Extracting prog: 7m17.478731066s
Minimizing prog: 9m27.833133413s
Simplifying prog options: 0s
Extracting C: 2m26.916359951s
Simplifying C: 33m33.016812694s


extracting reproducer from 31 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
single: failed to extract reproducer
bisect: bisecting 31 programs with base timeout 30s
testing program (duration=37s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [14, 25, 3, 26, 3, 30, 30, 30, 24, 5, 24, 30, 29, 28, 3, 3, 5, 5, 30, 2, 27, 29, 3, 5, 25, 3, 30, 1, 30, 30, 3]
detailed listing:
executing program 3:
openat$auto_ftrace_formats_fops_trace_printk(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/printk_formats\x00', 0x244000, 0x0)
mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_ucma_fops_ucma(0xffffffffffffff9c, 0x0, 0x101002, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x18dd01, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0)
r1 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/smaps_rollup\x00', 0x1a3000, 0x0)
pread64$auto(r1, 0x0, 0x12a, 0x8)
ioctl$auto(r0, 0x5403, r0)
executing program 3:
r0 = socket(0x2b, 0x6, 0x4000001)
syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000100), r0)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000280), 0x42440, 0x0)
socket(0x2c, 0x80003, 0x0)
setsockopt$auto(0x3, 0x11b, 0x2, 0xffffffffffffffff, 0x9)
r1 = prctl$auto_PR_SET_VMA_ANON_NAME(0x4, 0x0, 0x0, 0x7a, 0x7)
poll$auto(&(0x7f0000000180)={<r2=>r1, 0x72d7, 0x7}, 0xffffffff, 0x80)
writev$auto(r1, &(0x7f0000000140)={&(0x7f00000000c0)="bbc69f44294e96f44775c8ae2f799d5b6cd3299545567a43016b6aec10e08a4fb9dbbca984cc42f44cdd54999180d823053a2bcc3081d962d5d7782de2cd2ad59a53569f780f1c9034ccad3581883cc6b1a76687a38c9eeb864081f5aa5c16157d43f44f0da3d1f57668fd3b292a2de512328f62", 0x3}, 0x8)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0xa2741, 0x0)
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x618b40, 0x0)
write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
r4 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x40000)
recvfrom$auto(0x3, 0x0, 0x2395, 0x40000100, 0x0, 0xfffffffffffffffd)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x2, 0x0)
write$auto_ftrace_set_event_notrace_pid_fops_trace_events(r2, &(0x7f0000000340)="953061f68a8c9b2b4c1b5f59f6657c6b8c86097003190f28a192556619af53b6bd94aace8ea0eedf68a7ee62670072c35a4843b0e7a61ececf0e7d1906e72152f624c23def5929e0cf1a2630978181842d6bff639ae2bb57092e4282f3b588b925a7257f0428b681c7ef2aaec8ae085a3c02a6970802ea9dbe370b6eebf92537c78b35d1ca", 0x85)
executing program 3:
syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_TIPC_NL_MON_PEER_GET(r0, &(0x7f0000006140)={0x0, 0x0, &(0x7f0000006100)={&(0x7f00000034c0)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x4401}, 0x4c848)
executing program 3:
r0 = socket(0xa, 0x801, 0x106) (async)
unshare$auto(0x40000080) (async)
socket(0xa, 0x1, 0x84)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) (async)
madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async)
close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async)
open(&(0x7f0000000100)='.\x00', 0x0, 0x408)
getdents$auto(0x0, 0x0, 0x700) (async)
r1 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000040), r0) (async)
r2 = getpid()
process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000040), 0x40000100000001}, 0x6, 0x0) (async)
r3 = setfsuid$auto(0xee00) (async)
r4 = setfsuid$auto(0xee01)
setresuid$auto(r3, r4, r3) (async)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$auto(0x10, r5, 0x4, 0x7ff) (async)
wait4$auto(r5, 0x0, 0x0, 0x0)
r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$auto(0x10, r6, 0x4, 0x7ff)
r7 = set_tid_address$auto(&(0x7f0000000080)) (async, rerun: 32)
r8 = gettid() (rerun: 32)
syz_open_procfs$namespace(r8, &(0x7f0000000040)) (async)
shmctl$auto_SHM_INFO(0x4, 0xe, &(0x7f0000000180)={{0x40, <r9=>0xee01, 0xee01, 0x3, 0x4, 0x3ff, 0x2}, 0xffff, 0x7, 0x4, 0x8, @raw=0x8000, @inferred=0xffffffffffffffff, 0x3, 0x0, &(0x7f00000000c0), &(0x7f0000000140)="3f3fd7bc277e1d391e735f7de79d0d25de5578060724d67bd3ae1deb393187ab031e721ba1da95704de1ba269a"})
sendmsg$auto_IPVS_CMD_NEW_DEST(r0, &(0x7f0000001c80)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000001c40)={&(0x7f0000000200)={0x1a20, r1, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0x288, 0x1, 0x0, 0x1, [@nested={0x38, 0xb, 0x0, 0x1, [@typed={0x7, 0x139, 0x0, 0x0, @str=';*\x00'}, @nested={0x4, 0xc6}, @typed={0x5, 0x102, 0x0, 0x0, @str='\x00'}, @nested={0x4, 0x88}, @nested={0x4, 0x11b}, @typed={0x4, 0x1e}, @nested={0x4, 0xd4}, @typed={0x9, 0x11d, 0x0, 0x0, @str='}%*-\x00'}, @nested={0x4, 0x150}]}, @nested={0x130, 0x7, 0x0, 0x1, [@nested={0x4, 0x5b}, @generic="af90e6db6f2bdf2c3d27cde02f2ea68ed40fce2c899714137df9ef5924f95ab4984d07aff4026acd217d1633d847bc1178fa1ac2be18f74e140b988a8fe54bc5c6890d08e6121989bb55a7c5f1484492546aa6ba4442ad182e332d49c0855e353712332a54d60fb28ba89773dafa5f9868619d1d", @generic="f2092cf55a7b4281623edf62af044d194f779785d40906bafd0628bc4f5cab32f0f56ea08e80a2d54c34b97f505086ee74d57e68ef8df64107623b45a5f926e1ec456eb8444bb287ead12c57f7d4b92784cfab42de113270cdfe70bd6da24357091fac246cc95cb11dd15db27340f8b773a0e2ca27b56f174d984e32469bdf831d7fc104e706f94b016dffd6056d2369e9c17126ff2f81a73af52c513a71dabb", @nested={0x4, 0x105}, @typed={0x8, 0xd0, 0x0, 0x0, @pid=r2}, @typed={0x8, 0x10f, 0x0, 0x0, @uid=r4}]}, @generic="1aa847edb68fbd1c43ea5c53e19421124862e3317c25a91f6bf4e87bf0ced8a4b7145899de3f7dbb4e5d768622f2ce044804d3077da7df67fa0d970169e9dbc9bb13c4917d112711a5a6a3c85e2f1b353af6cf748917236e1ff5c31f282c1f652705aeceef8b5fdbadbede65541da58cec6ccdc02e67d239e20a35479a89557e715d941fd7762edf480bff6824a158fd1b4cd6600634948745cffd9bb4d8", @generic="25a896f215059890014749586ac33265510f99ea4c047501d8feed9e73d01a87b4473cb003021cfb3ad8c51af80a47fd2d58a806d1665139ab287de153d0cccdef4b0546bfcfb0dac3607cfb11631163f4407b5013a8e9b5ea28b1f22ec82597766ad38a75589fced34c20da95deb92a82024ca67bbb031427631e321763"]}, @IPVS_CMD_ATTR_DEST={0x270, 0x2, 0x0, 0x1, [@nested={0x269, 0xac, 0x0, 0x1, [@typed={0x6, 0x54, 0x0, 0x0, @str='\'\x00'}, @nested={0x4, 0x121}, @generic="7fa3c4d40873855c49160914f83e2bff0aa4662dcf929dc860bdcecac0f102010b63a62fe06c9db87dbb9f9d76616a47e0db7debc8c9d484", @generic="9b38dff34a45d2717563d6a905c500b9fb4e54ef89797c5c7d2054629158e97ed9698a440d954b2aae967c395ea584cf6f1d860190a66f648db399da8bb7f00ec03997551f123e15539d7653504e4fbafac278a3c82c7c", @generic="ecfff98783e1eaca00504f450b985dd7152d1fbfd4c3521b6edfe0b8c707e3a625c72afef12dde315c2aa852b3eb46eb", @nested={0x4, 0xcb}, @generic="fcc105a651b000b8c588094f4404534966b4242741c1f4aa9759dece5ae85e78f89546121839d502daf671c45db76fe3d3348eb94377f2927637d6a8981dbe6c1cf529151a665af4714c20c0201decc910000ec3727f28c2b33be1d0daaf1aba887a4adc363909fc13fc835c16e42481becf467b63f69d65333948dc250e8e8539f554ba2cd7a5609f17b21ea4aeb6534c95dd79b5c709739d88b2702dfa73305d656bc4be80318e4d83db1e35325bd15b74c8415ef0d319f58132de7590b072e7bd4ec97e2d98c5f92a9c442129986cbf90f3348e0fc9b1e765b428890589be056d0843255764c49a64c64aa3ea2c59f33f", @typed={0xa2, 0x11f, 0x0, 0x0, @binary="796c3aa08e2701c205538cf571116730886960354ba4c7d70da3eaace042695d1f11d143946cfae3f7f29cb70a1355f0326c4c52b974e559ba01eebf2b8be99f8d834fe64ea7be0411e346c5df96116b865148406e689ca4d11e7a81578f7f3824733e3d262a0dc64b57baf55eedb8ac6f4df4a8f3239cd9e604f1f9ef2bdd7ac15b1423f7f0c1a64ca06fb3267871c87feae396f8bf529ed136ec9d9fcb"}]}]}, @IPVS_CMD_ATTR_SERVICE={0x20, 0x1, 0x0, 0x1, [@typed={0xc, 0x5c, 0x0, 0x0, @u64=0x1}, @typed={0x8, 0x18, 0x0, 0x0, @pid=r5}, @typed={0x8, 0x10e, 0x0, 0x0, @uid=0xee00}]}, @IPVS_CMD_ATTR_SERVICE={0x12b0, 0x1, 0x0, 0x1, [@typed={0x8, 0xe2, 0x0, 0x0, @pid=r6}, @typed={0x8, 0x89, 0x0, 0x0, @pid=r7}, @nested={0xe1, 0x106, 0x0, 0x1, [@generic="9de7652ed9b3ca86ee63f02d59a1cb2f0356b17e448f3d4289d75835fab1901ebf5cc7420f179a2e985ea37181f7119295c0be51584bf7b305aab04a3aa4edcf8b1a4d2590c88a0815387e7d9a228d590a88fa55d0ecd139b64ab89c3ded40369079541d0ad07c235c48b2da09c5791466edc3f8a2aa6d4b32e4a1320f065f956ed5ed51cb1877ce2293f3b6114a7193e82da158bd3bbbe7b92d23072c918ea6440b295000e222e1c1228836d9e25e3c528a5c8efe5dc6ab70be043f6fb186e190718992d6e6ce19e1b68995a8685b74fbfa12bcaf303a221d793eacc1"]}, @nested={0x1167, 0x134, 0x0, 0x1, [@generic="dbb684a14e59e1c9e8b6f6c43a3273da94602cfa8c579c63eb8e9880bd996a2276b6ac7b5cf3f2345ae9eacb7b87a64dbde9481b2db9348f", @typed={0x8, 0xd3, 0x0, 0x0, @pid=r8}, @nested={0x4, 0x42}, @nested={0x4, 0xb3}, @generic="48f58eaa44fcc55b7b887b0a7805f0d88cfa83637f4b23323b21cd7e3c240fc00ed0d65ccd60b5fd96300eddb274d864fce19fa38f68653e2bb9d790797f2245dde149fb6886e61ee3cc6de1431efbc1c4f737db04524f1bee695ee1f96fc630f2ed1f4f26d5c64cd02b62252def28804e53f1e2ca6c8f4e05f84b6367fec241d05122b45bc2fa142ef6e66be7dd26f06e2e028334190f9d1d48355787513b588d94ffd69a1e018e06af6d6ceed51c21bdc54c3391943580d6c79af8ba9445812c320879211e1aa70d9c73c5e53b9ea9f4391dc8bffd2f71311ecb0f0e2c1e16686a08f249ebbca4718a1e0677a340f87f0283d3bb8fd56bd0030d1f3b2e135b846273edcb4c595e9c51d8072c1c6da9d9918d0297749096c269b467d2de4687c26f024dd5b79bcc2ba9fd47cf8ff93ac17b2299eb602e8c2bbc7a7324949f1cfbbbca5744613b52ad8b414083d6f403cc7517893cd980e7d5fa8180e673fbfaaa071fb7921c0d92a29ae39faf8743801221a3b06c799cc544e21676f0062a0075a65aa9e43470400848298c917ce0cfc41f0ea32daca84108523517bf90e3479b8f857d213ae8e05a59f3fae9425803dffad66e5ddb3a79b352805c8d73aa2ad3e4a8871edb055029a0df898427f12401aee9c649d9ecc83ddb1d54b530d6e841cf7e6b93a8dd59d0e0683e006f717f7efaba4d69b311c98b632ea206942a0e493797e112121c30f84158f0f3f8b032938ab8ff26d079ac662499ab0cda089f51b7a9e387e2bbaf5a9dcbccaa28fcc7b96515d8ccbe637710b5c82801c78b48e678ea16807b149b6701bf0db42ad7f55b2fa0eaea580f28778be034c21a1d3df85a205b860235fc705104fa85d74c87f42e6b9e02b54e48b46f1820c4bf475151e87e7010217733f552bfc8ebc86a26e2154ae9124a739cf9e0d9a30cb4c2beb00e1b772a14ca8c0e75347836ba52a83ed36b89cf7056d649b93bed69af734bf1fe49fd4424280aa41677ad4bb5f3f87ec5c672f4ad2a0b48750346884668c2752463458944ed1bbf24470432dc2144174452b384a246fba20637f0903cc8ff137dd1556b6b421778f8d01d7723b6e7d3956b29764893f3f7933a12843879dd649c03da1d41788649d9ea7fe7ab83fdd96f8069e0b753ecce26acd9f9c83f6432c2585fc38863d4022fbc40cb41bf0b4a694ba5a655e7e59f7520fa3cc7865c57cf1c6c3744b7ac7950920c5030c4f7ce865db8d01699f76624b8d7d8cb5e0ef7f77b40569e8279f2b1b7e8afbdfa09cd738169d13eada2ef70c6e35d8ae465e2ad6c8e4a4e9c20273b205c7900b78e34c8985751abfba0868ff51beb32b5fcaf5d8afda6dc03f8712d58ea74ac30856d94afb577e0e96cecbb8d68b376b6699fd86eaba764ed3253720195c368152de184c891f23286f66ef43b07951523bcd49cc173ee6d83a15496002032e93fa7f9eaec2f31a5e5f66af9555d90224d89cb7b1d89047c98bc93d71dbe39765c7b8c4e624db30a09b561662da0afbd94c5cc58da1311be1124cc3665ad496a48be5fec0fc213d451ef3831d1c3d4f6500842e24b5eb8c386df27f76514f3ecfa19e610ce433db0f01dd013fc9fe759cf16ae7869e59a8bc6f49431f16300d59318740ccf47feb916932fbadab8af3b06e081b78a02e5e6da15a4af7e7b0e347f4094829857e65a7614ab076fe377973eafe954231e5986a86bf18b897bf237b9a92a1afc8db3f425b7688a4d1daabbfe816deb05c0d6ee14dfbfac8378311d9c997fe9c281f51a01e7122d150d498526c63bfcfcf2a5bdbe946ca26c72c1e7be628f3f2691e44444cd5a8f8369cfa53431a643e7315459b08a0de2a6a012841acc4e92ee12372e87e132971ea504a238d29fef94eb92a026c8daa96b5f7cd102ab0a1f0b5fb658bab32b0426f6e9126a5b3b31417b2e56eccae7084e49e68add249ead0bc1a64bb67e726109ea4c6dc95fb5eaeaec84b53639f6ba92e34a6b56a9852fe1499ced78941a410beb2c4039c5dacc6c93cf618e18c2ebfaa5fa6f47514acd5d3058cccc7a8ac4aaba439491d710b1efcf9b9d06ef653e14c0133c8e0c36470cf435f37d0e90aa6362465146b1a1a65b522b356e18691f72fddaa5c4cbf4ef55d7fe8491034f8690e00216827e46eb770ccf923a2822338a8f0e00145a8ed4544d9da15d452462bd58a477e46ec01a3dcc6ee83cb5fab27af716ff2ba1c655f85f123dc69c459a4a5a16c8edbaa4bd3d95772561db54332ce10e1ad019576781861d199694bc16b00075a08dd648cb93f9cc39f90e492b2459df29b9634628607320134d57c33d65de6b3414a99fbc37103d3e084a558f204360a9e955ad18389df78e6b98a0245a42a0de3023016043f308ae1245cb80ee555574fe98b2ea8f80682150c64993aecf9b4b788933952b16f3deacf371f0d99da73dae77e7dff52c808cbad60361ddfb19e3533d859f2ca67ffbe71240820d6337d969bbbd70ee590c41c89dd243d82239e18646827ef23abed99935b3cd019e1582571701de435e6745a6e530921701264cb0fdafb2f2aed3450d4ed1aeddb0905e210e88bca7f0c193a0a53f48cf25b31481998dcb15cf4d261d8649c8137b77b3616ca3663f32af780d74086941766634e00c16535a2743dcae0237298872e834031d166e5d773e1006539ecd95f4ff145a5fa62e59b4ccd09d5a396add77628600633b8ece6f3ec5203ae2733524e5997c89454104ca3e1d5645420b84d713a38a3b420cbff94bc2613d49f176d867bfd03ac9f365bdd754eb38ce98dd955a796f17373f56d162aa5c1f557ada260b719c6462d1cc7ae1b7c6b19195442866708cd86d67e9c994f79002544b6d39a4719f44872a03bebb9a5a8b89cde9d3918032d013e0af4a078a5324fa5d884433a75967c8f1addffc6d350b2344532a3eb559e645bca627a151539ef834112301d60fc2b5e30fd32530ac0ac5b145aaca78e07689e2a31453de2a6d0cd9a91691fa32a8581a730ec4eaa02fa893f94f777a8f6fe06aa1f7c9a121d264f5812ce9cca2c338533bcb5f7bc5010619c4acf32bb520b59f8d6cf2936de3f583c4f4405040a42179234594a0a0746e0e54433eb6b3d3f0c7c821e4d4b2135bf30bfa77a17ad206d5068c3345d1ab696d4b5501212316622a6686d024acae76337648c96f220fd36f4f94106bf5b2af75be3bcff4c74a7d9a6fc3084c5066d5ebd8e50697948e39b05bf178a73c5b8242a1c3ada209512f17ab6bdf0c60a41e389d841e0a0a66653ff6a329b47ec514d3fa2f82e21e4046be1d2e6cb744396c01406d0e91f3df867262262388639320069848fd6b91cd32a33d1b15eecd7f4d9dd37f8b50be63f47c1d61eeed13dd3a0d78bf98e81234869c79da546bd0d1c2bf95209c28783f21d218743dd6f0f28141a6118b0ada2b80df44fd5f00200449d63f77c175c443eccb6eda921019b6ac09ff3ca8a2bde30b60abd3bda114a9deaf85bb781fc2c9274bee0cfd92d7ea3ce365f32e7bbf9040634d459d3a987079ff614a695c80ca44bcde33566e7fe51953abd9cec9d25e9da1df8e5930a5d726e49aa3d54b7d0c8c8165ade15f92927159c2ec8891d2d79bf8a9a7b4dae4864df81b08837edcd24594d482c0ca452f3cfccdf7fe8d2142a5bc10594d86d3d33feff905a01e4780121238fee53268d5ceb129a6dd9b6a6047703cf71db38ab8df8e3f3cb99cb019f83561f9b66f79574c377065ffbe21d243a4c625eb42120e3ac352ac66f150db25347b75488a76f41615ead3d5f60fbefbc8fab9c69174e8279265a7e89acc8f0f8fb36a2d0b0ae5b68f800af0a1eb4e258fdfc2b9bc7d2690551f9137da4a16fe7e6f70be5ed1bc3cd7fffc36088ea233c842b8ad1f643ce0be104ec0d03ef7e47c2fadc0623b9e893dab55751f7c3669d128d1c7c4517569dd48ec2a0e6ef4d7c1e6732efaa514e67a27d85a881f6ed454a249829473ed857d533a8d0363d9ada285ddec85854df3984e1c29a7943efdac1aa5a76c79bb63b3449766209cf4b1f45121c442398248fd2bc8fa6769c41b82d6404b35993ec0a796303e7229a310a262b49e5a0e0cfb8051eddec3eddf30a3a140061714988feabb8e700a2487113a47f0d96a0726e135f2d48e853296994262e72c8cc3e3f55682f864c9d595305eee1d422a2595efbfda63137a67ff334cabc858fb8a58838a0f0c5bae04e0ca43f0ceb0cd99b8340915b77a490fd1b27759c4db8e2f947bd2f79c24ae47b0754c3c808e9d11e67d86d09b599afbbfd728798eade1678575c9b56dca3a636801d8acbae1e17afd7e691af08fe7f27a548395a31542a484c46b36a0f81c5146b9c360a0db597fafd1ea7182b54d93a43dfbe7221784f5ff4d55e3b778aa71d9fbdbdf71132652920f0f8d1361397f3a969082ab526a1a5f66e2a100147774f545802fb7a0ddc70b9783931fc1104ac49cba49168e83e05b051689d56bbb9633740525620b4b4650945de1b91c924cc94322939477ad3d4716da3b93f3d50645a9d141471a956292951ffd6094cf2a1c056c550cd0cce205232efc94ffc3935f3594466138d252d78ff3f00ecb7c8148849168dc10c2dbd47b86b57ca9ca2434052eeda24f528245a966a5cd92336d43796f06021103863978e32eb835262a0a4f8a92a799b7c61e15f6d3a50eb68888f8e19b66775f070b539dfa51cbd9fdf1f8c4f45302e7ffe15bc3686ca887bf850ffc7b0dc040955f6ee1393152f44478206ca8a88553237f3cf8ab59d7f5e1dbab23ada735659cbb7057fbb721cf2d57fb7d04b1a6f77e00da8ebbfc8834e64849e8c9b14c13cb4d88ebbe212225eaf7662197359b14d1d4f45332b37c00fa93df8faacccf8507a904d9f448dab887febe954458d7b02f854541a335fb5c9921c780128d7cb3d3223a2c4f3bd3bd723bbf6821f467dfd9dd85751cda58eda3c403d6d54c794c6be1c14a826019ef039383cb81424618e9bd096e5b4301dc61be776715192e1336789c2c5f0a9768c99da1678d482d379875f8534641329d255d57fa53eba2231049a824022e54139652cce9b04b3310173c146955759bdaaab0695289d0e2317c7ab353608d1bef3834d24c7d0aabd12613e63e7d93cc4eb41ca09afa5689edd89848f26576933a5ee2b457dd8f88b0631a248a488a9e144982db91201af34a7b426c102eb318da7b9f0caa88a50bcbc39c38fa6d746eb6c927f24e44afba91131e2ad70aab5dedd9f56fbf00bef3211816b891ec55825af31d8f414096c2f10f9668e742b8ad7052dfa2f737b36b44be6ba6cd4b114c1d820ff5087eaf78483bdef30f4a8896ee2017c92839e197bf9dff3fa3049ef265b947b51760f8ef845fff9845014f1908210b8fb9ae2faf90a5cb97998df3d9c185cf0af7745d150f3cbca4f4e84605c6fd5af29d5c8bbdf4fb9f3d9933cdaad55c1ae435c5c00e0fe592c3c9e5fe40c00fafde56f4d823657726e05821f2c18833b1a4d84f8f0d310b9ef715f6b3b9f75903a73342940e4f0bee8e1b98742c1cc356c44fbd55ee90bcb6b71fdc14649c054247cfe52302f22bd706d47cd63bd85f8a9c87b748e5a12b317e712bc068b32eea939bf6c902de115016d631e2a13ec884181c6636238fdc886eb4480e25afb1ef9a94f2e68d40f2e92523e3caed93b99cc76ca984c63691475764ee6e363615e9308d3e1ac3491d2f3126c2c6899081ffa674f508669f69a1d933ebdf577a6477", @typed={0x14, 0x6, 0x0, 0x0, @ipv6=@dev={0xfe, 0x80, '\x00', 0x19}}, @generic="e7d560b14cfc44372becdc3defecc231c0cf4033a88a0131c7ead5d729d6bceabffa4cbdae68e0e565770cd9f7ccef001e0de7daa27e8617f37023eb59dd13524063b85b8b25d41931217cc6a5a603f23d562950de54b0fefa1ee4b81e99b412914aec88c26f903f749bf16606ccd0200d9477ee0f4c6e95d0a0c7547e6ddf2b666297c6730d31d61991631a0bb5126ffb05f80f1cd0cf858ef17fb7db7659437c4cc41cff217ddcf6acefe686aa0113b73ee6226f328c80bbaee63109835ef953d7fca46832c5465011b45089d3c941c5d85d25ff5e0737753cf9abd76747073cd120b46285f0bfa732e9297fb52232c5896d394a97f3", @typed={0xc, 0xb1, 0x0, 0x0, @u64=0x9}, @nested={0x4, 0xab}]}, @nested={0x4d, 0xfa, 0x0, 0x1, [@generic="662e54bf54296aa981957429155fef5dedb276f51ef7465e679039f66434026e26f0fcad0e3fc6231fb4912575addf333d7ae05a30cc8d8f378b02624af8da845bef4e39474e5b86dc", @generic]}]}, @IPVS_CMD_ATTR_SERVICE={0x1c9, 0x1, 0x0, 0x1, [@nested={0x10, 0x72, 0x0, 0x1, [@nested={0x4, 0x14}, @typed={0x8, 0xa7, 0x0, 0x0, @uid=r9}]}, @nested={0x112, 0x75, 0x0, 0x1, [@generic="8cd09fad41a800059342d2f6b05466c81f720f20fe1602484bceb56716eed118677d06869ade37a0aeff1ad91ae639b186f106a168701c5c823fe4897725925bb869cd2777c5930bc81ab8037a4f6a0e38315e05af6fa79648921ca32bc4c2b93d120ea0cd3a99aea7ede676b684d61e35ae931c0adff78e9b05b4ae45ce3ee3", @typed={0x14, 0x13a, 0x0, 0x0, @ipv6=@mcast1}, @generic="22abdb1d6877db97bfc7793c5070965a678cb1a14c735d6fb566bab2cf974749fc2d332f463c0df1950df186e236c8e8de61b4020b8e2b4c4065945ee1246f8094adf61a4e166afb6afd3b7280fac494ba14c4dc22071adb1562f61e4f78baed36913427f6799a2e6d6df249edece1a94a3f", @nested={0x4, 0x39}, @nested={0x4, 0xca}]}, @generic="130efb089b8fd62149c7d2b908fffe09a7eea898a7be3b0c6bba95d66d196be7c7fc063861a78fc21d6055a5bd18e5697248361c8e45f557960f542e480cc3ce79d4b7bac6d22fc4cf96f43544939849bc0817a4a24797326f9b1dcedde324c5c49c41546324427f8cd6c2d8809509759acb73632c71a78622766eda7f4dd68b6779f8ff848edb3fc520f7b48a5d19a3359c8f118dfd3adc0e637a8a9eb871f95c"]}, @IPVS_CMD_ATTR_DAEMON={0x78, 0x3, 0x0, 0x1, [@generic="5a4ab82cebaa9441ee907ef5daadb7b691fbff54fd7e592736a3947cb9e3548c46ece4df1cc966c75edf5694671984280aa6b9e51fd0c8d420cbe76a910980ac10588042f63cbc39df43409514610e06968fd80a2c19a93e8140fc5d389e94a6e95b4a13741c19af39ec5081a196faf8c49b80d6"]}]}, 0x1a20}, 0x1, 0x0, 0x0, 0x10}, 0x20049080) (async)
socket(0xa, 0x5, 0x0) (async)
ioctl$auto(0x1, 0x8941, 0x8)
executing program 3:
syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_TIPC_NL_MON_PEER_GET(r0, &(0x7f0000006140)={0x0, 0x0, &(0x7f0000006100)={&(0x7f00000034c0)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x4401}, 0x4c848)
executing program 3:
close_range$auto(0x2, 0x8, 0x0)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000280), 0x42440, 0x0)
r0 = prctl$auto_PR_SET_VMA_ANON_NAME(0x4, 0x0, 0x0, 0x79, 0x10000)
sendmsg$auto_NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x1, 0x40000000004, 0x4000000020df, 0x40eb1, 0x402, 0x300000000000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r1)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r3=>0x0})
socket(0xa, 0x2, 0x0)
setsockopt$auto(0x3, 0x0, 0x7, 0xffffffffffffffff, 0x0)
mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x2, 0x8000)
mount_setattr$auto(0x5, 0x0, 0x8000, 0x0, 0x283)
r4 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000100), r0)
ioctl$auto_BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000200)={"59595ba99c0250fcf252d9df4a6c79067f7649c8366ae4dacb4221c94dd7d18b", 0x1, 0xa, 0x43, 0x70, 0x5f0, <r5=>0xffffffffffffffff})
r6 = ioctl$auto_NS_GET_TGID_IN_PIDNS(r0, 0x8004b709, &(0x7f0000000140)=0x8)
sendmsg$auto_OVS_DP_CMD_NEW(r1, &(0x7f00000004c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0x41, &(0x7f0000000480)={&(0x7f00000003c0)={0x44, r4, 0x200, 0x70bd28, 0x25dfdbff, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, r5}, @OVS_DP_ATTR_NAME={0x7, 0x1, '#!\x00'}, @OVS_DP_ATTR_NAME={0xb, 0x1, '$\xdd!\'+\\\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, r6}, @OVS_DP_ATTR_NAME={0xc, 0x1, 'nl80211\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x801}, 0x40000)
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="2f212dbd7000fcdbdf252100000008000300", @ANYRES32=r3], 0x24}}, 0x4000000)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
socket(0xa, 0x1, 0x100)
r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/net/bond0/bonding/primary_reselect\x00', 0x1e2142, 0x0)
r8 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0)
select$auto(0x800, 0x0, 0x0, &(0x7f0000000580)={[0xe83, 0x8, 0xfffffffffffffc01, 0x0, 0xfff9, 0x9, 0x14, 0x7fffffff, 0x8, 0x3fe, 0x4, 0x3, 0x5, 0x2, 0x5]}, 0x0)
sendmmsg$auto(r8, &(0x7f00000003c0)={{0x0, 0x8f, 0x0, 0x5, &(0x7f0000000380), 0x100, 0x8}, 0x1a}, 0x3, 0x6)
write$auto(r8, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9)
sendfile$auto(r7, r7, 0x0, 0x7fff)
unshare$auto(0xa4)
setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b)
r9 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x20b42, 0x0)
ioctl$auto_SNDCTL_DSP_SPEED(r9, 0xc0045002, 0x0)
executing program 32:
close_range$auto(0x2, 0x8, 0x0)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000280), 0x42440, 0x0)
r0 = prctl$auto_PR_SET_VMA_ANON_NAME(0x4, 0x0, 0x0, 0x79, 0x10000)
sendmsg$auto_NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x1, 0x40000000004, 0x4000000020df, 0x40eb1, 0x402, 0x300000000000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r1)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r3=>0x0})
socket(0xa, 0x2, 0x0)
setsockopt$auto(0x3, 0x0, 0x7, 0xffffffffffffffff, 0x0)
mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x2, 0x8000)
mount_setattr$auto(0x5, 0x0, 0x8000, 0x0, 0x283)
r4 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000100), r0)
ioctl$auto_BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000200)={"59595ba99c0250fcf252d9df4a6c79067f7649c8366ae4dacb4221c94dd7d18b", 0x1, 0xa, 0x43, 0x70, 0x5f0, <r5=>0xffffffffffffffff})
r6 = ioctl$auto_NS_GET_TGID_IN_PIDNS(r0, 0x8004b709, &(0x7f0000000140)=0x8)
sendmsg$auto_OVS_DP_CMD_NEW(r1, &(0x7f00000004c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0x41, &(0x7f0000000480)={&(0x7f00000003c0)={0x44, r4, 0x200, 0x70bd28, 0x25dfdbff, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, r5}, @OVS_DP_ATTR_NAME={0x7, 0x1, '#!\x00'}, @OVS_DP_ATTR_NAME={0xb, 0x1, '$\xdd!\'+\\\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, r6}, @OVS_DP_ATTR_NAME={0xc, 0x1, 'nl80211\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x801}, 0x40000)
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="2f212dbd7000fcdbdf252100000008000300", @ANYRES32=r3], 0x24}}, 0x4000000)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
socket(0xa, 0x1, 0x100)
r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/net/bond0/bonding/primary_reselect\x00', 0x1e2142, 0x0)
r8 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0)
select$auto(0x800, 0x0, 0x0, &(0x7f0000000580)={[0xe83, 0x8, 0xfffffffffffffc01, 0x0, 0xfff9, 0x9, 0x14, 0x7fffffff, 0x8, 0x3fe, 0x4, 0x3, 0x5, 0x2, 0x5]}, 0x0)
sendmmsg$auto(r8, &(0x7f00000003c0)={{0x0, 0x8f, 0x0, 0x5, &(0x7f0000000380), 0x100, 0x8}, 0x1a}, 0x3, 0x6)
write$auto(r8, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9)
sendfile$auto(r7, r7, 0x0, 0x7fff)
unshare$auto(0xa4)
setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b)
r9 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x20b42, 0x0)
ioctl$auto_SNDCTL_DSP_SPEED(r9, 0xc0045002, 0x0)
executing program 0:
ioperm$auto(0x7, 0x6, 0x2)
timer_create$auto(0x8, 0x0, &(0x7f0000000040)=0x200)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
bpf$auto(0x6, &(0x7f00000003c0)=@link_update={0xa, @new_map_fd=r0, 0x7, @old_map_fd}, 0x1ff)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = seccomp$auto(0x8, 0x6, &(0x7f0000000080)="61184b6523664d3c97e870692a708c6ce1ca15dc7e40fa9d5cc3d95571f7f2e5982567b439f7930500f7a2e83e7cb1e10726c6fc543149241e922802277ff6")
ioctl$auto_TIOCVHANGUP(r1, 0x5437, &(0x7f0000000300)="d015ab6118092bb0c9599e2e03fc5215d8fd551b8338ff6c35a94e409455bceb6cc5f00558e256084cfd544af3d59fa12d4bbf74a64343113739742ce1bacda885634454a49559713da12fb31435327440b13f90c50e661f2cd2184e468155f80baf046af29fa3cd9232a6cfb964d2ba6ac02880ecb9d64c079956a3af45ac5db8951b3c906d5904d5b4e4d9befe438ae98a787bf052096a72cec677e38bdba0b91093c9202a5ef4e1d449235c597366dd1433faffb7ca0796ffbf3911f9d9df5d54a8127e5f8c2d7f6d01e071f603feeefcf852c8d96fd4328f3123d88651658105913dc8")
socket(0x2, 0x6, 0x0)
pidfd_open$auto(0x0, 0x0)
socket(0x10, 0x0, 0x6)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x3, 0x7)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
io_uring_setup$auto(0x6, 0x0)
r3 = socket(0xa, 0x3, 0x100)
sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x4)
r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/dev/cdrom/autoclose\x00', 0x202, 0x0)
sendfile$auto(r4, r4, 0x0, 0x1)
close_range$auto(0x2, 0x8000, 0x0)
r5 = socket(0xa, 0x2, 0x88)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto_FUSE_DEV_IOC_BACKING_OPEN(0xffffffffffffffff, 0x4010e501, &(0x7f0000000000)={r3, 0x4})
bpf$auto(0x0, &(0x7f00000000c0)=@link_update={r2, @new_map_fd=r3, 0xa, @old_map_fd=r5}, 0x10)
executing program 0:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_trace_dev_match\x00', 0x20080, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000280)=""/175, 0xaf)
r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/asound/seq/timer\x00', 0x109000, 0x0)
read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000005c80)=""/154, 0x9a)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/pids.max\x00', 0xa0942, 0x0)
r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0)
mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000)
adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x3, 0x6, 0x0, 0x200000000000001, 0x368e, 0x2, {0x100000000, 0x4}, 0xff, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x8000000c, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804})
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9)
r4 = socket(0x15, 0x5, 0x0)
ustat$auto(0x801, 0x0)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x101000, 0x0)
sendmsg$auto(r4, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x858)
sysfs$auto(0x2, 0x23, 0x0)
socket(0x11, 0xa, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000001c0)={'nicvf0\x00'})
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x200)
listmount$auto(&(0x7f0000000040)={0x200, @inferred=r0, 0x7f, 0x81, 0x400}, &(0x7f0000000140)=0x10000, 0xf, 0x5)
ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f00000000c0))
r5 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000003c00), 0x1a9901, 0x0)
write$auto(r5, &(0x7f0000004240)='\x01', 0x10000000004)
executing program 1:
statmount$auto(0x0, 0x0, 0x7ffffffff000, 0x0)
read$auto(0xffffffffffffffff, 0x0, 0x20)
r0 = pidfd_open$auto(0x1, 0x0)
setns(r0, 0x60020000)
mount$auto(0x0, &(0x7f00000000c0)='.\x00', 0x0, 0xdef, 0x0)
executing program 1:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
open$dir(0x0, 0xa00, 0x100)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0x8000000000000000, 0x15)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0x0)
openat$auto_sync_info_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000480), 0x101100, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xe0180, 0x0)
timerfd_create$auto_CLOCK_MONOTONIC(0x1, 0x9)
preadv$auto(0x3, 0x0, 0x3, 0x1, 0x80000001)
r0 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000140), 0x80, 0x0)
ioctl$auto_I2C_FUNCS(r0, 0x705, 0x0)
close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0xe)
r1 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
splice$auto(0x4, 0x0, r1, 0x0, 0x1000, 0xf)
fcntl$auto(r1, 0x408, 0xffffffff80000000)
sendmmsg$auto(0x3, 0x0, 0x3, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
capget$auto(0x0, 0xfffffffffffffffe)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x80, 0x0)
move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x91e4)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x4d6bc983, 0xebd, 0xfffffffffffffffa, 0xfffffffffffffeff)
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0)
ioctl$auto(r0, 0x2, 0x9)
close_range$auto(0x2, 0x8, 0x0)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ram8\x00', 0x81, 0x0)
semctl$auto(0xc, 0x2, 0x13, 0x4)
ioctl$auto_BLKDISCARD(r2, 0x1277, 0x0)
ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$auto(0x3, 0xaece, 0xffffffffffffffff)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/loop10/queue/atomic_write_unit_min_bytes\x00', 0x60240, 0x0)
read$auto(r3, &(0x7f0000000240)='/\x00', 0x100000001)
r4 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
read$auto(r4, 0x0, 0x1f40)
r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x3)
io_uring_register$auto(r4, 0xffff5594, 0x0, 0x0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x0, 0x0)
fcntl$auto_F_WRLCK(r3, 0x1, 0x1)
close_range$auto(0x2, 0x8, 0x0)
r6 = socket(0x2000000000000021, 0x2, 0x10000000000002)
shutdown$auto(0x200000003, 0x2)
setsockopt$auto(r6, 0x110, 0x4, 0x0, 0x4)
r7 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nbd11\x00', 0x210863, 0x0)
ioctl$auto_BLKZEROOUT(r7, 0x127f, 0x0)
r8 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x100e42, 0x0)
ioctl$auto_SG_GET_RESERVED_SIZE2(r8, 0x2272, &(0x7f0000000000))
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/dummy_udc.6/udc/dummy_udc.6/state\x00', 0x2000, 0x0)
executing program 0:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x18dd01, 0x0)
ioctl$auto_SG_GET_RESERVED_SIZE(r0, 0x301, 0x0)
madvise$auto(0x39bf, 0x8, 0x17)
madvise$auto_MADV_SEQUENTIAL(0x1ff, 0x9, 0x2)
syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000080), 0xffffffffffffffff)
waitid$auto_P_ALL(0x0, 0x9, &(0x7f00000000c0)={@_si_pad}, 0x8, &(0x7f0000000140)={{0x1400000000000, 0x1}, {0xf, 0x4}, 0x3, 0x8, 0xffff, 0x7, 0x6, 0xfffffffffffffff7, 0x1, 0x2, 0x656a, 0x7, 0x0, 0x6, 0x7})
gettid()
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, 0x0, 0x2dc08f24db163610, 0x0)
adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x1, 0x6, 0x0, 0x1, 0x368a, 0x2, {0x100000000, 0x10000}, 0x5, 0x8, 0xfffffffffffffffd, 0x1008000, 0x0, 0x9, 0x81, 0xdfffffffffff628e, 0x6, 0xdeb1, 0x808})
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3db)
open(&(0x7f00000003c0)='./file0\x00', 0x14d443, 0x100)
mount$auto(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='xfs\x00', 0x5, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0)
ioctl$auto(r2, 0x5453, r2)
msgctl$auto_IPC_INFO(0xbf, 0x3, &(0x7f0000000280)={{0xbc, <r3=>0xee00, 0xffffffffffffffff, 0xb, 0xf, 0x83c3, 0xbc5c}, &(0x7f0000000200)=0x4, &(0x7f0000000240)=0x2, 0x8, 0x9, 0xb, 0x8, 0x2, 0x200, 0x23, 0x101, @inferred, @raw=0x101})
syz_clone(0x5000400, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC1\x00', 0x40, 0x0)
msgctl$auto_IPC_SET(0xffffffff, 0x1, &(0x7f00000003c0)={{0x10000, r3, 0x0, 0xa, 0x2, 0x7, 0x40}, &(0x7f0000000340)=0x1, &(0x7f0000000380)=0x6, 0x7, 0x2, 0xa, 0x5, 0x3, 0x5, 0x7, 0xff, @inferred=0xffffffffffffffff, @raw=0x9})
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_rb_simple_fops_trace(0xffffffffffffff9c, &(0x7f0000000480)='/sys/kernel/debug/tracing/tracing_on\x00', 0x258040, 0x0)
r4 = setfsuid$auto(0xee01)
setresuid$auto(0x0, r4, 0x0)
socket(0x10, 0x2, 0x4)
mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000)
executing program 1:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x18dd01, 0x0)
ioctl$auto_SG_GET_RESERVED_SIZE(r0, 0x301, 0x0)
madvise$auto(0x39bf, 0x8, 0x17)
madvise$auto_MADV_SEQUENTIAL(0x1ff, 0x9, 0x2)
syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000080), 0xffffffffffffffff)
waitid$auto_P_ALL(0x0, 0x9, &(0x7f00000000c0)={@_si_pad}, 0x8, &(0x7f0000000140)={{0x1400000000000, 0x1}, {0xf, 0x4}, 0x3, 0x8, 0xffff, 0x7, 0x6, 0xfffffffffffffff7, 0x1, 0x2, 0x656a, 0x7, 0x0, 0x6, 0x7})
gettid()
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, 0x0, 0x2dc08f24db163610, 0x0)
adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x1, 0x6, 0x0, 0x1, 0x368a, 0x2, {0x100000000, 0x10000}, 0x5, 0x8, 0xfffffffffffffffd, 0x1008000, 0x0, 0x9, 0x81, 0xdfffffffffff628e, 0x6, 0xdeb1, 0x808})
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3db)
open(&(0x7f00000003c0)='./file0\x00', 0x14d443, 0x100)
mount$auto(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='xfs\x00', 0x5, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0)
ioctl$auto(r2, 0x5453, r2)
r3 = syz_clone(0x5000400, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(r3, 0x0, 0xc0000000, 0x0)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC1\x00', 0x40, 0x0)
msgctl$auto_IPC_SET(0xffffffff, 0x1, &(0x7f00000003c0)={{0x10000, 0x0, 0x0, 0xa, 0x2, 0x7, 0x40}, &(0x7f0000000340)=0x1, &(0x7f0000000380)=0x6, 0x7, 0x2, 0xa, 0x5, 0x3, 0x5, 0x7, 0xff, @inferred=0xffffffffffffffff, @raw=0x9})
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_rb_simple_fops_trace(0xffffffffffffff9c, &(0x7f0000000480)='/sys/kernel/debug/tracing/tracing_on\x00', 0x258040, 0x0)
r4 = setfsuid$auto(0xee01)
setresuid$auto(0x0, r4, 0x0)
mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000)
executing program 2:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, 0x0, 0x102, 0x0)
ioctl$auto_USB_RAW_IOCTL_EP_ENABLE(r0, 0x40095505, 0x0)
executing program 2:
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
write$auto(0xffffffffffffffff, 0x0, 0xe)
executing program 0:
statmount$auto(0x0, 0x0, 0x7ffffffff000, 0x0)
read$auto(0xffffffffffffffff, 0x0, 0x20)
r0 = pidfd_open$auto(0x1, 0x0)
setns(r0, 0x60020000)
mount$auto(0x0, &(0x7f00000000c0)='.\x00', 0x0, 0xdef, 0x0)
executing program 2:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
epoll_wait$auto(r0, &(0x7f0000000000)={0xffff, 0x10000}, 0x10001, 0x8)
executing program 0:
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7fff, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x2df, 0x500, 0x81, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x10001, 0x40, 0x76c5, 0x8, 0x8000000000000000}})
r0 = getpid()
process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x800000001, &(0x7f0000000280)={&(0x7f0000000080), 0x1ffffffff}, 0x6, 0x0)
mmap$auto(0x0, 0x20009, 0x7, 0xeb1, 0x405, 0x8000)
ioperm$auto(0x7fb, 0x1, 0x4000007)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
fanotify_init$auto(0x5, 0x2000000000002)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x26, 0x80805, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0xa, 0x801, 0x106)
setsockopt$auto(r1, 0x6, 0x21, 0x0, 0x10)
setsockopt$auto(0x3, 0x6, 0x21, 0x0, 0x10)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x7, 0x8000)
r2 = socket(0x2, 0x3, 0x100)
sendto$auto(0x3, 0x0, 0xfdef, 0xf950, &(0x7f0000000140), 0x1d)
mremap$auto(0x48, 0x0, 0x3, 0x2, 0x1)
flistxattr$auto(r1, &(0x7f0000000180)='{}\'\x00', 0x9)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd)
sysfs$auto(0x2, 0x6, 0x0)
r3 = socket(0xa, 0x1, 0x84)
getsockopt$auto(r3, 0x84, 0x14, 0x0, 0x0)
io_uring_enter$auto(r2, 0x4320, 0x4, 0x2, &(0x7f0000000000)="0ca257b5f8242289fb5ff3341e419bb95ae1d7474651d93736", 0x4)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
pidfd_getfd$auto(0x3, 0x1, 0x100000000)
r4 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r4, 0x29, 0x30, 0x0, 0x56b)
r5 = openat$auto_tracing_saved_cmdlines_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/saved_cmdlines\x00', 0x200600, 0x0)
pread64$auto(r5, 0x0, 0x1, 0x70)
executing program 2:
r0 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000003c00), 0x1a9901, 0x0)
write$auto(r0, &(0x7f0000004240)='\x01', 0x10000000004)
executing program 2:
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/lapb2/threaded\x00', 0x0, 0x0)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x7, 0x4a})
io_setup$auto(0x8afc, &(0x7f0000000000))
io_setup$auto(0x7ffe, &(0x7f0000000000))
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[], 0x1ac}}, 0x40000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={&(0x7f0000000080), 0x49}, 0x5, &(0x7f00000003c0), 0x5, 0x1000}, 0x5}, 0x2, 0x100)
socket(0x23, 0x800, 0x9)
sendmmsg$auto(0xffffffffffffffff, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, 0x0, 0x4, &(0x7f0000000180), 0x5, 0x1000}, 0x5}, 0x2, 0x100)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/uprobe_events\x00', 0x20003, 0x0)
r0 = ioctl$auto_TUNSETVNETHDRSZ2(0xffffffffffffffff, 0x400454d8, &(0x7f00000000c0)=0x70080b1e)
ioctl$auto_TUNGETFEATURES(r0, 0x800454cf, &(0x7f0000000140)=0xe)
socket(0xa, 0x6, 0x0)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
write$auto_console_fops_tty_io(r0, &(0x7f00000002c0)="94ec66ed466b1567dcf2835799196c33b849e892285d747197fff386d053316af243e3ba06277664ae60fd3898b3f5c098d96f91a1349a72d543add4ebaba24357d11638b403f0a452dfdfa4d79adc2de04ff21a4e376bc26289e49b71d32156cadea8c979b80043c9d727c59d7379c1f0e79eda8cf217a07185fdf44dea2b0f7a26967e2248940d1f9e0de23a491f08a7ff56926cab", 0x96)
r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pppoe\x00', 0x28000, 0x0)
read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000e80)=""/215, 0xd7)
openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40802, 0x0)
lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x9, 0x100000000, 0x63, 0x0, 0x0, 0x0, 0x1000000006, 0x6, 0x7, 0x400, 0x7ffffff9, 0x5, 0xffffffff80000000, 0x9, 0x61, 0x105})
r2 = socket(0x10, 0x2, 0x0)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40400c4)
sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
executing program 1:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x18dd01, 0x0)
ioctl$auto_SG_GET_RESERVED_SIZE(r0, 0x301, 0x0)
madvise$auto(0x39bf, 0x8, 0x17)
madvise$auto_MADV_SEQUENTIAL(0x1ff, 0x9, 0x2)
syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000080), 0xffffffffffffffff)
waitid$auto_P_ALL(0x0, 0x9, &(0x7f00000000c0)={@_si_pad}, 0x8, &(0x7f0000000140)={{0x1400000000000, 0x1}, {0xf, 0x4}, 0x3, 0x8, 0xffff, 0x7, 0x6, 0xfffffffffffffff7, 0x1, 0x2, 0x656a, 0x7, 0x0, 0x6, 0x7})
gettid()
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, 0x0, 0x2dc08f24db163610, 0x0)
adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x1, 0x6, 0x0, 0x1, 0x368a, 0x2, {0x100000000, 0x10000}, 0x5, 0x8, 0xfffffffffffffffd, 0x1008000, 0x0, 0x9, 0x81, 0xdfffffffffff628e, 0x6, 0xdeb1, 0x808})
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3db)
open(&(0x7f00000003c0)='./file0\x00', 0x14d443, 0x100)
mount$auto(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='xfs\x00', 0x5, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0)
ioctl$auto(r2, 0x5453, r2)
msgctl$auto_IPC_INFO(0xbf, 0x3, &(0x7f0000000280)={{0xbc, <r3=>0xee00, 0xffffffffffffffff, 0xb, 0xf, 0x83c3, 0xbc5c}, &(0x7f0000000200)=0x4, &(0x7f0000000240)=0x2, 0x8, 0x9, 0xb, 0x8, 0x2, 0x200, 0x23, 0x101, @inferred, @raw=0x101})
syz_clone(0x5000400, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC1\x00', 0x40, 0x0)
msgctl$auto_IPC_SET(0xffffffff, 0x1, &(0x7f00000003c0)={{0x10000, r3, 0x0, 0xa, 0x2, 0x7, 0x40}, &(0x7f0000000340)=0x1, &(0x7f0000000380)=0x6, 0x7, 0x2, 0xa, 0x5, 0x3, 0x5, 0x7, 0xff, @inferred=0xffffffffffffffff, @raw=0x9})
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_rb_simple_fops_trace(0xffffffffffffff9c, &(0x7f0000000480)='/sys/kernel/debug/tracing/tracing_on\x00', 0x258040, 0x0)
r4 = setfsuid$auto(0xee01)
setresuid$auto(0x0, r4, 0x0)
socket(0x10, 0x2, 0x4)
mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000)
executing program 4:
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
executing program 4:
statmount$auto(0x0, 0x0, 0x7ffffffff000, 0x0)
read$auto(0xffffffffffffffff, 0x0, 0x20)
r0 = pidfd_open$auto(0x1, 0x0)
setns(r0, 0x60020000)
mount$auto(0x0, &(0x7f00000000c0)='.\x00', 0x0, 0xdef, 0x0)
executing program 4:
ioperm$auto(0x7, 0x6, 0x2)
timer_create$auto(0x8, 0x0, &(0x7f0000000040)=0x200)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
bpf$auto(0x6, &(0x7f00000003c0)=@link_update={0xa, @new_map_fd=r0, 0x7, @old_map_fd}, 0x1ff)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = seccomp$auto(0x8, 0x6, &(0x7f0000000080)="61184b6523664d3c97e870692a708c6ce1ca15dc7e40fa9d5cc3d95571f7f2e5982567b439f7930500f7a2e83e7cb1e10726c6fc543149241e922802277ff6")
ioctl$auto_TIOCVHANGUP(r1, 0x5437, &(0x7f0000000300)="d015ab6118092bb0c9599e2e03fc5215d8fd551b8338ff6c35a94e409455bceb6cc5f00558e256084cfd544af3d59fa12d4bbf74a64343113739742ce1bacda885634454a49559713da12fb31435327440b13f90c50e661f2cd2184e468155f80baf046af29fa3cd9232a6cfb964d2ba6ac02880ecb9d64c079956a3af45ac5db8951b3c906d5904d5b4e4d9befe438ae98a787bf052096a72cec677e38bdba0b91093c9202a5ef4e1d449235c597366dd1433faffb7ca0796ffbf3911f9d9df5d54a8127e5f8c2d7f6d01e071f603feeefcf852c8d96fd4328f3123d88651658105913dc8")
socket(0x2, 0x6, 0x0)
pidfd_open$auto(0x0, 0x0)
socket(0x10, 0x0, 0x6)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x3, 0x7)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
io_uring_setup$auto(0x6, 0x0)
socket(0xa, 0x3, 0x100)
sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x4)
r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/dev/cdrom/autoclose\x00', 0x202, 0x0)
sendfile$auto(r2, r2, 0x0, 0x1)
executing program 1:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, 0x0, 0x102, 0x0)
ioctl$auto_USB_RAW_IOCTL_EP_ENABLE(r0, 0x40095505, 0x0)
executing program 1:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x1a, 0x2, 0x0)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x0, 0x8000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0xe983, 0xdd, 0x18, r0, 0x40000008000)
r1 = openat$auto_dfs_global_fops_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/ubifs/tst_recovery\x00', 0x40aa2, 0x0)
write$auto(0x3, 0x0, 0xfdef)
mmap$auto(0x0, 0x400008, 0xb, 0x9b75, 0x2, 0x8000)
r2 = socket(0xa, 0x3, 0x3a)
ioctl$auto_RTC_PARAM_GET(0xffffffffffffffff, 0x40187013, &(0x7f0000000040)={0x38, @uvalue=0x7, 0x9})
r3 = socketpair$auto(0x1, 0x7, 0x8000000000000000, 0x0)
setsockopt$auto(0x400000000000003, 0x29, 0xca, 0x0, 0x567)
socket(0x15, 0x5, 0x0)
mmap$auto(0xfffffffffffffffa, 0xb, 0xdf, 0x8b56, 0x7, 0x2fdffffff)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
ustat$auto(0x801, 0x0)
r4 = socket(0xa, 0x1, 0x84)
sendmsg$auto(r1, &(0x7f0000000100)={&(0x7f0000000140)="09f0f50f5a002d7230dba93053e22c5905a766a5cfeb154986a446affdacb6eb25d1394347f80d37f1c7e9d1a2847ff0589df7f2b93275231c7d07c375ef5d1ed6e99812246dae", 0x8007fc, 0x0, 0x8, 0x0, 0xa9, 0x3ff}, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0)
ioctl$auto(r2, 0x2285, r3)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'team_slave_0\x00'})
prctl$auto_PR_SET_CHILD_SUBREAPER(0x24, 0x3e, 0x0, 0x20000009, 0xfffffffffffffffe)
getrandom$auto(0x0, 0x6000000, 0x3)
mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2)
r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ram12\x00', 0x16d603, 0x0)
write$auto(r5, 0x0, 0xfffffdef)
madvise$auto(0x0, 0x20499d, 0x9)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000)
executing program 4:
write$auto(0xffffffffffffffff, &(0x7f0000004240)='\x01', 0x10000000004)
executing program 4:
r0 = prctl$auto_PR_SET_SECCOMP(0x16, 0xfffffffffffffffe, 0x10000, 0x8, 0x2)
mmap$auto(0x0, 0x2020009, 0xb2, 0xeb1, r0, 0x8000)
socket(0xa, 0x5, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
capset$auto(0x0, 0xfffffffffffffffe)
setsockopt$auto(0x3, 0x10000000084, 0x72, 0x0, 0xc)
close_range$auto(0x2, 0x8, 0x0)
r1 = io_uring_setup$auto(0x6, 0x0)
r2 = socket(0x2, 0x5, 0x0)
r3 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0xc00, 0x0)
ioctl$auto_EVIOCSMASK(r3, 0x40104593, &(0x7f0000000080)={0x2, 0x80000000, 0x7f})
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
ioctl$auto(0xc8, 0x800454dd, 0x5)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
io_uring_setup$auto(0x1, 0x0)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0)
close_range$auto(0x0, 0x5, 0x0)
pipe$auto(0x0)
r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0)
ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$auto(0x3, 0x4048aec9, r4)
socket(0x2, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x0, &(0x7f0000000000)={0x0, 0x5}, 0x5, 0x0, 0x1, 0x9}, 0xffffffff}, 0x3, 0x0)
read$auto_dfs_cpu_ops_debugfs(r1, &(0x7f0000000180)=""/4096, 0x1000)
executing program 4:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x0, 0x5, 0xa)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0)
r2 = syz_open_procfs$namespace(0x0, 0x0)
fstat$auto(r2, 0x0)
r3 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r0)
sendmsg$auto_GTP_CMD_NEWPDP(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="db6263c64300000528bd7000fcdbdf2500000000080001000a0000000600060006000000060006000a000000080007", @ANYRES32=r2, @ANYBLOB="14000c00ff010000000000000000000000000001080001000500000014000c0020010000000000000000000000000001"], 0x64}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r4 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
fsconfig$auto(0xffffffffffffffff, 0x8, &(0x7f00000003c0)='\x00*\xbc\xf5\'\xde\xf1\xd2`{\x87e\xf1\x9e\xba\x10X\xe3r\x82\x81e\xaal\x8f\xcf\xed~0c\xeb\xd5|\xffB\xf1\xc0?@\x16\xed\x8a\xfbm\xbf\x00\x99\xb1\xd4:s]\xccs\xc5\xe6\x8c\x9b\x85\xdc\xd2\tIP\x90L\x9bo\xe1}u\t\xe1.C\f\xe5\x1cb\xd0|\x8f\xb1LB\xfa\xcf>N\xac\xe9\xf6\x9e\x83p\xff\xe8\x8d\xbf\xe6>\xd5sG\x8c\xdb\xe6J@\x93?z\xb36\xb8H\xd2\xc7J\x8d\x9d5\xdc\x03xS\xe4\xfc,\x11<\xb3a\xbe\x8d1\x9cu\xcdt\xe9\x7f\r\tXb\x94\xb5\xb0\x17\nT\x15\xd8\x15\xe2\xda,B\xe5)\xd4\x99e\xac\x1d\xf9\x84m{\xea_Y\x1d\xedD\a\x9f\xae\xd3\x05\x9aA\x96\x12Q+', &(0x7f00000002c0)="ccbe28c7e6fe0387d2afa160a010b6c39491faf1347cc720f16fe22a75a19a49b4b7b21cb60cb72ef82f18b2ca9d92808dd8690cb7b370b62af49b47c67a58f6e64ee40e715cda689d56515de044d05bf33769eafb0d5f7369857173a386e14b31053c5be5d08cb8a15406fba232eee55f9747f936be8e511239e77695de1c3c173d025df63789b321c9c7584159424b", 0x0)
read$auto_ftrace_enable_fops_trace_events(r4, &(0x7f0000000200)=""/34, 0x22)
ioctl$auto(0x3, 0x40081271, 0x38)
write$auto(0x3, 0x0, 0xfdef)
mmap$auto(0x0, 0x580f, 0xffb, 0x8000000008011, 0x3, 0x0)
madvise$auto(0x0, 0x2003f0, 0x15)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
madvise$auto(0x0, 0xfffffffffff70001, 0x1)
preadv$auto(r1, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x3f, 0x5)
mmap$auto(0x401, 0x2820009, 0x3, 0x33, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0x2, 0x6, 0x0)
socket(0x1, 0x2, 0x0)
socket(0xa, 0x2, 0x0)
setsockopt$auto(0x2, 0x1, 0x50, &(0x7f0000000000)='\x00', 0x40)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0)
io_uring_setup$auto(0x6, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
remap_file_pages$auto(0x6a25, 0x1000, 0x0, 0x3, 0x0)
executing program 2:
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
single: successfully extracted reproducer
found reproducer with 3 syscalls
minimizing guilty program
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci
detailed listing:
executing program 0:
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
write$auto(0xffffffffffffffff, 0x0, 0xe)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
extracting C reproducer
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
simplifying C reproducer
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program did not crash
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program did not crash
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
reproducing took 52m45.245052921s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: vmalloc-out-of-bounds in skb_put_data include/linux/skbuff.h:2752 [inline]
BUG: KASAN: vmalloc-out-of-bounds in hci_devcd_dump+0x142/0x240 net/bluetooth/coredump.c:258
Read of size 140 at addr ffffc90000ace000 by task kworker/u9:0/55

CPU: 0 UID: 0 PID: 55 Comm: kworker/u9:0 Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: hci0 hci_devcd_timeout
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:408 [inline]
 print_report+0xc3/0x670 mm/kasan/report.c:521
 kasan_report+0xe0/0x110 mm/kasan/report.c:634
 check_region_inline mm/kasan/generic.c:183 [inline]
 kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189
 __asan_memcpy+0x23/0x60 mm/kasan/shadow.c:105
 skb_put_data include/linux/skbuff.h:2752 [inline]
 hci_devcd_dump+0x142/0x240 net/bluetooth/coredump.c:258
 hci_devcd_timeout+0xb5/0x2e0 net/bluetooth/coredump.c:413
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

The buggy address ffffc90000ace000 belongs to a vmalloc virtual mapping
Memory state around the buggy address:
 ffffc90000acdf00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc90000acdf80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
>ffffc90000ace000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
                   ^
 ffffc90000ace080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc90000ace100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: vmalloc-out-of-bounds in skb_put_data include/linux/skbuff.h:2752 [inline]
BUG: KASAN: vmalloc-out-of-bounds in hci_devcd_dump+0x142/0x240 net/bluetooth/coredump.c:258
Read of size 140 at addr ffffc90000ace000 by task kworker/u9:0/55

CPU: 0 UID: 0 PID: 55 Comm: kworker/u9:0 Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: hci0 hci_devcd_timeout
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:408 [inline]
 print_report+0xc3/0x670 mm/kasan/report.c:521
 kasan_report+0xe0/0x110 mm/kasan/report.c:634
 check_region_inline mm/kasan/generic.c:183 [inline]
 kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189
 __asan_memcpy+0x23/0x60 mm/kasan/shadow.c:105
 skb_put_data include/linux/skbuff.h:2752 [inline]
 hci_devcd_dump+0x142/0x240 net/bluetooth/coredump.c:258
 hci_devcd_timeout+0xb5/0x2e0 net/bluetooth/coredump.c:413
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

The buggy address ffffc90000ace000 belongs to a vmalloc virtual mapping
Memory state around the buggy address:
 ffffc90000acdf00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc90000acdf80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
>ffffc90000ace000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
                   ^
 ffffc90000ace080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc90000ace100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
==================================================================