
socket(0xa, 0x1, 0xff)
r3 = socket(0xa, 0x3, 0xff)
connect$auto(r3, &(0x7f00000018c0)=@generic={0xa}, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
madvise$auto(0x1ffff000, 0x7, 0x100000000)
mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2)
shmget$auto(0x8, 0x10563, 0x568d1af2)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
getpgid$auto(0x0)
shmctl$auto(0x0, 0x0, 0xfffffffffffffffd)
lsm_set_self_attr$auto(0x1, 0x0, 0x80, 0x0)
close_range$auto(0x2, 0xa, 0x0)
executing program 2:
mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x7ffd) (async)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
ioctl$auto(0xffffffffffffffff, 0x4, 0xffffffffffffffff) (async)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async, rerun: 32)
move_mount$auto(0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x77) (rerun: 32)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
socket(0x25, 0x1, 0x4) (async, rerun: 64)
syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 64)
socket(0x10, 0x2, 0xf) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async)
socket(0xa, 0x801, 0x106)
socket(0x2b, 0x1, 0x1) (async, rerun: 64)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) (async, rerun: 64)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv6/neigh/veth1/unres_qlen\x00', 0x382, 0x0) (async, rerun: 64)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080) (async, rerun: 32)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) (async, rerun: 32)
close_range$auto(0x2, 0x8, 0x0) (async)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
sendfile$auto(r0, r0, 0x0, 0x23f) (async)
setns(0xffffffffffffffff, 0x8000000) (async)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/sctp/rto_min\x00', 0xba45a641e375b9f1, 0x0)
sendfile$auto(r1, r1, 0x0, 0x1) (async)
r2 = socket(0xa, 0x5, 0x84)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x1fe, 0x8000)
r3 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r2)
sendmsg$auto_GTP_CMD_DELPDP(r2, &(0x7f00000001c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000125bd7000fcdbdf0d721a25010000000800020004000000080002001c0000000c0003000000000000000c0006000600040000000c00030003000000000000000c000300ff7f00000000000008000800800000006594b92500643918"], 0x58}, 0x1, 0x0, 0x0, 0x400}, 0x4040000)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x947, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0xfff, 0x7, 0x8001, 0x2, 0x5, 0x3, 0x40, 0x7, 0x0, 0x0, 0x6, 0x2, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd]}, 0x1fe, 0x81)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
modify_ldt$auto(0x1, &(0x7f00000001c0), 0x10)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001cc0)='/dev/input/event1\x00', 0x101242, 0x0)
ioctl$auto_EVIOCREVOKE(r0, 0x40044591, 0x0)
ioctl$auto_EVIOCGREP(r0, 0x80084503, 0x0)
socket(0x2, 0x1, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
msgrcv$auto(0x0, 0x0, 0x1000, 0x8000000000000000, 0xb5)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000)
mmap$auto(0x0, 0x1004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000)
r1 = semctl$auto(0x1ff, 0x100000001, 0x13, 0x9)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r2 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r2, 0x107, 0x12, 0x0, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYRESHEX=r1, @ANYRES8=r1, @ANYRES16=r1, @ANYRES8=r1, @ANYRES8=r2, @ANYRESOCT=r1, @ANYRES64=r1, @ANYBLOB="56f826c0", @ANYBLOB], 0x1ac}}, 0x40000)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x181881, 0x0)
signalfd$auto(0x4, 0x0, 0x8)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/arch_status\x00', 0x80300, 0x0)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card1/pcm0c/sub3/info\x00', 0x1a3443, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000140), 0x80200, 0x0)
io_uring_setup$auto(0x40000002c55, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0)
executing program 1:
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/traceSMB\x00', 0x0, 0x0)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(0x3, 0x0, 0x1f40)
r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f00000004c0), 0x2202, 0x0)
ioctl$auto_USB_RAW_IOCTL_EP0_WRITE(r0, 0x40085503, &(0x7f0000000600)={0xd, 0x0, 0x3})
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x6, &(0x7f0000000000)={0x0, 0xfc6}, 0x6, 0x0, 0x7, 0xa505}, 0x800}, 0x80000000, 0x4008)
recvmsg$auto(0xffffffffffffffff, 0x0, 0x6)
writev$auto(0xca, 0x0, 0x2000000000000003)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event0\x00', 0x2, 0x0)
io_uring_setup$auto(0xc, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x30}, 0x1)
close_range$auto(0x2, 0xa, 0x0)
socketpair$auto(0x1, 0x4, 0x4, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/stack\x00', 0x8a1940, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000)
io_uring_setup$auto(0x6, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0xc0000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2a, 0x2, 0xb)
mmap$auto(0x1, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xffffeffe, 0x2)
pipe$auto(0x0)
executing program 1:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
mq_unlink$auto(0x0)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunk #1 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [11, 30, 30, 29, 5, 25, 30]
detailed listing:
executing program 2:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cpu.max.burst\x00', 0x80302, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.7/usb8/power/active_duration\x00', 0xc8080, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
r2 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0225020000000800030080"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x20040004)
sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x5, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x5}, 0x3}, 0x40000204, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)=""/17, 0x11)
read$auto_cachefiles_daemon_fops_internal(r0, &(0x7f0000000000)=""/111, 0x6f)
sendfile$auto(r0, r0, 0x0, 0x3)
executing program 2:
mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x7ffd) (async)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
ioctl$auto(0xffffffffffffffff, 0x4, 0xffffffffffffffff) (async)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async, rerun: 32)
move_mount$auto(0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x77) (rerun: 32)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
socket(0x25, 0x1, 0x4) (async, rerun: 64)
syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 64)
socket(0x10, 0x2, 0xf) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async)
socket(0xa, 0x801, 0x106)
socket(0x2b, 0x1, 0x1) (async, rerun: 64)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) (async, rerun: 64)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv6/neigh/veth1/unres_qlen\x00', 0x382, 0x0) (async, rerun: 64)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080) (async, rerun: 32)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) (async, rerun: 32)
close_range$auto(0x2, 0x8, 0x0) (async)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
sendfile$auto(r0, r0, 0x0, 0x23f) (async)
setns(0xffffffffffffffff, 0x8000000) (async)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/sctp/rto_min\x00', 0xba45a641e375b9f1, 0x0)
sendfile$auto(r1, r1, 0x0, 0x1) (async)
r2 = socket(0xa, 0x5, 0x84)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x1fe, 0x8000)
r3 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r2)
sendmsg$auto_GTP_CMD_DELPDP(r2, &(0x7f00000001c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000125bd7000fcdbdf0d721a25010000000800020004000000080002001c0000000c0003000000000000000c0006000600040000000c00030003000000000000000c000300ff7f00000000000008000800800000006594b92500643918"], 0x58}, 0x1, 0x0, 0x0, 0x400}, 0x4040000)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x947, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0xfff, 0x7, 0x8001, 0x2, 0x5, 0x3, 0x40, 0x7, 0x0, 0x0, 0x6, 0x2, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd]}, 0x1fe, 0x81)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
modify_ldt$auto(0x1, &(0x7f00000001c0), 0x10)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001cc0)='/dev/input/event1\x00', 0x101242, 0x0)
ioctl$auto_EVIOCREVOKE(r0, 0x40044591, 0x0)
ioctl$auto_EVIOCGREP(r0, 0x80084503, 0x0)
socket(0x2, 0x1, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
msgrcv$auto(0x0, 0x0, 0x1000, 0x8000000000000000, 0xb5)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000)
mmap$auto(0x0, 0x1004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000)
r1 = semctl$auto(0x1ff, 0x100000001, 0x13, 0x9)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r2 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r2, 0x107, 0x12, 0x0, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYRESHEX=r1, @ANYRES8=r1, @ANYRES16=r1, @ANYRES8=r1, @ANYRES8=r2, @ANYRESOCT=r1, @ANYRES64=r1, @ANYBLOB="56f826c0", @ANYBLOB], 0x1ac}}, 0x40000)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x181881, 0x0)
signalfd$auto(0x4, 0x0, 0x8)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/arch_status\x00', 0x80300, 0x0)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card1/pcm0c/sub3/info\x00', 0x1a3443, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000140), 0x80200, 0x0)
io_uring_setup$auto(0x40000002c55, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0)
executing program 1:
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/traceSMB\x00', 0x0, 0x0)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(0x3, 0x0, 0x1f40)
r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f00000004c0), 0x2202, 0x0)
ioctl$auto_USB_RAW_IOCTL_EP0_WRITE(r0, 0x40085503, &(0x7f0000000600)={0xd, 0x0, 0x3})
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x6, &(0x7f0000000000)={0x0, 0xfc6}, 0x6, 0x0, 0x7, 0xa505}, 0x800}, 0x80000000, 0x4008)
recvmsg$auto(0xffffffffffffffff, 0x0, 0x6)
writev$auto(0xca, 0x0, 0x2000000000000003)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event0\x00', 0x2, 0x0)
io_uring_setup$auto(0xc, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x30}, 0x1)
close_range$auto(0x2, 0xa, 0x0)
socketpair$auto(0x1, 0x4, 0x4, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/stack\x00', 0x8a1940, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000)
io_uring_setup$auto(0x6, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0xc0000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2a, 0x2, 0xb)
mmap$auto(0x1, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xffffeffe, 0x2)
pipe$auto(0x0)
executing program 1:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
mq_unlink$auto(0x0)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunk #2 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [11, 30, 29, 5, 25, 30]
detailed listing:
executing program 2:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cpu.max.burst\x00', 0x80302, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.7/usb8/power/active_duration\x00', 0xc8080, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
r2 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0225020000000800030080"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x20040004)
sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x5, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x5}, 0x3}, 0x40000204, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)=""/17, 0x11)
read$auto_cachefiles_daemon_fops_internal(r0, &(0x7f0000000000)=""/111, 0x6f)
sendfile$auto(r0, r0, 0x0, 0x3)
executing program 2:
mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x7ffd) (async)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
ioctl$auto(0xffffffffffffffff, 0x4, 0xffffffffffffffff) (async)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async, rerun: 32)
move_mount$auto(0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x77) (rerun: 32)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
socket(0x25, 0x1, 0x4) (async, rerun: 64)
syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 64)
socket(0x10, 0x2, 0xf) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async)
socket(0xa, 0x801, 0x106)
socket(0x2b, 0x1, 0x1) (async, rerun: 64)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) (async, rerun: 64)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv6/neigh/veth1/unres_qlen\x00', 0x382, 0x0) (async, rerun: 64)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080) (async, rerun: 32)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) (async, rerun: 32)
close_range$auto(0x2, 0x8, 0x0) (async)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
sendfile$auto(r0, r0, 0x0, 0x23f) (async)
setns(0xffffffffffffffff, 0x8000000) (async)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/sctp/rto_min\x00', 0xba45a641e375b9f1, 0x0)
sendfile$auto(r1, r1, 0x0, 0x1) (async)
r2 = socket(0xa, 0x5, 0x84)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x1fe, 0x8000)
r3 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r2)
sendmsg$auto_GTP_CMD_DELPDP(r2, &(0x7f00000001c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000125bd7000fcdbdf0d721a25010000000800020004000000080002001c0000000c0003000000000000000c0006000600040000000c00030003000000000000000c000300ff7f00000000000008000800800000006594b92500643918"], 0x58}, 0x1, 0x0, 0x0, 0x400}, 0x4040000)
executing program 1:
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/traceSMB\x00', 0x0, 0x0)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(0x3, 0x0, 0x1f40)
r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f00000004c0), 0x2202, 0x0)
ioctl$auto_USB_RAW_IOCTL_EP0_WRITE(r0, 0x40085503, &(0x7f0000000600)={0xd, 0x0, 0x3})
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x6, &(0x7f0000000000)={0x0, 0xfc6}, 0x6, 0x0, 0x7, 0xa505}, 0x800}, 0x80000000, 0x4008)
recvmsg$auto(0xffffffffffffffff, 0x0, 0x6)
writev$auto(0xca, 0x0, 0x2000000000000003)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event0\x00', 0x2, 0x0)
io_uring_setup$auto(0xc, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x30}, 0x1)
close_range$auto(0x2, 0xa, 0x0)
socketpair$auto(0x1, 0x4, 0x4, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/stack\x00', 0x8a1940, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000)
io_uring_setup$auto(0x6, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0xc0000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2a, 0x2, 0xb)
mmap$auto(0x1, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xffffeffe, 0x2)
pipe$auto(0x0)
executing program 1:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
mq_unlink$auto(0x0)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [11, 30, 30, 5, 25, 30]
detailed listing:
executing program 2:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cpu.max.burst\x00', 0x80302, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.7/usb8/power/active_duration\x00', 0xc8080, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
r2 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0225020000000800030080"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x20040004)
sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x5, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x5}, 0x3}, 0x40000204, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)=""/17, 0x11)
read$auto_cachefiles_daemon_fops_internal(r0, &(0x7f0000000000)=""/111, 0x6f)
sendfile$auto(r0, r0, 0x0, 0x3)
executing program 2:
mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x7ffd) (async)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
ioctl$auto(0xffffffffffffffff, 0x4, 0xffffffffffffffff) (async)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async, rerun: 32)
move_mount$auto(0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x77) (rerun: 32)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
socket(0x25, 0x1, 0x4) (async, rerun: 64)
syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 64)
socket(0x10, 0x2, 0xf) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async)
socket(0xa, 0x801, 0x106)
socket(0x2b, 0x1, 0x1) (async, rerun: 64)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) (async, rerun: 64)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv6/neigh/veth1/unres_qlen\x00', 0x382, 0x0) (async, rerun: 64)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080) (async, rerun: 32)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) (async, rerun: 32)
close_range$auto(0x2, 0x8, 0x0) (async)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
sendfile$auto(r0, r0, 0x0, 0x23f) (async)
setns(0xffffffffffffffff, 0x8000000) (async)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/sctp/rto_min\x00', 0xba45a641e375b9f1, 0x0)
sendfile$auto(r1, r1, 0x0, 0x1) (async)
r2 = socket(0xa, 0x5, 0x84)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x1fe, 0x8000)
r3 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r2)
sendmsg$auto_GTP_CMD_DELPDP(r2, &(0x7f00000001c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000125bd7000fcdbdf0d721a25010000000800020004000000080002001c0000000c0003000000000000000c0006000600040000000c00030003000000000000000c000300ff7f00000000000008000800800000006594b92500643918"], 0x58}, 0x1, 0x0, 0x0, 0x400}, 0x4040000)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x947, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0xfff, 0x7, 0x8001, 0x2, 0x5, 0x3, 0x40, 0x7, 0x0, 0x0, 0x6, 0x2, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd]}, 0x1fe, 0x81)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
modify_ldt$auto(0x1, &(0x7f00000001c0), 0x10)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001cc0)='/dev/input/event1\x00', 0x101242, 0x0)
ioctl$auto_EVIOCREVOKE(r0, 0x40044591, 0x0)
ioctl$auto_EVIOCGREP(r0, 0x80084503, 0x0)
socket(0x2, 0x1, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
msgrcv$auto(0x0, 0x0, 0x1000, 0x8000000000000000, 0xb5)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000)
mmap$auto(0x0, 0x1004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000)
r1 = semctl$auto(0x1ff, 0x100000001, 0x13, 0x9)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r2 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r2, 0x107, 0x12, 0x0, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYRESHEX=r1, @ANYRES8=r1, @ANYRES16=r1, @ANYRES8=r1, @ANYRES8=r2, @ANYRESOCT=r1, @ANYRES64=r1, @ANYBLOB="56f826c0", @ANYBLOB], 0x1ac}}, 0x40000)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x181881, 0x0)
signalfd$auto(0x4, 0x0, 0x8)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/arch_status\x00', 0x80300, 0x0)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card1/pcm0c/sub3/info\x00', 0x1a3443, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000140), 0x80200, 0x0)
io_uring_setup$auto(0x40000002c55, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0)
executing program 1:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
mq_unlink$auto(0x0)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program did not crash
bisect: split chunk #3 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [11, 30, 30, 29, 25, 30]
detailed listing:
executing program 2:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cpu.max.burst\x00', 0x80302, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.7/usb8/power/active_duration\x00', 0xc8080, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
r2 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0225020000000800030080"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x20040004)
sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x5, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x5}, 0x3}, 0x40000204, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)=""/17, 0x11)
read$auto_cachefiles_daemon_fops_internal(r0, &(0x7f0000000000)=""/111, 0x6f)
sendfile$auto(r0, r0, 0x0, 0x3)
executing program 2:
mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x7ffd) (async)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
ioctl$auto(0xffffffffffffffff, 0x4, 0xffffffffffffffff) (async)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async, rerun: 32)
move_mount$auto(0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x77) (rerun: 32)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
socket(0x25, 0x1, 0x4) (async, rerun: 64)
syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 64)
socket(0x10, 0x2, 0xf) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async)
socket(0xa, 0x801, 0x106)
socket(0x2b, 0x1, 0x1) (async, rerun: 64)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) (async, rerun: 64)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv6/neigh/veth1/unres_qlen\x00', 0x382, 0x0) (async, rerun: 64)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080) (async, rerun: 32)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) (async, rerun: 32)
close_range$auto(0x2, 0x8, 0x0) (async)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
sendfile$auto(r0, r0, 0x0, 0x23f) (async)
setns(0xffffffffffffffff, 0x8000000) (async)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/sctp/rto_min\x00', 0xba45a641e375b9f1, 0x0)
sendfile$auto(r1, r1, 0x0, 0x1) (async)
r2 = socket(0xa, 0x5, 0x84)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x1fe, 0x8000)
r3 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r2)
sendmsg$auto_GTP_CMD_DELPDP(r2, &(0x7f00000001c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000125bd7000fcdbdf0d721a25010000000800020004000000080002001c0000000c0003000000000000000c0006000600040000000c00030003000000000000000c000300ff7f00000000000008000800800000006594b92500643918"], 0x58}, 0x1, 0x0, 0x0, 0x400}, 0x4040000)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x947, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0xfff, 0x7, 0x8001, 0x2, 0x5, 0x3, 0x40, 0x7, 0x0, 0x0, 0x6, 0x2, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd]}, 0x1fe, 0x81)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
modify_ldt$auto(0x1, &(0x7f00000001c0), 0x10)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001cc0)='/dev/input/event1\x00', 0x101242, 0x0)
ioctl$auto_EVIOCREVOKE(r0, 0x40044591, 0x0)
ioctl$auto_EVIOCGREP(r0, 0x80084503, 0x0)
socket(0x2, 0x1, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
msgrcv$auto(0x0, 0x0, 0x1000, 0x8000000000000000, 0xb5)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000)
mmap$auto(0x0, 0x1004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000)
r1 = semctl$auto(0x1ff, 0x100000001, 0x13, 0x9)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r2 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r2, 0x107, 0x12, 0x0, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYRESHEX=r1, @ANYRES8=r1, @ANYRES16=r1, @ANYRES8=r1, @ANYRES8=r2, @ANYRESOCT=r1, @ANYRES64=r1, @ANYBLOB="56f826c0", @ANYBLOB], 0x1ac}}, 0x40000)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x181881, 0x0)
signalfd$auto(0x4, 0x0, 0x8)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/arch_status\x00', 0x80300, 0x0)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card1/pcm0c/sub3/info\x00', 0x1a3443, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000140), 0x80200, 0x0)
io_uring_setup$auto(0x40000002c55, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0)
executing program 1:
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/traceSMB\x00', 0x0, 0x0)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(0x3, 0x0, 0x1f40)
r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f00000004c0), 0x2202, 0x0)
ioctl$auto_USB_RAW_IOCTL_EP0_WRITE(r0, 0x40085503, &(0x7f0000000600)={0xd, 0x0, 0x3})
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x6, &(0x7f0000000000)={0x0, 0xfc6}, 0x6, 0x0, 0x7, 0xa505}, 0x800}, 0x80000000, 0x4008)
recvmsg$auto(0xffffffffffffffff, 0x0, 0x6)
writev$auto(0xca, 0x0, 0x2000000000000003)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event0\x00', 0x2, 0x0)
io_uring_setup$auto(0xc, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x30}, 0x1)
close_range$auto(0x2, 0xa, 0x0)
socketpair$auto(0x1, 0x4, 0x4, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/stack\x00', 0x8a1940, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000)
io_uring_setup$auto(0x6, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0xc0000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2a, 0x2, 0xb)
mmap$auto(0x1, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xffffeffe, 0x2)
pipe$auto(0x0)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [11, 30, 30, 29, 5, 30]
detailed listing:
executing program 2:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cpu.max.burst\x00', 0x80302, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.7/usb8/power/active_duration\x00', 0xc8080, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
r2 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0225020000000800030080"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x20040004)
sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x5, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x5}, 0x3}, 0x40000204, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)=""/17, 0x11)
read$auto_cachefiles_daemon_fops_internal(r0, &(0x7f0000000000)=""/111, 0x6f)
sendfile$auto(r0, r0, 0x0, 0x3)
executing program 2:
mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x7ffd) (async)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
ioctl$auto(0xffffffffffffffff, 0x4, 0xffffffffffffffff) (async)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async, rerun: 32)
move_mount$auto(0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x77) (rerun: 32)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
socket(0x25, 0x1, 0x4) (async, rerun: 64)
syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 64)
socket(0x10, 0x2, 0xf) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async)
socket(0xa, 0x801, 0x106)
socket(0x2b, 0x1, 0x1) (async, rerun: 64)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) (async, rerun: 64)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv6/neigh/veth1/unres_qlen\x00', 0x382, 0x0) (async, rerun: 64)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080) (async, rerun: 32)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) (async, rerun: 32)
close_range$auto(0x2, 0x8, 0x0) (async)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
sendfile$auto(r0, r0, 0x0, 0x23f) (async)
setns(0xffffffffffffffff, 0x8000000) (async)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/sctp/rto_min\x00', 0xba45a641e375b9f1, 0x0)
sendfile$auto(r1, r1, 0x0, 0x1) (async)
r2 = socket(0xa, 0x5, 0x84)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x1fe, 0x8000)
r3 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r2)
sendmsg$auto_GTP_CMD_DELPDP(r2, &(0x7f00000001c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000125bd7000fcdbdf0d721a25010000000800020004000000080002001c0000000c0003000000000000000c0006000600040000000c00030003000000000000000c000300ff7f00000000000008000800800000006594b92500643918"], 0x58}, 0x1, 0x0, 0x0, 0x400}, 0x4040000)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x947, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0xfff, 0x7, 0x8001, 0x2, 0x5, 0x3, 0x40, 0x7, 0x0, 0x0, 0x6, 0x2, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd]}, 0x1fe, 0x81)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
modify_ldt$auto(0x1, &(0x7f00000001c0), 0x10)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001cc0)='/dev/input/event1\x00', 0x101242, 0x0)
ioctl$auto_EVIOCREVOKE(r0, 0x40044591, 0x0)
ioctl$auto_EVIOCGREP(r0, 0x80084503, 0x0)
socket(0x2, 0x1, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
msgrcv$auto(0x0, 0x0, 0x1000, 0x8000000000000000, 0xb5)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000)
mmap$auto(0x0, 0x1004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000)
r1 = semctl$auto(0x1ff, 0x100000001, 0x13, 0x9)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r2 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r2, 0x107, 0x12, 0x0, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYRESHEX=r1, @ANYRES8=r1, @ANYRES16=r1, @ANYRES8=r1, @ANYRES8=r2, @ANYRESOCT=r1, @ANYRES64=r1, @ANYBLOB="56f826c0", @ANYBLOB], 0x1ac}}, 0x40000)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x181881, 0x0)
signalfd$auto(0x4, 0x0, 0x8)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/arch_status\x00', 0x80300, 0x0)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card1/pcm0c/sub3/info\x00', 0x1a3443, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000140), 0x80200, 0x0)
io_uring_setup$auto(0x40000002c55, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0)
executing program 1:
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/traceSMB\x00', 0x0, 0x0)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(0x3, 0x0, 0x1f40)
r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f00000004c0), 0x2202, 0x0)
ioctl$auto_USB_RAW_IOCTL_EP0_WRITE(r0, 0x40085503, &(0x7f0000000600)={0xd, 0x0, 0x3})
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x6, &(0x7f0000000000)={0x0, 0xfc6}, 0x6, 0x0, 0x7, 0xa505}, 0x800}, 0x80000000, 0x4008)
recvmsg$auto(0xffffffffffffffff, 0x0, 0x6)
writev$auto(0xca, 0x0, 0x2000000000000003)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event0\x00', 0x2, 0x0)
io_uring_setup$auto(0xc, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x30}, 0x1)
close_range$auto(0x2, 0xa, 0x0)
socketpair$auto(0x1, 0x4, 0x4, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/stack\x00', 0x8a1940, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000)
io_uring_setup$auto(0x6, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0xc0000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2a, 0x2, 0xb)
mmap$auto(0x1, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xffffeffe, 0x2)
pipe$auto(0x0)
executing program 1:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
mq_unlink$auto(0x0)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program did not crash
bisect: split chunks (needed=true): <1>, <1>, <1>, <1>, <1>, <1>
bisect: split chunk #0 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: split chunk #1 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: split chunk #2 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: split chunk #3 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: split chunk #4 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: split chunk #5 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: 7 programs left: 

executing program 2:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cpu.max.burst\x00', 0x80302, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.7/usb8/power/active_duration\x00', 0xc8080, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
r2 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0225020000000800030080"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x20040004)
sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x5, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x5}, 0x3}, 0x40000204, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)=""/17, 0x11)
read$auto_cachefiles_daemon_fops_internal(r0, &(0x7f0000000000)=""/111, 0x6f)
sendfile$auto(r0, r0, 0x0, 0x3)
executing program 2:
mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x7ffd) (async)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
ioctl$auto(0xffffffffffffffff, 0x4, 0xffffffffffffffff) (async)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async, rerun: 32)
move_mount$auto(0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x77) (rerun: 32)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
socket(0x25, 0x1, 0x4) (async, rerun: 64)
syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 64)
socket(0x10, 0x2, 0xf) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async)
socket(0xa, 0x801, 0x106)
socket(0x2b, 0x1, 0x1) (async, rerun: 64)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) (async, rerun: 64)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv6/neigh/veth1/unres_qlen\x00', 0x382, 0x0) (async, rerun: 64)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080) (async, rerun: 32)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) (async, rerun: 32)
close_range$auto(0x2, 0x8, 0x0) (async)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
sendfile$auto(r0, r0, 0x0, 0x23f) (async)
setns(0xffffffffffffffff, 0x8000000) (async)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/sctp/rto_min\x00', 0xba45a641e375b9f1, 0x0)
sendfile$auto(r1, r1, 0x0, 0x1) (async)
r2 = socket(0xa, 0x5, 0x84)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x1fe, 0x8000)
r3 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r2)
sendmsg$auto_GTP_CMD_DELPDP(r2, &(0x7f00000001c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000125bd7000fcdbdf0d721a25010000000800020004000000080002001c0000000c0003000000000000000c0006000600040000000c00030003000000000000000c000300ff7f00000000000008000800800000006594b92500643918"], 0x58}, 0x1, 0x0, 0x0, 0x400}, 0x4040000)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x947, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0xfff, 0x7, 0x8001, 0x2, 0x5, 0x3, 0x40, 0x7, 0x0, 0x0, 0x6, 0x2, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd]}, 0x1fe, 0x81)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
modify_ldt$auto(0x1, &(0x7f00000001c0), 0x10)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001cc0)='/dev/input/event1\x00', 0x101242, 0x0)
ioctl$auto_EVIOCREVOKE(r0, 0x40044591, 0x0)
ioctl$auto_EVIOCGREP(r0, 0x80084503, 0x0)
socket(0x2, 0x1, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
msgrcv$auto(0x0, 0x0, 0x1000, 0x8000000000000000, 0xb5)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000)
mmap$auto(0x0, 0x1004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000)
r1 = semctl$auto(0x1ff, 0x100000001, 0x13, 0x9)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r2 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r2, 0x107, 0x12, 0x0, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYRESHEX=r1, @ANYRES8=r1, @ANYRES16=r1, @ANYRES8=r1, @ANYRES8=r2, @ANYRESOCT=r1, @ANYRES64=r1, @ANYBLOB="56f826c0", @ANYBLOB], 0x1ac}}, 0x40000)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x181881, 0x0)
signalfd$auto(0x4, 0x0, 0x8)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/arch_status\x00', 0x80300, 0x0)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card1/pcm0c/sub3/info\x00', 0x1a3443, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000140), 0x80200, 0x0)
io_uring_setup$auto(0x40000002c55, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0)
executing program 1:
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/traceSMB\x00', 0x0, 0x0)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(0x3, 0x0, 0x1f40)
r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f00000004c0), 0x2202, 0x0)
ioctl$auto_USB_RAW_IOCTL_EP0_WRITE(r0, 0x40085503, &(0x7f0000000600)={0xd, 0x0, 0x3})
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x6, &(0x7f0000000000)={0x0, 0xfc6}, 0x6, 0x0, 0x7, 0xa505}, 0x800}, 0x80000000, 0x4008)
recvmsg$auto(0xffffffffffffffff, 0x0, 0x6)
writev$auto(0xca, 0x0, 0x2000000000000003)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event0\x00', 0x2, 0x0)
io_uring_setup$auto(0xc, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x30}, 0x1)
close_range$auto(0x2, 0xa, 0x0)
socketpair$auto(0x1, 0x4, 0x4, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/stack\x00', 0x8a1940, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000)
io_uring_setup$auto(0x6, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0xc0000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2a, 0x2, 0xb)
mmap$auto(0x1, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xffffeffe, 0x2)
pipe$auto(0x0)
executing program 1:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
mq_unlink$auto(0x0)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)


bisect: trying to concatenate
bisect: concatenate 7 entries
minimizing program #0 before concatenation
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [10, 30, 30, 29, 5, 25, 30]
detailed listing:
executing program 0:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cpu.max.burst\x00', 0x80302, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.7/usb8/power/active_duration\x00', 0xc8080, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
r2 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0225020000000800030080"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x20040004)
sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x5, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x5}, 0x3}, 0x40000204, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)=""/17, 0x11)
read$auto_cachefiles_daemon_fops_internal(r0, &(0x7f0000000000)=""/111, 0x6f)
executing program 2:
mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x7ffd) (async)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
ioctl$auto(0xffffffffffffffff, 0x4, 0xffffffffffffffff) (async)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async, rerun: 32)
move_mount$auto(0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x77) (rerun: 32)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
socket(0x25, 0x1, 0x4) (async, rerun: 64)
syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 64)
socket(0x10, 0x2, 0xf) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async)
socket(0xa, 0x801, 0x106)
socket(0x2b, 0x1, 0x1) (async, rerun: 64)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) (async, rerun: 64)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv6/neigh/veth1/unres_qlen\x00', 0x382, 0x0) (async, rerun: 64)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080) (async, rerun: 32)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) (async, rerun: 32)
close_range$auto(0x2, 0x8, 0x0) (async)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
sendfile$auto(r0, r0, 0x0, 0x23f) (async)
setns(0xffffffffffffffff, 0x8000000) (async)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/sctp/rto_min\x00', 0xba45a641e375b9f1, 0x0)
sendfile$auto(r1, r1, 0x0, 0x1) (async)
r2 = socket(0xa, 0x5, 0x84)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x1fe, 0x8000)
r3 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r2)
sendmsg$auto_GTP_CMD_DELPDP(r2, &(0x7f00000001c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000125bd7000fcdbdf0d721a25010000000800020004000000080002001c0000000c0003000000000000000c0006000600040000000c00030003000000000000000c000300ff7f00000000000008000800800000006594b92500643918"], 0x58}, 0x1, 0x0, 0x0, 0x400}, 0x4040000)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x947, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0xfff, 0x7, 0x8001, 0x2, 0x5, 0x3, 0x40, 0x7, 0x0, 0x0, 0x6, 0x2, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd]}, 0x1fe, 0x81)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
modify_ldt$auto(0x1, &(0x7f00000001c0), 0x10)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001cc0)='/dev/input/event1\x00', 0x101242, 0x0)
ioctl$auto_EVIOCREVOKE(r0, 0x40044591, 0x0)
ioctl$auto_EVIOCGREP(r0, 0x80084503, 0x0)
socket(0x2, 0x1, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
msgrcv$auto(0x0, 0x0, 0x1000, 0x8000000000000000, 0xb5)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000)
mmap$auto(0x0, 0x1004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000)
r1 = semctl$auto(0x1ff, 0x100000001, 0x13, 0x9)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r2 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r2, 0x107, 0x12, 0x0, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYRESHEX=r1, @ANYRES8=r1, @ANYRES16=r1, @ANYRES8=r1, @ANYRES8=r2, @ANYRESOCT=r1, @ANYRES64=r1, @ANYBLOB="56f826c0", @ANYBLOB], 0x1ac}}, 0x40000)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x181881, 0x0)
signalfd$auto(0x4, 0x0, 0x8)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/arch_status\x00', 0x80300, 0x0)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card1/pcm0c/sub3/info\x00', 0x1a3443, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000140), 0x80200, 0x0)
io_uring_setup$auto(0x40000002c55, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0)
executing program 1:
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/traceSMB\x00', 0x0, 0x0)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(0x3, 0x0, 0x1f40)
r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f00000004c0), 0x2202, 0x0)
ioctl$auto_USB_RAW_IOCTL_EP0_WRITE(r0, 0x40085503, &(0x7f0000000600)={0xd, 0x0, 0x3})
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x6, &(0x7f0000000000)={0x0, 0xfc6}, 0x6, 0x0, 0x7, 0xa505}, 0x800}, 0x80000000, 0x4008)
recvmsg$auto(0xffffffffffffffff, 0x0, 0x6)
writev$auto(0xca, 0x0, 0x2000000000000003)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event0\x00', 0x2, 0x0)
io_uring_setup$auto(0xc, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x30}, 0x1)
close_range$auto(0x2, 0xa, 0x0)
socketpair$auto(0x1, 0x4, 0x4, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/stack\x00', 0x8a1940, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000)
io_uring_setup$auto(0x6, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0xc0000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2a, 0x2, 0xb)
mmap$auto(0x1, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xffffeffe, 0x2)
pipe$auto(0x0)
executing program 1:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
mq_unlink$auto(0x0)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program did not crash
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [10, 30, 30, 29, 5, 25, 30]
detailed listing:
executing program 0:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cpu.max.burst\x00', 0x80302, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.7/usb8/power/active_duration\x00', 0xc8080, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
r2 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0225020000000800030080"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x20040004)
sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x5, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x5}, 0x3}, 0x40000204, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)=""/17, 0x11)
sendfile$auto(r0, r0, 0x0, 0x3)
executing program 2:
mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x7ffd) (async)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
ioctl$auto(0xffffffffffffffff, 0x4, 0xffffffffffffffff) (async)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async, rerun: 32)
move_mount$auto(0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x77) (rerun: 32)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
socket(0x25, 0x1, 0x4) (async, rerun: 64)
syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 64)
socket(0x10, 0x2, 0xf) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async)
socket(0xa, 0x801, 0x106)
socket(0x2b, 0x1, 0x1) (async, rerun: 64)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) (async, rerun: 64)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv6/neigh/veth1/unres_qlen\x00', 0x382, 0x0) (async, rerun: 64)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080) (async, rerun: 32)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) (async, rerun: 32)
close_range$auto(0x2, 0x8, 0x0) (async)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
sendfile$auto(r0, r0, 0x0, 0x23f) (async)
setns(0xffffffffffffffff, 0x8000000) (async)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/sctp/rto_min\x00', 0xba45a641e375b9f1, 0x0)
sendfile$auto(r1, r1, 0x0, 0x1) (async)
r2 = socket(0xa, 0x5, 0x84)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x1fe, 0x8000)
r3 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r2)
sendmsg$auto_GTP_CMD_DELPDP(r2, &(0x7f00000001c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000125bd7000fcdbdf0d721a25010000000800020004000000080002001c0000000c0003000000000000000c0006000600040000000c00030003000000000000000c000300ff7f00000000000008000800800000006594b92500643918"], 0x58}, 0x1, 0x0, 0x0, 0x400}, 0x4040000)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x947, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0xfff, 0x7, 0x8001, 0x2, 0x5, 0x3, 0x40, 0x7, 0x0, 0x0, 0x6, 0x2, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd]}, 0x1fe, 0x81)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
modify_ldt$auto(0x1, &(0x7f00000001c0), 0x10)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001cc0)='/dev/input/event1\x00', 0x101242, 0x0)
ioctl$auto_EVIOCREVOKE(r0, 0x40044591, 0x0)
ioctl$auto_EVIOCGREP(r0, 0x80084503, 0x0)
socket(0x2, 0x1, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
msgrcv$auto(0x0, 0x0, 0x1000, 0x8000000000000000, 0xb5)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000)
mmap$auto(0x0, 0x1004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000)
r1 = semctl$auto(0x1ff, 0x100000001, 0x13, 0x9)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r2 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r2, 0x107, 0x12, 0x0, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYRESHEX=r1, @ANYRES8=r1, @ANYRES16=r1, @ANYRES8=r1, @ANYRES8=r2, @ANYRESOCT=r1, @ANYRES64=r1, @ANYBLOB="56f826c0", @ANYBLOB], 0x1ac}}, 0x40000)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x181881, 0x0)
signalfd$auto(0x4, 0x0, 0x8)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/arch_status\x00', 0x80300, 0x0)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card1/pcm0c/sub3/info\x00', 0x1a3443, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000140), 0x80200, 0x0)
io_uring_setup$auto(0x40000002c55, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0)
executing program 1:
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/traceSMB\x00', 0x0, 0x0)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(0x3, 0x0, 0x1f40)
r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f00000004c0), 0x2202, 0x0)
ioctl$auto_USB_RAW_IOCTL_EP0_WRITE(r0, 0x40085503, &(0x7f0000000600)={0xd, 0x0, 0x3})
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x6, &(0x7f0000000000)={0x0, 0xfc6}, 0x6, 0x0, 0x7, 0xa505}, 0x800}, 0x80000000, 0x4008)
recvmsg$auto(0xffffffffffffffff, 0x0, 0x6)
writev$auto(0xca, 0x0, 0x2000000000000003)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event0\x00', 0x2, 0x0)
io_uring_setup$auto(0xc, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x30}, 0x1)
close_range$auto(0x2, 0xa, 0x0)
socketpair$auto(0x1, 0x4, 0x4, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/stack\x00', 0x8a1940, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000)
io_uring_setup$auto(0x6, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0xc0000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2a, 0x2, 0xb)
mmap$auto(0x1, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xffffeffe, 0x2)
pipe$auto(0x0)
executing program 1:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
mq_unlink$auto(0x0)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 30, 30, 29, 5, 25, 30]
detailed listing:
executing program 0:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cpu.max.burst\x00', 0x80302, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.7/usb8/power/active_duration\x00', 0xc8080, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
r1 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0225020000000800030080"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x20040004)
sendmmsg$auto(r1, &(0x7f0000000080)={{0x0, 0x5, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x5}, 0x3}, 0x40000204, 0x0)
sendfile$auto(r0, r0, 0x0, 0x3)
executing program 2:
mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x7ffd) (async)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
ioctl$auto(0xffffffffffffffff, 0x4, 0xffffffffffffffff) (async)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async, rerun: 32)
move_mount$auto(0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x77) (rerun: 32)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
socket(0x25, 0x1, 0x4) (async, rerun: 64)
syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 64)
socket(0x10, 0x2, 0xf) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async)
socket(0xa, 0x801, 0x106)
socket(0x2b, 0x1, 0x1) (async, rerun: 64)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) (async, rerun: 64)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv6/neigh/veth1/unres_qlen\x00', 0x382, 0x0) (async, rerun: 64)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080) (async, rerun: 32)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) (async, rerun: 32)
close_range$auto(0x2, 0x8, 0x0) (async)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
sendfile$auto(r0, r0, 0x0, 0x23f) (async)
setns(0xffffffffffffffff, 0x8000000) (async)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/sctp/rto_min\x00', 0xba45a641e375b9f1, 0x0)
sendfile$auto(r1, r1, 0x0, 0x1) (async)
r2 = socket(0xa, 0x5, 0x84)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x1fe, 0x8000)
r3 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r2)
sendmsg$auto_GTP_CMD_DELPDP(r2, &(0x7f00000001c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000125bd7000fcdbdf0d721a25010000000800020004000000080002001c0000000c0003000000000000000c0006000600040000000c00030003000000000000000c000300ff7f00000000000008000800800000006594b92500643918"], 0x58}, 0x1, 0x0, 0x0, 0x400}, 0x4040000)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x947, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0xfff, 0x7, 0x8001, 0x2, 0x5, 0x3, 0x40, 0x7, 0x0, 0x0, 0x6, 0x2, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd]}, 0x1fe, 0x81)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
modify_ldt$auto(0x1, &(0x7f00000001c0), 0x10)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001cc0)='/dev/input/event1\x00', 0x101242, 0x0)
ioctl$auto_EVIOCREVOKE(r0, 0x40044591, 0x0)
ioctl$auto_EVIOCGREP(r0, 0x80084503, 0x0)
socket(0x2, 0x1, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
msgrcv$auto(0x0, 0x0, 0x1000, 0x8000000000000000, 0xb5)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000)
mmap$auto(0x0, 0x1004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000)
r1 = semctl$auto(0x1ff, 0x100000001, 0x13, 0x9)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r2 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r2, 0x107, 0x12, 0x0, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYRESHEX=r1, @ANYRES8=r1, @ANYRES16=r1, @ANYRES8=r1, @ANYRES8=r2, @ANYRESOCT=r1, @ANYRES64=r1, @ANYBLOB="56f826c0", @ANYBLOB], 0x1ac}}, 0x40000)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x181881, 0x0)
signalfd$auto(0x4, 0x0, 0x8)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/arch_status\x00', 0x80300, 0x0)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card1/pcm0c/sub3/info\x00', 0x1a3443, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000140), 0x80200, 0x0)
io_uring_setup$auto(0x40000002c55, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0)
executing program 1:
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/traceSMB\x00', 0x0, 0x0)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(0x3, 0x0, 0x1f40)
r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f00000004c0), 0x2202, 0x0)
ioctl$auto_USB_RAW_IOCTL_EP0_WRITE(r0, 0x40085503, &(0x7f0000000600)={0xd, 0x0, 0x3})
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x6, &(0x7f0000000000)={0x0, 0xfc6}, 0x6, 0x0, 0x7, 0xa505}, 0x800}, 0x80000000, 0x4008)
recvmsg$auto(0xffffffffffffffff, 0x0, 0x6)
writev$auto(0xca, 0x0, 0x2000000000000003)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event0\x00', 0x2, 0x0)
io_uring_setup$auto(0xc, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x30}, 0x1)
close_range$auto(0x2, 0xa, 0x0)
socketpair$auto(0x1, 0x4, 0x4, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/stack\x00', 0x8a1940, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000)
io_uring_setup$auto(0x6, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0xc0000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2a, 0x2, 0xb)
mmap$auto(0x1, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xffffeffe, 0x2)
pipe$auto(0x0)
executing program 1:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
mq_unlink$auto(0x0)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [8, 30, 30, 29, 5, 25, 30]
detailed listing:
executing program 0:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cpu.max.burst\x00', 0x80302, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.7/usb8/power/active_duration\x00', 0xc8080, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
socket(0x10, 0x2, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0225020000000800030080"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x20040004)
sendfile$auto(r0, r0, 0x0, 0x3)
executing program 2:
mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x7ffd) (async)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
ioctl$auto(0xffffffffffffffff, 0x4, 0xffffffffffffffff) (async)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async, rerun: 32)
move_mount$auto(0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x77) (rerun: 32)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
socket(0x25, 0x1, 0x4) (async, rerun: 64)
syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 64)
socket(0x10, 0x2, 0xf) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async)
socket(0xa, 0x801, 0x106)
socket(0x2b, 0x1, 0x1) (async, rerun: 64)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) (async, rerun: 64)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv6/neigh/veth1/unres_qlen\x00', 0x382, 0x0) (async, rerun: 64)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080) (async, rerun: 32)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) (async, rerun: 32)
close_range$auto(0x2, 0x8, 0x0) (async)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
sendfile$auto(r0, r0, 0x0, 0x23f) (async)
setns(0xffffffffffffffff, 0x8000000) (async)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/sctp/rto_min\x00', 0xba45a641e375b9f1, 0x0)
sendfile$auto(r1, r1, 0x0, 0x1) (async)
r2 = socket(0xa, 0x5, 0x84)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x1fe, 0x8000)
r3 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r2)
sendmsg$auto_GTP_CMD_DELPDP(r2, &(0x7f00000001c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000125bd7000fcdbdf0d721a25010000000800020004000000080002001c0000000c0003000000000000000c0006000600040000000c00030003000000000000000c000300ff7f00000000000008000800800000006594b92500643918"], 0x58}, 0x1, 0x0, 0x0, 0x400}, 0x4040000)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x947, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0xfff, 0x7, 0x8001, 0x2, 0x5, 0x3, 0x40, 0x7, 0x0, 0x0, 0x6, 0x2, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd]}, 0x1fe, 0x81)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
modify_ldt$auto(0x1, &(0x7f00000001c0), 0x10)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001cc0)='/dev/input/event1\x00', 0x101242, 0x0)
ioctl$auto_EVIOCREVOKE(r0, 0x40044591, 0x0)
ioctl$auto_EVIOCGREP(r0, 0x80084503, 0x0)
socket(0x2, 0x1, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
msgrcv$auto(0x0, 0x0, 0x1000, 0x8000000000000000, 0xb5)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000)
mmap$auto(0x0, 0x1004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000)
r1 = semctl$auto(0x1ff, 0x100000001, 0x13, 0x9)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r2 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r2, 0x107, 0x12, 0x0, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYRESHEX=r1, @ANYRES8=r1, @ANYRES16=r1, @ANYRES8=r1, @ANYRES8=r2, @ANYRESOCT=r1, @ANYRES64=r1, @ANYBLOB="56f826c0", @ANYBLOB], 0x1ac}}, 0x40000)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x181881, 0x0)
signalfd$auto(0x4, 0x0, 0x8)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/arch_status\x00', 0x80300, 0x0)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card1/pcm0c/sub3/info\x00', 0x1a3443, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000140), 0x80200, 0x0)
io_uring_setup$auto(0x40000002c55, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0)
executing program 1:
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/traceSMB\x00', 0x0, 0x0)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(0x3, 0x0, 0x1f40)
r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f00000004c0), 0x2202, 0x0)
ioctl$auto_USB_RAW_IOCTL_EP0_WRITE(r0, 0x40085503, &(0x7f0000000600)={0xd, 0x0, 0x3})
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x6, &(0x7f0000000000)={0x0, 0xfc6}, 0x6, 0x0, 0x7, 0xa505}, 0x800}, 0x80000000, 0x4008)
recvmsg$auto(0xffffffffffffffff, 0x0, 0x6)
writev$auto(0xca, 0x0, 0x2000000000000003)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event0\x00', 0x2, 0x0)
io_uring_setup$auto(0xc, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x30}, 0x1)
close_range$auto(0x2, 0xa, 0x0)
socketpair$auto(0x1, 0x4, 0x4, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/stack\x00', 0x8a1940, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000)
io_uring_setup$auto(0x6, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0xc0000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2a, 0x2, 0xb)
mmap$auto(0x1, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xffffeffe, 0x2)
pipe$auto(0x0)
executing program 1:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
mq_unlink$auto(0x0)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0

<<cut 1578994 bytes out>>

147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 12, 5, 25, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 0:
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/traceSMB\x00', 0x0, 0x0)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(0x3, 0x0, 0x1f40)
r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f00000004c0), 0x2202, 0x0)
ioctl$auto_USB_RAW_IOCTL_EP0_WRITE(r0, 0x40085503, &(0x7f0000000600)={0xd, 0x0, 0x3})
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
mq_unlink$auto(0x0)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 11, 5, 25, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 0:
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/traceSMB\x00', 0x0, 0x0)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(0x3, 0x0, 0x1f40)
r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f00000004c0), 0x2202, 0x0)
ioctl$auto_USB_RAW_IOCTL_EP0_WRITE(r0, 0x40085503, &(0x7f0000000600)={0xd, 0x0, 0x3})
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
mq_unlink$auto(0x0)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 10, 5, 25, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 0:
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/traceSMB\x00', 0x0, 0x0)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(0x3, 0x0, 0x1f40)
r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f00000004c0), 0x2202, 0x0)
ioctl$auto_USB_RAW_IOCTL_EP0_WRITE(r0, 0x40085503, &(0x7f0000000600)={0xd, 0x0, 0x3})
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
mq_unlink$auto(0x0)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 9, 5, 25, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 0:
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/traceSMB\x00', 0x0, 0x0)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(0x3, 0x0, 0x1f40)
openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f00000004c0), 0x2202, 0x0)
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
mq_unlink$auto(0x0)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 8, 5, 25, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 0:
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/traceSMB\x00', 0x0, 0x0)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(0x3, 0x0, 0x1f40)
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
mq_unlink$auto(0x0)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 7, 5, 25, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 0:
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/traceSMB\x00', 0x0, 0x0)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
mq_unlink$auto(0x0)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 6, 5, 25, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 0:
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/traceSMB\x00', 0x0, 0x0)
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
mq_unlink$auto(0x0)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 5, 5, 25, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 0:
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
mq_unlink$auto(0x0)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 4, 5, 25, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 0:
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
mq_unlink$auto(0x0)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 3, 5, 25, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 0:
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
mq_unlink$auto(0x0)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 5, 25, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 0:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
mq_unlink$auto(0x0)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
minimized 29 calls -> 2 calls
minimizing program #4 before concatenation
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 4, 25, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 0:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 3, 25, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 0:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program did not crash
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 3, 25, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 0:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 2, 25, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 0:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 25, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 0:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000001200)={{&(0x7f0000000100)="17246e7794873deec864ea5e47975ffb3ccc7984c0be195a9f0ed09bc0e762819f25fa1a777dbbde195177557d4f26a76732f15746b63d0c3868059d0e5ea73f7189f3567b774d41de16d5ef3bf9ff71aa00e7441407c7ddc3bcbc25e69831b3651df18b30ae81782204d1efd7971ceb0145a60d578b6093a4d69c39824669994c4c47ebdf7d401d6e792c672375a2cf20b3f795e88a8abbcdcce72a51d58ce76ec4959e59285729736c92707e3749", 0x6, &(0x7f0000000080)={&(0x7f0000000000)="2e26199ffdc367279dc3fc1bd94df0", 0x9}, 0x8e8, &(0x7f0000000200)="02e0c31653f3aba965850f5a39703aba767e99d687995d5b8eb5802addf8e18819323a356aa029f868f7b520c5fbc701ece2c05bc25e391f5a8ed72d6a2c69236a16ed142c29113448c7b9d1583b28eb538e411f2efa66fc458438bfb8c128cb5634239459454b648e640bb7ccdc3a11170705a7358f10d3ceede386b6b209d4ededcba2cb2742e0d535cae099ffcd0793686a40eb517b1ffc25d8f350236bfedf9d053f555043cc761148310042927e57c1c87952501702541bee6c085e80c29420fcc2156ea2522ec2464c8ef7d3c4c8e3850e05650b798a2b6eedc77d21d6b4c54316676d17e4467ccc06f6eb68d5732fafe3dbba26723bfc7d51262549efeb465f6fbebfb01e938c8c8cd5c05e9e6cec6e1a9aa6f39b83f3d4722c81a9795aa0478602c0a52279d9c300e387d296f7da6868a2d76f68f325d0052a2d670d0ddf4fe89593f6490b3afa7fccec0fc9c26bbcdb1176aaa162a70ee3d3d8618209bf99dee748d1957d527385467169aadc56fb3ab9c8bce0eccb53d31cb73b81a976024173af14d091e8478395864ecabb4f6f6ac7c641b95d9113e33111544a56ba10d172dca9c1d53931115b56c07a5c86dd77c948a7bf43c4532647d631cd775632737a3a942c0a1cf8b228c584675bc5d461e006f9d200af3a695060e7ab5be5cf8753ab726205eabf13c464b6a41d1d5f9063af59f661879a3a7f23528c4a15ffd097d3500efdc6b74b1d0d4f9bc4782dce33545e0a47ebb5fff96730dcd6b603e4a4b748b9bb7fd47a36feb1d94b0ef21f7c14dee900a3a833143f56c62d06098e8241d433cf1bc293014506b5fea9def95731e7d7c9d8cee5da3bfb12a986810fcebd201027720148530d92d801a395217744a4604afd7d507e27f982dd178b65dbe3c025d8a1ec18cfe3b828646ad2c59facce6e5e6915b1b0ffa9b9e1a9639c94d9fb898116636c1f5afca8d997da3eccd9d9ee460df8ead2832117af7f1b36bc14ad35244f7c1f0381e748d57cfe67028a0d6319eea3ae65319971542667a08822e7cf08cb90d4681d687b14c525bad9cfcb6f88dede0f3630639642235db4e1a77bd008a9b89b7c11a2aa4d138f5220afd6a429ec32c0a99dcfe3bbc03a423cd5a68ccc8d3744f7cc2bf9c05bc4094ab030d3e42a6d9cf857d4659f8f255a8d93f82565ccaa9f1e7c14caf5ddeae549a8b410304d6ce8b94b34f2fb5d189cb808507b635665a3a538da68ff18a01cb6c258a404fbe52dcafd86ed78492998e11c671d390efd60d750bdf15d457f2d3c4b4cb44aa8a7164637f1c607b352675996f6d9a959e8e29dbfc86c249d8475123e7a5d3090f9364480dc06677376c2879d6f5641b9933f5b3b2efe6daabad4fe79f59900772398d63f0390bed8be7216175b9e4b61713935b3fc55c1c4902f66cadc44601caec1e5bd68be35249798968290a0a9b9ef3a66f6aabf1c1f9a26fd8866bf945bd00071aedf19017f86098cb5dce0c1219e5a852d052ba990221b4936a8a73c07f787a5df7887df8fe318b5bd1335bea33d3101affcf183fe208809e7895aac000629c371085fdff4ad82b899b6b1d6e7988af609e7f96b282b4cf11713976619565e0bd615b01e03fc45d3ff7b1424d8761b2c7bd6d2fb6b69a6adc00667c1e241119f2e17eaf866d4026f117e1bcf0d3ca95b4decef6fe5adaa99406dc0b2773ec21d99d272f3a6ad5332334fa1d032d84d44d759dea9fd94ee072bfdba53be0a116655be0b15f80f95b8be9ecd3bec8ff27b8f6767fa909e5e1ee585ba0760132138df6dddfe2460250961545e5bc388ce1be2664156106263726f70d6aea2a4c1be870e593f3755573baabe8a0e107bd38158f6b596ffe789949918f5ce64d0038c1e9f5a511130ab3e3005b073ccdb5fa40d5a8c4d0449bce7802c9b149cb3736164453e14e0b3012f84b79103649b833b651b56726f46ce318e3ee09d08a74227c6eda2baa66b682198a3df249d5d4e2a36d0d50ce30c47f504d2603f91746e7300e1766220c5f739a6e56b336b815f8eb4f80cc8e24c1daa2321ae693cf6f5f59040e74d888266b3e9bbd117171be4fbf802d18a94c263158bd7539db560a34acbc4d127d396760a6e4937c8511ee16224471b5095264ce00473e975e203d6296c556e1b4df8f7f415bf2f14f042b1e1014b917b8399736483bf85ee55facc4ef8e8ceb4ccd2ea00e1c6b29041e100fdec857b04f90c54d13044bf0132a8521285e9b58d5471fea0f0386457409e05b78873601ee24196751a7566cc228dc11d0dcb90b0e49ddf3e7821d65503d6196a0c24615eaf07b18a95444bedd3640c311b7e1cd5f979d2830d6fff023c632c6f2df19632dcc1b59eca40dfe71b24032da3beaf64effcc104093a90047cc2751d6ff2657582a8cedec200916c3a9444d09713d800756405b761d5f89602c6ecfedc89ab1079d4747dc68122ea6e7526bb10a821d487d9966391a0fb2b13d08c1e219dbf3d9079433610d50a190963be0f790f3f822597965e5f2042f6b28c5e23165cc554c8f8923762d671a652b2604bb4733f3828d7cca6b32590b7c7a33ea3a7d692cb49bad916fe9b1a709a534856bbf79b74138fc4126ffd7fac912423e17aece3462bb290e326ab40c56a61d7e4246672857e074af8c979d12a55f0a9a4834f22a01348104faf4fcf78f9c594a179666398b306425c4820535c68a7e66528d0151bbd820e6c9c033d64d240ef4b0f8742a86287ffe6a47ab3acc37bc810872f0bb4adabe44131a54e2db8f024d963ae07452883d753955404f608bdd0a9eced864747449693f54172003e44eeb2eb7f43517ce2f60c21a6a6bf48bca05d8ce6b405e0cecf9a35f1df8ca081438c009700e00287b2ea1b7c09759b69f2720885d721cf4242b9800e8a7feca881ee63fdaa4dd72fab7cf333ed88c237ae584d85fed3fb8cec577d06c345176aed0a6879fd6562bfc5475f35636c8f7cb56c9dd748319b606fc985597362af674e9036e908313f22a7a6a255bf30081b43d830b6e1f61ef26bceb84e682625213ea18d5104ef73fe49f11661df1159fac28127f46a5da507d872a008228504bbb96c4edd5e698dbb22fea5015a7e02d7f778bf6fa524e9f9fc195b0a47d5398499d6dc18e0f0528dea5d6207fb5103d15b30fec40cb64cda0d6d97e141d75b14efeb2808c37fc01ac8a402f543af636ab41ba382b21f123180c04c008dc2e34ce9431b3b4aa401a2d3d9d4c6f65c4f159fb37f650d8288d16675eaade9440adf3a8a86e0864d86d4faa48f78a48c45d9a65d770e0e23214bac72fd151e5bfee9f2be016f5a85ad91ef7ef77932d616a3890fa828b68edfa5f6d61d694f6dcf4e8b2e7bdc596dc831becfeac84f26ee0d8b64edfb3dd129d15a097c13fc11e36866f74c6fef0acdeb981ff4480630c963c5e6771f1d4daa4c14478c30d27a64a2507d78c3697eed6a1a487020b4b3a9289c34593224891c1d9e49a9e5c6c5e0dabc1cde31f4242c34f2c6932d359cc5e2291c25ffb8f43862dc99ac327ff5169873d496625dc0bd8f36568deb3daa7e427a17bb3d248101cf8765a7405a16ef53b6c3a2e62a14a61117253b00ac503dac5c717327f0f74fe6e3047e22f3ae4c73ef026186ab36066024fbc9eea4f101db8926780d28ce911c67f0e50279e2d0348c92ddbb608a061858cd18a3d567189e477fa4b5743b547c2b2570d705d258593089a7a808b9169290125327dfead7c2c194b453fd28b00beb3fdd74483cce70fcef6197491500d54d4e3d6a9cbe4991c1b47d4a43ea96ba431625b78d1d9ab76e2d5f75857f0d7094737df09c62f6190eed54c1f404de5c33a0a1e482641bf8b9d31d616363acc4c3419e6916cee023b2edd2bf2813169702aa15fb535abe0484b66e29ee2bf28153f3fb8c43d9efd9199bc900bf02c89501d65faf70426538aec9f519a7b13c24cd2c6602bf5deee6cb7533480a140ea32b732f83d5e6d5d6823989531742853a43460b7974f780a8a4edc76e3df71014cebcdd0ac60006f0c6b22f3c8ce8e859c06ae529b1dd4d854f2f158fda72bc86d8a5cea665b8b401e263bbef5975dd275600eb663355e8f80cafefb42a918a7c077ac03d6beaca124c47743ba084fcabaf7ab782018e1575ce74fe70bb6b61ad474b645cc69aa83b50c323d7d0f07c85383a8f588ea3c124c71655160464250447b2ddcc5e6cb082488ac9ae2fbd359d2c1e69f10a7171a75ca6ce5b328c3407ce40559b7bfa37471bff5dc2caf5ffafb6f7f21b2b1dbe83eafcd58b76987807c8e023ce06a77b3f57925e327fad6ce2dd72f713631a6b016c07fb19a3c4cfdb6e77122cc79f37aa03aaa7286c3748016abea1641f9ac9fef3a73842484fa562d3f0798b6e8b8ff47d3a50252efb86466a5ca71ab54542800882f053bd8eb870be68ab3f3fa0300348f21640a48183d4ab14a57bf7a3651073558aabe7a95cc12cd422de147fc8d8fa6e369aea30f1af78d169642e6dc55438c5549c0a32a0649b957c3064d1c2a108ab2f5efbc183b97b5fef39c4de38efbaf5799712256da8aaa811952be6fdf1ae6ebe5ecf1af6b5169bd9bdb7362f7216fdddc7d7e0c820dc0993b12dd9e26e96be3d1870336282550caaf25ac48bf9fb984aa0ac60b042c5dcae8039c6d52cb14a715a0a84080c7b46d1c030fdc18a2cac5453375d0aa0827f567a777f1224d489695e7c5089931c0de128fba8c3ea98d66acf3b82ce4bab7fbaf4bfde9e4db461d1276e3bd0f955cf7cbc655d64a98f463b1028f691881dca0c185d1a7df149fd9c9805f9b3869c256a6a9c2e87fc787c3a2154b225af48db977a61cc7ae74afda9a1ee6ce39f08384d96d695286dc6c2dd7492fb44c06b55dc2f65355e8c066801e185f38b61cf81be2e0eb25612d11d3a0ad0b7485c5e490655f178e01b5375e4d30df04dc3a8960f45ea14de0aa19d23e8ef5a97fe30d7d845a782487bba8a387d4cd48c789b948b943f434eb0e2942ef983d1e1a9ceba68718c0200dcbc1e701b9028e6e97d54353c24faea9c42076175bf2f8850bf5812302ce17f0914f65a84106dfb36bfeb7061ece9266ecba3e49cebb15757d372a85c2332efdee9f59834c53a3185429e9be5127d6189498aec48bfe74299da789e8364e19dbb3ced79babd94d96ffb14dd6f33c81beaf94516405cd4d421fdaf51320ad4d98ba620a4a6589db38f6ee940b7152bcb6d8f8340f1f193ceb78f81c4bc226589a5a716e70b6f1942af1c13709174a8b5660ef7bbbe703d634aca7bc1fece3eb69f05e85ede8b548bf47004c5fdf857895370dd21cb7c69b17a97cb7424c4b3ecd979d7370e19e1090fcf993c07b26dd680400e2743afec38270d17c5f06602e5565b12f229ba068b5c09bdf32d4fc5f2bbd135b68340fdd191928fe9602321ec990b00653090b6e59feb9915ca665b539507f1be3264d98ed83f529d9e3ace58bd2d09bb55cf4d33ad637e640220ae2beb7733954594767df762f01fd4abe8a913d4bbe5f7ccc8f4bddfab39cf80266bc9689041b118c7355cee518f55ef45edf07462a49390e667f12edfd84ddbcdbe716110efdf2927e85f0f28deff95b47880ce60aaaf2cc18d23870c3e2919860f18ece3260f0200a15f79282ccdabf29aff64ab8fc1b723c3006f34e55e2c563a2f1b4009b391b103d3cf077f27ca733ed351197f10386009bab2e5614ab9ed20b39c564bca095ea17565abc9a13c11f9dde842f0ad36", 0x3, 0xfff}, 0x2}, 0x0, 0xfffffffb, &(0x7f0000001240)={0x7, 0x284})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
minimized 5 calls -> 1 calls
minimizing program #5 before concatenation
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 24, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
write$auto(0xffffffffffffffff, &(0x7f0000001340)='7\x04\x00\x00@\xff\x90D\xe8=;d\xd7;\xfb\x7f\xcb\xab\xa7f\xf9D\xb5\x1a[\xad', 0xffbffdef) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 23, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async, rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 22, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x0, 0x20000000000006)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 21, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
setfsuid$auto(0x0) (async, rerun: 32)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 20, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
setresuid$auto(0x8, 0x8, 0x0) (async, rerun: 32)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 19, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 18, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 17, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
read$auto(0x3, 0x0, 0x7fffffff) (async, rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 16, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 15, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
io_uring_register$auto(0x2, 0x6, &(0x7f0000000040), 0x1)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 14, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 13, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0) (async, rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program did not crash
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 13, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 12, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
close_range$auto(0x2, 0x8000, 0x0)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 11, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (rerun: 32)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 10, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
socket(0xa, 0x801, 0x106) (async, rerun: 32)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 9, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 8, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 7, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
close_range$auto(0x2, 0xa, 0x0)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 7, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 6, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 5, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 4, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket(0x2b, 0x1, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 3, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 30]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
r8 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r8, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0xd}, @SMC_PNETID_IBNAME={0xe, 0x3, '/dev/ptmx\x00'}, @SMC_PNETID_IBNAME={0x1d, 0x3, '/sys/kernel/irq/12/hwirq\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x404c004}, 0x40084)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
minimized 25 calls -> 2 calls
minimizing program #6 before concatenation
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 29]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])
syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), 0xffffffffffffffff)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 28]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r7, 0x0, 0xe)
ioctl$auto_EVIOCSKEYCODE(r6, 0x40084504, &(0x7f0000000240)=[0x9, 0x1])

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 27]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r6, 0x0, 0xe)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 26]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)

program did not crash
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 26]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r3, 0x7)
write$auto(0xffffffffffffffff, 0x0, 0xe)

program did not crash
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 26]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x1, 0x0, 0x1}, 0x18)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r6, 0x0, 0xe)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 25]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r6, 0x0, 0xe)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 24]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
write$auto(r3, &(0x7f0000000140)=')-+\xa2\x00', 0x6)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r6, 0x0, 0xe)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 23]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r6, 0x0, 0xe)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 22]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r6, 0x0, 0xe)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 21]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r6, 0x0, 0xe)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 20]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r6, 0x0, 0xe)

program did not crash
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 20]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, r2})
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r4 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r4, 0x0, 0xe)

program did not crash
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 20]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r3, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x4, <r4=>r2})
sendmsg$auto_NL80211_CMD_DISASSOCIATE(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r5 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r5, 0x0, 0xe)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 19]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r2, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r3 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r3, 0x0, 0xe)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 18]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r2, 0x89a0, 0x8)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r3 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r3, 0x0, 0xe)

program did not crash
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 18]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r2, 0x89a0, 0x8)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r3 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r3, 0x0, 0xe)

program did not crash
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 18]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r2, 0x0, 0xe)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 17]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
mmap$auto(0x0, 0x20000000009, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r2, 0x0, 0xe)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 16]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
ioctl$auto(0xc8, 0x800454db, 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r2, 0x0, 0xe)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 15]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r2, 0x0, 0xe)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 14]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r2, 0x0, 0xe)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 13]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r2, 0x0, 0xe)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 12]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r2, 0x0, 0xe)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 11]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r1 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r1, 0x0, 0xe)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 10]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40010)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r1 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r1, 0x0, 0xe)

program did not crash
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 10]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r1 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r1, 0x0, 0xe)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 9]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 9]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000)
read$auto(0xffffffffffffffff, 0x0, 0x20)
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 3, 2, 1, 2, 8]
detailed listing:
executing program 2:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
executing program 2:
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
executing program 1:
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
executing program 1:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
executing program 0:
read$auto(0xffffffffffffffff, 0x0, 0x20)
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
minimized 30 calls -> 8 calls
testing program (duration=46.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendfile$auto-socket-socket-openat$auto_tracing_pipe_fops_trace-openat$auto_kernfs_file_fops_kernfs_internal-statmount$auto-prctl$auto-mmap$auto-socketpair$auto-ioperm$auto-mmap$auto-socket$nl_generic-io_uring_register$auto-read$auto-openat$auto_proc_fail_nth_operations_base-close_range$auto-mmap$auto-sendmsg$auto_NL80211_CMD_DISASSOCIATE-socketpair$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
socket(0x10, 0x2, 0xf) (async)
socket(0xa, 0x801, 0x106)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2800, 0x0) (async, rerun: 64)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000)
socketpair$auto(0x1, 0x4, 0x4, 0x0)
ioperm$auto(0x10001, 0x6, 0x2)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000300)
socket$nl_generic(0x10, 0x3, 0x10) (async)
io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) (rerun: 64)
read$auto(0xffffffffffffffff, 0x0, 0x20)
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
bisect: concatenated prog does not crash
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): read$auto-openat$auto_proc_fail_nth_operations_base-close_range$auto-mmap$auto-sendmsg$auto_NL80211_CMD_DISASSOCIATE-socketpair$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
read$auto(0xffffffffffffffff, 0x0, 0x20)
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
single: successfully extracted reproducer
found reproducer with 8 syscalls
minimizing guilty program
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): read$auto-openat$auto_proc_fail_nth_operations_base-close_range$auto-mmap$auto-sendmsg$auto_NL80211_CMD_DISASSOCIATE-socketpair$auto-openat$auto_force_devcoredump_fops_hci_vhci
detailed listing:
executing program 0:
read$auto(0xffffffffffffffff, 0x0, 0x20)
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): read$auto-openat$auto_proc_fail_nth_operations_base-close_range$auto-mmap$auto-sendmsg$auto_NL80211_CMD_DISASSOCIATE-socketpair$auto-write$auto
detailed listing:
executing program 0:
read$auto(0xffffffffffffffff, 0x0, 0x20)
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
write$auto(0xffffffffffffffff, 0x0, 0xe)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): read$auto-openat$auto_proc_fail_nth_operations_base-close_range$auto-mmap$auto-sendmsg$auto_NL80211_CMD_DISASSOCIATE-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
read$auto(0xffffffffffffffff, 0x0, 0x20)
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0xf0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000004}, 0x88)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): read$auto-openat$auto_proc_fail_nth_operations_base-close_range$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
read$auto(0xffffffffffffffff, 0x0, 0x20)
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): read$auto-openat$auto_proc_fail_nth_operations_base-close_range$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
read$auto(0xffffffffffffffff, 0x0, 0x20)
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): read$auto-openat$auto_proc_fail_nth_operations_base-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
read$auto(0xffffffffffffffff, 0x0, 0x20)
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): read$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
read$auto(0xffffffffffffffff, 0x0, 0x20)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_fail_nth_operations_base-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_fail_nth_operations_base-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_fail_nth_operations_base-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
extracting C reproducer
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_fail_nth_operations_base-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
simplifying C reproducer
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_fail_nth_operations_base-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_fail_nth_operations_base-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_fail_nth_operations_base-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program did not crash
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_fail_nth_operations_base-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_fail_nth_operations_base-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_fail_nth_operations_base-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_fail_nth_operations_base-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_fail_nth_operations_base-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_fail_nth_operations_base-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_fail_nth_operations_base-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program did not crash
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_fail_nth_operations_base-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_fail_nth_operations_base-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_fail_nth_operations_base-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_fail_nth_operations_base-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_fail_nth_operations_base-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_fail_nth_operations_base-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
reproducing took 6h32m32.395304023s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: vmalloc-out-of-bounds in skb_put_data include/linux/skbuff.h:2752 [inline]
BUG: KASAN: vmalloc-out-of-bounds in hci_devcd_dump+0x142/0x240 net/bluetooth/coredump.c:258
Read of size 140 at addr ffffc90000ace000 by task kworker/u9:0/55

CPU: 1 UID: 0 PID: 55 Comm: kworker/u9:0 Not tainted 6.15.0-rc5-syzkaller-00136-g9c69f8884904 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
Workqueue: hci0 hci_devcd_timeout
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:408 [inline]
 print_report+0xc3/0x670 mm/kasan/report.c:521
 kasan_report+0xe0/0x110 mm/kasan/report.c:634
 check_region_inline mm/kasan/generic.c:183 [inline]
 kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189
 __asan_memcpy+0x23/0x60 mm/kasan/shadow.c:105
 skb_put_data include/linux/skbuff.h:2752 [inline]
 hci_devcd_dump+0x142/0x240 net/bluetooth/coredump.c:258
 hci_devcd_timeout+0xb5/0x2e0 net/bluetooth/coredump.c:413
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

The buggy address ffffc90000ace000 belongs to a vmalloc virtual mapping
Memory state around the buggy address:
 ffffc90000acdf00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc90000acdf80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
>ffffc90000ace000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
                   ^
 ffffc90000ace080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc90000ace100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: vmalloc-out-of-bounds in skb_put_data include/linux/skbuff.h:2752 [inline]
BUG: KASAN: vmalloc-out-of-bounds in hci_devcd_dump+0x142/0x240 net/bluetooth/coredump.c:258
Read of size 140 at addr ffffc90000ace000 by task kworker/u9:0/55

CPU: 1 UID: 0 PID: 55 Comm: kworker/u9:0 Not tainted 6.15.0-rc5-syzkaller-00136-g9c69f8884904 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
Workqueue: hci0 hci_devcd_timeout
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:408 [inline]
 print_report+0xc3/0x670 mm/kasan/report.c:521
 kasan_report+0xe0/0x110 mm/kasan/report.c:634
 check_region_inline mm/kasan/generic.c:183 [inline]
 kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189
 __asan_memcpy+0x23/0x60 mm/kasan/shadow.c:105
 skb_put_data include/linux/skbuff.h:2752 [inline]
 hci_devcd_dump+0x142/0x240 net/bluetooth/coredump.c:258
 hci_devcd_timeout+0xb5/0x2e0 net/bluetooth/coredump.c:413
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

The buggy address ffffc90000ace000 belongs to a vmalloc virtual mapping
Memory state around the buggy address:
 ffffc90000acdf00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc90000acdf80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
>ffffc90000ace000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
                   ^
 ffffc90000ace080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc90000ace100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
==================================================================